aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu-system.am4
-rw-r--r--gnu/packages/acl.scm4
-rw-r--r--gnu/packages/admin.scm13
-rw-r--r--gnu/packages/base.scm23
-rw-r--r--gnu/packages/bdw-gc.scm11
-rw-r--r--gnu/packages/commencement.scm12
-rw-r--r--gnu/packages/file.scm8
-rw-r--r--gnu/packages/gawk.scm9
-rw-r--r--gnu/packages/gnutls.scm8
-rw-r--r--gnu/packages/guile.scm6
-rw-r--r--gnu/packages/image.scm12
-rw-r--r--gnu/packages/libffi.scm7
-rw-r--r--gnu/packages/mc.scm11
-rw-r--r--gnu/packages/mcrypt.scm7
-rw-r--r--gnu/packages/patches/coreutils-dummy-man.patch10
-rw-r--r--gnu/packages/patches/coreutils-skip-nohup.patch28
-rw-r--r--gnu/packages/patches/file-CVE-2014-3587.patch16
-rw-r--r--gnu/packages/patches/glibc-CVE-2014-5119.patch212
-rw-r--r--gnu/packages/patches/libffi-mips-n32-fix.patch21
-rw-r--r--gnu/packages/pretty-print.scm112
-rw-r--r--guix/build/gnu-build-system.scm30
-rw-r--r--guix/build/utils.scm5
22 files changed, 361 insertions, 208 deletions
diff --git a/gnu-system.am b/gnu-system.am
index 9328d13083..510a217b98 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -302,7 +302,6 @@ dist_patch_DATA = \
gnu/packages/patches/clucene-pkgconfig.patch \
gnu/packages/patches/cmake-fix-tests.patch \
gnu/packages/patches/coreutils-dummy-man.patch \
- gnu/packages/patches/coreutils-skip-nohup.patch \
gnu/packages/patches/cpio-gets-undeclared.patch \
gnu/packages/patches/cssc-gets-undeclared.patch \
gnu/packages/patches/cssc-missing-include.patch \
@@ -312,6 +311,7 @@ dist_patch_DATA = \
gnu/packages/patches/doxygen-test.patch \
gnu/packages/patches/doxygen-tmake.patch \
gnu/packages/patches/emacs-configure-sh.patch \
+ gnu/packages/patches/file-CVE-2014-3587.patch \
gnu/packages/patches/findutils-absolute-paths.patch \
gnu/packages/patches/flashrom-use-libftdi1.patch \
gnu/packages/patches/flex-bison-tests.patch \
@@ -323,6 +323,7 @@ dist_patch_DATA = \
gnu/packages/patches/glib-tests-prlimit.patch \
gnu/packages/patches/glib-tests-timer.patch \
gnu/packages/patches/glibc-bootstrap-system.patch \
+ gnu/packages/patches/glibc-CVE-2014-5119.patch \
gnu/packages/patches/glibc-ldd-x86_64.patch \
gnu/packages/patches/gnunet-fix-scheduler.patch \
gnu/packages/patches/gnunet-fix-tests.patch \
@@ -343,7 +344,6 @@ dist_patch_DATA = \
gnu/packages/patches/kmod-module-directory.patch \
gnu/packages/patches/libbonobo-activation-test-race.patch \
gnu/packages/patches/libevent-dns-tests.patch \
- gnu/packages/patches/libffi-mips-n32-fix.patch \
gnu/packages/patches/liboop-mips64-deplibs-fix.patch \
gnu/packages/patches/libmad-mips-newgcc.patch \
gnu/packages/patches/libtheora-config-guess.patch \
diff --git a/gnu/packages/acl.scm b/gnu/packages/acl.scm
index 37c0b71dc9..ef15022566 100644
--- a/gnu/packages/acl.scm
+++ b/gnu/packages/acl.scm
@@ -28,7 +28,7 @@
(define-public acl
(package
(name "acl")
- (version "2.2.51")
+ (version "2.2.52")
(source
(origin
(method url-fetch)
@@ -36,7 +36,7 @@
version ".src.tar.gz"))
(sha256
(base32
- "09aj30m49ivycl3irram8c3givc0crivjm3ymw0nhfaxrwhlb186"))))
+ "08qd9s3wfhv0ajswsylnfwr5h0d7j9d4rgip855nrh400nxp940p"))))
(build-system gnu-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index c2599746d8..4d60c17989 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -648,18 +648,7 @@ system administrator.")
"")
(("^install: (.*)install-sudoers(.*)" _ before after)
;; Don't try to create /etc/sudoers.
- (string-append "install: " before after "\n")))
-
- ;; XXX FIXME sudo 1.8.10p3 was bootstrapped with a
- ;; prerelease libtool, which fails on MIPS in the absence
- ;; of /usr/bin/file. As a temporary workaround, we patch
- ;; the configure script to hardcode use of the little
- ;; endian N32 ABI on MIPS.
- ,@(if (equal? "mips64el-linux" (or (%current-target-system)
- (%current-system)))
- '((substitute* "configure"
- (("\\$emul") "elf32ltsmipn32")))
- '()))
+ (string-append "install: " before after "\n"))))
%standard-phases)
;; XXX: The 'testsudoers' test series expects user 'root' to exist, but
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 49a2c83dd5..cbe115f8a8 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -25,6 +25,7 @@
#:use-module (gnu packages)
#:use-module (gnu packages acl)
#:use-module (gnu packages bash)
+ #:use-module (gnu packages ed)
#:use-module (gnu packages guile)
#:use-module (gnu packages multiprecision)
#:use-module (gnu packages perl)
@@ -122,14 +123,14 @@ implementation offers several extensions over the standard utility.")
(define-public tar
(package
(name "tar")
- (version "1.27.1")
+ (version "1.28")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/tar/tar-"
- version ".tar.bz2"))
+ version ".tar.xz"))
(sha256
(base32
- "1iip0fk0wqhxb0jcwphz43r4fxkx1y7mznnhmlvr618jhp7b63wv"))))
+ "1wi2zwm4c9r3h3b8y4w0nm0qq897kn8kyj9k22ba0iqvxj48vvk4"))))
(build-system gnu-build-system)
(synopsis "Managing tar archives")
(description
@@ -154,12 +155,9 @@ standard utility.")
(base32
"1sqckf560pzwgniy00vcpdv2c9c11s4cmhlm14yqgg8avd3bl94i"))))
(build-system gnu-build-system)
- (native-inputs '()) ; FIXME: needs `ed' for the tests
- (arguments
- '(#:tests? #f)
+ (native-inputs `(("ed", ed)))
;; TODO: When cross-compiling, add this:
;; '(#:configure-flags '("ac_cv_func_strnlen_working=yes"))
- )
(synopsis "Apply differences to originals, with optional backups")
(description
"Patch is a program that applies changes to files based on differences
@@ -225,17 +223,15 @@ used to apply commands with arbitrarily long arguments.")
(define-public coreutils
(package
(name "coreutils")
- (version "8.22")
+ (version "8.23")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/coreutils/coreutils-"
version ".tar.xz"))
(sha256
(base32
- "04hjzzv434fb8ak3hh3dyhdvg3hqjjwvjmjxqzk1gh2jh6cr8gjv"))
- (patches (list (search-patch "coreutils-dummy-man.patch")
- ;; TODO: remove this patch for >= 8.23
- (search-patch "coreutils-skip-nohup.patch")))))
+ "0bdq6yggyl7nkc2pbl6pxhhyx15nyqhz3ds6rfn448n6rxdwlhzc"))
+ (patches (list (search-patch "coreutils-dummy-man.patch")))))
(build-system gnu-build-system)
(inputs `(("acl" ,acl) ; TODO: add SELinux
("gmp" ,gmp)))
@@ -377,7 +373,8 @@ library for working with executable and object formats is also included.")
(("use_ldconfig=yes")
"use_ldconfig=no")))
(modules '((guix build utils)))
- (patches (list (search-patch "glibc-ldd-x86_64.patch")))))
+ (patches (list (search-patch "glibc-CVE-2014-5119.patch")
+ (search-patch "glibc-ldd-x86_64.patch")))))
(build-system gnu-build-system)
;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm
index ebb02b1d74..66158912d7 100644
--- a/gnu/packages/bdw-gc.scm
+++ b/gnu/packages/bdw-gc.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -64,15 +65,15 @@ C or C++ programs, though that is not its primary goal.")
(define-public libatomic-ops
(package
(name "libatomic-ops")
- (version "7.4.0")
+ (version "7.4.2")
(source (origin
(method url-fetch)
(uri (string-append
- "http://www.hboehm.info/gc/gc_source/libatomic_ops-"
+ "http://www.ivmaisoft.com/_bin/atomic_ops/libatomic_ops-"
version ".tar.gz"))
(sha256
(base32
- "0njv3n63zw6v45k68z6dz14g2hpk5p230ncwmdfkglsljb1cqx98"))))
+ "1pdm0h1y7bgkczr8byg20r6bq15m5072cqm5pny4f9crc9gn3yh4"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(synopsis "Accessing hardware atomic memory update operations")
@@ -88,14 +89,14 @@ lock-free code, experiment with thread programming paradigms, etc.")
(define-public libgc
(package (inherit libgc-7.2)
- (version "7.4.0")
+ (version "7.4.2")
(source (origin
(method url-fetch)
(uri (string-append "http://www.hboehm.info/gc/gc_source/gc-"
version ".tar.gz"))
(sha256
(base32
- "10z2nph62ilab063wygg2lv0jxlsbcf2az9w1lx01jzqj5lzry31"))))
+ "18mg28rr6kwr5clc65k4l4hkyy4kd16amx831sjf8q2lqkbhlck3"))))
;; New dependencies.
(native-inputs `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index a1d2fcaaed..79c22a5974 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -26,6 +26,8 @@
#:use-module (gnu packages base)
#:use-module (gnu packages bash)
#:use-module (gnu packages gcc)
+ #:use-module (gnu packages ed)
+ #:use-module (gnu packages file)
#:use-module (gnu packages gawk)
#:use-module (gnu packages guile)
#:use-module (gnu packages multiprecision)
@@ -106,11 +108,20 @@
(current-source-location)
#:guile %bootstrap-guile)))
+(define file-boot0
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs file
+ `(("make" ,gnu-make-boot0)
+ ,@%bootstrap-inputs)
+ (current-source-location)
+ #:guile %bootstrap-guile)))
+
(define %boot0-inputs
`(("make" ,gnu-make-boot0)
("diffutils" ,diffutils-boot0)
("findutils" ,findutils-boot0)
+ ("file" ,file-boot0)
,@%bootstrap-inputs))
(define* (nix-system->gnu-triplet
@@ -663,6 +674,7 @@ store.")
("gzip" ,gzip)
("bzip2" ,bzip2)
("xz" ,xz)
+ ("file" ,file)
("diffutils" ,diffutils)
("patch" ,patch)
("sed" ,sed)
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index f53c22f4cd..601b158128 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -27,17 +27,15 @@
(define-public file
(package
(name "file")
- (version "5.18")
+ (version "5.19")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.astron.com/pub/file/file-"
version ".tar.gz"))
(sha256 (base32
- "01xz106biz6x4h5ilymg5v3367djvgnfp4lm87132cjqdmqgn6b5"))))
+ "0z1sgrcfy6d285kj5izy1yypf371bjl3247plh9ppk0svaxv714l"))
+ (patches (list (search-patch "file-CVE-2014-3587.patch")))))
(build-system gnu-build-system)
- (native-inputs
- ;; This package depends upon a native install of itself.
- (if (%current-target-system) `(("file" ,file)) '() ))
(synopsis "file, a file type guesser")
(description
"The file command is a file type guesser, a command-line tool that tells
diff --git a/gnu/packages/gawk.scm b/gnu/packages/gawk.scm
index 6185409fb7..84b5bd17a7 100644
--- a/gnu/packages/gawk.scm
+++ b/gnu/packages/gawk.scm
@@ -57,15 +57,12 @@
(string-append "### " match))))
'())
- ;; XXX FIXME gawk 4.1.1 was bootstrapped with a prerelease
- ;; libtool, which fails on MIPS in the absence of
- ;; /usr/bin/file. As a temporary workaround, we patch
- ;; the configure script to hardcode use of the little
- ;; endian N32 ABI on MIPS.
+ ;; XXX FIXME prerelease libtool fails on MIPS in the
+ ;; absence of /usr/bin/file.
,@(if (equal? "mips64el-linux" (or (%current-target-system)
(%current-system)))
'((substitute* "extension/configure"
- (("\\$emul") "elf32ltsmipn32")))
+ (("/usr/bin/file") (which "file"))))
'())))
%standard-phases)))
(inputs `(("libsigsegv" ,libsigsegv)
diff --git a/gnu/packages/gnutls.scm b/gnu/packages/gnutls.scm
index 917dfdd228..89fc86d6ad 100644
--- a/gnu/packages/gnutls.scm
+++ b/gnu/packages/gnutls.scm
@@ -63,7 +63,7 @@ specifications.")
(define-public gnutls
(package
(name "gnutls")
- (version "3.2.15")
+ (version "3.2.16")
(source (origin
(method url-fetch)
(uri
@@ -75,12 +75,8 @@ specifications.")
"/gnutls-" version ".tar.xz"))
(sha256
(base32
- "1fbpr9r1r2y803s3avwjpy1higqsz85dyb302kvmh0i29frwgg9h"))))
+ "1bmwhg8y3mz5w2klclf5dz9502477kaj8r8db7k45fwb9ah3c63q"))))
(build-system gnu-build-system)
- (arguments
- ;; Work around build issue reported at
- ;; <https://lists.gnu.org/archive/html/guix-devel/2014-03/msg00027.html>.
- '(#:make-flags '("CPPFLAGS=-DENABLE_RSA_EXPORT")))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index cb14f0e6c7..1169158113 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -122,11 +122,7 @@ without requiring the source code to be rewritten.")
(native-inputs `(("pkgconfig" ,pkg-config)))
(inputs `(("libffi" ,libffi)
("readline" ,readline)
-
- ;; TODO: On next core-updates, make Bash input unconditional.
- ,@(if (%current-target-system)
- `(("bash" ,bash))
- '())))
+ ("bash" ,bash)))
(propagated-inputs
`( ;; These ones aren't normally needed here, but since `libguile-2.0.la'
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 014266cbb0..06f62715c4 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -19,7 +19,6 @@
(define-module (gnu packages image)
#:use-module (gnu packages)
#:use-module (gnu packages compression)
- #:use-module (gnu packages file)
#:use-module ((guix licenses) #:renamer (symbol-prefix-proc 'license:))
#:use-module (guix packages)
#:use-module (guix download)
@@ -97,20 +96,11 @@ image files in PBMPLUS PPM/PGM, GIF, BMP, and Targa file formats.")
(inputs `(("zlib" ,zlib)
("libjpeg-8" ,libjpeg-8)))
;; currently does not compile with libjpeg version 9
- (native-inputs `(("file" ,file)))
(arguments
`(#:configure-flags
(list (string-append "--with-jpeg-include-dir="
(assoc-ref %build-inputs "libjpeg-8")
- "/include"))
- #:phases
- (alist-cons-before
- 'configure 'patch-configure
- (lambda _
- (substitute* "configure"
- (("`/usr/bin/file")
- (string-append "`" (which "file")))))
- %standard-phases)))
+ "/include"))))
(synopsis "Libtiff, a library for handling TIFF files")
(description
"Libtiff provides support for the Tag Image File Format (TIFF), a format
diff --git a/gnu/packages/libffi.scm b/gnu/packages/libffi.scm
index c5e265087e..33e10d6fc2 100644
--- a/gnu/packages/libffi.scm
+++ b/gnu/packages/libffi.scm
@@ -29,11 +29,11 @@
;; available in $includedir where some users expect them.
'(lambda* (#:key outputs #:allow-other-keys)
(define out (assoc-ref outputs "out"))
- (symlink (string-append out "/lib/libffi-3.0.13/include")
+ (symlink (string-append out "/lib/libffi-3.1/include")
(string-append out "/include")))))
(package
(name "libffi")
- (version "3.0.13")
+ (version "3.1")
(source (origin
(method url-fetch)
(uri
@@ -41,8 +41,7 @@
name "-" version ".tar.gz"))
(sha256
(base32
- "077ibkf84bvcd6rw1m6jb107br63i2pp301rkmsbgg6300adxp8x"))
- (patches (list (search-patch "libffi-mips-n32-fix.patch")))))
+ "1sznmrhcswwbyqla9y2ximlkzbxks59wjfs3lh7qf8ayranyxzlp"))))
(build-system gnu-build-system)
(arguments `(#:phases (alist-cons-after 'install 'post-install
,post-install-phase
diff --git a/gnu/packages/mc.scm b/gnu/packages/mc.scm
index aba14d59ac..6e3747c943 100644
--- a/gnu/packages/mc.scm
+++ b/gnu/packages/mc.scm
@@ -28,7 +28,6 @@
#:use-module (gnu packages ssh)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages check)
- #:use-module (gnu packages file)
#:use-module (gnu packages perl))
(define-public mc
@@ -46,7 +45,6 @@
(patches (list (search-patch "mc-fix-ncurses-build.patch")))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)
- ("file" ,file)
("perl" ,perl)))
(inputs `(("aspell" ,aspell)
("ncurses" ,ncurses)
@@ -55,14 +53,7 @@
("check" ,check)))
(arguments
`(#:configure-flags
- '("--with-screen=ncurses" "--enable-aspell")
- #:phases
- (alist-cons-before
- 'configure 'patch-configure
- (lambda _
- (substitute* "configure"
- (("/usr/bin/file") (which "file"))))
- %standard-phases)))
+ '("--with-screen=ncurses" "--enable-aspell")))
(home-page "http://www.midnight-commander.org")
(synopsis "Graphical file manager")
(description
diff --git a/gnu/packages/mcrypt.scm b/gnu/packages/mcrypt.scm
index eac8c72c5e..12a4827224 100644
--- a/gnu/packages/mcrypt.scm
+++ b/gnu/packages/mcrypt.scm
@@ -23,8 +23,7 @@
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages compression)
- #:use-module (gnu packages perl)
- #:use-module (gnu packages file))
+ #:use-module (gnu packages perl))
(define-public mcrypt
(package
@@ -68,7 +67,6 @@ them.")
(base32
"0gipgb939vy9m66d3k8il98rvvwczyaw2ixr8yn6icds9c3nrsz4"))))
(build-system gnu-build-system)
- (native-inputs `(("file" ,file)))
(home-page "http://mcrypt.sourceforge.net/")
(synopsis "Encryption algorithm library")
(description
@@ -95,8 +93,7 @@ XTEA, 3WAY, TWOFISH, BLOWFISH, ARCFOUR, WAKE and more.")
(patches (list (search-patch "mhash-keygen-test-segfault.patch")))))
(build-system gnu-build-system)
(native-inputs
- `(("file" ,file)
- ("perl" ,perl))) ;for tests
+ `(("perl" ,perl))) ;for tests
(home-page "http://mhash.sourceforge.net/")
(synopsis "Thread-safe hash library")
(description
diff --git a/gnu/packages/patches/coreutils-dummy-man.patch b/gnu/packages/patches/coreutils-dummy-man.patch
index f6a6a31002..a43cfc47c3 100644
--- a/gnu/packages/patches/coreutils-dummy-man.patch
+++ b/gnu/packages/patches/coreutils-dummy-man.patch
@@ -7,15 +7,15 @@ would appear when compiling:
dummy-man: too many non-option arguments
---- coreutils-8.22/Makefile.in 2013-12-13 16:20:00.000000000 +0100
-+++ coreutils-8.22/Makefile.in 2014-02-28 10:53:27.000000000 +0100
-@@ -9977,8 +9977,8 @@ man/yes.1: src/yes
+--- coreutils-8.23/Makefile.in 2014-07-18 18:22:24.000000000 -0400
++++ coreutils-8.23/Makefile.in 2014-08-03 20:21:10.849158313 -0400
+@@ -14076,8 +14076,8 @@
&& $(run_help2man) \
--source='$(PACKAGE_STRING)' \
--include=$(srcdir)/man/$$name.x \
-- --output=$$t/$$name.1 $$t/$$name \
+- --output=$$t/$$name.1 $$t/$$argv \
--info-page='coreutils \(aq'$$name' invocation\(aq' \
-+ --output=$$t/$$name.1 $$t/$$name \
++ --output=$$t/$$name.1 $$t/$$argv \
&& sed \
-e 's|$*\.td/||g' \
-e '/For complete documentation/d' \
diff --git a/gnu/packages/patches/coreutils-skip-nohup.patch b/gnu/packages/patches/coreutils-skip-nohup.patch
deleted file mode 100644
index f5283a6b21..0000000000
--- a/gnu/packages/patches/coreutils-skip-nohup.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-commit 5dce6bdfafc930dfd17d5d16aea7d1add3472066
-Author: Pádraig Brady <P@draigBrady.com>
-Date: Wed Mar 5 15:14:07 2014 +0000
-
- tests: fix false failure in nohup.sh in non tty builds
-
- * tests/misc/nohup.sh: When running tests without a controlling tty,
- an exec failure is triggered in a subshell, which causes POSIX
- shells to immediately exit the subshell. This was brought
- to notice by the newly conforming bash 4.3.
- Fixes http:/bugs.gnu.org/16940
-
-diff --git a/tests/misc/nohup.sh b/tests/misc/nohup.sh
-index 6d2b515..2328b43 100755
---- a/tests/misc/nohup.sh
-+++ b/tests/misc/nohup.sh
-@@ -63,6 +63,11 @@ rm -f nohup.out err
- # to stderr must be fatal. Requires stdout to be terminal.
- if test -w /dev/full && test -c /dev/full; then
- (
-+ # POSIX shells immediately exit the subshell on exec error.
-+ # So check we can write to /dev/tty before the exec, which
-+ # isn't possible if we've no controlling tty for example.
-+ test -c /dev/tty && >/dev/tty || exit 0
-+
- exec >/dev/tty
- test -t 1 || exit 0
- nohup echo hi 2> /dev/full
diff --git a/gnu/packages/patches/file-CVE-2014-3587.patch b/gnu/packages/patches/file-CVE-2014-3587.patch
new file mode 100644
index 0000000000..cf88bf5f3e
--- /dev/null
+++ b/gnu/packages/patches/file-CVE-2014-3587.patch
@@ -0,0 +1,16 @@
+Fixes CVE-2014-3587. Copied from upstream commit
+0641e56be1af003aa02c7c6b0184466540637233.
+
+--- file-5.19/src/cdf.c.orig 2014-06-09 09:04:37.000000000 -0400
++++ file-5.19/src/cdf.c 2014-08-26 11:55:23.887118898 -0400
+@@ -824,6 +824,10 @@
+ q = (const uint8_t *)(const void *)
+ ((const char *)(const void *)p + ofs
+ - 2 * sizeof(uint32_t));
++ if (q < p) {
++ DPRINTF(("Wrapped around %p < %p\n", q, p));
++ goto out;
++ }
+ if (q > e) {
+ DPRINTF(("Ran of the end %p > %p\n", q, e));
+ goto out;
diff --git a/gnu/packages/patches/glibc-CVE-2014-5119.patch b/gnu/packages/patches/glibc-CVE-2014-5119.patch
new file mode 100644
index 0000000000..de063a2da5
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2014-5119.patch
@@ -0,0 +1,212 @@
+Remove support for loadable gconv transliteration modules.
+The support for transliteration modules has been non-functional for
+over a decade, and the removal is prompted by security defects. The
+normal gconv conversion modules are still supported. Transliteration
+with //TRANSLIT is still possible, and the //IGNORE specifier
+continues to be supported. (CVE-2014-5119)
+
+Based on upstream commits a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8
+and f9df71e895d3552d557e783fdb9d133328195645
+by Florian Weimer <fweimer@redhat.com>.
+
+--- glibc-2.19/ChangeLog.orig 2014-02-07 04:04:38.000000000 -0500
++++ glibc-2.19/ChangeLog 2014-08-26 14:35:12.368861387 -0400
+@@ -1,3 +1,10 @@
++2014-08-26 Florian Weimer <fweimer@redhat.com>
++
++ [BZ #17187]
++ * iconv/gconv_trans.c (struct known_trans, search_tree, lock,
++ trans_compare, open_translit, __gconv_translit_find):
++ Remove module loading code.
++
+ 2014-02-06 Carlos O'Donell <carlos@redhat.com>
+
+ [BZ #16529]
+--- glibc-2.19/iconv/gconv_trans.c.orig 2014-02-07 04:04:38.000000000 -0500
++++ glibc-2.19/iconv/gconv_trans.c 2014-08-26 14:37:26.269525364 -0400
+@@ -238,181 +238,12 @@
+ return __GCONV_ILLEGAL_INPUT;
+ }
+
+-
+-/* Structure to represent results of found (or not) transliteration
+- modules. */
+-struct known_trans
+-{
+- /* This structure must remain the first member. */
+- struct trans_struct info;
+-
+- char *fname;
+- void *handle;
+- int open_count;
+-};
+-
+-
+-/* Tree with results of previous calls to __gconv_translit_find. */
+-static void *search_tree;
+-
+-/* We modify global data. */
+-__libc_lock_define_initialized (static, lock);
+-
+-
+-/* Compare two transliteration entries. */
+-static int
+-trans_compare (const void *p1, const void *p2)
+-{
+- const struct known_trans *s1 = (const struct known_trans *) p1;
+- const struct known_trans *s2 = (const struct known_trans *) p2;
+-
+- return strcmp (s1->info.name, s2->info.name);
+-}
+-
+-
+-/* Open (maybe reopen) the module named in the struct. Get the function
+- and data structure pointers we need. */
+-static int
+-open_translit (struct known_trans *trans)
+-{
+- __gconv_trans_query_fct queryfct;
+-
+- trans->handle = __libc_dlopen (trans->fname);
+- if (trans->handle == NULL)
+- /* Not available. */
+- return 1;
+-
+- /* Find the required symbol. */
+- queryfct = __libc_dlsym (trans->handle, "gconv_trans_context");
+- if (queryfct == NULL)
+- {
+- /* We cannot live with that. */
+- close_and_out:
+- __libc_dlclose (trans->handle);
+- trans->handle = NULL;
+- return 1;
+- }
+-
+- /* Get the context. */
+- if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames)
+- != 0)
+- goto close_and_out;
+-
+- /* Of course we also have to have the actual function. */
+- trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans");
+- if (trans->info.trans_fct == NULL)
+- goto close_and_out;
+-
+- /* Now the optional functions. */
+- trans->info.trans_init_fct =
+- __libc_dlsym (trans->handle, "gconv_trans_init");
+- trans->info.trans_context_fct =
+- __libc_dlsym (trans->handle, "gconv_trans_context");
+- trans->info.trans_end_fct =
+- __libc_dlsym (trans->handle, "gconv_trans_end");
+-
+- trans->open_count = 1;
+-
+- return 0;
+-}
+-
+-
+ int
+ internal_function
+ __gconv_translit_find (struct trans_struct *trans)
+ {
+- struct known_trans **found;
+- const struct path_elem *runp;
+- int res = 1;
+-
+- /* We have to have a name. */
+- assert (trans->name != NULL);
+-
+- /* Acquire the lock. */
+- __libc_lock_lock (lock);
+-
+- /* See whether we know this module already. */
+- found = __tfind (trans, &search_tree, trans_compare);
+- if (found != NULL)
+- {
+- /* Is this module available? */
+- if ((*found)->handle != NULL)
+- {
+- /* Maybe we have to reopen the file. */
+- if ((*found)->handle != (void *) -1)
+- /* The object is not unloaded. */
+- res = 0;
+- else if (open_translit (*found) == 0)
+- {
+- /* Copy the data. */
+- *trans = (*found)->info;
+- (*found)->open_count++;
+- res = 0;
+- }
+- }
+- }
+- else
+- {
+- size_t name_len = strlen (trans->name) + 1;
+- int need_so = 0;
+- struct known_trans *newp;
+-
+- /* We have to continue looking for the module. */
+- if (__gconv_path_elem == NULL)
+- __gconv_get_path ();
+-
+- /* See whether we have to append .so. */
+- if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0)
+- need_so = 1;
+-
+- /* Create a new entry. */
+- newp = (struct known_trans *) malloc (sizeof (struct known_trans)
+- + (__gconv_max_path_elem_len
+- + name_len + 3)
+- + name_len);
+- if (newp != NULL)
+- {
+- char *cp;
+-
+- /* Clear the struct. */
+- memset (newp, '\0', sizeof (struct known_trans));
+-
+- /* Store a copy of the module name. */
+- newp->info.name = cp = (char *) (newp + 1);
+- cp = __mempcpy (cp, trans->name, name_len);
+-
+- newp->fname = cp;
+-
+- /* Search in all the directories. */
+- for (runp = __gconv_path_elem; runp->name != NULL; ++runp)
+- {
+- cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name),
+- trans->name, name_len);
+- if (need_so)
+- memcpy (cp, ".so", sizeof (".so"));
+-
+- if (open_translit (newp) == 0)
+- {
+- /* We found a module. */
+- res = 0;
+- break;
+- }
+- }
+-
+- if (res)
+- newp->fname = NULL;
+-
+- /* In any case we'll add the entry to our search tree. */
+- if (__tsearch (newp, &search_tree, trans_compare) == NULL)
+- {
+- /* Yickes, this should not happen. Unload the object. */
+- res = 1;
+- /* XXX unload here. */
+- }
+- }
+- }
+-
+- __libc_lock_unlock (lock);
+-
+- return res;
++ /* Transliteration module loading has been removed because it never
++ worked as intended and suffered from a security vulnerability.
++ Consequently, this function always fails. */
++ return 1;
+ }
diff --git a/gnu/packages/patches/libffi-mips-n32-fix.patch b/gnu/packages/patches/libffi-mips-n32-fix.patch
deleted file mode 100644
index 87ec48f883..0000000000
--- a/gnu/packages/patches/libffi-mips-n32-fix.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Fix handling of uint32_t arguments on the MIPS N32 ABI.
-
-Patch by Mark H Weaver <mhw@netris.org>.
-
---- libffi/src/mips/ffi.c.orig 2013-03-16 07:19:39.000000000 -0400
-+++ libffi/src/mips/ffi.c 2013-10-22 01:11:03.111985247 -0400
-@@ -170,7 +170,14 @@
- break;
-
- case FFI_TYPE_UINT32:
-+#ifdef FFI_MIPS_N32
-+ /* The N32 ABI requires that 32-bit integers
-+ be sign-extended to 64-bits, regardless of
-+ whether they are signed or unsigned. */
-+ *(ffi_arg *)argp = *(SINT32 *)(* p_argv);
-+#else
- *(ffi_arg *)argp = *(UINT32 *)(* p_argv);
-+#endif
- break;
-
- /* This can only happen with 64bit slots. */
diff --git a/gnu/packages/pretty-print.scm b/gnu/packages/pretty-print.scm
index 8c51b54f18..07837eb1ac 100644
--- a/gnu/packages/pretty-print.scm
+++ b/gnu/packages/pretty-print.scm
@@ -30,8 +30,7 @@
#:use-module (gnu packages bison)
#:use-module (gnu packages flex)
#:use-module (gnu packages gperf)
- #:use-module (gnu packages perl)
- #:use-module (gnu packages file))
+ #:use-module (gnu packages perl))
(define-public a2ps
(package
@@ -53,45 +52,39 @@
("imagemagick" ,imagemagick)))
(native-inputs
`(("gperf" ,gperf)
- ("perl" ,perl)
- ("file" ,file)))
+ ("perl" ,perl)))
(arguments
'(#:phases (alist-cons-before
- 'configure 'patch-configure
+ 'build 'patch-scripts
(lambda _
- (substitute* "configure"
- (("/usr/bin/file") (which "file"))))
+ (substitute*
+ '("afm/make_fonts_map.sh"
+ "tests/defs"
+ "tests/backup.tst"
+ "tests/styles.tst")
+ (("/bin/rm") (which "rm"))))
(alist-cons-before
- 'build 'patch-scripts
- (lambda _
- (substitute*
- '("afm/make_fonts_map.sh"
- "tests/defs"
- "tests/backup.tst"
- "tests/styles.tst")
- (("/bin/rm") (which "rm"))))
- (alist-cons-before
- 'check 'patch-test-files
- ;; Alternatively, we could unpatch the shebangs in tstfiles
- (lambda* (#:key inputs #:allow-other-keys)
- (let ((perl (assoc-ref inputs "perl")))
- (substitute* '("tests/ps-ref/includeres.ps"
- "tests/gps-ref/includeres.ps")
- (("/usr/local/bin/perl")
- (string-append perl "/bin/perl"))))
- ;; Some of the reference postscript contain a 'version 3'
- ;; string that in inconsistent with the source text in the
- ;; tstfiles directory. Erroneous search-and-replace?
- (substitute* '("tests/ps-ref/InsertBlock.ps"
- "tests/gps-ref/InsertBlock.ps"
- "tests/ps-ref/bookie.ps"
- "tests/gps-ref/bookie.ps")
- (("version 3") "version 2"))
- (substitute* '("tests/ps-ref/psmandup.ps"
- "tests/gps-ref/psmandup.ps")
- (("#! */bin/sh") (string-append
- "#!" (which "sh")))))
- %standard-phases)))))
+ 'check 'patch-test-files
+ ;; Alternatively, we could unpatch the shebangs in tstfiles
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((perl (assoc-ref inputs "perl")))
+ (substitute* '("tests/ps-ref/includeres.ps"
+ "tests/gps-ref/includeres.ps")
+ (("/usr/local/bin/perl")
+ (string-append perl "/bin/perl"))))
+ ;; Some of the reference postscript contain a 'version 3'
+ ;; string that in inconsistent with the source text in the
+ ;; tstfiles directory. Erroneous search-and-replace?
+ (substitute* '("tests/ps-ref/InsertBlock.ps"
+ "tests/gps-ref/InsertBlock.ps"
+ "tests/ps-ref/bookie.ps"
+ "tests/gps-ref/bookie.ps")
+ (("version 3") "version 2"))
+ (substitute* '("tests/ps-ref/psmandup.ps"
+ "tests/gps-ref/psmandup.ps")
+ (("#! */bin/sh") (string-append
+ "#!" (which "sh")))))
+ %standard-phases))))
(home-page "http://www.gnu.org/software/a2ps")
(synopsis "Any file to PostScript, including pretty-printing")
(description
@@ -115,16 +108,9 @@ special cases, such as pretty-printing \"--help\" output.")
(base32
"13rkc0fga10xyf56yy9dnq95zndnfadkhxflnp24skszj21y8jqh"))))
(build-system gnu-build-system)
- (native-inputs `(("file" ,file)))
(arguments
;; Must define DIFF_CMD for tests to pass
- '(#:configure-flags '("CPPFLAGS=-DDIFF_CMD=\\\"diff\\\"")
- #:phases (alist-cons-before
- 'configure 'patch-configure
- (lambda _
- (substitute* "configure"
- (("/usr/bin/file") (which "file"))))
- %standard-phases)))
+ '(#:configure-flags '("CPPFLAGS=-DDIFF_CMD=\\\"diff\\\"")))
(home-page "http://www.gnu.org/software/trueprint")
(synopsis "Pretty-print C sources and other plain text to PostScript")
(description
@@ -178,34 +164,28 @@ different programming languages.")
`(("boost" ,boost)))
(native-inputs
`(("bison" ,bison)
- ("flex" ,flex)
- ("file" ,file)))
+ ("flex" ,flex)))
(arguments
`(#:configure-flags
(list (string-append "--with-boost="
(assoc-ref %build-inputs "boost")))
#:parallel-tests? #f ;There appear to be race conditions
#:phases (alist-cons-before
- 'configure 'patch-configure
+ 'check 'patch-test-files
(lambda _
- (substitute* "configure"
- (("/usr/bin/file") (which "file"))))
- (alist-cons-before
- 'check 'patch-test-files
- (lambda _
- ;; Unpatch shebangs in test input so that source-highlight
- ;; is still able to infer input language
- (substitute* '("tests/test.sh"
- "tests/test2.sh"
- "tests/test.tcl")
- (((string-append "#! *" (which "sh"))) "#!/bin/sh"))
- ;; Initial patching unrecoverably removes whitespace, so
- ;; remove it also in the comparison output.
- (substitute* '("tests/test.sh.html"
- "tests/test2.sh.html"
- "tests/test.tcl.html")
- (("#! */bin/sh") "#!/bin/sh")))
- %standard-phases))))
+ ;; Unpatch shebangs in test input so that source-highlight
+ ;; is still able to infer input language
+ (substitute* '("tests/test.sh"
+ "tests/test2.sh"
+ "tests/test.tcl")
+ (((string-append "#! *" (which "sh"))) "#!/bin/sh"))
+ ;; Initial patching unrecoverably removes whitespace, so
+ ;; remove it also in the comparison output.
+ (substitute* '("tests/test.sh.html"
+ "tests/test2.sh.html"
+ "tests/test.tcl.html")
+ (("#! */bin/sh") "#!/bin/sh")))
+ %standard-phases)))
(home-page "http://www.gnu.org/software/src-highlite")
(synopsis "Produce a document with syntax highlighting from a source file")
(description
diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
index 8636931ed9..17fa7afd8d 100644
--- a/guix/build/gnu-build-system.scm
+++ b/guix/build/gnu-build-system.scm
@@ -106,6 +106,35 @@ working directory."
(and (zero? (system* "tar" "xvf" source))
(chdir (first-subdirectory ".")))))
+;; See <http://bugs.gnu.org/17840>.
+(define* (patch-usr-bin-file #:key native-inputs inputs
+ (patch-/usr/bin/file? #t)
+ #:allow-other-keys)
+ "Patch occurrences of /usr/bin/file in configure, if present."
+ (when patch-/usr/bin/file?
+ (let ((file "configure")
+ (file-command (or (and=> (assoc-ref (or native-inputs inputs) "file")
+ (cut string-append <> "/bin/file"))
+ (which "file"))))
+ (cond ((not (file-exists? file))
+ (format (current-error-port)
+ "patch-usr-bin-file: warning: `~a' not found~%"
+ file))
+ ((not file-command)
+ (format (current-error-port)
+ "patch-usr-bin-file: warning: `file' not found in PATH~%"))
+ (else
+ (let ((st (stat file)))
+ (substitute* file
+ (("/usr/bin/file")
+ (begin
+ (format (current-error-port)
+ "patch-usr-bin-file: ~a: changing `~a' to `~a'~%"
+ file "/usr/bin/file" file-command)
+ file-command)))
+ (set-file-time file st))))))
+ #t)
+
(define* (patch-source-shebangs #:key source #:allow-other-keys)
"Patch shebangs in all source files; this includes non-executable
files such as `.in' templates. Most scripts honor $SHELL and
@@ -353,6 +382,7 @@ makefiles."
(let-syntax ((phases (syntax-rules ()
((_ p ...) `((p . ,p) ...)))))
(phases set-paths unpack
+ patch-usr-bin-file
patch-source-shebangs configure patch-generated-file-shebangs
build check install
patch-shebangs strip)))
diff --git a/guix/build/utils.scm b/guix/build/utils.scm
index 2f3dc9cad0..d169053c7b 100644
--- a/guix/build/utils.scm
+++ b/guix/build/utils.scm
@@ -582,14 +582,15 @@ When KEEP-MTIME? is true, the atime/mtime of FILE are kept unchanged."
(let ((st (stat file)))
(substitute* file
- (("^ *SHELL[[:blank:]]*=[[:blank:]]*([[:graph:]]*/)([[:graph:]]+)[[:blank:]]*" _ dir shell)
+ (("^ *SHELL[[:blank:]]*=[[:blank:]]*([[:graph:]]*/)([[:graph:]]+)(.*)$"
+ _ dir shell args)
(let* ((old (string-append dir shell))
(new (or (find-shell shell) old)))
(unless (string=? new old)
(format (current-error-port)
"patch-makefile-SHELL: ~a: changing `SHELL' from `~a' to `~a'~%"
file old new))
- (string-append "SHELL = " new "\n"))))
+ (string-append "SHELL = " new args))))
(when keep-mtime?
(set-file-time file st))))