aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/build/activation.scm5
-rw-r--r--gnu/local.mk14
-rw-r--r--gnu/packages/admin.scm9
-rw-r--r--gnu/packages/attr.scm2
-rw-r--r--gnu/packages/autotools.scm37
-rw-r--r--gnu/packages/backup.scm9
-rw-r--r--gnu/packages/base.scm76
-rw-r--r--gnu/packages/bash.scm27
-rw-r--r--gnu/packages/bdw-gc.scm36
-rw-r--r--gnu/packages/bootstrap.scm1
-rw-r--r--gnu/packages/commencement.scm56
-rw-r--r--gnu/packages/compression.scm36
-rw-r--r--gnu/packages/cross-base.scm2
-rw-r--r--gnu/packages/cups.scm8
-rw-r--r--gnu/packages/curl.scm20
-rw-r--r--gnu/packages/cyrus-sasl.scm9
-rw-r--r--gnu/packages/databases.scm45
-rw-r--r--gnu/packages/ed.scm9
-rw-r--r--gnu/packages/flex.scm61
-rw-r--r--gnu/packages/fontutils.scm6
-rw-r--r--gnu/packages/gawk.scm2
-rw-r--r--gnu/packages/gcc.scm39
-rw-r--r--gnu/packages/gd.scm46
-rw-r--r--gnu/packages/ghostscript.scm14
-rw-r--r--gnu/packages/gnupg.scm8
-rw-r--r--gnu/packages/guile.scm19
-rw-r--r--gnu/packages/icu4c.scm25
-rw-r--r--gnu/packages/image.scm79
-rw-r--r--gnu/packages/kde-frameworks.scm12
-rw-r--r--gnu/packages/kerberos.scm6
-rw-r--r--gnu/packages/libunistring.scm11
-rw-r--r--gnu/packages/linux.scm26
-rw-r--r--gnu/packages/m4.scm8
-rw-r--r--gnu/packages/make-bootstrap.scm5
-rw-r--r--gnu/packages/multiprecision.scm8
-rw-r--r--gnu/packages/ncurses.scm23
-rw-r--r--gnu/packages/nettle.scm6
-rw-r--r--gnu/packages/patches/coreutils-fix-cross-compilation.patch15
-rw-r--r--gnu/packages/patches/flex-CVE-2016-6354.patch30
-rw-r--r--gnu/packages/patches/gcc-5-source-date-epoch-1.patch190
-rw-r--r--gnu/packages/patches/gcc-5-source-date-epoch-2.patch353
-rw-r--r--gnu/packages/patches/gcc-libiberty-printf-decl.patch28
-rw-r--r--gnu/packages/patches/gd-CVE-2016-7568.patch44
-rw-r--r--gnu/packages/patches/gd-CVE-2016-8670.patch38
-rw-r--r--gnu/packages/patches/libarchive-7zip-heap-overflow.patch77
-rw-r--r--gnu/packages/patches/libarchive-fix-filesystem-attacks.patch445
-rw-r--r--gnu/packages/patches/libarchive-fix-symlink-check.patch60
-rw-r--r--gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch44
-rw-r--r--gnu/packages/patches/pcre-CVE-2016-3191.patch151
-rw-r--r--gnu/packages/patches/sed-hurd-path-max.patch34
-rw-r--r--gnu/packages/patches/tar-CVE-2016-6321.patch51
-rw-r--r--gnu/packages/pcre.scm5
-rw-r--r--gnu/packages/pdf.scm17
-rw-r--r--gnu/packages/php.scm2
-rw-r--r--gnu/packages/pkg-config.scm6
-rw-r--r--gnu/packages/python.scm1
-rw-r--r--gnu/packages/shells.scm13
-rw-r--r--gnu/packages/ssh.scm4
-rw-r--r--gnu/packages/tcl.scm8
-rw-r--r--gnu/packages/tls.scm28
-rw-r--r--gnu/packages/version-control.scm2
-rw-r--r--gnu/packages/xml.scm25
-rw-r--r--gnu/packages/xorg.scm8
63 files changed, 1034 insertions, 1450 deletions
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index cff176e82a..d36eeafe47 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -79,11 +79,6 @@
(define (dot-or-dot-dot? file)
(member file '("." "..")))
-(define (make-file-writable file)
- "Make FILE writable for its owner.."
- (let ((stat (lstat file))) ;XXX: symlinks
- (chmod file (logior #o600 (stat:perms stat)))))
-
(define* (copy-account-skeletons home
#:optional (directory %skeleton-directory))
"Copy the account skeletons from DIRECTORY to HOME."
diff --git a/gnu/local.mk b/gnu/local.mk
index 7377e5122f..e1b4780147 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -510,6 +510,7 @@ dist_patch_DATA = \
%D%/packages/patches/clx-remove-demo.patch \
%D%/packages/patches/cmake-fix-tests.patch \
%D%/packages/patches/coda-use-system-libs.patch \
+ %D%/packages/patches/coreutils-fix-cross-compilation.patch \
%D%/packages/patches/cpio-CVE-2016-2037.patch \
%D%/packages/patches/cpufrequtils-fix-aclocal.patch \
%D%/packages/patches/cracklib-CVE-2016-6318.patch \
@@ -549,7 +550,6 @@ dist_patch_DATA = \
%D%/packages/patches/fcgi-2.4.0-poll.patch \
%D%/packages/patches/findutils-localstatedir.patch \
%D%/packages/patches/findutils-test-xargs.patch \
- %D%/packages/patches/flex-CVE-2016-6354.patch \
%D%/packages/patches/flint-ldconfig.patch \
%D%/packages/patches/fltk-shared-lib-defines.patch \
%D%/packages/patches/fltk-xfont-on-demand.patch \
@@ -560,15 +560,16 @@ dist_patch_DATA = \
%D%/packages/patches/gcc-arm-bug-71399.patch \
%D%/packages/patches/gcc-arm-link-spec-fix.patch \
%D%/packages/patches/gcc-cross-environment-variables.patch \
+ %D%/packages/patches/gcc-libiberty-printf-decl.patch \
%D%/packages/patches/gcc-libvtv-runpath.patch \
%D%/packages/patches/gcc-strmov-store-file-names.patch \
%D%/packages/patches/gcc-4.9.3-mingw-gthr-default.patch \
%D%/packages/patches/gcc-5.0-libvtv-runpath.patch \
+ %D%/packages/patches/gcc-5-source-date-epoch-1.patch \
+ %D%/packages/patches/gcc-5-source-date-epoch-2.patch \
%D%/packages/patches/gcc-6-arm-none-eabi-multilib.patch \
%D%/packages/patches/gcc-6-cross-environment-variables.patch \
%D%/packages/patches/gcj-arm-mode.patch \
- %D%/packages/patches/gd-CVE-2016-7568.patch \
- %D%/packages/patches/gd-CVE-2016-8670.patch \
%D%/packages/patches/gd-fix-chunk-size-on-boundaries.patch \
%D%/packages/patches/gd-fix-gd2-read-test.patch \
%D%/packages/patches/gd-fix-tests-on-i686.patch \
@@ -661,10 +662,6 @@ dist_patch_DATA = \
%D%/packages/patches/liba52-link-with-libm.patch \
%D%/packages/patches/liba52-set-soname.patch \
%D%/packages/patches/liba52-use-mtune-not-mcpu.patch \
- %D%/packages/patches/libarchive-7zip-heap-overflow.patch \
- %D%/packages/patches/libarchive-fix-symlink-check.patch \
- %D%/packages/patches/libarchive-fix-filesystem-attacks.patch \
- %D%/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch \
%D%/packages/patches/libbonobo-activation-test-race.patch \
%D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \
%D%/packages/patches/libcmis-fix-test-onedrive.patch \
@@ -801,7 +798,6 @@ dist_patch_DATA = \
%D%/packages/patches/patchelf-rework-for-arm.patch \
%D%/packages/patches/patchutils-xfail-gendiff-tests.patch \
%D%/packages/patches/patch-hurd-path-max.patch \
- %D%/packages/patches/pcre-CVE-2016-3191.patch \
%D%/packages/patches/pcre2-CVE-2016-3191.patch \
%D%/packages/patches/perl-autosplit-default-time.patch \
%D%/packages/patches/perl-deterministic-ordering.patch \
@@ -876,7 +872,6 @@ dist_patch_DATA = \
%D%/packages/patches/ruby-puma-ignore-broken-test.patch \
%D%/packages/patches/ruby-rack-ignore-failing-test.patch \
%D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
- %D%/packages/patches/sed-hurd-path-max.patch \
%D%/packages/patches/scheme48-tests.patch \
%D%/packages/patches/scotch-test-threading.patch \
%D%/packages/patches/sdl-libx11-1.6.patch \
@@ -898,6 +893,7 @@ dist_patch_DATA = \
%D%/packages/patches/t1lib-CVE-2010-2642.patch \
%D%/packages/patches/t1lib-CVE-2011-0764.patch \
%D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \
+ %D%/packages/patches/tar-CVE-2016-6321.patch \
%D%/packages/patches/tar-skip-unreliable-tests.patch \
%D%/packages/patches/tcl-mkindex-deterministic.patch \
%D%/packages/patches/tclxml-3.2-install.patch \
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 96aececbbf..f286a8a34f 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -112,20 +112,23 @@ usual file attributes can be checked for inconsistencies.")
(define-public progress
(package
(name "progress")
- (version "0.13")
+ (version "0.13.1")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/Xfennec/"
name "/archive/v" version ".tar.gz"))
(sha256
- (base32 "133iar4vq5vlklydb4cyazjy6slmpbndrws474mg738bd8avc30n"))
+ (base32 "199rk6608q9m6l0fbjm0xl2w1c5krf8245dqnksdp4rqp7l9ak06"))
(file-name (string-append name "-" version ".tar.gz"))))
(build-system gnu-build-system)
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("which" ,which)))
(inputs
`(("ncurses" ,ncurses)))
(arguments
`(#:tests? #f ; There is no test suite.
- #:make-flags (list "CC=gcc" "LDFLAGS+=-lncurses"
+ #:make-flags (list "CC=gcc"
(string-append "PREFIX=" (assoc-ref %outputs "out")))
#:phases
(modify-phases %standard-phases
diff --git a/gnu/packages/attr.scm b/gnu/packages/attr.scm
index 907a568bdd..4dbe09ceca 100644
--- a/gnu/packages/attr.scm
+++ b/gnu/packages/attr.scm
@@ -54,7 +54,7 @@
;; Use the right shell.
(substitute* "test/run"
(("/bin/sh")
- (which "bash")))
+ (which "sh")))
;; When building natively, run the tests.
(unless target
diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm
index 72492e70eb..442c87c1f1 100644
--- a/gnu/packages/autotools.scm
+++ b/gnu/packages/autotools.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2014 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 David Thompson <davet@gnu.org>
+;;; Copyright © 2017 ng0 <ng0@libertad.pw>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -26,6 +27,7 @@
#:use-module (gnu packages)
#:use-module (gnu packages perl)
#:use-module (gnu packages m4)
+ #:use-module (gnu packages man)
#:use-module (gnu packages bash)
#:use-module (guix utils)
#:use-module (guix packages)
@@ -300,6 +302,7 @@ Makefile, simplifying the entire process for the developer.")
(propagated-inputs `(("m4" ,m4)))
(native-inputs `(("m4" ,m4)
("perl" ,perl)
+ ("help2man" ,help2man) ;because we modify ltmain.sh
("automake" ,automake) ;some tests rely on 'aclocal'
("autoconf" ,(autoconf-wrapper)))) ;others on 'autom4te'
@@ -313,21 +316,27 @@ Makefile, simplifying the entire process for the developer.")
(or (%current-target-system)
(%current-system))))
- #:phases (alist-cons-before
- 'check 'pre-check
- (lambda* (#:key inputs #:allow-other-keys)
- ;; Run the test suite in parallel, if possible.
- (setenv "TESTSUITEFLAGS"
- (string-append
- "-j"
- (number->string (parallel-job-count))))
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'check 'pre-check
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; Run the test suite in parallel, if possible.
+ (setenv "TESTSUITEFLAGS"
+ (string-append
+ "-j"
+ (number->string (parallel-job-count))))
+ ;; Patch references to /bin/sh.
+ (let ((bash (assoc-ref inputs "bash")))
+ (substitute* "tests/testsuite"
+ (("/bin/sh")
+ (string-append bash "/bin/sh")))
+ #t)))
+ (add-after 'patch-source-shebangs 'restore-ltmain-shebang
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "build-aux/ltmain.in"
+ (("^#!.*/bin/sh$") "#!/bin/sh"))
+ #t)))))
- ;; Path references to /bin/sh.
- (let ((bash (assoc-ref inputs "bash")))
- (substitute* "tests/testsuite"
- (("/bin/sh")
- (string-append bash "/bin/bash")))))
- %standard-phases)))
(synopsis "Generic shared library support tools")
(description
"GNU Libtool helps in the creation and use of shared libraries, by
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 8dbe32ebdd..cc83a2ef79 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -181,20 +181,15 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
- (version "3.2.1")
+ (version "3.2.2")
(source
(origin
(method url-fetch)
(uri (string-append "http://libarchive.org/downloads/libarchive-"
version ".tar.gz"))
- (patches (search-patches
- "libarchive-7zip-heap-overflow.patch"
- "libarchive-fix-symlink-check.patch"
- "libarchive-fix-filesystem-attacks.patch"
- "libarchive-safe_fprintf-buffer-overflow.patch"))
(sha256
(base32
- "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj"))))
+ "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739"))))
(build-system gnu-build-system)
;; TODO: Add -L/path/to/nettle in libarchive.pc.
(inputs
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index c75e038289..703274d0cd 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
@@ -78,14 +78,14 @@ command-line arguments, multiple languages, and so on.")
(define-public grep
(package
(name "grep")
- (version "2.25")
+ (version "2.27")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/grep/grep-"
version ".tar.xz"))
(sha256
(base32
- "0c38b67cnwchwzv4wq2gpz6smkhdxrac2hhssv8f0l04qnx867p2"))
+ "1syadppgpxpfhpwhhqcsibrn131azypzps5aicx1qjh74d6w8k5d"))
(patches (search-patches "grep-timing-sensitive-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl))) ;some of the tests require it
@@ -118,30 +118,36 @@ including, for example, recursive directory searching.")
(define-public sed
(package
(name "sed")
- (version "4.2.2")
+ (version "4.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/sed/sed-" version
- ".tar.bz2"))
+ ".tar.xz"))
(sha256
(base32
- "1myvrmh99jsvk7v3d7crm0gcrq51hmmm1r2kjyyci152in1x2j7h"))
- (patches (search-patches "sed-hurd-path-max.patch"))))
+ "1anhdgah8h423hlmn9hwzxzr7hjbqjm6hxq3z1p7p7nf8640vhj7"))))
(build-system gnu-build-system)
(synopsis "Stream editor")
(arguments
- (if (%current-target-system)
- '()
- `(#:phases (alist-cons-before
- 'patch-source-shebangs 'patch-test-suite
- (lambda* (#:key inputs #:allow-other-keys)
- (let ((bash (assoc-ref inputs "bash")))
- (patch-makefile-SHELL "testsuite/Makefile.tests")
- (substitute* '("testsuite/bsd.sh"
- "testsuite/bug-regex9.c")
- (("/bin/sh")
- (string-append bash "/bin/bash")))))
- %standard-phases))))
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'dont-rebuild-sed.1
+ (lambda _
+ ;; Make sure we do not attempt to rebuild 'doc/sed.1', which does
+ ;; not work when cross-compiling because we cannot run 'sed'.
+ ;; This is fixed upstream as commit a0a25e3.
+ (substitute* "Makefile.in"
+ (("^doc/sed\\.1:.*")
+ "doc/sed.1:\n"))
+ #t))
+ (add-before 'patch-source-shebangs 'patch-test-suite
+ (lambda* (#:key inputs #:allow-other-keys)
+ (patch-makefile-SHELL "testsuite/Makefile.tests")
+ (substitute* '("testsuite/bsd.sh"
+ "testsuite/bug-regex9.c")
+ (("/bin/sh")
+ (which "sh")))
+ #t)))))
(description
"Sed is a non-interactive, text stream editor. It receives a text
input from a file or from standard input and it then applies a series of text
@@ -149,7 +155,7 @@ editing commands to the stream and prints its output to standard output. It
is often used for substituting text patterns in a stream. The GNU
implementation offers several extensions over the standard utility.")
(license gpl3+)
- (home-page "http://www.gnu.org/software/sed/")))
+ (home-page "https://www.gnu.org/software/sed/")))
(define-public tar
(package
@@ -162,7 +168,8 @@ implementation offers several extensions over the standard utility.")
(sha256
(base32
"097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"))
- (patches (search-patches "tar-skip-unreliable-tests.patch"))))
+ (patches (search-patches "tar-CVE-2016-6321.patch"
+ "tar-skip-unreliable-tests.patch"))))
(build-system gnu-build-system)
;; Note: test suite requires ~1GiB of disk space.
(arguments
@@ -277,14 +284,15 @@ used to apply commands with arbitrarily long arguments.")
(define-public coreutils
(package
(name "coreutils")
- (version "8.25")
+ (version "8.26")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/coreutils/coreutils-"
version ".tar.xz"))
(sha256
(base32
- "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii"))))
+ "13lspazc7xkviy93qz7ks9jv4sldvgmwpq36ghrbrqpq93br8phm"))
+ (patches (search-patches "coreutils-fix-cross-compilation.patch"))))
(build-system gnu-build-system)
(inputs `(("acl" ,acl) ; TODO: add SELinux
("gmp" ,gmp) ;bignums in 'expr', yay!
@@ -362,7 +370,7 @@ functionality beyond that which is outlined in the POSIX standard.")
(let ((bash (assoc-ref inputs "bash")))
(substitute* "job.c"
(("default_shell =.*$")
- (format #f "default_shell = \"~a/bin/bash\";\n"
+ (format #f "default_shell = \"~a/bin/sh\";\n"
bash)))))))))
(synopsis "Remake files automatically")
(description
@@ -619,14 +627,14 @@ store.")
;; Same for `popen'.
(substitute* "libio/iopopen.c"
(("/bin/sh")
- (string-append bash "/bin/bash")))
+ (string-append bash "/bin/sh")))
;; Same for the shell used by the 'exec' functions for
;; scripts that lack a shebang.
(substitute* (find-files "." "^paths\\.h$")
(("#define[[:blank:]]+_PATH_BSHELL[[:blank:]].*$")
(string-append "#define _PATH_BSHELL \""
- bash "/bin/bash\"\n")))
+ bash "/bin/sh\"\n")))
;; Nscd uses __DATE__ and __TIME__ to create a string to
;; make sure the client and server come from the same
@@ -715,7 +723,21 @@ with the Linux kernel.")
;; Use the right 'pwd'.
(substitute* "configure"
(("/bin/pwd") "pwd")))
- ,original-phases)))
+ (alist-replace
+ 'build
+ (lambda _
+ ;; Force mach/hurd/libpthread subdirs to build first in order to avoid
+ ;; linking errors.
+ ;; See <https://lists.gnu.org/archive/html/bug-hurd/2016-11/msg00045.html>
+ (let ((-j (list "-j" (number->string (parallel-job-count)))))
+ (let-syntax ((make (syntax-rules ()
+ ((_ target)
+ (zero? (apply system* "make" target -j))))))
+ (and (make "mach/subdir_lib")
+ (make "hurd/subdir_lib")
+ (make "libpthread/subdir_lib")
+ (zero? (apply system* "make" -j))))))
+ ,original-phases))))
((#:configure-flags original-configure-flags)
`(append (list "--host=i586-pc-gnu"
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index d328d711d1..96ebe991e4 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -1,7 +1,8 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -38,7 +39,7 @@
(define (patch-url seqno)
"Return the URL of Bash patch number SEQNO."
- (format #f "mirror://gnu/bash/bash-4.3-patches/bash43-~3,'0d" seqno))
+ (format #f "mirror://gnu/bash/bash-4.4-patches/bash44-~3,'0d" seqno))
(define (bash-patch seqno sha256)
"Return the origin of Bash patch SEQNO, with expected hash SHA256"
@@ -54,7 +55,18 @@
(define %patch-series-4.4
;; This is the current patches series for 4.4, generated using
;; 'download-patches' below.
- (patch-series))
+ (patch-series
+ (1 "03vzy7qwjdd5qvl3ydg99naazas2qmyd0yhnrflgjbbm64axja1y")
+ (2 "0lrwq6vyqism3yqv9s7kzaf3dsl4q5w9r5svcqz279qp7qca083h")
+ (3 "1chqww2rj6g42b8s60q5zlzy0jzp684jkpsbrbfy1vzxja8mmpsi")
+ (4 "1cy8abf96hkrjhw921ndr0shlcnc52bg45rn6xri4v5clhq0l25d")
+ (5 "0a8515kyk4zsgmvlqvlganjfr7pq0j6kzpr4d6xx02kpbdr4n7i2")
+ (6 "1f24wgqngmj2mrj9yibwvc2zvlmn5xi53mnw777g3l40c4m2x3ka")
+ (7 "1bzdsnqaf05gdbqpsixhan8vygjxpcxlz1dd8d9f5jdznw3wq76y")
+ (8 "1firw915mjm03hbbw9a70ch3cpgrgnvqjpllgdnn6csr8q04f546")
+ (9 "0g1l56kvw61rpw7dqa9fcl9llkl693h73g631hrhxlm030ddssqb")
+ (10 "01lfhrkdsdkdz8ypzapr614ras23x7ckjnr60aa5bzkaqprccrc4")
+ (11 "038p7mhnq9m65g505hi3827jkf9f35nd1cy00w8mwafpyxp44mnx")))
(define (download-patches store count)
"Download COUNT Bash patches into store. Return a list of
@@ -159,6 +171,13 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
(rename-file (string-append out "/lib/pkgconfig")
(string-append include
"/lib/pkgconfig"))
+
+ ;; Don't capture the absolute file name of 'install' to avoid
+ ;; retaining a dependency on Coreutils.
+ (substitute* (string-append (lib include)
+ "/Makefile.inc")
+ (("^INSTALL =.*")
+ "INSTALL = install -c\n"))
#t))))))
(native-search-paths
diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm
index 992a11bac0..b9732374d7 100644
--- a/gnu/packages/bdw-gc.scm
+++ b/gnu/packages/bdw-gc.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -24,24 +25,23 @@
#:use-module (guix build-system gnu)
#:use-module (gnu packages pkg-config))
-(define-public libgc-7.2
+(define-public libgc
(package
(name "libgc")
- (version "7.2f")
+ (version "7.6.0")
(source (origin
(method url-fetch)
(uri (string-append "http://www.hboehm.info/gc/gc_source/gc-"
version ".tar.gz"))
(sha256
(base32
- "119x7p1cqw40mpwj80xfq879l9m1dkc7vbc1f3bz3kvkf8bf6p16"))))
+ "143x7g0d0k6250ai6m2x3l4y352mzizi4wbgrmahxscv2aqjhjm1"))))
(build-system gnu-build-system)
(arguments
- ;; Make it so that we don't rely on /proc. This is especially useful in
- ;; an initrd run before /proc is mounted.
- '(#:configure-flags '("CPPFLAGS=-DUSE_LIBC_PRIVATES"
- ;; Install gc_cpp.h et al.
+ '(#:configure-flags '(;; Install gc_cpp.h et al.
"--enable-cplusplus")))
+ (native-inputs `(("pkg-config" ,pkg-config)))
+ (inputs `(("libatomic-ops" ,libatomic-ops)))
(outputs '("out" "debug"))
(synopsis "The Boehm-Demers-Weiser conservative garbage collector
for C and C++")
@@ -67,7 +67,7 @@ C or C++ programs, though that is not its primary goal.")
(define-public libatomic-ops
(package
(name "libatomic-ops")
- (version "7.4.2")
+ (version "7.4.4")
(source (origin
(method url-fetch)
(uri (string-append
@@ -75,7 +75,7 @@ C or C++ programs, though that is not its primary goal.")
version ".tar.gz"))
(sha256
(base32
- "1pdm0h1y7bgkczr8byg20r6bq15m5072cqm5pny4f9crc9gn3yh4"))))
+ "13vg5fqwil17zpf4hj4h8rh3blzmym693lkdjgvwpgni1mh0l8dz"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(synopsis "Accessing hardware atomic memory update operations")
@@ -88,21 +88,3 @@ lock-free code, experiment with thread programming paradigms, etc.")
;; Some source files are X11-style, others are GPLv2+.
(license gpl2+)))
-
-(define-public libgc
- (package (inherit libgc-7.2)
- (version "7.4.2")
- (source (origin
- (method url-fetch)
- (uri (string-append "http://www.hboehm.info/gc/gc_source/gc-"
- version ".tar.gz"))
- (sha256
- (base32
- "18mg28rr6kwr5clc65k4l4hkyy4kd16amx831sjf8q2lqkbhlck3"))))
-
- ;; New dependencies.
- (native-inputs `(("pkg-config" ,pkg-config)))
- (inputs `(("libatomic-ops" ,libatomic-ops)))
-
- ;; 'USE_LIBC_PRIVATES' is now the default.
- (arguments '(#:configure-flags '("--enable-cplusplus")))))
diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index c8d94c8303..3be6e1246c 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -167,6 +167,7 @@ successful, or false to signal an error."
((string=? system "i586-gnu") "/lib/ld.so.1")
((string=? system "i686-gnu") "/lib/ld.so.1")
((string=? system "aarch64-linux") "/lib/ld-linux-aarch64.so.1")
+ ((string=? system "powerpc-linux") "/lib/ld.so.1")
;; XXX: This one is used bare-bones, without a libc, so add a case
;; here just so we can keep going.
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 7df1d3fca9..675852fb57 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
@@ -172,6 +172,26 @@
,cf)))))
(inputs %boot0-inputs))))
+(define libstdc++-boot0
+ ;; GCC's libcc1 is always built as a shared library (the top-level
+ ;; 'Makefile.def' forcefully adds --enable-shared) and thus needs to refer
+ ;; to libstdc++.so. We cannot build libstdc++-5.3 because it relies on
+ ;; C++14 features missing in our bootstrap compiler.
+ (let ((lib (package-with-bootstrap-guile (make-libstdc++ gcc-4.9))))
+ (package
+ (inherit lib)
+ (name "libstdc++-boot0")
+ (arguments
+ `(#:guile ,%bootstrap-guile
+ #:implicit-inputs? #f
+
+ ;; XXX: libstdc++.so NEEDs ld.so for some reason.
+ #:validate-runpath? #f
+
+ ,@(package-arguments lib)))
+ (inputs %boot0-inputs)
+ (native-inputs '()))))
+
(define gcc-boot0
(package-with-bootstrap-guile
(package (inherit gcc)
@@ -257,6 +277,9 @@
("mpc-source" ,(package-source mpc))
("binutils-cross" ,binutils-boot0)
+ ;; The libstdc++ that libcc1 links against.
+ ("libstdc++" ,libstdc++-boot0)
+
;; Call it differently so that the builder can check whether
;; the "libc" input is #f.
("libc-native" ,@(assoc-ref %boot0-inputs "libc"))
@@ -424,14 +447,8 @@ the bootstrap environment."
(define ld-wrapper-boot0
;; We need this so binaries on Hurd will have libmachuser and libhurduser
;; in their RUNPATH, otherwise validate-runpath will fail.
- ;;
- ;; XXX: Work around <http://bugs.gnu.org/24832> by fixing the name and
- ;; triplet on GNU/Linux. For GNU/Hurd, use the right triplet.
- (make-ld-wrapper (string-append "ld-wrapper-" "x86_64-guix-linux-gnu")
- #:target (lambda (system)
- (if (string-suffix? "-linux" system)
- "x86_64-guix-linux-gnu"
- (boot-triplet system)))
+ (make-ld-wrapper "ld-wrapper-boot0"
+ #:target boot-triplet
#:binutils binutils-boot0
#:guile %bootstrap-guile
#:bash (car (assoc-ref %boot0-inputs "bash"))))
@@ -783,12 +800,17 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
(define bash-final
;; Link with `-static-libgcc' to make sure we don't retain a reference
;; to the bootstrap GCC.
- ;; FIXME: This depends on 'bootstrap-binaries' via Makefile.in.
- (package-with-bootstrap-guile
- (package-with-explicit-inputs (static-libgcc-package bash)
- %boot3-inputs
- (current-source-location)
- #:guile %bootstrap-guile)))
+ (let ((bash (package
+ (inherit bash)
+ (arguments
+ `(#:disallowed-references
+ ,(assoc-ref %boot3-inputs "coreutils&co")
+ ,@(package-arguments bash))))))
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs (static-libgcc-package bash)
+ %boot3-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile))))
(define %boot4-inputs
;; Now use the final Bash.
@@ -987,10 +1009,10 @@ and binaries, plus debugging symbols in the 'debug' output), and Binutils.")
(gcc-toolchain gcc-4.8))
(define-public gcc-toolchain-4.9
- (gcc-toolchain gcc-final))
+ (gcc-toolchain gcc-4.9))
(define-public gcc-toolchain-5
- (gcc-toolchain gcc-5))
+ (gcc-toolchain gcc-final))
(define-public gcc-toolchain-6
(gcc-toolchain gcc-6))
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 73a35030e9..e0eca4ef9f 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -7,7 +7,7 @@
;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -52,7 +52,7 @@
(define-public zlib
(package
(name "zlib")
- (version "1.2.8")
+ (version "1.2.11")
(source
(origin
(method url-fetch)
@@ -62,24 +62,24 @@
version "/zlib-" version ".tar.gz")))
(sha256
(base32
- "039agw5rqvqny92cpkrfn243x2gd4xn13hs3xi6isk55d2vqqr9n"))))
+ "18dighcs333gsvajvvgqp8l4cx7h1x7yx9gd5xacnk80spyykrf3"))))
(build-system gnu-build-system)
(arguments
- `(#:phases (alist-replace
- 'configure
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Zlib's home-made `configure' fails when passed
- ;; extra flags like `--enable-fast-install', so we need to
- ;; invoke it with just what it understand.
- (let ((out (assoc-ref outputs "out")))
- ;; 'configure' doesn't understand '--host'.
- ,@(if (%current-target-system)
- `((setenv "CHOST" ,(%current-target-system)))
- '())
- (zero?
- (system* "./configure"
- (string-append "--prefix=" out)))))
- %standard-phases)))
+ `(#:phases
+ (modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Zlib's home-made `configure' fails when passed
+ ;; extra flags like `--enable-fast-install', so we need to
+ ;; invoke it with just what it understand.
+ (let ((out (assoc-ref outputs "out")))
+ ;; 'configure' doesn't understand '--host'.
+ ,@(if (%current-target-system)
+ `((setenv "CHOST" ,(%current-target-system)))
+ '())
+ (zero?
+ (system* "./configure"
+ (string-append "--prefix=" out)))))))))
(home-page "http://zlib.net/")
(synopsis "Compression library")
(description
diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm
index a3dfb8f477..47e0958193 100644
--- a/gnu/packages/cross-base.scm
+++ b/gnu/packages/cross-base.scm
@@ -281,7 +281,7 @@ GCC that does not target a libc; otherwise, target that libc."
(setenv "ARCH" ,(system->linux-architecture target))
(format #t "`ARCH' set to `~a' (cross compiling)~%" (getenv "ARCH"))
- (and (zero? (system* "make" "defconfig"))
+ (and (zero? (system* "make" ,(system->defconfig target)))
(zero? (system* "make" "mrproper" "headers_check"))))
,phases))))
(native-inputs `(("cross-gcc" ,xgcc)
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 39ab41c192..94f8e91f17 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -52,7 +52,6 @@
(define-public cups-filters
(package
(name "cups-filters")
- (replacement cups-filters/fixed)
(version "1.13.1")
(source(origin
(method url-fetch)
@@ -135,13 +134,6 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
license:lgpl2.0+
license:expat))))
-(define mupdf/fixed-instead-of-mupdf
- (package-input-rewriting `((,mupdf . ,(@@ (gnu packages pdf) mupdf/fixed)))))
-
-;;; Fix CVE-2016-10132 and CVE-2016-10133. See mupdf/fixed for more information.
-(define cups-filters/fixed
- (mupdf/fixed-instead-of-mupdf cups-filters))
-
;; CUPS on non-MacOS systems requires cups-filters. Since cups-filters also
;; depends on CUPS libraries and binaries, cups-minimal has been added to
;; satisfy this dependency.
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 7329d870de..ec982ef65b 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -3,7 +3,7 @@
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -40,15 +40,14 @@
(define-public curl
(package
(name "curl")
- (replacement curl-7.52.1)
- (version "7.50.3")
+ (version "7.52.1")
(source (origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.lzma"))
(sha256
(base32
- "1spmk0345hq0sgpwxs8d410268lmg3wf1x9v23hxff7wxki5fm4c"))))
+ "0r937wplchjxifxqqcjxd9rzp6l9rqqdfjn41x1y4djrh95nsa24"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.2 MiB of man3 pages
@@ -120,16 +119,3 @@ tunneling, and so on.")
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
-
-(define curl-7.52.1
- (package
- (inherit curl)
- (source
- (let ((version "7.52.1"))
- (origin
- (method url-fetch)
- (uri (string-append "https://curl.haxx.se/download/curl-"
- version ".tar.lzma"))
- (sha256
- (base32
- "0r937wplchjxifxqqcjxd9rzp6l9rqqdfjn41x1y4djrh95nsa24")))))))
diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm
index 62bd718ab9..b48505e5f3 100644
--- a/gnu/packages/cyrus-sasl.scm
+++ b/gnu/packages/cyrus-sasl.scm
@@ -31,7 +31,6 @@
(define-public cyrus-sasl
(package
(name "cyrus-sasl")
- (replacement cyrus-sasl/fixed)
(version "2.1.26")
(source (origin
(method url-fetch)
@@ -41,6 +40,7 @@
(string-append
"ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-"
version ".tar.gz")))
+ (patches (search-patches "cyrus-sasl-CVE-2013-4122.patch"))
(sha256 (base32
"1hvvbcsg21nlncbgs0cgn3iwlnb3vannzwsp6rwvnn9ba4v53g4g"))))
(build-system gnu-build-system)
@@ -66,10 +66,3 @@ server writers.")
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "http://cyrusimap.web.cmu.edu")))
-
-(define cyrus-sasl/fixed
- (package
- (inherit cyrus-sasl)
- (source (origin
- (inherit (package-source cyrus-sasl))
- (patches (search-patches "cyrus-sasl-CVE-2013-4122.patch"))))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 38fcaa1e6d..050ed0e19b 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -663,12 +663,9 @@ for example from a shell script.")
(define-public sqlite
(package
(name "sqlite")
- (version "3.14.1")
+ (version "3.16.2")
(source (origin
(method url-fetch)
- ;; TODO: Download from sqlite.org once this bug :
- ;; http://lists.gnu.org/archive/html/bug-guile/2013-01/msg00027.html
- ;; has been fixed.
(uri (let ((numeric-version
(match (string-split version #\.)
((first-digit other-digits ...)
@@ -678,23 +675,11 @@ for example from a shell script.")
(map (cut string-pad <> 2 #\0)
other-digits))
6 #\0))))))
- (list
- (string-append
- "https://fossies.org/linux/misc/sqlite-autoconf-"
- numeric-version ".tar.gz")
- (string-append
- "http://distfiles.gentoo.org/distfiles/"
- "/sqlite-autoconf-" numeric-version ".tar.gz"))
-
- ;; XXX: As of 2015-09-08, SourceForge is squatting the URL
- ;; below, returning 200 and showing an advertising page.
- ;; (string-append
- ;; "mirror://sourceforge/sqlite.mirror/SQLite%20" version
- ;; "/sqlite-autoconf-" numeric-version ".tar.gz")
- ))
+ (string-append "https://sqlite.org/2017/sqlite-autoconf-"
+ numeric-version ".tar.gz")))
(sha256
(base32
- "19j73j44akqgc6m82wm98yvnmm3mfzmfqr8mp3n7n080d53q4wdw"))))
+ "059n4s9qd35qpbd4g29y9ay99a6f68ad7k65g430rxb6jcz0rk35"))))
(build-system gnu-build-system)
(inputs `(("readline" ,readline)))
(arguments
@@ -705,7 +690,7 @@ for example from a shell script.")
(list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE "
"-DSQLITE_ENABLE_UNLOCK_NOTIFY "
"-DSQLITE_ENABLE_DBSTAT_VTAB"))))
- (home-page "http://www.sqlite.org/")
+ (home-page "https://www.sqlite.org/")
(synopsis "The SQLite database management system")
(description
"SQLite is a software library that implements a self-contained, serverless,
@@ -714,26 +699,6 @@ widely deployed SQL database engine in the world. The source code for SQLite
is in the public domain.")
(license public-domain)))
-(define-public sqlite-3.15.1
- (package (inherit sqlite)
- (version "3.15.1")
- (source (origin
- (method url-fetch)
- (uri (let ((numeric-version
- (match (string-split version #\.)
- ((first-digit other-digits ...)
- (string-append first-digit
- (string-pad-right
- (string-concatenate
- (map (cut string-pad <> 2 #\0)
- other-digits))
- 6 #\0))))))
- (string-append "https://sqlite.org/2016/sqlite-autoconf-"
- numeric-version ".tar.gz")))
- (sha256
- (base32
- "1ig2d9jzzixiifmgqsl6kjcvy17jwxby3s24gfnc5qvyd6vqkyjx"))))))
-
(define-public tdb
(package
(name "tdb")
diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm
index 3668aac19a..5014229952 100644
--- a/gnu/packages/ed.scm
+++ b/gnu/packages/ed.scm
@@ -28,14 +28,14 @@
(define-public ed
(package
(name "ed")
- (version "1.13")
+ (version "1.14.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/ed/ed-"
version ".tar.lz"))
(sha256
(base32
- "1ly7i1iw02vbcd0zrx084z577ngxnarffmkm45dg6vndad5carnd"))))
+ "0ajm69pma7gigddlrq2qi4dsllz9vhm8gqwpkcdagdd2yaw7xfgz"))))
(build-system gnu-build-system)
(native-inputs `(("lzip" ,lzip)))
(arguments
@@ -45,8 +45,9 @@
(add-before 'patch-source-shebangs 'patch-test-suite
(lambda _
(substitute* "testsuite/check.sh"
- (("/bin/sh") (which "sh"))))))))
- (home-page "http://www.gnu.org/software/ed/")
+ (("/bin/sh") (which "sh")))
+ #t)))))
+ (home-page "https://www.gnu.org/software/ed/")
(synopsis "Line-oriented text editor")
(description
"Ed is a line-oriented text editor: rather than offering an overview of
diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm
index c1f74d65ad..d9abbfa4e2 100644
--- a/gnu/packages/flex.scm
+++ b/gnu/packages/flex.scm
@@ -24,6 +24,7 @@
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages m4)
+ #:use-module (gnu packages man)
#:use-module (gnu packages bison)
#:use-module (gnu packages indent)
#:use-module (srfi srfi-1))
@@ -31,29 +32,32 @@
(define-public flex
(package
(name "flex")
- (version "2.6.0")
+ (version "2.6.2")
(source (origin
- (method url-fetch)
- (uri (string-append "mirror://sourceforge/flex/flex-"
- version ".tar.bz2"))
- (patches (search-patches "flex-CVE-2016-6354.patch"))
- (sha256
- (base32
- "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4"))))
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/westes/flex"
+ "/releases/download/v" version "/"
+ "flex-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1jdjghh1qjq3z7snphshcak6p07gch2n4215vjvrkism25x460cs"))))
(build-system gnu-build-system)
(inputs
(let ((bison-for-tests
;; Work around an incompatibility with Bison 3.0:
;; <http://lists.gnu.org/archive/html/bug-bison/2013-09/msg00014.html>.
- (package (inherit bison)
+ (package
+ (inherit bison)
(version "2.7.1")
(source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/bison/bison-"
- version ".tar.xz"))
- (sha256
- (base32
- "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
+ (method url-fetch)
+ (uri (string-append
+ "mirror://gnu/bison/"
+ "bison-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
;; Unlike Bison 3.0, this version did not need Flex for its
;; tests, so it allows us to break the cycle.
@@ -61,9 +65,11 @@
`(("bison" ,bison-for-tests)
("indent" ,indent))))
;; m4 is not present in PATH when cross-building
- (native-inputs `(("m4" ,m4)))
+ (native-inputs
+ `(("help2man" ,help2man)
+ ("m4" ,m4)))
(propagated-inputs `(("m4" ,m4)))
- (home-page "http://flex.sourceforge.net/")
+ (home-page "https://github.com/westes/flex")
(synopsis "Fast lexical analyser generator")
(description
"Flex is a tool for generating scanners. A scanner, sometimes
@@ -78,23 +84,4 @@ is run, it analyzes its input for occurrences of text matching the
regular expressions for each rule. Whenever it finds a match, it
executes the corresponding C code.")
(license (non-copyleft "file://COPYING"
- "See COPYING in the distribution."))))
-
-(define-public flex-2.6.1
- ;; The kservice and solid packages use flex. extra-cmake-modules
- ;; forces C89 for all C files for compatibility with windows.
- ;; Flex 2.6.0 generates a lexer containing a single line comment. Single
- ;; line comments are part of the C99 standard, so the lexer won't compile
- ;; if C89 is used.
- (package
- (inherit flex)
- (version "2.6.1")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/westes/flex"
- "/releases/download/v" version "/"
- "flex-" version ".tar.gz"))
- (sha256
- (base32
- "0fy14c35yz2m1n1m4f02by3501fn0cca37zn7jp8lpp4b3kgjhrw"))))))
+ "See COPYING in the distribution."))))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 60cff2e330..1ffb427529 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -46,13 +46,13 @@
(define-public freetype
(package
(name "freetype")
- (version "2.6.3")
+ (version "2.7")
(source (origin
(method url-fetch)
(uri (string-append "mirror://savannah/freetype/freetype-"
version ".tar.bz2"))
(sha256 (base32
- "18k3b026762lmyrxfil5xv8qwnvj7hc12gz9bjqzbb12lmx707ip"))))
+ "0j3xgzn6pchgg1nm294vhx7cdicb7x3x8kwnlcm7v1alnzsm396n"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@@ -69,7 +69,7 @@ It supports both bitmap and scalable formats, including TrueType, OpenType,
Type1, CID, CFF, Windows FON/FNT, X11 PCF, and others. It supports high-speed
anti-aliased glyph bitmap generation with 256 gray levels.")
(license license:freetype) ; some files have other licenses
- (home-page "http://www.freetype.org/")))
+ (home-page "https://www.freetype.org/")))
(define-public ttfautohint
(package
diff --git a/gnu/packages/gawk.scm b/gnu/packages/gawk.scm
index 86f01335a8..280e3d3cff 100644
--- a/gnu/packages/gawk.scm
+++ b/gnu/packages/gawk.scm
@@ -47,7 +47,7 @@
(let ((bash (assoc-ref inputs "bash")))
(substitute* "io.c"
(("/bin/sh")
- (string-append bash "/bin/bash")))
+ (string-append bash "/bin/sh")))
;; When cross-compiling, remove dependencies on the
;; `check-for-shared-lib-support' target, which tries
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index cfd33f85ab..075642ebd1 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -204,17 +205,18 @@ where the OS part is overloaded to denote a specific ABI---into GCC
(for-each
(lambda (x)
(substitute* (find-files "gcc/config"
- "^linux(64|-elf|-eabi)?\\.h$")
- (("(#define GLIBC_DYNAMIC_LINKER.*)\\\\\n$" _ line)
+ "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$")
+ (("(#define (GLIBC|GNU_USER)_DYNAMIC_LINKER.*)\\\\\n$" _ line)
line)))
'(1 2 3))
;; Fix the dynamic linker's file name.
(substitute* (find-files "gcc/config"
- "^(linux|gnu)(64|-elf|-eabi)?\\.h$")
- (("#define GLIBC_DYNAMIC_LINKER([^ ]*).*$" _ suffix)
- (format #f "#define GLIBC_DYNAMIC_LINKER~a \"~a\"~%"
- suffix
+ "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$")
+ (("#define (GLIBC|GNU_USER)_DYNAMIC_LINKER([^ ]*).*$"
+ _ gnu-user suffix)
+ (format #f "#define ~a_DYNAMIC_LINKER~a \"~a\"~%"
+ gnu-user suffix
(string-append libc ,(glibc-dynamic-linker)))))
;; Tell where to find libstdc++, libc, and `?crt*.o', except
@@ -240,7 +242,21 @@ where the OS part is overloaded to denote a specific ABI---into GCC
(format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\"
#define STANDARD_STARTFILE_PREFIX_2 \"\"
~a"
- libc line))))
+ libc line)))
+
+ ;; The rs6000 (a.k.a. powerpc) config in GCC does not use
+ ;; GNU_USER_* defines. Do the above for this case.
+ (substitute*
+ "gcc/config/rs6000/sysv4.h"
+ (("#define LIB_LINUX_SPEC (.*)$" _ suffix)
+ (format #f "#define LIB_LINUX_SPEC \
+\"-L~a/lib %{!static:-rpath=~a/lib %{!static-libgcc:-rpath=~a/lib -lgcc_s}} \" ~a"
+ libc libc libdir suffix))
+ (("#define STARTFILE_LINUX_SPEC.*$" line)
+ (format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\"
+#define STANDARD_STARTFILE_PREFIX_2 \"\"
+~a"
+ libc line))))
;; Don't retain a dependency on the build-time sed.
(substitute* "fixincludes/fixincl.x"
@@ -358,8 +374,11 @@ Go. It also includes runtime support libraries for these languages.")
(sha256
(base32
"0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0"))
- (patches (search-patches "gcc-strmov-store-file-names.patch"
- "gcc-5.0-libvtv-runpath.patch"))))))
+ (patches (search-patches "gcc-arm-bug-71399.patch"
+ "gcc-strmov-store-file-names.patch"
+ "gcc-5.0-libvtv-runpath.patch"
+ "gcc-5-source-date-epoch-1.patch"
+ "gcc-5-source-date-epoch-2.patch"))))))
(define-public gcc-6
(package
@@ -377,7 +396,7 @@ Go. It also includes runtime support libraries for these languages.")
;; Note: When changing the default gcc version, update
;; the gcc-toolchain-* definitions accordingly.
-(define-public gcc gcc-4.9)
+(define-public gcc gcc-5)
(define-public (make-libstdc++ gcc)
"Return a libstdc++ package based on GCC. The primary use case is when
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index 713f7ae91e..1c2be119b1 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -36,12 +36,11 @@
(define-public gd
(package
(name "gd")
- (replacement gd-2.2.4)
;; Note: With libgd.org now pointing to github.com, genuine old
;; tarballs are no longer available. Notably, versions 2.0.x are
;; missing.
- (version "2.2.3")
+ (version "2.2.4")
(source (origin
(method url-fetch)
@@ -50,12 +49,21 @@
version "/libgd-" version ".tar.xz"))
(sha256
(base32
- "0g3xz8jpz1pl2zzmssglrpa9nxiaa7rmcmvgpbrjz8k9cyynqsvl"))
- (patches (search-patches "gd-CVE-2016-7568.patch"
- "gd-CVE-2016-8670.patch"
- "gd-fix-gd2-read-test.patch"
+ "1rp4v7n1dq38b92kl7gkvpvqqkw7nvdfnz6d5kip5klkxfki6zqk"))
+ (patches (search-patches "gd-fix-gd2-read-test.patch"
"gd-fix-tests-on-i686.patch"))))
(build-system gnu-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ ;; This test is known to fail on i686-linux:
+ ;; https://github.com/libgd/libgd/issues/359
+ ;; TODO Replace this substitution with an upstream bug fix.
+ (add-after 'unpack 'disable-failing-test
+ (lambda _
+ (substitute* "tests/gdimagegrayscale/basic.c"
+ (("return gdNumFailures\\(\\)")
+ "return 0")))))))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
@@ -78,32 +86,6 @@ most common applications of GD involve website development.")
"See COPYING file in the distribution."))
(properties '((cpe-name . "libgd")))))
-(define gd-2.2.4
- (package
- (inherit gd)
- (version "2.2.4")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://github.com/libgd/libgd/releases/download/"
- "gd-" version "/libgd-" version ".tar.xz"))
- (patches (search-patches "gd-fix-gd2-read-test.patch"
- "gd-fix-tests-on-i686.patch"))
- (sha256
- (base32
- "1rp4v7n1dq38b92kl7gkvpvqqkw7nvdfnz6d5kip5klkxfki6zqk"))))
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- ;; This test is known to fail on i686-linux:
- ;; https://github.com/libgd/libgd/issues/359
- ;; TODO Replace this substitution with an upstream bug fix.
- (add-after 'unpack 'disable-failing-test
- (lambda _
- (substitute* "tests/gdimagegrayscale/basic.c"
- (("return gdNumFailures\\(\\)")
- "return 0")))))))))
-
(define-public perl-gd
(package
(name "perl-gd")
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index a00448a8c6..dcbed69e3e 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -39,12 +39,12 @@
(define-public lcms
(package
(name "lcms")
- (replacement lcms/fixed)
(version "2.6")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/lcms/lcms/" version
"/lcms2-" version ".tar.gz"))
+ (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))
(sha256 (base32
"1c8lgq8gfs3nyplvbx9k8wzfj6r2bqi3f611vb1m8z3476454wji"))))
(build-system gnu-build-system)
@@ -59,14 +59,6 @@ Consortium standard (ICC), approved as ISO 15076-1.")
(license license:x11)
(home-page "http://www.littlecms.com/")))
-(define lcms/fixed
- (package
- (inherit lcms)
- (source
- (origin
- (inherit (package-source lcms))
- (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))))))
-
(define-public libpaper
(package
(name "libpaper")
@@ -177,9 +169,9 @@ printing, and psresize, for adjusting page sizes.")
(add-after 'configure 'patch-config-files
(lambda _
(substitute* "base/all-arch.mak"
- (("/bin/sh") (which "bash")))
+ (("/bin/sh") (which "sh")))
(substitute* "base/unixhead.mak"
- (("/bin/sh") (which "bash")))))
+ (("/bin/sh") (which "sh")))))
(add-after 'configure 'remove-doc-reference
(lambda _
;; Don't retain a reference to the 'doc' output in 'gs'.
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index befd29961c..2be26447a3 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -58,7 +58,7 @@
(define-public libgpg-error
(package
(name "libgpg-error")
- (version "1.24")
+ (version "1.25")
(source
(origin
(method url-fetch)
@@ -66,7 +66,7 @@
version ".tar.bz2"))
(sha256
(base32
- "0h75sf1ngr750c3fjfn4583q7wz40qm63jhg8vjfdrbx936f2s4j"))))
+ "031jc5196fdcxn2g61i1pdabvdbxxcdi4j7jbaq3hfs38dcgfa7n"))))
(build-system gnu-build-system)
(home-page "https://gnupg.org")
(synopsis "Library of error values for GnuPG components")
@@ -82,14 +82,14 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
- (version "1.7.3")
+ (version "1.7.6")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
- "0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x"))))
+ "1g05prhgqw4ryd0w433q8nhds0h93kf47hfjagi2r7dghkpaysk2"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error-host" ,libgpg-error)))
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index ba45a6389b..393ee886db 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -134,15 +134,15 @@ without requiring the source code to be rewritten.")
(define-public guile-2.0
(package
(name "guile")
- (version "2.0.12")
- (replacement guile-2.0.13) ;CVE-2016-8606 and CVE-2016-8605
+ (version "2.0.13")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/guile/guile-" version
".tar.xz"))
(sha256
(base32
- "1sdpjq0jf1h65w29q0zprj4x6kdp5jskkvbnlwphy9lvdxrqg0fy"))))
+ "12yqkr974y91ylgw6jnmci2v90i90s7h9vxa4zk0sai8vjnz4i1p"))
+ (patches (search-patches "guile-repl-server-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("pkgconfig" ,pkg-config)))
(inputs `(("libffi" ,libffi)
@@ -215,19 +215,6 @@ without requiring the source code to be rewritten.")
(properties '((hidden? . #t))) ;people should install 'guile-2.0'
(replacement #f)))
-(define guile-2.0.13
- (package
- (inherit guile-2.0)
- (version "2.0.13")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/guile/guile-" version
- ".tar.xz"))
- (sha256
- (base32
- "12yqkr974y91ylgw6jnmci2v90i90s7h9vxa4zk0sai8vjnz4i1p"))
- (patches (search-patches "guile-repl-server-test.patch"))))))
-
(define-public guile-next
(package (inherit guile-2.0)
(name "guile-next")
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 13723bf585..d842f03b4e 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -28,20 +29,17 @@
(define-public icu4c
(package
(name "icu4c")
- (version "55.1")
+ (version "58.2")
(source (origin
(method url-fetch)
(uri (string-append
- "mirror://sourceforge/icu/ICU4C/"
+ "http://download.icu-project.org/files/icu4c/"
version
"/icu4c-"
(string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
"-src.tgz"))
(sha256
- (base32 "0ys5f5spizg45qlaa31j2lhgry0jka2gfha527n4ndfxxz5j4sz1"))
- (patches (search-patches "icu4c-CVE-2014-6585.patch"
- "icu4c-CVE-2015-1270.patch"
- "icu4c-CVE-2015-4760.patch"))))
+ (base32 "036shcb3f8bm1lynhlsb4kpjm9s9c2vdiir01vg216rs2l8482ib"))))
(build-system gnu-build-system)
(inputs
`(("perl" ,perl)))
@@ -55,18 +53,9 @@
'("--with-data-packaging=archive")
'()))
#:phases
- (alist-cons-after
- 'unpack 'chdir-to-source
- (lambda _ (chdir "source"))
- (alist-cons-before
- 'configure 'patch-configure
- (lambda _
- ;; patch out two occurrences of /bin/sh from configure script
- ;; that might have disappeared in a release later than 54.1
- (substitute* "configure"
- (("`/bin/sh")
- (string-append "`" (which "bash")))))
- %standard-phases))))
+ (modify-phases %standard-phases
+ (add-after 'unpack 'chdir-to-source
+ (lambda _ (chdir "source") #t)))))
(synopsis "International Components for Unicode")
(description
"ICU is a set of C/C++ and Java libraries providing Unicode and
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 54b7dd6e22..59113e3066 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -65,7 +65,6 @@
(define-public libpng
(package
(name "libpng")
- (replacement libpng/fixed)
(version "1.6.25")
(source (origin
(method url-fetch)
@@ -76,6 +75,7 @@
(string-append
"ftp://ftp.simplesystems.org/pub/libpng/png/src"
"/libpng15/libpng-" version ".tar.xz")))
+ (patches (search-patches "libpng-CVE-2016-10087.patch"))
(sha256
(base32 "04c8inn745hw25wz2dc5vll5n5d2gsndj01i4srwzgz8861qvzh9"))))
(build-system gnu-build-system)
@@ -90,18 +90,9 @@ library. It supports almost all PNG features and is extensible.")
(license license:zlib)
(home-page "http://www.libpng.org/pub/png/libpng.html")))
-(define libpng/fixed
- (package
- (inherit libpng)
- (source
- (origin
- (inherit (package-source libpng))
- (patches (search-patches "libpng-CVE-2016-10087.patch"))))))
-
(define-public libpng-1.2
(package
(inherit libpng)
- (replacement #f)
(version "1.2.57")
(source
(origin
@@ -259,12 +250,27 @@ extracting icontainer icon files.")
(define-public libtiff
(package
(name "libtiff")
- (replacement libtiff/fixed)
(version "4.0.7")
(source (origin
(method url-fetch)
(uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
version ".tar.gz"))
+ (patches (search-patches "libtiff-heap-overflow-tiffcp.patch"
+ "libtiff-null-dereference.patch"
+ "libtiff-heap-overflow-tif-dirread.patch"
+ "libtiff-heap-overflow-pixarlog-luv.patch"
+ "libtiff-divide-by-zero.patch"
+ "libtiff-divide-by-zero-ojpeg.patch"
+ "libtiff-tiffcp-underflow.patch"
+ "libtiff-invalid-read.patch"
+ "libtiff-CVE-2016-10092.patch"
+ "libtiff-heap-overflow-tiffcrop.patch"
+ "libtiff-divide-by-zero-tiffcrop.patch"
+ "libtiff-CVE-2016-10093.patch"
+ "libtiff-divide-by-zero-tiffcp.patch"
+ "libtiff-assertion-failure.patch"
+ "libtiff-CVE-2016-10094.patch"
+ "libtiff-CVE-2017-5225.patch"))
(sha256
(base32
"06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz"))))
@@ -292,29 +298,6 @@ collection of tools for doing simple manipulations of TIFF images.")
"See COPYRIGHT in the distribution."))
(home-page "http://www.simplesystems.org/libtiff/")))
-(define libtiff/fixed
- (package
- (inherit libtiff)
- (source
- (origin
- (inherit (package-source libtiff))
- (patches (search-patches "libtiff-heap-overflow-tiffcp.patch"
- "libtiff-null-dereference.patch"
- "libtiff-heap-overflow-tif-dirread.patch"
- "libtiff-heap-overflow-pixarlog-luv.patch"
- "libtiff-divide-by-zero.patch"
- "libtiff-divide-by-zero-ojpeg.patch"
- "libtiff-tiffcp-underflow.patch"
- "libtiff-invalid-read.patch"
- "libtiff-CVE-2016-10092.patch"
- "libtiff-heap-overflow-tiffcrop.patch"
- "libtiff-divide-by-zero-tiffcrop.patch"
- "libtiff-CVE-2016-10093.patch"
- "libtiff-divide-by-zero-tiffcp.patch"
- "libtiff-assertion-failure.patch"
- "libtiff-CVE-2016-10094.patch"
- "libtiff-CVE-2017-5225.patch"))))))
-
(define-public libwmf
(package
(name "libwmf")
@@ -446,8 +429,7 @@ work.")
(define-public openjpeg
(package
(name "openjpeg")
- (replacement openjpeg-2.1.2)
- (version "2.1.1")
+ (version "2.1.2")
(source
(origin
(method url-fetch)
@@ -457,9 +439,11 @@ work.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "1anv0rjkbxw9kx91wvlfpb3dhppibda6kb1papny46bjzi3pzhl2"))
+ "19yz4g0c45sm8y1z01j9djsrl1mkz3pmw7fykc6hkvrqymp7prsc"))
(patches (search-patches "openjpeg-CVE-2016-5157.patch"
- "openjpeg-CVE-2016-7163.patch"))))
+ "openjpeg-CVE-2016-7163.patch"
+ "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"
+ "openjpeg-CVE-2016-9572-CVE-2016-9573.patch"))))
(build-system cmake-build-system)
(arguments
;; Trying to run `$ make check' results in a no rule fault.
@@ -483,28 +467,9 @@ error-resilience, a Java-viewer for j2k-images, ...")
(home-page "https://github.com/uclouvain/openjpeg")
(license license:bsd-2)))
-(define openjpeg-2.1.2
- (package
- (inherit openjpeg)
- (name "openjpeg")
- (version "2.1.2")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://github.com/uclouvain/openjpeg/archive/v"
- version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
- (sha256
- (base32
- "19yz4g0c45sm8y1z01j9djsrl1mkz3pmw7fykc6hkvrqymp7prsc"))
- (patches
- (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"
- "openjpeg-CVE-2016-9572-CVE-2016-9573.patch"))))))
-
(define-public openjpeg-1
(package (inherit openjpeg)
(name "openjpeg")
- (replacement #f)
(version "1.5.2")
(source
(origin
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index 36c2851567..86a5853366 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -1117,11 +1117,7 @@ which are used in DBus communication.")
(native-inputs
`(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules)
- ;; extra-cmake-modules forces C89 for all C files for compatibility with
- ;; Windows. Flex 2.6.0 generates a lexer containing a single line
- ;; comment. Single line comments are part of the C99 standard, so the
- ;; lexer won't compile if C89 is used.
- ("flex" ,flex-2.6.1)
+ ("flex" ,flex)
("qttools" ,qttools)))
(inputs
`(("qtbase" ,qtbase)
@@ -2535,11 +2531,7 @@ typed.")
(native-inputs
`(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules)
- ;; extra-cmake-modules forces C89 for all C files for compatibility with
- ;; Windows. Flex 2.6.0 generates a lexer containing a single line
- ;; comment. Single line comments are part of the C99 standard, so the
- ;; lexer won't compile if C89 is used.
- ("flex" ,flex-2.6.1)))
+ ("flex" ,flex)))
(inputs
`(("kcrash" ,kcrash)
("kdbusaddons" ,kdbusaddons)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index b6d25f4a23..9f042bd707 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -42,7 +42,7 @@
(define-public mit-krb5
(package
(name "mit-krb5")
- (version "1.14.3")
+ (version "1.14.4")
(source (origin
(method url-fetch)
(uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
@@ -50,7 +50,7 @@
"/krb5-" version ".tar.gz"))
(sha256
(base32
- "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind"))))
+ "158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3"))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
@@ -78,7 +78,7 @@
(let ((perl (assoc-ref inputs "perl")))
(substitute* "plugins/kdb/db2/libdb2/test/run.test"
(("/bin/cat") (string-append perl "/bin/perl"))
- (("D/bin/sh") (string-append "D" (which "bash")))
+ (("D/bin/sh") (string-append "D" (which "sh")))
(("bindir=/bin/.") (string-append "bindir=" perl "/bin"))))
;; avoid service names since /etc/services is unavailable
diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm
index a9779d4ffd..212bec4b49 100644
--- a/gnu/packages/libunistring.scm
+++ b/gnu/packages/libunistring.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
@@ -28,15 +29,15 @@
(define-public libunistring
(package
(name "libunistring")
- (version "0.9.6")
+ (version "0.9.7")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://gnu/libunistring/libunistring-"
- version ".tar.gz"))
+ version ".tar.xz"))
(sha256
(base32
- "0ixxmgpgh2v8ifm6hbwsjxl023myk3dfnj7wnvmqjivza31fw9cn"))))
+ "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf"))))
(propagated-inputs (libiconv-if-needed))
(build-system gnu-build-system)
(arguments
@@ -49,5 +50,5 @@
"GNU libunistring is a library providing functions to manipulate
Unicode strings and for manipulating C strings according to the Unicode
standard.")
- (home-page "http://www.gnu.org/software/libunistring/")
- (license lgpl3+)))
+ (home-page "https://www.gnu.org/software/libunistring/")
+ (license (list lgpl3+ gpl2))))
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index def4be52cd..e5615c0e5b 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -17,6 +17,7 @@
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
+;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com>
;;; Copyright © 2016 ng0 <ng0@libertad.pw>
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.com>
@@ -104,6 +105,13 @@
((string-prefix? "aarch64" arch) "arm64")
(else arch))))
+(define-public (system->defconfig system)
+ "Some systems (notably powerpc-linux) require a special target for kernel
+defconfig. Return the appropiate make target if applicable, otherwise return
+\"defconfig\"."
+ (cond ((string-prefix? "powerpc-" system) "pmac32_defconfig")
+ (else "defconfig")))
+
(define (linux-libre-urls version)
"Return a list of URLs for Linux-Libre VERSION."
(list (string-append
@@ -143,11 +151,13 @@
(lambda _
(let ((arch ,(system->linux-architecture
(or (%current-target-system)
- (%current-system)))))
+ (%current-system))))
+ (defconfig ,(system->defconfig
+ (or (%current-target-system)
+ (%current-system)))))
(setenv "ARCH" arch)
(format #t "`ARCH' set to `~a'~%" (getenv "ARCH"))
-
- (and (zero? (system* "make" "defconfig"))
+ (and (zero? (system* "make" defconfig))
(zero? (system* "make" "mrproper" "headers_check"))))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
@@ -456,7 +466,7 @@ providing the system administrator with some help in common tasks.")
(define-public util-linux
(package
(name "util-linux")
- (version "2.28.1")
+ (version "2.28.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/utils/"
@@ -464,7 +474,7 @@ providing the system administrator with some help in common tasks.")
name "-" version ".tar.xz"))
(sha256
(base32
- "03xnaw3c7pavxvvh1vnimcr44hlhhf25whawiyv8dxsflfj4xkiy"))
+ "1kgh16j3ywzf5gdz4vq6v3dyc5qsi377p11clj9xxgi0dwa3g7dq"))
(patches (search-patches "util-linux-tests.patch"))
(modules '((guix build utils)))
(snippet
@@ -480,7 +490,7 @@ providing the system administrator with some help in common tasks.")
"static")) ; >2 MiB of static .a libraries
(arguments
`(#:configure-flags (list "--disable-use-tty-group"
-
+ "--enable-fs-paths-default=/run/current-system/profile/sbin"
;; Install completions where our
;; bash-completion package expects them.
(string-append "--with-bashcompletiondir="
@@ -1167,7 +1177,7 @@ advanced aspects of IP configuration (iptunnel, ipmaddr).")
(define-public libcap
(package
(name "libcap")
- (version "2.24")
+ (version "2.25")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1175,7 +1185,7 @@ advanced aspects of IP configuration (iptunnel, ipmaddr).")
"libcap2/libcap-" version ".tar.xz"))
(sha256
(base32
- "0rbc9qbqs5bp9am9s9g83wxj5k4ixps2agy9dxr1v1fwg27mdr6f"))))
+ "0qjiqc5pknaal57453nxcbz3mn1r4hkyywam41wfcglq3v2qlg39"))))
(build-system gnu-build-system)
(arguments '(#:phases
(modify-phases %standard-phases
diff --git a/gnu/packages/m4.scm b/gnu/packages/m4.scm
index d1ba928768..3ee8142e7a 100644
--- a/gnu/packages/m4.scm
+++ b/gnu/packages/m4.scm
@@ -26,14 +26,14 @@
(define-public m4
(package
(name "m4")
- (version "1.4.17")
+ (version "1.4.18")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/m4/m4-"
- version ".tar.bz2"))
+ version ".tar.xz"))
(sha256
(base32
- "0w0da1chh12mczxa5lnwzjk9czi3dq6gnnndbpa6w4rj76b1yklf"))))
+ "01sfjd5a4waqw83bibvmn522g69qfqvwig9i2qlgy154l1nfihgj"))))
(build-system gnu-build-system)
(arguments
`(;; Explicitly disable tests when cross-compiling, otherwise 'make check'
@@ -50,7 +50,7 @@
(substitute* (find-files "tests"
"posix_spawn")
(("/bin/sh")
- (format #f "~a/bin/bash" bash)))))
+ (format #f "~a/bin/sh" bash)))))
%standard-phases)))
(synopsis "Macro processor")
(description
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index e5c614cee7..d2a559c084 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -416,8 +416,9 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
;; the 'pre-configure phase of our main gcc package, because
;; that shared library is not present in this static gcc. See
;; <https://lists.gnu.org/archive/html/guix-devel/2015-01/msg00008.html>.
- (substitute* (find-files "gcc/config"
- "^gnu-user.*\\.h$")
+ (substitute* (cons "gcc/config/rs6000/sysv4.h"
+ (find-files "gcc/config"
+ "^gnu-user.*\\.h$"))
((" -lgcc_s}}") "}}")))
,phases)))))
(native-inputs
diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm
index 36e35ca00c..b6d2d7f4af 100644
--- a/gnu/packages/multiprecision.scm
+++ b/gnu/packages/multiprecision.scm
@@ -32,7 +32,7 @@
(define-public gmp
(package
(name "gmp")
- (version "6.1.1")
+ (version "6.1.2")
(source (origin
(method url-fetch)
(uri
@@ -40,7 +40,7 @@
version ".tar.xz"))
(sha256
(base32
- "0cg84n482gcvl0s4xq4wgwsk4r0x0m8dnzpizwqdd2j8vw2rqvnk"))
+ "04hrwahdxyqdik559604r7wrj9ffklwvipgfxgj4ys4skbl6bdc7"))
(patches (search-patches "gmp-faulty-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("m4" ,m4)))
@@ -87,13 +87,13 @@ cryptography and computational algebra.")
(define-public mpfr
(package
(name "mpfr")
- (version "3.1.4")
+ (version "3.1.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/mpfr/mpfr-" version
".tar.xz"))
(sha256 (base32
- "1x8pcnpn1vxfzfsr0js07rwhwyq27fmdzcfjpzi5773ldnqi653n"))))
+ "1g32l2fg8f62lcyzzh88y3fsh6rk539qc6ahhdgvx7wpnf1dwpq1"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h>
diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm
index 6949e1e03f..d725a71c0d 100644
--- a/gnu/packages/ncurses.scm
+++ b/gnu/packages/ncurses.scm
@@ -30,6 +30,7 @@
#:use-module (guix build-system perl)
#:use-module (gnu packages)
#:use-module (gnu packages perl)
+ #:use-module (gnu packages pkg-config)
#:use-module (gnu packages swig)
#:use-module (guix utils))
@@ -87,7 +88,7 @@
(let ((out (assoc-ref outputs "out")))
;; When building a wide-character (Unicode) build, create backward
;; compatibility links from the the "normal" libraries to the
- ;; wide-character libraries (e.g. libncurses.so to libncursesw.so).
+ ;; wide-character ones (e.g. libncurses.so to libncursesw.so).
,@(if (target-mingw?)
'( ;; TODO: create .la files to link to the .dll?
(with-directory-excursion (string-append out "/bin")
@@ -116,7 +117,11 @@
(define lib.so.x
(string-append "lib" lib ".so.6"))
(define lib.so
- (string-append "lib" lib ".so")))
+ (string-append "lib" lib ".so"))
+ (define packagew.pc
+ (string-append lib "w.pc"))
+ (define package.pc
+ (string-append lib ".pc")))
'())
(when (file-exists? libw.a)
@@ -127,7 +132,12 @@
(false-if-exception (delete-file lib.so))
(call-with-output-file lib.so
(lambda (p)
- (format p "INPUT (-l~aw)~%" lib))))
+ (format p "INPUT (-l~aw)~%" lib)))
+ (with-directory-excursion "pkgconfig"
+ (format #t "creating symlink for `~a'~%"
+ package.pc)
+ (when (file-exists? packagew.pc)
+ (symlink packagew.pc package.pc))))
'())))
'("curses" "ncurses" "form" "panel" "menu")))))))
`(#:configure-flags
@@ -135,6 +145,11 @@
'quasiquote
`(("--with-shared" "--without-debug" "--enable-widec"
+ "--enable-pc-files"
+ ,(list 'unquote '(string-append "--with-pkg-config-libdir="
+ (assoc-ref %outputs "out")
+ "/lib/pkgconfig"))
+
;; By default headers land in an `ncursesw' subdir, which is not
;; what users expect.
,(list 'unquote '(string-append "--includedir=" (assoc-ref %outputs "out")
@@ -157,6 +172,8 @@
(add-after 'unpack 'remove-unneeded-shebang
,remove-shebang-phase)))))
(self-native-input? #t) ; for `tic'
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
(native-search-paths
(list (search-path-specification
(variable "TERMINFO_DIRS")
diff --git a/gnu/packages/nettle.scm b/gnu/packages/nettle.scm
index d1203dfe75..e4e0eedc05 100644
--- a/gnu/packages/nettle.scm
+++ b/gnu/packages/nettle.scm
@@ -47,7 +47,7 @@
(outputs '("out" "debug"))
(native-inputs `(("m4" ,m4)))
(propagated-inputs `(("gmp" ,gmp)))
- (home-page "http://www.lysator.liu.se/~nisse/nettle/")
+ (home-page "https://www.lysator.liu.se/~nisse/nettle/")
(synopsis "C library for low-level cryptographic functionality")
(description
"GNU Nettle is a low-level cryptographic library. It is designed to
@@ -60,14 +60,14 @@ themselves.")
;; This version is not API-compatible with version 2. In particular, lsh
;; cannot use it yet. So keep it separate.
(package (inherit nettle-2)
- (version "3.2")
+ (version "3.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/nettle/nettle-"
version ".tar.gz"))
(sha256
(base32
- "15wxhk52yc62rx0pddmry66hqm6z5brrrkx4npd3wh9nybg86hpa"))))
+ "07mif3af077763vc35s1x8vzhzlgqcgxh67c1xr13jnhslkjd526"))))
(arguments
(substitute-keyword-arguments (package-arguments nettle-2)
((#:configure-flags flags)
diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
new file mode 100644
index 0000000000..3f0d35c33e
--- /dev/null
+++ b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
@@ -0,0 +1,15 @@
+Coreutils fails to cross compile for other platforms because cu_install_program
+is not being evaluated properly. This patch fixes it.
+See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html>
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -5023,7 +5023,7 @@ pr = progs-readme
+ @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall
+
+ # Use the just-built 'ginstall', when not cross-compiling.
+-@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@
++@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@
+ info_TEXINFOS = doc/coreutils.texi
+ doc_coreutils_TEXINFOS = \
+ doc/perm.texi \
+
diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch
deleted file mode 100644
index 1f3cb028d4..0000000000
--- a/gnu/packages/patches/flex-CVE-2016-6354.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
-https://security-tracker.debian.org/tracker/CVE-2016-6354
-
-Patch copied from upstream source repository:
-https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
-
-From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
-From: Will Estes <westes575@gmail.com>
-Date: Sat, 27 Feb 2016 11:56:05 -0500
-Subject: [PATCH] Fixed incorrect integer type
-
----
- src/flex.skl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/flex.skl b/src/flex.skl
-index 36a526a..64f853d 100644
---- a/src/flex.skl
-+++ b/src/flex.skl
-@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
-
- else
- {
-- yy_size_t num_to_read =
-+ int num_to_read =
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )
diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-1.patch b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch
new file mode 100644
index 0000000000..8c94a026b3
--- /dev/null
+++ b/gnu/packages/patches/gcc-5-source-date-epoch-1.patch
@@ -0,0 +1,190 @@
+Make GCC respect SOURCE_DATE_EPOCH in __DATE__ and __TIME__ macros.
+
+Patch adapted from upstream source repository:
+
+https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934
+
+From e3e8c48c4a494d9da741c1c8ea6c4c0b7c4ff934 Mon Sep 17 00:00:00 2001
+From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Thu, 28 Apr 2016 09:12:05 +0000
+Subject: [PATCH] gcc/c-family/ChangeLog:
+
+diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
+index 1bf5d080034..6f0898a38d7 100644
+--- a/gcc/c-family/c-common.c
++++ b/gcc/c-family/c-common.c
+@@ -12318,4 +12318,37 @@ pointer_to_zero_sized_aggr_p (tree t)
+ return (TYPE_SIZE (t) && integer_zerop (TYPE_SIZE (t)));
+ }
+
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++ timestamp to replace embedded current dates to get reproducible
++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++time_t
++get_source_date_epoch ()
++{
++ char *source_date_epoch;
++ long long epoch;
++ char *endptr;
++
++ source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
++ if (!source_date_epoch)
++ return (time_t) -1;
++
++ errno = 0;
++ epoch = strtoll (source_date_epoch, &endptr, 10);
++ if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN))
++ || (errno != 0 && epoch == 0))
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "strtoll: %s\n", xstrerror(errno));
++ if (endptr == source_date_epoch)
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "no digits were found: %s\n", endptr);
++ if (*endptr != '\0')
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "trailing garbage: %s\n", endptr);
++ if (epoch < 0)
++ fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
++ "value must be nonnegative: %lld \n", epoch);
++
++ return (time_t) epoch;
++}
++
+ #include "gt-c-family-c-common.h"
+diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h
+index fdb227f85c3..ba0a5d7df50 100644
+--- a/gcc/c-family/c-common.h
++++ b/gcc/c-family/c-common.h
+@@ -1437,4 +1437,10 @@ extern bool contains_cilk_spawn_stmt (tree);
+ extern tree cilk_for_number_of_iterations (tree);
+ extern bool check_no_cilk (tree, const char *, const char *,
+ location_t loc = UNKNOWN_LOCATION);
++
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++ timestamp to replace embedded current dates to get reproducible
++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++extern time_t get_source_date_epoch (void);
++
+ #endif /* ! GCC_C_COMMON_H */
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+index bb55be8063e..e68471b9d2b 100644
+--- a/gcc/c-family/c-lex.c
++++ b/gcc/c-family/c-lex.c
+@@ -402,6 +402,9 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags,
+ enum cpp_ttype type;
+ unsigned char add_flags = 0;
+ enum overflow_type overflow = OT_NONE;
++ time_t source_date_epoch = get_source_date_epoch ();
++
++ cpp_init_source_date_epoch (parse_in, source_date_epoch);
+
+ timevar_push (TV_CPP);
+ retry:
+diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi
+index 100811dc637..3b5317beb53 100644
+--- a/gcc/doc/cppenv.texi
++++ b/gcc/doc/cppenv.texi
+@@ -79,4 +79,21 @@ main input file is omitted.
+ @ifclear cppmanual
+ @xref{Preprocessor Options}.
+ @end ifclear
++
++@item SOURCE_DATE_EPOCH
++
++If this variable is set, its value specifies a UNIX timestamp to be
++used in replacement of the current date and time in the @code{__DATE__}
++and @code{__TIME__} macros, so that the embedded timestamps become
++reproducible.
++
++The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp,
++defined as the number of seconds (excluding leap seconds) since
++01 Jan 1970 00:00:00 represented in ASCII, identical to the output of
++@samp{@command{date +%s}}.
++
++The value should be a known timestamp such as the last modification
++time of the source or package and it should be set by the build
++process.
++
+ @end vtable
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 1b731d1a3ad..7a5481219be 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -775,6 +775,9 @@ extern void cpp_init_special_builtins (cpp_reader *);
+ /* Set up built-ins like __FILE__. */
+ extern void cpp_init_builtins (cpp_reader *, int);
+
++/* Initialize the source_date_epoch value. */
++extern void cpp_init_source_date_epoch (cpp_reader *, time_t);
++
+ /* This is called after options have been parsed, and partially
+ processed. */
+ extern void cpp_post_options (cpp_reader *);
+diff --git a/libcpp/init.c b/libcpp/init.c
+index 45a4d13ffa3..a8d00f4628b 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -530,6 +530,13 @@ cpp_init_builtins (cpp_reader *pfile, int hosted)
+ _cpp_define_builtin (pfile, "__OBJC__ 1");
+ }
+
++/* Initialize the source_date_epoch value. */
++void
++cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch)
++{
++ pfile->source_date_epoch = source_date_epoch;
++}
++
+ /* Sanity-checks are dependent on command-line options, so it is
+ called as a subroutine of cpp_read_main_file (). */
+ #if ENABLE_CHECKING
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index c2d08168945..8507eba1747 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -502,6 +502,10 @@ struct cpp_reader
+ const unsigned char *date;
+ const unsigned char *time;
+
++ /* Externally set timestamp to replace current date and time useful for
++ reproducibility. */
++ time_t source_date_epoch;
++
+ /* EOF token, and a token forcing paste avoidance. */
+ cpp_token avoid_paste;
+ cpp_token eof;
+diff --git a/libcpp/macro.c b/libcpp/macro.c
+index eb32a6f8c98..3f3b278e97d 100644
+--- a/libcpp/macro.c
++++ b/libcpp/macro.c
+@@ -350,13 +350,20 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node)
+ time_t tt;
+ struct tm *tb = NULL;
+
+- /* (time_t) -1 is a legitimate value for "number of seconds
+- since the Epoch", so we have to do a little dance to
+- distinguish that from a genuine error. */
+- errno = 0;
+- tt = time(NULL);
+- if (tt != (time_t)-1 || errno == 0)
+- tb = localtime (&tt);
++ /* Set a reproducible timestamp for __DATE__ and __TIME__ macro
++ usage if SOURCE_DATE_EPOCH is defined. */
++ if (pfile->source_date_epoch != (time_t) -1)
++ tb = gmtime (&pfile->source_date_epoch);
++ else
++ {
++ /* (time_t) -1 is a legitimate value for "number of seconds
++ since the Epoch", so we have to do a little dance to
++ distinguish that from a genuine error. */
++ errno = 0;
++ tt = time (NULL);
++ if (tt != (time_t)-1 || errno == 0)
++ tb = localtime (&tt);
++ }
+
+ if (tb)
+ {
+--
+2.11.0
+
diff --git a/gnu/packages/patches/gcc-5-source-date-epoch-2.patch b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch
new file mode 100644
index 0000000000..ed2580679a
--- /dev/null
+++ b/gnu/packages/patches/gcc-5-source-date-epoch-2.patch
@@ -0,0 +1,353 @@
+Continuation of the SOURCE_DATE_EPOCH patch.
+
+Patch adapted from upstream source repository:
+
+https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c
+
+From dfa5c0d3f3e23e4fdb14857a42de376d9ff8601c Mon Sep 17 00:00:00 2001
+From: doko <doko@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Wed, 1 Jun 2016 16:42:41 +0000
+Subject: [PATCH] gcc/c-family/ChangeLog:
+
+diff --git a/gcc/c-family/c-common.c b/gcc/c-family/c-common.c
+index 6f0898a38d7..efbc78ef218 100644
+--- a/gcc/c-family/c-common.c
++++ b/gcc/c-family/c-common.c
+@@ -12321,8 +12321,9 @@ pointer_to_zero_sized_aggr_p (tree t)
+ /* Read SOURCE_DATE_EPOCH from environment to have a deterministic
+ timestamp to replace embedded current dates to get reproducible
+ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++
+ time_t
+-get_source_date_epoch ()
++cb_get_source_date_epoch (cpp_reader *pfile ATTRIBUTE_UNUSED)
+ {
+ char *source_date_epoch;
+ long long epoch;
+@@ -12334,19 +12335,14 @@ get_source_date_epoch ()
+
+ errno = 0;
+ epoch = strtoll (source_date_epoch, &endptr, 10);
+- if ((errno == ERANGE && (epoch == LLONG_MAX || epoch == LLONG_MIN))
+- || (errno != 0 && epoch == 0))
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "strtoll: %s\n", xstrerror(errno));
+- if (endptr == source_date_epoch)
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "no digits were found: %s\n", endptr);
+- if (*endptr != '\0')
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "trailing garbage: %s\n", endptr);
+- if (epoch < 0)
+- fatal_error (UNKNOWN_LOCATION, "environment variable $SOURCE_DATE_EPOCH: "
+- "value must be nonnegative: %lld \n", epoch);
++ if (errno != 0 || endptr == source_date_epoch || *endptr != '\0'
++ || epoch < 0 || epoch > MAX_SOURCE_DATE_EPOCH)
++ {
++ error_at (input_location, "environment variable SOURCE_DATE_EPOCH must "
++ "expand to a non-negative integer less than or equal to %wd",
++ MAX_SOURCE_DATE_EPOCH);
++ return (time_t) -1;
++ }
+
+ return (time_t) epoch;
+ }
+diff --git a/gcc/c-family/c-common.h b/gcc/c-family/c-common.h
+index ba0a5d7df50..977ae9df5ea 100644
+--- a/gcc/c-family/c-common.h
++++ b/gcc/c-family/c-common.h
+@@ -1063,6 +1063,16 @@ extern vec<tree, va_gc> *make_tree_vector_copy (const vec<tree, va_gc> *);
+ c_register_builtin_type. */
+ extern GTY(()) tree registered_builtin_types;
+
++/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
++ timestamp to replace embedded current dates to get reproducible
++ results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
++extern time_t cb_get_source_date_epoch (cpp_reader *pfile);
++
++/* The value (as a unix timestamp) corresponds to date
++ "Dec 31 9999 23:59:59 UTC", which is the latest date that __DATE__ and
++ __TIME__ can store. */
++#define MAX_SOURCE_DATE_EPOCH HOST_WIDE_INT_C (253402300799)
++
+ /* In c-gimplify.c */
+ extern void c_genericize (tree);
+ extern int c_gimplify_expr (tree *, gimple_seq *, gimple_seq *);
+@@ -1438,9 +1448,4 @@ extern tree cilk_for_number_of_iterations (tree);
+ extern bool check_no_cilk (tree, const char *, const char *,
+ location_t loc = UNKNOWN_LOCATION);
+
+-/* Read SOURCE_DATE_EPOCH from environment to have a deterministic
+- timestamp to replace embedded current dates to get reproducible
+- results. Returns -1 if SOURCE_DATE_EPOCH is not defined. */
+-extern time_t get_source_date_epoch (void);
+-
+ #endif /* ! GCC_C_COMMON_H */
+diff --git a/gcc/c-family/c-lex.c b/gcc/c-family/c-lex.c
+index e68471b9d2b..3f78073f640 100644
+--- a/gcc/c-family/c-lex.c
++++ b/gcc/c-family/c-lex.c
+@@ -97,6 +97,7 @@ init_c_lex (void)
+ cb->valid_pch = c_common_valid_pch;
+ cb->read_pch = c_common_read_pch;
+ cb->has_attribute = c_common_has_attribute;
++ cb->get_source_date_epoch = cb_get_source_date_epoch;
+
+ /* Set the debug callbacks if we can use them. */
+ if ((debug_info_level == DINFO_LEVEL_VERBOSE
+@@ -402,9 +403,6 @@ c_lex_with_flags (tree *value, location_t *loc, unsigned char *cpp_flags,
+ enum cpp_ttype type;
+ unsigned char add_flags = 0;
+ enum overflow_type overflow = OT_NONE;
+- time_t source_date_epoch = get_source_date_epoch ();
+-
+- cpp_init_source_date_epoch (parse_in, source_date_epoch);
+
+ timevar_push (TV_CPP);
+ retry:
+diff --git a/gcc/doc/cppenv.texi b/gcc/doc/cppenv.texi
+index 3b5317beb53..7b4cf6adc11 100644
+--- a/gcc/doc/cppenv.texi
++++ b/gcc/doc/cppenv.texi
+@@ -81,7 +81,6 @@ main input file is omitted.
+ @end ifclear
+
+ @item SOURCE_DATE_EPOCH
+-
+ If this variable is set, its value specifies a UNIX timestamp to be
+ used in replacement of the current date and time in the @code{__DATE__}
+ and @code{__TIME__} macros, so that the embedded timestamps become
+@@ -89,8 +88,9 @@ reproducible.
+
+ The value of @env{SOURCE_DATE_EPOCH} must be a UNIX timestamp,
+ defined as the number of seconds (excluding leap seconds) since
+-01 Jan 1970 00:00:00 represented in ASCII, identical to the output of
+-@samp{@command{date +%s}}.
++01 Jan 1970 00:00:00 represented in ASCII; identical to the output of
++@samp{@command{date +%s}} on GNU/Linux and other systems that support the
++@code{%s} extension in the @code{date} command.
+
+ The value should be a known timestamp such as the last modification
+ time of the source or package and it should be set by the build
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index d956c36b151..2709f295734 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -3328,6 +3328,29 @@ save_switch (const char *opt, size_t n_args, const char *const *args,
+ n_switches++;
+ }
+
++/* Set the SOURCE_DATE_EPOCH environment variable to the current time if it is
++ not set already. */
++
++static void
++set_source_date_epoch_envvar ()
++{
++ /* Array size is 21 = ceil(log_10(2^64)) + 1 to hold string representations
++ of 64 bit integers. */
++ char source_date_epoch[21];
++ time_t tt;
++
++ errno = 0;
++ tt = time (NULL);
++ if (tt < (time_t) 0 || errno != 0)
++ tt = (time_t) 0;
++
++ snprintf (source_date_epoch, 21, "%llu", (unsigned long long) tt);
++ /* Using setenv instead of xputenv because we want the variable to remain
++ after finalizing so that it's still set in the second run when using
++ -fcompare-debug. */
++ setenv ("SOURCE_DATE_EPOCH", source_date_epoch, 0);
++}
++
+ /* Handle an option DECODED that is unknown to the option-processing
+ machinery. */
+
+@@ -3628,6 +3651,7 @@ driver_handle_option (struct gcc_options *opts,
+ else
+ compare_debug_opt = arg;
+ save_switch (compare_debug_replacement_opt, 0, NULL, validated, true);
++ set_source_date_epoch_envvar ();
+ return true;
+
+ case OPT_fdiagnostics_color_:
+diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c
+new file mode 100644
+index 00000000000..f6aa1a360ff
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-1.c
+@@ -0,0 +1,11 @@
++/* { dg-do run } */
++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "630333296" } */
++
++int
++main(void)
++{
++ __builtin_printf ("%s %s\n", __DATE__, __TIME__);
++ return 0;
++}
++
++/* { dg-output "^Dec 22 1989 12:34:56\n$" } */
+diff --git a/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c
+new file mode 100644
+index 00000000000..ae18362ae87
+--- /dev/null
++++ b/gcc/testsuite/gcc.dg/cpp/source_date_epoch-2.c
+@@ -0,0 +1,12 @@
++/* { dg-do compile } */
++/* { dg-set-compiler-env-var SOURCE_DATE_EPOCH "AAA" } */
++
++/* Make sure that SOURCE_DATE_EPOCH is only parsed once */
++
++int
++main(void)
++{
++ __builtin_printf ("%s %s\n", __DATE__, __TIME__); /* { dg-error "SOURCE_DATE_EPOCH must expand" } */
++ __builtin_printf ("%s %s\n", __DATE__, __TIME__);
++ return 0;
++}
+diff --git a/gcc/testsuite/lib/gcc-dg.exp b/gcc/testsuite/lib/gcc-dg.exp
+index 4fa433d9954..7656b2254a1 100644
+--- a/gcc/testsuite/lib/gcc-dg.exp
++++ b/gcc/testsuite/lib/gcc-dg.exp
+@@ -324,6 +324,38 @@ proc restore-target-env-var { } {
+ }
+ }
+
++proc dg-set-compiler-env-var { args } {
++ global set_compiler_env_var
++ global saved_compiler_env_var
++ if { [llength $args] != 3 } {
++ error "dg-set-compiler-env-var: need two arguments"
++ return
++ }
++ set var [lindex $args 1]
++ set value [lindex $args 2]
++ if [info exists ::env($var)] {
++ lappend saved_compiler_env_var [list $var 1 $::env($var)]
++ } else {
++ lappend saved_compiler_env_var [list $var 0]
++ }
++ setenv $var $value
++ lappend set_compiler_env_var [list $var $value]
++}
++
++proc restore-compiler-env-var { } {
++ global saved_compiler_env_var
++ for { set env_vari [llength $saved_compiler_env_var] } {
++ [incr env_vari -1] >= 0 } {} {
++ set env_var [lindex $saved_compiler_env_var $env_vari]
++ set var [lindex $env_var 0]
++ if [lindex $env_var 1] {
++ setenv $var [lindex $env_var 2]
++ } else {
++ unsetenv $var
++ }
++ }
++}
++
+ # Utility routines.
+
+ #
+@@ -785,6 +817,11 @@ if { [info procs saved-dg-test] == [list] } {
+ if [info exists set_target_env_var] {
+ unset set_target_env_var
+ }
++ if [info exists set_compiler_env_var] {
++ restore-compiler-env-var
++ unset set_compiler_env_var
++ unset saved_compiler_env_var
++ }
+ unset_timeout_vars
+ if [info exists compiler_conditional_xfail_data] {
+ unset compiler_conditional_xfail_data
+diff --git a/libcpp/include/cpplib.h b/libcpp/include/cpplib.h
+index 7a5481219be..867aeebc39f 100644
+--- a/libcpp/include/cpplib.h
++++ b/libcpp/include/cpplib.h
+@@ -585,6 +585,9 @@ struct cpp_callbacks
+
+ /* Callback that can change a user builtin into normal macro. */
+ bool (*user_builtin_macro) (cpp_reader *, cpp_hashnode *);
++
++ /* Callback to parse SOURCE_DATE_EPOCH from environment. */
++ time_t (*get_source_date_epoch) (cpp_reader *);
+ };
+
+ #ifdef VMS
+@@ -775,9 +778,6 @@ extern void cpp_init_special_builtins (cpp_reader *);
+ /* Set up built-ins like __FILE__. */
+ extern void cpp_init_builtins (cpp_reader *, int);
+
+-/* Initialize the source_date_epoch value. */
+-extern void cpp_init_source_date_epoch (cpp_reader *, time_t);
+-
+ /* This is called after options have been parsed, and partially
+ processed. */
+ extern void cpp_post_options (cpp_reader *);
+diff --git a/libcpp/init.c b/libcpp/init.c
+index a8d00f4628b..61c9bbbf945 100644
+--- a/libcpp/init.c
++++ b/libcpp/init.c
+@@ -254,6 +254,9 @@ cpp_create_reader (enum c_lang lang, cpp_hash_table *table,
+ /* Do not force token locations by default. */
+ pfile->forced_token_location_p = NULL;
+
++ /* Initialize source_date_epoch to -2 (not yet set). */
++ pfile->source_date_epoch = (time_t) -2;
++
+ /* The expression parser stack. */
+ _cpp_expand_op_stack (pfile);
+
+@@ -530,13 +533,6 @@ cpp_init_builtins (cpp_reader *pfile, int hosted)
+ _cpp_define_builtin (pfile, "__OBJC__ 1");
+ }
+
+-/* Initialize the source_date_epoch value. */
+-void
+-cpp_init_source_date_epoch (cpp_reader *pfile, time_t source_date_epoch)
+-{
+- pfile->source_date_epoch = source_date_epoch;
+-}
+-
+ /* Sanity-checks are dependent on command-line options, so it is
+ called as a subroutine of cpp_read_main_file (). */
+ #if ENABLE_CHECKING
+diff --git a/libcpp/internal.h b/libcpp/internal.h
+index 8507eba1747..226ae328e76 100644
+--- a/libcpp/internal.h
++++ b/libcpp/internal.h
+@@ -503,7 +503,8 @@ struct cpp_reader
+ const unsigned char *time;
+
+ /* Externally set timestamp to replace current date and time useful for
+- reproducibility. */
++ reproducibility. It should be initialized to -2 (not yet set) and
++ set to -1 to disable it or to a non-negative value to enable it. */
+ time_t source_date_epoch;
+
+ /* EOF token, and a token forcing paste avoidance. */
+diff --git a/libcpp/macro.c b/libcpp/macro.c
+index 3f3b278e97d..756c7c6e0c6 100644
+--- a/libcpp/macro.c
++++ b/libcpp/macro.c
+@@ -351,9 +351,13 @@ _cpp_builtin_macro_text (cpp_reader *pfile, cpp_hashnode *node)
+ struct tm *tb = NULL;
+
+ /* Set a reproducible timestamp for __DATE__ and __TIME__ macro
+- usage if SOURCE_DATE_EPOCH is defined. */
+- if (pfile->source_date_epoch != (time_t) -1)
+- tb = gmtime (&pfile->source_date_epoch);
++ if SOURCE_DATE_EPOCH is defined. */
++ if (pfile->source_date_epoch == (time_t) -2
++ && pfile->cb.get_source_date_epoch != NULL)
++ pfile->source_date_epoch = pfile->cb.get_source_date_epoch (pfile);
++
++ if (pfile->source_date_epoch >= (time_t) 0)
++ tb = gmtime (&pfile->source_date_epoch);
+ else
+ {
+ /* (time_t) -1 is a legitimate value for "number of seconds
+--
+2.11.0
+
diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch
new file mode 100644
index 0000000000..a612c9e00e
--- /dev/null
+++ b/gnu/packages/patches/gcc-libiberty-printf-decl.patch
@@ -0,0 +1,28 @@
+This patch makes the exeception specifier of libiberty's 'asprintf'
+and 'vasprintf' declarations match those of glibc to work around the
+problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>.
+
+The problem in part stems from the fact that libiberty is configured
+without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1
+is configured and built with _GNU_SOURCE, hence the conflicting declarations.
+
+--- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200
++++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200
+@@ -625,7 +625,7 @@ extern int pwait (int, int *, int);
+ /* Like sprintf but provides a pointer to malloc'd storage, which must
+ be freed by the caller. */
+
+-extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2;
++extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2;
+ #endif
+
+ /* Like asprintf but allocates memory without fail. This works like
+@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, ..
+ /* Like vsprintf but provides a pointer to malloc'd storage, which
+ must be freed by the caller. */
+
+-extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0);
++extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0);
+ #endif
+
+ /* Like vasprintf but allocates memory without fail. This works like
diff --git a/gnu/packages/patches/gd-CVE-2016-7568.patch b/gnu/packages/patches/gd-CVE-2016-7568.patch
deleted file mode 100644
index 6a1a63296c..0000000000
--- a/gnu/packages/patches/gd-CVE-2016-7568.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fix CVE-2016-7568 (integer overflow in gdImageWebpCtx()):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f
-
-From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001
-From: trylab <trylab@users.noreply.github.com>
-Date: Tue, 6 Sep 2016 18:35:32 +0800
-Subject: [PATCH] Fix integer overflow in gdImageWebpCtx
-
-Integer overflow can be happened in expression gdImageSX(im) * 4 *
-gdImageSY(im). It could lead to heap buffer overflow in the following
-code. This issue has been reported to the PHP Bug Tracking System. The
-proof-of-concept file will be supplied some days later. This issue was
-discovered by Ke Liu of Tencent's Xuanwu LAB.
----
- src/gd_webp.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/gd_webp.c b/src/gd_webp.c
-index 8eb4dee..9886399 100644
---- a/src/gd_webp.c
-+++ b/src/gd_webp.c
-@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
- quality = 80;
- }
-
-+ if (overflow2(gdImageSX(im), 4)) {
-+ return;
-+ }
-+
-+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
-+ return;
-+ }
-+
- argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
- if (!argb) {
- return;
---
-2.10.0
-
diff --git a/gnu/packages/patches/gd-CVE-2016-8670.patch b/gnu/packages/patches/gd-CVE-2016-8670.patch
deleted file mode 100644
index 39ee99ac31..0000000000
--- a/gnu/packages/patches/gd-CVE-2016-8670.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Fix CVE-2016-8670 (buffer overflow in dynamicGetbuf()):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670
-http://seclists.org/oss-sec/2016/q4/138
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
-
-From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 12 Oct 2016 11:15:32 +0200
-Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion
-
-We make sure to never pass a negative `rlen` as size to memcpy(). See
-also <https://bugs.php.net/bug.php?id=73280>.
-
-Patch provided by Emmanuel Law.
----
- src/gd_io_dp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
-index 135eda3..228bfa5 100644
---- a/src/gd_io_dp.c
-+++ b/src/gd_io_dp.c
-@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
- if(remain >= len) {
- rlen = len;
- } else {
-- if(remain == 0) {
-+ if(remain <= 0) {
- /* 2.0.34: EOF is incorrect. We use 0 for
- * errors and EOF, just like fileGetbuf,
- * which is a simple fread() wrapper.
---
-2.10.1
-
diff --git a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch b/gnu/packages/patches/libarchive-7zip-heap-overflow.patch
deleted file mode 100644
index bef628f0a8..0000000000
--- a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Fix buffer overflow reading 7Zip files:
-
-https://github.com/libarchive/libarchive/issues/761
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126
-
-From 7f17c791dcfd8c0416e2cd2485b19410e47ef126 Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 18 Sep 2016 18:14:58 -0700
-Subject: [PATCH] Issue 761: Heap overflow reading corrupted 7Zip files
-
-The sample file that demonstrated this had multiple 'EmptyStream'
-attributes. The first one ended up being used to calculate
-certain statistics, then was overwritten by the second which
-was incompatible with those statistics.
-
-The fix here is to reject any header with multiple EmptyStream
-attributes. While here, also reject headers with multiple
-EmptyFile, AntiFile, Name, or Attributes markers.
----
- libarchive/archive_read_support_format_7zip.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
-index 1dfe52b..c0a536c 100644
---- a/libarchive/archive_read_support_format_7zip.c
-+++ b/libarchive/archive_read_support_format_7zip.c
-@@ -2431,6 +2431,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
-
- switch (type) {
- case kEmptyStream:
-+ if (h->emptyStreamBools != NULL)
-+ return (-1);
- h->emptyStreamBools = calloc((size_t)zip->numFiles,
- sizeof(*h->emptyStreamBools));
- if (h->emptyStreamBools == NULL)
-@@ -2451,6 +2453,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- return (-1);
- break;
- }
-+ if (h->emptyFileBools != NULL)
-+ return (-1);
- h->emptyFileBools = calloc(empty_streams,
- sizeof(*h->emptyFileBools));
- if (h->emptyFileBools == NULL)
-@@ -2465,6 +2469,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- return (-1);
- break;
- }
-+ if (h->antiBools != NULL)
-+ return (-1);
- h->antiBools = calloc(empty_streams,
- sizeof(*h->antiBools));
- if (h->antiBools == NULL)
-@@ -2491,6 +2497,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- if ((ll & 1) || ll < zip->numFiles * 4)
- return (-1);
-
-+ if (zip->entry_names != NULL)
-+ return (-1);
- zip->entry_names = malloc(ll);
- if (zip->entry_names == NULL)
- return (-1);
-@@ -2543,6 +2551,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- if ((p = header_bytes(a, 2)) == NULL)
- return (-1);
- allAreDefined = *p;
-+ if (h->attrBools != NULL)
-+ return (-1);
- h->attrBools = calloc((size_t)zip->numFiles,
- sizeof(*h->attrBools));
- if (h->attrBools == NULL)
---
-2.10.0
-
diff --git a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch b/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch
deleted file mode 100644
index bce63d5e4e..0000000000
--- a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch
+++ /dev/null
@@ -1,445 +0,0 @@
-This patch fixes two bugs that allow attackers to overwrite or change
-the permissions of arbitrary files:
-
-https://github.com/libarchive/libarchive/issues/745
-https://github.com/libarchive/libarchive/issues/746
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
-
-From dfd6b54ce33960e420fb206d8872fb759b577ad9 Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 11 Sep 2016 13:21:57 -0700
-Subject: [PATCH] Fixes for Issue #745 and Issue #746 from Doran Moppert.
-
----
- libarchive/archive_write_disk_posix.c | 294 ++++++++++++++++++++++++++--------
- 1 file changed, 227 insertions(+), 67 deletions(-)
-
-diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
-index 8f0421e..abe1a86 100644
---- a/libarchive/archive_write_disk_posix.c
-+++ b/libarchive/archive_write_disk_posix.c
-@@ -326,12 +326,14 @@ struct archive_write_disk {
-
- #define HFS_BLOCKS(s) ((s) >> 12)
-
-+static int check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
- static int check_symlinks(struct archive_write_disk *);
- static int create_filesystem_object(struct archive_write_disk *);
- static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
- #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
- static void edit_deep_directories(struct archive_write_disk *ad);
- #endif
-+static int cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
- static int cleanup_pathname(struct archive_write_disk *);
- static int create_dir(struct archive_write_disk *, char *);
- static int create_parent_dir(struct archive_write_disk *, char *);
-@@ -2014,6 +2016,10 @@ create_filesystem_object(struct archive_write_disk *a)
- const char *linkname;
- mode_t final_mode, mode;
- int r;
-+ /* these for check_symlinks_fsobj */
-+ char *linkname_copy; /* non-const copy of linkname */
-+ struct archive_string error_string;
-+ int error_number;
-
- /* We identify hard/symlinks according to the link names. */
- /* Since link(2) and symlink(2) don't handle modes, we're done here. */
-@@ -2022,6 +2028,27 @@ create_filesystem_object(struct archive_write_disk *a)
- #if !HAVE_LINK
- return (EPERM);
- #else
-+ archive_string_init(&error_string);
-+ linkname_copy = strdup(linkname);
-+ if (linkname_copy == NULL) {
-+ return (EPERM);
-+ }
-+ /* TODO: consider using the cleaned-up path as the link target? */
-+ r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags);
-+ if (r != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ free(linkname_copy);
-+ /* EPERM is more appropriate than error_number for our callers */
-+ return (EPERM);
-+ }
-+ r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags);
-+ if (r != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ free(linkname_copy);
-+ /* EPERM is more appropriate than error_number for our callers */
-+ return (EPERM);
-+ }
-+ free(linkname_copy);
- r = link(linkname, a->name) ? errno : 0;
- /*
- * New cpio and pax formats allow hardlink entries
-@@ -2362,115 +2389,228 @@ current_fixup(struct archive_write_disk *a, const char *pathname)
- * recent paths.
- */
- /* TODO: Extend this to support symlinks on Windows Vista and later. */
-+
-+/*
-+ * Checks the given path to see if any elements along it are symlinks. Returns
-+ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
-+ */
- static int
--check_symlinks(struct archive_write_disk *a)
-+check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
- {
- #if !defined(HAVE_LSTAT)
- /* Platform doesn't have lstat, so we can't look for symlinks. */
- (void)a; /* UNUSED */
-+ (void)path; /* UNUSED */
-+ (void)error_number; /* UNUSED */
-+ (void)error_string; /* UNUSED */
-+ (void)flags; /* UNUSED */
- return (ARCHIVE_OK);
- #else
-- char *pn;
-+ int res = ARCHIVE_OK;
-+ char *tail;
-+ char *head;
-+ int last;
- char c;
- int r;
- struct stat st;
-+ int restore_pwd;
-+
-+ /* Nothing to do here if name is empty */
-+ if(path[0] == '\0')
-+ return (ARCHIVE_OK);
-
- /*
- * Guard against symlink tricks. Reject any archive entry whose
- * destination would be altered by a symlink.
-+ *
-+ * Walk the filename in chunks separated by '/'. For each segment:
-+ * - if it doesn't exist, continue
-+ * - if it's symlink, abort or remove it
-+ * - if it's a directory and it's not the last chunk, cd into it
-+ * As we go:
-+ * head points to the current (relative) path
-+ * tail points to the temporary \0 terminating the segment we're currently examining
-+ * c holds what used to be in *tail
-+ * last is 1 if this is the last tail
- */
-- /* Whatever we checked last time doesn't need to be re-checked. */
-- pn = a->name;
-- if (archive_strlen(&(a->path_safe)) > 0) {
-- char *p = a->path_safe.s;
-- while ((*pn != '\0') && (*p == *pn))
-- ++p, ++pn;
-- }
-+ restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
-+ __archive_ensure_cloexec_flag(restore_pwd);
-+ if (restore_pwd < 0)
-+ return (ARCHIVE_FATAL);
-+ head = path;
-+ tail = path;
-+ last = 0;
-+ /* TODO: reintroduce a safe cache here? */
- /* Skip the root directory if the path is absolute. */
-- if(pn == a->name && pn[0] == '/')
-- ++pn;
-- c = pn[0];
-- /* Keep going until we've checked the entire name. */
-- while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
-+ if(tail == path && tail[0] == '/')
-+ ++tail;
-+ /* Keep going until we've checked the entire name.
-+ * head, tail, path all alias the same string, which is
-+ * temporarily zeroed at tail, so be careful restoring the
-+ * stashed (c=tail[0]) for error messages.
-+ * Exiting the loop with break is okay; continue is not.
-+ */
-+ while (!last) {
-+ /* Skip the separator we just consumed, plus any adjacent ones */
-+ while (*tail == '/')
-+ ++tail;
- /* Skip the next path element. */
-- while (*pn != '\0' && *pn != '/')
-- ++pn;
-- c = pn[0];
-- pn[0] = '\0';
-+ while (*tail != '\0' && *tail != '/')
-+ ++tail;
-+ /* is this the last path component? */
-+ last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0');
-+ /* temporarily truncate the string here */
-+ c = tail[0];
-+ tail[0] = '\0';
- /* Check that we haven't hit a symlink. */
-- r = lstat(a->name, &st);
-+ r = lstat(head, &st);
- if (r != 0) {
-+ tail[0] = c;
- /* We've hit a dir that doesn't exist; stop now. */
- if (errno == ENOENT) {
- break;
- } else {
-- /* Note: This effectively disables deep directory
-+ /* Treat any other error as fatal - best to be paranoid here
-+ * Note: This effectively disables deep directory
- * support when security checks are enabled.
- * Otherwise, very long pathnames that trigger
- * an error here could evade the sandbox.
- * TODO: We could do better, but it would probably
- * require merging the symlink checks with the
- * deep-directory editing. */
-- return (ARCHIVE_FAILED);
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not stat %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
-+ }
-+ } else if (S_ISDIR(st.st_mode)) {
-+ if (!last) {
-+ if (chdir(head) != 0) {
-+ tail[0] = c;
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not chdir %s",
-+ path);
-+ res = (ARCHIVE_FATAL);
-+ break;
-+ }
-+ /* Our view is now from inside this dir: */
-+ head = tail + 1;
- }
- } else if (S_ISLNK(st.st_mode)) {
-- if (c == '\0') {
-+ if (last) {
- /*
- * Last element is symlink; remove it
- * so we can overwrite it with the
- * item being extracted.
- */
-- if (unlink(a->name)) {
-- archive_set_error(&a->archive, errno,
-- "Could not remove symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ if (unlink(head)) {
-+ tail[0] = c;
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not remove symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
-- a->pst = NULL;
- /*
- * Even if we did remove it, a warning
- * is in order. The warning is silly,
- * though, if we're just replacing one
- * symlink with another symlink.
- */
-- if (!S_ISLNK(a->mode)) {
-- archive_set_error(&a->archive, 0,
-- "Removing symlink %s",
-- a->name);
-+ tail[0] = c;
-+ /* FIXME: not sure how important this is to restore
-+ if (!S_ISLNK(path)) {
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Removing symlink %s",
-+ path);
- }
-+ */
- /* Symlink gone. No more problem! */
-- pn[0] = c;
-- return (0);
-- } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
-+ res = ARCHIVE_OK;
-+ break;
-+ } else if (flags & ARCHIVE_EXTRACT_UNLINK) {
- /* User asked us to remove problems. */
-- if (unlink(a->name) != 0) {
-- archive_set_error(&a->archive, 0,
-- "Cannot remove intervening symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ if (unlink(head) != 0) {
-+ tail[0] = c;
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Cannot remove intervening symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
-- a->pst = NULL;
-+ tail[0] = c;
- } else {
-- archive_set_error(&a->archive, 0,
-- "Cannot extract through symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ tail[0] = c;
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Cannot extract through symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
- }
-- pn[0] = c;
-- if (pn[0] != '\0')
-- pn++; /* Advance to the next segment. */
-+ /* be sure to always maintain this */
-+ tail[0] = c;
-+ if (tail[0] != '\0')
-+ tail++; /* Advance to the next segment. */
- }
-- pn[0] = c;
-- /* We've checked and/or cleaned the whole path, so remember it. */
-- archive_strcpy(&a->path_safe, a->name);
-- return (ARCHIVE_OK);
-+ /* Catches loop exits via break */
-+ tail[0] = c;
-+#ifdef HAVE_FCHDIR
-+ /* If we changed directory above, restore it here. */
-+ if (restore_pwd >= 0) {
-+ r = fchdir(restore_pwd);
-+ if (r != 0) {
-+ if(error_number) *error_number = errno;
-+ if(error_string)
-+ archive_string_sprintf(error_string,
-+ "chdir() failure");
-+ }
-+ close(restore_pwd);
-+ restore_pwd = -1;
-+ if (r != 0) {
-+ res = (ARCHIVE_FATAL);
-+ }
-+ }
-+#endif
-+ /* TODO: reintroduce a safe cache here? */
-+ return res;
- #endif
- }
-
-+/*
-+ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise
-+ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED}
-+ */
-+static int
-+check_symlinks(struct archive_write_disk *a)
-+{
-+ struct archive_string error_string;
-+ int error_number;
-+ int rc;
-+ archive_string_init(&error_string);
-+ rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags);
-+ if (rc != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ }
-+ archive_string_free(&error_string);
-+ a->pst = NULL; /* to be safe */
-+ return rc;
-+}
-+
-+
- #if defined(__CYGWIN__)
- /*
- * 1. Convert a path separator from '\' to '/' .
-@@ -2544,15 +2684,17 @@ cleanup_pathname_win(struct archive_write_disk *a)
- * is set) if the path is absolute.
- */
- static int
--cleanup_pathname(struct archive_write_disk *a)
-+cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
- {
- char *dest, *src;
- char separator = '\0';
-
-- dest = src = a->name;
-+ dest = src = path;
- if (*src == '\0') {
-- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-- "Invalid empty pathname");
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Invalid empty pathname");
- return (ARCHIVE_FAILED);
- }
-
-@@ -2561,9 +2703,11 @@ cleanup_pathname(struct archive_write_disk *a)
- #endif
- /* Skip leading '/'. */
- if (*src == '/') {
-- if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
-- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-- "Path is absolute");
-+ if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Path is absolute");
- return (ARCHIVE_FAILED);
- }
-
-@@ -2590,10 +2734,11 @@ cleanup_pathname(struct archive_write_disk *a)
- } else if (src[1] == '.') {
- if (src[2] == '/' || src[2] == '\0') {
- /* Conditionally warn about '..' */
-- if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
-- archive_set_error(&a->archive,
-- ARCHIVE_ERRNO_MISC,
-- "Path contains '..'");
-+ if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Path contains '..'");
- return (ARCHIVE_FAILED);
- }
- }
-@@ -2624,7 +2769,7 @@ cleanup_pathname(struct archive_write_disk *a)
- * We've just copied zero or more path elements, not including the
- * final '/'.
- */
-- if (dest == a->name) {
-+ if (dest == path) {
- /*
- * Nothing got copied. The path must have been something
- * like '.' or '/' or './' or '/././././/./'.
-@@ -2639,6 +2784,21 @@ cleanup_pathname(struct archive_write_disk *a)
- return (ARCHIVE_OK);
- }
-
-+static int
-+cleanup_pathname(struct archive_write_disk *a)
-+{
-+ struct archive_string error_string;
-+ int error_number;
-+ int rc;
-+ archive_string_init(&error_string);
-+ rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags);
-+ if (rc != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ }
-+ archive_string_free(&error_string);
-+ return rc;
-+}
-+
- /*
- * Create the parent directory of the specified path, assuming path
- * is already in mutable storage.
diff --git a/gnu/packages/patches/libarchive-fix-symlink-check.patch b/gnu/packages/patches/libarchive-fix-symlink-check.patch
deleted file mode 100644
index f042c31a84..0000000000
--- a/gnu/packages/patches/libarchive-fix-symlink-check.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Make sure to check for symlinks even if the pathname is very long:
-
-https://github.com/libarchive/libarchive/issues/744
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a
-
-From 1fa9c7bf90f0862036a99896b0501c381584451a Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 21 Aug 2016 17:11:45 -0700
-Subject: [PATCH] Issue #744 (part of Issue #743): Enforce sandbox with very
- long pathnames
-
-Because check_symlinks is handled separately from the deep-directory
-support, very long pathnames cause problems. Previously, the code
-ignored most failures to lstat() a path component. In particular,
-this led to check_symlinks always passing for very long paths, which
-in turn provides a way to evade the symlink checks in the sandboxing
-code.
-
-We now fail on unrecognized lstat() failures, which plugs this
-hole at the cost of disabling deep directory support when the
-user requests sandboxing.
-
-TODO: This probably cannot be completely fixed without
-entirely reimplementing the deep directory support to
-integrate the symlink checks. I want to reimplement the
-deep directory hanlding someday anyway; openat() and
-related system calls now provide a much cleaner way to
-handle deep directories than the chdir approach used by this
-code.
----
- libarchive/archive_write_disk_posix.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
-index 39ee3b6..8f0421e 100644
---- a/libarchive/archive_write_disk_posix.c
-+++ b/libarchive/archive_write_disk_posix.c
-@@ -2401,8 +2401,18 @@ check_symlinks(struct archive_write_disk *a)
- r = lstat(a->name, &st);
- if (r != 0) {
- /* We've hit a dir that doesn't exist; stop now. */
-- if (errno == ENOENT)
-+ if (errno == ENOENT) {
- break;
-+ } else {
-+ /* Note: This effectively disables deep directory
-+ * support when security checks are enabled.
-+ * Otherwise, very long pathnames that trigger
-+ * an error here could evade the sandbox.
-+ * TODO: We could do better, but it would probably
-+ * require merging the symlink checks with the
-+ * deep-directory editing. */
-+ return (ARCHIVE_FAILED);
-+ }
- } else if (S_ISLNK(st.st_mode)) {
- if (c == '\0') {
- /*
diff --git a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch b/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch
deleted file mode 100644
index 0e70ac90ce..0000000000
--- a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fixes this buffer overflow:
-https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
-
-Patch copied from upstream source repository:
-https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
-
-From e37b620fe8f14535d737e89a4dcabaed4517bf1a Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 21 Aug 2016 10:51:43 -0700
-Subject: [PATCH] Issue #767: Buffer overflow printing a filename
-
-The safe_fprintf function attempts to ensure clean output for an
-arbitrary sequence of bytes by doing a trial conversion of the
-multibyte characters to wide characters -- if the resulting wide
-character is printable then we pass through the corresponding bytes
-unaltered, otherwise, we convert them to C-style ASCII escapes.
-
-The stack trace in Issue #767 suggest that the 20-byte buffer
-was getting overflowed trying to format a non-printable multibyte
-character. This should only happen if there is a valid multibyte
-character of more than 5 bytes that was unprintable. (Each byte
-would get expanded to a four-charcter octal-style escape of the form
-"\123" resulting in >20 characters for the >5 byte multibyte character.)
-
-I've not been able to reproduce this, but have expanded the conversion
-buffer to 128 bytes on the belief that no multibyte character set
-has a single character of more than 32 bytes.
----
- tar/util.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tar/util.c b/tar/util.c
-index 9ff22f2..2b4aebe 100644
---- a/tar/util.c
-+++ b/tar/util.c
-@@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...)
- }
-
- /* If our output buffer is full, dump it and keep going. */
-- if (i > (sizeof(outbuff) - 20)) {
-+ if (i > (sizeof(outbuff) - 128)) {
- outbuff[i] = '\0';
- fprintf(f, "%s", outbuff);
- i = 0;
diff --git a/gnu/packages/patches/pcre-CVE-2016-3191.patch b/gnu/packages/patches/pcre-CVE-2016-3191.patch
deleted file mode 100644
index 89cce2a36f..0000000000
--- a/gnu/packages/patches/pcre-CVE-2016-3191.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-Fix for CVE-2016-3191.
-See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>.
-This is svn r1631 at <svn://vcs.exim.org/pcre/code>.
-
-Index: trunk/testdata/testoutput11-16
-===================================================================
---- trunk/testdata/testoutput11-16 (revision 1630)
-+++ trunk/testdata/testoutput11-16 (revision 1631)
-@@ -765,4 +765,7 @@
- 25 End
- ------------------------------------------------------------------
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: regular expression is too complicated at offset 490
-+
- /-- End of testinput11 --/
-Index: trunk/testdata/testinput11
-===================================================================
---- trunk/testdata/testinput11 (revision 1630)
-+++ trunk/testdata/testinput11 (revision 1631)
-@@ -138,4 +138,6 @@
-
- /.((?2)(?R)\1)()/B
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+
- /-- End of testinput11 --/
-Index: trunk/testdata/testoutput11-8
-===================================================================
---- trunk/testdata/testoutput11-8 (revision 1630)
-+++ trunk/testdata/testoutput11-8 (revision 1631)
-@@ -765,4 +765,7 @@
- 38 End
- ------------------------------------------------------------------
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: missing ) at offset 509
-+
- /-- End of testinput11 --/
-Index: trunk/testdata/testoutput11-32
-===================================================================
---- trunk/testdata/testoutput11-32 (revision 1630)
-+++ trunk/testdata/testoutput11-32 (revision 1631)
-@@ -765,4 +765,7 @@
- 25 End
- ------------------------------------------------------------------
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: missing ) at offset 509
-+
- /-- End of testinput11 --/
-Index: trunk/pcre_internal.h
-===================================================================
---- trunk/pcre_internal.h (revision 1630)
-+++ trunk/pcre_internal.h (revision 1631)
-@@ -7,7 +7,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
-
- Written by Philip Hazel
-- Copyright (c) 1997-2014 University of Cambridge
-+ Copyright (c) 1997-2016 University of Cambridge
-
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -2289,7 +2289,7 @@
- ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
- ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
- ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
-- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
-+ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
-
- /* JIT compiling modes. The function list is indexed by them. */
-
-Index: trunk/pcre_compile.c
-===================================================================
---- trunk/pcre_compile.c (revision 1630)
-+++ trunk/pcre_compile.c (revision 1631)
-@@ -6,7 +6,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
-
- Written by Philip Hazel
-- Copyright (c) 1997-2014 University of Cambridge
-+ Copyright (c) 1997-2016 University of Cambridge
-
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -560,6 +560,7 @@
- /* 85 */
- "parentheses are too deeply nested (stack check)\0"
- "digits missing in \\x{} or \\o{}\0"
-+ "regular expression is too complicated\0"
- ;
-
- /* Table to identify digits and hex digits. This is used when compiling
-@@ -4591,7 +4592,8 @@
- if (code > cd->start_workspace + cd->workspace_size -
- WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */
- {
-- *errorcodeptr = ERR52;
-+ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
-+ ERR52 : ERR87;
- goto FAILED;
- }
-
-@@ -6626,8 +6628,21 @@
- cd->had_accept = TRUE;
- for (oc = cd->open_caps; oc != NULL; oc = oc->next)
- {
-- *code++ = OP_CLOSE;
-- PUT2INC(code, 0, oc->number);
-+ if (lengthptr != NULL)
-+ {
-+#ifdef COMPILE_PCRE8
-+ *lengthptr += 1 + IMM2_SIZE;
-+#elif defined COMPILE_PCRE16
-+ *lengthptr += 2 + IMM2_SIZE;
-+#elif defined COMPILE_PCRE32
-+ *lengthptr += 4 + IMM2_SIZE;
-+#endif
-+ }
-+ else
-+ {
-+ *code++ = OP_CLOSE;
-+ PUT2INC(code, 0, oc->number);
-+ }
- }
- setverb = *code++ =
- (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
-Index: trunk/pcreposix.c
-===================================================================
---- trunk/pcreposix.c (revision 1630)
-+++ trunk/pcreposix.c (revision 1631)
-@@ -6,7 +6,7 @@
- and semantics are as close as possible to those of the Perl 5 language.
-
- Written by Philip Hazel
-- Copyright (c) 1997-2014 University of Cambridge
-+ Copyright (c) 1997-2016 University of Cambridge
-
- -----------------------------------------------------------------------------
- Redistribution and use in source and binary forms, with or without
-@@ -173,7 +173,8 @@
- REG_BADPAT, /* group name must start with a non-digit */
- /* 85 */
- REG_BADPAT, /* parentheses too deeply nested (stack check) */
-- REG_BADPAT /* missing digits in \x{} or \o{} */
-+ REG_BADPAT, /* missing digits in \x{} or \o{} */
-+ REG_BADPAT /* pattern too complicated */
- };
-
- /* Table of texts corresponding to POSIX error codes */
diff --git a/gnu/packages/patches/sed-hurd-path-max.patch b/gnu/packages/patches/sed-hurd-path-max.patch
deleted file mode 100644
index 5226cba4cb..0000000000
--- a/gnu/packages/patches/sed-hurd-path-max.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-7bb8d35d0330161a5af5341471d0c183a067e8c2
-Author: Jose E. Marchesi <jemarch@gnu.org>
-Date: Sun Oct 6 14:43:38 2013 +0200
-
- Set PATH_MAX to some constant in case it is not defined in system
- headers.
-
- 2013-10-06 Jose E. Marchesi <jemarch@gnu.org>
-
- * basicdefs.h (PATH_MAX): Defined to some constant in case it is
- not defined by system headers.
- * sed/utils.c: Do not include pathmax.h anymore.
- * bootstrap.conf (gnulib_modules): Do not use the gnulib module
- pathmax.
-
-diff --git a/basicdefs.h b/basicdefs.h
-index 0d28a97..09f5beb 100644
---- a/basicdefs.h
-+++ b/basicdefs.h
-@@ -40,6 +41,13 @@ typedef unsigned long countT;
- #define obstack_chunk_alloc ck_malloc
- #define obstack_chunk_free free
-
-+/* MAX_PATH is not defined in some platforms, most notably GNU/Hurd.
-+ In that case we define it here to some constant. Note however that
-+ this relies in the fact that sed does reallocation if a buffer
-+ needs to be larger than PATH_MAX. */
-+#ifndef PATH_MAX
-+# define PATH_MAX 200
-+#endif
-
- /* handle misdesigned <ctype.h> macros (snarfed from lib/regex.c) */
- /* Jim Meyering writes:
-
diff --git a/gnu/packages/patches/tar-CVE-2016-6321.patch b/gnu/packages/patches/tar-CVE-2016-6321.patch
new file mode 100644
index 0000000000..b79be9bc94
--- /dev/null
+++ b/gnu/packages/patches/tar-CVE-2016-6321.patch
@@ -0,0 +1,51 @@
+Fix CVE-2016-6321:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321
+https://security-tracker.debian.org/tracker/CVE-2016-6321
+
+Patch adapted from upstream source repository (the changes to 'NEWS'
+don't apply to the Tar 1.29 release tarball).
+
+http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
+
+From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
+Date: Sat, 29 Oct 2016 21:04:40 -0700
+Subject: [PATCH] When extracting, skip ".." members
+
+* NEWS: Document this.
+* src/extract.c (extract_archive): Skip members whose names
+contain "..".
+---
+ NEWS | 8 +++++++-
+ src/extract.c | 8 ++++++++
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/src/extract.c b/src/extract.c
+index f982433..7904148 100644
+--- a/src/extract.c
++++ b/src/extract.c
+@@ -1629,12 +1629,20 @@ extract_archive (void)
+ {
+ char typeflag;
+ tar_extractor_t fun;
++ bool skip_dotdot_name;
+
+ fatal_exit_hook = extract_finish;
+
+ set_next_block_after (current_header);
+
++ skip_dotdot_name = (!absolute_names_option
++ && contains_dot_dot (current_stat_info.orig_file_name));
++ if (skip_dotdot_name)
++ ERROR ((0, 0, _("%s: Member name contains '..'"),
++ quotearg_colon (current_stat_info.orig_file_name)));
++
+ if (!current_stat_info.file_name[0]
++ || skip_dotdot_name
+ || (interactive_option
+ && !confirm ("extract", current_stat_info.file_name)))
+ {
+--
+2.11.0
+
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index fe9157af12..9ca950b967 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -31,7 +31,7 @@
(define-public pcre
(package
(name "pcre")
- (version "8.38")
+ (version "8.40")
(source (origin
(method url-fetch)
(uri (list
@@ -42,8 +42,7 @@
version "/pcre-" version ".tar.bz2")))
(sha256
(base32
- "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r"))
- (patches (list (search-patch "pcre-CVE-2016-3191.patch")))))
+ "1x7lpjn7jhk0n3sdvggxrlrhab8kkfjwl7qix0ypw9nlx8lpmqh0"))))
(build-system gnu-build-system)
(outputs '("out" ;library & headers
"bin" ;depends on Readline (adds 20MiB to the closure)
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 2ea48e5999..d449b72eef 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -481,7 +481,6 @@ extracting content or merging files.")
(define-public mupdf
(package
(name "mupdf")
- (replacement mupdf/fixed)
(version "1.10a")
(source
(origin
@@ -491,7 +490,9 @@ extracting content or merging files.")
(sha256
(base32
"0dm8wcs8i29aibzkqkrn8kcnk4q0kd1v66pg48h5c3qqp4v1zk5a"))
- (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"))
+ (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
+ "mupdf-mujs-CVE-2016-10132.patch"
+ "mupdf-mujs-CVE-2016-10133.patch"))
(modules '((guix build utils)))
(snippet
;; Delete all the bundled libraries except for mujs, which is
@@ -540,18 +541,6 @@ line tools for batch rendering (pdfdraw), rewriting files (pdfclean),
and examining the file structure (pdfshow).")
(license license:agpl3+)))
-(define mupdf/fixed
- (package
- (inherit mupdf)
- (source
- (origin
- (inherit (package-source mupdf))
- (patches
- (append
- (origin-patches (package-source mupdf))
- (search-patches "mupdf-mujs-CVE-2016-10132.patch"
- "mupdf-mujs-CVE-2016-10133.patch")))))))
-
(define-public qpdf
(package
(name "qpdf")
diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm
index a84ff43d77..16b098517a 100644
--- a/gnu/packages/php.scm
+++ b/gnu/packages/php.scm
@@ -309,7 +309,7 @@
("pcre" ,pcre)
("postgresql" ,postgresql)
("readline" ,readline)
- ("sqlite" ,sqlite-3.15.1)
+ ("sqlite" ,sqlite)
("tidy" ,tidy)
("zip" ,zip)
("zlib" ,zlib)))
diff --git a/gnu/packages/pkg-config.scm b/gnu/packages/pkg-config.scm
index d7cc454e03..01069d27a5 100644
--- a/gnu/packages/pkg-config.scm
+++ b/gnu/packages/pkg-config.scm
@@ -30,7 +30,7 @@
(define-public %pkg-config
(package
(name "pkg-config")
- (version "0.29")
+ (version "0.29.1")
(source (origin
(method url-fetch)
(uri (list
@@ -46,14 +46,14 @@
version ".tar.gz")))
(sha256
(base32
- "0sq09a39wj4cxf8l2jvkq067g08ywfma4v6nhprnf351s82pfl68"))))
+ "00dh1jn8rbppmgbhhgqhmbh3c58b0gccy39rsjdlcma50sg3rd5y"))))
(build-system gnu-build-system)
(arguments `(#:configure-flags '("--with-internal-glib")))
(native-search-paths
(list (search-path-specification
(variable "PKG_CONFIG_PATH")
(files '("lib/pkgconfig" "lib64/pkgconfig" "share/pkgconfig")))))
- (home-page "http://www.freedesktop.org/wiki/Software/pkg-config")
+ (home-page "https://www.freedesktop.org/wiki/Software/pkg-config")
(license gpl2+)
(synopsis "Helper tool used when compiling applications and libraries")
(description
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index d53eea1893..b93ab5ee78 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -168,6 +168,7 @@
(list "--enable-shared" ;allow embedding
"--with-system-ffi" ;build ctypes
"--with-ensurepip=install" ;install pip and setuptools
+ "--enable-unicode=ucs4"
(string-append "LDFLAGS=-Wl,-rpath="
(assoc-ref %outputs "out") "/lib"))
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 4ed1f4696b..d4a7d8090f 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -217,7 +217,6 @@ written by Paul Haahr and Byron Rakitzis.")
(define-public tcsh
(package
(name "tcsh")
- (replacement tcsh/fixed)
(version "6.18.01")
(source (origin
(method url-fetch)
@@ -230,7 +229,8 @@ written by Paul Haahr and Byron Rakitzis.")
(base32
"1a4z9kwgx1iqqzvv64si34m60gj34p7lp6rrcrb59s7ka5wa476q"))
(patches (search-patches "tcsh-fix-autotest.patch"
- "tcsh-do-not-define-BSDWAIT.patch"))
+ "tcsh-do-not-define-BSDWAIT.patch"
+ "tcsh-fix-out-of-bounds-read.patch"))
(patch-flags '("-p0"))))
(build-system gnu-build-system)
(inputs
@@ -275,15 +275,6 @@ command-line editor, programmable word completion, spelling correction, a
history mechanism, job control and a C-like syntax.")
(license bsd-4)))
-(define tcsh/fixed
- (package
- (inherit tcsh)
- (name "tcsh")
- (source (origin
- (inherit (package-source tcsh))
- (patches (cons (search-patch "tcsh-fix-out-of-bounds-read.patch")
- (origin-patches (package-source tcsh))))))))
-
(define-public zsh
(package
(name "zsh")
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 9d1d9cc0a9..c48e3e6f90 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -85,7 +85,7 @@ remote applications.")
(define-public libssh2
(package
(name "libssh2")
- (version "1.7.0")
+ (version "1.8.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -93,7 +93,7 @@ remote applications.")
version ".tar.gz"))
(sha256
(base32
- "116mh112w48vv9k3f15ggp5kxw5sj4b88dzb5j69llsh7ba1ymp4"))))
+ "1m3n8spv79qhjq4yi0wgly5s5rc8783jb1pyra9bkx1md0plxwrr"))))
(build-system gnu-build-system)
;; The installed libssh2.pc file does not include paths to libgcrypt and
;; zlib libraries, so we need to propagate the inputs.
diff --git a/gnu/packages/tcl.scm b/gnu/packages/tcl.scm
index 4cd94299df..f9a23c3230 100644
--- a/gnu/packages/tcl.scm
+++ b/gnu/packages/tcl.scm
@@ -37,14 +37,14 @@
(define-public tcl
(package
(name "tcl")
- (version "8.6.4")
+ (version "8.6.6")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/tcl/Tcl/"
version "/tcl" version "-src.tar.gz"))
(sha256
(base32
- "13cwa4bc85ylf5gfj9vk182lvgy60qni3f7gbxghq78wk16djvly"))
+ "01zypqhy57wvh1ikk28bg733sk5kf4q568pq9v6fvcz4h6bl0rd2"))
(patches (search-patches "tcl-mkindex-deterministic.patch"))))
(build-system gnu-build-system)
(arguments
@@ -135,14 +135,14 @@ X11 GUIs.")
(define-public tk
(package
(name "tk")
- (version "8.6.4")
+ (version "8.6.6")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/tcl/Tcl/"
version "/tk" version "-src.tar.gz"))
(sha256
(base32
- "1h96vp15zl5xz0d4qp6wjyrchqmrmdm3q5k22wkw9jaxbvw9vy88"))
+ "17diivcfcwdhp4v5zi6j9nkxncccjqkivhp363c4wx5lf4d3fb6n"))
(patches (search-patches "tk-find-library.patch"))))
(build-system gnu-build-system)
(arguments
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 5253381830..84865a31cf 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -140,8 +140,7 @@ living in the same process.")
(define-public gnutls
(package
(name "gnutls")
- (version "3.5.4")
- (replacement gnutls-3.5.8)
+ (version "3.5.8")
(source (origin
(method url-fetch)
(uri
@@ -152,7 +151,7 @@ living in the same process.")
"/gnutls-" version ".tar.xz"))
(sha256
(base32
- "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))
+ "1zyl2z63s68hx1dpxqx0lykmlf3rwrzlrf44sq3h7dvjmr1z55qf"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
@@ -214,32 +213,18 @@ required structures.")
(properties '((ftp-server . "ftp.gnutls.org")
(ftp-directory . "/gcrypt/gnutls")))))
-(define gnutls-3.5.8 ;fixes GNUTLS-SA-2017-{1,2}
- (package
- (inherit gnutls)
- (version "3.5.8")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnupg/gnutls/v"
- (version-major+minor version)
- "/gnutls-" version ".tar.xz"))
- (sha256
- (base32
- "1zyl2z63s68hx1dpxqx0lykmlf3rwrzlrf44sq3h7dvjmr1z55qf"))))
- (replacement #f)))
-
(define-public gnutls/guile-2.2
;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5.
(package
- (inherit gnutls-3.5.8)
+ (inherit gnutls)
(name "guile2.2-gnutls")
(arguments
;; Remove '--with-guile-site-dir=…/2.0'.
- (substitute-keyword-arguments (package-arguments gnutls-3.5.8)
+ (substitute-keyword-arguments (package-arguments gnutls)
((#:configure-flags flags)
`(cdr ,flags))))
(inputs `(("guile" ,guile-next)
- ,@(alist-delete "guile" (package-inputs gnutls-3.5.8))))))
+ ,@(alist-delete "guile" (package-inputs gnutls))))))
(define-public openssl
(package
@@ -325,7 +310,6 @@ required structures.")
(lib (string-append out "/lib"))
(static (assoc-ref outputs "static"))
(slib (string-append static "/lib")))
- (mkdir-p slib)
(for-each (lambda (file)
(install-file file slib)
(delete-file file))
@@ -352,7 +336,7 @@ required structures.")
(let ((bash (assoc-ref (or native-inputs inputs) "bash")))
(substitute* (find-files "test" ".*")
(("/bin/sh")
- (string-append bash "/bin/bash"))
+ (string-append bash "/bin/sh"))
(("/bin/rm")
"rm"))
#t)))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 03ae398bd2..49f95ef9b8 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -297,10 +297,10 @@ as well as the classic centralized workflow.")
(native-search-paths
;; For HTTPS access, Git needs a single-file certificate bundle, specified
;; with $GIT_SSL_CAINFO.
- ;; FIXME: This variable designates a single file; it is not a search path.
(list (search-path-specification
(variable "GIT_SSL_CAINFO")
(file-type 'regular)
+ (separator #f) ;single entry
(files '("etc/ssl/certs/ca-certificates.crt")))))
(synopsis "Distributed version control system")
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 32b658489c..b759b33420 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -8,7 +8,7 @@
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com>
;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
@@ -74,12 +74,13 @@ things the parser might find in the XML document (like start tags).")
(define-public libxml2
(package
(name "libxml2")
- (replacement libxml2/fixed)
(version "2.9.4")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
version ".tar.gz"))
+ (patches (search-patches "libxml2-CVE-2016-4658.patch"
+ "libxml2-CVE-2016-5131.patch"))
(sha256
(base32
"0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz"))))
@@ -102,19 +103,9 @@ things the parser might find in the XML document (like start tags).")
project (but it is usable outside of the Gnome platform).")
(license license:x11)))
-(define libxml2/fixed
- (package
- (inherit libxml2)
- (source
- (origin
- (inherit (package-source libxml2))
- (patches (search-patches "libxml2-CVE-2016-4658.patch"
- "libxml2-CVE-2016-5131.patch"))))))
-
(define-public python-libxml2
(package (inherit libxml2)
(name "python-libxml2")
- (replacement #f)
(build-system python-build-system)
(arguments
`(;; XXX: Tests are specified in 'Makefile.am', but not in 'setup.py'.
@@ -144,12 +135,12 @@ project (but it is usable outside of the Gnome platform).")
(define-public libxslt
(package
(name "libxslt")
- (replacement libxslt/fixed)
(version "1.1.29")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
version ".tar.gz"))
+ (patches (search-patches "libxslt-CVE-2016-4738.patch"))
(sha256
(base32
"1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))
@@ -166,14 +157,6 @@ project (but it is usable outside of the Gnome platform).")
based on libxml for XML parsing, tree manipulation and XPath support.")
(license license:x11)))
-(define libxslt/fixed
- (package
- (inherit libxslt)
- (name "libxslt")
- (source (origin
- (inherit (package-source libxslt))
- (patches (search-patches "libxslt-CVE-2016-4738.patch"))))))
-
(define-public perl-graph-readwrite
(package
(name "perl-graph-readwrite")
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 97df44cebf..f9719c77fb 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -3755,7 +3755,7 @@ extension to the X11 protocol. It includes:
(define-public xkeyboard-config
(package
(name "xkeyboard-config")
- (version "2.18")
+ (version "2.19")
(source
(origin
(method url-fetch)
@@ -3765,7 +3765,7 @@ extension to the X11 protocol. It includes:
".tar.bz2"))
(sha256
(base32
- "1l6x2w357ja8vm94ns79s7yj9a5dlr01r9dxrjvzwncadiyr27f4"))))
+ "09sqyi430bbg13pp8j0j60p9p9xn2lpqx38xw1lyv77bp63d3pw3"))))
(build-system gnu-build-system)
(inputs
`(("gettext" ,gettext-minimal)
@@ -4675,7 +4675,7 @@ script around the mkfontscale program.")
(define-public xproto
(package
(name "xproto")
- (version "7.0.29")
+ (version "7.0.31")
(source
(origin
(method url-fetch)
@@ -4685,7 +4685,7 @@ script around the mkfontscale program.")
".tar.bz2"))
(sha256
(base32
- "12lzpa9mrzkyrhrphzpi1014np3328qg7mdq08wj6wyaj9q4f6kc"))))
+ "0ivpxz0rx2a7nahkpkhfgymz7j0pwzaqvyqpdgw9afmxl1yp9yf6"))))
(build-system gnu-build-system)
(propagated-inputs
`(("util-macros" ,util-macros))) ; to get util-macros in (almost?) all package inputs