aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/packages/connman.scm5
-rw-r--r--gnu/packages/embedded.scm3
-rw-r--r--gnu/packages/enlightenment.scm65
-rw-r--r--gnu/packages/finance.scm4
-rw-r--r--gnu/packages/gnome.scm6
-rw-r--r--gnu/packages/guile.scm2
-rw-r--r--gnu/packages/linux.scm36
-rw-r--r--gnu/packages/mail.scm5
-rw-r--r--gnu/packages/maths.scm4
-rw-r--r--gnu/packages/networking.scm31
-rw-r--r--gnu/packages/patches/exim-CVE-2017-1000369.patch59
-rw-r--r--gnu/packages/patches/miniupnpc-CVE-2017-8798.patch55
-rw-r--r--gnu/packages/python.scm41
-rw-r--r--gnu/packages/security-token.scm6
-rw-r--r--gnu/packages/shells.scm2
-rw-r--r--gnu/packages/tex.scm12
-rw-r--r--gnu/packages/tls.scm41
-rw-r--r--gnu/packages/upnp.scm5
-rw-r--r--gnu/packages/version-control.scm9
-rw-r--r--gnu/packages/video.scm6
-rw-r--r--gnu/packages/web.scm4
-rw-r--r--guix/build-system/texlive.scm4
-rw-r--r--guix/store.scm63
24 files changed, 335 insertions, 135 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 4acc699753..1ae2a2d264 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -571,6 +571,7 @@ dist_patch_DATA = \
%D%/packages/patches/emacs-source-date-epoch.patch \
%D%/packages/patches/eudev-rules-directory.patch \
%D%/packages/patches/evilwm-lost-focus-bug.patch \
+ %D%/packages/patches/exim-CVE-2017-1000369.patch \
%D%/packages/patches/fabric-tests.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \
%D%/packages/patches/fastcap-mulSetup.patch \
@@ -805,7 +806,6 @@ dist_patch_DATA = \
%D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch \
%D%/packages/patches/metabat-remove-compilation-date.patch \
%D%/packages/patches/mhash-keygen-test-segfault.patch \
- %D%/packages/patches/miniupnpc-CVE-2017-8798.patch \
%D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch \
%D%/packages/patches/mpc123-initialize-ao.patch \
%D%/packages/patches/module-init-tools-moduledir.patch \
diff --git a/gnu/packages/connman.scm b/gnu/packages/connman.scm
index 08e725118d..8f567fa61b 100644
--- a/gnu/packages/connman.scm
+++ b/gnu/packages/connman.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
@@ -114,6 +114,9 @@ sharing) to clients via USB, ethernet, WiFi, cellular and Bluetooth.")
`(#:configure-flags '("--localstatedir=/var")
#:phases
(modify-phases %standard-phases
+ (add-after 'unpack 'set-home-directory
+ ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
+ (lambda _ (setenv "HOME" "/tmp") #t))
(add-after 'install 'wrap-binary
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm
index b81eedbd80..e0e1793db1 100644
--- a/gnu/packages/embedded.scm
+++ b/gnu/packages/embedded.scm
@@ -507,7 +507,8 @@ with a layered architecture of JTAG interface and TAP support.")
(patches
(append
(origin-patches (package-source gcc-4.7))
- (search-patches "gcc-4.6-gnu-inline.patch")))))
+ (search-patches "gcc-4.6-gnu-inline.patch"
+ "gcc-cross-environment-variables.patch")))))
(home-page "https://github.com/dbetz/propgcc-gcc"))))
;; There is no release, so we take the latest version as referenced from here:
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index 6487446336..50da8c8d2f 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -58,7 +58,7 @@
(define-public efl
(package
(name "efl")
- (version "1.18.5")
+ (version "1.19.1")
(source (origin
(method url-fetch)
(uri (string-append
@@ -66,7 +66,7 @@
version ".tar.xz"))
(sha256
(base32
- "0wxz00cijynamm0sx4ss4hp89zyz5y6zliv5zd905jn4nak2mw2n"))))
+ "0fndwraca9rg0bz3al4isdprvyw56szr88qiyvglb4j8ygsylscc"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@@ -109,7 +109,7 @@
("xproto" ,xproto)))
(propagated-inputs
;; All these inputs are in package config files in section
- ;; Require.private.
+ ;; Requires.private.
`(("bullet" ,bullet) ; ephysics.pc
("dbus" ,dbus) ; eldbus.pc, elementary.pc, elocation.pc, ethumb_client.pc
("eudev" ,eudev) ; eeze.pc
@@ -123,17 +123,23 @@
("libsndfile" ,libsndfile) ; ecore-audio.pc, ecore-audio-cxx.pc
("openssl" ,openssl) ; ecore-con.pc, eet.pc, eet-cxx.pc, emile.pc
("pulseaudio" ,pulseaudio) ; ecore-audio.pc, ecore-audio-cxx.pc
- ("util-linux" ,util-linux) ; eeze.pc
+ ("util-linux" ,util-linux) ; mount: eeze.pc
("zlib" ,zlib))) ; eet.pc, eet-cxx.pc, emile.pc
(arguments
`(#:configure-flags '("--disable-silent-rules"
+ "--disable-systemd"
"--enable-liblz4"
"--enable-xinput22"
"--enable-image-loader-webp"
"--enable-multisense"
"--with-opengl=es"
"--enable-egl"
- "--enable-harfbuzz")))
+ "--enable-harfbuzz")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'set-home-directory
+ ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
+ (lambda _ (setenv "HOME" "/tmp") #t)))))
(home-page "https://www.enlightenment.org/about-efl")
(synopsis "Enlightenment Foundation Libraries")
(description
@@ -157,6 +163,12 @@ removable devices or support for multimedia.")
(base32
"1x4j2q4qqj10ckbka0zaq2r2zm66ff1x791kp8slv1ff7fw45vdz"))))
(build-system gnu-build-system)
+ (arguments
+ '(#:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'set-home-directory
+ ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
+ (lambda _ (setenv "HOME" "/tmp") #t)))))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
@@ -184,6 +196,12 @@ contents and more.")
(base32
"06kbgcnbhl9clhdl7k983m4d0n6ggsl4qvizzi1nrp8c7np87fix"))))
(build-system gnu-build-system)
+ (arguments
+ '(#:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'set-home-directory
+ ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
+ (lambda _ (setenv "HOME" "/tmp") #t)))))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
@@ -198,7 +216,7 @@ Libraries with some extra bells and whistles.")
(define-public enlightenment
(package
(name "enlightenment")
- (version "0.21.7")
+ (version "0.21.8")
(source (origin
(method url-fetch)
(uri
@@ -206,25 +224,34 @@ Libraries with some extra bells and whistles.")
name "/" name "-" version ".tar.xz"))
(sha256
(base32
- "1xvngjdsa0p901vfhrh2qpa50k32hwwhc8bgi16a9b5d9byzfhvn"))))
+ "0cjjiip12hd8bfjl9ccl3vzl81pxh1wpymxk2yvrzf6ap5girhps"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--enable-mount-eeze")
#:phases
(modify-phases %standard-phases
- (add-before 'configure 'fix-keyboard
- (lambda _
- (let ((xkeyboard (assoc-ref %build-inputs "xkeyboard-config")))
+ (add-before 'configure 'set-system-actions
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((xkeyboard (assoc-ref inputs "xkeyboard-config"))
+ (utils (assoc-ref inputs "util-linux")))
;; We need to patch the path to 'base.lst' to be able
;; to switch the keyboard layout in E.
(substitute* "src/modules/xkbswitch/e_mod_parse.c"
(("/usr/share/X11/xkb/rules/xorg.lst")
(string-append xkeyboard
"/share/X11/xkb/rules/base.lst")))
+ (substitute* "configure"
+ (("/bin/mount") (string-append utils "/bin/mount"))
+ (("/bin/umount") (string-append utils "/bin/umount"))
+ (("/usr/bin/eject") (string-append utils "/bin/eject"))
+ ; TODO: Replace suspend and hibernate also.
+ (("/sbin/shutdown -h now") "/run/current-system/profile/sbin/halt")
+ (("/sbin/shutdown -r now") "/run/current-system/profile/sbin/reboot"))
#t))))))
(native-inputs
`(("gettext" ,gettext-minimal)
- ("pkg-config" ,pkg-config)))
+ ("pkg-config" ,pkg-config)
+ ("util-linux" ,util-linux)))
(inputs
`(("alsa-lib" ,alsa-lib)
("dbus" ,dbus)
@@ -247,14 +274,14 @@ embedded systems.")
(define-public python-efl
(package
(name "python-efl")
- (version "1.18.0")
+ (version "1.19.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "python-efl" version))
(sha256
(base32
- "0x49rb7mx7ysjp23m919r2rx8qnl4xackhl9s9x2697m7cs77n1r"))))
+ "0l0f9bv1134qh5376p5asycncidrhp8hdb6qwd8ybr1a61q9zq67"))))
(build-system python-build-system)
(arguments
'(#:phases
@@ -297,7 +324,7 @@ Libraries stack (eo, evas, ecore, edje, emotion, ethumb and elementary).")
(define-public edi
(package
(name "edi")
- (version "0.4.0")
+ (version "0.5.0")
(source
(origin
(method url-fetch)
@@ -305,9 +332,15 @@ Libraries stack (eo, evas, ecore, edje, emotion, ethumb and elementary).")
"download/v" version "/edi-" version ".tar.bz2"))
(sha256
(base32
- "0qczz5psryxasphg5km95845h510237rf0k1dy8f0dad52ii90j1"))))
+ "1l90x1bw82a0df6r11wd55qizhi99gg0qcljwxga606ahy6ycnkn"))))
(build-system gnu-build-system)
- (arguments '(#:configure-flags '("--with-tests=coverage")))
+ (arguments
+ '(#:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'set-home-directory
+ ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2
+ (lambda _ (setenv "HOME" "/tmp") #t)))
+ #:configure-flags '("--with-tests=coverage")))
(native-inputs
`(("check" ,check)
("lcov" ,lcov)
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
index fb2543bceb..04ae70b07a 100644
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@@ -49,7 +49,7 @@
(define-public bitcoin-core
(package
(name "bitcoin-core")
- (version "0.14.1")
+ (version "0.14.2")
(source (origin
(method url-fetch)
(uri
@@ -57,7 +57,7 @@
version "/bitcoin-" version ".tar.gz"))
(sha256
(base32
- "18zrsinlwkj4q5bj2hzswbhswkvd0sdfi6skfwqwwk85gzh064pj"))))
+ "1jp8vdc25gs46gj1d9mraqa1xnampffpa7mdy0fw80xca77fbi0s"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 29b8dab7f8..32e3e37562 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -6291,7 +6291,11 @@ text views, and buttons to choose the language.")
;; Disable the Python bindings because the Planner program functions
;; without them, and (as of 2017-06-13) we have not packaged all of
;; packages that are necessary for building the Python bindings.
- `(#:configure-flags (list "--disable-python")))
+ `(#:configure-flags
+ (list "--disable-python"
+ ,@(if (string=? "aarch64-linux" (%current-system))
+ '("--build=aarch64-unknown-linux-gnu")
+ '()))))
(inputs
`(("libgnomecanvas" ,libgnomecanvas)
("libgnomeui" ,libgnomeui)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index e4629d90d6..5577ad98e7 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -239,7 +239,7 @@ without requiring the source code to be rewritten.")
(snippet '(for-each delete-file
(find-files "prebuilt" "\\.go$")))))
(properties '((timeout . 72000) ;20 hours
- (max-silent-time . 21600))) ;6 hours (needed on ARM
+ (max-silent-time . 36000))) ;10 hours (needed on ARM
; when heavily loaded)
(native-search-paths
(list (search-path-specification
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index f7e6853b62..93b29ed781 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -365,19 +365,49 @@ It has been modified to remove all non-free binary blobs.")
(make-linux-libre %linux-libre-version
%linux-libre-hash
%intel-compatible-systems
- #:configuration-file kernel-config))
+ #:configuration-file kernel-config
+ #:patches
+ (list %boot-logo-patch
+ (origin
+ (method url-fetch)
+ (uri "\
+https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=167ec8235f978d7af78c73e9490dae1af3fee67f")
+ (file-name "linux-libre-4.11-CVE-2017-1000364.patch")
+ (sha256
+ (base32
+ "0hv3lxjgpssvsldkydg5q7znnzxv5ncpzrk6g11q01k3gkl0q689"))))))
(define-public linux-libre-4.9
(make-linux-libre "4.9.33"
"1dam6vqymhlx1vsl0lzxphamiifgyf97snxg18b2czqq402nz094"
%intel-compatible-systems
- #:configuration-file kernel-config))
+ #:configuration-file kernel-config
+ #:patches
+ (list %boot-logo-patch
+ (origin
+ (method url-fetch)
+ (uri "\
+https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=37c40b6777f0bc8a63f616479c469b371097f333")
+ (file-name "linux-libre-4.9-CVE-2017-1000364.patch")
+ (sha256
+ (base32
+ "0zhnh8ysiqldxlnd50bjrxagzx29kc8nlajdrikii2x2ibkbfb4i"))))))
(define-public linux-libre-4.4
(make-linux-libre "4.4.73"
"144ssqw1dr86z4cgl797pq5rggfibsxqk7wmfbl6j92l1cj6yjrz"
%intel-compatible-systems
- #:configuration-file kernel-config))
+ #:configuration-file kernel-config
+ #:patches
+ (list %boot-logo-patch
+ (origin
+ (method url-fetch)
+ (uri "\
+https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=87422f5b9b4f43efef4eaf37d7d040aed96500cb")
+ (file-name "linux-libre-4.4-CVE-2017-1000364.patch")
+ (sha256
+ (base32
+ "137p1cpiwlbvw4x12w1l23iy593xmdry60kd7j9kk690r9arfagw"))))))
(define-public linux-libre-4.1
(make-linux-libre "4.1.41"
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index f4003d7391..4f16853a97 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -996,7 +996,7 @@ delivery.")
(define-public exim
(package
(name "exim")
- (version "4.87.1")
+ (version "4.89")
(source
(origin
(method url-fetch)
@@ -1004,9 +1004,10 @@ delivery.")
version ".tar.bz2")
(string-append "ftp://ftp.exim.org/pub/exim/exim4/old/exim-"
version ".tar.bz2")))
+ (patches (search-patches "exim-CVE-2017-1000369.patch"))
(sha256
(base32
- "050m2gjzpc6vyik458h1j0vi8bxplkzjsyndkyd2y394i569kdyl"))))
+ "1c0syp7yxngmq7y8vqsrvijinzin5m941vn0ljihdfld7kh2wbwi"))))
(build-system gnu-build-system)
(inputs
`(("bdb" ,bdb)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 94109b559a..014ad5d7d5 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -317,7 +317,7 @@ the OCaml language.")
(define-public glpk
(package
(name "glpk")
- (version "4.61")
+ (version "4.62")
(source
(origin
(method url-fetch)
@@ -325,7 +325,7 @@ the OCaml language.")
version ".tar.gz"))
(sha256
(base32
- "1adbvwiaqrv9pql9ry3lhn2vfsxnff2vh4fs477d90kpfx0xwrlq"))))
+ "0w7s3869ybwyq9a4490dikpib1qp3jnn5nqz1vvwqy1qz3ilnvh9"))))
(build-system gnu-build-system)
(inputs
`(("gmp" ,gmp)))
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 5d1c432da3..ed0420b422 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2,7 +2,7 @@
;;; Copyright © 2014, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015, 2016 Stefan Reichör <stefan@xsteve.at>
+;;; Copyright © 2015, 2016, 2017 Stefan Reichör <stefan@xsteve.at>
;;; Copyright © 2016 Raimon Grau <raimonster@gmail.com>
;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
@@ -474,7 +474,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
(define-public wireshark
(package
(name "wireshark")
- (version "2.2.6")
+ (version "2.2.7")
(synopsis "Network traffic analyzer")
(source
(origin
@@ -483,7 +483,7 @@ which can be used to encrypt a password with @code{crypt(3)}.")
version ".tar.bz2"))
(sha256
(base32
- "0jd89i9si43lyv3hsl6p1lkjmz4zagvc37wcbigsxxc5v8gda9zn"))))
+ "1dfvhra5v6xhzbp097qsxi0zvirw0srbasl4v1wjf58v49idz7b8"))))
(build-system glib-or-gtk-build-system)
(inputs `(("bison" ,bison)
("c-ares" ,c-ares)
@@ -522,6 +522,31 @@ network frames.")
(license license:gpl2+)
(home-page "https://www.wireshark.org/")))
+(define-public fping
+ (package
+ (name "fping")
+ (version "4.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://fping.org/dist/fping-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "1kp81wchi79l8z8rrj602fpjrd8bi84y3i7fsaclzlwap5943sv7"))))
+ (build-system gnu-build-system)
+ (home-page "http://fping.org/")
+ (synopsis "Send ICMP ECHO_REQUEST packets to network hosts")
+ (description
+ "fping is a ping like program which uses the Internet Control Message
+Protocol (ICMP) echo request to determine if a target host is responding.
+fping differs from ping in that you can specify any number of targets on the
+command line, or specify a file containing the lists of targets to ping.
+Instead of sending to one target until it times out or replies, fping will
+send out a ping packet and move on to the next target in a round-robin
+fashion.")
+ (license license:expat)))
+
(define-public httping
(package
(name "httping")
diff --git a/gnu/packages/patches/exim-CVE-2017-1000369.patch b/gnu/packages/patches/exim-CVE-2017-1000369.patch
new file mode 100644
index 0000000000..a67a8afb0e
--- /dev/null
+++ b/gnu/packages/patches/exim-CVE-2017-1000369.patch
@@ -0,0 +1,59 @@
+Fix CVE-2017-1000369:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369
+https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
+
+Patch adapted from upstream source repository:
+
+https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
+
+From 65e061b76867a9ea7aeeb535341b790b90ae6c21 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Wed, 31 May 2017 23:08:56 +0200
+Subject: [PATCH] Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
+
+---
+ doc/doc-docbook/spec.xfpt | 3 ++-
+ src/src/exim.c | 19 +++++++++++++++++--
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/src/src/exim.c b/src/src/exim.c
+index 67583e58..88e11977 100644
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
+
+ /* -oMr: Received protocol */
+
+- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
++ else if (Ustrcmp(argrest, "Mr") == 0)
++
++ if (received_protocol)
++ {
++ fprintf(stderr, "received_protocol is set already\n");
++ exit(EXIT_FAILURE);
++ }
++ else received_protocol = argv[++i];
+
+ /* -oMs: Set sender host name */
+
+@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
+
+ if (*argrest != 0)
+ {
+- uschar *hn = Ustrchr(argrest, ':');
++ uschar *hn;
++
++ if (received_protocol)
++ {
++ fprintf(stderr, "received_protocol is set already\n");
++ exit(EXIT_FAILURE);
++ }
++
++ hn = Ustrchr(argrest, ':');
+ if (hn == NULL)
+ {
+ received_protocol = argrest;
+--
+2.13.1
+
diff --git a/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch b/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch
deleted file mode 100644
index 24eed60af9..0000000000
--- a/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-Fix CVE-2017-8798.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8798
-http://seclists.org/oss-sec/2017/q2/247
-
-Patch copied from upstream source repository, with Changelog entry removed:
-
-https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
-
-diff --git a/miniwget.c b/miniwget.c
-index 37cb47b..1eda57c 100644
---- a/miniwget.c
-+++ b/miniwget.c
-@@ -284,11 +284,12 @@ getHTTPResponse(int s, int * size, int * status_code)
- goto end_of_stream;
- }
- }
-- bytestocopy = ((int)chunksize < (n - i))?chunksize:(unsigned int)(n - i);
-+ /* it is guaranteed that (n >= i) */
-+ bytestocopy = (chunksize < (unsigned int)(n - i))?chunksize:(unsigned int)(n - i);
- if((content_buf_used + bytestocopy) > content_buf_len)
- {
- char * tmp;
-- if(content_length >= (int)(content_buf_used + bytestocopy)) {
-+ if((content_length >= 0) && ((unsigned int)content_length >= (content_buf_used + bytestocopy))) {
- content_buf_len = content_length;
- } else {
- content_buf_len = content_buf_used + bytestocopy;
-@@ -313,14 +314,15 @@ getHTTPResponse(int s, int * size, int * status_code)
- {
- /* not chunked */
- if(content_length > 0
-- && (int)(content_buf_used + n) > content_length) {
-+ && (content_buf_used + n) > (unsigned int)content_length) {
- /* skipping additional bytes */
- n = content_length - content_buf_used;
- }
- if(content_buf_used + n > content_buf_len)
- {
- char * tmp;
-- if(content_length >= (int)(content_buf_used + n)) {
-+ if(content_length >= 0
-+ && (unsigned int)content_length >= (content_buf_used + n)) {
- content_buf_len = content_length;
- } else {
- content_buf_len = content_buf_used + n;
-@@ -340,7 +342,7 @@ getHTTPResponse(int s, int * size, int * status_code)
- }
- }
- /* use the Content-Length header value if available */
-- if(content_length > 0 && (int)content_buf_used >= content_length)
-+ if(content_length > 0 && content_buf_used >= (unsigned int)content_length)
- {
- #ifdef DEBUG
- printf("End of HTTP content\n");
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 505e4a813b..911cf2dc12 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -925,6 +925,24 @@ have been used.")
(define-public python2-mock
(package-with-python2 python-mock))
+;;; Some packages (notably, certbot and python-acme) rely on this newer version
+;;; of python-mock. However, a large number of packages fail to build with
+;;; mock@2, so we add a new variable for now. Also, there may be a dependency
+;;; cycle between mock and six, so we avoid creating python2-mock@2 for now.
+(define-public python-mock-2
+ (package
+ (inherit python-mock)
+ (version "2.0.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (pypi-uri "mock" version))
+ (sha256
+ (base32
+ "1flbpksir5sqrvq2z0dp8sl4bzbadg21sj4d42w3klpdfvgvcn5i"))))
+ (propagated-inputs
+ `(("python-pbr" ,python-pbr-minimal)
+ ,@(package-propagated-inputs python-mock)))))
(define-public python-setuptools
(package
@@ -15382,3 +15400,26 @@ many of the popular cloud service providers using a unified API.")
(define-public python2-apache-libcloud
(package-with-python2 python-apache-libcloud))
+
+(define-public python-smmap2
+ (package
+ (name "python-smmap2")
+ (version "2.0.3")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (pypi-uri "smmap2" version))
+ (sha256
+ (base32
+ "1hvn28p3zvxa98sbi9lrqvv2ps4q284j4jq9a619zw0m7yv0sly7"))))
+ (build-system python-build-system)
+ (native-inputs
+ `(("python-nosexcover" ,python-nosexcover)))
+ (home-page "https://github.com/Byron/smmap")
+ (synopsis "Python sliding window memory map manager")
+ (description "@code{smmap2} is a pure Python implementation of a sliding
+window memory map manager.")
+ (license license:bsd-3)))
+
+(define-public python2-smmap2
+ (package-with-python2 python-smmap2))
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 5873d85b55..8ae2dda1c3 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -93,15 +93,15 @@ the low-level development kit for the Yubico YubiKey authentication device.")
(define-public pcsc-lite
(package
(name "pcsc-lite")
- (version "1.8.21")
+ (version "1.8.22")
(source (origin
(method url-fetch)
(uri (string-append
- "https://alioth.debian.org/frs/download.php/file/4216/"
+ "https://alioth.debian.org/frs/download.php/file/4225/"
"pcsc-lite-" version ".tar.bz2"))
(sha256
(base32
- "1b8kwl81f6s3y7qh68ahr8sp8a0w6m464v9b3s4zxq2cgpmnaczy"))))
+ "01flkdyqs7kr6c63dv2qg8dwir3v9jlr9rzlw7vafrivxmhqydba"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--enable-usbdropdir=/var/lib/pcsc/drivers")))
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 6b9125e77f..65e0eda50a 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -172,7 +172,7 @@ highlighting.")
#:phases
(modify-phases %standard-phases
(delete 'configure)))) ; No configure script.
- (home-page "https://pragmatique.xyz/software/fish-guix.html")
+ (home-page "https://www.infotropique.org/projects/fish-guix/")
(synopsis "Fish completions for Guix")
(description
"Fish-guix provides completions for Guix for users of the fish shell.")
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 71aa5c7f3a..21af9d7df4 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -195,7 +195,7 @@ This package contains the binaries.")
(revision %texlive-revision)))
(sha256
(base32
- "1k11yvz4q95bxyxczwvd4r177h6a2gg03xmf51kmgjgz8an2gq2w"))))
+ "0fcy2hpapbj01ncpjj3v39yhr0jjxb6rm13qaxjjw66s3vydxls1"))))
(build-system trivial-build-system)
(arguments
`(#:modules ((guix build utils))
@@ -650,7 +650,7 @@ symbol fonts.")
(revision %texlive-revision)))
(sha256
(base32
- "1ifmbyl3ir8k0v1g25xjb5rcyy5vhj8a3fa2088nczga09hna5vn"))))
+ "0mjgl3gscn3ps29yjambz1j9fg81ynnncb96vpprwx4xsijhsns0"))))
(build-system trivial-build-system)
(arguments
`(#:modules ((guix build utils))
@@ -835,7 +835,7 @@ overwrite existing files and letting you use @code{filecontents} /
(define-public texlive-generic-ifxetex
(package
(name "texlive-generic-ifxetex")
- (version "0.6")
+ (version (number->string %texlive-revision))
(source (origin
(method svn-fetch)
(uri (texlive-ref "generic" "ifxetex"))
@@ -892,7 +892,7 @@ verbatim source).")
(uri (texlive-ref "latex" "graphics"))
(sha256
(base32
- "17ka701xr9nqsjlhz30hphr8d9j4zzwgv5zl5r2f118yzqh9c34v"))))
+ "07azyn0b1s49vbdlr6dmygrminxp72ndl24j1091hiiccvrjq3xc"))))
(build-system texlive-build-system)
(arguments
'(#:tex-directory "latex/graphics"
@@ -1101,7 +1101,7 @@ of file names.")
(uri (texlive-ref "latex" "l3kernel"))
(sha256
(base32
- "0ndqw0flhl20f4ny5lssp8rqpnj5kglyg59whbdrxbh2zc7w7j0b"))))
+ "0r0wfk594j8wkdqhh21haimwsfq8x5jch4ldm21hkzk5dnmvpbg6"))))
(build-system texlive-build-system)
(arguments
'(#:tex-directory "latex/l3kernel"))
@@ -1124,7 +1124,7 @@ that the LaTeX3 conventions can be used with regular LaTeX 2e packages.")
(uri (texlive-ref "latex" "l3packages"))
(sha256
(base32
- "1p1y9my6ccmp2ab91fzqqgih8ifrk4y3wyh397kagiq9f6a6v91f"))))
+ "16jplkvzdysfssijq9l051nsks65c2nrarsl17k8gjhc28yznj8y"))))
(build-system texlive-build-system)
(arguments
'(#:tex-directory "latex/l3packages"
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index f3d7177102..f2c949ad69 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -498,7 +498,7 @@ security, and applying best practice development processes.")
#t))))))
;; TODO: Add optional inputs for testing.
(native-inputs
- `(("python-mock" ,python-mock)
+ `(("python-mock" ,python-mock-2)
;; For documentation
("python-sphinx" ,python-sphinx)
("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
@@ -534,8 +534,7 @@ security, and applying best practice development processes.")
"1srvmjxz75dbafx7xfg1w3n9h3srr9p2ljnfsih9dwwd5cxh9i5q"))))
(build-system python-build-system)
(arguments
- `(#:python ,python-2
- ,@(substitute-keyword-arguments (package-arguments python-acme)
+ `(,@(substitute-keyword-arguments (package-arguments python-acme)
((#:phases phases)
`(modify-phases ,phases
(replace 'install-documentation
@@ -550,27 +549,27 @@ security, and applying best practice development processes.")
#t))))))))
;; TODO: Add optional inputs for testing.
(native-inputs
- `(("python2-nose" ,python2-nose)
- ("python2-mock" ,python2-mock)
+ `(("python-nose" ,python-nose)
+ ("python-mock" ,python-mock-2)
;; For documentation
- ("python2-sphinx" ,python2-sphinx)
- ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme)
- ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface)
- ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput)
+ ("python-sphinx" ,python-sphinx)
+ ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
+ ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface)
+ ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
("texinfo" ,texinfo)))
(propagated-inputs
- `(("python2-acme" ,python2-acme)
- ("python2-zope-interface" ,python2-zope-interface)
- ("python2-pyrfc3339" ,python2-pyrfc3339)
- ("python2-pyopenssl" ,python2-pyopenssl)
- ("python2-configobj" ,python2-configobj)
- ("python2-configargparse" ,python2-configargparse)
- ("python2-zope-component" ,python2-zope-component)
- ("python2-parsedatetime" ,python2-parsedatetime)
- ("python2-six" ,python2-six)
- ("python2-psutil" ,python2-psutil)
- ("python2-requests" ,python2-requests)
- ("python2-pytz" ,python2-pytz)))
+ `(("python-acme" ,python-acme)
+ ("python-zope-interface" ,python-zope-interface)
+ ("python-pyrfc3339" ,python-pyrfc3339)
+ ("python-pyopenssl" ,python-pyopenssl)
+ ("python-configobj" ,python-configobj)
+ ("python-configargparse" ,python-configargparse)
+ ("python-zope-component" ,python-zope-component)
+ ("python-parsedatetime" ,python-parsedatetime)
+ ("python-six" ,python-six)
+ ("python-psutil" ,python-psutil)
+ ("python-requests" ,python-requests)
+ ("python-pytz" ,python-pytz)))
(synopsis "Let's Encrypt client by the Electronic Frontier Foundation")
(description "Certbot automatically receives and installs X.509 certificates
to enable Transport Layer Security (TLS) on servers. It interoperates with the
diff --git a/gnu/packages/upnp.scm b/gnu/packages/upnp.scm
index 645e9a6573..3c449937da 100644
--- a/gnu/packages/upnp.scm
+++ b/gnu/packages/upnp.scm
@@ -28,15 +28,14 @@
(define-public miniupnpc
(package
(name "miniupnpc")
- (version "2.0.20170421")
+ (version "2.0.20170509")
(source
(origin
(method url-fetch)
(uri (string-append "https://miniupnp.tuxfamily.org/files/"
name "-" version ".tar.gz"))
- (patches (search-patches "miniupnpc-CVE-2017-8798.patch"))
(sha256
- (base32 "0n11m2wq812zms5b21h8ihw1kbyaihj9nqjiida0hskf4dmw4m13"))))
+ (base32 "0spi75q6nafxp3ndnrhrlqagzmjlp8wwlr5x7rnvdpswgxi6ihyk"))))
(build-system gnu-build-system)
(native-inputs
`(("python" ,python-2)))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 953440a6fd..4b78704537 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -186,12 +186,16 @@ as well as the classic centralized workflow.")
,@%gnu-build-system-modules)
#:phases
(modify-phases %standard-phases
- (add-after 'configure 'patch-makefile-shebangs
+ (add-after 'configure 'patch-makefiles
(lambda _
(substitute* "Makefile"
(("/bin/sh") (which "sh"))
(("/usr/bin/perl") (which "perl"))
- (("/usr/bin/python") (which "python")))))
+ (("/usr/bin/python") (which "python")))
+ (substitute* "perl/Makefile"
+ ;; Don't create timestamped 'perllocal.pod'.
+ (("\\$< PREFIX=") "$< NO_PERLLOCAL=1 PREFIX="))
+ #t))
(add-after 'configure 'add-PM.stamp
(lambda _
;; Add the "PM.stamp" to avoid "no rule to make target".
@@ -816,6 +820,7 @@ following features:
"subversion/bindings/swig/perl/native"
(and (zero?
(system* "perl" "Makefile.PL"
+ "NO_PERLLOCAL=1"
(string-append "PREFIX=" out)))
(zero?
(system* "make" "install"
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index adae0d3d3e..4acfb24220 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -1144,7 +1144,7 @@ audio, images) from the Web. It can use either mpv or vlc for playback.")
(define-public libbluray
(package
(name "libbluray")
- (version "1.0.0")
+ (version "1.0.1")
(source (origin
(method url-fetch)
(uri (string-append "https://download.videolan.org/videolan/"
@@ -1152,10 +1152,10 @@ audio, images) from the Web. It can use either mpv or vlc for playback.")
name "-" version ".tar.bz2"))
(sha256
(base32
- "1k3lag4lxi2jjd3zh4wcb5l3hadzm54j5kagh92yzfy76p9svqzp"))))
+ "0fl5cxfj870rwqmmz3s04wh7wnabb7rnynfj1v3sz37ln8frm7qg"))))
(build-system gnu-build-system)
(arguments
- `(#:configure-flags '("--disable-bdjava")
+ `(#:configure-flags '("--disable-bdjava-jar")
#:phases
(modify-phases %standard-phases
(add-before 'build 'fix-dlopen-paths
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 10945d4975..fba0d99f4a 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -94,14 +94,14 @@
(define-public httpd
(package
(name "httpd")
- (version "2.4.25")
+ (version "2.4.26")
(source (origin
(method url-fetch)
(uri (string-append "mirror://apache/httpd/httpd-"
version ".tar.bz2"))
(sha256
(base32
- "1cl0bkqg6srb1sypga0cn8dcmdyxldavij73zmmkxvlz3kgw4zpq"))))
+ "11ykcfv7b9zpd7fb93a7yhnyfwrilryjz21iklaf0yf8mwpvazm0"))))
(build-system gnu-build-system)
(native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config'
(inputs `(("apr" ,apr)
diff --git a/guix/build-system/texlive.scm b/guix/build-system/texlive.scm
index d4085ea7e8..0357c47a47 100644
--- a/guix/build-system/texlive.scm
+++ b/guix/build-system/texlive.scm
@@ -40,8 +40,8 @@
;; Code:
;; These variables specify the SVN tag and the matching SVN revision.
-(define %texlive-tag "texlive-2017.0")
-(define %texlive-revision 44445)
+(define %texlive-tag "texlive-2017.1")
+(define %texlive-revision 44591)
(define (texlive-ref component id)
"Return a <svn-reference> object for the package ID, which is part of the
diff --git a/guix/store.scm b/guix/store.scm
index 2acab6b1a3..b584caa073 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -322,12 +322,16 @@
(define-record-type <nix-server>
(%make-nix-server socket major minor
+ buffer flush
ats-cache atts-cache)
nix-server?
(socket nix-server-socket)
(major nix-server-major-version)
(minor nix-server-minor-version)
+ (buffer nix-server-output-port) ;output port
+ (flush nix-server-flush-output) ;thunk
+
;; Caches. We keep them per-connection, because store paths build
;; during the session are temporary GC roots kept for the duration of
;; the session.
@@ -481,7 +485,11 @@ for this connection will be pinned. Return a server object."
(&nix-connection-error (file (or port uri))
(errno EPROTO))
(&message (message "build daemon handshake failed"))))))
- (let ((port (or port (connect-to-daemon uri))))
+ (let*-values (((port)
+ (or port (connect-to-daemon uri)))
+ ((output flush)
+ (buffering-output-port port
+ (make-bytevector 8192))))
(write-int %worker-magic-1 port)
(let ((r (read-int port)))
(and (eqv? r %worker-magic-2)
@@ -499,12 +507,18 @@ for this connection will be pinned. Return a server object."
(let ((conn (%make-nix-server port
(protocol-major v)
(protocol-minor v)
+ output flush
(make-hash-table 100)
(make-hash-table 100))))
(let loop ((done? (process-stderr conn)))
(or done? (process-stderr conn)))
conn)))))))))
+(define (write-buffered-output server)
+ "Flush SERVER's output port."
+ (force-output (nix-server-output-port server))
+ ((nix-server-flush-output server)))
+
(define (close-connection server)
"Close the connection to SERVER."
(close (nix-server-socket server)))
@@ -718,6 +732,44 @@ encoding conversion errors."
(let loop ((done? (process-stderr server)))
(or done? (process-stderr server)))))
+(define (buffering-output-port port buffer)
+ "Return two value: an output port wrapped around PORT that uses BUFFER (a
+bytevector) as its internal buffer, and a thunk to flush this output port."
+ ;; Note: In Guile 2.2.2, custom binary output ports already have their own
+ ;; 4K internal buffer.
+ (define size
+ (bytevector-length buffer))
+
+ (define total 0)
+
+ (define (flush)
+ (put-bytevector port buffer 0 total)
+ (set! total 0))
+
+ (define (write bv offset count)
+ (if (zero? count) ;end of file
+ (flush)
+ (let loop ((offset offset)
+ (count count)
+ (written 0))
+ (cond ((= total size)
+ (flush)
+ (loop offset count written))
+ ((zero? count)
+ written)
+ (else
+ (let ((to-copy (min count (- size total))))
+ (bytevector-copy! bv offset buffer total to-copy)
+ (set! total (+ total to-copy))
+ (loop (+ offset to-copy) (- count to-copy)
+ (+ written to-copy))))))))
+
+ ;; Note: We need to return FLUSH because the custom binary port has no way
+ ;; to be notified of a 'force-output' call on itself.
+ (values (make-custom-binary-output-port "buffering-output-port"
+ write #f #f flush)
+ flush))
+
(define %rpc-calls
;; Mapping from RPC names (symbols) to invocation counts.
(make-hash-table))
@@ -755,11 +807,14 @@ encoding conversion errors."
((_ (name (type arg) ...) docstring return ...)
(lambda (server arg ...)
docstring
- (let ((s (nix-server-socket server)))
+ (let* ((s (nix-server-socket server))
+ (buffered (nix-server-output-port server)))
(record-operation 'name)
- (write-int (operation-id name) s)
- (write-arg type arg s)
+ (write-int (operation-id name) buffered)
+ (write-arg type arg buffered)
...
+ (write-buffered-output server)
+
;; Loop until the server is done sending error output.
(let loop ((done? (process-stderr server)))
(or done? (loop (process-stderr server))))