diff options
57 files changed, 498 insertions, 822 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 612304bad9..e2bdd4742d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -586,7 +586,6 @@ dist_patch_DATA = \ %D%/packages/patches/bash-completion-directories.patch \ %D%/packages/patches/bazaar-CVE-2017-14176.patch \ %D%/packages/patches/beignet-correct-file-names.patch \ - %D%/packages/patches/binutils-aarch64-symbol-relocation.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/blast+-fix-makefile.patch \ %D%/packages/patches/boost-fix-icu-build.patch \ @@ -683,7 +682,6 @@ dist_patch_DATA = \ %D%/packages/patches/freeimage-CVE-2016-5684.patch \ %D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \ %D%/packages/patches/freeimage-unbundle.patch \ - %D%/packages/patches/freetype-CVE-2018-6942.patch \ %D%/packages/patches/fuse-overlapping-headers.patch \ %D%/packages/patches/gawk-shell.patch \ %D%/packages/patches/gcc-arm-bug-71399.patch \ @@ -816,7 +814,6 @@ dist_patch_DATA = \ %D%/packages/patches/java-xerces-bootclasspath.patch \ %D%/packages/patches/java-xerces-build_dont_unzip.patch \ %D%/packages/patches/java-xerces-xjavac_taskdef.patch \ - %D%/packages/patches/jemalloc-arm-address-bits.patch \ %D%/packages/patches/jbig2dec-ignore-testtest.patch \ %D%/packages/patches/json-glib-fix-tests-32bit.patch \ %D%/packages/patches/jq-CVE-2015-8863.patch \ @@ -866,7 +863,6 @@ dist_patch_DATA = \ %D%/packages/patches/libgdata-glib-duplicate-tests.patch \ %D%/packages/patches/libgnome-encoding.patch \ %D%/packages/patches/libgnomeui-utf8.patch \ - %D%/packages/patches/libgpg-error-aarch64-logging-fix.patch \ %D%/packages/patches/libgxps-CVE-2017-11590.patch \ %D%/packages/patches/libffi-3.2.1-complex-alpha.patch \ %D%/packages/patches/libjxr-fix-function-signature.patch \ @@ -1007,8 +1003,6 @@ dist_patch_DATA = \ %D%/packages/patches/patchutils-xfail-gendiff-tests.patch \ %D%/packages/patches/patch-hurd-path-max.patch \ %D%/packages/patches/perf-gcc-ice.patch \ - %D%/packages/patches/perl-archive-tar-CVE-2018-12015.patch \ - %D%/packages/patches/perl-file-path-CVE-2017-6512.patch \ %D%/packages/patches/perl-autosplit-default-time.patch \ %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch \ %D%/packages/patches/perl-deterministic-ordering.patch \ @@ -1150,6 +1144,7 @@ dist_patch_DATA = \ %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \ %D%/packages/patches/teensy-loader-cli-help.patch \ %D%/packages/patches/teeworlds-use-latest-wavpack.patch \ + %D%/packages/patches/texinfo-perl-compat.patch \ %D%/packages/patches/texi2html-document-encoding.patch \ %D%/packages/patches/texi2html-i18n.patch \ %D%/packages/patches/thefuck-test-environ.patch \ diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm index c889433b41..9cc35ac5ec 100644 --- a/gnu/packages/algebra.scm +++ b/gnu/packages/algebra.scm @@ -522,14 +522,14 @@ a C program.") (define-public fftw (package (name "fftw") - (version "3.3.7") + (version "3.3.8") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.fftw.org/pub/fftw/fftw-" version".tar.gz")) (sha256 (base32 - "0wsms8narnbhfsa8chdflv2j9hzspvflblnqdn7hw8x5xdzrnq1v")))) + "00z3k8fq561wq2khssqg0kallk0504dzlx989x3vvicjdqpjc4v1")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index de0aa92adb..81eb5bdddc 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -435,14 +435,14 @@ change. GNU make offers many powerful extensions over the standard utility.") (define-public binutils (package (name "binutils") - (version "2.30") + (version "2.31.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/binutils/binutils-" version ".tar.bz2")) (sha256 (base32 - "028cklfqaab24glva1ks2aqa1zxa6w6xmc8q34zs1sb7h22dxspg")) + "1l34hn1zkmhr1wcrgf0d4z7r3najxnw3cx2y2fk7v55zjlk3ik7z")) (patches (search-patches "binutils-loongson-workaround.patch")))) (build-system gnu-build-system) @@ -480,17 +480,6 @@ included.") (license gpl3+) (home-page "https://www.gnu.org/software/binutils/"))) -(define-public binutils/fixed - ;; TODO: Incorporate this in binutils during the next rebuild cycle. - (hidden-package - (package - (inherit binutils) - (source (origin - (inherit (package-source binutils)) - (patches (append (origin-patches (package-source binutils)) - (search-patches - "binutils-aarch64-symbol-relocation.patch")))))))) - (define* (make-ld-wrapper name #:key (target (const #f)) binutils diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm index 64f7782f58..46cb13048d 100644 --- a/gnu/packages/bash.scm +++ b/gnu/packages/bash.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015, 2018 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name> -;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. @@ -79,7 +79,11 @@ (16 "1cgi1y6mifm8hsgv4avj5ih76535js3qba1sqwbfvp7si76927sh") (17 "0w6jpj2giakji1ir83rpkx1y7n7xqppah3j748m6dm38hywr0gvp") (18 "1k58h4wxbsg7r4rwhrvzx5hfbapba2nxjysbhh6qp6ki5ys99i2v") - (19 "07n1i5610lbs672x1s8g82qn3qfj06s0ip3z80sri0g8vxp0s5r7"))) + (19 "07n1i5610lbs672x1s8g82qn3qfj06s0ip3z80sri0g8vxp0s5r7") + (20 "0b2jk5n1af1vh590qfc52hv65mafb4vl1xv26s8j5a3byb5y4h0q") + (21 "1hblcd2xmqqlp0idnavw66570n7m0yv5rbbr873c2gkn982mk3xx") + (22 "0yfbjzr79vzjs2hyi5m8iy2b38fq7vikdfa4zqdvjsp36q4iycs5") + (23 "1dlism6qdx60nvzj0v7ndr7lfahl4a8zmzckp13hqgdx7xpj7v2g"))) (define (download-patches store count) "Download COUNT Bash patches into store. Return a list of diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm index eba30217da..42ec61e324 100644 --- a/gnu/packages/bdw-gc.scm +++ b/gnu/packages/bdw-gc.scm @@ -30,14 +30,14 @@ (define-public libgc (package (name "libgc") - (version "7.6.4") + (version "7.6.6") (source (origin (method url-fetch) - (uri (string-append "http://www.hboehm.info/gc/gc_source/gc-" - version ".tar.gz")) + (uri (string-append "https://github.com/ivmai/bdwgc/releases" + "/download/v" version "/gc-" version ".tar.gz")) (sha256 (base32 - "076dzsqqyxd3nlzs0z277vvhqjp8nv5dqi763s0m90zr6ljiyk5r")))) + "1p1r015a7jbpvkkbgzv1y8nxrbbp6dg0mq3ksi6ji0qdz3wfss79")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/bison.scm b/gnu/packages/bison.scm index 09c6481a16..3e47a2a1b2 100644 --- a/gnu/packages/bison.scm +++ b/gnu/packages/bison.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -29,7 +30,7 @@ (define-public bison (package (name "bison") - (version "3.0.4") + (version "3.0.5") (source (origin (method url-fetch) @@ -37,10 +38,10 @@ version ".tar.xz")) (sha256 (base32 - "1qbgf6q1n2z17k8g33444m0q68kf3fbiq65q7jlrzpvvj73jh957")))) + "0f7kjygrckkx8vas2nm673592jif0a9mw5g8207f6hj6h4pfyp07")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl) - ;; m4 is not present in PATH when cross-building + ;; m4 is not present in PATH when cross-building. ("m4" ,m4))) (inputs `(("flex" ,flex))) (propagated-inputs `(("m4" ,m4))) diff --git a/gnu/packages/boost.scm b/gnu/packages/boost.scm index d00f96de64..fbd0425c96 100644 --- a/gnu/packages/boost.scm +++ b/gnu/packages/boost.scm @@ -43,7 +43,7 @@ (define-public boost (package (name "boost") - (version "1.66.0") + (version "1.67.0") (source (origin (method url-fetch) (uri (string-append @@ -52,7 +52,7 @@ ".tar.bz2")) (sha256 (base32 - "1aaw48cmimsskzgiclwn0iifp62a5iw9cbqrhfari876af1828ap")) + "1fmdlmkzsrd46wwk834jsi2ypxj68w2by0rfcg2pzrafk5rck116")) (patches (search-patches "boost-fix-icu-build.patch")))) (build-system gnu-build-system) (inputs `(("icu4c" ,icu4c) diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm index 06b1cab82c..e113048690 100644 --- a/gnu/packages/cmake.scm +++ b/gnu/packages/cmake.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net> +;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -43,7 +44,7 @@ (define-public cmake (package (name "cmake") - (version "3.11.0") + (version "3.12.0") (source (origin (method url-fetch) (uri (string-append "https://www.cmake.org/files/v" @@ -51,7 +52,7 @@ "/cmake-" version ".tar.gz")) (sha256 (base32 - "0sv5k9q6braa8hhw0y3w19avqn0xn5czv5jf5fz5blnlf7ivw4y3")) + "0scxdgdrkrri0f5fm7cb969vcl4k1wanmhaa22fh9ffdys81ly6h")) (modules '((guix build utils))) (snippet '(begin @@ -86,6 +87,13 @@ " --exclude-regex ^\\(" (string-join skipped-tests "\\|") "\\)$"))) #:phases (modify-phases %standard-phases + (add-after 'unpack 'split-package + ;; Remove files that have been packaged in other package recipes. + (lambda _ + (delete-file "Auxiliary/cmake-mode.el") + (substitute* "Auxiliary/CMakeLists.txt" + ((".*cmake-mode.el.*") "")) + #t)) (add-before 'configure 'patch-bin-sh (lambda _ ;; Replace "/bin/sh" by the right path in... a lot of diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 1c5e00ec95..fdfa5ce39b 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -246,6 +246,7 @@ file; as a result, it is often used in conjunction with \"tar\", resulting in (arguments `(#:modules ((guix build gnu-build-system) (guix build utils) + (ice-9 ftw) (srfi srfi-1)) #:phases (modify-phases %standard-phases @@ -274,25 +275,32 @@ file; as a result, it is often used in conjunction with \"tar\", resulting in ;; it create all the (un)versioned symlinks, so we handle it here. (let* ((out (assoc-ref outputs "out")) (libdir (string-append out "/lib")) - ;; Find the actual library (e.g. "libbz2.so.1.0.6"). - (lib (string-drop - (car (find-files - "." - (lambda (file stat) - (and (string-prefix? "./libbz2.so" file) - (eq? 'regular (stat:type stat)))))) - 2)) - (soversion (string-drop lib (string-length "libbz2.so.")))) + (soname "libbz2.so") + ;; Locate the built library (e.g. "libbz2.so.1.0.6"). + (lib (car (scandir "." + (lambda (file) + (and (string-prefix? soname file) + (eq? 'regular + (stat:type (lstat file)))))))) + (soversion (string-drop lib (+ 1 (string-length soname))))) (install-file lib libdir) (with-directory-excursion libdir ;; Create symlinks libbz2.so.1 -> libbz2.so.1.0, etc. - (let loop ((base "libbz2.so") + (let loop ((base soname) (numbers (string-split soversion #\.))) (unless (null? numbers) (let ((so-file (string-append base "." (car numbers)))) (symlink so-file base) (loop so-file (cdr numbers)))))) #t))) + (add-after 'install-shared-lib 'move-static-lib + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (static (assoc-ref outputs "static"))) + (with-directory-excursion (string-append out "/lib") + (install-file "libbz2.a" (string-append static "/lib")) + (delete-file "libbz2.a") + #t)))) (add-after 'install-shared-lib 'patch-scripts (lambda* (#:key outputs inputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out"))) @@ -307,6 +315,7 @@ file; as a result, it is often used in conjunction with \"tar\", resulting in ,@(if (%current-target-system) '(#:tests? #f) '()))) + (outputs '("out" "static")) (synopsis "High-quality data compression program") (description "bzip2 is a freely available, patent free (see below), high-quality data @@ -374,7 +383,7 @@ compressed with pbzip2 can be decompressed with bzip2).") (define-public xz (package (name "xz") - (version "5.2.3") + (version "5.2.4") (source (origin (method url-fetch) (uri (list (string-append "http://tukaani.org/xz/xz-" version @@ -383,7 +392,7 @@ compressed with pbzip2 can be decompressed with bzip2).") version ".tar.gz"))) (sha256 (base32 - "1jr8pxnz55ifc8cvp3ivgl79ph9iik5aypsc9cma228aglsqp4ki")))) + "0ibi2zsfaz6l756spjwc5rayf4ckgc9hwmy8qinppcyk4svz64mm")))) (build-system gnu-build-system) (synopsis "General-purpose data compression") (description diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index 3150c25019..5e852501ce 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -53,7 +53,7 @@ (define-public cups-filters (package (name "cups-filters") - (version "1.20.1") + (version "1.20.3") (source(origin (method url-fetch) (uri @@ -61,7 +61,7 @@ "cups-filters-" version ".tar.xz")) (sha256 (base32 - "0qix1whz5n4ijnl6d44f1v8nzkpv99wqjyrby8vx6xnpskw5hsxk")) + "1g18qkvl9zdxickiblgs2vvkip4b6p2jalw4d30zzz3hh8f1g6iv")) (modules '((guix build utils))) (snippet ;; install backends, banners and filters to cups-filters output @@ -176,8 +176,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.") (define-public cups-minimal (package (name "cups-minimal") - (replacement cups-minimal-2.2.8) - (version "2.2.6") + (version "2.2.8") (source (origin (method url-fetch) @@ -185,7 +184,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.") version "/cups-" version "-source.tar.gz")) (sha256 (base32 - "16qn41b84xz6khrr2pa2wdwlqxr29rrrkjfi618gbgdkq9w5ff20")))) + "1r7r7b3nqpzc1a9dczqpj2mr8rkcwf01676v11sp4j7w4qfzqs1r")))) (build-system gnu-build-system) (arguments `(#:configure-flags @@ -237,21 +236,8 @@ describe printer capabilities and features, and a wide variety of generic and device-specific programs to convert and print many types of files.") (license license:gpl2))) -(define-public cups-minimal-2.2.8 - (package - (inherit cups-minimal) - (version "2.2.8") - (source - (origin - (method url-fetch) - (uri (string-append "https://github.com/apple/cups/releases/download/v" - version "/cups-" version "-source.tar.gz")) - (sha256 - (base32 - "1r7r7b3nqpzc1a9dczqpj2mr8rkcwf01676v11sp4j7w4qfzqs1r")))))) - (define-public cups - (package/inherit cups-minimal + (package (inherit cups-minimal) (name "cups") (arguments `(;; Three tests fail: diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index e724fd147b..8bed48fd87 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -50,15 +50,14 @@ (define-public curl (package (name "curl") - (version "7.59.0") - (replacement curl-7.61.0) + (version "7.61.0") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.xz")) (sha256 (base32 - "1z310hrjm2vmbcpkyp81dcmj9rk127zkjyawpy2pah0nz6yslkp4")))) + "080p9r2kln8cbfj0rqfn6wqp5kdn9k5wp720nirkcw845lcmavpg")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.2 MiB of man3 pages @@ -141,19 +140,6 @@ tunneling, and so on.") "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) -(define-public curl-7.61.0 - (package - (inherit curl) - (version "7.61.0") - (source - (origin - (method url-fetch) - (uri (string-append "https://curl.haxx.se/download/curl-" - version ".tar.xz")) - (sha256 - (base32 - "080p9r2kln8cbfj0rqfn6wqp5kdn9k5wp720nirkcw845lcmavpg")))))) - (define-public kurly (package (name "kurly") diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 382c74cfd9..7c78414dcc 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -163,14 +163,14 @@ either single machines or networked clusters.") (define-public gdbm (package (name "gdbm") - (version "1.14.1") + (version "1.16") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gdbm/gdbm-" version ".tar.gz")) (sha256 (base32 - "0pxwz3jlwvglq2mrbxvrjgr8pa0aj73p3v9sxmdlj570zw0gzknd")))) + "0bsimfb0h9vkxh6hzz66hrpxrzcqla58y0gvzvpc784x4p38p8f8")))) (arguments `(#:configure-flags '("--enable-libgdbm-compat"))) (build-system gnu-build-system) (home-page "http://www.gnu.org.ua/software/gdbm") @@ -1009,7 +1009,7 @@ for example from a shell script.") (define-public sqlite (package (name "sqlite") - (version "3.23.0") + (version "3.24.0") (source (origin (method url-fetch) (uri (let ((numeric-version @@ -1025,7 +1025,7 @@ for example from a shell script.") numeric-version ".tar.gz"))) (sha256 (base32 - "0jbf78g3cm5wq77k7sfg8fb6rz44hnp9hs7p5d66fwd000c1lwdp")))) + "0jmprv2vpggzhy7ma4ynmv1jzn3pfiwzkld0kkg6hvgvqs44xlfr")))) (build-system gnu-build-system) (inputs `(("readline" ,readline))) (arguments diff --git a/gnu/packages/docbook.scm b/gnu/packages/docbook.scm index 1c00e56d6d..1e5379b020 100644 --- a/gnu/packages/docbook.scm +++ b/gnu/packages/docbook.scm @@ -138,11 +138,15 @@ by no means limited to these applications.) This package provides XML DTDs.") (method url-fetch) (uri (string-append "mirror://sourceforge/docbook/docbook-xsl/" version "/docbook-xsl-" version ".tar.bz2")) - ;; Note: If removing all patches, the XZ dependency is no longer needed. (patches (search-patches "docbook-xsl-nonrecursive-string-subst.patch")) (sha256 (base32 - "0s59lihif2fr7rznckxr2kfyrvkirv76r1zvidp9b5mj28p4apvj")))) + "0s59lihif2fr7rznckxr2kfyrvkirv76r1zvidp9b5mj28p4apvj")) + (modules '((guix build utils))) + (snippet + '(begin + (for-each delete-file (find-files "." "\\.jar$")) + #t)))) (build-system trivial-build-system) (arguments `(#:builder (let ((name-version (string-append ,name "-" ,version))) @@ -168,7 +172,7 @@ by no means limited to these applications.) This package provides XML DTDs.") #t)) #:modules ((guix build utils)))) (native-inputs `(("bzip2" ,bzip2) - ("xz" ,xz) + ("xz" ,xz) ;needed for repacked tarballs ("tar" ,tar))) (home-page "http://docbook.org") (synopsis "DocBook XSL style sheets for document authoring") diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index 0473c519d5..78f0360c2e 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -28,14 +29,14 @@ (define-public file (package (name "file") - (version "5.32") + (version "5.33") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.astron.com/pub/file/file-" version ".tar.gz")) (sha256 (base32 - "0l1bfa0icng9vdwya00ff48fhvjazi5610ylbhl35qi13d6xqfc6")))) + "1iipnwjkag7q04zjkaqic41r9nlw0ml6mhqian6qkkbisb1whlhw")))) (build-system gnu-build-system) ;; When cross-compiling, this package depends upon a native install of diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 725387ce8e..94cdc520ba 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Nils Gillmann <ng0@n0.is> ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -54,15 +55,18 @@ (define-public freetype (package (name "freetype") - (version "2.9") + (version "2.9.1") (source (origin (method url-fetch) (uri (string-append "mirror://savannah/freetype/freetype-" version ".tar.bz2")) (sha256 (base32 - "12jcdz1in20yaa55izxalg3hm1pf7nydfrzps5bzb4zgihybmzz6")) - (patches (search-patches "freetype-CVE-2018-6942.patch")))) + "0kg8w6qyiizlyzh4a8lpzslipcbv96hcg3rqqpnxba8ffbm8g3fv")))) (build-system gnu-build-system) + (arguments + ;; The use of "freetype-config" is deprecated, but other packages still + ;; depend on it. + `(#:configure-flags (list "--enable-freetype-config"))) (native-inputs `(("pkg-config" ,pkg-config))) (propagated-inputs diff --git a/gnu/packages/fribidi.scm b/gnu/packages/fribidi.scm index 0368779240..dfd2a77c20 100644 --- a/gnu/packages/fribidi.scm +++ b/gnu/packages/fribidi.scm @@ -27,7 +27,7 @@ (define-public fribidi (package (name "fribidi") - (version "1.0.2") + (version "1.0.5") (source (origin (method url-fetch) @@ -36,11 +36,8 @@ "/download/v" version "/fribidi-" version ".tar.bz2")) (sha256 - (base32 "0aw3i1g96axbr96flw4543dvhb8zlgb0w8314ks6cq2g1i9invdx")))) + (base32 "1kp4b1hpx2ky20ixgy2xhj5iygfl7ps5k9kglh1z5i7mhykg4r3a")))) (build-system gnu-build-system) - (arguments - `(#:configure-flags - (list "--disable-docs"))) ; TODO: enable; requires c2man (synopsis "Implementation of the Unicode bidirectional algorithm") (description "GNU FriBidi is an implementation of the Unicode Bidirectional diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index fdca3d2ffc..a150936899 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -831,7 +831,7 @@ as the 'native-search-paths' field." (define-public isl (package (name "isl") - (version "0.18") + (version "0.19") (source (origin (method url-fetch) (uri (list (string-append @@ -842,7 +842,7 @@ as the 'native-search-paths' field." name "-" version ".tar.gz"))) (sha256 (base32 - "06ybml6llhi4i56q90jnimbcgk1lpcdwhy9nxdxra2hxz3bhz2vb")))) + "1n4yz9rj24mv226hqbpw210ifvqkn8dgvpnkzf0s0lkq9zrjd5ym")))) (build-system gnu-build-system) (inputs `(("gmp" ,gmp))) (home-page "http://isl.gforge.inria.fr/") diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 1240b1dc16..cd7cd604fd 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2013, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com> -;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2017, 2018 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; @@ -52,7 +52,7 @@ (sha256 (base32 "083xisy6z01zhm7p7rgk4bx9d6zlr8l20qkfv1g29ylnhgwzvij8")))) (build-system gnu-build-system) - (inputs `(("libjpeg-8" ,libjpeg-8) + (inputs `(("libjpeg" ,libjpeg) ("libtiff" ,libtiff) ("zlib" ,zlib))) (synopsis "Little CMS, a small-footprint colour management engine") @@ -132,7 +132,6 @@ printing, and psresize, for adjusting page sizes.") (define-public ghostscript (package (name "ghostscript") - (replacement ghostscript/fixed) (version "9.23") (source (origin @@ -145,6 +144,7 @@ printing, and psresize, for adjusting page sizes.") (base32 "1ng8d9fm5lza7k1f7ybc791275c07z5hcmpkrl2i226nshkxrkhz")) (patches (search-patches "ghostscript-runpath.patch" + "ghostscript-CVE-2018-10194.patch" "ghostscript-no-header-creationdate.patch" "ghostscript-no-header-id.patch" "ghostscript-no-header-uuid.patch")) @@ -251,16 +251,6 @@ output file formats and printers.") (home-page "https://www.ghostscript.com/") (license license:agpl3+))) -(define-public ghostscript/fixed - (hidden-package - (package - (inherit ghostscript) - (source - (origin - (inherit (package-source ghostscript)) - (patches (append (origin-patches (package-source ghostscript)) - (search-patches "ghostscript-CVE-2018-10194.patch")))))))) - (define-public ghostscript/x (package/inherit ghostscript (name (string-append (package-name ghostscript) "-with-x")) diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index 95d7976bf8..dbd9c8ff88 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -80,7 +80,7 @@ (define dbus (package (name "dbus") - (version "1.12.6") + (version "1.12.8") (source (origin (method url-fetch) (uri (string-append @@ -88,7 +88,7 @@ version ".tar.gz")) (sha256 (base32 - "05picaq8j60wlwyi84qvw5liw3nd0cws9va3krnc3pms0wm906v2")) + "1cvfi7jiby12h0f5gbysphhk99m6mch87ab3cqxkj0w36gkrkp72")) (patches (search-patches "dbus-helper-search-path.patch")))) (build-system gnu-build-system) (arguments @@ -150,7 +150,7 @@ shared NFS home directories.") (define glib (package (name "glib") - (version "2.56.0") + (version "2.56.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" @@ -158,7 +158,7 @@ shared NFS home directories.") name "-" version ".tar.xz")) (sha256 (base32 - "1iqgi90fmpl3l23jm2iv44qp7hqsxvnv7978s18933bvx4bnxvzc")) + "138b3hi7glfpbia49gi07lyz1dh9k0jl9vpd3aiwflf6y923zvs0")) (patches (search-patches "glib-tests-timer.patch")))) (build-system gnu-build-system) (outputs '("out" ; everything @@ -303,14 +303,14 @@ dynamic loading, and an object system.") (define gobject-introspection (package (name "gobject-introspection") - (version "1.56.0") + (version "1.56.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" "gobject-introspection/" (version-major+minor version) "/gobject-introspection-" version ".tar.xz")) (sha256 - (base32 "1y50pbn5qqbcv2h9rkz96wvv5jls2gma9bkqjq6wapmaszx5jw0d")) + (base32 "0jx2kryjd7l0vl5gb3qp1qjfy3cjiizvcd1snsm7pzwrzz67aa2v")) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index a571d922cb..a1dae0bee7 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -122,6 +122,7 @@ #:use-module (gnu packages ssh) #:use-module (gnu packages xml) #:use-module (gnu packages gl) + #:use-module (gnu packages graphviz) #:use-module (gnu packages compression) #:use-module (gnu packages spice) #:use-module (gnu packages tex) @@ -938,14 +939,14 @@ guidelines.") (define-public shared-mime-info (package (name "shared-mime-info") - (version "1.8") + (version "1.9") (source (origin (method url-fetch) (uri (string-append "https://freedesktop.org/~hadess/" "shared-mime-info-" version ".tar.xz")) (sha256 (base32 - "1sc96lv9dp1lkvs8dh3ngm3hbjb274d363dl9avhb61il3qmxx9a")))) + "10ywzhzg8v1xmb9sz5xbqaci90id38knswigynyl33i29vn360aw")))) (build-system gnu-build-system) (arguments ;; The build system appears not to be parallel-safe. @@ -2034,7 +2035,7 @@ passwords in the GNOME keyring.") (define-public vala (package (name "vala") - (version "0.36.3") + (version "0.40.7") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -2042,7 +2043,7 @@ passwords in the GNOME keyring.") name "-" version ".tar.xz")) (sha256 (base32 - "0706izk9prxqclm7gv4f63diwnlc1llvfl5sc9ghqbgn076lx2mc")))) + "1v0ak68lrnbb5lyd48j6sxa35vfrii86zmhxdhkdb85k1bv65rmy")))) (build-system gnu-build-system) (arguments '(#:phases @@ -2050,20 +2051,25 @@ passwords in the GNOME keyring.") (add-before 'check 'pre-check (lambda _ (setenv "CC" "gcc") + (substitute* "valadoc/tests/testrunner.sh" + (("export PKG_CONFIG_PATH=" m) + (string-append m "$PKG_CONFIG_PATH:"))) ;; For missing '/etc/machine-id'. (setenv "DBUS_FATAL_WARNINGS" "0") - #t))) - ;; Build the Vala API generator - #:configure-flags '("--enable-vapigen"))) + #t))))) (native-inputs `(("pkg-config" ,pkg-config) ("flex" ,flex) ("bison" ,bison) ("xsltproc" ,libxslt) + ("grep" ,grep) + ("sed" ,sed) ("dbus" ,dbus) ; for dbus tests ("gobject-introspection" ,gobject-introspection))) ; for gir tests + (inputs + `(("graphviz" ,graphviz))) (propagated-inputs - `(("glib" ,glib))) ; required by libvala-0.26.pc + `(("glib" ,glib))) ; required by libvala-0.40.pc (home-page "https://live.gnome.org/Vala/") (synopsis "Compiler for the GObject type system") (description @@ -5887,7 +5893,7 @@ is complete it provides a graphical representation of each selected folder.") (define-public gnome-backgrounds (package (name "gnome-backgrounds") - (version "3.26.2") + (version "3.28.0") (source (origin (method url-fetch) @@ -5896,8 +5902,8 @@ is complete it provides a graphical representation of each selected folder.") name "-" version ".tar.xz")) (sha256 (base32 - "0kzrh5h0cfby3rhsy31d1w1c0rr3wcc845kv6zibqw1x8v9si2rs")))) - (build-system glib-or-gtk-build-system) + "1qgim0yhzjgcq172y4vp5hqz4rh1ak38a7pgi6s7dq0wklyrcnxj")))) + (build-system meson-build-system) (native-inputs `(("intltool" ,intltool))) (home-page "https://git.gnome.org/browse/gnome-backgrounds") diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index c095a966c2..54b44996ef 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -70,7 +70,7 @@ (define-public libgpg-error (package (name "libgpg-error") - (version "1.28") + (version "1.32") (source (origin (method url-fetch) @@ -78,8 +78,7 @@ version ".tar.bz2")) (sha256 (base32 - "0jfsfnh9bxlxiwxws60yah4ybjw2hshmvqp31pri4m4h8ivrbnry")) - (patches (search-patches "libgpg-error-aarch64-logging-fix.patch")))) + "1jj08ns4sh1hmafqp1giskvdicdz18la516va26jycy27kkwaif3")))) (build-system gnu-build-system) (home-page "https://gnupg.org") (synopsis "Library of error values for GnuPG components") @@ -92,32 +91,17 @@ Daemon and possibly more in the future.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgpg-error"))))) -;; Some packages (e.g. GPGME) require a newer libgpg-error to deal with -;; error codes from recent GnuPG. Remove this in the next rebuild cycle. -(define-public libgpg-error-1.31 - (package - (inherit libgpg-error) - (version "1.31") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/libgpg-error/libgpg-error-" - version ".tar.bz2")) - (sha256 - (base32 - "1vx4nw6rxh2biy3h8n96fyr86q29h8gjl6837437i51jr4isil20")))))) - (define-public libgcrypt (package - (replacement libgcrypt/fixed) (name "libgcrypt") - (version "1.8.2") + (version "1.8.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" version ".tar.bz2")) (sha256 (base32 - "01sca9m8hm6b5v8hmqsfdjhyz013869p1f0fxw9ln52qfnp4q1n8")))) + "0z5gs1khzyknyfjr19k8gk4q148s6q987ya85cpn0iv70fz91v36")))) (build-system gnu-build-system) (propagated-inputs `(("libgpg-error-host" ,libgpg-error))) @@ -143,19 +127,6 @@ generation.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgcrypt"))))) -(define libgcrypt/fixed - (package - (inherit libgcrypt) - (name "libgcrypt") - (version "1.8.3") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" - version ".tar.bz2")) - (sha256 - (base32 - "0z5gs1khzyknyfjr19k8gk4q148s6q987ya85cpn0iv70fz91v36")))))) - (define-public libassuan (package (name "libassuan") @@ -404,7 +375,7 @@ libskba (working with X.509 certificates and CMS data).") `(("gnupg" ,gnupg))) (propagated-inputs ;; Needs to be propagated because gpgme.h includes gpg-error.h. - `(("libgpg-error" ,libgpg-error-1.31))) + `(("libgpg-error" ,libgpg-error))) (inputs `(("libassuan" ,libassuan))) (home-page "https://www.gnupg.org/related_software/gpgme/") diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 3718e939d1..e351c6e96d 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -8,7 +8,7 @@ ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com> ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com> -;;; Copyright © 2015, 2016, 2017, 2018 Ricardo Wurmus <rekado@elephly.net> +;;; Coypright © 2015, 2016, 2017, 2018 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Fabian Harfert <fhmgufs@web.de> ;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net> @@ -112,14 +112,14 @@ tools have full access to view and control running applications.") (define-public cairo (package (name "cairo") - (version "1.14.10") + (version "1.14.12") (source (origin (method url-fetch) (uri (string-append "https://cairographics.org/releases/cairo-" version ".tar.xz")) (sha256 (base32 - "02banr0wxckq62nbhc3mqidfdh2q956i2r7w2hd9bjgjb238g1vy")) + "05mzyxkvsfc1annjw2dja8vka01ampp9pp93lg09j8hba06g144c")) (patches (search-patches "cairo-CVE-2016-9082.patch")))) (build-system gnu-build-system) (propagated-inputs @@ -178,7 +178,7 @@ affine transformation (scale, rotation, shear, etc.).") (define-public harfbuzz (package (name "harfbuzz") - (version "1.7.6") + (version "1.8.4") (source (origin (method url-fetch) (uri (string-append "https://www.freedesktop.org/software/" @@ -186,7 +186,7 @@ affine transformation (scale, rotation, shear, etc.).") version ".tar.bz2")) (sha256 (base32 - "16rf7qwgy1gza74v2ws79zdwwb1lpvgz2abwwm8ws9j82cwysyys")))) + "1za5lmzz4j2plh6a12llnwxyy7dnspsykjlq1qp9x9hdza32yn9w")))) (build-system gnu-build-system) (outputs '("out" "bin")) ; 160K, only hb-view depend on cairo @@ -217,7 +217,7 @@ affine transformation (scale, rotation, shear, etc.).") (define-public pango (package (name "pango") - (version "1.42.0") + (version "1.42.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/pango/" @@ -225,18 +225,18 @@ affine transformation (scale, rotation, shear, etc.).") name "-" version ".tar.xz")) (sha256 (base32 - "0illn78nfwpa8y5knh9ir74wa1skc2hi8f3ny19zgpyf7n5dh94r")))) + "1qm17k7r4299jbvqifk469q4hs5qj9j19kr4h9nfy5h4sjs1dr5i")))) (build-system gnu-build-system) (propagated-inputs ;; These are all in Requires or Requires.private of the '.pc' files. `(("cairo" ,cairo) + ("fribidi" ,fribidi) ("fontconfig" ,fontconfig) ("freetype" ,freetype) ("glib" ,glib) ("harfbuzz" ,harfbuzz))) (inputs - `(("fribidi" ,fribidi) - ("zlib" ,zlib) + `(("zlib" ,zlib) ;; Some packages, such as Openbox, expect Pango to be built with the ;; optional libxft support. diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index c4d3703794..61333a3e75 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -32,7 +32,7 @@ (define-public icu4c (package (name "icu4c") - (version "61.1") + (version "62.1") (source (origin (method url-fetch) (uri (string-append @@ -42,7 +42,7 @@ (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version) "-src.tgz")) (sha256 - (base32 "1vxgkx0cyvdy00a9yd5khkx14r5kcndkax2wa99klm52x2dgh1yh")))) + (base32 "18ssgnwzzpm1g1fvbm9h1fvryiwxvvn5wc3fdakdsl33cs6qdn9x")))) (build-system gnu-build-system) (inputs `(("perl" ,perl))) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 31c78f84ef..0dd930bf70 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -253,13 +253,13 @@ files. It can compress them as much as 40% losslessly.") (define-public libjpeg (package (name "libjpeg") - (version "9b") + (version "9c") (source (origin (method url-fetch) (uri (string-append "http://www.ijg.org/files/jpegsrc.v" version ".tar.gz")) (sha256 (base32 - "0lnhpahgdwlrkd41lx6cr90r199f8mc6ydlh7jznj5klvacd63r4")))) + "08kixcf3a7s9x91174abjnk1xbvj4v8crdc73zi4k9h3jfbm00k5")))) (build-system gnu-build-system) (synopsis "Library for handling JPEG files") (description @@ -394,7 +394,6 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") - (replacement libtiff/fixed) (version "4.0.9") (source (origin @@ -405,7 +404,9 @@ extracting icontainer icon files.") (base32 "1kfg4q01r4mqn7dj63ifhi6pmqzbf4xax6ni6kkk81ri5kndwyvf")) (patches (search-patches "libtiff-CVE-2017-9935.patch" - "libtiff-CVE-2017-18013.patch")))) + "libtiff-CVE-2017-18013.patch" + "libtiff-CVE-2018-8905.patch" + "libtiff-CVE-2018-10963.patch")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.3 MiB of HTML documentation @@ -427,17 +428,6 @@ collection of tools for doing simple manipulations of TIFF images.") "See COPYRIGHT in the distribution.")) (home-page "http://www.simplesystems.org/libtiff/"))) -(define libtiff/fixed - (package - (inherit libtiff) - (source - (origin - (inherit (package-source libtiff)) - (patches - (append (origin-patches (package-source libtiff)) - (search-patches "libtiff-CVE-2018-8905.patch" - "libtiff-CVE-2018-10963.patch"))))))) - (define-public leptonica (package (name "leptonica") diff --git a/gnu/packages/inkscape.scm b/gnu/packages/inkscape.scm index de9940df1c..8471cf2392 100644 --- a/gnu/packages/inkscape.scm +++ b/gnu/packages/inkscape.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 John Darrington <jmd@gnu.org> ;;; Copyright © 2014, 2016 Mark H Weaver <mhw@netris.org> -;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2016, 2018 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; @@ -54,7 +54,16 @@ "inkscape-" version ".tar.bz2")) (sha256 (base32 - "1chng2yw8dsjxc9gf92aqv7plj11cav8ax321wmakmv5bb09cch6")))) + "1chng2yw8dsjxc9gf92aqv7plj11cav8ax321wmakmv5bb09cch6")) + (patches + (list (origin + (method url-fetch) + (uri (string-append "https://gitlab.com/inkscape/inkscape/commit/" + "a600c6438fef2f4c06f9a4a7d933d99fb054a973.diff")) + (file-name "inkscape-poppler-compat.patch") + (sha256 + (base32 + "19dam5vsy571xszgjddl5g0958dmcsv0wvgxidp4bhj2lban222i"))))))) (build-system cmake-build-system) (inputs `(("aspell" ,aspell) diff --git a/gnu/packages/jemalloc.scm b/gnu/packages/jemalloc.scm index 5086df7a1b..cb870208e4 100644 --- a/gnu/packages/jemalloc.scm +++ b/gnu/packages/jemalloc.scm @@ -32,7 +32,7 @@ (define-public jemalloc (package (name "jemalloc") - (version "5.0.1") + (version "5.1.0") (source (origin (method url-fetch) (uri (string-append @@ -40,8 +40,7 @@ version "/jemalloc-" version ".tar.bz2")) (sha256 (base32 - "1sf3lzgb0y8nnyzmp4zrca3sngdxw3kfh20sna9z03jv74fph528")) - (patches (search-patches "jemalloc-arm-address-bits.patch")))) + "0s3jpcyhzia8d4k0xyc67is78kg416p9yc3c2f9w6fhhqqffd5jk")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index 22d74d32df..cb14f765e2 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org> ;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com> ;;; ;;; This file is part of GNU Guix. @@ -47,7 +48,7 @@ (define-public mit-krb5 (package (name "mit-krb5") - (version "1.16") + (version "1.16.1") (source (origin (method url-fetch) (uri (list @@ -59,7 +60,7 @@ "/krb5-" version ".tar.gz"))) (sha256 (base32 - "024yjr15ij0qdnay0bcqfpclgfri0qa8iw4r5zdlryxhhdgi5szs")))) + "05qis9l93hhxaknbp0a2v5cr24fsy52fqx20aqqcgl1s9qwzwkr1")))) (build-system gnu-build-system) (native-inputs `(("bison" ,bison) diff --git a/gnu/packages/libbsd.scm b/gnu/packages/libbsd.scm index 58b0be872c..a616de70bd 100644 --- a/gnu/packages/libbsd.scm +++ b/gnu/packages/libbsd.scm @@ -25,14 +25,14 @@ (define-public libbsd (package (name "libbsd") - (version "0.8.7") + (version "0.9.1") (source (origin (method url-fetch) (uri (string-append "https://libbsd.freedesktop.org/releases/" "libbsd-" version ".tar.xz")) (sha256 (base32 - "0c9bl49zs0xdddcwj5dh0lay9sxi2m1yi74848g8p87mb87g2j7m")))) + "1957w2wi7iqar978qlfsm220dwywnrh5m58nrnn9zmi74ds3bn2n")))) (build-system gnu-build-system) (synopsis "Utility functions from BSD systems") (description "This library provides useful functions commonly found on BSD diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm index 983c8625e4..18e443be80 100644 --- a/gnu/packages/libevent.scm +++ b/gnu/packages/libevent.scm @@ -121,24 +121,17 @@ limited support for fork events.") (define-public libuv (package (name "libuv") - (version "1.19.2") + (version "1.22.0") (source (origin (method url-fetch) (uri (string-append "https://dist.libuv.org/dist/v" version "/libuv-v" version ".tar.gz")) (sha256 (base32 - "1msk9ac1z69whww88ibrwjqkd1apdla6l77cm2fwy5kigq0z5g3w")))) + "1009m5paidnl4y8x0fzmsfcq7i5234jy50hsfqhspkqg59zs6zpb")))) (build-system gnu-build-system) (arguments - '(#:phases (modify-phases %standard-phases - (add-after 'unpack 'autogen - (lambda _ - ;; Fashionable people don't run 'make dist' these days, so - ;; we need to do that ourselves. - (invoke "sh" "autogen.sh")))) - - ;; XXX: Some tests want /dev/tty, attempt to make connections, etc. + '(;; XXX: Some tests want /dev/tty, attempt to make connections, etc. #:tests? #f)) (native-inputs `(("autoconf" ,autoconf-wrapper) ("automake" ,automake) diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm index 249c3f8458..7cf061768e 100644 --- a/gnu/packages/libidn.scm +++ b/gnu/packages/libidn.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org> +;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -32,26 +33,16 @@ (define-public libidn (package (name "libidn") - (version "1.34") + (version "1.35") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/libidn/libidn-" version ".tar.gz")) (sha256 (base32 - "0g3fzypp0xjcgr90c5cyj57apx1cmy0c6y9lvw2qdcigbyby469p")) - (modules '((guix build utils))) - (snippet - '(begin - ;; The gnulib test-lock test is prone to writer starvation - ;; with our glibc@2.25, which prefers readers, so disable it. - ;; The gnulib commit b20e8afb0b2 should fix this once - ;; incorporated here. - (substitute* "lib/gltests/Makefile.in" - (("test-lock\\$\\(EXEEXT\\) ") "")) - #t)))) + "07pyy0afqikfq51z5kbzbj9ldbd12mri0zvx0mfv3ds6bc0g26pi")))) (build-system gnu-build-system) -;; FIXME: No Java and C# libraries are currently built. + ;; FIXME: No Java and C# libraries are currently built. (synopsis "Internationalized string processing library") (description "libidn is a library implementing of the Stringprep, Punycode and IDNA @@ -66,14 +57,14 @@ Java libraries.") (define-public libidn2 (package (name "libidn2") - (version "2.0.4") + (version "2.0.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/libidn/" name "-" version ".tar.lz")) (sha256 (base32 - "00f2fyw5kwr9is3cdn5h9arzxp0lnvg0z9bb9zyfs0dq81gaqim4")))) + "0s4nkazy1xbs6bbq4farby1xhmhzk5bdclbil5gqdwyzxsgabxqg")))) (native-inputs `(("lzip" ,lzip))) (inputs diff --git a/gnu/packages/libsigsegv.scm b/gnu/packages/libsigsegv.scm index 7f63bb26c4..927a12f4cf 100644 --- a/gnu/packages/libsigsegv.scm +++ b/gnu/packages/libsigsegv.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2018 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. @@ -38,20 +38,23 @@ (home-page "https://www.gnu.org/software/libsigsegv/") (synopsis "Library for handling page faults") (arguments - ;; On MIPS, work around this error: - ;; - ;; In file included from fault-linux-mips-old.h:18:0, - ;; [...] - ;; linux-libre-headers-cross-mips64el-linux-gnu-3.3.8/include/asm/sigcontext.h:57:8: error: redefinition of 'struct sigcontext' - (if (string-contains (or (%current-target-system) (%current-system)) - "mips64el") - `(#:phases (modify-phases %standard-phases - (add-before 'configure 'patch-mips-old-h - (lambda _ - (substitute* "src/fault-linux-mips-old.h" - (("#include <asm/sigcontext\\.h>") "")) - #t)))) - '())) + `(;; The shared library isn't built by default but some packages need it. + #:configure-flags '("--enable-shared") + + ;; On MIPS, work around this error: + ;; + ;; In file included from fault-linux-mips-old.h:18:0, + ;; [...] + ;; linux-libre-headers-cross-mips64el-linux-gnu-3.3.8/include/asm/sigcontext.h:57:8: error: redefinition of 'struct sigcontext' + ,@(if (string-contains (or (%current-target-system) (%current-system)) + "mips64el") + `(#:phases (modify-phases %standard-phases + (add-before 'configure 'patch-mips-old-h + (lambda _ + (substitute* "src/fault-linux-mips-old.h" + (("#include <asm/sigcontext\\.h>") "")) + #t)))) + '()))) (description "GNU libsigsegv is a library to handle page faults, which occur when a program tries to access an unavailable region of memory, in user mode. By diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm index 6a3afd4f05..b6656904eb 100644 --- a/gnu/packages/libunistring.scm +++ b/gnu/packages/libunistring.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org> +;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -32,7 +33,7 @@ (define-public libunistring (package (name "libunistring") - (version "0.9.9") + (version "0.9.10") (source (origin (method url-fetch) (uri (string-append @@ -40,17 +41,7 @@ version ".tar.xz")) (sha256 (base32 - "0cx8v6862w7vvacbkcvg49kfx731ckdgaybmzw1zav71zkn97nd4")) - (modules '((guix build utils))) - (snippet - '(begin - ;; The gnulib test-lock test is prone to writer starvation - ;; with our glibc@2.25, which prefers readers, so disable it. - ;; The gnulib commit b20e8afb0b2 should fix this once - ;; incorporated here. - (substitute* "tests/Makefile.in" - (("test-lock\\$\\(EXEEXT\\) ") "")) - #t)))) + "1mq57h06622m6qc5cv347fc3qk5mj840axw3c0vd7qmnwk1v53zb")))) (propagated-inputs (libiconv-if-needed)) (build-system gnu-build-system) (arguments diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 7ecc795b1f..dbf597b8b3 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -298,12 +298,6 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration." (or (%current-target-system) (%current-system))) ((or "x86_64" "i386") `(("gcc" ,gcc-7))) - ("arm64" - ;; Work around a binutils 2.30 bug where some kernel symbols would - ;; be incorrectly marked as relocatable: - ;; <https://sourceware.org/bugzilla/show_bug.cgi?id=22764>. - `(("ld-wrapper" ,(make-ld-wrapper "ld-wrapper" - #:binutils binutils/fixed)))) (_ '())) ,@(match (and configuration-file @@ -470,17 +464,17 @@ It has been modified to remove all non-free binary blobs.") (define-public linux-pam (package (name "linux-pam") - (version "1.3.0") + (version "1.3.1") (source (origin - (method url-fetch) - (uri (string-append - "http://www.linux-pam.org/library/" - "Linux-PAM-" version ".tar.bz2")) - (sha256 - (base32 - "1fyi04d5nsh8ivd0rn2y0z83ylgc0licz7kifbb6xxi2ylgfs6i4")) - (patches (search-patches "linux-pam-no-setfsuid.patch")))) + (method url-fetch) + (uri (string-append + "https://github.com/linux-pam/linux-pam/releases/download/v" + version "/Linux-PAM-" version ".tar.xz")) + (sha256 + (base32 + "1nyh9kdi3knhxcbv5v4snya0g3gff0m671lnvqcbygw3rm77mx7g")) + (patches (search-patches "linux-pam-no-setfsuid.patch")))) (build-system gnu-build-system) (native-inputs @@ -562,7 +556,7 @@ providing the system administrator with some help in common tasks.") (define-public util-linux (package (name "util-linux") - (version "2.32") + (version "2.32.1") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/linux/utils/" @@ -570,7 +564,7 @@ providing the system administrator with some help in common tasks.") name "-" version ".tar.xz")) (sha256 (base32 - "0d2758kjll5xqm5fpp3sww1h66aahx161sf2b60jxqv4qymrfwvc")) + "1ck7d8srw5szpjq7v0gpmjahnjs6wgqzm311ki4gazww6xx71rl6")) (patches (search-patches "util-linux-tests.patch")) (modules '((guix build utils))) (snippet diff --git a/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch b/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch deleted file mode 100644 index fbd596862b..0000000000 --- a/gnu/packages/patches/binutils-aarch64-symbol-relocation.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix a regression in Binutils 2.30 where some symbols are incorrectly assumed -to be addresses: - -https://sourceware.org/bugzilla/show_bug.cgi?id=22764 - -Patch taken from upstream (with ChangeLog entries and tests omitted): - -https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=279b2f94168ee91e02ccd070d27c983fc001fe12 - -diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c -index af448f9..2737773 100644 ---- a/bfd/elfnn-aarch64.c -+++ b/bfd/elfnn-aarch64.c -@@ -7189,10 +7189,19 @@ elfNN_aarch64_check_relocs (bfd *abfd, struct bfd_link_info *info, - #if ARCH_SIZE == 64 - case BFD_RELOC_AARCH64_32: - #endif -- if (bfd_link_pic (info) -- && (sec->flags & SEC_ALLOC) != 0 -- && (sec->flags & SEC_READONLY) != 0) -+ if (bfd_link_pic (info) && (sec->flags & SEC_ALLOC) != 0) - { -+ if (h != NULL -+ /* This is an absolute symbol. It represents a value instead -+ of an address. */ -+ && ((h->root.type == bfd_link_hash_defined -+ && bfd_is_abs_section (h->root.u.def.section)) -+ /* This is an undefined symbol. */ -+ || h->root.type == bfd_link_hash_undefined)) -+ break; -+ -+ /* For local symbols, defined global symbols in a non-ABS section, -+ it is assumed that the value is an address. */ - int howto_index = bfd_r_type - BFD_RELOC_AARCH64_RELOC_START; - _bfd_error_handler - /* xgettext:c-format */ diff --git a/gnu/packages/patches/freetype-CVE-2018-6942.patch b/gnu/packages/patches/freetype-CVE-2018-6942.patch deleted file mode 100644 index 680f357765..0000000000 --- a/gnu/packages/patches/freetype-CVE-2018-6942.patch +++ /dev/null @@ -1,31 +0,0 @@ -Fix CVE-2018-6942: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942 -https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6942.html - -Copied from upstream (ChangeLog section removed): -https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef - -diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c -index d855aaa..551f14a 100644 ---- a/src/truetype/ttinterp.c -+++ b/src/truetype/ttinterp.c -@@ -7532,8 +7532,16 @@ - return; - } - -- for ( i = 0; i < num_axes; i++ ) -- args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ -+ if ( coords ) -+ { -+ for ( i = 0; i < num_axes; i++ ) -+ args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */ -+ } -+ else -+ { -+ for ( i = 0; i < num_axes; i++ ) -+ args[i] = 0; -+ } - } - - diff --git a/gnu/packages/patches/gcc-strmov-store-file-names.patch b/gnu/packages/patches/gcc-strmov-store-file-names.patch index 9f9162855d..7358de3326 100644 --- a/gnu/packages/patches/gcc-strmov-store-file-names.patch +++ b/gnu/packages/patches/gcc-strmov-store-file-names.patch @@ -15,7 +15,7 @@ and <https://bugs.gnu.org/30395>. --- gcc-5.3.0/gcc/builtins.c 2016-10-18 10:50:46.080616285 +0200 +++ gcc-5.3.0/gcc/builtins.c 2016-11-09 15:26:43.693042737 +0100 -@@ -3192,6 +3192,54 @@ determine_block_size (tree len, rtx len_ +@@ -3192,6 +3192,58 @@ determine_block_size (tree len, rtx len_ GET_MODE_MASK (GET_MODE (len_rtx))); } @@ -35,9 +35,13 @@ and <https://bugs.gnu.org/30395>. + if (TREE_CODE (str) == VAR_DECL + && TREE_STATIC (str) + && TREE_READONLY (str)) -+ /* STR may be a 'static const' variable whose initial value -+ is a string constant. See <https://bugs.gnu.org/30395>. */ -+ str = DECL_INITIAL (str); ++ { ++ /* STR may be a 'static const' variable whose initial value ++ is a string constant. See <https://bugs.gnu.org/30395>. */ ++ str = DECL_INITIAL (str); ++ if (str == NULL_TREE) ++ return false; ++ } + + if (TREE_CODE (str) != STRING_CST) + return false; diff --git a/gnu/packages/patches/jemalloc-arm-address-bits.patch b/gnu/packages/patches/jemalloc-arm-address-bits.patch deleted file mode 100644 index f2ef24c25a..0000000000 --- a/gnu/packages/patches/jemalloc-arm-address-bits.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 8cfc9dec37b312a2686f602bbcdd102ca07cca99 Mon Sep 17 00:00:00 2001 -From: David Goldblatt <davidgoldblatt@fb.com> -Date: Fri, 29 Sep 2017 13:54:08 -0700 -Subject: [PATCH] ARM: Don't extend bit LG_VADDR to compute high address bits. - -In userspace ARM on Linux, zero-ing the high bits is the correct way to do this. -This doesn't fix the fact that we currently set LG_VADDR to 48 on ARM, when in -fact larger virtual address sizes are coming soon. We'll cross that bridge when -we come to it. ---- - include/jemalloc/internal/rtree.h | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/include/jemalloc/internal/rtree.h b/include/jemalloc/internal/rtree.h -index b5d4db39..4563db23 100644 ---- a/include/jemalloc/internal/rtree.h -+++ b/include/jemalloc/internal/rtree.h -@@ -178,9 +178,21 @@ rtree_leaf_elm_bits_read(tsdn_t *tsdn, rtree_t *rtree, rtree_leaf_elm_t *elm, - - JEMALLOC_ALWAYS_INLINE extent_t * - rtree_leaf_elm_bits_extent_get(uintptr_t bits) { -+# ifdef __aarch64__ -+ /* -+ * aarch64 doesn't sign extend the highest virtual address bit to set -+ * the higher ones. Instead, the high bits gets zeroed. -+ */ -+ uintptr_t high_bit_mask = ((uintptr_t)1 << LG_VADDR) - 1; -+ /* Mask off the slab bit. */ -+ uintptr_t low_bit_mask = ~(uintptr_t)1; -+ uintptr_t mask = high_bit_mask & low_bit_mask; -+ return (extent_t *)(bits & mask); -+# else - /* Restore sign-extended high bits, mask slab bit. */ - return (extent_t *)((uintptr_t)((intptr_t)(bits << RTREE_NHIB) >> - RTREE_NHIB) & ~((uintptr_t)0x1)); -+# endif - } - - JEMALLOC_ALWAYS_INLINE szind_t diff --git a/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch b/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch deleted file mode 100644 index d848d639b2..0000000000 --- a/gnu/packages/patches/libgpg-error-aarch64-logging-fix.patch +++ /dev/null @@ -1,58 +0,0 @@ -https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=patch;h=791177de023574223eddf7288eb7c5a0721ac623 - -From 791177de023574223eddf7288eb7c5a0721ac623 Mon Sep 17 00:00:00 2001 -From: Werner Koch <wk@gnupg.org> -Date: Sun, 18 Mar 2018 17:39:43 +0100 -Subject: [PATCH] core: Fix regression on arm64 due to invalid use of va_list. - -* src/logging.c (_gpgrt_log_printhex): Provide a dummy arg instead of -NULL. --- - -Fix -Suggested-by: Jakub Wilk <jwilk@jwilk.net> - -Signed-off-by: Werner Koch <wk@gnupg.org> ---- - src/logging.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -diff --git a/src/logging.c b/src/logging.c -index 1a4f620..d01f974 100644 ---- a/src/logging.c -+++ b/src/logging.c -@@ -1090,9 +1090,10 @@ _gpgrt_log_flush (void) - - - /* Print a hexdump of (BUFFER,LENGTH). With FMT passed as NULL print -- * just the raw dump, with FMT being an empty string, print a trailing -- * linefeed, otherwise print an entire debug line with the expanded -- * FMT followed by a possible wrapped hexdump and a final LF. */ -+ * just the raw dump (in this case ARG_PTR is not used), with FMT -+ * being an empty string, print a trailing linefeed, otherwise print -+ * an entire debug line with the expanded FMT followed by a possible -+ * wrapped hexdump and a final LF. */ - void - _gpgrt_logv_printhex (const void *buffer, size_t length, - const char *fmt, va_list arg_ptr) -@@ -1150,7 +1151,16 @@ _gpgrt_log_printhex (const void *buffer, size_t length, - va_end (arg_ptr); - } - else -- _gpgrt_logv_printhex (buffer, length, NULL, NULL); -+ { -+ /* va_list is not necessary a pointer and thus we can't use NULL -+ * because that would conflict with platforms using a straight -+ * struct for it (e.g. arm64). We use a dummy variable instead; -+ * the static is a simple way zero it out so to not get -+ * complains about uninitialized use. */ -+ static va_list dummy_argptr; -+ -+ _gpgrt_logv_printhex (buffer, length, NULL, dummy_argptr); -+ } - } - - --- -2.8.0.rc3 - diff --git a/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch b/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch deleted file mode 100644 index 6460cf5855..0000000000 --- a/gnu/packages/patches/perl-archive-tar-CVE-2018-12015.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix CVE-2018-12015: - -https://security-tracker.debian.org/tracker/CVE-2018-12015 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12015 -https://rt.cpan.org/Ticket/Display.html?id=125523 - -Patch taken from this upstream commit and adapted to apply to -the bundled copy in the Perl distribution: - -https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5 - -diff --git a/cpan/Archive-Tar/lib/Archive/Tar.pm b/cpan/Archive-Tar/lib/Archive/Tar.pm -index 6244369..a83975f 100644 ---- a/cpan/Archive-Tar/lib/Archive/Tar.pm -+++ b/cpan/Archive-Tar/lib/Archive/Tar.pm -@@ -845,6 +845,20 @@ sub _extract_file { - return; - } - -+ ### If a file system already contains a block device with the same name as -+ ### the being extracted regular file, we would write the file's content -+ ### to the block device. So remove the existing file (block device) now. -+ ### If an archive contains multiple same-named entries, the last one -+ ### should replace the previous ones. So remove the old file now. -+ ### If the old entry is a symlink to a file outside of the CWD, the new -+ ### entry would create a file there. This is CVE-2018-12015 -+ ### <https://rt.cpan.org/Ticket/Display.html?id=125523>. -+ if (-l $full || -e _) { -+ if (!unlink $full) { -+ $self->_error( qq[Could not remove old file '$full': $!] ); -+ return; -+ } -+ } - if( length $entry->type && $entry->is_file ) { - my $fh = IO::File->new; - $fh->open( $full, '>' ) or ( diff --git a/gnu/packages/patches/perl-deterministic-ordering.patch b/gnu/packages/patches/perl-deterministic-ordering.patch index 92e33ef135..be63d5cde3 100644 --- a/gnu/packages/patches/perl-deterministic-ordering.patch +++ b/gnu/packages/patches/perl-deterministic-ordering.patch @@ -12,10 +12,10 @@ reproducibility. cpan/Devel-PPPort/PPPort_xs.PL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/cpan/Devel-PPPort/PPPort_xs.PL b/cpan/Devel-PPPort/PPPort_xs.PL +diff --git a/dist/Devel-PPPort/PPPort_xs.PL b/dist/Devel-PPPort/PPPort_xs.PL index 5f18940..149f2fe 100644 ---- a/cpan/Devel-PPPort/PPPort_xs.PL -+++ b/cpan/Devel-PPPort/PPPort_xs.PL +--- a/dist/Devel-PPPort/PPPort_xs.PL ++++ b/dist/Devel-PPPort/PPPort_xs.PL @@ -38,7 +38,7 @@ END my $file; my $sec; diff --git a/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch b/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch deleted file mode 100644 index 28ab067599..0000000000 --- a/gnu/packages/patches/perl-file-path-CVE-2017-6512.patch +++ /dev/null @@ -1,173 +0,0 @@ -Fix CVE-2017-6512: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6512 -https://rt.cpan.org/Public/Bug/Display.html?id=121951 - -Patch copied from Debian, adapted to apply to the copy of File::Path in Perl -5.24.0. - -https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2 -https://anonscm.debian.org/cgit/perl/perl.git/diff/debian/patches/fixes/file_path_chmod_race.diff?id=e7b50f8fb6413f8ddfbbfda2d531615fb029e2d3 - -From d760748be0efca7c05454440e24f3df77bf7cf5d Mon Sep 17 00:00:00 2001 -From: John Lightsey <john@nixnuts.net> -Date: Tue, 2 May 2017 12:03:52 -0500 -Subject: Prevent directory chmod race attack. - -CVE-2017-6512 is a race condition attack where the chmod() of directories -that cannot be entered is misused to change the permissions on other -files or directories on the system. This has been corrected by limiting -the directory-permission loosening logic to systems where fchmod() is -supported. - -[Backported (whitespace adjustments) to File-Path 2.12 / perl 5.24 by -Dominic Hargreaves for Debian.] - -Bug: https://rt.cpan.org/Public/Bug/Display.html?id=121951 -Bug-Debian: https://bugs.debian.org/863870 -Patch-Name: fixes/file_path_chmod_race.diff ---- - cpan/File-Path/lib/File/Path.pm | 39 +++++++++++++++++++++++++-------------- - cpan/File-Path/t/Path.t | 40 ++++++++++++++++++++++++++-------------- - 2 files changed, 51 insertions(+), 28 deletions(-) - -diff --git a/cpan/File-Path/lib/File/Path.pm b/cpan/File-Path/lib/File/Path.pm -index 034da1e..a824cc8 100644 ---- a/cpan/File-Path/lib/File/Path.pm -+++ b/cpan/File-Path/lib/File/Path.pm -@@ -354,21 +354,32 @@ sub _rmtree { - - # see if we can escalate privileges to get in - # (e.g. funny protection mask such as -w- instead of rwx) -- $perm &= oct '7777'; -- my $nperm = $perm | oct '700'; -- if ( -- !( -- $arg->{safe} -- or $nperm == $perm -- or chmod( $nperm, $root ) -- ) -- ) -- { -- _error( $arg, -- "cannot make child directory read-write-exec", $canon ); -- next ROOT_DIR; -+ # This uses fchmod to avoid traversing outside of the proper -+ # location (CVE-2017-6512) -+ my $root_fh; -+ if (open($root_fh, '<', $root)) { -+ my ($fh_dev, $fh_inode) = (stat $root_fh )[0,1]; -+ $perm &= oct '7777'; -+ my $nperm = $perm | oct '700'; -+ local $@; -+ if ( -+ !( -+ $arg->{safe} -+ or $nperm == $perm -+ or !-d _ -+ or $fh_dev ne $ldev -+ or $fh_inode ne $lino -+ or eval { chmod( $nperm, $root_fh ) } -+ ) -+ ) -+ { -+ _error( $arg, -+ "cannot make child directory read-write-exec", $canon ); -+ next ROOT_DIR; -+ } -+ close $root_fh; - } -- elsif ( !chdir($root) ) { -+ if ( !chdir($root) ) { - _error( $arg, "cannot chdir to child", $canon ); - next ROOT_DIR; - } -diff --git a/cpan/File-Path/t/Path.t b/cpan/File-Path/t/Path.t -index ff52fd6..956ca09 100644 ---- a/cpan/File-Path/t/Path.t -+++ b/cpan/File-Path/t/Path.t -@@ -3,7 +3,7 @@ - - use strict; - --use Test::More tests => 127; -+use Test::More tests => 126; - use Config; - use Fcntl ':mode'; - use lib 't/'; -@@ -18,6 +18,13 @@ BEGIN { - - my $Is_VMS = $^O eq 'VMS'; - -+my $fchmod_supported = 0; -+if (open my $fh, curdir()) { -+ my ($perm) = (stat($fh))[2]; -+ $perm &= 07777; -+ eval { $fchmod_supported = chmod( $perm, $fh); }; -+} -+ - # first check for stupid permissions second for full, so we clean up - # behind ourselves - for my $perm (0111,0777) { -@@ -299,16 +306,19 @@ is($created[0], $dir, "created directory (old style 3 mode undef) cross-check"); - - is(rmtree($dir, 0, undef), 1, "removed directory 3 verbose undef"); - --$dir = catdir($tmp_base,'G'); --$dir = VMS::Filespec::unixify($dir) if $Is_VMS; -+SKIP: { -+ skip "fchmod of directories not supported on this platform", 3 unless $fchmod_supported; -+ $dir = catdir($tmp_base,'G'); -+ $dir = VMS::Filespec::unixify($dir) if $Is_VMS; - --@created = mkpath($dir, undef, 0200); -+ @created = mkpath($dir, undef, 0400); - --is(scalar(@created), 1, "created write-only dir"); -+ is(scalar(@created), 1, "created read-only dir"); - --is($created[0], $dir, "created write-only directory cross-check"); -+ is($created[0], $dir, "created read-only directory cross-check"); - --is(rmtree($dir), 1, "removed write-only dir"); -+ is(rmtree($dir), 1, "removed read-only dir"); -+} - - # borderline new-style heuristics - if (chdir $tmp_base) { -@@ -450,26 +460,28 @@ SKIP: { - } - - SKIP : { -- my $skip_count = 19; -+ my $skip_count = 18; - # this test will fail on Windows, as per: - # http://perldoc.perl.org/perlport.html#chmod - - skip "Windows chmod test skipped", $skip_count - if $^O eq 'MSWin32'; -+ skip "fchmod() on directories is not supported on this platform", $skip_count -+ unless $fchmod_supported; - my $mode; - my $octal_mode; - my @inputs = ( -- 0777, 0700, 0070, 0007, -- 0333, 0300, 0030, 0003, -- 0111, 0100, 0010, 0001, -- 0731, 0713, 0317, 0371, 0173, 0137, -- 00 ); -+ 0777, 0700, 0470, 0407, -+ 0433, 0400, 0430, 0403, -+ 0111, 0100, 0110, 0101, -+ 0731, 0713, 0317, 0371, -+ 0173, 0137); - my $input; - my $octal_input; -- $dir = catdir($tmp_base, 'chmod_test'); - - foreach (@inputs) { - $input = $_; -+ $dir = catdir($tmp_base, sprintf("chmod_test%04o", $input)); - # We can skip from here because 0 is last in the list. - skip "Mode of 0 means assume user defaults on VMS", 1 - if ($input == 0 && $Is_VMS); diff --git a/gnu/packages/patches/texinfo-perl-compat.patch b/gnu/packages/patches/texinfo-perl-compat.patch new file mode 100644 index 0000000000..a7348fde0d --- /dev/null +++ b/gnu/packages/patches/texinfo-perl-compat.patch @@ -0,0 +1,51 @@ +Fix compatibility with newer Perls. + +The first patch is taken from upstream: +https://svn.savannah.gnu.org/viewvc/texinfo?view=revision&revision=8008 + +The second gets rid of a deprecation warning that breaks some tests. +Taken from Fedora: <https://bugzilla.redhat.com/show_bug.cgi?id=1590308>. + +--- trunk/tp/Texinfo/Convert/XSParagraph/xspara.c 2017/04/30 14:57:26 7765 ++++ trunk/tp/Texinfo/Convert/XSParagraph/xspara.c 2018/07/13 15:39:29 8008 +@@ -248,6 +248,11 @@ + + dTHX; + ++#if PERL_VERSION > 27 || (PERL_VERSION == 27 && PERL_SUBVERSION > 8) ++ /* needed due to thread-safe locale handling in newer perls */ ++ switch_to_global_locale(); ++#endif ++ + if (setlocale (LC_CTYPE, "en_US.UTF-8") + || setlocale (LC_CTYPE, "en_US.utf8")) + goto success; +@@ -320,6 +325,10 @@ + { + success: ; + free (utf8_locale); ++#if PERL_VERSION > 27 || (PERL_VERSION == 27 && PERL_SUBVERSION > 8) ++ /* needed due to thread-safe locale handling in newer perls */ ++ sync_locale(); ++#endif + /* + fprintf (stderr, "tried to set LC_CTYPE to UTF-8.\n"); + fprintf (stderr, "character encoding is: %s\n", + +diff -up texinfo-6.5/tp/Texinfo/Parser.pm.orig texinfo-6.5/tp/Texinfo/Parser.pm +--- texinfo-6.5/tp/Texinfo/Parser.pm.orig 2018-06-12 13:40:29.356030136 +0200 ++++ texinfo-6.5/tp/Texinfo/Parser.pm 2018-06-12 13:41:28.357725639 +0200 +@@ -5478,11 +5478,11 @@ sub _parse_special_misc_command($$$$) + } + } elsif ($command eq 'clickstyle') { + # REMACRO +- if ($line =~ /^\s+@([[:alnum:]][[:alnum:]\-]*)({})?\s*/) { ++ if ($line =~ /^\s+@([[:alnum:]][[:alnum:]\-]*)(\{})?\s*/) { + $args = ['@'.$1]; + $self->{'clickstyle'} = $1; + $remaining = $line; +- $remaining =~ s/^\s+@([[:alnum:]][[:alnum:]\-]*)({})?\s*(\@(c|comment)((\@|\s+).*)?)?//; ++ $remaining =~ s/^\s+@([[:alnum:]][[:alnum:]\-]*)(\{})?\s*(\@(c|comment)((\@|\s+).*)?)?//; + $has_comment = 1 if (defined($4)); + } else { + $self->line_error (sprintf($self->__( diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm index 5719b7bb45..564a23d012 100644 --- a/gnu/packages/pcre.scm +++ b/gnu/packages/pcre.scm @@ -35,7 +35,7 @@ (define-public pcre (package (name "pcre") - (version "8.41") + (version "8.42") (source (origin (method url-fetch) (uri (list @@ -46,11 +46,12 @@ version "/pcre-" version ".tar.bz2"))) (sha256 (base32 - "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76")))) + "00ckpzlgyr16bnqx8fawa3afjgqxw5yxgs2l081vw23qi1y4pl1c")))) (build-system gnu-build-system) (outputs '("out" ;library & headers "bin" ;depends on Readline (adds 20MiB to the closure) - "doc")) ;1.8 MiB of HTML + "doc" ;1.8 MiB of HTML + "static")) ;1.8 MiB static libraries (inputs `(("bzip2" ,bzip2) ("readline" ,readline) ("zlib" ,zlib))) @@ -63,7 +64,19 @@ "--enable-unicode-properties" "--enable-pcre16" "--enable-pcre32" - "--enable-jit"))) + "--enable-jit") + #:phases (modify-phases %standard-phases + (add-after 'install 'move-static-libs + (lambda* (#:key outputs #:allow-other-keys) + (let ((source (string-append (assoc-ref outputs "out") "/lib")) + (static (string-append (assoc-ref outputs "static") "/lib"))) + (mkdir-p static) + (for-each (lambda (lib) + (link lib (string-append static "/" + (basename lib))) + (delete-file lib)) + (find-files source "\\.a$")) + #t)))))) (synopsis "Perl Compatible Regular Expressions") (description "The PCRE library is a set of functions that implement regular expression diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 867333031c..cb5442c433 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -80,14 +80,14 @@ (define-public poppler (package (name "poppler") - (version "0.63.0") + (version "0.64.0") (source (origin (method url-fetch) (uri (string-append "https://poppler.freedesktop.org/poppler-" version ".tar.xz")) (sha256 (base32 - "04d1z1ygyb3llzc6s6c99wxafvljj2sc5b76djif34f7mzfqmk17")))) + "1cb4gz3h7cfqyphhx71qc9mp417bdphchbfghmvhcy4zm4ngj7dj")))) (build-system cmake-build-system) ;; FIXME: ;; use libcurl: no diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index afbe5979db..3eb5b1eacf 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -45,7 +45,6 @@ #:use-module (guix download) #:use-module (guix build-system gnu) #:use-module (guix build-system perl) - #:use-module (guix utils) ;substitute-keyword-arguments for perl-5.26.2 #:use-module (gnu packages base) #:use-module (gnu packages compression) #:use-module (gnu packages freedesktop) @@ -62,17 +61,15 @@ ;; Yeah, Perl... It is required early in the bootstrap process by Linux. (package (name "perl") - (version "5.26.1") - (replacement perl/fixed) + (version "5.28.0") (source (origin (method url-fetch) (uri (string-append "mirror://cpan/src/5.0/perl-" version ".tar.gz")) (sha256 (base32 - "1p81wwvr5jb81m41d07kfywk5gvbk0axdrnvhc2aghcdbr4alqz7")) + "1a3f822lcl8dr8v0hk80yyhpzqlljg49z9flb48rs3nbsij9z4ky")) (patches (search-patches - "perl-file-path-CVE-2017-6512.patch" "perl-no-sys-dirs.patch" "perl-autosplit-default-time.patch" "perl-deterministic-ordering.patch" @@ -161,41 +158,6 @@ (home-page "http://www.perl.org/") (license gpl1+))) ; or "Artistic" -;; Fixes CVE-2018-6797, CVE-2018-6798, and CVE-2018-6913. -;; See <https://metacpan.org/changes/release/SHAY/perl-5.26.2>. -(define perl-5.26.2 - (package - (inherit perl) - (version "5.26.2") - (source (origin - (inherit (package-source perl)) - (uri (string-append "mirror://cpan/src/5.0/perl-" - version ".tar.gz")) - (patches (append (origin-patches (package-source perl)) - (search-patches "perl-archive-tar-CVE-2018-12015.patch"))) - (sha256 - (base32 - "03gpnxx1g6hvlh0v4aqx00580h787sfywp1vlvw64q2xcbm9qbsp")))))) - -;; When grafting perl, complications arise when the replacement perl has a -;; different version number than the original. So, here we create a version -;; of perl-5.26.2 that thinks it is version 5.26.1. See -;; <https://bugs.gnu.org/31210> and <https://bugs.gnu.org/31216>. -(define perl/fixed - (package - (inherit perl-5.26.2) - (version "5.26.1") - (arguments - (substitute-keyword-arguments (package-arguments perl-5.26.2) - ((#:phases phases) - `(modify-phases ,phases - (add-after 'unpack 'revert-perl-subversion - (lambda _ - (substitute* "patchlevel.h" - (("^#define PERL_SUBVERSION 2") - "#define PERL_SUBVERSION 1")) - #t)))))))) - (define-public perl-algorithm-c3 (package (name "perl-algorithm-c3") diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index fc1ef3eb2a..097e80b606 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -145,7 +145,7 @@ (define-public python-2.7 (package (name "python2") - (version "2.7.14") + (version "2.7.15") (source (origin (method url-fetch) @@ -153,7 +153,7 @@ version "/Python-" version ".tar.xz")) (sha256 (base32 - "0rka541ys16jwzcnnvjp2v12m4cwgd2jp6wj4kj511p715pb5zvi")) + "0x2mvz9dp11wj7p5ccvmk9s0hzjk2fa1m462p395l4r6bfnb3n92")) (patches (search-patches "python-2.7-search-paths.patch" "python-2-deterministic-build-info.patch" "python-2.7-site-prefixes.patch" diff --git a/gnu/packages/readline.scm b/gnu/packages/readline.scm index 4695e9fc71..59fa8af8af 100644 --- a/gnu/packages/readline.scm +++ b/gnu/packages/readline.scm @@ -48,7 +48,9 @@ (patch-series (1 "0xm3sxvwmss7ddyfb11n6pgcqd1aglnpy15g143vzcf75snb7hcs") (2 "0n1dxmqsbjgrfxb1hgk5c6lsraw4ncbnzxlsx7m35nym6lncjiw7") - (3 "1027kmymniizcy0zbdlrczxfx3clxcdln5yq05q9yzlc6y9slhwy"))) + (3 "1027kmymniizcy0zbdlrczxfx3clxcdln5yq05q9yzlc6y9slhwy") + (4 "0r3bbaf12iz8m02z6p3fzww2m365fhn71xmzab2p62gj54s6h9gr") + (5 "0lxpa4f72y2nsgj6fgrhjk2nmmxvccys6aciwfxwchb5f21rq5fa"))) (define-public readline (package diff --git a/gnu/packages/tcl.scm b/gnu/packages/tcl.scm index 97e1427bec..06f4f9bb58 100644 --- a/gnu/packages/tcl.scm +++ b/gnu/packages/tcl.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015, 2018 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> -;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net> ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> @@ -25,6 +25,7 @@ (define-module (gnu packages tcl) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (guix build-system perl) #:use-module (gnu packages) @@ -145,13 +146,22 @@ X11 GUIs.") (patches (search-patches "tk-find-library.patch")))) (build-system gnu-build-system) (arguments - '(#:phases (modify-phases %standard-phases + `(#:phases (modify-phases %standard-phases (add-before 'configure 'pre-configure (lambda _ (chdir "unix") #t)) (add-after + 'install 'create-wish-symlink + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (symlink (string-append out "/bin/wish" + ,(version-major+minor + (package-version tk))) + (string-append out "/bin/wish"))) + #t)) + (add-after 'install 'add-fontconfig-flag (lambda* (#:key inputs outputs #:allow-other-keys) ;; Add the missing -L flag for Fontconfig in 'tk.pc' and @@ -179,7 +189,7 @@ X11 GUIs.") (propagated-inputs `(("libx11" ,libx11) ("libxext" ,libxext))) - (home-page "http://www.tcl.tk/") + (home-page "https://www.tcl.tk/") (synopsis "Graphical user interface toolkit for Tcl") (description "Tk is a graphical toolkit for building graphical user diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm index b290644aac..98fc9f0921 100644 --- a/gnu/packages/tex.scm +++ b/gnu/packages/tex.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2016, 2018 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Federico Beffa <beffa@fbengineering.ch> ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be> -;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2016, 2017, 2018 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> @@ -76,42 +76,41 @@ (define texlive-extra-src (origin (method url-fetch) - (uri "ftp://tug.org/historic/systems/texlive/2017/texlive-20170524-extra.tar.xz") + (uri "ftp://tug.org/historic/systems/texlive/2018/texlive-20180414-extra.tar.xz") (sha256 (base32 - "0zvd2zskk78ig114mfj24g15qys41hzqv59fmqpirdbgq9c9gr5g")))) + "0a83kymxc8zmlxjb0y1gf6mx7qnf0hxffwkivwh5yh138y2rfhsv")))) (define texlive-texmf-src (origin (method url-fetch) - (uri "ftp://tug.org/historic/systems/texlive/2017/texlive-20170524-texmf.tar.xz") + (uri "ftp://tug.org/historic/systems/texlive/2018/texlive-20180414-texmf.tar.xz") (sha256 (base32 - "1v69y3kgkbk24f7s4dfkknwd317mqmck5jgpyb35wqgqfy5p0qrz")))) + "1b8zigzg8raxkhhzphcmynf84rbdbj2ym2qkz24v8n0qx82zmqms")))) (define-public texlive-bin (package (name "texlive-bin") - (version "20170524") + (version "20180414") (source (origin - (method url-fetch) - (uri (string-append "ftp://tug.org/historic/systems/texlive/2017/" + (method url-fetch) + (uri (string-append "ftp://tug.org/historic/systems/texlive/2018/" "texlive-" version "-source.tar.xz")) + (sha256 + (base32 + "0khyi6h015r2zfqgg0a44a2j7vmr1cy42knw7jbss237yvakc07y")) (patches (list - ;; This is required for compatibility with Poppler >= 0.58. - ;; See <http://tutex.tug.org/pipermail/tex-k/2017-September/002809.html> - ;; and <https://bugs.archlinux.org/task/55720> for some discussion. + ;; This is required for compatibility with Poppler 0.64.0 and to fix a + ;; segmentation fault in dvipdfm-x from XeTeX. (origin (method url-fetch) - (uri (string-append "https://git.archlinux.org/svntogit/packages.git/plain" - "/trunk/texlive-poppler-0.59.patch?h=packages/texlive-bin" - "&id=ba2de374e2b21ecc4b85cc9777f2f15c4d356c61")) + (uri (string-append "http://www.linuxfromscratch.org/patches/blfs/" + "svn/texlive-" version "-source-upstream_fixes-1.patch")) (file-name "texlive-poppler-compat.patch") (sha256 (base32 - "1c4ikq4kxw48bi3i33bzpabrjvbk01fwjr2lz20gkc9kv8l0bg3n"))))) - (sha256 (base32 - "1amjrxyasplv4alfwcxwnw4nrx7dz2ydmddkq16k6hg90i9njq81")))) + "0f8vhyj167y4xj0jx47vkybrcacfpxw0wdn1b777yq3xmhlahhlg"))))))) (build-system gnu-build-system) (inputs `(("texlive-extra-src" ,texlive-extra-src) @@ -175,47 +174,54 @@ (not (or (string-prefix? "aarch64" s) (string-prefix? "mips64" s)))) #:phases - (modify-phases %standard-phases - (add-after 'unpack 'configure-ghostscript-executable - ;; ps2eps.pl uses the "gswin32c" ghostscript executable on Windows, - ;; and the "gs" ghostscript executable on Unix. It detects Unix by - ;; checking for the existence of the /usr/bin directory. Since - ;; GuixSD does not have /usr/bin, it is also detected as Windows. - (lambda* (#:key inputs #:allow-other-keys) - (substitute* "utils/ps2eps/ps2eps-src/bin/ps2eps.pl" - (("gswin32c") "gs")) - (substitute* "texk/texlive/linked_scripts/epstopdf/epstopdf.pl" - (("\"gs\"") - (string-append "\"" (assoc-ref inputs "ghostscript") "/bin/gs\""))) - #t)) - (add-after 'install 'postint - (lambda* (#:key inputs outputs #:allow-other-keys #:rest args) - (let* ((out (assoc-ref outputs "out")) - (share (string-append out "/share")) - (texlive-extra (assoc-ref inputs "texlive-extra-src")) - (unpack (assoc-ref %standard-phases 'unpack)) - (patch-source-shebangs - (assoc-ref %standard-phases 'patch-source-shebangs))) - ;; Create symbolic links for the latex variants and their - ;; man pages. - (with-directory-excursion (string-append out "/bin/") - (for-each symlink - '("pdftex" "pdftex" "xetex" "luatex") - '("latex" "pdflatex" "xelatex" "lualatex"))) - (with-directory-excursion (string-append share "/man/man1/") - (symlink "luatex.1" "lualatex.1")) - ;; Unpack texlive-extra and install tlpkg. - (mkdir "texlive-extra") - (with-directory-excursion "texlive-extra" - (apply unpack (list #:source texlive-extra)) - (apply patch-source-shebangs (list #:source texlive-extra)) - (invoke "mv" "tlpkg" share)) - ;; texlua shebangs are not patched by the patch-source-shebangs - ;; phase because the texlua executable does not exist at that - ;; time. - (setenv "PATH" (string-append (getenv "PATH") ":" out "/bin")) - (with-directory-excursion out - (patch-source-shebangs)))))))) + (modify-phases %standard-phases + (add-after 'unpack 'configure-ghostscript-executable + ;; ps2eps.pl uses the "gswin32c" ghostscript executable on Windows, + ;; and the "gs" ghostscript executable on Unix. It detects Unix by + ;; checking for the existence of the /usr/bin directory. Since + ;; GuixSD does not have /usr/bin, it is also detected as Windows. + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "utils/ps2eps/ps2eps-src/bin/ps2eps.pl" + (("gswin32c") "gs")) + (substitute* "texk/texlive/linked_scripts/epstopdf/epstopdf.pl" + (("\"gs\"") + (string-append "\"" (assoc-ref inputs "ghostscript") "/bin/gs\""))) + #t)) + (add-after 'unpack 'use-code-for-new-poppler + (lambda _ + (copy-file "texk/web2c/pdftexdir/pdftoepdf-newpoppler.cc" + "texk/web2c/pdftexdir/pdftoepdf.cc") + (copy-file "texk/web2c/pdftexdir/pdftosrc-newpoppler.cc" + "texk/web2c/pdftexdir/pdftosrc.cc") + #t)) + (add-after 'install 'postint + (lambda* (#:key inputs outputs #:allow-other-keys #:rest args) + (let* ((out (assoc-ref outputs "out")) + (share (string-append out "/share")) + (texlive-extra (assoc-ref inputs "texlive-extra-src")) + (unpack (assoc-ref %standard-phases 'unpack)) + (patch-source-shebangs + (assoc-ref %standard-phases 'patch-source-shebangs))) + ;; Create symbolic links for the latex variants and their + ;; man pages. + (with-directory-excursion (string-append out "/bin/") + (for-each symlink + '("pdftex" "pdftex" "xetex" "luatex") + '("latex" "pdflatex" "xelatex" "lualatex"))) + (with-directory-excursion (string-append share "/man/man1/") + (symlink "luatex.1" "lualatex.1")) + ;; Unpack texlive-extra and install tlpkg. + (mkdir "texlive-extra") + (with-directory-excursion "texlive-extra" + (apply unpack (list #:source texlive-extra)) + (apply patch-source-shebangs (list #:source texlive-extra)) + (invoke "mv" "tlpkg" share)) + ;; texlua shebangs are not patched by the patch-source-shebangs + ;; phase because the texlua executable does not exist at that + ;; time. + (setenv "PATH" (string-append (getenv "PATH") ":" out "/bin")) + (with-directory-excursion out + (patch-source-shebangs)))))))) (synopsis "TeX Live, a package of the TeX typesetting system") (description "TeX Live provides a comprehensive TeX document production system. @@ -3929,7 +3935,7 @@ directly generate PDF documents instead of DVI.") (define texlive-texmf (package (name "texlive-texmf") - (version "2017") + (version "20180414") (source texlive-texmf-src) (build-system gnu-build-system) (inputs @@ -4001,7 +4007,7 @@ This package contains the complete tree of texmf-dist data.") (define-public texlive (package (name "texlive") - (version "2017") + (version "20180414") (source #f) (build-system trivial-build-system) (inputs `(("bash" ,bash) ; for wrap-program diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm index 109a24bf62..5fe7f1ec9c 100644 --- a/gnu/packages/texinfo.scm +++ b/gnu/packages/texinfo.scm @@ -37,6 +37,7 @@ (method url-fetch) (uri (string-append "mirror://gnu/texinfo/texinfo-" version ".tar.xz")) + (patches (search-patches "texinfo-perl-compat.patch")) (sha256 (base32 "0qjzvbvnv9003xdrcpi3jp7y68j4hq2ciw9frh2hghh698zlnxvp")))) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index f1dca66552..e99b7a83ba 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -260,7 +260,6 @@ required structures.") (define-public openssl (package (name "openssl") - (replacement openssl/fixed) (version "1.0.2o") (source (origin (method url-fetch) @@ -275,6 +274,8 @@ required structures.") (base32 "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc")) (patches (search-patches "openssl-runpath.patch" + "openssl-1.0.2-CVE-2018-0495.patch" + "openssl-1.0.2-CVE-2018-0732.patch" "openssl-c-rehash-in.patch")))) (build-system gnu-build-system) (outputs '("out" @@ -397,15 +398,6 @@ required structures.") (license license:openssl) (home-page "https://www.openssl.org/"))) -(define openssl/fixed - (package - (inherit openssl) - (source (origin - (inherit (package-source openssl)) - (patches (append (origin-patches (package-source openssl)) - (search-patches "openssl-1.0.2-CVE-2018-0495.patch" - "openssl-1.0.2-CVE-2018-0732.patch"))))))) - (define-public openssl-next (package (inherit openssl) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index c4b78d0b64..7588adea0c 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -506,7 +506,7 @@ libraries for working with JNLP applets.") (define-public jansson (package (name "jansson") - (version "2.10") + (version "2.11") (source (origin (method url-fetch) (uri @@ -514,7 +514,7 @@ libraries for working with JNLP applets.") version ".tar.gz")) (sha256 (base32 - "0iv4rxsnamqm3ldpg7dyhjq0x9cp023nc7ac820jdd3pwb8ml8bq")))) + "1x5jllzzqamq6kahx9d9a5mrarm9m3f30vfxvcqpi6p4mcnz91bf")))) (build-system gnu-build-system) (home-page "http://www.digip.org/jansson/") (synopsis "JSON C library") @@ -6525,7 +6525,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.") (define-public nghttp2 (package (name "nghttp2") - (version "1.31.1") + (version "1.32.0") (source (origin (method url-fetch) @@ -6534,7 +6534,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.") name "-" version ".tar.xz")) (sha256 (base32 - "00z1687m4wi2gbgkijbv099l9hs1sjlyzbhh8jhn0xssx4xcifb5")))) + "0zbgp8f80h2zlfn8cd2ldrmgl81jzcdh1141n71aqmfckzaqj2kh")))) (build-system gnu-build-system) (outputs (list "out" "lib")) ; only libnghttp2 diff --git a/guix/build/gremlin.scm b/guix/build/gremlin.scm index bb019967e5..e8ea66dfb3 100644 --- a/guix/build/gremlin.scm +++ b/guix/build/gremlin.scm @@ -41,7 +41,8 @@ elf-dynamic-info-runpath expand-origin - validate-needed-in-runpath)) + validate-needed-in-runpath + strip-runpath)) ;;; Commentary: ;;; @@ -99,10 +100,16 @@ dynamic linking information." ;; } d_un; ;; } Elf64_Dyn; +(define-record-type <dynamic-entry> + (dynamic-entry type value offset) + dynamic-entry? + (type dynamic-entry-type) ;DT_* + (value dynamic-entry-value) ;string | number | ... + (offset dynamic-entry-offset)) ;integer + (define (raw-dynamic-entries elf segment) - "Return as a list of type/value pairs all the dynamic entries found in -SEGMENT, the 'PT_DYNAMIC' segment of ELF. In the result, each car is a DT_ -value, and the interpretation of the cdr depends on the type." + "Return as a list of <dynamic-entry> for the dynamic entries found in +SEGMENT, the 'PT_DYNAMIC' segment of ELF." (define start (elf-segment-offset segment)) (define bytes @@ -123,7 +130,9 @@ value, and the interpretation of the cdr depends on the type." (if (= type DT_NULL) ;finished? (reverse result) (loop (+ offset (* 2 word-size)) - (alist-cons type value result))))))) + (cons (dynamic-entry type value + (+ start offset word-size)) + result))))))) (define (vma->offset elf vma) "Convert VMA, a virtual memory address, to an offset within ELF. @@ -148,35 +157,33 @@ offset." (define (dynamic-entries elf segment) "Return all the dynamic entries found in SEGMENT, the 'PT_DYNAMIC' segment -of ELF, as a list of type/value pairs. The type is a DT_ value, and the value -may be a string or an integer depending on the entry type (for instance, the -value of DT_NEEDED entries is a string.)" +of ELF, as a list of <dynamic-entry>. The value of each entry may be a string +or an integer depending on the entry type (for instance, the value of +DT_NEEDED entries is a string.) Likewise the offset is the offset within the +string table if the type is a string." (define entries (raw-dynamic-entries elf segment)) (define string-table-offset - (any (match-lambda - ((type . value) - (and (= type DT_STRTAB) value)) - (_ #f)) + (any (lambda (entry) + (and (= (dynamic-entry-type entry) DT_STRTAB) + (dynamic-entry-value entry))) entries)) - (define (interpret-dynamic-entry type value) - (cond ((memv type (list DT_NEEDED DT_SONAME DT_RPATH DT_RUNPATH)) - (if string-table-offset - (pointer->string - (bytevector->pointer (elf-bytes elf) - (vma->offset - elf - (+ string-table-offset value)))) - value)) - (else - value))) - - (map (match-lambda - ((type . value) - (cons type (interpret-dynamic-entry type value)))) - entries)) + (define (interpret-dynamic-entry entry) + (let ((type (dynamic-entry-type entry)) + (value (dynamic-entry-value entry))) + (cond ((memv type (list DT_NEEDED DT_SONAME DT_RPATH DT_RUNPATH)) + (if string-table-offset + (let* ((offset (vma->offset elf (+ string-table-offset value))) + (value (pointer->string + (bytevector->pointer (elf-bytes elf) offset)))) + (dynamic-entry type value offset)) + (dynamic-entry type value (dynamic-entry-offset entry)))) + (else + (dynamic-entry type value (dynamic-entry-offset entry)))))) + + (map interpret-dynamic-entry entries)) ;;; @@ -200,21 +207,29 @@ value of DT_NEEDED entries is a string.)" (define (elf-dynamic-info elf) "Return dynamic-link information for ELF as an <elf-dynamic-info> object, or #f if ELF lacks dynamic-link information." + (define (matching-entry type) + (lambda (entry) + (= type (dynamic-entry-type entry)))) + (match (dynamic-link-segment elf) (#f #f) ((? elf-segment? dynamic) (let ((entries (dynamic-entries elf dynamic))) - (%elf-dynamic-info (assv-ref entries DT_SONAME) - (filter-map (match-lambda - ((type . value) - (and (= type DT_NEEDED) value)) - (_ #f)) + (%elf-dynamic-info (find (matching-entry DT_SONAME) entries) + (filter-map (lambda (entry) + (and (= (dynamic-entry-type entry) + DT_NEEDED) + (dynamic-entry-value entry))) entries) - (or (and=> (assv-ref entries DT_RPATH) - search-path->list) + (or (and=> (find (matching-entry DT_RPATH) + entries) + (compose search-path->list + dynamic-entry-value)) '()) - (or (and=> (assv-ref entries DT_RUNPATH) - search-path->list) + (or (and=> (find (matching-entry DT_RUNPATH) + entries) + (compose search-path->list + dynamic-entry-value)) '())))))) (define %libc-libraries @@ -306,4 +321,47 @@ be found in RUNPATH ~s~%" ;; (format (current-error-port) "~a is OK~%" file)) (null? not-found)))))) +(define (strip-runpath file) + "Remove from the DT_RUNPATH of FILE any entries that are not necessary +according to DT_NEEDED." + (define (minimal-runpath needed runpath) + (filter (lambda (directory) + (and (string-prefix? "/" directory) + (any (lambda (lib) + (file-exists? (string-append directory "/" lib))) + needed))) + runpath)) + + (define port + (open-file file "r+b")) + + (catch #t + (lambda () + (let* ((elf (parse-elf (get-bytevector-all port))) + (entries (dynamic-entries elf (dynamic-link-segment elf))) + (needed (filter-map (lambda (entry) + (and (= (dynamic-entry-type entry) + DT_NEEDED) + (dynamic-entry-value entry))) + entries)) + (runpath (find (lambda (entry) + (= DT_RUNPATH (dynamic-entry-type entry))) + entries)) + (old (search-path->list + (dynamic-entry-value runpath))) + (new (minimal-runpath needed old))) + (unless (equal? old new) + (format (current-error-port) + "~a: stripping RUNPATH to ~s (removed ~s)~%" + file new + (lset-difference string=? old new)) + (seek port (dynamic-entry-offset runpath) SEEK_SET) + (put-bytevector port (string->utf8 (string-join new ":"))) + (put-u8 port 0)) + (close-port port) + new)) + (lambda (key . args) + (false-if-exception (close-port port)) + (apply throw key args)))) + ;;; gremlin.scm ends here diff --git a/guix/build/meson-build-system.scm b/guix/build/meson-build-system.scm index e4aae8212f..9724764424 100644 --- a/guix/build/meson-build-system.scm +++ b/guix/build/meson-build-system.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com> +;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -75,9 +76,8 @@ "1")) (if tests? (invoke "ninja" test-target) - (begin - (format #t "test suite not run~%") - #t))) + (format #t "test suite not run~%")) + #t) (define* (install #:rest args) (invoke "ninja" "install")) @@ -134,7 +134,7 @@ for example libraries only needed for the tests." (find-files dir elf-pred)) existing-elf-dirs)))) (for-each (lambda (elf-file) - (invoke "patchelf" "--shrink-rpath" elf-file) + (strip-runpath elf-file) (handle-file elf-file elf-list)) elf-list))))) (for-each handle-output outputs) diff --git a/guix/build/r-build-system.scm b/guix/build/r-build-system.scm index 4d8ac5b479..2c0b322da9 100644 --- a/guix/build/r-build-system.scm +++ b/guix/build/r-build-system.scm @@ -44,7 +44,7 @@ (unless (zero? code) (raise (condition ((@@ (guix build utils) &invoke-error) (program "R") - (arguments (string-append params " " command)) + (arguments (cons command params)) (exit-status (status:exit-val code)) (term-signal (status:term-sig code)) (stop-signal (status:stop-sig code))))))))) diff --git a/guix/packages.scm b/guix/packages.scm index a220b9c476..3d9f281b74 100644 --- a/guix/packages.scm +++ b/guix/packages.scm @@ -629,11 +629,6 @@ specifies modules in scope when evaluating SNIPPET." (apply invoke (string-append #+tar "/bin/tar") "cvf" #$output - ;; The bootstrap xz does not support - ;; threaded compression (introduced in - ;; 5.2.0), but it ignores the extra flag. - (string-append "--use-compress-program=" - #+xz "/bin/xz --threads=0") ;; avoid non-determinism in the archive "--mtime=@0" "--owner=root:0" diff --git a/tests/gremlin.scm b/tests/gremlin.scm index 2885554967..1b47d5c384 100644 --- a/tests/gremlin.scm +++ b/tests/gremlin.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2015, 2018 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -18,12 +18,14 @@ (define-module (test-gremlin) #:use-module (guix elf) + #:use-module ((guix utils) #:select (call-with-temporary-directory)) #:use-module (guix build utils) #:use-module (guix build gremlin) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (srfi srfi-64) #:use-module (rnrs io ports) + #:use-module (ice-9 popen) #:use-module (ice-9 match)) (define %guile-executable @@ -37,6 +39,9 @@ (define read-elf (compose parse-elf get-bytevector-all)) +(define c-compiler + (or (which "gcc") (which "cc") (which "g++"))) + (test-begin "gremlin") @@ -63,4 +68,32 @@ "../${ORIGIN}/bar/$ORIGIN/baz" "ORIGIN/foo"))) +(unless c-compiler + (test-skip 1)) +(test-equal "strip-runpath" + "hello\n" + (call-with-temporary-directory + (lambda (directory) + (with-directory-excursion directory + (call-with-output-file "t.c" + (lambda (port) + (display "int main () { puts(\"hello\"); }" port))) + (invoke c-compiler "t.c" + "-Wl,-rpath=/foo" "-Wl,-rpath=/bar") + (let* ((dyninfo (elf-dynamic-info + (parse-elf (call-with-input-file "a.out" + get-bytevector-all)))) + (old (elf-dynamic-info-runpath dyninfo)) + (new (strip-runpath "a.out")) + (new* (strip-runpath "a.out"))) + (validate-needed-in-runpath "a.out") + (and (member "/foo" old) (member "/bar" old) + (not (member "/foo" new)) + (not (member "/bar" new)) + (equal? new* new) + (let* ((pipe (open-input-pipe "./a.out")) + (str (get-string-all pipe))) + (close-pipe pipe) + str))))))) + (test-end "gremlin") |