diff options
Diffstat (limited to 'gnu/packages')
36 files changed, 772 insertions, 594 deletions
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 67d1026dfb..e97fa79ac9 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1081,7 +1081,7 @@ module slots, and the list of I/O ports (e.g. serial, parallel, USB).") (define-public acpica (package (name "acpica") - (version "20150410") + (version "20171110") (source (origin (method url-fetch) (uri (string-append @@ -1089,23 +1089,24 @@ module slots, and the list of I/O ports (e.g. serial, parallel, USB).") version ".tar.gz")) (sha256 (base32 - "0q1fjwkyw9x6gsva6fd0zbn7ly4fx0ha4853f416np9kf2irillw")))) + "08g83qvhfx04vzb3f3pfpkp0w601v6csjzdv7z1vjzz1k71h7yml")))) (build-system gnu-build-system) (native-inputs `(("flex" ,flex) ("bison" ,bison))) (arguments '(#:make-flags (list (string-append "PREFIX=" %output) + "CC=gcc" "HOST=_LINUX" "OPT_CFLAGS=-Wall -fno-strict-aliasing") #:tests? #f ; no 'check' target. #:phases (modify-phases %standard-phases (delete 'configure)))) - (home-page "http://acpica.org/") + (home-page "https://acpica.org/") (synopsis "Tools for the development and debug of ACPI tables") (description - "The ACPI Component Architecture (ACPICA) project provides an + "The ACPI Component Architecture (@dfn{ACPICA}) project provides an OS-independent reference implementation of the Advanced Configuration and -Power Interface Specification (ACPI). ACPICA code contains those portions of -ACPI meant to be directly integrated into the host OS as a kernel-resident +Power Interface Specification (@dfn{ACPI}). ACPICA code contains those portions +of ACPI meant to be directly integrated into the host OS as a kernel-resident subsystem, and a small set of tools to assist in developing and debugging ACPI tables. This package contains only the user-space tools needed for ACPI table development, not the kernel implementation of ACPI.") @@ -1795,10 +1796,10 @@ a new command using the matched rule, and runs it.") (home-page "https://www.gentoo.com/di/") (synopsis "Advanced df like disk information utility") (description - "'di' is a disk information utility, displaying everything -(and more) that your @code{df} command does. It features the ability to -display your disk usage in whatever format you prefer. It is designed to be -highly portable. Great for heterogeneous networks.") + "'di' is a disk information utility, displaying everything that your +@code{df} command does and more. It features the ability to display your disk +usage in whatever format you prefer. It is designed to be highly portable and +produce uniform output across heterogeneous networks.") (license license:zlib))) (define-public cbatticon diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm index 8e0ad0a874..4f6e4a4095 100644 --- a/gnu/packages/audio.scm +++ b/gnu/packages/audio.scm @@ -63,6 +63,7 @@ #:use-module (gnu packages image) #:use-module (gnu packages ncurses) #:use-module (gnu packages qt) + #:use-module (gnu packages libbsd) #:use-module (gnu packages linux) #:use-module (gnu packages llvm) #:use-module (gnu packages mp3) ;taglib @@ -72,6 +73,7 @@ #:use-module (gnu packages python) #:use-module (gnu packages rdf) #:use-module (gnu packages readline) + #:use-module (gnu packages telephony) #:use-module (gnu packages tls) #:use-module (gnu packages video) #:use-module (gnu packages vim) ;xxd @@ -3028,6 +3030,54 @@ mixers.") (define-public python2-pyalsaaudio (package-with-python2 python-pyalsaaudio)) +(define-public bluez-alsa + (package + (name "bluez-alsa") + (version "1.2.0") + (source (origin + ;; The tarballs are mere snapshots and don't contain a + ;; bootstrapped build system. + (method git-fetch) + (uri (git-reference + (url "https://github.com/Arkq/bluez-alsa.git") + (commit (string-append "v" version)))) + (file-name (string-append name "-" version "-checkout")) + (sha256 + (base32 + "1qinf41wl2ihx54zmmhanycihwjkn7dn1cicq6pp4rqbiv79b95x")))) + (build-system gnu-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'bootstrap + (lambda _ + (zero? (system* "autoreconf" "-vif"))))))) + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("libtool" ,libtool) + ("pkg-config" ,pkg-config))) + (inputs + `(("alsa-lib" ,alsa-lib) + ("bluez" ,bluez) + ("glib" ,glib) + ("libbsd" ,libbsd) + ("ncurses" ,ncurses) + ("ortp" ,ortp) + ("sbc" ,sbc))) + (home-page "https://github.com/Arkq/bluez-alsa") + (synopsis "Bluetooth ALSA backend") + (description "This project is a rebirth of a direct integration between +Bluez and ALSA. Since Bluez >= 5, the build-in integration has been removed +in favor of 3rd party audio applications. From now on, Bluez acts as a +middleware between an audio application, which implements Bluetooth audio +profile, and a Bluetooth audio device. BlueALSA registers all known Bluetooth +audio profiles in Bluez, so in theory every Bluetooth device (with audio +capabilities) can be connected. In order to access the audio stream, one has +to connect to the ALSA PCM device called @code{bluealsa}. The device is based +on the ALSA software PCM plugin.") + (license license:expat))) + (define-public snd (package (name "snd") diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index f0b589b6c0..fedc8aec4c 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -421,31 +421,27 @@ computational cluster.") (define-public bedtools (package (name "bedtools") - (version "2.26.0") + (version "2.27.0") (source (origin (method url-fetch) - (uri (string-append "https://github.com/arq5x/bedtools2/archive/v" - version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) + (uri (string-append "https://github.com/arq5x/bedtools2/releases/" + "download/v" version "/" + "bedtools-" version ".tar.gz")) (sha256 (base32 - "0xvri5hnp2iim1cx6mcd5d9f102p5ql41x69rd6106x1c17pinqm")))) + "0q6fsiz4s52yzxs6h2vxwq95fsi3n64wkpinkk05mfh4dmhybw74")))) (build-system gnu-build-system) - (native-inputs `(("python" ,python-2))) - (inputs `(("samtools" ,samtools) - ("zlib" ,zlib))) (arguments '(#:test-target "test" + #:make-flags + (list (string-append "prefix=" (assoc-ref %outputs "out"))) #:phases (modify-phases %standard-phases - (delete 'configure) - (replace 'install - (lambda* (#:key outputs #:allow-other-keys) - (let ((bin (string-append (assoc-ref outputs "out") "/bin/"))) - (for-each (lambda (file) - (install-file file bin)) - (find-files "bin" ".*"))) - #t))))) + (delete 'configure)))) + (native-inputs `(("python" ,python-2))) + (inputs + `(("samtools" ,samtools) + ("zlib" ,zlib))) (home-page "https://github.com/arq5x/bedtools2") (synopsis "Tools for genome analysis and arithmetic") (description diff --git a/gnu/packages/cdrom.scm b/gnu/packages/cdrom.scm index ddc035c1b0..523158d553 100644 --- a/gnu/packages/cdrom.scm +++ b/gnu/packages/cdrom.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 John Darrington <jmd@gnu.org> ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -413,7 +414,7 @@ graphical interface.") (define-public libcue (package (name "libcue") - (version "2.1.0") + (version "2.2.0") (source (origin (method url-fetch) (uri (string-append @@ -422,7 +423,7 @@ graphical interface.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1fradl3dx0pyy9rn1a0gak9gzgg40wax61f2s00zks7rwl0xv398")))) + "0y9808vbly1w6i3diaad9csjmmw6iaw572wjjr68ssqamsw193rj")))) (build-system cmake-build-system) (native-inputs `(("bison" ,bison) diff --git a/gnu/packages/connman.scm b/gnu/packages/connman.scm index a2a5556fb8..25756019fd 100644 --- a/gnu/packages/connman.scm +++ b/gnu/packages/connman.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -139,15 +140,15 @@ sharing) to clients via USB, ethernet, WiFi, cellular and Bluetooth.") (define-public cmst (package (name "cmst") - (version "2017.03.18") + (version "2017.09.19") (source (origin (method url-fetch) (uri (string-append "https://github.com/andrew-bibb/cmst/releases/download/cmst-" - version "/cmst-" version ".tar.gz")) + version "/cmst-" version ".tar.xz")) (sha256 - (base32 "16g9byxr1rkmrnzi6sjplpmkr8h6pqj7418jz30czqviw5qlkqwl")))) + (base32 "0dh4639n3l8a19svaagib41hdq5q7x70bnc28dmnwy4jflf38yrm")))) (inputs `(("qtbase" ,qtbase))) (native-inputs diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 56749320b3..4bd36c4c6f 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -1022,7 +1022,7 @@ extremely small.") (define-public perl-dbi (package (name "perl-dbi") - (version "1.636") + (version "1.637") (source (origin (method url-fetch) (uri (string-append @@ -1030,7 +1030,7 @@ extremely small.") version ".tar.gz")) (sha256 (base32 - "0v37vnr5p0bx396cj0lb5kb69jbryq2mspp602hbgd04gklxqzcg")))) + "1ikbsb6sb0bd2m1dqknl4vx7ikmnd41y0xq8np1l40g8jcjp2mr5")))) (build-system perl-build-system) (synopsis "Database independent interface for Perl") (description "This package provides an database interface for Perl.") @@ -1148,7 +1148,7 @@ introspected and examined.") (define-public perl-dbix-class-schema-loader (package (name "perl-dbix-class-schema-loader") - (version "0.07046") + (version "0.07047") (source (origin (method url-fetch) @@ -1156,7 +1156,7 @@ introspected and examined.") "DBIx-Class-Schema-Loader-" version ".tar.gz")) (sha256 (base32 - "08cgn0dx42y9xsxas9np7s55a7qmy4kf6sfmx0jmk4hryvbapml3")))) + "06s2q6xj95600sdlfph57spjk2z1gjs4zwq5b7mz7d5izcxgnwb6")))) (build-system perl-build-system) (native-inputs `(("perl-config-any" ,perl-config-any) @@ -1204,7 +1204,7 @@ columns, primary keys, unique constraints and relationships.") (define-public perl-dbd-pg (package (name "perl-dbd-pg") - (version "3.5.3") + (version "3.7.0") (source (origin (method url-fetch) @@ -1212,7 +1212,7 @@ columns, primary keys, unique constraints and relationships.") "DBD-Pg-" version ".tar.gz")) (sha256 (base32 - "03m9w1cd0yyrbqwkwcl92j1cpmasmm69f3hwvcrlfsi5fnwsk63y")))) + "0nb4wmkhq1q9f4g42sxy1m3d0xjqd3plqkxpmzni43ygr5ch8vp3")))) (build-system perl-build-system) (native-inputs `(("perl-dbi" ,perl-dbi))) @@ -1276,7 +1276,7 @@ module, and nothing else.") (define-public perl-sql-abstract (package (name "perl-sql-abstract") - (version "1.81") + (version "1.84") (source (origin (method url-fetch) @@ -1284,7 +1284,7 @@ module, and nothing else.") "SQL-Abstract-" version ".tar.gz")) (sha256 (base32 - "17sgwq3mvqjhv3b77cnvrq60xgp8harjhlnvpwmxc914rqc5ckaz")))) + "0xayvgv6nic61jm3nhg41rzwgm8h83wfyazvpaks0z7asjillpv5")))) (build-system perl-build-system) (native-inputs `(("perl-module-install" ,perl-module-install) diff --git a/gnu/packages/display-managers.scm b/gnu/packages/display-managers.scm index 7c7a70e950..fcc4f952a1 100644 --- a/gnu/packages/display-managers.scm +++ b/gnu/packages/display-managers.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2017 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -133,7 +134,7 @@ Qt-style API for Wayland clients.") (define-public sddm (package (name "sddm") - (version "0.16.0") + (version "0.17.0") (source (origin (method url-fetch) (uri (string-append @@ -142,7 +143,7 @@ Qt-style API for Wayland clients.") "sddm-" version ".tar.xz")) (sha256 (base32 - "0fwf1wsdak5yglykfyq4wbx9g9gi079n8ncjrdynz17hwwiql4z9")))) + "0ch6rdppgy2vbzw0c2x9a4c6ry46vx7p6b76d8xbh2nvxh23xv0k")))) (build-system cmake-build-system) (native-inputs `(("extra-cmake-modules" ,extra-cmake-modules) @@ -161,15 +162,15 @@ Qt-style API for Wayland clients.") (arguments `(#:configure-flags (list - ;; Currently doesn't do anything - ;; Option added by enable wayland greeters PR + ;; This option currently does nothing, but will presumably be enabled + ;; if/when <https://github.com/sddm/sddm/pull/616> is merged. "-DENABLE_WAYLAND=ON" "-DENABLE_PAM=ON" ;; Both flags are required for elogind support. "-DNO_SYSTEMD=ON" "-DUSE_ELOGIND=ON" "-DCONFIG_FILE=/etc/sddm.conf" - ;; Set path to /etc/login.defs - ;; Alternatively use -DUID_MIN and -DUID_MAX + ;; Set path to /etc/login.defs. + ;; An alternative would be to use -DUID_MIN and -DUID_MAX. (string-append "-DLOGIN_DEFS_PATH=" (assoc-ref %build-inputs "shadow") "/etc/login.defs") diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index e5e6cf0979..1cf14993c3 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -4206,14 +4206,14 @@ passive voice.") (name "emacs-org") ;; emacs-org-contrib inherits from this package. Please update its sha256 ;; checksum as well. - (version "20171116") + (version "20171205") (source (origin (method url-fetch) (uri (string-append "http://elpa.gnu.org/packages/org-" version ".tar")) (sha256 (base32 - "04adsyzjb6klai65g481sc964yyqcip7gqy7a1gp7qhfxx53z582")))) + "0a1rm94ci47jf5579sxscily680ysmy3hnxjcs073n45nk76za04")))) (build-system emacs-build-system) (home-page "http://orgmode.org/") (synopsis "Outline-based notes management and organizer") @@ -4233,7 +4233,7 @@ reproducible research.") (package-version emacs-org) ".tar")) (sha256 (base32 - "071vqv6hdyjp85ap39930782ks07ypjzch81r8kax3ybwfrf0chx")))) + "1y61csa284gy8l0fj0mv67mkm4fsi4lz401987qp6a6z260df4n5")))) (arguments `(#:modules ((guix build emacs-build-system) (guix build utils) @@ -4260,7 +4260,7 @@ reproducible research.") #t)))))) (propagated-inputs `(("emacs-org" ,emacs-org))) - (synopsis "Contributed packages to Org-mode") + (synopsis "Contributed packages to Org mode") (description "Org is an Emacs mode for keeping notes, maintaining TODO lists, and project planning with a fast and effective plain-text system. diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm index 5c36de1dd2..77b1386b53 100644 --- a/gnu/packages/engineering.scm +++ b/gnu/packages/engineering.scm @@ -693,6 +693,8 @@ language.") (string-take commit 7)) "-DCMAKE_BUILD_TYPE=Release" "-DKICAD_SKIP_BOOST=ON"; Use our system's boost library. + (string-append "-DCMAKE_INSTALL_LIBDIR=" + (assoc-ref %outputs "out") "/lib") "-DKICAD_SCRIPTING=ON" "-DKICAD_SCRIPTING_MODULES=ON" "-DKICAD_SCRIPTING_WXPYTHON=ON" @@ -721,14 +723,6 @@ language.") `("PYTHONPATH" ":" prefix (,path)) `("PATH" ":" prefix (,(string-append python "/bin:"))))) - #t)) - (add-after 'wrap-program 'install-lib-3d - (lambda* (#:key inputs outputs #:allow-other-keys) - (for-each - (lambda (file) - (install-file file (string-append (assoc-ref outputs "out") - "/lib"))) - (find-files "." "^libkicad_3dsg.*")) #t))))) (native-inputs `(("boost" ,boost) diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index d2306a9423..f20eb45f18 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org> ;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 ng0 <ng0@n0.is> +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -563,13 +564,13 @@ generate bitmaps.") (define-public python2-ufolib (package (name "python2-ufolib") - (version "2.1.0") + (version "2.1.1") (source (origin (method url-fetch) (uri (pypi-uri "ufoLib" version ".zip")) (sha256 - (base32 "1njin1465qqzshnrvcl5sbv0bsy15gj6fycbw4lmcnwkx5sldgyx")))) + (base32 "07qy6mx7z0wi9a30lc2hj5i9q1gnz1n8l40dmjz2c19mj9s6mz9l")))) (build-system python-build-system) (arguments `(#:python ,python-2)) @@ -589,14 +590,14 @@ files. UFO is a file format that stores fonts source files.") (define-public python2-defcon (package (name "python2-defcon") - (version "0.3.4") + (version "0.3.5") (source (origin (method url-fetch) (uri (pypi-uri "defcon" version ".zip")) (sha256 (base32 - "1f41w54fdjy9izxcwzqa142kd56whqsg9nq5k4508jb6iip84h89")))) + "03jlm2gy9lvbwj68kfdm43yaddwd634jwkdg4wf0jxx2s8mwbg22")))) (build-system python-build-system) (arguments `(#:python ,python-2)) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 91e2e3f245..bf0274aa9c 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -185,14 +185,14 @@ authentication and support for SSL3 and TLS.") (define-public gnurl (package (name "gnurl") - (version "7.56.1-2") + (version "7.57.0") (source (origin (method url-fetch) (uri (string-append "https://gnunet.org/sites/default/files/" name "-" version ".tar.bz2")) (sha256 (base32 - "092lpwjdg0z5bbf6i331ydm49qy05xrb3vagggmpi8pl7v3zv88j")))) + "1dykh12mc241jnxcd8q5pm1yw9ras53ywyba9f9dy5cq39j2mk9c")))) (build-system gnu-build-system) (outputs '("out" "doc")) ; 1.5 MiB of man3 pages diff --git a/gnu/packages/gnustep.scm b/gnu/packages/gnustep.scm index 195249c435..a6adc697a0 100644 --- a/gnu/packages/gnustep.scm +++ b/gnu/packages/gnustep.scm @@ -34,7 +34,8 @@ #:use-module (gnu packages fontutils) #:use-module (gnu packages image) #:use-module (gnu packages pkg-config) - #:use-module (gnu packages xml)) + #:use-module (gnu packages xml) + #:use-module (ice-9 match)) (define-public gnustep-make (package @@ -65,6 +66,7 @@ to easily create cross-compiled binaries.") (package (name "windowmaker") (version "0.95.8") + (synopsis "NeXTSTEP-like window manager") (source (origin (method url-fetch) (uri (string-append @@ -75,7 +77,10 @@ to easily create cross-compiled binaries.") "12p8kljqgx5hnic0zvs5mxwp7kg21sb6qjagb2qw8ydvf5amrgwx")))) (build-system gnu-build-system) (arguments - '(#:phases + `(#:modules ((guix build gnu-build-system) + (guix build utils) + (ice-9 match)) + #:phases (modify-phases %standard-phases (add-before 'configure 'pre-configure (lambda* (#:key outputs #:allow-other-keys) @@ -97,14 +102,33 @@ to easily create cross-compiled binaries.") (substitute* "src/defaults.c" (("len = strlen\\(text\\) \\+ 40;") (string-append "len = strlen(text) + 107;")))))) - (add-after 'install 'wrap + (add-after 'install 'install-xsession + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (xsessions (string-append out "/share/xsessions"))) + (mkdir-p xsessions) + (call-with-output-file + (string-append xsessions "/windowmaker.desktop") + (lambda (port) + (format port "~ + [Desktop Entry]~@ + Name=Window Maker~@ + Comment=~a~@ + Exec=~a/bin/wmaker~@ + Type=Application~%" + (string-map (match-lambda + (#\newline #\space) + (chr chr)) + ,synopsis) %output)))) + #t)) + (add-after 'install-xsession 'wrap (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (bin (string-append out "/bin"))) ;; In turn, 'wmaker.inst' wants to invoke 'wmmenugen' ;; etc., so make sure everything is in $PATH. (wrap-program (string-append bin "/wmaker.inst") - `("PATH" ":" prefix (,bin))))))))) + `("PATH" ":" prefix (,bin))))))))) (inputs `(("libxmu" ,libxmu) ("libxft" ,libxft) @@ -117,7 +141,6 @@ to easily create cross-compiled binaries.") (native-inputs `(("pkg-config" ,pkg-config))) (home-page "http://windowmaker.org/") - (synopsis "NeXTSTEP-like window manager") (description "Window Maker is an X11 window manager originally designed to provide integration support for the GNUstep Desktop Environment. In every way diff --git a/gnu/packages/haskell-check.scm b/gnu/packages/haskell-check.scm index 871e0b9790..6bcf6c9589 100644 --- a/gnu/packages/haskell-check.scm +++ b/gnu/packages/haskell-check.scm @@ -68,7 +68,7 @@ framework.") (define-public ghc-tasty-smallcheck (package (name "ghc-tasty-smallcheck") - (version "0.8.0.1") + (version "0.8.1") (source (origin (method url-fetch) @@ -78,14 +78,14 @@ framework.") ".tar.gz")) (sha256 (base32 - "0yckfbz8na8ccyw2911i3a4hd3fdncclk3ng5343hs5cylw6y4sm")))) + "1n66ngzllf3xrlqykwszlkwsi96n5nkm7xbpfq7774vpvfnafjri")))) (build-system haskell-build-system) (inputs `(("ghc-tasty" ,ghc-tasty) ("ghc-smallcheck" ,ghc-smallcheck) ("ghc-async" ,ghc-async) ("ghc-tagged" ,ghc-tagged))) - (home-page "http://documentup.com/feuerbach/tasty") + (home-page "https://documentup.com/feuerbach/tasty") (synopsis "SmallCheck support for the Tasty test framework") (description "This package provides SmallCheck support for the Tasty Haskell test framework.") @@ -122,7 +122,7 @@ Haskell test framework.") (define-public ghc-tasty-golden (package (name "ghc-tasty-golden") - (version "2.3.0.2") + (version "2.3.1.1") (source (origin (method url-fetch) @@ -132,7 +132,7 @@ Haskell test framework.") ".tar.gz")) (sha256 (base32 - "0n7nll1sx75n3lffwhgnjrxdn0jz1g0921z9mj193fxqw0wz8axh")))) + "0pcf5hsyp5mmbqn7krdm49jxpkjm6rb4j83j28f76h7q55dzm1wy")))) (build-system haskell-build-system) (inputs `(("ghc-temporary" ,ghc-temporary) @@ -147,10 +147,10 @@ Haskell test framework.") "https://github.com/feuerbach/tasty-golden") (synopsis "Golden tests support for tasty") (description - "This package provides support for 'golden testing'. A golden test is an -IO action that writes its result to a file. To pass the test, this output -file should be identical to the corresponding 'golden' file, which contains -the correct result for the test.") + "This package provides support for 'golden testing'. A @dfn{golden test} +is an IO action that writes its result to a file. To pass the test, this +output file should be identical to the corresponding 'golden' file, which +contains the correct result for the test.") (license license:expat))) ;; This package builds `clock` without tests, since the tests rely on tasty @@ -284,7 +284,7 @@ test-framework.") (define-public ghc-tasty-rerun (package (name "ghc-tasty-rerun") - (version "1.1.7") + (version "1.1.8") (source (origin (method url-fetch) (uri (string-append @@ -292,7 +292,7 @@ test-framework.") "tasty-rerun-" version ".tar.gz")) (sha256 (base32 - "18hz1xqinf59mzvd68ygj9333v0a32qxfcas7crn4iniq5zv71kj")))) + "0yg8cicfn3qaazvp4rbanzy3dyk95k3y1kkd4bykvkl9v4076788")))) (build-system haskell-build-system) (inputs `(("ghc-mtl" ,ghc-mtl) @@ -366,7 +366,7 @@ testing Unicode-related software.") (define-public ghc-quickcheck-io (package (name "ghc-quickcheck-io") - (version "0.1.2") + (version "0.2.0") (source (origin (method url-fetch) @@ -376,7 +376,7 @@ testing Unicode-related software.") ".tar.gz")) (sha256 (base32 - "1kf1kfw9fsmly0rvzvdf6jvdw10qhkmikyj0wcwciw6wad95w9sh")))) + "08k4v7pkgjf30pv5j2dfv1gqv6hclxlniyq2sps8zq4zswcr2xzv")))) (build-system haskell-build-system) (inputs `(("ghc-quickcheck" ,ghc-quickcheck) @@ -455,7 +455,7 @@ reporting and test statistics output.") (define-public ghc-test-framework-hunit (package (name "ghc-test-framework-hunit") - (version "0.3.0.1") + (version "0.3.0.2") (source (origin (method url-fetch) @@ -464,7 +464,7 @@ reporting and test statistics output.") version ".tar.gz")) (sha256 (base32 - "1h0h55kf6ff25nbfx1mhliwyknc0glwv3zi78wpzllbjbs7gvyfk")))) + "1y0b6vg8nfm43v90lxxcydhi6qlxhfy4vpxbzm5ic2w55bh8xjwm")))) (build-system haskell-build-system) (inputs `(("ghc-extensible-exceptions" ,ghc-extensible-exceptions) diff --git a/gnu/packages/haskell-web.scm b/gnu/packages/haskell-web.scm index bbbbfba53c..e43f20b843 100644 --- a/gnu/packages/haskell-web.scm +++ b/gnu/packages/haskell-web.scm @@ -65,7 +65,7 @@ for screen-scraping.") (define-public ghc-cookie (package (name "ghc-cookie") - (version "0.4.1.6") + (version "0.4.3") (source (origin (method url-fetch) @@ -75,7 +75,7 @@ for screen-scraping.") ".tar.gz")) (sha256 (base32 - "0b6ym6fn29p5az4dwydy036lxj131kagrmgb93w4bbkqfkds8b9s")))) + "0qpdydhb9gw590ffabqg70x7xvjpg8l74idqnrfbhv5yrr7hryzv")))) (build-system haskell-build-system) (inputs `(("ghc-old-locale" ,ghc-old-locale) @@ -95,7 +95,7 @@ for screen-scraping.") (define-public ghc-http-types (package (name "ghc-http-types") - (version "0.9") + (version "0.11") (source (origin (method url-fetch) @@ -105,11 +105,14 @@ for screen-scraping.") ".tar.gz")) (sha256 (base32 - "0ny15jgm5skhs2yx6snr13lrnw19hwjgfygrpsmhib8wqa8cz8cc")))) + "08w30rf1i7kbh2j1iajqmj6yhhmglnb8kjggc8kdni3xahhrgcss")))) (build-system haskell-build-system) - (arguments `(#:tests? #f)) ; FIXME: Tests cannot find - ; Blaze.Bytestring.Builder, which should be - ; provided by ghc-blaze-builder. + (native-inputs + `(("ghc-doctest" ,ghc-doctest) + ("ghc-hspec" ,ghc-hspec) + ("ghc-quickcheck" ,ghc-quickcheck) + ("ghc-quickcheck-instances" ,ghc-quickcheck-instances) + ("hspec-discover" ,hspec-discover))) (inputs `(("ghc-case-insensitive" ,ghc-case-insensitive) ("ghc-blaze-builder" ,ghc-blaze-builder) @@ -157,7 +160,7 @@ responses coming back.") (define-public ghc-http-client (package (name "ghc-http-client") - (version "0.5.6.1") + (version "0.5.7.1") (source (origin (method url-fetch) (uri (string-append "https://hackage.haskell.org/package/" @@ -165,7 +168,7 @@ responses coming back.") version ".tar.gz")) (sha256 (base32 - "1v9bdb8dkhb5g6jl9azk86ig7ia8xh9arr64n7s8r94fp0vl6c1c")))) + "19cvnnfcjj2m3pgs6ivyjs21rw9wx5ynarh6hvb27a76cscai2fy")))) (build-system haskell-build-system) ;; Tests require access to the web. (arguments `(#:tests? #f)) @@ -198,7 +201,7 @@ for more user-friendly packages.") (define-public ghc-http-client-tls (package (name "ghc-http-client-tls") - (version "0.3.4.1") + (version "0.3.5.1") (source (origin (method url-fetch) (uri (string-append "https://hackage.haskell.org/package/" @@ -206,7 +209,7 @@ for more user-friendly packages.") version ".tar.gz")) (sha256 (base32 - "1mbwdfn4hs8lcwml2l6xv4n068l9zlasyv6vwb2ylgm030pyv3xh")))) + "0n4mi8z77qaggfyq17z79cl304nf1f4h6gag60v4wjwghvmj7yn1")))) (build-system haskell-build-system) ;; Tests require Internet access (arguments `(#:tests? #f)) @@ -293,7 +296,7 @@ and HPACK. Currently HTTP/2 16 framing and HPACK 10 is supported.") (define-public ghc-http-conduit (package (name "ghc-http-conduit") - (version "2.2.3.1") + (version "2.2.4") (source (origin (method url-fetch) @@ -301,7 +304,7 @@ and HPACK. Currently HTTP/2 16 framing and HPACK 10 is supported.") "http-conduit-" version "/" "http-conduit-" version ".tar.gz")) (sha256 (base32 - "03na2nbm9la0shlijvjyb5mpp1prfskk4jmjy8iz707r0731dbjk")))) + "1wcl3lpg4v1ylq9j77j9fmf6l9qbmp8dmj3a9829q19q6bbgza7l")))) (build-system haskell-build-system) ;; FIXME: `httpLbs TLS` in test-suite `test` fails with ;; ConnectionFailure getProtocolByName: does not exist (no such protocol diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm index 4804f1b5f8..4d1aabff0b 100644 --- a/gnu/packages/haskell.scm +++ b/gnu/packages/haskell.scm @@ -829,17 +829,16 @@ tool lex or flex for C/C++.") (define-public ghc-cmdargs (package (name "ghc-cmdargs") - (version "0.10.13") + (version "0.10.18") (source (origin (method url-fetch) (uri (string-append "https://hackage.haskell.org/package/cmdargs/cmdargs-" - version - ".tar.gz")) + version ".tar.gz")) (sha256 (base32 - "0vmz7f0ssrqlp6wzmc0mjqj4qczfgk58g0lr0yz7jamamlgpq4b6")))) + "1lnmcsf6p9yrwwz1zvrw5lbc32xpff7b70yz4ylawaflnlz6wrlh")))) (build-system haskell-build-system) (home-page "http://community.haskell.org/~ndm/cmdargs/") @@ -1101,17 +1100,16 @@ PNG, PNM, TGA, TIFF, XCF, XPM, XV.") (define-public ghc-half (package (name "ghc-half") - (version "0.2.2.1") + (version "0.2.2.3") (source (origin (method url-fetch) (uri (string-append "https://hackage.haskell.org/package/half/half-" - version - ".tar.gz")) + version ".tar.gz")) (sha256 (base32 - "0zhwc6ps5w4ccnxl8sy623z4rjsafmnry69jpkw4hrbq11l402f1")))) + "0p4sb7vv9cljv48wlx65wgdnkryrk5d6yfh7g4yrm20w1p449hl5")))) (build-system haskell-build-system) (home-page "https://github.com/ekmett/half") (synopsis "Half-precision floating-point computations") @@ -1388,7 +1386,7 @@ old @code{time} library. For new projects, the newer (define-public ghc-dlist (package (name "ghc-dlist") - (version "0.7.1.2") + (version "0.8.0.3") (source (origin (method url-fetch) @@ -1397,7 +1395,7 @@ old @code{time} library. For new projects, the newer version ".tar.gz")) (sha256 - (base32 "10rp96rryij7d8gz5kv8ygc6chm1624ck5mbnqs2a3fkdzqj2b9k")))) + (base32 "0brgai4vs7xz29p06kd6gzg5bpa8iy3k7yzgcc44izspd74q4rw7")))) (build-system haskell-build-system) (inputs `(("ghc-quickcheck" ,ghc-quickcheck))) @@ -2364,8 +2362,8 @@ parser isolation, and labeled blocks for better error messages.") (base32 "0arvbaxgkawzdp38hh53akkahjg2aa3kj2b4ns0ni8a5ylg2cqmp")))) (build-system haskell-build-system) - (arguments `(#:tests? #f)) ; FIXME: Test fails with "cannot satisfy - ; -package contravariant-1.3.3" + (native-inputs + `(("ghc-doctest" ,ghc-doctest))) (inputs `(("ghc-contravariant" ,ghc-contravariant) ("ghc-distributive" ,ghc-distributive) @@ -2647,7 +2645,7 @@ online}.") (define-public ghc-exceptions (package (name "ghc-exceptions") - (version "0.8.0.2") + (version "0.8.3") (source (origin (method url-fetch) @@ -2657,9 +2655,11 @@ online}.") ".tar.gz")) (sha256 (base32 - "1x1bk1jf42k1gigiqqmkkh38z2ffhx8rsqiszdq3f94m2h6kw2h7")))) + "1gl7xzffsqmigam6zg0jsglncgzxqafld2p6kb7ccp9xirzdjsjd")))) (build-system haskell-build-system) - (arguments `(#:tests? #f)) ; FIXME: Missing test-framework package. + (native-inputs + `(("ghc-test-framework" ,ghc-test-framework) + ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2))) (inputs `(("ghc-stm" ,ghc-stm) ("ghc-mtl" ,ghc-mtl) @@ -2870,7 +2870,7 @@ encourages inductive, recursive definitions of graph algorithms.") (define-public ghc-chasingbottoms (package (name "ghc-chasingbottoms") - (version "1.3.0.13") + (version "1.3.1.3") (source (origin (method url-fetch) @@ -2878,14 +2878,7 @@ encourages inductive, recursive definitions of graph algorithms.") "ChasingBottoms-" version ".tar.gz")) (sha256 (base32 - "1fb86jd6cdz4rx3fj3r9n8d60kx824ywwy7dw4qnrdran46ja3pl")) - (modules '((guix build utils))) - (snippet - ;; The Hackage page and the cabal file linked there for this package - ;; both list 0.7 as the upper version limit, but the source tarball - ;; specifies 0.6. Assume the Hackage page is correct. - '(substitute* "ChasingBottoms.cabal" - (("syb >= 0.1.0.2 && < 0.6") "syb >= 0.1.0.2 && < 0.7"))))) + "04jwwjs22mqc4hvpp4c3gpb79inrrq5sapks5khknspv2hslm61q")))) (build-system haskell-build-system) (inputs `(("ghc-mtl" ,ghc-mtl) @@ -3451,7 +3444,7 @@ system.") (define-public ghc-base-compat (package (name "ghc-base-compat") - (version "0.8.2") + (version "0.9.3") (source (origin (method url-fetch) @@ -3461,7 +3454,7 @@ system.") ".tar.gz")) (sha256 (base32 - "02m93hzgxg4bcnp7xcc2fdh2hrsc2h6fwl8hix5nx9k864kwf41q")))) + "0452l6zf6fjhy4kxqwv6i6hhg6yfx4wcg450k3axpyj30l7jnq3x")))) (build-system haskell-build-system) (native-inputs `(("ghc-quickcheck" ,ghc-quickcheck) @@ -3579,19 +3572,23 @@ will eventually deliver a value of type @code{a}.") (define-public ghc-fingertree (package (name "ghc-fingertree") - (version "0.1.1.0") + (version "0.1.3.0") (source (origin (method url-fetch) (uri (string-append "https://hackage.haskell.org/package/fingertree/fingertree-" - version - ".tar.gz")) + version ".tar.gz")) (sha256 (base32 - "1w6x3kp3by5yjmam6wlrf9vap5l5rrqaip0djbrdp0fpf2imn30n")))) + "1ryjj7qrx70ckcjlr02x9zh86kfp76azbxq05r7hawqkaqg44sfs")))) (build-system haskell-build-system) - (arguments `(#:tests? #f)) ; FIXME: testing libraries are missing. + (native-inputs + `(("ghc-hunit" ,ghc-hunit) + ("ghc-quickcheck" ,ghc-quickcheck) + ("ghc-test-framework" ,ghc-test-framework) + ("ghc-test-framework-hunit" ,ghc-test-framework-hunit) + ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2))) (home-page "https://hackage.haskell.org/package/fingertree") (synopsis "Generic finger-tree structure") (description "This library provides finger trees, a general sequence @@ -3717,7 +3714,7 @@ unbounded @code{Integer} type.") (define-public ghc-clock (package (name "ghc-clock") - (version "0.5.1") + (version "0.7.2") (source (origin (method url-fetch) @@ -3726,7 +3723,7 @@ unbounded @code{Integer} type.") "clock/" "clock-" version ".tar.gz")) (sha256 - (base32 "1ncph7vi2q6ywwc8ysxl1ibw6i5dwfvln88ssfazk8jgpj4iyykw")))) + (base32 "07v91s20halsqjmziqb1sqjp2sjpckl9by7y28aaklwqi2bh2rl8")))) (build-system haskell-build-system) (inputs `(("ghc-tasty" ,ghc-tasty) @@ -3764,7 +3761,7 @@ Haskell, based on complemented PATRICIA tries.") (define-public ghc-bytestring-builder (package (name "ghc-bytestring-builder") - (version "0.10.6.0.0") + (version "0.10.8.1.0") (source (origin (method url-fetch) @@ -3773,7 +3770,7 @@ Haskell, based on complemented PATRICIA tries.") "/bytestring-builder-" version ".tar.gz")) (sha256 (base32 - "1mkg24zl0rapb3gqzkyj5ibp07wx3yzd72hmfczssl0is63rjhww")))) + "1hnvjac28y44yn78c9vdp1zvrknvlw98ky3g4n5vivr16rvh8x3d")))) (build-system haskell-build-system) (arguments `(#:haddock? #f)) ; Package contains no documentation. (home-page "https://hackage.haskell.org/package/bytestring-builder") @@ -3951,24 +3948,24 @@ indexed variants.") "0drx1hlqvdcrij4097q6bxhbfcqm73jsqv1wwhd3hsnjdmr46ch2")))) (build-system haskell-build-system) (inputs - `(("ghc-xss-sanitize" ,ghc-xss-sanitize) + `(("ghc-aeson" ,ghc-aeson) + ("ghc-blaze-html" ,ghc-blaze-html) ("ghc-data-default" ,ghc-data-default) + ("ghc-http-types" ,ghc-http-types) ("ghc-mtl" ,ghc-mtl) - ("ghc-text" ,ghc-text) - ("ghc-blaze-html" ,ghc-blaze-html) ("ghc-syb" ,ghc-syb) + ("ghc-text" ,ghc-text) ("ghc-uniplate" ,ghc-uniplate) - ("ghc-aeson" ,ghc-aeson) ("ghc-wai-extra" ,ghc-wai-extra) ("ghc-wai" ,ghc-wai) - ("ghc-http-types" ,ghc-http-types))) + ("ghc-xss-sanitize" ,ghc-xss-sanitize))) (home-page "https://github.com/jgm/cheapskate") (synopsis "Experimental markdown processor") (description "Cheapskate is an experimental Markdown processor in pure Haskell. It aims to process Markdown efficiently and in the most forgiving possible way. It is designed to deal with any input, including garbage, with -linear performance. Output is sanitized by default for protection against XSS -attacks.") +linear performance. Output is sanitized by default for protection against +cross-site scripting (@dfn{XSS}) attacks.") (license license:bsd-3))) (define-public ghc-bifunctors @@ -4034,7 +4031,7 @@ just a @code{Semigroup} are added.") (define-public ghc-contravariant (package (name "ghc-contravariant") - (version "1.3.3") + (version "1.4") (source (origin (method url-fetch) @@ -4044,7 +4041,7 @@ just a @code{Semigroup} are added.") ".tar.gz")) (sha256 (base32 - "184hcmhsznqrkmqlc1kza9pb5p591anva574ry8wrh81vqmhwfb5")))) + "117fff8kkrvlmr8cb2jpj71z7lf2pdiyks6ilyx89mry6zqnsrp1")))) (build-system haskell-build-system) (inputs `(("ghc-void" ,ghc-void) @@ -4092,7 +4089,7 @@ semigroup.") (define-public ghc-free (package (name "ghc-free") - (version "4.12.1") + (version "4.12.4") (source (origin (method url-fetch) @@ -4102,7 +4099,7 @@ semigroup.") ".tar.gz")) (sha256 (base32 - "0sr8phvrb4ny8j1wzq55rdn8q4br23q4pw2j276npr844825jr9p")))) + "1147s393442xf4gkpbq0rd1p286vmykgx85mxhk5d1c7wfm4bzn9")))) (build-system haskell-build-system) (inputs `(("ghc-prelude-extras" ,ghc-prelude-extras) @@ -4383,7 +4380,7 @@ using a simple box model.") (define-public ghc-deepseq-generics (package (name "ghc-deepseq-generics") - (version "0.1.1.2") + (version "0.2.0.0") (source (origin (method url-fetch) (uri (string-append "https://hackage.haskell.org/package/" @@ -4391,16 +4388,8 @@ using a simple box model.") version ".tar.gz")) (sha256 (base32 - "01pvigx8n9p8hwbzp2qiq6kzf7cxiam843jz2sjgliacmmp1v7l3")))) + "17bwghc15mc9pchfd1w46jh2p3wzc86aj6a537wqwxn08rayzcxh")))) (build-system haskell-build-system) - (arguments - `(#:phases - (modify-phases %standard-phases - (add-after 'unpack 'relax-ghc-prim-dependency - (lambda _ - (substitute* "deepseq-generics.cabal" - (("< 0.4") "< 0.5")) - #t))))) (native-inputs `(("ghc-hunit" ,ghc-hunit) ("ghc-test-framework" ,ghc-test-framework) @@ -4548,14 +4537,16 @@ descriptions.") (define-public ghc-cmark (package (name "ghc-cmark") - (version "0.5.3.1") + (version "0.5.6") (source (origin (method url-fetch) + ;; XXX As of version 0.5.6, this package bundles libcmark 0.28.0. + ;; See cbits/cmark_version.h. (uri (string-append "https://hackage.haskell.org/package/" "cmark/cmark-" version ".tar.gz")) (sha256 (base32 - "09515h9b26az9c2mbl6l7azimaixa6yff8w359k0ml8jwykjvqaa")))) + "1c1j3a8b9qx5zk9myqm3gap8ymz7fipwrdmyfsq9wkkdr9x4np45")))) (build-system haskell-build-system) (inputs `(("ghc-text" ,ghc-text))) @@ -4566,14 +4557,14 @@ descriptions.") (description "This package provides Haskell bindings for @uref{https://github.com/jgm/cmark, libcmark}, the reference parser for -CommonMark, a fully specified variant of Markdown. It includes sources for -libcmark (0.21.0) and does not require prior installation of the C library.") +CommonMark, a fully specified variant of Markdown. It includes bundled libcmark +sources, and does not require prior installation of the C library.") (license license:bsd-3))) (define-public ghc-executable-path (package (name "ghc-executable-path") - (version "0.0.3") + (version "0.0.3.1") (source (origin (method url-fetch) (uri (string-append "https://hackage.haskell.org/package/" @@ -4581,7 +4572,7 @@ libcmark (0.21.0) and does not require prior installation of the C library.") version ".tar.gz")) (sha256 (base32 - "1jg58qf19qz93c60ryglcavwdcysz4fd4qn8kpw5im9w9kniawlc")))) + "0vxwmnsvx13cawcyhbyljkds0l1vr996ijldycx7nj0asjv45iww")))) (build-system haskell-build-system) (home-page "https://hackage.haskell.org/package/executable-path") (synopsis "Find out the full path of the executable") @@ -4595,7 +4586,7 @@ as invoked.\" This library tries to provide the missing path.") (define-public ghc-enclosed-exceptions (package (name "ghc-enclosed-exceptions") - (version "1.0.1.1") + (version "1.0.2") (source (origin (method url-fetch) (uri (string-append "https://hackage.haskell.org/package/" @@ -4603,7 +4594,7 @@ as invoked.\" This library tries to provide the missing path.") version ".tar.gz")) (sha256 (base32 - "16ax1kqdsk4apg642qxkm2hf9vb5hzmkd14zmkxra8ssp8rn28z5")))) + "1wc9h6zdnb5impvvml6vnjapajjanw7zgpnzg7c0v7115nwfm6vv")))) (build-system haskell-build-system) (inputs `(("ghc-lifted-base" ,ghc-lifted-base) @@ -5689,7 +5680,7 @@ this problem.") (define-public ghc-bytestring-handle (package (name "ghc-bytestring-handle") - (version "0.1.0.4") + (version "0.1.0.6") (source (origin (method url-fetch) @@ -5698,14 +5689,14 @@ this problem.") version ".tar.gz")) (sha256 (base32 - "0q5yzx90ad9w7qvaix05bynxwlsbqjrgfc4hqb355ibf991wd0rh")))) + "18f17aja1ivhr3zyg2cccn2m03hdn5jf5410dndkhf12gvgiqs7y")))) (build-system haskell-build-system) (inputs - `(("ghc-quickcheck" ,ghc-quickcheck) - ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2) - ("ghc-hunit" ,ghc-hunit) + `(("ghc-hunit" ,ghc-hunit) + ("ghc-quickcheck" ,ghc-quickcheck) + ("ghc-test-framework" ,ghc-test-framework) ("ghc-test-framework-hunit" ,ghc-test-framework-hunit) - ("ghc-test-framework" ,ghc-test-framework))) + ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2))) (home-page "http://hub.darcs.net/ganesh/bytestring-handle") (synopsis "ByteString-backed Handles") (description "ByteString-backed Handles") ; There is no description @@ -5880,7 +5871,7 @@ the @code{mtl-tf} package.") (define-public ghc-bytestring (package (name "ghc-bytestring") - (version "0.10.8.1") + (version "0.10.8.2") (source (origin (method url-fetch) @@ -5889,18 +5880,18 @@ the @code{mtl-tf} package.") version ".tar.gz")) (sha256 (base32 - "16zwb1p83z7vc5wlhvknpy80b5a2jxc5awx67rk52qnp9idmyq9d")))) + "0fjc5ybxx67l0kh27l6vq4saf88hp1wnssj5ka90ii588y76cvys")))) (build-system haskell-build-system) (inputs - `(("ghc-random" ,ghc-random) + `(("ghc-dlist" ,ghc-dlist) + ("ghc-byteorder" ,ghc-byteorder) + ("ghc-hunit" ,ghc-hunit) + ("ghc-mtl" ,ghc-mtl) + ("ghc-quickcheck" ,ghc-quickcheck) + ("ghc-random" ,ghc-random) ("ghc-test-framework" ,ghc-test-framework) ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2) - ("ghc-quickcheck" ,ghc-quickcheck) - ("ghc-test-framework-hunit" ,ghc-test-framework-hunit) - ("ghc-hunit" ,ghc-hunit) - ("ghc-byteorder" ,ghc-byteorder) - ("ghc-dlist" ,ghc-dlist) - ("ghc-mtl" ,ghc-mtl))) + ("ghc-test-framework-hunit" ,ghc-test-framework-hunit))) (arguments `(#:tests? #f)) ; Test number two becomes non-responsive for 20+ minutes (home-page "https://github.com/haskell/bytestring") @@ -5939,7 +5930,7 @@ supported. A module of colour names (\"Data.Colour.Names\") is provided.") (define-public ghc-directory (package (name "ghc-directory") - (version "1.2.7.0") + (version "1.3.1.5") (source (origin (method url-fetch) @@ -5948,7 +5939,7 @@ supported. A module of colour names (\"Data.Colour.Names\") is provided.") version ".tar.gz")) (sha256 (base32 - "0h3hrqskadmbigaxbz2k5xxjjjlmfaq2zdn2g7jh1wv9k6yrxraa")))) + "0zkqihmdfz7bzv3sxh1p9ijl4vra880kfy3qy9h96flq7d2if0f2")))) (build-system haskell-build-system) (home-page "http://hackage.haskell.org/package/directory") (synopsis "Platform-agnostic library for filesystem operations") @@ -6011,7 +6002,7 @@ files and directories in a portable way.") (define-public ghc-fgl-arbitrary (package (name "ghc-fgl-arbitrary") - (version "0.2.0.2") + (version "0.2.0.3") (source (origin (method url-fetch) @@ -6020,7 +6011,7 @@ files and directories in a portable way.") version ".tar.gz")) (sha256 (base32 - "12qbsla4vivffris6y3gj29vrafkpyazqdbdy2m55nggypqpf7ah")))) + "0ln1szgfy8fa78l3issq4fx3aqnnd54w3cb4wssrfi48vd5rkfjm")))) (build-system haskell-build-system) (inputs `(("ghc-fgl" ,ghc-fgl) @@ -7104,8 +7095,8 @@ different API. @item @code{IntPSQ p v} is a far more efficient implementation. It fixes the key type to @code{Int} and uses a -@code{http://en.wikipedia.org/wiki/Radix_tree, radix tree} -(like @code{IntMap}) with an additional min-heap property. +@code{http://en.wikipedia.org/wiki/Radix_tree, radix tree} (like @code{IntMap}) +with an additional min-heap property. @item @code{HashPSQ k p v} is a fairly straightforward extension of @code{IntPSQ}: it simply uses the keys' hashes as indices in the @@ -7131,7 +7122,7 @@ Typical applications of Priority Search Queues include: (define-public ghc-glob (package (name "ghc-glob") - (version "0.7.14") + (version "0.9.1") (source (origin (method url-fetch) @@ -7140,7 +7131,7 @@ Typical applications of Priority Search Queues include: "Glob-" version ".tar.gz")) (sha256 (base32 - "0aw43izg8vlvjl40ms6k92w7gxg7n3l6smdvzla47fp82s4vhdr8")))) + "0rzmsknl02p332dxmm36fyrz3dpma7bchn0ymyjipxvqil20pjw0")))) (build-system haskell-build-system) (inputs `(("ghc-dlist" ,ghc-dlist) @@ -7154,7 +7145,7 @@ Typical applications of Priority Search Queues include: ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2))) (home-page "http://iki.fi/matti.niemenmaa/glob/") (synopsis "Haskell library matching glob patterns against file paths") - (description "This package providesa Haskell library for globbing: + (description "This package providesa Haskell library for @dfn{globbing}: matching patterns against file paths.") (license license:bsd-3))) @@ -7886,7 +7877,7 @@ vector. ") (define-public ghc-foldl (package (name "ghc-foldl") - (version "1.3.2") + (version "1.3.5") (source (origin (method url-fetch) @@ -7895,7 +7886,7 @@ vector. ") "foldl-" version ".tar.gz")) (sha256 (base32 - "1z3xjz4khs2kr3mqkbh7dz4kd6gkdk2r67wjkvrxnmp533aqh90n")))) + "10qsp7dj2xsq4q2xm6x6b12y5pq32qf7my41hnkmdwwbccvhdxb2")))) (build-system haskell-build-system) (inputs `(("ghc-mwc-randam" ,ghc-mwc-random) ("ghc-primitive" ,ghc-primitive) @@ -7994,14 +7985,14 @@ as well as a convenient Conduit module.") (define-public ghc-aws (package (name "ghc-aws") - (version "0.17.1") + (version "0.18") (source (origin (method url-fetch) (uri (string-append "https://hackage.haskell.org/package/" "aws-" version "/aws-" version ".tar.gz")) (sha256 (base32 - "1q4qh58vj8447a4fl88n3nkpdc4yv293qsh02w6zvszd6ch61yh7")))) + "0h7473wkvc5xjzx5fd5k5fp70rjq5gqmn1cpy95mswvvfsq3irxj")))) (build-system haskell-build-system) (arguments `(#:tests? #f)) ; Tests require AWS credentials. (inputs @@ -8015,7 +8006,7 @@ as well as a convenient Conduit module.") ("ghc-cereal" ,ghc-cereal) ("ghc-conduit" ,ghc-conduit) ("ghc-conduit-extra" ,ghc-conduit-extra) - ("ghc-cryptohash" ,ghc-cryptohash) + ("ghc-cryptonite" ,ghc-cryptonite) ("ghc-data-default" ,ghc-data-default) ("ghc-http-conduit" ,ghc-http-conduit) ("ghc-http-types" ,ghc-http-types) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index c9fbbb0a45..0be488dec3 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -1070,7 +1070,7 @@ bootstrapping purposes.") (license license:gpl2+))) (define-public icedtea-7 - (let* ((version "2.6.11") + (let* ((version "2.6.12") (drop (lambda (name hash) (origin (method url-fetch) @@ -1088,7 +1088,7 @@ bootstrapping purposes.") version ".tar.xz")) (sha256 (base32 - "1ibp6ybqnf8g7mbs45bkbv44dwz4h2w9gr4rh15yvr1m8lqkq1i0")) + "0s0zh0mj1sab99kb516lsgq3859vsc951phc565gwix4l5g9zppk")) (modules '((guix build utils))) (snippet '(substitute* "Makefile.in" @@ -1498,25 +1498,25 @@ bootstrapping purposes.") (native-inputs `(("openjdk-src" ,(drop "openjdk" - "1zhr4l9kxnbzghcsgjk3vmih9qpg1wrr9qry7fx04l97svp1ylhd")) + "15qf3nfidgnigh2zny6djfp8bhfwjnwk9i06mxs2jbq6na953ql2")) ("corba-drop" ,(drop "corba" - "108v15ncb2rnsyzgzncjlm1f57d1sv60zd9qbpas8kqmvpp8r0gz")) + "1phvn8fyl5mw2n2sn97f17nm442k75xsz2023bfw4h66ywzkqhqy")) ("jaxp-drop" ,(drop "jaxp" - "0zcpcmm3g1s7m31glrbw3ys7azi97ixcvbyxd40y9xzdja3jyr52")) + "0j4ms6lmnfa2cwfh9yfqdfg1bnn3fc40ay4x6k8zqa8yvspik5w5")) ("jaxws-drop" ,(drop "jaxws" - "1gkqm0p3sr8d0xpki3fhf7cvmgqxx8ambgl5f3jx2plfnhsg96d2")) + "09sddj73k7n29s39hvdk14r130mvlknbxkpd2w58f34sq5sgpdrg")) ("jdk-drop" ,(drop "jdk" - "1d9fjnzdx4m6gwkvmj2n097ag0mvkhm3lldaxjki8x8c6a5clknf")) + "0q896zz8wyswmksy225q1k27nz3v3l27052dcvvpv20ryykz8yp7")) ("langtools-drop" ,(drop "langtools" - "0zscdp9arcq7gr8j7jq4m75gq0w1i3ryxpdnrc8fl0msh4w2s2k5")) + "0niicyfccim4a9is4akh87jd7wbl8jrazdaab957mcv9l1x3bnqc")) ("hotspot-drop" ,(drop "hotspot" - "1y6vnssn5y50x27g4ypdb5wwpmi7zf7jdi8gqbymkwf6n8p5y1d6")) + "1jw42qhbm3wfavk39304m53lmqipcllrvjqiab2f42mjs10i8gfx")) ("ant" ,ant-bootstrap) ("attr" ,attr) ("coreutils" ,coreutils) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 995864f33e..28954b5ab6 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -369,8 +369,8 @@ It has been modified to remove all non-free binary blobs.") (define %intel-compatible-systems '("x86_64-linux" "i686-linux")) (define %linux-compatible-systems '("x86_64-linux" "i686-linux" "armhf-linux")) -(define %linux-libre-version "4.14.3") -(define %linux-libre-hash "1hs94lj2bryci4m75bfrhhj9aqrjpq6a57nhxic63zj6xjhi53l7") +(define %linux-libre-version "4.14.4") +(define %linux-libre-hash "1hl4n1jpqd05b7qnxbwjmbl2l5cgrh2spqsjq1fnihphmawjd3li") ;; linux-libre configuration for armhf-linux is derived from Debian armmp. It ;; supports qemu "virt" machine and possibly a large number of ARM boards. @@ -383,14 +383,14 @@ It has been modified to remove all non-free binary blobs.") #:configuration-file kernel-config)) (define-public linux-libre-4.9 - (make-linux-libre "4.9.66" - "0k29i5wnljck4nwkzcjxjfzrddwifj2pb6zxqh7f522j9cw2g4zd" + (make-linux-libre "4.9.67" + "1fr8h4g3j4ns0x33i36kgsgb175cdz9v530gx8sxcrbkd10i9i07" %intel-compatible-systems #:configuration-file kernel-config)) (define-public linux-libre-4.4 - (make-linux-libre "4.4.103" - "1x2pyrjz8myja77nz0zg2k74yrcbiq7g1caqjnafbgc8qwh31fp8" + (make-linux-libre "4.4.104" + "1971hphyqbzh80frkbidbqwhgk21r5p2a42bihjcd5kh3pssn4zl" %intel-compatible-systems #:configuration-file kernel-config)) diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm index d5f55b9631..3fd1c43d4a 100644 --- a/gnu/packages/lua.scm +++ b/gnu/packages/lua.scm @@ -173,21 +173,21 @@ language.") (define-public lua5.1-socket (package (name "lua5.1-socket") - (version "2.0.2") + (version "3.0-rc1") (source (origin (method url-fetch) - (uri (string-append "http://files.luaforge.net/releases/" - "luasocket/luasocket/luasocket-" - version "/luasocket-" version ".tar.gz")) + (uri (string-append + "https://github.com/diegonehab/luasocket/archive/v" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "19ichkbc4rxv00ggz8gyf29jibvc2wq9pqjik0ll326rrxswgnag")))) + "0j8jx8bjicvp9khs26xjya8c495wrpb7parxfnabdqa5nnsxjrwb")))) (build-system gnu-build-system) (arguments `(#:make-flags (let ((out (assoc-ref %outputs "out"))) - (list (string-append "INSTALL_TOP_SHARE=" out "/share/lua/5.1") - (string-append "INSTALL_TOP_LIB=" out "/lib/lua/5.1"))) + (list (string-append "INSTALL_TOP=" out))) #:phases (modify-phases %standard-phases (delete 'configure) diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm index b6452c54c3..9525c9f5d1 100644 --- a/gnu/packages/messaging.scm +++ b/gnu/packages/messaging.scm @@ -875,7 +875,7 @@ instant messenger with audio and video chat capabilities.") (("TIMESTAMP") "\"\"")) #t))))) (inputs - `(("ffmpeg" ,ffmpeg-3.3) + `(("ffmpeg" ,ffmpeg) ("filteraudio", filteraudio) ("glib" ,glib) ("gtk+" ,gtk+-2) diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm index 173fdfaad1..1aabe814be 100644 --- a/gnu/packages/music.scm +++ b/gnu/packages/music.scm @@ -56,8 +56,11 @@ #:use-module (gnu packages check) #:use-module (gnu packages cmake) #:use-module (gnu packages compression) + #:use-module (gnu packages crypto) #:use-module (gnu packages curl) #:use-module (gnu packages cyrus-sasl) + #:use-module (gnu packages databases) + #:use-module (gnu packages datastructures) #:use-module (gnu packages docbook) #:use-module (gnu packages documentation) #:use-module (gnu packages emacs) @@ -75,12 +78,14 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages graphics) + #:use-module (gnu packages gstreamer) #:use-module (gnu packages gtk) #:use-module (gnu packages guile) #:use-module (gnu packages image) #:use-module (gnu packages imagemagick) #:use-module (gnu packages java) #:use-module (gnu packages libffi) + #:use-module (gnu packages libusb) #:use-module (gnu packages linux) ; for alsa-utils #:use-module (gnu packages lirc) #:use-module (gnu packages llvm) @@ -93,6 +98,7 @@ #:use-module (gnu packages pdf) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages protobuf) #:use-module (gnu packages pulseaudio) ;libsndfile #:use-module (gnu packages python) #:use-module (gnu packages python-web) @@ -179,6 +185,114 @@ and play MIDI files with a few clicks in a user-friendly interface offering score, keyboard, guitar, drum and controller views.") (license license:gpl3+))) +;; We don't use the latest release because it depends on Qt4. Instead we +;; download the sources from the tip of the "qt5" branch. +(define-public clementine + (let ((commit "0a59257dc334b8df60a4d7d90b04f1766747efcf") + (revision "1")) + (package + (name "clementine") + (version (string-append "1.3.1-" revision "." (string-take commit 7))) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/clementine-player/Clementine.git") + (commit commit))) + (file-name (string-append name "-" version "-checkout")) + (sha256 + (base32 + "0cdcj7di7j9jgzc1ihjna1a5df64f9hnmx7b9kh8rlg76hc0l0hi")) + (modules '((guix build utils))) + (snippet + '(for-each + (lambda (dir) + (delete-file-recursively + (string-append "3rdparty/" dir))) + (list + ;; TODO: The following dependencies are still bundled: + ;; - "qxt": Appears to be unmaintained upstream. + ;; - "qsqlite" + ;; - "qtsingleapplication" + ;; - "qocoa" + ;; - "qtiocompressor" + ;; - "gmock": The tests crash when using our googletest + ;; package instead of the bundled gmock. + "SPMediaKeyTap" + "fancytabwidget" + "google-breakpad" + "libmygpo-qt" + "libmygpo-qt5" + "libprojectm" + "qtwin" + "sha2" ;; Replaced by openssl. + "taglib" + "tinysvcmdns"))) + (patches (search-patches "clementine-use-openssl.patch")))) + (build-system cmake-build-system) + (arguments + '(#:test-target "clementine_test" + #:configure-flags + (let ((crypto (assoc-ref %build-inputs "crypto++"))) + (list "-DENABLE_VISUALISATIONS=OFF" ; requires unpackaged "projectm" + "-DCRYPTOPP_FOUND=TRUE" + (string-append "-DCRYPTOPP_INCLUDE_DIRS=" crypto "/include") + (string-append "-DCRYPTOPP_LIBRARY_DIRS=" crypto "/lib") + (string-append "-DCRYPTOPP_LIBRARIES=" crypto "/lib/libcryptopp.a") + "-DUSE_SYSTEM_SHA2=TRUE")) + #:phases + (modify-phases %standard-phases + (add-after 'install 'wrap-program + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (gst-plugin-path (getenv "GST_PLUGIN_SYSTEM_PATH"))) + (wrap-program (string-append out "/bin/clementine") + `("GST_PLUGIN_SYSTEM_PATH" ":" prefix (,gst-plugin-path))) + #t)))))) + (native-inputs + `(("gettext" ,gettext-minimal) + ("pkg-config" ,pkg-config) + ("qtlinguist" ,qttools))) + (inputs + `(("boost" ,boost) + ("chromaprint" ,chromaprint) + ("crypto++" ,crypto++) + ("fftw" ,fftw) + ("glib" ,glib) + ("glu" ,glu) + ("gstreamer" ,gstreamer) + ("gst-plugins-base" ,gst-plugins-base) + ("libcdio" ,libcdio) + ("libmygpo-qt" ,libmygpo-qt) + ("libechonest" ,libechonest) + ;; TODO: Package libgpod. + ("libmtp" ,libmtp) + ("libxml2" ,libxml2) + ("openssl" ,openssl) + ("protobuf" ,protobuf) + ("pulseaudio" ,pulseaudio) + ("qtbase" ,qtbase) + ("qtx11extras" ,qtx11extras) + ("qtwebkit" ,qtwebkit) + ("sqlite" ,sqlite-with-fts3) + ("sparsehash" ,sparsehash) + ("taglib" ,taglib))) + (home-page "http://clementine-player.org") + (synopsis "Music player and library organizer") + (description "Clementine is a multiplatform music player. It is inspired +by Amarok 1.4, focusing on a fast and easy-to-use interface for searching and +playing your music.") + (license (list + ;; clementine and qtiocompressor are under GPLv3. + license:gpl3+ + ;; gmock is under BSD-3. + license:bsd-3 + ;; qxt is under CPL1.0. + license:cpl1.0 + ;; qsqlite and qtsingleapplication are under LGPL2.1+. + license:lgpl2.1+ + ;; qocoa is under MIT and CC by-sa for the icons. + license:cc-by-sa3.0))))) + (define-public cmus (package (name "cmus") @@ -1697,7 +1811,7 @@ backends, including ALSA, OSS, Network and FluidSynth.") (define-public zynaddsubfx (package (name "zynaddsubfx") - (version "3.0.2") + (version "3.0.3") (source (origin (method url-fetch) (uri (string-append @@ -1705,7 +1819,7 @@ backends, including ALSA, OSS, Network and FluidSynth.") version "/zynaddsubfx-" version ".tar.bz2")) (sha256 (base32 - "09mr23lqc51r7gskry5b7hk84pghdpgn1s4vnrzvx7xpa21gvplm")))) + "1hfpiqdm337gl4ynkmmp2qss2m5z8mzqzjrbiyg6w1v4js7l9phi")))) (build-system cmake-build-system) (arguments `(#:phases @@ -1890,14 +2004,14 @@ computer's keyboard.") (define-public qtractor (package (name "qtractor") - (version "0.8.4") + (version "0.8.5") (source (origin (method url-fetch) (uri (string-append "http://downloads.sourceforge.net/qtractor/" "qtractor-" version ".tar.gz")) (sha256 (base32 - "17bbjfn94843g5q1h7xh23fwyazpfgg4fw6drrn5wgk2vx7qpkis")))) + "0anhsd3gg8cxbf31mn2mimf19ycbbxqvd7ldizk93yq2zfbzzqqa")))) (build-system gnu-build-system) (arguments `(#:tests? #f)) ; no "check" target (inputs @@ -3407,3 +3521,30 @@ the electronic or dubstep genre.") designed to make a developer's life easy when trying to use the APIs provided by The Echo Nest.") (license license:gpl2+))) + +(define-public libmygpo-qt + (package + (name "libmygpo-qt") + (version "1.0.9") + (source (origin + (method url-fetch) + (uri (string-append "http://stefan.derkits.at/files/" + "libmygpo-qt/libmygpo-qt." version ".tar.gz")) + (sha256 + (base32 + "1wsgh2vjnd52rkvpncj1ycpbp84sj9hh12ija46b42z9mmqf2jm4")) + (patches + (search-patches "libmygpo-qt-fix-jsoncreatortest.patch")))) + (build-system cmake-build-system) + (arguments + '(#:configure-flags '("-DBUILD_WITH_QT4=OFF"))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("qt" ,qtbase))) + (home-page "http://wiki.gpodder.org/wiki/Libmygpo-qt") + (synopsis "Qt/C++ library wrapping the gpodder web service") + (description "@code{libmygpo-qt} is a Qt/C++ library wrapping the +@url{https://gpodder.net} APIs. It allows applications to discover, manage +and track podcasts.") + (license license:lgpl2.1+))) diff --git a/gnu/packages/openstack.scm b/gnu/packages/openstack.scm index 31922833b7..90168ef70b 100644 --- a/gnu/packages/openstack.scm +++ b/gnu/packages/openstack.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 Cyril Roelandt <tipecaml@gmail.com> ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> -;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org> +;;; Copyright © 2016, 2017 Clément Lassieur <clement@lassieur.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -849,14 +849,14 @@ permanence.") (define-public python-git-review (package (name "python-git-review") - (version "1.25.0") + (version "1.26.0") (source (origin (method url-fetch) (uri (pypi-uri "git-review" version)) (sha256 (base32 - "07d1jn9ryff5j5ic6qj5pbk10m1ccmpllj0wyalrcms1q9yhlzh8")))) + "150b1zvm6favd1ad8yl2bilq7xkr4m1mw9510frh47f8ghfkqz28")))) (build-system python-build-system) (arguments '(#:tests? #f ; tests require a running Gerrit server diff --git a/gnu/packages/patches/bazaar-CVE-2017-14176.patch b/gnu/packages/patches/bazaar-CVE-2017-14176.patch new file mode 100644 index 0000000000..0e9083b97d --- /dev/null +++ b/gnu/packages/patches/bazaar-CVE-2017-14176.patch @@ -0,0 +1,166 @@ +Fix CVE-2017-14176: + +https://bugs.launchpad.net/bzr/+bug/1710979 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14176 + +Patch copied from Debian's Bazaar package version bzr_2.7.0+bzr6619-7+deb9u1: + +https://alioth.debian.org/scm/loggerhead/pkg-bazaar/bzr/2.7/revision/4204 + +Description: Prevent SSH command line options from being specified in bzr+ssh:// URLs +Bug: https://bugs.launchpad.net/brz/+bug/1710979 +Bug-Debian: https://bugs.debian.org/874429 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14176 +Forwarded: no +Author: Jelmer Vernooij <jelmer@jelmer.uk> +Last-Update: 2017-11-26 + +=== modified file 'bzrlib/tests/test_ssh_transport.py' +--- old/bzrlib/tests/test_ssh_transport.py 2010-10-07 12:45:51 +0000 ++++ new/bzrlib/tests/test_ssh_transport.py 2017-08-20 01:59:20 +0000 +@@ -22,6 +22,7 @@ + SSHCorpSubprocessVendor, + LSHSubprocessVendor, + SSHVendorManager, ++ StrangeHostname, + ) + + +@@ -161,6 +162,19 @@ + + class SubprocessVendorsTests(TestCase): + ++ def test_openssh_command_tricked(self): ++ vendor = OpenSSHSubprocessVendor() ++ self.assertEqual( ++ vendor._get_vendor_specific_argv( ++ "user", "-oProxyCommand=blah", 100, command=["bzr"]), ++ ["ssh", "-oForwardX11=no", "-oForwardAgent=no", ++ "-oClearAllForwardings=yes", ++ "-oNoHostAuthenticationForLocalhost=yes", ++ "-p", "100", ++ "-l", "user", ++ "--", ++ "-oProxyCommand=blah", "bzr"]) ++ + def test_openssh_command_arguments(self): + vendor = OpenSSHSubprocessVendor() + self.assertEqual( +@@ -171,6 +185,7 @@ + "-oNoHostAuthenticationForLocalhost=yes", + "-p", "100", + "-l", "user", ++ "--", + "host", "bzr"] + ) + +@@ -184,9 +199,16 @@ + "-oNoHostAuthenticationForLocalhost=yes", + "-p", "100", + "-l", "user", +- "-s", "host", "sftp"] ++ "-s", "--", "host", "sftp"] + ) + ++ def test_openssh_command_tricked(self): ++ vendor = SSHCorpSubprocessVendor() ++ self.assertRaises( ++ StrangeHostname, ++ vendor._get_vendor_specific_argv, ++ "user", "-oProxyCommand=host", 100, command=["bzr"]) ++ + def test_sshcorp_command_arguments(self): + vendor = SSHCorpSubprocessVendor() + self.assertEqual( +@@ -209,6 +231,13 @@ + "-s", "sftp", "host"] + ) + ++ def test_lsh_command_tricked(self): ++ vendor = LSHSubprocessVendor() ++ self.assertRaises( ++ StrangeHostname, ++ vendor._get_vendor_specific_argv, ++ "user", "-oProxyCommand=host", 100, command=["bzr"]) ++ + def test_lsh_command_arguments(self): + vendor = LSHSubprocessVendor() + self.assertEqual( +@@ -231,6 +260,13 @@ + "--subsystem", "sftp", "host"] + ) + ++ def test_plink_command_tricked(self): ++ vendor = PLinkSubprocessVendor() ++ self.assertRaises( ++ StrangeHostname, ++ vendor._get_vendor_specific_argv, ++ "user", "-oProxyCommand=host", 100, command=["bzr"]) ++ + def test_plink_command_arguments(self): + vendor = PLinkSubprocessVendor() + self.assertEqual( + +=== modified file 'bzrlib/transport/ssh.py' +--- old/bzrlib/transport/ssh.py 2015-07-31 01:04:41 +0000 ++++ new/bzrlib/transport/ssh.py 2017-08-20 01:59:20 +0000 +@@ -46,6 +46,10 @@ + from paramiko.sftp_client import SFTPClient + + ++class StrangeHostname(errors.BzrError): ++ _fmt = "Refusing to connect to strange SSH hostname %(hostname)s" ++ ++ + SYSTEM_HOSTKEYS = {} + BZR_HOSTKEYS = {} + +@@ -360,6 +364,11 @@ + # tests, but beware of using PIPE which may hang due to not being read. + _stderr_target = None + ++ @staticmethod ++ def _check_hostname(arg): ++ if arg.startswith('-'): ++ raise StrangeHostname(hostname=arg) ++ + def _connect(self, argv): + # Attempt to make a socketpair to use as stdin/stdout for the SSH + # subprocess. We prefer sockets to pipes because they support +@@ -424,9 +433,9 @@ + if username is not None: + args.extend(['-l', username]) + if subsystem is not None: +- args.extend(['-s', host, subsystem]) ++ args.extend(['-s', '--', host, subsystem]) + else: +- args.extend([host] + command) ++ args.extend(['--', host] + command) + return args + + register_ssh_vendor('openssh', OpenSSHSubprocessVendor()) +@@ -439,6 +448,7 @@ + + def _get_vendor_specific_argv(self, username, host, port, subsystem=None, + command=None): ++ self._check_hostname(host) + args = [self.executable_path, '-x'] + if port is not None: + args.extend(['-p', str(port)]) +@@ -460,6 +470,7 @@ + + def _get_vendor_specific_argv(self, username, host, port, subsystem=None, + command=None): ++ self._check_hostname(host) + args = [self.executable_path] + if port is not None: + args.extend(['-p', str(port)]) +@@ -481,6 +492,7 @@ + + def _get_vendor_specific_argv(self, username, host, port, subsystem=None, + command=None): ++ self._check_hostname(host) + args = [self.executable_path, '-x', '-a', '-ssh', '-2', '-batch'] + if port is not None: + args.extend(['-P', str(port)]) + diff --git a/gnu/packages/patches/clementine-use-openssl.patch b/gnu/packages/patches/clementine-use-openssl.patch new file mode 100644 index 0000000000..1fbf3d2b8a --- /dev/null +++ b/gnu/packages/patches/clementine-use-openssl.patch @@ -0,0 +1,67 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 4022c383b..3202b8b69 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -83,6 +83,7 @@ pkg_check_modules(LIBPULSE libpulse) + pkg_check_modules(LIBXML libxml-2.0) + pkg_check_modules(SPOTIFY libspotify>=12.1.45) + pkg_check_modules(TAGLIB REQUIRED taglib>=1.6) ++pkg_check_modules(OPENSSL REQUIRED openssl) + + if (WIN32) + find_package(ZLIB REQUIRED) +@@ -381,20 +382,6 @@ if(GMOCK_INCLUDE_DIRS) + endif(GTEST_INCLUDE_DIRS) + endif(GMOCK_INCLUDE_DIRS) + +-# Use the system's sha2 if it's available. +-find_path(SHA2_INCLUDE_DIRS sha2.h) +-find_library(SHA2_LIBRARIES sha2) +-if(SHA2_LIBRARIES AND SHA2_INCLUDE_DIRS) +- message(STATUS "Using system sha2 library") +- set(USE_SYSTEM_SHA2 ON) +-else() +- message(STATUS "Using builtin sha2 library") +- set(USE_SYSTEM_SHA2 OFF) +- add_subdirectory(3rdparty/sha2) +- set(SHA2_INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/sha2) +- set(SHA2_LIBRARIES sha2) +-endif() +- + # Use the system libmygpo-qt5 if a recent enough version was found + if(LIBMYGPO_QT5_FOUND) + set(MYGPOQT5_LIBRARIES ${LIBMYGPO_QT5_LIBRARIES}) +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index 6e24c9726..104d044d9 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -29,7 +29,6 @@ include_directories(${LIBPROJECTM_INCLUDE_DIRS}) + include_directories(${QTSINGLEAPPLICATION_INCLUDE_DIRS}) + include_directories(${QTIOCOMPRESSOR_INCLUDE_DIRS}) + include_directories(${QXT_INCLUDE_DIRS}) +-include_directories(${SHA2_INCLUDE_DIRS}) + include_directories(${CHROMAPRINT_INCLUDE_DIRS}) + include_directories(${MYGPOQT5_INCLUDE_DIRS}) + +@@ -1223,7 +1222,7 @@ target_link_libraries(clementine_lib + libclementine-common + libclementine-tagreader + libclementine-remote +- ${SHA2_LIBRARIES} ++ ${OPENSSL_LIBRARIES} + ${TAGLIB_LIBRARIES} + ${MYGPOQT5_LIBRARIES} + ${CHROMAPRINT_LIBRARIES} +diff --git a/src/core/utilities.cpp b/src/core/utilities.cpp +index ce76f22da..80bf623fb 100644 +--- a/src/core/utilities.cpp ++++ b/src/core/utilities.cpp +@@ -52,7 +52,7 @@ + #include "config.h" + #include "timeconstants.h" + +-#include "sha2.h" ++#include <openssl/sha.h> + + #if defined(Q_OS_UNIX) + #include <sys/statvfs.h> diff --git a/gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch b/gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch new file mode 100644 index 0000000000..c457d592cc --- /dev/null +++ b/gnu/packages/patches/libmygpo-qt-fix-jsoncreatortest.patch @@ -0,0 +1,41 @@ +From ebe2323727f8d646590245b0bf06dbc92b5808d6 Mon Sep 17 00:00:00 2001 +From: Golubev Alexander <fatzer2@gmail.com> +Date: Tue, 20 Sep 2016 15:33:30 +0400 +Subject: [PATCH] JsonCreatorTest failed due to extra space + +JsonCreatorTest failed with next message: +``` +********* Start testing of mygpo::JsonCreatorTest ********* +Config: Using QTest library 4.8.6, Qt 4.8.6 +PASS : mygpo::JsonCreatorTest::initTestCase() +PASS : mygpo::JsonCreatorTest::testAddRemoveSubsToJSON() +PASS : mygpo::JsonCreatorTest::testSaveSettingsToJSON() +FAIL! : mygpo::JsonCreatorTest::testEpisodeActionListToJSON() Compared values are not the same + Actual (outString2): [{"action":"download","device":"device1","episode":"http://episode.url","podcast":"http://podcast.url","timestamp":"1998-01-01T00:01:02"},{"action":"delete","device":"device3","episode":"http://episode2.url","podcast":"http://podcast2.url","timestamp":"1920-01-01T12:01:02"},{"action":"new","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","timestamp":"1998-01-01T00:01:02"},{"action":"play","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","timestamp":"1920-01-01T12:01:02"},{"action":"play","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","position":123,"started":10,"timestamp":"1998-01-01T00:01:02","total":321},{"action":"play","device":"foodev","episode":"http://www.podtrac.com","podcast":"http://leo.am","position":10,"timestamp":"1998-01-01T00:01:02"}] + Expected (expected2): [{"action":"download","device":"device1","episode":"http://episode.url","podcast":"http: + Loc: [/var/tmp/portage/media-libs/libmygpo-qt-1.0.9-r1/work/libmygpo-qt-1.0.9/tests/JsonCreatorTest.cpp(138)] +PASS : mygpo::JsonCreatorTest::testRenameDeviceStringToJSON() +PASS : mygpo::JsonCreatorTest::testDeviceSynchronizationListsToJSON() +PASS : mygpo::JsonCreatorTest::cleanupTestCase() +Totals: 6 passed, 1 failed, 0 skipped +********* Finished testing of mygpo::JsonCreatorTest ********* +``` + +This was caused by extra space in the expected string. +--- + tests/JsonCreatorTest.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/JsonCreatorTest.cpp b/tests/JsonCreatorTest.cpp +index b15b006..feb03d5 100644 +--- a/tests/JsonCreatorTest.cpp ++++ b/tests/JsonCreatorTest.cpp +@@ -133,7 +133,7 @@ void JsonCreatorTest::testEpisodeActionListToJSON() + + output = JsonCreator::episodeActionListToJSON(episodeActions); + QString outString2 = QString::fromLatin1( output ).replace( QLatin1String(" "), QLatin1String("") ); +- QString expected2( QLatin1String( "[{\"action\":\"download\",\"device\":\"device1\",\"episode\":\"http://episode.url\",\"podcast\":\"http://podcast.url\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"delete\",\"device\":\"device3\",\"episode\":\"http://episode2.url\",\"podcast\":\"http://podcast2.url\",\"timestamp\":\"1920-01-01T12:01:02\"},{\"action\":\"new\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1920-01-01T12:01:02\" },{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":123,\"started\":10,\"timestamp\":\"1998-01-01T00:01:02\",\"total\":321},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":10,\"timestamp\":\"1998-01-01T00:01:02\"}]" ) ); ++ QString expected2( QLatin1String( "[{\"action\":\"download\",\"device\":\"device1\",\"episode\":\"http://episode.url\",\"podcast\":\"http://podcast.url\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"delete\",\"device\":\"device3\",\"episode\":\"http://episode2.url\",\"podcast\":\"http://podcast2.url\",\"timestamp\":\"1920-01-01T12:01:02\"},{\"action\":\"new\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1998-01-01T00:01:02\"},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"timestamp\":\"1920-01-01T12:01:02\"},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":123,\"started\":10,\"timestamp\":\"1998-01-01T00:01:02\",\"total\":321},{\"action\":\"play\",\"device\":\"foodev\",\"episode\":\"http://www.podtrac.com\",\"podcast\":\"http://leo.am\",\"position\":10,\"timestamp\":\"1998-01-01T00:01:02\"}]" ) ); + + QCOMPARE(outString2, expected2 ); + } diff --git a/gnu/packages/patches/libvirt-CVE-2017-1000256.patch b/gnu/packages/patches/libvirt-CVE-2017-1000256.patch deleted file mode 100644 index d577e1eb50..0000000000 --- a/gnu/packages/patches/libvirt-CVE-2017-1000256.patch +++ /dev/null @@ -1,84 +0,0 @@ -Fix CVE-2017-1000256: - -https://security.libvirt.org/2017/0002.html -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000256 - -Patch copied from upstream source repository: - -https://libvirt.org/git/?p=libvirt.git;a=commit;h=dc6c41798d1eb5c52c75365ffa22f7672709dfa7 - -From dc6c41798d1eb5c52c75365ffa22f7672709dfa7 Mon Sep 17 00:00:00 2001 -From: Daniel P. Berrange <berrange@redhat.com> -Date: Thu, 5 Oct 2017 17:54:28 +0100 -Subject: [PATCH] qemu: ensure TLS clients always verify the server certificate - -The default_tls_x509_verify (and related) parameters in qemu.conf -control whether the QEMU TLS servers request & verify certificates -from clients. This works as a simple access control system for -servers by requiring the CA to issue certs to permitted clients. -This use of client certificates is disabled by default, since it -requires extra work to issue client certificates. - -Unfortunately the code was using this configuration parameter when -setting up both TLS clients and servers in QEMU. The result was that -TLS clients for character devices and disk devices had verification -turned off, meaning they would ignore errors while validating the -server certificate. - -This allows for trivial MITM attacks between client and server, -as any certificate returned by the attacker will be accepted by -the client. - -This is assigned CVE-2017-1000256 / LSN-2017-0002 - -Reviewed-by: Eric Blake <eblake@redhat.com> -Signed-off-by: Daniel P. Berrange <berrange@redhat.com> -(cherry picked from commit 441d3eb6d1be940a67ce45a286602a967601b157) ---- - src/qemu/qemu_command.c | 2 +- - .../qemuxml2argv-serial-tcp-tlsx509-chardev.args | 2 +- - ...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c -index 9a27987..ae78cd1 100644 ---- a/src/qemu/qemu_command.c -+++ b/src/qemu/qemu_command.c -@@ -718,7 +718,7 @@ qemuBuildTLSx509BackendProps(const char *tlspath, - if (virJSONValueObjectCreate(propsret, - "s:dir", path, - "s:endpoint", (isListen ? "server": "client"), -- "b:verify-peer", verifypeer, -+ "b:verify-peer", (isListen ? verifypeer : true), - NULL) < 0) - goto cleanup; - -diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args -index 5aff773..ab5f7e2 100644 ---- a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args -+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args -@@ -26,7 +26,7 @@ server,nowait \ - localport=1111 \ - -device isa-serial,chardev=charserial0,id=serial0 \ - -object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\ --endpoint=client,verify-peer=no \ -+endpoint=client,verify-peer=yes \ - -chardev socket,id=charserial1,host=127.0.0.1,port=5555,\ - tls-creds=objcharserial1_tls0 \ - -device isa-serial,chardev=charserial1,id=serial1 \ -diff --git a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args -index 91f1fe0..2567abb 100644 ---- a/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args -+++ b/tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args -@@ -31,7 +31,7 @@ localport=1111 \ - data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ - keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ - -object tls-creds-x509,id=objcharserial1_tls0,dir=/etc/pki/libvirt-chardev,\ --endpoint=client,verify-peer=no,passwordid=charserial1-secret0 \ -+endpoint=client,verify-peer=yes,passwordid=charserial1-secret0 \ - -chardev socket,id=charserial1,host=127.0.0.1,port=5555,\ - tls-creds=objcharserial1_tls0 \ - -device isa-serial,chardev=charserial1,id=serial1 \ --- -1.7.1 - diff --git a/gnu/packages/patches/spice-CVE-2016-9577.patch b/gnu/packages/patches/spice-CVE-2016-9577.patch deleted file mode 100644 index a2cb558cd3..0000000000 --- a/gnu/packages/patches/spice-CVE-2016-9577.patch +++ /dev/null @@ -1,33 +0,0 @@ -Prevent buffer overflow when reading large messages. - -https://bugzilla.redhat.com/show_bug.cgi?id=1401603 -https://access.redhat.com/security/cve/CVE-2016-9577 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9577 -https://security-tracker.debian.org/tracker/CVE-2016-9577 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 - -From 5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 Mon Sep 17 00:00:00 2001 -From: Frediano Ziglio <fziglio@redhat.com> -Date: Tue, 29 Nov 2016 16:46:56 +0000 -Subject: main-channel: Prevent overflow reading messages from client - -diff --git a/server/main_channel.c b/server/main_channel.c -index 0ecc9df..1fc3915 100644 ---- a/server/main_channel.c -+++ b/server/main_channel.c -@@ -1026,6 +1026,9 @@ static uint8_t *main_channel_alloc_msg_rcv_buf(RedChannelClient *rcc, - - if (type == SPICE_MSGC_MAIN_AGENT_DATA) { - return reds_get_agent_data_buffer(mcc, size); -+ } else if (size > sizeof(main_chan->recv_buf)) { -+ /* message too large, caller will log a message and close the connection */ -+ return NULL; - } else { - return main_chan->recv_buf; - } --- -cgit v0.10.2 - diff --git a/gnu/packages/patches/spice-CVE-2016-9578-1.patch b/gnu/packages/patches/spice-CVE-2016-9578-1.patch deleted file mode 100644 index f86cdb4eb1..0000000000 --- a/gnu/packages/patches/spice-CVE-2016-9578-1.patch +++ /dev/null @@ -1,33 +0,0 @@ -Prevent possible DoS during protocol handshake. - -https://bugzilla.redhat.com/show_bug.cgi?id=1399566 -https://access.redhat.com/security/cve/CVE-2016-9578 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578 -https://security-tracker.debian.org/tracker/CVE-2016-9578 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a - -From 1c6517973095a67c8cb57f3550fc1298404ab556 Mon Sep 17 00:00:00 2001 -From: Frediano Ziglio <fziglio@redhat.com> -Date: Tue, 13 Dec 2016 14:39:48 +0000 -Subject: Prevent possible DoS attempts during protocol handshake - -diff --git a/server/reds.c b/server/reds.c -index f40b65c..86a33d5 100644 ---- a/server/reds.c -+++ b/server/reds.c -@@ -2202,7 +2202,8 @@ static void reds_handle_read_header_done(void *opaque) - - reds->peer_minor_version = header->minor_version; - -- if (header->size < sizeof(SpiceLinkMess)) { -+ /* the check for 4096 is to avoid clients to cause arbitrary big memory allocations */ -+ if (header->size < sizeof(SpiceLinkMess) || header->size > 4096) { - reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); - spice_warning("bad size %u", header->size); - reds_link_free(link); --- -cgit v0.10.2 - diff --git a/gnu/packages/patches/spice-CVE-2016-9578-2.patch b/gnu/packages/patches/spice-CVE-2016-9578-2.patch deleted file mode 100644 index 76f7ec7ffb..0000000000 --- a/gnu/packages/patches/spice-CVE-2016-9578-2.patch +++ /dev/null @@ -1,38 +0,0 @@ -Fixes a potential buffer overflow in the protocol handling. - -https://bugzilla.redhat.com/show_bug.cgi?id=1399566 -https://access.redhat.com/security/cve/CVE-2016-9578 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9578 -https://security-tracker.debian.org/tracker/CVE-2016-9578 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a - -From f66dc643635518e53dfbe5262f814a64eec54e4a Mon Sep 17 00:00:00 2001 -From: Frediano Ziglio <fziglio@redhat.com> -Date: Tue, 13 Dec 2016 14:40:10 +0000 -Subject: Prevent integer overflows in capability checks - -diff --git a/server/reds.c b/server/reds.c -index 86a33d5..9150454 100644 ---- a/server/reds.c -+++ b/server/reds.c -@@ -2110,6 +2110,14 @@ static void reds_handle_read_link_done(void *opaque) - link_mess->num_channel_caps = GUINT32_FROM_LE(link_mess->num_channel_caps); - link_mess->num_common_caps = GUINT32_FROM_LE(link_mess->num_common_caps); - -+ /* Prevent DoS. Currently we defined only 13 capabilities, -+ * I expect 1024 to be valid for quite a lot time */ -+ if (link_mess->num_channel_caps > 1024 || link_mess->num_common_caps > 1024) { -+ reds_send_link_error(link, SPICE_LINK_ERR_INVALID_DATA); -+ reds_link_free(link); -+ return; -+ } -+ - num_caps = link_mess->num_common_caps + link_mess->num_channel_caps; - caps = (uint32_t *)((uint8_t *)link_mess + link_mess->caps_offset); - --- -cgit v0.10.2 - diff --git a/gnu/packages/patches/spice-CVE-2017-7506.patch b/gnu/packages/patches/spice-CVE-2017-7506.patch deleted file mode 100644 index 37d8f02831..0000000000 --- a/gnu/packages/patches/spice-CVE-2017-7506.patch +++ /dev/null @@ -1,158 +0,0 @@ -Fix CVE-2017-7506: - -https://bugzilla.redhat.com/show_bug.cgi?id=1452606 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7506 - -Patches copied from Debian spice package version -'spice_0.12.8-2.1+deb9u1.debian.tar.xz': -http://security.debian.org/debian-security/pool/updates/main/s/spice/spice_0.12.8-2.1+deb9u1.debian.tar.xz - -The patches had to be adapted to apply to the latest spice tarball, and -are based on these upstream commits: - -https://cgit.freedesktop.org/spice/spice/commit/?id=111ab38611cef5012f1565a65fa2d8a8a05cce37 -https://cgit.freedesktop.org/spice/spice/commit/?id=571cec91e71c2aae0d5f439ea2d8439d0c3d75eb -https://cgit.freedesktop.org/spice/spice/commit/?id=fbbcdad773e2791cfb988f4748faa41943551ca6 - -From 257f69d619fed407493156c8a7b952abc8a51314 Mon Sep 17 00:00:00 2001 -Date: Mon, 15 May 2017 15:57:28 +0100 -Subject: [spice-server 1/3] reds: Disconnect when receiving overly big - ClientMonitorsConfig - -Total message size received from the client was unlimited. There is -a 2kiB size check on individual agent messages, but the MonitorsConfig -message can be split in multiple chunks, and the size of the -non-chunked MonitorsConfig message was never checked. This could easily -lead to memory exhaustion on the host. - ---- - server/reds.c | 25 +++++++++++++++++++++++-- - 1 file changed, 23 insertions(+), 2 deletions(-) - -diff --git a/server/reds.c b/server/reds.c -index f439a3668..7be85fdfc 100644 ---- a/server/reds.c -+++ b/server/reds.c -@@ -993,19 +993,34 @@ static void reds_client_monitors_config_cleanup(void) - static void reds_on_main_agent_monitors_config( - MainChannelClient *mcc, void *message, size_t size) - { -+ const unsigned int MAX_MONITORS = 256; -+ const unsigned int MAX_MONITOR_CONFIG_SIZE = -+ sizeof(VDAgentMonitorsConfig) + MAX_MONITORS * sizeof(VDAgentMonConfig); -+ - VDAgentMessage *msg_header; - VDAgentMonitorsConfig *monitors_config; - RedsClientMonitorsConfig *cmc = &reds->client_monitors_config; - -+ // limit size of message sent by the client as this can cause a DoS through -+ // memory exhaustion, or potentially some integer overflows -+ if (sizeof(VDAgentMessage) + MAX_MONITOR_CONFIG_SIZE - cmc->buffer_size < size) { -+ goto overflow; -+ } - cmc->buffer_size += size; - cmc->buffer = realloc(cmc->buffer, cmc->buffer_size); - spice_assert(cmc->buffer); - cmc->mcc = mcc; - memcpy(cmc->buffer + cmc->buffer_pos, message, size); - cmc->buffer_pos += size; -+ if (sizeof(VDAgentMessage) > cmc->buffer_size) { -+ spice_debug("not enough data yet. %d", cmc->buffer_size); -+ return; -+ } - msg_header = (VDAgentMessage *)cmc->buffer; -- if (sizeof(VDAgentMessage) > cmc->buffer_size || -- msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) { -+ if (msg_header->size > MAX_MONITOR_CONFIG_SIZE) { -+ goto overflow; -+ } -+ if (msg_header->size > cmc->buffer_size - sizeof(VDAgentMessage)) { - spice_debug("not enough data yet. %d", cmc->buffer_size); - return; - } -@@ -1013,6 +1028,12 @@ static void reds_on_main_agent_monitors_config( - spice_debug("%s: %d", __func__, monitors_config->num_of_monitors); - red_dispatcher_client_monitors_config(monitors_config); - reds_client_monitors_config_cleanup(); -+ return; -+ -+overflow: -+ spice_warning("received invalid MonitorsConfig request from client, disconnecting"); -+ red_channel_client_disconnect(main_channel_client_get_base(mcc)); -+ reds_client_monitors_config_cleanup(); - } - - void reds_on_main_agent_data(MainChannelClient *mcc, void *message, size_t size) --- -2.13.0 -From ff2b4ef70181087d5abd50bad76d026ec5088a93 Mon Sep 17 00:00:00 2001 -Date: Mon, 15 May 2017 15:57:28 +0100 -Subject: [spice-server 2/3] reds: Avoid integer overflows handling monitor - configuration - -Avoid VDAgentMessage::size integer overflows. - ---- - server/reds.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/server/reds.c b/server/reds.c -index 7be85fdfc..e1c8c1086 100644 ---- a/server/reds.c -+++ b/server/reds.c -@@ -1024,6 +1024,9 @@ static void reds_on_main_agent_monitors_config( - spice_debug("not enough data yet. %d", cmc->buffer_size); - return; - } -+ if (msg_header->size < sizeof(VDAgentMonitorsConfig)) { -+ goto overflow; -+ } - monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header)); - spice_debug("%s: %d", __func__, monitors_config->num_of_monitors); - red_dispatcher_client_monitors_config(monitors_config); --- -2.13.0 -From 8cc3d7df2792751939cc832f4110c57e2addfca5 Mon Sep 17 00:00:00 2001 -Date: Mon, 15 May 2017 15:57:28 +0100 -Subject: [spice-server 3/3] reds: Avoid buffer overflows handling monitor - configuration - -It was also possible for a malicious client to set -VDAgentMonitorsConfig::num_of_monitors to a number larger -than the actual size of VDAgentMOnitorsConfig::monitors. -This would lead to buffer overflows, which could allow the guest to -read part of the host memory. This might cause write overflows in the -host as well, but controlling the content of such buffers seems -complicated. - ---- - server/reds.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/server/reds.c b/server/reds.c -index e1c8c1086..3a42c3755 100644 ---- a/server/reds.c -+++ b/server/reds.c -@@ -1000,6 +1000,7 @@ static void reds_on_main_agent_monitors_config( - VDAgentMessage *msg_header; - VDAgentMonitorsConfig *monitors_config; - RedsClientMonitorsConfig *cmc = &reds->client_monitors_config; -+ uint32_t max_monitors; - - // limit size of message sent by the client as this can cause a DoS through - // memory exhaustion, or potentially some integer overflows -@@ -1028,6 +1029,12 @@ static void reds_on_main_agent_monitors_config( - goto overflow; - } - monitors_config = (VDAgentMonitorsConfig *)(cmc->buffer + sizeof(*msg_header)); -+ // limit the monitor number to avoid buffer overflows -+ max_monitors = (msg_header->size - sizeof(VDAgentMonitorsConfig)) / -+ sizeof(VDAgentMonConfig); -+ if (monitors_config->num_of_monitors > max_monitors) { -+ goto overflow; -+ } - spice_debug("%s: %d", __func__, monitors_config->num_of_monitors); - red_dispatcher_client_monitors_config(monitors_config); - reds_client_monitors_config_cleanup(); --- -2.13.0 diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm index 7d49f90be9..10f7c6bc57 100644 --- a/gnu/packages/spice.scm +++ b/gnu/packages/spice.scm @@ -203,20 +203,15 @@ which allows users to view a desktop computing environment.") (define-public spice (package (name "spice") - (version "0.12.8") + (version "0.14.0") (source (origin (method url-fetch) (uri (string-append - "http://www.spice-space.org/download/releases/" + "https://www.spice-space.org/download/releases/" "spice-" version ".tar.bz2")) (sha256 (base32 - "0za03i77j8i3g5l2np2j7vy8cqsdbkm9wbv4hjnaqq9xhz2sa0gr")) - (patches - (search-patches "spice-CVE-2017-7506.patch" - "spice-CVE-2016-9577.patch" - "spice-CVE-2016-9578-1.patch" - "spice-CVE-2016-9578-2.patch")))) + "0j5q7cp5p95jk8fp48gz76rz96lifimdsx1wnpmfal0nnnar9nrs")))) (build-system gnu-build-system) (propagated-inputs `(("openssl" ,openssl) @@ -228,6 +223,7 @@ which allows users to view a desktop computing environment.") ("libjpeg-turbo" ,libjpeg-turbo) ("lz4" ,lz4) ("opus" ,opus) + ("orc" ,orc) ("zlib" ,zlib))) (native-inputs `(("pkg-config" ,pkg-config) diff --git a/gnu/packages/syncthing.scm b/gnu/packages/syncthing.scm index 615247f48d..170272222d 100644 --- a/gnu/packages/syncthing.scm +++ b/gnu/packages/syncthing.scm @@ -28,7 +28,7 @@ (define-public syncthing (package (name "syncthing") - (version "0.14.40") + (version "0.14.41") (source (origin (method url-fetch) (uri (string-append "https://github.com/syncthing/syncthing" @@ -36,7 +36,7 @@ "/syncthing-source-v" version ".tar.gz")) (sha256 (base32 - "044pjz3x3fgpbsbkzgf72ljpwvvsqfj8fm9cnz7l8293cw2ssq4f")))) + "1liarl09grcb0mlw20nlrmir2glxqlykv4l0z0f0gj2w1wk3qz8a")))) (build-system go-build-system) ;; The primary Syncthing executable goes to "out", while the auxiliary ;; server programs and utility tools go to "utils". This reduces the size @@ -711,8 +711,8 @@ run-time in Go.") (license asl2.0)))) (define-public go-github-com-syndtr-goleveldb - (let ((commit "3c5717caf1475fd25964109a0fc640bd150fce43") - (revision "0")) + (let ((commit "549b6d6b1c0419617182954dd77770f2e2685ed5") + (revision "1")) (package (name "go-github-com-syndtr-goleveldb") (version (git-version "0.0.0" revision commit)) @@ -724,7 +724,7 @@ run-time in Go.") (file-name (git-file-name name version)) (sha256 (base32 - "0wng25bw885ppiny9rz42kq0a7ddkym5zl0glb8rfk0m8dpvi1dd")))) + "1hs8bsxyjfq9d7000i1jk8bq7p2ab8snz23air13aw5ra2ri36bq")))) (build-system go-build-system) (propagated-inputs `(("go-github-com-golang-snappy" ,go-github-com-golang-snappy))) @@ -1506,8 +1506,8 @@ functions for normalizing Unicode strings.") (license bsd-3)))) (define-public go-github-com-audriusbutkevicius-pfilter - (let ((commit "09b3cfdd04de89f0196caecb0b335d7149a6593a") - (revision "0")) + (let ((commit "56143fe9cebe95636de1275acf30fcca36a1383d") + (revision "1")) (package (name "go-github-com-audriusbutkevicius-pfilter") (version (git-version "0.0.0" revision commit)) @@ -1520,7 +1520,7 @@ functions for normalizing Unicode strings.") (file-name (git-file-name name version)) (sha256 (base32 - "176g8dmi2i94bxpnpgvj3dv5y9hripi45kbrfvy2bk884hwbp1zq")))) + "0slzly2f2fczixavzh6wa69873va29ikxww4lbkvhyi85c4sc5ib")))) (build-system go-build-system) (arguments '(#:import-path "github.com/AudriusButkevicius/pfilter")) diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm index 5df5e9e4ab..cf1ab93c39 100644 --- a/gnu/packages/telephony.scm +++ b/gnu/packages/telephony.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org> ;;; Copyright © 2016 Francesco Frassinelli <fraph24@gmail.com> ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net> +;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,6 +28,7 @@ #:use-module (gnu packages autotools) #:use-module (gnu packages avahi) #:use-module (gnu packages boost) + #:use-module (gnu packages check) #:use-module (gnu packages protobuf) #:use-module (gnu packages gnupg) #:use-module (gnu packages linux) @@ -247,6 +249,52 @@ and a supporting cryptographic kernel.") (home-page "https://github.com/cisco/libsrtp") (license license:bsd-3))) +(define-public bctoolbox + (package + (name "bctoolbox") + (version "0.2.0") + (source (origin + (method url-fetch) + (uri (string-append "mirror://savannah/linphone/bctoolbox/bctoolbox-" + version ".tar.gz")) + (sha256 + (base32 + "14ivv6bh6qywys6yyb34scy9w78d636xl1f7cyxm3gwx2qv71lx5")))) + (build-system gnu-build-system) + (arguments '(#:make-flags '("CFLAGS=-fPIC"))) + (native-inputs + `(("cunit" ,cunit))) + (inputs + `(("mbedtls" ,mbedtls-apache))) + (home-page "https://www.linphone.org") + (synopsis "Utilities library for linphone software") + (description "BCtoolbox is a utilities library used by Belledonne +Communications softwares like linphone.") + (license license:gpl2+))) + +(define-public ortp + (package + (name "ortp") + (version "0.27.0") + (source (origin + (method url-fetch) + (uri (string-append "https://download.savannah.nongnu.org/" + "releases/linphone/ortp/sources/ortp-" + version ".tar.gz")) + (sha256 + (base32 + "1by0dqdqrj5avzcvjws30g8v5sa61wj12x00sxw0kn1smcrshqgb")))) + (build-system gnu-build-system) + (inputs + `(("bctoolbox" ,bctoolbox))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "https://linphone.org/") + (synopsis "Implementation of the Real-time transport protocol") + (description "oRTP is a library implementing the Real-time transport +protocol (RFC 3550).") + (license license:lgpl2.1+))) + (define-public libiax2 (let ((commit "0e5980f1d78ce462e2d1ed6bc39ff35c8341f201")) ;; This is the commit used by the Ring Project. diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 23b5cc9931..d8cc1ccbc2 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -815,6 +815,9 @@ then ported to the GNU / Linux environment.") (base32 "11wnj34rfqxjggmdgf042i49lr6civgbqwv2p7p8bn6k2919vg4r")))) (build-system cmake-build-system) + (arguments + `(#:configure-flags + (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"))) (native-inputs `(("perl" ,perl))) (synopsis "Small TLS library") diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index ba985f6078..a41ddf8da3 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -98,6 +98,7 @@ (uri (string-append "https://launchpad.net/bzr/" (version-major+minor version) "/" version "/+download/bzr-" version ".tar.gz")) + (patches (search-patches "bazaar-CVE-2017-14176.patch")) (sha256 (base32 "1cysix5k3wa6y7jjck3ckq3abls4gvz570s0v0hxv805nwki4i8d")))) diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 184ba0155c..d9fae08b25 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com> ;;; Copyright © 2017 Andy Patterson <ajpatter@uwaterloo.ca> ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com> +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -329,15 +330,14 @@ manage system or application containers.") (define-public libvirt (package (name "libvirt") - (version "3.7.0") + (version "3.10.0") (source (origin (method url-fetch) (uri (string-append "https://libvirt.org/sources/libvirt-" version ".tar.xz")) - (patches (search-patches "libvirt-CVE-2017-1000256.patch")) (sha256 (base32 - "1fk75cdzg59y9hnfdpdwv83fsc1yffy3lac4ch19zygfkqhcnysf")))) + "03kb37iv3dvvdlslznlc0njvjpmq082lczmsslz5p4fcwb50kwfz")))) (build-system gnu-build-system) (arguments `(;; FAIL: virshtest diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 2e1ed2ee9e..22a85fb009 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -618,19 +618,18 @@ to find buttons, etc, on the screen to click on.") (define-public xlockmore (package (name "xlockmore") - (version "5.47") + (version "5.55") (source (origin (method url-fetch) - (uri (list (string-append - "http://www.tux.org/~bagleyd/xlock/xlockmore-" - version ".tar.xz") - (string-append - "http://www.tux.org/~bagleyd/xlock/xlockmore-old" - "/xlockmore-" version - "/xlockmore-" version ".tar.xz"))) + (uri (list (string-append "http://sillycycle.com/xlock/" + name "-" version ".tar.xz") + ;; Previous releases are moved to a subdirectory. + (string-append "http://sillycycle.com/xlock/" + "recent-releases/" + name "-" version ".tar.xz"))) (sha256 (base32 - "138d79b8zc2hambbr9fnxp3fhihlcljgqns04zf0kv2f53pavqwl")))) + "1y3f76rq2nd10fgi2rx81aj6pijglmm661vjsxi05hpg35dzmwfl")))) (build-system gnu-build-system) (arguments '(#:configure-flags (list (string-append "--enable-appdefaultdir=" @@ -642,7 +641,7 @@ to find buttons, etc, on the screen to click on.") ("libXext" ,libxext) ("libXt" ,libxt) ("linux-pam" ,linux-pam))) - (home-page "http://www.tux.org/~bagleyd/xlockmore.html") + (home-page "http://sillycycle.com/xlockmore.html") (synopsis "Screen locker for the X Window System") (description "XLockMore is a classic screen locker and screen saver for the |