aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/guix.texi832
-rw-r--r--gnu/local.mk35
-rw-r--r--gnu/packages/acl.scm2
-rw-r--r--gnu/packages/admin.scm4
-rw-r--r--gnu/packages/algebra.scm4
-rw-r--r--gnu/packages/apl.scm2
-rw-r--r--gnu/packages/attr.scm2
-rw-r--r--gnu/packages/audio.scm4
-rw-r--r--gnu/packages/backup.scm43
-rw-r--r--gnu/packages/base.scm103
-rw-r--r--gnu/packages/bash.scm161
-rw-r--r--gnu/packages/cdrom.scm2
-rw-r--r--gnu/packages/cmake.scm18
-rw-r--r--gnu/packages/commencement.scm206
-rw-r--r--gnu/packages/cross-base.scm169
-rw-r--r--gnu/packages/crypto.scm2
-rw-r--r--gnu/packages/cups.scm266
-rw-r--r--gnu/packages/curl.scm22
-rw-r--r--gnu/packages/databases.scm35
-rw-r--r--gnu/packages/dav.scm8
-rw-r--r--gnu/packages/disk.scm6
-rw-r--r--gnu/packages/documentation.scm2
-rw-r--r--gnu/packages/education.scm2
-rw-r--r--gnu/packages/engineering.scm5
-rw-r--r--gnu/packages/enlightenment.scm2
-rw-r--r--gnu/packages/fcitx.scm2
-rw-r--r--gnu/packages/file.scm5
-rw-r--r--gnu/packages/flex.scm1
-rw-r--r--gnu/packages/fonts.scm5
-rw-r--r--gnu/packages/fontutils.scm14
-rw-r--r--gnu/packages/freedesktop.scm2
-rw-r--r--gnu/packages/games.scm12
-rw-r--r--gnu/packages/gawk.scm52
-rw-r--r--gnu/packages/gcc.scm26
-rw-r--r--gnu/packages/gettext.scm56
-rw-r--r--gnu/packages/ghostscript.scm65
-rw-r--r--gnu/packages/gkrellm.scm2
-rw-r--r--gnu/packages/gl.scm149
-rw-r--r--gnu/packages/glib.scm17
-rw-r--r--gnu/packages/gnome.scm177
-rw-r--r--gnu/packages/gnupg.scm55
-rw-r--r--gnu/packages/gnuzilla.scm16
-rw-r--r--gnu/packages/grub.scm2
-rw-r--r--gnu/packages/gtk.scm36
-rw-r--r--gnu/packages/guile.scm56
-rw-r--r--gnu/packages/gv.scm3
-rw-r--r--gnu/packages/ibus.scm2
-rw-r--r--gnu/packages/image.scm37
-rw-r--r--gnu/packages/irc.scm2
-rw-r--r--gnu/packages/iso-codes.scm2
-rw-r--r--gnu/packages/kde-frameworks.scm2
-rw-r--r--gnu/packages/kodi.scm2
-rw-r--r--gnu/packages/libidn.scm21
-rw-r--r--gnu/packages/linux.scm118
-rw-r--r--gnu/packages/lout.scm3
-rw-r--r--gnu/packages/make-bootstrap.scm8
-rw-r--r--gnu/packages/man.scm2
-rw-r--r--gnu/packages/maths.scm6
-rw-r--r--gnu/packages/mit-krb5.scm20
-rw-r--r--gnu/packages/mono.scm2
-rw-r--r--gnu/packages/mp3.scm2
-rw-r--r--gnu/packages/multiprecision.scm4
-rw-r--r--gnu/packages/music.scm12
-rw-r--r--gnu/packages/nano.scm2
-rw-r--r--gnu/packages/networking.scm2
-rw-r--r--gnu/packages/ocaml.scm2
-rw-r--r--gnu/packages/openldap.scm5
-rw-r--r--gnu/packages/openstack.scm1
-rw-r--r--gnu/packages/package-management.scm2
-rw-r--r--gnu/packages/patches/ath9k-htc-firmware-binutils.patch39
-rw-r--r--gnu/packages/patches/binutils-mips-bash-bug.patch22
-rw-r--r--gnu/packages/patches/cmake-fix-tests.patch83
-rw-r--r--gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch142
-rw-r--r--gnu/packages/patches/expat-CVE-2015-1283-refix.patch39
-rw-r--r--gnu/packages/patches/expat-CVE-2016-0718.patch761
-rw-r--r--gnu/packages/patches/flex-CVE-2016-6354.patch30
-rw-r--r--gnu/packages/patches/fontconfig-CVE-2016-5384.patch170
-rw-r--r--gnu/packages/patches/gawk-fts-test.patch51
-rw-r--r--gnu/packages/patches/gcc-arm-bug-71399.patch55
-rw-r--r--gnu/packages/patches/gnupg-fix-expired-test.patch78
-rw-r--r--gnu/packages/patches/guile-relocatable.patch14
-rw-r--r--gnu/packages/patches/isl-0.11.1-aarch64-support.patch40
-rw-r--r--gnu/packages/patches/libx11-CVE-2016-7942.patch76
-rw-r--r--gnu/packages/patches/libx11-CVE-2016-7943.patch113
-rw-r--r--gnu/packages/patches/libxfixes-CVE-2016-7944.patch62
-rw-r--r--gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch420
-rw-r--r--gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch447
-rw-r--r--gnu/packages/patches/libxrender-CVE-2016-7949.patch66
-rw-r--r--gnu/packages/patches/libxrender-CVE-2016-7950.patch73
-rw-r--r--gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch152
-rw-r--r--gnu/packages/patches/libxv-CVE-2016-5407.patch162
-rw-r--r--gnu/packages/patches/libxvmc-CVE-2016-7953.patch42
-rw-r--r--gnu/packages/patches/linux-pam-no-setfsuid.patch75
-rw-r--r--gnu/packages/patches/openssl-CVE-2016-2177.patch286
-rw-r--r--gnu/packages/patches/openssl-CVE-2016-2178.patch112
-rw-r--r--gnu/packages/patches/perl-CVE-2015-8607.patch68
-rw-r--r--gnu/packages/patches/perl-CVE-2016-2381.patch116
-rw-r--r--gnu/packages/patches/perl-no-build-time.patch26
-rw-r--r--gnu/packages/patches/perl-reproducible-build-date.patch50
-rw-r--r--gnu/packages/patches/perl-source-date-epoch.patch19
-rw-r--r--gnu/packages/patches/procps-non-linux.patch40
-rw-r--r--gnu/packages/patches/python-3.4-fix-tests.patch12
-rw-r--r--gnu/packages/patches/python-3.5-fix-tests.patch46
-rw-r--r--gnu/packages/patches/python-disable-ssl-test.patch12
-rw-r--r--gnu/packages/patches/python-fix-tests.patch15
-rw-r--r--gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch33
-rw-r--r--gnu/packages/pdf.scm53
-rw-r--r--gnu/packages/perl.scm72
-rw-r--r--gnu/packages/plotutils.scm3
-rw-r--r--gnu/packages/python.scm169
-rw-r--r--gnu/packages/readline.scm4
-rw-r--r--gnu/packages/sawfish.scm2
-rw-r--r--gnu/packages/scheme.scm2
-rw-r--r--gnu/packages/shells.scm8
-rw-r--r--gnu/packages/shishi.scm3
-rw-r--r--gnu/packages/skribilo.scm3
-rw-r--r--gnu/packages/statistics.scm8
-rw-r--r--gnu/packages/terminals.scm2
-rw-r--r--gnu/packages/texinfo.scm16
-rw-r--r--gnu/packages/tls.scm58
-rw-r--r--gnu/packages/version-control.scm6
-rw-r--r--gnu/packages/video.scm7
-rw-r--r--gnu/packages/vpn.scm2
-rw-r--r--gnu/packages/w3m.scm2
-rw-r--r--gnu/packages/webkit.scm2
-rw-r--r--gnu/packages/wicd.scm2
-rw-r--r--gnu/packages/wine.scm2
-rw-r--r--gnu/packages/xdisorg.scm10
-rw-r--r--gnu/packages/xml.scm21
-rw-r--r--gnu/packages/xorg.scm162
-rw-r--r--gnu/services/cups.scm1166
-rw-r--r--gnu/system.scm7
-rw-r--r--guix/build/gnu-build-system.scm96
-rw-r--r--guix/build/utils.scm134
-rw-r--r--guix/packages.scm7
-rw-r--r--guix/profiles.scm21
-rw-r--r--m4/guix.m43
-rw-r--r--tests/build-utils.scm88
138 files changed, 4171 insertions, 4966 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 47fc199c6c..66316ecd84 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7658,6 +7658,7 @@ declaration.
* Log Rotation:: The rottlog service.
* Networking Services:: Network setup, SSH daemon, etc.
* X Window:: Graphical display.
+* Printing Services:: Local and remote printer support.
* Desktop Services:: D-Bus and desktop services.
* Database Services:: SQL databases.
* Mail Services:: IMAP, POP3, SMTP, and all that.
@@ -8702,6 +8703,837 @@ makes the good ol' XlockMore usable.
@end deffn
+@node Printing Services
+@subsubsection Printing Services
+
+The @code{(gnu services cups)} module provides a Guix service definition
+for the CUPS printing service. To add printer support to a GuixSD
+system, add a @code{cups-service} to the operating system definition:
+
+@deffn {Scheme Variable} cups-service-type
+The service type for the CUPS print server. Its value should be a valid
+CUPS configuration (see below). For example:
+@example
+(service cups-service-type (cups-configuration))
+@end example
+@end deffn
+
+The CUPS configuration controls the basic things about your CUPS
+installation: what interfaces it listens on, what to do if a print job
+fails, how much logging to do, and so on. To actually add a printer,
+you have to visit the @url{http://localhost:631} URL, or use a tool such
+as GNOME's printer configuration services. By default, configuring a
+CUPS service will generate a self-signed certificate if needed, for
+secure connections to the print server.
+
+One way you might want to customize CUPS is to enable or disable the web
+interface. You can do that directly, like this:
+
+@example
+(service cups-service-type
+ (cups-configuration
+ (web-interface? #f)))
+@end example
+
+The available configuration parameters follow. Each parameter
+definition is preceded by its type; for example, @samp{string-list foo}
+indicates that the @code{foo} parameter should be specified as a list of
+strings. There is also a way to specify the configuration as a string,
+if you have an old @code{cupsd.conf} file that you want to port over
+from some other system; see the end for more details.
+
+@c The following documentation was initially generated by
+@c (generate-documentation) in (gnu services cups). Manually maintained
+@c documentation is better, so we shouldn't hesitate to edit below as
+@c needed. However if the change you want to make to this documentation
+@c can be done in an automated way, it's probably easier to change
+@c (generate-documentation) than to make it below and have to deal with
+@c the churn as CUPS updates.
+
+
+Available @code{cups-configuration} fields are:
+
+@deftypevr {@code{cups-configuration} parameter} package cups
+The CUPS package.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} package-list extensions
+Drivers and other extensions to the CUPS package.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} files-configuration files-configuration
+Configuration of where to write logs, what directories to use for print
+spools, and related privileged configuration parameters.
+
+Available @code{files-configuration} fields are:
+
+@deftypevr {@code{files-configuration} parameter} log-location access-log
+Defines the access log filename. Specifying a blank filename disables
+access log generation. The value @code{stderr} causes log entries to be
+sent to the standard error file when the scheduler is running in the
+foreground, or to the system log daemon when run in the background. The
+value @code{syslog} causes log entries to be sent to the system log
+daemon. The server name may be included in filenames using the string
+@code{%s}, as in @code{/var/log/cups/%s-access_log}.
+
+Defaults to @samp{"/var/log/cups/access_log"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} file-name cache-dir
+Where CUPS should cache data.
+
+Defaults to @samp{"/var/cache/cups"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string config-file-perm
+Specifies the permissions for all configuration files that the scheduler
+writes.
+
+Note that the permissions for the printers.conf file are currently
+masked to only allow access from the scheduler user (typically root).
+This is done because printer device URIs sometimes contain sensitive
+authentication information that should not be generally known on the
+system. There is no way to disable this security feature.
+
+Defaults to @samp{"0640"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} log-location error-log
+Defines the error log filename. Specifying a blank filename disables
+access log generation. The value @code{stderr} causes log entries to be
+sent to the standard error file when the scheduler is running in the
+foreground, or to the system log daemon when run in the background. The
+value @code{syslog} causes log entries to be sent to the system log
+daemon. The server name may be included in filenames using the string
+@code{%s}, as in @code{/var/log/cups/%s-error_log}.
+
+Defaults to @samp{"/var/log/cups/error_log"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string fatal-errors
+Specifies which errors are fatal, causing the scheduler to exit. The
+kind strings are:
+
+@table @code
+@item none
+No errors are fatal.
+
+@item all
+All of the errors below are fatal.
+
+@item browse
+Browsing initialization errors are fatal, for example failed connections
+to the DNS-SD daemon.
+
+@item config
+Configuration file syntax errors are fatal.
+
+@item listen
+Listen or Port errors are fatal, except for IPv6 failures on the
+loopback or @code{any} addresses.
+
+@item log
+Log file creation or write errors are fatal.
+
+@item permissions
+Bad startup file permissions are fatal, for example shared TLS
+certificate and key files with world-read permissions.
+@end table
+
+Defaults to @samp{"all -browse"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} boolean file-device?
+Specifies whether the file pseudo-device can be used for new printer
+queues. The URI @uref{file:///dev/null} is always allowed.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string group
+Specifies the group name or ID that will be used when executing external
+programs.
+
+Defaults to @samp{"lp"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string log-file-perm
+Specifies the permissions for all log files that the scheduler writes.
+
+Defaults to @samp{"0644"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} log-location page-log
+Defines the page log filename. Specifying a blank filename disables
+access log generation. The value @code{stderr} causes log entries to be
+sent to the standard error file when the scheduler is running in the
+foreground, or to the system log daemon when run in the background. The
+value @code{syslog} causes log entries to be sent to the system log
+daemon. The server name may be included in filenames using the string
+@code{%s}, as in @code{/var/log/cups/%s-page_log}.
+
+Defaults to @samp{"/var/log/cups/page_log"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string remote-root
+Specifies the username that is associated with unauthenticated accesses
+by clients claiming to be the root user. The default is @code{remroot}.
+
+Defaults to @samp{"remroot"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} file-name request-root
+Specifies the directory that contains print jobs and other HTTP request
+data.
+
+Defaults to @samp{"/var/spool/cups"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} sandboxing sandboxing
+Specifies the level of security sandboxing that is applied to print
+filters, backends, and other child processes of the scheduler; either
+@code{relaxed} or @code{strict}. This directive is currently only
+used/supported on macOS.
+
+Defaults to @samp{strict}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} file-name server-keychain
+Specifies the location of TLS certificates and private keys. CUPS will
+look for public and private keys in this directory: a @code{.crt} files
+for PEM-encoded certificates and corresponding @code{.key} files for
+PEM-encoded private keys.
+
+Defaults to @samp{"/etc/cups/ssl"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} file-name server-root
+Specifies the directory containing the server configuration files.
+
+Defaults to @samp{"/etc/cups"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} boolean sync-on-close?
+Specifies whether the scheduler calls fsync(2) after writing
+configuration or state files.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} space-separated-string-list system-group
+Specifies the group(s) to use for @code{@@SYSTEM} group authentication.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} file-name temp-dir
+Specifies the directory where temporary files are stored.
+
+Defaults to @samp{"/var/spool/cups/tmp"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string user
+Specifies the user name or ID that is used when running external
+programs.
+
+Defaults to @samp{"lp"}.
+@end deftypevr
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} access-log-level access-log-level
+Specifies the logging level for the AccessLog file. The @code{config}
+level logs when printers and classes are added, deleted, or modified and
+when configuration files are accessed or updated. The @code{actions}
+level logs when print jobs are submitted, held, released, modified, or
+canceled, and any of the conditions for @code{config}. The @code{all}
+level logs all requests.
+
+Defaults to @samp{actions}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean auto-purge-jobs?
+Specifies whether to purge job history data automatically when it is no
+longer required for quotas.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} browse-local-protocols browse-local-protocols
+Specifies which protocols to use for local printer sharing.
+
+Defaults to @samp{dnssd}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean browse-web-if?
+Specifies whether the CUPS web interface is advertised.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean browsing?
+Specifies whether shared printers are advertised.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string classification
+Specifies the security classification of the server. Any valid banner
+name can be used, including "classified", "confidential", "secret",
+"topsecret", and "unclassified", or the banner can be omitted to disable
+secure printing functions.
+
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean classify-override?
+Specifies whether users may override the classification (cover page) of
+individual print jobs using the @code{job-sheets} option.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} default-auth-type default-auth-type
+Specifies the default type of authentication to use.
+
+Defaults to @samp{Basic}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} default-encryption default-encryption
+Specifies whether encryption will be used for authenticated requests.
+
+Defaults to @samp{Required}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string default-language
+Specifies the default language to use for text and web content.
+
+Defaults to @samp{"en"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string default-paper-size
+Specifies the default paper size for new print queues. @samp{"Auto"}
+uses a locale-specific default, while @samp{"None"} specifies there is
+no default paper size. Specific size names are typically
+@samp{"Letter"} or @samp{"A4"}.
+
+Defaults to @samp{"Auto"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string default-policy
+Specifies the default access policy to use.
+
+Defaults to @samp{"default"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean default-shared?
+Specifies whether local printers are shared by default.
+
+Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer dirty-clean-interval
+Specifies the delay for updating of configuration and state files, in
+seconds. A value of 0 causes the update to happen as soon as possible,
+typically within a few milliseconds.
+
+Defaults to @samp{30}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} error-policy error-policy
+Specifies what to do when an error occurs. Possible values are
+@code{abort-job}, which will discard the failed print job;
+@code{retry-job}, which will retry the job at a later time;
+@code{retry-this-job}, which retries the failed job immediately; and
+@code{stop-printer}, which stops the printer.
+
+Defaults to @samp{stop-printer}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer filter-limit
+Specifies the maximum cost of filters that are run concurrently, which
+can be used to minimize disk, memory, and CPU resource problems. A
+limit of 0 disables filter limiting. An average print to a
+non-PostScript printer needs a filter limit of about 200. A PostScript
+printer needs about half that (100). Setting the limit below these
+thresholds will effectively limit the scheduler to printing a single job
+at any time.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer filter-nice
+Specifies the scheduling priority of filters that are run to print a
+job. The nice value ranges from 0, the highest priority, to 19, the
+lowest priority.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} host-name-lookups host-name-lookups
+Specifies whether to do reverse lookups on connecting clients. The
+@code{double} setting causes @code{cupsd} to verify that the hostname
+resolved from the address matches one of the addresses returned for that
+hostname. Double lookups also prevent clients with unregistered
+addresses from connecting to your server. Only set this option to
+@code{#t} or @code{double} if absolutely required.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-kill-delay
+Specifies the number of seconds to wait before killing the filters and
+backend associated with a canceled or held job.
+
+Defaults to @samp{30}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-retry-interval
+Specifies the interval between retries of jobs in seconds. This is
+typically used for fax queues but can also be used with normal print
+queues whose error policy is @code{retry-job} or
+@code{retry-current-job}.
+
+Defaults to @samp{30}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-retry-limit
+Specifies the number of retries that are done for jobs. This is
+typically used for fax queues but can also be used with normal print
+queues whose error policy is @code{retry-job} or
+@code{retry-current-job}.
+
+Defaults to @samp{5}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean keep-alive?
+Specifies whether to support HTTP keep-alive connections.
+
+Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer keep-alive-timeout
+Specifies how long an idle client connection remains open, in seconds.
+
+Defaults to @samp{30}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer limit-request-body
+Specifies the maximum size of print files, IPP requests, and HTML form
+data. A limit of 0 disables the limit check.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} multiline-string-list listen
+Listens on the specified interfaces for connections. Valid values are
+of the form @var{address}:@var{port}, where @var{address} is either an
+IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to
+indicate all addresses. Values can also be file names of local UNIX
+domain sockets. The Listen directive is similar to the Port directive
+but allows you to restrict access to specific interfaces or networks.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer listen-back-log
+Specifies the number of pending connections that will be allowed. This
+normally only affects very busy servers that have reached the MaxClients
+limit, but can also be triggered by large numbers of simultaneous
+connections. When the limit is reached, the operating system will
+refuse additional connections until the scheduler can accept the pending
+ones.
+
+Defaults to @samp{128}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} location-access-control-list location-access-controls
+Specifies a set of additional access controls.
+
+Available @code{location-access-controls} fields are:
+
+@deftypevr {@code{location-access-controls} parameter} file-name path
+Specifies the URI path to which the access control applies.
+@end deftypevr
+
+@deftypevr {@code{location-access-controls} parameter} access-control-list access-controls
+Access controls for all access to this path, in the same format as the
+@code{access-controls} of @code{operation-access-control}.
+
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{location-access-controls} parameter} method-access-control-list method-access-controls
+Access controls for method-specific access to this path.
+
+Defaults to @samp{()}.
+
+Available @code{method-access-controls} fields are:
+
+@deftypevr {@code{method-access-controls} parameter} boolean reverse?
+If @code{#t}, apply access controls to all methods except the listed
+methods. Otherwise apply to only the listed methods.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{method-access-controls} parameter} method-list methods
+Methods to which this access control applies.
+
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{method-access-controls} parameter} access-control-list access-controls
+Access control directives, as a list of strings. Each string should be
+one directive, such as "Order allow,deny".
+
+Defaults to @samp{()}.
+@end deftypevr
+@end deftypevr
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer log-debug-history
+Specifies the number of debugging messages that are retained for logging
+if an error occurs in a print job. Debug messages are logged regardless
+of the LogLevel setting.
+
+Defaults to @samp{100}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} log-level log-level
+Specifies the level of logging for the ErrorLog file. The value
+@code{none} stops all logging while @code{debug2} logs everything.
+
+Defaults to @samp{info}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} log-time-format log-time-format
+Specifies the format of the date and time in the log files. The value
+@code{standard} logs whole seconds while @code{usecs} logs microseconds.
+
+Defaults to @samp{standard}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-clients
+Specifies the maximum number of simultaneous clients that are allowed by
+the scheduler.
+
+Defaults to @samp{100}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-clients-per-host
+Specifies the maximum number of simultaneous clients that are allowed
+from a single address.
+
+Defaults to @samp{100}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-copies
+Specifies the maximum number of copies that a user can print of each
+job.
+
+Defaults to @samp{9999}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-hold-time
+Specifies the maximum time a job may remain in the @code{indefinite}
+hold state before it is canceled. A value of 0 disables cancellation of
+held jobs.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs
+Specifies the maximum number of simultaneous jobs that are allowed. Set
+to 0 to allow an unlimited number of jobs.
+
+Defaults to @samp{500}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs-per-printer
+Specifies the maximum number of simultaneous jobs that are allowed per
+printer. A value of 0 allows up to MaxJobs jobs per printer.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs-per-user
+Specifies the maximum number of simultaneous jobs that are allowed per
+user. A value of 0 allows up to MaxJobs jobs per user.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-job-time
+Specifies the maximum time a job may take to print before it is
+canceled, in seconds. Set to 0 to disable cancellation of "stuck" jobs.
+
+Defaults to @samp{10800}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-log-size
+Specifies the maximum size of the log files before they are rotated, in
+bytes. The value 0 disables log rotation.
+
+Defaults to @samp{1048576}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer multiple-operation-timeout
+Specifies the maximum amount of time to allow between files in a
+multiple file print job, in seconds.
+
+Defaults to @samp{300}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string page-log-format
+Specifies the format of PageLog lines. Sequences beginning with percent
+(@samp{%}) characters are replaced with the corresponding information,
+while all other characters are copied literally. The following percent
+sequences are recognized:
+
+@table @samp
+@item %%
+insert a single percent character
+
+@item %@{name@}
+insert the value of the specified IPP attribute
+
+@item %C
+insert the number of copies for the current page
+
+@item %P
+insert the current page number
+
+@item %T
+insert the current date and time in common log format
+
+@item %j
+insert the job ID
+
+@item %p
+insert the printer name
+
+@item %u
+insert the username
+@end table
+
+A value of the empty string disables page logging. The string @code{%p
+%u %j %T %P %C %@{job-billing@} %@{job-originating-host-name@}
+%@{job-name@} %@{media@} %@{sides@}} creates a page log with the
+standard items.
+
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} environment-variables environment-variables
+Passes the specified environment variable(s) to child processes; a list
+of strings.
+
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} policy-configuration-list policies
+Specifies named access control policies.
+
+Available @code{policy-configuration} fields are:
+
+@deftypevr {@code{policy-configuration} parameter} string name
+Name of the policy.
+@end deftypevr
+
+@deftypevr {@code{policy-configuration} parameter} string job-private-access
+Specifies an access list for a job's private values. @code{@@ACL} maps
+to the printer's requesting-user-name-allowed or
+requesting-user-name-denied values. @code{@@OWNER} maps to the job's
+owner. @code{@@SYSTEM} maps to the groups listed for the
+@code{system-group} field of the @code{files-config} configuration,
+which is reified into the @code{cups-files.conf(5)} file. Other
+possible elements of the access list include specific user names, and
+@code{@@@var{group}} to indicate members of a specific group. The
+access list may also be simply @code{all} or @code{default}.
+
+Defaults to @samp{"@@OWNER @@SYSTEM"}.
+@end deftypevr
+
+@deftypevr {@code{policy-configuration} parameter} string job-private-values
+Specifies the list of job values to make private, or @code{all},
+@code{default}, or @code{none}.
+
+Defaults to @samp{"job-name job-originating-host-name
+job-originating-user-name phone"}.
+@end deftypevr
+
+@deftypevr {@code{policy-configuration} parameter} string subscription-private-access
+Specifies an access list for a subscription's private values.
+@code{@@ACL} maps to the printer's requesting-user-name-allowed or
+requesting-user-name-denied values. @code{@@OWNER} maps to the job's
+owner. @code{@@SYSTEM} maps to the groups listed for the
+@code{system-group} field of the @code{files-config} configuration,
+which is reified into the @code{cups-files.conf(5)} file. Other
+possible elements of the access list include specific user names, and
+@code{@@@var{group}} to indicate members of a specific group. The
+access list may also be simply @code{all} or @code{default}.
+
+Defaults to @samp{"@@OWNER @@SYSTEM"}.
+@end deftypevr
+
+@deftypevr {@code{policy-configuration} parameter} string subscription-private-values
+Specifies the list of job values to make private, or @code{all},
+@code{default}, or @code{none}.
+
+Defaults to @samp{"notify-events notify-pull-method notify-recipient-uri
+notify-subscriber-user-name notify-user-data"}.
+@end deftypevr
+
+@deftypevr {@code{policy-configuration} parameter} operation-access-control-list access-controls
+Access control by IPP operation.
+
+Defaults to @samp{()}.
+@end deftypevr
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean-or-non-negative-integer preserve-job-files
+Specifies whether job files (documents) are preserved after a job is
+printed. If a numeric value is specified, job files are preserved for
+the indicated number of seconds after printing. Otherwise a boolean
+value applies indefinitely.
+
+Defaults to @samp{86400}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean-or-non-negative-integer preserve-job-history
+Specifies whether the job history is preserved after a job is printed.
+If a numeric value is specified, the job history is preserved for the
+indicated number of seconds after printing. If @code{#t}, the job
+history is preserved until the MaxJobs limit is reached.
+
+Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer reload-timeout
+Specifies the amount of time to wait for job completion before
+restarting the scheduler.
+
+Defaults to @samp{30}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string rip-cache
+Specifies the maximum amount of memory to use when converting documents
+into bitmaps for a printer.
+
+Defaults to @samp{"128m"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string server-admin
+Specifies the email address of the server administrator.
+
+Defaults to @samp{"root@@localhost.localdomain"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} host-name-list-or-* server-alias
+The ServerAlias directive is used for HTTP Host header validation when
+clients connect to the scheduler from external interfaces. Using the
+special name @code{*} can expose your system to known browser-based DNS
+rebinding attacks, even when accessing sites through a firewall. If the
+auto-discovery of alternate names does not work, we recommend listing
+each alternate name with a ServerAlias directive instead of using
+@code{*}.
+
+Defaults to @samp{*}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string server-name
+Specifies the fully-qualified host name of the server.
+
+Defaults to @samp{"localhost"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} server-tokens server-tokens
+Specifies what information is included in the Server header of HTTP
+responses. @code{None} disables the Server header. @code{ProductOnly}
+reports @code{CUPS}. @code{Major} reports @code{CUPS 2}. @code{Minor}
+reports @code{CUPS 2.0}. @code{Minimal} reports @code{CUPS 2.0.0}.
+@code{OS} reports @code{CUPS 2.0.0 (@var{uname})} where @var{uname} is
+the output of the @code{uname} command. @code{Full} reports @code{CUPS
+2.0.0 (@var{uname}) IPP/2.0}.
+
+Defaults to @samp{Minimal}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string set-env
+Set the specified environment variable to be passed to child processes.
+
+Defaults to @samp{"variable value"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} multiline-string-list ssl-listen
+Listens on the specified interfaces for encrypted connections. Valid
+values are of the form @var{address}:@var{port}, where @var{address} is
+either an IPv6 address enclosed in brackets, an IPv4 address, or
+@code{*} to indicate all addresses.
+
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} ssl-options ssl-options
+Sets encryption options. By default, CUPS only supports encryption
+using TLS v1.0 or higher using known secure cipher suites. The
+@code{AllowRC4} option enables the 128-bit RC4 cipher suites, which are
+required for some older clients that do not implement newer ones. The
+@code{AllowSSL3} option enables SSL v3.0, which is required for some
+older clients that do not support TLS v1.0.
+
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean strict-conformance?
+Specifies whether the scheduler requires clients to strictly adhere to
+the IPP specifications.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer timeout
+Specifies the HTTP request timeout, in seconds.
+
+Defaults to @samp{300}.
+
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean web-interface?
+Specifies whether the web interface is enabled.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+At this point you're probably thinking ``oh dear, Guix manual, I like
+you but you can stop already with the configuration options''. Indeed.
+However, one more point: it could be that you have an existing
+@code{cupsd.conf} that you want to use. In that case, you can pass an
+@code{opaque-cups-configuration} as the configuration of a
+@code{cups-service-type}.
+
+Available @code{opaque-cups-configuration} fields are:
+
+@deftypevr {@code{opaque-cups-configuration} parameter} package cups
+The CUPS package.
+@end deftypevr
+
+@deftypevr {@code{opaque-cups-configuration} parameter} string cupsd.conf
+The contents of the @code{cupsd.conf}, as a string.
+@end deftypevr
+
+@deftypevr {@code{opaque-cups-configuration} parameter} string cups-files.conf
+The contents of the @code{cups-files.conf} file, as a string.
+@end deftypevr
+
+For example, if your @code{cupsd.conf} and @code{cups-files.conf} are in
+strings of the same name, you could instantiate a CUPS service like
+this:
+
+@example
+(service cups-service-type
+ (opaque-cups-configuration
+ (cupsd.conf cupsd.conf)
+ (cups-files.conf cups-files.conf)))
+@end example
+
+
@node Desktop Services
@subsubsection Desktop Services
diff --git a/gnu/local.mk b/gnu/local.mk
index c80b213078..1c91e79fea 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -5,6 +5,7 @@
# Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
# Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
# Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+# Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
# Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
#
# This file is part of GNU Guix.
@@ -391,6 +392,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/admin.scm \
%D%/services/avahi.scm \
%D%/services/base.scm \
+ %D%/services/cups.scm \
%D%/services/databases.scm \
%D%/services/dbus.scm \
%D%/services/desktop.scm \
@@ -471,6 +473,7 @@ dist_patch_DATA = \
%D%/packages/patches/bigloo-gc-shebangs.patch \
%D%/packages/patches/binutils-ld-new-dtags.patch \
%D%/packages/patches/binutils-loongson-workaround.patch \
+ %D%/packages/patches/binutils-mips-bash-bug.patch \
%D%/packages/patches/byobu-writable-status.patch \
%D%/packages/patches/calibre-drop-unrar.patch \
%D%/packages/patches/calibre-no-updates-dialog.patch \
@@ -510,9 +513,6 @@ dist_patch_DATA = \
%D%/packages/patches/emacs-source-date-epoch.patch \
%D%/packages/patches/eudev-rules-directory.patch \
%D%/packages/patches/evilwm-lost-focus-bug.patch \
- %D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \
- %D%/packages/patches/expat-CVE-2015-1283-refix.patch \
- %D%/packages/patches/expat-CVE-2016-0718.patch \
%D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \
%D%/packages/patches/fastcap-mulSetup.patch \
@@ -523,15 +523,15 @@ dist_patch_DATA = \
%D%/packages/patches/fasthenry-spFactor.patch \
%D%/packages/patches/findutils-localstatedir.patch \
%D%/packages/patches/findutils-test-xargs.patch \
+ %D%/packages/patches/flex-CVE-2016-6354.patch \
%D%/packages/patches/flint-ldconfig.patch \
%D%/packages/patches/fltk-shared-lib-defines.patch \
%D%/packages/patches/fltk-xfont-on-demand.patch \
- %D%/packages/patches/fontconfig-CVE-2016-5384.patch \
%D%/packages/patches/fontforge-svg-modtime.patch \
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
- %D%/packages/patches/gawk-fts-test.patch \
%D%/packages/patches/gawk-shell.patch \
+ %D%/packages/patches/gcc-arm-bug-71399.patch \
%D%/packages/patches/gcc-arm-link-spec-fix.patch \
%D%/packages/patches/gcc-cross-environment-variables.patch \
%D%/packages/patches/gcc-libvtv-runpath.patch \
@@ -562,7 +562,6 @@ dist_patch_DATA = \
%D%/packages/patches/gmp-faulty-test.patch \
%D%/packages/patches/gnome-tweak-tool-search-paths.patch \
%D%/packages/patches/gnucash-price-quotes-perl.patch \
- %D%/packages/patches/gnupg-fix-expired-test.patch \
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
%D%/packages/patches/gobject-introspection-cc.patch \
%D%/packages/patches/gobject-introspection-girepository.patch \
@@ -604,6 +603,7 @@ dist_patch_DATA = \
%D%/packages/patches/id3lib-CVE-2007-4460.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
%D%/packages/patches/inkscape-drop-wait-for-targets.patch \
+ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \
%D%/packages/patches/jansson-CVE-2016-4425.patch \
%D%/packages/patches/jasper-CVE-2007-2721.patch \
%D%/packages/patches/jasper-CVE-2008-3520.patch \
@@ -675,17 +675,8 @@ dist_patch_DATA = \
%D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \
%D%/packages/patches/libwmf-CVE-2015-4695.patch \
%D%/packages/patches/libwmf-CVE-2015-4696.patch \
- %D%/packages/patches/libx11-CVE-2016-7942.patch \
- %D%/packages/patches/libx11-CVE-2016-7943.patch \
- %D%/packages/patches/libxfixes-CVE-2016-7944.patch \
- %D%/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch \
- %D%/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch \
- %D%/packages/patches/libxrender-CVE-2016-7949.patch \
- %D%/packages/patches/libxrender-CVE-2016-7950.patch \
- %D%/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch \
- %D%/packages/patches/libxv-CVE-2016-5407.patch \
- %D%/packages/patches/libxvmc-CVE-2016-7953.patch \
%D%/packages/patches/libxslt-generated-ids.patch \
+ %D%/packages/patches/linux-pam-no-setfsuid.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/llvm-for-extempore.patch \
%D%/packages/patches/lm-sensors-hwmon-attrs.patch \
@@ -742,8 +733,6 @@ dist_patch_DATA = \
%D%/packages/patches/openssl-runpath.patch \
%D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \
%D%/packages/patches/openssl-c-rehash-in.patch \
- %D%/packages/patches/openssl-CVE-2016-2177.patch \
- %D%/packages/patches/openssl-CVE-2016-2178.patch \
%D%/packages/patches/orpheus-cast-errors-and-includes.patch \
%D%/packages/patches/ots-no-include-missing-file.patch \
%D%/packages/patches/p7zip-remove-unused-code.patch \
@@ -753,8 +742,6 @@ dist_patch_DATA = \
%D%/packages/patches/patch-hurd-path-max.patch \
%D%/packages/patches/pcre-CVE-2016-3191.patch \
%D%/packages/patches/pcre2-CVE-2016-3191.patch \
- %D%/packages/patches/perl-CVE-2015-8607.patch \
- %D%/packages/patches/perl-CVE-2016-2381.patch \
%D%/packages/patches/perl-autosplit-default-time.patch \
%D%/packages/patches/perl-deterministic-ordering.patch \
%D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
@@ -763,10 +750,9 @@ dist_patch_DATA = \
%D%/packages/patches/perl-net-amazon-s3-moose-warning.patch \
%D%/packages/patches/perl-net-ssleay-disable-ede-test.patch \
%D%/packages/patches/perl-net-dns-resolver-programmable-Fix-broken-interface.patch \
- %D%/packages/patches/perl-no-build-time.patch \
%D%/packages/patches/perl-no-sys-dirs.patch \
%D%/packages/patches/perl-module-pluggable-search.patch \
- %D%/packages/patches/perl-source-date-epoch.patch \
+ %D%/packages/patches/perl-reproducible-build-date.patch \
%D%/packages/patches/pidgin-add-search-path.patch \
%D%/packages/patches/pinball-const-fix.patch \
%D%/packages/patches/pinball-cstddef.patch \
@@ -782,7 +768,6 @@ dist_patch_DATA = \
%D%/packages/patches/portmidi-modular-build.patch \
%D%/packages/patches/procmail-ambiguous-getline-debian.patch \
%D%/packages/patches/procmail-CVE-2014-3618.patch \
- %D%/packages/patches/procps-non-linux.patch \
%D%/packages/patches/pt-scotch-build-parallelism.patch \
%D%/packages/patches/pulseaudio-fix-mult-test.patch \
%D%/packages/patches/pulseaudio-longer-test-timeout.patch \
@@ -796,8 +781,9 @@ dist_patch_DATA = \
%D%/packages/patches/python-2.7-source-date-epoch.patch \
%D%/packages/patches/python-3-deterministic-build-info.patch \
%D%/packages/patches/python-3-search-paths.patch \
+ %D%/packages/patches/python-3.4-fix-tests.patch \
+ %D%/packages/patches/python-3.5-fix-tests.patch \
%D%/packages/patches/python-dendropy-exclude-failing-tests.patch \
- %D%/packages/patches/python-disable-ssl-test.patch \
%D%/packages/patches/python-django-fix-testcase.patch \
%D%/packages/patches/python-fix-tests.patch \
%D%/packages/patches/python-ipython-inputhook-ctype.patch \
@@ -847,6 +833,7 @@ dist_patch_DATA = \
%D%/packages/patches/tar-skip-unreliable-tests.patch \
%D%/packages/patches/tcl-mkindex-deterministic.patch \
%D%/packages/patches/tclxml-3.2-install.patch \
+ %D%/packages/patches/tcsh-do-not-define-BSDWAIT.patch \
%D%/packages/patches/tcsh-fix-autotest.patch \
%D%/packages/patches/teensy-loader-cli-help.patch \
%D%/packages/patches/texi2html-document-encoding.patch \
diff --git a/gnu/packages/acl.scm b/gnu/packages/acl.scm
index 415fae496b..ae6764993b 100644
--- a/gnu/packages/acl.scm
+++ b/gnu/packages/acl.scm
@@ -59,7 +59,7 @@
%standard-phases))))
(inputs `(("attr" ,attr)))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("perl" ,perl)))
(home-page "http://savannah.nongnu.org/projects/acl")
(synopsis
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index d9b08efc4c..9724c9b652 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -178,7 +178,7 @@ interface and is based on GNU Guile.")
"0zk1ppx93ijimf4sbgqilxxikpsa2gmpbynknyh41xy7jbdjxp0b"))))
(build-system cmake-build-system)
(arguments '(#:tests? #f)) ; There are no tests.
- (native-inputs `(("gettext" ,gnu-gettext)))
+ (native-inputs `(("gettext" ,gettext-minimal)))
(home-page "http://projects.gw-computing.net/projects/dfc")
(synopsis "Display file system space usage using graphs and colors")
(description
@@ -1761,7 +1761,7 @@ highly portable. Great for heterogenous networks.")
(delete 'configure)))) ; no configure script
(inputs
`(("gtk+" ,gtk+)
- ("gnu-gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("libnotify" ,libnotify)))
(native-inputs
`(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index 9e19d5552f..32f23597ae 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -534,14 +534,14 @@ a C program.")
(define-public fftw
(package
(name "fftw")
- (version "3.3.4")
+ (version "3.3.5")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.fftw.org/pub/fftw/fftw-"
version".tar.gz"))
(sha256
(base32
- "10h9mzjxnwlsjziah4lri85scc05rlajz39nqf3mbh4vja8dw34g"))))
+ "1kwbx92ps0r7s2mqy7lxbxanslxdzj7dp7r7gmdkzv1j8yqf3kwf"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-shared" "--enable-openmp")
diff --git a/gnu/packages/apl.scm b/gnu/packages/apl.scm
index 5b55c9cef3..1c7d42b713 100644
--- a/gnu/packages/apl.scm
+++ b/gnu/packages/apl.scm
@@ -41,7 +41,7 @@
(build-system gnu-build-system)
(home-page "http://www.gnu.org/software/apl/")
(inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("lapack" ,lapack)
("sqlite" ,sqlite)
("readline" ,readline)))
diff --git a/gnu/packages/attr.scm b/gnu/packages/attr.scm
index 53766af06f..907a568bdd 100644
--- a/gnu/packages/attr.scm
+++ b/gnu/packages/attr.scm
@@ -69,7 +69,7 @@
'()
`(("perl" ,perl))))
(native-inputs
- `(("gettext" ,gnu-gettext)))
+ `(("gettext" ,gettext-minimal)))
(home-page "http://savannah.nongnu.org/projects/attr/")
(synopsis "Library and tools for manipulating extended attributes")
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index d2203229af..811da498cc 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -397,7 +397,7 @@ envelope follower, distortion effects, tape effects and more.")
("liblo" ,liblo)
("ladspa" ,ladspa)
("jack" ,jack-1)
- ("gettext" ,gnu-gettext)))
+ ("gettext" ,gettext-minimal)))
(native-inputs
`(("bison" ,bison)
("flex" ,flex)
@@ -948,7 +948,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
`(("gperf" ,gperf)
("faust" ,faust)
("intltool" ,intltool)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(native-search-paths
(list (search-path-specification
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 797c06e149..ffd7ef4c3e 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -172,13 +172,17 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
- (replacement libarchive/fixed)
(version "3.2.1")
(source
(origin
(method url-fetch)
(uri (string-append "http://libarchive.org/downloads/libarchive-"
version ".tar.gz"))
+ (patches (search-patches
+ "libarchive-7zip-heap-overflow.patch"
+ "libarchive-fix-symlink-check.patch"
+ "libarchive-fix-filesystem-attacks.patch"
+ "libarchive-safe_fprintf-buffer-overflow.patch"))
(sha256
(base32
"1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj"))))
@@ -228,17 +232,6 @@ archive. In particular, note that there is currently no built-in support for
random access nor for in-place modification.")
(license license:bsd-2)))
-(define libarchive/fixed
- (package
- (inherit libarchive)
- (source (origin
- (inherit (package-source libarchive))
- (patches (search-patches
- "libarchive-7zip-heap-overflow.patch"
- "libarchive-fix-symlink-check.patch"
- "libarchive-fix-filesystem-attacks.patch"
- "libarchive-safe_fprintf-buffer-overflow.patch"))))))
-
(define-public rdup
(package
(name "rdup")
@@ -435,7 +428,27 @@ detection, and lossless compression.")
(setenv "BORG_OPENSSL_PREFIX" openssl)
(setenv "BORG_LZ4_PREFIX" lz4)
(setenv "PYTHON_EGG_CACHE" "/tmp")
+ ;; The test 'test_return_codes[python]' fails when
+ ;; HOME=/homeless-shelter.
+ (setenv "HOME" "/tmp")
#t)))
+ ;; The tests need to be run after Borg is installed.
+ (delete 'check)
+ (add-after 'install 'check
+ (lambda _
+ (zero?
+ (system* "py.test" "-v" "--pyargs" "borg.testsuite" "-k"
+ (string-append
+ ;; These tests need to write to '/var'.
+ "not test_get_cache_dir "
+ "and not test_get_keys_dir "
+ ;; These tests assume there is a root user in
+ ;; '/etc/passwd'.
+ "and not test_access_acl "
+ "and not test_default_acl "
+ "and not test_non_ascii_acl "
+ ;; This test needs the unpackaged pytest-benchmark.
+ "and not benchmark")))))
(add-after 'install 'install-doc
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
@@ -449,6 +462,7 @@ detection, and lossless compression.")
(native-inputs
`(("python-cython" ,python-cython)
("python-setuptools-scm" ,python-setuptools-scm)
+ ("python-pytest" ,python-pytest)
;; For generating the documentation.
("python-sphinx" ,python-sphinx)
("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)))
@@ -482,7 +496,10 @@ to not fully trusted targets. Borg is a fork of Attic.")
"0b5skd36r4c0915lwpkqg5hxm49gls9pprs1b7hc40910wlcsl36"))))
(build-system python-build-system)
(arguments
- `(#:phases
+ `(;; The tests assume they are run as root:
+ ;; https://github.com/jborg/attic/issues/7
+ #:tests? #f
+ #:phases
(modify-phases %standard-phases
(add-before
'build 'set-openssl-prefix
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index a476837102..5aea2cee0e 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -88,6 +88,20 @@ command-line arguments, multiple languages, and so on.")
(patches (search-patches "grep-timing-sensitive-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl))) ;some of the tests require it
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-after 'install 'fix-egrep-and-fgrep
+ ;; Patch 'egrep' and 'fgrep' to execute 'grep' via its
+ ;; absolute file name instead of searching for it in $PATH.
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bin (string-append out "/bin")))
+ (substitute* (list (string-append bin "/egrep")
+ (string-append bin "/fgrep"))
+ (("^exec grep")
+ (string-append "exec " bin "/grep")))
+ #t))))))
(synopsis "Print lines matching a pattern")
(description
"grep is a tool for finding text inside files. Text is found by
@@ -205,14 +219,14 @@ differences.")
(define-public diffutils
(package
(name "diffutils")
- (version "3.3")
+ (version "3.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/diffutils/diffutils-"
version ".tar.xz"))
(sha256
(base32
- "1761vymxbp4wb5rzjvabhdkskk95pghnn67464byvzb5mfl8jpm2"))))
+ "0csmqfz8ks23kdjsq0v2ll1acqiz8lva06dj19mwmymrsp69ilys"))))
(build-system gnu-build-system)
(synopsis "Comparing and merging files")
(description
@@ -325,30 +339,30 @@ functionality beyond that which is outlined in the POSIX standard.")
(define-public gnu-make
(package
(name "make")
- (version "4.2")
+ (version "4.2.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/make/make-" version
".tar.bz2"))
(sha256
(base32
- "0pv5rvz5pp4njxiz3syf786d2xp4j7gzddwjvgw5zmz55yvf6p2f"))
+ "12f5zzyq2w56g95nni65hc0g5p7154033y2f3qmjvd016szn5qnn"))
(patches (search-patches "make-impure-dirs.patch"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config))) ; to detect Guile
(inputs `(("guile" ,guile-2.0)))
(outputs '("out" "debug"))
(arguments
- '(#:phases (alist-cons-before
- 'build 'set-default-shell
- (lambda* (#:key inputs #:allow-other-keys)
- ;; Change the default shell from /bin/sh.
- (let ((bash (assoc-ref inputs "bash")))
- (substitute* "job.c"
- (("default_shell =.*$")
- (format #f "default_shell = \"~a/bin/bash\";\n"
- bash)))))
- %standard-phases)))
+ '(#:phases
+ (modify-phases %standard-phases
+ (add-before 'build 'set-default-shell
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; Change the default shell from /bin/sh.
+ (let ((bash (assoc-ref inputs "bash")))
+ (substitute* "job.c"
+ (("default_shell =.*$")
+ (format #f "default_shell = \"~a/bin/bash\";\n"
+ bash)))))))))
(synopsis "Remake files automatically")
(description
"Make is a program that is used to control the production of
@@ -363,16 +377,17 @@ change. GNU make offers many powerful extensions over the standard utility.")
(define-public binutils
(package
(name "binutils")
- (version "2.25.1")
+ (version "2.27")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/binutils/binutils-"
version ".tar.bz2"))
(sha256
(base32
- "08lzmhidzc16af1zbx34f8cy4z7mzrswpdbhrb8shy3xxpflmcdm"))
+ "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn"))
(patches (search-patches "binutils-ld-new-dtags.patch"
- "binutils-loongson-workaround.patch"))))
+ "binutils-loongson-workaround.patch"
+ "binutils-mips-bash-bug.patch"))))
(build-system gnu-build-system)
;; TODO: Add dependency on zlib + those for Gold.
@@ -476,14 +491,14 @@ store.")
(define-public glibc/linux
(package
(name "glibc")
- (version "2.23")
+ (version "2.24")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-"
version ".tar.xz"))
(sha256
(base32
- "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))
+ "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r"))
(snippet
;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is
;; required on LFS distros to avoid loading the distro's libc.so
@@ -511,7 +526,7 @@ store.")
#:parallel-build? #f
;; The libraries have an empty RUNPATH, but some, such as the versioned
- ;; libraries (libdl-2.23.so, etc.) have ld.so marked as NEEDED. Since
+ ;; libraries (libdl-2.24.so, etc.) have ld.so marked as NEEDED. Since
;; these libraries are always going to be found anyway, just skip
;; RUNPATH checks.
#:validate-runpath? #f
@@ -527,7 +542,7 @@ store.")
;; Set the default locale path. In practice, $LOCPATH may be
;; defined to point whatever locales users want. However, setuid
;; binaries don't honor $LOCPATH, so they'll instead look into
- ;; $libc_cv_localedir; we choose /run/current-system/locale/X.Y,
+ ;; $libc_cv_complocaledir; we choose /run/current-system/locale/X.Y,
;; with the idea that it is going to be populated by the sysadmin.
;; The "X.Y" sub-directory is because locale data formats are
;; incompatible across libc versions; see
@@ -535,8 +550,7 @@ store.")
;;
;; `--localedir' is not honored, so work around it.
;; See <http://sourceware.org/ml/libc-alpha/2013-03/msg00093.html>.
- ;; FIXME: This hack no longer works on 2.23!
- (string-append "libc_cv_localedir=/run/current-system/locale/"
+ (string-append "libc_cv_complocaledir=/run/current-system/locale/"
,version)
(string-append "--with-headers="
@@ -629,7 +643,7 @@ store.")
;; install the message catalogs, with 'msgfmt'.
(native-inputs `(("texinfo" ,texinfo)
("perl" ,perl)
- ("gettext" ,gnu-gettext)))
+ ("gettext" ,gettext-minimal)))
(native-search-paths
;; Search path for packages that provide locale data. This is useful
@@ -905,7 +919,7 @@ command.")
(define-public tzdata
(package
(name "tzdata")
- (version "2015g")
+ (version "2016g")
(source (origin
(method url-fetch)
(uri (string-append
@@ -913,7 +927,7 @@ command.")
version ".tar.gz"))
(sha256
(base32
- "0qb1awqrn3215zd2jikpqnmkzrxwfjf0d3dw2xmnk4c40yzws8xr"))))
+ "1lgbh49bsbysibzr7imjsh1xa7pqmimphxvvwh6kncj7pjr3fw9w"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f
@@ -936,23 +950,24 @@ command.")
(guix build gnu-build-system)
(srfi srfi-1))
#:phases
- (alist-replace
- 'unpack
- (lambda* (#:key source inputs #:allow-other-keys)
- (and (zero? (system* "tar" "xvf" source))
- (zero? (system* "tar" "xvf" (assoc-ref inputs "tzcode")))))
- (alist-cons-after
- 'install 'post-install
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Move data in the right place.
- (let ((out (assoc-ref outputs "out")))
- (copy-recursively (string-append out "/share/zoneinfo-posix")
- (string-append out "/share/zoneinfo/posix"))
- (copy-recursively (string-append out "/share/zoneinfo-leaps")
- (string-append out "/share/zoneinfo/right"))
- (delete-file-recursively (string-append out "/share/zoneinfo-posix"))
- (delete-file-recursively (string-append out "/share/zoneinfo-leaps"))))
- (alist-delete 'configure %standard-phases)))))
+ (modify-phases %standard-phases
+ (replace 'unpack
+ (lambda* (#:key source inputs #:allow-other-keys)
+ (and (zero? (system* "tar" "xvf" source))
+ (zero? (system* "tar" "xvf" (assoc-ref inputs "tzcode"))))))
+ (add-after 'install 'post-install
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move data in the right place.
+ (let ((out (assoc-ref outputs "out")))
+ (symlink (string-append out "/share/zoneinfo")
+ (string-append out "/share/zoneinfo/posix"))
+ (delete-file-recursively
+ (string-append out "/share/zoneinfo-posix"))
+ (copy-recursively (string-append out "/share/zoneinfo-leaps")
+ (string-append out "/share/zoneinfo/right"))
+ (delete-file-recursively
+ (string-append out "/share/zoneinfo-leaps")))))
+ (delete 'configure))))
(inputs `(("tzcode" ,(origin
(method url-fetch)
(uri (string-append
@@ -960,7 +975,7 @@ command.")
version ".tar.gz"))
(sha256
(base32
- "1i3y1kzjiz2j62c7vd4wf85983sqk9x9lg3473njvbdz4kph5r0q"))))))
+ "0azsz436vd65bkdkdmjgsh7zhh0whnqqfliva45191krmm3hpy8z"))))))
(home-page "http://www.iana.org/time-zones")
(synopsis "Database of current and historical time zones")
(description "The Time Zone Database (often called tz or zoneinfo)
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index f3d851717f..d328d711d1 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
;;;
@@ -51,52 +51,10 @@
(list (bash-patch seqno (base32 hash))
...))
-(define %patch-series-4.3
- ;; This is the current patches series for 4.3, generated using
+(define %patch-series-4.4
+ ;; This is the current patches series for 4.4, generated using
;; 'download-patches' below.
- (patch-series
- (1 "0hip2n2s5hws8p4nfcz37379zn6cak83ljsm64z52rw6ckrdzczc")
- (2 "0ashj5d1g3zbyr7zf0r72s5wnk96cz1xj919y3jajadbc9qcvrzf")
- (3 "0z88q4daq7dmw93iqd9c5i5d1sndklih3nrh0v75746da2n6w3h0")
- (4 "0f0kh9j5k4ym6knshscx31przm50x5cc7ifkwqk0swh6clna982y")
- (5 "1ym3b8b7lgmdp3dklp8qaqhyq965wd5392namq8mz7rb0d231j0s")
- (6 "04q20igq49py49ynb0f83f6f52cdkyqwd9bpic6akr0m5pkqwr50")
- (7 "18zkz23d9myshrwfcwcdjk7qmkqp8az5n91ni9jaixlwqlhy64qi")
- (8 "0pprcwvh7ngdli0x95pc1cpssg4qg7layi9xrv2jq6c7965ajhcr")
- (9 "19a0pf0alp30d1bjj0zf3zq2f5n0s6y91w7brm9jyswl51kns8n0")
- (10 "1dzhr5ammyijisz48cqi5vaw26hfr5vh9smnqxq4qc9p06f7j1ff")
- (11 "0fvzdzzi142a8rf3v965r6gbpn0k7fv2gif1yq8a4160vcn40qvw")
- (12 "04lcgfcyz7p3zagb4hkia3hkpd7lii9m8ycy9qqwzyrm1c1pj4ry")
- (13 "0y9cqi378z6flapkd5k5lfl4lq3ivzg4njj3i3wmw7xb6r9wma5z")
- (14 "04xcb0k9fxxq4vashgzb98567xzdnm4655nlm4jvfvjv6si6ykas")
- (15 "13ay6lldy1p00xj41nfjpq8lai3vw2qwca79gx6s80z04j53wa8k")
- (16 "0wq7bvx3pfw90pnfb86yg5nr9jgjsvm2nq5rrkqxf6zn977hpmlj")
- (17 "103p7sibihv6cshqj12k546zsbz0dnd5cv5vlx1719avddfc4rqj")
- (18 "0n1x3812y1brb9xbabaj3fvr4cpvm2225iwckmqk2fcpkq5b9a3s")
- (19 "08rd1p7zpzgbpmmmnj2im8wj2pcwmbbx51psr9vdc5c049si9ad7")
- (20 "163c6g05qpag2plx5q795pmw3f3m904jy7z93xj2i08pgzc8cpna")
- (21 "1a90cl3h10dh8k9f2ddrsjmw5ywaw2d5x78xb4fd2sryi039yhs1")
- (22 "120s0s4qcqd0q12j1iv0hkpf9fp3w5jnqw646kv66n66jnxlfkgx")
- (23 "1m00sfi88p2akgiyrg4hw0gvz3s1586pkzjdr3dm73vs773m1hls")
- (24 "0v0gjqzjsqjfgj5x17fq7g649k94jn8zq92qsxkhc2d6l215hl1v")
- (25 "0lcj96i659q35f1jcmwwbnw3p7w7vvlxjxqi989vn6d6qksqcl8y") ;CVE-2014-6271
- (26 "0k919ir0inwn4wai2vdzpbwqq5h54fnrlkmgccxjg91v3ch15k1f") ;CVE-2014-7169
- (27 "1gnsfvq6bhb3srlbh0cannj2hackdsipcg7z0ds7zlk1hp96mdqy")
- (28 "17a65c4fn4c5rgsiw9gqqnzhznh3gwnd2xzzv2dppyi48znxpc78") ;CVE-2014-7186
- (29 "14k27p28r5l2fz3r03kd0x72vvsq8bja8c6hjz5kxikbzsbs7i2c") ;CVE-2014-6277
- (30 "0nrqb0m7s89qsrbfaffpilc5gcf82bx9yvgzld4hr79p5y54yhw5") ;CVE-2014-6278
- (31 "07d62bl3z7qa8v6kgk47vzzazw563mlk9zhrsr4xsbqgvmcrylnd")
- (32 "0jjgapfq4qhmndfrw8c3q3lva8xjdhlbd9cc631v41b0kb95g4w8")
- (33 "05ma5rlxiadnfh925p4y7s0vvk917kmsdb1mfdx05gizl63pfapv")
- (34 "12gq9whkq3naa3iy7c7x5pfpvrg7d0kwqld8609zxphhy424ysgi")
- (35 "1qy1jflmbazjykq766gwabkaiswnx7pwa66whqiny0w02zjqa39p")
- (36 "0z6jbyy70lfdm6d3x0sbazbqdxb3xnpn9bmz7madpvrnbd284pxc")
- (37 "04sqr8zkl6s5fccfvb775ppn3ldij5imria9swc39aq0fkfp1w9k")
- (38 "0rv3g14mpgv8br267bf7rmgqlgwnc4v6g3g8y0sjba571i8amgmd")
- (39 "1v3l3vkc3g2b6fjycqwlakr8xhiw6bmw6q0zd6bi0m0m4bnxr55b")
- (40 "0sypv66vsldmc95gwvf7ylz1k7y37vnvdsjg8ajjr6b2j9mkkfw4")
- (41 "06ic2gdpbi1afik3wqf9d4vh95if4bz8bmhcgr555621dsb35i2f")
- (42 "06a90k0p6bqc4wk2dsmapna69124an76xvlnlj3xm497vci968dc")))
+ (patch-series))
(define (download-patches store count)
"Download COUNT Bash patches into store. Return a list of
@@ -134,34 +92,7 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
" -Wl,-rpath -Wl,"
(assoc-ref %build-inputs "ncurses")
"/lib")))
- (post-install-phase
- '(lambda* (#:key outputs #:allow-other-keys)
- ;; Add a `bash' -> `sh' link.
- (let ((out (assoc-ref outputs "out")))
- (with-directory-excursion (string-append out "/bin")
- (symlink "bash" "sh")))))
- (install-headers-phase
- '(lambda* (#:key outputs #:allow-other-keys)
- ;; Install Bash headers so that packages that provide extensions
- ;; can use them. We install them in include/bash; that's what
- ;; Debian does and what Bash extensions like recutils or
- ;; guile-bash expect.
- (let ((include (string-append (assoc-ref outputs "include")
- "/include/bash"))
- (includes "^\\./include/[^/]+\\.h$")
- (headers "^\\./(builtins/|lib/glob/|lib/tilde/|)[^/]+\\.h$"))
- (mkdir-p include)
- (for-each (lambda (file)
- (when (string-match includes file)
- (install-file file include))
- (when (string-match headers file)
- (install-file file
- (string-append include "/"
- (dirname file)))))
- (find-files "." "\\.h$"))
- (delete-file (string-append include "/" "y.tab.h"))
- #t)))
- (version "4.3"))
+ (version "4.4"))
(package
(name "bash")
(source (origin
@@ -170,22 +101,16 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
"mirror://gnu/bash/bash-" version ".tar.gz"))
(sha256
(base32
- "1m14s1f61mf6bijfibcjm9y6pkyvz6gibyl8p4hxq90fisi8gimg"))
+ "1jyz6snd63xjn6skk7za6psgidsd53k05cr3lksqybi0q6936syq"))
(patch-flags '("-p0"))
- (patches %patch-series-4.3)
-
- ;; The patches above modify 'parse.y', so force a rebuild of the
- ;; parser.
- (snippet '(for-each delete-file
- '("y.tab.c" "y.tab.h" "parser-built")))))
+ (patches %patch-series-4.4)))
(version (string-append version "."
- (number->string (length %patch-series-4.3))))
+ (number->string (length %patch-series-4.4))))
(build-system gnu-build-system)
(outputs '("out"
"doc" ;1.7 MiB of HTML and extra files
"include")) ;headers used by extensions
- (native-inputs `(("bison" ,bison))) ;to rebuild the parser
(inputs `(("readline" ,readline)
("ncurses" ,ncurses))) ;TODO: add texinfo
(arguments
@@ -206,14 +131,41 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
;; for now.
#:tests? #f
- #:modules ((ice-9 regex)
+ #:modules ((srfi srfi-26)
(guix build utils)
(guix build gnu-build-system))
- #:phases (modify-phases %standard-phases
- (add-after 'install 'post-install ,post-install-phase)
- (add-after 'install 'install-headers
- ,install-headers-phase))))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'install 'install-sh-symlink
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Add a `sh' -> `bash' link.
+ (let ((out (assoc-ref outputs "out")))
+ (with-directory-excursion (string-append out "/bin")
+ (symlink "bash" "sh")))))
+
+ (add-after 'install 'move-development-files
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move 'Makefile.inc' and 'bash.pc' to "include" to avoid
+ ;; circular references among the outputs.
+ (let ((out (assoc-ref outputs "out"))
+ (include (assoc-ref outputs "include"))
+ (lib (cut string-append <> "/lib/bash")))
+ (mkdir-p (lib include))
+ (rename-file (string-append (lib out)
+ "/Makefile.inc")
+ (string-append (lib include)
+ "/Makefile.inc"))
+ (rename-file (string-append out "/lib/pkgconfig")
+ (string-append include
+ "/lib/pkgconfig"))
+ #t))))))
+
+ (native-search-paths
+ (list (search-path-specification ;new in 4.4
+ (variable "BASH_LOADABLES_PATH")
+ (files '("lib/bash")))))
+
(synopsis "The GNU Bourne-Again SHell")
(description
"Bash is the shell, or command-line interpreter, of the GNU system. It
@@ -230,6 +182,10 @@ without modification.")
(package (inherit bash)
(name "bash-minimal")
(inputs '()) ; no readline, no curses
+
+ ;; No "include" output because there's no support for loadable modules.
+ (outputs (delete "include" (package-outputs bash)))
+
(arguments
(let ((args `(#:modules ((guix build gnu-build-system)
(guix build utils)
@@ -246,9 +202,17 @@ without modification.")
"--disable-net-redirections"
"--disable-nls"
+ ;; Pretend 'dlopen' is missing so we don't build loadable
+ ;; modules and related code.
+ "ac_cv_func_dlopen=no"
+
,@(if (%current-target-system)
'("bash_cv_job_control_missing=no")
- '()))))))))
+ '())))
+ ((#:phases phases)
+ `(modify-phases ,phases
+ ;; No loadable modules.
+ (delete 'move-development-files))))))))
(define-public static-bash
;; Statically-linked Bash that contains nothing but the 'bash' binary and
@@ -261,16 +225,15 @@ without modification.")
(substitute-keyword-arguments
`(#:allowed-references ("out") ,@(package-arguments bash))
((#:phases phases)
- `(alist-cons-after
- 'strip 'remove-everything-but-the-binary
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (bin (string-append out "/bin")))
- (remove-store-references (string-append bin "/bash"))
- (delete-file (string-append bin "/bashbug"))
- (delete-file-recursively (string-append out "/share"))
- #t))
- ,phases)))))))
+ `(modify-phases ,phases
+ (add-after 'strip 'remove-everything-but-the-binary
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bin (string-append out "/bin")))
+ (remove-store-references (string-append bin "/bash"))
+ (delete-file (string-append bin "/bashbug"))
+ (delete-file-recursively (string-append out "/share"))
+ #t))))))))))
(define-public bash-completion
(package
diff --git a/gnu/packages/cdrom.scm b/gnu/packages/cdrom.scm
index 39c7b52426..1524ef530b 100644
--- a/gnu/packages/cdrom.scm
+++ b/gnu/packages/cdrom.scm
@@ -205,7 +205,7 @@ reconstruction capability.")
(inputs
`(("gtk+" ,gtk+-2)))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)
("which" ,which)))
(arguments
diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm
index ac88e59ec1..cd82978de2 100644
--- a/gnu/packages/cmake.scm
+++ b/gnu/packages/cmake.scm
@@ -32,12 +32,13 @@
#:use-module (gnu packages compression)
#:use-module (gnu packages curl)
#:use-module (gnu packages file)
+ #:use-module (gnu packages ncurses)
#:use-module (gnu packages xml))
(define-public cmake
(package
(name "cmake")
- (version "3.5.2")
+ (version "3.6.1")
(source (origin
(method url-fetch)
(uri (string-append "https://www.cmake.org/files/v"
@@ -45,7 +46,7 @@
"/cmake-" version ".tar.gz"))
(sha256
(base32
- "0ap6nlmv6nda942db43k9k9mhnm5dm3fsapzvy0vh6wq7l6l3n4j"))
+ "04ggm9c0zklxypm6df1v4klrrd85m6vpv13kasj42za283n9ivi8"))
(patches (search-patches "cmake-fix-tests.patch"))))
(build-system gnu-build-system)
(arguments
@@ -97,27 +98,20 @@
"--mandir=share/man"
,(string-append
"--docdir=share/doc/cmake-"
- (version-major+minor version)))))))
- (add-after 'unpack 'remove-libarchive-version-test
- ; This test check has been failing consistantly over libarchive 3.2.x
- ; and cmake 3.4.x and 3.5.x so we disable it for now
- (lambda _
- (substitute*
- "Tests/CMakeOnly/AllFindModules/CMakeLists.txt"
- (("LibArchive") ""))
- #t)))))
+ (version-major+minor version))))))))))
(inputs
`(("file" ,file)
("curl" ,curl)
("zlib" ,zlib)
("expat" ,expat)
("bzip2" ,bzip2)
+ ("ncurses" ,ncurses) ; required for ccmake
("libarchive" ,libarchive)))
(native-search-paths
(list (search-path-specification
(variable "CMAKE_PREFIX_PATH")
(files '("")))))
- (home-page "http://www.cmake.org/")
+ (home-page "https://www.cmake.org/")
(synopsis "Cross-platform build system")
(description
"CMake is a family of tools designed to build, test and package software.
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index cce831bfb6..53ba7189b4 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -27,15 +27,18 @@
#:use-module (gnu packages bash)
#:use-module (gnu packages gcc)
#:use-module (gnu packages m4)
+ #:use-module (gnu packages indent)
#:use-module (gnu packages file)
#:use-module (gnu packages gawk)
#:use-module (gnu packages bison)
+ #:use-module (gnu packages flex)
#:use-module (gnu packages guile)
#:use-module (gnu packages gettext)
#:use-module (gnu packages multiprecision)
#:use-module (gnu packages compression)
#:use-module (gnu packages perl)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages hurd)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages pkg-config)
#:use-module (guix packages)
@@ -46,7 +49,8 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 vlist)
- #:use-module (ice-9 match))
+ #:use-module (ice-9 match)
+ #:use-module (ice-9 regex))
;;; Commentary:
;;;
@@ -71,17 +75,15 @@
#:tests? #f ; cannot run "make check"
,@(substitute-keyword-arguments (package-arguments gnu-make)
((#:phases phases)
- `(alist-replace
- 'build (lambda _
- (zero? (system* "./build.sh")))
- (alist-replace
- 'install (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (bin (string-append out "/bin")))
- (mkdir-p bin)
- (copy-file "make"
- (string-append bin "/make"))))
- ,phases))))))
+ `(modify-phases ,phases
+ (replace 'build
+ (lambda _
+ (zero? (system* "./build.sh"))))
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bin (string-append out "/bin")))
+ (install-file "make" bin)))))))))
(native-inputs '()) ; no need for 'pkg-config'
(inputs %bootstrap-inputs))))
@@ -282,13 +284,55 @@
(lambda _
(substitute* "Configure"
(("^libswanted=(.*)pthread" _ before)
- (string-append "libswanted=" before)))))))))))))
+ (string-append "libswanted=" before)))))))
+ ;; Do not configure with '-Dusethreads' since pthread
+ ;; support is missing.
+ ((#:configure-flags configure-flags)
+ `(delete "-Dusethreads" ,configure-flags))))))))
(package-with-bootstrap-guile
(package-with-explicit-inputs perl
%boot0-inputs
(current-source-location)
#:guile %bootstrap-guile))))
+(define bison-boot0
+ ;; This Bison is needed to build MiG so we need it early in the process.
+ ;; It is also needed to rebuild Bash's parser, which is modified by
+ ;; its CVE patches. Remove it when it's no longer needed.
+ (let* ((m4 (package-with-bootstrap-guile
+ (package-with-explicit-inputs m4 %boot0-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile)))
+ (bison (package (inherit bison)
+ (propagated-inputs `(("m4" ,m4)))
+ (inputs '()) ;remove Flex...
+ (arguments
+ '(#:tests? #f ;... and thus disable tests
+
+ ;; Zero timestamps in liby.a; this must be done
+ ;; explicitly here because the bootstrap Binutils don't
+ ;; do that (default is "cru".)
+ #:make-flags '("ARFLAGS=crD" "RANLIB=ranlib -D"
+ "V=1"))))))
+ (package
+ (inherit (package-with-bootstrap-guile
+ (package-with-explicit-inputs bison %boot0-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile)))
+ (native-inputs `(("perl" ,perl-boot0))))))
+
+(define flex-boot0
+ ;; This Flex is needed to build MiG.
+ (let* ((flex (package (inherit flex)
+ (native-inputs `(("bison" ,bison-boot0)))
+ (propagated-inputs `(("m4" ,m4)))
+ (inputs `(("indent" ,indent)))
+ (arguments '(#:tests? #f)))))
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs flex %boot0-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile))))
+
(define (linux-libre-headers-boot0)
"Return Linux-Libre header files for the bootstrap environment."
;; Note: this is wrapped in a thunk to nicely handle circular dependencies
@@ -302,6 +346,63 @@
`(("perl" ,perl-boot0)
,@%boot0-inputs)))))
+(define gnumach-headers-boot0
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs gnumach-headers
+ %boot0-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile)))
+
+(define mig-boot0
+ (let* ((mig (package (inherit mig)
+ (native-inputs `(("bison" ,bison-boot0)
+ ("flex" ,flex-boot0)))
+ (inputs `(("flex" ,flex-boot0)))
+ (arguments
+ `(#:configure-flags
+ `(,(string-append "LDFLAGS=-Wl,-rpath="
+ (assoc-ref %build-inputs "flex") "/lib/")))))))
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs mig %boot0-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile))))
+
+(define hurd-headers-boot0
+ (let ((hurd-headers (package (inherit hurd-headers)
+ (native-inputs `(("mig" ,mig-boot0)))
+ (inputs '()))))
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs hurd-headers %boot0-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile))))
+
+(define hurd-minimal-boot0
+ (let ((hurd-minimal (package (inherit hurd-minimal)
+ (native-inputs `(("mig" ,mig-boot0)))
+ (inputs '()))))
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs hurd-minimal %boot0-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile))))
+
+(define (hurd-core-headers-boot0)
+ "Return the Hurd and Mach headers as well as initial Hurd libraries for
+the bootstrap environment."
+ (package-with-bootstrap-guile
+ (package (inherit hurd-core-headers)
+ (arguments `(#:guile ,%bootstrap-guile
+ ,@(package-arguments hurd-core-headers)))
+ (inputs
+ `(("gnumach-headers" ,gnumach-headers-boot0)
+ ("hurd-headers" ,hurd-headers-boot0)
+ ("hurd-minimal" ,hurd-minimal-boot0)
+ ,@%boot0-inputs)))))
+
+(define* (kernel-headers-boot0 #:optional (system (%current-system)))
+ (match system
+ ("i586-gnu" (hurd-core-headers-boot0))
+ (_ (linux-libre-headers-boot0))))
+
(define texinfo-boot0
;; Texinfo used to build libc's manual.
;; We build without ncurses because it fails to build at this stage, and
@@ -320,9 +421,19 @@
(current-source-location)
#:guile %bootstrap-guile))))
+(define ld-wrapper-boot0
+ ;; We need this so binaries on Hurd will have libmachuser and libhurduser
+ ;; in their RUNPATH, otherwise validate-runpath will fail.
+ (make-ld-wrapper (string-append "ld-wrapper-" (boot-triplet))
+ #:target (boot-triplet)
+ #:binutils binutils-boot0
+ #:guile %bootstrap-guile
+ #:bash (car (assoc-ref %boot0-inputs "bash"))))
+
(define %boot1-inputs
;; 2nd stage inputs.
`(("gcc" ,gcc-boot0)
+ ("ld-wrapper-cross" ,ld-wrapper-boot0)
("binutils-cross" ,binutils-boot0)
,@(alist-delete "binutils" %boot0-inputs)))
@@ -356,6 +467,15 @@
(setenv "NATIVE_CPATH" (getenv "CPATH"))
(unsetenv "CPATH")
+ ;; Tell 'libpthread' where to find 'libihash' on Hurd systems.
+ ,@(if (string-match "i586-gnu" (%current-system))
+ `((substitute* "libpthread/Makefile"
+ (("LDLIBS-pthread.so =.*")
+ (string-append "LDLIBS-pthread.so = "
+ (assoc-ref %build-inputs "kernel-headers")
+ "/lib/libihash.a\n"))))
+ '())
+
;; 'rpcgen' needs native libc headers to be built.
(substitute* "sunrpc/Makefile"
(("sunrpc-CPPFLAGS =.*" all)
@@ -363,7 +483,7 @@
"export CPATH\n"
all "\n"))))
,phases)))))
- (propagated-inputs `(("kernel-headers" ,(linux-libre-headers-boot0))))
+ (propagated-inputs `(("kernel-headers" ,(kernel-headers-boot0))))
(native-inputs
`(("texinfo" ,texinfo-boot0)
("perl" ,perl-boot0)))
@@ -372,6 +492,11 @@
;; it in $CPATH, hence the 'pre-configure' phase above.
,@%boot1-inputs
+ ;; A native MiG is needed to build Glibc on Hurd.
+ ,@(if (string-match "i586-gnu" (%current-system))
+ `(("mig" ,mig-boot0))
+ '())
+
;; A native GCC is needed to build `cross-rpcgen'.
("native-gcc" ,@(assoc-ref %boot0-inputs "gcc"))
@@ -430,31 +555,6 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
("bash" ,bash)))
(inputs '())))
-(define bison-boot1
- ;; XXX: This Bison is needed to rebuild Bash's parser, which is modified by
- ;; its CVE patches. Remove it when it's no longer needed.
- (let* ((m4 (package-with-bootstrap-guile
- (package-with-explicit-inputs m4 %boot0-inputs
- (current-source-location)
- #:guile %bootstrap-guile)))
- (bison (package (inherit bison)
- (propagated-inputs `(("m4" ,m4)))
- (inputs '()) ;remove Flex...
- (arguments
- '(#:tests? #f ;... and thus disable tests
-
- ;; Zero timestamps in liby.a; this must be done
- ;; explicitly here because the bootstrap Binutils don't
- ;; do that (default is "cru".)
- #:make-flags '("ARFLAGS=crD" "RANLIB=ranlib -D"
- "V=1"))))))
- (package
- (inherit (package-with-bootstrap-guile
- (package-with-explicit-inputs bison %boot0-inputs
- (current-source-location)
- #:guile %bootstrap-guile)))
- (native-inputs `(("perl" ,perl-boot0))))))
-
(define static-bash-for-glibc
;; A statically-linked Bash to be used by GLIBC-FINAL in system(3) & co.
(let* ((gcc (cross-gcc-wrapper gcc-boot0 binutils-boot0
@@ -468,23 +568,21 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
("libc" ,glibc-final-with-bootstrap-bash)
,@(fold alist-delete %boot1-inputs
'("gcc" "libc")))))
- (package
- (inherit (package-with-bootstrap-guile
- (package-with-explicit-inputs bash inputs
- (current-source-location)
- #:guile %bootstrap-guile)))
- (native-inputs `(("bison" ,bison-boot1))))))
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs bash inputs
+ (current-source-location)
+ #:guile %bootstrap-guile))))
(define gettext-boot0
;; A minimal gettext used during bootstrap.
(let ((gettext-minimal
- (package (inherit gnu-gettext)
+ (package (inherit gettext-minimal)
(name "gettext-boot0")
(inputs '()) ;zero dependencies
(arguments
(substitute-keyword-arguments
`(#:tests? #f
- ,@(package-arguments gnu-gettext))
+ ,@(package-arguments gettext-minimal))
((#:phases phases)
`(modify-phases ,phases
;; Build only the tools.
@@ -527,7 +625,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
;; if 'allowed-references' were per-output.
(arguments
`(#:allowed-references
- ,(cons* `(,gcc-boot0 "lib") (linux-libre-headers-boot0)
+ ,(cons* `(,gcc-boot0 "lib") (kernel-headers-boot0)
static-bash-for-glibc
(package-outputs glibc-final-with-bootstrap-bash))
@@ -679,13 +777,11 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
(define bash-final
;; Link with `-static-libgcc' to make sure we don't retain a reference
;; to the bootstrap GCC.
- (package
- (inherit (package-with-bootstrap-guile
- (package-with-explicit-inputs (static-libgcc-package bash)
- %boot3-inputs
- (current-source-location)
- #:guile %bootstrap-guile)))
- (native-inputs `(("bison" ,bison-boot1)))))
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs (static-libgcc-package bash)
+ %boot3-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile)))
(define %boot4-inputs
;; Now use the final Bash.
diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm
index 3bd30fd78c..b4324c2aeb 100644
--- a/gnu/packages/cross-base.scm
+++ b/gnu/packages/cross-base.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -25,6 +26,7 @@
#:use-module (gnu packages base)
#:use-module (gnu packages commencement)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages hurd)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
@@ -33,6 +35,7 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
+ #:use-module (ice-9 regex)
#:export (cross-binutils
cross-libc
cross-gcc))
@@ -292,12 +295,12 @@ GCC that does not target a libc; otherwise, target that libc."
(files '("lib" "lib64")))))
(native-search-paths '())))
-(define* (cross-libc target
- #:optional
- (xgcc (cross-gcc target))
- (xbinutils (cross-binutils target)))
- "Return a libc cross-built for TARGET, a GNU triplet. Use XGCC and
-XBINUTILS and the cross tool chain."
+(define* (cross-kernel-headers target
+ #:optional
+ (xgcc (cross-gcc target))
+ (xbinutils (cross-binutils target)))
+ "Return headers depending on TARGET."
+
(define xlinux-headers
(package (inherit linux-libre-headers)
(name (string-append (package-name linux-libre-headers)
@@ -320,6 +323,147 @@ XBINUTILS and the cross tool chain."
("cross-binutils" ,xbinutils)
,@(package-native-inputs linux-libre-headers)))))
+ (define xgnumach-headers
+ (package (inherit gnumach-headers)
+ (name (string-append (package-name gnumach-headers)
+ "-cross-" target))
+
+ (native-inputs `(("cross-gcc" ,xgcc)
+ ("cross-binutils" ,xbinutils)
+ ,@(package-native-inputs gnumach-headers)))))
+
+ (define xmig
+ (package (inherit mig)
+ (name (string-append "mig-cross"))
+ (arguments
+ `(#:modules ((guix build gnu-build-system)
+ (guix build utils)
+ (srfi srfi-26))
+ #:phases (alist-cons-before
+ 'configure 'set-cross-headers-path
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((mach (assoc-ref inputs "cross-gnumach-headers"))
+ (cpath (string-append mach "/include")))
+ (for-each (cut setenv <> cpath)
+ '("CROSS_C_INCLUDE_PATH"
+ "CROSS_CPLUS_INCLUDE_PATH"
+ "CROSS_OBJC_INCLUDE_PATH"
+ "CROSS_OBJCPLUS_INCLUDE_PATH"))))
+ %standard-phases)
+ #:configure-flags (list ,(string-append "--target=" target))
+ ,@(package-arguments mig)))
+
+ (propagated-inputs `(("cross-gnumach-headers" ,xgnumach-headers)))
+ (native-inputs `(("cross-gcc" ,xgcc)
+ ("cross-binutils" ,xbinutils)
+ ,@(package-native-inputs mig)))))
+
+ (define xhurd-headers
+ (package (inherit hurd-headers)
+ (name (string-append (package-name hurd-headers)
+ "-cross-" target))
+
+ (propagated-inputs `(("cross-mig" ,xmig)))
+ (native-inputs `(("cross-gcc" ,xgcc)
+ ("cross-binutils" ,xbinutils)
+ ("cross-mig" ,xmig)
+ ,@(alist-delete "mig"(package-native-inputs hurd-headers))))))
+
+ (define xglibc/hurd-headers
+ (package (inherit glibc/hurd-headers)
+ (name (string-append (package-name glibc/hurd-headers)
+ "-cross-" target))
+
+ (arguments
+ (substitute-keyword-arguments
+ `(#:modules ((guix build gnu-build-system)
+ (guix build utils)
+ (srfi srfi-26))
+ ,@(package-arguments glibc/hurd-headers))
+ ((#:phases phases)
+ `(alist-cons-before
+ 'pre-configure 'set-cross-headers-path
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((mach (assoc-ref inputs "gnumach-headers"))
+ (hurd (assoc-ref inputs "hurd-headers"))
+ (cpath (string-append mach "/include:"
+ hurd "/include")))
+ (for-each (cut setenv <> cpath)
+ '("CROSS_C_INCLUDE_PATH"
+ "CROSS_CPLUS_INCLUDE_PATH"
+ "CROSS_OBJC_INCLUDE_PATH"
+ "CROSS_OBJCPLUS_INCLUDE_PATH"))))
+ ,phases))))
+
+ (propagated-inputs `(("gnumach-headers" ,xgnumach-headers)
+ ("hurd-headers" ,xhurd-headers)))
+
+ (native-inputs `(("cross-gcc" ,xgcc)
+ ("cross-binutils" ,xbinutils)
+ ("cross-mig" ,xmig)
+ ,@(alist-delete "mig"(package-native-inputs glibc/hurd-headers))))))
+
+ (define xhurd-minimal
+ (package (inherit hurd-minimal)
+ (name (string-append (package-name hurd-minimal)
+ "-cross-" target))
+ (arguments
+ (substitute-keyword-arguments
+ `(#:modules ((guix build gnu-build-system)
+ (guix build utils)
+ (srfi srfi-26))
+ ,@(package-arguments hurd-minimal))
+ ((#:phases phases)
+ `(alist-cons-before
+ 'configure 'set-cross-headers-path
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((glibc-headers (assoc-ref inputs "cross-glibc-hurd-headers"))
+ (cpath (string-append glibc-headers "/include")))
+ (for-each (cut setenv <> cpath)
+ '("CROSS_C_INCLUDE_PATH"
+ "CROSS_CPLUS_INCLUDE_PATH"
+ "CROSS_OBJC_INCLUDE_PATH"
+ "CROSS_OBJCPLUS_INCLUDE_PATH"))))
+ ,phases))))
+
+ (inputs `(("cross-glibc-hurd-headers" ,xglibc/hurd-headers)))
+
+ (native-inputs `(("cross-gcc" ,xgcc)
+ ("cross-binutils" ,xbinutils)
+ ("cross-mig" ,xmig)
+ ,@(alist-delete "mig"(package-native-inputs hurd-minimal))))))
+
+ (define xhurd-core-headers
+ (package (inherit hurd-core-headers)
+ (name (string-append (package-name hurd-core-headers)
+ "-cross-" target))
+
+ (inputs `(("gnumach-headers" ,xgnumach-headers)
+ ("hurd-headers" ,xhurd-headers)
+ ("hurd-minimal" ,xhurd-minimal)))
+
+ (native-inputs `(("cross-gcc" ,xgcc)
+ ("cross-binutils" ,xbinutils)
+ ("cross-mig" ,xmig)
+ ,@(package-native-inputs hurd-core-headers)))))
+
+ (match target
+ ((or "i586-pc-gnu" "i586-gnu") xhurd-core-headers)
+ (_ xlinux-headers)))
+
+(define* (cross-libc target
+ #:optional
+ (xgcc (cross-gcc target))
+ (xbinutils (cross-binutils target))
+ (xheaders (cross-kernel-headers target)))
+ "Return a libc cross-built for TARGET, a GNU triplet. Use XGCC and
+XBINUTILS and the cross tool chain."
+ (define (cross-libc-for-target target)
+ "Return libc depending on TARGET."
+ (match target
+ ((or "i586-pc-gnu" "i586-gnu") glibc/hurd)
+ (_ glibc/linux)))
+
(package (inherit glibc)
(name (string-append "glibc-cross-" target))
(arguments
@@ -337,7 +481,9 @@ XBINUTILS and the cross tool chain."
(guix build utils)
(srfi srfi-26))
- ,@(package-arguments glibc))
+ ;; Package-arguments does not use the correct libc, so we use
+ ;; (cross-libc-for-target ...) to determine the correct one.
+ ,@(package-arguments (cross-libc-for-target target)))
((#:configure-flags flags)
`(cons ,(string-append "--host=" target)
,flags))
@@ -352,12 +498,14 @@ XBINUTILS and the cross tool chain."
"CROSS_CPLUS_INCLUDE_PATH"
"CROSS_OBJC_INCLUDE_PATH"
"CROSS_OBJCPLUS_INCLUDE_PATH"))
+ (setenv "CROSS_LIBRARY_PATH"
+ (string-append kernel "/lib")) ;for Hurd's libihash
#t))
,phases))))
;; Shadow the native "kernel-headers" because glibc's recipe expects the
;; "kernel-headers" input to point to the right thing.
- (propagated-inputs `(("kernel-headers" ,xlinux-headers)))
+ (propagated-inputs `(("kernel-headers" ,xheaders)))
;; FIXME: 'static-bash' should really be an input, not a native input, but
;; to do that will require building an intermediate cross libc.
@@ -365,6 +513,11 @@ XBINUTILS and the cross tool chain."
(native-inputs `(("cross-gcc" ,xgcc)
("cross-binutils" ,xbinutils)
+ ,@(if (string-match (or "i586-pc-gnu" "i586-gnu") target)
+ `(("cross-mig"
+ ,@(assoc-ref (package-native-inputs xheaders)
+ "cross-mig")))
+ '())
,@(package-inputs glibc) ;FIXME: static-bash
,@(package-native-inputs glibc)))))
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 14084c91b1..88e9038dc3 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -189,7 +189,7 @@ communication.")
#:directories? #t)))))
(build-system cmake-build-system)
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
;; Test dependencies.
("expect" ,expect)
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index e51dcb5e8c..2050c9b7e7 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -40,10 +40,18 @@
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages tls))
+;; Delay to avoid module circularity problems.
+(define ghostscript/cups
+ (delay
+ (package (inherit ghostscript)
+ (name "ghostscript-with-cups")
+ (inputs `(("cups" ,cups-minimal)
+ ,@(package-inputs ghostscript))))))
+
(define-public cups-filters
(package
(name "cups-filters")
- (version "1.4.0")
+ (version "1.11.2")
(source (origin
(method url-fetch)
(uri
@@ -51,22 +59,28 @@
"cups-filters-" version ".tar.xz"))
(sha256
(base32
- "16jpqqlixlv2dxqv8gak5qg4qnsnw4p745xr6rhw9dgylf13z9ha"))
+ "0x864p794m10kn157n6iv1q9nix5f7x82a8xwjf8hlvri4458j2b"))
(modules '((guix build utils)))
(snippet
;; install backends, banners and filters to cups-filters output
;; directory, not the cups server directory
- '(substitute* "Makefile.in"
- (("CUPS_DATADIR = @CUPS_DATADIR@")
- "CUPS_DATADIR = $(PREFIX)/share/cups")
- (("pkgcupsserverrootdir = \\$\\(CUPS_SERVERROOT\\)")
- "pkgcupsserverrootdir = $(PREFIX)")
- ;; Choose standard directories notably so that binaries are
- ;; stripped.
- (("pkgbackenddir = \\$\\(CUPS_SERVERBIN\\)/backend")
- "pkgbackenddir = $(PREFIX)/lib/cups/backend")
- (("pkgfilterdir = \\$\\(CUPS_SERVERBIN\\)/filter")
- "pkgfilterdir = $(PREFIX)/lib/cups/filter")))))
+ '(begin
+ (substitute* "Makefile.in"
+ (("CUPS_DATADIR = @CUPS_DATADIR@")
+ "CUPS_DATADIR = $(PREFIX)/share/cups")
+ (("pkgcupsserverrootdir = \\$\\(CUPS_SERVERROOT\\)")
+ "pkgcupsserverrootdir = $(PREFIX)")
+ ;; Choose standard directories notably so that binaries are
+ ;; stripped.
+ (("pkgbackenddir = \\$\\(CUPS_SERVERBIN\\)/backend")
+ "pkgbackenddir = $(PREFIX)/lib/cups/backend")
+ (("pkgfilterdir = \\$\\(CUPS_SERVERBIN\\)/filter")
+ "pkgfilterdir = $(PREFIX)/lib/cups/filter"))
+ ;; Find bannertopdf data such as the print test page in our
+ ;; output directory, not CUPS's prefix.
+ (substitute* "configure"
+ (("\\{CUPS_DATADIR\\}/data")
+ "{prefix}/share/cups/data"))))))
(build-system gnu-build-system)
(arguments
`(#:make-flags (list (string-append "PREFIX=" %output))
@@ -74,16 +88,20 @@
`(,(string-append "--with-test-font-path="
(assoc-ref %build-inputs "font-dejavu")
"/share/fonts/truetype/DejaVuSans.ttf")
+ ,(string-append "--with-gs-path="
+ (assoc-ref %build-inputs "ghostscript")
+ "/bin/gsc")
,(string-append "--with-rcdir="
(assoc-ref %outputs "out") "/etc/rc.d"))))
(native-inputs
`(("glib" ,glib "bin") ; for gdbus-codegen
("pkg-config" ,pkg-config)))
(inputs
- `(("fontconfig" ,fontconfig)
+ `(("avahi" ,avahi)
+ ("fontconfig" ,fontconfig)
("freetype" ,freetype)
("font-dejavu" ,font-dejavu) ;needed by test suite
- ("ghostscript" ,ghostscript)
+ ("ghostscript" ,(force ghostscript/cups))
("ijs" ,ijs)
("dbus" ,dbus)
("lcms" ,lcms)
@@ -94,7 +112,7 @@
("qpdf" ,qpdf)
("poppler" ,poppler)
("cups-minimal" ,cups-minimal)))
- (home-page "http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters")
+ (home-page "https://wiki.linuxfoundation.org/openprinting/cups-filters")
(synopsis "OpenPrinting CUPS filters and backends")
(description
"Contains backends, filters, and other software that was once part of the
@@ -116,14 +134,18 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
(define-public cups-minimal
(package
(name "cups-minimal")
- (version "2.1.0")
+ (version "2.1.4")
(source (origin
(method url-fetch)
- (uri (string-append "http://www.cups.org/software/"
- version "/cups-" version "-source.tar.bz2"))
+ (uri (list (string-append "https://www.cups.org/software/"
+ version "/cups-"
+ version "-source.tar.gz")
+ (string-append "https://github.com/apple/cups/releases"
+ "/download/release-" version
+ "/cups-" version "-source.tar.gz")))
(sha256
(base32
- "1jfjqsw9l7jbn5kb9i96k0wj12kjdbgx0rd8157dif22hi0kh0ms"))))
+ "13bjxw256wd1nff22vj2z25mdhllj2h6d9xypsg55b40661zs52b"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
@@ -151,7 +173,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
(inputs
`(("zlib" ,zlib)
("gnutls" ,gnutls)))
- (home-page "http://www.cups.org")
+ (home-page "https://www.cups.org")
(synopsis "The Common Unix Printing System")
(description
"CUPS is a printing system that uses the Internet Printing
@@ -178,122 +200,116 @@ device-specific programs to convert and print many types of files.")
'("--disable-launchd"
"--disable-systemd")
#:phases
- (alist-cons-before
- 'configure
- 'patch-makedefs
- (lambda _
- (substitute* "Makedefs.in"
- (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@")
- (("/bin/sh") (which "sh"))))
- (alist-cons-before
- 'check
- 'patch-tests
- (lambda _
- (let ((filters (assoc-ref %build-inputs "cups-filters"))
- (catpath (string-append
- (assoc-ref %build-inputs "coreutils") "/bin/"))
- (testdir (string-append (getcwd) "/tmp/")))
- (mkdir testdir)
- (substitute* "test/run-stp-tests.sh"
- ((" *BASE=/tmp/") (string-append "BASE=" testdir))
+ (modify-phases %standard-phases
+ (add-before 'configure 'patch-makedefs
+ (lambda _
+ (substitute* "Makedefs.in"
+ (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@")
+ (("/bin/sh") (which "sh")))))
+ (add-before 'check 'patch-tests
+ (lambda _
+ (let ((filters (assoc-ref %build-inputs "cups-filters"))
+ (catpath (string-append
+ (assoc-ref %build-inputs "coreutils") "/bin/"))
+ (testdir (string-append (getcwd) "/tmp/")))
+ (mkdir testdir)
+ (substitute* "test/run-stp-tests.sh"
+ ((" *BASE=/tmp/") (string-append "BASE=" testdir))
- ;; allow installation of filters from output dir and from
- ;; cups-filters
- (("for dir in /usr/libexec/cups/filter /usr/lib/cups/filter")
- (string-append
- "for dir in "
- (assoc-ref %outputs "out") "/lib/cups/filter "
- filters "/lib/cups/filter"))
+ ;; allow installation of filters from output dir and from
+ ;; cups-filters
+ (("for dir in /usr/libexec/cups/filter /usr/lib/cups/filter")
+ (string-append
+ "for dir in "
+ (assoc-ref %outputs "out") "/lib/cups/filter "
+ filters "/lib/cups/filter"))
- ;; check for charsets in cups-filters output
- (("/usr/share/cups/charsets")
- (string-append filters "/share/cups/charsets"))
+ ;; check for charsets in cups-filters output
+ (("/usr/share/cups/charsets")
+ (string-append filters "/share/cups/charsets"))
- ;; install additional required filters
- (("instfilter texttopdf texttopdf pdf")
- (string-append
- "instfilter texttopdf texttopdf pdf;"
- "instfilter imagetoraster imagetoraster raster;"
- "instfilter gstoraster gstoraster raster;"
- "instfilter urftopdf urftopdf pdf;"
- "instfilter rastertopdf rastertopdf pdf;"
- "instfilter pstopdf pstopdf pdf"))
+ ;; install additional required filters
+ (("instfilter texttopdf texttopdf pdf")
+ (string-append
+ "instfilter texttopdf texttopdf pdf;"
+ "instfilter imagetoraster imagetoraster raster;"
+ "instfilter gstoraster gstoraster raster;"
+ "instfilter urftopdf urftopdf pdf;"
+ "instfilter rastertopdf rastertopdf pdf;"
+ "instfilter pstopdf pstopdf pdf"))
- ;; specify location of lpstat binary
- (("description=\"`lpstat -l")
- "description=\"`../systemv/lpstat -l")
+ ;; specify location of lpstat binary
+ (("description=\"`lpstat -l")
+ "description=\"`../systemv/lpstat -l")
- ;; patch shebangs of embedded scripts
- (("#!/bin/sh") (string-append "#!" (which "sh")))
+ ;; patch shebangs of embedded scripts
+ (("#!/bin/sh") (string-append "#!" (which "sh")))
- ;; also link mime definitions from cups-filters
- ;; to enable the additional filters for the test suite
- (("ln -s \\$root/conf/mime\\.types")
- (string-append
- "ln -s " filters
- "/share/cups/mime/cupsfilters.types $BASE/share/mime; "
- "ln -s $root/conf/mime.types"))
- (("ln -s \\$root/conf/mime\\.convs")
- (string-append
- "ln -s " filters
- "/share/cups/mime/cupsfilters.convs $BASE/share/mime; "
- "ln -s $root/conf/mime.convs")))
+ ;; also link mime definitions from cups-filters
+ ;; to enable the additional filters for the test suite
+ (("ln -s \\$root/conf/mime\\.types")
+ (string-append
+ "ln -s " filters
+ "/share/cups/mime/cupsfilters.types $BASE/share/mime; "
+ "ln -s $root/conf/mime.types"))
+ (("ln -s \\$root/conf/mime\\.convs")
+ (string-append
+ "ln -s " filters
+ "/share/cups/mime/cupsfilters.convs $BASE/share/mime; "
+ "ln -s $root/conf/mime.convs")))
- ;; fix search path for "cat"
- (substitute* "cups/testfile.c"
- (("cupsFileFind\\(\"cat\", \"/bin\"")
- (string-append "cupsFileFind(\"cat\", \"" catpath "\""))
- (("cupsFileFind\\(\"cat\", \"/bin:/usr/bin\"")
- (string-append "cupsFileFind(\"cat\", \"" catpath "\"")))))
- (alist-cons-after
- 'install
- 'install-cups-filters-symlinks
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out"))
- (cups-filters (assoc-ref inputs "cups-filters")))
- ;; charsets
- (symlink
- (string-append cups-filters "/share/cups/charsets")
- (string-append out "/share/charsets"))
+ ;; fix search path for "cat"
+ (substitute* "cups/testfile.c"
+ (("cupsFileFind\\(\"cat\", \"/bin\"")
+ (string-append "cupsFileFind(\"cat\", \"" catpath "\""))
+ (("cupsFileFind\\(\"cat\", \"/bin:/usr/bin\"")
+ (string-append "cupsFileFind(\"cat\", \"" catpath "\""))))))
+ (add-after 'install 'install-cups-filters-symlinks
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out"))
+ (cups-filters (assoc-ref inputs "cups-filters")))
+ ;; charsets
+ (symlink
+ (string-append cups-filters "/share/cups/charsets")
+ (string-append out "/share/charsets"))
- ;; mime types, driver file, ppds
- (for-each
- (lambda (f)
- (symlink (string-append cups-filters f)
- (string-append out f)))
- '("/share/cups/mime/cupsfilters.types"
- "/share/cups/mime/cupsfilters.convs"
- "/share/cups/drv/cupsfilters.drv"
- "/share/ppd"))
+ ;; mime types, driver file, ppds
+ (for-each
+ (lambda (f)
+ (symlink (string-append cups-filters f)
+ (string-append out f)))
+ '("/share/cups/mime/cupsfilters.types"
+ "/share/cups/mime/cupsfilters.convs"
+ "/share/cups/drv/cupsfilters.drv"
+ "/share/ppd"))
- ;; filters
- (for-each
- (lambda (f)
- (symlink f
- (string-append out "/lib/cups/filter" (basename f))))
- (find-files (string-append cups-filters "/lib/cups/filter")))
+ ;; filters
+ (for-each
+ (lambda (f)
+ (symlink f
+ (string-append out "/lib/cups/filter" (basename f))))
+ (find-files (string-append cups-filters "/lib/cups/filter")))
- ;; backends
- (for-each
- (lambda (f)
- (symlink (string-append cups-filters f)
- (string-append out "/lib/cups/backend/"
- (basename f))))
- '("/lib/cups/backend/parallel"
- "/lib/cups/backend/serial"))
+ ;; backends
+ (for-each
+ (lambda (f)
+ (symlink (string-append cups-filters f)
+ (string-append out "/lib/cups/backend/"
+ (basename f))))
+ '("/lib/cups/backend/parallel"
+ "/lib/cups/backend/serial"))
- ;; banners
- (let ((banners "/share/cups/banners"))
- (delete-file-recursively (string-append out banners))
- (symlink (string-append cups-filters banners)
- (string-append out banners)))
+ ;; banners
+ (let ((banners "/share/cups/banners"))
+ (delete-file-recursively (string-append out banners))
+ (symlink (string-append cups-filters banners)
+ (string-append out banners)))
- ;; assorted data
- (let ((data "/share/cups/data"))
- (delete-file-recursively (string-append out data))
- (symlink (string-append cups-filters data)
- (string-append out data)))))
- %standard-phases)))))
+ ;; assorted data
+ (let ((data "/share/cups/data"))
+ (delete-file-recursively (string-append out data))
+ (symlink (string-append cups-filters data)
+ (string-append out data)))))))))
(inputs
`(("avahi" ,avahi)
("gnutls" ,gnutls)
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 5cd80868f7..b267497c7c 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -40,15 +40,14 @@
(define-public curl
(package
(name "curl")
- (replacement curl-7.50.3)
- (version "7.47.0")
+ (version "7.50.3")
(source (origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.lzma"))
(sha256
(base32
- "1n284wdqzwb4bkmv0fnh36zl6lhlzy3clw2b7pn28kpgdy09ly7p"))))
+ "1spmk0345hq0sgpwxs8d410268lmg3wf1x9v23hxff7wxki5fm4c"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.2 MiB of man3 pages
@@ -84,10 +83,6 @@
(lambda _
(substitute* "tests/runtests.pl"
(("/bin/sh") (which "sh")))
- ;; Test #1135 requires extern-scan.pl, which is not part of the
- ;; tarball due to a mistake. It has been fixed upstream. We can
- ;; simply disable the test as it is specific to VMS and OS/400.
- (delete-file "tests/data/test1135")
;; XXX FIXME: Test #1510 seems to work on some machines and not
;; others, possibly based on the kernel version. It works on GuixSD
@@ -124,16 +119,3 @@ tunneling, and so on.")
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "http://curl.haxx.se/")))
-
-(define curl-7.50.3
- (package
- (inherit curl)
- (source
- (let ((version "7.50.3"))
- (origin
- (method url-fetch)
- (uri (string-append "https://curl.haxx.se/download/curl-"
- version ".tar.lzma"))
- (sha256
- (base32
- "1spmk0345hq0sgpwxs8d410268lmg3wf1x9v23hxff7wxki5fm4c")))))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 902b3f32fa..5219766133 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -91,7 +91,7 @@
("python" ,python-2)
("autoconf" ,autoconf)
("automake" ,automake)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("libtool" ,libtool)
("pcre" ,pcre "bin") ;for 'pcre-config'
("pkg-config" ,pkg-config)))
@@ -405,7 +405,24 @@ pictures, sounds, or video.")
#:configure-flags
(list (string-append "--with-bash-headers="
(assoc-ref %build-inputs "bash:include")
- "/include/bash"))))
+ "/include/bash"))
+
+ #:phases (modify-phases %standard-phases
+ (add-before 'build 'set-bash4.4-header-location
+ (lambda _
+ (substitute* "bash/Makefile.in"
+ ;; Adjust the header search path for Bash
+ ;; 4.4 in accordance with 'bash.pc'.
+ (("AM_CPPFLAGS = (.*)$" _ rest)
+ (string-append "AM_CPPFLAGS = "
+ "-I$(BASH_HEADERS)/include "
+ rest))
+
+ ;; Install to PREFIX/lib/bash to match Bash
+ ;; 4.4's search path.
+ (("^libdir = .*$")
+ "libdir = @libdir@/bash\n"))
+ #t)))))
(native-inputs `(("emacs" ,emacs-minimal)
("bc" ,bc)
@@ -490,7 +507,7 @@ for example from a shell script.")
(define-public sqlite
(package
(name "sqlite")
- (version "3.12.2")
+ (version "3.14.1")
(source (origin
(method url-fetch)
;; TODO: Download from sqlite.org once this bug :
@@ -521,15 +538,17 @@ for example from a shell script.")
))
(sha256
(base32
- "1fwss0i2lixv39b27gkqiibdd2syym90wh3qbiaxnfgxk867f07x"))))
+ "19j73j44akqgc6m82wm98yvnmm3mfzmfqr8mp3n7n080d53q4wdw"))))
(build-system gnu-build-system)
(inputs `(("readline" ,readline)))
(arguments
`(#:configure-flags
- ;; Add -DSQLITE_SECURE_DELETE and -DSQLITE_ENABLE_UNLOCK_NOTIFY to
- ;; CFLAGS. GNU Icecat will refuse to use the system SQLite unless these
- ;; options are enabled.
- '("CFLAGS=-O2 -DSQLITE_SECURE_DELETE -DSQLITE_ENABLE_UNLOCK_NOTIFY")))
+ ;; Add -DSQLITE_SECURE_DELETE, -DSQLITE_ENABLE_UNLOCK_NOTIFY and
+ ;; -DSQLITE_ENABLE_DBSTAT_VTAB to CFLAGS. GNU Icecat will refuse
+ ;; to use the system SQLite unless these options are enabled.
+ (list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE "
+ "-DSQLITE_ENABLE_UNLOCK_NOTIFY "
+ "-DSQLITE_ENABLE_DBSTAT_VTAB"))))
(home-page "http://www.sqlite.org/")
(synopsis "The SQLite database management system")
(description
diff --git a/gnu/packages/dav.scm b/gnu/packages/dav.scm
index be6c40f4ba..ba56d0d852 100644
--- a/gnu/packages/dav.scm
+++ b/gnu/packages/dav.scm
@@ -34,6 +34,14 @@
(base32
"1c5lv8qca21mndkx350wxv34qypqh6gb4rhzms4anr642clq3jg2"))))
(build-system python-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (replace 'check
+ (lambda _
+ (zero? (system* "py.test")))))))
+ (native-inputs
+ `(("python-pytest" ,python-pytest)))
(propagated-inputs
;; TODO: Add python-pam
`(("python-requests" ,python-requests)))
diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm
index a3ace8ab16..e75eb081ed 100644
--- a/gnu/packages/disk.scm
+++ b/gnu/packages/disk.scm
@@ -72,7 +72,7 @@
("readline" ,readline)
("util-linux" ,util-linux)))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
;; For the tests.
("perl" ,perl)
("python" ,python-2)))
@@ -97,7 +97,7 @@ tables. It includes a library and command-line utility.")
"04nd7civ561x2lwcmxhsqbprml3178jfc58fy1v7hzqg5k4nbhy3"))))
(build-system gnu-build-system)
(inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("guile" ,guile-1.8)
("util-linux" ,util-linux)
("parted" ,parted)))
@@ -123,7 +123,7 @@ tables, and it understands a variety of different formats.")
"1izazbyv5n2d81qdym77i8mg9m870hiydmq4d0s51npx5vp8lk46"))))
(build-system gnu-build-system)
(inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("ncurses" ,ncurses)
("popt" ,popt)
("util-linux" ,util-linux))) ; libuuid
diff --git a/gnu/packages/documentation.scm b/gnu/packages/documentation.scm
index 080c0dba8e..bbc25e8797 100644
--- a/gnu/packages/documentation.scm
+++ b/gnu/packages/documentation.scm
@@ -126,7 +126,7 @@ and to some extent D.")
(build-system gnu-build-system)
(native-inputs
`(("flex" ,flex)
- ("gettext" ,gnu-gettext)))
+ ("gettext" ,gettext-minimal)))
(home-page "http://docpp.sourceforge.net/")
(synopsis "Documentation system for C, C++, IDL, and Java")
(description
diff --git a/gnu/packages/education.scm b/gnu/packages/education.scm
index 14c1bac322..3a883079fe 100644
--- a/gnu/packages/education.scm
+++ b/gnu/packages/education.scm
@@ -59,7 +59,7 @@
("zlib" ,zlib)
("qtserialport" ,qtserialport)
("qtscript" ,qtscript)
- ("gettext" ,gnu-gettext)))
+ ("gettext" ,gettext-minimal)))
(native-inputs
`(("qtbase" ,qtbase) ;Qt MOC is needed at compile time
("qttools" ,qttools)
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index dad38e0310..c8391f0798 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -233,8 +233,7 @@ optimizer; and it can produce photorealistic and design review images.")
(build-system gnu-build-system)
(native-inputs
`(("texlive" ,texlive)
- ("ghostscript" ,ghostscript)
- ("ghostscript" ,ghostscript-gs)))
+ ("ghostscript" ,ghostscript)))
(arguments
`(#:make-flags '("CC=gcc" "RM=rm" "SHELL=sh" "all")
#:parallel-build? #f
@@ -444,7 +443,7 @@ ready for production.")
`(("autoconf" ,autoconf)
("automake" ,automake)
("libtool" ,libtool)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("po4a" ,po4a)
("pkg-config" ,pkg-config)))
(inputs
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index e8bd387ef3..f642943892 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -209,7 +209,7 @@ Libraries with some extra bells and whistles.")
(arguments
`(#:configure-flags '("--enable-mount-eeze")))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(inputs
`(("alsa-lib" ,alsa-lib)
diff --git a/gnu/packages/fcitx.scm b/gnu/packages/fcitx.scm
index c89896eafe..dd8eead7fb 100644
--- a/gnu/packages/fcitx.scm
+++ b/gnu/packages/fcitx.scm
@@ -70,7 +70,7 @@
(inputs
`(("dbus" ,dbus)
("enchant" ,enchant)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("gtk2" ,gtk+-2)
("gtk3" ,gtk+)
("icu4c" ,icu4c)
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index 90e9a70626..a6239877a0 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -27,14 +28,14 @@
(define-public file
(package
(name "file")
- (version "5.25")
+ (version "5.28")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.astron.com/pub/file/file-"
version ".tar.gz"))
(sha256
(base32
- "1jhfi5mivdnqvry5la5q919l503ahwdwbf3hjhiv97znccakhd9p"))))
+ "04p0w9ggqq6cqvwhyni0flji1z0rwrz896hmhkxd2mc6dca5xjqf"))))
(build-system gnu-build-system)
;; When cross-compiling, this package depends upon a native install of
diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm
index 20aff196e9..c2135a1bc0 100644
--- a/gnu/packages/flex.scm
+++ b/gnu/packages/flex.scm
@@ -36,6 +36,7 @@
(method url-fetch)
(uri (string-append "mirror://sourceforge/flex/flex-"
version ".tar.bz2"))
+ (patches (search-patches "flex-CVE-2016-6354.patch"))
(sha256
(base32
"1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4"))))
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index c8642b72ae..22857e84b5 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2016 Jookia <166291@gmail.com>
;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Dmitry Nikolaev <cameltheman@gmail.com>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -126,7 +127,7 @@ TrueType (TTF) files.")
(define-public font-dejavu
(package
(name "font-dejavu")
- (version "2.35")
+ (version "2.37")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/dejavu/dejavu/"
@@ -134,7 +135,7 @@ TrueType (TTF) files.")
version ".tar.bz2"))
(sha256
(base32
- "122d35y93r820zhi6d7m9xhakdib10z51v63lnlg67qhhrardmzn"))))
+ "1mqpds24wfs5cmfhj57fsfs07mji2z8812i5c4pi5pbi738s977s"))))
(build-system trivial-build-system)
(arguments
`(#:modules ((guix build utils))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index d6872d05fd..60cff2e330 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -223,15 +223,14 @@ fonts to/from the WOFF2 format.")
(define-public fontconfig
(package
(name "fontconfig")
- (replacement fontconfig/fixed)
- (version "2.11.94")
+ (version "2.12.1")
(source (origin
(method url-fetch)
(uri (string-append
"https://www.freedesktop.org/software/fontconfig/release/fontconfig-"
version ".tar.bz2"))
(sha256 (base32
- "1psrl4b4gi4wmbvwwh43lk491wsl8lgvqj146prlcha3vwjc0qyp"))))
+ "1wy7svvp7df6bjpg1m5vizb3ngd7rhb20vpclv3x3qa71khs6jdl"))))
(build-system gnu-build-system)
(propagated-inputs `(("expat" ,expat)
("freetype" ,freetype)))
@@ -276,13 +275,6 @@ high quality, anti-aliased and subpixel rendered text on a display.")
"See COPYING in the distribution."))
(home-page "http://www.freedesktop.org/wiki/Software/fontconfig")))
-(define fontconfig/fixed
- (package
- (inherit fontconfig)
- (source (origin
- (inherit (package-source fontconfig))
- (patches (search-patches "fontconfig-CVE-2016-5384.patch"))))))
-
(define-public t1lib
(package
(name "t1lib")
@@ -529,7 +521,7 @@ definitions.")
(inputs `(("cairo" ,cairo)
("fontconfig" ,fontconfig) ;dlopen'd
("freetype" ,freetype)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("glib" ,glib) ;needed for pango detection
("libICE" ,libice)
("libSM" ,libsm)
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 84154b309b..4bef23c1ae 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -191,7 +191,7 @@ the freedesktop.org XDG Base Directory specification.")
"/libexec/elogind/elogind\n"))))))))
(native-inputs
`(("intltool" ,intltool)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("docbook-xsl" ,docbook-xsl)
("docbook-xml" ,docbook-xml)
("xsltproc" ,libxslt)
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 17ca12bce6..e4c34d08a5 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -160,7 +160,7 @@ representation of the playing board.")
("libx11" ,libx11)
("guile" ,guile-2.0)
("gtkglext" ,gtkglext)))
- (native-inputs `(("gettext" ,gnu-gettext)
+ (native-inputs `(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(home-page "https://www.gnu.org/software/gnubik/")
(synopsis "3d Rubik's cube game")
@@ -358,7 +358,7 @@ interface or via an external visual interface such as GNU XBoard.")
"08c51imfjfcydm7h0va09z8qfw5nc837bi2x754ni2z737hb5kw2"))))
(build-system gnu-build-system)
(arguments `(#:configure-flags '("--disable-embedded-resources")))
- (native-inputs `(("gettext" ,gnu-gettext)
+ (native-inputs `(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(inputs `(("sdl" ,sdl)
("sdl-image" ,sdl-image)
@@ -729,7 +729,7 @@ match, cannon keep, and grave-itation pit.")
("freetype" ,(@ (gnu packages fontutils) freetype))
("curl" ,curl)
("luajit" ,luajit)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("sqlite" ,sqlite)))
(propagated-inputs
`(("minetest-data" ,minetest-data)))
@@ -1027,7 +1027,7 @@ falling, themeable graphics and sounds, and replays.")
;; cc1plus: all warnings being treated as errors
'("-DENABLE_STRICT_COMPILATION=OFF")))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(inputs
`(("boost" ,boost)
@@ -2550,7 +2550,7 @@ safety of the Chromium vessel.")
(inputs
`(("cairo" ,cairo)
("fribidi" ,fribidi)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("libpng" ,libpng)
("librsvg" ,librsvg)
("libpaper" ,libpaper)
@@ -2646,7 +2646,7 @@ with the \"Stamp\" tool within Tux Paint.")
"1z12s46mvy87qs3vgq9m0ki9pp21zqc52mmgphahpihw3s7haf6v"))))
(build-system gnu-build-system)
(native-inputs
- `(("gettext" ,gnu-gettext)))
+ `(("gettext" ,gettext-minimal)))
(inputs
`(("fltk" ,fltk)
("libpaper" ,libpaper)
diff --git a/gnu/packages/gawk.scm b/gnu/packages/gawk.scm
index c6d322b708..86f01335a8 100644
--- a/gnu/packages/gawk.scm
+++ b/gnu/packages/gawk.scm
@@ -29,37 +29,49 @@
(define-public gawk
(package
(name "gawk")
- (version "4.1.3")
+ (version "4.1.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gawk/gawk-" version
".tar.xz"))
(sha256
- (base32 "09d6pmx6h3i2glafm0jd1v1iyrs03vcyv2rkz12jisii3vlmbkz3"))
- (patches (search-patches "gawk-fts-test.patch"))))
+ (base32 "0rn2mmjxm767zliqzd67j7h2ncjn4j0321c60y9fy3grs3i89qak"))))
(build-system gnu-build-system)
(arguments
`(#:parallel-tests? #f ; test suite fails in parallel
- #:phases (alist-cons-before
- 'configure 'set-shell-file-name
- (lambda* (#:key inputs #:allow-other-keys)
- ;; Refer to the right shell.
- (let ((bash (assoc-ref inputs "bash")))
- (substitute* "io.c"
- (("/bin/sh")
- (string-append bash "/bin/bash")))
+ #:phases (modify-phases %standard-phases
+ (add-before 'configure 'set-shell-file-name
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; Refer to the right shell.
+ (let ((bash (assoc-ref inputs "bash")))
+ (substitute* "io.c"
+ (("/bin/sh")
+ (string-append bash "/bin/bash")))
- ;; When cross-compiling, remove dependencies on the
- ;; `check-for-shared-lib-support' target, which tries to
- ;; run the cross-built `gawk'.
- ,@(if (%current-target-system)
- '((substitute* "extension/Makefile.in"
- (("^.*: check-for-shared-lib-support" match)
- (string-append "### " match))))
- '())))
+ ;; When cross-compiling, remove dependencies on the
+ ;; `check-for-shared-lib-support' target, which tries
+ ;; to run the cross-built `gawk'.
+ ,@(if (%current-target-system)
+ '((substitute* "extension/Makefile.in"
+ (("^.*: check-for-shared-lib-support" match)
+ (string-append "### " match))))
+ '()))))
+
+ (add-before 'check 'adjust-test-infrastructure
+ (lambda _
+ ;; Remove dependency on 'more' (from util-linux), which
+ ;; would needlessly complicate bootstrapping.
+ (substitute* "test/Makefile"
+ (("\\| more") ""))
+
+ ;; Adjust the shebang in that file since it is then diff'd
+ ;; against the actual test output.
+ (substitute* "test/watchpoint1.ok"
+ (("#! /usr/bin/gawk")
+ (string-append "#!" (which "gawk"))))
+ #t)))))
- %standard-phases)))
(inputs `(("libsigsegv" ,libsigsegv)
,@(if (%current-target-system)
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index c961c84fca..bed277b1e0 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -3,7 +3,7 @@
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -40,6 +40,7 @@
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
#:use-module (guix utils)
+ #:use-module (srfi srfi-1)
#:use-module (ice-9 regex))
(define %gcc-infrastructure
@@ -328,32 +329,38 @@ Go. It also includes runtime support libraries for these languages.")
(sha256
(base32
"08yggr18v373a1ihj0rg2vd6psnic42b518xcgp3r9k81xz1xyr2"))
- (patches (search-patches "gcc-arm-link-spec-fix.patch"))))))
+ (patches (search-patches "gcc-arm-link-spec-fix.patch"))))
+
+ ;; Texinfo 6.3 fails to build the manual:
+ ;; ../../gcc-4.8.5/gcc/doc/gcc.texi:208: no matching `@end tex'
+ ;; Use an older one.
+ (native-inputs `(("texinfo" ,texinfo-5)))))
(define-public gcc-4.9
- (package (inherit gcc-4.8)
- (version "4.9.3")
+ (package (inherit gcc-4.7)
+ (version "4.9.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gcc/gcc-"
version "/gcc-" version ".tar.bz2"))
(sha256
(base32
- "0zmnm00d2a1hsd41g34bhvxzvxisa2l584q3p447bd91lfjv4ci3"))
- (patches (search-patches "gcc-libvtv-runpath.patch"))))))
+ "14l06m7nvcvb0igkbip58x59w3nq6315k6jcz3wr9ch1rn9d44bc"))
+ (patches (search-patches "gcc-arm-bug-71399.patch"
+ "gcc-libvtv-runpath.patch"))))))
(define-public gcc-5
;; Note: GCC >= 5 ships with .info files but 'make install' fails to install
;; them in a VPATH build.
(package (inherit gcc-4.9)
- (version "5.3.0")
+ (version "5.4.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gcc/gcc-"
version "/gcc-" version ".tar.bz2"))
(sha256
(base32
- "1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq"))
+ "0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0"))
(patches (search-patches "gcc-5.0-libvtv-runpath.patch"))))))
(define-public gcc-6
@@ -724,7 +731,8 @@ as the 'native-search-paths' field."
name "-" version ".tar.gz")))
(sha256
(base32
- "13d9cqa5rzhbjq0xf0b2dyxag7pqa72xj9dhsa03m8ccr1a4npq9"))))
+ "13d9cqa5rzhbjq0xf0b2dyxag7pqa72xj9dhsa03m8ccr1a4npq9"))
+ (patches (search-patches "isl-0.11.1-aarch64-support.patch"))))
(build-system gnu-build-system)
(inputs `(("gmp" ,gmp)))
(home-page "http://isl.gforge.inria.fr/")
diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm
index bf38543178..26ab6777fe 100644
--- a/gnu/packages/gettext.scm
+++ b/gnu/packages/gettext.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -27,28 +28,23 @@
#:use-module (guix build-system gnu)
#:use-module (guix build-system perl)
#:use-module (gnu packages docbook)
+ #:use-module (gnu packages emacs)
#:use-module (gnu packages perl)
#:use-module (gnu packages tex)
- #:use-module (gnu packages xml))
+ #:use-module (gnu packages xml)
+ #:use-module (guix utils))
-;; Use that name to avoid clashes with Guile's 'gettext' procedure.
-;;
-;; We used to resort to #:renamer on the user side, but that prevented
-;; circular dependencies involving (gnu packages gettext). This is because
-;; 'resolve-interface' (as of Guile 2.0.9) iterates eagerly over the used
-;; module when there's a #:renamer, and that module may be empty at that point
-;; in case or circular dependencies.
-(define-public gnu-gettext
+(define-public gettext-minimal
(package
- (name "gettext")
- (version "0.19.8")
+ (name "gettext-minimal")
+ (version "0.19.8.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gettext/gettext-"
version ".tar.gz"))
(sha256
(base32
- "13ylc6n3hsk919c7xl0yyibc3pfddzb53avdykn4hmk8g6yzd91x"))))
+ "0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;8 MiB of HTML
@@ -90,15 +86,41 @@
;; When tests fail, we want to know the details.
#:make-flags '("VERBOSE=yes")))
(home-page "http://www.gnu.org/software/gettext/")
- (synopsis "Tools and documentation for translation")
+ (synopsis
+ "Tools and documentation for translation (used to build other packages)")
(description
"GNU Gettext is a package providing a framework for translating the
textual output of programs into multiple languages. It provides translators
-with the means to create message catalogs, as well as an Emacs mode to work
-with them, and a runtime library to load translated messages from the
-catalogs. Nearly all GNU packages use Gettext.")
+with the means to create message catalogs, and a runtime library to load
+translated messages from the catalogs. Nearly all GNU packages use Gettext.")
(license gpl3+))) ;some files are under GPLv2+
+;; Use that name to avoid clashes with Guile's 'gettext' procedure.
+;;
+;; We used to resort to #:renamer on the user side, but that prevented
+;; circular dependencies involving (gnu packages gettext). This is because
+;; 'resolve-interface' (as of Guile 2.0.9) iterates eagerly over the used
+;; module when there's a #:renamer, and that module may be empty at that point
+;; in case or circular dependencies.
+(define-public gnu-gettext
+ (package
+ (inherit gettext-minimal)
+ (name "gettext")
+ (arguments
+ (substitute-keyword-arguments (package-arguments gettext-minimal)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (add-after 'install 'add-emacs-autoloads
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Make 'po-mode' and other things available by default.
+ (with-directory-excursion
+ (string-append (assoc-ref outputs "out")
+ "/share/emacs/site-lisp")
+ (symlink "start-po.el" "gettext-autoloads.el")
+ #t)))))))
+ (native-inputs `(("emacs" ,emacs-minimal))) ; for Emacs tools
+ (synopsis "Tools and documentation for translation")))
+
(define-public po4a
(package
(name "po4a")
@@ -140,7 +162,7 @@ catalogs. Nearly all GNU packages use Gettext.")
(find-files bin "\\.*$"))
#t))))))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("perl-module-build" ,perl-module-build)
("docbook-xsl" ,docbook-xsl)
("docbook-xml" ,docbook-xml) ;for tests
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 09b10f7741..87e4d0e3f2 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -127,7 +127,6 @@ printing, and psresize, for adjusting page sizes.")
(package
(name "ghostscript")
(version "9.14.0")
- (replacement ghostscript/fixed)
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
@@ -135,7 +134,12 @@ printing, and psresize, for adjusting page sizes.")
(sha256
(base32
"0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1"))
- (patches (search-patches "ghostscript-CVE-2015-3228.patch"
+ (patches (search-patches "ghostscript-CVE-2013-5653.patch"
+ "ghostscript-CVE-2015-3228.patch"
+ "ghostscript-CVE-2016-7976.patch"
+ "ghostscript-CVE-2016-7978.patch"
+ "ghostscript-CVE-2016-7979.patch"
+ "ghostscript-CVE-2016-8602.patch"
"ghostscript-runpath.patch"))
(modules '((guix build utils)))
(snippet
@@ -183,7 +187,12 @@ printing, and psresize, for adjusting page sizes.")
(number->string (parallel-job-count))))))
(replace 'install
(lambda _
- (zero? (system* "make" "soinstall")))))))
+ (zero? (system* "make" "soinstall"))))
+ (add-after 'install 'create-gs-symlink
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ ;; some programs depend on having a 'gs' binary available
+ (symlink "gsc" (string-append out "/bin/gs"))))))))
(synopsis "PostScript and PDF interpreter")
(description
"Ghostscript is an interpreter for the PostScript language and the PDF
@@ -193,61 +202,13 @@ output file formats and printers.")
(license license:agpl3+)
(home-page "http://www.gnu.org/software/ghostscript/")))
-(define ghostscript/fixed
- (package
- (inherit ghostscript)
- (replacement #f) ; Prevent ghostscript/x from inheriting the replacement
- (source (origin
- (inherit (package-source ghostscript))
- (patches (search-patches "ghostscript-CVE-2013-5653.patch"
- "ghostscript-CVE-2015-3228.patch"
- "ghostscript-CVE-2016-7976.patch"
- "ghostscript-CVE-2016-7978.patch"
- "ghostscript-CVE-2016-7979.patch"
- "ghostscript-CVE-2016-8602.patch"
- "ghostscript-runpath.patch"))))))
-
(define-public ghostscript/x
- (package (inherit ghostscript/fixed)
+ (package (inherit ghostscript)
(name (string-append (package-name ghostscript) "-with-x"))
(inputs `(("libxext" ,libxext)
("libxt" ,libxt)
,@(package-inputs ghostscript)))))
-(define (ghostscript-wrapper name ghostscript)
- ;; Return a GHOSTSCRIPT wrapper that provides the 'gs' command.
- ;; See <https://lists.gnu.org/archive/html/guix-devel/2016-07/msg00987.html>.
- (package
- (name name)
- (version (package-version ghostscript))
- (source #f)
- (build-system trivial-build-system)
- (inputs `(("ghostscript" ,ghostscript)))
- (arguments
- `(#:modules ((guix build utils))
- #:builder (begin
- (use-modules (guix build utils))
-
- (let* ((out (assoc-ref %outputs "out"))
- (bin (string-append out "/bin"))
- (gs (assoc-ref %build-inputs "ghostscript")))
- (mkdir-p bin)
- (with-directory-excursion bin
- (symlink (string-append gs "/bin/gsc") "gs")
- #t)))))
- (synopsis "Wrapper providing Ghostscript's 'gs' command")
- (description
- "This package provides the @command{gs} command, which used to be
-provided by Ghostscript itself and no longer is.")
- (license (package-license ghostscript))
- (home-page (package-home-page ghostscript))))
-
-(define-public ghostscript-gs
- (ghostscript-wrapper "ghostscript-gs" ghostscript))
-
-(define-public ghostscript-gs/x
- (ghostscript-wrapper "ghostscript-gs-with-x" ghostscript/x))
-
(define-public ijs
(package
(name "ijs")
diff --git a/gnu/packages/gkrellm.scm b/gnu/packages/gkrellm.scm
index ed83186ae8..68853eb8fc 100644
--- a/gnu/packages/gkrellm.scm
+++ b/gnu/packages/gkrellm.scm
@@ -41,7 +41,7 @@
"12rc6zaa7kb60b9744lbrlfkxxfniprm6x0mispv63h4kh75navh"))))
(build-system gnu-build-system)
(inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("gtk+" ,gtk+-2)
("libice" ,libice)
("libsm" ,libsm)))
diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm
index a4ec3a3536..ee56998da7 100644
--- a/gnu/packages/gl.scm
+++ b/gnu/packages/gl.scm
@@ -195,7 +195,7 @@ also known as DXTn or DXTC) for Mesa.")
(define-public mesa
(package
(name "mesa")
- (version "11.0.9")
+ (version "12.0.1")
(source
(origin
(method url-fetch)
@@ -203,44 +203,50 @@ also known as DXTn or DXTC) for Mesa.")
version "/mesa-" version ".tar.xz"))
(sha256
(base32
- "009b3nq8ly5nzy9cxi9cxf4qasrhggjz0v0q87rwq5kaqvqjy9m1"))))
+ "12b3i59xdn2in2hchrkgh4fwij8zhznibx976l3pdj3qkyvlzcms"))))
(build-system gnu-build-system)
(propagated-inputs
`(("glproto" ,glproto)
;; The following are in the Requires.private field of gl.pc.
("libdrm" ,libdrm)
+ ("libvdpau" ,libvdpau)
("libx11" ,libx11)
("libxdamage" ,libxdamage)
("libxfixes" ,libxfixes)
("libxshmfence" ,libxshmfence)
("libxxf86vm" ,libxxf86vm)))
- ;; TODO: Add vdpau.
(inputs
- `(("udev" ,eudev)
+ `(("expat" ,expat)
("dri2proto" ,dri2proto)
("dri3proto" ,dri3proto)
- ("presentproto" ,presentproto)
- ("expat" ,expat)
("libva" ,(force libva-without-mesa))
("libxml2" ,libxml2)
;; TODO: Add 'libxml2-python' for OpenGL ES 1.1 and 2.0 support
("libxvmc" ,libxvmc)
("makedepend" ,makedepend)
- ("s2tc" ,s2tc)))
+ ("presentproto" ,presentproto)
+ ("s2tc" ,s2tc)
+ ("udev" ,eudev)
+ ("wayland" ,wayland)))
(native-inputs
- `(("pkg-config" ,pkg-config)))
+ `(("pkg-config" ,pkg-config)
+ ("python" ,python-2)))
(arguments
`(#:configure-flags
'(;; drop r300 from default gallium drivers, as it requires llvm
- "--with-gallium-drivers=r600,svga,swrast,nouveau"
+ "--with-gallium-drivers=r600,svga,swrast,nouveau,virgl"
;; Enable various optional features. TODO: opencl requires libclc,
;; omx requires libomxil-bellagio
- "--with-egl-platforms=x11,drm"
+ "--with-egl-platforms=x11,drm,wayland"
"--enable-glx-tls" ;Thread Local Storage, improves performance
;; "--enable-opencl"
;; "--enable-omx"
"--enable-osmesa"
"--enable-xa"
+ ;; features required by wayland
+ "--enable-gles2"
+ "--enable-gbm"
+ "--enable-shared-glapi"
;; on non-intel systems, drop i915 and i965
;; from the default dri drivers
@@ -249,41 +255,44 @@ also known as DXTn or DXTC) for Mesa.")
'())
(_
'("--with-dri-drivers=nouveau,r200,radeon,swrast"))))
- #:phases (alist-cons-after
- 'unpack 'patch-create_test_cases
- (lambda _
- (substitute* "src/glsl/tests/lower_jumps/create_test_cases.py"
- (("/usr/bin/env bash") (which "bash"))))
- (alist-cons-before
- 'build 'fix-dlopen-libnames
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (let ((s2tc (assoc-ref inputs "s2tc"))
- (udev (assoc-ref inputs "udev"))
- (out (assoc-ref outputs "out")))
- ;; Remain agnostic to .so.X.Y.Z versions while doing
- ;; the substitutions so we're future-safe.
- (substitute*
- '("src/gallium/auxiliary/util/u_format_s3tc.c"
- "src/mesa/main/texcompress_s3tc.c")
- (("\"libtxc_dxtn\\.so")
- (string-append "\"" s2tc "/lib/libtxc_dxtn.so")))
- (substitute* "src/loader/loader.c"
- (("udev_handle = dlopen\\(name")
- (string-append "udev_handle = dlopen(\""
- udev "/lib/libudev.so\"")))
- (substitute* "src/glx/dri_common.c"
- (("dlopen\\(\"libGL\\.so")
- (string-append "dlopen(\"" out "/lib/libGL.so")))
- (substitute* "src/egl/drivers/dri2/egl_dri2.c"
- (("\"libglapi\\.so")
- (string-append "\"" out "/lib/libglapi.so")))
- (substitute* "src/gbm/main/backend.c"
- ;; No need to patch the gbm_gallium_drm.so reference;
- ;; it's never installed since Mesa removed its
- ;; egl_gallium support.
- (("\"gbm_dri\\.so")
- (string-append "\"" out "/lib/dri/gbm_dri.so")))))
- %standard-phases))))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after
+ 'unpack 'patch-create_test_cases
+ (lambda _
+ (substitute* "src/compiler/glsl/tests/lower_jumps/create_test_cases.py"
+ (("/usr/bin/env bash") (which "bash")))
+ (substitute* "src/intel/genxml/gen_pack_header.py"
+ (("/usr/bin/env python2") (which "python")))))
+ (add-before
+ 'build 'fix-dlopen-libnames
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let ((s2tc (assoc-ref inputs "s2tc"))
+ (udev (assoc-ref inputs "udev"))
+ (out (assoc-ref outputs "out")))
+ ;; Remain agnostic to .so.X.Y.Z versions while doing
+ ;; the substitutions so we're future-safe.
+ (substitute*
+ '("src/gallium/auxiliary/util/u_format_s3tc.c"
+ "src/mesa/main/texcompress_s3tc.c")
+ (("\"libtxc_dxtn\\.so")
+ (string-append "\"" s2tc "/lib/libtxc_dxtn.so")))
+ (substitute* "src/loader/loader.c"
+ (("udev_handle = dlopen\\(name")
+ (string-append "udev_handle = dlopen(\""
+ udev "/lib/libudev.so\"")))
+ (substitute* "src/glx/dri_common.c"
+ (("dlopen\\(\"libGL\\.so")
+ (string-append "dlopen(\"" out "/lib/libGL.so")))
+ (substitute* "src/egl/drivers/dri2/egl_dri2.c"
+ (("\"libglapi\\.so")
+ (string-append "\"" out "/lib/libglapi.so")))
+ (substitute* "src/gbm/main/backend.c"
+ ;; No need to patch the gbm_gallium_drm.so reference;
+ ;; it's never installed since Mesa removed its
+ ;; egl_gallium support.
+ (("\"gbm_dri\\.so")
+ (string-append "\"" out "/lib/dri/gbm_dri.so")))))))))
(home-page "http://mesa3d.org/")
(synopsis "OpenGL implementation")
(description "Mesa is a free implementation of the OpenGL specification -
@@ -459,32 +468,32 @@ OpenGL graphics API.")
"1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037"))))
(arguments
`(#:phases
- (alist-cons-after
- 'unpack 'autoreconf
- (lambda _
- (zero? (system* "autoreconf" "-vif")))
- (alist-cons-before
- 'configure 'patch-paths
- (lambda* (#:key inputs #:allow-other-keys)
- (let ((python (assoc-ref inputs "python"))
- (mesa (assoc-ref inputs "mesa")))
- (substitute* "src/gen_dispatch.py"
- (("/usr/bin/env python") python))
- (substitute* (find-files "." "\\.[ch]$")
- (("libGL.so.1") (string-append mesa "/lib/libGL.so.1"))
- (("libEGL.so.1") (string-append mesa "/lib/libEGL.so.1")))
+ (modify-phases %standard-phases
+ (add-after
+ 'unpack 'autoreconf
+ (lambda _
+ (zero? (system* "autoreconf" "-vif"))))
+ (add-before
+ 'configure 'patch-paths
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((python (assoc-ref inputs "python"))
+ (mesa (assoc-ref inputs "mesa")))
+ (substitute* "src/gen_dispatch.py"
+ (("/usr/bin/env python") python))
+ (substitute* (find-files "." "\\.[ch]$")
+ (("libGL.so.1") (string-append mesa "/lib/libGL.so.1"))
+ (("libEGL.so.1") (string-append mesa "/lib/libEGL.so.1")))
- ;; XXX On armhf systems, we must add "GLIBC_2.4" to the list of
- ;; versions in test/dlwrap.c:dlwrap_real_dlsym. It would be
- ;; better to make this a normal patch, but for now we do it here
- ;; to prevent rebuilding on other platforms.
- ,@(if (string-prefix? "arm" (or (%current-target-system)
- (%current-system)))
- '((substitute* '"test/dlwrap.c"
- (("\"GLIBC_2\\.0\"") "\"GLIBC_2.0\", \"GLIBC_2.4\"")))
- '())
- #t))
- %standard-phases))))
+ ;; XXX On armhf systems, we must add "GLIBC_2.4" to the list of
+ ;; versions in test/dlwrap.c:dlwrap_real_dlsym. It would be
+ ;; better to make this a normal patch, but for now we do it here
+ ;; to prevent rebuilding on other platforms.
+ ,@(if (string-prefix? "arm" (or (%current-target-system)
+ (%current-system)))
+ '((substitute* '"test/dlwrap.c"
+ (("\"GLIBC_2\\.0\"") "\"GLIBC_2.0\", \"GLIBC_2.4\"")))
+ '())
+ #t))))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,autoconf)
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 802c809c26..9a1459ab09 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -65,7 +65,7 @@
(package
(name "dbus")
(replacement dbus-1.10.12)
- (version "1.10.8")
+ (version "1.10.10")
(source (origin
(method url-fetch)
(uri (string-append
@@ -73,7 +73,7 @@
version ".tar.gz"))
(sha256
(base32
- "0560y3hxpgh346w6avcrcz79c8ansmn771y5xpcvvlr6m8mx5wxs"))
+ "0hwsfczhx2djmc9116vj5v230i7gpjihwh3vbljs1ldlk831v3wx"))
(patches (search-patches "dbus-helper-search-path.patch"))))
(build-system gnu-build-system)
(arguments
@@ -139,6 +139,7 @@ shared NFS home directories.")
(source
(let ((version "1.10.12"))
(origin
+ (method url-fetch)
(inherit (package-source dbus))
(uri (string-append
"https://dbus.freedesktop.org/releases/dbus/dbus-"
@@ -150,7 +151,7 @@ shared NFS home directories.")
(define glib
(package
(name "glib")
- (version "2.48.0")
+ (version "2.48.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/"
@@ -158,7 +159,7 @@ shared NFS home directories.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0d3w2hblrw7vvpx60l1kbvb830ygn3v8zhwdz65cc5593j9ycjvl"))
+ "1x6kwrk1zyd3csv0ca3pmwc4bnkc33agn95cds15h6nbi4apappj"))
(patches (search-patches "glib-tests-timer.patch"))))
(build-system gnu-build-system)
(outputs '("out" ; everything
@@ -172,7 +173,7 @@ shared NFS home directories.")
("zlib" ,zlib)
("tzdata" ,tzdata))) ; for tests/gdatetime.c
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("dbus" ,dbus) ; for GDBus tests
("pkg-config" ,pkg-config)
("python" ,python-wrapper)
@@ -362,7 +363,7 @@ bindings to call into the C library.")
(propagated-inputs
`(;; Propagate gettext because users expect it to be there, and so does
;; the `intltool-update' script.
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("perl-xml-parser" ,perl-xml-parser)
("perl" ,perl)))
@@ -443,7 +444,7 @@ translated.")
(define dbus-glib
(package
(name "dbus-glib")
- (version "0.104")
+ (version "0.106")
(source (origin
(method url-fetch)
(uri
@@ -451,7 +452,7 @@ translated.")
version ".tar.gz"))
(sha256
(base32
- "1xi1v1msz75qs0s4lkyf1psrksdppa3hwkg0mznc6gpw5flg3hdz"))))
+ "0in0i6v68ixcy0ip28i84hdczf10ykq9x682qgcvls6gdmq552dk"))))
(build-system gnu-build-system)
(propagated-inputs ; according to dbus-glib-1.pc
`(("dbus" ,dbus)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 52d6cd4c82..a45f6589ac 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -243,7 +243,7 @@ commonly used macros.")
(define-public gnome-desktop
(package
(name "gnome-desktop")
- (version "3.20.1")
+ (version "3.20.2")
(source
(origin
(method url-fetch)
@@ -252,7 +252,7 @@ commonly used macros.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0h6185lmkaf49dr43pb6gsb9yi25rc32n7dq5186hwln38mppb3f"))))
+ "1cp2c6q1ybirfq6rqyfj5lr5vyqdizy730bfg5jqnflcmakjsb29"))))
(build-system gnu-build-system)
(native-inputs
`(("gobject-introspection" ,gobject-introspection)
@@ -465,7 +465,7 @@ forgotten when the session ends.")
(define-public evince
(package
(name "evince")
- (version "3.20.0")
+ (version "3.20.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -473,7 +473,7 @@ forgotten when the session ends.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1052lm4i5qq27sgk6ck5xc1cxh0qx4zzhifjhmzjlv38afj5i0yg"))))
+ "0m80s98k4i463dclpyk01fqb91cawbb6vvcz5vq2974k6qqc4ypw"))))
(build-system glib-or-gtk-build-system)
(arguments
`(#:configure-flags '("--disable-nautilus")
@@ -481,7 +481,15 @@ forgotten when the session ends.")
;; FIXME: Tests fail with:
;; ImportError: No module named gi.repository
;; Where should that module come from?
- #:tests? #f))
+ #:tests? #f
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'install 'skip-gtk-update-icon-cache
+ ;; Don't create 'icon-theme.cache'.
+ (lambda _
+ (substitute* "data/Makefile"
+ (("gtk-update-icon-cache") "true"))
+ #t)))))
(inputs
`(("libspectre" ,libspectre)
("djvulibre" ,djvulibre)
@@ -638,9 +646,14 @@ update-desktop-database: updates the database containing a cache of MIME types
(base32
"0fjh9qmmgj34zlgxb09231ld7khys562qxbpsjlaplq2j85p57im"))))
(build-system gnu-build-system)
+ (arguments
+ '(#:configure-flags
+ ;; Don't create 'icon-theme.cache'.
+ (let* ((coreutils (assoc-ref %build-inputs "coreutils"))
+ (true (string-append coreutils "/bin/true")))
+ (list (string-append "GTK_UPDATE_ICON_CACHE=" true)))))
(native-inputs
- `(("gtk+" ,gtk+) ; for gtk-update-icon-cache
- ("icon-naming-utils" ,icon-naming-utils)
+ `(("icon-naming-utils" ,icon-naming-utils)
("intltool" ,intltool)
("pkg-config" ,pkg-config)))
(home-page "http://art.gnome.org/")
@@ -662,7 +675,9 @@ update-desktop-database: updates the database containing a cache of MIME types
name "-" version ".tar.xz"))
(sha256
(base32
- "0ddfwwqx8s63qbqimmbb015lqsab4s0rvy1j81jdsh7k95rqh2ks"))))))
+ "0ddfwwqx8s63qbqimmbb015lqsab4s0rvy1j81jdsh7k95rqh2ks"))))
+ (native-inputs
+ `(("gtk-encode-symbolic-svg" ,gtk+ "bin")))))
(define-public shared-mime-info
(package
@@ -890,7 +905,7 @@ XML/CSS rendering engine.")
(define-public libgsf
(package
(name "libgsf")
- (version "1.14.36")
+ (version "1.14.40")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -898,7 +913,7 @@ XML/CSS rendering engine.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0h19ssxzz0cmznwga2xy55kjibm24mwxqarnpd0w7xy0hrzm1dvi"))))
+ "1q2i5p9s5zw0y0502risykrzkfma7p24n3mmh244scjy9f4kh1im"))))
(build-system gnu-build-system)
(native-inputs
`(("intltool" ,intltool)
@@ -923,7 +938,7 @@ dealing with different structured file formats.")
(define-public librsvg
(package
(name "librsvg")
- (version "2.40.15")
+ (version "2.40.16")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -931,7 +946,7 @@ dealing with different structured file formats.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1x05vd2llpmskq3prkp7kbpmshmpp9whj4kfl99ybipf4fhw9jnr"))))
+ "0bpz6gsq8xi1pb5k9ax6vinph460v14znch3y5yz167s0dmwz2yl"))))
(build-system gnu-build-system)
(arguments
`(#:phases
@@ -1478,14 +1493,14 @@ controls using the Bonobo component framework.")
(define-public libwnck
(package
(name "libwnck")
- (version "3.14.1")
+ (version "3.20.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
- (base32 "1ymya8gkjygvg0i901wr3q6ihfqxx5yf4g4pb6fag2iw8af3qr5v"))))
+ (base32 "0wms3hli6y0b9l3cszq6maqi6fyy6kss9gryvzgmhw27phb3gc0w"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
@@ -1524,14 +1539,14 @@ Hints specification (EWMH).")
(define-public goffice
(package
(name "goffice")
- (version "0.10.28")
+ (version "0.10.32")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
- (base32 "12rsgxrixkfpk420gv026i74pnlgqjzsvm6vffrmih54w46hd3q6"))))
+ (base32 "1hvs5558x98yzm43dc3f93v596x45lfmv1vkp4jjgfagynlpvcq2"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;4.1 MiB of gtk-doc
@@ -1589,7 +1604,7 @@ Hints specification (EWMH).")
(define-public gnumeric
(package
(name "gnumeric")
- (version "1.12.31")
+ (version "1.12.32")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -1597,7 +1612,7 @@ Hints specification (EWMH).")
name "-" version ".tar.xz"))
(sha256
(base32
- "1rvadlgikklwb6rccqc3rlhqv3m9qx27rchm7znxr062fn7fgb68"))))
+ "1s3dxvdwzmppsp2dfg90rccilf4hknhwjdy7lazr9sys58zchyx0"))))
(build-system gnu-build-system)
(arguments
`(;; The gnumeric developers don't worry much about failing tests.
@@ -1648,7 +1663,7 @@ engineering.")
(define-public gnome-themes-standard
(package
(name "gnome-themes-standard")
- (version "3.20")
+ (version "3.20.2")
(source
(origin
(method url-fetch)
@@ -1657,8 +1672,14 @@ engineering.")
version ".tar.xz"))
(sha256
(base32
- "1p1vvmzfky1ax3yv9ld10xgqwydhmglxpgq3skrfc4539nrq9phw"))))
+ "05br99z67f82i18nljpxnwssfnaqp7mph61w3hq0i44z5i5rq3cx"))))
(build-system gnu-build-system)
+ (arguments
+ '(#:configure-flags
+ ;; Don't create 'icon-theme.cache'.
+ (let* ((coreutils (assoc-ref %build-inputs "coreutils"))
+ (true (string-append coreutils "/bin/true")))
+ (list (string-append "GTK_UPDATE_ICON_CACHE=" true)))))
(inputs
`(("gtk+" ,gtk+)
("gtk+-2" ,gtk+-2)
@@ -1714,7 +1735,7 @@ passwords in the GNOME keyring.")
(define-public vala
(package
(name "vala")
- (version "0.32.0")
+ (version "0.32.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -1722,7 +1743,7 @@ passwords in the GNOME keyring.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0vpvq403vdd25irvgk7zibz3nw4x4i17m0dgnns8j1q4vr7am8h7"))))
+ "1ab1l44abf9fj1wznzq5956431ia136rl5049cggnk5393jlf3fx"))))
(build-system gnu-build-system)
(arguments
'(#:phases
@@ -1756,7 +1777,7 @@ libraries written in C.")
(define-public vte
(package
(name "vte")
- (version "0.44.1")
+ (version "0.44.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -1764,7 +1785,7 @@ libraries written in C.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0kjxzqcwqxky0l7bl8ydn9hl6fm1f0k2pl91wbbhyq4z6d4dabbi"))))
+ "0j899ccrkzh7208w29c835m1yms0cas5cxkck8x6l4xv2i45ksm1"))))
(build-system gnu-build-system)
(arguments
;; XXX: fails to compile tests with the default flags.
@@ -1930,7 +1951,7 @@ configuration storage systems.")
(define-public json-glib
(package
(name "json-glib")
- (version "1.2.0")
+ (version "1.2.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -1938,7 +1959,7 @@ configuration storage systems.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1lx7p1c7cl21byvfgw92n8dhm09vi6qxrs0zkx9dg3y096zdzmlr"))
+ "08d6449sgnwfh92x8rhwsm03g8frv0mvp3s4wl3cskw25asql4pa"))
(modules '((guix build utils)))
(snippet
;; Don't duplicate test names.
@@ -2037,7 +2058,7 @@ library.")
(define-public glib-networking
(package
(name "glib-networking")
- (version "2.48.1")
+ (version "2.48.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/glib-networking/"
@@ -2045,7 +2066,7 @@ library.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0jm4pr91kbq7rcyll08840zkagb9vfhhm2ymyrd1q0b0k2mj76fg"))
+ "111spcar6wbp6m0rdxzjscc7vfqx5nawscrfbxlvbf5jsr4hqp4j"))
(patches
(search-patches "glib-networking-ssl-cert-file.patch"))))
(build-system gnu-build-system)
@@ -2237,7 +2258,7 @@ and other secrets. It communicates with the \"Secret Service\" using DBus.")
(define-public gnome-mines
(package
(name "gnome-mines")
- (version "3.20.0")
+ (version "3.20.1")
(source
(origin
(method url-fetch)
@@ -2246,7 +2267,7 @@ and other secrets. It communicates with the \"Secret Service\" using DBus.")
name "-" version ".tar.xz"))
(sha256
(base32
- "19khp4ckqbdgk6828gprxy52fsg8klf957dnwsin75nskk8whxbp"))))
+ "0frb1r0f55giz7yqxl9920vvzqlirdivz54ygc9d85r8v63fh5aq"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:phases
@@ -2274,7 +2295,7 @@ floating in an ocean using only your brain and a little bit of luck.")
(define-public gnome-sudoku
(package
(name "gnome-sudoku")
- (version "3.20.0")
+ (version "3.20.5")
(source
(origin
(method url-fetch)
@@ -2283,7 +2304,7 @@ floating in an ocean using only your brain and a little bit of luck.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1n8hp3pl56p9s0c5kldk11zg1vg7ykhgn3ndp8nf375h1q49ldh8"))))
+ "166bbv5k50v7pjp3wbl2rmxcmv1adwr14hxg5rw2ws8kams8151k"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
@@ -2309,7 +2330,7 @@ more fun.")
(define-public gnome-terminal
(package
(name "gnome-terminal")
- (version "3.20.1")
+ (version "3.20.2")
(source
(origin
(method url-fetch)
@@ -2318,7 +2339,7 @@ more fun.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1508nm35znlfq9v1s2j4ypx5x608yq391c565b4hazxk2f5z9dwq"))))
+ "08ssch8h1y85wyhddkyr7ab4v8dnsn17z4ayyc5ff78gfdh30f7m"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:configure-flags
@@ -2560,7 +2581,7 @@ service via the system message bus.")
(define-public libgweather
(package
(name "libgweather")
- (version "3.20.0")
+ (version "3.20.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -2568,7 +2589,7 @@ service via the system message bus.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1mmqg7wf0bhk450akyj0x71x75kh1v7j68isyivr75ydky79nqjj"))))
+ "15ycgvdvika57rhnb46j6pj1907nj5y5nyy7sgj0yvpjbqsiskzp"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
@@ -2701,7 +2722,7 @@ playlists in a variety of formats.")
(define-public aisleriot
(package
(name "aisleriot")
- (version "3.20.1")
+ (version "3.20.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -2709,7 +2730,7 @@ playlists in a variety of formats.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1nipky336jj81mhm8wwxp96zilgcrarihf95dnyj3r1pw8kpg7gy"))))
+ "0vhpi7bzm4gbraky1d3ma26rbwnylcqdakav82j67bpqd7f6n0v2"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:configure-flags
@@ -3048,7 +3069,7 @@ GNOME Games, but it may be used by others.")
(define-public gnome-klotski
(package
(name "gnome-klotski")
- (version "3.20.1")
+ (version "3.20.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -3056,7 +3077,7 @@ GNOME Games, but it may be used by others.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1130v6sk9h74b3xgv0bq43anaw7xs9x8vdab3q7p9db6w0px02wj"))))
+ "14w40a1gjlg4l1vhcy0qcf3scmwm2v3vhxnxj269pfqlv8s7alaw"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("desktop-file-utils" ,desktop-file-utils)
@@ -3352,7 +3373,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.")
(define-public eog
(package
(name "eog")
- (version "3.20.1")
+ (version "3.20.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -3360,7 +3381,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0ll3vz1kyjagiqmrpypk1a4nwjhrjsapiz45bxblsjxjy641j0jg"))))
+ "1qsv3brhi8l8fr22nd3d0fwq5xhwspqw0bammhkkq3ga0z6791wn"))))
(build-system glib-or-gtk-build-system)
(arguments
`(#:phases
@@ -3547,7 +3568,7 @@ USB transfers with your high-level application or system daemon.")
("gusb" ,gusb)
("libsane" ,sane-backends)))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("itstool" ,itstool)
("colord" ,colord)
("glib" ,glib "bin") ; glib-compile-schemas, etc.
@@ -3856,7 +3877,7 @@ metadata in photo and video files of various formats.")
(native-inputs
`(("pkg-config" ,pkg-config)
("itstool" ,itstool)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("itstool" ,itstool)
("vala" ,vala)))
(inputs
@@ -3895,6 +3916,15 @@ share them with others via social networking and more.")
(base32
"1sa46vjx78d670m6bikpibgz39a5zb6ri8yjmj632lmxqvj2sp3b"))))
(build-system glib-or-gtk-build-system)
+ (arguments
+ '(#:phases
+ (modify-phases %standard-phases
+ (add-before 'install 'skip-gtk-update-icon-cache
+ (lambda _
+ ;; Don't create 'icon-theme.cache'
+ (substitute* (find-files "data" "^Makefile$")
+ (("gtk-update-icon-cache") (which "true")))
+ #t)))))
(native-inputs
`(("intltool" ,intltool)
("pkg-config" ,pkg-config)))
@@ -4050,7 +4080,7 @@ javascript engine and the GObject introspection framework.")
(define-public gedit
(package
(name "gedit")
- (version "3.20.1")
+ (version "3.20.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -4058,7 +4088,7 @@ javascript engine and the GObject introspection framework.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1i0x1jd9x1vpv8lwdlzwf0ml8jxh3b3l6nlg6pbnfjw47w3y6iws"))))
+ "1y330hanqfld3kssf77wfphah2qpfg17pa109spsbm50f5m2g89j"))))
(build-system glib-or-gtk-build-system)
(arguments
`(#:configure-flags '("--disable-spell") ; XXX: gspell not packaged yet
@@ -4121,7 +4151,7 @@ powerful general purpose text editor.")
"0j2sy6imwp41l75hy3fwr68n35drvanbwgmr42kc04zqjy9pbs02"))))
(build-system gnu-build-system)
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("itstool" ,itstool)
("pkg-config" ,pkg-config)))
(inputs
@@ -4137,7 +4167,7 @@ to display dialog boxes from the commandline and shell scripts.")
(define-public mutter
(package
(name "mutter")
- (version "3.20.1")
+ (version "3.20.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -4145,7 +4175,7 @@ to display dialog boxes from the commandline and shell scripts.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0752vkkmaaay8ziczqrf7z3735bq3brx2djw36arqsdhwawh6jba"))))
+ "05pr78vgq52bkkqpbfnp9mxw14ij2wk91l2yfa69dpjbvxqm4b0l"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
@@ -4187,7 +4217,7 @@ window manager.")
(define-public gnome-online-accounts
(package
(name "gnome-online-accounts")
- (version "3.20.1")
+ (version "3.20.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -4195,7 +4225,7 @@ window manager.")
name "-" version ".tar.xz"))
(sha256
(base32
- "14qcih1g136sn2aklzagv83jl82d3qc598rkdm8zac9gw70ynyn3"))))
+ "0ip0q539bik3wqwl867rjc63w2d5rjyvbqzwczkard70yd6c0kq9"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
@@ -4225,7 +4255,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
(define-public evolution-data-server
(package
(name "evolution-data-server")
- (version "3.20.1")
+ (version "3.20.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -4233,7 +4263,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0lsbhzacr2bs90z8sx44vf403r0h2yqsy4l2svrh5hjnassgdyqx"))))
+ "0zmybf63y0d5zn48q3xjgkh2p2c3ka9xvzd6labp96bd6b6qc58d"))))
(build-system gnu-build-system)
(arguments
'(;; XXX: fails with:
@@ -4289,7 +4319,7 @@ Evolution (hence the name), but is now used by other packages as well.")
(define-public caribou
(package
(name "caribou")
- (version "0.4.20")
+ (version "0.4.21")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -4297,7 +4327,7 @@ Evolution (hence the name), but is now used by other packages as well.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1nahpfs5ap9f9wsvn93kg8isqffk60v785f1q6k64awcd7an8ris"))))
+ "0mfychh1q3dx0b96pjz9a9y112bm9yqyim40yykzxx1hppsdjhww"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:phases
@@ -4472,7 +4502,7 @@ services.")
(define-public network-manager-applet
(package
(name "network-manager-applet")
- (version "1.2.0")
+ (version "1.2.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -4480,7 +4510,7 @@ services.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0dhvk3dvy6djn6blpkv46dn6yfh28wsh6mpl0v53qxfip97j8kwk"))))
+ "0ym31m55hj65mmbq2yihy49z5x5z1qpx7jalk64kwx1rr5b2kxyz"))))
(build-system glib-or-gtk-build-system)
(arguments '(#:configure-flags '("--disable-migration")))
(native-inputs
@@ -4608,7 +4638,7 @@ providing graphical log-ins and managing local and remote displays.")
(define-public libgtop
(package
(name "libgtop")
- (version "2.34.0")
+ (version "2.34.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -4616,7 +4646,7 @@ providing graphical log-ins and managing local and remote displays.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0apfnh9k6vmbdm8ms5wxyhagrrl8r88fv48k7q5qq70df2gf72ld"))))
+ "1qh9srg8pqmrsl12mwnclncs7agmjjvx3q6v5qwqvcb2cskpi6f8"))))
(build-system gnu-build-system)
(native-inputs
`(("gobject-introspection" ,gobject-introspection)
@@ -4635,7 +4665,7 @@ usage and information about running processes.")
(define-public gnome-bluetooth
(package
(name "gnome-bluetooth")
- (version "3.18.3")
+ (version "3.20.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -4643,7 +4673,7 @@ usage and information about running processes.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1qwc9q7x22sc71zhqv4db78rqzxl6fqfw6d978ydqap54c2bg0g4"))))
+ "0lzbwk2kn7kp39sv5bf4ja92mfkxkc27gxxk8k86i8a8ncbcmcwk"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("glib:bin" ,glib "bin") ; for gdbus-codegen, etc.
@@ -4738,7 +4768,7 @@ properties, screen resolution, and other GNOME parameters.")
(define-public gnome-shell
(package
(name "gnome-shell")
- (version "3.20.1")
+ (version "3.20.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -4746,7 +4776,7 @@ properties, screen resolution, and other GNOME parameters.")
name "-" version ".tar.xz"))
(sha256
(base32
- "08cgbr15cim3rgcngrv98rm48pkdxwj4nqx5za1lsnv376m4x5bs"))))
+ "0kd9y847pw9v3zl0g52ly7xdcjz0b9v37aqmi19iddfkxjjyn4qc"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:phases
@@ -4820,7 +4850,7 @@ like switching to windows and launching applications.")
(define-public gtk-vnc
(package
(name "gtk-vnc")
- (version "0.5.4")
+ (version "0.6.0")
(source
(origin
(method url-fetch)
@@ -4829,7 +4859,7 @@ like switching to windows and launching applications.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1rwwdh7lb16xdmy76ca6mpqfc3zfl3a4bkcr0qb6hs6ffrxak2j8"))))
+ "0cq42dghjp4bhsxlj9hd2nz5s5rhd53fx7snmq6i6kg60n438ncm"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--with-gtk=3.0")))
@@ -4858,7 +4888,7 @@ as SASL, TLS and VeNCrypt. Additionally it supports encoding extensions.")
(define-public nautilus
(package
(name "nautilus")
- (version "3.20.1")
+ (version "3.20.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -4866,7 +4896,7 @@ as SASL, TLS and VeNCrypt. Additionally it supports encoding extensions.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1s41bsihacs7cywm60vqgv46m22gmga4b0bwxnki4r02jjwhgagj"))))
+ "1bnalv0ljdjzqzvh3rfyg7r4z8vdbq1gdard5q68riqdi2dnfvld"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:configure-flags
@@ -4994,7 +5024,7 @@ beautifying border effects.")
(define-public dconf-editor
(package
(name "dconf-editor")
- (version "3.20.1")
+ (version "3.20.3")
(source
(origin
(method url-fetch)
@@ -5003,8 +5033,17 @@ beautifying border effects.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0pfpmvpv57a01nsd1fah3np33avihm5ic43fi6b60dyw6c5z953p"))))
+ "0yf553bd9l030shhs0jkl5gvkzkfxbxxm56xv0l0nmbplaci8wm8"))))
(build-system glib-or-gtk-build-system)
+ (arguments
+ '(#:phases
+ (modify-phases %standard-phases
+ (add-before 'install 'skip-gtk-update-icon-cache
+ (lambda _
+ ;; Don't create 'icon-theme.cache'.
+ (substitute* "editor/Makefile"
+ (("gtk-update-icon-cache") "true"))
+ #t)))))
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-compile-schemas, gio-2.0.
("intltool" ,intltool)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 5fcc03a222..dd75ea5c34 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -52,7 +52,7 @@
(define-public libgpg-error
(package
(name "libgpg-error")
- (version "1.22")
+ (version "1.24")
(source
(origin
(method url-fetch)
@@ -60,7 +60,7 @@
version ".tar.bz2"))
(sha256
(base32
- "0ywxwswizmkyciy480kzczxn6nhbgzf3z8my4nk43nvv67k4x87j"))))
+ "0h75sf1ngr750c3fjfn4583q7wz40qm63jhg8vjfdrbx936f2s4j"))))
(build-system gnu-build-system)
(home-page "https://gnupg.org")
(synopsis "Library of error values for GnuPG components")
@@ -76,15 +76,14 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
- (replacement libgcrypt-1.7.3)
- (version "1.7.0")
+ (version "1.7.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
- "14pspxwrqcgfklw3dgmywbxqwdzcym7fznfrqh9rk4vl8jkpxrmh"))))
+ "0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error-host" ,libgpg-error)))
@@ -110,22 +109,9 @@ generation.")
(properties '((ftp-server . "ftp.gnupg.org")
(ftp-directory . "/gcrypt/libgcrypt")))))
-(define libgcrypt-1.7.3
- (package
- (inherit libgcrypt)
- (version "1.7.3")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
- version ".tar.bz2"))
- (sha256
- (base32
- "0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x"))))))
-
(define-public libgcrypt-1.5
(package (inherit libgcrypt)
- (replacement libgcrypt-1.5.6)
- (version "1.5.4")
+ (version "1.5.6")
(source
(origin
(method url-fetch)
@@ -133,20 +119,7 @@ generation.")
version ".tar.bz2"))
(sha256
(base32
- "0czvqxkzd5y872ipy6s010ifwdwv29sqbnqc4pf56sd486gqvy6m"))))))
-
-(define libgcrypt-1.5.6
- (package
- (inherit libgcrypt-1.5)
- (source
- (let ((version "1.5.6"))
- (origin
- (method url-fetch)
- (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
- version ".tar.bz2"))
- (sha256
- (base32
- "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))))
+ "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))
(define-public libassuan
(package
@@ -238,15 +211,14 @@ compatible to GNU Pth.")
(define-public gnupg
(package
(name "gnupg")
- (version "2.1.13")
+ (version "2.1.15")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/gnupg/gnupg-" version
".tar.bz2"))
- (patches (search-patches "gnupg-fix-expired-test.patch"))
(sha256
(base32
- "0xcn46vcb5x5qx0bc803vpzhzhnn6wfhp7x71w9n1ahx4ak877ag"))))
+ "1pgz02gd84ab94w4xdg67p9z8kvkyr9d523bvcxxd2hviwh1m362"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@@ -272,6 +244,17 @@ compatible to GNU Pth.")
(lambda _
(substitute* "tests/openpgp/defs.inc"
(("/bin/pwd") (which "pwd")))
+ #t))
+ (add-after 'build 'patch-scheme-tests
+ (lambda _
+ (substitute* (find-files "tests" ".\\.scm$")
+ (("/usr/bin/env gpgscm")
+ (string-append (getcwd) "/tests/gpgscm/gpgscm")))))
+ (add-before 'check 'set-home
+ ;; Some tests require write access to $HOME, otherwise leading to
+ ;; 'failed to create directory /homeless-shelter/.asy' error.
+ (lambda _
+ (setenv "HOME" "/tmp")
#t)))))
(home-page "https://gnupg.org/")
(synopsis "GNU Privacy Guard")
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 4927a516e2..d15066cbd6 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -431,21 +431,7 @@ standards.")
("mit-krb5" ,mit-krb5)
("nspr" ,nspr)
("nss" ,nss)
-
- ;; XXX Work around the fact that our 'sqlite' package was not built
- ;; with -DSQLITE_ENABLE_DBSTAT_VTAB.
- ("sqlite" ,(package
- (inherit sqlite)
- (arguments
- `(#:configure-flags
- ;; Add -DSQLITE_SECURE_DELETE, -DSQLITE_ENABLE_UNLOCK_NOTIFY and
- ;; -DSQLITE_ENABLE_DBSTAT_VTAB to CFLAGS. GNU Icecat will refuse
- ;; to use the system SQLite unless these options are enabled.
- (list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE "
- "-DSQLITE_ENABLE_UNLOCK_NOTIFY "
- "-DSQLITE_ENABLE_DBSTAT_VTAB"))))))
- ;;("sqlite" ,sqlite)
-
+ ("sqlite" ,sqlite)
("startup-notification" ,startup-notification)
("unzip" ,unzip)
("yasm" ,yasm)
diff --git a/gnu/packages/grub.scm b/gnu/packages/grub.scm
index ffce1bf86b..b920be9ea2 100644
--- a/gnu/packages/grub.scm
+++ b/gnu/packages/grub.scm
@@ -128,8 +128,8 @@
#t)))))
(inputs
`(;; ("lvm2" ,lvm2)
+ ("gettext" ,gettext-minimal)
("mdadm" ,mdadm)
- ("gettext" ,gnu-gettext)
("freetype" ,freetype)
;; ("libusb" ,libusb)
;; ("fuse" ,fuse)
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index df79239951..0de1409406 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -357,7 +357,7 @@ printing and other features typical of a source code editor.")
(define-public gtksourceview
(package
(name "gtksourceview")
- (version "3.20.2")
+ (version "3.20.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -365,7 +365,7 @@ printing and other features typical of a source code editor.")
name "-" version ".tar.xz"))
(sha256
(base32
- "03vxirdbjpgjrkl5ph0p9b1saq17xxr4kvhz1ijpg40a9jf3ci4y"))))
+ "009xag7df07ngav2wzs0rdrrx4s2m6ahx93pxzc2p1pkbz4nl3ks"))))
(build-system gnu-build-system)
(arguments
'(#:phases
@@ -486,7 +486,7 @@ in the GNOME project.")
(define-public at-spi2-core
(package
(name "at-spi2-core")
- (version "2.20.1")
+ (version "2.20.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -494,7 +494,7 @@ in the GNOME project.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0039y6bj1zfzhmfjbj5g830dlczphbpvbgmkcab9mapmh7kmin3f"))))
+ "0hx12snd9as4cq99ka3bn056xdf13f87pd1ilp6177qk8ffxx948"))))
(build-system gnu-build-system)
(outputs '("out" "doc"))
(arguments
@@ -594,7 +594,7 @@ is part of the GNOME accessibility project.")
("libxrandr" ,libxrandr)))
(native-inputs
`(("perl" ,perl)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("glib" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
("pkg-config" ,pkg-config)
@@ -629,7 +629,7 @@ application suites.")
(define-public gtk+
(package (inherit gtk+-2)
(name "gtk+")
- (version "3.20.3")
+ (version "3.20.9")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -637,9 +637,10 @@ application suites.")
name "-" version ".tar.xz"))
(sha256
(base32
- "157nh9gg0p2avw765hrnkvr8lsh2w811397yxgjv6q5j4fzz6d1q"))
+ "05xcwvy68p7f4hdhi4bgdm3aycvqqr4pr5kkkr8ba91l5yx0k9l3"))
(patches (search-patches "gtk3-respect-GUIX_GTK3_PATH.patch"
"gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch"))))
+ (outputs '("out" "bin" "doc"))
(propagated-inputs
`(("at-spi2-atk" ,at-spi2-atk)
("atk" ,atk)
@@ -662,7 +663,7 @@ application suites.")
(native-inputs
`(("perl" ,perl)
("glib" ,glib "bin")
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)
("gobject-introspection" ,gobject-introspection)
("python-wrapper" ,python-wrapper)
@@ -684,7 +685,16 @@ application suites.")
(substitute* "testsuite/Makefile.in"
(("SUBDIRS = gdk gtk a11y css reftests")
"SUBDIRS = gdk"))
- #t)))))
+ #t))
+ (add-after 'install 'move-desktop-files
+ ;; Move desktop files into 'bin' to avoid cycle references.
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out"))
+ (bin (assoc-ref outputs "bin")))
+ (mkdir-p (string-append bin "/share"))
+ (rename-file (string-append out "/share/applications")
+ (string-append bin "/share/applications"))
+ #t))))))
(native-search-paths
(list (search-path-specification
(variable "GUIX_GTK3_PATH")
@@ -928,7 +938,7 @@ library.")
(define-public pangomm
(package
(name "pangomm")
- (version "2.40.0")
+ (version "2.40.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@@ -936,7 +946,7 @@ library.")
name "-" version ".tar.xz"))
(sha256
(base32
- "03fpqdjp7plybf4zsgszbm8yhgl28vmajzfpmaqcsmyfvjlszl3x"))))
+ "1bz3gciff23bpw9bqc4v2l3lkq9w7394v3a4jxkvx0ap5lmfwqlp"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)))
(propagated-inputs
@@ -1177,7 +1187,7 @@ write GNOME applications.")
(base32
"03wsxj27hvcbs3x96nah7j3paclifwlfag8kdph4kldl48srp9pb"))))
(native-inputs `(("pkg-config" ,pkg-config)
- ("gettext" ,gnu-gettext)))
+ ("gettext" ,gettext-minimal)))
(inputs `(("gtk+" ,gtk+)
("check" ,check)))
(arguments
@@ -1241,7 +1251,7 @@ information.")
`(("pkg-config" ,pkg-config)
("itstool" ,itstool)
("libxml" ,libxml2)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("bc" ,bc)))
(inputs
`(("perl" ,perl)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 43071e6968..691a7fe22e 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -131,15 +131,15 @@ without requiring the source code to be rewritten.")
(define-public guile-2.0
(package
(name "guile")
- (version "2.0.11")
+ (version "2.0.12")
+ (replacement guile-2.0.13) ;CVE-2016-8606 and CVE-2016-8605
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/guile/guile-" version
".tar.xz"))
(sha256
(base32
- "1qh3j7308qvsjgwf7h94yqgckpbgz2k3yqdkzsyhqcafvfka9l5f"))
- (patches (search-patches "guile-arm-fixes.patch"))))
+ "1sdpjq0jf1h65w29q0zprj4x6kdp5jskkvbnlwphy9lvdxrqg0fy"))))
(build-system gnu-build-system)
(native-inputs `(("pkgconfig" ,pkg-config)))
(inputs `(("libffi" ,libffi)
@@ -184,7 +184,7 @@ without requiring the source code to be rewritten.")
(files '("share/guile/site/2.0")))
(search-path-specification
(variable "GUILE_LOAD_COMPILED_PATH")
- (files '("lib/guile/2.0/ccache"
+ (files '("lib/guile/2.0/site-ccache"
"share/guile/site/2.0")))))
(synopsis "Scheme implementation intended especially for extensions")
@@ -200,12 +200,28 @@ without requiring the source code to be rewritten.")
(define-public guile-2.0/fixed
;; A package of Guile 2.0 that's rarely changed. It is the one used
;; in the `base' module, and thus changing it entails a full rebuild.
- guile-2.0)
+ (package
+ (inherit guile-2.0)
+ (properties '((hidden? . #t))) ;people should install 'guile-2.0'
+ (replacement #f)))
+
+(define guile-2.0.13
+ (package
+ (inherit guile-2.0)
+ (version "2.0.13")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnu/guile/guile-" version
+ ".tar.xz"))
+ (sha256
+ (base32
+ "12yqkr974y91ylgw6jnmci2v90i90s7h9vxa4zk0sai8vjnz4i1p"))))))
(define-public guile-next
(package (inherit guile-2.0)
(name "guile-next")
(version "2.1.4")
+ (replacement #f)
(source (origin
(method url-fetch)
(uri (string-append "ftp://alpha.gnu.org/gnu/guile/guile-"
@@ -279,7 +295,7 @@ applicable."
("libtool" ,libtool)
("flex" ,flex)
("texinfo" ,texinfo)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
,@(package-native-inputs guile-next)))
;; Same as in guile-2.0
(native-search-paths
@@ -495,23 +511,33 @@ format is also supported.")
(define-public guile-lib
(package
(name "guile-lib")
- (version "0.2.2")
+ (version "0.2.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://savannah/guile-lib/guile-lib-"
version ".tar.gz"))
(sha256
(base32
- "1f9n2b5b5r75lzjinyk6zp6g20g60msa0jpfrk5hhg4j8cy0ih4b"))))
+ "0pwdd52vakni1fabaiav8v0ad7xp3bx8x3brijbr1mpgamm9dxqc"))))
(build-system gnu-build-system)
(arguments
- '(#:phases (alist-cons-before
- 'configure 'patch-module-dir
- (lambda _
- (substitute* "src/Makefile.in"
- (("^moddir[[:blank:]]*=[[:blank:]]*([[:graph:]]+)" _ rhs)
- (string-append "moddir = " rhs "/2.0\n"))))
- %standard-phases)))
+ '(#:phases (modify-phases %standard-phases
+ (add-before 'configure 'patch-module-dir
+ (lambda _
+ (substitute* "src/Makefile.in"
+ (("^moddir = ([[:graph:]]+)")
+ "moddir = $(datadir)/guile/site/@GUILE_EFFECTIVE_VERSION@\n")
+ (("^godir = ([[:graph:]]+)")
+ "godir = \
+$(libdir)/guile/@GUILE_EFFECTIVE_VERSION@/site-ccache\n"))
+ #t))
+ (replace 'check
+ (lambda _
+ ;; Work around a harmless test failure involving
+ ;; two-spaces-after-period rendering.
+ (zero? (system* "make" "check" ;"-C" "unit-tests"
+ "XFAIL_TESTS=texinfo.serialize.scm")))))))
+ (native-inputs `(("pkg-config" ,pkg-config)))
(inputs `(("guile" ,guile-2.0)))
(home-page "http://www.nongnu.org/guile-lib/")
(synopsis "Collection of useful Guile Scheme modules")
diff --git a/gnu/packages/gv.scm b/gnu/packages/gv.scm
index 240e3fc96c..e1e86a83a6 100644
--- a/gnu/packages/gv.scm
+++ b/gnu/packages/gv.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -39,7 +40,7 @@
(sha256 (base32
"0q8s43z14vxm41pfa8s5h9kyyzk1fkwjhkiwbf2x70alm6rv6qi1"))))
(build-system gnu-build-system)
- (propagated-inputs `(("ghostscript" ,ghostscript-gs/x)))
+ (propagated-inputs `(("ghostscript" ,ghostscript/x)))
(inputs `(("libx11" ,libx11)
("libxaw3d" ,libxaw3d)
("libxinerama" ,libxinerama)
diff --git a/gnu/packages/ibus.scm b/gnu/packages/ibus.scm
index 814984f16f..8dc5cdb742 100644
--- a/gnu/packages/ibus.scm
+++ b/gnu/packages/ibus.scm
@@ -265,7 +265,7 @@ Chinese pinyin input methods.")
'("ibus-engine-anthy" "ibus-setup-anthy"))
#t))))))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("intltool" ,intltool)
("pkg-config" ,pkg-config)
("python" ,python)))
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 7455bb8889..4b05cca3b4 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -58,18 +58,18 @@
(define-public libpng
(package
(name "libpng")
- (version "1.5.26")
+ (version "1.6.25")
(source (origin
(method url-fetch)
;; Note: upstream removes older tarballs.
- (uri (list (string-append "mirror://sourceforge/libpng/libpng15/"
+ (uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
version "/libpng-" version ".tar.xz")
(string-append
"ftp://ftp.simplesystems.org/pub/libpng/png/src"
"/libpng15/libpng-" version ".tar.xz")))
(sha256
- (base32 "0kbissyd7d4ahwdpm968nnzl7q15p6hadg44i9x0vrkrzdgdi93v"))))
+ (base32 "04c8inn745hw25wz2dc5vll5n5d2gsndj01i4srwzgz8861qvzh9"))))
(build-system gnu-build-system)
;; libpng.la says "-lz", so propagate it.
@@ -101,13 +101,13 @@ library. It supports almost all PNG features and is extensible.")
(define-public libjpeg
(package
(name "libjpeg")
- (version "9a")
+ (version "9b")
(source (origin
(method url-fetch)
(uri (string-append "http://www.ijg.org/files/jpegsrc.v"
version ".tar.gz"))
(sha256 (base32
- "19q5zr4n60sjcvfbyv06n4pcl1mai3ipvnd2akflayciinj3wx9s"))))
+ "0lnhpahgdwlrkd41lx6cr90r199f8mc6ydlh7jznj5klvacd63r4"))))
(build-system gnu-build-system)
(synopsis "Library for handling JPEG files")
(description
@@ -186,7 +186,6 @@ extracting icontainer icon files.")
(define-public libtiff
(package
(name "libtiff")
- (replacement libtiff/fixed)
(version "4.0.6")
(source (origin
(method url-fetch)
@@ -197,7 +196,14 @@ extracting icontainer icon files.")
(patches (search-patches
"libtiff-oob-accesses-in-decode.patch"
"libtiff-oob-write-in-nextdecode.patch"
- "libtiff-CVE-2015-8665+CVE-2015-8683.patch"))))
+ "libtiff-CVE-2015-8665+CVE-2015-8683.patch"
+ "libtiff-CVE-2016-3623.patch"
+ "libtiff-CVE-2016-3945.patch"
+ "libtiff-CVE-2016-3990.patch"
+ "libtiff-CVE-2016-3991.patch"
+ "libtiff-CVE-2016-5314.patch"
+ "libtiff-CVE-2016-5321.patch"
+ "libtiff-CVE-2016-5323.patch"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.3 MiB of HTML documentation
@@ -219,23 +225,6 @@ collection of tools for doing simple manipulations of TIFF images.")
"See COPYRIGHT in the distribution."))
(home-page "http://www.remotesensing.org/libtiff/")))
-(define libtiff/fixed
- (package
- (inherit libtiff)
- (source (origin
- (inherit (package-source libtiff))
- (patches (search-patches
- "libtiff-oob-accesses-in-decode.patch"
- "libtiff-oob-write-in-nextdecode.patch"
- "libtiff-CVE-2015-8665+CVE-2015-8683.patch"
- "libtiff-CVE-2016-3623.patch"
- "libtiff-CVE-2016-3945.patch"
- "libtiff-CVE-2016-3990.patch"
- "libtiff-CVE-2016-3991.patch"
- "libtiff-CVE-2016-5314.patch"
- "libtiff-CVE-2016-5321.patch"
- "libtiff-CVE-2016-5323.patch"))))))
-
(define-public libwmf
(package
(name "libwmf")
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index db398de530..a516629dbf 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -157,7 +157,7 @@ SILC and ICB protocols via plugins.")
("libtool" ,libtool)))
(inputs `(("ncurses" ,ncurses)
("diffutils" ,diffutils)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("libltdl" ,libltdl)
("libgcrypt" ,libgcrypt "out")
("zlib" ,zlib)
diff --git a/gnu/packages/iso-codes.scm b/gnu/packages/iso-codes.scm
index 0a9427cef2..dbdd868b3b 100644
--- a/gnu/packages/iso-codes.scm
+++ b/gnu/packages/iso-codes.scm
@@ -40,7 +40,7 @@
"037hmfs5pk3g36psm378vap1mbrkk86vv8wsdnv65mzbnph52gv0"))))
(build-system gnu-build-system)
(inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("perl" ,perl)
("python" ,python-wrapper)))
(home-page "https://pkg-isocodes.alioth.debian.org/")
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index 011f9e0deb..3790e8f63f 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -601,7 +601,7 @@ interfaces in the areas of colors, fonts, text, images, keyboard input.")
"0cw24spmwsqa3ppkw03cm6yjd3sfll0dbbk2ya76fd4nw9hb00dv"))))
(build-system cmake-build-system)
(propagated-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("python" ,python)))
(native-inputs
`(("extra-cmake-modules" ,extra-cmake-modules)))
diff --git a/gnu/packages/kodi.scm b/gnu/packages/kodi.scm
index ec4e72e8ba..929894d61e 100644
--- a/gnu/packages/kodi.scm
+++ b/gnu/packages/kodi.scm
@@ -199,7 +199,7 @@ generator library for C++.")
("cmake" ,cmake)
("doxygen" ,doxygen)
("gawk" ,gawk)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("icedtea" ,icedtea) ; needed at build-time only, mandatory
("libtool" ,libtool)
("pkg-config" ,pkg-config)
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index 432c1fe675..0c9d0af3c8 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -27,14 +27,14 @@
(define-public libidn
(package
(name "libidn")
- (replacement libidn-1.33)
- (version "1.32")
+ (version "1.33")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/libidn/libidn-" version
".tar.gz"))
- (sha256 (base32
- "1xf4hphhahcjm2xwx147lfpsavjwv9l4c2gf6hx71zxywbz5lpds"))))
+ (sha256
+ (base32
+ "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4"))))
(build-system gnu-build-system)
;; FIXME: No Java and C# libraries are currently built.
(synopsis "Internationalized string processing library")
@@ -46,16 +46,3 @@ names. It includes native C, C# and Java libraries.")
;; the command line tool is gpl3+.
(license (list gpl2+ gpl3+ lgpl3+ fdl1.3+))
(home-page "http://www.gnu.org/software/libidn/")))
-
-(define libidn-1.33
- (package
- (inherit libidn)
- (source
- (let ((version "1.33"))
- (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/libidn/libidn-" version
- ".tar.gz"))
- (sha256
- (base32
- "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4")))))))
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 08fd7ac9bb..53baa21fdd 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -15,6 +15,7 @@
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 David Craven <david@craven.ch>
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
+;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -110,17 +111,36 @@
version "-gnu.tar.xz")))
(define-public linux-libre-headers
- (let* ((version "4.1.18")
- (build-phase
- (lambda (arch)
- `(lambda _
- (setenv "ARCH" ,(system->linux-architecture arch))
+ (package
+ (name "linux-libre-headers")
+ (version "4.4.18")
+ (source (origin
+ (method url-fetch)
+ (uri (linux-libre-urls version))
+ (sha256
+ (base32
+ "0k8k17in7dkjd9d8zg3i8l1ax466dba6bxw28flxizzyq8znljps"))))
+ (build-system gnu-build-system)
+ (native-inputs `(("perl" ,perl)))
+ (arguments
+ `(#:modules ((guix build gnu-build-system)
+ (guix build utils)
+ (srfi srfi-1))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)
+ (replace 'build
+ (lambda _
+ (let ((arch ,(system->linux-architecture
+ (or (%current-target-system)
+ (%current-system)))))
+ (setenv "ARCH" arch)
(format #t "`ARCH' set to `~a'~%" (getenv "ARCH"))
(and (zero? (system* "make" "defconfig"))
(zero? (system* "make" "mrproper" "headers_check"))))))
- (install-phase
- `(lambda* (#:key outputs #:allow-other-keys)
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(and (zero? (system* "make"
(string-append "INSTALL_HDR_PATH=" out)
@@ -140,33 +160,12 @@
(for-each delete-file (find-files out "\\.install"))
#t))))))
- (package
- (name "linux-libre-headers")
- (version version)
- (source (origin
- (method url-fetch)
- (uri (linux-libre-urls version))
- (sha256
- (base32
- "1bddh2rg645lavhjkk9z75vflba5y0g73z2fjwgbfrj5jb44x9i7"))))
- (build-system gnu-build-system)
- (native-inputs `(("perl" ,perl)))
- (arguments
- `(#:modules ((guix build gnu-build-system)
- (guix build utils)
- (srfi srfi-1))
- #:phases (alist-replace
- 'build ,(build-phase (or (%current-target-system)
- (%current-system)))
- (alist-replace
- 'install ,install-phase
- (alist-delete 'configure %standard-phases)))
#:allowed-references ()
#:tests? #f))
+ (home-page "http://www.gnu.org/software/linux-libre")
(synopsis "GNU Linux-Libre kernel headers")
(description "Headers of the Linux-Libre kernel.")
- (license license:gpl2)
- (home-page "http://www.gnu.org/software/linux-libre/"))))
+ (license license:gpl2)))
(define %boot-logo-patch
;; Linux-Libre boot logo featuring Freedo and a gnu.
@@ -359,17 +358,18 @@ It has been modified to remove all non-free binary blobs.")
(define-public linux-pam
(package
(name "linux-pam")
- (version "1.2.1")
+ (version "1.3.0")
(source
(origin
(method url-fetch)
- (uri (list (string-append "http://www.linux-pam.org/library/Linux-PAM-"
- version ".tar.bz2")
- (string-append "mirror://kernel.org/linux/libs/pam/library/Linux-PAM-"
- version ".tar.bz2")))
+ (uri (string-append
+ "http://www.linux-pam.org/library/"
+ "Linux-PAM-" version ".tar.bz2"))
(sha256
(base32
- "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))))
+ "1fyi04d5nsh8ivd0rn2y0z83ylgc0licz7kifbb6xxi2ylgfs6i4"))
+ (patches (search-patches "linux-pam-no-setfsuid.patch"))))
+
(build-system gnu-build-system)
(native-inputs
`(("flex" ,flex)
@@ -397,6 +397,21 @@ be used through the PAM API to perform tasks, like authenticating a user
at login. Local and dynamic reconfiguration are its key features.")
(license license:bsd-3)))
+(define-public linux-pam-1.2
+ (package
+ (inherit linux-pam)
+ (version "1.2.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "http://www.linux-pam.org/library/"
+ "Linux-PAM-" version ".tar.bz2"))
+ (sha256
+ (base32
+ "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))
+ (patches (search-patches "linux-pam-no-setfsuid.patch"))))))
+
;;;
;;; Miscellaneous.
@@ -428,7 +443,7 @@ providing the system administrator with some help in common tasks.")
(define-public util-linux
(package
(name "util-linux")
- (version "2.27")
+ (version "2.28.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/utils/"
@@ -436,7 +451,7 @@ providing the system administrator with some help in common tasks.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1ivdx1bhjbakf77agm9dn3wyxia1wgz9lzxgd61zqxw3xzih9gzw"))
+ "03xnaw3c7pavxvvh1vnimcr44hlhhf25whawiyv8dxsflfj4xkiy"))
(patches (search-patches "util-linux-tests.patch"))
(modules '((guix build utils)))
(snippet
@@ -511,16 +526,14 @@ block devices, UUIDs, TTYs, and many other tools.")
(define-public procps
(package
(name "procps")
- (version "3.3.11")
+ (version "3.3.12")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/procps-ng/Production/"
"procps-ng-" version ".tar.xz"))
(sha256
(base32
- "1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9"))
- (patches
- (list (search-patch "procps-non-linux.patch")))))
+ "1m57w6jmry84njd5sgk5afycbglql0al80grx027kwqqcfw5mmkf"))))
(build-system gnu-build-system)
(arguments
'(#:modules ((guix build utils)
@@ -529,6 +542,15 @@ block devices, UUIDs, TTYs, and many other tools.")
(srfi srfi-26))
#:phases
(modify-phases %standard-phases
+ (add-before 'check 'disable-strtod-test
+ (lambda _
+ ;; Disable the 'strtod' test, which fails on 32-bit systems.
+ ;; This is what upstream does:
+ ;; <https://gitlab.com/procps-ng/procps/commit/100afbc1491be388f1429021ff65d969f4b1e08f>.
+ (substitute* "Makefile"
+ (("^(TESTS|check_PROGRAMS) = .*$" all)
+ (string-append "# " all "\n")))
+ #t))
(add-after
'install 'post-install
;; Remove commands and man pages redudant with
@@ -855,7 +877,7 @@ MIDI functionality to the Linux-based operating system.")
("ncurses" ,ncurses)
("alsa-lib" ,alsa-lib)
("xmlto" ,xmlto)
- ("gettext" ,gnu-gettext)))
+ ("gettext" ,gettext-minimal)))
(home-page "http://www.alsa-project.org/")
(synopsis "Utilities for the Advanced Linux Sound Architecture (ALSA)")
(description
@@ -1044,7 +1066,7 @@ manpages.")
(sha256
(base32
"0p93lsqx23v5fv4hpbrydmfvw1ha2rgqpn2zqbs2jhxkzhjc030p"))))))
- (native-inputs `(("gettext" ,gnu-gettext)))
+ (native-inputs `(("gettext" ,gettext-minimal)))
(synopsis "Tools for controlling the network subsystem in Linux")
(description
@@ -1605,7 +1627,7 @@ from the module-init-tools project.")
;; The post-systemd fork, maintained by Gentoo.
(package
(name "eudev")
- (version "3.1.5")
+ (version "3.2")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1613,7 +1635,7 @@ from the module-init-tools project.")
version ".tar.gz"))
(sha256
(base32
- "0akg9gcc3c2p56xbhlvbybqavcprly5q0bvk655zwl6d62j8an7p"))
+ "099w62ncq78nxpxizf910mx18hc8x4qvzw3azjd00fir89wmyjnq"))
(patches (search-patches "eudev-rules-directory.patch"))))
(build-system gnu-build-system)
(native-inputs
@@ -2471,7 +2493,7 @@ Bluetooth audio output devices like headphones or loudspeakers.")
#t))))))
(native-inputs
`(("pkg-config" ,pkg-config)
- ("gettext" ,gnu-gettext)))
+ ("gettext" ,gettext-minimal)))
(inputs
`(("glib" ,glib)
("dbus" ,dbus)
@@ -2811,7 +2833,7 @@ from that to the system kernel's @file{/dev/random} machinery.")
"DEBUG=false"
"PACKAGE_BUGREPORT=bug-guix@gnu.org"))
#:tests? #f)) ;no tests
- (native-inputs `(("gettext" ,gnu-gettext)))
+ (native-inputs `(("gettext" ,gettext-minimal)))
(inputs `(("pciutils" ,pciutils)))
(home-page (package-home-page linux-libre))
(synopsis "CPU frequency and voltage scaling tools for Linux")
diff --git a/gnu/packages/lout.scm b/gnu/packages/lout.scm
index 1355e0387a..f2c724ae07 100644
--- a/gnu/packages/lout.scm
+++ b/gnu/packages/lout.scm
@@ -88,8 +88,7 @@
(build-system gnu-build-system) ; actually, just a makefile
(outputs '("out" "doc"))
(native-inputs
- `(("ghostscript" ,ghostscript)
- ("ghostscript-gs" ,ghostscript-gs)))
+ `(("ghostscript" ,ghostscript)))
(arguments `(#:modules ((guix build utils)
(guix build gnu-build-system)
(srfi srfi-1)) ; we need SRFI-1
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index def9c23b17..1b7352fc10 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -114,9 +114,6 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(current-source-location)
#:native-inputs native-inputs))
-(define %bash-static
- (static-package bash-minimal))
-
(define %static-inputs
;; Packages that are to be used as %BOOTSTRAP-INPUTS.
(let ((coreutils (package (inherit coreutils)
@@ -184,7 +181,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(("-Wl,-export-dynamic") "")))
,phases)))))
(inputs (if (%current-target-system)
- `(("bash" ,%bash-static))
+ `(("bash" ,static-bash))
'()))))
(finalize (compose static-package
package-with-relocatable-glibc)))
@@ -200,7 +197,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
("sed" ,sed)
("grep" ,grep)
("gawk" ,gawk)))
- ("bash" ,%bash-static))))
+ ("bash" ,static-bash))))
(define %static-binaries
(package
@@ -515,6 +512,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(patches patches)))
(guile (package (inherit guile-2.0)
(name (string-append (package-name guile-2.0) "-static"))
+ (replacement #f)
(source source)
(synopsis "Statically-linked and relocatable Guile")
diff --git a/gnu/packages/man.scm b/gnu/packages/man.scm
index cdefbdedbb..2d99438420 100644
--- a/gnu/packages/man.scm
+++ b/gnu/packages/man.scm
@@ -189,7 +189,7 @@ Linux kernel and C library interfaces employed by user-space programs.")
`(("perl" ,perl)
;; TODO: Add these optional dependencies.
;; ("perl-LocaleGettext" ,perl-LocaleGettext)
- ;; ("gettext" ,gnu-gettext)
+ ;; ("gettext" ,gettext-minimal)
))
(home-page "http://www.gnu.org/software/help2man/")
(synopsis "Automatically generate man pages from program --help")
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 07934e3114..83f55c9f18 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -1982,7 +1982,7 @@ parts of it.")
(define-public openblas
(package
(name "openblas")
- (version "0.2.15")
+ (version "0.2.19")
(source
(origin
(method url-fetch)
@@ -1991,7 +1991,7 @@ parts of it.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "1k5f6vjlk54qlplk5m7xkbaw6g2y7dl50lwwdv6xsbcsgsbxfcpy"))))
+ "071zqnmnxhh0c9phzyn3f198yxa0hjxda7016azdbq2056sm70w7"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ;no "check" target
@@ -2552,7 +2552,7 @@ evaluates expressions using the standard order of operations.")
(base32
"15cd1cx1dyygw6g2nhjqq3bsfdj8sj8m4va9n75i0f3ryww3x7wq"))))
(build-system gnu-build-system)
- (native-inputs `(("gettext" ,gnu-gettext)))
+ (native-inputs `(("gettext" ,gettext-minimal)))
(inputs `(("libx11" ,libx11)
("zlib" ,zlib)
("libpng" ,libpng)
diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm
index 3d11f3a450..3299c7b5c4 100644
--- a/gnu/packages/mit-krb5.scm
+++ b/gnu/packages/mit-krb5.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -31,8 +32,7 @@
(define-public mit-krb5
(package
(name "mit-krb5")
- (replacement mit-krb5-1.14.3)
- (version "1.14.2")
+ (version "1.14.3")
(source (origin
(method url-fetch)
(uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
@@ -40,7 +40,7 @@
"/krb5-" version ".tar.gz"))
(sha256
(base32
- "09wbv969ak4fqlqr1ip5bi62fny1zlp1vwjarvj6a6cdfzkdgjkb"))))
+ "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind"))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
@@ -84,17 +84,3 @@ cryptography.")
(license (non-copyleft "file://NOTICE"
"See NOTICE in the distribution."))
(home-page "http://web.mit.edu/kerberos/")))
-
-(define mit-krb5-1.14.3
- (package
- (inherit mit-krb5)
- (source
- (let ((version "1.14.3"))
- (origin
- (method url-fetch)
- (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
- (version-major+minor version)
- "/krb5-" version ".tar.gz"))
- (sha256
- (base32
- "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind")))))))
diff --git a/gnu/packages/mono.scm b/gnu/packages/mono.scm
index 75e39afdf0..343cebc99f 100644
--- a/gnu/packages/mono.scm
+++ b/gnu/packages/mono.scm
@@ -44,7 +44,7 @@
"0jibyvyv2jy8dq5ij0j00iq3v74r0y90dcjc3dkspcfbnn37cphn"))))
(build-system gnu-build-system)
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("glib" ,glib)
("libxslt" ,libxslt)
("perl" ,perl)
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 37407cdc17..73a9a23efd 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -443,7 +443,7 @@ format.")
(install-file "mpc123" bin)))))
#:tests? #f))
(native-inputs
- `(("gettext" ,gnu-gettext)))
+ `(("gettext" ,gettext-minimal)))
(inputs
`(("libao" ,ao)
("libmpcdec" ,libmpcdec)))
diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm
index 46540be5c4..23ae68a28f 100644
--- a/gnu/packages/multiprecision.scm
+++ b/gnu/packages/multiprecision.scm
@@ -31,7 +31,7 @@
(define-public gmp
(package
(name "gmp")
- (version "6.1.0")
+ (version "6.1.1")
(source (origin
(method url-fetch)
(uri
@@ -39,7 +39,7 @@
version ".tar.xz"))
(sha256
(base32
- "12b9s4jn48gbar6dbs5qrlmljdmnq43xy3ji9yjzic0mwp6dmnk8"))
+ "0cg84n482gcvl0s4xq4wgwsk4r0x0m8dnzpizwqdd2j8vw2rqvnk"))
(patches (search-patches "gmp-faulty-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("m4" ,m4)))
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index d5805b0403..bbae98532d 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -493,7 +493,7 @@ for path in [path for path in sys.path if 'site-packages' in path]: site.addsite
("python2-pyliblo" ,python2-pyliblo)
("python2-pygtk" ,python2-pygtk)))
(native-inputs
- `(("gettext" ,gnu-gettext)))
+ `(("gettext" ,gettext-minimal)))
(home-page "http://das.nasophon.de/gtklick/")
(synopsis "Simple metronome with an easy-to-use graphical interface")
(description
@@ -555,7 +555,7 @@ interface. It is implemented as a frontend to @code{klick}.")
("font-tex-gyre" ,font-tex-gyre)
("fontconfig" ,fontconfig)
("freetype" ,freetype)
- ("ghostscript" ,ghostscript-gs)
+ ("ghostscript" ,ghostscript)
("pango" ,pango)
("python" ,python-2)))
(native-inputs
@@ -564,7 +564,7 @@ interface. It is implemented as a frontend to @code{klick}.")
("flex" ,flex)
("fontforge" ,fontforge)
("dblatex" ,dblatex)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("imagemagick" ,imagemagick)
("netpbm" ,netpbm) ;for pngtopnm
("texlive" ,texlive) ;metafont and metapost
@@ -712,7 +712,7 @@ for path in [path for path in sys.path if 'site-packages' in path]: site.addsite
(inputs
`(("python" ,python-2)
("pygtk" ,python2-pygtk)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("gtk" ,gtk+)
("lilypond" ,lilypond)
;; players needed at runtime
@@ -987,7 +987,7 @@ Laurens Hammond and Don Leslie.")
("flac" ,flac)
("alsa-lib" ,alsa-lib)
("libvorbis" ,libvorbis)
- ("gettext" ,gnu-gettext)))
+ ("gettext" ,gettext-minimal)))
(native-inputs
`(("pkg-config" ,pkg-config)
("glib:bin" ,glib "bin")
@@ -1180,7 +1180,7 @@ export.")
`(("autoconf" ,autoconf)
("automake" ,automake)
("libtool" ,libtool)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(inputs
`(("tk" ,tk)
diff --git a/gnu/packages/nano.scm b/gnu/packages/nano.scm
index 3c4c699983..01ef5dc800 100644
--- a/gnu/packages/nano.scm
+++ b/gnu/packages/nano.scm
@@ -40,7 +40,7 @@
"1hzazcrbwjqiw89jjvlj97q0wf385qqkzcm0870pdrixiv7yklax"))))
(build-system gnu-build-system)
(inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("ncurses" ,ncurses)))
(home-page "http://www.nano-editor.org/")
(synopsis "Small, user-friendly console text editor")
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 4b77aad792..cc843c97ff 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -488,7 +488,7 @@ network frames.")
"1y7sbgkhgadmd93x1zafqc4yp26ssiv16ni5bbi9vmvvdl55m29y"))))
(build-system gnu-build-system)
(native-inputs
- `(("gettext" ,gnu-gettext)))
+ `(("gettext" ,gettext-minimal)))
(inputs
`(("fftw" ,fftw)
("ncurses" ,ncurses)
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index f6f7308ff0..f1b4bdbf6f 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -573,7 +574,6 @@ libpanel, librsvg and quartz.")
(native-inputs
`(("ocaml" ,ocaml)
;; For documentation
- ("ghostscript-gs" ,ghostscript-gs)
("ghostscript" ,ghostscript)
("texlive" ,texlive)
("hevea" ,hevea)
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index 4bbc6a6bf8..627319bda8 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -55,14 +55,11 @@
"0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))
(build-system gnu-build-system)
(inputs `(("bdb" ,bdb-5.3)
- ("openssl" ,openssl)
("cyrus-sasl" ,cyrus-sasl)
+ ("gnutls" ,gnutls)
("groff" ,groff)
("icu4c" ,icu4c)
("libgcrypt" ,libgcrypt)
- ;; FIXME: currently, openldap requires openssl or gnutls<3, see
- ;; http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17
- ;; Once this is fixed, switch to gnutls.
("zlib" ,zlib)))
(native-inputs `(("libtool" ,libtool)))
(arguments
diff --git a/gnu/packages/openstack.scm b/gnu/packages/openstack.scm
index 62f1e84a3b..fc865d36e0 100644
--- a/gnu/packages/openstack.scm
+++ b/gnu/packages/openstack.scm
@@ -256,6 +256,7 @@ tested on Python version 3.2, 2.7 and 2.6.")
`(("python-pbr" ,python-pbr)))
(native-inputs
`(("python-discover" ,python-discover)
+ ("python-docutils" ,python-docutils)
("python-fixtures" ,python-fixtures)
("python-mock" ,python-mock)
("python-sphinx" ,python-sphinx)
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 70a6a49921..34515f1d22 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -247,7 +247,7 @@ the Nix package manager.")
(native-inputs
`(("autoconf" ,(autoconf-wrapper))
("automake" ,automake)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("texinfo" ,texinfo)
("graphviz" ,graphviz)
("help2man" ,help2man)
diff --git a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
index edd411e1a8..aa253e135f 100644
--- a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
+++ b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch
@@ -1,6 +1,12 @@
-This Binutils patch is from the ath9k-htc-firmware repository (version 1.3.2).
-Not applying it (apparently) leads to miscompiled firmware, and loading it
-fails with a "Target is unresponsive" message from the 'ath9k_htc' module.
+These Binutils patches are from the ath9k-htc-firmware repository
+(commit f6af791348b68ceadab375e4ed0f7bcda86cb3c0).
+
+Not applying the first patch (apparently) leads to miscompiled firmware,
+and loading it fails with a "Target is unresponsive" message from the
+'ath9k_htc' module.
+
+The final hunk, applied to 'gas/config/tc-xtensa.c', is copied from the
+upstream file 'local/patches/binutils-2.27_fixup.patch'.
From dbca73446265ce01b8e11462c3346b25953e3399 Mon Sep 17 00:00:00 2001
From: Sujith Manoharan <c_manoha@qca.qualcomm.com>
@@ -28873,16 +28879,6 @@ diff --git a/include/xtensa-config.h b/include/xtensa-config.h
index 30f4f41..fe9b051 100644
--- a/include/xtensa-config.h
+++ b/include/xtensa-config.h
-@@ -1,7 +1,7 @@
- /* Xtensa configuration settings.
-- Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2010
-+ Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007
- Free Software Foundation, Inc.
-- Contributed by Bob Wilson (bob.wilson@acm.org) at Tensilica.
-+ Contributed by Bob Wilson (bwilson@tensilica.com) at Tensilica.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
@@ -44,10 +44,7 @@
#define XCHAL_HAVE_L32R 1
@@ -28973,3 +28969,20 @@ index 30f4f41..fe9b051 100644
#define XCHAL_MAX_INSTRUCTION_SIZE 3
--
1.8.1
+
+diff --git a/gas/config/tc-xtensa.c b/gas/config/tc-xtensa.c
+index d062044..ca261ae 100644
+--- a/gas/config/tc-xtensa.c
++++ b/gas/config/tc-xtensa.c
+@@ -2228,7 +2228,7 @@ xg_reverse_shift_count (char **cnt_argp)
+ cnt_arg = *cnt_argp;
+
+ /* replace the argument with "31-(argument)" */
+- new_arg = concat ("31-(", cnt_argp, ")", (char *) NULL);
++ new_arg = concat ("31-(", cnt_arg, ")", (char *) NULL);
+
+ free (cnt_arg);
+ *cnt_argp = new_arg;
+--
+2.10.1
+
diff --git a/gnu/packages/patches/binutils-mips-bash-bug.patch b/gnu/packages/patches/binutils-mips-bash-bug.patch
new file mode 100644
index 0000000000..08d3a79749
--- /dev/null
+++ b/gnu/packages/patches/binutils-mips-bash-bug.patch
@@ -0,0 +1,22 @@
+Bash 4.2.0(1)-release, which we use during bootstrap, does not yield the
+"x" case in:
+
+ case x"$EMULATION_NAME" in x) ;; *) ;; esac
+
+when 'EMULATION_NAME' is undefined. Bash 4.3.30(1)-release doesn't have this
+problem. Work around it.
+
+This Bash bug was fixed
+in <http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-007>.
+
+--- a/ld/emulparams/elf32bmipn32-defs.sh
++++ b/ld/emulparams/elf32bmipn32-defs.sh
+@@ -13,7 +13,7 @@ LITTLE_OUTPUT_FORMAT="elf32-littlemips"
+ TEMPLATE_NAME=elf32
+ EXTRA_EM_FILE=mipself
+
+-case x"$EMULATION_NAME" in
++case "x$EMULATION_NAME" in
+ xelf32*n32*) ELFSIZE=32 ;;
+ xelf64*) ELFSIZE=64 ;;
+ x) ;;
diff --git a/gnu/packages/patches/cmake-fix-tests.patch b/gnu/packages/patches/cmake-fix-tests.patch
index f59e2cd625..732b0023ab 100644
--- a/gnu/packages/patches/cmake-fix-tests.patch
+++ b/gnu/packages/patches/cmake-fix-tests.patch
@@ -1,6 +1,17 @@
---- cmake-3.2.2.orig/Tests/CMakeLists.txt 2015-04-14 01:09:00.000000000 +0800
-+++ cmake-3.2.2/Tests/CMakeLists.txt 2015-04-28 15:02:34.913039742 +0800
-@@ -342,10 +342,12 @@
+From af0a62dadfb3db25880bc653e2e4c97435a604c9 Mon Sep 17 00:00:00 2001
+From: Efraim Flashner <efraim@flashner.co.il>
+Date: Mon, 29 Aug 2016 20:07:58 +0300
+Subject: [PATCH] cmake-fix-tests
+
+---
+ Tests/CMakeLists.txt | 83 ++++++++++++++++++++++++++++------------------------
+ 1 file changed, 44 insertions(+), 39 deletions(-)
+
+diff --git a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt
+index f21e430..56014a2 100644
+--- a/Tests/CMakeLists.txt
++++ b/Tests/CMakeLists.txt
+@@ -416,10 +416,12 @@ if(BUILD_TESTING)
endif()
# run test for BundleUtilities on supported platforms/compilers
@@ -17,7 +28,7 @@
if(NOT "${CMAKE_GENERATOR}" STREQUAL "Watcom WMake")
add_test(BundleUtilities ${CMAKE_CTEST_COMMAND}
-@@ -2257,16 +2259,17 @@
+@@ -2481,30 +2483,32 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
PASS_REGULAR_EXPRESSION "Could not find executable"
FAIL_REGULAR_EXPRESSION "SegFault")
@@ -31,6 +42,20 @@
- )
- set_tests_properties(CTestTestUpload PROPERTIES
- PASS_REGULAR_EXPRESSION "Upload\\.xml")
+-
+- configure_file(
+- "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in"
+- "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake"
+- @ONLY ESCAPE_QUOTES)
+- add_test(CTestCoverageCollectGCOV ${CMAKE_CTEST_COMMAND}
+- -C \${CTEST_CONFIGURATION_TYPE}
+- -S "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -VV
+- --output-log "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/testOut.log"
+- )
+- set_tests_properties(CTestCoverageCollectGCOV PROPERTIES
+- PASS_REGULAR_EXPRESSION
+- "PASSED with correct output.*Testing/CoverageInfo/main.cpp.gcov")
+- set_property(TEST CTestCoverageCollectGCOV PROPERTY ENVIRONMENT CTEST_PARALLEL_LEVEL=)
+# This test requires network connectivity: skip it.
+# configure_file(
+# "${CMake_SOURCE_DIR}/Tests/CTestTestUpload/test.cmake.in"
@@ -42,6 +67,54 @@
+# )
+# set_tests_properties(CTestTestUpload PROPERTIES
+# PASS_REGULAR_EXPRESSION "Upload\\.xml")
++
++# This test times out
++# configure_file(
++# "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in"
++# "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake"
++# @ONLY ESCAPE_QUOTES)
++# add_test(CTestCoverageCollectGCOV ${CMAKE_CTEST_COMMAND}
++# -C \${CTEST_CONFIGURATION_TYPE}
++# -S "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -VV
++# --output-log "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/testOut.log"
++# )
++# set_tests_properties(CTestCoverageCollectGCOV PROPERTIES
++# PASS_REGULAR_EXPRESSION
++# "PASSED with correct output.*Testing/CoverageInfo/main.cpp.gcov")
++# set_property(TEST CTestCoverageCollectGCOV PROPERTY ENVIRONMENT CTEST_PARALLEL_LEVEL=)
+
+ configure_file(
+ "${CMake_SOURCE_DIR}/Tests/CTestTestEmptyBinaryDirectory/test.cmake.in"
+@@ -2860,17 +2864,18 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
+ set_tests_properties(CTestTestStopTime PROPERTIES
+ PASS_REGULAR_EXPRESSION "The stop time has been passed")
+
+- configure_file(
+- "${CMake_SOURCE_DIR}/Tests/CTestTestSubdir/test.cmake.in"
+- "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake"
+- @ONLY ESCAPE_QUOTES)
+- add_test(CTestTestSubdir ${CMAKE_CTEST_COMMAND}
+- -S "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -V
+- --output-log "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/testOutput.log"
+- )
+- #make sure all 3 subdirs were added
+- set_tests_properties(CTestTestSubdir PROPERTIES
+- PASS_REGULAR_EXPRESSION "0 tests failed out of 3")
++# This test fails to build 2 of the 3 tests
++# configure_file(
++# "${CMake_SOURCE_DIR}/Tests/CTestTestSubdir/test.cmake.in"
++# "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake"
++# @ONLY ESCAPE_QUOTES)
++# add_test(CTestTestSubdir ${CMAKE_CTEST_COMMAND}
++# -S "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -V
++# --output-log "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/testOutput.log"
++# )
++# #make sure all 3 subdirs were added
++# set_tests_properties(CTestTestSubdir PROPERTIES
++# PASS_REGULAR_EXPRESSION "0 tests failed out of 3")
configure_file(
- "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in"
+ "${CMake_SOURCE_DIR}/Tests/CTestTestTimeout/test.cmake.in"
+--
+2.9.3
+
diff --git a/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch b/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch
deleted file mode 100644
index edc43f84f1..0000000000
--- a/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch
+++ /dev/null
@@ -1,142 +0,0 @@
-Fix CVE-2012-6702 and CVE-2016-5300.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300
-
-Patch copied from:
-https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u3/debian/patches/cve-2012-6702-plus-cve-2016-5300-v1.patch/
-
-From cb31522769d11a375078a073cba94e7176cb48a4 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Wed, 16 Mar 2016 15:30:12 +0100
-Subject: [PATCH] Resolve call to srand, use more entropy (patch version 1.0)
-
-Squashed backport against vanilla Expat 2.1.1, addressing:
-* CVE-2012-6702 -- unanticipated internal calls to srand
-* CVE-2016-5300 -- use of too little entropy
-
-Since commit e3e81a6d9f0885ea02d3979151c358f314bf3d6d
-(released with Expat 2.1.0) Expat called srand by itself
-from inside generate_hash_secret_salt for an instance
-of XML_Parser if XML_SetHashSalt was either (a) not called
-for that instance or if (b) salt 0 was passed to XML_SetHashSalt
-prior to parsing. That call to srand passed (rather litle)
-entropy extracted from the current time as a seed for srand.
-
-That call to srand (1) broke repeatability for code calling
-srand with a non-random seed prior to parsing with Expat,
-and (2) resulted in a rather small set of hashing salts in
-Expat in total.
-
-For a short- to mid-term fix, the new approach avoids calling
-srand altogether, extracts more entropy out of the clock and
-other sources, too.
-
-For a long term fix, we may want to read sizeof(long) bytes
-from a source like getrandom(..) on Linux, and from similar
-sources on other supported architectures.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1197087
----
- CMakeLists.txt | 3 +++
- lib/xmlparse.c | 48 +++++++++++++++++++++++++++++++++++++++++-------
- 2 files changed, 44 insertions(+), 7 deletions(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 353627e..524d514 100755
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -41,6 +41,9 @@ include_directories(${CMAKE_BINARY_DIR} ${CMAKE_SOURCE_DIR}/lib)
- if(MSVC)
- add_definitions(-D_CRT_SECURE_NO_WARNINGS -wd4996)
- endif(MSVC)
-+if(WIN32)
-+ add_definitions(-DCOMPILED_FROM_DSP)
-+endif(WIN32)
-
- set(expat_SRCS
- lib/xmlparse.c
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index e308c79..c5f942f 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -6,7 +6,14 @@
- #include <string.h> /* memset(), memcpy() */
- #include <assert.h>
- #include <limits.h> /* UINT_MAX */
--#include <time.h> /* time() */
-+
-+#ifdef COMPILED_FROM_DSP
-+#define getpid GetCurrentProcessId
-+#else
-+#include <sys/time.h> /* gettimeofday() */
-+#include <sys/types.h> /* getpid() */
-+#include <unistd.h> /* getpid() */
-+#endif
-
- #define XML_BUILDING_EXPAT 1
-
-@@ -432,7 +439,7 @@ static ELEMENT_TYPE *
- getElementType(XML_Parser parser, const ENCODING *enc,
- const char *ptr, const char *end);
-
--static unsigned long generate_hash_secret_salt(void);
-+static unsigned long generate_hash_secret_salt(XML_Parser parser);
- static XML_Bool startParsing(XML_Parser parser);
-
- static XML_Parser
-@@ -691,11 +698,38 @@ static const XML_Char implicitContext[] = {
- };
-
- static unsigned long
--generate_hash_secret_salt(void)
-+gather_time_entropy(void)
- {
-- unsigned int seed = time(NULL) % UINT_MAX;
-- srand(seed);
-- return rand();
-+#ifdef COMPILED_FROM_DSP
-+ FILETIME ft;
-+ GetSystemTimeAsFileTime(&ft); /* never fails */
-+ return ft.dwHighDateTime ^ ft.dwLowDateTime;
-+#else
-+ struct timeval tv;
-+ int gettimeofday_res;
-+
-+ gettimeofday_res = gettimeofday(&tv, NULL);
-+ assert (gettimeofday_res == 0);
-+
-+ /* Microseconds time is <20 bits entropy */
-+ return tv.tv_usec;
-+#endif
-+}
-+
-+static unsigned long
-+generate_hash_secret_salt(XML_Parser parser)
-+{
-+ /* Process ID is 0 bits entropy if attacker has local access
-+ * XML_Parser address is few bits of entropy if attacker has local access */
-+ const unsigned long entropy =
-+ gather_time_entropy() ^ getpid() ^ (unsigned long)parser;
-+
-+ /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */
-+ if (sizeof(unsigned long) == 4) {
-+ return entropy * 2147483647;
-+ } else {
-+ return entropy * 2305843009213693951;
-+ }
- }
-
- static XML_Bool /* only valid for root parser */
-@@ -703,7 +737,7 @@ startParsing(XML_Parser parser)
- {
- /* hash functions must be initialized before setContext() is called */
- if (hash_secret_salt == 0)
-- hash_secret_salt = generate_hash_secret_salt();
-+ hash_secret_salt = generate_hash_secret_salt(parser);
- if (ns) {
- /* implicit context only set for root parser, since child
- parsers (i.e. external entity parsers) will inherit it
---
-2.8.2
-
diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
deleted file mode 100644
index fc8d6291f5..0000000000
--- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Follow-up upstream fix for CVE-2015-1283 to not rely on undefined
-behavior.
-
-Adapted from a patch from Debian (found in Debian package version
-2.1.0-6+deb8u2) to apply to upstream code:
-
-https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/
-
----
- lib/xmlparse.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 0f6f4cd..5c70c17 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len)
- }
-
- if (len > bufferLim - bufferEnd) {
-- int neededSize = len + (int)(bufferEnd - bufferPtr);
-+ /* Do not invoke signed arithmetic overflow: */
-+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
- if (neededSize < 0) {
- errorCode = XML_ERROR_NO_MEMORY;
- return NULL;
-@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len)
- if (bufferSize == 0)
- bufferSize = INIT_BUFFER_SIZE;
- do {
-- bufferSize *= 2;
-+ /* Do not invoke signed arithmetic overflow: */
-+ bufferSize = (int) (2U * (unsigned) bufferSize);
- } while (bufferSize < neededSize && bufferSize > 0);
- if (bufferSize <= 0) {
- errorCode = XML_ERROR_NO_MEMORY;
---
-2.8.3
-
diff --git a/gnu/packages/patches/expat-CVE-2016-0718.patch b/gnu/packages/patches/expat-CVE-2016-0718.patch
deleted file mode 100644
index 22436c20cc..0000000000
--- a/gnu/packages/patches/expat-CVE-2016-0718.patch
+++ /dev/null
@@ -1,761 +0,0 @@
-Fix CVE-2016-0718.
-
-Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2.
-
-https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2016-0718-v2-2-1.patch/
-
-From cdfcb1b5c95e93b00ae9e9d25708b4a3bee72c15 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Mon, 2 May 2016 00:02:44 +0200
-Subject: [PATCH] Address CVE-2016-0718 (/patch/ version 2.2.1)
-
-* Out of bounds memory access when doing text conversion on malformed input
-* Integer overflow related to memory allocation
-
-Reported by Gustavo Grieco
-
-Patch credits go to
-* Christian Heimes
-* Karl Waclawek
-* Gustavo Grieco
-* Sebastian Pipping
-* Pascal Cuoq
----
- expat/lib/xmlparse.c | 34 +++++++++-----
- expat/lib/xmltok.c | 115 +++++++++++++++++++++++++++++++++++-------------
- expat/lib/xmltok.h | 10 ++++-
- expat/lib/xmltok_impl.c | 62 +++++++++++++-------------
- 4 files changed, 146 insertions(+), 75 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index e308c79..13e080d 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -2436,11 +2436,11 @@ doContent(XML_Parser parser,
- for (;;) {
- int bufSize;
- int convLen;
-- XmlConvert(enc,
-+ const enum XML_Convert_Result convert_res = XmlConvert(enc,
- &fromPtr, rawNameEnd,
- (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
- convLen = (int)(toPtr - (XML_Char *)tag->buf);
-- if (fromPtr == rawNameEnd) {
-+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
- tag->name.strLen = convLen;
- break;
- }
-@@ -2661,11 +2661,11 @@ doContent(XML_Parser parser,
- if (MUST_CONVERT(enc, s)) {
- for (;;) {
- ICHAR *dataPtr = (ICHAR *)dataBuf;
-- XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
- *eventEndPP = s;
- charDataHandler(handlerArg, dataBuf,
- (int)(dataPtr - (ICHAR *)dataBuf));
-- if (s == next)
-+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
- break;
- *eventPP = s;
- }
-@@ -3269,11 +3269,11 @@ doCdataSection(XML_Parser parser,
- if (MUST_CONVERT(enc, s)) {
- for (;;) {
- ICHAR *dataPtr = (ICHAR *)dataBuf;
-- XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
- *eventEndPP = next;
- charDataHandler(handlerArg, dataBuf,
- (int)(dataPtr - (ICHAR *)dataBuf));
-- if (s == next)
-+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
- break;
- *eventPP = s;
- }
-@@ -5350,6 +5350,7 @@ reportDefault(XML_Parser parser, const ENCODING *enc,
- const char *s, const char *end)
- {
- if (MUST_CONVERT(enc, s)) {
-+ enum XML_Convert_Result convert_res;
- const char **eventPP;
- const char **eventEndPP;
- if (enc == encoding) {
-@@ -5362,11 +5363,11 @@ reportDefault(XML_Parser parser, const ENCODING *enc,
- }
- do {
- ICHAR *dataPtr = (ICHAR *)dataBuf;
-- XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
-+ convert_res = XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
- *eventEndPP = s;
- defaultHandler(handlerArg, dataBuf, (int)(dataPtr - (ICHAR *)dataBuf));
- *eventPP = s;
-- } while (s != end);
-+ } while ((convert_res != XML_CONVERT_COMPLETED) && (convert_res != XML_CONVERT_INPUT_INCOMPLETE));
- }
- else
- defaultHandler(handlerArg, (XML_Char *)s, (int)((XML_Char *)end - (XML_Char *)s));
-@@ -6169,8 +6170,8 @@ poolAppend(STRING_POOL *pool, const ENCODING *enc,
- if (!pool->ptr && !poolGrow(pool))
- return NULL;
- for (;;) {
-- XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end);
-- if (ptr == end)
-+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end);
-+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
- break;
- if (!poolGrow(pool))
- return NULL;
-@@ -6254,8 +6255,13 @@ poolGrow(STRING_POOL *pool)
- }
- }
- if (pool->blocks && pool->start == pool->blocks->s) {
-- int blockSize = (int)(pool->end - pool->start)*2;
-- BLOCK *temp = (BLOCK *)
-+ BLOCK *temp;
-+ int blockSize = (int)((unsigned)(pool->end - pool->start)*2U);
-+
-+ if (blockSize < 0)
-+ return XML_FALSE;
-+
-+ temp = (BLOCK *)
- pool->mem->realloc_fcn(pool->blocks,
- (offsetof(BLOCK, s)
- + blockSize * sizeof(XML_Char)));
-@@ -6270,6 +6276,10 @@ poolGrow(STRING_POOL *pool)
- else {
- BLOCK *tem;
- int blockSize = (int)(pool->end - pool->start);
-+
-+ if (blockSize < 0)
-+ return XML_FALSE;
-+
- if (blockSize < INIT_BLOCK_SIZE)
- blockSize = INIT_BLOCK_SIZE;
- else
-diff --git a/lib/xmltok.c b/lib/xmltok.c
-index bf09dfc..cb98ce1 100644
---- a/lib/xmltok.c
-+++ b/lib/xmltok.c
-@@ -318,39 +318,55 @@ enum { /* UTF8_cvalN is value of masked first byte of N byte sequence */
- UTF8_cval4 = 0xf0
- };
-
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- utf8_toUtf8(const ENCODING *enc,
- const char **fromP, const char *fromLim,
- char **toP, const char *toLim)
- {
-+ enum XML_Convert_Result res = XML_CONVERT_COMPLETED;
- char *to;
- const char *from;
- if (fromLim - *fromP > toLim - *toP) {
- /* Avoid copying partial characters. */
-+ res = XML_CONVERT_OUTPUT_EXHAUSTED;
- for (fromLim = *fromP + (toLim - *toP); fromLim > *fromP; fromLim--)
- if (((unsigned char)fromLim[-1] & 0xc0) != 0x80)
- break;
- }
-- for (to = *toP, from = *fromP; from != fromLim; from++, to++)
-+ for (to = *toP, from = *fromP; (from < fromLim) && (to < toLim); from++, to++)
- *to = *from;
- *fromP = from;
- *toP = to;
-+
-+ if ((to == toLim) && (from < fromLim))
-+ return XML_CONVERT_OUTPUT_EXHAUSTED;
-+ else
-+ return res;
- }
-
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- utf8_toUtf16(const ENCODING *enc,
- const char **fromP, const char *fromLim,
- unsigned short **toP, const unsigned short *toLim)
- {
-+ enum XML_Convert_Result res = XML_CONVERT_COMPLETED;
- unsigned short *to = *toP;
- const char *from = *fromP;
-- while (from != fromLim && to != toLim) {
-+ while (from < fromLim && to < toLim) {
- switch (((struct normal_encoding *)enc)->type[(unsigned char)*from]) {
- case BT_LEAD2:
-+ if (fromLim - from < 2) {
-+ res = XML_CONVERT_INPUT_INCOMPLETE;
-+ break;
-+ }
- *to++ = (unsigned short)(((from[0] & 0x1f) << 6) | (from[1] & 0x3f));
- from += 2;
- break;
- case BT_LEAD3:
-+ if (fromLim - from < 3) {
-+ res = XML_CONVERT_INPUT_INCOMPLETE;
-+ break;
-+ }
- *to++ = (unsigned short)(((from[0] & 0xf) << 12)
- | ((from[1] & 0x3f) << 6) | (from[2] & 0x3f));
- from += 3;
-@@ -358,8 +374,14 @@ utf8_toUtf16(const ENCODING *enc,
- case BT_LEAD4:
- {
- unsigned long n;
-- if (to + 1 == toLim)
-+ if (toLim - to < 2) {
-+ res = XML_CONVERT_OUTPUT_EXHAUSTED;
- goto after;
-+ }
-+ if (fromLim - from < 4) {
-+ res = XML_CONVERT_INPUT_INCOMPLETE;
-+ goto after;
-+ }
- n = ((from[0] & 0x7) << 18) | ((from[1] & 0x3f) << 12)
- | ((from[2] & 0x3f) << 6) | (from[3] & 0x3f);
- n -= 0x10000;
-@@ -377,6 +399,7 @@ utf8_toUtf16(const ENCODING *enc,
- after:
- *fromP = from;
- *toP = to;
-+ return res;
- }
-
- #ifdef XML_NS
-@@ -425,7 +448,7 @@ static const struct normal_encoding internal_utf8_encoding = {
- STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
- };
-
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- latin1_toUtf8(const ENCODING *enc,
- const char **fromP, const char *fromLim,
- char **toP, const char *toLim)
-@@ -433,30 +456,35 @@ latin1_toUtf8(const ENCODING *enc,
- for (;;) {
- unsigned char c;
- if (*fromP == fromLim)
-- break;
-+ return XML_CONVERT_COMPLETED;
- c = (unsigned char)**fromP;
- if (c & 0x80) {
- if (toLim - *toP < 2)
-- break;
-+ return XML_CONVERT_OUTPUT_EXHAUSTED;
- *(*toP)++ = (char)((c >> 6) | UTF8_cval2);
- *(*toP)++ = (char)((c & 0x3f) | 0x80);
- (*fromP)++;
- }
- else {
- if (*toP == toLim)
-- break;
-+ return XML_CONVERT_OUTPUT_EXHAUSTED;
- *(*toP)++ = *(*fromP)++;
- }
- }
- }
-
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- latin1_toUtf16(const ENCODING *enc,
- const char **fromP, const char *fromLim,
- unsigned short **toP, const unsigned short *toLim)
- {
-- while (*fromP != fromLim && *toP != toLim)
-+ while (*fromP < fromLim && *toP < toLim)
- *(*toP)++ = (unsigned char)*(*fromP)++;
-+
-+ if ((*toP == toLim) && (*fromP < fromLim))
-+ return XML_CONVERT_OUTPUT_EXHAUSTED;
-+ else
-+ return XML_CONVERT_COMPLETED;
- }
-
- #ifdef XML_NS
-@@ -483,13 +511,18 @@ static const struct normal_encoding latin1_encoding = {
- STANDARD_VTABLE(sb_)
- };
-
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- ascii_toUtf8(const ENCODING *enc,
- const char **fromP, const char *fromLim,
- char **toP, const char *toLim)
- {
-- while (*fromP != fromLim && *toP != toLim)
-+ while (*fromP < fromLim && *toP < toLim)
- *(*toP)++ = *(*fromP)++;
-+
-+ if ((*toP == toLim) && (*fromP < fromLim))
-+ return XML_CONVERT_OUTPUT_EXHAUSTED;
-+ else
-+ return XML_CONVERT_COMPLETED;
- }
-
- #ifdef XML_NS
-@@ -536,13 +569,14 @@ unicode_byte_type(char hi, char lo)
- }
-
- #define DEFINE_UTF16_TO_UTF8(E) \
--static void PTRCALL \
-+static enum XML_Convert_Result PTRCALL \
- E ## toUtf8(const ENCODING *enc, \
- const char **fromP, const char *fromLim, \
- char **toP, const char *toLim) \
- { \
-- const char *from; \
-- for (from = *fromP; from != fromLim; from += 2) { \
-+ const char *from = *fromP; \
-+ fromLim = from + (((fromLim - from) >> 1) << 1); /* shrink to even */ \
-+ for (; from < fromLim; from += 2) { \
- int plane; \
- unsigned char lo2; \
- unsigned char lo = GET_LO(from); \
-@@ -552,7 +586,7 @@ E ## toUtf8(const ENCODING *enc, \
- if (lo < 0x80) { \
- if (*toP == toLim) { \
- *fromP = from; \
-- return; \
-+ return XML_CONVERT_OUTPUT_EXHAUSTED; \
- } \
- *(*toP)++ = lo; \
- break; \
-@@ -562,7 +596,7 @@ E ## toUtf8(const ENCODING *enc, \
- case 0x4: case 0x5: case 0x6: case 0x7: \
- if (toLim - *toP < 2) { \
- *fromP = from; \
-- return; \
-+ return XML_CONVERT_OUTPUT_EXHAUSTED; \
- } \
- *(*toP)++ = ((lo >> 6) | (hi << 2) | UTF8_cval2); \
- *(*toP)++ = ((lo & 0x3f) | 0x80); \
-@@ -570,7 +604,7 @@ E ## toUtf8(const ENCODING *enc, \
- default: \
- if (toLim - *toP < 3) { \
- *fromP = from; \
-- return; \
-+ return XML_CONVERT_OUTPUT_EXHAUSTED; \
- } \
- /* 16 bits divided 4, 6, 6 amongst 3 bytes */ \
- *(*toP)++ = ((hi >> 4) | UTF8_cval3); \
-@@ -580,7 +614,11 @@ E ## toUtf8(const ENCODING *enc, \
- case 0xD8: case 0xD9: case 0xDA: case 0xDB: \
- if (toLim - *toP < 4) { \
- *fromP = from; \
-- return; \
-+ return XML_CONVERT_OUTPUT_EXHAUSTED; \
-+ } \
-+ if (fromLim - from < 4) { \
-+ *fromP = from; \
-+ return XML_CONVERT_INPUT_INCOMPLETE; \
- } \
- plane = (((hi & 0x3) << 2) | ((lo >> 6) & 0x3)) + 1; \
- *(*toP)++ = ((plane >> 2) | UTF8_cval4); \
-@@ -596,20 +634,32 @@ E ## toUtf8(const ENCODING *enc, \
- } \
- } \
- *fromP = from; \
-+ if (from < fromLim) \
-+ return XML_CONVERT_INPUT_INCOMPLETE; \
-+ else \
-+ return XML_CONVERT_COMPLETED; \
- }
-
- #define DEFINE_UTF16_TO_UTF16(E) \
--static void PTRCALL \
-+static enum XML_Convert_Result PTRCALL \
- E ## toUtf16(const ENCODING *enc, \
- const char **fromP, const char *fromLim, \
- unsigned short **toP, const unsigned short *toLim) \
- { \
-+ enum XML_Convert_Result res = XML_CONVERT_COMPLETED; \
-+ fromLim = *fromP + (((fromLim - *fromP) >> 1) << 1); /* shrink to even */ \
- /* Avoid copying first half only of surrogate */ \
- if (fromLim - *fromP > ((toLim - *toP) << 1) \
-- && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) \
-+ && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) { \
- fromLim -= 2; \
-- for (; *fromP != fromLim && *toP != toLim; *fromP += 2) \
-+ res = XML_CONVERT_INPUT_INCOMPLETE; \
-+ } \
-+ for (; *fromP < fromLim && *toP < toLim; *fromP += 2) \
- *(*toP)++ = (GET_HI(*fromP) << 8) | GET_LO(*fromP); \
-+ if ((*toP == toLim) && (*fromP < fromLim)) \
-+ return XML_CONVERT_OUTPUT_EXHAUSTED; \
-+ else \
-+ return res; \
- }
-
- #define SET2(ptr, ch) \
-@@ -1288,7 +1338,7 @@ unknown_isInvalid(const ENCODING *enc, const char *p)
- return (c & ~0xFFFF) || checkCharRefNumber(c) < 0;
- }
-
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- unknown_toUtf8(const ENCODING *enc,
- const char **fromP, const char *fromLim,
- char **toP, const char *toLim)
-@@ -1299,21 +1349,21 @@ unknown_toUtf8(const ENCODING *enc,
- const char *utf8;
- int n;
- if (*fromP == fromLim)
-- break;
-+ return XML_CONVERT_COMPLETED;
- utf8 = uenc->utf8[(unsigned char)**fromP];
- n = *utf8++;
- if (n == 0) {
- int c = uenc->convert(uenc->userData, *fromP);
- n = XmlUtf8Encode(c, buf);
- if (n > toLim - *toP)
-- break;
-+ return XML_CONVERT_OUTPUT_EXHAUSTED;
- utf8 = buf;
- *fromP += (AS_NORMAL_ENCODING(enc)->type[(unsigned char)**fromP]
- - (BT_LEAD2 - 2));
- }
- else {
- if (n > toLim - *toP)
-- break;
-+ return XML_CONVERT_OUTPUT_EXHAUSTED;
- (*fromP)++;
- }
- do {
-@@ -1322,13 +1372,13 @@ unknown_toUtf8(const ENCODING *enc,
- }
- }
-
--static void PTRCALL
-+static enum XML_Convert_Result PTRCALL
- unknown_toUtf16(const ENCODING *enc,
- const char **fromP, const char *fromLim,
- unsigned short **toP, const unsigned short *toLim)
- {
- const struct unknown_encoding *uenc = AS_UNKNOWN_ENCODING(enc);
-- while (*fromP != fromLim && *toP != toLim) {
-+ while (*fromP < fromLim && *toP < toLim) {
- unsigned short c = uenc->utf16[(unsigned char)**fromP];
- if (c == 0) {
- c = (unsigned short)
-@@ -1340,6 +1390,11 @@ unknown_toUtf16(const ENCODING *enc,
- (*fromP)++;
- *(*toP)++ = c;
- }
-+
-+ if ((*toP == toLim) && (*fromP < fromLim))
-+ return XML_CONVERT_OUTPUT_EXHAUSTED;
-+ else
-+ return XML_CONVERT_COMPLETED;
- }
-
- ENCODING *
-@@ -1503,7 +1558,7 @@ initScan(const ENCODING * const *encodingTable,
- {
- const ENCODING **encPtr;
-
-- if (ptr == end)
-+ if (ptr >= end)
- return XML_TOK_NONE;
- encPtr = enc->encPtr;
- if (ptr + 1 == end) {
-diff --git a/lib/xmltok.h b/lib/xmltok.h
-index ca867aa..752007e 100644
---- a/lib/xmltok.h
-+++ b/lib/xmltok.h
-@@ -130,6 +130,12 @@ typedef int (PTRCALL *SCANNER)(const ENCODING *,
- const char *,
- const char **);
-
-+enum XML_Convert_Result {
-+ XML_CONVERT_COMPLETED = 0,
-+ XML_CONVERT_INPUT_INCOMPLETE = 1,
-+ XML_CONVERT_OUTPUT_EXHAUSTED = 2 /* and therefore potentially input remaining as well */
-+};
-+
- struct encoding {
- SCANNER scanners[XML_N_STATES];
- SCANNER literalScanners[XML_N_LITERAL_TYPES];
-@@ -158,12 +164,12 @@ struct encoding {
- const char *ptr,
- const char *end,
- const char **badPtr);
-- void (PTRCALL *utf8Convert)(const ENCODING *enc,
-+ enum XML_Convert_Result (PTRCALL *utf8Convert)(const ENCODING *enc,
- const char **fromP,
- const char *fromLim,
- char **toP,
- const char *toLim);
-- void (PTRCALL *utf16Convert)(const ENCODING *enc,
-+ enum XML_Convert_Result (PTRCALL *utf16Convert)(const ENCODING *enc,
- const char **fromP,
- const char *fromLim,
- unsigned short **toP,
-diff --git a/lib/xmltok_impl.c b/lib/xmltok_impl.c
-index 9c2895b..6c5a3ba 100644
---- a/lib/xmltok_impl.c
-+++ b/lib/xmltok_impl.c
-@@ -93,13 +93,13 @@ static int PTRCALL
- PREFIX(scanComment)(const ENCODING *enc, const char *ptr,
- const char *end, const char **nextTokPtr)
- {
-- if (ptr != end) {
-+ if (ptr < end) {
- if (!CHAR_MATCHES(enc, ptr, ASCII_MINUS)) {
- *nextTokPtr = ptr;
- return XML_TOK_INVALID;
- }
- ptr += MINBPC(enc);
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- INVALID_CASES(ptr, nextTokPtr)
- case BT_MINUS:
-@@ -147,7 +147,7 @@ PREFIX(scanDecl)(const ENCODING *enc, const char *ptr,
- *nextTokPtr = ptr;
- return XML_TOK_INVALID;
- }
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- case BT_PERCNT:
- if (ptr + MINBPC(enc) == end)
-@@ -233,7 +233,7 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr,
- *nextTokPtr = ptr;
- return XML_TOK_INVALID;
- }
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
- case BT_S: case BT_CR: case BT_LF:
-@@ -242,7 +242,7 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr,
- return XML_TOK_INVALID;
- }
- ptr += MINBPC(enc);
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- INVALID_CASES(ptr, nextTokPtr)
- case BT_QUEST:
-@@ -305,7 +305,7 @@ static int PTRCALL
- PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr,
- const char *end, const char **nextTokPtr)
- {
-- if (ptr == end)
-+ if (ptr >= end)
- return XML_TOK_NONE;
- if (MINBPC(enc) > 1) {
- size_t n = end - ptr;
-@@ -348,7 +348,7 @@ PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr,
- ptr += MINBPC(enc);
- break;
- }
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- #define LEAD_CASE(n) \
- case BT_LEAD ## n: \
-@@ -391,11 +391,11 @@ PREFIX(scanEndTag)(const ENCODING *enc, const char *ptr,
- *nextTokPtr = ptr;
- return XML_TOK_INVALID;
- }
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
- case BT_S: case BT_CR: case BT_LF:
-- for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
-+ for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) {
- switch (BYTE_TYPE(enc, ptr)) {
- case BT_S: case BT_CR: case BT_LF:
- break;
-@@ -432,7 +432,7 @@ static int PTRCALL
- PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr,
- const char *end, const char **nextTokPtr)
- {
-- if (ptr != end) {
-+ if (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- case BT_DIGIT:
- case BT_HEX:
-@@ -441,7 +441,7 @@ PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr,
- *nextTokPtr = ptr;
- return XML_TOK_INVALID;
- }
-- for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
-+ for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) {
- switch (BYTE_TYPE(enc, ptr)) {
- case BT_DIGIT:
- case BT_HEX:
-@@ -464,7 +464,7 @@ static int PTRCALL
- PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr,
- const char *end, const char **nextTokPtr)
- {
-- if (ptr != end) {
-+ if (ptr < end) {
- if (CHAR_MATCHES(enc, ptr, ASCII_x))
- return PREFIX(scanHexCharRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);
- switch (BYTE_TYPE(enc, ptr)) {
-@@ -474,7 +474,7 @@ PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr,
- *nextTokPtr = ptr;
- return XML_TOK_INVALID;
- }
-- for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
-+ for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) {
- switch (BYTE_TYPE(enc, ptr)) {
- case BT_DIGIT:
- break;
-@@ -506,7 +506,7 @@ PREFIX(scanRef)(const ENCODING *enc, const char *ptr, const char *end,
- *nextTokPtr = ptr;
- return XML_TOK_INVALID;
- }
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
- case BT_SEMI:
-@@ -529,7 +529,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,
- #ifdef XML_NS
- int hadColon = 0;
- #endif
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
- #ifdef XML_NS
-@@ -716,7 +716,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,
- hadColon = 0;
- #endif
- /* we have a start-tag */
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
- #ifdef XML_NS
-@@ -740,7 +740,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,
- case BT_S: case BT_CR: case BT_LF:
- {
- ptr += MINBPC(enc);
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
- case BT_GT:
-@@ -785,7 +785,7 @@ static int PTRCALL
- PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,
- const char **nextTokPtr)
- {
-- if (ptr == end)
-+ if (ptr >= end)
- return XML_TOK_NONE;
- if (MINBPC(enc) > 1) {
- size_t n = end - ptr;
-@@ -832,7 +832,7 @@ PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,
- ptr += MINBPC(enc);
- break;
- }
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- #define LEAD_CASE(n) \
- case BT_LEAD ## n: \
-@@ -895,7 +895,7 @@ PREFIX(scanPercent)(const ENCODING *enc, const char *ptr, const char *end,
- *nextTokPtr = ptr;
- return XML_TOK_INVALID;
- }
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
- case BT_SEMI:
-@@ -921,7 +921,7 @@ PREFIX(scanPoundName)(const ENCODING *enc, const char *ptr, const char *end,
- *nextTokPtr = ptr;
- return XML_TOK_INVALID;
- }
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
- case BT_CR: case BT_LF: case BT_S:
-@@ -941,7 +941,7 @@ PREFIX(scanLit)(int open, const ENCODING *enc,
- const char *ptr, const char *end,
- const char **nextTokPtr)
- {
-- while (ptr != end) {
-+ while (ptr < end) {
- int t = BYTE_TYPE(enc, ptr);
- switch (t) {
- INVALID_CASES(ptr, nextTokPtr)
-@@ -973,7 +973,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
- const char **nextTokPtr)
- {
- int tok;
-- if (ptr == end)
-+ if (ptr >= end)
- return XML_TOK_NONE;
- if (MINBPC(enc) > 1) {
- size_t n = end - ptr;
-@@ -1141,7 +1141,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
- *nextTokPtr = ptr;
- return XML_TOK_INVALID;
- }
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
- case BT_GT: case BT_RPAR: case BT_COMMA:
-@@ -1204,10 +1204,10 @@ PREFIX(attributeValueTok)(const ENCODING *enc, const char *ptr,
- const char *end, const char **nextTokPtr)
- {
- const char *start;
-- if (ptr == end)
-+ if (ptr >= end)
- return XML_TOK_NONE;
- start = ptr;
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- #define LEAD_CASE(n) \
- case BT_LEAD ## n: ptr += n; break;
-@@ -1262,10 +1262,10 @@ PREFIX(entityValueTok)(const ENCODING *enc, const char *ptr,
- const char *end, const char **nextTokPtr)
- {
- const char *start;
-- if (ptr == end)
-+ if (ptr >= end)
- return XML_TOK_NONE;
- start = ptr;
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- #define LEAD_CASE(n) \
- case BT_LEAD ## n: ptr += n; break;
-@@ -1326,7 +1326,7 @@ PREFIX(ignoreSectionTok)(const ENCODING *enc, const char *ptr,
- end = ptr + n;
- }
- }
-- while (ptr != end) {
-+ while (ptr < end) {
- switch (BYTE_TYPE(enc, ptr)) {
- INVALID_CASES(ptr, nextTokPtr)
- case BT_LT:
-@@ -1373,7 +1373,7 @@ PREFIX(isPublicId)(const ENCODING *enc, const char *ptr, const char *end,
- {
- ptr += MINBPC(enc);
- end -= MINBPC(enc);
-- for (; ptr != end; ptr += MINBPC(enc)) {
-+ for (; ptr < end; ptr += MINBPC(enc)) {
- switch (BYTE_TYPE(enc, ptr)) {
- case BT_DIGIT:
- case BT_HEX:
-@@ -1760,7 +1760,7 @@ PREFIX(updatePosition)(const ENCODING *enc,
- case BT_CR:
- pos->lineNumber++;
- ptr += MINBPC(enc);
-- if (ptr != end && BYTE_TYPE(enc, ptr) == BT_LF)
-+ if (ptr < end && BYTE_TYPE(enc, ptr) == BT_LF)
- ptr += MINBPC(enc);
- pos->columnNumber = (XML_Size)-1;
- break;
---
-2.8.2
-
diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch
new file mode 100644
index 0000000000..1f3cb028d4
--- /dev/null
+++ b/gnu/packages/patches/flex-CVE-2016-6354.patch
@@ -0,0 +1,30 @@
+Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
+https://security-tracker.debian.org/tracker/CVE-2016-6354
+
+Patch copied from upstream source repository:
+https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
+
+From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
+From: Will Estes <westes575@gmail.com>
+Date: Sat, 27 Feb 2016 11:56:05 -0500
+Subject: [PATCH] Fixed incorrect integer type
+
+---
+ src/flex.skl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/flex.skl b/src/flex.skl
+index 36a526a..64f853d 100644
+--- a/src/flex.skl
++++ b/src/flex.skl
+@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
+
+ else
+ {
+- yy_size_t num_to_read =
++ int num_to_read =
+ YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+
+ while ( num_to_read <= 0 )
diff --git a/gnu/packages/patches/fontconfig-CVE-2016-5384.patch b/gnu/packages/patches/fontconfig-CVE-2016-5384.patch
deleted file mode 100644
index 617d5afbaf..0000000000
--- a/gnu/packages/patches/fontconfig-CVE-2016-5384.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-Fix CVE-2016-5384 (double-free resulting in arbitrary code execution):
-
-<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5384>
-
-Copied from upstream code repository:
-
-<https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940>
-
-From 7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sat, 25 Jun 2016 19:18:53 +0200
-Subject: Properly validate offsets in cache files.
-
-The cache files are insufficiently validated. Even though the magic
-number at the beginning of the file as well as time stamps are checked,
-it is not verified if contained offsets are in legal ranges or are
-even pointers.
-
-The lack of validation allows an attacker to trigger arbitrary free()
-calls, which in turn allows double free attacks and therefore arbitrary
-code execution. Due to the conversion from offsets into pointers through
-macros, this even allows to circumvent ASLR protections.
-
-This attack vector allows privilege escalation when used with setuid
-binaries like fbterm. A user can create ~/.fonts or any other
-system-defined user-private font directory, run fc-cache and adjust
-cache files in ~/.cache/fontconfig. The execution of setuid binaries will
-scan these files and therefore are prone to attacks.
-
-If it's not about code execution, an endless loop can be created by
-letting linked lists become circular linked lists.
-
-This patch verifies that:
-
-- The file is not larger than the maximum addressable space, which
- basically only affects 32 bit systems. This allows out of boundary
- access into unallocated memory.
-- Offsets are always positive or zero
-- Offsets do not point outside file boundaries
-- No pointers are allowed in cache files, every "pointer or offset"
- field must be an offset or NULL
-- Iterating linked lists must not take longer than the amount of elements
- specified. A violation of this rule can break a possible endless loop.
-
-If one or more of these points are violated, the cache is recreated.
-This is current behaviour.
-
-Even though this patch fixes many issues, the use of mmap() shall be
-forbidden in setuid binaries. It is impossible to guarantee with these
-checks that a malicious user does not change cache files after
-verification. This should be handled in a different patch.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-
-diff --git a/src/fccache.c b/src/fccache.c
-index 71e8f03..02ec301 100644
---- a/src/fccache.c
-+++ b/src/fccache.c
-@@ -27,6 +27,7 @@
- #include <fcntl.h>
- #include <dirent.h>
- #include <string.h>
-+#include <limits.h>
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <assert.h>
-@@ -587,6 +588,82 @@ FcCacheTimeValid (FcConfig *config, FcCache *cache, struct stat *dir_stat)
- return cache->checksum == (int) dir_stat->st_mtime && fnano;
- }
-
-+static FcBool
-+FcCacheOffsetsValid (FcCache *cache)
-+{
-+ char *base = (char *)cache;
-+ char *end = base + cache->size;
-+ intptr_t *dirs;
-+ FcFontSet *fs;
-+ int i, j;
-+
-+ if (cache->dir < 0 || cache->dir > cache->size - sizeof (intptr_t) ||
-+ memchr (base + cache->dir, '\0', cache->size - cache->dir) == NULL)
-+ return FcFalse;
-+
-+ if (cache->dirs < 0 || cache->dirs >= cache->size ||
-+ cache->dirs_count < 0 ||
-+ cache->dirs_count > (cache->size - cache->dirs) / sizeof (intptr_t))
-+ return FcFalse;
-+
-+ dirs = FcCacheDirs (cache);
-+ if (dirs)
-+ {
-+ for (i = 0; i < cache->dirs_count; i++)
-+ {
-+ FcChar8 *dir;
-+
-+ if (dirs[i] < 0 ||
-+ dirs[i] > end - (char *) dirs - sizeof (intptr_t))
-+ return FcFalse;
-+
-+ dir = FcOffsetToPtr (dirs, dirs[i], FcChar8);
-+ if (memchr (dir, '\0', end - (char *) dir) == NULL)
-+ return FcFalse;
-+ }
-+ }
-+
-+ if (cache->set < 0 || cache->set > cache->size - sizeof (FcFontSet))
-+ return FcFalse;
-+
-+ fs = FcCacheSet (cache);
-+ if (fs)
-+ {
-+ if (fs->nfont > (end - (char *) fs) / sizeof (FcPattern))
-+ return FcFalse;
-+
-+ if (fs->fonts != 0 && !FcIsEncodedOffset(fs->fonts))
-+ return FcFalse;
-+
-+ for (i = 0; i < fs->nfont; i++)
-+ {
-+ FcPattern *font = FcFontSetFont (fs, i);
-+ FcPatternElt *e;
-+ FcValueListPtr l;
-+
-+ if ((char *) font < base ||
-+ (char *) font > end - sizeof (FcFontSet) ||
-+ font->elts_offset < 0 ||
-+ font->elts_offset > end - (char *) font ||
-+ font->num > (end - (char *) font - font->elts_offset) / sizeof (FcPatternElt))
-+ return FcFalse;
-+
-+
-+ e = FcPatternElts(font);
-+ if (e->values != 0 && !FcIsEncodedOffset(e->values))
-+ return FcFalse;
-+
-+ for (j = font->num, l = FcPatternEltValues(e); j >= 0 && l; j--, l = FcValueListNext(l))
-+ if (l->next != NULL && !FcIsEncodedOffset(l->next))
-+ break;
-+ if (j < 0)
-+ return FcFalse;
-+ }
-+ }
-+
-+ return FcTrue;
-+}
-+
- /*
- * Map a cache file into memory
- */
-@@ -596,7 +673,8 @@ FcDirCacheMapFd (FcConfig *config, int fd, struct stat *fd_stat, struct stat *di
- FcCache *cache;
- FcBool allocated = FcFalse;
-
-- if (fd_stat->st_size < (int) sizeof (FcCache))
-+ if (fd_stat->st_size > INTPTR_MAX ||
-+ fd_stat->st_size < (int) sizeof (FcCache))
- return NULL;
- cache = FcCacheFindByStat (fd_stat);
- if (cache)
-@@ -652,6 +730,7 @@ FcDirCacheMapFd (FcConfig *config, int fd, struct stat *fd_stat, struct stat *di
- if (cache->magic != FC_CACHE_MAGIC_MMAP ||
- cache->version < FC_CACHE_VERSION_NUMBER ||
- cache->size != (intptr_t) fd_stat->st_size ||
-+ !FcCacheOffsetsValid (cache) ||
- !FcCacheTimeValid (config, cache, dir_stat) ||
- !FcCacheInsert (cache, fd_stat))
- {
---
-cgit v0.10.2
-
diff --git a/gnu/packages/patches/gawk-fts-test.patch b/gnu/packages/patches/gawk-fts-test.patch
deleted file mode 100644
index de1f5c431c..0000000000
--- a/gnu/packages/patches/gawk-fts-test.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-This is upstream commit c9a018c. We have observed random failures of
-this test on i686 that seem related to load.
-
-2015-05-21 Arnold D. Robbins <arnold@skeeve.com>
-
- * fts.awk: Really remove atime from the output.
- This avoids spurious failures on heavily loaded systems.
-
-diff --git a/test/fts.awk b/test/fts.awk
-index b1df060..dea5b68 100644
---- a/test/fts.awk
-+++ b/test/fts.awk
-@@ -50,6 +50,11 @@ function sort_traverse(data, sorted, i)
- {
- asorti(data, sorted)
- for (i = 1; i in sorted; i++) {
-+ # 5/2015: skip for atime, since there can
-+ # occasionally be small differences.
-+ if (sorted[i] == "atime")
-+ continue
-+
- indent()
- printf("%s --> %s\n", sorted[i], data[sorted[i]]) > output
- }
-@@ -63,17 +68,20 @@ function traverse(data, i)
- printf("%s:\n", i) > output
-
- Level++
-- if (("mtime" in data[i]) && ! isarray(data[i][mtime])) {
-+ if (("mtime" in data[i]) && ! isarray(data[i]["mtime"])) {
- sort_traverse(data[i])
- } else {
- traverse(data[i])
- }
- Level--
-- } else if (data[i] != "atime") {
-- # 4/2015: skip for atime, since there can
-- # occasionally be small differences.
-- indent()
-- printf("%s --> %s\n", i, data[i]) > output
-+# } else {
-+# JUNK = 1
-+# if (i != "atime") {
-+# # 4/2015: skip for atime, since there can
-+# # occasionally be small differences.
-+# indent()
-+# printf("%s --> %s\n", i, data[i]) > output
-+# }
- }
- }
- }
diff --git a/gnu/packages/patches/gcc-arm-bug-71399.patch b/gnu/packages/patches/gcc-arm-bug-71399.patch
new file mode 100644
index 0000000000..6f04fece0e
--- /dev/null
+++ b/gnu/packages/patches/gcc-arm-bug-71399.patch
@@ -0,0 +1,55 @@
+Revert the following commit to work around a bootstrap comparison failure on
+ARMv7, as reported at <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71399>.
+
+commit f6ab85b7049a03962ea98924d00802da357a1ad3
+Author: renlin <renlin@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Wed Dec 2 14:06:31 2015 +0000
+
+ [PR67383][ARM][4.9]Backport of "Allow any register for DImode values in Thumb2"
+
+ This partially fix PR67383. It allows the reload more flexibility to choose
+ spilling pseudo registers.
+
+
+ gcc/ChangeLog:
+
+ 2015-12-02 Renlin Li <renlin.li@arm.com>
+
+ Backport from mainline.
+ 2014-04-22 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
+
+ * config/arm/arm.c (arm_hard_regno_mode_ok): Loosen
+ restrictions on core registers for DImode values in Thumb2.
+
+
+ git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-4_9-branch@231177 138bc75d-0d04-0410-961f-82ee72b054a4
+
+diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
+index 8ba6060..d9028a1 100644
+--- b/gcc/config/arm/arm.c
++++ a/gcc/config/arm/arm.c
+@@ -22624,19 +22624,12 @@
+ }
+
+ /* We allow almost any value to be stored in the general registers.
+- Restrict doubleword quantities to even register pairs in ARM state
+- so that we can use ldrd. Do not allow very large Neon structure
+- opaque modes in general registers; they would use too many. */
++ Restrict doubleword quantities to even register pairs so that we can
++ use ldrd. Do not allow very large Neon structure opaque modes in
++ general registers; they would use too many. */
+ if (regno <= LAST_ARM_REGNUM)
+- {
+- if (ARM_NUM_REGS (mode) > 4)
+- return FALSE;
+-
+- if (TARGET_THUMB2)
+- return TRUE;
+-
+- return !(TARGET_LDRD && GET_MODE_SIZE (mode) > 4 && (regno & 1) != 0);
+- }
++ return !(TARGET_LDRD && GET_MODE_SIZE (mode) > 4 && (regno & 1) != 0)
++ && ARM_NUM_REGS (mode) <= 4;
+
+ if (regno == FRAME_POINTER_REGNUM
+ || regno == ARG_POINTER_REGNUM)
diff --git a/gnu/packages/patches/gnupg-fix-expired-test.patch b/gnu/packages/patches/gnupg-fix-expired-test.patch
deleted file mode 100644
index ac2564f50c..0000000000
--- a/gnu/packages/patches/gnupg-fix-expired-test.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-Fix a test that has an expiration date of 2016-09-17:
-
-https://bugs.gnupg.org/gnupg/issue2393
-
-Patch adapted from upstream source repository:
-
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e584d6468a2e72cd01e55f46104f9f96b56c0b66
-
-The patch has been altered by commenting out a diff that does not apply
-to the version of GnuPG that we are applying it to, 2.1.13. This is
-what the patch author refers to below with "This commit includes changes
-to the old test as well, for those who need to backport it." We keep the
-old test and comment out the new test.
-
-From e584d6468a2e72cd01e55f46104f9f96b56c0b66 Mon Sep 17 00:00:00 2001
-From: Justus Winter <justus@g10code.com>
-Date: Thu, 23 Jun 2016 17:24:23 +0200
-Subject: [PATCH] tests/openpgp: Fake the system time for the tofu test.
-
-The keys in the tofu test are set to expire on 2016-09-17. Fake the
-system time for this test.
-
-This commit includes changes to the old test as well, for those who
-need to backport it.
-
-* tests/openpgp/gpg-agent.conf.tmpl: Drop trailing newlines.
-* tests/openpgp/tofu.scm: Fake system time.
-* tests/openpgp/tofu.test: Likewise.
-
-GnuPG-bug-id: 2393
-Signed-off-by: Justus Winter <justus@g10code.com>
----
- tests/openpgp/gpg-agent.conf.tmpl | 2 --
- tests/openpgp/tofu.scm | 4 +++-
- tests/openpgp/tofu.test | 3 +++
- 3 files changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/tests/openpgp/gpg-agent.conf.tmpl b/tests/openpgp/gpg-agent.conf.tmpl
-index b3cb54f..70e1633 100644
---- a/tests/openpgp/gpg-agent.conf.tmpl
-+++ b/tests/openpgp/gpg-agent.conf.tmpl
-@@ -1,4 +1,2 @@
- allow-preset-passphrase
- no-grab
--
--
-#diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
-#index 24fa9df..38b6a0f 100755
-#--- a/tests/openpgp/tofu.scm
-#+++ b/tests/openpgp/tofu.scm
-#@@ -19,7 +19,9 @@
-#
-# (load (with-path "defs.scm"))
-#
-#-(define GPG `(,(tool 'gpg) --no-permission-warning)) ;; w/o --always-trust
-#+ ;; Redefine GPG without --always-trust and a fixed time.
-#+(define GPG `(,(tool 'gpg) --no-permission-warning
-#+ --faked-system-time=1466684990))
-# (define GNUPGHOME (getenv "GNUPGHOME"))
-# (if (string=? "" GNUPGHOME)
-# (error "GNUPGHOME not set"))
-diff --git a/tests/openpgp/tofu.test b/tests/openpgp/tofu.test
-index 18c1756..0d34af4 100755
---- a/tests/openpgp/tofu.test
-+++ b/tests/openpgp/tofu.test
-@@ -4,6 +4,9 @@
-
- # set -x
-
-+# Redefine GPG with a fixed time.
-+GPG="$GPG --faked-system-time=1466684990"
-+
- KEYS="2183839A BC15C85A EE37CF96"
-
- # Make sure $srcdir is set.
---
-2.10.0
-
diff --git a/gnu/packages/patches/guile-relocatable.patch b/gnu/packages/patches/guile-relocatable.patch
index 077394cdde..2431495f24 100644
--- a/gnu/packages/patches/guile-relocatable.patch
+++ b/gnu/packages/patches/guile-relocatable.patch
@@ -1,8 +1,6 @@
This patch changes Guile to use a default search path relative to the
location of the `guile' binary, allowing it to be relocated.
-diff --git a/libguile/load.c b/libguile/load.c
-index af2ca45..19dd338 100644
--- a/libguile/load.c
+++ b/libguile/load.c
@@ -26,6 +26,7 @@
@@ -12,8 +10,8 @@ index af2ca45..19dd338 100644
+#include <libgen.h>
#include "libguile/_scm.h"
- #include "libguile/private-gc.h" /* scm_getenv_int */
-@@ -255,6 +256,32 @@ scm_init_load_path ()
+ #include "libguile/alist.h"
+@@ -325,6 +326,32 @@
SCM cpath = SCM_EOL;
#ifdef SCM_LIBRARY_DIR
@@ -43,10 +41,10 @@ index af2ca45..19dd338 100644
+ strcpy (ccache_dir, prefix);
+ strcat (ccache_dir, "/lib/guile/2.0/ccache");
+
- env = getenv ("GUILE_SYSTEM_PATH");
+ env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_PATH"));
if (env && strcmp (env, "") == 0)
/* special-case interpret system-path=="" as meaning no system path instead
-@@ -263,10 +290,7 @@ scm_init_load_path ()
+@@ -333,10 +360,7 @@
else if (env)
path = scm_parse_path (scm_from_locale_string (env), path);
else
@@ -56,9 +54,9 @@ index af2ca45..19dd338 100644
- scm_from_locale_string (SCM_PKGDATA_DIR));
+ path = scm_list_1 (scm_from_locale_string (module_dir));
- env = getenv ("GUILE_SYSTEM_COMPILED_PATH");
+ env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_COMPILED_PATH"));
if (env && strcmp (env, "") == 0)
-@@ -276,8 +300,7 @@ scm_init_load_path ()
+@@ -346,8 +370,7 @@
cpath = scm_parse_path (scm_from_locale_string (env), cpath);
else
{
diff --git a/gnu/packages/patches/isl-0.11.1-aarch64-support.patch b/gnu/packages/patches/isl-0.11.1-aarch64-support.patch
new file mode 100644
index 0000000000..c5607fc80d
--- /dev/null
+++ b/gnu/packages/patches/isl-0.11.1-aarch64-support.patch
@@ -0,0 +1,40 @@
+Add aarch64 support to config.guess and config.sub, as would be found if using
+a more recent version of autoconf.
+---
+ config.guess | 7 +++++++
+ config.sub | 1 +
+ 2 files changed, 8 insertions(+)
+
+diff --git a/config.guess b/config.guess
+index 40eaed4..baad294 100755
+--- a/config.guess
++++ b/config.guess
+@@ -861,6 +861,13 @@ EOF
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+ exit ;;
++ aarch64:Linux:*:*)
++ echo ${UNAME_MACHINE}-unknown-linux-gnu
++ exit ;;
++ aarch64_be:Linux:*:*)
++ UNAME_MACHINE=aarch64_be
++ echo ${UNAME_MACHINE}-unknown-linux-gnu
++ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+diff --git a/config.sub b/config.sub
+index 30fdca8..8f5b018 100755
+--- a/config.sub
++++ b/config.sub
+@@ -247,6 +247,7 @@ case $basic_machine in
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
++ | aarch64 | aarch64_be \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+--
+2.9.0
+
diff --git a/gnu/packages/patches/libx11-CVE-2016-7942.patch b/gnu/packages/patches/libx11-CVE-2016-7942.patch
deleted file mode 100644
index 75770235ef..0000000000
--- a/gnu/packages/patches/libx11-CVE-2016-7942.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-Fix CVE-2016-7942:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
-
-From 8ea762f94f4c942d898fdeb590a1630c83235c17 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 25 Sep 2016 21:25:25 +0200
-Subject: [PATCH] Validation of server responses in XGetImage()
-
-Check if enough bytes were received for specified image type and
-geometry. Otherwise GetPixel and other functions could trigger an
-out of boundary read later on.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
----
- src/GetImage.c | 29 ++++++++++++++++++++---------
- 1 file changed, 20 insertions(+), 9 deletions(-)
-
-diff --git a/src/GetImage.c b/src/GetImage.c
-index c461abc..ff32d58 100644
---- a/src/GetImage.c
-+++ b/src/GetImage.c
-@@ -59,6 +59,7 @@ XImage *XGetImage (
- char *data;
- unsigned long nbytes;
- XImage *image;
-+ int planes;
- LockDisplay(dpy);
- GetReq (GetImage, req);
- /*
-@@ -91,18 +92,28 @@ XImage *XGetImage (
- return (XImage *) NULL;
- }
- _XReadPad (dpy, data, nbytes);
-- if (format == XYPixmap)
-- image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual),
-- Ones (plane_mask &
-- (((unsigned long)0xFFFFFFFF) >> (32 - rep.depth))),
-- format, 0, data, width, height, dpy->bitmap_pad, 0);
-- else /* format == ZPixmap */
-- image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual),
-- rep.depth, ZPixmap, 0, data, width, height,
-- _XGetScanlinePad(dpy, (int) rep.depth), 0);
-+ if (format == XYPixmap) {
-+ image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual),
-+ Ones (plane_mask &
-+ (((unsigned long)0xFFFFFFFF) >> (32 - rep.depth))),
-+ format, 0, data, width, height, dpy->bitmap_pad, 0);
-+ planes = image->depth;
-+ } else { /* format == ZPixmap */
-+ image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual),
-+ rep.depth, ZPixmap, 0, data, width, height,
-+ _XGetScanlinePad(dpy, (int) rep.depth), 0);
-+ planes = 1;
-+ }
-
- if (!image)
- Xfree(data);
-+ if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 ||
-+ INT_MAX / image->height <= image->bytes_per_line ||
-+ INT_MAX / planes <= image->height * image->bytes_per_line ||
-+ nbytes < planes * image->height * image->bytes_per_line) {
-+ XDestroyImage(image);
-+ image = NULL;
-+ }
- UnlockDisplay(dpy);
- SyncHandle();
- return (image);
---
-2.10.1
-
diff --git a/gnu/packages/patches/libx11-CVE-2016-7943.patch b/gnu/packages/patches/libx11-CVE-2016-7943.patch
deleted file mode 100644
index 7bcbc58dd4..0000000000
--- a/gnu/packages/patches/libx11-CVE-2016-7943.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-Fix CVE-2016-7943:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943.
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
-
-From 8c29f1607a31dac0911e45a0dd3d74173822b3c9 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 25 Sep 2016 21:22:57 +0200
-Subject: [PATCH] The validation of server responses avoids out of boundary
- accesses.
-
-v2: FontNames.c return a NULL list whenever a single
-length field from the server is incohent.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
----
- src/FontNames.c | 23 +++++++++++++++++------
- src/ListExt.c | 12 ++++++++----
- src/ModMap.c | 3 ++-
- 3 files changed, 27 insertions(+), 11 deletions(-)
-
-diff --git a/src/FontNames.c b/src/FontNames.c
-index 21dcafe..e55f338 100644
---- a/src/FontNames.c
-+++ b/src/FontNames.c
-@@ -66,7 +66,7 @@ int *actualCount) /* RETURN */
-
- if (rep.nFonts) {
- flist = Xmalloc (rep.nFonts * sizeof(char *));
-- if (rep.length < (INT_MAX >> 2)) {
-+ if (rep.length > 0 && rep.length < (INT_MAX >> 2)) {
- rlen = rep.length << 2;
- ch = Xmalloc(rlen + 1);
- /* +1 to leave room for last null-terminator */
-@@ -93,11 +93,22 @@ int *actualCount) /* RETURN */
- if (ch + length < chend) {
- flist[i] = ch + 1; /* skip over length */
- ch += length + 1; /* find next length ... */
-- length = *(unsigned char *)ch;
-- *ch = '\0'; /* and replace with null-termination */
-- count++;
-- } else
-- flist[i] = NULL;
-+ if (ch <= chend) {
-+ length = *(unsigned char *)ch;
-+ *ch = '\0'; /* and replace with null-termination */
-+ count++;
-+ } else {
-+ Xfree(flist);
-+ flist = NULL;
-+ count = 0;
-+ break;
-+ }
-+ } else {
-+ Xfree(flist);
-+ flist = NULL;
-+ count = 0;
-+ break;
-+ }
- }
- }
- *actualCount = count;
-diff --git a/src/ListExt.c b/src/ListExt.c
-index be6b989..0516e45 100644
---- a/src/ListExt.c
-+++ b/src/ListExt.c
-@@ -55,7 +55,7 @@ char **XListExtensions(
-
- if (rep.nExtensions) {
- list = Xmalloc (rep.nExtensions * sizeof (char *));
-- if (rep.length < (INT_MAX >> 2)) {
-+ if (rep.length > 0 && rep.length < (INT_MAX >> 2)) {
- rlen = rep.length << 2;
- ch = Xmalloc (rlen + 1);
- /* +1 to leave room for last null-terminator */
-@@ -80,9 +80,13 @@ char **XListExtensions(
- if (ch + length < chend) {
- list[i] = ch+1; /* skip over length */
- ch += length + 1; /* find next length ... */
-- length = *ch;
-- *ch = '\0'; /* and replace with null-termination */
-- count++;
-+ if (ch <= chend) {
-+ length = *ch;
-+ *ch = '\0'; /* and replace with null-termination */
-+ count++;
-+ } else {
-+ list[i] = NULL;
-+ }
- } else
- list[i] = NULL;
- }
-diff --git a/src/ModMap.c b/src/ModMap.c
-index a809aa2..49a5d08 100644
---- a/src/ModMap.c
-+++ b/src/ModMap.c
-@@ -42,7 +42,8 @@ XGetModifierMapping(register Display *dpy)
- GetEmptyReq(GetModifierMapping, req);
- (void) _XReply (dpy, (xReply *)&rep, 0, xFalse);
-
-- if (rep.length < (INT_MAX >> 2)) {
-+ if (rep.length < (INT_MAX >> 2) &&
-+ (rep.length >> 1) == rep.numKeyPerModifier) {
- nbytes = (unsigned long)rep.length << 2;
- res = Xmalloc(sizeof (XModifierKeymap));
- if (res)
---
-2.10.1
-
diff --git a/gnu/packages/patches/libxfixes-CVE-2016-7944.patch b/gnu/packages/patches/libxfixes-CVE-2016-7944.patch
deleted file mode 100644
index 2ce463fc46..0000000000
--- a/gnu/packages/patches/libxfixes-CVE-2016-7944.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-Fix CVE-2016-7944:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
-
-From 61c1039ee23a2d1de712843bed3480654d7ef42e Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 25 Sep 2016 22:38:44 +0200
-Subject: [PATCH] Integer overflow on illegal server response
-
-The 32 bit field "rep.length" is not checked for validity, which allows
-an integer overflow on 32 bit systems.
-
-A malicious server could send INT_MAX as length, which gets multiplied
-by the size of XRectangle. In that case the client won't read the whole
-data from server, getting out of sync.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
----
- src/Region.c | 15 ++++++++++++---
- 1 file changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/src/Region.c b/src/Region.c
-index cb0cf6e..59bcc1a 100644
---- a/src/Region.c
-+++ b/src/Region.c
-@@ -23,6 +23,7 @@
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
-+#include <limits.h>
- #include "Xfixesint.h"
-
- XserverRegion
-@@ -333,9 +334,17 @@ XFixesFetchRegionAndBounds (Display *dpy,
- bounds->y = rep.y;
- bounds->width = rep.width;
- bounds->height = rep.height;
-- nbytes = (long) rep.length << 2;
-- nrects = rep.length >> 1;
-- rects = Xmalloc (nrects * sizeof (XRectangle));
-+
-+ if (rep.length < (INT_MAX >> 2)) {
-+ nbytes = (long) rep.length << 2;
-+ nrects = rep.length >> 1;
-+ rects = Xmalloc (nrects * sizeof (XRectangle));
-+ } else {
-+ nbytes = 0;
-+ nrects = 0;
-+ rects = NULL;
-+ }
-+
- if (!rects)
- {
- _XEatDataWords(dpy, rep.length);
---
-2.10.1
-
diff --git a/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch b/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch
deleted file mode 100644
index ca899e34c0..0000000000
--- a/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch
+++ /dev/null
@@ -1,420 +0,0 @@
-Fix CVE-2016-7945:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
-
-From 19a9cd607de73947fcfb104682f203ffe4e1f4e5 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 25 Sep 2016 22:31:34 +0200
-Subject: [PATCH] Properly validate server responses.
-
-By validating length fields from server responses, out of boundary
-accesses and endless loops can be mitigated.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
----
- src/XGMotion.c | 3 ++-
- src/XGetBMap.c | 3 ++-
- src/XGetDCtl.c | 6 ++++--
- src/XGetFCtl.c | 7 ++++++-
- src/XGetKMap.c | 14 +++++++++++---
- src/XGetMMap.c | 11 +++++++++--
- src/XIQueryDevice.c | 36 ++++++++++++++++++++++++++++++++++--
- src/XListDev.c | 21 +++++++++++++++------
- src/XOpenDev.c | 13 ++++++++++---
- src/XQueryDv.c | 8 ++++++--
- 10 files changed, 99 insertions(+), 23 deletions(-)
-
-diff --git a/src/XGMotion.c b/src/XGMotion.c
-index 7785843..9433e29 100644
---- a/src/XGMotion.c
-+++ b/src/XGMotion.c
-@@ -114,7 +114,8 @@ XGetDeviceMotionEvents(
- }
- /* rep.axes is a CARD8, so assume max number of axes for bounds check */
- if (rep.nEvents <
-- (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int))))) {
-+ (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int)))) &&
-+ rep.nEvents * (rep.axes + 1) <= rep.length) {
- size_t bsize = rep.nEvents *
- (sizeof(XDeviceTimeCoord) + (rep.axes * sizeof(int)));
- bufp = Xmalloc(bsize);
-diff --git a/src/XGetBMap.c b/src/XGetBMap.c
-index 002daba..13bb8c6 100644
---- a/src/XGetBMap.c
-+++ b/src/XGetBMap.c
-@@ -92,7 +92,8 @@ XGetDeviceButtonMapping(
-
- status = _XReply(dpy, (xReply *) & rep, 0, xFalse);
- if (status == 1) {
-- if (rep.length <= (sizeof(mapping) >> 2)) {
-+ if (rep.length <= (sizeof(mapping) >> 2) &&
-+ rep.nElts <= (rep.length << 2)) {
- unsigned long nbytes = rep.length << 2;
- _XRead(dpy, (char *)mapping, nbytes);
-
-diff --git a/src/XGetDCtl.c b/src/XGetDCtl.c
-index c5d3b53..7f6b396 100644
---- a/src/XGetDCtl.c
-+++ b/src/XGetDCtl.c
-@@ -93,7 +93,8 @@ XGetDeviceControl(
- if (rep.length > 0) {
- unsigned long nbytes;
- size_t size = 0;
-- if (rep.length < (INT_MAX >> 2)) {
-+ if (rep.length < (INT_MAX >> 2) &&
-+ (rep.length << 2) >= sizeof(xDeviceState)) {
- nbytes = (unsigned long) rep.length << 2;
- d = Xmalloc(nbytes);
- }
-@@ -117,7 +118,8 @@ XGetDeviceControl(
- size_t val_size;
-
- r = (xDeviceResolutionState *) d;
-- if (r->num_valuators >= (INT_MAX / (3 * sizeof(int))))
-+ if (sizeof(xDeviceResolutionState) > nbytes ||
-+ r->num_valuators >= (INT_MAX / (3 * sizeof(int))))
- goto out;
- val_size = 3 * sizeof(int) * r->num_valuators;
- if ((sizeof(xDeviceResolutionState) + val_size) > nbytes)
-diff --git a/src/XGetFCtl.c b/src/XGetFCtl.c
-index 7fd6d0e..82dcc64 100644
---- a/src/XGetFCtl.c
-+++ b/src/XGetFCtl.c
-@@ -73,6 +73,7 @@ XGetFeedbackControl(
- XFeedbackState *Sav = NULL;
- xFeedbackState *f = NULL;
- xFeedbackState *sav = NULL;
-+ char *end = NULL;
- xGetFeedbackControlReq *req;
- xGetFeedbackControlReply rep;
- XExtDisplayInfo *info = XInput_find_display(dpy);
-@@ -105,10 +106,12 @@ XGetFeedbackControl(
- goto out;
- }
- sav = f;
-+ end = (char *)f + nbytes;
- _XRead(dpy, (char *)f, nbytes);
-
- for (i = 0; i < *num_feedbacks; i++) {
-- if (f->length > nbytes)
-+ if ((char *)f + sizeof(*f) > end ||
-+ f->length == 0 || f->length > nbytes)
- goto out;
- nbytes -= f->length;
-
-@@ -125,6 +128,8 @@ XGetFeedbackControl(
- case StringFeedbackClass:
- {
- xStringFeedbackState *strf = (xStringFeedbackState *) f;
-+ if ((char *)f + sizeof(*strf) > end)
-+ goto out;
- size += sizeof(XStringFeedbackState) +
- (strf->num_syms_supported * sizeof(KeySym));
- }
-diff --git a/src/XGetKMap.c b/src/XGetKMap.c
-index 0540ce4..008a72b 100644
---- a/src/XGetKMap.c
-+++ b/src/XGetKMap.c
-@@ -54,6 +54,7 @@ SOFTWARE.
- #include <config.h>
- #endif
-
-+#include <limits.h>
- #include <X11/extensions/XI.h>
- #include <X11/extensions/XIproto.h>
- #include <X11/Xlibint.h>
-@@ -93,9 +94,16 @@ XGetDeviceKeyMapping(register Display * dpy, XDevice * dev,
- return (KeySym *) NULL;
- }
- if (rep.length > 0) {
-- *syms_per_code = rep.keySymsPerKeyCode;
-- nbytes = (long)rep.length << 2;
-- mapping = (KeySym *) Xmalloc((unsigned)nbytes);
-+ if (rep.length < INT_MAX >> 2 &&
-+ rep.length == rep.keySymsPerKeyCode * keycount) {
-+ *syms_per_code = rep.keySymsPerKeyCode;
-+ nbytes = (long)rep.length << 2;
-+ mapping = (KeySym *) Xmalloc((unsigned)nbytes);
-+ } else {
-+ *syms_per_code = 0;
-+ nbytes = 0;
-+ mapping = NULL;
-+ }
- if (mapping)
- _XRead(dpy, (char *)mapping, nbytes);
- else
-diff --git a/src/XGetMMap.c b/src/XGetMMap.c
-index 246698c..33c114f 100644
---- a/src/XGetMMap.c
-+++ b/src/XGetMMap.c
-@@ -53,6 +53,7 @@ SOFTWARE.
- #include <config.h>
- #endif
-
-+#include <limits.h>
- #include <X11/extensions/XI.h>
- #include <X11/extensions/XIproto.h>
- #include <X11/Xlibint.h>
-@@ -85,8 +86,14 @@ XGetDeviceModifierMapping(
- SyncHandle();
- return (XModifierKeymap *) NULL;
- }
-- nbytes = (unsigned long)rep.length << 2;
-- res = (XModifierKeymap *) Xmalloc(sizeof(XModifierKeymap));
-+ if (rep.length < (INT_MAX >> 2) &&
-+ rep.numKeyPerModifier == rep.length >> 1) {
-+ nbytes = (unsigned long)rep.length << 2;
-+ res = (XModifierKeymap *) Xmalloc(sizeof(XModifierKeymap));
-+ } else {
-+ nbytes = 0;
-+ res = NULL;
-+ }
- if (res) {
- res->modifiermap = (KeyCode *) Xmalloc(nbytes);
- if (res->modifiermap)
-diff --git a/src/XIQueryDevice.c b/src/XIQueryDevice.c
-index fb8504f..a457cd6 100644
---- a/src/XIQueryDevice.c
-+++ b/src/XIQueryDevice.c
-@@ -26,6 +26,7 @@
- #include <config.h>
- #endif
-
-+#include <limits.h>
- #include <stdint.h>
- #include <X11/Xlibint.h>
- #include <X11/extensions/XI2proto.h>
-@@ -43,6 +44,7 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
- xXIQueryDeviceReq *req;
- xXIQueryDeviceReply reply;
- char *ptr;
-+ char *end;
- int i;
- char *buf;
-
-@@ -60,14 +62,24 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
- if (!_XReply(dpy, (xReply*) &reply, 0, xFalse))
- goto error;
-
-- *ndevices_return = reply.num_devices;
-- info = Xmalloc((reply.num_devices + 1) * sizeof(XIDeviceInfo));
-+ if (reply.length < INT_MAX / 4)
-+ {
-+ *ndevices_return = reply.num_devices;
-+ info = Xmalloc((reply.num_devices + 1) * sizeof(XIDeviceInfo));
-+ }
-+ else
-+ {
-+ *ndevices_return = 0;
-+ info = NULL;
-+ }
-+
- if (!info)
- goto error;
-
- buf = Xmalloc(reply.length * 4);
- _XRead(dpy, buf, reply.length * 4);
- ptr = buf;
-+ end = buf + reply.length * 4;
-
- /* info is a null-terminated array */
- info[reply.num_devices].name = NULL;
-@@ -79,6 +91,9 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
- XIDeviceInfo *lib = &info[i];
- xXIDeviceInfo *wire = (xXIDeviceInfo*)ptr;
-
-+ if (ptr + sizeof(xXIDeviceInfo) > end)
-+ goto error_loop;
-+
- lib->deviceid = wire->deviceid;
- lib->use = wire->use;
- lib->attachment = wire->attachment;
-@@ -87,12 +102,23 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
-
- ptr += sizeof(xXIDeviceInfo);
-
-+ if (ptr + wire->name_len > end)
-+ goto error_loop;
-+
- lib->name = Xcalloc(wire->name_len + 1, 1);
-+ if (lib->name == NULL)
-+ goto error_loop;
- strncpy(lib->name, ptr, wire->name_len);
-+ lib->name[wire->name_len] = '\0';
- ptr += ((wire->name_len + 3)/4) * 4;
-
- sz = size_classes((xXIAnyInfo*)ptr, nclasses);
- lib->classes = Xmalloc(sz);
-+ if (lib->classes == NULL)
-+ {
-+ Xfree(lib->name);
-+ goto error_loop;
-+ }
- ptr += copy_classes(lib, (xXIAnyInfo*)ptr, &nclasses);
- /* We skip over unused classes */
- lib->num_classes = nclasses;
-@@ -103,6 +129,12 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
- SyncHandle();
- return info;
-
-+error_loop:
-+ while (--i >= 0)
-+ {
-+ Xfree(info[i].name);
-+ Xfree(info[i].classes);
-+ }
- error:
- UnlockDisplay(dpy);
- error_unlocked:
-diff --git a/src/XListDev.c b/src/XListDev.c
-index b85ff3c..f850cd0 100644
---- a/src/XListDev.c
-+++ b/src/XListDev.c
-@@ -74,7 +74,7 @@ static int pad_to_xid(int base_size)
- }
-
- static size_t
--SizeClassInfo(xAnyClassPtr *any, int num_classes)
-+SizeClassInfo(xAnyClassPtr *any, size_t len, int num_classes)
- {
- int size = 0;
- int j;
-@@ -90,6 +90,8 @@ SizeClassInfo(xAnyClassPtr *any, int num_classes)
- {
- xValuatorInfoPtr v;
-
-+ if (len < sizeof(v))
-+ return 0;
- v = (xValuatorInfoPtr) *any;
- size += pad_to_xid(sizeof(XValuatorInfo) +
- (v->num_axes * sizeof(XAxisInfo)));
-@@ -98,6 +100,8 @@ SizeClassInfo(xAnyClassPtr *any, int num_classes)
- default:
- break;
- }
-+ if ((*any)->length > len)
-+ return 0;
- *any = (xAnyClassPtr) ((char *)(*any) + (*any)->length);
- }
-
-@@ -170,7 +174,7 @@ XListInputDevices(
- register Display *dpy,
- int *ndevices)
- {
-- size_t size;
-+ size_t s, size;
- xListInputDevicesReq *req;
- xListInputDevicesReply rep;
- xDeviceInfo *list, *slist = NULL;
-@@ -178,6 +182,7 @@ XListInputDevices(
- XDeviceInfo *clist = NULL;
- xAnyClassPtr any, sav_any;
- XAnyClassPtr Any;
-+ char *end = NULL;
- unsigned char *nptr, *Nptr;
- int i;
- unsigned long rlen;
-@@ -213,16 +218,20 @@ XListInputDevices(
-
- any = (xAnyClassPtr) ((char *)list + (*ndevices * sizeof(xDeviceInfo)));
- sav_any = any;
-+ end = (char *)list + rlen;
- for (i = 0; i < *ndevices; i++, list++) {
-- size += SizeClassInfo(&any, (int)list->num_classes);
-+ s = SizeClassInfo(&any, end - (char *)any, (int)list->num_classes);
-+ if (!s)
-+ goto out;
-+ size += s;
- }
-
-- Nptr = ((unsigned char *)list) + rlen + 1;
-+ Nptr = ((unsigned char *)list) + rlen;
- for (i = 0, nptr = (unsigned char *)any; i < *ndevices; i++) {
-+ if (nptr >= Nptr)
-+ goto out;
- size += *nptr + 1;
- nptr += (*nptr + 1);
-- if (nptr > Nptr)
-- goto out;
- }
-
- clist = (XDeviceInfoPtr) Xmalloc(size);
-diff --git a/src/XOpenDev.c b/src/XOpenDev.c
-index 029dec2..4b3c460 100644
---- a/src/XOpenDev.c
-+++ b/src/XOpenDev.c
-@@ -53,6 +53,7 @@ SOFTWARE.
- #include <config.h>
- #endif
-
-+#include <limits.h>
- #include <X11/extensions/XI.h>
- #include <X11/extensions/XIproto.h>
- #include <X11/Xlibint.h>
-@@ -86,9 +87,15 @@ XOpenDevice(
- return (XDevice *) NULL;
- }
-
-- rlen = rep.length << 2;
-- dev = (XDevice *) Xmalloc(sizeof(XDevice) + rep.num_classes *
-- sizeof(XInputClassInfo));
-+ if (rep.length < INT_MAX >> 2 &&
-+ (rep.length << 2) >= rep.num_classes * sizeof(xInputClassInfo)) {
-+ rlen = rep.length << 2;
-+ dev = (XDevice *) Xmalloc(sizeof(XDevice) + rep.num_classes *
-+ sizeof(XInputClassInfo));
-+ } else {
-+ rlen = 0;
-+ dev = NULL;
-+ }
- if (dev) {
- int dlen; /* data length */
-
-diff --git a/src/XQueryDv.c b/src/XQueryDv.c
-index de1c0e5..7ee2272 100644
---- a/src/XQueryDv.c
-+++ b/src/XQueryDv.c
-@@ -73,7 +73,7 @@ XQueryDeviceState(
- xQueryDeviceStateReply rep;
- XDeviceState *state = NULL;
- XInputClass *any, *Any;
-- char *data = NULL;
-+ char *data = NULL, *end = NULL;
- XExtDisplayInfo *info = XInput_find_display(dpy);
-
- LockDisplay(dpy);
-@@ -92,6 +92,7 @@ XQueryDeviceState(
- if (rep.length < (INT_MAX >> 2)) {
- rlen = (unsigned long) rep.length << 2;
- data = Xmalloc(rlen);
-+ end = data + rlen;
- }
- if (!data) {
- _XEatDataWords(dpy, rep.length);
-@@ -100,7 +101,8 @@ XQueryDeviceState(
- _XRead(dpy, data, rlen);
-
- for (i = 0, any = (XInputClass *) data; i < (int)rep.num_classes; i++) {
-- if (any->length > rlen)
-+ if ((char *)any + sizeof(XInputClass) > end ||
-+ any->length == 0 || any->length > rlen)
- goto out;
- rlen -= any->length;
-
-@@ -114,6 +116,8 @@ XQueryDeviceState(
- case ValuatorClass:
- {
- xValuatorState *v = (xValuatorState *) any;
-+ if ((char *)any + sizeof(xValuatorState) > end)
-+ goto out;
- size += (sizeof(XValuatorState) +
- (v->num_valuators * sizeof(int)));
- }
---
-2.10.1
-
diff --git a/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch b/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch
deleted file mode 100644
index ece8b18309..0000000000
--- a/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch
+++ /dev/null
@@ -1,447 +0,0 @@
-Fix CVE-2016-7947 and CVE-2016-7948.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
-
-From a0df3e1c7728205e5c7650b2e6dce684139254a6 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 25 Sep 2016 22:21:40 +0200
-Subject: [PATCH] Avoid out of boundary accesses on illegal responses
-
-The responses of the connected X server have to be properly checked
-to avoid out of boundary accesses that could otherwise be triggered
-by a malicious server.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
----
- src/XrrConfig.c | 32 +++++++++++++--------
- src/XrrCrtc.c | 83 ++++++++++++++++++++++++++++++++++++++++++-------------
- src/XrrMonitor.c | 18 ++++++++++++
- src/XrrOutput.c | 11 ++++++++
- src/XrrProvider.c | 28 ++++++++++++++++---
- src/XrrScreen.c | 52 ++++++++++++++++++++++------------
- 6 files changed, 172 insertions(+), 52 deletions(-)
-
-diff --git a/src/XrrConfig.c b/src/XrrConfig.c
-index 2f0282b..e68c45a 100644
---- a/src/XrrConfig.c
-+++ b/src/XrrConfig.c
-@@ -29,6 +29,7 @@
- #include <config.h>
- #endif
-
-+#include <limits.h>
- #include <stdio.h>
- #include <X11/Xlib.h>
- /* we need to be able to manipulate the Display structure on events */
-@@ -272,23 +273,30 @@ static XRRScreenConfiguration *_XRRGetScreenInfo (Display *dpy,
- rep.rate = 0;
- rep.nrateEnts = 0;
- }
-+ if (rep.length < INT_MAX >> 2) {
-+ nbytes = (long) rep.length << 2;
-
-- nbytes = (long) rep.length << 2;
-+ nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
-+ ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF(CARD16) */);
-
-- nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
-- ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF (CARD16) */);
-+ /*
-+ * first we must compute how much space to allocate for
-+ * randr library's use; we'll allocate the structures in a single
-+ * allocation, on cleanlyness grounds.
-+ */
-
-- /*
-- * first we must compute how much space to allocate for
-- * randr library's use; we'll allocate the structures in a single
-- * allocation, on cleanlyness grounds.
-- */
-+ rbytes = sizeof (XRRScreenConfiguration) +
-+ (rep.nSizes * sizeof (XRRScreenSize) +
-+ rep.nrateEnts * sizeof (int));
-
-- rbytes = sizeof (XRRScreenConfiguration) +
-- (rep.nSizes * sizeof (XRRScreenSize) +
-- rep.nrateEnts * sizeof (int));
-+ scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
-+ } else {
-+ nbytes = 0;
-+ nbytesRead = 0;
-+ rbytes = 0;
-+ scp = NULL;
-+ }
-
-- scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
- if (scp == NULL) {
- _XEatData (dpy, (unsigned long) nbytes);
- return NULL;
-diff --git a/src/XrrCrtc.c b/src/XrrCrtc.c
-index 5ae35c5..6665092 100644
---- a/src/XrrCrtc.c
-+++ b/src/XrrCrtc.c
-@@ -24,6 +24,7 @@
- #include <config.h>
- #endif
-
-+#include <limits.h>
- #include <stdio.h>
- #include <X11/Xlib.h>
- /* we need to be able to manipulate the Display structure on events */
-@@ -57,22 +58,33 @@ XRRGetCrtcInfo (Display *dpy, XRRScreenResources *resources, RRCrtc crtc)
- return NULL;
- }
-
-- nbytes = (long) rep.length << 2;
-+ if (rep.length < INT_MAX >> 2)
-+ {
-+ nbytes = (long) rep.length << 2;
-
-- nbytesRead = (long) (rep.nOutput * 4 +
-- rep.nPossibleOutput * 4);
-+ nbytesRead = (long) (rep.nOutput * 4 +
-+ rep.nPossibleOutput * 4);
-
-- /*
-- * first we must compute how much space to allocate for
-- * randr library's use; we'll allocate the structures in a single
-- * allocation, on cleanlyness grounds.
-- */
-+ /*
-+ * first we must compute how much space to allocate for
-+ * randr library's use; we'll allocate the structures in a single
-+ * allocation, on cleanlyness grounds.
-+ */
-
-- rbytes = (sizeof (XRRCrtcInfo) +
-- rep.nOutput * sizeof (RROutput) +
-- rep.nPossibleOutput * sizeof (RROutput));
-+ rbytes = (sizeof (XRRCrtcInfo) +
-+ rep.nOutput * sizeof (RROutput) +
-+ rep.nPossibleOutput * sizeof (RROutput));
-+
-+ xci = (XRRCrtcInfo *) Xmalloc(rbytes);
-+ }
-+ else
-+ {
-+ nbytes = 0;
-+ nbytesRead = 0;
-+ rbytes = 0;
-+ xci = NULL;
-+ }
-
-- xci = (XRRCrtcInfo *) Xmalloc(rbytes);
- if (xci == NULL) {
- _XEatDataWords (dpy, rep.length);
- UnlockDisplay (dpy);
-@@ -194,12 +206,21 @@ XRRGetCrtcGamma (Display *dpy, RRCrtc crtc)
- if (!_XReply (dpy, (xReply *) &rep, 0, xFalse))
- goto out;
-
-- nbytes = (long) rep.length << 2;
-+ if (rep.length < INT_MAX >> 2)
-+ {
-+ nbytes = (long) rep.length << 2;
-
-- /* three channels of CARD16 data */
-- nbytesRead = (rep.size * 2 * 3);
-+ /* three channels of CARD16 data */
-+ nbytesRead = (rep.size * 2 * 3);
-
-- crtc_gamma = XRRAllocGamma (rep.size);
-+ crtc_gamma = XRRAllocGamma (rep.size);
-+ }
-+ else
-+ {
-+ nbytes = 0;
-+ nbytesRead = 0;
-+ crtc_gamma = NULL;
-+ }
-
- if (!crtc_gamma)
- {
-@@ -357,7 +378,7 @@ XRRGetCrtcTransform (Display *dpy,
- xRRGetCrtcTransformReq *req;
- int major_version, minor_version;
- XRRCrtcTransformAttributes *attr;
-- char *extra = NULL, *e;
-+ char *extra = NULL, *end = NULL, *e;
- int p;
-
- *attributes = NULL;
-@@ -395,9 +416,17 @@ XRRGetCrtcTransform (Display *dpy,
- else
- {
- int extraBytes = rep.length * 4 - CrtcTransformExtra;
-- extra = Xmalloc (extraBytes);
-+ if (rep.length < INT_MAX / 4 &&
-+ rep.length * 4 >= CrtcTransformExtra) {
-+ extra = Xmalloc (extraBytes);
-+ end = extra + extraBytes;
-+ } else
-+ extra = NULL;
- if (!extra) {
-- _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2));
-+ if (rep.length > (CrtcTransformExtra >> 2))
-+ _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2));
-+ else
-+ _XEatDataWords (dpy, rep.length);
- UnlockDisplay (dpy);
- SyncHandle ();
- return False;
-@@ -429,22 +458,38 @@ XRRGetCrtcTransform (Display *dpy,
-
- e = extra;
-
-+ if (e + rep.pendingNbytesFilter > end) {
-+ XFree (extra);
-+ return False;
-+ }
- memcpy (attr->pendingFilter, e, rep.pendingNbytesFilter);
- attr->pendingFilter[rep.pendingNbytesFilter] = '\0';
- e += (rep.pendingNbytesFilter + 3) & ~3;
- for (p = 0; p < rep.pendingNparamsFilter; p++) {
- INT32 f;
-+ if (e + 4 > end) {
-+ XFree (extra);
-+ return False;
-+ }
- memcpy (&f, e, 4);
- e += 4;
- attr->pendingParams[p] = (XFixed) f;
- }
- attr->pendingNparams = rep.pendingNparamsFilter;
-
-+ if (e + rep.currentNbytesFilter > end) {
-+ XFree (extra);
-+ return False;
-+ }
- memcpy (attr->currentFilter, e, rep.currentNbytesFilter);
- attr->currentFilter[rep.currentNbytesFilter] = '\0';
- e += (rep.currentNbytesFilter + 3) & ~3;
- for (p = 0; p < rep.currentNparamsFilter; p++) {
- INT32 f;
-+ if (e + 4 > end) {
-+ XFree (extra);
-+ return False;
-+ }
- memcpy (&f, e, 4);
- e += 4;
- attr->currentParams[p] = (XFixed) f;
-diff --git a/src/XrrMonitor.c b/src/XrrMonitor.c
-index a9eaa7b..adc5330 100644
---- a/src/XrrMonitor.c
-+++ b/src/XrrMonitor.c
-@@ -24,6 +24,7 @@
- #include <config.h>
- #endif
-
-+#include <limits.h>
- #include <stdio.h>
- #include <X11/Xlib.h>
- /* we need to be able to manipulate the Display structure on events */
-@@ -65,6 +66,15 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors)
- return NULL;
- }
-
-+ if (rep.length > INT_MAX >> 2 ||
-+ rep.nmonitors > INT_MAX / SIZEOF(xRRMonitorInfo) ||
-+ rep.noutputs > INT_MAX / 4 ||
-+ rep.nmonitors * SIZEOF(xRRMonitorInfo) > INT_MAX - rep.noutputs * 4) {
-+ _XEatData (dpy, rep.length);
-+ UnlockDisplay (dpy);
-+ SyncHandle ();
-+ return NULL;
-+ }
- nbytes = (long) rep.length << 2;
- nmon = rep.nmonitors;
- noutput = rep.noutputs;
-@@ -111,6 +121,14 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors)
- mon[m].outputs = output;
- buf += SIZEOF (xRRMonitorInfo);
- xoutput = (CARD32 *) buf;
-+ if (xmon->noutput > rep.noutputs) {
-+ Xfree(buf);
-+ Xfree(mon);
-+ UnlockDisplay (dpy);
-+ SyncHandle ();
-+ return NULL;
-+ }
-+ rep.noutputs -= xmon->noutput;
- for (o = 0; o < xmon->noutput; o++)
- output[o] = xoutput[o];
- output += xmon->noutput;
-diff --git a/src/XrrOutput.c b/src/XrrOutput.c
-index 85f0b6e..30f3d40 100644
---- a/src/XrrOutput.c
-+++ b/src/XrrOutput.c
-@@ -25,6 +25,7 @@
- #include <config.h>
- #endif
-
-+#include <limits.h>
- #include <stdio.h>
- #include <X11/Xlib.h>
- /* we need to be able to manipulate the Display structure on events */
-@@ -60,6 +61,16 @@ XRRGetOutputInfo (Display *dpy, XRRScreenResources *resources, RROutput output)
- return NULL;
- }
-
-+ if (rep.length > INT_MAX >> 2 || rep.length < (OutputInfoExtra >> 2))
-+ {
-+ if (rep.length > (OutputInfoExtra >> 2))
-+ _XEatDataWords (dpy, rep.length - (OutputInfoExtra >> 2));
-+ else
-+ _XEatDataWords (dpy, rep.length);
-+ UnlockDisplay (dpy);
-+ SyncHandle ();
-+ return NULL;
-+ }
- nbytes = ((long) (rep.length) << 2) - OutputInfoExtra;
-
- nbytesRead = (long) (rep.nCrtcs * 4 +
-diff --git a/src/XrrProvider.c b/src/XrrProvider.c
-index 9e620c7..d796cd0 100644
---- a/src/XrrProvider.c
-+++ b/src/XrrProvider.c
-@@ -25,6 +25,7 @@
- #include <config.h>
- #endif
-
-+#include <limits.h>
- #include <stdio.h>
- #include <X11/Xlib.h>
- /* we need to be able to manipulate the Display structure on events */
-@@ -59,12 +60,20 @@ XRRGetProviderResources(Display *dpy, Window window)
- return NULL;
- }
-
-- nbytes = (long) rep.length << 2;
-+ if (rep.length < INT_MAX >> 2) {
-+ nbytes = (long) rep.length << 2;
-
-- nbytesRead = (long) (rep.nProviders * 4);
-+ nbytesRead = (long) (rep.nProviders * 4);
-
-- rbytes = (sizeof(XRRProviderResources) + rep.nProviders * sizeof(RRProvider));
-- xrpr = (XRRProviderResources *) Xmalloc(rbytes);
-+ rbytes = (sizeof(XRRProviderResources) + rep.nProviders *
-+ sizeof(RRProvider));
-+ xrpr = (XRRProviderResources *) Xmalloc(rbytes);
-+ } else {
-+ nbytes = 0;
-+ nbytesRead = 0;
-+ rbytes = 0;
-+ xrpr = NULL;
-+ }
-
- if (xrpr == NULL) {
- _XEatDataWords (dpy, rep.length);
-@@ -121,6 +130,17 @@ XRRGetProviderInfo(Display *dpy, XRRScreenResources *resources, RRProvider provi
- return NULL;
- }
-
-+ if (rep.length > INT_MAX >> 2 || rep.length < ProviderInfoExtra >> 2)
-+ {
-+ if (rep.length < ProviderInfoExtra >> 2)
-+ _XEatDataWords (dpy, rep.length);
-+ else
-+ _XEatDataWords (dpy, rep.length - (ProviderInfoExtra >> 2));
-+ UnlockDisplay (dpy);
-+ SyncHandle ();
-+ return NULL;
-+ }
-+
- nbytes = ((long) rep.length << 2) - ProviderInfoExtra;
-
- nbytesRead = (long)(rep.nCrtcs * 4 +
-diff --git a/src/XrrScreen.c b/src/XrrScreen.c
-index b8ce7e5..1f7ffe6 100644
---- a/src/XrrScreen.c
-+++ b/src/XrrScreen.c
-@@ -24,6 +24,7 @@
- #include <config.h>
- #endif
-
-+#include <limits.h>
- #include <stdio.h>
- #include <X11/Xlib.h>
- /* we need to be able to manipulate the Display structure on events */
-@@ -105,27 +106,36 @@ doGetScreenResources (Display *dpy, Window window, int poll)
- xrri->has_rates = _XRRHasRates (xrri->minor_version, xrri->major_version);
- }
-
-- nbytes = (long) rep.length << 2;
-+ if (rep.length < INT_MAX >> 2) {
-+ nbytes = (long) rep.length << 2;
-
-- nbytesRead = (long) (rep.nCrtcs * 4 +
-- rep.nOutputs * 4 +
-- rep.nModes * SIZEOF (xRRModeInfo) +
-- ((rep.nbytesNames + 3) & ~3));
-+ nbytesRead = (long) (rep.nCrtcs * 4 +
-+ rep.nOutputs * 4 +
-+ rep.nModes * SIZEOF (xRRModeInfo) +
-+ ((rep.nbytesNames + 3) & ~3));
-
-- /*
-- * first we must compute how much space to allocate for
-- * randr library's use; we'll allocate the structures in a single
-- * allocation, on cleanlyness grounds.
-- */
-+ /*
-+ * first we must compute how much space to allocate for
-+ * randr library's use; we'll allocate the structures in a single
-+ * allocation, on cleanlyness grounds.
-+ */
-+
-+ rbytes = (sizeof (XRRScreenResources) +
-+ rep.nCrtcs * sizeof (RRCrtc) +
-+ rep.nOutputs * sizeof (RROutput) +
-+ rep.nModes * sizeof (XRRModeInfo) +
-+ rep.nbytesNames + rep.nModes); /* '\0' terminate names */
-
-- rbytes = (sizeof (XRRScreenResources) +
-- rep.nCrtcs * sizeof (RRCrtc) +
-- rep.nOutputs * sizeof (RROutput) +
-- rep.nModes * sizeof (XRRModeInfo) +
-- rep.nbytesNames + rep.nModes); /* '\0' terminate names */
-+ xrsr = (XRRScreenResources *) Xmalloc(rbytes);
-+ wire_names = (char *) Xmalloc (rep.nbytesNames);
-+ } else {
-+ nbytes = 0;
-+ nbytesRead = 0;
-+ rbytes = 0;
-+ xrsr = NULL;
-+ wire_names = NULL;
-+ }
-
-- xrsr = (XRRScreenResources *) Xmalloc(rbytes);
-- wire_names = (char *) Xmalloc (rep.nbytesNames);
- if (xrsr == NULL || wire_names == NULL) {
- Xfree (xrsr);
- Xfree (wire_names);
-@@ -174,6 +184,14 @@ doGetScreenResources (Display *dpy, Window window, int poll)
- wire_name = wire_names;
- for (i = 0; i < rep.nModes; i++) {
- xrsr->modes[i].name = names;
-+ if (xrsr->modes[i].nameLength > rep.nbytesNames) {
-+ Xfree (xrsr);
-+ Xfree (wire_names);
-+ UnlockDisplay (dpy);
-+ SyncHandle ();
-+ return NULL;
-+ }
-+ rep.nbytesNames -= xrsr->modes[i].nameLength;
- memcpy (names, wire_name, xrsr->modes[i].nameLength);
- names[xrsr->modes[i].nameLength] = '\0';
- names += xrsr->modes[i].nameLength + 1;
---
-2.10.1
-
diff --git a/gnu/packages/patches/libxrender-CVE-2016-7949.patch b/gnu/packages/patches/libxrender-CVE-2016-7949.patch
deleted file mode 100644
index 3a2be4ea8e..0000000000
--- a/gnu/packages/patches/libxrender-CVE-2016-7949.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-Fix CVE-2016-7949:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
-
-From 9362c7ddd1af3b168953d0737877bc52d79c94f4 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 25 Sep 2016 21:43:09 +0200
-Subject: [PATCH] Validate lengths while parsing server data.
-
-Individual lengths inside received server data can overflow
-the previously reserved memory.
-
-It is therefore important to validate every single length
-field to not overflow the previously agreed sum of all invidual
-length fields.
-
-v2: consume remaining bytes in the reply buffer on error.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-Reviewed-by: Matthieu Herrb@laas.fr
----
- src/Xrender.c | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/src/Xrender.c b/src/Xrender.c
-index 3102eb2..71cf3e6 100644
---- a/src/Xrender.c
-+++ b/src/Xrender.c
-@@ -533,12 +533,30 @@ XRenderQueryFormats (Display *dpy)
- screen->fallback = _XRenderFindFormat (xri, xScreen->fallback);
- screen->subpixel = SubPixelUnknown;
- xDepth = (xPictDepth *) (xScreen + 1);
-+ if (screen->ndepths > rep.numDepths) {
-+ Xfree (xri);
-+ Xfree (xData);
-+ _XEatDataWords (dpy, rep.length);
-+ UnlockDisplay (dpy);
-+ SyncHandle ();
-+ return 0;
-+ }
-+ rep.numDepths -= screen->ndepths;
- for (nd = 0; nd < screen->ndepths; nd++)
- {
- depth->depth = xDepth->depth;
- depth->nvisuals = xDepth->nPictVisuals;
- depth->visuals = visual;
- xVisual = (xPictVisual *) (xDepth + 1);
-+ if (depth->nvisuals > rep.numVisuals) {
-+ Xfree (xri);
-+ Xfree (xData);
-+ _XEatDataWords (dpy, rep.length);
-+ UnlockDisplay (dpy);
-+ SyncHandle ();
-+ return 0;
-+ }
-+ rep.numVisuals -= depth->nvisuals;
- for (nv = 0; nv < depth->nvisuals; nv++)
- {
- visual->visual = _XRenderFindVisual (dpy, xVisual->visual);
---
-2.10.1
-
diff --git a/gnu/packages/patches/libxrender-CVE-2016-7950.patch b/gnu/packages/patches/libxrender-CVE-2016-7950.patch
deleted file mode 100644
index 1a64b6e724..0000000000
--- a/gnu/packages/patches/libxrender-CVE-2016-7950.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-Fix CVE-2016-7950:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714
-
-From 8fad00b0b647ee662ce4737ca15be033b7a21714 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 25 Sep 2016 21:42:09 +0200
-Subject: [PATCH] Avoid OOB write in XRenderQueryFilters
-
-The memory for filter names is reserved right after receiving the reply.
-After that, filters are iterated and each individual filter name is
-stored in that reserved memory.
-
-The individual name lengths are not checked for validity, which means
-that a malicious server can reserve less memory than it will write to
-during each iteration.
-
-v2: consume remaining bytes in reply buffer on error.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
----
- src/Filter.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/src/Filter.c b/src/Filter.c
-index edfa572..8d701eb 100644
---- a/src/Filter.c
-+++ b/src/Filter.c
-@@ -38,7 +38,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
- char *name;
- char len;
- int i;
-- unsigned long nbytes, nbytesAlias, nbytesName;
-+ unsigned long nbytes, nbytesAlias, nbytesName, reply_left;
-
- if (!RenderHasExtension (info))
- return NULL;
-@@ -114,6 +114,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
- * Read the filter aliases
- */
- _XRead16Pad (dpy, filters->alias, 2 * rep.numAliases);
-+ reply_left = 8 + rep.length - 2 * rep.numAliases;;
-
- /*
- * Read the filter names
-@@ -122,9 +123,19 @@ XRenderQueryFilters (Display *dpy, Drawable drawable)
- {
- int l;
- _XRead (dpy, &len, 1);
-+ reply_left--;
- l = len & 0xff;
-+ if ((unsigned long)l + 1 > nbytesName) {
-+ _XEatDataWords(dpy, reply_left);
-+ Xfree(filters);
-+ UnlockDisplay (dpy);
-+ SyncHandle ();
-+ return NULL;
-+ }
-+ nbytesName -= l + 1;
- filters->filter[i] = name;
- _XRead (dpy, name, l);
-+ reply_left -= l;
- name[l] = '\0';
- name += l + 1;
- }
---
-2.10.1
-
diff --git a/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch b/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch
deleted file mode 100644
index 9df6cf3f4d..0000000000
--- a/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-Fix CVE-2016-7951 and CVE-2016-7952
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
-
-From 9556ad67af3129ec4a7a4f4b54a0d59701beeae3 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 25 Sep 2016 21:37:01 +0200
-Subject: [PATCH] Out of boundary access and endless loop in libXtst
-
-A lack of range checks in libXtst allows out of boundary accesses.
-The checks have to be done in-place here, because it cannot be done
-without in-depth knowledge of the read data.
-
-If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied
-without a client sequence have attached data, an endless loop would
-occur. The do-while-loop continues until the current index reaches
-the end. But in these cases, the current index would not be
-incremented, leading to an endless processing.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
----
- src/XRecord.c | 43 +++++++++++++++++++++++++++++++++++++++----
- 1 file changed, 39 insertions(+), 4 deletions(-)
-
-diff --git a/src/XRecord.c b/src/XRecord.c
-index 50420c0..fefd842 100644
---- a/src/XRecord.c
-+++ b/src/XRecord.c
-@@ -749,15 +749,23 @@ parse_reply_call_callback(
- switch (rep->category) {
- case XRecordFromServer:
- if (rep->elementHeader&XRecordFromServerTime) {
-+ if (current_index + 4 > rep->length << 2)
-+ return Error;
- EXTRACT_CARD32(rep->clientSwapped,
- reply->buf+current_index,
- data->server_time);
- current_index += 4;
- }
-+ if (current_index + 1 > rep->length << 2)
-+ return Error;
- switch (reply->buf[current_index]) {
- case X_Reply: /* reply */
-+ if (current_index + 8 > rep->length << 2)
-+ return Error;
- EXTRACT_CARD32(rep->clientSwapped,
- reply->buf+current_index+4, datum_bytes);
-+ if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8))
-+ return Error;
- datum_bytes = (datum_bytes+8) << 2;
- break;
- default: /* error or event */
-@@ -766,52 +774,73 @@ parse_reply_call_callback(
- break;
- case XRecordFromClient:
- if (rep->elementHeader&XRecordFromClientTime) {
-+ if (current_index + 4 > rep->length << 2)
-+ return Error;
- EXTRACT_CARD32(rep->clientSwapped,
- reply->buf+current_index,
- data->server_time);
- current_index += 4;
- }
- if (rep->elementHeader&XRecordFromClientSequence) {
-+ if (current_index + 4 > rep->length << 2)
-+ return Error;
- EXTRACT_CARD32(rep->clientSwapped,
- reply->buf+current_index,
- data->client_seq);
- current_index += 4;
- }
-+ if (current_index + 4 > rep->length<<2)
-+ return Error;
- if (reply->buf[current_index+2] == 0
- && reply->buf[current_index+3] == 0) /* needn't swap 0 */
- { /* BIG-REQUESTS */
-+ if (current_index + 8 > rep->length << 2)
-+ return Error;
- EXTRACT_CARD32(rep->clientSwapped,
- reply->buf+current_index+4, datum_bytes);
- } else {
- EXTRACT_CARD16(rep->clientSwapped,
- reply->buf+current_index+2, datum_bytes);
- }
-+ if (datum_bytes < 0 || datum_bytes > INT_MAX >> 2)
-+ return Error;
- datum_bytes <<= 2;
- break;
- case XRecordClientStarted:
-+ if (current_index + 8 > rep->length << 2)
-+ return Error;
- EXTRACT_CARD16(rep->clientSwapped,
- reply->buf+current_index+6, datum_bytes);
- datum_bytes = (datum_bytes+2) << 2;
- break;
- case XRecordClientDied:
- if (rep->elementHeader&XRecordFromClientSequence) {
-+ if (current_index + 4 > rep->length << 2)
-+ return Error;
- EXTRACT_CARD32(rep->clientSwapped,
- reply->buf+current_index,
- data->client_seq);
- current_index += 4;
-- }
-- /* fall through */
-+ } else if (current_index < rep->length << 2)
-+ return Error;
-+ datum_bytes = 0;
-+ break;
- case XRecordStartOfData:
- case XRecordEndOfData:
-+ if (current_index < rep->length << 2)
-+ return Error;
- datum_bytes = 0;
-+ break;
- }
-
- if (datum_bytes > 0) {
-- if (current_index + datum_bytes > rep->length << 2)
-+ if (INT_MAX - datum_bytes < (rep->length << 2) - current_index) {
- fprintf(stderr,
- "XRecord: %lu-byte reply claims %d-byte element (seq %lu)\n",
-- (long)rep->length << 2, current_index + datum_bytes,
-+ (unsigned long)rep->length << 2, current_index + datum_bytes,
- dpy->last_request_read);
-+ return Error;
-+ }
- /*
- * This assignment (and indeed the whole buffer sharing
- * scheme) assumes arbitrary 4-byte boundaries are
-@@ -863,6 +892,12 @@ XRecordEnableContext(Display *dpy, XRecordContext context,
- return 0;
- }
-
-+ if (rep.length > INT_MAX >> 2) {
-+ UnlockDisplay(dpy);
-+ SyncHandle();
-+ return 0;
-+ }
-+
- if (rep.length > 0) {
- reply = alloc_reply_buffer(info, rep.length<<2);
- if (!reply) {
---
-2.10.1
-
diff --git a/gnu/packages/patches/libxv-CVE-2016-5407.patch b/gnu/packages/patches/libxv-CVE-2016-5407.patch
deleted file mode 100644
index e6a76c9f70..0000000000
--- a/gnu/packages/patches/libxv-CVE-2016-5407.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-Fix CVE-2016-5407:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17
-
-From d9da580b46a28ab497de2e94fdc7b9ff953dab17 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 25 Sep 2016 21:30:03 +0200
-Subject: [PATCH] Protocol handling issues in libXv - CVE-2016-5407
-
-The Xv query functions for adaptors and encodings suffer from out of
-boundary accesses if a hostile X server sends a maliciously crafted
-response.
-
-A previous fix already checks the received length against fixed values
-but ignores additional length specifications which are stored inside
-the received data.
-
-These lengths are accessed in a for-loop. The easiest way to guarantee
-a correct processing is by validating all lengths against the
-remaining size left before accessing referenced memory.
-
-This makes the previously applied check obsolete, therefore I removed
-it.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
----
- src/Xv.c | 46 +++++++++++++++++++++++++++++-----------------
- 1 file changed, 29 insertions(+), 17 deletions(-)
-
-diff --git a/src/Xv.c b/src/Xv.c
-index e47093a..be450c4 100644
---- a/src/Xv.c
-+++ b/src/Xv.c
-@@ -158,6 +158,7 @@ XvQueryAdaptors(
- size_t size;
- unsigned int ii, jj;
- char *name;
-+ char *end;
- XvAdaptorInfo *pas = NULL, *pa;
- XvFormat *pfs, *pf;
- char *buffer = NULL;
-@@ -197,17 +198,13 @@ XvQueryAdaptors(
- /* GET INPUT ADAPTORS */
-
- if (rep.num_adaptors == 0) {
-- /* If there's no adaptors, there's nothing more to do. */
-+ /* If there are no adaptors, there's nothing more to do. */
- status = Success;
- goto out;
- }
-
-- if (size < (rep.num_adaptors * sz_xvAdaptorInfo)) {
-- /* If there's not enough data for the number of adaptors,
-- then we have a problem. */
-- status = XvBadReply;
-- goto out;
-- }
-+ u.buffer = buffer;
-+ end = buffer + size;
-
- size = rep.num_adaptors * sizeof(XvAdaptorInfo);
- if ((pas = Xmalloc(size)) == NULL) {
-@@ -225,9 +222,12 @@ XvQueryAdaptors(
- pa++;
- }
-
-- u.buffer = buffer;
- pa = pas;
- for (ii = 0; ii < rep.num_adaptors; ii++) {
-+ if (u.buffer + sz_xvAdaptorInfo > end) {
-+ status = XvBadReply;
-+ goto out;
-+ }
- pa->type = u.pa->type;
- pa->base_id = u.pa->base_id;
- pa->num_ports = u.pa->num_ports;
-@@ -239,6 +239,10 @@ XvQueryAdaptors(
- size = u.pa->name_size;
- u.buffer += pad_to_int32(sz_xvAdaptorInfo);
-
-+ if (u.buffer + size > end) {
-+ status = XvBadReply;
-+ goto out;
-+ }
- if ((name = Xmalloc(size + 1)) == NULL) {
- status = XvBadAlloc;
- goto out;
-@@ -259,6 +263,11 @@ XvQueryAdaptors(
-
- pf = pfs;
- for (jj = 0; jj < pa->num_formats; jj++) {
-+ if (u.buffer + sz_xvFormat > end) {
-+ Xfree(pfs);
-+ status = XvBadReply;
-+ goto out;
-+ }
- pf->depth = u.pf->depth;
- pf->visual_id = u.pf->visual;
- pf++;
-@@ -327,6 +336,7 @@ XvQueryEncodings(
- size_t size;
- unsigned int jj;
- char *name;
-+ char *end;
- XvEncodingInfo *pes = NULL, *pe;
- char *buffer = NULL;
- union {
-@@ -364,17 +374,13 @@ XvQueryEncodings(
- /* GET ENCODINGS */
-
- if (rep.num_encodings == 0) {
-- /* If there's no encodings, there's nothing more to do. */
-+ /* If there are no encodings, there's nothing more to do. */
- status = Success;
- goto out;
- }
-
-- if (size < (rep.num_encodings * sz_xvEncodingInfo)) {
-- /* If there's not enough data for the number of adaptors,
-- then we have a problem. */
-- status = XvBadReply;
-- goto out;
-- }
-+ u.buffer = buffer;
-+ end = buffer + size;
-
- size = rep.num_encodings * sizeof(XvEncodingInfo);
- if ((pes = Xmalloc(size)) == NULL) {
-@@ -391,10 +397,12 @@ XvQueryEncodings(
- pe++;
- }
-
-- u.buffer = buffer;
--
- pe = pes;
- for (jj = 0; jj < rep.num_encodings; jj++) {
-+ if (u.buffer + sz_xvEncodingInfo > end) {
-+ status = XvBadReply;
-+ goto out;
-+ }
- pe->encoding_id = u.pe->encoding;
- pe->width = u.pe->width;
- pe->height = u.pe->height;
-@@ -405,6 +413,10 @@ XvQueryEncodings(
- size = u.pe->name_size;
- u.buffer += pad_to_int32(sz_xvEncodingInfo);
-
-+ if (u.buffer + size > end) {
-+ status = XvBadReply;
-+ goto out;
-+ }
- if ((name = Xmalloc(size + 1)) == NULL) {
- status = XvBadAlloc;
- goto out;
---
-2.10.1
-
diff --git a/gnu/packages/patches/libxvmc-CVE-2016-7953.patch b/gnu/packages/patches/libxvmc-CVE-2016-7953.patch
deleted file mode 100644
index 737abdeb9f..0000000000
--- a/gnu/packages/patches/libxvmc-CVE-2016-7953.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix CVE-2016-7953:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953
-
-Patch copied from upstream source repository:
-
-https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
-
-From 2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Sun, 25 Sep 2016 22:34:27 +0200
-Subject: [PATCH] Avoid buffer underflow on empty strings.
-
-If an empty string is received from an x-server, do not underrun the
-buffer by accessing "rep.nameLen - 1" unconditionally, which could end
-up being -1.
-
-Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
-Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
----
- src/XvMC.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/XvMC.c b/src/XvMC.c
-index 7336760..3ee4212 100644
---- a/src/XvMC.c
-+++ b/src/XvMC.c
-@@ -576,9 +576,9 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port,
- if (*name && *busID && tmpBuf) {
- _XRead(dpy, tmpBuf, realSize);
- strncpy(*name,tmpBuf,rep.nameLen);
-- (*name)[rep.nameLen - 1] = '\0';
-+ (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0';
- strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen);
-- (*busID)[rep.busIDLen - 1] = '\0';
-+ (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0';
- XFree(tmpBuf);
- } else {
- XFree(*name);
---
-2.10.1
-
diff --git a/gnu/packages/patches/linux-pam-no-setfsuid.patch b/gnu/packages/patches/linux-pam-no-setfsuid.patch
new file mode 100644
index 0000000000..f92fbc057a
--- /dev/null
+++ b/gnu/packages/patches/linux-pam-no-setfsuid.patch
@@ -0,0 +1,75 @@
+On systems without 'setfsuid', use 'setreuid' instead.
+
+The patch originates from the Debian project for GNU/Hurd.
+Authors: Steve Langasek <vorlon@debian.org>
+Upstream status: A ticket was opened to request apply the patch,
+ticket: 'https://fedorahosted.org/linux-pam/ticket/64'.
+
+--- Linux-PAM-1.2.1/libpam/pam_modutil_priv.c 2015-03-24 06:02:32.000000000 -0600
++++ pam_modutil_priv-mod.c 2016-09-20 13:36:53.150663205 -0500
+@@ -14,7 +14,9 @@
+ #include <syslog.h>
+ #include <pwd.h>
+ #include <grp.h>
++#ifdef HAVE_SYS_FSUID_H
+ #include <sys/fsuid.h>
++#endif /* HAVE_SYS_FSUID_H */
+
+ /*
+ * Two setfsuid() calls in a row are necessary to check
+@@ -22,17 +24,55 @@
+ */
+ static int change_uid(uid_t uid, uid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ uid_t tmp = setfsuid(uid);
+ if (save)
+ *save = tmp;
+ return (uid_t) setfsuid(uid) == uid ? 0 : -1;
++#else
++ uid_t euid = geteuid();
++ uid_t ruid = getuid();
++ if (save)
++ *save = ruid;
++ if (ruid == uid && uid != 0)
++ if (setreuid(euid, uid))
++ return -1;
++ else {
++ setreuid(0, -1);
++ if (setreuid(-1, uid)) {
++ setreuid(-1, 0);
++ setreuid(0, -1);
++ if (setreuid(-1, uid))
++ return -1;
++ }
++ }
++#endif
+ }
+ static int change_gid(gid_t gid, gid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ gid_t tmp = setfsgid(gid);
+ if (save)
+ *save = tmp;
+ return (gid_t) setfsgid(gid) == gid ? 0 : -1;
++#else
++ gid_t egid = getegid();
++ gid_t rgid = getgid();
++ if (save)
++ *save = rgid;
++ if (rgid == gid)
++ if (setregid(egid, gid))
++ return -1;
++ else {
++ setregid(0, -1);
++ if (setregid(-1, gid)) {
++ setregid(-1, 0);
++ setregid(0, -1);
++ if (setregid(-1, gid))
++ return -1;
++ }
++ }
++#endif
+ }
+
+ static int cleanup(struct pam_modutil_privs *p)
diff --git a/gnu/packages/patches/openssl-CVE-2016-2177.patch b/gnu/packages/patches/openssl-CVE-2016-2177.patch
deleted file mode 100644
index f6465aeaa7..0000000000
--- a/gnu/packages/patches/openssl-CVE-2016-2177.patch
+++ /dev/null
@@ -1,286 +0,0 @@
-Fix CVE-2016-2177.
-
-<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177>
-
-Source:
-<https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7>
-
-From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Thu, 5 May 2016 11:10:26 +0100
-Subject: [PATCH] Avoid some undefined pointer arithmetic
-
-A common idiom in the codebase is:
-
-if (p + len > limit)
-{
- return; /* Too long */
-}
-
-Where "p" points to some malloc'd data of SIZE bytes and
-limit == p + SIZE
-
-"len" here could be from some externally supplied data (e.g. from a TLS
-message).
-
-The rules of C pointer arithmetic are such that "p + len" is only well
-defined where len <= SIZE. Therefore the above idiom is actually
-undefined behaviour.
-
-For example this could cause problems if some malloc implementation
-provides an address for "p" such that "p + len" actually overflows for
-values of len that are too big and therefore p + len < limit!
-
-Issue reported by Guido Vranken.
-
-CVE-2016-2177
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
----
- ssl/s3_srvr.c | 14 +++++++-------
- ssl/ssl_sess.c | 2 +-
- ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++--------------------------
- 3 files changed, 38 insertions(+), 34 deletions(-)
-
-diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
-index ab28702..ab7f690 100644
---- a/ssl/s3_srvr.c
-+++ b/ssl/s3_srvr.c
-@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
-
- session_length = *(p + SSL3_RANDOM_SIZE);
-
-- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
-+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
- /* get the session-id */
- j = *(p++);
-
-- if (p + j > d + n) {
-+ if ((d + n) - p < j) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
-
- if (SSL_IS_DTLS(s)) {
- /* cookie stuff */
-- if (p + 1 > d + n) {
-+ if ((d + n) - p < 1) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
- cookie_len = *(p++);
-
-- if (p + cookie_len > d + n) {
-+ if ((d + n ) - p < cookie_len) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
- }
- }
-
-- if (p + 2 > d + n) {
-+ if ((d + n ) - p < 2) {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
- }
-
- /* i bytes of cipher data + 1 byte for compression length later */
-- if ((p + i + 1) > (d + n)) {
-+ if ((d + n) - p < i + 1) {
- /* not enough data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
-
- /* compression */
- i = *(p++);
-- if ((p + i) > (d + n)) {
-+ if ((d + n) - p < i) {
- /* not enough data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
-index b182998..54ee783 100644
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
- int r;
- #endif
-
-- if (session_id + len > limit) {
-+ if (limit - session_id < len) {
- fatal = 1;
- goto err;
- }
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index fb64607..cdac011 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- 0x02, 0x03, /* SHA-1/ECDSA */
- };
-
-- if (data >= (limit - 2))
-+ if (limit - data <= 2)
- return;
- data += 2;
-
-- if (data > (limit - 4))
-+ if (limit - data < 4)
- return;
- n2s(data, type);
- n2s(data, size);
-@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- if (type != TLSEXT_TYPE_server_name)
- return;
-
-- if (data + size > limit)
-+ if (limit - data < size)
- return;
- data += size;
-
-@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- const size_t len1 = sizeof(kSafariExtensionsBlock);
- const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
-
-- if (data + len1 + len2 != limit)
-+ if (limit - data != (int)(len1 + len2))
- return;
- if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
- return;
-@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
- } else {
- const size_t len = sizeof(kSafariExtensionsBlock);
-
-- if (data + len != limit)
-+ if (limit - data != (int)(len))
- return;
- if (memcmp(data, kSafariExtensionsBlock, len) != 0)
- return;
-@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
- if (data == limit)
- goto ri_check;
-
-- if (data > (limit - 2))
-+ if (limit - data < 2)
- goto err;
-
- n2s(data, len);
-
-- if (data + len != limit)
-+ if (limit - data != len)
- goto err;
-
-- while (data <= (limit - 4)) {
-+ while (limit - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > (limit))
-+ if (limit - data < size)
- goto err;
- # if 0
- fprintf(stderr, "Received extension type %d size %d\n", type, size);
-@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
- if (s->hit || s->cert->srv_ext.meths_count == 0)
- return 1;
-
-- if (data >= limit - 2)
-+ if (limit - data <= 2)
- return 1;
- n2s(data, len);
-
-- if (data > limit - len)
-+ if (limit - data < len)
- return 1;
-
-- while (data <= limit - 4) {
-+ while (limit - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > limit)
-+ if (limit - data < size)
- return 1;
- if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
- return 0;
-@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
- SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
- # endif
-
-- if (data >= (d + n - 2))
-+ if ((d + n) - data <= 2)
- goto ri_check;
-
- n2s(data, length);
-- if (data + length != d + n) {
-+ if ((d + n) - data != length) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
-- while (data <= (d + n - 4)) {
-+ while ((d + n) - data >= 4) {
- n2s(data, type);
- n2s(data, size);
-
-- if (data + size > (d + n))
-+ if ((d + n) - data < size)
- goto ri_check;
-
- if (s->tlsext_debug_cb)
-@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
- /* Skip past DTLS cookie */
- if (SSL_IS_DTLS(s)) {
- i = *(p++);
-- p += i;
-- if (p >= limit)
-+
-+ if (limit - p <= i)
- return -1;
-+
-+ p += i;
- }
- /* Skip past cipher list */
- n2s(p, i);
-- p += i;
-- if (p >= limit)
-+ if (limit - p <= i)
- return -1;
-+ p += i;
-+
- /* Skip past compression algorithm list */
- i = *(p++);
-- p += i;
-- if (p > limit)
-+ if (limit - p < i)
- return -1;
-+ p += i;
-+
- /* Now at start of extensions */
-- if ((p + 2) >= limit)
-+ if (limit - p <= 2)
- return 0;
- n2s(p, i);
-- while ((p + 4) <= limit) {
-+ while (limit - p >= 4) {
- unsigned short type, size;
- n2s(p, type);
- n2s(p, size);
-- if (p + size > limit)
-+ if (limit - p < size)
- return 0;
- if (type == TLSEXT_TYPE_session_ticket) {
- int r;
---
-2.8.4
-
diff --git a/gnu/packages/patches/openssl-CVE-2016-2178.patch b/gnu/packages/patches/openssl-CVE-2016-2178.patch
deleted file mode 100644
index 37cf2763af..0000000000
--- a/gnu/packages/patches/openssl-CVE-2016-2178.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-Fix CVE-2016-2178.
-
-<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178>
-
-Source:
-<https://git.openssl.org/?p=openssl.git;a=commit;h=621eaf49a289bfac26d4cbcdb7396e796784c534>
-<https://git.openssl.org/?p=openssl.git;a=commit;h=b7d0f2834e139a20560d64c73e2565e93715ce2b>
-
-From 621eaf49a289bfac26d4cbcdb7396e796784c534 Mon Sep 17 00:00:00 2001
-From: Cesar Pereida <cesar.pereida@aalto.fi>
-Date: Mon, 23 May 2016 12:45:25 +0300
-Subject: [PATCH 1/2] Fix DSA, preserve BN_FLG_CONSTTIME
-
-Operations in the DSA signing algorithm should run in constant time in
-order to avoid side channel attacks. A flaw in the OpenSSL DSA
-implementation means that a non-constant time codepath is followed for
-certain operations. This has been demonstrated through a cache-timing
-attack to be sufficient for an attacker to recover the private DSA key.
-
-CVE-2016-2178
-
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
----
- crypto/dsa/dsa_ossl.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
-index efc4f1b..b29eb4b 100644
---- a/crypto/dsa/dsa_ossl.c
-+++ b/crypto/dsa/dsa_ossl.c
-@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
- if (!BN_rand_range(&k, dsa->q))
- goto err;
- while (BN_is_zero(&k)) ;
-- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-- BN_set_flags(&k, BN_FLG_CONSTTIME);
-- }
-
- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
- if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-@@ -279,9 +276,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
- }
-
- K = &kq;
-+
-+ BN_set_flags(K, BN_FLG_CONSTTIME);
- } else {
- K = &k;
- }
-+
- DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
- dsa->method_mont_p);
- if (!BN_mod(r, r, dsa->q, ctx))
---
-2.8.4
-
-From b7d0f2834e139a20560d64c73e2565e93715ce2b Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 7 Jun 2016 09:12:51 +0100
-Subject: [PATCH 2/2] More fix DSA, preserve BN_FLG_CONSTTIME
-
-The previous "fix" still left "k" exposed to constant time problems in
-the later BN_mod_inverse() call. Ensure both k and kq have the
-BN_FLG_CONSTTIME flag set at the earliest opportunity after creation.
-
-CVE-2016-2178
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
----
- crypto/dsa/dsa_ossl.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
-index b29eb4b..58013a4 100644
---- a/crypto/dsa/dsa_ossl.c
-+++ b/crypto/dsa/dsa_ossl.c
-@@ -247,7 +247,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
- do
- if (!BN_rand_range(&k, dsa->q))
- goto err;
-- while (BN_is_zero(&k)) ;
-+ while (BN_is_zero(&k));
-+
-+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-+ BN_set_flags(&k, BN_FLG_CONSTTIME);
-+ }
-+
-
- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
- if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-@@ -261,6 +266,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
- if (!BN_copy(&kq, &k))
- goto err;
-
-+ BN_set_flags(&kq, BN_FLG_CONSTTIME);
-+
- /*
- * We do not want timing information to leak the length of k, so we
- * compute g^k using an equivalent exponent of fixed length. (This
-@@ -276,8 +283,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
- }
-
- K = &kq;
--
-- BN_set_flags(K, BN_FLG_CONSTTIME);
- } else {
- K = &k;
- }
---
-2.8.4
-
diff --git a/gnu/packages/patches/perl-CVE-2015-8607.patch b/gnu/packages/patches/perl-CVE-2015-8607.patch
deleted file mode 100644
index 4c25d41740..0000000000
--- a/gnu/packages/patches/perl-CVE-2015-8607.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 3a629609084d147838368262171b923f0770e564 Mon Sep 17 00:00:00 2001
-From: Tony Cook <tony@develop-help.com>
-Date: Tue, 15 Dec 2015 10:56:54 +1100
-Subject: ensure File::Spec::canonpath() preserves taint
-
-Previously the unix specific XS implementation of canonpath() would
-return an untainted path when supplied a tainted path.
-
-For the empty string case, newSVpvs() already sets taint as needed on
-its result.
-
-This issue was assigned CVE-2015-8607.
-
-Bug: https://rt.perl.org/Ticket/Display.html?id=126862
-Bug-Debian: https://bugs.debian.org/810719
-Origin: upstream
-Patch-Name: fixes/CVE-2015-8607_file_spec_taint_fix.diff
----
- dist/PathTools/Cwd.xs | 1 +
- dist/PathTools/t/taint.t | 19 ++++++++++++++++++-
- 2 files changed, 19 insertions(+), 1 deletion(-)
-
-diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs
-index 9d4dcf0..3d018dc 100644
---- a/dist/PathTools/Cwd.xs
-+++ b/dist/PathTools/Cwd.xs
-@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path)
- *o = 0;
- SvPOK_on(retval);
- SvCUR_set(retval, o - SvPVX(retval));
-+ SvTAINT(retval);
- return retval;
- }
-
-diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t
-index 309b3e5..48f8c5b 100644
---- a/dist/PathTools/t/taint.t
-+++ b/dist/PathTools/t/taint.t
-@@ -12,7 +12,7 @@ use Test::More;
- BEGIN {
- plan(
- ${^TAINT}
-- ? (tests => 17)
-+ ? (tests => 21)
- : (skip_all => "A perl without taint support")
- );
- }
-@@ -34,3 +34,20 @@ foreach my $func (@Functions) {
-
- # Previous versions of Cwd tainted $^O
- is !tainted($^O), 1, "\$^O should not be tainted";
-+
-+{
-+ # [perl #126862] canonpath() loses taint
-+ my $tainted = substr($ENV{PATH}, 0, 0);
-+ # yes, getcwd()'s result should be tainted, and is tested above
-+ # but be sure
-+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)),
-+ "canonpath() keeps taint on non-empty string";
-+ ok tainted(File::Spec->canonpath($tainted)),
-+ "canonpath() keeps taint on empty string";
-+
-+ (Cwd::getcwd() =~ /^(.*)/);
-+ my $untainted = $1;
-+ ok !tainted($untainted), "make sure our untainted value is untainted";
-+ ok !tainted(File::Spec->canonpath($untainted)),
-+ "canonpath() doesn't add taint to untainted string";
-+}
diff --git a/gnu/packages/patches/perl-CVE-2016-2381.patch b/gnu/packages/patches/perl-CVE-2016-2381.patch
deleted file mode 100644
index 99d1944a5d..0000000000
--- a/gnu/packages/patches/perl-CVE-2016-2381.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-Fix CVE-2016-2381 (ambiguous handling of duplicated environment variables).
-
-Copied from upstream:
-http://perl5.git.perl.org/perl.git/commit/ae37b791a73a9e78dedb89fb2429d2628cf58076
-
-References:
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381
-http://www.nntp.perl.org/group/perl.perl5.porters/2016/03/msg234747.html
-https://security-tracker.debian.org/tracker/CVE-2016-2381
-
----
-
-From 1237ea93fb2475a5ae576d5ee1358a5bb4ebe426 Mon Sep 17 00:00:00 2001
-From: Tony Cook <tony@develop-help.com>
-Date: Wed, 27 Jan 2016 11:52:15 +1100
-Subject: remove duplicate environment variables from environ
-
-If we see duplicate environment variables while iterating over
-environ[]:
-
-a) make sure we use the same value in %ENV that getenv() returns.
-
-Previously on a duplicate, %ENV would have the last entry for the name
-from environ[], but a typical getenv() would return the first entry.
-
-Rather than assuming all getenv() implementations return the first entry
-explicitly call getenv() to ensure they agree.
-
-b) remove duplicate entries from environ
-
-Previously if there was a duplicate definition for a name in environ[]
-setting that name in %ENV could result in an unsafe value being passed
-to a child process, so ensure environ[] has no duplicates.
-
-Patch-Name: fixes/CVE-2016-2381_duplicate_env.diff
----
- perl.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 49 insertions(+), 2 deletions(-)
-
-diff --git a/perl.c b/perl.c
-index 67d32ce..26aeb91 100644
---- a/perl.c
-+++ b/perl.c
-@@ -4277,23 +4277,70 @@ S_init_postdump_symbols(pTHX_ int argc, char **argv, char **env)
- }
- if (env) {
- char *s, *old_var;
-+ STRLEN nlen;
- SV *sv;
-+ HV *dups = newHV();
-+
- for (; *env; env++) {
- old_var = *env;
-
- if (!(s = strchr(old_var,'=')) || s == old_var)
- continue;
-+ nlen = s - old_var;
-
- #if defined(MSDOS) && !defined(DJGPP)
- *s = '\0';
- (void)strupr(old_var);
- *s = '=';
- #endif
-- sv = newSVpv(s+1, 0);
-- (void)hv_store(hv, old_var, s - old_var, sv, 0);
-+ if (hv_exists(hv, old_var, nlen)) {
-+ const char *name = savepvn(old_var, nlen);
-+
-+ /* make sure we use the same value as getenv(), otherwise code that
-+ uses getenv() (like setlocale()) might see a different value to %ENV
-+ */
-+ sv = newSVpv(PerlEnv_getenv(name), 0);
-+
-+ /* keep a count of the dups of this name so we can de-dup environ later */
-+ if (hv_exists(dups, name, nlen))
-+ ++SvIVX(*hv_fetch(dups, name, nlen, 0));
-+ else
-+ (void)hv_store(dups, name, nlen, newSViv(1), 0);
-+
-+ Safefree(name);
-+ }
-+ else {
-+ sv = newSVpv(s+1, 0);
-+ }
-+ (void)hv_store(hv, old_var, nlen, sv, 0);
- if (env_is_not_environ)
- mg_set(sv);
- }
-+ if (HvKEYS(dups)) {
-+ /* environ has some duplicate definitions, remove them */
-+ HE *entry;
-+ hv_iterinit(dups);
-+ while ((entry = hv_iternext_flags(dups, 0))) {
-+ STRLEN nlen;
-+ const char *name = HePV(entry, nlen);
-+ IV count = SvIV(HeVAL(entry));
-+ IV i;
-+ SV **valp = hv_fetch(hv, name, nlen, 0);
-+
-+ assert(valp);
-+
-+ /* try to remove any duplicate names, depending on the
-+ * implementation used in my_setenv() the iteration might
-+ * not be necessary, but let's be safe.
-+ */
-+ for (i = 0; i < count; ++i)
-+ my_setenv(name, 0);
-+
-+ /* and set it back to the value we set $ENV{name} to */
-+ my_setenv(name, SvPV_nolen(*valp));
-+ }
-+ }
-+ SvREFCNT_dec_NN(dups);
- }
- #endif /* USE_ENVIRON_ARRAY */
- #endif /* !PERL_MICRO */
diff --git a/gnu/packages/patches/perl-no-build-time.patch b/gnu/packages/patches/perl-no-build-time.patch
deleted file mode 100644
index 5d78e8f462..0000000000
--- a/gnu/packages/patches/perl-no-build-time.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Do not record the configuration and build time so that builds can be
-reproduced bit-for-bit.
-
---- perl-5.22.0/Configure 1970-01-01 01:00:00.000000000 +0100
-+++ perl-5.22.0/Configure 2015-12-13 00:14:43.148165080 +0100
-@@ -3834,6 +3817,7 @@ esac
-
- : who configured the system
- cf_time=`LC_ALL=C; LANGUAGE=C; export LC_ALL; export LANGUAGE; $date 2>&1`
-+cf_time='Thu Jan 1 00:00:01 UTC 1970'
- case "$cf_by" in
- "")
- cf_by=`(logname) 2>/dev/null`
-
---- perl-5.22.0/perl.c 2015-12-13 00:25:30.269156627 +0100
-+++ perl-5.22.0/perl.c 2015-12-13 00:25:38.265218175 +0100
-@@ -1795,7 +1795,7 @@ S_Internals_V(pTHX_ CV *cv)
- PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options,
- sizeof(non_bincompat_options) - 1, SVs_TEMP));
-
--#ifdef __DATE__
-+#if 0
- # ifdef __TIME__
- PUSHs(Perl_newSVpvn_flags(aTHX_
- STR_WITH_LEN("Compiled at " __DATE__ " " __TIME__),
-
diff --git a/gnu/packages/patches/perl-reproducible-build-date.patch b/gnu/packages/patches/perl-reproducible-build-date.patch
new file mode 100644
index 0000000000..bf0d4b8f6d
--- /dev/null
+++ b/gnu/packages/patches/perl-reproducible-build-date.patch
@@ -0,0 +1,50 @@
+Don't encode the current timestamp.
+
+This affects the output of `perl -V`, specifically the message "Compiled
+at [...]".
+
+The 'cf_time' and 'cf_by' values show up in 'config.h' and
+in 'Config_heavy.pl'.
+
+Use the output of 'uname -s' instead of 'uname -a' to avoid recording
+the kernel version ('uname -o' leads to directory names like
+'x86_64-gnulinux' instead of 'x86_64-linux', which might cause breakage
+down the road.)
+
+diff --git a/perl.c b/perl.c
+index 228a0d8..ed38313 100644
+--- a/perl.c
++++ b/perl.c
+@@ -1825,6 +1825,7 @@ S_Internals_V(pTHX_ CV *cv)
+ PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options,
+ sizeof(non_bincompat_options) - 1, SVs_TEMP));
+
++#define PERL_BUILD_DATE "Jan 1 1970 00:00:00"
+ #ifndef PERL_BUILD_DATE
+ # ifdef __DATE__
+ # ifdef __TIME__
+
+--- a/Configure 1970-01-01 01:00:00.000000000 +0100
++++ b/Configure 2016-10-01 14:47:20.017319739 +0200
+@@ -3276,7 +3276,7 @@ $eunicefix tr
+ : Try to determine whether config.sh was made on this system
+ case "$config_sh" in
+ '')
+-myuname=`$uname -a 2>/dev/null`
++myuname=`$uname -s 2>/dev/null`
+ $test -z "$myuname" && myuname=`hostname 2>/dev/null`
+ # Downcase everything to avoid ambiguity.
+ # Remove slashes and single quotes so we can use parts of this in
+@@ -3845,10 +3845,10 @@
+ . ./posthint.sh
+
+ : who configured the system
+-cf_time=`LC_ALL=C; LANGUAGE=C; export LC_ALL; export LANGUAGE; $date 2>&1`
++cf_time="1970-01-01"
+ case "$cf_by" in
+ "")
+- cf_by=`(logname) 2>/dev/null`
++ cf_by="guix"
+ case "$cf_by" in
+ "")
+ cf_by=`(whoami) 2>/dev/null`
diff --git a/gnu/packages/patches/perl-source-date-epoch.patch b/gnu/packages/patches/perl-source-date-epoch.patch
deleted file mode 100644
index 37330c9537..0000000000
--- a/gnu/packages/patches/perl-source-date-epoch.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Adapted from <https://bugs.debian.org/801621>.
-Make Pod::Man honor the SOURCE_DATE_EPOCH environment variable.
-
---- perl-5.22.0/cpan/podlators/lib/Pod/Man.pm 2015-12-12 22:33:03.321787590 +0100
-+++ perl-5.22.0/cpan/podlators/lib/Pod/Man.pm 2015-12-12 22:36:33.367361338 +0100
-@@ -884,7 +884,12 @@ sub devise_date {
- my ($self) = @_;
- my $input = $self->source_filename;
- my $time;
-- if ($input) {
-+
-+ if (defined($ENV{SOURCE_DATE_EPOCH}) &&
-+ $ENV{SOURCE_DATE_EPOCH} !~ /\D/) {
-+ $time = $ENV{SOURCE_DATE_EPOCH};
-+ }
-+ elsif ($input) {
- $time = (stat $input)[9] || time;
- } else {
- $time = time;
diff --git a/gnu/packages/patches/procps-non-linux.patch b/gnu/packages/patches/procps-non-linux.patch
deleted file mode 100644
index 9d369aeb2c..0000000000
--- a/gnu/packages/patches/procps-non-linux.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From aa9bd38d0a6fe53aff7f78fb2d9f61e55677c7b5 Mon Sep 17 00:00:00 2001
-From: Craig Small <csmall@enc.com.au>
-Date: Sun, 17 Apr 2016 09:09:41 +1000
-Subject: [PATCH] tests: Conditionally add prctl to test process
-
-prctl was already bypassed on Cygwin systems. This extends to
-non-Linux systems such as kFreeBSD and Hurd.
-
----
- lib/test_process.c | 4 ++--
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/lib/test_process.c b/lib/test_process.c
-index 6e652ed..6a4776c 100644
---- a/lib/test_process.c
-+++ b/lib/test_process.c
-@@ -21,7 +21,9 @@
- #include <stdlib.h>
- #include <unistd.h>
- #include <signal.h>
-+#ifdef __linux__
- #include <sys/prctl.h>
-+#endif
- #include "c.h"
-
- #define DEFAULT_SLEEPTIME 300
-@@ -78,8 +80,10 @@
- sigaction(SIGUSR1, &signal_action, NULL);
- sigaction(SIGUSR2, &signal_action, NULL);
-
-+#ifdef __linux__
- /* set process name */
- prctl(PR_SET_NAME, MY_NAME, NULL, NULL, NULL);
-+#endif
-
- while (sleep_time > 0) {
- sleep_time = sleep(sleep_time);
---
-2.8.2
-
diff --git a/gnu/packages/patches/python-3.4-fix-tests.patch b/gnu/packages/patches/python-3.4-fix-tests.patch
new file mode 100644
index 0000000000..d1f8138e79
--- /dev/null
+++ b/gnu/packages/patches/python-3.4-fix-tests.patch
@@ -0,0 +1,12 @@
+--- Lib/test/test_posixpath.py 2014-03-01 05:46:56.984311000 +0100
++++ Lib/test/test_posixpath.py 2014-03-07 00:59:20.888311000 +0100
+@@ -319,7 +319,11 @@
+ del env['HOME']
+ home = pwd.getpwuid(os.getuid()).pw_dir
+ # $HOME can end with a trailing /, so strip it (see #17809)
+- self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
++ # The Guix builders have '/' as a home directory, so
++ # home.rstrip("/") will be an empty string and the test will
++ # fail. Let's just disable it since it does not really make
++ # sense with such a bizarre setup.
++ # self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
diff --git a/gnu/packages/patches/python-3.5-fix-tests.patch b/gnu/packages/patches/python-3.5-fix-tests.patch
new file mode 100644
index 0000000000..46d2a84efb
--- /dev/null
+++ b/gnu/packages/patches/python-3.5-fix-tests.patch
@@ -0,0 +1,46 @@
+Additional test fixes which affect Python 3.5 (and presumably later) but not
+prior revisions of Python.
+
+--- Lib/test/test_pathlib.py 2014-03-01 03:02:36.088311000 +0100
++++ Lib/test/test_pathlib.py 2014-03-01 04:56:37.768311000 +0100
+@@ -1986,8 +1986,9 @@
+ expect = set() if not support.fs_is_case_insensitive(BASE) else given
+ self.assertEqual(given, expect)
+ self.assertEqual(set(p.rglob("FILEd*")), set())
+
++ @unittest.skipIf(True, "Guix builder home is '/' which causes trouble for these tests")
+ def test_expanduser(self):
+ P = self.cls
+ support.import_module('pwd')
+ import pwd
+--- Lib/test/test_tarfile.py 2016-02-24 19:22:52.597208055 +0000
++++ Lib/test/test_tarfile.py 2016-02-24 20:50:48.941950135 +0000
+@@ -2305,11 +2305,14 @@
+ try:
+ import pwd, grp
+ except ImportError:
+ return False
+- if pwd.getpwuid(0)[0] != 'root':
+- return False
+- if grp.getgrgid(0)[0] != 'root':
++ try:
++ if pwd.getpwuid(0)[0] != 'root':
++ return False
++ if grp.getgrgid(0)[0] != 'root':
++ return False
++ except KeyError:
+ return False
+ return True
+
+
+--- Lib/test/test_asyncio/test_base_events.py
++++ Lib/test/test_asyncio/test_base_events.py
+@@ -142,6 +142,8 @@ class BaseEventTests(test_utils.TestCase):
+ (INET, STREAM, TCP, '', ('1.2.3.4', 1)),
+ base_events._ipaddr_info('1.2.3.4', b'1', INET, STREAM, TCP))
+
++ @unittest.skipUnless(support.is_resource_enabled('network'),
++ 'network is not enabled')
+ def test_getaddrinfo_servname(self):
+ INET = socket.AF_INET
+ STREAM = socket.SOCK_STREAM
diff --git a/gnu/packages/patches/python-disable-ssl-test.patch b/gnu/packages/patches/python-disable-ssl-test.patch
deleted file mode 100644
index e351c77505..0000000000
--- a/gnu/packages/patches/python-disable-ssl-test.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Disable a test that fails with openssl-1.0.2b.
-
---- Lib/test/test_ssl.py.orig 2015-02-25 06:27:45.000000000 -0500
-+++ Lib/test/test_ssl.py 2015-06-12 03:14:09.395212502 -0400
-@@ -2718,6 +2718,7 @@
- chatty=True, connectionchatty=True)
- self.assertIs(stats['compression'], None)
-
-+ @unittest.skipIf(True, "openssl 1.0.2b complains: dh key too small")
- def test_dh_params(self):
- # Check we can get a connection with ephemeral Diffie-Hellman
- context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
diff --git a/gnu/packages/patches/python-fix-tests.patch b/gnu/packages/patches/python-fix-tests.patch
index 82c19980f9..e093307c51 100644
--- a/gnu/packages/patches/python-fix-tests.patch
+++ b/gnu/packages/patches/python-fix-tests.patch
@@ -20,21 +20,6 @@ http://bugs.python.org/issue20868 .
def test_tarfile_root_owner(self):
tmpdir, tmpdir2, base_name = self._create_files()
---- Lib/test/test_posixpath.py 2014-03-01 05:46:56.984311000 +0100
-+++ Lib/test/test_posixpath.py 2014-03-07 00:59:20.888311000 +0100
-@@ -319,7 +319,11 @@
- del env['HOME']
- home = pwd.getpwuid(os.getuid()).pw_dir
- # $HOME can end with a trailing /, so strip it (see #17809)
-- self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
-+ # The Guix builders have '/' as a home directory, so
-+ # home.rstrip("/") will be an empty string and the test will
-+ # fail. Let's just disable it since it does not really make
-+ # sense with such a bizarre setup.
-+ # self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
-
- def test_normpath(self):
- self.assertEqual(posixpath.normpath(""), ".")
--- Lib/test/test_socket.py.orig 2014-03-02 22:14:12.264311000 +0100
+++ Lib/test/test_socket.py 2014-03-21 03:50:45.660311000 +0100
@@ -819,6 +819,8 @@
diff --git a/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch b/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch
new file mode 100644
index 0000000000..1426883216
--- /dev/null
+++ b/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch
@@ -0,0 +1,33 @@
+Do not define BSDWAIT to avoid error "storage size of ‘w’ isn’t known".
+
+This is an adapted version of the upstream patch taken from here:
+https://github.com/tcsh-org/tcsh/commit/4689eb60a74bf13bc146ca3d76e9d7a124ab7b49.patch
+
+From 4689eb60a74bf13bc146ca3d76e9d7a124ab7b49 Mon Sep 17 00:00:00 2001
+From: christos <christos>
+Date: Fri, 23 Sep 2016 19:17:28 +0000
+Subject: [PATCH] Don't define BSDWAIT for linux anymore.
+
+---
+ sh.proc.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/sh.proc.c b/sh.proc.c
+index 49b199f..874d67c 100644
+--- sh.proc.c
++++ sh.proc.c
+@@ -47,11 +47,9 @@ RCSID("$tcsh$")
+ # define HZ 16
+ #endif /* aiws */
+
+-#if defined(_BSD) || (defined(IRIS4D) && __STDC__) || defined(__lucid) || defined(__linux__) || defined(__GNU__) || defined(__GLIBC__)
+-# if !defined(__ANDROID__)
+-# define BSDWAIT
+-# endif
+-#endif /* _BSD || (IRIS4D && __STDC__) || __lucid || glibc */
++#if defined(_BSD) || (defined(IRIS4D) && __STDC__) || defined(__lucid)
++# define BSDWAIT
++#endif /* _BSD || (IRIS4D && __STDC__) || __lucid */
+ #ifndef WTERMSIG
+ # define WTERMSIG(w) (((union wait *) &(w))->w_termsig)
+ # ifndef BSDWAIT
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 461472abe9..8bfe2c1a89 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
;;; Coypright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Coypright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Coypright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Coypright © 2016 Ludovic Courtès <ludo@gnu.org>
;;; Coypright © 2016 Julien Lepiller <julien@lepiller.eu>
@@ -70,14 +71,14 @@
(define-public poppler
(package
(name "poppler")
- (version "0.43.0")
+ (version "0.47.0")
(source (origin
(method url-fetch)
(uri (string-append "https://poppler.freedesktop.org/poppler-"
version ".tar.xz"))
(sha256
(base32
- "0mi4zf0pz3x3fx3ir7szz1n57nywgbpd4mp2r7mvf47f4rmf4867"))))
+ "0hnjkcqqk87dw3hlda4gh4l7brkslniax9a79g772jn3iwiffwmq"))))
(build-system gnu-build-system)
;; FIXME:
;; use libcurl: no
@@ -109,19 +110,18 @@
;; Saves 8 MiB of .a files.
"--disable-static")
#:phases
- (alist-cons-before
- 'configure 'setenv
- (lambda _
- (setenv "CPATH"
- (string-append (assoc-ref %build-inputs "openjpeg-1")
- "/include/openjpeg-1.5"
- ":" (or (getenv "CPATH") ""))))
- %standard-phases)))
+ (modify-phases %standard-phases
+ (add-before 'configure 'setenv
+ (lambda _
+ (setenv "CPATH"
+ (string-append (assoc-ref %build-inputs "openjpeg-1")
+ "/include/openjpeg-1.5"
+ ":" (or (getenv "CPATH") ""))))))))
(synopsis "PDF rendering library")
(description
"Poppler is a PDF rendering library based on the xpdf-3.0 code base.")
(license license:gpl2+)
- (home-page "http://poppler.freedesktop.org/")))
+ (home-page "https://poppler.freedesktop.org/")))
(define-public poppler-qt4
(package (inherit poppler)
@@ -408,7 +408,7 @@ by using the poppler rendering engine.")
(patches (search-patches
"zathura-plugindir-environment-variable.patch"))))
(native-inputs `(("pkg-config" ,pkg-config)
- ("gettext" ,gnu-gettext)))
+ ("gettext" ,gettext-minimal)))
(inputs `(("girara" ,girara)
("sqlite" ,sqlite)
("gtk+" ,gtk+)))
@@ -541,13 +541,14 @@ and examining the file structure (pdfshow).")
(define-public qpdf
(package
(name "qpdf")
- (version "5.1.3")
+ (version "6.0.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/qpdf/qpdf/" version
"/qpdf-" version ".tar.gz"))
- (sha256 (base32
- "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm"))
+ (sha256
+ (base32
+ "0csj2p2gkxrc0rk8ykymlsdgfas96vzf1dip3y1x7z1q9plwgzd9"))
(modules '((guix build utils)))
(snippet
;; Replace shebang with the bi-lingual shell/Perl trick to remove
@@ -561,17 +562,17 @@ eval '(exit $?0)' && eval 'exec perl -wS \"$0\" ${1+\"$@\"}'
(build-system gnu-build-system)
(arguments
`(#:disallowed-references (,perl)
- #:phases (alist-cons-before
- 'configure 'patch-paths
- (lambda _
- (substitute* "make/libtool.mk"
- (("SHELL=/bin/bash")
- (string-append "SHELL=" (which "bash"))))
- (substitute* (append
- '("qtest/bin/qtest-driver")
- (find-files "." "\\.test"))
- (("/usr/bin/env") (which "env"))))
- %standard-phases)))
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'configure 'patch-paths
+ (lambda _
+ (substitute* "make/libtool.mk"
+ (("SHELL=/bin/bash")
+ (string-append "SHELL=" (which "bash"))))
+ (substitute* (append
+ '("qtest/bin/qtest-driver")
+ (find-files "." "\\.test"))
+ (("/usr/bin/env") (which "env"))))))))
(native-inputs
`(("pkg-config" ,pkg-config)
("perl" ,perl)))
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index ba6f71a412..ac7ac49ac2 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -45,55 +45,55 @@
;; Yeah, Perl... It is required early in the bootstrap process by Linux.
(package
(name "perl")
- (version "5.22.1")
+ (version "5.24.0")
(source (origin
(method url-fetch)
(uri (string-append "http://www.cpan.org/src/5.0/perl-"
version ".tar.gz"))
(sha256
(base32
- "09wg24w5syyafyv87l6z8pxwz4bjgcdj996bx5844k6m9445sirb"))
+ "00jj8zr8fnihrxxhl8h936ssczv5x86qb618yz1ig40d1rp0qhvy"))
(patches (search-patches
"perl-no-sys-dirs.patch"
"perl-autosplit-default-time.patch"
- "perl-source-date-epoch.patch"
"perl-deterministic-ordering.patch"
- "perl-no-build-time.patch"
- "perl-CVE-2015-8607.patch"
- "perl-CVE-2016-2381.patch"))))
+ "perl-reproducible-build-date.patch"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f
+ #:configure-flags
+ (let ((out (assoc-ref %outputs "out"))
+ (libc (assoc-ref %build-inputs "libc")))
+ (list
+ (string-append "-Dprefix=" out)
+ (string-append "-Dman1dir=" out "/share/man/man1")
+ (string-append "-Dman3dir=" out "/share/man/man3")
+ "-de" "-Dcc=gcc"
+ "-Uinstallusrbinperl"
+ "-Dinstallstyle=lib/perl5"
+ "-Duseshrplib"
+ (string-append "-Dlocincpth=" libc "/include")
+ (string-append "-Dloclibpth=" libc "/lib")
+ "-Dusethreads"))
#:phases
(modify-phases %standard-phases
- (replace
- 'configure
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out"))
- (libc (assoc-ref inputs "libc")))
- ;; Use the right path for `pwd'.
- (substitute* "dist/PathTools/Cwd.pm"
- (("/bin/pwd")
- (which "pwd")))
-
- ;; Build in GNU89 mode to tolerate C++-style comment in libc's
- ;; <bits/string3.h>.
- (substitute* "cflags.SH"
- (("-std=c89")
- "-std=gnu89"))
-
- (zero?
- (system* "./Configure"
- (string-append "-Dprefix=" out)
- (string-append "-Dman1dir=" out "/share/man/man1")
- (string-append "-Dman3dir=" out "/share/man/man3")
- "-de" "-Dcc=gcc"
- "-Uinstallusrbinperl"
- "-Dinstallstyle=lib/perl5"
- "-Duseshrplib"
- (string-append "-Dlocincpth=" libc "/include")
- (string-append "-Dloclibpth=" libc "/lib"))))))
-
+ (add-before 'configure 'setup-configure
+ (lambda _
+ ;; Use the right path for `pwd'.
+ (substitute* "dist/PathTools/Cwd.pm"
+ (("/bin/pwd")
+ (which "pwd")))
+
+ ;; Build in GNU89 mode to tolerate C++-style comment in libc's
+ ;; <bits/string3.h>.
+ (substitute* "cflags.SH"
+ (("-std=c89")
+ "-std=gnu89"))
+ #t))
+ (replace 'configure
+ (lambda* (#:key configure-flags #:allow-other-keys)
+ (format #t "Perl configure flags: ~s~%" configure-flags)
+ (zero? (apply system* "./Configure" configure-flags))))
(add-before
'strip 'make-shared-objects-writable
(lambda* (#:key outputs #:allow-other-keys)
@@ -7009,7 +7009,7 @@ MYMETA.yml.")
(define-public perl-module-build
(package
(name "perl-module-build")
- (version "0.4211")
+ (version "0.4220")
(source
(origin
(method url-fetch)
@@ -7017,7 +7017,7 @@ MYMETA.yml.")
"Module-Build-" version ".tar.gz"))
(sha256
(base32
- "1c5hfhajr963w4mdjivsc7yz4vf4pz1rrfch5a93fbac1x2mr58h"))))
+ "18mm6k7d7cmj9l6na1c50vbc8hc1pwsz38yxi9x6ydlrwz3hf4pv"))))
(build-system perl-build-system)
(propagated-inputs
`(("perl-cpan-meta" ,perl-cpan-meta)))
diff --git a/gnu/packages/plotutils.scm b/gnu/packages/plotutils.scm
index c913955975..74d209192f 100644
--- a/gnu/packages/plotutils.scm
+++ b/gnu/packages/plotutils.scm
@@ -186,8 +186,7 @@ colors, styles, options and details.")
;; "help" command in interactive mode, so adding a "doc" output is not
;; currently useful.
(native-inputs
- `(("gs" ,ghostscript-gs) ;For tests
- ("gs-2" ,ghostscript) ;For dvipdfm
+ `(("gs" ,ghostscript) ;For tests
("texinfo" ,texinfo) ;For generating documentation
("texlive" ,texlive) ;For tests and documentation
("emacs" ,emacs-minimal)
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index c5a39f49ee..0e648cd724 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -52,6 +52,7 @@
#:use-module (gnu packages adns)
#:use-module (gnu packages attr)
#:use-module (gnu packages backup)
+ #:use-module (gnu packages bash)
#:use-module (gnu packages compression)
#:use-module (gnu packages databases)
#:use-module (gnu packages django)
@@ -106,7 +107,7 @@
(define-public python-2.7
(package
(name "python")
- (version "2.7.11")
+ (version "2.7.12")
(source
(origin
(method url-fetch)
@@ -114,7 +115,7 @@
version "/Python-" version ".tar.xz"))
(sha256
(base32
- "0iiz844riiznsyhhyy962710pz228gmhv8qi3yk4w4jhmx2lqawn"))
+ "0y7rl603vmwlxm6ilkhc51rx2mfj14ckcz40xxgs0ljnvlhp30yp"))
(patches (search-patches "python-2.7-search-paths.patch"
"python-2-deterministic-build-info.patch"
"python-2.7-source-date-epoch.patch"))
@@ -126,6 +127,7 @@
'(begin
(for-each delete-file
'("Lib/test/test_compileall.py"
+ "Lib/test/test_ctypes.py" ; fails on mips64el
"Lib/test/test_distutils.py"
"Lib/test/test_import.py"
"Lib/test/test_shutil.py"
@@ -201,13 +203,6 @@
(lambda _
;; 'Lib/test/test_site.py' needs a valid $HOME
(setenv "HOME" (getcwd))
- ,@(if (string-prefix? "mips64el" (%current-system))
-
- ;; XXX: The following test fails on mips64el.
- '((false-if-exception
- (delete-file "Lib/test/test_ctypes.py")))
-
- '())
#t))
(add-after
'unpack 'set-source-file-times-to-1980
@@ -289,7 +284,7 @@
(list (search-path-specification
(variable "PYTHONPATH")
(files '("lib/python2.7/site-packages")))))
- (home-page "http://python.org")
+ (home-page "https://www.python.org")
(synopsis "High-level, dynamically-typed programming language")
(description
"Python is a remarkably powerful dynamic programming language that
@@ -304,23 +299,22 @@ data types.")
;; Current 2.x version.
(define-public python-2 python-2.7)
-(define-public python-3.4
+(define-public python-3.5
(package (inherit python-2)
- (version "3.4.3")
+ (version "3.5.2")
(source (origin
(method url-fetch)
(uri (string-append "https://www.python.org/ftp/python/"
version "/Python-" version ".tar.xz"))
(patches (search-patches
"python-fix-tests.patch"
- ;; XXX Try removing this patch for python > 3.4.3
- "python-disable-ssl-test.patch"
+ "python-3.5-fix-tests.patch"
"python-3-deterministic-build-info.patch"
"python-3-search-paths.patch"))
(patch-flags '("-p0"))
(sha256
(base32
- "1f4nm4z08sy0kqwisvv95l02crv6dyysdmx44p1mz3bn6csrdcxm"))))
+ "0h6a5fr7ram2s483lh0pnmc4ncijb8llnpfdxdcl5dxr01hza400"))))
(arguments (substitute-keyword-arguments (package-arguments python-2)
((#:tests? _) #t)))
(native-search-paths
@@ -330,8 +324,25 @@ data types.")
(version-major+minor version)
"/site-packages"))))))))
+(define-public python-3.4
+ (package (inherit python-3.5)
+ (version "3.4.5")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://www.python.org/ftp/python/"
+ version "/Python-" version ".tar.xz"))
+ (patches (search-patches
+ "python-fix-tests.patch"
+ "python-3.4-fix-tests.patch"
+ "python-3-deterministic-build-info.patch"
+ "python-3-search-paths.patch"))
+ (patch-flags '("-p0"))
+ (sha256
+ (base32
+ "12l9klp778wklxmckhghniy5hklss8r26995pyd00qbllk4b2r7f"))))))
+
;; Current 3.x version.
-(define-public python-3 python-3.4)
+(define-public python-3 python-3.5)
;; Current major version.
(define-public python python-3)
@@ -353,14 +364,12 @@ data types.")
(package (inherit python)
(name "python-minimal")
(outputs '("out"))
- (arguments
- (substitute-keyword-arguments (package-arguments python)
- ((#:configure-flags cf)
- `(append ,cf '("--without-system-ffi")))))
+ ;; Build fails due to missing ctypes without libffi.
;; OpenSSL is a mandatory dependency of Python 3.x, for urllib;
;; zlib is required by 'zipimport', used by pip.
- (inputs `(("openssl" ,openssl)
+ (inputs `(("libffi" ,libffi)
+ ("openssl" ,openssl)
("zlib" ,zlib)))))
(define* (wrap-python3 python
@@ -371,6 +380,7 @@ data types.")
(source #f)
(build-system trivial-build-system)
(outputs '("out"))
+ (inputs `(("bash" ,bash)))
(propagated-inputs `(("python" ,python)))
(arguments
`(#:modules ((guix build utils))
@@ -384,8 +394,20 @@ data types.")
(lambda (old new)
(symlink (string-append python old)
(string-append bin "/" new)))
- '("python3" "pydoc3" "idle3")
- '("python" "pydoc" "idle"))))))
+ `("python3" ,"pydoc3" ,"idle3" ,"pip3")
+ `("python" ,"pydoc" ,"idle" ,"pip"))
+ ;; python-config outputs search paths based upon its location,
+ ;; use a bash wrapper to avoid changing its outputs.
+ (let ((bash (string-append (assoc-ref %build-inputs "bash")
+ "/bin/bash"))
+ (old (string-append python "python3-config"))
+ (new (string-append bin "/python-config")))
+ (with-output-to-file new
+ (lambda ()
+ (format #t "#!~a~%" bash)
+ (format #t "exec \"~a\" \"$@\"~%" old)
+ (chmod new #o755)
+ #t)))))))
(synopsis "Wrapper for the Python 3 commands")
(description
"This package provides wrappers for the commands of Python@tie{}3.x such
@@ -6208,6 +6230,20 @@ responses, rather than doing any computation.")
(base32
"1a85l548w5vvq3yhz0az7ajg2ijixzp6gagapw6wgrqvq28ghgs2"))))
(build-system python-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-before 'check 'disable-failing-test
+ (lambda _
+ ;; This test is known to fail with OpenSSL >= 1.0.2i and older
+ ;; versions of python-cryptography:
+ ;; https://github.com/pyca/cryptography/issues/3196
+ ;; TODO: Try re-enabling the test when upgrading
+ ;; python-cryptography.
+ (substitute* "tests/hazmat/backends/test_openssl.py"
+ (("def test_numeric_string_x509_name_entry")
+ "@pytest.mark.xfail\n def test_numeric_string_x509_name_entry"))
+ #t)))))
(inputs
`(("openssl" ,openssl)))
(propagated-inputs
@@ -6443,10 +6479,16 @@ Python's @code{ctypes} foreign function interface (FFI).")
(synopsis "Python bindings to the libmagic file type guesser. Note that
this module and the python-magic module both provide a \"magic.py\" file;
these two modules, which are different and were developed separately, both
-serve the same purpose: provide Python bindings for libmagic.")))
+serve the same purpose: provide Python bindings for libmagic.")
+ (properties `((python2-variant . ,(delay python2-file))))))
(define-public python2-file
- (package-with-python2 python-file))
+ (let ((base (package-with-python2 (strip-python2-variant python-file))))
+ (package
+ (inherit base)
+ (native-inputs
+ `(("python2-setuptools" ,python2-setuptools)
+ ,@(package-native-inputs base))))))
(define-public python-debian
(package
@@ -7066,6 +7108,9 @@ be set via config files and/or environment variables.")
(base32
"0x32ibixm3vv5m9xfk83xsqm8xcqw4dd0khbh6qbri6rxgymbhg8"))))
(build-system python-build-system)
+ (arguments
+ '(;; The tests appear to require networking.
+ #:tests? #f))
(propagated-inputs
`(("python-pyopenssl" ,python-pyopenssl)))
(synopsis "HTTPS support for Python's httplib and urllib2")
@@ -7201,6 +7246,10 @@ for atomic file system operations.")
(base32
"15q9nrgp85nqlr4kdz1zvj8z2npafi2sr12y7fqgxbkq28j1aci6"))))
(build-system python-build-system)
+ (native-inputs
+ `(("python-betamax" ,python-betamax)
+ ("python-mock" ,python-mock)
+ ("python-pytest" ,python-pytest)))
(propagated-inputs
`(("python-requests" ,python-requests)))
(synopsis "Extensions to python-requests")
@@ -7289,8 +7338,14 @@ pure Python module that works on virtually all Python versions.")
(base32
"1rpk1vyclhg911p3hql0m0nrpq7q7mysxnaaw6vs29cpa6kx8vgn"))))
(build-system python-build-system)
+ (arguments
+ `(;; 2 failed, 275 passed, 670 skipped, 4 xfailed
+ ;; The two test failures are caused by the lack of an `ssh` executable.
+ ;; The test suite can be run with pytest after the 'install' phase.
+ #:tests? #f))
(native-inputs
- `(("python-setuptools-scm" ,python-setuptools-scm)))
+ `(("python-pytest" ,python-pytest)
+ ("python-setuptools-scm" ,python-setuptools-scm)))
(inputs
`(("python-apipkg" ,python-apipkg)))
(synopsis "Rapid multi-Python deployment")
@@ -7394,7 +7449,8 @@ framework which enables you to test server connections locally.")
(build-system python-build-system)
(native-inputs
`(("python-pytest" ,python-pytest)
- ("python-six" ,python-six)))
+ ("python-six" ,python-six)
+ ("python-urllib3" ,python-urllib3)))
(propagated-inputs
`(("python-httplib2" ,python-httplib2)
("python-requests" ,python-requests)))
@@ -8422,21 +8478,22 @@ alternative when librabbitmq is not available.")
(define-public python-kombu
(package
(name "python-kombu")
- (version "3.0.33")
+ (version "3.0.37")
(source
(origin
(method url-fetch)
(uri (pypi-uri "kombu" version))
(sha256
(base32
- "16brjx2lgwbj2a37d0pjbfb84nvld6irghmqrs3qfncajp51hgc5"))))
+ "0l16chb314gpq2v7fh94a22c30lcv6w3ylmhsa60bldlcq6a0r70"))))
(build-system python-build-system)
(native-inputs
`(("python-mock" ,python-mock)
("python-nose" ,python-nose)))
(propagated-inputs
`(("python-anyjson" ,python-anyjson)
- ("python-amqp" ,python-amqp)))
+ ("python-amqp" ,python-amqp)
+ ("python-redis" ,python-redis)))
(home-page "http://kombu.readthedocs.org")
(synopsis "Message passing library for Python")
(description "The aim of Kombu is to make messaging in Python as easy as
@@ -8460,14 +8517,14 @@ RabbitMQ messaging server is the most popular implementation.")
(define-public python-billiard
(package
(name "python-billiard")
- (version "3.3.0.22")
+ (version "3.3.0.23")
(source
(origin
(method url-fetch)
(uri (pypi-uri "billiard" version))
(sha256
(base32
- "0zp7h6a58alrb3mwdw61jds07395j4j0mj6iqsb8czrihw9ih5nj"))))
+ "02wxsc6bhqvzh8j6w758kvgqbnj14l796mvmrcms8fgfamd2lak9"))))
(build-system python-build-system)
(native-inputs
`(("python-nose" ,python-nose)))
@@ -8495,15 +8552,24 @@ Python 2.4 and 2.5, and will draw its fixes/improvements from python-trunk.")
(define-public python-celery
(package
(name "python-celery")
- (version "3.1.20")
+ (version "3.1.24")
(source
(origin
(method url-fetch)
(uri (pypi-uri "celery" version))
(sha256
(base32
- "1md6ywg1s0946qyp8ndnsd677wm0yax933h2sb4m3a4j7lf1jbyh"))))
+ "0yh2prhdnx2dgkb67a5drj12hh2zvzx5f611p7mqqg01ydghif4r"))))
(build-system python-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ ;; These tests break with Python 3.5:
+ ;; https://github.com/celery/celery/issues/2897#issuecomment-253066295
+ (replace 'check
+ (lambda _
+ (zero?
+ (system* "nosetests" "--exclude=^test_safe_to_remove.*")))))))
(native-inputs
`(("python-nose" ,python-nose)))
(inputs
@@ -8686,6 +8752,9 @@ introspection of @code{zope.interface} instances in code.")
(base32
"1qfnwlx8qwkgr6nf5wvl6ff1r3kll53dh3z6nyp173nmlhhhqccb"))))
(build-system python-build-system)
+ (arguments
+ '(;; The test suite relies on some non-portable Windows interfaces.
+ #:tests? #f))
(inputs
`(("python-dateutil-2" ,python-dateutil-2)
("python-pyicu" ,python-pyicu)))
@@ -11058,3 +11127,35 @@ with an associated set of resolve methods that know how to fetch data.")
provide extendible implementations of common aspects of a cloud so that you can
focus on building massively scalable web applications.")
(license license:expat)))
+
+(define-public python-betamax
+ (package
+ (name "python-betamax")
+ (version "0.8.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (pypi-uri "betamax" version))
+ (sha256
+ (base32
+ "18f8v5gng3j773jlbbzx4rg1i4y2zw3m2l1zpmbvp8bh5a2q1i42"))))
+ (build-system python-build-system)
+ (arguments
+ '(;; Many tests fail because they require networking.
+ #:tests? #f))
+ (inputs
+ `(("python-requests" ,python-requests)))
+ (home-page "https://github.com/sigmavirus24/betamax")
+ (synopsis "Record HTTP interactions with python-requests")
+ (description "Betamax will record your test suite's HTTP interactions and
+replay them during future tests. It is designed to work with python-requests.")
+ (license license:expat)
+ (properties `((python2-variant . ,(delay python2-betamax))))))
+
+(define-public python2-betamax
+ (let ((base (package-with-python2 (strip-python2-variant python-betamax))))
+ (package
+ (inherit base)
+ (native-inputs
+ `(("python2-setuptools" ,python2-setuptools)
+ ,@(package-native-inputs base))))))
diff --git a/gnu/packages/readline.scm b/gnu/packages/readline.scm
index 169a7386c4..6435e98234 100644
--- a/gnu/packages/readline.scm
+++ b/gnu/packages/readline.scm
@@ -40,14 +40,14 @@
(find-files lib "\\.a"))))))
(package
(name "readline")
- (version "6.3")
+ (version "7.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/readline/readline-"
version ".tar.gz"))
(sha256
(base32
- "0hzxr9jxqqx5sxsv9vmlxdnvlr9vi4ih1avjb869hbs6p5qn1fjn"))
+ "0d13sg9ksf982rrrmv5mb6a2p4ys9rvg9r71d6il0vr8hmql63bm"))
(patches (search-patches "readline-link-ncurses.patch"))
(patch-flags '("-p0"))))
(build-system gnu-build-system)
diff --git a/gnu/packages/sawfish.scm b/gnu/packages/sawfish.scm
index 9b09b6171e..54b72ffe03 100644
--- a/gnu/packages/sawfish.scm
+++ b/gnu/packages/sawfish.scm
@@ -152,7 +152,7 @@ backend of Sawfish.")
"/lib/sawfish/sawfish-menu")))
%standard-phases))))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("makeinfo" ,texinfo)
("pkg-config" ,pkg-config)
("which" ,which)))
diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm
index 9597473ad4..9ad9e707e7 100644
--- a/gnu/packages/scheme.scm
+++ b/gnu/packages/scheme.scm
@@ -633,7 +633,7 @@ threads.")
("stex" ,stex)))
(native-inputs
`(("texlive" ,texlive)
- ("ghostscript" ,ghostscript-gs)
+ ("ghostscript" ,ghostscript)
("netpbm" ,netpbm)))
(outputs '("out" "doc"))
(arguments
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 6d510c2e4c..78ff1730c9 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -185,7 +185,8 @@ has a small feature set similar to a traditional Bourne shell.")
(sha256
(base32
"1a4z9kwgx1iqqzvv64si34m60gj34p7lp6rrcrb59s7ka5wa476q"))
- (patches (search-patches "tcsh-fix-autotest.patch"))
+ (patches (search-patches "tcsh-fix-autotest.patch"
+ "tcsh-do-not-define-BSDWAIT.patch"))
(patch-flags '("-p0"))))
(build-system gnu-build-system)
(inputs
@@ -304,6 +305,11 @@ ksh, and tcsh.")
(("'xonsh\\.ply',") ""))
#t))))
(build-system python-build-system)
+ (arguments
+ '(;; TODO Try running run the test suite.
+ ;; See 'requirements-tests.txt' in the source distribution for more
+ ;; information.
+ #:tests? #f))
(inputs
`(("python-ply" ,python-ply)))
(home-page "http://xon.sh/")
diff --git a/gnu/packages/shishi.scm b/gnu/packages/shishi.scm
index 30351fb517..7e02843d38 100644
--- a/gnu/packages/shishi.scm
+++ b/gnu/packages/shishi.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2012 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -48,7 +49,7 @@
(inputs
`(("gnutls" ,gnutls)
("libidn" ,libidn)
- ("linux-pam" ,linux-pam)
+ ("linux-pam" ,linux-pam-1.2)
("zlib" ,zlib)
;; libgcrypt 1.6 fails because of the following test:
;; #include <gcrypt.h>
diff --git a/gnu/packages/skribilo.scm b/gnu/packages/skribilo.scm
index 40bf659297..52ed1c34e3 100644
--- a/gnu/packages/skribilo.scm
+++ b/gnu/packages/skribilo.scm
@@ -63,8 +63,7 @@
#:parallel-build? #f))
- (native-inputs `(("pkg-config" ,pkg-config)
- ("ghostscript-gs" , ghostscript-gs)))
+ (native-inputs `(("pkg-config" ,pkg-config)))
(inputs `(("guile" ,guile-2.0)
("imagemagick" ,imagemagick)
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index 959251d84c..0748b5d860 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -75,7 +75,7 @@
(build-system gnu-build-system)
(inputs
`(("cairo" ,cairo)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("gsl" ,gsl)
("libxml2" ,libxml2)
("pango" ,pango)
@@ -101,7 +101,7 @@ be output in text, PostScript, PDF or HTML.")
(define-public r
(package
(name "r")
- (version "3.3.0")
+ (version "3.3.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://cran/src/base/R-"
@@ -109,7 +109,7 @@ be output in text, PostScript, PDF or HTML.")
version ".tar.gz"))
(sha256
(base32
- "1r0i0cqs3p0vrpiwq0zg5kbrmja9rmaijyzf9f23v6d5n5ab2mlj"))))
+ "1qm9znh8akfy9fkzzi6f1vz2w1dd0chsr6qn7kw80lqzhgjrmi9x"))))
(build-system gnu-build-system)
(arguments
`(#:make-flags
@@ -137,6 +137,7 @@ be output in text, PostScript, PDF or HTML.")
(lambda _ (zero? (system* "make" "install-info")))))
#:configure-flags
'("--with-cairo"
+ "--with-blas=-lopenblas"
"--with-libpng"
"--with-jpeglib"
"--with-libtiff"
@@ -171,6 +172,7 @@ be output in text, PostScript, PDF or HTML.")
("pango" ,pango)
("curl" ,curl)
("tzdata" ,tzdata)
+ ("openblas" ,openblas)
("gfortran" ,gfortran)
("icu4c" ,icu4c)
("libjpeg" ,libjpeg)
diff --git a/gnu/packages/terminals.scm b/gnu/packages/terminals.scm
index ef80371ecb..97dd0a82bd 100644
--- a/gnu/packages/terminals.scm
+++ b/gnu/packages/terminals.scm
@@ -69,7 +69,7 @@
(native-inputs
`(("autoconf" ,autoconf)
("automake" ,automake)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(inputs
`(("glib" ,glib "bin")
diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm
index 5b22e84fb8..d21394e74f 100644
--- a/gnu/packages/texinfo.scm
+++ b/gnu/packages/texinfo.scm
@@ -32,14 +32,14 @@
(define-public texinfo
(package
(name "texinfo")
- (version "6.1")
+ (version "6.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/texinfo/texinfo-"
version ".tar.xz"))
(sha256
(base32
- "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c"))))
+ "0fpr9kdjjl6nj2pc50k2zr7134hvqz8bi8pfqa7131a9lpzz6v14"))))
(build-system gnu-build-system)
(native-inputs `(("procps" ,procps))) ;one of the tests needs pgrep
(inputs `(("ncurses" ,ncurses)
@@ -62,18 +62,6 @@ their source and the command-line Info reader. The emphasis of the language
is on expressing the content semantically, avoiding physical markup commands.")
(license gpl3+)))
-(define-public texinfo-6.3
- (package
- (inherit texinfo)
- (version "6.3")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/texinfo/texinfo-"
- version ".tar.xz"))
- (sha256
- (base32
- "0fpr9kdjjl6nj2pc50k2zr7134hvqz8bi8pfqa7131a9lpzz6v14"))))))
-
(define-public texinfo-5
(package (inherit texinfo)
(version "5.2")
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index b85fdde524..e965ca92cd 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -4,7 +4,7 @@
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
@@ -50,7 +50,7 @@
(define-public libtasn1
(package
(name "libtasn1")
- (version "4.8")
+ (version "4.9")
(source
(origin
(method url-fetch)
@@ -58,7 +58,7 @@
version ".tar.gz"))
(sha256
(base32
- "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))
+ "0869cp6jx7cajgv6cnddsh3vc7bimmdkdjn80y1jpb4iss7plvsg"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(home-page "http://www.gnu.org/software/libtasn1/")
@@ -100,7 +100,7 @@ in intelligent transportation networks.")
(define-public p11-kit
(package
(name "p11-kit")
- (version "0.23.1")
+ (version "0.23.2")
(source
(origin
(method url-fetch)
@@ -108,7 +108,7 @@ in intelligent transportation networks.")
version ".tar.gz"))
(sha256
(base32
- "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
+ "1w7szm190phlkg7qx05ychlj2dbvkgkhx9gw6dx4d5rw62l6wwms"))
(modules '((guix build utils))) ; for substitute*
(snippet
'(begin
@@ -138,8 +138,7 @@ living in the same process.")
(define-public gnutls
(package
(name "gnutls")
- (replacement gnutls-3.5.4)
- (version "3.5.2")
+ (version "3.5.4")
(source (origin
(method url-fetch)
(uri
@@ -150,7 +149,7 @@ living in the same process.")
"/gnutls-" version ".tar.xz"))
(sha256
(base32
- "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b"))))
+ "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
@@ -212,25 +211,10 @@ required structures.")
(properties '((ftp-server . "ftp.gnutls.org")
(ftp-directory . "/gcrypt/gnutls")))))
-(define gnutls-3.5.4
- (package
- (inherit gnutls)
- (source
- (let ((version "3.5.4"))
- (origin
- (method url-fetch)
- (uri (string-append "mirror://gnupg/gnutls/v"
- (version-major+minor version)
- "/gnutls-" version ".tar.xz"))
- (sha256
- (base32
- "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))))
-
(define-public openssl
(package
(name "openssl")
- (replacement openssl-1.0.2j)
- (version "1.0.2h")
+ (version "1.0.2j")
(source (origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
@@ -240,11 +224,9 @@ required structures.")
"/" name "-" version ".tar.gz")))
(sha256
(base32
- "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
+ "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7"))
(patches (search-patches "openssl-runpath.patch"
- "openssl-c-rehash-in.patch"
- "openssl-CVE-2016-2177.patch"
- "openssl-CVE-2016-2178.patch"))))
+ "openssl-c-rehash-in.patch"))))
(build-system gnu-build-system)
(outputs '("out"
"doc" ;1.5MiB of man3 pages
@@ -331,6 +313,7 @@ required structures.")
(string-append target "/"
(basename file))))
(find-files man3))
+ (delete-file-recursively man3)
#t)))
(add-before
'patch-source-shebangs 'patch-tests
@@ -368,29 +351,10 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/")))
-(define openssl-1.0.2j
- (package
- (inherit openssl)
- (name "openssl")
- (version "1.0.2j")
- (source (origin
- (method url-fetch)
- (uri (list (string-append "ftp://ftp.openssl.org/source/"
- name "-" version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/old/"
- (string-trim-right version char-set:letter)
- "/" name "-" version ".tar.gz")))
- (sha256
- (base32
- "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7"))
- (patches (search-patches "openssl-runpath.patch"
- "openssl-c-rehash-in.patch"))))))
-
(define-public openssl-next
(package
(inherit openssl)
(name "openssl")
- (replacement #f)
(version "1.1.0b")
(source (origin
(method url-fetch)
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 47383b71d4..4ca5a97311 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -89,7 +89,7 @@
(inputs
;; Note: 'tools/packaging/lp-upload-release' and 'tools/weavemerge.sh'
;; require Zsh.
- `(("gettext" ,gnu-gettext)))
+ `(("gettext" ,gettext-minimal)))
(arguments
`(#:tests? #f ; no test target
#:python ,python-2 ; Python 3 apparently not yet supported, see
@@ -123,7 +123,7 @@ as well as the classic centralized workflow.")
(build-system gnu-build-system)
(native-inputs
`(("native-perl" ,perl)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("git-manpages"
,(origin
(method url-fetch)
@@ -938,7 +938,7 @@ accessed and migrated on modern systems.")
("file" ,file)
("libxml2" ,libxml2)
("zlib" ,zlib)
- ("gettext" ,gnu-gettext)))
+ ("gettext" ,gettext-minimal)))
(native-inputs
`(("bison" ,bison)
("groff" ,groff)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 3ddf8587f6..6d59ccc490 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -353,7 +353,7 @@ SMPTE 314M.")
(define-public libva
(package
(name "libva")
- (version "1.7.0")
+ (version "1.7.1")
(source
(origin
(method url-fetch)
@@ -361,7 +361,7 @@ SMPTE 314M.")
"https://www.freedesktop.org/software/vaapi/releases/libva/libva-"
version".tar.bz2"))
(sha256
- (base32 "0py9igf4kicj7ji22bjawkpd6my013qpg0s4ir2np9l1rk5vr2d6"))))
+ (base32 "1j8mb3p9kafhp30r3kmndnrklvzycc2ym0w6xdqz6m7jap626028"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@@ -943,7 +943,8 @@ access to mpv's powerful playback capabilities.")
;; So, we need pass the prefix directly. In addition, make sure the Bash
;; completion file is called 'youtube-dl' rather than
;; 'youtube-dl.bash-completion'.
- `(#:phases (modify-phases %standard-phases
+ `(#:tests? #f ; Many tests fail. The test suite can be run with pytest.
+ #:phases (modify-phases %standard-phases
(add-before 'install 'fix-the-data-directories
(lambda* (#:key outputs #:allow-other-keys)
(let ((prefix (assoc-ref outputs "out")))
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 477b05189c..6449f0d57a 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -130,7 +130,7 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
("vpnc" ,vpnc)
("zlib" ,zlib)))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(arguments
`(#:configure-flags
diff --git a/gnu/packages/w3m.scm b/gnu/packages/w3m.scm
index e7dd583c11..afda239356 100644
--- a/gnu/packages/w3m.scm
+++ b/gnu/packages/w3m.scm
@@ -69,7 +69,7 @@
("openssl" ,openssl)
("zlib" ,zlib)))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("perl" ,perl)
("pkg-config" ,pkg-config)))
(home-page "http://w3m.sourceforge.net/")
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 46ae30aa9a..fde5ff2c6f 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -87,7 +87,7 @@
"/include/gstreamer-1.0")))))))
(native-inputs
`(("bison" ,bison)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("glib:bin" ,glib "bin") ; for glib-mkenums, etc.
("gobject-introspection" ,gobject-introspection)
("gperf" ,gperf)
diff --git a/gnu/packages/wicd.scm b/gnu/packages/wicd.scm
index f9aa657e56..e70bf736a5 100644
--- a/gnu/packages/wicd.scm
+++ b/gnu/packages/wicd.scm
@@ -52,7 +52,7 @@
"wicd-urwid-1.3.patch"
"wicd-wpa2-ttls.patch"))))
(build-system python-build-system)
- (native-inputs `(("gettext" ,gnu-gettext)))
+ (native-inputs `(("gettext" ,gettext-minimal)))
(inputs `(("dbus-glib" ,dbus-glib)
("python2-dbus" ,python2-dbus)
("python2-pygtk" ,python2-pygtk)
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index 03a896b8e1..9a1bd56608 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -63,7 +63,7 @@
"1nmd65knzyh8b0yhxlqqvzai5rpnmhhm0c46n789zr5hj74jm6fg"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)
- ("gettext" ,gnu-gettext)
+ ("gettext" ,gettext-minimal)
("flex" ,flex)
("bison" ,bison)
("perl" ,perl)))
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 323ff111d4..a26c716866 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -90,7 +90,7 @@
#t)))))
(inputs `(("pygtk" ,python2-pygtk)
("xrandr" ,xrandr)))
- (native-inputs `(("gettext" ,gnu-gettext)
+ (native-inputs `(("gettext" ,gettext-minimal)
("python-docutils" ,python2-docutils)
("python-setuptools" ,python2-setuptools)))
(home-page "https://christian.amsuess.com/tools/arandr/")
@@ -266,7 +266,7 @@ rasterisation.")
(define-public libdrm
(package
(name "libdrm")
- (version "2.4.67")
+ (version "2.4.68")
(source
(origin
(method url-fetch)
@@ -275,8 +275,8 @@ rasterisation.")
version
".tar.bz2"))
(sha256
- (base32
- "1gnf206zs8dwszvkv4z2hbvh23045z0q29kms127bqrv27hp2nzf"))
+ (base32
+ "1px91j6imaaq2fy8ksvgldmv0cdz3w379jqiciqvqa99jajxjjsv"))
(patches (search-patches "libdrm-symbol-check.patch"))))
(build-system gnu-build-system)
(inputs
@@ -1010,7 +1010,7 @@ by name.")
("libxrandr" ,libxrandr)
("startup-notification" ,startup-notification)))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(home-page "https://gitlab.com/o9000/tint2")
(synopsis "Lightweight task bar")
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 879b37a337..94a017d1d5 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -52,18 +52,16 @@
(define-public expat
(package
(name "expat")
- (replacement expat/fixed)
- (version "2.1.1")
+ (version "2.2.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/expat/expat/"
version "/expat-" version ".tar.bz2"))
- (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch"
- "expat-CVE-2015-1283-refix.patch"
- "expat-CVE-2016-0718.patch"))
+ (patches
+ (search-patches "expat-CVE-2016-0718-fix-regression.patch"))
(sha256
(base32
- "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg"))))
+ "1zq4lnwjlw8s9mmachwfvfjf2x3lk24jm41746ykhdcvs7r0zrfr"))))
(build-system gnu-build-system)
(home-page "http://www.libexpat.org/")
(synopsis "Stream-oriented XML parser library written in C")
@@ -73,17 +71,6 @@ stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).")
(license license:expat)))
-(define expat/fixed
- (package
- (inherit expat)
- (source (origin
- (inherit (package-source expat))
- (patches (search-patches
- "expat-CVE-2012-6702-and-CVE-2016-5300.patch"
- "expat-CVE-2015-1283-refix.patch"
- "expat-CVE-2016-0718.patch"
- "expat-CVE-2016-0718-fix-regression.patch"))))))
-
(define-public libxml2
(package
(name "libxml2")
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index aa2b99a720..9f9549b6b9 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -2,7 +2,7 @@
;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2015 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
;;; Copyright © 2015 Cyrill Schenkel <cyrill.schenkel@gmail.com>
@@ -999,7 +999,7 @@ authentication records.")
(define-public inputproto
(package
(name "inputproto")
- (version "2.3.1")
+ (version "2.3.2")
(source
(origin
(method url-fetch)
@@ -1009,7 +1009,7 @@ authentication records.")
".tar.bz2"))
(sha256
(base32
- "1lf1jlxp0fc8h6fjdffhd084dqab94966l1zm3rwwsis0mifwiss"))))
+ "07gk7v006zqn3dcfh16l06gnccy7xnqywf3vl9c209ikazsnlfl9"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)))
(home-page "https://www.x.org/wiki/")
@@ -1432,7 +1432,7 @@ treat it as part of their software base when porting.")
"07041q4k8m4nirzl7lrqn8by2zylx0xvh6n0za301qqs3njszgf5"))))
(build-system gnu-build-system)
(inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("libxt" ,libxt)
("xproto" ,xproto)
("libxext" ,libxext)))
@@ -1920,7 +1920,7 @@ generate new versions of their configure scripts with autoconf.")
(define-public videoproto
(package
(name "videoproto")
- (version "2.3.2")
+ (version "2.3.3")
(source
(origin
(method url-fetch)
@@ -1930,7 +1930,7 @@ generate new versions of their configure scripts with autoconf.")
".tar.bz2"))
(sha256
(base32
- "1dnlkd9nb0m135lgd6hd61vc29sdyarsyya8aqpx7z10p261dbld"))))
+ "00m7rh3pwmsld4d5fpii3xfk5ciqn17kkk38gfpzrrh8zn4ki067"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)))
(home-page "https://www.x.org/wiki/")
@@ -3675,7 +3675,7 @@ alternative implementations like XRandR or TwinView.")
(define xkbcomp-intermediate ; used as input for xkeyboard-config
(package
(name "xkbcomp-intermediate")
- (version "1.3.0")
+ (version "1.3.1")
(source
(origin
(method url-fetch)
@@ -3684,8 +3684,8 @@ alternative implementations like XRandR or TwinView.")
version
".tar.bz2"))
(sha256
- (base32
- "0aibcbhhjlwcrxh943xg2dswwx5bz1x0pmhs28b55gzsg0vrgb6g"))))
+ (base32
+ "0gcjy70ppmcl610z8gxc7sydsx93f8cm8pggm4qhihaa1ngdq103"))))
(build-system gnu-build-system)
(inputs
`(("xproto" ,xproto)
@@ -3789,7 +3789,7 @@ extension to the X11 protocol. It includes:
(define-public xkeyboard-config
(package
(name "xkeyboard-config")
- (version "2.17")
+ (version "2.18")
(source
(origin
(method url-fetch)
@@ -3799,10 +3799,10 @@ extension to the X11 protocol. It includes:
".tar.bz2"))
(sha256
(base32
- "00878f1v3034ki78pjpf2db0bh7jsmszsnxr3bf5qxripm2bxiny"))))
+ "1l6x2w357ja8vm94ns79s7yj9a5dlr01r9dxrjvzwncadiyr27f4"))))
(build-system gnu-build-system)
(inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("libx11" ,libx11)
("xkbcomp-intermediate" ,xkbcomp-intermediate)))
(native-inputs
@@ -4008,7 +4008,7 @@ Font Description (XLFD) full name for a font.")
("libxmu" ,libxmu)
("libxrender" ,libxrender)))
(native-inputs
- `(("gettext" ,gnu-gettext)
+ `(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(home-page "https://www.x.org/wiki/")
(synopsis "Display all the characters in an X font")
@@ -4602,8 +4602,7 @@ cannot be adequately worked around on the client side of the wire.")
(define-public libxrender
(package
(name "libxrender")
- (replacement libxrender/fixed)
- (version "0.9.9")
+ (version "0.9.10")
(source
(origin
(method url-fetch)
@@ -4613,7 +4612,7 @@ cannot be adequately worked around on the client side of the wire.")
".tar.bz2"))
(sha256
(base32
- "06myx7044qqdswxndsmd82fpp670klnizkgzdm194h51h1wyabzw"))))
+ "0j89cnb06g8x79wmmnwzykgkkfdhin9j7hjpvsxwlr3fz1wmjvf0"))))
(build-system gnu-build-system)
(propagated-inputs
`(("renderproto" ,renderproto)))
@@ -4627,20 +4626,10 @@ cannot be adequately worked around on the client side of the wire.")
(description "Library for the Render Extension to the X11 protocol.")
(license license:x11)))
-(define libxrender/fixed
- (package
- (inherit libxrender)
- (source (origin
- (inherit (package-source libxrender))
- (patches (search-patches
- "libxrender-CVE-2016-7949.patch"
- "libxrender-CVE-2016-7950.patch"))))))
-
(define-public libxtst
(package
(name "libxtst")
- (replacement libxtst/fixed)
- (version "1.2.2")
+ (version "1.2.3")
(source
(origin
(method url-fetch)
@@ -4650,7 +4639,7 @@ cannot be adequately worked around on the client side of the wire.")
".tar.bz2"))
(sha256
(base32
- "1ngn161nq679ffmbwl81i2hn75jjg5b3ffv6n4jilpvyazypy2pg"))))
+ "012jpyj7xfm653a9jcfqbzxyywdmwb2b5wr1dwylx14f3f54jma6"))))
(build-system gnu-build-system)
(propagated-inputs
`(("recordproto" ,recordproto)
@@ -4675,19 +4664,10 @@ The RECORD extension supports the recording and reporting of all core X
protocol and arbitrary X extension protocol.")
(license license:x11)))
-(define libxtst/fixed
- (package
- (inherit libxtst)
- (source (origin
- (inherit (package-source libxtst))
- (patches (search-patches
- "libxtst-CVE-2016-7951-CVE-2016-7952.patch"))))))
-
(define-public libxv
(package
(name "libxv")
- (replacement libxv/fixed)
- (version "1.0.10")
+ (version "1.0.11")
(source
(origin
(method url-fetch)
@@ -4697,7 +4677,7 @@ protocol and arbitrary X extension protocol.")
".tar.bz2"))
(sha256
(base32
- "09a5j6bisysiipd0nw6s352565bp0n6gbyhv5hp63s3cd3w95zjm"))))
+ "125hn06bd3d8y97hm2pbf5j55gg4r2hpd3ifad651i4sr7m16v6j"))))
(build-system gnu-build-system)
(propagated-inputs
`(("videoproto" ,videoproto)))
@@ -4712,14 +4692,6 @@ protocol and arbitrary X extension protocol.")
(description "Library for the X Video Extension to the X11 protocol.")
(license license:x11)))
-(define libxv/fixed
- (package
- (inherit libxv)
- (source (origin
- (inherit (package-source libxv))
- (patches (search-patches
- "libxv-CVE-2016-5407.patch"))))))
-
(define-public mkfontdir
(package
(name "mkfontdir")
@@ -4761,7 +4733,7 @@ script around the mkfontscale program.")
(define-public xproto
(package
(name "xproto")
- (version "7.0.28")
+ (version "7.0.29")
(source
(origin
(method url-fetch)
@@ -4771,7 +4743,7 @@ script around the mkfontscale program.")
".tar.bz2"))
(sha256
(base32
- "1jpnvm33vi2dar5y5zgz7jjh0m8fpkcxm0f0lbwfx37ns5l5bs19"))))
+ "12lzpa9mrzkyrhrphzpi1014np3328qg7mdq08wj6wyaj9q4f6kc"))))
(build-system gnu-build-system)
(propagated-inputs
`(("util-macros" ,util-macros))) ; to get util-macros in (almost?) all package inputs
@@ -4848,8 +4820,7 @@ an X Window System display.")
(define-public libxfixes
(package
(name "libxfixes")
- (replacement libxfixes/fixed)
- (version "5.0.1")
+ (version "5.0.3")
(source
(origin
(method url-fetch)
@@ -4859,7 +4830,7 @@ an X Window System display.")
".tar.bz2"))
(sha256
(base32
- "0rs7qgzr6dpr62db7sd91c1b47hzhzfr010qwnpcm8sg122w1gk3"))))
+ "1miana3y4hwdqdparsccmygqr3ic3hs5jrqfzp70hvi2zwxd676y"))))
(build-system gnu-build-system)
(propagated-inputs
`(("fixesproto" ,fixesproto)))
@@ -4873,14 +4844,6 @@ an X Window System display.")
(description "Library for the XFixes Extension to the X11 protocol.")
(license license:x11)))
-(define libxfixes/fixed
- (package
- (inherit libxfixes)
- (source (origin
- (inherit (package-source libxfixes))
- (patches (search-patches
- "libxfixes-CVE-2016-7944.patch"))))))
-
(define-public libxfont
(package
(name "libxfont")
@@ -4921,8 +4884,7 @@ new API's in libXft, or the legacy API's in libX11.")
(define-public libxi
(package
(name "libxi")
- (replacement libxi/fixed)
- (version "1.7.6")
+ (version "1.7.7")
(source
(origin
(method url-fetch)
@@ -4932,7 +4894,7 @@ new API's in libXft, or the legacy API's in libX11.")
".tar.bz2"))
(sha256
(base32
- "1b5p0l19ynmd6blnqr205wyngh6fagl35nqb4v05dw60rr9aachz"))))
+ "0c70n4aq0ba628wr88ih4740nci9d9f6y3v96sx376vvlm7q6vwr"))))
(build-system gnu-build-system)
(propagated-inputs
`(("inputproto" ,inputproto)
@@ -4948,19 +4910,10 @@ new API's in libXft, or the legacy API's in libX11.")
(description "Library for the XInput Extension to the X11 protocol.")
(license license:x11)))
-(define libxi/fixed
- (package
- (inherit libxi)
- (source (origin
- (inherit (package-source libxi))
- (patches (search-patches
- "libxi-CVE-2016-7945-CVE-2016-7946.patch"))))))
-
(define-public libxrandr
(package
(name "libxrandr")
- (replacement libxrandr/fixed)
- (version "1.5.0")
+ (version "1.5.1")
(source
(origin
(method url-fetch)
@@ -4970,7 +4923,7 @@ new API's in libXft, or the legacy API's in libX11.")
".tar.bz2"))
(sha256
(base32
- "0n6ycs1arf4wb1cal9il6v7vbxbf21qhs9sbfl8xndgwnxclk1kg"))))
+ "06pmphx8lp3iywqnh88fvbfb0d8xgkx0qpvan49akpja1vxfgy8z"))))
(build-system gnu-build-system)
(propagated-inputs
;; In accordance with xrandr.pc.
@@ -4987,19 +4940,10 @@ new API's in libXft, or the legacy API's in libX11.")
"Library for the Resize and Rotate Extension to the X11 protocol.")
(license license:x11)))
-(define libxrandr/fixed
- (package
- (inherit libxrandr)
- (source (origin
- (inherit (package-source libxrandr))
- (patches (search-patches
- "libxrandr-CVE-2016-7947-CVE-2016-7948.patch"))))))
-
(define-public libxvmc
(package
(name "libxvmc")
- (replacement libxvmc/fixed)
- (version "1.0.9")
+ (version "1.0.10")
(source
(origin
(method url-fetch)
@@ -5009,7 +4953,7 @@ new API's in libXft, or the legacy API's in libX11.")
".tar.bz2"))
(sha256
(base32
- "0mjp1b21dvkaz7r0iq085r92nh5vkpmx99awfgqq9hgzyvgxf0q7"))))
+ "0bpffxr5dal90a8miv2w0rif61byqxq2f5angj4z1bnznmws00g5"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libxv" ,libxv)))
@@ -5024,14 +4968,6 @@ new API's in libXft, or the legacy API's in libX11.")
(description "Xorg XvMC library.")
(license license:x11)))
-(define libxvmc/fixed
- (package
- (inherit libxvmc)
- (source (origin
- (inherit (package-source libxvmc))
- (patches (search-patches
- "libxvmc-CVE-2016-7953.patch"))))))
-
(define-public libxxf86vm
(package
(name "libxxf86vm")
@@ -5067,7 +5003,7 @@ protocol.")
(define-public libxcb
(package
(name "libxcb")
- (version "1.11")
+ (version "1.11.1")
(source
(origin
(method url-fetch)
@@ -5075,7 +5011,7 @@ protocol.")
name "-" version ".tar.bz2"))
(sha256
(base32
- "1xqgc81krx14f2c8yl5chzg5g2l26mhm2rwffy8dx7jv0iq5sqq3"))))
+ "0c4xyvdyx5adh8dzyhnrmvwwz24gri4z1czxmxqm63i0gmngs85p"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libpthread-stubs" ,libpthread-stubs)
@@ -5111,7 +5047,7 @@ over Xlib, including:
(define-public xorg-server
(package
(name "xorg-server")
- (version "1.18.1")
+ (version "1.18.4")
(source
(origin
(method url-fetch)
@@ -5120,7 +5056,7 @@ over Xlib, including:
name "-" version ".tar.bz2"))
(sha256
(base32
- "17bq40als48v12ld81jysc0gj5g572zkjkyzbhlm3ac9xgdmdv45"))))
+ "1j1i3n5xy1wawhk95kxqdc54h34kg7xp4nnramba2q8xqfr5k117"))))
(build-system gnu-build-system)
(propagated-inputs
`(("dri2proto" ,dri2proto)
@@ -5169,7 +5105,13 @@ over Xlib, including:
("xkbcomp" ,xkbcomp)
("xkeyboard-config" ,xkeyboard-config)
("xtrans" ,xtrans)
- ("zlib" ,zlib)))
+ ("zlib" ,zlib)
+ ;; Inputs for Xephyr
+ ("xcb-util" ,xcb-util)
+ ("xcb-util-image" ,xcb-util-image)
+ ("xcb-util-keysyms" ,xcb-util-keysyms)
+ ("xcb-util-renderutil" ,xcb-util-renderutil)
+ ("xcb-util-wm" ,xcb-util-wm)))
(native-inputs
`(("python" ,python-minimal-wrapper)
("pkg-config" ,pkg-config)))
@@ -5185,9 +5127,17 @@ over Xlib, including:
(string-append "--with-xkb-bin-directory="
(assoc-ref %build-inputs "xkbcomp")
"/bin")
+ ;; By default, it ends up with invalid '${prefix}/...', causes:
+ ;; _FontTransOpen: Unable to Parse address ${prefix}/share/...
+ ;; It's not used anyway, so set it to empty.
+ "--with-default-font-path="
+
;; For the log file, etc.
- "--localstatedir=/var")
+ "--localstatedir=/var"
+ ;; For sddm
+ "--enable-kdrive"
+ "--enable-xephyr")
#:phases (alist-cons-before
'configure 'pre-configure
@@ -5238,8 +5188,7 @@ draggable titlebars and borders.")
(define-public libx11
(package
(name "libx11")
- (replacement libx11/fixed)
- (version "1.6.3")
+ (version "1.6.4")
(source
(origin
(method url-fetch)
@@ -5249,7 +5198,7 @@ draggable titlebars and borders.")
".tar.bz2"))
(sha256
(base32
- "04c1vj53xq2xgyxx5vhln3wm2d76hh1n95fvs3myhligkz1sfcfg"))))
+ "0hg46i6h92pmb7xp1cis2j43zq3fkdz89p0yv35w4vm17az4iixp"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;8 MiB of man pages + XML
@@ -5271,15 +5220,6 @@ draggable titlebars and borders.")
(description "Xorg Core X11 protocol client library.")
(license license:x11)))
-(define libx11/fixed
- (package
- (inherit libx11)
- (source (origin
- (inherit (package-source libx11))
- (patches (search-patches
- "libx11-CVE-2016-7942.patch"
- "libx11-CVE-2016-7943.patch"))))))
-
;; packages of height 5 in the propagated-inputs tree
(define-public libxcursor
diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm
new file mode 100644
index 0000000000..7542ee26c0
--- /dev/null
+++ b/gnu/services/cups.scm
@@ -0,0 +1,1166 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 Andy Wingo <wingo@pobox.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services cups)
+ #:use-module (gnu services)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages cups)
+ #:use-module (gnu packages tls)
+ #:use-module (guix packages)
+ #:use-module (guix records)
+ #:use-module (guix gexp)
+ #:use-module (texinfo)
+ #:use-module (texinfo serialize)
+ #:use-module (ice-9 match)
+ #:use-module ((srfi srfi-1) #:select (append-map))
+ #:use-module (srfi srfi-34)
+ #:use-module (srfi srfi-35)
+ #:export (&cups-configuation-error
+ cups-configuration-error?
+
+ cups-service-type
+ cups-configuration
+ opaque-cups-configuration
+
+ files-configuration
+ policy-configuration
+ location-access-control
+ operation-access-control
+ method-access-control))
+
+;;; Commentary:
+;;;
+;;; Service defininition for the CUPS printing system.
+;;;
+;;; Code:
+
+(define-condition-type &cups-configuration-error &error
+ cups-configuration-error?)
+
+(define (cups-error message)
+ (raise (condition (&message (message message))
+ (&cups-configuration-error))))
+(define (cups-configuration-field-error field val)
+ (cups-error
+ (format #f "Invalid value for field ~a: ~s" field val)))
+(define (cups-configuration-missing-field kind field)
+ (cups-error
+ (format #f "~a configuration missing required field ~a" kind field)))
+
+(define-record-type* <configuration-field>
+ configuration-field make-configuration-field configuration-field?
+ (name configuration-field-name)
+ (type configuration-field-type)
+ (getter configuration-field-getter)
+ (predicate configuration-field-predicate)
+ (serializer configuration-field-serializer)
+ (default-value-thunk configuration-field-default-value-thunk)
+ (documentation configuration-field-documentation))
+
+(define (serialize-configuration config fields)
+ (for-each (lambda (field)
+ ((configuration-field-serializer field)
+ (configuration-field-name field)
+ ((configuration-field-getter field) config)))
+ fields))
+
+(define (validate-configuration config fields)
+ (for-each (lambda (field)
+ (let ((val ((configuration-field-getter field) config)))
+ (unless ((configuration-field-predicate field) val)
+ (cups-configuration-field-error
+ (configuration-field-name field) val))))
+ fields))
+
+(define-syntax define-configuration
+ (lambda (stx)
+ (define (id ctx part . parts)
+ (let ((part (syntax->datum part)))
+ (datum->syntax
+ ctx
+ (match parts
+ (() part)
+ (parts (symbol-append part
+ (syntax->datum (apply id ctx parts))))))))
+ (syntax-case stx ()
+ ((_ stem (field (field-type def) doc) ...)
+ (with-syntax (((field-getter ...)
+ (map (lambda (field)
+ (id #'stem #'stem #'- field))
+ #'(field ...)))
+ ((field-predicate ...)
+ (map (lambda (type)
+ (id #'stem type #'?))
+ #'(field-type ...)))
+ ((field-serializer ...)
+ (map (lambda (type)
+ (id #'stem #'serialize- type))
+ #'(field-type ...))))
+ #`(begin
+ (define-record-type* #,(id #'stem #'< #'stem #'>)
+ #,(id #'stem #'% #'stem)
+ #,(id #'stem #'make- #'stem)
+ #,(id #'stem #'stem #'?)
+ (field field-getter (default def))
+ ...)
+ (define #,(id #'stem #'stem #'-fields)
+ (list (configuration-field
+ (name 'field)
+ (type 'field-type)
+ (getter field-getter)
+ (predicate field-predicate)
+ (serializer field-serializer)
+ (default-value-thunk (lambda () def))
+ (documentation doc))
+ ...))
+ (define-syntax-rule (stem arg (... ...))
+ (let ((conf (#,(id #'stem #'% #'stem) arg (... ...))))
+ (validate-configuration conf
+ #,(id #'stem #'stem #'-fields))
+ conf))))))))
+
+(define %cups-accounts
+ (list (user-group (name "lp") (system? #t))
+ (user-group (name "lpadmin") (system? #t))
+ (user-account
+ (name "lp")
+ (group "lp")
+ (system? #t)
+ (comment "System user for invoking printing helper programs")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define (uglify-field-name field-name)
+ (let ((str (symbol->string field-name)))
+ (string-concatenate
+ (map string-titlecase
+ (string-split (if (string-suffix? "?" str)
+ (substring str 0 (1- (string-length str)))
+ str)
+ #\-)))))
+
+(define (serialize-field field-name val)
+ (format #t "~a ~a\n" (uglify-field-name field-name) val))
+
+(define (serialize-package field-name val)
+ #f)
+
+(define (serialize-string field-name val)
+ (serialize-field field-name val))
+
+(define (multiline-string-list? val)
+ (and (list? val)
+ (and-map (lambda (x)
+ (and (string? x) (not (string-index x #\space))))
+ val)))
+(define (serialize-multiline-string-list field-name val)
+ (for-each (lambda (str) (serialize-field field-name str)) val))
+
+(define (space-separated-string-list? val)
+ (and (list? val)
+ (and-map (lambda (x)
+ (and (string? x) (not (string-index x #\space))))
+ val)))
+(define (serialize-space-separated-string-list field-name val)
+ (serialize-field field-name (string-join val " ")))
+
+(define (space-separated-symbol-list? val)
+ (and (list? val) (and-map symbol? val)))
+(define (serialize-space-separated-symbol-list field-name val)
+ (serialize-field field-name (string-join (map symbol->string val) " ")))
+
+(define (file-name? val)
+ (and (string? val)
+ (string-prefix? "/" val)))
+(define (serialize-file-name field-name val)
+ (serialize-string field-name val))
+
+(define (serialize-boolean field-name val)
+ (serialize-string field-name (if val "yes" "no")))
+
+(define (non-negative-integer? val)
+ (and (exact-integer? val) (not (negative? val))))
+(define (serialize-non-negative-integer field-name val)
+ (serialize-field field-name val))
+
+(define-syntax define-enumerated-field-type
+ (lambda (x)
+ (define (id-append ctx . parts)
+ (datum->syntax ctx (apply symbol-append (map syntax->datum parts))))
+ (syntax-case x ()
+ ((_ name (option ...))
+ #`(begin
+ (define (#,(id-append #'name #'name #'?) x)
+ (memq x '(option ...)))
+ (define (#,(id-append #'name #'serialize- #'name) field-name val)
+ (serialize-field field-name val)))))))
+
+(define-enumerated-field-type access-log-level
+ (config actions all))
+(define-enumerated-field-type browse-local-protocols
+ (all dnssd none))
+(define-enumerated-field-type default-auth-type
+ (Basic Negotiate))
+(define-enumerated-field-type default-encryption
+ (Never IfRequested Required))
+(define-enumerated-field-type error-policy
+ (abort-job retry-job retry-this-job stop-printer))
+(define-enumerated-field-type log-level
+ (none emerg alert crit error warn notice info debug debug2))
+(define-enumerated-field-type log-time-format
+ (standard usecs))
+(define-enumerated-field-type server-tokens
+ (None ProductOnly Major Minor Minimal OS Full))
+(define-enumerated-field-type method
+ (DELETE GET HEAD OPTIONS POST PUT TRACE))
+(define-enumerated-field-type sandboxing
+ (relaxed strict))
+
+(define (method-list? val)
+ (and (list? val) (and-map method? val)))
+(define (serialize-method-list field-name val)
+ (serialize-field field-name (string-join (map symbol->string val) " ")))
+
+(define (host-name-lookups? val)
+ (memq val '(#f #t 'double)))
+(define (serialize-host-name-lookups field-name val)
+ (serialize-field field-name
+ (match val (#f "No") (#t "Yes") ('double "Double"))))
+
+(define (host-name-list-or-*? x)
+ (or (eq? x '*)
+ (and (list? x) (and-map string? x))))
+(define (serialize-host-name-list-or-* field-name val)
+ (serialize-field field-name (match val
+ ('* '*)
+ (names (string-join names " ")))))
+
+(define (boolean-or-non-negative-integer? x)
+ (or (boolean? x) (non-negative-integer? x)))
+(define (serialize-boolean-or-non-negative-integer field-name x)
+ (if (boolean? x)
+ (serialize-boolean field-name x)
+ (serialize-non-negative-integer field-name x)))
+
+(define (ssl-options? x)
+ (and (list? x)
+ (and-map (lambda (elt) (memq elt '(AllowRC4 AllowSSL3))) x)))
+(define (serialize-ssl-options field-name val)
+ (serialize-field field-name
+ (match val
+ (() "None")
+ (opts (string-join (map symbol->string opts) " ")))))
+
+(define (serialize-access-control x)
+ (display x)
+ (newline))
+(define (serialize-access-control-list field-name val)
+ (for-each serialize-access-control val))
+(define (access-control-list? val)
+ (and (list? val) (and-map string? val)))
+
+(define-configuration operation-access-control
+ (operations
+ (space-separated-symbol-list '())
+ "IPP operations to which this access control applies.")
+ (access-controls
+ (access-control-list '())
+ "Access control directives, as a list of strings. Each string should be one directive, such as \"Order allow,deny\"."))
+
+(define-configuration method-access-control
+ (reverse?
+ (boolean #f)
+ "If @code{#t}, apply access controls to all methods except the listed
+methods. Otherwise apply to only the listed methods.")
+ (methods
+ (method-list '())
+ "Methods to which this access control applies.")
+ (access-controls
+ (access-control-list '())
+ "Access control directives, as a list of strings. Each string should be one directive, such as \"Order allow,deny\"."))
+
+(define (serialize-operation-access-control x)
+ (format #t "<Limit ~a>\n"
+ (string-join (map symbol->string
+ (operation-access-control-operations x)) " "))
+ (serialize-configuration
+ x
+ (filter (lambda (field)
+ (not (eq? (configuration-field-name field) 'operations)))
+ operation-access-control-fields))
+ (format #t "</Limit>\n"))
+
+(define (serialize-method-access-control x)
+ (let ((limit (if (method-access-control-reverse? x) "LimitExcept" "Limit")))
+ (format #t "<~a ~a>\n" limit
+ (string-join (map symbol->string
+ (method-access-control-methods x)) " "))
+ (serialize-configuration
+ x
+ (filter (lambda (field)
+ (case (configuration-field-name field)
+ ((reverse? methods) #f)
+ (else #t)))
+ method-access-control-fields))
+ (format #t "</~a>\n" limit)))
+
+(define (operation-access-control-list? val)
+ (and (list? val) (and-map operation-access-control? val)))
+(define (serialize-operation-access-control-list field-name val)
+ (for-each serialize-operation-access-control val))
+
+(define (method-access-control-list? val)
+ (and (list? val) (and-map method-access-control? val)))
+(define (serialize-method-access-control-list field-name val)
+ (for-each serialize-method-access-control val))
+
+(define-configuration location-access-control
+ (path
+ (file-name (cups-configuration-missing-field 'location-access-control 'path))
+ "Specifies the URI path to which the access control applies.")
+ (access-controls
+ (access-control-list '())
+ "Access controls for all access to this path, in the same format as the
+@code{access-controls} of @code{operation-access-control}.")
+ (method-access-controls
+ (method-access-control-list '())
+ "Access controls for method-specific access to this path."))
+
+(define (serialize-location-access-control x)
+ (format #t "<Location ~a>\n" (location-access-control-path x))
+ (serialize-configuration
+ x
+ (filter (lambda (field)
+ (not (eq? (configuration-field-name field) 'path)))
+ location-access-control-fields))
+ (format #t "</Location>\n"))
+
+(define (location-access-control-list? val)
+ (and (list? val) (and-map location-access-control? val)))
+(define (serialize-location-access-control-list field-name val)
+ (for-each serialize-location-access-control val))
+
+(define-configuration policy-configuration
+ (name
+ (string (cups-configuration-missing-field 'policy-configuration 'name))
+ "Name of the policy.")
+ (job-private-access
+ (string "@OWNER @SYSTEM")
+ "Specifies an access list for a job's private values. @code{@@ACL} maps to
+the printer's requesting-user-name-allowed or requesting-user-name-denied
+values. @code{@@OWNER} maps to the job's owner. @code{@@SYSTEM} maps to the
+groups listed for the @code{system-group} field of the @code{files-config}
+configuration, which is reified into the @code{cups-files.conf(5)} file.
+Other possible elements of the access list include specific user names, and
+@code{@@@var{group}} to indicate members of a specific group. The access list
+may also be simply @code{all} or @code{default}.")
+ (job-private-values
+ (string (string-join '("job-name" "job-originating-host-name"
+ "job-originating-user-name" "phone")))
+ "Specifies the list of job values to make private, or @code{all},
+@code{default}, or @code{none}.")
+
+ (subscription-private-access
+ (string "@OWNER @SYSTEM")
+ "Specifies an access list for a subscription's private values.
+@code{@@ACL} maps to the printer's requesting-user-name-allowed or
+requesting-user-name-denied values. @code{@@OWNER} maps to the job's owner.
+@code{@@SYSTEM} maps to the groups listed for the @code{system-group} field of
+the @code{files-config} configuration, which is reified into the
+@code{cups-files.conf(5)} file. Other possible elements of the access list
+include specific user names, and @code{@@@var{group}} to indicate members of a
+specific group. The access list may also be simply @code{all} or
+@code{default}.")
+ (subscription-private-values
+ (string (string-join '("notify-events" "notify-pull-method"
+ "notify-recipient-uri" "notify-subscriber-user-name"
+ "notify-user-data")
+ " "))
+ "Specifies the list of job values to make private, or @code{all},
+@code{default}, or @code{none}.")
+
+ (access-controls
+ (operation-access-control-list '())
+ "Access control by IPP operation."))
+
+(define (serialize-policy-configuration x)
+ (format #t "<Policy ~a>\n" (policy-configuration-name x))
+ (serialize-configuration
+ x
+ (filter (lambda (field)
+ (not (eq? (configuration-field-name field) 'name)))
+ policy-configuration-fields))
+ (format #t "</Policy>\n"))
+
+(define (policy-configuration-list? x)
+ (and (list? x) (and-map policy-configuration? x)))
+(define (serialize-policy-configuration-list field-name x)
+ (for-each serialize-policy-configuration x))
+
+(define (log-location? x)
+ (or (file-name? x)
+ (eq? x 'stderr)
+ (eq? x 'syslog)))
+(define (serialize-log-location field-name x)
+ (if (string? x)
+ (serialize-file-name field-name x)
+ (serialize-field field-name x)))
+
+(define-configuration files-configuration
+ (access-log
+ (log-location "/var/log/cups/access_log")
+ "Defines the access log filename. Specifying a blank filename disables
+access log generation. The value @code{stderr} causes log entries to be sent
+to the standard error file when the scheduler is running in the foreground, or
+to the system log daemon when run in the background. The value @code{syslog}
+causes log entries to be sent to the system log daemon. The server name may
+be included in filenames using the string @code{%s}, as in
+@code{/var/log/cups/%s-access_log}.")
+ (cache-dir
+ (file-name "/var/cache/cups")
+ "Where CUPS should cache data.")
+ (config-file-perm
+ (string "0640")
+ "Specifies the permissions for all configuration files that the scheduler
+writes.
+
+Note that the permissions for the printers.conf file are currently masked to
+only allow access from the scheduler user (typically root). This is done
+because printer device URIs sometimes contain sensitive authentication
+information that should not be generally known on the system. There is no way
+to disable this security feature.")
+ ;; Not specifying data-dir and server-bin options as we handle these
+ ;; manually. For document-root, the CUPS package has that path
+ ;; preconfigured.
+ (error-log
+ (log-location "/var/log/cups/error_log")
+ "Defines the error log filename. Specifying a blank filename disables
+access log generation. The value @code{stderr} causes log entries to be sent
+to the standard error file when the scheduler is running in the foreground, or
+to the system log daemon when run in the background. The value @code{syslog}
+causes log entries to be sent to the system log daemon. The server name may
+be included in filenames using the string @code{%s}, as in
+@code{/var/log/cups/%s-error_log}.")
+ (fatal-errors
+ (string "all -browse")
+ "Specifies which errors are fatal, causing the scheduler to exit. The kind
+strings are:
+@table @code
+@item none
+No errors are fatal.
+@item all
+All of the errors below are fatal.
+@item browse
+Browsing initialization errors are fatal, for example failed connections to
+the DNS-SD daemon.
+@item config
+Configuration file syntax errors are fatal.
+@item listen
+Listen or Port errors are fatal, except for IPv6 failures on the loopback or
+@code{any} addresses.
+@item log
+Log file creation or write errors are fatal.
+@item permissions
+Bad startup file permissions are fatal, for example shared TLS certificate and
+key files with world-read permissions.
+@end table")
+ (file-device?
+ (boolean #f)
+ "Specifies whether the file pseudo-device can be used for new printer
+queues. The URI @url{file:///dev/null} is always allowed.")
+ (group
+ (string "lp")
+ "Specifies the group name or ID that will be used when executing external
+programs.")
+ (log-file-perm
+ (string "0644")
+ "Specifies the permissions for all log files that the scheduler writes.")
+ (page-log
+ (log-location "/var/log/cups/page_log")
+ "Defines the page log filename. Specifying a blank filename disables
+access log generation. The value @code{stderr} causes log entries to be sent
+to the standard error file when the scheduler is running in the foreground, or
+to the system log daemon when run in the background. The value @code{syslog}
+causes log entries to be sent to the system log daemon. The server name may
+be included in filenames using the string @code{%s}, as in
+@code{/var/log/cups/%s-page_log}.")
+ (remote-root
+ (string "remroot")
+ "Specifies the username that is associated with unauthenticated accesses by
+clients claiming to be the root user. The default is @code{remroot}.")
+ (request-root
+ (file-name "/var/spool/cups")
+ "Specifies the directory that contains print jobs and other HTTP request
+data.")
+ (sandboxing
+ (sandboxing 'strict)
+ "Specifies the level of security sandboxing that is applied to print
+filters, backends, and other child processes of the scheduler; either
+@code{relaxed} or @code{strict}. This directive is currently only
+used/supported on macOS.")
+ (server-keychain
+ (file-name "/etc/cups/ssl")
+ "Specifies the location of TLS certificates and private keys. CUPS will
+look for public and private keys in this directory: a @code{.crt} files for
+PEM-encoded certificates and corresponding @code{.key} files for PEM-encoded
+private keys.")
+ (server-root
+ (file-name "/etc/cups")
+ "Specifies the directory containing the server configuration files.")
+ (sync-on-close?
+ (boolean #f)
+ "Specifies whether the scheduler calls fsync(2) after writing configuration
+or state files.")
+ (system-group
+ (space-separated-string-list '("lpadmin" "wheel" "root"))
+ "Specifies the group(s) to use for @code{@@SYSTEM} group authentication.")
+ (temp-dir
+ (file-name "/var/spool/cups/tmp")
+ "Specifies the directory where temporary files are stored.")
+ (user
+ (string "lp")
+ "Specifies the user name or ID that is used when running external
+programs."))
+
+(define (serialize-files-configuration field-name val)
+ #f)
+
+(define (environment-variables? vars)
+ (space-separated-string-list? vars))
+(define (serialize-environment-variables field-name vars)
+ (unless (null? vars)
+ (serialize-space-separated-string-list field-name vars)))
+
+(define (package-list? val)
+ (and (list? val) (and-map package? val)))
+(define (serialize-package-list field-name val)
+ #f)
+
+(define-configuration cups-configuration
+ (cups
+ (package cups)
+ "The CUPS package.")
+ (extensions
+ (package-list (list cups-filters))
+ "Drivers and other extensions to the CUPS package.")
+ (files-configuration
+ (files-configuration (files-configuration))
+ "Configuration of where to write logs, what directories to use for print
+spools, and related privileged configuration parameters.")
+ (access-log-level
+ (access-log-level 'actions)
+ "Specifies the logging level for the AccessLog file. The @code{config}
+level logs when printers and classes are added, deleted, or modified and when
+configuration files are accessed or updated. The @code{actions} level logs
+when print jobs are submitted, held, released, modified, or canceled, and any
+of the conditions for @code{config}. The @code{all} level logs all
+requests.")
+ (auto-purge-jobs?
+ (boolean #f)
+ "Specifies whether to purge job history data automatically when it is no
+longer required for quotas.")
+ (browse-local-protocols
+ (browse-local-protocols 'dnssd)
+ "Specifies which protocols to use for local printer sharing.")
+ (browse-web-if?
+ (boolean #f)
+ "Specifies whether the CUPS web interface is advertised.")
+ (browsing?
+ (boolean #f)
+ "Specifies whether shared printers are advertised.")
+ (classification
+ (string "")
+ "Specifies the security classification of the server.
+Any valid banner name can be used, including \"classified\", \"confidential\",
+\"secret\", \"topsecret\", and \"unclassified\", or the banner can be omitted
+to disable secure printing functions.")
+ (classify-override?
+ (boolean #f)
+ "Specifies whether users may override the classification (cover page) of
+individual print jobs using the @code{job-sheets} option.")
+ (default-auth-type
+ (default-auth-type 'Basic)
+ "Specifies the default type of authentication to use.")
+ (default-encryption
+ (default-encryption 'Required)
+ "Specifies whether encryption will be used for authenticated requests.")
+ (default-language
+ (string "en")
+ "Specifies the default language to use for text and web content.")
+ (default-paper-size
+ (string "Auto")
+ "Specifies the default paper size for new print queues. @samp{\"Auto\"}
+uses a locale-specific default, while @samp{\"None\"} specifies there is no
+default paper size. Specific size names are typically @samp{\"Letter\"} or
+@samp{\"A4\"}.")
+ (default-policy
+ (string "default")
+ "Specifies the default access policy to use.")
+ (default-shared?
+ (boolean #t)
+ "Specifies whether local printers are shared by default.")
+ (dirty-clean-interval
+ (non-negative-integer 30)
+ "Specifies the delay for updating of configuration and state files, in
+seconds. A value of 0 causes the update to happen as soon as possible,
+typically within a few milliseconds.")
+ (error-policy
+ (error-policy 'stop-printer)
+ "Specifies what to do when an error occurs. Possible values are
+@code{abort-job}, which will discard the failed print job; @code{retry-job},
+which will retry the job at a later time; @code{retry-this-job}, which retries
+the failed job immediately; and @code{stop-printer}, which stops the
+printer.")
+ (filter-limit
+ (non-negative-integer 0)
+ "Specifies the maximum cost of filters that are run concurrently, which can
+be used to minimize disk, memory, and CPU resource problems. A limit of 0
+disables filter limiting. An average print to a non-PostScript printer needs
+a filter limit of about 200. A PostScript printer needs about half
+that (100). Setting the limit below these thresholds will effectively limit
+the scheduler to printing a single job at any time.")
+ (filter-nice
+ (non-negative-integer 0)
+ "Specifies the scheduling priority of filters that are run to print a job.
+The nice value ranges from 0, the highest priority, to 19, the lowest
+priority.")
+ ;; Add this option if the package is built with Kerberos support.
+ ;; (gss-service-name
+ ;; (string "http")
+ ;; "Specifies the service name when using Kerberos authentication.")
+ (host-name-lookups
+ (host-name-lookups #f)
+ "Specifies whether to do reverse lookups on connecting clients.
+The @code{double} setting causes @code{cupsd} to verify that the hostname
+resolved from the address matches one of the addresses returned for that
+hostname. Double lookups also prevent clients with unregistered addresses
+from connecting to your server. Only set this option to @code{#t} or
+@code{double} if absolutely required.")
+ ;; Add this option if the package is built with launchd/systemd support.
+ ;; (idle-exit-timeout
+ ;; (non-negative-integer 60)
+ ;; "Specifies the length of time to wait before shutting down due to
+ ;; inactivity. Note: Only applicable when @code{cupsd} is run on-demand
+ ;; (e.g., with @code{-l}).")
+ (job-kill-delay
+ (non-negative-integer 30)
+ "Specifies the number of seconds to wait before killing the filters and
+backend associated with a canceled or held job.")
+ (job-retry-interval
+ (non-negative-integer 30)
+ "Specifies the interval between retries of jobs in seconds. This is
+typically used for fax queues but can also be used with normal print queues
+whose error policy is @code{retry-job} or @code{retry-current-job}.")
+ (job-retry-limit
+ (non-negative-integer 5)
+ "Specifies the number of retries that are done for jobs. This is typically
+used for fax queues but can also be used with normal print queues whose error
+policy is @code{retry-job} or @code{retry-current-job}.")
+ (keep-alive?
+ (boolean #t)
+ "Specifies whether to support HTTP keep-alive connections.")
+ (keep-alive-timeout
+ (non-negative-integer 30)
+ "Specifies how long an idle client connection remains open, in seconds.")
+ (limit-request-body
+ (non-negative-integer 0)
+ "Specifies the maximum size of print files, IPP requests, and HTML form
+data. A limit of 0 disables the limit check.")
+ (listen
+ (multiline-string-list '("localhost:631" "/var/run/cups/cups.sock"))
+ "Listens on the specified interfaces for connections. Valid values are of
+the form @var{address}:@var{port}, where @var{address} is either an IPv6
+address enclosed in brackets, an IPv4 address, or @code{*} to indicate all
+addresses. Values can also be file names of local UNIX domain sockets. The
+Listen directive is similar to the Port directive but allows you to restrict
+access to specific interfaces or networks.")
+ (listen-back-log
+ (non-negative-integer 128)
+ "Specifies the number of pending connections that will be allowed. This
+normally only affects very busy servers that have reached the MaxClients
+limit, but can also be triggered by large numbers of simultaneous connections.
+When the limit is reached, the operating system will refuse additional
+connections until the scheduler can accept the pending ones.")
+ (location-access-controls
+ (location-access-control-list
+ (list (location-access-control
+ (path "/")
+ (access-controls '("Order allow,deny"
+ "Allow localhost")))
+ (location-access-control
+ (path "/admin")
+ (access-controls '("Order allow,deny"
+ "Allow localhost")))
+ (location-access-control
+ (path "/admin/conf")
+ (access-controls '("Order allow,deny"
+ "AuthType Basic"
+ "Require user @SYSTEM"
+ "Allow localhost")))))
+ "Specifies a set of additional access controls.")
+ (log-debug-history
+ (non-negative-integer 100)
+ "Specifies the number of debugging messages that are retained for logging
+if an error occurs in a print job. Debug messages are logged regardless of
+the LogLevel setting.")
+ (log-level
+ (log-level 'info)
+ "Specifies the level of logging for the ErrorLog file. The value
+@code{none} stops all logging while @code{debug2} logs everything.")
+ (log-time-format
+ (log-time-format 'standard)
+ "Specifies the format of the date and time in the log files. The value
+@code{standard} logs whole seconds while @code{usecs} logs microseconds.")
+ (max-clients
+ (non-negative-integer 100)
+ "Specifies the maximum number of simultaneous clients that are allowed by
+the scheduler.")
+ (max-clients-per-host
+ (non-negative-integer 100)
+ "Specifies the maximum number of simultaneous clients that are allowed from
+a single address.")
+ (max-copies
+ (non-negative-integer 9999)
+ "Specifies the maximum number of copies that a user can print of each
+job.")
+ (max-hold-time
+ (non-negative-integer 0)
+ "Specifies the maximum time a job may remain in the @code{indefinite} hold
+state before it is canceled. A value of 0 disables cancellation of held
+jobs.")
+ (max-jobs
+ (non-negative-integer 500)
+ "Specifies the maximum number of simultaneous jobs that are allowed. Set
+to 0 to allow an unlimited number of jobs.")
+ (max-jobs-per-printer
+ (non-negative-integer 0)
+ "Specifies the maximum number of simultaneous jobs that are allowed per
+printer. A value of 0 allows up to MaxJobs jobs per printer.")
+ (max-jobs-per-user
+ (non-negative-integer 0)
+ "Specifies the maximum number of simultaneous jobs that are allowed per
+user. A value of 0 allows up to MaxJobs jobs per user.")
+ (max-job-time
+ (non-negative-integer 10800)
+ "Specifies the maximum time a job may take to print before it is canceled,
+in seconds. Set to 0 to disable cancellation of \"stuck\" jobs.")
+ (max-log-size
+ (non-negative-integer 1048576)
+ "Specifies the maximum size of the log files before they are rotated, in
+bytes. The value 0 disables log rotation.")
+ (multiple-operation-timeout
+ (non-negative-integer 300)
+ "Specifies the maximum amount of time to allow between files in a multiple
+file print job, in seconds.")
+ (page-log-format
+ (string "")
+ "Specifies the format of PageLog lines. Sequences beginning with
+percent (@samp{%}) characters are replaced with the corresponding information,
+while all other characters are copied literally. The following percent
+sequences are recognized:
+
+@table @samp
+@item %%
+insert a single percent character
+@item %@{name@}
+insert the value of the specified IPP attribute
+@item %C
+insert the number of copies for the current page
+@item %P
+insert the current page number
+@item %T
+insert the current date and time in common log format
+@item %j
+insert the job ID
+@item %p
+insert the printer name
+@item %u
+insert the username
+@end table
+
+A value of the empty string disables page logging. The string @code{%p %u %j
+%T %P %C %@{job-billing@} %@{job-originating-host-name@} %@{job-name@}
+%@{media@} %@{sides@}} creates a page log with the standard items.")
+ (environment-variables
+ (environment-variables '())
+ "Passes the specified environment variable(s) to child processes; a list of
+strings.")
+ (policies
+ (policy-configuration-list
+ (list (policy-configuration
+ (name "default")
+ (access-controls
+ (list
+ (operation-access-control
+ (operations
+ '(Send-Document
+ Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs
+ Cancel-Job Close-Job Cancel-My-Jobs Set-Job-Attributes
+ Create-Job-Subscription Renew-Subscription
+ Cancel-Subscription Get-Notifications
+ Reprocess-Job Cancel-Current-Job Suspend-Current-Job
+ Resume-Job CUPS-Move-Job Validate-Job
+ CUPS-Get-Document))
+ (access-controls '("Require user @OWNER @SYSTEM"
+ "Order deny,allow")))
+ (operation-access-control
+ (operations
+ '(Pause-Printer
+ Cancel-Jobs
+ Resume-Printer Set-Printer-Attributes Enable-Printer
+ Disable-Printer Pause-Printer-After-Current-Job
+ Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer
+ Activate-Printer Restart-Printer Shutdown-Printer
+ Startup-Printer Promote-Job Schedule-Job-After
+ CUPS-Authenticate-Job CUPS-Add-Printer
+ CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class
+ CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default))
+ (access-controls '("AuthType Basic"
+ "Require user @SYSTEM"
+ "Order deny,allow")))
+ (operation-access-control
+ (operations '(All))
+ (access-controls '("Order deny,allow"))))))))
+ "Specifies named access control policies.")
+ #;
+ (port
+ (non-negative-integer 631)
+ "Listens to the specified port number for connections.")
+ (preserve-job-files
+ (boolean-or-non-negative-integer 86400)
+ "Specifies whether job files (documents) are preserved after a job is
+printed. If a numeric value is specified, job files are preserved for the
+indicated number of seconds after printing. Otherwise a boolean value applies
+indefinitely.")
+ (preserve-job-history
+ (boolean-or-non-negative-integer #t)
+ "Specifies whether the job history is preserved after a job is printed.
+If a numeric value is specified, the job history is preserved for the
+indicated number of seconds after printing. If @code{#t}, the job history is
+preserved until the MaxJobs limit is reached.")
+ (reload-timeout
+ (non-negative-integer 30)
+ "Specifies the amount of time to wait for job completion before restarting
+the scheduler.")
+ (rip-cache
+ (string "128m")
+ "Specifies the maximum amount of memory to use when converting documents into bitmaps for a printer.")
+ (server-admin
+ (string "root@localhost.localdomain")
+ "Specifies the email address of the server administrator.")
+ (server-alias
+ (host-name-list-or-* '*)
+ "The ServerAlias directive is used for HTTP Host header validation when
+clients connect to the scheduler from external interfaces. Using the special
+name @code{*} can expose your system to known browser-based DNS rebinding
+attacks, even when accessing sites through a firewall. If the auto-discovery
+of alternate names does not work, we recommend listing each alternate name
+with a ServerAlias directive instead of using @code{*}.")
+ (server-name
+ (string "localhost")
+ "Specifies the fully-qualified host name of the server.")
+ (server-tokens
+ (server-tokens 'Minimal)
+ "Specifies what information is included in the Server header of HTTP
+responses. @code{None} disables the Server header. @code{ProductOnly}
+reports @code{CUPS}. @code{Major} reports @code{CUPS 2}. @code{Minor}
+reports @code{CUPS 2.0}. @code{Minimal} reports @code{CUPS 2.0.0}. @code{OS}
+reports @code{CUPS 2.0.0 (@var{uname})} where @var{uname} is the output of the
+@code{uname} command. @code{Full} reports @code{CUPS 2.0.0 (@var{uname})
+IPP/2.0}.")
+ (set-env
+ (string "variable value")
+ "Set the specified environment variable to be passed to child processes.")
+ (ssl-listen
+ (multiline-string-list '())
+ "Listens on the specified interfaces for encrypted connections. Valid
+values are of the form @var{address}:@var{port}, where @var{address} is either
+an IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to indicate
+all addresses.")
+ (ssl-options
+ (ssl-options '())
+ "Sets encryption options.
+By default, CUPS only supports encryption using TLS v1.0 or higher using known
+secure cipher suites. The @code{AllowRC4} option enables the 128-bit RC4
+cipher suites, which are required for some older clients that do not implement
+newer ones. The @code{AllowSSL3} option enables SSL v3.0, which is required
+for some older clients that do not support TLS v1.0.")
+ #;
+ (ssl-port
+ (non-negative-integer 631)
+ "Listens on the specified port for encrypted connections.")
+ (strict-conformance?
+ (boolean #f)
+ "Specifies whether the scheduler requires clients to strictly adhere to the
+IPP specifications.")
+ (timeout
+ (non-negative-integer 300)
+ "Specifies the HTTP request timeout, in seconds.")
+ (web-interface?
+ (boolean #f)
+ "Specifies whether the web interface is enabled."))
+
+(define-configuration opaque-cups-configuration
+ (cups
+ (package cups)
+ "The CUPS package.")
+ (extensions
+ (package-list '())
+ "Drivers and other extensions to the CUPS package.")
+ (cupsd.conf
+ (string (cups-configuration-missing-field 'opaque-cups-configuration
+ 'cupsd.conf))
+ "The contents of the @code{cupsd.conf} to use.")
+ (cups-files.conf
+ (string (cups-configuration-missing-field 'opaque-cups-configuration
+ 'cups-files.conf))
+ "The contents of the @code{cups-files.conf} to use."))
+
+(define %cups-activation
+ ;; Activation gexp.
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (define (mkdir-p/perms directory owner perms)
+ (mkdir-p directory)
+ (chown "/var/run/cups" (passwd:uid owner) (passwd:gid owner))
+ (chmod directory perms))
+ (define (build-subject parameters)
+ (string-concatenate
+ (map (lambda (pair)
+ (let ((k (car pair)) (v (cdr pair)))
+ (define (escape-char str chr)
+ (string-join (string-split str chr) (string #\\ chr)))
+ (string-append "/" k "="
+ (escape-char (escape-char v #\=) #\/))))
+ (filter (lambda (pair) (cdr pair)) parameters))))
+ (define* (create-self-signed-certificate-if-absent
+ #:key private-key public-key (owner (getpwnam "root"))
+ (common-name (gethostname))
+ (organization-name "GuixSD")
+ (organization-unit-name "Default Self-Signed Certificate")
+ (subject-parameters `(("CN" . ,common-name)
+ ("O" . ,organization-name)
+ ("OU" . ,organization-unit-name)))
+ (subject (build-subject subject-parameters)))
+ ;; Note that by default, OpenSSL outputs keys in PEM format. This
+ ;; is what we want.
+ (unless (file-exists? private-key)
+ (cond
+ ((zero? (system* (string-append #$openssl "/bin/openssl")
+ "genrsa" "-out" private-key "2048"))
+ (chown private-key (passwd:uid owner) (passwd:gid owner))
+ (chmod private-key #o400))
+ (else
+ (format (current-error-port)
+ "Failed to create private key at ~a.\n" private-key))))
+ (unless (file-exists? public-key)
+ (cond
+ ((zero? (system* (string-append #$openssl "/bin/openssl")
+ "req" "-new" "-x509" "-key" private-key
+ "-out" public-key "-days" "3650"
+ "-batch" "-subj" subject))
+ (chown public-key (passwd:uid owner) (passwd:gid owner))
+ (chmod public-key #o444))
+ (else
+ (format (current-error-port)
+ "Failed to create public key at ~a.\n" public-key)))))
+ (let ((user (getpwnam "lp")))
+ (mkdir-p/perms "/var/run/cups" user #o755)
+ (mkdir-p/perms "/var/spool/cups" user #o755)
+ (mkdir-p/perms "/var/spool/cups/tmp" user #o755)
+ (mkdir-p/perms "/var/log/cups" user #o755)
+ (mkdir-p/perms "/etc/cups" user #o755)
+ (mkdir-p/perms "/etc/cups/ssl" user #o700)
+ ;; This certificate is used for HTTPS connections to the CUPS web
+ ;; interface.
+ (create-self-signed-certificate-if-absent
+ #:private-key "/etc/cups/ssl/localhost.key"
+ #:public-key "/etc/cups/ssl/localhost.crt"
+ #:owner (getpwnam "root")
+ #:common-name (format #f "CUPS service on ~a" (gethostname)))))))
+
+(define (union-directory name packages paths)
+ (computed-file
+ name
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils)
+ (srfi srfi-1))
+ (mkdir #$output)
+ (for-each
+ (lambda (package)
+ (for-each
+ (lambda (path)
+ (for-each
+ (lambda (src)
+ (let* ((tail (substring src (string-length package)))
+ (dst (string-append #$output tail)))
+ (mkdir-p (dirname dst))
+ ;; CUPS currently symlinks in some data from cups-filters
+ ;; to its output dir. Probably we should stop doing this
+ ;; and instead rely only on the CUPS service to union the
+ ;; relevant set of CUPS packages.
+ (if (file-exists? dst)
+ (format (current-error-port) "warning: ~a exists\n" dst)
+ (symlink src dst))))
+ (find-files (string-append package path))))
+ (list #$@paths)))
+ (list #$@packages))
+ #t))))
+
+(define (cups-server-bin-directory extensions)
+ "Return the CUPS ServerBin directory, containing binaries for CUPS and all
+extensions that it uses."
+ (union-directory "cups-server-bin" extensions
+ ;; /bin
+ '("/lib/cups" "/share/ppd" "/share/cups")))
+
+(define (cups-shepherd-service config)
+ "Return a list of <shepherd-service> for CONFIG."
+ (let* ((cupsd.conf-str
+ (cond
+ ((opaque-cups-configuration? config)
+ (opaque-cups-configuration-cupsd.conf config))
+ (else
+ (with-output-to-string
+ (lambda ()
+ (serialize-configuration config
+ cups-configuration-fields))))))
+ (cups-files.conf-str
+ (cond
+ ((opaque-cups-configuration? config)
+ (opaque-cups-configuration-cups-files.conf config))
+ (else
+ (with-output-to-string
+ (lambda ()
+ (serialize-configuration
+ (cups-configuration-files-configuration config)
+ files-configuration-fields))))))
+ (cups (if (opaque-cups-configuration? config)
+ (opaque-cups-configuration-cups config)
+ (cups-configuration-cups config)))
+ (server-bin
+ (cups-server-bin-directory
+ (cons cups
+ (cond
+ ((opaque-cups-configuration? config)
+ (opaque-cups-configuration-extensions config))
+ (else
+ (cups-configuration-extensions config))))))
+ ;;"SetEnv PATH " server-bin "/bin" "\n"
+ (cupsd.conf
+ (plain-file "cupsd.conf" cupsd.conf-str))
+ (cups-files.conf
+ (mixed-text-file
+ "cups-files.conf"
+ cups-files.conf-str
+ "CacheDir /var/cache/cups\n"
+ "StateDir /var/run/cups\n"
+ "DataDir " server-bin "/share/cups" "\n"
+ "ServerBin " server-bin "/lib/cups" "\n")))
+ (list (shepherd-service
+ (documentation "Run the CUPS print server.")
+ (provision '(cups))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list (string-append #$cups "/sbin/cupsd")
+ "-f" "-c" #$cupsd.conf "-s" #$cups-files.conf)))
+ (stop #~(make-kill-destructor))))))
+
+(define cups-service-type
+ (service-type (name 'cups)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ cups-shepherd-service)
+ (service-extension activation-service-type
+ (const %cups-activation))
+ (service-extension account-service-type
+ (const %cups-accounts))))
+
+ ;; Extensions consist of lists of packages (representing CUPS
+ ;; drivers, etc) that we just concatenate.
+ (compose append)
+
+ ;; Add extension packages by augmenting the cups-configuration
+ ;; 'extensions' field.
+ (extend
+ (lambda (config extensions)
+ (cond
+ ((cups-configuration? config)
+ (cups-configuration
+ (inherit config)
+ (extensions
+ (append (cups-configuration-extensions config)
+ extensions))))
+ (else
+ (opaque-cups-configuration
+ (inherit config)
+ (extensions
+ (append (opaque-cups-configuration-extensions config)
+ extensions)))))))))
+
+;; A little helper to make it easier to document all those fields.
+(define (generate-documentation)
+ (define documentation
+ `((cups-configuration
+ ,cups-configuration-fields
+ (files-configuration files-configuration)
+ (policies policy-configuration)
+ (location-access-controls location-access-controls))
+ (files-configuration ,files-configuration-fields)
+ (policy-configuration
+ ,policy-configuration-fields
+ (operation-access-controls operation-access-controls))
+ (location-access-controls
+ ,location-access-control-fields
+ (method-access-controls method-access-controls))
+ (operation-access-controls ,operation-access-control-fields)
+ (method-access-controls ,method-access-control-fields)))
+ (define (str x) (object->string x))
+ (define (generate configuration-name)
+ (match (assq-ref documentation configuration-name)
+ ((fields . sub-documentation)
+ `((para "Available " (code ,(str configuration-name)) " fields are:")
+ ,@(map
+ (lambda (f)
+ (let ((field-name (configuration-field-name f))
+ (field-type (configuration-field-type f))
+ (field-docs (cdr (texi-fragment->stexi
+ (configuration-field-documentation f))))
+ (default (catch #t
+ (configuration-field-default-value-thunk f)
+ (lambda _ '%invalid))))
+ (define (show-default? val)
+ (or (string? default) (number? default) (boolean? default)
+ (and (symbol? val) (not (eq? val '%invalid)))
+ (and (list? val) (and-map show-default? val))))
+ `(deftypevr (% (category
+ (code ,(str configuration-name)) " parameter")
+ (data-type ,(str field-type))
+ (name ,(str field-name)))
+ ,@field-docs
+ ,@(if (show-default? default)
+ `((para "Defaults to " (samp ,(str default)) "."))
+ '())
+ ,@(append-map
+ generate
+ (or (assq-ref sub-documentation field-name) '())))))
+ fields)))))
+ (stexi->texi `(*fragment* . ,(generate 'cups-configuration))))
diff --git a/gnu/system.scm b/gnu/system.scm
index 38ae8f1771..43117b1714 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -562,12 +562,7 @@ use 'plain-file' instead~%")
;; By default, applications that use D-Bus, such as Emacs, abort at startup
;; when /etc/machine-id is missing. Make sure these warnings are non-fatal.
- ("DBUS_FATAL_WARNINGS" . "0")
-
- ;; XXX: Normally we wouldn't need to do this, but our glibc@2.23 package
- ;; looks things up in 'PREFIX/lib/locale' instead of
- ;; '/run/current-system/locale' as was intended.
- ("GUIX_LOCPATH" . "/run/current-system/locale")))
+ ("DBUS_FATAL_WARNINGS" . "0")))
(define %setuid-programs
;; Default set of setuid-root programs.
diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
index 34edff7f40..1dfd85450c 100644
--- a/guix/build/gnu-build-system.scm
+++ b/guix/build/gnu-build-system.scm
@@ -172,22 +172,23 @@ files such as `.in' templates. Most scripts honor $SHELL and
$CONFIG_SHELL, but some don't, such as `mkinstalldirs' or Automake's
`missing' script."
(for-each patch-shebang
- (remove (lambda (file)
- (or (not (file-exists? file)) ;dangling symlink
- (file-is-directory? file)))
- (find-files "."))))
+ (find-files "."
+ (lambda (file stat)
+ ;; Filter out symlinks.
+ (eq? 'regular (stat:type stat)))
+ #:stat lstat)))
(define (patch-generated-file-shebangs . rest)
"Patch shebangs in generated files, including `SHELL' variables in
makefiles."
- ;; Patch executable files, some of which might have been generated by
- ;; `configure'.
+ ;; Patch executable regular files, some of which might have been generated
+ ;; by `configure'.
(for-each patch-shebang
- (filter (lambda (file)
- (and (file-exists? file)
- (executable-file? file)
- (not (file-is-directory? file))))
- (find-files ".")))
+ (find-files "."
+ (lambda (file stat)
+ (and (eq? 'regular (stat:type stat))
+ (not (zero? (logand (stat:mode stat) #o100)))))
+ #:stat lstat))
;; Patch `SHELL' in generated makefiles.
(for-each patch-makefile-SHELL (find-files "." "^(GNU)?[mM]akefile$")))
@@ -386,26 +387,17 @@ makefiles."
(when debug-output
(format #t "debugging output written to ~s using ~s~%"
debug-output objcopy-command))
- (file-system-fold (const #t)
- (lambda (path stat result) ; leaf
- (and (file-exists? path) ;discard dangling symlinks
- (or (elf-file? path) (ar-file? path))
- (or (not debug-output)
- (make-debug-file path))
- (zero? (apply system* strip-command
- (append strip-flags (list path))))
- (or (not debug-output)
- (add-debug-link path))))
- (const #t) ; down
- (const #t) ; up
- (const #t) ; skip
- (lambda (path stat errno result)
- (format (current-error-port)
- "strip: failed to access `~a': ~a~%"
- path (strerror errno))
- #f)
- #t
- dir))
+
+ (for-each (lambda (file)
+ (and (file-exists? file) ;discard dangling symlinks
+ (or (elf-file? file) (ar-file? file))
+ (or (not debug-output)
+ (make-debug-file file))
+ (zero? (apply system* strip-command
+ (append strip-flags (list file))))
+ (or (not debug-output)
+ (add-debug-link file))))
+ (find-files dir)))
(or (not strip-binaries?)
(every strip-dir
@@ -552,6 +544,47 @@ DOCUMENTATION-COMPRESSOR-FLAGS."
outputs)
#t)
+
+(define* (patch-dot-desktop-files #:key outputs inputs #:allow-other-keys)
+ "Replace any references to executables in '.desktop' files with their
+absolute file names."
+ (define bin-directories
+ (append-map (match-lambda
+ ((_ . directory)
+ (list (string-append directory "/bin")
+ (string-append directory "/sbin"))))
+ outputs))
+
+ (define (which program)
+ (or (search-path bin-directories program)
+ (begin
+ (format (current-error-port)
+ "warning: '.desktop' file refers to '~a', \
+which cannot be found~%"
+ program)
+ program)))
+
+ (for-each (match-lambda
+ ((_ . directory)
+ (let ((applications (string-append directory
+ "/share/applications")))
+ (when (directory-exists? applications)
+ (let ((files (find-files applications "\\.desktop$")))
+ (format #t "adjusting ~a '.desktop' files in ~s~%"
+ (length files) applications)
+
+ ;; '.desktop' files contain translations and are always
+ ;; UTF-8-encoded.
+ (with-fluids ((%default-port-encoding "UTF-8"))
+ (substitute* files
+ (("^Exec=([^/[:blank:]\r\n]*)(.*)$" _ binary rest)
+ (string-append "Exec=" (which binary) rest))
+ (("^TryExec=([^/[:blank:]\r\n]*)(.*)$" _ binary rest)
+ (string-append "TryExec="
+ (which binary) rest)))))))))
+ outputs)
+ #t)
+
(define %standard-phases
;; Standard build phases, as a list of symbol/procedure pairs.
(let-syntax ((phases (syntax-rules ()
@@ -564,6 +597,7 @@ DOCUMENTATION-COMPRESSOR-FLAGS."
validate-runpath
validate-documentation-location
delete-info-dir-file
+ patch-dot-desktop-files
compress-documentation)))
diff --git a/guix/build/utils.scm b/guix/build/utils.scm
index 2988193fce..bc6f114152 100644
--- a/guix/build/utils.scm
+++ b/guix/build/utils.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
@@ -518,8 +518,8 @@ following forms:
(add-before <old-phase-name> <new-phase-name> <new-phase>)
(add-after <old-phase-name> <new-phase-name> <new-phase>)
-Where every <*-phase-name> is an automatically quoted symbol, and <new-phase>
-an expression evaluating to a procedure."
+Where every <*-phase-name> is an expression evaluating to a symbol, and
+<new-phase> an expression evaluating to a procedure."
(let* ((phases* phases)
(phases* (%modify-phases phases* mod-spec))
...)
@@ -944,64 +944,76 @@ This is useful for scripts that expect particular programs to be in $PATH, for
programs that expect particular shared libraries to be in $LD_LIBRARY_PATH, or
modules in $GUILE_LOAD_PATH, etc.
-If PROG has previously been wrapped by wrap-program the wrapper will point to
-the previous wrapper."
- (define (wrapper-file-name number)
- (format #f "~a/.~a-wrap-~2'0d" (dirname prog) (basename prog) number))
- (define (next-wrapper-number)
- (let ((wrappers
- (find-files (dirname prog)
- (string-append "\\." (basename prog) "-wrap-.*"))))
- (if (null? wrappers)
- 0
- (string->number (string-take-right (last wrappers) 2)))))
- (define (wrapper-target number)
- (if (zero? number)
- (let ((prog-real (string-append (dirname prog) "/."
- (basename prog) "-real")))
- (rename-file prog prog-real)
- prog-real)
- (wrapper-file-name number)))
-
- (let* ((number (next-wrapper-number))
- (target (wrapper-target number))
- (wrapper (wrapper-file-name (1+ number)))
- (prog-tmp (string-append target "-tmp")))
- (define (export-variable lst)
- ;; Return a string that exports an environment variable.
- (match lst
- ((var sep '= rest)
- (format #f "export ~a=\"~a\""
- var (string-join rest sep)))
- ((var sep 'prefix rest)
- (format #f "export ~a=\"~a${~a~a+~a}$~a\""
- var (string-join rest sep) var sep sep var))
- ((var sep 'suffix rest)
- (format #f "export ~a=\"$~a${~a~a+~a}~a\""
- var var var sep sep (string-join rest sep)))
- ((var '= rest)
- (format #f "export ~a=\"~a\""
- var (string-join rest ":")))
- ((var 'prefix rest)
- (format #f "export ~a=\"~a${~a:+:}$~a\""
- var (string-join rest ":") var var))
- ((var 'suffix rest)
- (format #f "export ~a=\"$~a${~a:+:}~a\""
- var var var (string-join rest ":")))))
-
- (with-output-to-file prog-tmp
- (lambda ()
- (format #t
- "#!~a~%~a~%exec -a \"$0\" \"~a\" \"$@\"~%"
- (which "bash")
- (string-join (map export-variable vars)
- "\n")
- (canonicalize-path target))))
-
- (chmod prog-tmp #o755)
- (rename-file prog-tmp wrapper)
- (symlink wrapper prog-tmp)
- (rename-file prog-tmp prog)))
+If PROG has previously been wrapped by 'wrap-program', the wrapper is extended
+with definitions for VARS."
+ (define wrapped-file
+ (string-append (dirname prog) "/." (basename prog) "-real"))
+
+ (define already-wrapped?
+ (file-exists? wrapped-file))
+
+ (define (last-line port)
+ ;; Return the last line read from PORT and leave PORT's cursor right
+ ;; before it.
+ (let loop ((previous-line-offset 0)
+ (previous-line "")
+ (position (seek port 0 SEEK_CUR)))
+ (match (read-line port 'concat)
+ ((? eof-object?)
+ (seek port previous-line-offset SEEK_SET)
+ previous-line)
+ ((? string? line)
+ (loop position line (+ (string-length line) position))))))
+
+ (define (export-variable lst)
+ ;; Return a string that exports an environment variable.
+ (match lst
+ ((var sep '= rest)
+ (format #f "export ~a=\"~a\""
+ var (string-join rest sep)))
+ ((var sep 'prefix rest)
+ (format #f "export ~a=\"~a${~a~a+~a}$~a\""
+ var (string-join rest sep) var sep sep var))
+ ((var sep 'suffix rest)
+ (format #f "export ~a=\"$~a${~a~a+~a}~a\""
+ var var var sep sep (string-join rest sep)))
+ ((var '= rest)
+ (format #f "export ~a=\"~a\""
+ var (string-join rest ":")))
+ ((var 'prefix rest)
+ (format #f "export ~a=\"~a${~a:+:}$~a\""
+ var (string-join rest ":") var var))
+ ((var 'suffix rest)
+ (format #f "export ~a=\"$~a${~a:+:}~a\""
+ var var var (string-join rest ":")))))
+
+ (if already-wrapped?
+
+ ;; PROG is already a wrapper: add the new "export VAR=VALUE" lines just
+ ;; before the last line.
+ (let* ((port (open-file prog "r+"))
+ (last (last-line port)))
+ (for-each (lambda (var)
+ (display (export-variable var) port)
+ (newline port))
+ vars)
+ (display last port)
+ (close-port port))
+
+ ;; PROG is not wrapped yet: create a shell script that sets VARS.
+ (let ((prog-tmp (string-append wrapped-file "-tmp")))
+ (link prog wrapped-file)
+
+ (call-with-output-file prog-tmp
+ (lambda (port)
+ (format port
+ "#!~a~%~a~%exec -a \"$0\" \"~a\" \"$@\"~%"
+ (which "bash")
+ (string-join (map export-variable vars) "\n")
+ (canonicalize-path wrapped-file))))
+
+ (chmod prog-tmp #o755)
+ (rename-file prog-tmp prog))))
;;;
diff --git a/guix/packages.scm b/guix/packages.scm
index a3fab4dc13..beb958f156 100644
--- a/guix/packages.scm
+++ b/guix/packages.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
+;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -493,9 +494,11 @@ specifies modules in scope when evaluating SNIPPET."
(format (current-error-port) "applying '~a'...~%" patch)
;; Use '--force' so that patches that do not apply perfectly are
- ;; rejected.
+ ;; rejected. Use '--no-backup-if-mismatch' to prevent making
+ ;; "*.orig" file if a patch is applied with offset.
(zero? (system* (string-append #+patch "/bin/patch")
- "--force" #+@flags "--input" patch)))
+ "--force" "--no-backup-if-mismatch"
+ #+@flags "--input" patch)))
(define (first-file directory)
;; Return the name of the first file in DIRECTORY.
diff --git a/guix/profiles.scm b/guix/profiles.scm
index e7319a8a10..d162f6241b 100644
--- a/guix/profiles.scm
+++ b/guix/profiles.scm
@@ -680,7 +680,18 @@ MANIFEST. Single-file bundles are required by programs such as Git and Lynx."
(define (gtk-icon-themes manifest)
"Return a derivation that unions all icon themes from manifest entries and
creates the GTK+ 'icon-theme.cache' file for each theme."
- (mlet %store-monad ((gtk+ (manifest-lookup-package manifest "gtk+")))
+ (define gtk+ ; lazy reference
+ (module-ref (resolve-interface '(gnu packages gtk)) 'gtk+))
+
+ (mlet %store-monad ((%gtk+ (manifest-lookup-package manifest "gtk+"))
+ ;; XXX: Can't use gtk-update-icon-cache corresponding
+ ;; to the gtk+ referenced by 'manifest'. Because
+ ;; '%gtk+' can be either a package or store path, and
+ ;; there's no way to get the "bin" output for the later.
+ (gtk-update-icon-cache
+ -> #~(string-append #+gtk+:bin
+ "/bin/gtk-update-icon-cache")))
+
(define build
(with-imported-modules '((guix build utils)
(guix build union)
@@ -697,9 +708,7 @@ creates the GTK+ 'icon-theme.cache' file for each theme."
(let* ((destdir (string-append #$output "/share/icons"))
(icondirs (filter file-exists?
(map (cut string-append <> "/share/icons")
- '#$(manifest-inputs manifest))))
- (update-icon-cache (string-append
- #+gtk+ "/bin/gtk-update-icon-cache")))
+ '#$(manifest-inputs manifest)))))
;; Union all the icons.
(mkdir-p (string-append #$output "/share"))
@@ -714,11 +723,11 @@ creates the GTK+ 'icon-theme.cache' file for each theme."
;; "abiword_48.png". Ignore these.
(when (file-is-directory? dir)
(ensure-writable-directory dir)
- (system* update-icon-cache "-t" dir "--quiet"))))
+ (system* #+gtk-update-icon-cache "-t" dir "--quiet"))))
(scandir destdir (negate (cut member <> '("." "..")))))))))
;; Don't run the hook when there's nothing to do.
- (if gtk+
+ (if %gtk+
(gexp->derivation "gtk-icon-themes" build
#:local-build? #t
#:substitutable? #f)
diff --git a/m4/guix.m4 b/m4/guix.m4
index 949ae4ca7c..6d8ec2e4e0 100644
--- a/m4/guix.m4
+++ b/m4/guix.m4
@@ -74,6 +74,9 @@ AC_DEFUN([GUIX_SYSTEM_TYPE], [
linux-gnu*)
# For backward compatibility, strip the `-gnu' part.
guix_system="$machine_name-linux";;
+ gnu*)
+ # Always use i586 for GNU/Hurd.
+ guix_system="i586-gnu";;
*)
# Strip the version number from names such as `gnu0.3',
# `darwin10.2.0', etc.
diff --git a/tests/build-utils.scm b/tests/build-utils.scm
index cc96738e36..7d49446f66 100644
--- a/tests/build-utils.scm
+++ b/tests/build-utils.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -19,12 +19,9 @@
(define-module (test-build-utils)
#:use-module (guix tests)
- #:use-module (guix store)
- #:use-module (guix derivations)
#:use-module (guix build utils)
- #:use-module (guix packages)
- #:use-module (guix build-system)
- #:use-module (guix build-system trivial)
+ #:use-module ((guix utils)
+ #:select (%current-system call-with-temporary-directory))
#:use-module (gnu packages)
#:use-module (gnu packages bootstrap)
#:use-module (srfi srfi-34)
@@ -32,9 +29,6 @@
#:use-module (rnrs io ports)
#:use-module (ice-9 popen))
-(define %store
- (open-connection-for-tests))
-
(test-begin "build-utils")
@@ -95,49 +89,37 @@
port
cons)))))
-(test-assert "wrap-program, one input, multiple calls"
- (let* ((p (package
- (name "test-wrap-program") (version "0") (source #f)
- (synopsis #f) (description #f) (license #f) (home-page #f)
- (build-system trivial-build-system)
- (arguments
- `(#:guile ,%bootstrap-guile
- #:modules ((guix build utils))
- #:builder
- (let* ((out (assoc-ref %outputs "out"))
- (bash (assoc-ref %build-inputs "bash"))
- (foo (string-append out "/foo")))
- (begin
- (use-modules (guix build utils))
- (mkdir out)
- (call-with-output-file foo
- (lambda (p)
- (format p
- "#!~a~%echo \"${GUIX_FOO} ${GUIX_BAR}\"~%"
- bash)))
- (chmod foo #o777)
- ;; wrap-program uses `which' to find bash for the wrapper
- ;; shebang, but it can't know about the bootstrap bash in
- ;; the store, since it's not named "bash". Help it out a
- ;; bit by providing a symlink it this package's output.
- (symlink bash (string-append out "/bash"))
- (setenv "PATH" out)
- (wrap-program foo `("GUIX_FOO" prefix ("hello")))
- (wrap-program foo `("GUIX_BAR" prefix ("world")))
- #t))))
- (inputs `(("bash" ,(search-bootstrap-binary "bash"
- (%current-system)))))))
- (d (package-derivation %store p)))
-
- ;; The bootstrap Bash is linked against an old libc and would abort with
- ;; an assertion failure when trying to load incompatible locale data.
- (unsetenv "LOCPATH")
-
- (and (build-derivations %store (pk 'drv d (list d)))
- (let* ((p (derivation->output-path d))
- (foo (string-append p "/foo"))
- (pipe (open-input-pipe foo))
- (str (get-string-all pipe)))
- (equal? str "hello world\n")))))
+(test-equal "wrap-program, one input, multiple calls"
+ "hello world\n"
+ (call-with-temporary-directory
+ (lambda (directory)
+ (let ((bash (search-bootstrap-binary "bash" (%current-system)))
+ (foo (string-append directory "/foo")))
+
+ (call-with-output-file foo
+ (lambda (p)
+ (format p
+ "#!~a~%echo \"${GUIX_FOO} ${GUIX_BAR}\"~%"
+ bash)))
+ (chmod foo #o777)
+
+ ;; wrap-program uses `which' to find bash for the wrapper shebang, but
+ ;; it can't know about the bootstrap bash in the store, since it's not
+ ;; named "bash". Help it out a bit by providing a symlink it this
+ ;; package's output.
+ (setenv "PATH" (dirname bash))
+ (wrap-program foo `("GUIX_FOO" prefix ("hello")))
+ (wrap-program foo `("GUIX_BAR" prefix ("world")))
+
+ ;; The bootstrap Bash is linked against an old libc and would abort with
+ ;; an assertion failure when trying to load incompatible locale data.
+ (unsetenv "LOCPATH")
+
+ (let* ((pipe (open-input-pipe foo))
+ (str (get-string-all pipe)))
+ (with-directory-excursion directory
+ (for-each delete-file '("foo" ".foo-real")))
+ (and (zero? (close-pipe pipe))
+ str))))))
(test-end)