aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/admin.scm9
-rw-r--r--gnu/packages/attr.scm2
-rw-r--r--gnu/packages/autotools.scm37
-rw-r--r--gnu/packages/avahi.scm4
-rw-r--r--gnu/packages/backup.scm9
-rw-r--r--gnu/packages/base.scm124
-rw-r--r--gnu/packages/bash.scm65
-rw-r--r--gnu/packages/bdw-gc.scm36
-rw-r--r--gnu/packages/boost.scm4
-rw-r--r--gnu/packages/bootloaders.scm6
-rw-r--r--gnu/packages/bootstrap.scm35
-rwxr-xr-xgnu/packages/bootstrap/aarch64-linux/bashbin0 -> 1162056 bytes
-rwxr-xr-xgnu/packages/bootstrap/aarch64-linux/mkdirbin0 -> 558216 bytes
-rwxr-xr-xgnu/packages/bootstrap/aarch64-linux/tarbin0 -> 1085128 bytes
-rwxr-xr-xgnu/packages/bootstrap/aarch64-linux/xzbin0 -> 738576 bytes
-rw-r--r--gnu/packages/calendar.scm11
-rw-r--r--gnu/packages/cmake.scm52
-rw-r--r--gnu/packages/commencement.scm56
-rw-r--r--gnu/packages/compression.scm34
-rw-r--r--gnu/packages/cross-base.scm2
-rw-r--r--gnu/packages/cups.scm26
-rw-r--r--gnu/packages/curl.scm20
-rw-r--r--gnu/packages/cyrus-sasl.scm9
-rw-r--r--gnu/packages/databases.scm86
-rw-r--r--gnu/packages/documentation.scm18
-rw-r--r--gnu/packages/ed.scm9
-rw-r--r--gnu/packages/elf.scm28
-rw-r--r--gnu/packages/flex.scm64
-rw-r--r--gnu/packages/fontutils.scm20
-rw-r--r--gnu/packages/freedesktop.scm14
-rw-r--r--gnu/packages/gawk.scm2
-rw-r--r--gnu/packages/gcc.scm45
-rw-r--r--gnu/packages/gd.scm55
-rw-r--r--gnu/packages/ghostscript.scm50
-rw-r--r--gnu/packages/gl.scm56
-rw-r--r--gnu/packages/glib.scm24
-rw-r--r--gnu/packages/gnupg.scm8
-rw-r--r--gnu/packages/gperf.scm4
-rw-r--r--gnu/packages/gtk.scm14
-rw-r--r--gnu/packages/guile.scm18
-rw-r--r--gnu/packages/icu4c.scm25
-rw-r--r--gnu/packages/image.scm93
-rw-r--r--gnu/packages/kde-frameworks.scm12
-rw-r--r--gnu/packages/kerberos.scm6
-rw-r--r--gnu/packages/libevent.scm6
-rw-r--r--gnu/packages/libidn.scm26
-rw-r--r--gnu/packages/libunistring.scm11
-rw-r--r--gnu/packages/linux.scm66
-rw-r--r--gnu/packages/lua.scm6
-rw-r--r--gnu/packages/m4.scm8
-rw-r--r--gnu/packages/make-bootstrap.scm18
-rw-r--r--gnu/packages/multiprecision.scm8
-rw-r--r--gnu/packages/ncurses.scm23
-rw-r--r--gnu/packages/nettle.scm6
-rw-r--r--gnu/packages/patches/alsa-lib-mips-atomic-fix.patch42
-rw-r--r--gnu/packages/patches/coreutils-fix-cross-compilation.patch15
-rw-r--r--gnu/packages/patches/eudev-conflicting-declaration.patch31
-rw-r--r--gnu/packages/patches/flex-CVE-2016-6354.patch30
-rw-r--r--gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch82
-rw-r--r--gnu/packages/patches/fontconfig-path-max.patch124
-rw-r--r--gnu/packages/patches/gcc-5-source-date-epoch-1.patch190
-rw-r--r--gnu/packages/patches/gcc-5-source-date-epoch-2.patch353
-rw-r--r--gnu/packages/patches/gcc-libiberty-printf-decl.patch28
-rw-r--r--gnu/packages/patches/gd-CVE-2016-7568.patch44
-rw-r--r--gnu/packages/patches/gd-CVE-2016-8670.patch38
-rw-r--r--gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch102
-rw-r--r--gnu/packages/patches/gd-fix-truecolor-format-correction.patch95
-rw-r--r--gnu/packages/patches/gd-freetype-test-failure.patch59
-rw-r--r--gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch121
-rw-r--r--gnu/packages/patches/gdk-pixbuf-list-dir.patch35
-rw-r--r--gnu/packages/patches/glibc-bootstrap-system.patch2
-rw-r--r--gnu/packages/patches/guile-repl-server-test.patch48
-rw-r--r--gnu/packages/patches/lcms-CVE-2016-10165.patch (renamed from gnu/packages/patches/lcms-fix-out-of-bounds-read.patch)4
-rw-r--r--gnu/packages/patches/libarchive-7zip-heap-overflow.patch77
-rw-r--r--gnu/packages/patches/libarchive-fix-filesystem-attacks.patch445
-rw-r--r--gnu/packages/patches/libarchive-fix-symlink-check.patch60
-rw-r--r--gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch44
-rw-r--r--gnu/packages/patches/libdrm-symbol-check.patch27
-rw-r--r--gnu/packages/patches/libepoxy-gl-null-checks.patch54
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch (renamed from gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch)5
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch (renamed from gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch)5
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch (renamed from gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch)5
-rw-r--r--gnu/packages/patches/libpng-CVE-2016-10087.patch37
-rw-r--r--gnu/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch33
-rw-r--r--gnu/packages/patches/libxcb-python-3.5-compat.patch64
-rw-r--r--gnu/packages/patches/pcre-CVE-2016-3191.patch151
-rw-r--r--gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch54
-rw-r--r--gnu/packages/patches/python-3.4-fix-tests.patch12
-rw-r--r--gnu/packages/patches/python-3.5-fix-tests.patch37
-rw-r--r--gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch720
-rw-r--r--gnu/packages/patches/python-fix-tests.patch17
-rw-r--r--gnu/packages/patches/sed-hurd-path-max.patch34
-rw-r--r--gnu/packages/patches/tar-CVE-2016-6321.patch51
-rw-r--r--gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch33
-rw-r--r--gnu/packages/patches/tcsh-fix-autotest.patch113
-rw-r--r--gnu/packages/patches/xcb-proto-python3-print.patch75
-rw-r--r--gnu/packages/patches/xcb-proto-python3-whitespace.patch217
-rw-r--r--gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch46
-rw-r--r--gnu/packages/pcre.scm5
-rw-r--r--gnu/packages/pdf.scm23
-rw-r--r--gnu/packages/php.scm29
-rw-r--r--gnu/packages/pkg-config.scm6
-rw-r--r--gnu/packages/pth.scm10
-rw-r--r--gnu/packages/pulseaudio.scm9
-rw-r--r--gnu/packages/python.scm33
-rw-r--r--gnu/packages/qemu.scm2
-rw-r--r--gnu/packages/shells.scm73
-rw-r--r--gnu/packages/ssh.scm14
-rw-r--r--gnu/packages/statistics.scm5
-rw-r--r--gnu/packages/tcl.scm8
-rw-r--r--gnu/packages/tls.scm62
-rw-r--r--gnu/packages/version-control.scm3
-rw-r--r--gnu/packages/video.scm9
-rw-r--r--gnu/packages/xdisorg.scm16
-rw-r--r--gnu/packages/xiph.scm8
-rw-r--r--gnu/packages/xml.scm25
-rw-r--r--gnu/packages/xorg.scm123
117 files changed, 3399 insertions, 2293 deletions
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 4b14e0ef32..34f6c222ce 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -112,20 +112,23 @@ usual file attributes can be checked for inconsistencies.")
(define-public progress
(package
(name "progress")
- (version "0.13")
+ (version "0.13.1")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/Xfennec/"
name "/archive/v" version ".tar.gz"))
(sha256
- (base32 "133iar4vq5vlklydb4cyazjy6slmpbndrws474mg738bd8avc30n"))
+ (base32 "199rk6608q9m6l0fbjm0xl2w1c5krf8245dqnksdp4rqp7l9ak06"))
(file-name (string-append name "-" version ".tar.gz"))))
(build-system gnu-build-system)
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("which" ,which)))
(inputs
`(("ncurses" ,ncurses)))
(arguments
`(#:tests? #f ; There is no test suite.
- #:make-flags (list "CC=gcc" "LDFLAGS+=-lncurses"
+ #:make-flags (list "CC=gcc"
(string-append "PREFIX=" (assoc-ref %outputs "out")))
#:phases
(modify-phases %standard-phases
diff --git a/gnu/packages/attr.scm b/gnu/packages/attr.scm
index 907a568bdd..4dbe09ceca 100644
--- a/gnu/packages/attr.scm
+++ b/gnu/packages/attr.scm
@@ -54,7 +54,7 @@
;; Use the right shell.
(substitute* "test/run"
(("/bin/sh")
- (which "bash")))
+ (which "sh")))
;; When building natively, run the tests.
(unless target
diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm
index 72492e70eb..442c87c1f1 100644
--- a/gnu/packages/autotools.scm
+++ b/gnu/packages/autotools.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2014 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 David Thompson <davet@gnu.org>
+;;; Copyright © 2017 ng0 <ng0@libertad.pw>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -26,6 +27,7 @@
#:use-module (gnu packages)
#:use-module (gnu packages perl)
#:use-module (gnu packages m4)
+ #:use-module (gnu packages man)
#:use-module (gnu packages bash)
#:use-module (guix utils)
#:use-module (guix packages)
@@ -300,6 +302,7 @@ Makefile, simplifying the entire process for the developer.")
(propagated-inputs `(("m4" ,m4)))
(native-inputs `(("m4" ,m4)
("perl" ,perl)
+ ("help2man" ,help2man) ;because we modify ltmain.sh
("automake" ,automake) ;some tests rely on 'aclocal'
("autoconf" ,(autoconf-wrapper)))) ;others on 'autom4te'
@@ -313,21 +316,27 @@ Makefile, simplifying the entire process for the developer.")
(or (%current-target-system)
(%current-system))))
- #:phases (alist-cons-before
- 'check 'pre-check
- (lambda* (#:key inputs #:allow-other-keys)
- ;; Run the test suite in parallel, if possible.
- (setenv "TESTSUITEFLAGS"
- (string-append
- "-j"
- (number->string (parallel-job-count))))
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'check 'pre-check
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; Run the test suite in parallel, if possible.
+ (setenv "TESTSUITEFLAGS"
+ (string-append
+ "-j"
+ (number->string (parallel-job-count))))
+ ;; Patch references to /bin/sh.
+ (let ((bash (assoc-ref inputs "bash")))
+ (substitute* "tests/testsuite"
+ (("/bin/sh")
+ (string-append bash "/bin/sh")))
+ #t)))
+ (add-after 'patch-source-shebangs 'restore-ltmain-shebang
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "build-aux/ltmain.in"
+ (("^#!.*/bin/sh$") "#!/bin/sh"))
+ #t)))))
- ;; Path references to /bin/sh.
- (let ((bash (assoc-ref inputs "bash")))
- (substitute* "tests/testsuite"
- (("/bin/sh")
- (string-append bash "/bin/bash")))))
- %standard-phases)))
(synopsis "Generic shared library support tools")
(description
"GNU Libtool helps in the creation and use of shared libraries, by
diff --git a/gnu/packages/avahi.scm b/gnu/packages/avahi.scm
index 5740ab2ff8..73e63ab0dc 100644
--- a/gnu/packages/avahi.scm
+++ b/gnu/packages/avahi.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
@@ -25,6 +25,7 @@
#:use-module (gnu packages)
#:use-module (gnu packages databases)
#:use-module (gnu packages libdaemon)
+ #:use-module (gnu packages linux)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages glib)
#:use-module (gnu packages xml))
@@ -59,6 +60,7 @@
("glib" ,glib)
("dbus" ,dbus)
("gdbm" ,gdbm)
+ ("libcap" ,libcap) ;to enable chroot support in avahi-daemon
("libdaemon" ,libdaemon)))
(native-inputs
`(("intltool" ,intltool)
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 97ab70e651..9e20b9f033 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -186,20 +186,15 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
- (version "3.2.1")
+ (version "3.2.2")
(source
(origin
(method url-fetch)
(uri (string-append "http://libarchive.org/downloads/libarchive-"
version ".tar.gz"))
- (patches (search-patches
- "libarchive-7zip-heap-overflow.patch"
- "libarchive-fix-symlink-check.patch"
- "libarchive-fix-filesystem-attacks.patch"
- "libarchive-safe_fprintf-buffer-overflow.patch"))
(sha256
(base32
- "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj"))))
+ "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739"))))
(build-system gnu-build-system)
;; TODO: Add -L/path/to/nettle in libarchive.pc.
(inputs
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index c75e038289..ba9c820efa 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
@@ -78,14 +78,14 @@ command-line arguments, multiple languages, and so on.")
(define-public grep
(package
(name "grep")
- (version "2.25")
+ (version "3.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/grep/grep-"
version ".tar.xz"))
(sha256
(base32
- "0c38b67cnwchwzv4wq2gpz6smkhdxrac2hhssv8f0l04qnx867p2"))
+ "1dcasjp3a578nrvzrcn38mpizb8w1q6mvfzhjmcqqgkf0nsivj72"))
(patches (search-patches "grep-timing-sensitive-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl))) ;some of the tests require it
@@ -118,30 +118,36 @@ including, for example, recursive directory searching.")
(define-public sed
(package
(name "sed")
- (version "4.2.2")
+ (version "4.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/sed/sed-" version
- ".tar.bz2"))
+ ".tar.xz"))
(sha256
(base32
- "1myvrmh99jsvk7v3d7crm0gcrq51hmmm1r2kjyyci152in1x2j7h"))
- (patches (search-patches "sed-hurd-path-max.patch"))))
+ "0fv88bcnraixc8jvpacvxshi30p5x9m7yb8ns1hfv07hmb2ypmnb"))))
(build-system gnu-build-system)
(synopsis "Stream editor")
(arguments
- (if (%current-target-system)
- '()
- `(#:phases (alist-cons-before
- 'patch-source-shebangs 'patch-test-suite
- (lambda* (#:key inputs #:allow-other-keys)
- (let ((bash (assoc-ref inputs "bash")))
- (patch-makefile-SHELL "testsuite/Makefile.tests")
- (substitute* '("testsuite/bsd.sh"
- "testsuite/bug-regex9.c")
- (("/bin/sh")
- (string-append bash "/bin/bash")))))
- %standard-phases))))
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'dont-rebuild-sed.1
+ (lambda _
+ ;; Make sure we do not attempt to rebuild 'doc/sed.1', which does
+ ;; not work when cross-compiling because we cannot run 'sed'.
+ ;; This is fixed upstream as commit a0a25e3.
+ (substitute* "Makefile.in"
+ (("^doc/sed\\.1:.*")
+ "doc/sed.1:\n"))
+ #t))
+ (add-before 'patch-source-shebangs 'patch-test-suite
+ (lambda* (#:key inputs #:allow-other-keys)
+ (patch-makefile-SHELL "testsuite/Makefile.tests")
+ (substitute* '("testsuite/bsd.sh"
+ "testsuite/bug-regex9.c")
+ (("/bin/sh")
+ (which "sh")))
+ #t)))))
(description
"Sed is a non-interactive, text stream editor. It receives a text
input from a file or from standard input and it then applies a series of text
@@ -149,7 +155,7 @@ editing commands to the stream and prints its output to standard output. It
is often used for substituting text patterns in a stream. The GNU
implementation offers several extensions over the standard utility.")
(license gpl3+)
- (home-page "http://www.gnu.org/software/sed/")))
+ (home-page "https://www.gnu.org/software/sed/")))
(define-public tar
(package
@@ -162,7 +168,8 @@ implementation offers several extensions over the standard utility.")
(sha256
(base32
"097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"))
- (patches (search-patches "tar-skip-unreliable-tests.patch"))))
+ (patches (search-patches "tar-CVE-2016-6321.patch"
+ "tar-skip-unreliable-tests.patch"))))
(build-system gnu-build-system)
;; Note: test suite requires ~1GiB of disk space.
(arguments
@@ -277,14 +284,15 @@ used to apply commands with arbitrarily long arguments.")
(define-public coreutils
(package
(name "coreutils")
- (version "8.25")
+ (version "8.26")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/coreutils/coreutils-"
version ".tar.xz"))
(sha256
(base32
- "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii"))))
+ "13lspazc7xkviy93qz7ks9jv4sldvgmwpq36ghrbrqpq93br8phm"))
+ (patches (search-patches "coreutils-fix-cross-compilation.patch"))))
(build-system gnu-build-system)
(inputs `(("acl" ,acl) ; TODO: add SELinux
("gmp" ,gmp) ;bignums in 'expr', yay!
@@ -305,6 +313,7 @@ used to apply commands with arbitrarily long arguments.")
(outputs '("out" "debug"))
(arguments
`(#:parallel-build? #f ; help2man may be called too early
+ #:parallel-tests? #f ; race condition fixed after 8.26
#:phases (alist-cons-before
'build 'patch-shell-references
(lambda* (#:key inputs #:allow-other-keys)
@@ -362,7 +371,7 @@ functionality beyond that which is outlined in the POSIX standard.")
(let ((bash (assoc-ref inputs "bash")))
(substitute* "job.c"
(("default_shell =.*$")
- (format #f "default_shell = \"~a/bin/bash\";\n"
+ (format #f "default_shell = \"~a/bin/sh\";\n"
bash)))))))))
(synopsis "Remake files automatically")
(description
@@ -501,14 +510,14 @@ store.")
(define-public glibc/linux
(package
(name "glibc")
- (version "2.24")
+ (version "2.25")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-"
version ".tar.xz"))
(sha256
(base32
- "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r"))
+ "1813dzkgw6v8q8q1m4v96yfis7vjqc9pslqib6j9mrwh6fxxjyq6"))
(snippet
;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is
;; required on LFS distros to avoid loading the distro's libc.so
@@ -619,14 +628,14 @@ store.")
;; Same for `popen'.
(substitute* "libio/iopopen.c"
(("/bin/sh")
- (string-append bash "/bin/bash")))
+ (string-append bash "/bin/sh")))
;; Same for the shell used by the 'exec' functions for
;; scripts that lack a shebang.
(substitute* (find-files "." "^paths\\.h$")
(("#define[[:blank:]]+_PATH_BSHELL[[:blank:]].*$")
(string-append "#define _PATH_BSHELL \""
- bash "/bin/bash\"\n")))
+ bash "/bin/sh\"\n")))
;; Nscd uses __DATE__ and __TIME__ to create a string to
;; make sure the client and server come from the same
@@ -715,7 +724,21 @@ with the Linux kernel.")
;; Use the right 'pwd'.
(substitute* "configure"
(("/bin/pwd") "pwd")))
- ,original-phases)))
+ (alist-replace
+ 'build
+ (lambda _
+ ;; Force mach/hurd/libpthread subdirs to build first in order to avoid
+ ;; linking errors.
+ ;; See <https://lists.gnu.org/archive/html/bug-hurd/2016-11/msg00045.html>
+ (let ((-j (list "-j" (number->string (parallel-job-count)))))
+ (let-syntax ((make (syntax-rules ()
+ ((_ target)
+ (zero? (apply system* "make" target -j))))))
+ (and (make "mach/subdir_lib")
+ (make "hurd/subdir_lib")
+ (make "libpthread/subdir_lib")
+ (zero? (apply system* "make" -j))))))
+ ,original-phases))))
((#:configure-flags original-configure-flags)
`(append (list "--host=i586-pc-gnu"
@@ -750,6 +773,18 @@ GLIBC/HURD for a Hurd host"
;; Below are old libc versions, which we use mostly to build locale data in
;; the old format (which the new libc cannot cope with.)
+(define-public glibc-2.24
+ (package
+ (inherit glibc)
+ (version "2.24")
+ (source (origin
+ (inherit (package-source glibc))
+ (uri (string-append "mirror://gnu/glibc/glibc-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r"))))))
+
(define-public glibc-2.23
(package
(inherit glibc)
@@ -943,7 +978,7 @@ command.")
(define-public tzdata
(package
(name "tzdata")
- (version "2016j")
+ (version "2017a")
(source (origin
(method url-fetch)
(uri (string-append
@@ -951,7 +986,7 @@ command.")
version ".tar.gz"))
(sha256
(base32
- "1j4xycpwhs57qnkcxwh3np8wnf3km69n3cf4w6p2yv2z247lxvpm"))))
+ "1mmv4rvcs12lrvgghw4fidczvb69yv69cmzknghcvw1c196mqfnz"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f
@@ -999,7 +1034,7 @@ command.")
version ".tar.gz"))
(sha256
(base32
- "1dxhrk4z0n2di8p0yd6q00pa6bwyz5xqbrfbasiz8785ni7zrvxr"))))))
+ "1b1q7gnlsh5hjgs5065pvajd37rmbc3k9b8cgzad1vcrifswdwh2"))))))
(home-page "https://www.iana.org/time-zones")
(synopsis "Database of current and historical time zones")
(description "The Time Zone Database (often called tz or zoneinfo)
@@ -1009,6 +1044,31 @@ reflect changes made by political bodies to time zone boundaries, UTC offsets,
and daylight-saving rules.")
(license public-domain)))
+;;; A "fixed" version of tzdata, which is used in the test suites of
+;;; glib and R. We can update this whenever we are able to rebuild
+;;; thousands of packages (for example, in a core-updates rebuild).
+(define-public tzdata-2017a
+ (package
+ (inherit tzdata)
+ (version "2017a")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://www.iana.org/time-zones/repository"
+ "/releases/tzdata" version ".tar.gz"))
+ (sha256
+ (base32
+ "1mmv4rvcs12lrvgghw4fidczvb69yv69cmzknghcvw1c196mqfnz"))))
+ (inputs `(("tzcode" ,(origin
+ (method url-fetch)
+ (uri (string-append
+ "http://www.iana.org/time-zones/repository/releases/tzcode"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "1b1q7gnlsh5hjgs5065pvajd37rmbc3k9b8cgzad1vcrifswdwh2"))))))))
+
+
(define-public libiconv
(package
(name "libiconv")
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index 388f5271c1..24afd66825 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -1,7 +1,8 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -58,7 +59,19 @@
(define %patch-series-4.4
;; This is the current patches series for 4.4, generated using
;; 'download-patches' below.
- (patch-series))
+ (patch-series
+ (1 "03vzy7qwjdd5qvl3ydg99naazas2qmyd0yhnrflgjbbm64axja1y")
+ (2 "0lrwq6vyqism3yqv9s7kzaf3dsl4q5w9r5svcqz279qp7qca083h")
+ (3 "1chqww2rj6g42b8s60q5zlzy0jzp684jkpsbrbfy1vzxja8mmpsi")
+ (4 "1cy8abf96hkrjhw921ndr0shlcnc52bg45rn6xri4v5clhq0l25d")
+ (5 "0a8515kyk4zsgmvlqvlganjfr7pq0j6kzpr4d6xx02kpbdr4n7i2")
+ (6 "1f24wgqngmj2mrj9yibwvc2zvlmn5xi53mnw777g3l40c4m2x3ka")
+ (7 "1bzdsnqaf05gdbqpsixhan8vygjxpcxlz1dd8d9f5jdznw3wq76y") ;CVE-2017-5932
+ (8 "1firw915mjm03hbbw9a70ch3cpgrgnvqjpllgdnn6csr8q04f546")
+ (9 "0g1l56kvw61rpw7dqa9fcl9llkl693h73g631hrhxlm030ddssqb")
+ (10 "01lfhrkdsdkdz8ypzapr614ras23x7ckjnr60aa5bzkaqprccrc4")
+ (11 "038p7mhnq9m65g505hi3827jkf9f35nd1cy00w8mwafpyxp44mnx")
+ (12 "0gh6lbb1rwpk44pvbamm6vzdfi50xnwkqd9v7s8cjwk3pz973hps")))
(define (download-patches store count)
"Download COUNT Bash patches into store. Return a list of
@@ -99,7 +112,6 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
(version "4.4"))
(package
(name "bash")
- (replacement bash/fixed)
(source (origin
(method url-fetch)
(uri (string-append
@@ -164,6 +176,13 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
(rename-file (string-append out "/lib/pkgconfig")
(string-append include
"/lib/pkgconfig"))
+
+ ;; Don't capture the absolute file name of 'install' to avoid
+ ;; retaining a dependency on Coreutils.
+ (substitute* (string-append (lib include)
+ "/Makefile.inc")
+ (("^INSTALL =.*")
+ "INSTALL = install -c\n"))
#t))))))
(native-search-paths
@@ -186,7 +205,6 @@ without modification.")
;; A stripped-down Bash for non-interactive use.
(package (inherit bash)
(name "bash-minimal")
- (replacement #f) ;not vulnerable to CVE-2017-5932 since it lacks completion
(inputs '()) ; no readline, no curses
;; No "include" output because there's no support for loadable modules.
@@ -242,45 +260,6 @@ without modification.")
(delete-file-recursively (string-append out "/share"))
#t))))))))))
-(define* (url-fetch/reset-patch-level url hash-algo hash
- #:optional name
- #:key (system (%current-system)))
- "Fetch the Bash patch from URL and reset its 'PATCHLEVEL' definition so it
-can apply to a patch-level 0 Bash."
- ;; Note: Forcefully use %BOOTSTRAP-GUILE here to work around bootstrapping
- ;; issues when using a daemon that lacks the "download" built-in. See
- ;; <https://bugs.gnu.org/25775>.
- (mlet* %store-monad ((name -> (or name (basename url)))
- (patch (url-fetch url hash-algo hash
- (string-append name ".orig")
- #:system system
- #:guile %bootstrap-guile)))
- (gexp->derivation name
- (with-imported-modules '((guix build utils))
- #~(begin
- (use-modules (guix build utils))
- (copy-file #$patch #$output)
- (substitute* #$output
- (("PATCHLEVEL [0-6]+")
- "PATCHLEVEL 0"))))
- #:system system)))
-
-(define bash/fixed ;CVE-2017-5932 (RCE with completion)
- (package
- (inherit bash)
- (version "4.4.A") ;4.4.0 + patch #7
- (replacement #f)
- (source
- (origin
- (inherit (package-source bash))
- (patches (cons (origin
- (method url-fetch/reset-patch-level)
- (uri (patch-url 7))
- (sha256
- (base32
- "1bzdsnqaf05gdbqpsixhan8vygjxpcxlz1dd8d9f5jdznw3wq76y")))
- (origin-patches (package-source bash))))))))
-
(define-public bash-completion
(package
(name "bash-completion")
diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm
index 992a11bac0..b9732374d7 100644
--- a/gnu/packages/bdw-gc.scm
+++ b/gnu/packages/bdw-gc.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -24,24 +25,23 @@
#:use-module (guix build-system gnu)
#:use-module (gnu packages pkg-config))
-(define-public libgc-7.2
+(define-public libgc
(package
(name "libgc")
- (version "7.2f")
+ (version "7.6.0")
(source (origin
(method url-fetch)
(uri (string-append "http://www.hboehm.info/gc/gc_source/gc-"
version ".tar.gz"))
(sha256
(base32
- "119x7p1cqw40mpwj80xfq879l9m1dkc7vbc1f3bz3kvkf8bf6p16"))))
+ "143x7g0d0k6250ai6m2x3l4y352mzizi4wbgrmahxscv2aqjhjm1"))))
(build-system gnu-build-system)
(arguments
- ;; Make it so that we don't rely on /proc. This is especially useful in
- ;; an initrd run before /proc is mounted.
- '(#:configure-flags '("CPPFLAGS=-DUSE_LIBC_PRIVATES"
- ;; Install gc_cpp.h et al.
+ '(#:configure-flags '(;; Install gc_cpp.h et al.
"--enable-cplusplus")))
+ (native-inputs `(("pkg-config" ,pkg-config)))
+ (inputs `(("libatomic-ops" ,libatomic-ops)))
(outputs '("out" "debug"))
(synopsis "The Boehm-Demers-Weiser conservative garbage collector
for C and C++")
@@ -67,7 +67,7 @@ C or C++ programs, though that is not its primary goal.")
(define-public libatomic-ops
(package
(name "libatomic-ops")
- (version "7.4.2")
+ (version "7.4.4")
(source (origin
(method url-fetch)
(uri (string-append
@@ -75,7 +75,7 @@ C or C++ programs, though that is not its primary goal.")
version ".tar.gz"))
(sha256
(base32
- "1pdm0h1y7bgkczr8byg20r6bq15m5072cqm5pny4f9crc9gn3yh4"))))
+ "13vg5fqwil17zpf4hj4h8rh3blzmym693lkdjgvwpgni1mh0l8dz"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(synopsis "Accessing hardware atomic memory update operations")
@@ -88,21 +88,3 @@ lock-free code, experiment with thread programming paradigms, etc.")
;; Some source files are X11-style, others are GPLv2+.
(license gpl2+)))
-
-(define-public libgc
- (package (inherit libgc-7.2)
- (version "7.4.2")
- (source (origin
- (method url-fetch)
- (uri (string-append "http://www.hboehm.info/gc/gc_source/gc-"
- version ".tar.gz"))
- (sha256
- (base32
- "18mg28rr6kwr5clc65k4l4hkyy4kd16amx831sjf8q2lqkbhlck3"))))
-
- ;; New dependencies.
- (native-inputs `(("pkg-config" ,pkg-config)))
- (inputs `(("libatomic-ops" ,libatomic-ops)))
-
- ;; 'USE_LIBC_PRIVATES' is now the default.
- (arguments '(#:configure-flags '("--enable-cplusplus")))))
diff --git a/gnu/packages/boost.scm b/gnu/packages/boost.scm
index e6abf4d5e3..b3fccdf2eb 100644
--- a/gnu/packages/boost.scm
+++ b/gnu/packages/boost.scm
@@ -34,7 +34,7 @@
(define-public boost
(package
(name "boost")
- (version "1.61.0")
+ (version "1.63.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -43,7 +43,7 @@
".tar.bz2"))
(sha256
(base32
- "0h5nk7pgxf7xsvvshj9qfpsfp9wx6gq9r78n3nx736pxq83bsix5"))))
+ "1c5kzhcqahnic55dxcnw7r80qvwx5sfa2sa97yzv7xjrywljbbmy"))))
(build-system gnu-build-system)
(inputs `(("zlib" ,zlib)))
(native-inputs
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index 16cb7b4c0b..86a776910a 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -27,7 +27,6 @@
#:use-module (gnu packages admin)
#:use-module ((gnu packages algebra) #:select (bc))
#:use-module (gnu packages assembly)
- #:use-module (gnu packages flex)
#:use-module (gnu packages disk)
#:use-module (gnu packages bison)
#:use-module (gnu packages cdrom)
@@ -115,7 +114,10 @@
(native-inputs
`(("unifont" ,unifont)
("bison" ,bison)
- ("flex" ,flex)
+ ;; Due to a bug in flex >= 2.6.2, GRUB must be built with an older flex:
+ ;; <http://lists.gnu.org/archive/html/grub-devel/2017-02/msg00133.html>
+ ;; TODO Try building with flex > 2.6.3.
+ ("flex" ,flex-2.6.1)
("texinfo" ,texinfo)
("help2man" ,help2man)
diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index b4847094ba..048fe26f1a 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -28,6 +29,7 @@
#:use-module ((guix store) #:select (add-to-store add-text-to-store))
#:use-module ((guix derivations) #:select (derivation))
#:use-module ((guix utils) #:select (gnu-triplet->nix-system))
+ #:use-module ((guix build utils) #:select (elf-file?))
#:use-module (guix memoization)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
@@ -167,6 +169,7 @@ successful, or false to signal an error."
((string=? system "i586-gnu") "/lib/ld.so.1")
((string=? system "i686-gnu") "/lib/ld.so.1")
((string=? system "aarch64-linux") "/lib/ld-linux-aarch64.so.1")
+ ((string=? system "powerpc-linux") "/lib/ld.so.1")
((string=? system "alpha-linux") "/lib/ld-linux.so.2")
;; XXX: This one is used bare-bones, without a libc, so add a case
@@ -202,6 +205,8 @@ successful, or false to signal an error."
(guile (->store (match system
("armhf-linux"
"guile-2.0.11.tar.xz")
+ ("aarch64-linux"
+ "guile-2.0.14.tar.xz")
(_
"guile-2.0.9.tar.xz"))))
;; The following code, run by the bootstrap guile after it is
@@ -290,7 +295,8 @@ $out/bin/guile --version~%"
;; This is where the initial binaries come from.
'("ftp://alpha.gnu.org/gnu/guix/bootstrap"
"http://alpha.gnu.org/gnu/guix/bootstrap"
- "http://www.fdn.fr/~lcourtes/software/guix/packages"))
+ "http://www.fdn.fr/~lcourtes/software/guix/packages"
+ "http://flashner.co.il/guix/bootstrap"))
(define %bootstrap-coreutils&co
(package-from-tarball "bootstrap-binaries"
@@ -301,6 +307,8 @@ $out/bin/guile --version~%"
(match system
("armhf-linux"
"/20150101/static-binaries.tar.xz")
+ ("aarch64-linux"
+ "/20170217/static-binaries.tar.xz")
(_
"/20131110/static-binaries.tar.xz")))
%bootstrap-base-urls))
@@ -315,6 +323,9 @@ $out/bin/guile --version~%"
("armhf-linux"
(base32
"0gf0fn2kbpxkjixkmx5f4z6hv6qpmgixl69zgg74dbsfdfj8jdv5"))
+ ("aarch64-linux"
+ (base32
+ "18dfiq6c6xhsdpbidigw6480wh0vdgsxqq3xindq4lpdgqlccpfh"))
("mips64el-linux"
(base32
"072y4wyfsj1bs80r6vbybbafy8ya4vfy7qj25dklwk97m6g71753"))))))
@@ -325,6 +336,13 @@ $out/bin/guile --version~%"
(chmod "bin" #o755)
(patch-shebang "bin/egrep" path)
(patch-shebang "bin/fgrep" path)
+ ;; Starting with grep@2.25 'egrep' and 'fgrep' are shell files
+ ;; that call 'grep'. If the bootstrap 'egrep' and 'fgrep'
+ ;; are not binaries then patch them to execute 'grep' via its
+ ;; absolute file name instead of searching for it in $PATH.
+ (if (not (elf-file? "bin/egrep"))
+ (substitute* '("bin/egrep" "bin/fgrep")
+ (("^exec grep") (string-append (getcwd) "/bin/grep"))))
(chmod "bin" #o555)
#t)))
@@ -337,6 +355,8 @@ $out/bin/guile --version~%"
(match system
("armhf-linux"
"/20150101/binutils-2.25.tar.xz")
+ ("aarch64-linux"
+ "/20170217/binutils-2.27.tar.xz")
(_
"/20131110/binutils-2.23.2.tar.xz")))
%bootstrap-base-urls))
@@ -351,6 +371,9 @@ $out/bin/guile --version~%"
("armhf-linux"
(base32
"1v7dj6bzn6m36f20gw31l99xaabq4xrhrx3gwqkhhig0mdlmr69q"))
+ ("aarch64-linux"
+ (base32
+ "111s7ilfiby033rczc71797xrmaa3qlv179wdvsaq132pd51xv3n"))
("mips64el-linux"
(base32
"1x8kkhcxmfyzg1ddpz2pxs6fbdl6412r7x0nzbmi5n7mj8zw2gy7"))))))
@@ -398,6 +421,8 @@ $out/bin/guile --version~%"
(match (%current-system)
("armhf-linux"
"/20150101/glibc-2.20.tar.xz")
+ ("aarch64-linux"
+ "/20170217/glibc-2.25.tar.xz")
(_
"/20131110/glibc-2.18.tar.xz")))
%bootstrap-base-urls))
@@ -412,6 +437,9 @@ $out/bin/guile --version~%"
("armhf-linux"
(base32
"18cmgvpllqfpn6khsmivqib7ys8ymnq0hdzi3qp24prik0ykz8gn"))
+ ("aarch64-linux"
+ (base32
+ "07nx3x8598i2924rjnlrncg6rm61c9bmcczbbcpbx0fb742nvv5c"))
("mips64el-linux"
(base32
"0k97a3whzx3apsi9n2cbsrr79ad6lh00klxph9hw4fqyp1abkdsg")))))))))
@@ -476,6 +504,8 @@ exec ~a/bin/.gcc-wrapped -B~a/lib \
(match (%current-system)
("armhf-linux"
"/20150101/gcc-4.8.4.tar.xz")
+ ("aarch64-linux"
+ "/20170217/gcc-5.4.0.tar.xz")
(_
"/20131110/gcc-4.8.2.tar.xz")))
%bootstrap-base-urls))
@@ -490,6 +520,9 @@ exec ~a/bin/.gcc-wrapped -B~a/lib \
("armhf-linux"
(base32
"0ghz825yzp43fxw53kd6afm8nkz16f7dxi9xi40bfwc8x3nbbr8v"))
+ ("aarch64-linux"
+ (base32
+ "1ar3vdzyqbfm0z36kmvazvfswxhcihlacl2dzdjgiq25cqnq9ih1"))
("mips64el-linux"
(base32
"1m5miqkyng45l745n0sfafdpjkqv9225xf44jqkygwsipj2cv9ks")))))))))
diff --git a/gnu/packages/bootstrap/aarch64-linux/bash b/gnu/packages/bootstrap/aarch64-linux/bash
new file mode 100755
index 0000000000..0bfb9d1824
--- /dev/null
+++ b/gnu/packages/bootstrap/aarch64-linux/bash
Binary files differ
diff --git a/gnu/packages/bootstrap/aarch64-linux/mkdir b/gnu/packages/bootstrap/aarch64-linux/mkdir
new file mode 100755
index 0000000000..35cd1815fd
--- /dev/null
+++ b/gnu/packages/bootstrap/aarch64-linux/mkdir
Binary files differ
diff --git a/gnu/packages/bootstrap/aarch64-linux/tar b/gnu/packages/bootstrap/aarch64-linux/tar
new file mode 100755
index 0000000000..7e68edb0be
--- /dev/null
+++ b/gnu/packages/bootstrap/aarch64-linux/tar
Binary files differ
diff --git a/gnu/packages/bootstrap/aarch64-linux/xz b/gnu/packages/bootstrap/aarch64-linux/xz
new file mode 100755
index 0000000000..5aa18c9234
--- /dev/null
+++ b/gnu/packages/bootstrap/aarch64-linux/xz
Binary files differ
diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm
index 1e9a93ca93..d7260b5f42 100644
--- a/gnu/packages/calendar.scm
+++ b/gnu/packages/calendar.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Troy Sankey <sankeytms@gmail.com>
@@ -64,10 +64,11 @@
(lambda _
(let ((tzdata (assoc-ref %build-inputs "tzdata")))
(substitute* "src/libical/icaltz-util.c"
- (("char \\*search_paths \\[\\] =.*$")
- (string-append
- "char *search_paths [] = "
- "{\"" tzdata "/share/zoneinfo\"};\n"))))
+ (("\\\"/usr/share/zoneinfo\\\",")
+ (string-append "\"" tzdata "/share/zoneinfo\""))
+ (("\\\"/usr/lib/zoneinfo\\\",") "")
+ (("\\\"/etc/zoneinfo\\\",") "")
+ (("\\\"/usr/share/lib/zoneinfo\\\"") "")))
#t)))))
(native-inputs
`(("perl" ,perl)))
diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm
index cd82978de2..a4e2d38e36 100644
--- a/gnu/packages/cmake.scm
+++ b/gnu/packages/cmake.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -22,7 +23,7 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages cmake)
- #:use-module ((guix licenses) #:select (bsd-3))
+ #:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
@@ -32,13 +33,14 @@
#:use-module (gnu packages compression)
#:use-module (gnu packages curl)
#:use-module (gnu packages file)
+ #:use-module (gnu packages libevent)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages xml))
(define-public cmake
(package
(name "cmake")
- (version "3.6.1")
+ (version "3.7.2")
(source (origin
(method url-fetch)
(uri (string-append "https://www.cmake.org/files/v"
@@ -46,8 +48,24 @@
"/cmake-" version ".tar.gz"))
(sha256
(base32
- "04ggm9c0zklxypm6df1v4klrrd85m6vpv13kasj42za283n9ivi8"))
- (patches (search-patches "cmake-fix-tests.patch"))))
+ "1q6a60695prpzzsmczm2xrgxdb61fyjznb04dr6yls6iwv24c4nw"))
+ (patches (search-patches "cmake-fix-tests.patch"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Drop bundled software.
+ (with-directory-excursion "Utilities"
+ (for-each delete-file-recursively
+ '("cmbzip2"
+ ;"cmcompress"
+ "cmcurl"
+ "cmexpat"
+ ;"cmjsoncpp"
+ ;"cmlibarchive"
+ "cmliblzma"
+ "cmlibuv"
+ "cmzlib"))
+ #t)))))
(build-system gnu-build-system)
(arguments
`(#:test-target "test"
@@ -67,20 +85,19 @@
"Source/CTest/cmCTestBatchTestHandler.cxx"
"Source/cmLocalUnixMakefileGenerator3.cxx"
"Source/cmExecProgramCommand.cxx"
- "Utilities/cmbzip2/Makefile-libbz2_so"
"Utilities/Release/release_cmake.cmake"
"Utilities/cmlibarchive/libarchive/archive_write_set_format_shar.c"
"Tests/CMakeLists.txt"
"Tests/RunCMake/File_Generate/RunCMakeTest.cmake")
- (("/bin/sh") (which "sh")))))
+ (("/bin/sh") (which "sh")))
+ #t))
(add-before 'configure 'set-paths
(lambda _
;; Help cmake's bootstrap process to find system libraries
(begin
(setenv "CMAKE_LIBRARY_PATH" (getenv "LIBRARY_PATH"))
(setenv "CMAKE_INCLUDE_PATH" (getenv "C_INCLUDE_PATH"))
- ;; Get verbose output from failed tests
- (setenv "CTEST_OUTPUT_ON_FAILURE" "TRUE"))))
+ #t)))
(replace 'configure
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
@@ -88,7 +105,7 @@
"./configure"
(string-append "--prefix=" out)
"--system-libs"
- "--no-system-jsoncpp" ; not packaged yet
+ "--no-system-jsoncpp" ; FIXME: Circular dependency.
;; By default, the man pages and other docs land
;; in PREFIX/man and PREFIX/doc, but we want them
;; in share/{man,doc}. Note that unlike
@@ -98,7 +115,15 @@
"--mandir=share/man"
,(string-append
"--docdir=share/doc/cmake-"
- (version-major+minor version))))))))))
+ (version-major+minor version)))))))
+ (add-before 'check 'set-test-environment
+ (lambda _
+ ;; Get verbose output from failed tests.
+ (setenv "CTEST_OUTPUT_ON_FAILURE" "TRUE")
+ ;; Run tests in parallel.
+ (setenv "CTEST_PARALLEL_LEVEL"
+ (number->string (parallel-job-count)))
+ #t)))))
(inputs
`(("file" ,file)
("curl" ,curl)
@@ -106,6 +131,7 @@
("expat" ,expat)
("bzip2" ,bzip2)
("ncurses" ,ncurses) ; required for ccmake
+ ("libuv" ,libuv)
("libarchive" ,libarchive)))
(native-search-paths
(list (search-path-specification
@@ -118,4 +144,8 @@
CMake is used to control the software compilation process using simple platform
and compiler independent configuration files. CMake generates native makefiles
and workspaces that can be used in the compiler environment of your choice.")
- (license bsd-3)))
+ (license (list license:bsd-3 ; cmake
+ license:bsd-4 ; cmcompress
+ license:bsd-2 ; cmlibarchive
+ license:expat ; cmjsoncpp is dual MIT/public domain
+ license:public-domain)))) ; cmlibarchive/archive_getdate.c
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 7df1d3fca9..675852fb57 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
@@ -172,6 +172,26 @@
,cf)))))
(inputs %boot0-inputs))))
+(define libstdc++-boot0
+ ;; GCC's libcc1 is always built as a shared library (the top-level
+ ;; 'Makefile.def' forcefully adds --enable-shared) and thus needs to refer
+ ;; to libstdc++.so. We cannot build libstdc++-5.3 because it relies on
+ ;; C++14 features missing in our bootstrap compiler.
+ (let ((lib (package-with-bootstrap-guile (make-libstdc++ gcc-4.9))))
+ (package
+ (inherit lib)
+ (name "libstdc++-boot0")
+ (arguments
+ `(#:guile ,%bootstrap-guile
+ #:implicit-inputs? #f
+
+ ;; XXX: libstdc++.so NEEDs ld.so for some reason.
+ #:validate-runpath? #f
+
+ ,@(package-arguments lib)))
+ (inputs %boot0-inputs)
+ (native-inputs '()))))
+
(define gcc-boot0
(package-with-bootstrap-guile
(package (inherit gcc)
@@ -257,6 +277,9 @@
("mpc-source" ,(package-source mpc))
("binutils-cross" ,binutils-boot0)
+ ;; The libstdc++ that libcc1 links against.
+ ("libstdc++" ,libstdc++-boot0)
+
;; Call it differently so that the builder can check whether
;; the "libc" input is #f.
("libc-native" ,@(assoc-ref %boot0-inputs "libc"))
@@ -424,14 +447,8 @@ the bootstrap environment."
(define ld-wrapper-boot0
;; We need this so binaries on Hurd will have libmachuser and libhurduser
;; in their RUNPATH, otherwise validate-runpath will fail.
- ;;
- ;; XXX: Work around <http://bugs.gnu.org/24832> by fixing the name and
- ;; triplet on GNU/Linux. For GNU/Hurd, use the right triplet.
- (make-ld-wrapper (string-append "ld-wrapper-" "x86_64-guix-linux-gnu")
- #:target (lambda (system)
- (if (string-suffix? "-linux" system)
- "x86_64-guix-linux-gnu"
- (boot-triplet system)))
+ (make-ld-wrapper "ld-wrapper-boot0"
+ #:target boot-triplet
#:binutils binutils-boot0
#:guile %bootstrap-guile
#:bash (car (assoc-ref %boot0-inputs "bash"))))
@@ -783,12 +800,17 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
(define bash-final
;; Link with `-static-libgcc' to make sure we don't retain a reference
;; to the bootstrap GCC.
- ;; FIXME: This depends on 'bootstrap-binaries' via Makefile.in.
- (package-with-bootstrap-guile
- (package-with-explicit-inputs (static-libgcc-package bash)
- %boot3-inputs
- (current-source-location)
- #:guile %bootstrap-guile)))
+ (let ((bash (package
+ (inherit bash)
+ (arguments
+ `(#:disallowed-references
+ ,(assoc-ref %boot3-inputs "coreutils&co")
+ ,@(package-arguments bash))))))
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs (static-libgcc-package bash)
+ %boot3-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile))))
(define %boot4-inputs
;; Now use the final Bash.
@@ -987,10 +1009,10 @@ and binaries, plus debugging symbols in the 'debug' output), and Binutils.")
(gcc-toolchain gcc-4.8))
(define-public gcc-toolchain-4.9
- (gcc-toolchain gcc-final))
+ (gcc-toolchain gcc-4.9))
(define-public gcc-toolchain-5
- (gcc-toolchain gcc-5))
+ (gcc-toolchain gcc-final))
(define-public gcc-toolchain-6
(gcc-toolchain gcc-6))
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index ef176c630d..dbc4795d02 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -55,7 +55,7 @@
(define-public zlib
(package
(name "zlib")
- (version "1.2.8")
+ (version "1.2.11")
(source
(origin
(method url-fetch)
@@ -65,24 +65,24 @@
version "/zlib-" version ".tar.gz")))
(sha256
(base32
- "039agw5rqvqny92cpkrfn243x2gd4xn13hs3xi6isk55d2vqqr9n"))))
+ "18dighcs333gsvajvvgqp8l4cx7h1x7yx9gd5xacnk80spyykrf3"))))
(build-system gnu-build-system)
(arguments
- `(#:phases (alist-replace
- 'configure
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Zlib's home-made `configure' fails when passed
- ;; extra flags like `--enable-fast-install', so we need to
- ;; invoke it with just what it understand.
- (let ((out (assoc-ref outputs "out")))
- ;; 'configure' doesn't understand '--host'.
- ,@(if (%current-target-system)
- `((setenv "CHOST" ,(%current-target-system)))
- '())
- (zero?
- (system* "./configure"
- (string-append "--prefix=" out)))))
- %standard-phases)))
+ `(#:phases
+ (modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Zlib's home-made `configure' fails when passed
+ ;; extra flags like `--enable-fast-install', so we need to
+ ;; invoke it with just what it understand.
+ (let ((out (assoc-ref outputs "out")))
+ ;; 'configure' doesn't understand '--host'.
+ ,@(if (%current-target-system)
+ `((setenv "CHOST" ,(%current-target-system)))
+ '())
+ (zero?
+ (system* "./configure"
+ (string-append "--prefix=" out)))))))))
(home-page "http://zlib.net/")
(synopsis "Compression library")
(description
diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm
index a3dfb8f477..47e0958193 100644
--- a/gnu/packages/cross-base.scm
+++ b/gnu/packages/cross-base.scm
@@ -281,7 +281,7 @@ GCC that does not target a libc; otherwise, target that libc."
(setenv "ARCH" ,(system->linux-architecture target))
(format #t "`ARCH' set to `~a' (cross compiling)~%" (getenv "ARCH"))
- (and (zero? (system* "make" "defconfig"))
+ (and (zero? (system* "make" ,(system->defconfig target)))
(zero? (system* "make" "mrproper" "headers_check"))))
,phases))))
(native-inputs `(("cross-gcc" ,xgcc)
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 39ab41c192..dc070fff83 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -52,7 +52,6 @@
(define-public cups-filters
(package
(name "cups-filters")
- (replacement cups-filters/fixed)
(version "1.13.1")
(source(origin
(method url-fetch)
@@ -88,6 +87,7 @@
`(#:make-flags (list (string-append "PREFIX=" %output))
#:configure-flags
`("--disable-driverless" ; TODO: enable this
+ "--disable-mutool" ; depends on yet another PDF library (mupdf)
,(string-append "--with-test-font-path="
(assoc-ref %build-inputs "font-dejavu")
"/share/fonts/truetype/DejaVuSans.ttf")
@@ -114,7 +114,6 @@
("libjpeg" ,libjpeg)
("libpng" ,libpng)
("libtiff" ,libtiff)
- ("mupdf" ,mupdf)
("glib" ,glib)
("qpdf" ,qpdf)
("poppler" ,poppler)
@@ -135,13 +134,6 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
license:lgpl2.0+
license:expat))))
-(define mupdf/fixed-instead-of-mupdf
- (package-input-rewriting `((,mupdf . ,(@@ (gnu packages pdf) mupdf/fixed)))))
-
-;;; Fix CVE-2016-10132 and CVE-2016-10133. See mupdf/fixed for more information.
-(define cups-filters/fixed
- (mupdf/fixed-instead-of-mupdf cups-filters))
-
;; CUPS on non-MacOS systems requires cups-filters. Since cups-filters also
;; depends on CUPS libraries and binaries, cups-minimal has been added to
;; satisfy this dependency.
@@ -174,6 +166,14 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
(substitute* "Makedefs.in"
(("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@")
(("/bin/sh") (which "sh")))))
+ ;; Make the compressed manpages writable so that the
+ ;; reset-gzip-timestamps phase does not error out.
+ (add-before 'reset-gzip-timestamps 'make-manpages-writable
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (man (string-append out "/share/man")))
+ (for-each (lambda (file) (chmod file #o644))
+ (find-files man "\\.gz")))))
(add-before 'build 'patch-tests
(lambda _
(substitute* "test/ippserver.c"
@@ -275,6 +275,14 @@ device-specific programs to convert and print many types of files.")
(string-append "cupsFileFind(\"cat\", \"" catpath "\""))
(("cupsFileFind\\(\"cat\", \"/bin:/usr/bin\"")
(string-append "cupsFileFind(\"cat\", \"" catpath "\""))))))
+ ;; Make the compressed manpages writable so that the
+ ;; reset-gzip-timestamps phase does not error out.
+ (add-before 'reset-gzip-timestamps 'make-manpages-writable
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (man (string-append out "/share/man")))
+ (for-each (lambda (file) (chmod file #o644))
+ (find-files man "\\.gz")))))
(add-after 'install 'install-cups-filters-symlinks
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 13e0686519..22e18389e7 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -3,7 +3,7 @@
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -40,15 +40,14 @@
(define-public curl
(package
(name "curl")
- (replacement curl-7.53.0)
- (version "7.50.3")
+ (version "7.53.0")
(source (origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.lzma"))
(sha256
(base32
- "1spmk0345hq0sgpwxs8d410268lmg3wf1x9v23hxff7wxki5fm4c"))))
+ "1k0i31xygb804c61llhin5wbpcscg4gfqmbxcfkpdr1alwh7igrq"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.2 MiB of man3 pages
@@ -120,16 +119,3 @@ tunneling, and so on.")
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
-
-(define curl-7.53.0
- (package
- (inherit curl)
- (source
- (let ((version "7.53.0"))
- (origin
- (method url-fetch)
- (uri (string-append "https://curl.haxx.se/download/curl-"
- version ".tar.lzma"))
- (sha256
- (base32
- "1k0i31xygb804c61llhin5wbpcscg4gfqmbxcfkpdr1alwh7igrq")))))))
diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm
index 62bd718ab9..b48505e5f3 100644
--- a/gnu/packages/cyrus-sasl.scm
+++ b/gnu/packages/cyrus-sasl.scm
@@ -31,7 +31,6 @@
(define-public cyrus-sasl
(package
(name "cyrus-sasl")
- (replacement cyrus-sasl/fixed)
(version "2.1.26")
(source (origin
(method url-fetch)
@@ -41,6 +40,7 @@
(string-append
"ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-"
version ".tar.gz")))
+ (patches (search-patches "cyrus-sasl-CVE-2013-4122.patch"))
(sha256 (base32
"1hvvbcsg21nlncbgs0cgn3iwlnb3vannzwsp6rwvnn9ba4v53g4g"))))
(build-system gnu-build-system)
@@ -66,10 +66,3 @@ server writers.")
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "http://cyrusimap.web.cmu.edu")))
-
-(define cyrus-sasl/fixed
- (package
- (inherit cyrus-sasl)
- (source (origin
- (inherit (package-source cyrus-sasl))
- (patches (search-patches "cyrus-sasl-CVE-2013-4122.patch"))))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 4549272728..8b01a2f01b 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -7,7 +7,7 @@
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
;;; Copyright © 2016 David Craven <david@craven.ch>
@@ -210,7 +210,44 @@ SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
version ".tar.gz"))
(sha256
(base32
- "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0"))))))
+ "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0"))))
+ (arguments
+ `(#:tests? #f ; no check target available
+ #:disallowed-references ("doc")
+ #:phases
+ (alist-replace
+ 'configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out"))
+ (doc (assoc-ref outputs "doc")))
+ ;; '--docdir' is not honored, so we need to patch.
+ (substitute* "dist/Makefile.in"
+ (("docdir[[:blank:]]*=.*")
+ (string-append "docdir = " doc "/share/doc/bdb")))
+
+ (zero?
+ (system* "./dist/configure"
+ (string-append "--prefix=" out)
+ (string-append "CONFIG_SHELL=" (which "bash"))
+ (string-append "SHELL=" (which "bash"))
+
+ ;; Bdb doesn't recognize aarch64 as an architecture.
+ ,@(if (string=? "aarch64-linux" (%current-system))
+ '("--build=aarch64-unknown-linux-gnu")
+ '())
+
+ ;; Remove 7 MiB of .a files.
+ "--disable-static"
+
+ ;; The compatibility mode is needed by some packages,
+ ;; notably iproute2.
+ "--enable-compat185"
+
+ ;; The following flag is needed so that the inclusion
+ ;; of db_cxx.h into C++ files works; it leads to
+ ;; HAVE_CXX_STDHEADERS being defined in db_cxx.h.
+ "--enable-cxx"))))
+ %standard-phases)))))
(define-public leveldb
(package
@@ -665,12 +702,9 @@ for example from a shell script.")
(define-public sqlite
(package
(name "sqlite")
- (version "3.14.1")
+ (version "3.17.0")
(source (origin
(method url-fetch)
- ;; TODO: Download from sqlite.org once this bug :
- ;; http://lists.gnu.org/archive/html/bug-guile/2013-01/msg00027.html
- ;; has been fixed.
(uri (let ((numeric-version
(match (string-split version #\.)
((first-digit other-digits ...)
@@ -680,23 +714,11 @@ for example from a shell script.")
(map (cut string-pad <> 2 #\0)
other-digits))
6 #\0))))))
- (list
- (string-append
- "https://fossies.org/linux/misc/sqlite-autoconf-"
- numeric-version ".tar.gz")
- (string-append
- "http://distfiles.gentoo.org/distfiles/"
- "/sqlite-autoconf-" numeric-version ".tar.gz"))
-
- ;; XXX: As of 2015-09-08, SourceForge is squatting the URL
- ;; below, returning 200 and showing an advertising page.
- ;; (string-append
- ;; "mirror://sourceforge/sqlite.mirror/SQLite%20" version
- ;; "/sqlite-autoconf-" numeric-version ".tar.gz")
- ))
+ (string-append "https://sqlite.org/2017/sqlite-autoconf-"
+ numeric-version ".tar.gz")))
(sha256
(base32
- "19j73j44akqgc6m82wm98yvnmm3mfzmfqr8mp3n7n080d53q4wdw"))))
+ "0k472gq0p706jq4529p60znvw02hdf172qxgbdv59q0n7anqbr54"))))
(build-system gnu-build-system)
(inputs `(("readline" ,readline)))
(arguments
@@ -707,7 +729,7 @@ for example from a shell script.")
(list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE "
"-DSQLITE_ENABLE_UNLOCK_NOTIFY "
"-DSQLITE_ENABLE_DBSTAT_VTAB"))))
- (home-page "http://www.sqlite.org/")
+ (home-page "https://www.sqlite.org/")
(synopsis "The SQLite database management system")
(description
"SQLite is a software library that implements a self-contained, serverless,
@@ -716,26 +738,6 @@ widely deployed SQL database engine in the world. The source code for SQLite
is in the public domain.")
(license license:public-domain)))
-(define-public sqlite-3.15.1
- (package (inherit sqlite)
- (version "3.15.1")
- (source (origin
- (method url-fetch)
- (uri (let ((numeric-version
- (match (string-split version #\.)
- ((first-digit other-digits ...)
- (string-append first-digit
- (string-pad-right
- (string-concatenate
- (map (cut string-pad <> 2 #\0)
- other-digits))
- 6 #\0))))))
- (string-append "https://sqlite.org/2016/sqlite-autoconf-"
- numeric-version ".tar.gz")))
- (sha256
- (base32
- "1ig2d9jzzixiifmgqsl6kjcvy17jwxby3s24gfnc5qvyd6vqkyjx"))))))
-
(define-public tdb
(package
(name "tdb")
diff --git a/gnu/packages/documentation.scm b/gnu/packages/documentation.scm
index 94e979c881..792e70ecdd 100644
--- a/gnu/packages/documentation.scm
+++ b/gnu/packages/documentation.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2014, 2016 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
+;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
;;;
;;; This file is part of GNU Guix.
@@ -27,6 +28,7 @@
#:use-module (guix build-system gnu)
#:use-module (guix build-system cmake)
#:use-module (gnu packages)
+ #:use-module (gnu packages bash)
#:use-module (gnu packages python)
#:use-module (gnu packages bison)
#:use-module (gnu packages docbook)
@@ -104,14 +106,14 @@ markup) can be customized and extended by the user.")
(define-public doxygen
(package
(name "doxygen")
- (version "1.8.11")
+ (version "1.8.13")
(source (origin
(method url-fetch)
(uri (string-append "http://ftp.stack.nl/pub/users/dimitri/"
name "-" version ".src.tar.gz"))
(sha256
(base32
- "0ja02pm3fpfhc5dkry00kq8mn141cqvdqqpmms373ncbwi38pl35"))
+ "0srzawqn3apzrg8hwycwrawdylmmjrndij4spw6xr1vspn3phrmg"))
(patches (search-patches "doxygen-test.patch"))))
(build-system cmake-build-system)
(native-inputs
@@ -119,8 +121,18 @@ markup) can be customized and extended by the user.")
("flex" ,flex)
("libxml2" ,libxml2) ; provides xmllint for the tests
("python" ,python-2))) ; for creating the documentation
+ (inputs
+ `(("bash" ,bash-minimal)))
(arguments
- `(#:test-target "tests"))
+ `(#:test-target "tests"
+ #:phases (modify-phases %standard-phases
+ (add-before 'configure 'patch-sh
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "src/portable.cpp"
+ (("/bin/sh")
+ (string-append
+ (assoc-ref inputs "bash") "/bin/sh")))
+ #t)))))
(home-page "http://www.stack.nl/~dimitri/doxygen/")
(synopsis "Generate documentation from annotated sources")
(description "Doxygen is the de facto standard tool for generating
diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm
index 3668aac19a..5014229952 100644
--- a/gnu/packages/ed.scm
+++ b/gnu/packages/ed.scm
@@ -28,14 +28,14 @@
(define-public ed
(package
(name "ed")
- (version "1.13")
+ (version "1.14.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/ed/ed-"
version ".tar.lz"))
(sha256
(base32
- "1ly7i1iw02vbcd0zrx084z577ngxnarffmkm45dg6vndad5carnd"))))
+ "0ajm69pma7gigddlrq2qi4dsllz9vhm8gqwpkcdagdd2yaw7xfgz"))))
(build-system gnu-build-system)
(native-inputs `(("lzip" ,lzip)))
(arguments
@@ -45,8 +45,9 @@
(add-before 'patch-source-shebangs 'patch-test-suite
(lambda _
(substitute* "testsuite/check.sh"
- (("/bin/sh") (which "sh"))))))))
- (home-page "http://www.gnu.org/software/ed/")
+ (("/bin/sh") (which "sh")))
+ #t)))))
+ (home-page "https://www.gnu.org/software/ed/")
(synopsis "Line-oriented text editor")
(description
"Ed is a line-oriented text editor: rather than offering an overview of
diff --git a/gnu/packages/elf.scm b/gnu/packages/elf.scm
index 35b644906b..c68604cf83 100644
--- a/gnu/packages/elf.scm
+++ b/gnu/packages/elf.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -78,17 +79,22 @@ addr2line, and more.")
(base32
"0vf7s9dwk2xkmhb79aigqm0x0yfbw1j0b9ksm51207qwr179n6jr"))))
(build-system gnu-build-system)
- (arguments '(#:phases (alist-replace
- 'configure
- (lambda* (#:key outputs #:allow-other-keys)
- ;; This old `configure' script doesn't support
- ;; variables passed as arguments.
- (let ((out (assoc-ref outputs "out")))
- (setenv "CONFIG_SHELL" (which "bash"))
- (zero?
- (system* "./configure"
- (string-append "--prefix=" out)))))
- %standard-phases)))
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; This old `configure' script doesn't support
+ ;; variables passed as arguments.
+ (let ((out (assoc-ref outputs "out")))
+ (setenv "CONFIG_SHELL" (which "bash"))
+ (zero?
+ (system* "./configure"
+ (string-append "--prefix=" out)
+ ,@(if (string=? "aarch64-linux"
+ (%current-system))
+ '("--host=aarch64-unknown-linux-gnu")
+ '())))))))))
(home-page "http://www.mr511.de/software/english.html")
(synopsis "ELF object file access library")
(description "Libelf is a C library to access ELF object files.")
diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm
index c1f74d65ad..1470b967da 100644
--- a/gnu/packages/flex.scm
+++ b/gnu/packages/flex.scm
@@ -24,6 +24,7 @@
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages m4)
+ #:use-module (gnu packages man)
#:use-module (gnu packages bison)
#:use-module (gnu packages indent)
#:use-module (srfi srfi-1))
@@ -31,29 +32,32 @@
(define-public flex
(package
(name "flex")
- (version "2.6.0")
+ (version "2.6.3")
(source (origin
- (method url-fetch)
- (uri (string-append "mirror://sourceforge/flex/flex-"
- version ".tar.bz2"))
- (patches (search-patches "flex-CVE-2016-6354.patch"))
- (sha256
- (base32
- "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4"))))
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/westes/flex"
+ "/releases/download/v" version "/"
+ "flex-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1an2cn2z85mkpgqcinh1fhhcd7993qm2lil1yxic8iz76ci79ck8"))))
(build-system gnu-build-system)
(inputs
(let ((bison-for-tests
;; Work around an incompatibility with Bison 3.0:
;; <http://lists.gnu.org/archive/html/bug-bison/2013-09/msg00014.html>.
- (package (inherit bison)
+ (package
+ (inherit bison)
(version "2.7.1")
(source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/bison/bison-"
- version ".tar.xz"))
- (sha256
- (base32
- "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
+ (method url-fetch)
+ (uri (string-append
+ "mirror://gnu/bison/"
+ "bison-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
;; Unlike Bison 3.0, this version did not need Flex for its
;; tests, so it allows us to break the cycle.
@@ -61,9 +65,11 @@
`(("bison" ,bison-for-tests)
("indent" ,indent))))
;; m4 is not present in PATH when cross-building
- (native-inputs `(("m4" ,m4)))
+ (native-inputs
+ `(("help2man" ,help2man)
+ ("m4" ,m4)))
(propagated-inputs `(("m4" ,m4)))
- (home-page "http://flex.sourceforge.net/")
+ (home-page "https://github.com/westes/flex")
(synopsis "Fast lexical analyser generator")
(description
"Flex is a tool for generating scanners. A scanner, sometimes
@@ -78,23 +84,21 @@ is run, it analyzes its input for occurrences of text matching the
regular expressions for each rule. Whenever it finds a match, it
executes the corresponding C code.")
(license (non-copyleft "file://COPYING"
- "See COPYING in the distribution."))))
+ "See COPYING in the distribution."))))
+;;; Many packages fail to build with flex > 2.6.1, due to this bug in flex:
+;;; <https://github.com/westes/flex/issues/162>
+;;; We must not use a flex before 2.6.1, due to CVE-2016-6354.
+;;; TODO Try using flex > 2.6.3.
(define-public flex-2.6.1
- ;; The kservice and solid packages use flex. extra-cmake-modules
- ;; forces C89 for all C files for compatibility with windows.
- ;; Flex 2.6.0 generates a lexer containing a single line comment. Single
- ;; line comments are part of the C99 standard, so the lexer won't compile
- ;; if C89 is used.
(package
(inherit flex)
(version "2.6.1")
(source (origin
(method url-fetch)
- (uri (string-append
- "https://github.com/westes/flex"
- "/releases/download/v" version "/"
- "flex-" version ".tar.gz"))
- (sha256
- (base32
- "0fy14c35yz2m1n1m4f02by3501fn0cca37zn7jp8lpp4b3kgjhrw"))))))
+ (uri (string-append "https://github.com/westes/flex"
+ "/releases/download/v" version "/"
+ "flex-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0gqhk4vkwy4gl9xbpgkljph8c0a5kpijz6wd0p5r9q202qn42yic"))))))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 15109bfe13..46c658b667 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -2,7 +2,8 @@
;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -46,13 +47,13 @@
(define-public freetype
(package
(name "freetype")
- (version "2.6.3")
+ (version "2.7.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://savannah/freetype/freetype-"
version ".tar.bz2"))
(sha256 (base32
- "18k3b026762lmyrxfil5xv8qwnvj7hc12gz9bjqzbb12lmx707ip"))))
+ "121gm15ayfg3rglby8ifh8384mcjb9dhmx9j40zl7yszw72b4frs"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@@ -69,7 +70,7 @@ It supports both bitmap and scalable formats, including TrueType, OpenType,
Type1, CID, CFF, Windows FON/FNT, X11 PCF, and others. It supports high-speed
anti-aliased glyph bitmap generation with 256 gray levels.")
(license license:freetype) ; some files have other licenses
- (home-page "http://www.freetype.org/")))
+ (home-page "https://www.freetype.org/")))
(define-public ttfautohint
(package
@@ -229,6 +230,8 @@ fonts to/from the WOFF2 format.")
(uri (string-append
"https://www.freedesktop.org/software/fontconfig/release/fontconfig-"
version ".tar.bz2"))
+ (patches (search-patches "fontconfig-charwidth-symbol-conflict.patch"
+ "fontconfig-path-max.patch"))
(sha256 (base32
"1wy7svvp7df6bjpg1m5vizb3ngd7rhb20vpclv3x3qa71khs6jdl"))))
(build-system gnu-build-system)
@@ -254,6 +257,11 @@ fonts to/from the WOFF2 format.")
"PYTHON=false")
#:phases
(modify-phases %standard-phases
+ (add-after 'unpack 'fix-tests-for-freetype-2.7.1
+ (lambda _
+ (substitute* "test/run-test.sh"
+ (("\\\| sort") "| cut -d' ' -f2 | sort"))
+ #t))
(replace 'install
(lambda _
;; Don't try to create /var/cache/fontconfig.
@@ -366,7 +374,7 @@ applications should be.")
(define-public graphite2
(package
(name "graphite2")
- (version "1.3.8")
+ (version "1.3.9")
(source
(origin
(method url-fetch)
@@ -374,7 +382,7 @@ applications should be.")
"download/" version "/" name "-" version ".tgz"))
(sha256
(base32
- "1hlc9j7w7gihy6gvzfa7902pr6yxq1sr1xkp5rwf0p29m2rjagwz"))))
+ "0rs5h7m340z75kygx8d72cps0q6yvvqa9i788vym7585cfv8a0gc"))))
(build-system cmake-build-system)
(native-inputs
`(("python" ,python-2) ; because of "import imap" in tests
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 4c15d4b2b0..20a104f623 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -274,14 +274,14 @@ Python.")
(define-public wayland
(package
(name "wayland")
- (version "1.11.0")
+ (version "1.13.0")
(source (origin
(method url-fetch)
(uri (string-append "https://wayland.freedesktop.org/releases/"
name "-" version ".tar.xz"))
(sha256
(base32
- "1c0d5ivy9n44hykvw2ggrvqrnn7naw3wg11vbvgwzgi8g5gr4h4m"))))
+ "0lgywr1m0d79vr4s8aimj8a307nss29hhy68gjpqj7m667055c39"))))
(build-system gnu-build-system)
(arguments `(#:parallel-tests? #f))
(native-inputs
@@ -331,7 +331,7 @@ applications, X servers (rootless or fullscreen) or other display servers.")
(define-public weston
(package
(name "weston")
- (version "1.11.0")
+ (version "2.0.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -339,7 +339,7 @@ applications, X servers (rootless or fullscreen) or other display servers.")
"weston-" version ".tar.xz"))
(sha256
(base32
- "09biddxw3ar797kxf9mywjkb2iwky6my39gpp51ni846y7lqdq05"))))
+ "1n35acsknwqfhsni854q5mjq2gnbnfdvinh92rpij67i4yn4dr5l"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
@@ -372,9 +372,11 @@ applications, X servers (rootless or fullscreen) or other display servers.")
;; Use elogind instead of systemd
(substitute* "configure"
(("libsystemd-login >= 198") "libelogind"))
- (substitute* '("src/launcher-logind.c" "src/weston-launch.c")
+ (substitute* '("libweston/launcher-logind.c"
+ "libweston/weston-launch.c")
(("#include <systemd/sd-login.h>")
- "#include <elogind/sd-login.h>"))))
+ "#include <elogind/sd-login.h>"))
+ #t))
(add-after 'configure 'patch-confdefs.h
(lambda _
(system "echo \"#define HAVE_SYSTEMD_LOGIN_209 1\" >> confdefs.h")))
diff --git a/gnu/packages/gawk.scm b/gnu/packages/gawk.scm
index 86f01335a8..280e3d3cff 100644
--- a/gnu/packages/gawk.scm
+++ b/gnu/packages/gawk.scm
@@ -47,7 +47,7 @@
(let ((bash (assoc-ref inputs "bash")))
(substitute* "io.c"
(("/bin/sh")
- (string-append bash "/bin/bash")))
+ (string-append bash "/bin/sh")))
;; When cross-compiling, remove dependencies on the
;; `check-for-shared-lib-support' target, which tries
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index cfd33f85ab..9376679f14 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -204,17 +205,18 @@ where the OS part is overloaded to denote a specific ABI---into GCC
(for-each
(lambda (x)
(substitute* (find-files "gcc/config"
- "^linux(64|-elf|-eabi)?\\.h$")
- (("(#define GLIBC_DYNAMIC_LINKER.*)\\\\\n$" _ line)
+ "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$")
+ (("(#define (GLIBC|GNU_USER)_DYNAMIC_LINKER.*)\\\\\n$" _ line)
line)))
'(1 2 3))
;; Fix the dynamic linker's file name.
(substitute* (find-files "gcc/config"
- "^(linux|gnu)(64|-elf|-eabi)?\\.h$")
- (("#define GLIBC_DYNAMIC_LINKER([^ ]*).*$" _ suffix)
- (format #f "#define GLIBC_DYNAMIC_LINKER~a \"~a\"~%"
- suffix
+ "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$")
+ (("#define (GLIBC|GNU_USER)_DYNAMIC_LINKER([^ ]*).*$"
+ _ gnu-user suffix)
+ (format #f "#define ~a_DYNAMIC_LINKER~a \"~a\"~%"
+ gnu-user suffix
(string-append libc ,(glibc-dynamic-linker)))))
;; Tell where to find libstdc++, libc, and `?crt*.o', except
@@ -240,13 +242,33 @@ where the OS part is overloaded to denote a specific ABI---into GCC
(format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\"
#define STANDARD_STARTFILE_PREFIX_2 \"\"
~a"
- libc line))))
+ libc line)))
+
+ ;; The rs6000 (a.k.a. powerpc) config in GCC does not use
+ ;; GNU_USER_* defines. Do the above for this case.
+ (substitute*
+ "gcc/config/rs6000/sysv4.h"
+ (("#define LIB_LINUX_SPEC (.*)$" _ suffix)
+ (format #f "#define LIB_LINUX_SPEC \
+\"-L~a/lib %{!static:-rpath=~a/lib %{!static-libgcc:-rpath=~a/lib -lgcc_s}} \" ~a"
+ libc libc libdir suffix))
+ (("#define STARTFILE_LINUX_SPEC.*$" line)
+ (format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\"
+#define STANDARD_STARTFILE_PREFIX_2 \"\"
+~a"
+ libc line))))
;; Don't retain a dependency on the build-time sed.
(substitute* "fixincludes/fixincl.x"
(("static char const sed_cmd_z\\[\\] =.*;")
"static char const sed_cmd_z[] = \"sed\";"))
+ ;; Aarch64 support didn't land in GCC until the 4.8 series.
+ (when (file-exists? "gcc/config/aarch64")
+ ;; Force Aarch64 libdir to be /lib and not /lib64
+ (substitute* "gcc/config/aarch64/t-aarch64-linux"
+ (("lib64") "lib")))
+
(when (file-exists? "libbacktrace")
;; GCC 4.8+ comes with libbacktrace. By default it builds
;; with -Werror, which fails with a -Wcast-qual error in glibc
@@ -358,8 +380,11 @@ Go. It also includes runtime support libraries for these languages.")
(sha256
(base32
"0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0"))
- (patches (search-patches "gcc-strmov-store-file-names.patch"
- "gcc-5.0-libvtv-runpath.patch"))))))
+ (patches (search-patches "gcc-arm-bug-71399.patch"
+ "gcc-strmov-store-file-names.patch"
+ "gcc-5.0-libvtv-runpath.patch"
+ "gcc-5-source-date-epoch-1.patch"
+ "gcc-5-source-date-epoch-2.patch"))))))
(define-public gcc-6
(package
@@ -377,7 +402,7 @@ Go. It also includes runtime support libraries for these languages.")
;; Note: When changing the default gcc version, update
;; the gcc-toolchain-* definitions accordingly.
-(define-public gcc gcc-4.9)
+(define-public gcc gcc-5)
(define-public (make-libstdc++ gcc)
"Return a libstdc++ package based on GCC. The primary use case is when
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index 713f7ae91e..62c8fd8588 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -36,12 +37,11 @@
(define-public gd
(package
(name "gd")
- (replacement gd-2.2.4)
;; Note: With libgd.org now pointing to github.com, genuine old
;; tarballs are no longer available. Notably, versions 2.0.x are
;; missing.
- (version "2.2.3")
+ (version "2.2.4")
(source (origin
(method url-fetch)
@@ -50,12 +50,27 @@
version "/libgd-" version ".tar.xz"))
(sha256
(base32
- "0g3xz8jpz1pl2zzmssglrpa9nxiaa7rmcmvgpbrjz8k9cyynqsvl"))
- (patches (search-patches "gd-CVE-2016-7568.patch"
- "gd-CVE-2016-8670.patch"
- "gd-fix-gd2-read-test.patch"
- "gd-fix-tests-on-i686.patch"))))
+ "1rp4v7n1dq38b92kl7gkvpvqqkw7nvdfnz6d5kip5klkxfki6zqk"))
+ (patches (search-patches "gd-fix-gd2-read-test.patch"
+ "gd-fix-tests-on-i686.patch"
+ "gd-freetype-test-failure.patch"
+ "gd-php-73968-Fix-109-XBM-reading.patch"))))
(build-system gnu-build-system)
+ (arguments
+ ;; As recommended by github.com/libgd/libgd/issues/278 to fix rounding
+ ;; issues on aarch64 and other architectures.
+ `(#:make-flags '("CFLAGS=-ffp-contract=off")
+ #:phases
+ (modify-phases %standard-phases
+ ;; This test is known to fail on i686-linux:
+ ;; https://github.com/libgd/libgd/issues/359
+ ;; TODO Replace this substitution with an upstream bug fix.
+ (add-after 'unpack 'disable-failing-test
+ (lambda _
+ (substitute* "tests/gdimagegrayscale/basic.c"
+ (("return gdNumFailures\\(\\)")
+ "return 0"))
+ #t)))))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
@@ -78,32 +93,6 @@ most common applications of GD involve website development.")
"See COPYING file in the distribution."))
(properties '((cpe-name . "libgd")))))
-(define gd-2.2.4
- (package
- (inherit gd)
- (version "2.2.4")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://github.com/libgd/libgd/releases/download/"
- "gd-" version "/libgd-" version ".tar.xz"))
- (patches (search-patches "gd-fix-gd2-read-test.patch"
- "gd-fix-tests-on-i686.patch"))
- (sha256
- (base32
- "1rp4v7n1dq38b92kl7gkvpvqqkw7nvdfnz6d5kip5klkxfki6zqk"))))
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- ;; This test is known to fail on i686-linux:
- ;; https://github.com/libgd/libgd/issues/359
- ;; TODO Replace this substitution with an upstream bug fix.
- (add-after 'unpack 'disable-failing-test
- (lambda _
- (substitute* "tests/gdimagegrayscale/basic.c"
- (("return gdNumFailures\\(\\)")
- "return 0")))))))))
-
(define-public perl-gd
(package
(name "perl-gd")
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 2c7b86c042..a6403e67a9 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -3,6 +3,8 @@
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -39,14 +41,14 @@
(define-public lcms
(package
(name "lcms")
- (replacement lcms/fixed)
- (version "2.6")
+ (version "2.8")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/lcms/lcms/" version
"/lcms2-" version ".tar.gz"))
+ (patches (search-patches "lcms-CVE-2016-10165.patch"))
(sha256 (base32
- "1c8lgq8gfs3nyplvbx9k8wzfj6r2bqi3f611vb1m8z3476454wji"))))
+ "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
(build-system gnu-build-system)
(inputs `(("libjpeg-8" ,libjpeg-8)
("libtiff" ,libtiff)
@@ -60,14 +62,6 @@ Consortium standard (ICC), approved as ISO 15076-1.")
(home-page "http://www.littlecms.com/")
(properties '((cpe-name . "little_cms_color_engine")))))
-(define lcms/fixed
- (package
- (inherit lcms)
- (source
- (origin
- (inherit (package-source lcms))
- (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))))))
-
(define-public libpaper
(package
(name "libpaper")
@@ -178,9 +172,9 @@ printing, and psresize, for adjusting page sizes.")
(add-after 'configure 'patch-config-files
(lambda _
(substitute* "base/all-arch.mak"
- (("/bin/sh") (which "bash")))
+ (("/bin/sh") (which "sh")))
(substitute* "base/unixhead.mak"
- (("/bin/sh") (which "bash")))))
+ (("/bin/sh") (which "sh")))))
(add-after 'configure 'remove-doc-reference
(lambda _
;; Don't retain a reference to the 'doc' output in 'gs'.
@@ -279,25 +273,19 @@ architecture.")
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; nothing to check, just files to copy
- #:modules ((guix build gnu-build-system)
- (guix build utils)
- (srfi srfi-1)) ; for alist-delete
#:phases
- (alist-delete
- 'configure
- (alist-delete
- 'build
- (alist-replace
- 'install
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (dir (string-append out "/share/fonts/type1/ghostscript")))
- (mkdir-p dir)
- (for-each
- (lambda (file)
- (copy-file file (string-append dir "/" file)))
- (find-files "." "pfb|afm"))))
- %standard-phases)))))
+ (modify-phases %standard-phases
+ (delete 'configure)
+ (delete 'build)
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (dir (string-append out "/share/fonts/type1/ghostscript")))
+ (mkdir-p dir)
+ (for-each
+ (lambda (file)
+ (copy-file file (string-append dir "/" file)))
+ (find-files "." "pfb|afm"))))))))
(synopsis "Free replacements for the PostScript fonts")
(description
"Ghostscript fonts provides fonts and font metrics customarily distributed with
diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm
index a3862f1ec3..209628f342 100644
--- a/gnu/packages/gl.scm
+++ b/gnu/packages/gl.scm
@@ -4,8 +4,9 @@
;;; Copyright © 2014, 2016 David Thompson <davet@gnu.org>
;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
-;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 David Thompson <davet@gnu.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -33,6 +34,7 @@
#:use-module (gnu packages gettext)
#:use-module (gnu packages guile)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages llvm)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages video)
@@ -197,7 +199,7 @@ also known as DXTn or DXTC) for Mesa.")
(define-public mesa
(package
(name "mesa")
- (version "13.0.3")
+ (version "13.0.5")
(source
(origin
(method url-fetch)
@@ -205,7 +207,7 @@ also known as DXTn or DXTC) for Mesa.")
version "/mesa-" version ".tar.xz"))
(sha256
(base32
- "03m4gc6qc50lb0ic06f83r3yl0x4lmj2zjq3sl60vl3nq7jqpanr"))
+ "11zgynii1wz17131ml1mmblpwib8m88zz2jwi5h5llh1r3iagkmz"))
(patches
(search-patches "mesa-wayland-egl-symbols-check-mips.patch"))))
(build-system gnu-build-system)
@@ -227,6 +229,11 @@ also known as DXTn or DXTC) for Mesa.")
("libxml2" ,libxml2)
;; TODO: Add 'libxml2-python' for OpenGL ES 1.1 and 2.0 support
("libxvmc" ,libxvmc)
+ ,@(match (%current-system)
+ ((or "x86_64-linux" "i686-linux")
+ `(("llvm" ,llvm)))
+ (_
+ `()))
("makedepend" ,makedepend)
("presentproto" ,presentproto)
("s2tc" ,s2tc)
@@ -236,8 +243,11 @@ also known as DXTn or DXTC) for Mesa.")
("python" ,python-2)))
(arguments
`(#:configure-flags
- '(;; drop r300 from default gallium drivers, as it requires llvm
- "--with-gallium-drivers=r600,svga,swrast,nouveau,virgl"
+ '(,@(match (%current-system)
+ ((or "armhf-linux" "aarch64-linux")
+ '("--with-galluim-drivers=freedreno,nouveau,r300,r600,svga,svrast,vc4,virgl"))
+ (_
+ '("--with-gallium-drivers=i915,nouveau,r300,r600,svga,swrast,virgl")))
;; Enable various optional features. TODO: opencl requires libclc,
;; omx requires libomxil-bellagio
"--with-egl-platforms=x11,drm,wayland"
@@ -253,12 +263,16 @@ also known as DXTn or DXTC) for Mesa.")
;; Without floating point texture support, drivers such as Nouveau
;; are stuck at OpenGL 2.1 instead of OpenGL 3.0+.
"--enable-texture-float"
+
+ ;; Also enable the tests.
+ "--enable-gallium-tests"
;; on non-intel systems, drop i915 and i965
;; from the default dri drivers
,@(match (%current-system)
((or "x86_64-linux" "i686-linux")
- '())
+ '("--with-dri-drivers=915,i965,nouveau,r200,radeon,swrast"
+ "--enable-gallium-llvm")) ; default is x86/x86_64 only
(_
'("--with-dri-drivers=nouveau,r200,radeon,swrast"))))
#:phases
@@ -456,25 +470,20 @@ OpenGL graphics API.")
(define-public libepoxy
(package
(name "libepoxy")
- (version "1.3.1")
+ (version "1.4.0")
(source (origin
(method url-fetch)
(uri (string-append
- "https://github.com/anholt/libepoxy/archive/v"
+ "https://github.com/anholt/libepoxy/releases/download/v"
+ (version-major+minor version) "/libepoxy-"
version
- ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
+ ".tar.xz"))
(sha256
(base32
- "1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037"))
- (patches (search-patches "libepoxy-gl-null-checks.patch"))))
+ "0hdbaapbxjjfdqsdvag460kfjvs800da5sngi2sc46wj9aqhda95"))))
(arguments
`(#:phases
(modify-phases %standard-phases
- (add-after
- 'unpack 'autoreconf
- (lambda _
- (zero? (system* "autoreconf" "-vif"))))
(add-before
'configure 'patch-paths
(lambda* (#:key inputs #:allow-other-keys)
@@ -485,23 +494,10 @@ OpenGL graphics API.")
(substitute* (find-files "." "\\.[ch]$")
(("libGL.so.1") (string-append mesa "/lib/libGL.so.1"))
(("libEGL.so.1") (string-append mesa "/lib/libEGL.so.1")))
-
- ;; XXX On armhf systems, we must add "GLIBC_2.4" to the list of
- ;; versions in test/dlwrap.c:dlwrap_real_dlsym. It would be
- ;; better to make this a normal patch, but for now we do it here
- ;; to prevent rebuilding on other platforms.
- ,@(if (string-prefix? "arm" (or (%current-target-system)
- (%current-system)))
- '((substitute* '"test/dlwrap.c"
- (("\"GLIBC_2\\.0\"") "\"GLIBC_2.0\", \"GLIBC_2.4\"")))
- '())
#t))))))
(build-system gnu-build-system)
(native-inputs
- `(("autoconf" ,autoconf)
- ("automake" ,automake)
- ("libtool" ,libtool)
- ("pkg-config" ,pkg-config)
+ `(("pkg-config" ,pkg-config)
("python" ,python)))
(inputs
`(("mesa" ,mesa)))
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 9dd46d60b1..6de9cce0b7 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -67,7 +67,7 @@
(define dbus
(package
(name "dbus")
- (version "1.10.14")
+ (version "1.10.16")
(source (origin
(method url-fetch)
(uri (string-append
@@ -75,7 +75,7 @@
version ".tar.gz"))
(sha256
(base32
- "10x0wvv2ly4lyyfd42k4xw0ar5qdbi9cksw3l5fcwf1y6mq8y8r3"))
+ "121kqkjsd3vgf8vca8364xl44qa5086h7qy5zs5f1l78ldpbmc57"))
(patches (search-patches "dbus-helper-search-path.patch"))))
(build-system gnu-build-system)
(arguments
@@ -137,7 +137,7 @@ shared NFS home directories.")
(define glib
(package
(name "glib")
- (version "2.50.2")
+ (version "2.50.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/"
@@ -145,7 +145,7 @@ shared NFS home directories.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1xgvmiqbhla6grpmbidqs3bl6zrb9mjknfsh7r4hb3163xy76s5y"))
+ "16frrwhc1yqkzx6bgh3060g94dr2biab17fb01mrni819jzr9vl2"))
(patches (search-patches "glib-tests-timer.patch"))))
(build-system gnu-build-system)
(outputs '("out" ; everything
@@ -157,17 +157,18 @@ shared NFS home directories.")
`(("coreutils" ,coreutils)
("util-linux" ,util-linux) ; for libmount
("libffi" ,libffi)
- ("zlib" ,zlib)
- ("tzdata" ,tzdata))) ; for tests/gdatetime.c
+ ("zlib" ,zlib)))
(native-inputs
`(("gettext" ,gettext-minimal)
("dbus" ,dbus) ; for GDBus tests
("pkg-config" ,pkg-config)
("python" ,python-wrapper)
("perl" ,perl) ; needed by GIO tests
- ("bash" ,bash)))
+ ("bash" ,bash)
+ ("tzdata" ,tzdata-2017a))) ; for tests/gdatetime.c
(arguments
- '(#:phases
+ `(#:disallowed-references (,tzdata-2017a)
+ #:phases
(modify-phases %standard-phases
(add-before 'build 'pre-build
(lambda* (#:key inputs outputs #:allow-other-keys)
@@ -246,7 +247,12 @@ shared NFS home directories.")
("gio/tests/gdbus-unix-addresses.c"
(;; Requires /etc/machine-id.
- "/gdbus/x11-autolaunch")))))
+ "/gdbus/x11-autolaunch"))
+
+ ("glib/tests/gdatetime.c"
+ (;; Assumes that the Brasilian time zone is named 'BRT',
+ ;; which is no longer true as of tzdata-2017a.
+ "/GDateTime/new_full")))))
(and-map (lambda (x) (apply disable x)) failing-tests)))))
;; Note: `--docdir' and `--htmldir' are not honored, so work around it.
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 8b8824238a..532dbf88f7 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -58,7 +58,7 @@
(define-public libgpg-error
(package
(name "libgpg-error")
- (version "1.24")
+ (version "1.26")
(source
(origin
(method url-fetch)
@@ -66,7 +66,7 @@
version ".tar.bz2"))
(sha256
(base32
- "0h75sf1ngr750c3fjfn4583q7wz40qm63jhg8vjfdrbx936f2s4j"))))
+ "0sgfia0syq78k1c9h10rkhc1nfv5v097icrprlx2x4qn074wnjsc"))))
(build-system gnu-build-system)
(home-page "https://gnupg.org")
(synopsis "Library of error values for GnuPG components")
@@ -82,14 +82,14 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
- (version "1.7.3")
+ (version "1.7.6")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
- "0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x"))))
+ "1g05prhgqw4ryd0w433q8nhds0h93kf47hfjagi2r7dghkpaysk2"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error-host" ,libgpg-error)))
diff --git a/gnu/packages/gperf.scm b/gnu/packages/gperf.scm
index 9d9aaba3ce..5e55f8d86f 100644
--- a/gnu/packages/gperf.scm
+++ b/gnu/packages/gperf.scm
@@ -25,7 +25,7 @@
(define-public gperf
(package
(name "gperf")
- (version "3.0.4")
+ (version "3.1")
(source
(origin
(method url-fetch)
@@ -33,7 +33,7 @@
version ".tar.gz"))
(sha256
(base32
- "0gnnm8iqcl52m8iha3sxrzrl9mcyhg7lfrhhqgdn4zj00ji14wbn"))))
+ "1qispg6i508rq8pkajh26cznwimbnj06wq9sd85vg95v8nwld1aq"))))
(build-system gnu-build-system)
(arguments '(#:parallel-tests? #f))
(home-page "http://www.gnu.org/software/gperf/")
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index db19c9c931..d724d79a85 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -168,7 +168,7 @@ affine transformation (scale, rotation, shear, etc.).")
(define-public harfbuzz
(package
(name "harfbuzz")
- (version "1.4.1")
+ (version "1.4.3")
(source (origin
(method url-fetch)
(uri (string-append "https://www.freedesktop.org/software/"
@@ -176,7 +176,7 @@ affine transformation (scale, rotation, shear, etc.).")
version ".tar.bz2"))
(sha256
(base32
- "1g8mndf0p0fzjfvxrprga84zvqq186gbddnw6wbna7cscfmpz8l5"))))
+ "08akv3qzwnf48xajb60dfcchkmfdjkpp65a0xd8s98w81901g343"))))
(build-system gnu-build-system)
(outputs '("out"
"bin")) ; 160K, only hb-view depend on cairo
@@ -432,7 +432,8 @@ highlighting and other features typical of a source code editor.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1v1rssjd8p5s3lymsfhiq5mbs2pc0h1r6jd0asrwdbrign7i68sj"))))
+ "1v1rssjd8p5s3lymsfhiq5mbs2pc0h1r6jd0asrwdbrign7i68sj"))
+ (patches (search-patches "gdk-pixbuf-list-dir.patch"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--with-x11")
@@ -688,9 +689,12 @@ application suites.")
("pkg-config" ,pkg-config)
("gobject-introspection" ,gobject-introspection)
("python-wrapper" ,python-wrapper)
- ("xorg-server" ,xorg-server)))
+ ;; By using a special xorg-server for GTK+'s tests, we reduce the impact
+ ;; of updating xorg-server directly on the master branch.
+ ("xorg-server" ,xorg-server-1.19.2)))
(arguments
- `(;; 47 MiB goes to "out" (24 of which is locale data!), and 26 MiB goes
+ `(#:disallowed-references (,xorg-server-1.19.2)
+ ;; 47 MiB goes to "out" (24 of which is locale data!), and 26 MiB goes
;; to "doc".
#:configure-flags (list (string-append "--with-html-dir="
(assoc-ref %outputs "doc")
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 17c808d4bd..5425ab9c75 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -137,15 +137,14 @@ without requiring the source code to be rewritten.")
(define-public guile-2.0
(package
(name "guile")
- (version "2.0.12")
- (replacement guile-2.0.13) ;CVE-2016-8606 and CVE-2016-8605
+ (version "2.0.14")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/guile/guile-" version
".tar.xz"))
(sha256
(base32
- "1sdpjq0jf1h65w29q0zprj4x6kdp5jskkvbnlwphy9lvdxrqg0fy"))))
+ "10lxc6l5alf3lzbs3ihnbfy6dfcrsyf8667wa57f26vf4mk2ai78"))))
(build-system gnu-build-system)
(native-inputs `(("pkgconfig" ,pkg-config)))
(inputs `(("libffi" ,libffi)
@@ -218,19 +217,6 @@ without requiring the source code to be rewritten.")
(properties '((hidden? . #t))) ;people should install 'guile-2.0'
(replacement #f)))
-(define guile-2.0.13
- (package
- (inherit guile-2.0)
- (version "2.0.13")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/guile/guile-" version
- ".tar.xz"))
- (sha256
- (base32
- "12yqkr974y91ylgw6jnmci2v90i90s7h9vxa4zk0sai8vjnz4i1p"))
- (patches (search-patches "guile-repl-server-test.patch"))))))
-
(define-public guile-next
(package (inherit guile-2.0)
(name "guile-next")
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 13723bf585..d842f03b4e 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -28,20 +29,17 @@
(define-public icu4c
(package
(name "icu4c")
- (version "55.1")
+ (version "58.2")
(source (origin
(method url-fetch)
(uri (string-append
- "mirror://sourceforge/icu/ICU4C/"
+ "http://download.icu-project.org/files/icu4c/"
version
"/icu4c-"
(string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
"-src.tgz"))
(sha256
- (base32 "0ys5f5spizg45qlaa31j2lhgry0jka2gfha527n4ndfxxz5j4sz1"))
- (patches (search-patches "icu4c-CVE-2014-6585.patch"
- "icu4c-CVE-2015-1270.patch"
- "icu4c-CVE-2015-4760.patch"))))
+ (base32 "036shcb3f8bm1lynhlsb4kpjm9s9c2vdiir01vg216rs2l8482ib"))))
(build-system gnu-build-system)
(inputs
`(("perl" ,perl)))
@@ -55,18 +53,9 @@
'("--with-data-packaging=archive")
'()))
#:phases
- (alist-cons-after
- 'unpack 'chdir-to-source
- (lambda _ (chdir "source"))
- (alist-cons-before
- 'configure 'patch-configure
- (lambda _
- ;; patch out two occurrences of /bin/sh from configure script
- ;; that might have disappeared in a release later than 54.1
- (substitute* "configure"
- (("`/bin/sh")
- (string-append "`" (which "bash")))))
- %standard-phases))))
+ (modify-phases %standard-phases
+ (add-after 'unpack 'chdir-to-source
+ (lambda _ (chdir "source") #t)))))
(synopsis "International Components for Unicode")
(description
"ICU is a set of C/C++ and Java libraries providing Unicode and
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 53ed69a84e..fd2eefab0d 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -65,19 +65,19 @@
(define-public libpng
(package
(name "libpng")
- (replacement libpng/fixed)
- (version "1.6.25")
+ (version "1.6.28")
(source (origin
(method url-fetch)
-
- ;; Note: upstream removes older tarballs.
(uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
version "/libpng-" version ".tar.xz")
(string-append
"ftp://ftp.simplesystems.org/pub/libpng/png/src"
- "/libpng15/libpng-" version ".tar.xz")))
+ "/libpng16/libpng-" version ".tar.xz")
+ (string-append
+ "ftp://ftp.simplesystems.org/pub/libpng/png/src/history"
+ "/libpng16/libpng-" version ".tar.xz")))
(sha256
- (base32 "04c8inn745hw25wz2dc5vll5n5d2gsndj01i4srwzgz8861qvzh9"))))
+ (base32 "0ylgyx93hnk38haqrh8prd3ax5ngzwvjqw5cxw7p9nxmwsfyrlyq"))))
(build-system gnu-build-system)
;; libpng.la says "-lz", so propagate it.
@@ -90,27 +90,20 @@ library. It supports almost all PNG features and is extensible.")
(license license:zlib)
(home-page "http://www.libpng.org/pub/png/libpng.html")))
-(define libpng/fixed
- (package
- (inherit libpng)
- (source
- (origin
- (inherit (package-source libpng))
- (patches (search-patches "libpng-CVE-2016-10087.patch"))))))
-
(define-public libpng-1.2
(package
(inherit libpng)
- (replacement #f)
(version "1.2.57")
(source
(origin
(method url-fetch)
- ;; Note: upstream removes older tarballs.
(uri (list (string-append "mirror://sourceforge/libpng/libpng12/"
version "/libpng-" version ".tar.xz")
(string-append
"ftp://ftp.simplesystems.org/pub/libpng/png/src"
+ "/libpng12/libpng-" version ".tar.xz")
+ (string-append
+ "ftp://ftp.simplesystems.org/pub/libpng/png/src/history"
"/libpng12/libpng-" version ".tar.xz")))
(sha256
(base32 "1n2lrzjkm5jhfg2bs10q398lkwbbx742fi27zgdgx0x23zhj0ihg"))))))
@@ -259,12 +252,27 @@ extracting icontainer icon files.")
(define-public libtiff
(package
(name "libtiff")
- (replacement libtiff/fixed)
(version "4.0.7")
(source (origin
(method url-fetch)
(uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
version ".tar.gz"))
+ (patches (search-patches "libtiff-heap-overflow-tiffcp.patch"
+ "libtiff-null-dereference.patch"
+ "libtiff-heap-overflow-tif-dirread.patch"
+ "libtiff-heap-overflow-pixarlog-luv.patch"
+ "libtiff-divide-by-zero.patch"
+ "libtiff-divide-by-zero-ojpeg.patch"
+ "libtiff-tiffcp-underflow.patch"
+ "libtiff-invalid-read.patch"
+ "libtiff-CVE-2016-10092.patch"
+ "libtiff-heap-overflow-tiffcrop.patch"
+ "libtiff-divide-by-zero-tiffcrop.patch"
+ "libtiff-CVE-2016-10093.patch"
+ "libtiff-divide-by-zero-tiffcp.patch"
+ "libtiff-assertion-failure.patch"
+ "libtiff-CVE-2016-10094.patch"
+ "libtiff-CVE-2017-5225.patch"))
(sha256
(base32
"06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz"))))
@@ -292,29 +300,6 @@ collection of tools for doing simple manipulations of TIFF images.")
"See COPYRIGHT in the distribution."))
(home-page "http://www.simplesystems.org/libtiff/")))
-(define libtiff/fixed
- (package
- (inherit libtiff)
- (source
- (origin
- (inherit (package-source libtiff))
- (patches (search-patches "libtiff-heap-overflow-tiffcp.patch"
- "libtiff-null-dereference.patch"
- "libtiff-heap-overflow-tif-dirread.patch"
- "libtiff-heap-overflow-pixarlog-luv.patch"
- "libtiff-divide-by-zero.patch"
- "libtiff-divide-by-zero-ojpeg.patch"
- "libtiff-tiffcp-underflow.patch"
- "libtiff-invalid-read.patch"
- "libtiff-CVE-2016-10092.patch"
- "libtiff-heap-overflow-tiffcrop.patch"
- "libtiff-divide-by-zero-tiffcrop.patch"
- "libtiff-CVE-2016-10093.patch"
- "libtiff-divide-by-zero-tiffcp.patch"
- "libtiff-assertion-failure.patch"
- "libtiff-CVE-2016-10094.patch"
- "libtiff-CVE-2017-5225.patch"))))))
-
(define-public libwmf
(package
(name "libwmf")
@@ -446,8 +431,7 @@ work.")
(define-public openjpeg
(package
(name "openjpeg")
- (replacement openjpeg-2.1.2)
- (version "2.1.1")
+ (version "2.1.2")
(source
(origin
(method url-fetch)
@@ -457,9 +441,11 @@ work.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "1anv0rjkbxw9kx91wvlfpb3dhppibda6kb1papny46bjzi3pzhl2"))
+ "19yz4g0c45sm8y1z01j9djsrl1mkz3pmw7fykc6hkvrqymp7prsc"))
(patches (search-patches "openjpeg-CVE-2016-5157.patch"
- "openjpeg-CVE-2016-7163.patch"))))
+ "openjpeg-CVE-2016-7163.patch"
+ "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"
+ "openjpeg-CVE-2016-9572-CVE-2016-9573.patch"))))
(build-system cmake-build-system)
(arguments
;; Trying to run `$ make check' results in a no rule fault.
@@ -483,28 +469,9 @@ error-resilience, a Java-viewer for j2k-images, ...")
(home-page "https://github.com/uclouvain/openjpeg")
(license license:bsd-2)))
-(define openjpeg-2.1.2
- (package
- (inherit openjpeg)
- (name "openjpeg")
- (version "2.1.2")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://github.com/uclouvain/openjpeg/archive/v"
- version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
- (sha256
- (base32
- "19yz4g0c45sm8y1z01j9djsrl1mkz3pmw7fykc6hkvrqymp7prsc"))
- (patches
- (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"
- "openjpeg-CVE-2016-9572-CVE-2016-9573.patch"))))))
-
(define-public openjpeg-1
(package (inherit openjpeg)
(name "openjpeg")
- (replacement #f)
(version "1.5.2")
(source
(origin
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index 4359636285..7b90c1436b 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -1165,11 +1165,7 @@ which are used in DBus communication.")
(native-inputs
`(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules)
- ;; extra-cmake-modules forces C89 for all C files for compatibility with
- ;; Windows. Flex 2.6.0 generates a lexer containing a single line
- ;; comment. Single line comments are part of the C99 standard, so the
- ;; lexer won't compile if C89 is used.
- ("flex" ,flex-2.6.1)
+ ("flex" ,flex)
("qttools" ,qttools)))
(inputs
`(("qtbase" ,qtbase)
@@ -2584,11 +2580,7 @@ typed.")
(native-inputs
`(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules)
- ;; extra-cmake-modules forces C89 for all C files for compatibility with
- ;; Windows. Flex 2.6.0 generates a lexer containing a single line
- ;; comment. Single line comments are part of the C99 standard, so the
- ;; lexer won't compile if C89 is used.
- ("flex" ,flex-2.6.1)))
+ ("flex" ,flex)))
(inputs
`(("kcrash" ,kcrash)
("kdbusaddons" ,kdbusaddons)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index b6d25f4a23..9f042bd707 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -42,7 +42,7 @@
(define-public mit-krb5
(package
(name "mit-krb5")
- (version "1.14.3")
+ (version "1.14.4")
(source (origin
(method url-fetch)
(uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
@@ -50,7 +50,7 @@
"/krb5-" version ".tar.gz"))
(sha256
(base32
- "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind"))))
+ "158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3"))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
@@ -78,7 +78,7 @@
(let ((perl (assoc-ref inputs "perl")))
(substitute* "plugins/kdb/db2/libdb2/test/run.test"
(("/bin/cat") (string-append perl "/bin/perl"))
- (("D/bin/sh") (string-append "D" (which "bash")))
+ (("D/bin/sh") (string-append "D" (which "sh")))
(("bindir=/bin/.") (string-append "bindir=" perl "/bin"))))
;; avoid service names since /etc/services is unavailable
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index dd5f7c4067..551fbf7206 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -83,9 +83,9 @@ loop.")
"18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki"))
(patches (search-patches
"libevent-dns-tests.patch"
- "libevent-2.0-evdns-fix-remote-stack-overread.patch"
- "libevent-2.0-evutil-fix-buffer-overflow.patch"
- "libevent-2.0-evdns-fix-searching-empty-hostnames.patch"))))))
+ "libevent-2.0-CVE-2016-10195.patch"
+ "libevent-2.0-CVE-2016-10196.patch"
+ "libevent-2.0-CVE-2016-10197.patch"))))))
(define-public libev
(package
diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index 3af19b1c70..df0ac8b0b4 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -60,9 +61,34 @@ Java libraries.")
(sha256
(base32
"13v8kh4d5nfkymai88zlw3h7k4x9khrpdpv97waf4ah8ykzrxb9g"))))
+ ;; XXX: Make sure to remove the 'create-pkg-config' phase
+ ;; below when this package is updated to >= 0.17.
(inputs
`(("libunistring" ,libunistring)))
(build-system gnu-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-after 'install 'create-pkgconfig-file
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (pkgconfig (string-append out "/lib/pkgconfig")))
+ (mkdir-p pkgconfig)
+ (call-with-output-file (string-append pkgconfig "/libidn2.pc")
+ (lambda (port)
+ (format port "prefix=~a
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: Libidn2
+Description: Library implementing IDNA2008 and TR46
+Version: ~a
+Libs: -L${libdir} -lidn2
+Cflags: -I${includedir}
+"
+ out ,version)))
+ #t))))))
(synopsis "Internationalized domain name library for IDNA2008")
(description "Libidn2 is an internationalized domain library implementing
the IDNA2008 specifications. Libidn2 is believed to be a complete IDNA2008
diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm
index a9779d4ffd..212bec4b49 100644
--- a/gnu/packages/libunistring.scm
+++ b/gnu/packages/libunistring.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
@@ -28,15 +29,15 @@
(define-public libunistring
(package
(name "libunistring")
- (version "0.9.6")
+ (version "0.9.7")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://gnu/libunistring/libunistring-"
- version ".tar.gz"))
+ version ".tar.xz"))
(sha256
(base32
- "0ixxmgpgh2v8ifm6hbwsjxl023myk3dfnj7wnvmqjivza31fw9cn"))))
+ "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf"))))
(propagated-inputs (libiconv-if-needed))
(build-system gnu-build-system)
(arguments
@@ -49,5 +50,5 @@
"GNU libunistring is a library providing functions to manipulate
Unicode strings and for manipulating C strings according to the Unicode
standard.")
- (home-page "http://www.gnu.org/software/libunistring/")
- (license lgpl3+)))
+ (home-page "https://www.gnu.org/software/libunistring/")
+ (license (list lgpl3+ gpl2))))
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 28440297e0..62b1971f02 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -5,7 +5,7 @@
;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017 Alex Kost <alezost@gmail.com>
@@ -17,6 +17,7 @@
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
+;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com>
;;; Copyright © 2016 ng0 <ng0@libertad.pw>
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.com>
@@ -109,6 +110,13 @@
((string-prefix? "alpha" arch) "alpha")
(else arch))))
+(define-public (system->defconfig system)
+ "Some systems (notably powerpc-linux) require a special target for kernel
+defconfig. Return the appropiate make target if applicable, otherwise return
+\"defconfig\"."
+ (cond ((string-prefix? "powerpc-" system) "pmac32_defconfig")
+ (else "defconfig")))
+
(define (linux-libre-urls version)
"Return a list of URLs for Linux-Libre VERSION."
(list (string-append
@@ -128,13 +136,13 @@
(define-public linux-libre-headers
(package
(name "linux-libre-headers")
- (version "4.4.18")
+ (version "4.4.47")
(source (origin
(method url-fetch)
(uri (linux-libre-urls version))
(sha256
(base32
- "0k8k17in7dkjd9d8zg3i8l1ax466dba6bxw28flxizzyq8znljps"))))
+ "00zdq7swhvzbbnnhzizq6m34q5k4fycpcp215bmkbxh1ic76v7bs"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(arguments
@@ -148,11 +156,13 @@
(lambda _
(let ((arch ,(system->linux-architecture
(or (%current-target-system)
- (%current-system)))))
+ (%current-system))))
+ (defconfig ,(system->defconfig
+ (or (%current-target-system)
+ (%current-system)))))
(setenv "ARCH" arch)
(format #t "`ARCH' set to `~a'~%" (getenv "ARCH"))
-
- (and (zero? (system* "make" "defconfig"))
+ (and (zero? (system* "make" defconfig))
(zero? (system* "make" "mrproper" "headers_check"))))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
@@ -475,8 +485,7 @@ providing the system administrator with some help in common tasks.")
(define-public util-linux
(package
(name "util-linux")
- (replacement util-linux/fixed)
- (version "2.28.1")
+ (version "2.29.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/utils/"
@@ -484,7 +493,7 @@ providing the system administrator with some help in common tasks.")
name "-" version ".tar.xz"))
(sha256
(base32
- "03xnaw3c7pavxvvh1vnimcr44hlhhf25whawiyv8dxsflfj4xkiy"))
+ "1qz81w8vzrmy8xn9yx7ls4amkbgwx6vr62pl6kv9g7r0g3ba9kmc"))
(patches (search-patches "util-linux-tests.patch"))
(modules '((guix build utils)))
(snippet
@@ -500,7 +509,7 @@ providing the system administrator with some help in common tasks.")
"static")) ; >2 MiB of static .a libraries
(arguments
`(#:configure-flags (list "--disable-use-tty-group"
-
+ "--enable-fs-paths-default=/run/current-system/profile/sbin"
;; Install completions where our
;; bash-completion package expects them.
(string-append "--with-bashcompletiondir="
@@ -556,17 +565,6 @@ block devices, UUIDs, TTYs, and many other tools.")
(license (list license:gpl3+ license:gpl2+ license:gpl2 license:lgpl2.0+
license:bsd-4 license:public-domain))))
-(define util-linux/fixed
- (package
- (inherit util-linux)
- (source
- (origin
- (inherit (package-source util-linux))
- (patches
- (append
- (origin-patches (package-source util-linux))
- (search-patches "util-linux-CVE-2017-2616.patch")))))))
-
(define-public procps
(package
(name "procps")
@@ -885,7 +883,7 @@ intercept and print the system calls executed by the program.")
(define-public alsa-lib
(package
(name "alsa-lib")
- (version "1.0.27.1")
+ (version "1.1.3")
(source (origin
(method url-fetch)
(uri (string-append
@@ -893,10 +891,9 @@ intercept and print the system calls executed by the program.")
version ".tar.bz2"))
(sha256
(base32
- "0fx057746dj7rjdi0jnvx2m9b0y1lgdkh1hks87d8w32xyihf3k9"))
- (patches (search-patches "alsa-lib-mips-atomic-fix.patch"))))
+ "174n2psp0328xcy2f1ayls67598bxli6q9cf00d2qnac3012aa3i"))))
(build-system gnu-build-system)
- (home-page "http://www.alsa-project.org/")
+ (home-page "https://www.alsa-project.org/")
(synopsis "The Advanced Linux Sound Architecture libraries")
(description
"The Advanced Linux Sound Architecture (ALSA) provides audio and
@@ -1207,7 +1204,7 @@ advanced aspects of IP configuration (iptunnel, ipmaddr).")
(define-public libcap
(package
(name "libcap")
- (version "2.24")
+ (version "2.25")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1215,7 +1212,7 @@ advanced aspects of IP configuration (iptunnel, ipmaddr).")
"libcap2/libcap-" version ".tar.xz"))
(sha256
(base32
- "0rbc9qbqs5bp9am9s9g83wxj5k4ixps2agy9dxr1v1fwg27mdr6f"))))
+ "0qjiqc5pknaal57453nxcbz3mn1r4hkyywam41wfcglq3v2qlg39"))))
(build-system gnu-build-system)
(arguments '(#:phases
(modify-phases %standard-phases
@@ -1709,7 +1706,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.")
(define-public kmod
(package
(name "kmod")
- (version "23")
+ (version "24")
(source (origin
(method url-fetch)
(uri
@@ -1717,7 +1714,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.")
"kmod-" version ".tar.xz"))
(sha256
(base32
- "0mc12sx06p8il1ym3hdmgxxb37apn9yv7xij26gddjdfkx8xa0yk"))
+ "15xkkkzvca9flvkm48gkh8y8f13vlm3sl7nz9ydc7b3jy4fqs2v1"))
(patches (search-patches "kmod-module-directory.patch"))))
(build-system gnu-build-system)
(native-inputs
@@ -1754,7 +1751,7 @@ from the module-init-tools project.")
;; The post-systemd fork, maintained by Gentoo.
(package
(name "eudev")
- (version "3.2")
+ (version "3.2.1")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1762,8 +1759,9 @@ from the module-init-tools project.")
version ".tar.gz"))
(sha256
(base32
- "099w62ncq78nxpxizf910mx18hc8x4qvzw3azjd00fir89wmyjnq"))
- (patches (search-patches "eudev-rules-directory.patch"))))
+ "06gyyl90n85x8i7lfhns514y1kg1ians13l467admyzy3kjxkqsp"))
+ (patches (search-patches "eudev-rules-directory.patch"
+ "eudev-conflicting-declaration.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
@@ -2639,7 +2637,7 @@ Bluetooth audio output devices like headphones or loudspeakers.")
(define-public bluez
(package
(name "bluez")
- (version "5.43")
+ (version "5.44")
(source (origin
(method url-fetch)
(uri (string-append
@@ -2647,7 +2645,7 @@ Bluetooth audio output devices like headphones or loudspeakers.")
version ".tar.xz"))
(sha256
(base32
- "05cdnpz0w2lwq2x5ba87q1h2wgb4lfnpbnbh6p7499hx59fw1j8n"))))
+ "11bc6pndivd0rkqr3c8a1xd9ar9bb60gx79piskycicb3wliwchc"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index e3ab3561cb..c3cb700be2 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -3,7 +3,7 @@
;;; Copyright © 2014 Raimon Grau <raimonster@gmail.com>
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 doncatnip <gnopap@gmail.com>
;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org>
@@ -112,13 +112,13 @@ for configuration, scripting, and rapid prototyping.")
(define-public luajit
(package
(name "luajit")
- (version "2.0.4")
+ (version "2.1.0-beta2")
(source (origin
(method url-fetch)
(uri (string-append "http://luajit.org/download/LuaJIT-"
version ".tar.gz"))
(sha256
- (base32 "0zc0y7p6nx1c0pp4nhgbdgjljpfxsb5kgwp4ysz22l1p2bms83v2"))
+ (base32 "0iyghj1xjlmd9ywa4flf9yszynf3jhbp0yqb9b49k7ab0g528fbi"))
(patches (search-patches "luajit-symlinks.patch"
"luajit-no_ldconfig.patch"))))
(build-system gnu-build-system)
diff --git a/gnu/packages/m4.scm b/gnu/packages/m4.scm
index d1ba928768..3ee8142e7a 100644
--- a/gnu/packages/m4.scm
+++ b/gnu/packages/m4.scm
@@ -26,14 +26,14 @@
(define-public m4
(package
(name "m4")
- (version "1.4.17")
+ (version "1.4.18")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/m4/m4-"
- version ".tar.bz2"))
+ version ".tar.xz"))
(sha256
(base32
- "0w0da1chh12mczxa5lnwzjk9czi3dq6gnnndbpa6w4rj76b1yklf"))))
+ "01sfjd5a4waqw83bibvmn522g69qfqvwig9i2qlgy154l1nfihgj"))))
(build-system gnu-build-system)
(arguments
`(;; Explicitly disable tests when cross-compiling, otherwise 'make check'
@@ -50,7 +50,7 @@
(substitute* (find-files "tests"
"posix_spawn")
(("/bin/sh")
- (format #f "~a/bin/bash" bash)))))
+ (format #f "~a/bin/sh" bash)))))
%standard-phases)))
(synopsis "Macro processor")
(description
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index e5c614cee7..5cc2ac51d9 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -206,7 +207,17 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
("patch" ,patch)
("coreutils" ,coreutils)
("sed" ,sed)
- ("grep" ,grep)
+ ;; We don't want to retain a reference to /gnu/store in the
+ ;; bootstrap versions of egrep/fgrep, so we remove the custom
+ ;; phase added since grep@2.25. The effect is 'egrep' and
+ ;; 'fgrep' look for 'grep' in $PATH.
+ ("grep" ,(package
+ (inherit grep)
+ (arguments
+ (substitute-keyword-arguments (package-arguments grep)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (delete 'fix-egrep-and-fgrep)))))))
("gawk" ,gawk)))
("bash" ,static-bash))))
@@ -416,8 +427,9 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
;; the 'pre-configure phase of our main gcc package, because
;; that shared library is not present in this static gcc. See
;; <https://lists.gnu.org/archive/html/guix-devel/2015-01/msg00008.html>.
- (substitute* (find-files "gcc/config"
- "^gnu-user.*\\.h$")
+ (substitute* (cons "gcc/config/rs6000/sysv4.h"
+ (find-files "gcc/config"
+ "^gnu-user.*\\.h$"))
((" -lgcc_s}}") "}}")))
,phases)))))
(native-inputs
diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm
index 36e35ca00c..b6d2d7f4af 100644
--- a/gnu/packages/multiprecision.scm
+++ b/gnu/packages/multiprecision.scm
@@ -32,7 +32,7 @@
(define-public gmp
(package
(name "gmp")
- (version "6.1.1")
+ (version "6.1.2")
(source (origin
(method url-fetch)
(uri
@@ -40,7 +40,7 @@
version ".tar.xz"))
(sha256
(base32
- "0cg84n482gcvl0s4xq4wgwsk4r0x0m8dnzpizwqdd2j8vw2rqvnk"))
+ "04hrwahdxyqdik559604r7wrj9ffklwvipgfxgj4ys4skbl6bdc7"))
(patches (search-patches "gmp-faulty-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("m4" ,m4)))
@@ -87,13 +87,13 @@ cryptography and computational algebra.")
(define-public mpfr
(package
(name "mpfr")
- (version "3.1.4")
+ (version "3.1.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/mpfr/mpfr-" version
".tar.xz"))
(sha256 (base32
- "1x8pcnpn1vxfzfsr0js07rwhwyq27fmdzcfjpzi5773ldnqi653n"))))
+ "1g32l2fg8f62lcyzzh88y3fsh6rk539qc6ahhdgvx7wpnf1dwpq1"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h>
diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm
index 6949e1e03f..d725a71c0d 100644
--- a/gnu/packages/ncurses.scm
+++ b/gnu/packages/ncurses.scm
@@ -30,6 +30,7 @@
#:use-module (guix build-system perl)
#:use-module (gnu packages)
#:use-module (gnu packages perl)
+ #:use-module (gnu packages pkg-config)
#:use-module (gnu packages swig)
#:use-module (guix utils))
@@ -87,7 +88,7 @@
(let ((out (assoc-ref outputs "out")))
;; When building a wide-character (Unicode) build, create backward
;; compatibility links from the the "normal" libraries to the
- ;; wide-character libraries (e.g. libncurses.so to libncursesw.so).
+ ;; wide-character ones (e.g. libncurses.so to libncursesw.so).
,@(if (target-mingw?)
'( ;; TODO: create .la files to link to the .dll?
(with-directory-excursion (string-append out "/bin")
@@ -116,7 +117,11 @@
(define lib.so.x
(string-append "lib" lib ".so.6"))
(define lib.so
- (string-append "lib" lib ".so")))
+ (string-append "lib" lib ".so"))
+ (define packagew.pc
+ (string-append lib "w.pc"))
+ (define package.pc
+ (string-append lib ".pc")))
'())
(when (file-exists? libw.a)
@@ -127,7 +132,12 @@
(false-if-exception (delete-file lib.so))
(call-with-output-file lib.so
(lambda (p)
- (format p "INPUT (-l~aw)~%" lib))))
+ (format p "INPUT (-l~aw)~%" lib)))
+ (with-directory-excursion "pkgconfig"
+ (format #t "creating symlink for `~a'~%"
+ package.pc)
+ (when (file-exists? packagew.pc)
+ (symlink packagew.pc package.pc))))
'())))
'("curses" "ncurses" "form" "panel" "menu")))))))
`(#:configure-flags
@@ -135,6 +145,11 @@
'quasiquote
`(("--with-shared" "--without-debug" "--enable-widec"
+ "--enable-pc-files"
+ ,(list 'unquote '(string-append "--with-pkg-config-libdir="
+ (assoc-ref %outputs "out")
+ "/lib/pkgconfig"))
+
;; By default headers land in an `ncursesw' subdir, which is not
;; what users expect.
,(list 'unquote '(string-append "--includedir=" (assoc-ref %outputs "out")
@@ -157,6 +172,8 @@
(add-after 'unpack 'remove-unneeded-shebang
,remove-shebang-phase)))))
(self-native-input? #t) ; for `tic'
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
(native-search-paths
(list (search-path-specification
(variable "TERMINFO_DIRS")
diff --git a/gnu/packages/nettle.scm b/gnu/packages/nettle.scm
index d1203dfe75..e4e0eedc05 100644
--- a/gnu/packages/nettle.scm
+++ b/gnu/packages/nettle.scm
@@ -47,7 +47,7 @@
(outputs '("out" "debug"))
(native-inputs `(("m4" ,m4)))
(propagated-inputs `(("gmp" ,gmp)))
- (home-page "http://www.lysator.liu.se/~nisse/nettle/")
+ (home-page "https://www.lysator.liu.se/~nisse/nettle/")
(synopsis "C library for low-level cryptographic functionality")
(description
"GNU Nettle is a low-level cryptographic library. It is designed to
@@ -60,14 +60,14 @@ themselves.")
;; This version is not API-compatible with version 2. In particular, lsh
;; cannot use it yet. So keep it separate.
(package (inherit nettle-2)
- (version "3.2")
+ (version "3.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/nettle/nettle-"
version ".tar.gz"))
(sha256
(base32
- "15wxhk52yc62rx0pddmry66hqm6z5brrrkx4npd3wh9nybg86hpa"))))
+ "07mif3af077763vc35s1x8vzhzlgqcgxh67c1xr13jnhslkjd526"))))
(arguments
(substitute-keyword-arguments (package-arguments nettle-2)
((#:configure-flags flags)
diff --git a/gnu/packages/patches/alsa-lib-mips-atomic-fix.patch b/gnu/packages/patches/alsa-lib-mips-atomic-fix.patch
deleted file mode 100644
index 8c37bd3ac4..0000000000
--- a/gnu/packages/patches/alsa-lib-mips-atomic-fix.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix the declarations of inlined atomic ops for mips.
-
-This patch was copied from Debian.
-
---- alsa-lib/include/iatomic.h.orig 2013-05-21 04:48:28.000000000 -0400
-+++ alsa-lib/include/iatomic.h 2013-10-29 13:01:37.055995968 -0400
-@@ -720,7 +720,7 @@
- * Atomically adds @i to @v. Note that the guaranteed useful range
- * of an atomic_t is only 24 bits.
- */
--extern __inline__ void atomic_add(int i, atomic_t * v)
-+static __inline__ void atomic_add(int i, atomic_t * v)
- {
- unsigned long temp;
-
-@@ -744,7 +744,7 @@
- * Atomically subtracts @i from @v. Note that the guaranteed
- * useful range of an atomic_t is only 24 bits.
- */
--extern __inline__ void atomic_sub(int i, atomic_t * v)
-+static __inline__ void atomic_sub(int i, atomic_t * v)
- {
- unsigned long temp;
-
-@@ -763,7 +763,7 @@
- /*
- * Same as above, but return the result value
- */
--extern __inline__ int atomic_add_return(int i, atomic_t * v)
-+static __inline__ int atomic_add_return(int i, atomic_t * v)
- {
- unsigned long temp, result;
-
-@@ -784,7 +784,7 @@
- return result;
- }
-
--extern __inline__ int atomic_sub_return(int i, atomic_t * v)
-+static __inline__ int atomic_sub_return(int i, atomic_t * v)
- {
- unsigned long temp, result;
-
diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
new file mode 100644
index 0000000000..3f0d35c33e
--- /dev/null
+++ b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
@@ -0,0 +1,15 @@
+Coreutils fails to cross compile for other platforms because cu_install_program
+is not being evaluated properly. This patch fixes it.
+See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html>
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -5023,7 +5023,7 @@ pr = progs-readme
+ @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall
+
+ # Use the just-built 'ginstall', when not cross-compiling.
+-@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@
++@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@
+ info_TEXINFOS = doc/coreutils.texi
+ doc_coreutils_TEXINFOS = \
+ doc/perm.texi \
+
diff --git a/gnu/packages/patches/eudev-conflicting-declaration.patch b/gnu/packages/patches/eudev-conflicting-declaration.patch
new file mode 100644
index 0000000000..f5399e20d3
--- /dev/null
+++ b/gnu/packages/patches/eudev-conflicting-declaration.patch
@@ -0,0 +1,31 @@
+Fix build failure due to conflicting declaration of
+keyboard_lookup_key() in gperf-3.1:
+
+https://bugs.gentoo.org/show_bug.cgi?id=604864
+
+Patch copied from upstream source repository:
+
+https://github.com/gentoo/eudev/commit/5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60
+
+From 5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60 Mon Sep 17 00:00:00 2001
+From: "Anthony G. Basile" <blueness@gentoo.org>
+Date: Thu, 5 Jan 2017 16:21:17 -0500
+Subject: [PATCH] src/udev/udev-builtin-keyboard.c: fix build with gperf 3.1
+
+Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
+---
+ src/udev/udev-builtin-keyboard.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/udev/udev-builtin-keyboard.c b/src/udev/udev-builtin-keyboard.c
+index 73171c3..fad3520 100644
+--- a/src/udev/udev-builtin-keyboard.c
++++ b/src/udev/udev-builtin-keyboard.c
+@@ -28,7 +28,6 @@
+
+ #include "udev.h"
+
+-static const struct key *keyboard_lookup_key(const char *str, unsigned len);
+ #include "keyboard-keys-from-name.h"
+ #include "keyboard-keys-to-name.h"
+
diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch
deleted file mode 100644
index 1f3cb028d4..0000000000
--- a/gnu/packages/patches/flex-CVE-2016-6354.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
-https://security-tracker.debian.org/tracker/CVE-2016-6354
-
-Patch copied from upstream source repository:
-https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
-
-From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
-From: Will Estes <westes575@gmail.com>
-Date: Sat, 27 Feb 2016 11:56:05 -0500
-Subject: [PATCH] Fixed incorrect integer type
-
----
- src/flex.skl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/flex.skl b/src/flex.skl
-index 36a526a..64f853d 100644
---- a/src/flex.skl
-+++ b/src/flex.skl
-@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
-
- else
- {
-- yy_size_t num_to_read =
-+ int num_to_read =
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )
diff --git a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch b/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch
new file mode 100644
index 0000000000..8ebe33bc6c
--- /dev/null
+++ b/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch
@@ -0,0 +1,82 @@
+The first patch is copied from the upstream source repository:
+
+https://cgit.freedesktop.org/fontconfig/commit/?id=1ab5258f7c2abfafcd63a760ca08bf93591912da
+
+The second patch is adapted from a message to from the OpenEmbedded mailing list:
+
+http://lists.openembedded.org/pipermail/openembedded-core/2016-December/130213.html
+
+From 1ab5258f7c2abfafcd63a760ca08bf93591912da Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 14 Dec 2016 16:11:05 -0800
+Subject: Avoid conflicts with integer width macros from TS 18661-1:2014
+
+glibc 2.25+ has now defined these macros in <limits.h>
+https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a
+
+Create an alias for FC_CHAR_WIDTH for ABI compatibility
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+diff --git a/fontconfig/fontconfig.h b/fontconfig/fontconfig.h
+index 5c72b22..070a557 100644
+--- a/fontconfig/fontconfig.h
++++ b/fontconfig/fontconfig.h
+@@ -128,7 +128,8 @@ typedef int FcBool;
+ #define FC_USER_CACHE_FILE ".fonts.cache-" FC_CACHE_VERSION
+
+ /* Adjust outline rasterizer */
+-#define FC_CHAR_WIDTH "charwidth" /* Int */
++#define FC_CHARWIDTH "charwidth" /* Int */
++#define FC_CHAR_WIDTH FC_CHARWIDTH
+ #define FC_CHAR_HEIGHT "charheight"/* Int */
+ #define FC_MATRIX "matrix" /* FcMatrix */
+
+diff --git a/src/fcobjs.h b/src/fcobjs.h
+index 1fc4f65..d27864b 100644
+--- a/src/fcobjs.h
++++ b/src/fcobjs.h
+@@ -51,7 +51,7 @@ FC_OBJECT (DPI, FcTypeDouble, NULL)
+ FC_OBJECT (RGBA, FcTypeInteger, NULL)
+ FC_OBJECT (SCALE, FcTypeDouble, NULL)
+ FC_OBJECT (MINSPACE, FcTypeBool, NULL)
+-FC_OBJECT (CHAR_WIDTH, FcTypeInteger, NULL)
++FC_OBJECT (CHARWIDTH, FcTypeInteger, NULL)
+ FC_OBJECT (CHAR_HEIGHT, FcTypeInteger, NULL)
+ FC_OBJECT (MATRIX, FcTypeMatrix, NULL)
+ FC_OBJECT (CHARSET, FcTypeCharSet, FcCompareCharSet)
+--
+cgit v0.10.2
+
+From 20cddc824c6501c2082cac41b162c34cd5fcc530 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem at gmail.com>
+Date: Sun, 11 Dec 2016 14:32:00 -0800
+Subject: [PATCH] Avoid conflicts with integer width macros from TS
+ 18661-1:2014
+
+glibc 2.25+ has now defined these macros in <limits.h>
+https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a
+
+Signed-off-by: Khem Raj <raj.khem at gmail.com>
+---
+Upstream-Status: Submitted
+
+ fontconfig/fontconfig.h | 2 +-
+ src/fcobjs.h | 2 +-
+ src/fcobjshash.gperf | 2 +-
+ src/fcobjshash.h | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+Index: fontconfig-2.12.1/src/fcobjshash.h
+===================================================================
+--- fontconfig-2.12.1.orig/src/fcobjshash.h
++++ fontconfig-2.12.1/src/fcobjshash.h
+@@ -284,7 +284,7 @@ FcObjectTypeLookup (register const char
+ {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str43,FC_CHARSET_OBJECT},
+ {-1},
+ #line 47 "fcobjshash.gperf"
+- {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHAR_WIDTH_OBJECT},
++ {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHARWIDTH_OBJECT},
+ #line 48 "fcobjshash.gperf"
+ {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str46,FC_CHAR_HEIGHT_OBJECT},
+ #line 55 "fcobjshash.gperf"
diff --git a/gnu/packages/patches/fontconfig-path-max.patch b/gnu/packages/patches/fontconfig-path-max.patch
new file mode 100644
index 0000000000..e12f60ef00
--- /dev/null
+++ b/gnu/packages/patches/fontconfig-path-max.patch
@@ -0,0 +1,124 @@
+This patch fix the build on GNU/Hurd, due to PATH_MAX isn't defined.
+
+The patch was adapted from upstream source repository:
+'<https://cgit.freedesktop.org/fontconfig/commit/?id=abdb6d658e1a16410dd1c964e365a3ebd5039e7c>'
+Commit: abdb6d658e1a16410dd1c964e365a3ebd5039e7c
+
+---
+ src/fcdefault.c | 34 +++++++++++++++++++++++++++-------
+ src/fcint.h | 6 ++++++
+ src/fcstat.c | 12 +++++++++++-
+ 3 files changed, 44 insertions(+), 8 deletions(-)
+
+diff --git a/src/fcdefault.c b/src/fcdefault.c
+index 6647a8f..5afd7ec 100644
+--- a/src/fcdefault.c
++++ b/src/fcdefault.c
+@@ -148,17 +148,34 @@ retry:
+ prgname = FcStrdup ("");
+ #else
+ # if defined (HAVE_GETEXECNAME)
+- const char *p = getexecname ();
++ char *p = FcStrdup(getexecname ());
+ # elif defined (HAVE_READLINK)
+- char buf[PATH_MAX + 1];
+- int len;
++ size_t size = FC_PATH_MAX;
+ char *p = NULL;
+
+- len = readlink ("/proc/self/exe", buf, sizeof (buf) - 1);
+- if (len != -1)
++ while (1)
+ {
+- buf[len] = '\0';
+- p = buf;
++ char *buf = malloc (size);
++ ssize_t len;
++
++ if (!buf)
++ break;
++
++ len = readlink ("/proc/self/exe", buf, size - 1);
++ if (len < 0)
++ {
++ free (buf);
++ break;
++ }
++ if (len < size - 1)
++ {
++ buf[len] = 0;
++ p = buf;
++ break;
++ }
++
++ free (buf);
++ size *= 2;
+ }
+ # else
+ char *p = NULL;
+@@ -176,6 +193,9 @@ retry:
+
+ if (!prgname)
+ prgname = FcStrdup ("");
++
++ if (p)
++ free (p);
+ #endif
+
+ if (!fc_atomic_ptr_cmpexch (&default_prgname, NULL, prgname)) {
+diff --git a/src/fcint.h b/src/fcint.h
+index ac911ad..dad34c5 100644
+--- a/src/fcint.h
++++ b/src/fcint.h
+@@ -70,6 +70,12 @@ extern pfnSHGetFolderPathA pSHGetFolderPathA;
+ # define FC_DIR_SEPARATOR_S "/"
+ #endif
+
++#ifdef PATH_MAX
++#define FC_PATH_MAX PATH_MAX
++#else
++#define FC_PATH_MAX 128
++#endif
++
+ #if __GNUC__ >= 4
+ #define FC_UNUSED __attribute__((unused))
+ #else
+diff --git a/src/fcstat.c b/src/fcstat.c
+index 1734fa4..f6e1aaa 100644
+--- a/src/fcstat.c
++++ b/src/fcstat.c
+@@ -278,8 +278,13 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum)
+ {
+ #endif
+ struct stat statb;
+- char f[PATH_MAX + 1];
++ char *f = malloc (len + 1 + dlen + 1);
+
++ if (!f)
++ {
++ ret = -1;
++ goto bail;
++ }
+ memcpy (f, dir, len);
+ f[len] = FC_DIR_SEPARATOR;
+ memcpy (&f[len + 1], files[n]->d_name, dlen);
+@@ -287,11 +292,16 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum)
+ if (lstat (f, &statb) < 0)
+ {
+ ret = -1;
++ free (f);
+ goto bail;
+ }
+ if (S_ISDIR (statb.st_mode))
++ {
++ free (f);
+ goto bail;
++ }
+
++ free (f);
+ dtype = statb.st_mode;
+ #ifdef HAVE_STRUCT_DIRENT_D_TYPE
+ }
+--
+2.11.0
+
diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-1.patch b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch
new file mode 100644
index 0000000000..8c94a026b3
--- /dev/null
+++ b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch
@@ -0,0 +1,190 @@
+Make GCC respect SOURCE_DATE_EPOCH in __DATE__ and __TIME__ macros.
+
+Patch adapted from upstream source repository:
+
+https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934
+
+From e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934 Mon Sep 17 00:00:00 2001
+From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Thu, 28 Apr 2016 09:12:05 +0000
+Subject: [PATCH] gcc/c-family/ChangeLog:
+
+diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
+index 1bf5d080034..6f0898a38d7 100644
+--- a/gcc/c-family/c-common.c
++++ b/gcc/c-family/c-common.c
+@@ -12318,4 +12318,37 @@ pointer_to_zero_sized_aggr_p (tree t)
+ return (TYPE_SIZE (t) && integer_zerop (TYPE_SIZE (t)));
+ }
+
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++ timestamp to replace embedded current dates to get reproducible
++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++time_t
++get_source_date_epoch ()
++{
++ char *source_date_epoch;
++ long long epoch;
++ char *endptr;
++
++ source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
++ if (!source_date_epoch)
++ return (time_t) -1;
++
++ errno = 0;
++ epoch = strtoll (source_date_epoch, &endptr, 10);
++ if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN))
++ || (errno != 0 && epoch == 0))
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "strtoll: %s\n", xstrerror(errno));
++ if (endptr == source_date_epoch)
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "no digits were found: %s\n", endptr);
++ if (*endptr != '\0')
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "trailing garbage: %s\n", endptr);
++ if (epoch < 0)
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "value must be nonnegative: %lld \n", epoch);
++
++ return (time_t) epoch;
++}
++
+ #include "gt-c-family-c-common.h"
+diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h
+index fdb227f85c3..ba0a5d7df50 100644
+--- a/gcc/c-family/c-common.h
++++ b/gcc/c-family/c-common.h
+@@ -1437,4 +1437,10 @@ extern bool contains_cilk_spawn_stmt (tree);
+ extern tree cilk_for_number_of_iterations (tree);
+ extern bool check_no_cilk (tree, const char *, const char *,
+ location_t loc = UNKNOWN_LOCATION);
++
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++ timestamp to replace embedded current dates to get reproducible
++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++extern time_t get_source_date_epoch (void);
++
+ #endif /* ! GCC_C_COMMON_H */
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+index bb55be8063e..e68471b9d2b 100644
+--- a/gcc/c-family/c-lex.c
++++ b/gcc/c-family/c-lex.c
+@@ -402,6 +402,9 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags,
+ enum cpp_ttype type;
+ unsigned char add_flags = 0;
+ enum overflow_type overflow = OT_NONE;
++ time_t source_date_epoch = get_source_date_epoch ();
++
++ cpp_init_source_date_epoch (parse_in, source_date_epoch);
+
+ timevar_push (TV_CPP);
+ retry:
+diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi
+index 100811dc637..3b5317beb53 100644
+--- a/gcc/doc/cppenv.texi
++++ b/gcc/doc/cppenv.texi
+@@ -79,4 +79,21 @@ main input file is omitted.
+ @ifclear cppmanual
+ @xref{Preprocessor Options}.
+ @end ifclear
++
++@item SOURCE_DATE_EPOCH
++
++If this variable is set, its value specifies a UNIX timestamp to be
++used in replacement of the current date and time in the @code{__DATE__}
++and @code{__TIME__} macros, so that the embedded timestamps become
++reproducible.
++
++The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp,
++defined as the number of seconds (excluding leap seconds) since
++01 Jan 1970 00:00:00 represented in ASCII, identical to the output of
++@samp{@command{date +%s}}.
++
++The value should be a known timestamp such as the last modification
++time of the source or package and it should be set by the build
++process.
++
+ @end vtable
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 1b731d1a3ad..7a5481219be 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -775,6 +775,9 @@ extern void cpp_init_special_builtins (cpp_reader *);
+ /* Set up built-ins like __FILE__. */
+ extern void cpp_init_builtins (cpp_reader *, int);
+
++/* Initialize the source_date_epoch value. */
++extern void cpp_init_source_date_epoch (cpp_reader *, time_t);
++
+ /* This is called after options have been parsed, and partially
+ processed. */
+ extern void cpp_post_options (cpp_reader *);
+diff --git a/libcpp/init.c b/libcpp/init.c
+index 45a4d13ffa3..a8d00f4628b 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -530,6 +530,13 @@ cpp_init_builtins (cpp_reader *pfile, int hosted)
+ _cpp_define_builtin (pfile, "__OBJC__ 1");
+ }
+
++/* Initialize the source_date_epoch value. */
++void
++cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch)
++{
++ pfile->source_date_epoch = source_date_epoch;
++}
++
+ /* Sanity-checks are dependent on command-line options, so it is
+ called as a subroutine of cpp_read_main_file (). */
+ #if ENABLE_CHECKING
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index c2d08168945..8507eba1747 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -502,6 +502,10 @@ struct cpp_reader
+ const unsigned char *date;
+ const unsigned char *time;
+
++ /* Externally set timestamp to replace current date and time useful for
++ reproducibility. */
++ time_t source_date_epoch;
++
+ /* EOF token, and a token forcing paste avoidance. */
+ cpp_token avoid_paste;
+ cpp_token eof;
+diff --git a/libcpp/macro.c b/libcpp/macro.c
+index eb32a6f8c98..3f3b278e97d 100644
+--- a/libcpp/macro.c
++++ b/libcpp/macro.c
+@@ -350,13 +350,20 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node)
+ time_t tt;
+ struct tm *tb = NULL;
+
+- /* (time_t) -1 is a legitimate value for "number of seconds
+- since the Epoch", so we have to do a little dance to
+- distinguish that from a genuine error. */
+- errno = 0;
+- tt = time(NULL);
+- if (tt != (time_t)-1 || errno == 0)
+- tb = localtime (&tt);
++ /* Set a reproducible timestamp for __DATE__ and __TIME__ macro
++ usage if SOURCE_DATE_EPOCH is defined. */
++ if (pfile->source_date_epoch != (time_t) -1)
++ tb = gmtime (&pfile->source_date_epoch);
++ else
++ {
++ /* (time_t) -1 is a legitimate value for "number of seconds
++ since the Epoch", so we have to do a little dance to
++ distinguish that from a genuine error. */
++ errno = 0;
++ tt = time (NULL);
++ if (tt != (time_t)-1 || errno == 0)
++ tb = localtime (&tt);
++ }
+
+ if (tb)
+ {
+--
+2.11.0
+
diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-2.patch b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch
new file mode 100644
index 0000000000..ed2580679a
--- /dev/null
+++ b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch
@@ -0,0 +1,353 @@
+Continuation of the SOURCE_DATE_EPOCH patch.
+
+Patch adapted from upstream source repository:
+
+https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c
+
+From dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c Mon Sep 17 00:00:00 2001
+From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Wed, 1 Jun 2016 16:42:41 +0000
+Subject: [PATCH] gcc/c-family/ChangeLog:
+
+diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
+index 6f0898a38d7..efbc78ef218 100644
+--- a/gcc/c-family/c-common.c
++++ b/gcc/c-family/c-common.c
+@@ -12321,8 +12321,9 @@ pointer_to_zero_sized_aggr_p (tree t)
+ /* Read SOURCE_DATE_EPOCH from environment to have a deterministic
+ timestamp to replace embedded current dates to get reproducible
+ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++
+ time_t
+-get_source_date_epoch ()
++cb_get_source_date_epoch (cpp_reader *pfile ATTRIBUTE_UNUSED)
+ {
+ char *source_date_epoch;
+ long long epoch;
+@@ -12334,19 +12335,14 @@ get_source_date_epoch ()
+
+ errno = 0;
+ epoch = strtoll (source_date_epoch, &endptr, 10);
+- if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN))
+- || (errno != 0 && epoch == 0))
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "strtoll: %s\n", xstrerror(errno));
+- if (endptr == source_date_epoch)
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "no digits were found: %s\n", endptr);
+- if (*endptr != '\0')
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "trailing garbage: %s\n", endptr);
+- if (epoch < 0)
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "value must be nonnegative: %lld \n", epoch);
++ if (errno != 0 || endptr == source_date_epoch || *endptr != '\0'
++ || epoch < 0 || epoch > MAX_SOURCE_DATE_EPOCH)
++ {
++ error_at (input_location, "environment variable SOURCE_DATE_EPOCH must "
++ "expand to a non-negative integer less than or equal to %wd",
++ MAX_SOURCE_DATE_EPOCH);
++ return (time_t) -1;
++ }
+
+ return (time_t) epoch;
+ }
+diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h
+index ba0a5d7df50..977ae9df5ea 100644
+--- a/gcc/c-family/c-common.h
++++ b/gcc/c-family/c-common.h
+@@ -1063,6 +1063,16 @@ extern vec<tree, va_gc> *make_tree_vector_copy (const vec<tree, va_gc> *);
+ c_register_builtin_type. */
+ extern GTY(()) tree registered_builtin_types;
+
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++ timestamp to replace embedded current dates to get reproducible
++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++extern time_t cb_get_source_date_epoch (cpp_reader *pfile);
++
++/* The value (as a unix timestamp) corresponds to date
++ "Dec 31 9999 23:59:59 UTC", which is the latest date that __DATE__ and
++ __TIME__ can store. */
++#define MAX_SOURCE_DATE_EPOCH HOST_WIDE_INT_C (253402300799)
++
+ /* In c-gimplify.c */
+ extern void c_genericize (tree);
+ extern int c_gimplify_expr (tree *, gimple_seq *, gimple_seq *);
+@@ -1438,9 +1448,4 @@ extern tree cilk_for_number_of_iterations (tree);
+ extern bool check_no_cilk (tree, const char *, const char *,
+ location_t loc = UNKNOWN_LOCATION);
+
+-/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
+- timestamp to replace embedded current dates to get reproducible
+- results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
+-extern time_t get_source_date_epoch (void);
+-
+ #endif /* ! GCC_C_COMMON_H */
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+index e68471b9d2b..3f78073f640 100644
+--- a/gcc/c-family/c-lex.c
++++ b/gcc/c-family/c-lex.c
+@@ -97,6 +97,7 @@ init_c_lex (void)
+ cb->valid_pch = c_common_valid_pch;
+ cb->read_pch = c_common_read_pch;
+ cb->has_attribute = c_common_has_attribute;
++ cb->get_source_date_epoch = cb_get_source_date_epoch;
+
+ /* Set the debug callbacks if we can use them. */
+ if ((debug_info_level == DINFO_LEVEL_VERBOSE
+@@ -402,9 +403,6 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags,
+ enum cpp_ttype type;
+ unsigned char add_flags = 0;
+ enum overflow_type overflow = OT_NONE;
+- time_t source_date_epoch = get_source_date_epoch ();
+-
+- cpp_init_source_date_epoch (parse_in, source_date_epoch);
+
+ timevar_push (TV_CPP);
+ retry:
+diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi
+index 3b5317beb53..7b4cf6adc11 100644
+--- a/gcc/doc/cppenv.texi
++++ b/gcc/doc/cppenv.texi
+@@ -81,7 +81,6 @@ main input file is omitted.
+ @end ifclear
+
+ @item SOURCE_DATE_EPOCH
+-
+ If this variable is set, its value specifies a UNIX timestamp to be
+ used in replacement of the current date and time in the @code{__DATE__}
+ and @code{__TIME__} macros, so that the embedded timestamps become
+@@ -89,8 +88,9 @@ reproducible.
+
+ The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp,
+ defined as the number of seconds (excluding leap seconds) since
+-01 Jan 1970 00:00:00 represented in ASCII, identical to the output of
+-@samp{@command{date +%s}}.
++01 Jan 1970 00:00:00 represented in ASCII; identical to the output of
++@samp{@command{date +%s}} on GNU/Linux and other systems that support the
++@code{%s} extension in the @code{date} command.
+
+ The value should be a known timestamp such as the last modification
+ time of the source or package and it should be set by the build
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index d956c36b151..2709f295734 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -3328,6 +3328,29 @@ save_switch (const char *opt, size_t n_args, const char *const *args,
+ n_switches++;
+ }
+
++/* Set the SOURCE_DATE_EPOCH environment variable to the current time if it is
++ not set already. */
++
++static void
++set_source_date_epoch_envvar ()
++{
++ /* Array size is 21 = ceil(log_10(2^64)) + 1 to hold string representations
++ of 64 bit integers. */
++ char source_date_epoch[21];
++ time_t tt;
++
++ errno = 0;
++ tt = time (NULL);
++ if (tt < (time_t) 0 || errno != 0)
++ tt = (time_t) 0;
++
++ snprintf (source_date_epoch, 21, "%llu", (unsigned long long) tt);
++ /* Using setenv instead of xputenv because we want the variable to remain
++ after finalizing so that it's still set in the second run when using
++ -fcompare-debug. */
++ setenv ("SOURCE_DATE_EPOCH", source_date_epoch, 0);
++}
++
+ /* Handle an option DECODED that is unknown to the option-processing
+ machinery. */
+
+@@ -3628,6 +3651,7 @@ driver_handle_option (struct gcc_options *opts,
+ else
+ compare_debug_opt = arg;
+ save_switch (compare_debug_replacement_opt, 0, NULL, validated, true);
++ set_source_date_epoch_envvar ();
+ return true;
+
+ case OPT_fdiagnostics_color_:
+diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c
+new file mode 100644
+index 00000000000..f6aa1a360ff
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c
+@@ -0,0 +1,11 @@
++/* { dg-do run } */
++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "630333296" } */
++
++int
++main(void)
++{
++ __builtin_printf ("%s %s\n", __DATE__, __TIME__);
++ return 0;
++}
++
++/* { dg-output "^Dec 22 1989 12:34:56\n$" } */
+diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c
+new file mode 100644
+index 00000000000..ae18362ae87
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c
+@@ -0,0 +1,12 @@
++/* { dg-do compile } */
++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "AAA" } */
++
++/* Make sure that SOURCE_DATE_EPOCH is only parsed once */
++
++int
++main(void)
++{
++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); /* { dg-error "SOURCE_DATE_EPOCH must expand" } */
++ __builtin_printf ("%s %s\n", __DATE__, __TIME__);
++ return 0;
++}
+diff --git a/gcc/testsuite/lib/gcc-dg.exp b/gcc/testsuite/lib/gcc-dg.exp
+index 4fa433d9954..7656b2254a1 100644
+--- a/gcc/testsuite/lib/gcc-dg.exp
++++ b/gcc/testsuite/lib/gcc-dg.exp
+@@ -324,6 +324,38 @@ proc restore-target-env-var { } {
+ }
+ }
+
++proc dg-set-compiler-env-var { args } {
++ global set_compiler_env_var
++ global saved_compiler_env_var
++ if { [llength $args] != 3 } {
++ error "dg-set-compiler-env-var: need two arguments"
++ return
++ }
++ set var [lindex $args 1]
++ set value [lindex $args 2]
++ if [info exists ::env($var)] {
++ lappend saved_compiler_env_var [list $var 1 $::env($var)]
++ } else {
++ lappend saved_compiler_env_var [list $var 0]
++ }
++ setenv $var $value
++ lappend set_compiler_env_var [list $var $value]
++}
++
++proc restore-compiler-env-var { } {
++ global saved_compiler_env_var
++ for { set env_vari [llength $saved_compiler_env_var] } {
++ [incr env_vari -1] >= 0 } {} {
++ set env_var [lindex $saved_compiler_env_var $env_vari]
++ set var [lindex $env_var 0]
++ if [lindex $env_var 1] {
++ setenv $var [lindex $env_var 2]
++ } else {
++ unsetenv $var
++ }
++ }
++}
++
+ # Utility routines.
+
+ #
+@@ -785,6 +817,11 @@ if { [info procs saved-dg-test] == [list] } {
+ if [info exists set_target_env_var] {
+ unset set_target_env_var
+ }
++ if [info exists set_compiler_env_var] {
++ restore-compiler-env-var
++ unset set_compiler_env_var
++ unset saved_compiler_env_var
++ }
+ unset_timeout_vars
+ if [info exists compiler_conditional_xfail_data] {
+ unset compiler_conditional_xfail_data
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 7a5481219be..867aeebc39f 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -585,6 +585,9 @@ struct cpp_callbacks
+
+ /* Callback that can change a user builtin into normal macro. */
+ bool (*user_builtin_macro) (cpp_reader *, cpp_hashnode *);
++
++ /* Callback to parse SOURCE_DATE_EPOCH from environment. */
++ time_t (*get_source_date_epoch) (cpp_reader *);
+ };
+
+ #ifdef VMS
+@@ -775,9 +778,6 @@ extern void cpp_init_special_builtins (cpp_reader *);
+ /* Set up built-ins like __FILE__. */
+ extern void cpp_init_builtins (cpp_reader *, int);
+
+-/* Initialize the source_date_epoch value. */
+-extern void cpp_init_source_date_epoch (cpp_reader *, time_t);
+-
+ /* This is called after options have been parsed, and partially
+ processed. */
+ extern void cpp_post_options (cpp_reader *);
+diff --git a/libcpp/init.c b/libcpp/init.c
+index a8d00f4628b..61c9bbbf945 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -254,6 +254,9 @@ cpp_create_reader (enum c_lang lang, cpp_hash_table *table,
+ /* Do not force token locations by default. */
+ pfile->forced_token_location_p = NULL;
+
++ /* Initialize source_date_epoch to -2 (not yet set). */
++ pfile->source_date_epoch = (time_t) -2;
++
+ /* The expression parser stack. */
+ _cpp_expand_op_stack (pfile);
+
+@@ -530,13 +533,6 @@ cpp_init_builtins (cpp_reader *pfile, int hosted)
+ _cpp_define_builtin (pfile, "__OBJC__ 1");
+ }
+
+-/* Initialize the source_date_epoch value. */
+-void
+-cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch)
+-{
+- pfile->source_date_epoch = source_date_epoch;
+-}
+-
+ /* Sanity-checks are dependent on command-line options, so it is
+ called as a subroutine of cpp_read_main_file (). */
+ #if ENABLE_CHECKING
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index 8507eba1747..226ae328e76 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -503,7 +503,8 @@ struct cpp_reader
+ const unsigned char *time;
+
+ /* Externally set timestamp to replace current date and time useful for
+- reproducibility. */
++ reproducibility. It should be initialized to -2 (not yet set) and
++ set to -1 to disable it or to a non-negative value to enable it. */
+ time_t source_date_epoch;
+
+ /* EOF token, and a token forcing paste avoidance. */
+diff --git a/libcpp/macro.c b/libcpp/macro.c
+index 3f3b278e97d..756c7c6e0c6 100644
+--- a/libcpp/macro.c
++++ b/libcpp/macro.c
+@@ -351,9 +351,13 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node)
+ struct tm *tb = NULL;
+
+ /* Set a reproducible timestamp for __DATE__ and __TIME__ macro
+- usage if SOURCE_DATE_EPOCH is defined. */
+- if (pfile->source_date_epoch != (time_t) -1)
+- tb = gmtime (&pfile->source_date_epoch);
++ if SOURCE_DATE_EPOCH is defined. */
++ if (pfile->source_date_epoch == (time_t) -2
++ && pfile->cb.get_source_date_epoch != NULL)
++ pfile->source_date_epoch = pfile->cb.get_source_date_epoch (pfile);
++
++ if (pfile->source_date_epoch >= (time_t) 0)
++ tb = gmtime (&pfile->source_date_epoch);
+ else
+ {
+ /* (time_t) -1 is a legitimate value for "number of seconds
+--
+2.11.0
+
diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch
new file mode 100644
index 0000000000..a612c9e00e
--- /dev/null
+++ b/gnu/packages/patches/gcc-libiberty-printf-decl.patch
@@ -0,0 +1,28 @@
+This patch makes the exeception specifier of libiberty's 'asprintf'
+and 'vasprintf' declarations match those of glibc to work around the
+problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>.
+
+The problem in part stems from the fact that libiberty is configured
+without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1
+is configured and built with _GNU_SOURCE, hence the conflicting declarations.
+
+--- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200
++++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200
+@@ -625,7 +625,7 @@ extern int pwait (int, int *, int);
+ /* Like sprintf but provides a pointer to malloc'd storage, which must
+ be freed by the caller. */
+
+-extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2;
++extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2;
+ #endif
+
+ /* Like asprintf but allocates memory without fail. This works like
+@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, ..
+ /* Like vsprintf but provides a pointer to malloc'd storage, which
+ must be freed by the caller. */
+
+-extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0);
++extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0);
+ #endif
+
+ /* Like vasprintf but allocates memory without fail. This works like
diff --git a/gnu/packages/patches/gd-CVE-2016-7568.patch b/gnu/packages/patches/gd-CVE-2016-7568.patch
deleted file mode 100644
index 6a1a63296c..0000000000
--- a/gnu/packages/patches/gd-CVE-2016-7568.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fix CVE-2016-7568 (integer overflow in gdImageWebpCtx()):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f
-
-From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001
-From: trylab <trylab@users.noreply.github.com>
-Date: Tue, 6 Sep 2016 18:35:32 +0800
-Subject: [PATCH] Fix integer overflow in gdImageWebpCtx
-
-Integer overflow can be happened in expression gdImageSX(im) * 4 *
-gdImageSY(im). It could lead to heap buffer overflow in the following
-code. This issue has been reported to the PHP Bug Tracking System. The
-proof-of-concept file will be supplied some days later. This issue was
-discovered by Ke Liu of Tencent's Xuanwu LAB.
----
- src/gd_webp.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/gd_webp.c b/src/gd_webp.c
-index 8eb4dee..9886399 100644
---- a/src/gd_webp.c
-+++ b/src/gd_webp.c
-@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
- quality = 80;
- }
-
-+ if (overflow2(gdImageSX(im), 4)) {
-+ return;
-+ }
-+
-+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
-+ return;
-+ }
-+
- argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
- if (!argb) {
- return;
---
-2.10.0
-
diff --git a/gnu/packages/patches/gd-CVE-2016-8670.patch b/gnu/packages/patches/gd-CVE-2016-8670.patch
deleted file mode 100644
index 39ee99ac31..0000000000
--- a/gnu/packages/patches/gd-CVE-2016-8670.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Fix CVE-2016-8670 (buffer overflow in dynamicGetbuf()):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670
-http://seclists.org/oss-sec/2016/q4/138
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
-
-From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 12 Oct 2016 11:15:32 +0200
-Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion
-
-We make sure to never pass a negative `rlen` as size to memcpy(). See
-also <https://bugs.php.net/bug.php?id=73280>.
-
-Patch provided by Emmanuel Law.
----
- src/gd_io_dp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
-index 135eda3..228bfa5 100644
---- a/src/gd_io_dp.c
-+++ b/src/gd_io_dp.c
-@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
- if(remain >= len) {
- rlen = len;
- } else {
-- if(remain == 0) {
-+ if(remain <= 0) {
- /* 2.0.34: EOF is incorrect. We use 0 for
- * errors and EOF, just like fileGetbuf,
- * which is a simple fread() wrapper.
---
-2.10.1
-
diff --git a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch b/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch
deleted file mode 100644
index e395c66d89..0000000000
--- a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-This fixes PHP bug #73155: https://bugs.php.net/bug.php?id=73155
-
-Patch adapted from upstream source repository:
-
-https://github.com/libgd/libgd/commit/8067a8ac336dfe0acbe96ec2eb24572209a7f279
-
-(.gitignore change removed)
-
-From 8067a8ac336dfe0acbe96ec2eb24572209a7f279 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Fri, 23 Sep 2016 18:29:52 +0200
-Subject: [PATCH] Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries
-
-(cherry picked from commit bb1998a16e30d542ab22eba5501911a9aa066edb)
----
- src/gd_gd2.c | 4 ++--
- tests/gd2/CMakeLists.txt | 1 +
- tests/gd2/Makemodule.am | 1 +
- tests/gd2/bug00309.c | 37 +++++++++++++++++++++++++++++++++++++
- 4 files changed, 41 insertions(+), 2 deletions(-)
- create mode 100644 tests/gd2/bug00309.c
-
-diff --git a/src/gd_gd2.c b/src/gd_gd2.c
-index 75e5e1f..b9b2f93 100644
---- a/src/gd_gd2.c
-+++ b/src/gd_gd2.c
-@@ -938,8 +938,8 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
- };
-
- /* Work out number of chunks. */
-- ncx = im->sx / cs + 1;
-- ncy = im->sy / cs + 1;
-+ ncx = (im->sx + cs - 1) / cs;
-+ ncy = (im->sy + cs - 1) / cs;
-
- /* Write the standard header. */
- _gd2PutHeader (im, out, cs, fmt, ncx, ncy);
-diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt
-index 3b650ad..247b466 100644
---- a/tests/gd2/CMakeLists.txt
-+++ b/tests/gd2/CMakeLists.txt
-@@ -1,5 +1,6 @@
- SET(TESTS_FILES
- bug_289
-+ bug00309
- gd2_empty_file
- gd2_im2im
- gd2_null
-diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am
-index b8ee946..d69aee0 100644
---- a/tests/gd2/Makemodule.am
-+++ b/tests/gd2/Makemodule.am
-@@ -1,5 +1,6 @@
- libgd_test_programs += \
- gd2/bug_289 \
-+ gd2/bug00309 \
- gd2/gd2_empty_file \
- gd2/php_bug_72339 \
- gd2/gd2_read_corrupt
-diff --git a/tests/gd2/bug00309.c b/tests/gd2/bug00309.c
-new file mode 100644
-index 0000000..b649cdc
---- /dev/null
-+++ b/tests/gd2/bug00309.c
-@@ -0,0 +1,37 @@
-+/**
-+ * Regression test for <https://github.com/libgd/libgd/issues/309>.
-+ *
-+ * We test that an image with 64x64 pixels reports only a single chunk in the
-+ * GD2 image header when the chunk size is 64.
-+ */
-+
-+
-+#include "gd.h"
-+#include "gdtest.h"
-+
-+
-+int main()
-+{
-+ gdImagePtr im;
-+ unsigned char *buf;
-+ int size, word;
-+
-+ im = gdImageCreate(64, 64);
-+ gdImageColorAllocate(im, 0, 0, 0);
-+
-+ buf = gdImageGd2Ptr(im, 64, 1, &size);
-+
-+ gdImageDestroy(im);
-+
-+ word = buf[10] << 8 | buf[11];
-+ gdTestAssertMsg(word == 64, "chunk size is %d, but expected 64\n", word);
-+ word = buf[14] << 8 | buf[15];
-+ gdTestAssertMsg(word == 1, "x chunk count is %d, but expected 1\n", word);
-+ word = buf[16] << 8 | buf[17];
-+ gdTestAssertMsg(word == 1, "y chunk count is %d, but expected 1\n", word);
-+ gdTestAssertMsg(size == 5145, "file size is %d, but expected 5145\n", size);
-+
-+ gdFree(buf);
-+
-+ return gdNumFailures();
-+}
diff --git a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch b/gnu/packages/patches/gd-fix-truecolor-format-correction.patch
deleted file mode 100644
index be3eff9327..0000000000
--- a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-This fixes PHP bug #73159: https://bugs.php.net/bug.php?id=73159
-
-Patch lifted from upstream source repository:
-
-https://github.com/libgd/libgd/commit/e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5
-
-From e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Mon, 15 Aug 2016 17:49:40 +0200
-Subject: [PATCH] Fix #289: Passing unrecognized formats to gdImageGd2 results
- in corrupted files
-
-We must not apply the format correction twice for truecolor images.
-
-(cherry picked from commit 09090c125658e23a4ae2a2e002646bb7278bd89e)
----
- src/gd_gd2.c | 2 +-
- tests/gd2/CMakeLists.txt | 1 +
- tests/gd2/Makemodule.am | 1 +
- tests/gd2/bug_289.c | 33 +++++++++++++++++++++++++++++++++
- 4 files changed, 36 insertions(+), 1 deletion(-)
- create mode 100644 tests/gd2/bug_289.c
-
-diff --git a/src/gd_gd2.c b/src/gd_gd2.c
-index 86c881e..75e5e1f 100644
---- a/src/gd_gd2.c
-+++ b/src/gd_gd2.c
-@@ -918,7 +918,7 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
- /* Force fmt to a valid value since we don't return anything. */
- /* */
- if ((fmt != GD2_FMT_RAW) && (fmt != GD2_FMT_COMPRESSED)) {
-- fmt = im->trueColor ? GD2_FMT_TRUECOLOR_COMPRESSED : GD2_FMT_COMPRESSED;
-+ fmt = GD2_FMT_COMPRESSED;
- };
- if (im->trueColor) {
- fmt += 2;
-diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt
-index 8aecacc..3b650ad 100644
---- a/tests/gd2/CMakeLists.txt
-+++ b/tests/gd2/CMakeLists.txt
-@@ -1,4 +1,5 @@
- SET(TESTS_FILES
-+ bug_289
- gd2_empty_file
- gd2_im2im
- gd2_null
-diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am
-index 754a284..b8ee946 100644
---- a/tests/gd2/Makemodule.am
-+++ b/tests/gd2/Makemodule.am
-@@ -1,4 +1,5 @@
- libgd_test_programs += \
-+ gd2/bug_289 \
- gd2/gd2_empty_file \
- gd2/php_bug_72339 \
- gd2/gd2_read_corrupt
-diff --git a/tests/gd2/bug_289.c b/tests/gd2/bug_289.c
-new file mode 100644
-index 0000000..ad311e9
---- /dev/null
-+++ b/tests/gd2/bug_289.c
-@@ -0,0 +1,33 @@
-+/**
-+ * Passing an unrecognized format to gdImageGd2() should result in
-+ * GD2_FMT_TRUECOLOR_COMPRESSED for truecolor images.
-+ *
-+ * See <https://github.com/libgd/libgd/issues/289>.
-+ */
-+
-+#include "gd.h"
-+#include "gdtest.h"
-+
-+
-+#define GD2_FMT_UNRECOGNIZED 0
-+#define GD2_FMT_TRUECOLOR_COMPRESSED 4
-+
-+#define MSG "expected %s byte to be %d, but got %d\n"
-+
-+
-+int main()
-+{
-+ gdImagePtr im;
-+ char *buffer;
-+ int size;
-+
-+ im = gdImageCreateTrueColor(10, 10);
-+ gdTestAssert(im != NULL);
-+ buffer = (char *) gdImageGd2Ptr(im, 128, GD2_FMT_UNRECOGNIZED, &size);
-+ gdTestAssert(buffer != NULL);
-+ gdImageDestroy(im);
-+ gdTestAssertMsg(buffer[12] == 0, MSG, "1st", 0, buffer[12]);
-+ gdTestAssertMsg(buffer[13] == GD2_FMT_TRUECOLOR_COMPRESSED, MSG, "2nd", GD2_FMT_TRUECOLOR_COMPRESSED, buffer[13]);
-+
-+ return gdNumFailures();
-+}
diff --git a/gnu/packages/patches/gd-freetype-test-failure.patch b/gnu/packages/patches/gd-freetype-test-failure.patch
new file mode 100644
index 0000000000..49c16ca089
--- /dev/null
+++ b/gnu/packages/patches/gd-freetype-test-failure.patch
@@ -0,0 +1,59 @@
+Fix a test failure with freetype 2.7:
+
+https://github.com/libgd/libgd/commit/a5570d3ed30ff76c2a8bdd54f4ab1825acca0143
+
+Patch copied from upstream source repository:
+
+https://github.com/libgd/libgd/commit/a5570d3ed30ff76c2a8bdd54f4ab1825acca0143
+
+From a5570d3ed30ff76c2a8bdd54f4ab1825acca0143 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Sun, 29 Jan 2017 17:07:50 +0100
+Subject: [PATCH] Fix #302: Test suite fails with freetype 2.7
+
+Actually, the test failures are not necessarily related to freetype
+2.7, but rather are caused by subpixel hinting which is enabled by
+default in freetype 2.7. Subpixel hinting is, however, already
+available in freetype 2.5 and in versions having the "Infinality"
+patch.
+
+To get the expected results in all environments, we have to disable
+subpixel hinting, what is easily done by setting a respective
+environment variable.
+
+See also:
+* https://www.freetype.org/freetype2/docs/subpixel-hinting.html
+* https://www.freetype.org/freetype2/docs/reference/ft2-tt_driver.html
+---
+ tests/freetype/bug00132.c | 3 +++
+ tests/gdimagestringft/gdimagestringft_bbox.c | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/tests/freetype/bug00132.c b/tests/freetype/bug00132.c
+index 713dd2d..42ed5b1 100644
+--- a/tests/freetype/bug00132.c
++++ b/tests/freetype/bug00132.c
+@@ -11,6 +11,9 @@ int main()
+ char *path;
+ char *ret = NULL;
+
++ /* disable subpixel hinting */
++ putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35");
++
+ im = gdImageCreateTrueColor(50, 30);
+
+ if (!im) {
+diff --git a/tests/gdimagestringft/gdimagestringft_bbox.c b/tests/gdimagestringft/gdimagestringft_bbox.c
+index 0161ec8..1596a9e 100644
+--- a/tests/gdimagestringft/gdimagestringft_bbox.c
++++ b/tests/gdimagestringft/gdimagestringft_bbox.c
+@@ -38,6 +38,9 @@ int main()
+ int error = 0;
+ FILE *fp;
+
++ /* disable subpixel hinting */
++ putenv("FREETYPE_PROPERTIES=truetype:interpreter-version=35");
++
+ path = gdTestFilePath("freetype/DejaVuSans.ttf");
+ im = gdImageCreate(800, 800);
+ gdImageColorAllocate(im, 0xFF, 0xFF, 0xFF); /* allocate white for background color */
diff --git a/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch b/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch
new file mode 100644
index 0000000000..a926c1455c
--- /dev/null
+++ b/gnu/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch
@@ -0,0 +1,121 @@
+This bug was first reported to php on https://bugs.php.net/bug.php?id=73968.
+php then reported it to gd in https://github.com/libgd/libgd/issues/109.
+
+Patch adapted from upstream source repository:
+
+https://github.com/libgd/libgd/commit/082c5444838ea0d84f9fb6441aefdb44d78d9bba
+
+Binary diffs have been removed from the patch because our patch
+procedure doesn't support them.
+
+From 082c5444838ea0d84f9fb6441aefdb44d78d9bba Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Fri, 20 Jan 2017 22:48:20 +0100
+Subject: [PATCH] Fix #109: XBM reading fails with printed error
+
+When calculating the number of required bytes of an XBM image, we have
+to take the line padding into account.
+---
+ src/gd_xbm.c | 2 +-
+ tests/xbm/CMakeLists.txt | 1 +
+ tests/xbm/Makemodule.am | 5 ++++-
+ tests/xbm/github_bug_109.c | 35 +++++++++++++++++++++++++++++++++++
+ tests/xbm/github_bug_109.xbm | 5 +++++
+ 5 files changed, 47 insertions(+), 2 deletions(-)
+ create mode 100644 tests/xbm/github_bug_109.c
+ create mode 100644 tests/xbm/github_bug_109.xbm
+ create mode 100644 tests/xbm/github_bug_109_exp.png
+
+diff --git a/src/gd_xbm.c b/src/gd_xbm.c
+index 5f09b56..c2ba2ad 100644
+--- a/src/gd_xbm.c
++++ b/src/gd_xbm.c
+@@ -108,7 +108,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd)
+ max_bit = 32768;
+ }
+ if (max_bit) {
+- bytes = (width * height / 8) + 1;
++ bytes = (width + 7) / 8 * height;
+ if (!bytes) {
+ return 0;
+ }
+diff --git a/tests/xbm/CMakeLists.txt b/tests/xbm/CMakeLists.txt
+index 183cf5e..08576e0 100644
+--- a/tests/xbm/CMakeLists.txt
++++ b/tests/xbm/CMakeLists.txt
+@@ -1,4 +1,5 @@
+ LIST(APPEND TESTS_FILES
++ github_bug_109
+ github_bug_170
+ )
+
+diff --git a/tests/xbm/Makemodule.am b/tests/xbm/Makemodule.am
+index ba1eabd..0f5beb6 100644
+--- a/tests/xbm/Makemodule.am
++++ b/tests/xbm/Makemodule.am
+@@ -1,5 +1,8 @@
+ libgd_test_programs += \
++ xbm/github_bug_109 \
+ xbm/github_bug_170
+
+ EXTRA_DIST += \
+- xbm/CMakeLists.txt
++ xbm/CMakeLists.txt \
++ xbm/github_bug_109.xbm \
++ xbm/github_bug_109_exp.png
+diff --git a/tests/xbm/github_bug_109.c b/tests/xbm/github_bug_109.c
+new file mode 100644
+index 0000000..1a020c6
+--- /dev/null
++++ b/tests/xbm/github_bug_109.c
+@@ -0,0 +1,35 @@
++/**
++ * Test reading of XBM images with a width that is not a multiple of 8
++ *
++ * We're reading such an XBM image, and check that we got what we've expected,
++ * instead of an error message.
++ *
++ * See also <https://github.com/libgd/libgd/issues/109>.
++ */
++
++
++#include "gd.h"
++#include "gdtest.h"
++
++
++int main()
++{
++ gdImagePtr im;
++ FILE *fp;
++ char *path;
++
++ fp = gdTestFileOpen2("xbm", "github_bug_109.xbm");
++ im = gdImageCreateFromXbm(fp);
++ fclose(fp);
++ gdTestAssert(im != NULL);
++ gdTestAssert(gdImageGetTrueColorPixel(im, 0, 0) == 0);
++ gdTestAssert(gdImageGetTrueColorPixel(im, 0, 1) == 0xffffff);
++
++ path = gdTestFilePath2("xbm", "github_bug_109_exp.png");
++ gdAssertImageEqualsToFile(path, im);
++ gdFree(path);
++
++ gdImageDestroy(im);
++
++ return gdNumFailures();
++}
+diff --git a/tests/xbm/github_bug_109.xbm b/tests/xbm/github_bug_109.xbm
+new file mode 100644
+index 0000000..f427d86
+--- /dev/null
++++ b/tests/xbm/github_bug_109.xbm
+@@ -0,0 +1,5 @@
++#define test_width 10
++#define test_height 10
++static unsigned char test_bits[] = {
++ 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00,
++ 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00};
+
+--
+2.7.4
+
diff --git a/gnu/packages/patches/gdk-pixbuf-list-dir.patch b/gnu/packages/patches/gdk-pixbuf-list-dir.patch
new file mode 100644
index 0000000000..137914a19c
--- /dev/null
+++ b/gnu/packages/patches/gdk-pixbuf-list-dir.patch
@@ -0,0 +1,35 @@
+Sort directory entries so that the output of
+‘gdk-pixbuf-query-loaders’ is deterministic.
+
+See: https://bugzilla.gnome.org/show_bug.cgi?id=777332
+--- gdk-pixbuf-2.34.0/gdk-pixbuf/queryloaders.c.orig 2017-01-11 00:17:32.865843062 +0100
++++ gdk-pixbuf-2.34.0/gdk-pixbuf/queryloaders.c 2017-01-16 16:12:03.420667874 +0100
+@@ -354,16 +354,27 @@
+
+ dir = g_dir_open (path, 0, NULL);
+ if (dir) {
++ GList *entries = NULL;
+ const char *dent;
+
+ while ((dent = g_dir_read_name (dir))) {
+ gint len = strlen (dent);
+ if (len > SOEXT_LEN &&
+ strcmp (dent + len - SOEXT_LEN, SOEXT) == 0) {
+- query_module (contents, path, dent);
++ entries = g_list_append (entries, g_strdup (dent));
+ }
+ }
+ g_dir_close (dir);
++ /* Sort directory entries so that the output of
++ ‘gdk-pixbuf-query-loaders’ is deterministic. */
++ entries = g_list_sort (entries, (GCompareFunc) strcmp);
++ GList *xentries;
++ for (xentries = entries; xentries; xentries = g_list_next (xentries)) {
++ dent = xentries->data;
++ query_module (contents, path, dent);
++ g_free (xentries->data);
++ }
++ g_list_free (entries);
+ }
+ #else
+ g_string_append_printf (contents, "# dynamic loading of modules not supported\n");
diff --git a/gnu/packages/patches/glibc-bootstrap-system.patch b/gnu/packages/patches/glibc-bootstrap-system.patch
index 7208cce3f4..2f8e7da7e1 100644
--- a/gnu/packages/patches/glibc-bootstrap-system.patch
+++ b/gnu/packages/patches/glibc-bootstrap-system.patch
@@ -26,3 +26,5 @@ instead uses the hard-coded absolute file name of `bash'.
_IO__exit (127);
}
_IO_close (child_end);
+
+
diff --git a/gnu/packages/patches/guile-repl-server-test.patch b/gnu/packages/patches/guile-repl-server-test.patch
deleted file mode 100644
index 81e724ecc4..0000000000
--- a/gnu/packages/patches/guile-repl-server-test.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-commit 8d6209ea56241bb1890c142539927c9ef3fb5a13
-Author: Ludovic Courtès <ludo@gnu.org>
-Date: Fri Nov 4 22:44:32 2016 +0100
-
- tests: Throw 'unresolved when the REPL server is too slow.
-
-commit 2fbde7f02adb8c6585e9baf6e293ee49cd23d4c4
-Author: Ludovic Courtès <ludo@gnu.org>
-Date: Fri Nov 4 22:45:51 2016 +0100
-
- tests: Avoid race condition in REPL server test.
-
-index ca389ba..4b5ec0c 100644
---- a/test-suite/tests/00-repl-server.test
-+++ b/test-suite/tests/00-repl-server.test
-@@ -61,10 +61,11 @@ socket connected to that server."
- (lambda ()
- (connect client-socket sockaddr))
- (lambda args
-- (when (and (memv (system-error-errno args)
-- (list ENOENT ECONNREFUSED))
-- (< tries 3))
-- (sleep 1)
-+ (when (memv (system-error-errno args)
-+ (list ENOENT ECONNREFUSED))
-+ (when (> tries 30)
-+ (throw 'unresolved))
-+ (usleep 100)
- (loop (+ tries 1))))))
-
- (proc client-socket))
-@@ -104,8 +105,14 @@ reached."
- "scheme@(repl-server)> $1 = 42\n"
- (with-repl-server socket
- (read-until-prompt socket %last-line-before-prompt)
-- (display "(+ 40 2)\n(quit)\n" socket)
-- (read-string socket)))
-+
-+ ;; Wait until 'repl-reader' in boot-9 has written the prompt.
-+ ;; Otherwise, if we write too quickly, 'repl-reader' checks for
-+ ;; 'char-ready?' and doesn't print the prompt.
-+ (match (select (list socket) '() (list socket) 3)
-+ (((_) () ())
-+ (display "(+ 40 2)\n(quit)\n" socket)
-+ (read-string socket)))))
-
- (pass-if "HTTP inter-protocol attack" ;CVE-2016-8606
- (with-repl-server socket
diff --git a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch b/gnu/packages/patches/lcms-CVE-2016-10165.patch
index d9f7ac6a36..fa4d75c9ee 100644
--- a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
+++ b/gnu/packages/patches/lcms-CVE-2016-10165.patch
@@ -1,7 +1,9 @@
-Fix an out-of-bounds heap read in Type_MLU_Read():
+Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read():
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
http://seclists.org/oss-sec/2016/q3/288
https://bugzilla.redhat.com/show_bug.cgi?id=1367357
+https://security-tracker.debian.org/tracker/CVE-2016-10165
Patch copied from upstream source repository:
diff --git a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch b/gnu/packages/patches/libarchive-7zip-heap-overflow.patch
deleted file mode 100644
index bef628f0a8..0000000000
--- a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Fix buffer overflow reading 7Zip files:
-
-https://github.com/libarchive/libarchive/issues/761
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126
-
-From 7f17c791dcfd8c0416e2cd2485b19410e47ef126 Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 18 Sep 2016 18:14:58 -0700
-Subject: [PATCH] Issue 761: Heap overflow reading corrupted 7Zip files
-
-The sample file that demonstrated this had multiple 'EmptyStream'
-attributes. The first one ended up being used to calculate
-certain statistics, then was overwritten by the second which
-was incompatible with those statistics.
-
-The fix here is to reject any header with multiple EmptyStream
-attributes. While here, also reject headers with multiple
-EmptyFile, AntiFile, Name, or Attributes markers.
----
- libarchive/archive_read_support_format_7zip.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
-index 1dfe52b..c0a536c 100644
---- a/libarchive/archive_read_support_format_7zip.c
-+++ b/libarchive/archive_read_support_format_7zip.c
-@@ -2431,6 +2431,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
-
- switch (type) {
- case kEmptyStream:
-+ if (h->emptyStreamBools != NULL)
-+ return (-1);
- h->emptyStreamBools = calloc((size_t)zip->numFiles,
- sizeof(*h->emptyStreamBools));
- if (h->emptyStreamBools == NULL)
-@@ -2451,6 +2453,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- return (-1);
- break;
- }
-+ if (h->emptyFileBools != NULL)
-+ return (-1);
- h->emptyFileBools = calloc(empty_streams,
- sizeof(*h->emptyFileBools));
- if (h->emptyFileBools == NULL)
-@@ -2465,6 +2469,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- return (-1);
- break;
- }
-+ if (h->antiBools != NULL)
-+ return (-1);
- h->antiBools = calloc(empty_streams,
- sizeof(*h->antiBools));
- if (h->antiBools == NULL)
-@@ -2491,6 +2497,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- if ((ll & 1) || ll < zip->numFiles * 4)
- return (-1);
-
-+ if (zip->entry_names != NULL)
-+ return (-1);
- zip->entry_names = malloc(ll);
- if (zip->entry_names == NULL)
- return (-1);
-@@ -2543,6 +2551,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- if ((p = header_bytes(a, 2)) == NULL)
- return (-1);
- allAreDefined = *p;
-+ if (h->attrBools != NULL)
-+ return (-1);
- h->attrBools = calloc((size_t)zip->numFiles,
- sizeof(*h->attrBools));
- if (h->attrBools == NULL)
---
-2.10.0
-
diff --git a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch b/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch
deleted file mode 100644
index bce63d5e4e..0000000000
--- a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch
+++ /dev/null
@@ -1,445 +0,0 @@
-This patch fixes two bugs that allow attackers to overwrite or change
-the permissions of arbitrary files:
-
-https://github.com/libarchive/libarchive/issues/745
-https://github.com/libarchive/libarchive/issues/746
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
-
-From dfd6b54ce33960e420fb206d8872fb759b577ad9 Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 11 Sep 2016 13:21:57 -0700
-Subject: [PATCH] Fixes for Issue #745 and Issue #746 from Doran Moppert.
-
----
- libarchive/archive_write_disk_posix.c | 294 ++++++++++++++++++++++++++--------
- 1 file changed, 227 insertions(+), 67 deletions(-)
-
-diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
-index 8f0421e..abe1a86 100644
---- a/libarchive/archive_write_disk_posix.c
-+++ b/libarchive/archive_write_disk_posix.c
-@@ -326,12 +326,14 @@ struct archive_write_disk {
-
- #define HFS_BLOCKS(s) ((s) >> 12)
-
-+static int check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
- static int check_symlinks(struct archive_write_disk *);
- static int create_filesystem_object(struct archive_write_disk *);
- static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
- #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
- static void edit_deep_directories(struct archive_write_disk *ad);
- #endif
-+static int cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
- static int cleanup_pathname(struct archive_write_disk *);
- static int create_dir(struct archive_write_disk *, char *);
- static int create_parent_dir(struct archive_write_disk *, char *);
-@@ -2014,6 +2016,10 @@ create_filesystem_object(struct archive_write_disk *a)
- const char *linkname;
- mode_t final_mode, mode;
- int r;
-+ /* these for check_symlinks_fsobj */
-+ char *linkname_copy; /* non-const copy of linkname */
-+ struct archive_string error_string;
-+ int error_number;
-
- /* We identify hard/symlinks according to the link names. */
- /* Since link(2) and symlink(2) don't handle modes, we're done here. */
-@@ -2022,6 +2028,27 @@ create_filesystem_object(struct archive_write_disk *a)
- #if !HAVE_LINK
- return (EPERM);
- #else
-+ archive_string_init(&error_string);
-+ linkname_copy = strdup(linkname);
-+ if (linkname_copy == NULL) {
-+ return (EPERM);
-+ }
-+ /* TODO: consider using the cleaned-up path as the link target? */
-+ r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags);
-+ if (r != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ free(linkname_copy);
-+ /* EPERM is more appropriate than error_number for our callers */
-+ return (EPERM);
-+ }
-+ r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags);
-+ if (r != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ free(linkname_copy);
-+ /* EPERM is more appropriate than error_number for our callers */
-+ return (EPERM);
-+ }
-+ free(linkname_copy);
- r = link(linkname, a->name) ? errno : 0;
- /*
- * New cpio and pax formats allow hardlink entries
-@@ -2362,115 +2389,228 @@ current_fixup(struct archive_write_disk *a, const char *pathname)
- * recent paths.
- */
- /* TODO: Extend this to support symlinks on Windows Vista and later. */
-+
-+/*
-+ * Checks the given path to see if any elements along it are symlinks. Returns
-+ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
-+ */
- static int
--check_symlinks(struct archive_write_disk *a)
-+check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
- {
- #if !defined(HAVE_LSTAT)
- /* Platform doesn't have lstat, so we can't look for symlinks. */
- (void)a; /* UNUSED */
-+ (void)path; /* UNUSED */
-+ (void)error_number; /* UNUSED */
-+ (void)error_string; /* UNUSED */
-+ (void)flags; /* UNUSED */
- return (ARCHIVE_OK);
- #else
-- char *pn;
-+ int res = ARCHIVE_OK;
-+ char *tail;
-+ char *head;
-+ int last;
- char c;
- int r;
- struct stat st;
-+ int restore_pwd;
-+
-+ /* Nothing to do here if name is empty */
-+ if(path[0] == '\0')
-+ return (ARCHIVE_OK);
-
- /*
- * Guard against symlink tricks. Reject any archive entry whose
- * destination would be altered by a symlink.
-+ *
-+ * Walk the filename in chunks separated by '/'. For each segment:
-+ * - if it doesn't exist, continue
-+ * - if it's symlink, abort or remove it
-+ * - if it's a directory and it's not the last chunk, cd into it
-+ * As we go:
-+ * head points to the current (relative) path
-+ * tail points to the temporary \0 terminating the segment we're currently examining
-+ * c holds what used to be in *tail
-+ * last is 1 if this is the last tail
- */
-- /* Whatever we checked last time doesn't need to be re-checked. */
-- pn = a->name;
-- if (archive_strlen(&(a->path_safe)) > 0) {
-- char *p = a->path_safe.s;
-- while ((*pn != '\0') && (*p == *pn))
-- ++p, ++pn;
-- }
-+ restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
-+ __archive_ensure_cloexec_flag(restore_pwd);
-+ if (restore_pwd < 0)
-+ return (ARCHIVE_FATAL);
-+ head = path;
-+ tail = path;
-+ last = 0;
-+ /* TODO: reintroduce a safe cache here? */
- /* Skip the root directory if the path is absolute. */
-- if(pn == a->name && pn[0] == '/')
-- ++pn;
-- c = pn[0];
-- /* Keep going until we've checked the entire name. */
-- while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
-+ if(tail == path && tail[0] == '/')
-+ ++tail;
-+ /* Keep going until we've checked the entire name.
-+ * head, tail, path all alias the same string, which is
-+ * temporarily zeroed at tail, so be careful restoring the
-+ * stashed (c=tail[0]) for error messages.
-+ * Exiting the loop with break is okay; continue is not.
-+ */
-+ while (!last) {
-+ /* Skip the separator we just consumed, plus any adjacent ones */
-+ while (*tail == '/')
-+ ++tail;
- /* Skip the next path element. */
-- while (*pn != '\0' && *pn != '/')
-- ++pn;
-- c = pn[0];
-- pn[0] = '\0';
-+ while (*tail != '\0' && *tail != '/')
-+ ++tail;
-+ /* is this the last path component? */
-+ last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0');
-+ /* temporarily truncate the string here */
-+ c = tail[0];
-+ tail[0] = '\0';
- /* Check that we haven't hit a symlink. */
-- r = lstat(a->name, &st);
-+ r = lstat(head, &st);
- if (r != 0) {
-+ tail[0] = c;
- /* We've hit a dir that doesn't exist; stop now. */
- if (errno == ENOENT) {
- break;
- } else {
-- /* Note: This effectively disables deep directory
-+ /* Treat any other error as fatal - best to be paranoid here
-+ * Note: This effectively disables deep directory
- * support when security checks are enabled.
- * Otherwise, very long pathnames that trigger
- * an error here could evade the sandbox.
- * TODO: We could do better, but it would probably
- * require merging the symlink checks with the
- * deep-directory editing. */
-- return (ARCHIVE_FAILED);
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not stat %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
-+ }
-+ } else if (S_ISDIR(st.st_mode)) {
-+ if (!last) {
-+ if (chdir(head) != 0) {
-+ tail[0] = c;
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not chdir %s",
-+ path);
-+ res = (ARCHIVE_FATAL);
-+ break;
-+ }
-+ /* Our view is now from inside this dir: */
-+ head = tail + 1;
- }
- } else if (S_ISLNK(st.st_mode)) {
-- if (c == '\0') {
-+ if (last) {
- /*
- * Last element is symlink; remove it
- * so we can overwrite it with the
- * item being extracted.
- */
-- if (unlink(a->name)) {
-- archive_set_error(&a->archive, errno,
-- "Could not remove symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ if (unlink(head)) {
-+ tail[0] = c;
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not remove symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
-- a->pst = NULL;
- /*
- * Even if we did remove it, a warning
- * is in order. The warning is silly,
- * though, if we're just replacing one
- * symlink with another symlink.
- */
-- if (!S_ISLNK(a->mode)) {
-- archive_set_error(&a->archive, 0,
-- "Removing symlink %s",
-- a->name);
-+ tail[0] = c;
-+ /* FIXME: not sure how important this is to restore
-+ if (!S_ISLNK(path)) {
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Removing symlink %s",
-+ path);
- }
-+ */
- /* Symlink gone. No more problem! */
-- pn[0] = c;
-- return (0);
-- } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
-+ res = ARCHIVE_OK;
-+ break;
-+ } else if (flags & ARCHIVE_EXTRACT_UNLINK) {
- /* User asked us to remove problems. */
-- if (unlink(a->name) != 0) {
-- archive_set_error(&a->archive, 0,
-- "Cannot remove intervening symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ if (unlink(head) != 0) {
-+ tail[0] = c;
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Cannot remove intervening symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
-- a->pst = NULL;
-+ tail[0] = c;
- } else {
-- archive_set_error(&a->archive, 0,
-- "Cannot extract through symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ tail[0] = c;
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Cannot extract through symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
- }
-- pn[0] = c;
-- if (pn[0] != '\0')
-- pn++; /* Advance to the next segment. */
-+ /* be sure to always maintain this */
-+ tail[0] = c;
-+ if (tail[0] != '\0')
-+ tail++; /* Advance to the next segment. */
- }
-- pn[0] = c;
-- /* We've checked and/or cleaned the whole path, so remember it. */
-- archive_strcpy(&a->path_safe, a->name);
-- return (ARCHIVE_OK);
-+ /* Catches loop exits via break */
-+ tail[0] = c;
-+#ifdef HAVE_FCHDIR
-+ /* If we changed directory above, restore it here. */
-+ if (restore_pwd >= 0) {
-+ r = fchdir(restore_pwd);
-+ if (r != 0) {
-+ if(error_number) *error_number = errno;
-+ if(error_string)
-+ archive_string_sprintf(error_string,
-+ "chdir() failure");
-+ }
-+ close(restore_pwd);
-+ restore_pwd = -1;
-+ if (r != 0) {
-+ res = (ARCHIVE_FATAL);
-+ }
-+ }
-+#endif
-+ /* TODO: reintroduce a safe cache here? */
-+ return res;
- #endif
- }
-
-+/*
-+ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise
-+ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED}
-+ */
-+static int
-+check_symlinks(struct archive_write_disk *a)
-+{
-+ struct archive_string error_string;
-+ int error_number;
-+ int rc;
-+ archive_string_init(&error_string);
-+ rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags);
-+ if (rc != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ }
-+ archive_string_free(&error_string);
-+ a->pst = NULL; /* to be safe */
-+ return rc;
-+}
-+
-+
- #if defined(__CYGWIN__)
- /*
- * 1. Convert a path separator from '\' to '/' .
-@@ -2544,15 +2684,17 @@ cleanup_pathname_win(struct archive_write_disk *a)
- * is set) if the path is absolute.
- */
- static int
--cleanup_pathname(struct archive_write_disk *a)
-+cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
- {
- char *dest, *src;
- char separator = '\0';
-
-- dest = src = a->name;
-+ dest = src = path;
- if (*src == '\0') {
-- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-- "Invalid empty pathname");
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Invalid empty pathname");
- return (ARCHIVE_FAILED);
- }
-
-@@ -2561,9 +2703,11 @@ cleanup_pathname(struct archive_write_disk *a)
- #endif
- /* Skip leading '/'. */
- if (*src == '/') {
-- if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
-- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-- "Path is absolute");
-+ if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Path is absolute");
- return (ARCHIVE_FAILED);
- }
-
-@@ -2590,10 +2734,11 @@ cleanup_pathname(struct archive_write_disk *a)
- } else if (src[1] == '.') {
- if (src[2] == '/' || src[2] == '\0') {
- /* Conditionally warn about '..' */
-- if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
-- archive_set_error(&a->archive,
-- ARCHIVE_ERRNO_MISC,
-- "Path contains '..'");
-+ if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Path contains '..'");
- return (ARCHIVE_FAILED);
- }
- }
-@@ -2624,7 +2769,7 @@ cleanup_pathname(struct archive_write_disk *a)
- * We've just copied zero or more path elements, not including the
- * final '/'.
- */
-- if (dest == a->name) {
-+ if (dest == path) {
- /*
- * Nothing got copied. The path must have been something
- * like '.' or '/' or './' or '/././././/./'.
-@@ -2639,6 +2784,21 @@ cleanup_pathname(struct archive_write_disk *a)
- return (ARCHIVE_OK);
- }
-
-+static int
-+cleanup_pathname(struct archive_write_disk *a)
-+{
-+ struct archive_string error_string;
-+ int error_number;
-+ int rc;
-+ archive_string_init(&error_string);
-+ rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags);
-+ if (rc != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ }
-+ archive_string_free(&error_string);
-+ return rc;
-+}
-+
- /*
- * Create the parent directory of the specified path, assuming path
- * is already in mutable storage.
diff --git a/gnu/packages/patches/libarchive-fix-symlink-check.patch b/gnu/packages/patches/libarchive-fix-symlink-check.patch
deleted file mode 100644
index f042c31a84..0000000000
--- a/gnu/packages/patches/libarchive-fix-symlink-check.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Make sure to check for symlinks even if the pathname is very long:
-
-https://github.com/libarchive/libarchive/issues/744
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a
-
-From 1fa9c7bf90f0862036a99896b0501c381584451a Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 21 Aug 2016 17:11:45 -0700
-Subject: [PATCH] Issue #744 (part of Issue #743): Enforce sandbox with very
- long pathnames
-
-Because check_symlinks is handled separately from the deep-directory
-support, very long pathnames cause problems. Previously, the code
-ignored most failures to lstat() a path component. In particular,
-this led to check_symlinks always passing for very long paths, which
-in turn provides a way to evade the symlink checks in the sandboxing
-code.
-
-We now fail on unrecognized lstat() failures, which plugs this
-hole at the cost of disabling deep directory support when the
-user requests sandboxing.
-
-TODO: This probably cannot be completely fixed without
-entirely reimplementing the deep directory support to
-integrate the symlink checks. I want to reimplement the
-deep directory hanlding someday anyway; openat() and
-related system calls now provide a much cleaner way to
-handle deep directories than the chdir approach used by this
-code.
----
- libarchive/archive_write_disk_posix.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
-index 39ee3b6..8f0421e 100644
---- a/libarchive/archive_write_disk_posix.c
-+++ b/libarchive/archive_write_disk_posix.c
-@@ -2401,8 +2401,18 @@ check_symlinks(struct archive_write_disk *a)
- r = lstat(a->name, &st);
- if (r != 0) {
- /* We've hit a dir that doesn't exist; stop now. */
-- if (errno == ENOENT)
-+ if (errno == ENOENT) {
- break;
-+ } else {
-+ /* Note: This effectively disables deep directory
-+ * support when security checks are enabled.
-+ * Otherwise, very long pathnames that trigger
-+ * an error here could evade the sandbox.
-+ * TODO: We could do better, but it would probably
-+ * require merging the symlink checks with the
-+ * deep-directory editing. */
-+ return (ARCHIVE_FAILED);
-+ }
- } else if (S_ISLNK(st.st_mode)) {
- if (c == '\0') {
- /*
diff --git a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch b/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch
deleted file mode 100644
index 0e70ac90ce..0000000000
--- a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fixes this buffer overflow:
-https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
-
-Patch copied from upstream source repository:
-https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
-
-From e37b620fe8f14535d737e89a4dcabaed4517bf1a Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 21 Aug 2016 10:51:43 -0700
-Subject: [PATCH] Issue #767: Buffer overflow printing a filename
-
-The safe_fprintf function attempts to ensure clean output for an
-arbitrary sequence of bytes by doing a trial conversion of the
-multibyte characters to wide characters -- if the resulting wide
-character is printable then we pass through the corresponding bytes
-unaltered, otherwise, we convert them to C-style ASCII escapes.
-
-The stack trace in Issue #767 suggest that the 20-byte buffer
-was getting overflowed trying to format a non-printable multibyte
-character. This should only happen if there is a valid multibyte
-character of more than 5 bytes that was unprintable. (Each byte
-would get expanded to a four-charcter octal-style escape of the form
-"\123" resulting in >20 characters for the >5 byte multibyte character.)
-
-I've not been able to reproduce this, but have expanded the conversion
-buffer to 128 bytes on the belief that no multibyte character set
-has a single character of more than 32 bytes.
----
- tar/util.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tar/util.c b/tar/util.c
-index 9ff22f2..2b4aebe 100644
---- a/tar/util.c
-+++ b/tar/util.c
-@@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...)
- }
-
- /* If our output buffer is full, dump it and keep going. */
-- if (i > (sizeof(outbuff) - 20)) {
-+ if (i > (sizeof(outbuff) - 128)) {
- outbuff[i] = '\0';
- fprintf(f, "%s", outbuff);
- i = 0;
diff --git a/gnu/packages/patches/libdrm-symbol-check.patch b/gnu/packages/patches/libdrm-symbol-check.patch
index 676024beb4..69c67e778d 100644
--- a/gnu/packages/patches/libdrm-symbol-check.patch
+++ b/gnu/packages/patches/libdrm-symbol-check.patch
@@ -1,5 +1,5 @@
Augment the list of expected symbols to fix the symbol-check tests on
-mips64el-linux and armhf-linux.
+mips64el-linux, armhf-linux and aarch64-linux.
--- libdrm-2.4.65/freedreno/freedreno-symbol-check.orig 2015-09-04 11:07:40.000000000 -0400
+++ libdrm-2.4.65/freedreno/freedreno-symbol-check 2015-10-18 23:57:15.288416229 -0400
@@ -193,3 +193,28 @@ mips64el-linux and armhf-linux.
drm_tegra_bo_get_flags
drm_tegra_bo_get_handle
drm_tegra_bo_get_tiling
+
+--- libdrm-2.4.65/radeon/radeon-symbol-check.orig 2015-05-04 11:47:43.000000000 -0400
++++ libdrm-2.4.65/radeon/radeon-symbol-check 2015-10-18 23:57:00.756759698 -0400
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+
+-# The following symbols (past the first five) are taken from the public headers.
++# The following symbols (past the first 12) are taken from the public headers.
+ # A list of the latter should be available Makefile.sources/LIBDRM_RADEON_H_FILES
+
+ FUNCS=$(nm -D --format=bsd --defined-only ${1-.libs/libdrm_tegra.so} | awk '{print $3}'| while read func; do
+@@ -10,6 +10,13 @@
+ _end
+ _fini
+ _init
++_fbss
++_fdata
++_ftext
++__bss_start__
++__bss_end__
++_bss_end__
++__end__
+ radeon_bo_debug
+ radeon_bo_get_handle
+ radeon_bo_get_src_domain
diff --git a/gnu/packages/patches/libepoxy-gl-null-checks.patch b/gnu/packages/patches/libepoxy-gl-null-checks.patch
deleted file mode 100644
index bdc4b05989..0000000000
--- a/gnu/packages/patches/libepoxy-gl-null-checks.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-This patch from <https://bugzilla.redhat.com/show_bug.cgi?id=1395366> adds NULL
-checks to avoid crashes when GL support is missing, as is the case when running
-Xvfb.
-
-Upstream issue: <https://github.com/anholt/libepoxy/issues/72>.
-
-diff -ur libepoxy-1.3.1/src/dispatch_common.c libepoxy-1.3.1/src/dispatch_common.c
---- libepoxy-1.3.1/src/dispatch_common.c 2015-07-15 19:46:36.000000000 -0400
-+++ libepoxy-1.3.1/src/dispatch_common.c 2016-11-16 09:03:52.809066247 -0500
-@@ -348,6 +348,8 @@
- epoxy_extension_in_string(const char *extension_list, const char *ext)
- {
- const char *ptr = extension_list;
-+ if (! ptr) return false;
-+ if (! ext) return false;
- int len = strlen(ext);
-
- /* Make sure that don't just find an extension with our name as a prefix. */
-@@ -380,6 +382,7 @@
-
- for (i = 0; i < num_extensions; i++) {
- const char *gl_ext = (const char *)glGetStringi(GL_EXTENSIONS, i);
-+ if (! gl_ext) return false;
- if (strcmp(ext, gl_ext) == 0)
- return true;
- }
-diff -ur libepoxy-1.3.1/src/dispatch_egl.c libepoxy-1.3.1/src/dispatch_egl.c
---- libepoxy-1.3.1/src/dispatch_egl.c 2015-07-15 19:46:36.000000000 -0400
-+++ libepoxy-1.3.1/src/dispatch_egl.c 2016-11-16 08:40:34.069358709 -0500
-@@ -46,6 +46,7 @@
- int ret;
-
- version_string = eglQueryString(dpy, EGL_VERSION);
-+ if (! version_string) return 0;
- ret = sscanf(version_string, "%d.%d", &major, &minor);
- assert(ret == 2);
- return major * 10 + minor;
-diff -ur libepoxy-1.3.1/src/dispatch_glx.c libepoxy-1.3.1/src/dispatch_glx.c
---- libepoxy-1.3.1/src/dispatch_glx.c 2015-07-15 19:46:36.000000000 -0400
-+++ libepoxy-1.3.1/src/dispatch_glx.c 2016-11-16 08:41:03.065730370 -0500
-@@ -57,11 +57,13 @@
- int ret;
-
- version_string = glXQueryServerString(dpy, screen, GLX_VERSION);
-+ if (! version_string) return 0;
- ret = sscanf(version_string, "%d.%d", &server_major, &server_minor);
- assert(ret == 2);
- server = server_major * 10 + server_minor;
-
- version_string = glXGetClientString(dpy, GLX_VERSION);
-+ if (! version_string) return 0;
- ret = sscanf(version_string, "%d.%d", &client_major, &client_minor);
- assert(ret == 2);
- client = client_major * 10 + client_minor;
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
index f1907d53e2..bffe2c454c 100644
--- a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch
+++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
@@ -1,7 +1,6 @@
-Fix buffer overread in libevents DNS code.
-
-Upstream bug report:
+Fix CVE-2016-10195 (buffer overread in libevent's DNS code):
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195
https://github.com/libevent/libevent/issues/317
Patch copied from upstream source repository:
diff --git a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
index 4d16a4b917..03f96e938b 100644
--- a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch
+++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
@@ -1,7 +1,6 @@
-Fix buffer overflow in evutil.
-
-Upstream bug report:
+Fix CVE-2016-10196 (buffer overflow in evutil):
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196
https://github.com/libevent/libevent/issues/318
Patch copied from upstream source repository:
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
index c4ad0a1a4a..c62a328627 100644
--- a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch
+++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
@@ -1,7 +1,6 @@
-Fix OOB read on empty hostnames in evdns.
-
-Upstream bug report:
+Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns):
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197
https://github.com/libevent/libevent/issues/332
Patch copied from upstream source repository:
diff --git a/gnu/packages/patches/libpng-CVE-2016-10087.patch b/gnu/packages/patches/libpng-CVE-2016-10087.patch
deleted file mode 100644
index 8093b3e448..0000000000
--- a/gnu/packages/patches/libpng-CVE-2016-10087.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
-http://seclists.org/oss-sec/2016/q4/777
-
-Patch adapted from upstream source repository:
-
-https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/
-
-From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001
-From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
-Date: Thu, 29 Dec 2016 07:51:33 -0600
-Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in
- png_set_text_2()
-
-(bug report and patch by Patrick Keshishian).
----
- ANNOUNCE | 2 ++
- CHANGES | 2 ++
- png.c | 1 +
- 3 files changed, 5 insertions(+)
-
-diff --git a/png.c b/png.c
-index 8afc28fc2..2e05de159 100644
---- a/png.c
-+++ b/png.c
-@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
- png_free(png_ptr, info_ptr->text);
- info_ptr->text = NULL;
- info_ptr->num_text = 0;
-+ info_ptr->max_text = 0;
- }
- }
- #endif
---
-2.11.0
-
diff --git a/gnu/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch b/gnu/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch
new file mode 100644
index 0000000000..4133be7fc9
--- /dev/null
+++ b/gnu/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch
@@ -0,0 +1,33 @@
+This fixes a regression introduced in 1.8.0 where libssh2 fails to build
+with the gcrypt backend.
+
+Upstream bug URL:
+
+https://github.com/libssh2/libssh2/issues/150
+
+Patch copied from upstream source repository:
+
+https://github.com/libssh2/libssh2/commit/ced924b78a40126606797ef57a74066eb3b4b83f
+
+From ced924b78a40126606797ef57a74066eb3b4b83f Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <siarheit@google.com>
+Date: Mon, 31 Oct 2016 09:04:33 +0000
+Subject: [PATCH] acinclude.m4: fix ./configure --with-libgcrypt
+
+diff --git a/acinclude.m4 b/acinclude.m4
+index 734ef07..c78260c 100644
+--- a/acinclude.m4
++++ b/acinclude.m4
+@@ -412,9 +412,9 @@ AC_DEFUN([LIBSSH2_CHECKFOR_GCRYPT], [
+
+ old_LDFLAGS=$LDFLAGS
+ old_CFLAGS=$CFLAGS
+- if test -n "$use_libgcrypt" && test "$use_libgcrypt" != "no"; then
+- LDFLAGS="$LDFLAGS -L$use_libgcrypt/lib"
+- CFLAGS="$CFLAGS -I$use_libgcrypt/include"
++ if test -n "$with_libgcrypt_prefix" && test "$use_libgcrypt" != "no"; then
++ LDFLAGS="$LDFLAGS -L$with_libgcrypt_prefix/lib"
++ CFLAGS="$CFLAGS -I$with_libgcrypt_prefix/include"
+ fi
+ AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [
+ #include <gcrypt.h>
diff --git a/gnu/packages/patches/libxcb-python-3.5-compat.patch b/gnu/packages/patches/libxcb-python-3.5-compat.patch
new file mode 100644
index 0000000000..f652498aad
--- /dev/null
+++ b/gnu/packages/patches/libxcb-python-3.5-compat.patch
@@ -0,0 +1,64 @@
+Fix compatibility issue with Python 3.5.
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xcb/libxcb/commit/?id=8740a288ca468433141341347aa115b9544891d3
+
+From 8740a288ca468433141341347aa115b9544891d3 Mon Sep 17 00:00:00 2001
+From: Thomas Klausner <wiz@NetBSD.org>
+Date: Thu, 19 May 2016 17:31:18 +0200
+Subject: [PATCH] Fix inconsistent use of tabs vs. space.
+
+Needed for at least python-3.5.x.
+
+Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
+Signed-off-by: Uli Schlachter <psychon@znc.in>
+---
+ src/c_client.py | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/c_client.py b/src/c_client.py
+index 57de3fb..043338d 100644
+--- a/src/c_client.py
++++ b/src/c_client.py
+@@ -1364,7 +1364,7 @@ def _c_serialize(context, self):
+ _c(' unsigned int xcb_align_to = 0;')
+ if self.is_switch:
+ _c(' unsigned int xcb_padding_offset = %d;',
+- self.get_align_offset() )
++ self.get_align_offset() )
+ prefix = [('_aux', '->', self)]
+ aux_ptr = 'xcb_out'
+
+@@ -1390,7 +1390,7 @@ def _c_serialize(context, self):
+ _c(' unsigned int xcb_align_to = 0;')
+ if self.is_switch:
+ _c(' unsigned int xcb_padding_offset = %d;',
+- self.get_align_offset() )
++ self.get_align_offset() )
+
+ elif 'sizeof' == context:
+ param_names = [p[2] for p in params]
+@@ -1930,14 +1930,14 @@ def _c_accessors_list(self, field):
+ # from the request size and divide that by the member size
+ return '(((R->length * 4) - sizeof('+ self.c_type + '))/'+'sizeof('+field.type.member.c_wiretype+'))'
+ else:
+- # use the accessor to get the start of the list, then
+- # compute the length of it by subtracting it from
++ # use the accessor to get the start of the list, then
++ # compute the length of it by subtracting it from
+ # the adress of the first byte after the end of the
+ # request
+- after_end_of_request = '(((char*)R) + R->length * 4)'
+- start_of_list = '%s(R)' % (field.c_accessor_name)
++ after_end_of_request = '(((char*)R) + R->length * 4)'
++ start_of_list = '%s(R)' % (field.c_accessor_name)
+ bytesize_of_list = '%s - (char*)(%s)' % (after_end_of_request, start_of_list)
+- return '(%s) / sizeof(%s)' % (bytesize_of_list, field.type.member.c_wiretype)
++ return '(%s) / sizeof(%s)' % (bytesize_of_list, field.type.member.c_wiretype)
+ else:
+ raise Exception(
+ "lengthless lists with varsized members are not supported. Fieldname '%s'"
+--
+2.11.1
+
diff --git a/gnu/packages/patches/pcre-CVE-2016-3191.patch b/gnu/packages/patches/pcre-CVE-2016-3191.patch
deleted file mode 100644
index 89cce2a36f..0000000000
--- a/gnu/packages/patches/pcre-CVE-2016-3191.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-Fix for CVE-2016-3191.
-See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>.
-This is svn r1631 at <svn://vcs.exim.org/pcre/code>.
-
-Index: trunk/testdata/testoutput11-16
-===================================================================
---- trunk/testdata/testoutput11-16 (revision 1630)
-+++ trunk/testdata/testoutput11-16 (revision 1631)
-@@ -765,4 +765,7 @@
- 25 End
- ------------------------------------------------------------------
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: regular expression is too complicated at offset 490
-+
- /-- End of testinput11 --/
-Index: trunk/testdata/testinput11
-===================================================================
---- trunk/testdata/testinput11 (revision 1630)
-+++ trunk/testdata/testinput11 (revision 1631)
-@@ -138,4 +138,6 @@
-
- /.((?2)(?R)\1)()/B
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+
- /-- End of testinput11 --/
-Index: trunk/testdata/testoutput11-8
-===================================================================
---- trunk/testdata/testoutput11-8 (revision 1630)
-+++ trunk/testdata/testoutput11-8 (revision 1631)
-@@ -765,4 +765,7 @@
- 38 End
- ------------------------------------------------------------------
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: missing ) at offset 509
-+
- /-- End of testinput11 --/
-Index: trunk/testdata/testoutput11-32
-===================================================================
---- trunk/testdata/testoutput11-32 (revision 1630)
-+++ trunk/testdata/testoutput11-32 (revision 1631)
-@@ -765,4 +765,7 @@
- 25 End
- ------------------------------------------------------------------
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: missing ) at offset 509
-+
- /-- End of testinput11 --/
-Index: trunk/pcre_internal.h
-===================================================================
---- trunk/pcre_internal.h (revision 1630)
-+++ trunk/pcre_internal.h (revision 1631)
-@@ -7,7 +7,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
-
- Written by Philip Hazel
-- Copyright (c) 1997-2014 University of Cambridge
-+ Copyright (c) 1997-2016 University of Cambridge
-
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -2289,7 +2289,7 @@
- ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
- ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
- ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
-- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
-+ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
-
- /* JIT compiling modes. The function list is indexed by them. */
-
-Index: trunk/pcre_compile.c
-===================================================================
---- trunk/pcre_compile.c (revision 1630)
-+++ trunk/pcre_compile.c (revision 1631)
-@@ -6,7 +6,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
-
- Written by Philip Hazel
-- Copyright (c) 1997-2014 University of Cambridge
-+ Copyright (c) 1997-2016 University of Cambridge
-
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -560,6 +560,7 @@
- /* 85 */
- "parentheses are too deeply nested (stack check)\0"
- "digits missing in \\x{} or \\o{}\0"
-+ "regular expression is too complicated\0"
- ;
-
- /* Table to identify digits and hex digits. This is used when compiling
-@@ -4591,7 +4592,8 @@
- if (code > cd->start_workspace + cd->workspace_size -
- WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */
- {
-- *errorcodeptr = ERR52;
-+ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
-+ ERR52 : ERR87;
- goto FAILED;
- }
-
-@@ -6626,8 +6628,21 @@
- cd->had_accept = TRUE;
- for (oc = cd->open_caps; oc != NULL; oc = oc->next)
- {
-- *code++ = OP_CLOSE;
-- PUT2INC(code, 0, oc->number);
-+ if (lengthptr != NULL)
-+ {
-+#ifdef COMPILE_PCRE8
-+ *lengthptr += 1 + IMM2_SIZE;
-+#elif defined COMPILE_PCRE16
-+ *lengthptr += 2 + IMM2_SIZE;
-+#elif defined COMPILE_PCRE32
-+ *lengthptr += 4 + IMM2_SIZE;
-+#endif
-+ }
-+ else
-+ {
-+ *code++ = OP_CLOSE;
-+ PUT2INC(code, 0, oc->number);
-+ }
- }
- setverb = *code++ =
- (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
-Index: trunk/pcreposix.c
-===================================================================
---- trunk/pcreposix.c (revision 1630)
-+++ trunk/pcreposix.c (revision 1631)
-@@ -6,7 +6,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
-
- Written by Philip Hazel
-- Copyright (c) 1997-2014 University of Cambridge
-+ Copyright (c) 1997-2016 University of Cambridge
-
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -173,7 +173,8 @@
- REG_BADPAT, /* group name must start with a non-digit */
- /* 85 */
- REG_BADPAT, /* parentheses too deeply nested (stack check) */
-- REG_BADPAT /* missing digits in \x{} or \o{} */
-+ REG_BADPAT, /* missing digits in \x{} or \o{} */
-+ REG_BADPAT /* pattern too complicated */
- };
-
- /* Table of texts corresponding to POSIX error codes */
diff --git a/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch b/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch
new file mode 100644
index 0000000000..5a09b4ac52
--- /dev/null
+++ b/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch
@@ -0,0 +1,54 @@
+This patch resolves a compatibility issue when compiled against glibc
+2.25
+and run runder kernels < 3.17:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1410175
+
+Upstream bug URLs:
+
+https://bugs.python.org/issue29157
+https://bugs.python.org/issue29188
+
+Patch adapted from upstream source repository:
+
+https://github.com/python/cpython/commit/01bdbad3e951014c58581635b94b22868537901c
+
+From 01bdbad3e951014c58581635b94b22868537901c Mon Sep 17 00:00:00 2001
+From: Victor Stinner <victor.stinner@gmail.com>
+Date: Mon, 9 Jan 2017 11:10:41 +0100
+Subject: [PATCH] Don't use getentropy() on Linux
+
+Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but
+read from /dev/urandom to get random bytes, for example in os.urandom(). On
+Linux, getentropy() is implemented which getrandom() is blocking mode, whereas
+os.urandom() should not block.
+---
+ Misc/NEWS | 5 +++++
+ Python/random.c | 11 +++++++++--
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/Python/random.c b/Python/random.c
+index 57c41ffcd6..000cb36938 100644
+--- a/Python/random.c
++++ b/Python/random.c
+@@ -97,8 +97,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
+ }
+
+ /* Issue #25003: Don't use getentropy() on Solaris (available since
+- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
+-#elif defined(HAVE_GETENTROPY) && !defined(sun)
++ Solaris 11.3), it is blocking whereas os.urandom() should not block.
++
++ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24
++ implements it with the getrandom() syscall which can fail with ENOSYS,
++ and this error is not supported in py_getentropy() and getrandom() is called
++ with flags=0 which blocks until system urandom is initialized, which is not
++ the desired behaviour to seed the Python hash secret nor for os.urandom():
++ see the PEP 524 which was only implemented in Python 3.6. */
++#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux)
+ #define PY_GETENTROPY 1
+
+ /* Fill buffer with size pseudo-random bytes generated by getentropy().
+--
+2.12.0
+
diff --git a/gnu/packages/patches/python-3.4-fix-tests.patch b/gnu/packages/patches/python-3.4-fix-tests.patch
deleted file mode 100644
index d1f8138e79..0000000000
--- a/gnu/packages/patches/python-3.4-fix-tests.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- Lib/test/test_posixpath.py 2014-03-01 05:46:56.984311000 +0100
-+++ Lib/test/test_posixpath.py 2014-03-07 00:59:20.888311000 +0100
-@@ -319,7 +319,11 @@
- del env['HOME']
- home = pwd.getpwuid(os.getuid()).pw_dir
- # $HOME can end with a trailing /, so strip it (see #17809)
-- self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
-+ # The Guix builders have '/' as a home directory, so
-+ # home.rstrip("/") will be an empty string and the test will
-+ # fail. Let's just disable it since it does not really make
-+ # sense with such a bizarre setup.
-+ # self.assertEqual(posixpath.expanduser("~"), home.rstrip("/"))
diff --git a/gnu/packages/patches/python-3.5-fix-tests.patch b/gnu/packages/patches/python-3.5-fix-tests.patch
index 46d2a84efb..9778b88dbd 100644
--- a/gnu/packages/patches/python-3.5-fix-tests.patch
+++ b/gnu/packages/patches/python-3.5-fix-tests.patch
@@ -35,12 +35,35 @@ prior revisions of Python.
--- Lib/test/test_asyncio/test_base_events.py
+++ Lib/test/test_asyncio/test_base_events.py
-@@ -142,6 +142,8 @@ class BaseEventTests(test_utils.TestCase):
- (INET, STREAM, TCP, '', ('1.2.3.4', 1)),
- base_events._ipaddr_info('1.2.3.4', b'1', INET, STREAM, TCP))
-
+@@ -1216,6 +1216,8 @@
+ self._test_create_connection_ip_addr(m_socket, False)
+
+ @patch_socket
+ @unittest.skipUnless(support.is_resource_enabled('network'),
+ 'network is not enabled')
- def test_getaddrinfo_servname(self):
- INET = socket.AF_INET
- STREAM = socket.SOCK_STREAM
+ def test_create_connection_service_name(self, m_socket):
+ m_socket.getaddrinfo = socket.getaddrinfo
+ sock = m_socket.socket.return_value
+
+--- Lib/test/test_pdb.py.org 2017-03-12 03:09:01.991856701 +0100
++++ Lib/test/test_pdb.py 2017-03-12 03:26:17.742572869 +0100
+
+For some reason, KeyboardInterrupts do not work in the build
+environment (lack of controlling TTY?). Just change the expected
+outcome. Unfortunately, this will make it fail for users running
+`python -m test test_pdb test_pdb` interactively.
+
+@@ -928,11 +928,11 @@
+ > <doctest test.test_pdb.test_pdb_issue_20766[0]>(6)test_function()
+ -> print('pdb %d: %s' % (i, sess._previous_sigint_handler))
+ (Pdb) continue
+- pdb 1: <built-in function default_int_handler>
++ pdb 1: Handlers.SIG_IGN
+ > <doctest test.test_pdb.test_pdb_issue_20766[0]>(5)test_function()
+ -> sess.set_trace(sys._getframe())
+ (Pdb) continue
+- pdb 2: <built-in function default_int_handler>
++ pdb 2: Handlers.SIG_IGN
+ """
+
+ class PdbTestCase(unittest.TestCase):
diff --git a/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch b/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch
new file mode 100644
index 0000000000..8a12b5b448
--- /dev/null
+++ b/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch
@@ -0,0 +1,720 @@
+This patch resolves a compatibility issue when compiled against glibc 2.25
+and run runder kernels < 3.17:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1410175
+
+Upstream bug URL: https://bugs.python.org/issue29157
+
+Patch copied from upstream source repository:
+
+https://hg.python.org/cpython/rev/8125d9a8152b
+
+# HG changeset patch
+# User Victor Stinner <victor.stinner@gmail.com>
+# Date 1483957133 -3600
+# Node ID 8125d9a8152b79e712cb09c7094b9129b9bcea86
+# Parent 337461574c90281630751b6095c4e1baf380cf7d
+Issue #29157: Prefer getrandom() over getentropy()
+
+Copy and then adapt Python/random.c from default branch. Difference between 3.5
+and default branches:
+
+* Python 3.5 only uses getrandom() in non-blocking mode: flags=GRND_NONBLOCK
+* If getrandom() fails with EAGAIN: py_getrandom() immediately fails and
+ remembers that getrandom() doesn't work.
+* Python 3.5 has no _PyOS_URandomNonblock() function: _PyOS_URandom()
+ works in non-blocking mode on Python 3.5
+
+diff --git a/Python/random.c b/Python/random.c
+--- Python/random.c
++++ Python/random.c
+@@ -1,6 +1,9 @@
+ #include "Python.h"
+ #ifdef MS_WINDOWS
+ # include <windows.h>
++/* All sample MSDN wincrypt programs include the header below. It is at least
++ * required with Min GW. */
++# include <wincrypt.h>
+ #else
+ # include <fcntl.h>
+ # ifdef HAVE_SYS_STAT_H
+@@ -37,10 +40,9 @@ win32_urandom_init(int raise)
+ return 0;
+
+ error:
+- if (raise)
++ if (raise) {
+ PyErr_SetFromWindowsErr(0);
+- else
+- Py_FatalError("Failed to initialize Windows random API (CryptoGen)");
++ }
+ return -1;
+ }
+
+@@ -53,8 +55,9 @@ win32_urandom(unsigned char *buffer, Py_
+
+ if (hCryptProv == 0)
+ {
+- if (win32_urandom_init(raise) == -1)
++ if (win32_urandom_init(raise) == -1) {
+ return -1;
++ }
+ }
+
+ while (size > 0)
+@@ -63,11 +66,9 @@ win32_urandom(unsigned char *buffer, Py_
+ if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer))
+ {
+ /* CryptGenRandom() failed */
+- if (raise)
++ if (raise) {
+ PyErr_SetFromWindowsErr(0);
+- else
+- Py_FatalError("Failed to initialized the randomized hash "
+- "secret using CryptoGen)");
++ }
+ return -1;
+ }
+ buffer += chunk;
+@@ -76,58 +77,23 @@ win32_urandom(unsigned char *buffer, Py_
+ return 0;
+ }
+
+-/* Issue #25003: Don't use getentropy() on Solaris (available since
+- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
+-#elif defined(HAVE_GETENTROPY) && !defined(sun)
+-#define PY_GETENTROPY 1
+-
+-/* Fill buffer with size pseudo-random bytes generated by getentropy().
+- Return 0 on success, or raise an exception and return -1 on error.
+-
+- If fatal is nonzero, call Py_FatalError() instead of raising an exception
+- on error. */
+-static int
+-py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal)
+-{
+- while (size > 0) {
+- Py_ssize_t len = Py_MIN(size, 256);
+- int res;
+-
+- if (!fatal) {
+- Py_BEGIN_ALLOW_THREADS
+- res = getentropy(buffer, len);
+- Py_END_ALLOW_THREADS
+-
+- if (res < 0) {
+- PyErr_SetFromErrno(PyExc_OSError);
+- return -1;
+- }
+- }
+- else {
+- res = getentropy(buffer, len);
+- if (res < 0)
+- Py_FatalError("getentropy() failed");
+- }
+-
+- buffer += len;
+- size -= len;
+- }
+- return 0;
+-}
+-
+-#else
++#else /* !MS_WINDOWS */
+
+ #if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL)
+ #define PY_GETRANDOM 1
+
+-/* Call getrandom()
++/* Call getrandom() to get random bytes:
++
+ - Return 1 on success
+- - Return 0 if getrandom() syscall is not available (failed with ENOSYS or
+- EPERM) or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom
+- not initialized yet) and raise=0.
++ - Return 0 if getrandom() is not available (failed with ENOSYS or EPERM),
++ or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom not
++ initialized yet).
+ - Raise an exception (if raise is non-zero) and return -1 on error:
+- getrandom() failed with EINTR and the Python signal handler raised an
+- exception, or getrandom() failed with a different error. */
++ if getrandom() failed with EINTR, raise is non-zero and the Python signal
++ handler raised an exception, or if getrandom() failed with a different
++ error.
++
++ getrandom() is retried if it failed with EINTR: interrupted by a signal. */
+ static int
+ py_getrandom(void *buffer, Py_ssize_t size, int raise)
+ {
+@@ -142,16 +108,19 @@ py_getrandom(void *buffer, Py_ssize_t si
+ * see https://bugs.python.org/issue26839. To avoid this, use the
+ * GRND_NONBLOCK flag. */
+ const int flags = GRND_NONBLOCK;
++ char *dest;
+ long n;
+
+ if (!getrandom_works) {
+ return 0;
+ }
+
++ dest = buffer;
+ while (0 < size) {
+ #ifdef sun
+ /* Issue #26735: On Solaris, getrandom() is limited to returning up
+- to 1024 bytes */
++ to 1024 bytes. Call it multiple times if more bytes are
++ requested. */
+ n = Py_MIN(size, 1024);
+ #else
+ n = Py_MIN(size, LONG_MAX);
+@@ -161,34 +130,35 @@ py_getrandom(void *buffer, Py_ssize_t si
+ #ifdef HAVE_GETRANDOM
+ if (raise) {
+ Py_BEGIN_ALLOW_THREADS
+- n = getrandom(buffer, n, flags);
++ n = getrandom(dest, n, flags);
+ Py_END_ALLOW_THREADS
+ }
+ else {
+- n = getrandom(buffer, n, flags);
++ n = getrandom(dest, n, flags);
+ }
+ #else
+ /* On Linux, use the syscall() function because the GNU libc doesn't
+- * expose the Linux getrandom() syscall yet. See:
+- * https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */
++ expose the Linux getrandom() syscall yet. See:
++ https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */
+ if (raise) {
+ Py_BEGIN_ALLOW_THREADS
+- n = syscall(SYS_getrandom, buffer, n, flags);
++ n = syscall(SYS_getrandom, dest, n, flags);
+ Py_END_ALLOW_THREADS
+ }
+ else {
+- n = syscall(SYS_getrandom, buffer, n, flags);
++ n = syscall(SYS_getrandom, dest, n, flags);
+ }
+ #endif
+
+ if (n < 0) {
+- /* ENOSYS: getrandom() syscall not supported by the kernel (but
+- * maybe supported by the host which built Python). EPERM:
+- * getrandom() syscall blocked by SECCOMP or something else. */
++ /* ENOSYS: the syscall is not supported by the kernel.
++ EPERM: the syscall is blocked by a security policy (ex: SECCOMP)
++ or something else. */
+ if (errno == ENOSYS || errno == EPERM) {
+ getrandom_works = 0;
+ return 0;
+ }
++
+ if (errno == EAGAIN) {
+ /* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system
+ urandom is not initialiazed yet. In this case, fall back on
+@@ -202,32 +172,101 @@ py_getrandom(void *buffer, Py_ssize_t si
+ }
+
+ if (errno == EINTR) {
+- if (PyErr_CheckSignals()) {
+- if (!raise) {
+- Py_FatalError("getrandom() interrupted by a signal");
++ if (raise) {
++ if (PyErr_CheckSignals()) {
++ return -1;
+ }
+- return -1;
+ }
+
+- /* retry getrandom() */
++ /* retry getrandom() if it was interrupted by a signal */
+ continue;
+ }
+
+ if (raise) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ }
+- else {
+- Py_FatalError("getrandom() failed");
++ return -1;
++ }
++
++ dest += n;
++ size -= n;
++ }
++ return 1;
++}
++
++#elif defined(HAVE_GETENTROPY)
++#define PY_GETENTROPY 1
++
++/* Fill buffer with size pseudo-random bytes generated by getentropy():
++
++ - Return 1 on success
++ - Return 0 if getentropy() syscall is not available (failed with ENOSYS or
++ EPERM).
++ - Raise an exception (if raise is non-zero) and return -1 on error:
++ if getentropy() failed with EINTR, raise is non-zero and the Python signal
++ handler raised an exception, or if getentropy() failed with a different
++ error.
++
++ getentropy() is retried if it failed with EINTR: interrupted by a signal. */
++static int
++py_getentropy(char *buffer, Py_ssize_t size, int raise)
++{
++ /* Is getentropy() supported by the running kernel? Set to 0 if
++ getentropy() failed with ENOSYS or EPERM. */
++ static int getentropy_works = 1;
++
++ if (!getentropy_works) {
++ return 0;
++ }
++
++ while (size > 0) {
++ /* getentropy() is limited to returning up to 256 bytes. Call it
++ multiple times if more bytes are requested. */
++ Py_ssize_t len = Py_MIN(size, 256);
++ int res;
++
++ if (raise) {
++ Py_BEGIN_ALLOW_THREADS
++ res = getentropy(buffer, len);
++ Py_END_ALLOW_THREADS
++ }
++ else {
++ res = getentropy(buffer, len);
++ }
++
++ if (res < 0) {
++ /* ENOSYS: the syscall is not supported by the running kernel.
++ EPERM: the syscall is blocked by a security policy (ex: SECCOMP)
++ or something else. */
++ if (errno == ENOSYS || errno == EPERM) {
++ getentropy_works = 0;
++ return 0;
++ }
++
++ if (errno == EINTR) {
++ if (raise) {
++ if (PyErr_CheckSignals()) {
++ return -1;
++ }
++ }
++
++ /* retry getentropy() if it was interrupted by a signal */
++ continue;
++ }
++
++ if (raise) {
++ PyErr_SetFromErrno(PyExc_OSError);
+ }
+ return -1;
+ }
+
+- buffer += n;
+- size -= n;
++ buffer += len;
++ size -= len;
+ }
+ return 1;
+ }
+-#endif
++#endif /* defined(HAVE_GETENTROPY) && !defined(sun) */
++
+
+ static struct {
+ int fd;
+@@ -235,136 +274,123 @@ static struct {
+ ino_t st_ino;
+ } urandom_cache = { -1 };
+
++/* Read random bytes from the /dev/urandom device:
+
+-/* Read 'size' random bytes from py_getrandom(). Fall back on reading from
+- /dev/urandom if getrandom() is not available.
++ - Return 0 on success
++ - Raise an exception (if raise is non-zero) and return -1 on error
+
+- Call Py_FatalError() on error. */
+-static void
+-dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size)
++ Possible causes of errors:
++
++ - open() failed with ENOENT, ENXIO, ENODEV, EACCES: the /dev/urandom device
++ was not found. For example, it was removed manually or not exposed in a
++ chroot or container.
++ - open() failed with a different error
++ - fstat() failed
++ - read() failed or returned 0
++
++ read() is retried if it failed with EINTR: interrupted by a signal.
++
++ The file descriptor of the device is kept open between calls to avoid using
++ many file descriptors when run in parallel from multiple threads:
++ see the issue #18756.
++
++ st_dev and st_ino fields of the file descriptor (from fstat()) are cached to
++ check if the file descriptor was replaced by a different file (which is
++ likely a bug in the application): see the issue #21207.
++
++ If the file descriptor was closed or replaced, open a new file descriptor
++ but don't close the old file descriptor: it probably points to something
++ important for some third-party code. */
++static int
++dev_urandom(char *buffer, Py_ssize_t size, int raise)
+ {
+ int fd;
+ Py_ssize_t n;
+
+- assert (0 < size);
++ if (raise) {
++ struct _Py_stat_struct st;
+
+-#ifdef PY_GETRANDOM
+- if (py_getrandom(buffer, size, 0) == 1) {
+- return;
++ if (urandom_cache.fd >= 0) {
++ /* Does the fd point to the same thing as before? (issue #21207) */
++ if (_Py_fstat_noraise(urandom_cache.fd, &st)
++ || st.st_dev != urandom_cache.st_dev
++ || st.st_ino != urandom_cache.st_ino) {
++ /* Something changed: forget the cached fd (but don't close it,
++ since it probably points to something important for some
++ third-party code). */
++ urandom_cache.fd = -1;
++ }
++ }
++ if (urandom_cache.fd >= 0)
++ fd = urandom_cache.fd;
++ else {
++ fd = _Py_open("/dev/urandom", O_RDONLY);
++ if (fd < 0) {
++ if (errno == ENOENT || errno == ENXIO ||
++ errno == ENODEV || errno == EACCES) {
++ PyErr_SetString(PyExc_NotImplementedError,
++ "/dev/urandom (or equivalent) not found");
++ }
++ /* otherwise, keep the OSError exception raised by _Py_open() */
++ return -1;
++ }
++ if (urandom_cache.fd >= 0) {
++ /* urandom_fd was initialized by another thread while we were
++ not holding the GIL, keep it. */
++ close(fd);
++ fd = urandom_cache.fd;
++ }
++ else {
++ if (_Py_fstat(fd, &st)) {
++ close(fd);
++ return -1;
++ }
++ else {
++ urandom_cache.fd = fd;
++ urandom_cache.st_dev = st.st_dev;
++ urandom_cache.st_ino = st.st_ino;
++ }
++ }
++ }
++
++ do {
++ n = _Py_read(fd, buffer, (size_t)size);
++ if (n == -1)
++ return -1;
++ if (n == 0) {
++ PyErr_Format(PyExc_RuntimeError,
++ "Failed to read %zi bytes from /dev/urandom",
++ size);
++ return -1;
++ }
++
++ buffer += n;
++ size -= n;
++ } while (0 < size);
+ }
+- /* getrandom() failed with ENOSYS or EPERM,
+- fall back on reading /dev/urandom */
+-#endif
+-
+- fd = _Py_open_noraise("/dev/urandom", O_RDONLY);
+- if (fd < 0) {
+- Py_FatalError("Failed to open /dev/urandom");
+- }
+-
+- while (0 < size)
+- {
+- do {
+- n = read(fd, buffer, (size_t)size);
+- } while (n < 0 && errno == EINTR);
+-
+- if (n <= 0) {
+- /* read() failed or returned 0 bytes */
+- Py_FatalError("Failed to read bytes from /dev/urandom");
+- break;
+- }
+- buffer += n;
+- size -= n;
+- }
+- close(fd);
+-}
+-
+-/* Read 'size' random bytes from py_getrandom(). Fall back on reading from
+- /dev/urandom if getrandom() is not available.
+-
+- Return 0 on success. Raise an exception and return -1 on error. */
+-static int
+-dev_urandom_python(char *buffer, Py_ssize_t size)
+-{
+- int fd;
+- Py_ssize_t n;
+- struct _Py_stat_struct st;
+-#ifdef PY_GETRANDOM
+- int res;
+-#endif
+-
+- if (size <= 0)
+- return 0;
+-
+-#ifdef PY_GETRANDOM
+- res = py_getrandom(buffer, size, 1);
+- if (res < 0) {
+- return -1;
+- }
+- if (res == 1) {
+- return 0;
+- }
+- /* getrandom() failed with ENOSYS or EPERM,
+- fall back on reading /dev/urandom */
+-#endif
+-
+- if (urandom_cache.fd >= 0) {
+- /* Does the fd point to the same thing as before? (issue #21207) */
+- if (_Py_fstat_noraise(urandom_cache.fd, &st)
+- || st.st_dev != urandom_cache.st_dev
+- || st.st_ino != urandom_cache.st_ino) {
+- /* Something changed: forget the cached fd (but don't close it,
+- since it probably points to something important for some
+- third-party code). */
+- urandom_cache.fd = -1;
+- }
+- }
+- if (urandom_cache.fd >= 0)
+- fd = urandom_cache.fd;
+ else {
+- fd = _Py_open("/dev/urandom", O_RDONLY);
++ fd = _Py_open_noraise("/dev/urandom", O_RDONLY);
+ if (fd < 0) {
+- if (errno == ENOENT || errno == ENXIO ||
+- errno == ENODEV || errno == EACCES)
+- PyErr_SetString(PyExc_NotImplementedError,
+- "/dev/urandom (or equivalent) not found");
+- /* otherwise, keep the OSError exception raised by _Py_open() */
+ return -1;
+ }
+- if (urandom_cache.fd >= 0) {
+- /* urandom_fd was initialized by another thread while we were
+- not holding the GIL, keep it. */
+- close(fd);
+- fd = urandom_cache.fd;
+- }
+- else {
+- if (_Py_fstat(fd, &st)) {
++
++ while (0 < size)
++ {
++ do {
++ n = read(fd, buffer, (size_t)size);
++ } while (n < 0 && errno == EINTR);
++
++ if (n <= 0) {
++ /* stop on error or if read(size) returned 0 */
+ close(fd);
+ return -1;
+ }
+- else {
+- urandom_cache.fd = fd;
+- urandom_cache.st_dev = st.st_dev;
+- urandom_cache.st_ino = st.st_ino;
+- }
++
++ buffer += n;
++ size -= n;
+ }
++ close(fd);
+ }
+-
+- do {
+- n = _Py_read(fd, buffer, (size_t)size);
+- if (n == -1) {
+- return -1;
+- }
+- if (n == 0) {
+- PyErr_Format(PyExc_RuntimeError,
+- "Failed to read %zi bytes from /dev/urandom",
+- size);
+- return -1;
+- }
+-
+- buffer += n;
+- size -= n;
+- } while (0 < size);
+-
+ return 0;
+ }
+
+@@ -376,8 +402,8 @@ dev_urandom_close(void)
+ urandom_cache.fd = -1;
+ }
+ }
++#endif /* !MS_WINDOWS */
+
+-#endif
+
+ /* Fill buffer with pseudo-random bytes generated by a linear congruent
+ generator (LCG):
+@@ -400,29 +426,98 @@ lcg_urandom(unsigned int x0, unsigned ch
+ }
+ }
+
++/* Read random bytes:
++
++ - Return 0 on success
++ - Raise an exception (if raise is non-zero) and return -1 on error
++
++ Used sources of entropy ordered by preference, preferred source first:
++
++ - CryptGenRandom() on Windows
++ - getrandom() function (ex: Linux and Solaris): call py_getrandom()
++ - getentropy() function (ex: OpenBSD): call py_getentropy()
++ - /dev/urandom device
++
++ Read from the /dev/urandom device if getrandom() or getentropy() function
++ is not available or does not work.
++
++ Prefer getrandom() over getentropy() because getrandom() supports blocking
++ and non-blocking mode and Python requires non-blocking RNG at startup to
++ initialize its hash secret: see the PEP 524.
++
++ Prefer getrandom() and getentropy() over reading directly /dev/urandom
++ because these functions don't need file descriptors and so avoid ENFILE or
++ EMFILE errors (too many open files): see the issue #18756.
++
++ Only use RNG running in the kernel. They are more secure because it is
++ harder to get the internal state of a RNG running in the kernel land than a
++ RNG running in the user land. The kernel has a direct access to the hardware
++ and has access to hardware RNG, they are used as entropy sources.
++
++ Note: the OpenSSL RAND_pseudo_bytes() function does not automatically reseed
++ its RNG on fork(), two child processes (with the same pid) generate the same
++ random numbers: see issue #18747. Kernel RNGs don't have this issue,
++ they have access to good quality entropy sources.
++
++ If raise is zero:
++
++ - Don't raise an exception on error
++ - Don't call the Python signal handler (don't call PyErr_CheckSignals()) if
++ a function fails with EINTR: retry directly the interrupted function
++ - Don't release the GIL to call functions.
++*/
++static int
++pyurandom(void *buffer, Py_ssize_t size, int raise)
++{
++#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY)
++ int res;
++#endif
++
++ if (size < 0) {
++ if (raise) {
++ PyErr_Format(PyExc_ValueError,
++ "negative argument not allowed");
++ }
++ return -1;
++ }
++
++ if (size == 0) {
++ return 0;
++ }
++
++#ifdef MS_WINDOWS
++ return win32_urandom((unsigned char *)buffer, size, raise);
++#else
++
++#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY)
++#ifdef PY_GETRANDOM
++ res = py_getrandom(buffer, size, raise);
++#else
++ res = py_getentropy(buffer, size, raise);
++#endif
++ if (res < 0) {
++ return -1;
++ }
++ if (res == 1) {
++ return 0;
++ }
++ /* getrandom() or getentropy() function is not available: failed with
++ ENOSYS, EPERM or EAGAIN. Fall back on reading from /dev/urandom. */
++#endif
++
++ return dev_urandom(buffer, size, raise);
++#endif
++}
++
+ /* Fill buffer with size pseudo-random bytes from the operating system random
+ number generator (RNG). It is suitable for most cryptographic purposes
+ except long living private keys for asymmetric encryption.
+
+- Return 0 on success, raise an exception and return -1 on error. */
++ Return 0 on success. Raise an exception and return -1 on error. */
+ int
+ _PyOS_URandom(void *buffer, Py_ssize_t size)
+ {
+- if (size < 0) {
+- PyErr_Format(PyExc_ValueError,
+- "negative argument not allowed");
+- return -1;
+- }
+- if (size == 0)
+- return 0;
+-
+-#ifdef MS_WINDOWS
+- return win32_urandom((unsigned char *)buffer, size, 1);
+-#elif defined(PY_GETENTROPY)
+- return py_getentropy(buffer, size, 0);
+-#else
+- return dev_urandom_python((char*)buffer, size);
+-#endif
++ return pyurandom(buffer, size, 1);
+ }
+
+ void
+@@ -463,13 +558,14 @@ void
+ }
+ }
+ else {
+-#ifdef MS_WINDOWS
+- (void)win32_urandom(secret, secret_size, 0);
+-#elif defined(PY_GETENTROPY)
+- (void)py_getentropy(secret, secret_size, 1);
+-#else
+- dev_urandom_noraise(secret, secret_size);
+-#endif
++ int res;
++
++ /* _PyRandom_Init() is called very early in the Python initialization
++ and so exceptions cannot be used (use raise=0). */
++ res = pyurandom(secret, secret_size, 0);
++ if (res < 0) {
++ Py_FatalError("failed to get random numbers to initialize Python");
++ }
+ }
+ }
+
+@@ -481,8 +577,6 @@ void
+ CryptReleaseContext(hCryptProv, 0);
+ hCryptProv = 0;
+ }
+-#elif defined(PY_GETENTROPY)
+- /* nothing to clean */
+ #else
+ dev_urandom_close();
+ #endif
+
diff --git a/gnu/packages/patches/python-fix-tests.patch b/gnu/packages/patches/python-fix-tests.patch
index e093307c51..d8f69866fd 100644
--- a/gnu/packages/patches/python-fix-tests.patch
+++ b/gnu/packages/patches/python-fix-tests.patch
@@ -3,23 +3,22 @@ http://bugs.python.org/issue20868 .
--- Lib/test/test_shutil.py 2014-03-01 03:02:36.088311000 +0100
+++ Lib/test/test_shutil.py 2014-03-01 04:56:37.768311000 +0100
-@@ -1053,6 +1053,7 @@
+@@ -1127,6 +1127,7 @@
self.assertRaises(ValueError, make_archive, base_name, 'xxx')
-
- @requires_zlib
+
+ @support.requires_zlib
+ @unittest.skipIf(True, "getgrgid(0)[0] raises a KeyError on Guix")
def test_make_archive_owner_group(self):
# testing make_archive with owner and group, with various combinations
# this works even if there's not gid/uid support
-@@ -1081,6 +1082,7 @@
-
-
- @requires_zlib
+@@ -1155,6 +1156,7 @@
+
+
+ @support.requires_zlib
+ @unittest.skipIf(True, "getgrgid(0)[0] raises a KeyError on Guix")
@unittest.skipUnless(UID_GID_SUPPORT, "Requires grp and pwd support")
def test_tarfile_root_owner(self):
- tmpdir, tmpdir2, base_name = self._create_files()
-
+ root_dir, base_dir = self._create_files()
--- Lib/test/test_socket.py.orig 2014-03-02 22:14:12.264311000 +0100
+++ Lib/test/test_socket.py 2014-03-21 03:50:45.660311000 +0100
@@ -819,6 +819,8 @@
diff --git a/gnu/packages/patches/sed-hurd-path-max.patch b/gnu/packages/patches/sed-hurd-path-max.patch
deleted file mode 100644
index 5226cba4cb..0000000000
--- a/gnu/packages/patches/sed-hurd-path-max.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-7bb8d35d0330161a5af5341471d0c183a067e8c2
-Author: Jose E. Marchesi <jemarch@gnu.org>
-Date: Sun Oct 6 14:43:38 2013 +0200
-
- Set PATH_MAX to some constant in case it is not defined in system
- headers.
-
- 2013-10-06 Jose E. Marchesi <jemarch@gnu.org>
-
- * basicdefs.h (PATH_MAX): Defined to some constant in case it is
- not defined by system headers.
- * sed/utils.c: Do not include pathmax.h anymore.
- * bootstrap.conf (gnulib_modules): Do not use the gnulib module
- pathmax.
-
-diff --git a/basicdefs.h b/basicdefs.h
-index 0d28a97..09f5beb 100644
---- a/basicdefs.h
-+++ b/basicdefs.h
-@@ -40,6 +41,13 @@ typedef unsigned long countT;
- #define obstack_chunk_alloc ck_malloc
- #define obstack_chunk_free free
-
-+/* MAX_PATH is not defined in some platforms, most notably GNU/Hurd.
-+ In that case we define it here to some constant. Note however that
-+ this relies in the fact that sed does reallocation if a buffer
-+ needs to be larger than PATH_MAX. */
-+#ifndef PATH_MAX
-+# define PATH_MAX 200
-+#endif
-
- /* handle misdesigned <ctype.h> macros (snarfed from lib/regex.c) */
- /* Jim Meyering writes:
-
diff --git a/gnu/packages/patches/tar-CVE-2016-6321.patch b/gnu/packages/patches/tar-CVE-2016-6321.patch
new file mode 100644
index 0000000000..b79be9bc94
--- /dev/null
+++ b/gnu/packages/patches/tar-CVE-2016-6321.patch
@@ -0,0 +1,51 @@
+Fix CVE-2016-6321:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321
+https://security-tracker.debian.org/tracker/CVE-2016-6321
+
+Patch adapted from upstream source repository (the changes to 'NEWS'
+don't apply to the Tar 1.29 release tarball).
+
+http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
+
+From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
+Date: Sat, 29 Oct 2016 21:04:40 -0700
+Subject: [PATCH] When extracting, skip ".." members
+
+* NEWS: Document this.
+* src/extract.c (extract_archive): Skip members whose names
+contain "..".
+---
+ NEWS | 8 +++++++-
+ src/extract.c | 8 ++++++++
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/src/extract.c b/src/extract.c
+index f982433..7904148 100644
+--- a/src/extract.c
++++ b/src/extract.c
+@@ -1629,12 +1629,20 @@ extract_archive (void)
+ {
+ char typeflag;
+ tar_extractor_t fun;
++ bool skip_dotdot_name;
+
+ fatal_exit_hook = extract_finish;
+
+ set_next_block_after (current_header);
+
++ skip_dotdot_name = (!absolute_names_option
++ && contains_dot_dot (current_stat_info.orig_file_name));
++ if (skip_dotdot_name)
++ ERROR ((0, 0, _("%s: Member name contains '..'"),
++ quotearg_colon (current_stat_info.orig_file_name)));
++
+ if (!current_stat_info.file_name[0]
++ || skip_dotdot_name
+ || (interactive_option
+ && !confirm ("extract", current_stat_info.file_name)))
+ {
+--
+2.11.0
+
diff --git a/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch b/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch
deleted file mode 100644
index 1426883216..0000000000
--- a/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Do not define BSDWAIT to avoid error "storage size of ‘w’ isn’t known".
-
-This is an adapted version of the upstream patch taken from here:
-https://github.com/tcsh-org/tcsh/commit/4689eb60a74bf13bc146ca3d76e9d7a124ab7b49.patch
-
-From 4689eb60a74bf13bc146ca3d76e9d7a124ab7b49 Mon Sep 17 00:00:00 2001
-From: christos <christos>
-Date: Fri, 23 Sep 2016 19:17:28 +0000
-Subject: [PATCH] Don't define BSDWAIT for linux anymore.
-
----
- sh.proc.c | 8 +++-----
- 1 file changed, 3 insertions(+), 5 deletions(-)
-
-diff --git a/sh.proc.c b/sh.proc.c
-index 49b199f..874d67c 100644
---- sh.proc.c
-+++ sh.proc.c
-@@ -47,11 +47,9 @@ RCSID("$tcsh$")
- # define HZ 16
- #endif /* aiws */
-
--#if defined(_BSD) || (defined(IRIS4D) && __STDC__) || defined(__lucid) || defined(__linux__) || defined(__GNU__) || defined(__GLIBC__)
--# if !defined(__ANDROID__)
--# define BSDWAIT
--# endif
--#endif /* _BSD || (IRIS4D && __STDC__) || __lucid || glibc */
-+#if defined(_BSD) || (defined(IRIS4D) && __STDC__) || defined(__lucid)
-+# define BSDWAIT
-+#endif /* _BSD || (IRIS4D && __STDC__) || __lucid */
- #ifndef WTERMSIG
- # define WTERMSIG(w) (((union wait *) &(w))->w_termsig)
- # ifndef BSDWAIT
diff --git a/gnu/packages/patches/tcsh-fix-autotest.patch b/gnu/packages/patches/tcsh-fix-autotest.patch
index a16980161c..78444a1b2a 100644
--- a/gnu/packages/patches/tcsh-fix-autotest.patch
+++ b/gnu/packages/patches/tcsh-fix-autotest.patch
@@ -1,6 +1,6 @@
---- tests/commands.at 2011-01-22 01:04:02.000000000 +0100
-+++ tests/commands.at 2013-02-04 10:57:24.000000000 +0100
-@@ -919,26 +919,27 @@
+--- tests/commands.at
++++ tests/commands.at
+@@ -921,26 +921,27 @@ AT_CLEANUP
TCSH_UNTESTED([notify])
@@ -48,27 +48,9 @@
AT_SETUP([popd])
-@@ -1203,11 +1204,12 @@
- AT_DATA([script.csh],
- [[set var=$1
- ]])
--AT_CHECK([[tcsh -f -c 'source -h script.csh foo; history' \
-- | sed 's/ [^ ]* / TIME /']], ,
--[ 1 TIME source -h script.csh foo ; history
-- 2 TIME set var=$1
--])
-+# XXX: Not sure why this fails. The output is : "1 TIME set var=$1"
-+#AT_CHECK([[tcsh -f -c 'source -h script.csh foo; history' \
-+# | sed 's/ [^ ]* / TIME /']], ,
-+#[ 1 TIME source -h script.csh foo ; history
-+# 2 TIME set var=$1
-+#])
-
- AT_CHECK([tcsh -f -c 'source -h script.csh foo; echo $var'], 1, [],
- [var: Undefined variable.
---- tests/lexical.at 2011-12-27 22:50:52.000000000 +0100
-+++ tests/lexical.at 2013-02-04 10:53:21.000000000 +0100
-@@ -33,9 +33,9 @@
+--- tests/lexical.at
++++ tests/lexical.at
+@@ -35,9 +35,9 @@ AT_CHECK([if [ ! -t 0 ]; then exit 77; fi],, [Skipping comment tests])
AT_CHECK([echo 'echo OK@%:@comment' | tcsh -f], , [OK
])
@@ -81,9 +63,33 @@
AT_DATA([comment2.csh],
[[echo testing...@%:@\
---- tests/subst.at 2011-12-27 22:50:52.000000000 +0100
-+++ tests/subst.at 2013-02-01 08:14:25.000000000 +0100
-@@ -54,7 +54,7 @@
+@@ -567,10 +567,10 @@ run=3
+# Adapt to changes in sed 4.3:
+# https://github.com/tcsh-org/tcsh/commit/2ad4fc1705893207598ed5cd21713ddf3f17bba0
+ ]])
+ AT_DATA([uniformity_test.csh],
+ [[
+-set SERVICE_NAME_LOG = `cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[:blank:]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g'`
++set SERVICE_NAME_LOG = `cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[[:blank:]]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g'`
+ echo -n "$SERVICE_NAME_LOG" > ./output1
+
+-cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[:blank:]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g' > ./output2
++cat batchsystem.properties | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[[:blank:]]*\([^$]*\)$/\1/p' | perl -pe 's/\s//g' | perl -pe 's/\)/\\\)/g' | perl -pe 's/\(/\\\(/g' > ./output2
+
+ diff -uprN ./output1 ./output2 >& /dev/null
+
+@@ -587,7 +587,7 @@ AT_DATA([quoting_result_test.csh],
+ echo "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP\)(HOST=db\)(PORT=1521\)\)(CONNECT_DATA=(SERVER=DEDICATED\)(SERVICE_NAME=bns03\)\)\)" > ./expected_result
+
+ set string = "jdbc_url=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=db)(PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=bns03)))"
+-set SERVICE_NAME_LOG = `echo "$string" | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[:blank:]*\([^$]*\)$/\1/p' | perl -pe 's/\)/\\\)/g'`
++set SERVICE_NAME_LOG = `echo "$string" | grep '^jdbc_url' | sed -ne 's/^[^=]*=[^@]*@[[:blank:]]*\([^$]*\)$/\1/p' | perl -pe 's/\)/\\\)/g'`
+
+ echo "$SERVICE_NAME_LOG" > ./actual_result
+
+--- tests/subst.at
++++ tests/subst.at
+@@ -54,7 +54,7 @@ AT_CHECK([echo 'echo ~; echo "$HOME"' | tcsh -f | uniq | wc -l | tr -d ' \t'],
, [1
])
@@ -92,39 +98,9 @@
| wc -l | tr -d ' \t'], , [1
])
---- tests/variables.at 2011-12-27 22:50:52.000000000 +0100
-+++ tests/variables.at 2013-02-04 11:40:35.000000000 +0100
-@@ -317,17 +317,18 @@
- AT_CLEANUP
-
-
--AT_SETUP([$ edit])
--
--AT_CHECK([TERM=something tcsh -f -c 'echo $?edit'], ,
--[1
--])
--
--AT_CHECK([TERM=dumb tcsh -f -c 'echo $?edit'], ,
--[0
--])
--
--AT_CLEANUP
-+# XXX
-+#AT_SETUP([$ edit])
-+#
-+#AT_CHECK([TERM=something tcsh -f -c 'echo $?edit'], ,
-+#[1
-+#])
-+#
-+#AT_CHECK([TERM=dumb tcsh -f -c 'echo $?edit'], ,
-+#[0
-+#])
-+#
-+#AT_CLEANUP
-
-
- AT_SETUP([$ ellipsis])
-@@ -642,7 +643,8 @@
+--- tests/variables.at
++++ tests/variables.at
+@@ -666,7 +666,8 @@ set listflags=(-xA $cwd/args.sh)
ls-F -something .
]])
AT_DATA([args.sh],
@@ -134,7 +110,22 @@
]])
chmod a+x args.sh
AT_CHECK([tcsh -f listflags.csh], ,
-@@ -695,55 +697,57 @@
+@@ -704,9 +705,9 @@ AT_CHECK([tcsh -f mail.csh], ,
+# This test fails by trying to change to the build user's home
+# directory, which does not exist.
+ AT_CLEANUP
+
+
+-AT_SETUP([$ cdtohome])
+-AT_CHECK([tcsh -f -c 'cd'], 0)
+-AT_CLEANUP
++#AT_SETUP([$ cdtohome])
++#AT_CHECK([tcsh -f -c 'cd'], 0)
++#AT_CLEANUP
+ AT_SETUP([$ noimplicithome])
+ AT_CHECK([tcsh -f -c 'unset cdtohome; cd'], 1, , [cd: Too few arguments.
+ ])
+@@ -728,55 +729,57 @@ TCSH_UNTESTED([$ oid])
AT_SETUP([$ owd])
AT_DATA([owd.csh],
diff --git a/gnu/packages/patches/xcb-proto-python3-print.patch b/gnu/packages/patches/xcb-proto-python3-print.patch
new file mode 100644
index 0000000000..7d5dc9bc27
--- /dev/null
+++ b/gnu/packages/patches/xcb-proto-python3-print.patch
@@ -0,0 +1,75 @@
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xcb/proto/commit/?id=bea5e1c85bdc0950913790364e18228f20395a3d
+
+From bea5e1c85bdc0950913790364e18228f20395a3d Mon Sep 17 00:00:00 2001
+From: Thomas Klausner <wiz@NetBSD.org>
+Date: Thu, 19 May 2016 17:30:05 +0200
+Subject: [PATCH] print() is a function and needs parentheses.
+
+Fixes build with python-3.x.
+
+Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
+Signed-off-by: Uli Schlachter <psychon@znc.in>
+---
+ xcbgen/xtypes.py | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/xcbgen/xtypes.py b/xcbgen/xtypes.py
+index c3b5758..b83b119 100644
+--- a/xcbgen/xtypes.py
++++ b/xcbgen/xtypes.py
+@@ -501,7 +501,7 @@ class ComplexType(Type):
+ int(required_start_align_element.get('align', "4"), 0),
+ int(required_start_align_element.get('offset', "0"), 0))
+ if verbose_align_log:
+- print "Explicit start-align for %s: %s\n" % (self, self.required_start_align)
++ print ("Explicit start-align for %s: %s\n" % (self, self.required_start_align))
+
+ def resolve(self, module):
+ if self.resolved:
+@@ -592,7 +592,7 @@ class ComplexType(Type):
+ if verbose_align_log:
+ print ("calc_required_start_align: %s has start-align %s"
+ % (str(self), str(self.required_start_align)))
+- print "Details:\n" + str(log)
++ print ("Details:\n" + str(log))
+ if self.required_start_align.offset != 0:
+ print (("WARNING: %s\n\thas start-align with non-zero offset: %s"
+ + "\n\tsuggest to add explicit definition with:"
+@@ -619,12 +619,12 @@ class ComplexType(Type):
+ for offset in range(0,align):
+ align_candidate = Alignment(align, offset)
+ if verbose_align_log:
+- print "trying %s for %s" % (str(align_candidate), str(self))
++ print ("trying %s for %s" % (str(align_candidate), str(self)))
+ my_log = AlignmentLog()
+ if self.is_possible_start_align(align_candidate, callstack, my_log):
+ log.append(my_log)
+ if verbose_align_log:
+- print "found start-align %s for %s" % (str(align_candidate), str(self))
++ print ("found start-align %s for %s" % (str(align_candidate), str(self)))
+ return align_candidate
+ else:
+ my_ok_count = my_log.ok_count()
+@@ -641,7 +641,7 @@ class ComplexType(Type):
+ # none of the candidates applies
+ # this type has illegal internal aligns for all possible start_aligns
+ if verbose_align_log:
+- print "didn't find start-align for %s" % str(self)
++ print ("didn't find start-align for %s" % str(self))
+ log.append(best_log)
+ return None
+
+@@ -900,7 +900,7 @@ class SwitchType(ComplexType):
+ # aux function for unchecked_get_alignment_after
+ def get_align_for_selected_case_field(self, case_field, start_align, callstack, log):
+ if verbose_align_log:
+- print "get_align_for_selected_case_field: %s, case_field = %s" % (str(self), str(case_field))
++ print ("get_align_for_selected_case_field: %s, case_field = %s" % (str(self), str(case_field)))
+ total_align = start_align
+ for field in self.bitcases:
+ my_callstack = callstack[:]
+--
+2.11.1
+
diff --git a/gnu/packages/patches/xcb-proto-python3-whitespace.patch b/gnu/packages/patches/xcb-proto-python3-whitespace.patch
new file mode 100644
index 0000000000..f0509138b2
--- /dev/null
+++ b/gnu/packages/patches/xcb-proto-python3-whitespace.patch
@@ -0,0 +1,217 @@
+Fixes compatibility issue with python > 3.5.
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xcb/proto/commit/?id=ea7a3ac6c658164690e0febb55f4467cb9e0bcac
+
+From ea7a3ac6c658164690e0febb55f4467cb9e0bcac Mon Sep 17 00:00:00 2001
+From: Thomas Klausner <wiz@NetBSD.org>
+Date: Thu, 19 May 2016 17:30:04 +0200
+Subject: [PATCH] Make whitespace use consistent.
+
+At least python-3.5.x complains about this forcefully.
+
+Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
+Signed-off-by: Uli Schlachter <psychon@znc.in>
+---
+ xcbgen/align.py | 96 ++++++++++++++++++++++++++++-----------------------------
+ 1 file changed, 48 insertions(+), 48 deletions(-)
+
+diff --git a/xcbgen/align.py b/xcbgen/align.py
+index 5e31838..d4c12ee 100644
+--- a/xcbgen/align.py
++++ b/xcbgen/align.py
+@@ -16,12 +16,12 @@ class Alignment(object):
+ return self.align == other.align and self.offset == other.offset
+
+ def __str__(self):
+- return "(align=%d, offset=%d)" % (self.align, self.offset)
++ return "(align=%d, offset=%d)" % (self.align, self.offset)
+
+ @staticmethod
+ def for_primitive_type(size):
+- # compute the required start_alignment based on the size of the type
+- if size % 8 == 0:
++ # compute the required start_alignment based on the size of the type
++ if size % 8 == 0:
+ # do 8-byte primitives require 8-byte alignment in X11?
+ return Alignment(8,0)
+ elif size % 4 == 0:
+@@ -33,7 +33,7 @@ class Alignment(object):
+
+
+ def align_after_fixed_size(self, size):
+- new_offset = (self.offset + size) % self.align
++ new_offset = (self.offset + size) % self.align
+ return Alignment(self.align, new_offset)
+
+
+@@ -41,7 +41,7 @@ class Alignment(object):
+ '''
+ Assuming the given external_align, checks whether
+ self is fulfilled for all cases.
+- Returns True if yes, False otherwise.
++ Returns True if yes, False otherwise.
+ '''
+ if self.align == 1 and self.offset == 0:
+ # alignment 1 with offset 0 is always fulfilled
+@@ -55,9 +55,9 @@ class Alignment(object):
+ # the external align guarantees less alignment -> not guaranteed
+ return False
+
+- if external_align.align % self.align != 0:
++ if external_align.align % self.align != 0:
+ # the external align cannot be divided by our align
+- # -> not guaranteed
++ # -> not guaranteed
+ # (this can only happen if there are alignments that are not
+ # a power of 2, which is highly discouraged. But better be
+ # safe and check for it)
+@@ -72,7 +72,7 @@ class Alignment(object):
+
+ def combine_with(self, other):
+ # returns the alignment that is guaranteed when
+- # both, self or other, can happen
++ # both, self or other, can happen
+ new_align = gcd(self.align, other.align)
+ new_offset_candidate1 = self.offset % new_align
+ new_offset_candidate2 = other.offset % new_align
+@@ -83,8 +83,8 @@ class Alignment(object):
+ new_align = gcd(new_align, offset_diff)
+ new_offset_candidate1 = self.offset % new_align
+ new_offset_candidate2 = other.offset % new_align
+- assert new_offset_candidate1 == new_offset_candidate2
+- new_offset = new_offset_candidate1
++ assert new_offset_candidate1 == new_offset_candidate2
++ new_offset = new_offset_candidate1
+ # return the result
+ return Alignment(new_align, new_offset)
+
+@@ -92,44 +92,44 @@ class Alignment(object):
+ class AlignmentLog(object):
+
+ def __init__(self):
+- self.ok_list = []
+- self.fail_list = []
+- self.verbosity = 1
++ self.ok_list = []
++ self.fail_list = []
++ self.verbosity = 1
+
+ def __str__(self):
+- result = ""
++ result = ""
+
+- # output the OK-list
+- for (align_before, field_name, type_obj, callstack, align_after) in self.ok_list:
+- stacksize = len(callstack)
++ # output the OK-list
++ for (align_before, field_name, type_obj, callstack, align_after) in self.ok_list:
++ stacksize = len(callstack)
+ indent = ' ' * stacksize
+- if self.ok_callstack_is_relevant(callstack):
++ if self.ok_callstack_is_relevant(callstack):
+ if field_name is None or field_name == "":
+- result += (" %sok: %s:\n\t%sbefore: %s, after: %s\n"
+- % (indent, str(type_obj), indent, str(align_before), str(align_after)))
+- else:
+- result += (" %sok: field \"%s\" in %s:\n\t%sbefore: %s, after: %s\n"
+- % (indent, str(field_name), str(type_obj),
+- indent, str(align_before), str(align_after)))
++ result += (" %sok: %s:\n\t%sbefore: %s, after: %s\n"
++ % (indent, str(type_obj), indent, str(align_before), str(align_after)))
++ else:
++ result += (" %sok: field \"%s\" in %s:\n\t%sbefore: %s, after: %s\n"
++ % (indent, str(field_name), str(type_obj),
++ indent, str(align_before), str(align_after)))
+ if self.verbosity >= 1:
+- result += self.callstack_to_str(indent, callstack)
++ result += self.callstack_to_str(indent, callstack)
+
+- # output the fail-list
+- for (align_before, field_name, type_obj, callstack, reason) in self.fail_list:
+- stacksize = len(callstack)
++ # output the fail-list
++ for (align_before, field_name, type_obj, callstack, reason) in self.fail_list:
++ stacksize = len(callstack)
+ indent = ' ' * stacksize
+- if field_name is None or field_name == "":
+- result += (" %sfail: align %s is incompatible with\n\t%s%s\n\t%sReason: %s\n"
+- % (indent, str(align_before), indent, str(type_obj), indent, reason))
+- else:
+- result += (" %sfail: align %s is incompatible with\n\t%sfield \"%s\" in %s\n\t%sReason: %s\n"
+- % (indent, str(align_before), indent, str(field_name), str(type_obj), indent, reason))
++ if field_name is None or field_name == "":
++ result += (" %sfail: align %s is incompatible with\n\t%s%s\n\t%sReason: %s\n"
++ % (indent, str(align_before), indent, str(type_obj), indent, reason))
++ else:
++ result += (" %sfail: align %s is incompatible with\n\t%sfield \"%s\" in %s\n\t%sReason: %s\n"
++ % (indent, str(align_before), indent, str(field_name), str(type_obj), indent, reason))
+
+ if self.verbosity >= 1:
+- result += self.callstack_to_str(indent, callstack)
++ result += self.callstack_to_str(indent, callstack)
+
+
+- return result
++ return result
+
+
+ def callstack_to_str(self, indent, callstack):
+@@ -137,41 +137,41 @@ class AlignmentLog(object):
+ for stack_elem in callstack:
+ result += "\t %s%s\n" % (indent, str(stack_elem))
+ result += "\t%s]\n" % indent
+- return result
++ return result
+
+
+ def ok_callstack_is_relevant(self, ok_callstack):
+ # determine whether an ok callstack is relevant for logging
+- if self.verbosity >= 2:
+- return True
++ if self.verbosity >= 2:
++ return True
+
+ # empty callstacks are always relevant
+- if len(ok_callstack) == 0:
++ if len(ok_callstack) == 0:
+ return True
+
+- # check whether the ok_callstack is a subset or equal to a fail_callstack
++ # check whether the ok_callstack is a subset or equal to a fail_callstack
+ for (align_before, field_name, type_obj, fail_callstack, reason) in self.fail_list:
+ if len(ok_callstack) <= len(fail_callstack):
+ zipped = zip(ok_callstack, fail_callstack[:len(ok_callstack)])
+- is_subset = all([i == j for i, j in zipped])
+- if is_subset:
++ is_subset = all([i == j for i, j in zipped])
++ if is_subset:
+ return True
+
+ return False
+
+
+ def ok(self, align_before, field_name, type_obj, callstack, align_after):
+- self.ok_list.append((align_before, field_name, type_obj, callstack, align_after))
++ self.ok_list.append((align_before, field_name, type_obj, callstack, align_after))
+
+ def fail(self, align_before, field_name, type_obj, callstack, reason):
+- self.fail_list.append((align_before, field_name, type_obj, callstack, reason))
++ self.fail_list.append((align_before, field_name, type_obj, callstack, reason))
+
+ def append(self, other):
+- self.ok_list.extend(other.ok_list)
+- self.fail_list.extend(other.fail_list)
++ self.ok_list.extend(other.ok_list)
++ self.fail_list.extend(other.fail_list)
+
+ def ok_count(self):
+- return len(self.ok_list)
++ return len(self.ok_list)
+
+
+
+--
+2.11.1
+
diff --git a/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch b/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch
new file mode 100644
index 0000000000..dc594bdccb
--- /dev/null
+++ b/gnu/packages/patches/xf86-input-wacom-xorg-abi-25.patch
@@ -0,0 +1,46 @@
+Resolves a test compatibility issue with xorg >= 1.19.
+
+Upstream bug report:
+
+https://sourceforge.net/p/linuxwacom/bugs/329/
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/linuxwacom/xf86-input-wacom/ci/f0dedf7a610ac97bc45738492b98ce4f1e0514ec/
+
+From f0dedf7a610ac97bc45738492b98ce4f1e0514ec Mon Sep 17 00:00:00 2001
+From: Jason Gerecke <killertofu@gmail.com>
+Date: Wed, 18 Jan 2017 09:00:10 -0800
+Subject: [PATCH] tests: Fix compilation under ABI 25 and greater
+
+diff --git a/test/fake-symbols.c b/test/fake-symbols.c
+index 6f2c10a..e649fb9 100644
+--- a/test/fake-symbols.c
++++ b/test/fake-symbols.c
+@@ -493,6 +493,7 @@ void TimerFree(OsTimerPtr timer)
+ {
+ }
+
++#if GET_ABI_MAJOR(ABI_XINPUT_VERSION) < 24
+ int
+ xf86BlockSIGIO (void)
+ {
+@@ -503,6 +504,15 @@ void
+ xf86UnblockSIGIO (int wasset)
+ {
+ }
++#else
++void input_lock (void)
++{
++}
++
++void input_unlock (void)
++{
++}
++#endif
+
+ /* This is not the same as the X server one, but it'll do for the tests */
+ #if GET_ABI_MAJOR(ABI_XINPUT_VERSION) >= 14
+--
+2.11.1
+
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 8b92e47a4d..011a30dd38 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -32,7 +32,7 @@
(define-public pcre
(package
(name "pcre")
- (version "8.38")
+ (version "8.40")
(source (origin
(method url-fetch)
(uri (list
@@ -43,8 +43,7 @@
version "/pcre-" version ".tar.bz2")))
(sha256
(base32
- "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r"))
- (patches (list (search-patch "pcre-CVE-2016-3191.patch")))))
+ "1x7lpjn7jhk0n3sdvggxrlrhab8kkfjwl7qix0ypw9nlx8lpmqh0"))))
(build-system gnu-build-system)
(outputs '("out" ;library & headers
"bin" ;depends on Readline (adds 20MiB to the closure)
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 873100cd78..ef63f58f64 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -74,14 +74,14 @@
(define-public poppler
(package
(name "poppler")
- (version "0.50.0")
+ (version "0.52.0")
(source (origin
(method url-fetch)
(uri (string-append "https://poppler.freedesktop.org/poppler-"
version ".tar.xz"))
(sha256
(base32
- "0dmwnh59m75vhii6dw63x8l0qa0ha733pb8bdqzr7lw9nwc37jf9"))))
+ "14hrrac2f1phi5j0qn283457w06vsp9gr075yqjrm7w370bnd2sj"))))
(build-system gnu-build-system)
;; FIXME:
;; use libcurl: no
@@ -482,7 +482,6 @@ extracting content or merging files.")
(define-public mupdf
(package
(name "mupdf")
- (replacement mupdf/fixed)
(version "1.10a")
(source
(origin
@@ -492,7 +491,9 @@ extracting content or merging files.")
(sha256
(base32
"0dm8wcs8i29aibzkqkrn8kcnk4q0kd1v66pg48h5c3qqp4v1zk5a"))
- (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"))
+ (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
+ "mupdf-mujs-CVE-2016-10132.patch"
+ "mupdf-mujs-CVE-2016-10133.patch"))
(modules '((guix build utils)))
(snippet
;; Delete all the bundled libraries except for mujs, which is
@@ -541,20 +542,6 @@ line tools for batch rendering (pdfdraw), rewriting files (pdfclean),
and examining the file structure (pdfshow).")
(license license:agpl3+)))
-(define mupdf/fixed
- (package
- (inherit mupdf)
- (source
- (origin
- (inherit (package-source mupdf))
- (patches
- (append
- (origin-patches (package-source mupdf))
- (search-patches "mupdf-mujs-CVE-2016-10132.patch"
- "mupdf-mujs-CVE-2016-10133.patch"
- "mupdf-CVE-2017-5896.patch"
- "mupdf-CVE-2017-5991.patch")))))))
-
(define-public qpdf
(package
(name "qpdf")
diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm
index a84ff43d77..0dfee36c1b 100644
--- a/gnu/packages/php.scm
+++ b/gnu/packages/php.scm
@@ -50,21 +50,10 @@
#:use-module (guix build-system gnu)
#:use-module ((guix licenses) #:prefix license:))
-;; This fixes PHP bugs 73155 and 73159. Remove when gd
-;; is updated to > 2.2.3.
-(define gd-for-php
- (package (inherit gd)
- (source
- (origin
- (inherit (package-source gd))
- (patches (search-patches
- "gd-fix-truecolor-format-correction.patch"
- "gd-fix-chunk-size-on-boundaries.patch"))))))
-
(define-public php
(package
(name "php")
- (version "7.0.14")
+ (version "7.1.2")
(home-page "https://secure.php.net/")
(source (origin
(method url-fetch)
@@ -72,7 +61,7 @@
name "-" version ".tar.xz"))
(sha256
(base32
- "12ccgbrfchgvmcfb88rcknq7xmrf19c5ysdr4v8jxk51j9izy78g"))
+ "0wg9ng230w724rpwsrhcg4pw41xm1xhz0zx76haanyymkz1s05fq"))
(modules '((guix build utils)))
(snippet
'(with-directory-excursion "ext"
@@ -179,6 +168,13 @@
"ext/standard/tests/general_functions/bug44667.phpt"
"ext/standard/tests/general_functions/proc_open.phpt")
(("/bin/cat") (which "cat")))
+
+ ;; These tests fail because they include a file whose modification
+ ;; time is 0. Touch them to make the test pass. The issue is reported
+ ;; upstream as #74137.
+ (utime "sapi/phpdbg/tests/include.inc" 1 1)
+ (utime "sapi/phpdbg/tests/phpdbg_get_executable_stream_wrapper.inc" 1 1)
+
;; The encoding of this file is not recognized, so we simply drop it.
(delete-file "ext/mbstring/tests/mb_send_mail07.phpt")
@@ -257,8 +253,10 @@
;; The test expects an Array, but instead get the contents(?).
"ext/gd/tests/bug43073.phpt"
;; imagettftext() returns wrong coordinates.
+ "ext/gd/tests/bug48732-mb.phpt"
"ext/gd/tests/bug48732.phpt"
;; Similarly for imageftbbox().
+ "ext/gd/tests/bug48801-mb.phpt"
"ext/gd/tests/bug48801.phpt"
;; Different expected output from imagecolorallocate().
"ext/gd/tests/bug53504.phpt"
@@ -291,10 +289,11 @@
("curl" ,curl)
("cyrus-sasl" ,cyrus-sasl)
("freetype" ,freetype)
- ("gd" ,gd-for-php)
+ ("gd" ,gd)
("gdbm" ,gdbm)
("glibc" ,glibc)
("gmp" ,gmp)
+ ("gnutls" ,gnutls)
("libgcrypt" ,libgcrypt)
("libjpeg" ,libjpeg)
("libpng" ,libpng)
@@ -309,7 +308,7 @@
("pcre" ,pcre)
("postgresql" ,postgresql)
("readline" ,readline)
- ("sqlite" ,sqlite-3.15.1)
+ ("sqlite" ,sqlite)
("tidy" ,tidy)
("zip" ,zip)
("zlib" ,zlib)))
diff --git a/gnu/packages/pkg-config.scm b/gnu/packages/pkg-config.scm
index d7cc454e03..01069d27a5 100644
--- a/gnu/packages/pkg-config.scm
+++ b/gnu/packages/pkg-config.scm
@@ -30,7 +30,7 @@
(define-public %pkg-config
(package
(name "pkg-config")
- (version "0.29")
+ (version "0.29.1")
(source (origin
(method url-fetch)
(uri (list
@@ -46,14 +46,14 @@
version ".tar.gz")))
(sha256
(base32
- "0sq09a39wj4cxf8l2jvkq067g08ywfma4v6nhprnf351s82pfl68"))))
+ "00dh1jn8rbppmgbhhgqhmbh3c58b0gccy39rsjdlcma50sg3rd5y"))))
(build-system gnu-build-system)
(arguments `(#:configure-flags '("--with-internal-glib")))
(native-search-paths
(list (search-path-specification
(variable "PKG_CONFIG_PATH")
(files '("lib/pkgconfig" "lib64/pkgconfig" "share/pkgconfig")))))
- (home-page "http://www.freedesktop.org/wiki/Software/pkg-config")
+ (home-page "https://www.freedesktop.org/wiki/Software/pkg-config")
(license gpl2+)
(synopsis "Helper tool used when compiling applications and libraries")
(description
diff --git a/gnu/packages/pth.scm b/gnu/packages/pth.scm
index 50385b14f8..ed6637b330 100644
--- a/gnu/packages/pth.scm
+++ b/gnu/packages/pth.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -37,8 +38,13 @@
"0ckjqw5kz5m30srqi87idj7xhpw6bpki43mj07bazjm2qmh3cdbj"))))
(build-system gnu-build-system)
(arguments
- '(#:parallel-build? #f))
- (home-page "http://www.gnu.org/software/pth")
+ `(#:parallel-build? #f
+ #:configure-flags (list
+ ,@(if (string=? "aarch64-linux"
+ (%current-system))
+ '("--host=aarch64-unknown-linux-gnu")
+ '()))))
+ (home-page "https://www.gnu.org/software/pth")
(synopsis "Portable thread library")
(description
"GNU Pth is a portable library providing non-preemptive, priority-based
diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm
index 9a22b38ec2..a12f8d8494 100644
--- a/gnu/packages/pulseaudio.scm
+++ b/gnu/packages/pulseaudio.scm
@@ -42,14 +42,14 @@
(define-public libsndfile
(package
(name "libsndfile")
- (version "1.0.26")
+ (version "1.0.27")
(source (origin
(method url-fetch)
(uri (string-append "http://www.mega-nerd.com/libsndfile/files/libsndfile-"
version ".tar.gz"))
(sha256
(base32
- "14jhla289cj45946h0hq2an0a9g4wkwb3v4571bla6ixfvn20rfd"))))
+ "1h7s61nhf7vklh9sdsbbqzb6x287q4x4j1jc5gmjragl4wprb4d3"))))
(build-system gnu-build-system)
(inputs
`(("libvorbis" ,libvorbis)
@@ -113,7 +113,7 @@ rates.")
(define-public pulseaudio
(package
(name "pulseaudio")
- (version "9.0")
+ (version "10.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -121,7 +121,7 @@ rates.")
name "-" version ".tar.xz"))
(sha256
(base32
- "11j682g2mn723sz3bh4i44ggq29z053zcggy0glzn63zh9mxdly3"))
+ "0mrg8qvpwm4ifarzphl3749p7p050kdx1l6mvsaj03czvqj6h653"))
(modules '((guix build utils)))
(snippet
;; Disable console-kit support by default since it's deprecated
@@ -155,7 +155,6 @@ rates.")
`(("alsa-lib" ,alsa-lib)
("bluez" ,bluez)
("sbc" ,sbc)
- ("json-c" ,json-c)
("speex" ,speex)
("libsndfile" ,libsndfile)
("libsamplerate" ,libsamplerate)
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index f6042d97f2..2b1255c2ec 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -121,7 +121,7 @@
(define-public python-2.7
(package
(name "python")
- (version "2.7.12")
+ (version "2.7.13")
(source
(origin
(method url-fetch)
@@ -129,11 +129,12 @@
version "/Python-" version ".tar.xz"))
(sha256
(base32
- "0y7rl603vmwlxm6ilkhc51rx2mfj14ckcz40xxgs0ljnvlhp30yp"))
+ "0cgpk3zk0fgpji59pb4zy9nzljr70qzgv1vpz5hq5xw2d2c47m9m"))
(patches (search-patches "python-2.7-search-paths.patch"
"python-2-deterministic-build-info.patch"
"python-2.7-site-prefixes.patch"
- "python-2.7-source-date-epoch.patch"))
+ "python-2.7-source-date-epoch.patch"
+ "python-2.7-getentropy-on-old-kernels.patch"))
(modules '((guix build utils)))
;; suboptimal to delete failing tests here, but if we delete them in the
;; arguments then we need to make sure to strip out that phase when it
@@ -174,6 +175,7 @@
(list "--enable-shared" ;allow embedding
"--with-system-ffi" ;build ctypes
"--with-ensurepip=install" ;install pip and setuptools
+ "--enable-unicode=ucs4"
(string-append "LDFLAGS=-Wl,-rpath="
(assoc-ref %outputs "out") "/lib"))
@@ -317,7 +319,7 @@ data types.")
(define-public python-3.5
(package (inherit python-2)
- (version "3.5.2")
+ (version "3.5.3")
(source (origin
(method url-fetch)
(uri (string-append "https://www.python.org/ftp/python/"
@@ -325,12 +327,16 @@ data types.")
(patches (search-patches
"python-fix-tests.patch"
"python-3.5-fix-tests.patch"
+ "python-3.5-getentropy-on-old-kernels.patch"
"python-3-deterministic-build-info.patch"
"python-3-search-paths.patch"))
(patch-flags '("-p0"))
(sha256
(base32
- "0h6a5fr7ram2s483lh0pnmc4ncijb8llnpfdxdcl5dxr01hza400"))))
+ "1c6v1n9nz4mlx9mw1125fxpmbrgniqdbbx9hnqx44maqazb2mzpf"))
+ (snippet
+ '(delete-file
+ "Lib/ctypes/test/test_win32.py")))) ; fails on aarch64
(arguments (substitute-keyword-arguments (package-arguments python-2)
((#:tests? _) #t)))
(native-search-paths
@@ -340,23 +346,6 @@ data types.")
(version-major+minor version)
"/site-packages"))))))))
-(define-public python-3.4
- (package (inherit python-3.5)
- (version "3.4.5")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://www.python.org/ftp/python/"
- version "/Python-" version ".tar.xz"))
- (patches (search-patches
- "python-fix-tests.patch"
- "python-3.4-fix-tests.patch"
- "python-3-deterministic-build-info.patch"
- "python-3-search-paths.patch"))
- (patch-flags '("-p0"))
- (sha256
- (base32
- "12l9klp778wklxmckhghniy5hklss8r26995pyd00qbllk4b2r7f"))))))
-
;; Current 3.x version.
(define-public python-3 python-3.5)
diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm
index 3aa4128be0..d43593957e 100644
--- a/gnu/packages/qemu.scm
+++ b/gnu/packages/qemu.scm
@@ -197,7 +197,7 @@ server and embedded PowerPC, and S390 guests.")
(arguments
`(#:configure-flags
;; Restrict to the targets supported by Guix.
- '("--target-list=i386-softmmu,x86_64-softmmu,mips64el-softmmu,arm-softmmu")
+ '("--target-list=i386-softmmu,x86_64-softmmu,mips64el-softmmu,arm-softmmu,aarch64-softmmu")
,@(package-arguments qemu)))
;; Remove dependencies on optional libraries, notably GUI libraries.
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 2ea23acd33..0cbd3a53e1 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -218,8 +218,7 @@ written by Paul Haahr and Byron Rakitzis.")
(define-public tcsh
(package
(name "tcsh")
- (replacement tcsh/fixed)
- (version "6.18.01")
+ (version "6.20.00")
(source (origin
(method url-fetch)
;; Old tarballs are moved to old/.
@@ -229,43 +228,44 @@ written by Paul Haahr and Byron Rakitzis.")
"old/tcsh-" version ".tar.gz")))
(sha256
(base32
- "1a4z9kwgx1iqqzvv64si34m60gj34p7lp6rrcrb59s7ka5wa476q"))
+ "17ggxkkn5skl0v1x0j6hbv5l0sgnidfzwv16992sqkdm983fg7dq"))
(patches (search-patches "tcsh-fix-autotest.patch"
- "tcsh-do-not-define-BSDWAIT.patch"))
+ "tcsh-fix-out-of-bounds-read.patch"))
(patch-flags '("-p0"))))
(build-system gnu-build-system)
- (inputs
+ (native-inputs
`(("autoconf" ,autoconf)
- ("coreutils" ,coreutils)
- ("ncurses" ,ncurses)))
+ ("perl" ,perl)))
+ (inputs
+ `(("ncurses" ,ncurses)))
(arguments
`(#:phases
- (alist-cons-before
- 'check 'patch-test-scripts
- (lambda _
- ;; Take care of pwd
- (substitute* '("tests/commands.at" "tests/variables.at")
- (("/bin/pwd") (which "pwd")))
- ;; The .at files create shell scripts without shebangs. Erk.
- (substitute* "tests/commands.at"
- (("./output.sh") "/bin/sh output.sh"))
- (substitute* "tests/syntax.at"
- (("; other_script.csh") "; /bin/sh other_script.csh"))
- ;; Now, let's generate the test suite and patch it
- (system* "make" "tests/testsuite")
+ (modify-phases %standard-phases
+ (add-before 'check 'patch-test-scripts
+ (lambda _
+ ;; Take care of pwd
+ (substitute* '("tests/commands.at" "tests/variables.at")
+ (("/bin/pwd") (which "pwd")))
+ ;; The .at files create shell scripts without shebangs. Erk.
+ (substitute* "tests/commands.at"
+ (("./output.sh") "/bin/sh output.sh"))
+ (substitute* "tests/syntax.at"
+ (("; other_script.csh") "; /bin/sh other_script.csh"))
+ ;; Now, let's generate the test suite and patch it
+ (system* "make" "tests/testsuite")
- ;; This file is ISO-8859-1 encoded.
- (with-fluids ((%default-port-encoding #f))
- (substitute* "tests/testsuite"
- (("/bin/sh") (which "sh")))))
- (alist-cons-after
- 'install 'post-install
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (let* ((out (assoc-ref %outputs "out"))
- (bin (string-append out "/bin")))
- (with-directory-excursion bin
- (symlink "tcsh" "csh"))))
- %standard-phases))))
+ ;; This file is ISO-8859-1 encoded.
+ (with-fluids ((%default-port-encoding #f))
+ (substitute* "tests/testsuite"
+ (("/bin/sh") (which "sh"))))
+ #t))
+ (add-after 'install 'post-install
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref %outputs "out"))
+ (bin (string-append out "/bin")))
+ (with-directory-excursion bin
+ (symlink "tcsh" "csh"))
+ #t))))))
(home-page "http://www.tcsh.org/")
(synopsis "Unix shell based on csh")
(description
@@ -276,15 +276,6 @@ command-line editor, programmable word completion, spelling correction, a
history mechanism, job control and a C-like syntax.")
(license bsd-4)))
-(define tcsh/fixed
- (package
- (inherit tcsh)
- (name "tcsh")
- (source (origin
- (inherit (package-source tcsh))
- (patches (cons (search-patch "tcsh-fix-out-of-bounds-read.patch")
- (origin-patches (package-source tcsh))))))))
-
(define-public zsh
(package
(name "zsh")
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index be4d2a7ade..eaa832269d 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -85,7 +85,7 @@ remote applications.")
(define-public libssh2
(package
(name "libssh2")
- (version "1.7.0")
+ (version "1.8.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -93,13 +93,21 @@ remote applications.")
version ".tar.gz"))
(sha256
(base32
- "116mh112w48vv9k3f15ggp5kxw5sj4b88dzb5j69llsh7ba1ymp4"))))
+ "1m3n8spv79qhjq4yi0wgly5s5rc8783jb1pyra9bkx1md0plxwrr"))
+ (patches
+ (search-patches "libssh2-fix-build-failure-with-gcrypt.patch"))))
(build-system gnu-build-system)
;; The installed libssh2.pc file does not include paths to libgcrypt and
;; zlib libraries, so we need to propagate the inputs.
(propagated-inputs `(("libgcrypt" ,libgcrypt)
("zlib" ,zlib)))
- (arguments '(#:configure-flags `("--with-libgcrypt")))
+ (arguments '(#:configure-flags `("--with-libgcrypt")
+ #:phases (modify-phases %standard-phases
+ (add-before 'configure 'autoreconf
+ (lambda _
+ (zero? (system* "autoreconf" "-v")))))))
+ (native-inputs `(("autoconf" ,autoconf)
+ ("automake" ,automake)))
(synopsis "Client-side C library implementing the SSH2 protocol")
(description
"libssh2 is a library intended to allow software developers access to
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index 75bdb5df83..49bb24e594 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -113,7 +113,8 @@ be output in text, PostScript, PDF or HTML.")
"0v7wpj89b0i3ad3fi1wak5c93hywmbxv8sdnixhq8l17782nidss"))))
(build-system gnu-build-system)
(arguments
- `(#:make-flags
+ `(#:disallowed-references (,tzdata-2017a)
+ #:make-flags
(list (string-append "LDFLAGS=-Wl,-rpath="
(assoc-ref %outputs "out")
"/lib/R/lib")
@@ -187,6 +188,7 @@ be output in text, PostScript, PDF or HTML.")
("pkg-config" ,pkg-config)
("texinfo" ,texinfo) ; for building HTML manuals
("which" ,which) ; for tests/Examples/base-Ex.R
+ ("tzdata" ,tzdata-2017a)
("xz" ,xz)))
(inputs
`(;; We need not only cairo here, but pango to ensure that tests for the
@@ -194,7 +196,6 @@ be output in text, PostScript, PDF or HTML.")
("pango" ,pango)
("coreutils" ,coreutils)
("curl" ,curl)
- ("tzdata" ,tzdata)
("openblas" ,openblas)
("gfortran" ,gfortran)
("icu4c" ,icu4c)
diff --git a/gnu/packages/tcl.scm b/gnu/packages/tcl.scm
index 4cd94299df..f9a23c3230 100644
--- a/gnu/packages/tcl.scm
+++ b/gnu/packages/tcl.scm
@@ -37,14 +37,14 @@
(define-public tcl
(package
(name "tcl")
- (version "8.6.4")
+ (version "8.6.6")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/tcl/Tcl/"
version "/tcl" version "-src.tar.gz"))
(sha256
(base32
- "13cwa4bc85ylf5gfj9vk182lvgy60qni3f7gbxghq78wk16djvly"))
+ "01zypqhy57wvh1ikk28bg733sk5kf4q568pq9v6fvcz4h6bl0rd2"))
(patches (search-patches "tcl-mkindex-deterministic.patch"))))
(build-system gnu-build-system)
(arguments
@@ -135,14 +135,14 @@ X11 GUIs.")
(define-public tk
(package
(name "tk")
- (version "8.6.4")
+ (version "8.6.6")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/tcl/Tcl/"
version "/tk" version "-src.tar.gz"))
(sha256
(base32
- "1h96vp15zl5xz0d4qp6wjyrchqmrmdm3q5k22wkw9jaxbvw9vy88"))
+ "17diivcfcwdhp4v5zi6j9nkxncccjqkivhp363c4wx5lf4d3fb6n"))
(patches (search-patches "tk-find-library.patch"))))
(build-system gnu-build-system)
(arguments
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 32aa7a61dc..9796c18c7d 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -52,7 +52,7 @@
(define-public libtasn1
(package
(name "libtasn1")
- (version "4.9")
+ (version "4.10")
(source
(origin
(method url-fetch)
@@ -60,7 +60,7 @@
version ".tar.gz"))
(sha256
(base32
- "0869cp6jx7cajgv6cnddsh3vc7bimmdkdjn80y1jpb4iss7plvsg"))))
+ "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(home-page "http://www.gnu.org/software/libtasn1/")
@@ -140,8 +140,7 @@ living in the same process.")
(define-public gnutls
(package
(name "gnutls")
- (version "3.5.4")
- (replacement gnutls-3.5.8)
+ (version "3.5.9")
(source (origin
(method url-fetch)
(uri
@@ -152,7 +151,7 @@ living in the same process.")
"/gnutls-" version ".tar.xz"))
(sha256
(base32
- "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))
+ "0l9971841jsfdcvcyhas17sk5rsby6x5vvwcmmj4x3zi9q60zcc2"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
@@ -195,12 +194,11 @@ living in the same process.")
("pkg-config" ,pkg-config)
("which" ,which)))
(inputs
- `(("guile" ,guile-2.0)
- ("perl" ,perl)))
+ `(("guile" ,guile-2.0)))
(propagated-inputs
;; These are all in the 'Requires.private' field of gnutls.pc.
`(("libtasn1" ,libtasn1)
- ("libidn" ,libidn)
+ ("libidn2" ,libidn2)
("nettle" ,nettle)
("zlib" ,zlib)))
(home-page "https://www.gnu.org/software/gnutls/")
@@ -214,38 +212,23 @@ required structures.")
(properties '((ftp-server . "ftp.gnutls.org")
(ftp-directory . "/gcrypt/gnutls")))))
-(define gnutls-3.5.8 ;fixes GNUTLS-SA-2017-{1,2}
- (package
- (inherit gnutls)
- (version "3.5.8")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnupg/gnutls/v"
- (version-major+minor version)
- "/gnutls-" version ".tar.xz"))
- (sha256
- (base32
- "1zyl2z63s68hx1dpxqx0lykmlf3rwrzlrf44sq3h7dvjmr1z55qf"))))
- (replacement #f)))
-
(define-public gnutls/guile-2.2
;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5.
(package
- (inherit gnutls-3.5.8)
+ (inherit gnutls)
(name "guile2.2-gnutls")
(arguments
;; Remove '--with-guile-site-dir=…/2.0'.
- (substitute-keyword-arguments (package-arguments gnutls-3.5.8)
+ (substitute-keyword-arguments (package-arguments gnutls)
((#:configure-flags flags)
`(cdr ,flags))))
(inputs `(("guile" ,guile-next)
- ,@(alist-delete "guile" (package-inputs gnutls-3.5.8))))))
+ ,@(alist-delete "guile" (package-inputs gnutls))))))
(define-public openssl
(package
(name "openssl")
- (replacement openssl-1.0.2k)
- (version "1.0.2j")
+ (version "1.0.2k")
(source (origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
@@ -255,7 +238,7 @@ required structures.")
"/" name "-" version ".tar.gz")))
(sha256
(base32
- "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7"))
+ "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
(patches (search-patches "openssl-runpath.patch"
"openssl-c-rehash-in.patch"))))
(build-system gnu-build-system)
@@ -325,7 +308,6 @@ required structures.")
(lib (string-append out "/lib"))
(static (assoc-ref outputs "static"))
(slib (string-append static "/lib")))
- (mkdir-p slib)
(for-each (lambda (file)
(install-file file slib)
(delete-file file))
@@ -352,7 +334,7 @@ required structures.")
(let ((bash (assoc-ref (or native-inputs inputs) "bash")))
(substitute* (find-files "test" ".*")
(("/bin/sh")
- (string-append bash "/bin/bash"))
+ (string-append bash "/bin/sh"))
(("/bin/rm")
"rm"))
#t)))
@@ -382,29 +364,9 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/")))
-(define openssl-1.0.2k
- (package
- (inherit openssl)
- (name "openssl")
- (version "1.0.2k")
- (source
- (origin
- (method url-fetch)
- (uri (list (string-append "ftp://ftp.openssl.org/source/"
- name "-" version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/old/"
- (string-trim-right version char-set:letter)
- "/" name "-" version ".tar.gz")))
- (sha256
- (base32
- "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb"))
- (patches (search-patches "openssl-runpath.patch"
- "openssl-c-rehash-in.patch"))))))
-
(define-public openssl-next
(package
(inherit openssl)
- (replacement #f)
(name "openssl")
(version "1.1.0e")
(source (origin
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 1076c18905..aee424fbc9 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -288,13 +288,14 @@ as well as the classic centralized workflow.")
(native-search-paths
;; For HTTPS access, Git needs a single-file certificate bundle, specified
;; with $GIT_SSL_CAINFO.
- ;; FIXME: This variable designates a single file; it is not a search path.
(list (search-path-specification
(variable "GIT_SSL_CAINFO")
(file-type 'regular)
+ (separator #f) ;single entry
(files '("etc/ssl/certs/ca-certificates.crt")))
(search-path-specification
(variable "GIT_EXEC_PATH")
+ (separator #f) ;single entry
(files '("libexec/git-core")))))
(synopsis "Distributed version control system")
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 9e18790d6f..2988773398 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -136,6 +136,11 @@
(%current-system))
'("--host=mips64el-unknown-linux-gnu")
'())
+ ;; The same is also true with aarch64.
+ ,@(if (string=? "aarch64-linux"
+ (%current-system))
+ '("--host=aarch64-unknown-linux-gnu")
+ '())
(string-append "--with-ncurses="
ncurses)))))))))
(home-page "http://aa-project.sourceforge.net/aalib/")
@@ -394,7 +399,7 @@ SMPTE 314M.")
(define-public libva
(package
(name "libva")
- (version "1.7.1")
+ (version "1.7.3")
(source
(origin
(method url-fetch)
@@ -402,7 +407,7 @@ SMPTE 314M.")
"https://www.freedesktop.org/software/vaapi/releases/libva/libva-"
version".tar.bz2"))
(sha256
- (base32 "1j8mb3p9kafhp30r3kmndnrklvzycc2ym0w6xdqz6m7jap626028"))))
+ (base32 "1ndrf136rlw03xag7j1xpmf9015d1h0dpnv6v587jnh6k2a17g12"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 5afc495ad7..783bce0d56 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -142,14 +142,14 @@ avoiding password prompts when X11 forwarding has already been setup.")
(define-public libxkbcommon
(package
(name "libxkbcommon")
- (version "0.6.1")
+ (version "0.7.1")
(source (origin
(method url-fetch)
- (uri (string-append "http://xkbcommon.org/download/" name "-"
+ (uri (string-append "https://xkbcommon.org/download/" name "-"
version ".tar.xz"))
(sha256
(base32
- "0q47xa1szlxwgvwmhv4b7xwawnykz1hnc431d84nj8dlh2q8f22v"))))
+ "12z6hih3n1r0asp2hzp9qsiwdfkfz46jwp06x8kprr0r5rfk0nds"))))
(build-system gnu-build-system)
(inputs
`(("libx11" ,libx11)
@@ -166,7 +166,7 @@ avoiding password prompts when X11 forwarding has already been setup.")
(string-append "--with-x-locale-root="
(assoc-ref %build-inputs "libx11")
"/share/X11/locale"))))
- (home-page "http://xkbcommon.org/")
+ (home-page "https://xkbcommon.org/")
(synopsis "Library to handle keyboard descriptions")
(description "Xkbcommon is a library to handle keyboard descriptions,
including loading them from disk, parsing them and handling their
@@ -277,7 +277,7 @@ rasterisation.")
(define-public libdrm
(package
(name "libdrm")
- (version "2.4.68")
+ (version "2.4.75")
(source
(origin
(method url-fetch)
@@ -287,7 +287,7 @@ rasterisation.")
".tar.bz2"))
(sha256
(base32
- "1px91j6imaaq2fy8ksvgldmv0cdz3w379jqiciqvqa99jajxjjsv"))
+ "0kq5hmck0gq7b29fr8jp94njc7jpkpbyws12s63w4b21xw750nid"))
(patches (search-patches "libdrm-symbol-check.patch"))))
(build-system gnu-build-system)
(inputs
@@ -830,7 +830,9 @@ Wacom tablet applet.")
name "-" version ".tar.bz2"))
(sha256
(base32
- "0idhkigl0pnyp08sqm6bqfb4h20v6rjrb71z1gdv59gk7d7qwpgi"))))
+ "0idhkigl0pnyp08sqm6bqfb4h20v6rjrb71z1gdv59gk7d7qwpgi"))
+ (patches
+ (search-patches "xf86-input-wacom-xorg-abi-25.patch"))))
(arguments
`(#:configure-flags
(list (string-append "--with-sdkdir="
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index ec84bdeedb..5ad504604a 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -127,7 +127,7 @@ compressed video format.")
(define speex
(package
(name "speex")
- (version "1.2rc1")
+ (version "1.2.0")
(source
(origin
(method url-fetch)
@@ -135,7 +135,7 @@ compressed video format.")
version ".tar.gz"))
(sha256
(base32
- "19mpkhbz3s08snvndn0h1dk2j139max6b0rr86nnsjmxazf30brl"))))
+ "150047wnllz4r94whb9r73l5qf0z5z3rlhy98bawfbblmkq8mbpa"))))
(build-system gnu-build-system)
(inputs `(("libogg" ,libogg)))
(home-page "https://gnu.org/software/speex")
@@ -202,14 +202,14 @@ It currently supports:
(define flac
(package
(name "flac")
- (version "1.3.1")
+ (version "1.3.2")
(source (origin
(method url-fetch)
(uri (string-append "http://downloads.xiph.org/releases/flac/flac-"
version ".tar.xz"))
(sha256
(base32
- "0v65w7ph6ldwp5a8fbhp0a3w8f737ck468fr7yb7sxmskl4w0ws7"))))
+ "0gymm2j3276kr9nz6vmgfwsdfrq6c449n40a0mzz8h6wc7nw7kwi"))))
(build-system gnu-build-system)
(arguments
`(#:parallel-tests? #f))
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 66eb63ade4..a818cb8d4e 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -8,7 +8,7 @@
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com>
;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
@@ -74,12 +74,13 @@ things the parser might find in the XML document (like start tags).")
(define-public libxml2
(package
(name "libxml2")
- (replacement libxml2/fixed)
(version "2.9.4")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
version ".tar.gz"))
+ (patches (search-patches "libxml2-CVE-2016-4658.patch"
+ "libxml2-CVE-2016-5131.patch"))
(sha256
(base32
"0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz"))))
@@ -102,19 +103,9 @@ things the parser might find in the XML document (like start tags).")
project (but it is usable outside of the Gnome platform).")
(license license:x11)))
-(define libxml2/fixed
- (package
- (inherit libxml2)
- (source
- (origin
- (inherit (package-source libxml2))
- (patches (search-patches "libxml2-CVE-2016-4658.patch"
- "libxml2-CVE-2016-5131.patch"))))))
-
(define-public python-libxml2
(package (inherit libxml2)
(name "python-libxml2")
- (replacement #f)
(build-system python-build-system)
(arguments
`(;; XXX: Tests are specified in 'Makefile.am', but not in 'setup.py'.
@@ -144,12 +135,12 @@ project (but it is usable outside of the Gnome platform).")
(define-public libxslt
(package
(name "libxslt")
- (replacement libxslt/fixed)
(version "1.1.29")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
version ".tar.gz"))
+ (patches (search-patches "libxslt-CVE-2016-4738.patch"))
(sha256
(base32
"1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))
@@ -166,14 +157,6 @@ project (but it is usable outside of the Gnome platform).")
based on libxml for XML parsing, tree manipulation and XPath support.")
(license license:x11)))
-(define libxslt/fixed
- (package
- (inherit libxslt)
- (name "libxslt")
- (source (origin
- (inherit (package-source libxslt))
- (patches (search-patches "libxslt-CVE-2016-4738.patch"))))))
-
(define-public perl-graph-readwrite
(package
(name "perl-graph-readwrite")
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 90d4660fcd..191dc7dd19 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -49,6 +49,7 @@
#:use-module (gnu packages gnupg)
#:use-module (gnu packages gperf)
#:use-module (gnu packages image)
+ #:use-module (gnu packages libbsd)
#:use-module (gnu packages linux)
#:use-module (gnu packages m4)
#:use-module (gnu packages ncurses)
@@ -176,7 +177,7 @@ directory tree.")
"09i03sk878cmx2i40lkpsysn7zqcvlczb30j7x3lryb11jz4gx1q"))))
(build-system gnu-build-system)
(inputs
- `(("libxfont" ,libxfont)))
+ `(("libxfont2" ,libxfont2)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "https://www.x.org/wiki/")
@@ -1248,7 +1249,8 @@ with the Cygwin XWin server when running X11 in a rootless mode.")
"1qp4yhxbfnpj34swa0fj635kkihdkwaiw7kf55cg5zqqg630kzl1"))))
(build-system gnu-build-system)
(inputs
- `(("xproto" ,xproto)))
+ `(("libbsd" ,libbsd)
+ ("xproto" ,xproto)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "https://www.x.org/wiki/")
@@ -2054,21 +2056,24 @@ emulate a TI-30 or an HP-10C.")
(define-public xcb-proto
(package
(name "xcb-proto")
- (version "1.11")
+ (version "1.12")
(source
(origin
(method url-fetch)
(uri (string-append
- "mirror://xorg/individual/xcb/xcb-proto-"
+ "https://xcb.freedesktop.org/dist/xcb-proto-"
version
".tar.bz2"))
(sha256
(base32
- "0bp3f53l9fy5x3mn1rkj1g81aiyzl90wacwvqdgy831aa3kfxb5l"))))
+ "01j91946q8f34l1mbvmmgvyc393sm28ym4lxlacpiav4qsjan8jr"))
+ (patches
+ (search-patches "xcb-proto-python3-whitespace.patch"
+ "xcb-proto-python3-print.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config) ("python" ,python-minimal-wrapper)))
- (home-page "https://www.x.org/wiki/")
+ (home-page "https://xcb.freedesktop.org/")
(synopsis "XML-XCB protocol descriptions")
(description
"XCB-Proto provides the XML-XCB protocol descriptions that libxcb
@@ -2697,7 +2702,7 @@ framebuffer device.")
(define-public xf86-video-geode
(package
(name "xf86-video-geode")
- (version "2.11.18")
+ (version "2.11.19")
(source
(origin
(method url-fetch)
@@ -2707,7 +2712,7 @@ framebuffer device.")
".tar.bz2"))
(sha256
(base32
- "1s59kdj573v38sb14xfhp1l926aypbhy11vaz36y72x6calfkv6n"))
+ "0zn9gb49grds5mcs1dlrx241k2w1sgqmx4i5x7v6159xxqhlqsf6"))
(patches (search-patches "xf86-video-geode-glibc-2.20.patch"))))
(build-system gnu-build-system)
(inputs `(("xorg-server" ,xorg-server)))
@@ -2825,7 +2830,7 @@ X server.")
(inputs `(("mesa" ,mesa)
("udev" ,eudev)
("libx11" ,libx11)
- ("libxfont" ,libxfont)
+ ("libxfont" ,libxfont2)
("xorg-server" ,xorg-server)))
(native-inputs
`(("pkg-config" ,pkg-config)
@@ -3057,7 +3062,7 @@ UniChrome Pro and Chrome9 integrated graphics processors.")
(build-system gnu-build-system)
(inputs
`(("fontsproto" ,fontsproto)
- ("libxfont" ,libxfont)
+ ("libxfont" ,libxfont2)
("spice-protocol" ,spice-protocol)
("xf86dgaproto" ,xf86dgaproto)
("xorg-server" ,xorg-server)
@@ -3730,7 +3735,7 @@ extension to the X11 protocol. It includes:
(define-public xkeyboard-config
(package
(name "xkeyboard-config")
- (version "2.18")
+ (version "2.20")
(source
(origin
(method url-fetch)
@@ -3740,7 +3745,7 @@ extension to the X11 protocol. It includes:
".tar.bz2"))
(sha256
(base32
- "1l6x2w357ja8vm94ns79s7yj9a5dlr01r9dxrjvzwncadiyr27f4"))))
+ "0d619g4r0w1f6q5qmaqjnsc0956gi02fqgpisqffzqy4acjwggyi"))))
(build-system gnu-build-system)
(inputs
`(("gettext" ,gettext-minimal)
@@ -4650,7 +4655,7 @@ script around the mkfontscale program.")
(define-public xproto
(package
(name "xproto")
- (version "7.0.29")
+ (version "7.0.31")
(source
(origin
(method url-fetch)
@@ -4660,7 +4665,7 @@ script around the mkfontscale program.")
".tar.bz2"))
(sha256
(base32
- "12lzpa9mrzkyrhrphzpi1014np3328qg7mdq08wj6wyaj9q4f6kc"))))
+ "0ivpxz0rx2a7nahkpkhfgymz7j0pwzaqvyqpdgw9afmxl1yp9yf6"))))
(build-system gnu-build-system)
(propagated-inputs
`(("util-macros" ,util-macros))) ; to get util-macros in (almost?) all package inputs
@@ -4699,7 +4704,8 @@ common definitions and porting layer.")
(propagated-inputs
`(("xproto" ,xproto)))
(inputs
- `(("xtrans" ,xtrans)))
+ `(("libbsd" ,libbsd)
+ ("xtrans" ,xtrans)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "https://www.x.org/wiki/")
@@ -4797,11 +4803,22 @@ not be used by normal X11 clients. X11 clients access fonts via either the
new API's in libXft, or the legacy API's in libX11.")
(license license:x11)))
+(define-public libxfont2
+ (package
+ (inherit libxfont)
+ (version "2.0.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
+ version ".tar.bz2"))
+ (sha256
+ (base32
+ "0znvwk36nhmyqpmhbm9mzisgixp1mp5qkfald8x1n5yxbm3vpyz9"))))))
(define-public libxi
(package
(name "libxi")
- (version "1.7.8")
+ (version "1.7.9")
(source
(origin
(method url-fetch)
@@ -4811,7 +4828,7 @@ new API's in libXft, or the legacy API's in libX11.")
".tar.bz2"))
(sha256
(base32
- "1fr7mi4nbcxsa88qin9g2ipmzh595ydxy9qnabzl270laf6zmwnq"))))
+ "0idg1wc01hndvaa820fvfs7phvd1ymf0lldmq6386i7rhkzvirn2"))))
(build-system gnu-build-system)
(propagated-inputs
`(("inputproto" ,inputproto)
@@ -4920,15 +4937,17 @@ protocol.")
(define-public libxcb
(package
(name "libxcb")
- (version "1.11.1")
+ (version "1.12")
(source
(origin
(method url-fetch)
- (uri (string-append "mirror://xorg/individual/xcb/"
+ (uri (string-append "https://xcb.freedesktop.org/dist/"
name "-" version ".tar.bz2"))
(sha256
(base32
- "0c4xyvdyx5adh8dzyhnrmvwwz24gri4z1czxmxqm63i0gmngs85p"))))
+ "0nvv0la91cf8p5qqlb3r5xnmg1jn2wphn4fb5jfbr6byqsvv3psa"))
+ (patches
+ (search-patches "libxcb-python-3.5-compat.patch"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libpthread-stubs" ,libpthread-stubs)
@@ -4942,7 +4961,7 @@ protocol.")
("python" ,python-minimal-wrapper)))
(arguments
`(#:configure-flags '("--enable-xkb")))
- (home-page "https://www.x.org/wiki/")
+ (home-page "https://xcb.freedesktop.org/")
(synopsis "The X C Binding (XCB) library")
(description
"libxcb provides an interface to the X Window System protocol,
@@ -4964,7 +4983,7 @@ over Xlib, including:
(define-public xorg-server
(package
(name "xorg-server")
- (version "1.18.4")
+ (version "1.19.2")
(source
(origin
(method url-fetch)
@@ -4973,7 +4992,7 @@ over Xlib, including:
name "-" version ".tar.bz2"))
(sha256
(base32
- "1j1i3n5xy1wawhk95kxqdc54h34kg7xp4nnramba2q8xqfr5k117"))))
+ "1fw4b2lf75nsqkiyhn95b1c2if1l3cw5a188a1szx1d8l7sbk2jg"))))
(build-system gnu-build-system)
(propagated-inputs
`(("dri2proto" ,dri2proto)
@@ -5002,12 +5021,13 @@ over Xlib, including:
("dbus" ,dbus)
("dmxproto" ,dmxproto)
("libdmx" ,libdmx)
+ ("libepoxy" ,libepoxy)
("libgcrypt" ,libgcrypt)
("libxau" ,libxau)
("libxaw" ,libxaw)
("libxdmcp" ,libxdmcp)
("libxfixes" ,libxfixes)
- ("libxfont" ,libxfont)
+ ("libxfont2" ,libxfont2)
("libxkbfile" ,libxkbfile)
("libxrender" ,libxrender)
("libxres" ,libxres)
@@ -5031,7 +5051,12 @@ over Xlib, including:
("xcb-util-wm" ,xcb-util-wm)))
(native-inputs
`(("python" ,python-minimal-wrapper)
- ("pkg-config" ,pkg-config)))
+ ("pkg-config" ,pkg-config)
+ ;; XXX Bootstrapping inputs for 1.19.2. Remove for > 1.19.2.
+ ("font-util" ,font-util)
+ ("libtool" ,libtool)
+ ("autoconf" ,autoconf)
+ ("automake" ,automake)))
(arguments
`(#:parallel-tests? #f
#:configure-flags
@@ -5056,17 +5081,23 @@ over Xlib, including:
"--enable-kdrive"
"--enable-xephyr")
- #:phases (alist-cons-before
- 'configure 'pre-configure
- (lambda _
- (substitute* (find-files "." "\\.c$")
- (("/bin/sh") (which "sh")))
-
- ;; Don't try to 'mkdir /var'.
- (substitute* "hw/xfree86/Makefile.in"
- (("\\$\\(MKDIR_P\\).*logdir.*")
- "true\n")))
- %standard-phases)))
+ #:phases
+ (modify-phases %standard-phases
+ ;; XXX The 1.19.2 release of xorg-server was not bootstrapped:
+ ;; <https://lists.x.org/archives/xorg-announce/2017-March/002780.html>
+ (add-before 'configure 'bootstrap
+ (lambda _ (zero? (system* "autoreconf" "-vfi"))))
+ (add-before
+ 'configure 'pre-configure
+ (lambda _
+ (substitute* (find-files "." "\\.c$")
+ (("/bin/sh") (which "sh")))
+
+ ;; Don't try to 'mkdir /var'.
+ (substitute* "hw/xfree86/Makefile.in"
+ (("\\$\\(MKDIR_P\\).*logdir.*")
+ "true\n"))
+ #t)))))
(home-page "https://www.x.org/wiki/")
(synopsis "Xorg implementation of the X Window System")
(description
@@ -5081,6 +5112,22 @@ communicates with the user via graphical controls such as buttons and
draggable titlebars and borders.")
(license license:x11)))
+;;; This package is intended to be used when building GTK+.
+(define-public xorg-server-1.19.2
+ (package
+ (inherit xorg-server)
+ (name "xorg-server")
+ (version "1.19.2")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "mirror://xorg/individual/xserver/"
+ name "-" version ".tar.bz2"))
+ (sha256
+ (base32
+ "1fw4b2lf75nsqkiyhn95b1c2if1l3cw5a188a1szx1d8l7sbk2jg"))))))
+
(define-public xorg-server-xwayland
(package
(inherit xorg-server)
@@ -5105,7 +5152,7 @@ draggable titlebars and borders.")
(define-public libx11
(package
(name "libx11")
- (version "1.6.4")
+ (version "1.6.5")
(source
(origin
(method url-fetch)
@@ -5115,7 +5162,7 @@ draggable titlebars and borders.")
".tar.bz2"))
(sha256
(base32
- "0hg46i6h92pmb7xp1cis2j43zq3fkdz89p0yv35w4vm17az4iixp"))))
+ "0pa3cfp6h9rl2vxmkph65250gfqyki0ccqyaan6bl9d25gdr0f2d"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;8 MiB of man pages + XML