aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-05-04 11:43:50 -0400
committerMark H Weaver <mhw@netris.org>2016-05-04 11:43:50 -0400
commit4e9d04a80b2d8b1e07f78708dae76b13f3d421f6 (patch)
tree18a163720f4c9fdd7a45d724c6584b065e216c6d /gnu/packages
parentad1b7d8bafe96241fd87a74baec0a38ed4389e4b (diff)
parent11057c4b58d766f358bc439690b9765bee735772 (diff)
downloadpatches-4e9d04a80b2d8b1e07f78708dae76b13f3d421f6.tar
patches-4e9d04a80b2d8b1e07f78708dae76b13f3d421f6.tar.gz
Merge branch 'master' into gnome-updates
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/admin.scm7
-rw-r--r--gnu/packages/bioinformatics.scm8
-rw-r--r--gnu/packages/commencement.scm3
-rw-r--r--gnu/packages/cross-base.scm67
-rw-r--r--gnu/packages/databases.scm53
-rw-r--r--gnu/packages/games.scm4
-rw-r--r--gnu/packages/gcc.scm15
-rw-r--r--gnu/packages/gnupg.scm42
-rw-r--r--gnu/packages/java.scm190
-rw-r--r--gnu/packages/linux.scm26
-rw-r--r--gnu/packages/maths.scm39
-rw-r--r--gnu/packages/messaging.scm25
-rw-r--r--gnu/packages/music.scm73
-rw-r--r--gnu/packages/ocaml.scm3
-rw-r--r--gnu/packages/patches/4store-fix-buildsystem.patch56
-rw-r--r--gnu/packages/patches/gcc-cross-environment-variables.patch51
-rw-r--r--gnu/packages/patches/ocaml-CVE-2015-8869.patch72
-rw-r--r--gnu/packages/patches/portmidi-modular-build.patch325
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch82
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch51
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch82
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch62
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch50
-rw-r--r--gnu/packages/tls.scm20
-rw-r--r--gnu/packages/version-control.scm56
25 files changed, 1398 insertions, 64 deletions
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 11a2d1622b..d815dfb8b5 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -874,7 +874,12 @@ commands and their arguments.")
(search-patches "wpa-supplicant-CVE-2015-5310.patch"
"wpa-supplicant-CVE-2015-5314.patch"
"wpa-supplicant-CVE-2015-5315.patch"
- "wpa-supplicant-CVE-2015-5316.patch"))))
+ "wpa-supplicant-CVE-2015-5316.patch"
+ "wpa-supplicant-CVE-2016-4476.patch"
+ "wpa-supplicant-CVE-2016-4477-pt1.patch"
+ "wpa-supplicant-CVE-2016-4477-pt2.patch"
+ "wpa-supplicant-CVE-2016-4477-pt3.patch"
+ "wpa-supplicant-CVE-2016-4477-pt4.patch"))))
(build-system gnu-build-system)
(arguments
'(#:phases (alist-replace
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 079fd467cc..5c1ad57a80 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -1535,14 +1535,14 @@ data and settings.")
(define-public edirect
(package
(name "edirect")
- (version "3.50")
+ (version "4.10")
(source (origin
(method url-fetch)
- ;; Note: older versions are not retained.
- (uri "ftp://ftp.ncbi.nlm.nih.gov/entrez/entrezdirect/edirect.tar.gz")
+ (uri (string-append "ftp://ftp.ncbi.nlm.nih.gov/entrez/entrezdirect/"
+ "versions/2016-05-03/edirect.tar.gz"))
(sha256
(base32
- "1cr3gzcs3flmgnnbj5iz93vh9w0fca1ilzi2q82cl63ln3mwvpz0"))))
+ "15zsprak5yh8c1yrz4r1knmb5s8qcmdid4xdhkh3lqcv64l60hli"))))
(build-system perl-build-system)
(arguments
`(#:tests? #f ;no "check" target
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 6dfe5c9cb7..c52b6e8389 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -879,4 +879,7 @@ and binaries, plus debugging symbols in the 'debug' output), and Binutils.")
(define-public gcc-toolchain-5
(gcc-toolchain gcc-5))
+(define-public gcc-toolchain-6
+ (gcc-toolchain gcc-6))
+
;;; commencement.scm ends here
diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm
index aa67d21c19..73ac76a48a 100644
--- a/gnu/packages/cross-base.scm
+++ b/gnu/packages/cross-base.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -166,34 +167,38 @@ may be either a libc package or #f.)"
`(alist-cons-before
'configure 'set-cross-path
(lambda* (#:key inputs #:allow-other-keys)
- ;; Add the cross Linux headers to CROSS_CPATH, and remove them
- ;; from CPATH.
+ ;; Add the cross Linux headers to CROSS_C_*_INCLUDE_PATH,
+ ;; and remove them from C_*INCLUDE_PATH.
(let ((libc (assoc-ref inputs "libc"))
(linux (assoc-ref inputs "xlinux-headers")))
(define (cross? x)
;; Return #t if X is a cross-libc or cross Linux.
(or (string-prefix? libc x)
(string-prefix? linux x)))
-
- (setenv "CROSS_CPATH"
- (string-append libc "/include:"
- linux "/include"))
+ (let ((cpath (string-append
+ libc "/include"
+ ":" linux "/include")))
+ (for-each (cut setenv <> cpath)
+ '("CROSS_C_INCLUDE_PATH"
+ "CROSS_CPLUS_INCLUDE_PATH"
+ "CROSS_OBJC_INCLUDE_PATH"
+ "CROSS_OBJCPLUS_INCLUDE_PATH")))
(setenv "CROSS_LIBRARY_PATH"
(string-append libc "/lib"))
-
- (let ((cpath (search-path-as-string->list
- (getenv "C_INCLUDE_PATH")))
- (libpath (search-path-as-string->list
- (getenv "LIBRARY_PATH"))))
- (setenv "CPATH"
- (list->search-path-as-string
- (remove cross? cpath) ":"))
- (for-each unsetenv
- '("C_INCLUDE_PATH" "CPLUS_INCLUDE_PATH"))
- (setenv "LIBRARY_PATH"
- (list->search-path-as-string
- (remove cross? libpath) ":"))
- #t)))
+ (for-each
+ (lambda (var)
+ (and=> (getenv var)
+ (lambda (value)
+ (let* ((path (search-path-as-string->list value))
+ (native-path (list->search-path-as-string
+ (remove cross? path) ":")))
+ (setenv var native-path)))))
+ '("C_INCLUDE_PATH"
+ "CPLUS_INCLUDE_PATH"
+ "OBJC_INCLUDE_PATH"
+ "OBJCPLUS_INCLUDE_PATH"
+ "LIBRARY_PATH"))
+ #t))
,phases)
phases)))))))
@@ -259,9 +264,19 @@ GCC that does not target a libc; otherwise, target that libc."
(inputs '())
;; Only search target inputs, not host inputs.
+ ;; Note: See <http://bugs.gnu.org/22186> for why not 'CPATH'.
(search-paths
(list (search-path-specification
- (variable "CROSS_CPATH")
+ (variable "CROSS_C_INCLUDE_PATH")
+ (files '("include")))
+ (search-path-specification
+ (variable "CROSS_CPLUS_INCLUDE_PATH")
+ (files '("include")))
+ (search-path-specification
+ (variable "CROSS_OBJC_INCLUDE_PATH")
+ (files '("include")))
+ (search-path-specification
+ (variable "CROSS_OBJCPLUS_INCLUDE_PATH")
(files '("include")))
(search-path-specification
(variable "CROSS_LIBRARY_PATH")
@@ -316,9 +331,13 @@ XBINUTILS and the cross tool chain."
`(alist-cons-before
'configure 'set-cross-linux-headers-path
(lambda* (#:key inputs #:allow-other-keys)
- (let ((linux (assoc-ref inputs "linux-headers")))
- (setenv "CROSS_CPATH"
- (string-append linux "/include"))
+ (let* ((linux (assoc-ref inputs "linux-headers"))
+ (cpath (string-append linux "/include")))
+ (for-each (cut setenv <> cpath)
+ '("CROSS_C_INCLUDE_PATH"
+ "CROSS_CPLUS_INCLUDE_PATH"
+ "CROSS_OBJC_INCLUDE_PATH"
+ "CROSS_OBJCPLUS_INCLUDE_PATH"))
#t))
,phases))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 9aee7b796a..63ca754688 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -9,6 +9,7 @@
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Nils Gillmann <niasterisk@grrlz.net>
+;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -27,8 +28,12 @@
(define-module (gnu packages databases)
#:use-module (gnu packages)
+ #:use-module (gnu packages autotools)
+ #:use-module (gnu packages avahi)
#:use-module (gnu packages bash)
#:use-module (gnu packages boost)
+ #:use-module (gnu packages gettext)
+ #:use-module (gnu packages glib)
#:use-module (gnu packages perl)
#:use-module (gnu packages language)
#:use-module (gnu packages linux)
@@ -40,9 +45,12 @@
#:use-module (gnu packages check)
#:use-module (gnu packages algebra)
#:use-module (gnu packages curl)
+ #:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages python)
#:use-module (gnu packages pcre)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages rdf)
#:use-module (gnu packages xml)
#:use-module (gnu packages bison)
#:use-module (gnu packages jemalloc)
@@ -58,6 +66,51 @@
#:use-module (srfi srfi-26)
#:use-module (ice-9 match))
+(define-public 4store
+ (package
+ (name "4store")
+ (version "1.1.6")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/garlik/4store/archive/v"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32 "004fmcf1w75zhc1x3zc6kc97j4jqn2v5nhk6yb3z3cpfrhzi9j50"))
+ (patches (list (search-patch "4store-fix-buildsystem.patch")))))
+ (build-system gnu-build-system)
+ (native-inputs
+ `(("perl" ,perl)
+ ("python" ,python-2)
+ ("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("gettext" ,gnu-gettext)
+ ("libtool" ,libtool)
+ ("pkg-config" ,pkg-config)))
+ (inputs
+ `(("glib" ,glib)
+ ("rasqal" ,rasqal)
+ ("libxml2" ,libxml2)
+ ("raptor2" ,raptor2)
+ ("readline" ,readline)
+ ("avahi" ,avahi)
+ ("pcre" ,pcre)
+ ("cyrus-sasl" ,cyrus-sasl)
+ ("openssl" ,openssl)
+ ("util-linux" ,util-linux)))
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-before 'configure 'generate-configure
+ (lambda _
+ (zero? (system* "./autogen.sh")))))))
+ ;; http://www.4store.org has been down for a while now.
+ (home-page "https://github.com/garlik/4store")
+ (synopsis "Clustered RDF storage and query engine")
+ (description "4store is a RDF/SPARQL store written in C, supporting
+either single machines or networked clusters.")
+ (license gpl3+)))
+
(define-public gdbm
(package
(name "gdbm")
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 34998cea28..55bffe9539 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -2097,7 +2097,7 @@ the chat server psyced with the specific config located at
http://lavachat.symlynx.com/unix/")
(license license:gpl2+)))
-(define-public redeclipse
+(define-public red-eclipse
(let ((data-sources
'(("acerspyro" "0gxxr6nbac918b49x1cp72nw951hqm5m4iyi2shb1612ly384w8q")
("actors" "1jq9q82m6nx07nwpb5cnpdcwa33jrcgg0j2yir8zk6zpnxdmp0il")
@@ -2133,7 +2133,7 @@ http://lavachat.symlynx.com/unix/")
("weapons" "1ghn6nfcnd5lyl8dnj22csldvf9hrb32wjzpab4sjjz3iyv0zmr3")
("wicked" "0q9badvg6ix5rhl05s83kw2v6a49jpnbkqk4ls89qahaddfagi8g"))))
(package
- (name "redeclipse")
+ (name "red-eclipse")
(version "1.5.3")
(source (origin
(method url-fetch)
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index a2b8126872..c390a6659b 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
@@ -354,6 +354,19 @@ Go. It also includes runtime support libraries for these languages.")
"1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq"))
(patches (search-patches "gcc-5.0-libvtv-runpath.patch"))))))
+(define-public gcc-6
+ (package
+ (inherit gcc-5)
+ (version "6.1.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnu/gcc/gcc-"
+ version "/gcc-" version ".tar.bz2"))
+ (sha256
+ (base32
+ "0ld3y4rgimyqgx1nwvzqyl5gr4wzc0ch4akkvsqp3fgbmdfcii09"))
+ (patches (search-patches "gcc-5.0-libvtv-runpath.patch"))))))
+
;; Note: When changing the default gcc version, update
;; the gcc-toolchain-* definitions accordingly.
(define-public gcc gcc-4.9)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index d447007260..b7c661257c 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -31,6 +31,7 @@
#:use-module (gnu packages perl)
#:use-module (gnu packages pth)
#:use-module (gnu packages python)
+ #:use-module (gnu packages qt)
#:use-module (gnu packages readline)
#:use-module (gnu packages compression)
#:use-module (gnu packages databases)
@@ -568,9 +569,9 @@ including tools for signing keys, keyring analysis, and party preparation.
(license license:gpl2)
(home-page "http://pgp-tools.alioth.debian.org/")))
-(define-public pinentry
+(define-public pinentry-tty
(package
- (name "pinentry")
+ (name "pinentry-tty")
(version "0.9.7")
(source (origin
(method url-fetch)
@@ -580,21 +581,48 @@ including tools for signing keys, keyring analysis, and party preparation.
(base32
"1cp7wjqr6nx31mdclr61s2h84ijqjl0ph99kgj4vyawpjj1j1633"))))
(build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags '("--enable-pinentry-tty")))
(inputs
`(("ncurses" ,ncurses)
("libassuan" ,libassuan)
- ("libsecret" ,libsecret "out")
- ("gtk+" ,gtk+-2)
- ("glib" ,glib)))
+ ("libsecret" ,libsecret "out")))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "https://gnupg.org/aegypten2/")
(synopsis "GnuPG's interface to passphrase input")
(description
- "Pinentry provides a console and a GTK+ GUI that allows users to
-enter a passphrase when `gpg' or `gpg2' is run and needs it.")
+ "Pinentry provides a console that allows users to enter a passphrase when
+@code{gpg} or @code{gpg2} is run and needs it.")
(license license:gpl2+)))
+(define-public pinentry-gtk2
+ (package
+ (inherit pinentry-tty)
+ (name "pinentry-gtk2")
+ (inputs
+ `(("gtk+" ,gtk+-2)
+ ("glib" ,glib)
+ ,@(package-inputs pinentry-tty)))
+ (description
+ "Pinentry provides a console and a GTK+ GUI that allows users to enter a
+passphrase when @code{gpg} or @code{gpg2} is run and needs it.")))
+
+(define-public pinentry-qt
+ (package
+ (inherit pinentry-tty)
+ (name "pinentry-qt")
+ (inputs
+ `(("qt" ,qt)
+ ,@(package-inputs pinentry-tty)))
+ (description
+ "Pinentry provides a console and a Qt GUI that allows users to enter a
+passphrase when @code{gpg} or @code{gpg2} is run and needs it.")))
+
+(define-public pinentry
+ (package (inherit pinentry-gtk2)
+ (name "pinentry")))
+
(define-public paperkey
(package
(name "paperkey")
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index c94f2e4b28..fbee1a3fb3 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -859,3 +859,193 @@ build process and its dependencies, whereas Make uses Makefile format.")
compression in pure Java. Single-threaded streamed compression and
decompression and random access decompression have been fully implemented.")
(license license:public-domain)))
+
+;; java-hamcrest-core uses qdox version 1.12. We package this version instead
+;; of the latest release.
+(define-public java-qdox-1.12
+ (package
+ (name "java-qdox")
+ (version "1.12.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "http://central.maven.org/maven2/"
+ "com/thoughtworks/qdox/qdox/" version
+ "/qdox-" version "-sources.jar"))
+ (sha256
+ (base32
+ "0hlfbqq2avf5s26wxkksqmkdyk6zp9ggqn37c468m96mjv0n9xfl"))))
+ (build-system ant-build-system)
+ (arguments
+ `(;; Tests require junit
+ #:tests? #f
+ #:jar-name "qdox.jar"
+ #:phases
+ (modify-phases %standard-phases
+ (replace 'unpack
+ (lambda* (#:key source #:allow-other-keys)
+ (mkdir "src")
+ (with-directory-excursion "src"
+ (zero? (system* "jar" "-xf" source)))))
+ ;; At this point we don't have junit, so we must remove the API
+ ;; tests.
+ (add-after 'unpack 'delete-tests
+ (lambda _
+ (delete-file-recursively "src/com/thoughtworks/qdox/junit")
+ #t)))))
+ (home-page "http://qdox.codehaus.org/")
+ (synopsis "Parse definitions from Java source files")
+ (description
+ "QDox is a high speed, small footprint parser for extracting
+class/interface/method definitions from source files complete with JavaDoc
+@code{@tags}. It is designed to be used by active code generators or
+documentation tools.")
+ (license license:asl2.0)))
+
+(define-public java-jarjar
+ (package
+ (name "java-jarjar")
+ (version "1.4")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://storage.googleapis.com/google-code-archive-downloads/v2/"
+ "code.google.com/jarjar/jarjar-src-" version ".zip"))
+ (sha256
+ (base32
+ "1v8irhni9cndcw1l1wxqgry013s2kpj0qqn57lj2ji28xjq8ndjl"))))
+ (build-system ant-build-system)
+ (arguments
+ `(;; Tests require junit, which ultimately depends on this package.
+ #:tests? #f
+ #:build-target "jar"
+ #:phases
+ (modify-phases %standard-phases
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((target (string-append (assoc-ref outputs "out")
+ "/share/java")))
+ (install-file (string-append "dist/jarjar-" ,version ".jar")
+ target))
+ #t)))))
+ (native-inputs
+ `(("unzip" ,unzip)))
+ (home-page "https://code.google.com/archive/p/jarjar/")
+ (synopsis "Repackage Java libraries")
+ (description
+ "Jar Jar Links is a utility that makes it easy to repackage Java
+libraries and embed them into your own distribution. Jar Jar Links includes
+an Ant task that extends the built-in @code{jar} task.")
+ (license license:asl2.0)))
+
+(define-public java-hamcrest-core
+ (package
+ (name "java-hamcrest-core")
+ (version "1.3")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://hamcrest.googlecode.com/files/"
+ "hamcrest-" version ".tgz"))
+ (sha256
+ (base32
+ "1hi0jv0zrgsf4l25aizxrgvxpsrmdklsmvw0jzwz7zv9s108whn6"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Delete bundled jar archives.
+ (for-each delete-file (find-files "." "\\.jar$"))
+ #t))))
+ (build-system ant-build-system)
+ (arguments
+ `(#:tests? #f ; Tests require junit
+ #:make-flags (list (string-append "-Dversion=" ,version))
+ #:build-target "core"
+ #:phases
+ (modify-phases %standard-phases
+ ;; Disable unit tests, because they require junit, which requires
+ ;; hamcrest-core. We also give a fixed value to the "Built-Date"
+ ;; attribute from the manifest for reproducibility.
+ (add-before 'configure 'patch-build.xml
+ (lambda _
+ (substitute* "build.xml"
+ (("unit-test, ") "")
+ (("\\$\\{build.timestamp\\}") "guix"))
+ #t))
+ ;; Java's "getMethods()" returns methods in an unpredictable order.
+ ;; To make the output of the generated code deterministic we must
+ ;; sort the array of methods.
+ (add-after 'unpack 'make-method-order-deterministic
+ (lambda _
+ (substitute* "hamcrest-generator/src/main/java/org/hamcrest/generator/ReflectiveFactoryReader.java"
+ (("import java\\.util\\.Iterator;" line)
+ (string-append line "\n"
+ "import java.util.Arrays; import java.util.Comparator;"))
+ (("allMethods = cls\\.getMethods\\(\\);" line)
+ (string-append "_" line
+ "
+private Method[] getSortedMethods() {
+ Arrays.sort(_allMethods, new Comparator<Method>() {
+ @Override
+ public int compare(Method a, Method b) {
+ return a.toString().compareTo(b.toString());
+ }
+ });
+ return _allMethods;
+}
+
+private Method[] allMethods = getSortedMethods();")))))
+ (add-before 'build 'do-not-use-bundled-qdox
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "build.xml"
+ (("lib/generator/qdox-1.12.jar")
+ (string-append (assoc-ref inputs "java-qdox-1.12")
+ "/share/java/qdox.jar")))
+ #t))
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (install-file (string-append "build/hamcrest-core-"
+ ,version ".jar")
+ (string-append (assoc-ref outputs "out")
+ "/share/java")))))))
+ (native-inputs
+ `(("java-qdox-1.12" ,java-qdox-1.12)
+ ("java-jarjar" ,java-jarjar)))
+ (home-page "http://hamcrest.org/")
+ (synopsis "Library of matchers for building test expressions")
+ (description
+ "This package provides a library of matcher objects (also known as
+constraints or predicates) allowing @code{match} rules to be defined
+declaratively, to be used in other frameworks. Typical scenarios include
+testing frameworks, mocking libraries and UI validation rules.")
+ (license license:bsd-2)))
+
+(define-public java-junit
+ (package
+ (name "java-junit")
+ (version "4.12")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/junit-team/junit/"
+ "archive/r" version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "090dn5v1vs0b3acyaqc0gjf6p8lmd2h24wfzsbq7sly6b214anws"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Delete bundled jar archives.
+ (delete-file-recursively "lib")
+ #t))))
+ (build-system ant-build-system)
+ (arguments
+ `(#:tests? #f ; no tests
+ #:jar-name "junit.jar"))
+ (inputs
+ `(("java-hamcrest-core" ,java-hamcrest-core)))
+ (home-page "http://junit.org/")
+ (synopsis "Test framework for Java")
+ (description
+ "JUnit is a simple framework to write repeatable tests for Java projects.
+JUnit provides assertions for testing expected results, test fixtures for
+sharing common test data, and test runners for running tests.")
+ (license license:epl1.0)))
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index a26e641342..aa778beefb 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1203,11 +1203,31 @@ devices. It replaces 'iwconfig', which is deprecated.")
(base32
"0nlwazxbnn0k6q5f5b09wdhw0f194lpzkp3l7vxansqhfczmcyx8"))))
(build-system gnu-build-system)
+ (arguments
+ '(#:phases
+ (modify-phases %standard-phases
+ ;; TODO: Patch some hardcoded "wlan0" in calibrate/calibrate.cpp to
+ ;; allow calibrating the network interface in GuixSD.
+ (add-after 'unpack 'patch-absolute-file-names
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((kmod (assoc-ref inputs "kmod")))
+ (substitute* (find-files "src" "\\.cpp$")
+ ;; Give the right 'modprobe' file name so that essential
+ ;; modules such as msr.ko can be loaded.
+ (("/sbin/modprobe") (string-append kmod "/bin/modprobe"))
+ ;; These programs are only needed to calibrate, so using
+ ;; relative file names avoids adding extra inputs. When they
+ ;; are missing powertop gracefully handles it.
+ (("/usr/bin/hcitool") "hcitool")
+ (("/usr/bin/xset") "xset")
+ (("/usr/sbin/hciconfig") "hciconfig"))
+ #t))))))
(inputs
- `(("zlib" ,zlib)
- ("pciutils" ,pciutils)
+ `(("kmod" ,kmod)
+ ("libnl" ,libnl)
("ncurses" ,ncurses)
- ("libnl" ,libnl)))
+ ("pciutils" ,pciutils)
+ ("zlib" ,zlib)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "https://01.org/powertop/")
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index d37897da20..9ba7138f88 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -59,6 +59,7 @@
#:use-module (gnu packages less)
#:use-module (gnu packages lisp)
#:use-module (gnu packages gnome)
+ #:use-module (gnu packages guile)
#:use-module (gnu packages xorg)
#:use-module (gnu packages gl)
#:use-module (gnu packages m4)
@@ -430,6 +431,44 @@ extremely large and complex data collections.")
(license (license:x11-style
"http://www.hdfgroup.org/ftp/HDF5/current/src/unpacked/COPYING"))))
+(define-public nlopt
+ (package
+ (name "nlopt")
+ (version "2.4.2")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "http://ab-initio.mit.edu/nlopt/nlopt-"
+ version ".tar.gz"))
+ (sha256
+ (base32 "12cfkkhcdf4zmb6h7y6qvvdvqjs2xf9sjpa3rl3bq76px4yn76c0"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(;; Shared libraries are not built by default. They are required to
+ ;; build the Guile, Octave, and Python bindings.
+ #:configure-flags '("--enable-shared")
+
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'configure 'set-libnlopt-file-name
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Make sure the Scheme module refers to the library by its
+ ;; absolute file name (we cannot do that from a snippet
+ ;; because the expansion of @libdir@ contains
+ ;; ${exec_prefix}.)
+ (let ((out (assoc-ref outputs "out")))
+ (substitute* "swig/nlopt.scm.in"
+ (("libnlopt")
+ (string-append out "/lib/libnlopt")))
+ #t))))))
+ (inputs `(("guile" ,guile-2.0)))
+ (native-inputs `(("pkg-config" ,pkg-config)))
+ (home-page "http://ab-initio.mit.edu/wiki/")
+ (synopsis "Library for nonlinear optimization")
+ (description "NLopt is a library for nonlinear optimization, providing a
+common interface for a number of different free optimization routines available
+online as well as original implementations of various other algorithms.")
+ (license license:lgpl2.1+)))
+
;; For a fully featured Octave, users are strongly recommended also to install
;; the following packages: texinfo, less, ghostscript, gnuplot.
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index fbe84f58b2..a79efc3366 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -91,16 +91,37 @@ keys, no previous conversation is compromised.")
(home-page "https://otr.cypherpunks.ca/")
(license (list lgpl2.1 gpl2))))
+;; These patches together fix https://github.com/bitlbee/bitlbee/pull/55, are
+;; already upstream, and should be unnecessary when the next bitlbee comes
+;; out.
+(define %bitlbee-buddy-nick-change-patch
+ (origin
+ (method url-fetch)
+ (uri "https://github.com/bitlbee/bitlbee/commit/a42fda42.patch")
+ (sha256
+ (base32
+ "1mzjhcdn0rxir5mzgqz9kv142ai38p1iq2lajqx89wb7x0bp51zx"))))
+(define %bitlbee-always-use-nicks-patch
+ (origin
+ (method url-fetch)
+ (uri "https://github.com/bitlbee/bitlbee/commit/3320d6d9.patch")
+ (sha256
+ (base32
+ "14d9kb5zdzh5hzakdvrbviz83rix0j2lq9rzb58b2fn92fp8yixd"))))
+
(define-public bitlbee
(package
(name "bitlbee")
- (version "3.4.1")
+ (version "3.4.2")
(source (origin
(method url-fetch)
(uri (string-append "https://get.bitlbee.org/src/bitlbee-"
version ".tar.gz"))
(sha256
- (base32 "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh"))))
+ (base32 "0mza8lnfwibmklz8hdzg4f7p83hblf4h6fbf7d732kzpvra5bj39"))
+ (patches
+ (list %bitlbee-buddy-nick-change-patch
+ %bitlbee-always-use-nicks-patch))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)
("check" ,check)))
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 346fefccdb..935e6e444c 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -825,6 +825,13 @@ mixing, FFT scopes, MIDI automation and full scriptability in Scheme.")
(string-prefix? "i686" system)))
(substitute* "bristol/Makefile.in"
(("-msse -mfpmath=sse") "")))
+ #t))
+ ;; We know that Bristol has been linked with JACK and we don't have
+ ;; ldd, so we can just skip this check.
+ (add-after 'unpack 'do-not-grep-for-jack
+ (lambda _
+ (substitute* "bin/startBristol.in"
+ (("ldd `which bristol` | grep jack") "echo guix"))
#t)))))
(inputs
`(("alsa-lib" ,alsa-lib)
@@ -952,6 +959,70 @@ programming methods as well as for realizing complex systems for large-scale
projects.")
(license license:bsd-3)))
+(define-public portmidi
+ (package
+ (name "portmidi")
+ (version "217")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://sourceforge/portmedia/portmidi/"
+ version "/portmidi-src-" version ".zip"))
+ (sha256
+ (base32
+ "03rfsk7z6rdahq2ihy5k13qjzgx757f75yqka88v3gc0pn9ais88"))
+ (patches (list (search-patch "portmidi-modular-build.patch")))))
+ (build-system cmake-build-system)
+ (arguments
+ `(#:tests? #f ; tests cannot be linked
+ #:configure-flags
+ (list "-DPORTMIDI_ENABLE_JAVA=Off"
+ "-DCMAKE_BUILD_TYPE=Release" ; needed to have PMALSA set
+ "-DPORTMIDI_ENABLE_TEST=Off"))) ; tests fail linking
+ (inputs
+ `(("alsa-lib" ,alsa-lib)))
+ (native-inputs
+ `(("unzip" ,unzip)))
+ (home-page "http://portmedia.sourceforge.net/portmidi/")
+ (synopsis "Library for MIDI I/O")
+ (description
+ "PortMidi is a library supporting real-time input and output of MIDI data
+using a system-independent interface.")
+ (license license:expat)))
+
+(define-public python-pyportmidi
+ (package
+ (name "python-pyportmidi")
+ (version (package-version portmidi))
+ (source (package-source portmidi))
+ (build-system python-build-system)
+ (arguments
+ `(#:tests? #f ; no tests included
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'enter-dir
+ (lambda _ (chdir "pm_python") #t))
+ (add-after 'enter-dir 'fix-setup.py
+ (lambda _
+ (substitute* "setup.py"
+ ;; Use Python 3 syntax
+ (("print (\".*\")" _ text)
+ (string-append "print(" text ")\n"))
+ ;; TODO.txt and CHANGES.txt don't exist
+ (("CHANGES =.*") "CHANGES = \"\"\n")
+ (("TODO =.*") "TODO = \"\"\n"))
+ #t)))))
+ (inputs
+ `(("portmidi" ,portmidi)
+ ("alsa-lib" ,alsa-lib)
+ ("python-cython" ,python-cython)))
+ (native-inputs
+ `(("unzip" ,unzip)))
+ (home-page "http://portmedia.sourceforge.net/portmidi/")
+ (synopsis "Python bindings to PortMidi")
+ (description
+ "This package provides Python bindings to the PortMidi library.")
+ (license license:expat)))
+
(define-public frescobaldi
(package
(name "frescobaldi")
@@ -967,8 +1038,10 @@ projects.")
(build-system python-build-system)
(inputs
`(("lilypond" ,lilypond)
+ ("portmidi" ,portmidi)
("python-pyqt-4" ,python-pyqt-4)
("python-ly" ,python-ly)
+ ("python-pyportmidi" ,python-pyportmidi)
("poppler" ,poppler)
("python-poppler-qt4" ,python-poppler-qt4)
("python-sip" ,python-sip)))
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index 5d489532f7..434fb132bb 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -60,7 +60,8 @@
"/ocaml-" version ".tar.xz"))
(sha256
(base32
- "1qwwvy8nzd87hk8rd9sm667nppakiapnx4ypdwcrlnav2dz6kil3"))))
+ "1qwwvy8nzd87hk8rd9sm667nppakiapnx4ypdwcrlnav2dz6kil3"))
+ (patches (search-patches "ocaml-CVE-2015-8869.patch"))))
(build-system gnu-build-system)
(native-search-paths
(list (search-path-specification
diff --git a/gnu/packages/patches/4store-fix-buildsystem.patch b/gnu/packages/patches/4store-fix-buildsystem.patch
new file mode 100644
index 0000000000..383baa9461
--- /dev/null
+++ b/gnu/packages/patches/4store-fix-buildsystem.patch
@@ -0,0 +1,56 @@
+This patch sets a fixed version to avoid needing Git and the .git/ folder.
+It also removes the creation of "/var/lib/4store", which is not available
+during the install phase in GNU Guix.
+
+Patch by Roel Janssen <roel@gnu.org>
+*** a/configure.ac Wed Feb 4 19:05:24 2015
+--- b/configure.ac Wed Mar 23 11:20:38 2016
+***************
+*** 2,13 ****
+ # Process this file with autoconf to produce a configure script.
+
+ AC_PREREQ([2.50])
+! AC_INIT([4store], m4_esyscmd([./version.sh .version]), [http://4store.org/support/], [4store])
+ AC_CONFIG_SRCDIR([src/backend/backend-intl.h])
+! AM_INIT_AUTOMAKE([1.7 std-options -Wall])
+ AC_CONFIG_HEADERS(4store-config.h)
+
+ # Checks for programs.
+ AC_PROG_LIBTOOL
+ AC_PROG_AWK
+ AC_PROG_CC
+--- 2,14 ----
+ # Process this file with autoconf to produce a configure script.
+
+ AC_PREREQ([2.50])
+! AC_INIT([4store], [1.1.6], [http://4store.org/support/], [4store])
+ AC_CONFIG_SRCDIR([src/backend/backend-intl.h])
+! AM_INIT_AUTOMAKE([1.7 std-options foreign -Wall])
+ AC_CONFIG_HEADERS(4store-config.h)
+
+ # Checks for programs.
++ AM_PROG_AR
+ AC_PROG_LIBTOOL
+ AC_PROG_AWK
+ AC_PROG_CC
+
+*** a/src/utilities/Makefile.am Wed Feb 4 19:05:24 2015
+--- b/src/utilities/Makefile.am Wed Mar 23 14:05:56 2016
+***************
+*** 13,20 ****
+ noinst_PROGRAMS = lex-file-verify 4s-rid
+
+ install-data-local:
+! mkdir -p $(DESTDIR)@FS_STORE_ROOT@
+! chmod 1777 $(DESTDIR)@FS_STORE_ROOT@
+
+ 4s_backend_destroy_SOURCES = backend-destroy.c
+ 4s_backend_destroy_LDADD = ../common/lib4sintl.a
+--- 13,19 ----
+ noinst_PROGRAMS = lex-file-verify 4s-rid
+
+ install-data-local:
+! echo "Please create the following directory: " $(DESTDIR)@FS_STORE_ROOT@
+
+ 4s_backend_destroy_SOURCES = backend-destroy.c
+ 4s_backend_destroy_LDADD = ../common/lib4sintl.a
diff --git a/gnu/packages/patches/gcc-cross-environment-variables.patch b/gnu/packages/patches/gcc-cross-environment-variables.patch
index 0bd0be5984..ec4378e2d2 100644
--- a/gnu/packages/patches/gcc-cross-environment-variables.patch
+++ b/gnu/packages/patches/gcc-cross-environment-variables.patch
@@ -1,9 +1,23 @@
Search path environment variables for cross-compilers. See the discussion
at <http://gcc.gnu.org/ml/gcc/2013-02/msg00124.html>.
---- gcc-4.7.2/gcc/incpath.c 2012-01-27 00:34:58.000000000 +0100
-+++ gcc-4.7.2/gcc/incpath.c 2013-02-12 10:11:27.000000000 +0100
-@@ -452,7 +452,7 @@ register_include_chains (cpp_reader *pfi
+Note: Touch 'C_INCLUDE_PATH' et al. rather than 'CPATH', as discussed
+at <http://bugs.gnu.org/22186>.
+
+--- a/gcc/incpath.c
++++ b/gcc/incpath.c
+@@ -461,8 +461,8 @@ register_include_chains (cpp_reader *pfile, const char *sysroot,
+ int stdinc, int cxx_stdinc, int verbose)
+ {
+ static const char *const lang_env_vars[] =
+- { "C_INCLUDE_PATH", "CPLUS_INCLUDE_PATH",
+- "OBJC_INCLUDE_PATH", "OBJCPLUS_INCLUDE_PATH" };
++ { "CROSS_C_INCLUDE_PATH", "CROSS_CPLUS_INCLUDE_PATH",
++ "CROSS_OBJC_INCLUDE_PATH", "CROSS_OBJCPLUS_INCLUDE_PATH" };
+ cpp_options *cpp_opts = cpp_get_options (pfile);
+ size_t idx = (cpp_opts->objc ? 2: 0);
+
+@@ -473,7 +473,7 @@ register_include_chains (cpp_reader *pfile, const char *sysroot,
/* CPATH and language-dependent environment variables may add to the
include chain. */
@@ -12,20 +26,22 @@ at <http://gcc.gnu.org/ml/gcc/2013-02/msg00124.html>.
add_env_var_paths (lang_env_vars[idx], SYSTEM);
target_c_incpath.extra_pre_includes (sysroot, iprefix, stdinc);
-
---- gcc-4.7.2/gcc/system.h 2012-02-17 00:16:28.000000000 +0100
-+++ gcc-4.7.2/gcc/system.h 2013-02-12 10:22:17.000000000 +0100
-@@ -1023,4 +1023,6 @@ helper_const_non_const_cast (const char
- #define DEBUG_VARIABLE
- #endif
+diff --git a/gcc/system.h b/gcc/system.h
+index 42bc509..af3b9ad 100644
+--- a/gcc/system.h
++++ b/gcc/system.h
+@@ -1063,4 +1063,6 @@ helper_const_non_const_cast (const char *p)
+ /* Get definitions of HOST_WIDE_INT and HOST_WIDEST_INT. */
+ #include "hwint.h"
+#define LIBRARY_PATH_ENV "CROSS_LIBRARY_PATH"
+
#endif /* ! GCC_SYSTEM_H */
-
---- gcc-4.7.2/gcc/tlink.c 2012-02-11 09:50:23.000000000 +0100
-+++ gcc-4.7.2/gcc/tlink.c 2013-05-23 22:06:19.000000000 +0200
-@@ -461,7 +461,7 @@ recompile_files (void)
+diff --git a/gcc/tlink.c b/gcc/tlink.c
+index bc358b8..ad6242f 100644
+--- a/gcc/tlink.c
++++ b/gcc/tlink.c
+@@ -458,7 +458,7 @@ recompile_files (void)
file *f;
putenv (xstrdup ("COMPILER_PATH="));
@@ -34,10 +50,11 @@ at <http://gcc.gnu.org/ml/gcc/2013-02/msg00124.html>.
while ((f = file_pop ()) != NULL)
{
-
---- gcc-4.7.3/gcc/gcc.c 2013-03-08 08:25:09.000000000 +0100
-+++ gcc-4.7.3/gcc/gcc.c 2013-05-24 08:58:16.000000000 +0200
-@@ -3726,7 +3726,7 @@ process_command (unsigned int decoded_op
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index adbf0c4..70448c6 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -3853,7 +3853,7 @@ process_command (unsigned int decoded_options_count,
}
temp = getenv (LIBRARY_PATH_ENV);
diff --git a/gnu/packages/patches/ocaml-CVE-2015-8869.patch b/gnu/packages/patches/ocaml-CVE-2015-8869.patch
new file mode 100644
index 0000000000..0a4cb34d25
--- /dev/null
+++ b/gnu/packages/patches/ocaml-CVE-2015-8869.patch
@@ -0,0 +1,72 @@
+Adapted from upstream commit 659615c7b100a89eafe6253e7a5b9d84d0e8df74,
+this patch omits the upstream changes to 'Changes' and 'VERSION'.
+
+http://seclists.org/oss-sec/2016/q2/170
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869
+https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74
+---
+ byterun/alloc.c | 4 ++--
+ byterun/intern.c | 2 +-
+ byterun/str.c | 4 ++--
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/byterun/alloc.c b/byterun/alloc.c
+index 96a21bf..0db9947 100644
+--- a/byterun/alloc.c
++++ b/byterun/alloc.c
+@@ -153,7 +153,7 @@ CAMLexport int caml_convert_flag_list(value list, int *flags)
+ /* [size] is a [value] representing number of words (fields) */
+ CAMLprim value caml_alloc_dummy(value size)
+ {
+- mlsize_t wosize = Int_val(size);
++ mlsize_t wosize = Long_val(size);
+
+ if (wosize == 0) return Atom(0);
+ return caml_alloc (wosize, 0);
+@@ -169,7 +169,7 @@ CAMLprim value caml_alloc_dummy_function(value size,value arity)
+ /* [size] is a [value] representing number of floats. */
+ CAMLprim value caml_alloc_dummy_float (value size)
+ {
+- mlsize_t wosize = Int_val(size) * Double_wosize;
++ mlsize_t wosize = Long_val(size) * Double_wosize;
+
+ if (wosize == 0) return Atom(0);
+ return caml_alloc (wosize, 0);
+diff --git a/byterun/intern.c b/byterun/intern.c
+index 89d13d1..7b8d049 100644
+--- a/byterun/intern.c
++++ b/byterun/intern.c
+@@ -291,7 +291,7 @@ static void intern_rec(value *dest)
+ case OFreshOID:
+ /* Refresh the object ID */
+ /* but do not do it for predefined exception slots */
+- if (Int_val(Field((value)dest, 1)) >= 0)
++ if (Long_val(Field((value)dest, 1)) >= 0)
+ caml_set_oo_id((value)dest);
+ /* Pop item and iterate */
+ sp--;
+diff --git a/byterun/str.c b/byterun/str.c
+index 5ad4e29..885772f 100644
+--- a/byterun/str.c
++++ b/byterun/str.c
+@@ -266,7 +266,7 @@ CAMLprim value caml_string_greaterequal(value s1, value s2)
+ CAMLprim value caml_blit_string(value s1, value ofs1, value s2, value ofs2,
+ value n)
+ {
+- memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Int_val(n));
++ memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Long_val(n));
+ return Val_unit;
+ }
+
+@@ -278,7 +278,7 @@ CAMLprim value caml_fill_string(value s, value offset, value len, value init)
+
+ CAMLprim value caml_bitvect_test(value bv, value n)
+ {
+- int pos = Int_val(n);
++ intnat pos = Long_val(n);
+ return Val_int(Byte_u(bv, pos >> 3) & (1 << (pos & 7)));
+ }
+
+--
+2.7.4
+
diff --git a/gnu/packages/patches/portmidi-modular-build.patch b/gnu/packages/patches/portmidi-modular-build.patch
new file mode 100644
index 0000000000..25e64ae317
--- /dev/null
+++ b/gnu/packages/patches/portmidi-modular-build.patch
@@ -0,0 +1,325 @@
+We took this patch from Gentoo to break apart the portmidi build, so that we
+can disable the Java parts and cleanly disable the tests which fail to link
+(possibly because they are linked before “-lportmidi” is available). The
+patch was downloaded from here:
+
+https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/portmidi/files/portmidi-217-cmake.patch?id=56bd759df1d0c750a065b8c845e93d5dfa6b549d
+
+--- portmidi/CMakeLists.txt
++++ portmidi/CMakeLists.txt
+@@ -9,12 +9,11 @@
+ set(CMAKE_BUILD_TYPE Release CACHE STRING
+ "Semicolon-separate list of supported configuration types")
+ # set default directories but don't override cached values...
+- set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE}
++ set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+ CACHE STRING "libraries go here")
+- set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE}
++ set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+ CACHE STRING "libraries go here")
+- set(CMAKE_RUNTIME_OUTPUT_DIRECTORY
+- ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE}
++ set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+ CACHE STRING "executables go here")
+
+ else(UNIX)
+@@ -68,10 +67,20 @@
+ include_directories(pm_common porttime)
+ add_subdirectory(pm_common)
+
+-add_subdirectory(pm_test)
++option(PORTMIDI_ENABLE_JAVA "Enable Java bindings support" ON)
++option(PORTMIDI_ENABLE_STATIC "Build and install static libraries" OFF)
++option(PORTMIDI_ENABLE_TEST "Build test programs" ON)
++
++if(PORTMIDI_ENABLE_TEST)
++ add_subdirectory(pm_test)
++endif(PORTMIDI_ENABLE_TEST)
+
+ add_subdirectory(pm_dylib)
+
+ # Cannot figure out how to make an xcode Java application with CMake
+-add_subdirectory(pm_java)
++if(PORTMIDI_ENABLE_JAVA)
++ set(JAR_INSTALL_DIR share/java
++ CACHE STRING "Define directory name for jar installation")
++ add_subdirectory(pm_java)
++endif(PORTMIDI_ENABLE_JAVA)
+
+--- portmidi/pm_common/CMakeLists.txt
++++ portmidi/pm_common/CMakeLists.txt
+@@ -44,9 +44,6 @@
+
+ # first include the appropriate system-dependent file:
+ if(UNIX)
+- # add the -g switch for Linux and Mac OS X (not used in Win32)
+- set (CMAKE_C_FLAGS_DEBUG "-g ${CMAKE_C_FLAGS_DEBUG}"
+- CACHE STRING "enable extra checks for debugging" FORCE)
+ if(APPLE)
+ set(MACSRC pmmacosxcm pmmac readbinaryplist finddefault)
+ prepend_path(LIBSRC ../pm_mac/ ${MACSRC})
+@@ -62,19 +59,23 @@
+ ${COREMIDI_LIB} ${CORESERVICES_LIB}
+ CACHE INTERNAL "")
+
+- set(JAVAVM_LIB "${FRAMEWORK_PATH}/JavaVM.framework")
+- set(JAVA_INCLUDE_PATHS ${JAVAVM_LIB}/Headers)
++ if(PORTMIDI_ENABLE_JAVA)
++ set(JAVAVM_LIB "${FRAMEWORK_PATH}/JavaVM.framework")
++ set(JAVA_INCLUDE_PATHS ${JAVAVM_LIB}/Headers)
++ endif(PORTMIDI_ENABLE_JAVA)
+ message(STATUS "SYSROOT: " ${CMAKE_OSX_SYSROOT})
+ else(APPLE)
+ # LINUX settings...
+- include(FindJNI)
+- message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH})
+- message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH})
+- message(STATUS "JAVA_INCLUDE_PATH2 is " ${JAVA_INCLUDE_PATH2})
+- message(STATUS "JAVA_JVM_LIBRARY is " ${JAVA_JVM_LIBRARY})
+- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
+- # libjvm.so is found relative to JAVA_INCLUDE_PATH:
+- set(JAVAVM_LIB ${JAVA_JVM_LIBRARY}/libjvm.so)
++ if(PORTMIDI_ENABLE_JAVA)
++ include(FindJNI)
++ message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH})
++ message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH})
++ message(STATUS "JAVA_INCLUDE_PATH2 is " ${JAVA_INCLUDE_PATH2})
++ message(STATUS "JAVA_JVM_LIBRARY is " ${JAVA_JVM_LIBRARY})
++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
++ # libjvm.so is found relative to JAVA_INCLUDE_PATH:
++ set(JAVAVM_LIB ${JAVA_JVM_LIBRARY}/libjvm.so)
++ endif(PORTMIDI_ENABLE_JAVA)
+
+ set(LINUXSRC pmlinuxalsa pmlinux finddefault)
+ prepend_path(LIBSRC ../pm_linux/ ${LINUXSRC})
+@@ -88,10 +89,12 @@
+ # /MD is multithread DLL, /MT is multithread. Change to static:
+ include(../pm_win/static.cmake)
+
+- include(FindJNI)
++ if(PORTMIDI_ENABLE_JAVA)
++ include(FindJNI)
+
+- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
+- # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS})
++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
++ # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS})
++ endif(PORTMIDI_ENABLE_JAVA)
+
+ set(WINSRC pmwin pmwinmm)
+ prepend_path(LIBSRC ../pm_win/ ${WINSRC})
+@@ -99,29 +102,43 @@
+ set(PM_NEEDED_LIBS winmm.lib)
+ endif(WIN32)
+ endif(UNIX)
+-set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVA_JVM_LIBRARY})
++
++if(PORTMIDI_ENABLE_JAVA)
++ set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVA_JVM_LIBRARY})
++endif(PORTMIDI_ENABLE_JAVA)
+
+ # this completes the list of library sources by adding shared code
+ list(APPEND LIBSRC pmutil portmidi)
+
+ # now add the shared files to make the complete list of library sources
+-add_library(portmidi-static ${LIBSRC})
+-set_target_properties(portmidi-static PROPERTIES OUTPUT_NAME "portmidi_s")
+-target_link_libraries(portmidi-static ${PM_NEEDED_LIBS})
+-
+-# define the jni library
+-include_directories(${JAVA_INCLUDE_PATHS})
+-
+-set(JNISRC ${LIBSRC} ../pm_java/pmjni/pmjni.c)
+-add_library(pmjni SHARED ${JNISRC})
+-target_link_libraries(pmjni ${JNI_EXTRA_LIBS})
+-set_target_properties(pmjni PROPERTIES EXECUTABLE_EXTENSION "jnilib")
++if(PORTMIDI_ENABLE_STATIC)
++ add_library(portmidi-static ${LIBSRC})
++ set_target_properties(portmidi-static PROPERTIES OUTPUT_NAME "portmidi")
++ target_link_libraries(portmidi-static ${PM_NEEDED_LIBS})
++endif(PORTMIDI_ENABLE_STATIC)
++
++if(PORTMIDI_ENABLE_JAVA)
++ # define the jni library
++ include_directories(${JAVA_INCLUDE_PATHS})
++
++ set(JNISRC ${LIBSRC} ../pm_java/pmjni/pmjni.c)
++ add_library(pmjni SHARED ${JNISRC})
++ target_link_libraries(pmjni ${JNI_EXTRA_LIBS})
++ set_target_properties(pmjni PROPERTIES EXECUTABLE_EXTENSION "jnilib")
++endif(PORTMIDI_ENABLE_JAVA)
+
+ # install the libraries (Linux and Mac OS X command line)
+ if(UNIX)
+- INSTALL(TARGETS portmidi-static pmjni
+- LIBRARY DESTINATION /usr/local/lib
+- ARCHIVE DESTINATION /usr/local/lib)
++ if(PORTMIDI_ENABLE_STATIC)
++ INSTALL(TARGETS portmidi-static
++ LIBRARY DESTINATION lib${LIB_SUFFIX}
++ ARCHIVE DESTINATION lib${LIB_SUFFIX})
++ endif(PORTMIDI_ENABLE_STATIC)
++ if(PORTMIDI_ENABLE_JAVA)
++ INSTALL(TARGETS pmjni
++ LIBRARY DESTINATION lib${LIB_SUFFIX}
++ ARCHIVE DESTINATION lib${LIB_SUFFIX})
++ endif(PORTMIDI_ENABLE_JAVA)
+ # .h files installed by pm_dylib/CMakeLists.txt, so don't need them here
+ # INSTALL(FILES portmidi.h ../porttime/porttime.h
+ # DESTINATION /usr/local/include)
+--- portmidi/pm_dylib/CMakeLists.txt
++++ portmidi/pm_dylib/CMakeLists.txt
+@@ -39,9 +39,6 @@
+
+ # first include the appropriate system-dependent file:
+ if(UNIX)
+- # add the -g switch for Linux and Mac OS X (not used in Win32)
+- set (CMAKE_C_FLAGS_DEBUG "-g ${CMAKE_C_FLAGS_DEBUG}"
+- CACHE STRING "enable extra checks for debugging" FORCE)
+ if(APPLE)
+ set(MACSRC pmmacosxcm pmmac readbinaryplist finddefault)
+ prepend_path(LIBSRC ../pm_mac/ ${MACSRC})
+@@ -63,7 +60,8 @@
+ message(STATUS "SYSROOT: " ${CMAKE_OSX_SYSROOT})
+ else(APPLE)
+ # LINUX settings...
+- include(FindJNI)
++ if(PORTMIDI_ENABLE_JAVA)
++ include(FindJNI)
+ # message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH})
+ # message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH})
+ # note: should use JAVA_JVM_LIB_PATH, but it is not set properly
+@@ -75,11 +73,8 @@
+ # JAVA_INCLUDE_PATH2; if no, then we need to make both JAVA_INCLUDE_PATH
+ # and JAVA_INCLUDE_PATH2 set by user (will need clear documentation
+ # because JAVA_INCLUDE_PATH2 is pretty obscure)
+- set(JAVA_INCLUDE_PATH ${JAVA_INCLUDE_PATH-UNKNOWN}
+- CACHE STRING "where to find Java SDK include directory")
+- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH}/linux)
+- # libjvm.so is found relative to JAVA_INCLUDE_PATH:
+- set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../jre/lib/i386/client/libjvm.so)
++ set(JAVAVM_LIB ${JAVA_JVM_LIBRARY})
++ endif(PORTMIDI_ENABLE_JAVA)
+
+ set(LINUXSRC pmlinuxalsa pmlinux finddefault)
+ prepend_path(LIBSRC ../pm_linux/ ${LINUXSRC})
+@@ -91,13 +86,15 @@
+ if(WIN32)
+ # /MDd is multithread debug DLL, /MTd is multithread debug
+ # /MD is multithread DLL, /MT is multithread
+-
+- include(FindJNI)
+- # note: should use JAVA_JVM_LIB_PATH, but it is not set properly
+- set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../lib/jvm.lib)
+
+- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
+- # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS})
++ if(PORTMIDI_ENABLE_JAVA)
++ include(FindJNI)
++ # note: should use JAVA_JVM_LIB_PATH, but it is not set properly
++ set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../lib/jvm.lib)
++
++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2})
++ # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS})
++ endif(PORTMIDI_ENABLE_JAVA)
+
+ set(WINSRC pmwin pmwinmm)
+ prepend_path(LIBSRC ../pm_win/ ${WINSRC})
+@@ -106,7 +103,10 @@
+ # message(STATUS "JAVAVM_LIB: " ${JAVAVM_LIB})
+ endif(WIN32)
+ endif(UNIX)
++
++if(PORTMIDI_ENABLE_JAVA)
+ set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVAVM_LIB})
++endif(PORTMIDI_ENABLE_JAVA)
+
+ # this completes the list of library sources by adding shared code
+ set(SHARED_FILES pmutil portmidi)
+@@ -120,8 +120,8 @@
+ # install the libraries (Linux and Mac OS X command line)
+ if(UNIX)
+ INSTALL(TARGETS portmidi-dynamic
+- LIBRARY DESTINATION /usr/local/lib
+- ARCHIVE DESTINATION /usr/local/lib)
++ LIBRARY DESTINATION lib${LIB_SUFFIX}
++ ARCHIVE DESTINATION lib${LIB_SUFFIX})
+ INSTALL(FILES ../pm_common/portmidi.h ../porttime/porttime.h
+- DESTINATION /usr/local/include)
++ DESTINATION include)
+ endif(UNIX)
+--- portmidi/pm_java/CMakeLists.txt
++++ portmidi/pm_java/CMakeLists.txt
+@@ -5,43 +5,24 @@
+ # java not dealt with in CMake -- see pm_mac/pm_mac.xcodeproj
+ else(APPLE)
+ # linux
+- set(JPORTMIDICLASS JPortMidi.class JPortMidiException.class
+- JPortMidiApi.class)
+- set(PMDEFAULTSCLASS PmDefaultsFrame.class PmDefaults.class)
+- prepend_path(JPORTMIDICLASS2 jportmidi/ ${JPORTMIDICLASS})
+- prepend_path(PMDEFAULTSCLASS2 pmdefaults/ ${PMDEFAULTSCLASS})
+- set(PMDEFAULTS_ALL_CLASSES ${JPORTMIDICLASS2} ${PMDEFAULTSCLASS2})
+- # message(STATUS "PMDEFAULTS_ALL_CLASSES is " ${PMDEFAULTS_ALL_CLASSES})
+- add_custom_command(OUTPUT pmdefaults/PmDefaultsFrame.class
+- COMMAND javac -classpath . pmdefaults/PmDefaultsFrame.java
+- MAIN_DEPENDENCY pmdefaults/PmDefaultsFrame.java
+- DEPENDS pmdefaults/PmDefaults.java
+- WORKING_DIRECTORY pm_java)
+- add_custom_command(OUTPUT pmdefaults/PmDefaults.class
+- COMMAND javac -classpath . pmdefaults/PmDefaults.java
+- MAIN_DEPENDENCY pmdefaults/PmDefaults.java
+- DEPENDS pmdefaults/PmDefaultsFrame.java
+- WORKING_DIRECTORY pm_java)
+- add_custom_command(OUTPUT ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar
+- COMMAND cp pmdefaults/portmusic_logo.png .
+- COMMAND jar cmf pmdefaults/manifest.txt pmdefaults.jar
+- pmdefaults/*.class portmusic_logo.png jportmidi/*.class
+- COMMAND chmod +x pmdefaults/pmdefaults
+- COMMAND cp pmdefaults/pmdefaults ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}
+- COMMAND mv pmdefaults.jar ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}
+- COMMAND rm portmusic_logo.png
+- MAIN_DEPENDENCY pmdefaults/PmDefaults.class
+- DEPENDS ${PMDEFAULTS_ALL_CLASSES}
+- WORKING_DIRECTORY pm_java)
+- add_custom_target(pmdefaults_target ALL
+- DEPENDS ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar)
+- # message(STATUS "add_custom_target: pmdefaults.jar")
++ set(JAVA_CLASSES jportmidi pmdefaults)
++ add_custom_command(OUTPUT ${JAVA_CLASSES}
++ COMMAND javac -d ${CMAKE_CURRENT_BINARY_DIR} jportmidi/*.java pmdefaults/*.java
++ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
++ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar
++ DEPENDS ${JAVA_CLASSES}
++ COMMAND jar cmf pmdefaults/manifest.txt ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar
++ -C pmdefaults portmusic_logo.png -C ${CMAKE_CURRENT_BINARY_DIR} jportmidi
++ -C ${CMAKE_CURRENT_BINARY_DIR} pmdefaults
++ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
++ add_custom_target(pmdefaults.jar ALL
++ DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar)
+
+ # install the libraries (Linux only)
+- INSTALL(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar
+- DESTINATION /usr/share/java)
+- INSTALL(PROGRAMS ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults
+- DESTINATION /usr/local/bin)
++ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar
++ DESTINATION ${JAR_INSTALL_DIR})
++ INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/pmdefaults/pmdefaults
++ DESTINATION bin)
+ endif(APPLE)
+ endif(UNIX)
+ # In windows, use pm_java/make.bat
+--- portmidi/pm_test/CMakeLists.txt
++++ portmidi/pm_test/CMakeLists.txt
+@@ -12,8 +12,8 @@
+
+ macro(make_a_test name)
+ add_executable(${name} ${name}.c)
+- target_link_libraries(${name} portmidi-static ${PM_NEEDED_LIBS})
+- add_dependencies(${name} portmidi-static)
++ target_link_libraries(${name} portmidi ${PM_NEEDED_LIBS})
++ add_dependencies(${name} portmidi)
+ endmacro(make_a_test)
+
+ make_a_test(test)
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch
new file mode 100644
index 0000000000..acad6be0a4
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch
@@ -0,0 +1,82 @@
+From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Fri, 4 Mar 2016 17:20:18 +0200
+Subject: [PATCH 1/5] WPS: Reject a Credential with invalid passphrase
+
+WPA/WPA2-Personal passphrase is not allowed to include control
+characters. Reject a Credential received from a WPS Registrar both as
+STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
+WPA2PSK authentication type and includes an invalid passphrase.
+
+This fixes an issue where hostapd or wpa_supplicant could have updated
+the configuration file PSK/passphrase parameter with arbitrary data from
+an external device (Registrar) that may not be fully trusted. Should
+such data include a newline character, the resulting configuration file
+could become invalid and fail to be parsed.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ src/utils/common.c | 12 ++++++++++++
+ src/utils/common.h | 1 +
+ src/wps/wps_attr_process.c | 10 ++++++++++
+ 3 files changed, 23 insertions(+)
+
+diff --git a/src/utils/common.c b/src/utils/common.c
+index 450e2c6..27b7c02 100644
+--- a/src/utils/common.c
++++ b/src/utils/common.c
+@@ -697,6 +697,18 @@ int is_hex(const u8 *data, size_t len)
+ }
+
+
++int has_ctrl_char(const u8 *data, size_t len)
++{
++ size_t i;
++
++ for (i = 0; i < len; i++) {
++ if (data[i] < 32 || data[i] == 127)
++ return 1;
++ }
++ return 0;
++}
++
++
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
+ const u8 *src2, size_t src2_len)
+diff --git a/src/utils/common.h b/src/utils/common.h
+index 701dbb2..a972240 100644
+--- a/src/utils/common.h
++++ b/src/utils/common.h
+@@ -488,6 +488,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
+
+ char * wpa_config_parse_string(const char *value, size_t *len);
+ int is_hex(const u8 *data, size_t len);
++int has_ctrl_char(const u8 *data, size_t len);
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
+ const u8 *src2, size_t src2_len);
+diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
+index eadb22f..e8c4579 100644
+--- a/src/wps/wps_attr_process.c
++++ b/src/wps/wps_attr_process.c
+@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred)
+ cred->key_len--;
+ #endif /* CONFIG_WPS_STRICT */
+ }
++
++
++ if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
++ (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
++ wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
++ wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
++ cred->key, cred->key_len);
++ return -1;
++ }
++
+ return 0;
+ }
+
+--
+1.9.1
+
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch
new file mode 100644
index 0000000000..507a96e47c
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch
@@ -0,0 +1,51 @@
+From 73e4abb24a936014727924d8b0b2965edfc117dd Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Fri, 4 Mar 2016 18:46:41 +0200
+Subject: [PATCH 2/5] Reject psk parameter set with invalid passphrase
+ character
+
+WPA/WPA2-Personal passphrase is not allowed to include control
+characters. Reject a passphrase configuration attempt if that passphrase
+includes an invalid passphrase.
+
+This fixes an issue where wpa_supplicant could have updated the
+configuration file psk parameter with arbitrary data from the control
+interface or D-Bus interface. While those interfaces are supposed to be
+accessible only for trusted users/applications, it may be possible that
+an untrusted user has access to a management software component that
+does not validate the passphrase value before passing it to
+wpa_supplicant.
+
+This could allow such an untrusted user to inject up to 63 characters of
+almost arbitrary data into the configuration file. Such configuration
+file could result in wpa_supplicant trying to load a library (e.g.,
+opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
+load_dynamic_eap) from user controlled location when starting again.
+This would allow code from that library to be executed under the
+wpa_supplicant process privileges.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ wpa_supplicant/config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index b1c7870..fdd9643 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -478,6 +478,12 @@ static int wpa_config_parse_psk(const struct parse_data *data,
+ }
+ wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)",
+ (u8 *) value, len);
++ if (has_ctrl_char((u8 *) value, len)) {
++ wpa_printf(MSG_ERROR,
++ "Line %d: Invalid passphrase character",
++ line);
++ return -1;
++ }
+ if (ssid->passphrase && os_strlen(ssid->passphrase) == len &&
+ os_memcmp(ssid->passphrase, value, len) == 0) {
+ /* No change to the previously configured value */
+--
+1.9.1
+
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch
new file mode 100644
index 0000000000..684d25de96
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch
@@ -0,0 +1,82 @@
+From 0fe5a234240a108b294a87174ad197f6b5cb38e9 Mon Sep 17 00:00:00 2001
+From: Paul Stewart <pstew@google.com>
+Date: Thu, 3 Mar 2016 15:40:19 -0800
+Subject: [PATCH 3/5] Remove newlines from wpa_supplicant config network
+ output
+
+Spurious newlines output while writing the config file can corrupt the
+wpa_supplicant configuration. Avoid writing these for the network block
+parameters. This is a generic filter that cover cases that may not have
+been explicitly addressed with a more specific commit to avoid control
+characters in the psk parameter.
+
+Signed-off-by: Paul Stewart <pstew@google.com>
+---
+ src/utils/common.c | 11 +++++++++++
+ src/utils/common.h | 1 +
+ wpa_supplicant/config.c | 15 +++++++++++++--
+ 3 files changed, 25 insertions(+), 2 deletions(-)
+
+diff --git a/src/utils/common.c b/src/utils/common.c
+index 27b7c02..9856463 100644
+--- a/src/utils/common.c
++++ b/src/utils/common.c
+@@ -709,6 +709,17 @@ int has_ctrl_char(const u8 *data, size_t len)
+ }
+
+
++int has_newline(const char *str)
++{
++ while (*str) {
++ if (*str == '\n' || *str == '\r')
++ return 1;
++ str++;
++ }
++ return 0;
++}
++
++
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
+ const u8 *src2, size_t src2_len)
+diff --git a/src/utils/common.h b/src/utils/common.h
+index a972240..d19927b 100644
+--- a/src/utils/common.h
++++ b/src/utils/common.h
+@@ -489,6 +489,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
+ char * wpa_config_parse_string(const char *value, size_t *len);
+ int is_hex(const u8 *data, size_t len);
+ int has_ctrl_char(const u8 *data, size_t len);
++int has_newline(const char *str);
+ size_t merge_byte_arrays(u8 *res, size_t res_len,
+ const u8 *src1, size_t src1_len,
+ const u8 *src2, size_t src2_len);
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index fdd9643..eb97cd5 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -2699,8 +2699,19 @@ char * wpa_config_get(struct wpa_ssid *ssid, const char *var)
+
+ for (i = 0; i < NUM_SSID_FIELDS; i++) {
+ const struct parse_data *field = &ssid_fields[i];
+- if (os_strcmp(var, field->name) == 0)
+- return field->writer(field, ssid);
++ if (os_strcmp(var, field->name) == 0) {
++ char *ret = field->writer(field, ssid);
++
++ if (ret && has_newline(ret)) {
++ wpa_printf(MSG_ERROR,
++ "Found newline in value for %s; not returning it",
++ var);
++ os_free(ret);
++ ret = NULL;
++ }
++
++ return ret;
++ }
+ }
+
+ return NULL;
+--
+1.9.1
+
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch
new file mode 100644
index 0000000000..2dd38fee31
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch
@@ -0,0 +1,62 @@
+From b166cd84a77a6717be9600bf95378a0055d6f5a5 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Tue, 5 Apr 2016 23:33:10 +0300
+Subject: [PATCH 4/5] Reject SET_CRED commands with newline characters in the
+ string values
+
+Most of the cred block parameters are written as strings without
+filtering and if there is an embedded newline character in the value,
+unexpected configuration file data might be written.
+
+This fixes an issue where wpa_supplicant could have updated the
+configuration file cred parameter with arbitrary data from the control
+interface or D-Bus interface. While those interfaces are supposed to be
+accessible only for trusted users/applications, it may be possible that
+an untrusted user has access to a management software component that
+does not validate the credential value before passing it to
+wpa_supplicant.
+
+This could allow such an untrusted user to inject almost arbitrary data
+into the configuration file. Such configuration file could result in
+wpa_supplicant trying to load a library (e.g., opensc_engine_path,
+pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
+controlled location when starting again. This would allow code from that
+library to be executed under the wpa_supplicant process privileges.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ wpa_supplicant/config.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index eb97cd5..69152ef 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -2896,6 +2896,8 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
+
+ if (os_strcmp(var, "password") == 0 &&
+ os_strncmp(value, "ext:", 4) == 0) {
++ if (has_newline(value))
++ return -1;
+ str_clear_free(cred->password);
+ cred->password = os_strdup(value);
+ cred->ext_password = 1;
+@@ -2946,9 +2948,14 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
+ }
+
+ val = wpa_config_parse_string(value, &len);
+- if (val == NULL) {
++ if (val == NULL ||
++ (os_strcmp(var, "excluded_ssid") != 0 &&
++ os_strcmp(var, "roaming_consortium") != 0 &&
++ os_strcmp(var, "required_roaming_consortium") != 0 &&
++ has_newline(val))) {
+ wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string "
+ "value '%s'.", line, var, value);
++ os_free(val);
+ return -1;
+ }
+
+--
+1.9.1
+
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch
new file mode 100644
index 0000000000..5f42aa9219
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch
@@ -0,0 +1,50 @@
+From 2a3f56502b52375c3bf113cf92adfa99bad6b488 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Tue, 5 Apr 2016 23:55:48 +0300
+Subject: [PATCH 5/5] Reject SET commands with newline characters in the
+ string values
+
+Many of the global configuration parameters are written as strings
+without filtering and if there is an embedded newline character in the
+value, unexpected configuration file data might be written.
+
+This fixes an issue where wpa_supplicant could have updated the
+configuration file global parameter with arbitrary data from the control
+interface or D-Bus interface. While those interfaces are supposed to be
+accessible only for trusted users/applications, it may be possible that
+an untrusted user has access to a management software component that
+does not validate the value of a parameter before passing it to
+wpa_supplicant.
+
+This could allow such an untrusted user to inject almost arbitrary data
+into the configuration file. Such configuration file could result in
+wpa_supplicant trying to load a library (e.g., opensc_engine_path,
+pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
+controlled location when starting again. This would allow code from that
+library to be executed under the wpa_supplicant process privileges.
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ wpa_supplicant/config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
+index 69152ef..d9a1603 100644
+--- a/wpa_supplicant/config.c
++++ b/wpa_supplicant/config.c
+@@ -3764,6 +3764,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data,
+ return -1;
+ }
+
++ if (has_newline(pos)) {
++ wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline",
++ line, data->name);
++ return -1;
++ }
++
+ tmp = os_strdup(pos);
+ if (tmp == NULL)
+ return -1;
+--
+1.9.1
+
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 0f4441d70c..6685ee0349 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -198,6 +198,7 @@ required structures.")
(package
(name "openssl")
(version "1.0.2g")
+ (replacement openssl/fixed)
(source (origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
@@ -298,6 +299,25 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/")))
+(define openssl/fixed
+ (package
+ (inherit openssl)
+ (source
+ (let ((name "openssl")
+ (version "1.0.2h"))
+ (origin
+ (method url-fetch)
+ (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (sha256
+ (base32
+ "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
+ (patches (search-patches "openssl-runpath.patch"
+ "openssl-c-rehash-in.patch")))))))
+
(define-public libressl
(package
(name "libressl")
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 94339012f5..fb85d933f9 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -3,7 +3,7 @@
;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org>
+;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
@@ -27,7 +27,7 @@
(define-module (gnu packages version-control)
#:use-module ((guix licenses)
- #:select (asl2.0 bsd-2
+ #:select (asl2.0 bsd-2 bsd-3
gpl1+ gpl2 gpl2+ gpl3+ lgpl2.1
public-domain x11-style))
#:use-module (guix utils)
@@ -1012,6 +1012,58 @@ as possible. Resolution of contention for source files, a major headache for
any project with more than one developer, is one of Aegis's major functions.")
(license gpl3+)))
+(define-public reposurgeon
+ (package
+ (name "reposurgeon")
+ (version "3.37")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "http://www.catb.org/~esr/" name "/"
+ name "-" version ".tar.xz"))
+ (sha256
+ (base32
+ "14asjg4xy3mhh5z0r3k7c1wv9y803j2zfq32g5q5m95sf7yzygan"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:tests? #f ;no test suite distributed
+ #:make-flags
+ (list (string-append "target=" (assoc-ref %outputs "out")))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)
+ (add-before 'build 'fix-docbook
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* (find-files "." "\\.xml$")
+ (("docbook/docbookx.dtd")
+ (string-append (assoc-ref inputs "docbook-xml")
+ "/xml/dtd/docbook/docbookx.dtd")))
+ #t))
+ (add-after 'install 'install-emacs-data
+ (lambda* (#:key outputs #:allow-other-keys)
+ (install-file "reposurgeon-mode.el"
+ (string-append (assoc-ref outputs "out")
+ "/share/emacs/site-lisp")))))))
+ (inputs
+ `(("python" ,python-wrapper)))
+ (native-inputs
+ `(("asciidoc" ,asciidoc)
+ ("docbook-xml" ,docbook-xml-4.1.2)
+ ("docbook-xsl" ,docbook-xsl)
+ ("libxml2" ,libxml2)
+ ("xmlto" ,xmlto)))
+ (home-page "http://www.catb.org/~esr/reposurgeon/")
+ (synopsis "Edit version-control repository history")
+ (description "Reposurgeon enables risky operations that version-control
+systems don't want to let you do, such as editing past comments and metadata
+and removing commits. It works with any version control system that can
+export and import Git fast-import streams, including Git, Mercurial, Fossil,
+Bazaar, CVS, RCS, and Src. It can also read Subversion dump files directly
+and can thus be used to script production of very high-quality conversions
+from Subversion to any supported Distributed Version Control System (DVCS).")
+ ;; Most files are distributed under bsd-2, except 'repocutter' which is
+ ;; under bsd-3.
+ (license (list bsd-2 bsd-3))))
+
(define-public tig
(package
(name "tig")