aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-12-10 23:03:57 -0500
committerMark H Weaver <mhw@netris.org>2016-12-10 23:03:57 -0500
commitd94691e0c21440657ad198b03145743d4a876829 (patch)
tree20dd105c352c117244eed15f6ffcc3ea3ba43b00
parent72c0b687800a617b891565f5a85bb06c1e1ba015 (diff)
parentedd1652e0a66c7d0713c810c1e3711840d5ab8bc (diff)
downloadpatches-d94691e0c21440657ad198b03145743d4a876829.tar
patches-d94691e0c21440657ad198b03145743d4a876829.tar.gz
Merge branch 'master' into staging
-rw-r--r--doc/guix.texi6
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/packages/bioinformatics.scm11
-rw-r--r--gnu/packages/gnustep.scm8
-rw-r--r--gnu/packages/gnuzilla.scm10
-rw-r--r--gnu/packages/haskell.scm213
-rw-r--r--gnu/packages/image.scm17
-rw-r--r--gnu/packages/libevent.scm4
-rw-r--r--gnu/packages/linux.scm72
-rw-r--r--gnu/packages/maths.scm4
-rw-r--r--gnu/packages/music.scm68
-rw-r--r--gnu/packages/ocaml.scm70
-rw-r--r--gnu/packages/password-utils.scm4
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2015-6581.patch47
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch245
-rw-r--r--gnu/packages/tls.scm45
-rw-r--r--gnu/packages/video.scm4
-rw-r--r--gnu/packages/web.scm4
-rw-r--r--guix/scripts/offload.scm38
19 files changed, 726 insertions, 146 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 71de73b953..0cb1bc7665 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1005,6 +1005,12 @@ command line:
# guix offload test machines-qualif.scm
@end example
+Last, you can test the subset of the machines whose name matches a
+regular expression like this:
+
+@example
+# guix offload test machines.scm '\.gnu\.org$'
+@end example
@node Invoking guix-daemon
@section Invoking @command{guix-daemon}
diff --git a/gnu/local.mk b/gnu/local.mk
index f8202e2e72..c6cb55b06f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -747,9 +747,9 @@ dist_patch_DATA = \
%D%/packages/patches/ola-readdir-r.patch \
%D%/packages/patches/onionshare-fix-install-paths.patch \
%D%/packages/patches/openexr-missing-samples.patch \
- %D%/packages/patches/openjpeg-CVE-2015-6581.patch \
%D%/packages/patches/openjpeg-CVE-2016-5157.patch \
%D%/packages/patches/openjpeg-CVE-2016-7163.patch \
+ %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch \
%D%/packages/patches/openjpeg-use-after-free-fix.patch \
%D%/packages/patches/openocd-nrf52.patch \
%D%/packages/patches/openssh-memory-exhaustion.patch \
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 625935dfd7..9ab55fb965 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -5629,7 +5629,7 @@ track. The database is exposed as a @code{TxDb} object.")
(define-public vsearch
(package
(name "vsearch")
- (version "2.3.3")
+ (version "2.3.4")
(source
(origin
(method url-fetch)
@@ -5639,7 +5639,7 @@ track. The database is exposed as a @code{TxDb} object.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "1d3670apjy15c9l40fpq71lifxga6j9z2gisdirycwk18s4mvcp2"))
+ "1xyraxmhyx62mxx8z7c8waygvcijwkh48ms1ar60w2cv2y2sn4al"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -5699,15 +5699,16 @@ Needleman-Wunsch).")
(define-public pardre
(package
(name "pardre")
- (version "1.1.5")
+ ;; The source of 1.1.5 changed in place, so we append "-1" to the version.
+ (version "1.1.5-1")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/pardre/ParDRe-rel"
- version ".tar.gz"))
+ "1.1.5" ".tar.gz"))
(sha256
(base32
- "0zkyjzv4s8q2h5npalhirbk17r5b1h0n2a42mh7njzlf047h9bhy"))))
+ "17j73nc0viq4f6qj50nrndsrif5d6b71q8fl87m54psiv0ilns2b"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; no tests included
diff --git a/gnu/packages/gnustep.scm b/gnu/packages/gnustep.scm
index 6c365cbbc4..8f72bb3253 100644
--- a/gnu/packages/gnustep.scm
+++ b/gnu/packages/gnustep.scm
@@ -60,7 +60,13 @@
(string-append "\"" bin "/wmaker.inst")))
(substitute* '("src/defaults.c" "WPrefs.app/Menu.c")
(("\"wmsetbg")
- (string-append "\"" bin "/wmsetbg")))))
+ (string-append "\"" bin "/wmsetbg")))
+ ;; Add enough cells to the command character array to
+ ;; allow passing our large path to the wmsetbg binary.
+ ;; The path to wmsetbg in Guix requires 67 extra characters.
+ (substitute* "src/defaults.c"
+ (("len = strlen\\(text\\) \\+ 40;")
+ (string-append "len = strlen(text) + 107;")))))
(alist-cons-after
'install 'wrap
(lambda* (#:key outputs #:allow-other-keys)
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index f63e950f29..5f7e45183b 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -337,7 +337,15 @@ standards.")
(mozilla-patch "icecat-bug-1279202.patch" "e560997291af" "1hn35slasfcj3ryka4fsarx4l9r99z0iwj67fmbv6zxz4z133kks")
(mozilla-patch "icecat-bug-1320039.patch" "21c615b65048" "0ibgsxa36x9ajn2jqbhxxvrfvj6x6iyspsmzzn4brdz11n93skhr")
(mozilla-patch "icecat-bug-1320057.patch" "c15e5afc0430" "17gj32agqs94548z8lvz0l6zz3kbwajn8as0y4iw5nb6jsll4c66")
- (mozilla-patch "icecat-bug-1163212.patch" "46163fb1cb34" "1yikayczfgfla3aka0159apq3149d52sgvlca0sivx4myd0lvjm7")))
+ (mozilla-patch "icecat-bug-1163212.patch" "46163fb1cb34" "1yikayczfgfla3aka0159apq3149d52sgvlca0sivx4myd0lvjm7")
+ (mozilla-patch "icecat-bug-1317805.patch" "cde2a37100f5" "100abggnhwyw84almxrkxqfpyfkd4pqkcrh5y9g4d3jd2h16asvl")
+ (mozilla-patch "icecat-bug-1298773-pt1.patch" "9b78ab1e6d07" "19ib6bp96xk000ll40b8qxvizkncyzclz2rsb9w5fa42qs9978ff")
+ (mozilla-patch "icecat-bug-1298773-pt2.patch" "78ebf9c9dfb0" "1shgr4rk6r2zxr1qqk1j3qnnqzqxnbi093qhlrfh8q5q1ivqf6k1")
+ (mozilla-patch "icecat-bug-1299098.patch" "a46a9f16823c" "0dwkyz3kcqnfcbhbfh2lss7s0yh87rgzb871qxx3x4ynyqph9mnz")
+ (mozilla-patch "icecat-bug-1311687.patch" "6bc7cc7a33a6" "1wggcqv84n8mp7xps7hy4rwy61fkh45imfqzc0b46s3w5hyhypn2")
+ (mozilla-patch "icecat-bug-1287912.patch" "778f65148b40" "0j2a153sk0654vv2lnxjib4lwml3mlqn6vs46c2pp82iba8nyfrm")
+ (mozilla-patch "icecat-bug-1312272.patch" "94bd2b43c766" "10h0qpr6m9cqyqxxnkbb6mzb3cagavzlynkxgd7a4izyq1bv28rk")
+ (mozilla-patch "icecat-bug-1315631.patch" "893de7431d51" "11gyik8mwipl6ipypkvdq519pw7ccbg0g0bnvxb7271n44cqqcq5")))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index 7a7d6bab87..8e5927a00b 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -7,6 +7,7 @@
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016 David Craven <david@craven.ch>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -2315,36 +2316,34 @@ the parsers provided by @code{parsec}, @code{attoparsec} and @code{base}'s
(define-public ghc-trifecta
(package
(name "ghc-trifecta")
- (version "1.5.2")
- (source
- (origin
- (method url-fetch)
- (uri (string-append
- "https://hackage.haskell.org/package/trifecta/trifecta-"
- version
- ".tar.gz"))
- (sha256
- (base32
- "0fjhnsbafl3yw34pyhcsvrqy6a2mnhyqys6gna3rrlygs8ck7hpb"))))
+ (version "1.6")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://hackage.haskell.org/package/trifecta/"
+ "trifecta-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0rbhv9m17k7l1zr70i0yw5da0qjgxmfh1da8brj0zdzwjn9ac0mk"))))
(build-system haskell-build-system)
- (arguments `(#:tests? #f)) ; FIXME: Test fails with "cannot satisfy
- ; -package ansi-terminal-0.6.2.3"
(inputs
- `(("ghc-charset" ,ghc-charset)
- ("ghc-comonad" ,ghc-comonad)
- ("ghc-lens" ,ghc-lens)
- ("ghc-profunctors" ,ghc-profunctors)
- ("ghc-reducers" ,ghc-reducers)
+ `(("ghc-reducers" ,ghc-reducers)
("ghc-semigroups" ,ghc-semigroups)
("ghc-ansi-wl-pprint" ,ghc-ansi-wl-pprint)
("ghc-ansi-terminal" ,ghc-ansi-terminal)
("ghc-blaze-builder" ,ghc-blaze-builder)
("ghc-blaze-html" ,ghc-blaze-html)
("ghc-blaze-markup" ,ghc-blaze-markup)
+ ("ghc-charset" ,ghc-charset)
+ ("ghc-comonad" ,ghc-comonad)
+ ("ghc-doctest" ,ghc-doctest)
("ghc-fingertree" ,ghc-fingertree)
("ghc-hashable" ,ghc-hashable)
+ ("ghc-lens" ,ghc-lens)
("ghc-mtl" ,ghc-mtl)
("ghc-parsers" ,ghc-parsers)
+ ("ghc-profunctors" ,ghc-profunctors)
+ ("ghc-quickcheck" ,ghc-quickcheck)
("ghc-unordered-containers" ,ghc-unordered-containers)
("ghc-utf8-string" ,ghc-utf8-string)))
(home-page "https://github.com/ekmett/trifecta/")
@@ -6671,34 +6670,47 @@ constant-time:
(license license:bsd-3)))
(define-public idris
+ ;; TODO: IDRIS_LIBRARY_PATH only accepts a single path and not a colon
+ ;; separated list.
+ ;; TODO: When installing idris the location of the standard libraries
+ ;; cannot be specified.
+ ;; NOTE: Creating an idris build system:
+ ;; Idris packages can be packaged and installed using a trivial
+ ;; build system.
+ ;; (zero? (system* (string-append idris "/bin/idris")
+ ;; "--ibcsubdir"
+ ;; (string-append out "/idris/libs/lightyear")
+ ;; "--install" "lightyear.ipkg")
+ ;; (native-search-paths
+ ;; (list (search-path-specification
+ ;; (variable "IDRIS_LIBRARY_PATH")
+ ;; (files '("idris/libs")))))
(package
(name "idris")
- (version "0.9.19.1")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://hackage.haskell.org/package/idris-"
- version "/idris-" version ".tar.gz"))
- (sha256
- (base32
- "10641svdsjlxbxmbvylpia04cz5nn9486lpiay8ibqcrc1792qgc"))
- (modules '((guix build utils)))
- (snippet
- '(substitute* "idris.cabal"
- ;; Package description file has a too-tight version restriction,
- ;; rendering it incompatible with GHC 7.10.2. This is fixed
- ;; upstream. See
- ;; <https://github.com/idris-lang/Idris-dev/issues/2734>.
- (("vector < 0.11") "vector < 0.12")))))
+ (version "0.12.3")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://hackage.haskell.org/package/"
+ "idris-" version "/idris-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1ijrbgzaahw9aagn4al55nqcggrg9ajlrkq2fjc1saq3xdd3v7rs"))))
(build-system haskell-build-system)
(arguments
- `(#:phases (modify-phases %standard-phases
- (add-before 'configure 'patch-cc-command
- (lambda _
- (setenv "CC" "gcc"))))))
+ `(;; FIXME: runhaskell Setup.hs test doesn't set paths required by test
+ ;; suite.
+ #:tests? #f
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'configure 'patch-cc-command
+ (lambda _
+ (setenv "CC" "gcc"))))))
(inputs
`(("gmp" ,gmp)
("ncurses" ,ncurses)
+ ("ghc-aeson" ,ghc-aeson)
+ ("ghc-async" ,ghc-async)
("ghc-annotated-wl-pprint" ,ghc-annotated-wl-pprint)
("ghc-ansi-terminal" ,ghc-ansi-terminal)
("ghc-ansi-wl-pprint" ,ghc-ansi-wl-pprint)
@@ -6707,12 +6719,19 @@ constant-time:
("ghc-blaze-markup" ,ghc-blaze-markup)
("ghc-cheapskate" ,ghc-cheapskate)
("ghc-fingertree" ,ghc-fingertree)
+ ("ghc-fsnotify" ,ghc-fsnotify)
+ ("ghc-ieee754" ,ghc-ieee754)
("ghc-mtl" ,ghc-mtl)
("ghc-network" ,ghc-network)
("ghc-optparse-applicative" ,ghc-optparse-applicative)
("ghc-parsers" ,ghc-parsers)
+ ("ghc-regex-tdfa" ,ghc-regex-tdfa)
("ghc-safe" ,ghc-safe)
("ghc-split" ,ghc-split)
+ ("ghc-tasty" ,ghc-tasty)
+ ("ghc-tasty-golden" ,ghc-tasty-golden)
+ ("ghc-tasty-rerun" ,ghc-tasty-rerun)
+ ("ghc-terminal-size" ,ghc-terminal-size)
("ghc-text" ,ghc-text)
("ghc-trifecta" ,ghc-trifecta)
("ghc-uniplate" ,ghc-uniplate)
@@ -7994,4 +8013,120 @@ helper functions for Lists, Maybes, Tuples, Functions.")
3D plots using gnuplot.")
(license license:bsd-3)))
+(define-public ghc-hinotify
+ (package
+ (name "ghc-hinotify")
+ (version "0.3.8.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://hackage.haskell.org/package/hinotify/"
+ "hinotify-" version ".tar.gz"))
+ (sha256
+ (base32
+ "03c1f4d7x805zdiq2w26kl09xrfjw19saycdkhnixzv2qcr6xm1p"))))
+ (build-system haskell-build-system)
+ (home-page "https://github.com/kolmodin/hinotify.git")
+ (synopsis "Haskell binding to inotify")
+ (description "This library provides a wrapper to the Linux kernel's inotify
+feature, allowing applications to subscribe to notifications when a file is
+accessed or modified.")
+ (license license:bsd-3)))
+
+(define-public ghc-fsnotify
+ (package
+ (name "ghc-fsnotify")
+ (version "0.2.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://hackage.haskell.org/package/fsnotify/"
+ "fsnotify-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0asl313a52qx2w6dw25g845683xsl840bwjh118nkwi5v1xipkzb"))))
+ (build-system haskell-build-system)
+ (inputs
+ `(("ghc-text" ,ghc-text)
+ ("ghc-async" ,ghc-async)
+ ("ghc-unix-compat" ,ghc-unix-compat)
+ ("ghc-hinotify" ,ghc-hinotify)
+ ("ghc-tasty" ,ghc-tasty)
+ ("ghc-tasty-hunit" ,ghc-tasty-hunit)
+ ("ghc-temporary-rc" ,ghc-temporary-rc)))
+ (home-page "https://github.com/haskell-fswatch/hfsnotify")
+ (synopsis "Cross platform library for file change notification.")
+ (description "Cross platform library for file creation, modification, and
+deletion notification. This library builds upon existing libraries for platform
+specific Windows, Mac, and Linux filesystem event notification.")
+ (license license:bsd-3)))
+
+(define-public ghc-tasty-rerun
+ (package
+ (name "ghc-tasty-rerun")
+ (version "1.1.6")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://hackage.haskell.org/package/tasty-rerun/"
+ "tasty-rerun-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0ycxg7whabgcxyzy6gr536x8ykzx45whh1wrbsc7c58zi862fczd"))))
+ (build-system haskell-build-system)
+ (inputs
+ `(("ghc-mtl" ,ghc-mtl)
+ ("ghc-optparse-applicative" ,ghc-optparse-applicative)
+ ("ghc-reducers" ,ghc-reducers)
+ ("ghc-split" ,ghc-split)
+ ("ghc-stm" ,ghc-stm)
+ ("ghc-tagged" ,ghc-tagged)
+ ("ghc-tasty" ,ghc-tasty)))
+ (home-page "http://github.com/ocharles/tasty-rerun")
+ (synopsis "Run tests by filtering the test tree")
+ (description "This package adds the ability to run tests by filtering the
+test tree based on the result of a previous test run. You can use this to run
+only those tests that failed in the last run, or to only run the tests that have
+been added since previous test run.")
+ (license license:bsd-3)))
+
+(define-public ghc-ieee754
+ (package
+ (name "ghc-ieee754")
+ (version "0.7.8")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://hackage.haskell.org/package/ieee754/"
+ "ieee754-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1zvfnnd5nm5kgr60214cdyks0kqdqyzpwk5sdh0s60yr8b7fyjny"))))
+ (build-system haskell-build-system)
+ (home-page "http://github.com/patperry/hs-ieee754")
+ (synopsis "Utilities for dealing with IEEE floating point numbers")
+ (description "Utilities for dealing with IEEE floating point numbers,
+ported from the Tango math library; approximate and exact equality comparisons
+for general types.")
+ (license license:bsd-3)))
+
+(define-public ghc-terminal-size
+ (package
+ (name "ghc-terminal-size")
+ (version "0.3.2.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://hackage.haskell.org/package/terminal-size/"
+ "terminal-size-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0n4nvj3dbj9gxfnprgish45asn9z4dipv9j98s8i7g2n8yb3xhmm"))))
+ (build-system haskell-build-system)
+ (home-page "http://hackage.haskell.org/package/terminal-size")
+ (synopsis "Get terminal window height and width")
+ (description "Get terminal window height and width without ncurses
+dependency.")
+ (license license:bsd-3)))
+
;;; haskell.scm ends here
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 7bf330be30..9c8a3fcde6 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -425,6 +425,7 @@ work.")
(define-public openjpeg
(package
(name "openjpeg")
+ (replacement openjpeg/fixed)
(version "2.1.1")
(source
(origin
@@ -461,9 +462,21 @@ error-resilience, a Java-viewer for j2k-images, ...")
(home-page "https://github.com/uclouvain/openjpeg")
(license license:bsd-2)))
+(define openjpeg/fixed
+ (package
+ (inherit openjpeg)
+ (source
+ (origin
+ (inherit (package-source openjpeg))
+ (patches
+ (append
+ (origin-patches (package-source openjpeg))
+ (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch")))))))
+
(define-public openjpeg-1
(package (inherit openjpeg)
(name "openjpeg")
+ (replacement #f)
(version "1.5.2")
(source
(origin
@@ -860,14 +873,14 @@ convert, manipulate, filter and display a wide variety of image formats.")
(define-public jasper
(package
(name "jasper")
- (version "2.0.0")
+ (version "2.0.6")
(source (origin
(method url-fetch)
(uri (string-append "https://www.ece.uvic.ca/~frodo/jasper"
"/software/jasper-" version ".tar.gz"))
(sha256
(base32
- "1kg5yrdwgazhbczybyx4548m0ijssabcp8hl5l87w78z833vikks"))))
+ "0g6fl8rrbspa9vpswixmpxrg71l19kqgc2b5cak7vmwxphj01wbk"))))
(build-system cmake-build-system)
(inputs `(("libjpeg" ,libjpeg)))
(synopsis "JPEG-2000 library")
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index c9e57d6331..cb76915ef7 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -65,7 +65,7 @@ loop.")
(define-public libev
(package
(name "libev")
- (version "4.20")
+ (version "4.23")
(source (origin
(method url-fetch)
(uri (string-append "http://dist.schmorp.de/libev/Attic/libev-"
@@ -73,7 +73,7 @@ loop.")
".tar.gz"))
(sha256
(base32
- "17j47pbkr65a18mfvy2861p5k7w4pxmdgiw723ryfqd9gx636w7q"))))
+ "0ynxxm7giy4hg3qp9q8wshqw1jla9sxbsbi2pwsdsl1v1hz79zn7"))))
(build-system gnu-build-system)
(home-page "http://software.schmorp.de/pkg/libev.html")
(synopsis "Event loop loosely modelled after libevent")
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 3c24987aae..8f8bd32e1d 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -327,16 +327,52 @@ It has been modified to remove all non-free binary blobs.")
(define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
(define-public linux-libre
- (make-linux-libre "4.8.12"
- "1vhqpi5r219a9y1drc3pdzwjif8r974hbc0x9dk4w25c8bsr3cm1"
+ (make-linux-libre "4.8.13"
+ "1n1bhasqih8acag2glwaqsh76avpinvchvwg6g4q1pfm2vs1499x"
%intel-compatible-systems
- #:configuration-file kernel-config))
+ #:configuration-file kernel-config
+ #:patches
+ (list %boot-logo-patch
+ (origin
+ (method url-fetch)
+ (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=9bd018da073c1360c260d2e11e0da9b24911c4a8")
+ (file-name "linux-libre-4.8-CVE-2016-8655.patch")
+ (sha256
+ (base32
+ "1pq80vnwv01l0rj2g0r7i4rjnx3ll8iq4rpl6w3fmc77agdb3bpq")))
+ (origin
+ (method url-fetch)
+ (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=af8a38c78233a3356c626c1fabfc93c66094e6e8")
+ (file-name "linux-libre-4.8-iovec-fix.patch")
+ (sha256
+ (base32
+ "082a5dpkgsc0mjlzqc03d815xx8gdqk0s4glvi4y1b9vl8c4vmwy"))))))
(define-public linux-libre-4.4
- (make-linux-libre "4.4.36"
- "0cvax02jj9zyk818gi6fjgacxa5z89y03kxwclb8l7cr8mcbwcdf"
+ (make-linux-libre "4.4.37"
+ "1zw3hwpgxkxwplb81in5969vgbaamcwqarmxj3aq88yg6bqnh6b5"
%intel-compatible-systems
- #:configuration-file kernel-config))
+ #:configuration-file kernel-config
+ #:patches
+ (list %boot-logo-patch
+ (origin
+ (method url-fetch)
+ (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=668dc0c33815e4f9ec02989785658516d343bc31")
+ (file-name "linux-libre-4.4-CVE-2016-8655.patch")
+ (sha256
+ (base32
+ "1bzgj36y8v7gflq3dlhmbbvvn9098a4yk4pcpixdz5c5pm7wrdv3")))
+ (origin
+ (method url-fetch)
+ (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=82330dbfb463389f2b0214dbcc69b78cc8e6cf8f")
+ (file-name "linux-libre-4.4-iovec-fix.patch")
+ (sha256
+ (base32
+ "1mqmgiqjm4pf4b3jzknclmdjfaqqr4708gcdgzhn84brrcm5iz30"))))))
(define-public linux-libre-4.1
(make-linux-libre "4.1.36"
@@ -345,15 +381,33 @@ It has been modified to remove all non-free binary blobs.")
#:configuration-file kernel-config))
;; Avoid rebuilding kernel variants when there is a minor version bump.
-(define %linux-libre-version "4.8.12")
-(define %linux-libre-hash "1vhqpi5r219a9y1drc3pdzwjif8r974hbc0x9dk4w25c8bsr3cm1")
+(define %linux-libre-version "4.8.13")
+(define %linux-libre-hash "1n1bhasqih8acag2glwaqsh76avpinvchvwg6g4q1pfm2vs1499x")
(define-public linux-libre-arm-generic
(make-linux-libre %linux-libre-version
%linux-libre-hash
'("armhf-linux")
#:defconfig "multi_v7_defconfig"
- #:extra-version "arm-generic"))
+ #:extra-version "arm-generic"
+ #:patches
+ (list %boot-logo-patch
+ (origin
+ (method url-fetch)
+ (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=9bd018da073c1360c260d2e11e0da9b24911c4a8")
+ (file-name "linux-libre-4.8-CVE-2016-8655.patch")
+ (sha256
+ (base32
+ "1pq80vnwv01l0rj2g0r7i4rjnx3ll8iq4rpl6w3fmc77agdb3bpq")))
+ (origin
+ (method url-fetch)
+ (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=af8a38c78233a3356c626c1fabfc93c66094e6e8")
+ (file-name "linux-libre-4.8-iovec-fix.patch")
+ (sha256
+ (base32
+ "082a5dpkgsc0mjlzqc03d815xx8gdqk0s4glvi4y1b9vl8c4vmwy"))))))
;;;
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index fc98eae4f7..313f6acc2b 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -959,14 +959,14 @@ script files.")
(define-public gmsh
(package
(name "gmsh")
- (version "2.14.1")
+ (version "2.15.0")
(source
(origin
(method url-fetch)
(uri (string-append "http://gmsh.info/src/gmsh-"
version "-source.tgz"))
(sha256
- (base32 "1vsxp47j6srmy8kqb3p1z9pmlm42whhhz7r0vzpa2a86gga4zx17"))
+ (base32 "02h7fk4vv8qwnq3ymm409c5sp4nksd0m9h2vkxqmy42l0ic4nalr"))
(modules '((guix build utils)))
(snippet
;; Remove non-free METIS code
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 34beb09f44..116e8d4823 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -231,6 +231,74 @@ score, keyboard, guitar, drum and controller views.")
many input formats and provides a customisable Vi-style user interface.")
(license license:gpl2+)))
+(define-public denemo
+ (package
+ (name "denemo")
+ (version "2.0.14")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnu/denemo/denemo-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "1a7g38695g7jjypx25qp0dx0asrh72xwdj0mdhmb9pfyzlppq0wh"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (replace 'check
+ ;; Denemo's documentation says to use this command to run its
+ ;; testsuite.
+ (lambda _
+ (zero? (system* "make" "-C" "tests" "check"))))
+ (add-after 'install 'correct-filename
+ ;; "graft-derivation/shallow" from the (guix grafts) module runs in
+ ;; the C locale, expecting file names to be ASCII encoded. This
+ ;; phase renames a filename with a Unicode character in it to meet
+ ;; the aforementioned condition.
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out")))
+ (chdir (string-append
+ out
+ "/share/denemo/templates/instruments/woodwind"))
+ (rename-file "Clarinet in B♭.denemo"
+ "Clarinet in Bb.denemo"))
+ #t)))))
+ (native-inputs
+ `(("glib:bin", glib "bin") ; for gtester
+ ("pkg-config" ,pkg-config)))
+ (inputs
+ `(("alsa-lib" ,alsa-lib)
+ ("aubio" ,aubio)
+ ("evince" ,evince)
+ ("fftw" ,fftw)
+ ("fluidsynth" ,fluidsynth)
+ ("glib" ,glib)
+ ("gtk+" ,gtk+)
+ ("gtk-doc" ,gtk-doc)
+ ("gtksourceview" ,gtksourceview)
+ ("guile" ,guile-2.0)
+ ("intltool" ,intltool)
+ ("librsvg" ,librsvg)
+ ("libsndfile" ,libsndfile)
+ ("libtool" ,libtool)
+ ("libxml2" ,libxml2)
+ ("portaudio" ,portaudio)
+ ("portmidi" ,portmidi)
+ ("rubberband" ,rubberband)))
+ (propagated-inputs
+ `(("lilypond", lilypond)))
+ (synopsis "Graphical music notation, front-end to GNU Lilypond")
+ (description
+ "GNU Denemo is a music notation editor that provides a convenient
+interface to the powerful music engraving program Lilypond. Music can be
+typed in using the computer keyboard, played in using a MIDI keyboard, or
+even input via a microphone connected to the sound card. The final product
+is publication-quality music notation that is continuously generated in the
+background while you work.")
+ (home-page "http://www.denemo.org")
+ (license license:gpl3+)))
+
(define-public hydrogen
(package
(name "hydrogen")
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index f1b4bdbf6f..61d51074e7 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -329,14 +329,14 @@ written in Objective Caml.")
(define-public coq
(package
(name "coq")
- (version "8.4pl6")
+ (version "8.5pl2")
(source (origin
(method url-fetch)
(uri (string-append "https://coq.inria.fr/distrib/V" version
"/files/" name "-" version ".tar.gz"))
(sha256
(base32
- "1mpbj4yf36kpjg2v2sln12i8dzqn8rag6fd07hslj2lpm4qs4h55"))))
+ "0wyywia0darak2zmc5v0ra9rn0b9whwdfiahralm8v5za499s8w3"))))
(build-system gnu-build-system)
(native-inputs
`(("texlive" ,texlive)
@@ -348,24 +348,24 @@ written in Objective Caml.")
`(#:phases
(modify-phases %standard-phases
(replace 'configure
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (mandir (string-append out "/share/man"))
- (browser "icecat -remote \"OpenURL(%s,new-tab)\""))
- (zero? (system* "./configure"
- "--prefix" out
- "--mandir" mandir
- "--browser" browser)))))
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (mandir (string-append out "/share/man"))
+ (browser "icecat -remote \"OpenURL(%s,new-tab)\""))
+ (zero? (system* "./configure"
+ "-prefix" out
+ "-mandir" mandir
+ "-browser" browser)))))
(replace 'build
- (lambda _
- (zero? (system* "make" "-j" (number->string
- (parallel-job-count))
- "world"))))
+ (lambda _
+ (zero? (system* "make" "-j" (number->string
+ (parallel-job-count))
+ "world"))))
(delete 'check)
(add-after 'install 'check
- (lambda _
- (with-directory-excursion "test-suite"
- (zero? (system* "make"))))))))
+ (lambda _
+ (with-directory-excursion "test-suite"
+ (zero? (system* "make"))))))))
(home-page "https://coq.inria.fr")
(synopsis "Proof assistant for higher-order logic")
(description
@@ -454,6 +454,42 @@ assistant to write formal mathematical proofs using a variety of theorem
provers.")
(license gpl2+)))
+(define-public ocaml-menhir
+ (package
+ (name "ocaml-menhir")
+ (version "20161115")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "http://gallium.inria.fr/~fpottier/menhir/"
+ "menhir-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1j8nmcj2gq6hyyi16z27amiahplgrnk4ppchpm0v4qy80kwkf47k"))))
+ (build-system gnu-build-system)
+ (inputs
+ `(("ocaml" ,ocaml)))
+ (arguments
+ `(#:parallel-build? #f ; Parallel build causes failure
+ #:tests? #f ; No check target
+ #:phases
+ (modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (setenv "PREFIX" out))
+ #t)))))
+ (home-page "http://gallium.inria.fr/~fpottier/menhir")
+ (synopsis "Parser generator")
+ (description "Menhir is a parser generator. It turns high-level grammar
+specifications, decorated with semantic actions expressed in the OCaml
+programming language into parsers, again expressed in OCaml. It is based on
+Knuth’s LR(1) parser construction technique.")
+ ;; The file src/standard.mly and all files listed in src/mnehirLib.mlpack
+ ;; that have an *.ml or *.mli extension are GPL licensed. All other files
+ ;; are QPL licensed.
+ (license (list gpl2+ qpl))))
+
(define-public lablgtk
(package
(name "lablgtk")
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index cf030ecc82..8f6210880c 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -280,6 +280,7 @@ any X11 window.")
'(#:phases
(modify-phases %standard-phases
(delete 'configure)
+ (delete 'build)
(add-after 'install 'wrap-path
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))
@@ -290,6 +291,9 @@ any X11 window.")
(wrap-program (string-append out "/bin/pass")
`("PATH" ":" prefix (,(string-join path ":"))))))))
#:make-flags (list "CC=gcc" (string-append "PREFIX=" %output))
+ ;; Parallel tests may cause a race condition leading to a
+ ;; timeout in some circumstances.
+ #:parallel-tests? #f
#:test-target "test"))
(inputs
`(("getopt" ,util-linux)
diff --git a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
deleted file mode 100644
index 7ce03501f4..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Mon Sep 17 00:00:00 2001
-From: Matthieu Darbois <mayeut@users.noreply.github.com>
-Date: Tue, 19 May 2015 21:57:27 +0000
-Subject: [PATCH] [trunk] Correct potential double free on malloc failure in
- opj_j2k_copy_default_tcp_and_create_tcp (fixes issue 492)
-
----
- src/lib/openjp2/j2k.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 8c62a39..cbdd368 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -7365,6 +7365,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
- l_tcp->cod = 0;
- l_tcp->ppt = 0;
- l_tcp->ppt_data = 00;
-+ /* Remove memory not owned by this tile in case of early error return. */
-+ l_tcp->m_mct_decoding_matrix = 00;
-+ l_tcp->m_nb_max_mct_records = 0;
-+ l_tcp->m_mct_records = 00;
-+ l_tcp->m_nb_max_mcc_records = 0;
-+ l_tcp->m_mcc_records = 00;
- /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/
- l_tcp->tccps = l_current_tccp;
-
-@@ -7402,6 +7408,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
-
- ++l_src_mct_rec;
- ++l_dest_mct_rec;
-+ /* Update with each pass to free exactly what has been allocated on early return. */
-+ l_tcp->m_nb_max_mct_records += 1;
- }
-
- /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/
-@@ -7411,6 +7419,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
- return OPJ_FALSE;
- }
- memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size);
-+ l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records;
-
- /* Copy the mcc record data from dflt_tile_cp to the current tile*/
- l_src_mcc_rec = l_default_tcp->m_mcc_records;
---
-2.5.0
-
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch
new file mode 100644
index 0000000000..3f637fa88b
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch
@@ -0,0 +1,245 @@
+From cadff5fb6e73398de26a92e96d3d7cac893af255 Mon Sep 17 00:00:00 2001
+From: szukw000 <szukw000@arcor.de>
+Date: Fri, 9 Dec 2016 08:29:55 +0100
+Subject: [PATCH] These changes repair bugs of #871 and #872
+
+email from http://openwall.com/lists/oss-security/2016/12/09/4
+patch is against openjpeg-2.1.2, applies cleanly to 2.1.1.
+
+---
+ src/bin/jp2/converttif.c | 107 +++++++++++++++++++++++++++++++----------------
+ 1 file changed, 70 insertions(+), 37 deletions(-)
+
+diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
+index 143d3be..c690f8b 100644
+--- a/src/bin/jp2/converttif.c
++++ b/src/bin/jp2/converttif.c
+@@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len
+
+ int imagetotif(opj_image_t * image, const char *outfile)
+ {
+- int width, height;
+- int bps,adjust, sgnd;
+- int tiPhoto;
++ uint32 width, height, bps, tiPhoto;
++ int adjust, sgnd;
+ TIFF *tif;
+ tdata_t buf;
+- tsize_t strip_size;
++ tmsize_t strip_size, rowStride;
+ OPJ_UINT32 i, numcomps;
+- OPJ_SIZE_T rowStride;
+ OPJ_INT32* buffer32s = NULL;
+ OPJ_INT32 const* planes[4];
+ convert_32s_PXCX cvtPxToCx = NULL;
+ convert_32sXXx_C1R cvt32sToTif = NULL;
+
+- bps = (int)image->comps[0].prec;
++ bps = (uint32)image->comps[0].prec;
+ planes[0] = image->comps[0].data;
+
+ numcomps = image->numcomps;
+@@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile)
+ break;
+ }
+ sgnd = (int)image->comps[0].sgnd;
+- adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0;
+- width = (int)image->comps[0].w;
+- height = (int)image->comps[0].h;
++ adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0;
++ width = (uint32)image->comps[0].w;
++ height = (uint32)image->comps[0].h;
+
+ TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width);
+ TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height);
+- TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps);
++ TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps);
+ TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps);
+ TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT);
+ TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
+@@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile)
+ TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1);
+
+ strip_size = TIFFStripSize(tif);
+- rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U;
+- if (rowStride != (OPJ_SIZE_T)strip_size) {
++ rowStride = (width * numcomps * bps + 7U) / 8U;
++ if (rowStride != strip_size) {
+ fprintf(stderr, "Invalid TIFF strip size\n");
+ TIFFClose(tif);
+ return 1;
+@@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
+ TIFFClose(tif);
+ return 1;
+ }
+- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32));
++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32)));
+ if (buffer32s == NULL) {
+ _TIFFfree(buf);
+ TIFFClose(tif);
+@@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ TIFF *tif;
+ tdata_t buf;
+ tstrip_t strip;
+- tsize_t strip_size;
++ tmsize_t strip_size;
+ int j, currentPlane, numcomps = 0, w, h;
+ OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN;
+ opj_image_cmptparm_t cmptparm[4]; /* RGBA */
+ opj_image_t *image = NULL;
+ int has_alpha = 0;
+- unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC;
+- unsigned int tiWidth, tiHeight;
++ uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight;
+ OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz);
+ convert_XXx32s_C1R cvtTifTo32s = NULL;
+ convert_32s_CXPX cvtCxToPx = NULL;
+ OPJ_INT32* buffer32s = NULL;
+ OPJ_INT32* planes[4];
+- OPJ_SIZE_T rowStride;
++ tmsize_t rowStride;
+
+ tif = TIFFOpen(filename, "r");
+
+@@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp);
+ TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto);
+ TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC);
+- w= (int)tiWidth;
+- h= (int)tiHeight;
+-
+- if(tiBps > 16U) {
+- fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps);
+- fprintf(stderr,"\tAborting\n");
++
++ if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
++ fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n"
++ "\tAborting.\n", tiSpp);
++ TIFFClose(tif);
++ return NULL;
++ }
++ if(tiBps > 16U || tiBps == 0) {
++ fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n"
++ "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps);
+ TIFFClose(tif);
+ return NULL;
+ }
+ if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) {
+- fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
++ fprintf(stderr,"tiftoimage: Bad color format %d.\n"
++ "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
+ fprintf(stderr,"\tAborting\n");
+ TIFFClose(tif);
+ return NULL;
+ }
+-
++ if(tiWidth == 0 || tiHeight == 0) {
++ fprintf(stderr,"tiftoimage: Bad values for width(%u) "
++ "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight);
++ TIFFClose(tif);
++ return NULL;
++ }
++ w= (int)tiWidth;
++ h= (int)tiHeight;
++
+ switch (tiBps) {
+ case 1:
+ case 2:
+@@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+
+ TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES,
+ &extrasamples, &sampleinfo);
+-
++
+ if(extrasamples >= 1)
+ {
+ switch(sampleinfo[0])
+@@ -1333,7 +1343,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ else /* extrasamples == 0 */
+ if(tiSpp == 4 || tiSpp == 2) has_alpha = 1;
+ }
+-
++
+ /* initialize image components */
+ memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t));
+
+@@ -1346,7 +1356,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ } else {
+ is_cinema = 0U;
+ }
+-
++
+ if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */
+ {
+ numcomps = 3 + has_alpha;
+@@ -1384,10 +1394,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ image->x0 = (OPJ_UINT32)parameters->image_offset_x0;
+ image->y0 = (OPJ_UINT32)parameters->image_offset_y0;
+ image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 :
+- image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
++ image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
++ if(image->x1 <= image->x0) {
++ fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. "
++ "image->x0(%d)\n\tAborting.\n",image->x1,image->x0);
++ TIFFClose(tif);
++ opj_image_destroy(image);
++ return NULL;
++ }
+ image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 :
+- image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
+-
++ image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
++ if(image->y1 <= image->y0) {
++ fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. "
++ "image->y0(%d)\n\tAborting.\n",image->y1,image->y0);
++ TIFFClose(tif);
++ opj_image_destroy(image);
++ return NULL;
++ }
++
+ for(j = 0; j < numcomps; j++)
+ {
+ planes[j] = image->comps[j].data;
+@@ -1395,15 +1419,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1));
+
+ strip_size = TIFFStripSize(tif);
+-
++
+ buf = _TIFFmalloc(strip_size);
+ if (buf == NULL) {
+ TIFFClose(tif);
+ opj_image_destroy(image);
+ return NULL;
+ }
+- rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U;
+- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32));
++ rowStride = (w * tiSpp * tiBps + 7U) / 8U;
++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32)));
+ if (buffer32s == NULL) {
+ _TIFFfree(buf);
+ TIFFClose(tif);
+@@ -1421,11 +1445,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++)
+ {
+ const OPJ_UINT8 *dat8;
+- OPJ_SIZE_T ssize;
++ tmsize_t ssize;
+
+- ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size);
++ ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size);
++ if(ssize < 1 || ssize > strip_size) {
++ fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) "
++ "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size);
++ _TIFFfree(buf);
++ _TIFFfree(buffer32s);
++ TIFFClose(tif);
++ opj_image_destroy(image);
++ return NULL;
++ }
+ dat8 = (const OPJ_UINT8*)buf;
+-
++
+ while (ssize >= rowStride) {
+ cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp);
+ cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w);
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 854ba1cb47..f5ffe42b91 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -355,7 +355,7 @@ required structures.")
(package
(inherit openssl)
(name "openssl")
- (version "1.1.0b")
+ (version "1.1.0c")
(source (origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
@@ -366,7 +366,7 @@ required structures.")
(patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
(sha256
(base32
- "1xznrqvb1dbngv2k2nb6da6fdw00c01sy2i36yjdxr4vpxrf0pd4"))))
+ "1xfn5ydl14myd9wgxm4nxy5a42cpp1g12ijf3g9m4mz0l90n8hzw"))))
(outputs '("out"
"doc" ;1.3MiB of man3 pages
"static")) ; 5.5MiB of .a files
@@ -377,13 +377,42 @@ required structures.")
(delete 'patch-tests) ; These two phases are not needed by
(delete 'patch-Makefile.org) ; OpenSSL 1.1.0.
- (add-after 'configure 'patch-runpath
+ ;; Override configure phase since -rpath is now a configure option.
+ (replace 'configure
(lambda* (#:key outputs #:allow-other-keys)
- (let ((lib (string-append (assoc-ref outputs "out") "/lib")))
- (substitute* "Makefile.shared"
- (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}")
- (string-append "$${SHAREDCMD} $${SHAREDFLAGS}"
- " -Wl,-rpath," lib)))
+ (let* ((out (assoc-ref outputs "out"))
+ (lib (string-append out "/lib")))
+ (zero?
+ (system* "./config"
+ "shared" ;build shared libraries
+ "--libdir=lib"
+
+ ;; The default for this catch-all directory is
+ ;; PREFIX/ssl. Change that to something more
+ ;; conventional.
+ (string-append "--openssldir=" out
+ "/share/openssl-" ,version)
+
+ (string-append "--prefix=" out)
+ (string-append "-Wl,-rpath," lib)
+
+ ;; XXX FIXME: Work around a code generation bug in GCC
+ ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
+ ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
+ ,@(if (and (not (%current-target-system))
+ (string-prefix? "armhf" (%current-system)))
+ '("-mfpu=vfpv3")
+ '()))))))
+
+ ;; XXX: Duplicate this phase to make sure 'version' evaluates
+ ;; in the current scope and not the inherited one.
+ (replace 'remove-miscellany
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; The 'misc' directory contains random undocumented shell and Perl
+ ;; scripts. Remove them to avoid retaining a reference on Perl.
+ (let ((out (assoc-ref outputs "out")))
+ (delete-file-recursively (string-append out "/share/openssl-"
+ ,version "/misc"))
#t)))))))))
(define-public libressl
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index acacaea15d..446de429f3 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -610,14 +610,14 @@ audio/video codec library.")
(define-public ffmpeg-2.8
(package
(inherit ffmpeg)
- (version "2.8.8")
+ (version "2.8.9")
(source (origin
(method url-fetch)
(uri (string-append "https://ffmpeg.org/releases/ffmpeg-"
version ".tar.xz"))
(sha256
(base32
- "1691bmq8j56rcys09xwvzjq16z25m8vczj5a50gdn7ydm9qjykpr"))))
+ "1s3011q7sxyb55n3r8aiv7xh53bwxjdxa83s2ilqhq5rygrrgg8i"))))
(arguments
(substitute-keyword-arguments (package-arguments ffmpeg)
((#:configure-flags flags)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 81676386a0..3fa70980d7 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -523,7 +523,7 @@ for efficient socket-like bidirectional reliable communication channels.")
(define-public libpsl
(package
(name "libpsl")
- (version "0.15.0")
+ (version "0.16.0")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/rockdaboot/libpsl/"
@@ -531,7 +531,7 @@ for efficient socket-like bidirectional reliable communication channels.")
"/libpsl-" version ".tar.gz"))
(sha256
(base32
- "0wm9i3qshfdasd5s5nrdihl4f5c6zrd1nkqrqjnh7zhhv1an755m"))))
+ "1ghhwrn3y047ngs6d59z6ssnx6f7zr3fjvxji17ln9r10sj4njvi"))))
(build-system gnu-build-system)
(inputs
`(("icu4c" ,icu4c)
diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm
index ebff11664d..c98cf8c534 100644
--- a/guix/scripts/offload.scm
+++ b/guix/scripts/offload.scm
@@ -177,6 +177,14 @@ private key from '~a': ~a")
;; #:log-verbosity 'protocol
#:identity (build-machine-private-key machine)
+ ;; By default libssh reads ~/.ssh/known_hosts
+ ;; and uses that to adjust its choice of cipher
+ ;; suites, which changes the type of host key
+ ;; that the server sends (RSA vs. Ed25519,
+ ;; etc.). Opt for something reproducible and
+ ;; stateless instead.
+ #:knownhosts "/dev/null"
+
;; We need lightweight compression when
;; exchanging full archives.
#:compression
@@ -700,9 +708,18 @@ allowed on MACHINE. Return +∞ if MACHINE is unreachable."
(leave (_ "failed to import '~a' from '~a'~%")
item name)))))
-(define (check-machine-availability machine-file)
- "Check that each machine in MACHINE-FILE is usable as a build machine."
- (let ((machines (build-machines machine-file)))
+(define (check-machine-availability machine-file pred)
+ "Check that each machine matching PRED in MACHINE-FILE is usable as a build
+machine."
+ (define (build-machine=? m1 m2)
+ (and (string=? (build-machine-name m1) (build-machine-name m2))
+ (= (build-machine-port m1) (build-machine-port m2))))
+
+ ;; A given build machine may appear several times (e.g., once for
+ ;; "x86_64-linux" and a second time for "i686-linux"); test them only once.
+ (let ((machines (filter pred
+ (delete-duplicates (build-machines machine-file)
+ build-machine=?))))
(info (_ "testing ~a build machines defined in '~a'...~%")
(length machines) machine-file)
(let* ((names (map build-machine-name machines))
@@ -766,11 +783,16 @@ allowed on MACHINE. Return +∞ if MACHINE is unreachable."
(loop (read-line)))))))
(("test" rest ...)
(with-error-handling
- (let ((file (match rest
- ((file) file)
- (() %machine-file)
- (_ (leave (_ "wrong number of arguments~%"))))))
- (check-machine-availability (or file %machine-file)))))
+ (let-values (((file pred)
+ (match rest
+ ((file regexp)
+ (values file
+ (compose (cut string-match regexp <>)
+ build-machine-name)))
+ ((file) (values file (const #t)))
+ (() (values %machine-file (const #t)))
+ (_ (leave (_ "wrong number of arguments~%"))))))
+ (check-machine-availability (or file %machine-file) pred))))
(("--version")
(show-version-and-exit "guix offload"))
(("--help")