aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am2
-rw-r--r--doc/guix.texi418
-rw-r--r--gnu/build/file-systems.scm9
-rw-r--r--gnu/local.mk20
-rw-r--r--gnu/packages/accessibility.scm78
-rw-r--r--gnu/packages/algebra.scm4
-rw-r--r--gnu/packages/animation.scm47
-rw-r--r--gnu/packages/bioinformatics.scm4
-rw-r--r--gnu/packages/emacs.scm62
-rw-r--r--gnu/packages/fonts.scm119
-rw-r--r--gnu/packages/fontutils.scm15
-rw-r--r--gnu/packages/gnuzilla.scm56
-rw-r--r--gnu/packages/image.scm18
-rw-r--r--gnu/packages/mail.scm4
-rw-r--r--gnu/packages/messaging.scm2
-rw-r--r--gnu/packages/parallel.scm4
-rw-r--r--gnu/packages/patches/gajim-CVE-2016-10376.patch57
-rw-r--r--gnu/packages/patches/graphite2-CVE-2017-5436.patch25
-rw-r--r--gnu/packages/patches/graphite2-check-code-point-limit.patch50
-rw-r--r--gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch93
-rw-r--r--gnu/packages/patches/graphite2-non-linear-classes-even-number.patch26
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-7593.patch113
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-7594.patch54
-rw-r--r--gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch449
-rw-r--r--gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch151
-rw-r--r--gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch25
-rw-r--r--gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch32
-rw-r--r--gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch112
-rw-r--r--gnu/packages/patches/python-genshi-isstring-helper.patch37
-rw-r--r--gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch51
-rw-r--r--gnu/packages/patches/rxvt-unicode-escape-sequences.patch35
-rw-r--r--gnu/packages/patches/synfig-build-fix.patch61
-rw-r--r--gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch55
-rw-r--r--gnu/packages/python.scm122
-rw-r--r--gnu/packages/tls.scm6
-rw-r--r--gnu/packages/tryton.scm93
-rw-r--r--gnu/packages/wm.scm79
-rw-r--r--gnu/packages/xdisorg.scm1
-rw-r--r--gnu/services/dns.scm593
-rw-r--r--guix/build-system/font.scm130
-rw-r--r--guix/build/font-build-system.scm71
-rw-r--r--guix/build/syscalls.scm49
-rw-r--r--guix/scripts/offload.scm4
-rw-r--r--guix/scripts/publish.scm11
-rwxr-xr-xguix/scripts/substitute.scm4
-rw-r--r--guix/workers.scm18
-rw-r--r--tests/syscalls.scm8
47 files changed, 2416 insertions, 1061 deletions
diff --git a/Makefile.am b/Makefile.am
index c2fc2642a7..3925f3e2dc 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -76,6 +76,7 @@ MODULES = \
guix/build-system/cmake.scm \
guix/build-system/dub.scm \
guix/build-system/emacs.scm \
+ guix/build-system/font.scm \
guix/build-system/asdf.scm \
guix/build-system/glib-or-gtk.scm \
guix/build-system/gnu.scm \
@@ -101,6 +102,7 @@ MODULES = \
guix/build/cmake-build-system.scm \
guix/build/dub-build-system.scm \
guix/build/emacs-build-system.scm \
+ guix/build/font-build-system.scm \
guix/build/asdf-build-system.scm \
guix/build/git.scm \
guix/build/hg.scm \
diff --git a/doc/guix.texi b/doc/guix.texi
index aa8b705be6..7cbfdecba2 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -218,6 +218,7 @@ Services
* Messaging Services:: Messaging services.
* Kerberos Services:: Kerberos services.
* Web Services:: Web servers.
+* DNS Services:: DNS daemons.
* VPN Services:: VPN daemons.
* Network File System:: NFS related services.
* Continuous Integration:: The Cuirass service.
@@ -3626,6 +3627,14 @@ package is installed in its own directory under
@file{share/emacs/site-lisp/guix.d}.
@end defvr
+@defvr {Scheme Variable} font-build-system
+This variable is exported by @code{(guix build-system font)}. It
+implements an installation procedure for font packages where upstream
+provides pre-compiled TrueType, OpenType, etc. font files that merely
+need to be copied into place. It copies font files to standard
+locations in the output directory.
+@end defvr
+
Lastly, for packages that do not need anything as sophisticated, a
``trivial'' build system is provided. It is trivial in the sense that
it provides basically no support: it does not pull any implicit inputs,
@@ -8737,6 +8746,7 @@ declaration.
* Messaging Services:: Messaging services.
* Kerberos Services:: Kerberos services.
* Web Services:: Web servers.
+* DNS Services:: DNS daemons.
* VPN Services:: VPN daemons.
* Network File System:: NFS related services.
* Continuous Integration:: The Cuirass service.
@@ -13520,6 +13530,414 @@ Whether the server should add its configuration to response.
@end table
@end deftp
+@node DNS Services
+@subsubsection DNS Services
+@cindex DNS (domain name system)
+@cindex domain name system (DNS)
+
+The @code{(gnu services dns)} module provides services related to the
+@dfn{domain name system} (DNS). It provides a server service for hosting
+an @emph{authoritative} DNS server for multiple zones, slave or master.
+This service uses @uref{https://www.knot-dns.cz/, Knot DNS}.
+
+An example configuration of an authoritative server for two zones, one master
+and one slave, is:
+
+@lisp
+(define-zone-entries example.org.zone
+;; Name TTL Class Type Data
+ ("@@" "" "IN" "A" "127.0.0.1")
+ ("@@" "" "IN" "NS" "ns")
+ ("ns" "" "IN" "A" "127.0.0.1"))
+
+(define master-zone
+ (knot-zone-configuration
+ (domain "example.org")
+ (zone (zone-file
+ (origin "example.org")
+ (entries example.org.zone)))))
+
+(define slave-zone
+ (knot-zone-configuration
+ (domain "plop.org")
+ (dnssec-policy "default")
+ (master (list "plop-master"))))
+
+(define plop-master
+ (knot-remote-configuration
+ (id "plop-master")
+ (address (list "208.76.58.171"))))
+
+(operating-system
+ ;; ...
+ (services (cons* (service knot-service-type
+ (knot-confifguration
+ (remotes (list plop-master))
+ (zones (list master-zone slave-zone))))
+ ;; ...
+ %base-services)))
+@end lisp
+
+@deffn {Scheme Variable} knot-service-type
+This is the type for the Knot DNS server.
+
+Knot DNS is an authoritative DNS server, meaning that it can serve multiple
+zones, that is to say domain names you would buy from a registrar. This server
+is not a resolver, meaning that it can only resolve names for which it is
+authoritative. This server can be configured to serve zones as a master server
+or a slave server as a per-zone basis. Slave zones will get their data from
+masters, and will serve it as an authoritative server. From the point of view
+of a resolver, there is no difference between master and slave.
+
+The following data types are used to configure the Knot DNS server:
+@end deffn
+
+@deftp {Data Type} knot-key-configuration
+Data type representing a key.
+This type has the following parameters:
+
+@table @asis
+@item @code{id} (default: @code{""})
+An identifier for other configuration fields to refer to this key. IDs must
+be unique and must not be empty.
+
+@item @code{algorithm} (default: @code{#f})
+The algorithm to use. Choose between @code{#f}, @code{'hmac-md5},
+@code{'hmac-sha1}, @code{'hmac-sha224}, @code{'hmac-sha256}, @code{'hmac-sha384}
+and @code{'hmac-sha512}.
+
+@item @code{secret} (default: @code{""})
+The secret key itself.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-acl-configuration
+Data type representing an Access Control List (ACL) configuration.
+This type has the following parameters:
+
+@table @asis
+@item @code{id} (default: @code{""})
+An identifier for ether configuration fields to refer to this key. IDs must be
+unique and must not be empty.
+
+@item @code{address} (default: @code{'()})
+An ordered list of IP addresses, network subnets, or network ranges represented
+with strings. The query must match one of them. Empty value means that
+address match is not required.
+
+@item @code{key} (default: @code{'()})
+An ordered list of references to keys represented with strings. The string
+must match a key ID defined in a @code{knot-key-configuration}. No key means
+that a key is not require to match that ACL.
+
+@item @code{action} (default: @code{'()})
+An ordered list of actions that are permitted or forbidden by this ACL. Possible
+values are lists of zero or more elements from @code{'transfer}, @code{'notify}
+and @code{'update}.
+
+@item @code{deny?} (default: @code{#f})
+When true, the ACL defines restrictions. Listed actions are forbidden. When
+false, listed actions are allowed.
+
+@end table
+@end deftp
+
+@deftp {Data Type} zone-entry
+Data type represnting a record entry in a zone file.
+This type has the following parameters:
+
+@table @asis
+@item @code{name} (default: @code{"@@"})
+The name of the record. @code{"@@"} refers to the origin of the zone. Names
+are relative to the origin of the zone. For example, in the @code{example.org}
+zone, @code{"ns.example.org"} actually refers to @code{ns.example.org.example.org}.
+Names ending with a dot are absolute, which means that @code{"ns.example.org."}
+refers to @code{ns.example.org}.
+
+@item @code{ttl} (default: @code{""})
+The Time-To-Live (TTL) of this record. If not set, the default TTL is used.
+
+@item @code{class} (default: @code{"IN"})
+The class of the record. Knot currently supports only @code{"IN"} and
+partially @code{"CH"}.
+
+@item @code{type} (default: @code{"A"})
+The type of the record. Common types include A (IPv4 address), AAAA (IPv6
+address), NS (Name Server) and MX (Mail eXchange). Many other types are
+defined.
+
+@item @code{data} (default: @code{""})
+The data contained in the record. For instance an IP address associated with
+an A record, or a domain name associated with an NS record. Remember that
+domain names are relative to the origin unless they end with a dot.
+
+@end table
+@end deftp
+
+@deftp {Data Type} zone-file
+Data type representing the content of a zone file.
+This type has the following parameters:
+
+@table @asis
+@item @code{entries} (default: @code{'()})
+The list of entries. The SOA record is taken care of, so you don't need to
+put it in the list of entries. This list should probably contain an entry
+for your primary authoritative DNS server. Other than using a list of entries
+directly, you can use @code{define-zone-entries} to define a object containing
+the list of entries more easily, that you can later pass to the @code{entries}
+field of the @code{zone-file}.
+
+@item @code{origin} (default: @code{""})
+The name of your zone. This parameter cannot be empty.
+
+@item @code{ns} (default: @code{"ns"})
+The domain of your primary authoritative DNS server. The name is relative to
+the origin, unless it ends with a dot. It is mandatory that this primary
+DNS server corresponds to an NS record in the zone and that it is associated
+to an IP address in the list of entries.
+
+@item @code{mail} (default: @code{"hostmaster"})
+An email address people can contact you at, as the owner of the zone. This
+is translated as @code{<mail>@@<origin>}.
+
+@item @code{serial} (default: @code{1})
+The serial number of the zone. As this is used to keep track of changes by
+both slaves and resolvers, it is mandatory that it @emph{never} decreases.
+Always increment it when you make a change in your zone.
+
+@item @code{refresh} (default: @code{"2d"})
+The frequency at which slaves will do a zone transfer. This value can be
+a number of seconds or a number of some unit between:
+@itemize
+@item m: minute
+@item h: hour
+@item d: day
+@item w: week
+@end itemize
+
+@item @code{retry} (default: @code{"15m"})
+The period after which a slave will retry to contact its master when it fails
+to do so a first time.
+
+@item @code{expiry} (default: @code{"2w"})
+Default TTL of records. Existing records are considered correct for at most
+this amount of time. After this period, resolvers will invalidate their cache
+and check again that it still exists.
+
+@item @code{nx} (default: @code{"1h"})
+Default TTL of inexistant records. This delay is usually short because you want
+your new domains to reach everyone quickly.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-remote-configuration
+Data type representing a remote configuration.
+This type has the following parameters:
+
+@table @asis
+@item @code{id} (default: @code{""})
+An identifier for other configuration fields to refer to this remote. IDs must
+be unique and must not be empty.
+
+@item @code{address} (default: @code{'()})
+An ordered list of destination IP addresses. Addresses are tried in sequence.
+An optional port can be given with the @@ separator. For instance:
+@code{(list "1.2.3.4" "2.3.4.5@@53")}. Default port is 53.
+
+@item @code{via} (default: @code{'()})
+An ordered list of source IP addresses. An empty list will have Knot choose
+an appropriate source IP. An optional port can be given with the @@ separator.
+The default is to choose at random.
+
+@item @code{key} (default: @code{#f})
+A reference to a key, that is a string containing the identifier of a key
+defined in a @code{knot-key-configuration} field.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-keystore-configuration
+Data type representing a keystore to hold dnssec keys.
+This type has the following parameters:
+
+@table @asis
+@item @code{id} (default: @code{""})
+The id of the keystore. It must not be empty.
+
+@item @code{backend} (default: @code{'pem})
+The backend to store the keys in. Can be @code{'pem} or @code{'pkcs11}.
+
+@item @code{config} (default: @code{"/var/lib/knot/keys/keys"})
+The configuration string of the backend. An example for the PKCS#11 is:
+@code{"pkcs11:token=knot;pin-value=1234 /gnu/store/.../lib/pkcs11/libsofthsm2.so"}.
+For the pem backend, the string reprensents a path in the filesystem.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-policy-configuration
+Data type representing a dnssec policy. Knot DNS is able to automatically
+sign your zones. It can either generate and manage your keys automatically or
+use keys that you generate.
+
+Dnssec is usually implemented using two keys: a Key Signing Key (KSK) that is
+used to sign the second, and a Zone Signing Key (ZSK) that is used to sign the
+zone. In order to be trusted, the KSK needs to be present in the parent zone
+(usually a top-level domain). If your registrar supports dnssec, you will
+have to send them your KSK's hash so they can add a DS record in their zone.
+This is not automated and need to be done each time you change your KSK.
+
+The policy also defines the lifetime of keys. Usually, ZSK can be changed
+easily and use weaker cryptographic functions (they use lower parameters) in
+order to sign records quickly, so they are changed often. The KSK however
+requires manual interaction with the registrar, so they are changed less often
+and use stronger parameters because they sign only one record.
+
+This type has the following parameters:
+
+@table @asis
+@item @code{id} (default: @code{""})
+The id of the policy. It must not be empty.
+
+@item @code{keystore} (default: @code{"default"})
+A reference to a keystore, that is a string containing the identifier of a
+keystore defined in a @code{knot-keystore-configuration} field. The
+@code{"default"} identifier means the default keystore (a kasp database that
+was setup by this service).
+
+@item @code{manual?} (default: @code{#f})
+Whether the key management is manual or automatic.
+
+@item @code{single-type-signing?} (default: @code{#f})
+When @code{#t}, use the Single-Type Signing Scheme.
+
+@item @code{algorithm} (default: @code{"ecdsap256sha256"})
+An algorithm of signing keys and issued signatures.
+
+@item @code{ksk-size} (default: @code{256})
+The length of the KSK. Note that this value is correct for the default
+algorithm, but would be unsecure for other algorithms.
+
+@item @code{zsk-size} (default: @code{256})
+The length of the ZSK. Note that this value is correct for the default
+algorithm, but would be unsecure for other algorithms.
+
+@item @code{dnskey-ttl} (default: @code{'default})
+The TTL value for DNSKEY records added into zone apex. The special
+@code{'default} value means same as the zone SOA TTL.
+
+@item @code{zsk-lifetime} (default: @code{"30d"})
+The period between ZSK publication and the next rollover initiation.
+
+@item @code{propagation-delay} (default: @code{"1d"})
+An extra delay added for each key rollover step. This value should be high
+enough to cover propagation of data from the master server to all slaves.
+
+@item @code{rrsig-lifetime} (default: @code{"14d"})
+A validity period of newly issued signatures.
+
+@item @code{rrsig-refresh} (default: @code{"7d"})
+A period how long before a signature expiration the signature will be refreshed.
+
+@item @code{nsec3?} (default: @code{#f})
+When @code{#t}, NSEC3 will be used instead of NSEC.
+
+@item @code{nsec3-iterations} (default: @code{5})
+The number of additional times the hashing is performed.
+
+@item @code{nsec3-salt-length} (default: @code{8})
+The length of a salt field in octets, which is appended to the original owner
+name before hashing.
+
+@item @code{nsec3-salt-lifetime} (default: @code{"30d"})
+The validity period of newly issued salt field.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-zone-configuration
+Data type representing a zone served by Knot.
+This type has the following parameters:
+
+@table @asis
+@item @code{domain} (default: @code{""})
+The domain served by this configuration. It must not be empty.
+
+@item @code{file} (default: @code{""})
+The file where this zone is saved. This parameter is ignored by master zones.
+Empty means default location that depends on the domain name.
+
+@item @code{zone} (default: @code{(zone-file)})
+The content of the zone file. This parameter is ignored by slave zones. It
+must contain a zone-file record.
+
+@item @code{master} (default: @code{'()})
+A list of master remotes. When empty, this zone is a master. When set, this
+zone is a slave. This is a list of remotes identifiers.
+
+@item @code{ddns-master} (default: @code{#f})
+The main master. When empty, it defaults to the first master in the list of
+masters.
+
+@item @code{notify} (default: @code{'()})
+A list of slave remote identifiers.
+
+@item @code{acl} (default: @code{'()})
+A list of acl identifiers.
+
+@item @code{semantic-checks?} (default: @code{#f})
+When set, this adds more semantic checks to the zone.
+
+@item @code{disable-any?} (default: @code{#f})
+When set, this forbids queries of the ANY type.
+
+@item @code{zonefile-sync} (default: @code{0})
+The delay between a modification in memory and on disk. 0 means immediate
+synchronization.
+
+@item @code{serial-policy} (default: @code{'increment})
+A policy between @code{'increment} and @code{'unixtime}.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-configuration
+Data type representing the Knot configuration.
+This type has the following parameters:
+
+@table @asis
+@item @code{knot} (default: @code{knot})
+The Knot package.
+
+@item @code{run-directory} (default: @code{"/var/run/knot"})
+The run directory. This directory will be used for pid file and sockets.
+
+@item @code{listen-v4} (default: @code{"0.0.0.0"})
+An ip address on which to listen.
+
+@item @code{listen-v6} (default: @code{"::"})
+An ip address on which to listen.
+
+@item @code{listen-port} (default: @code{53})
+A port on which to listen.
+
+@item @code{keys} (default: @code{'()})
+The list of knot-key-configuration used by this configuration.
+
+@item @code{acls} (default: @code{'()})
+The list of knot-acl-configuration used by this configuration.
+
+@item @code{remotes} (default: @code{'()})
+The list of knot-remote-configuration used by this configuration.
+
+@item @code{zones} (default: @code{'()})
+The list of knot-zone-configuration used by this configuration.
+
+@end table
+@end deftp
+
@node VPN Services
@subsubsection VPN Services
@cindex VPN (virtual private network)
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index 47aa77dd3e..17c1182ce6 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -236,7 +236,7 @@ Trailing spaces are trimmed."
;; <http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-119.pdf>.
(define (iso9660-superblock? sblock)
- "Return #t when SBLOCK is a iso9660 superblock."
+ "Return #t when SBLOCK is an iso9660 volume descriptor."
(bytevector=? (sub-bytevector sblock 1 6)
;; Note: "\x01" is the volume descriptor format version
(string->utf8 "CD001\x01")))
@@ -252,13 +252,14 @@ Trailing spaces are trimmed."
(_ (read-iso9660-primary-volume-descriptor device (+ offset 2048))))))
(define (read-iso9660-superblock device)
- "Return the raw contents of DEVICE's iso9660 superblock as a bytevector, or
-#f if DEVICE does not contain a iso9660 file system."
+ "Return the raw contents of DEVICE's iso9660 primary volume descriptor
+as a bytevector, or #f if DEVICE does not contain an iso9660 file system."
;; Start reading at sector 16.
(read-iso9660-primary-volume-descriptor device (* 2048 16)))
(define (iso9660-superblock-uuid sblock)
- "Return the modification time of a iso9660 superblock SBLOCK as a bytevector."
+ "Return the modification time of an iso9660 primary volume descriptor
+SBLOCK as a bytevector."
;; Drops GMT offset for compatibility with Grub, blkid and /dev/disk/by-uuid.
;; Compare Grub: "2014-12-02-19-30-23-00".
;; Compare blkid result: "2014-12-02-19-30-23-00".
diff --git a/gnu/local.mk b/gnu/local.mk
index 6847b6190f..e08146f3b2 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -42,6 +42,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages.scm \
%D%/packages/abduco.scm \
%D%/packages/abiword.scm \
+ %D%/packages/accessibility.scm \
%D%/packages/acct.scm \
%D%/packages/acl.scm \
%D%/packages/admin.scm \
@@ -321,6 +322,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/protobuf.scm \
%D%/packages/pv.scm \
%D%/packages/python.scm \
+ %D%/packages/tryton.scm \
%D%/packages/qemu.scm \
%D%/packages/qt.scm \
%D%/packages/ragel.scm \
@@ -426,6 +428,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/dbus.scm \
%D%/services/desktop.scm \
%D%/services/dict.scm \
+ %D%/services/dns.scm \
%D%/services/kerberos.scm \
%D%/services/lirc.scm \
%D%/services/mail.scm \
@@ -595,6 +598,7 @@ dist_patch_DATA = \
%D%/packages/patches/freetype-CVE-2017-8105.patch \
%D%/packages/patches/freetype-CVE-2017-8287.patch \
%D%/packages/patches/fuse-overlapping-headers.patch \
+ %D%/packages/patches/gajim-CVE-2016-10376.patch \
%D%/packages/patches/gawk-shell.patch \
%D%/packages/patches/gcc-arm-bug-71399.patch \
%D%/packages/patches/gcc-arm-link-spec-fix.patch \
@@ -639,11 +643,7 @@ dist_patch_DATA = \
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
%D%/packages/patches/gobject-introspection-cc.patch \
%D%/packages/patches/gobject-introspection-girepository.patch \
- %D%/packages/patches/graphite2-CVE-2017-5436.patch \
- %D%/packages/patches/graphite2-check-code-point-limit.patch \
%D%/packages/patches/graphite2-ffloat-store.patch \
- %D%/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch \
- %D%/packages/patches/graphite2-non-linear-classes-even-number.patch \
%D%/packages/patches/grep-timing-sensitive-test.patch \
%D%/packages/patches/gsl-test-i686.patch \
%D%/packages/patches/gspell-dash-test.patch \
@@ -750,9 +750,6 @@ dist_patch_DATA = \
%D%/packages/patches/libtiff-CVE-2016-10093.patch \
%D%/packages/patches/libtiff-CVE-2016-10094.patch \
%D%/packages/patches/libtiff-CVE-2017-5225.patch \
- %D%/packages/patches/libtiff-CVE-2017-7593.patch \
- %D%/packages/patches/libtiff-CVE-2017-7594.patch \
- %D%/packages/patches/libtiff-multiple-UBSAN-crashes.patch \
%D%/packages/patches/libtiff-assertion-failure.patch \
%D%/packages/patches/libtiff-divide-by-zero-ojpeg.patch \
%D%/packages/patches/libtiff-divide-by-zero-tiffcp.patch \
@@ -931,6 +928,12 @@ dist_patch_DATA = \
%D%/packages/patches/python-dendropy-fix-tests.patch \
%D%/packages/patches/python-file-double-encoding-bug.patch \
%D%/packages/patches/python-fix-tests.patch \
+ %D%/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch \
+ %D%/packages/patches/python-genshi-buildable-on-python-2.7.patch \
+ %D%/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch \
+ %D%/packages/patches/python-genshi-fix-tests-on-python-3.5.patch \
+ %D%/packages/patches/python-genshi-isstring-helper.patch \
+ %D%/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch \
%D%/packages/patches/python-parse-too-many-fields.patch \
%D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \
%D%/packages/patches/python-statsmodels-fix-tests.patch \
@@ -968,6 +971,7 @@ dist_patch_DATA = \
%D%/packages/patches/ruby-puma-ignore-broken-test.patch \
%D%/packages/patches/ruby-rack-ignore-failing-test.patch \
%D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
+ %D%/packages/patches/rxvt-unicode-escape-sequences.patch \
%D%/packages/patches/scheme48-tests.patch \
%D%/packages/patches/scotch-test-threading.patch \
%D%/packages/patches/screen-fix-info-syntax-error.patch \
@@ -986,7 +990,7 @@ dist_patch_DATA = \
%D%/packages/patches/superlu-dist-scotchmetis.patch \
%D%/packages/patches/swish-e-search.patch \
%D%/packages/patches/swish-e-format-security.patch \
- %D%/packages/patches/synfig-build-fix.patch \
+ %D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch \
%D%/packages/patches/t1lib-CVE-2010-2642.patch \
%D%/packages/patches/t1lib-CVE-2011-0764.patch \
%D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \
diff --git a/gnu/packages/accessibility.scm b/gnu/packages/accessibility.scm
new file mode 100644
index 0000000000..0795808768
--- /dev/null
+++ b/gnu/packages/accessibility.scm
@@ -0,0 +1,78 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 ng0 <ng0@no-reply.pragmatique.xyz>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages accessibility)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix build-system glib-or-gtk)
+ #:use-module (gnu packages)
+ #:use-module (gnu packages xml)
+ #:use-module (gnu packages gnome)
+ #:use-module (gnu packages gstreamer)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages xorg)
+ #:use-module (gnu packages gettext)
+ #:use-module (gnu packages glib)
+ #:use-module (gnu packages pkg-config))
+
+(define-public florence
+ (package
+ (name "florence")
+ (version "0.6.3")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://sourceforge/florence/florence/" version
+ "/" name "-" version ".tar.bz2"))
+ (sha256
+ (base32
+ "07h9qm22krlwayhzvc391lr23vicw81s48g7rirvx1fj0zyr4aa2"))))
+ (build-system glib-or-gtk-build-system)
+ (arguments
+ `(#:configure-flags (list "--with-xtst"
+ "--without-docs"
+ "--with-notification")))
+ (inputs
+ `(("libxml2" ,libxml2)
+ ("libglade" ,libglade)
+ ("librsvg" ,librsvg)
+ ("gstreamer" ,gstreamer)
+ ("cairo" ,cairo)
+ ("gtk+" ,gtk+)
+ ("libxtst" ,libxtst)
+ ("libxcomposite" ,libxcomposite)
+ ("libnotify" ,libnotify)))
+ (native-inputs
+ `(("gettext-minimal" ,gettext-minimal)
+ ("intltool" ,intltool)
+ ("pkg-config" ,pkg-config)))
+ (home-page "http://florence.sourceforge.net/")
+ (synopsis "Extensible, scalable virtual keyboard for X11")
+ (description
+ "Florence is an extensible scalable virtual keyboard for X11.
+It is useful for people who can't use a real hardware keyboard (for
+example for people with disabilities), but you must be able to use
+a pointing device (as a mouse, a trackball, a touchscreen or opengazer).
+
+Florence stays out of your way when you don't need it: it appears on the
+screen only when you need it. A timer-based auto-click input method is
+available to help to click.")
+ ;; The documentation is under FDL1.2, but we do not install the
+ ;; documentation.
+ (license license:gpl2+)))
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index db1344f34b..a3016fe7b3 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -132,7 +132,7 @@ solve the shortest vector problem.")
(define-public pari-gp
(package
(name "pari-gp")
- (version "2.9.1")
+ (version "2.9.2")
(source (origin
(method url-fetch)
(uri (string-append
@@ -140,7 +140,7 @@ solve the shortest vector problem.")
version ".tar.gz"))
(sha256
(base32
- "0rq7wz9df1xs4acdzzb5dapx8vs6m5py39n2wynw2qv4d2b0ylfw"))))
+ "0zi08qz9nk17wwdna4xb2vp3i3mh5sgv1y8wqbf0j2sfryxlr8ls"))))
(build-system gnu-build-system)
(native-inputs `(("texlive" ,texlive-minimal)))
(inputs `(("gmp" ,gmp)
diff --git a/gnu/packages/animation.scm b/gnu/packages/animation.scm
index 8de1fbfaa8..cbbfa6ed4a 100644
--- a/gnu/packages/animation.scm
+++ b/gnu/packages/animation.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -23,6 +23,7 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
+ #:use-module (gnu packages algebra)
#:use-module (gnu packages boost)
#:use-module (gnu packages compression)
#:use-module (gnu packages fontutils)
@@ -38,15 +39,15 @@
(define-public etl
(package
(name "etl")
- (version "0.04.19")
+ (version "0.04.22")
(source (origin
(method url-fetch)
;; Keep this synchronized with the synfig release version.
(uri (string-append "mirror://sourceforge/synfig/releases/"
- "1.0.2/source/ETL-" version ".tar.gz"))
+ "1.2.0/source/ETL-" version ".tar.gz"))
(sha256
(base32
- "070c70slizrklq1gbgja8m49xfmq65wlcd6hz6418cpx0wd4r55s"))))
+ "0ii73nsd3xzkhz6w1rnxwphl637j9w82xiy6apa9vin2isdynnmc"))))
(build-system gnu-build-system)
(home-page "http://www.synfig.org")
(synopsis "Extended C++ template library")
@@ -59,7 +60,7 @@ C++ @dfn{Standard Template Library} (STL).")
(define-public synfig
(package
(name "synfig")
- (version "1.0.2")
+ (version "1.2.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/synfig/releases/"
@@ -67,8 +68,7 @@ C++ @dfn{Standard Template Library} (STL).")
".tar.gz"))
(sha256
(base32
- "1d3z2r78j3rkff47q3wl0ami69y3l4nyi5r9zclymb8ar7mgkk9l"))
- (patches (search-patches "synfig-build-fix.patch"))))
+ "1gqx4gn4c73rqwhsgzx0a460gr9hadmi28csp75rx30qavqsj7k1"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
@@ -90,16 +90,6 @@ C++ @dfn{Standard Template Library} (STL).")
(("remove_child\\(") "remove_node("))
(substitute* "src/modules/mod_svg/svg_parser.cpp"
(("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList"))
- #t))
- (add-after 'unpack 'fix-isnan-error
- (lambda _
- (substitute* "src/synfig/time.cpp"
- (("return !::isnan") "return !std::isnan"))
- #t))
- (add-before 'configure 'set-flags
- (lambda _
- ;; Compile with C++11, required by libsigc++.
- (setenv "CXXFLAGS" "-D__STDC_CONSTANT_MACROS -std=gnu++11")
#t)))))
(inputs
`(("boost" ,boost)
@@ -110,11 +100,12 @@ C++ @dfn{Standard Template Library} (STL).")
("libmng" ,libmng)
("zlib" ,zlib)))
;; synfig.pc lists the following as required: Magick++ freetype2
- ;; fontconfig OpenEXR ETL glibmm-2.4 giomm-2.4 libxml++-3.0 sigc++-2.0
+ ;; fontconfig fftw OpenEXR ETL glibmm-2.4 giomm-2.4 libxml++-3.0 sigc++-2.0
;; cairo pango pangocairo mlt++
(propagated-inputs
`(("cairo" ,cairo)
("etl" ,etl)
+ ("fftw" ,fftw)
("fontconfig" ,fontconfig)
("freetype" ,freetype)
("glibmm" ,glibmm)
@@ -137,7 +128,7 @@ for tweening, preventing the need to hand-draw each frame.")
(define-public synfigstudio
(package
(name "synfigstudio")
- (version "1.0.2")
+ (version "1.2.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/synfig/releases/"
@@ -145,27 +136,17 @@ for tweening, preventing the need to hand-draw each frame.")
".tar.gz"))
(sha256
(base32
- "1xa74dlgkpjn0gzdcs0x25z7wg0806v2wygvvi73f7sn1fm88ig4"))
+ "0fbckfbw8dzf0m2wv7vlmw492k1dqa3zf510z019d0as3zpnp6qm"))
(modules '((guix build utils)))
(snippet
'(begin
(substitute* "src/synfigapp/pluginmanager.cpp"
(("xmlpp::Node\\* n =") "const xmlpp::Node* n =")
(("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList"))
- ;; Some files are ISO-8859-1 encoded.
- (with-fluids ((%default-port-encoding #f))
- (substitute* (find-files "src/" "\\.(cpp|h)$")
- (("#include <sigc\\+\\+/retype\\.h>")
- "#include <sigc++/adaptors/retype.h>")
- (("#include <sigc\\+\\+/hide\\.h>")
- "#include <sigc++/adaptors/hide.h>")
- (("#include <sigc\\+\\+/object\\.h>")
- "#include <sigc++/trackable.h>")))
- #t))))
+ #t))
+ (patches
+ (search-patches "synfigstudio-fix-ui-with-gtk3.patch"))))
(build-system gnu-build-system)
- (arguments
- `(#:configure-flags
- (list "CXXFLAGS=-std=gnu++11")))
(inputs
`(("gtkmm" ,gtkmm)
("libsigc++" ,libsigc++)
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index e4cc520868..c42e65c2c9 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -2093,7 +2093,7 @@ identify enrichments with functional annotations of the genome.")
(define-public diamond
(package
(name "diamond")
- (version "0.9.1")
+ (version "0.9.2")
(source (origin
(method url-fetch)
(uri (string-append
@@ -2102,7 +2102,7 @@ identify enrichments with functional annotations of the genome.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "062943yk3mp23jpcawamkh1zawx9br95l7w178v0kyr863v4p5a1"))))
+ "03dam11dmrg6f2zsmdbqwzwkmnq5krlckh1acgarw91gcz2nhbpj"))))
(build-system cmake-build-system)
(arguments
'(#:tests? #f ; no "check" target
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index a85177d814..e840d51255 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -1228,6 +1228,37 @@ or XEmacs.")
the Emacs buffer.")
(license license:gpl3+)))
+(define-public emacs-direnv
+ (package
+ (name "emacs-direnv")
+ (version "1.2.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/wbolster/emacs-direnv/archive/"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0m9nxawklhiiysyibzzhh2zkxgq1fskqvaqb06f7r8dnhabfy9fr"))))
+ (build-system emacs-build-system)
+ (propagated-inputs
+ `(("dash" ,emacs-dash)
+ ("with-editor" ,emacs-with-editor)))
+ (home-page "https://github.com/wbolster/emacs-direnv")
+ (synopsis "Direnv integration for Emacs")
+ (description
+ "This package provides support for invoking direnv to get the environment
+for the current file and updating the environment within Emacs to match.
+
+Direnv can be invoked manually, and a global minor mode is included that will
+update the environment when the active buffer changes.
+
+Using emacs-direnv means that programs started from Emacs will use the
+environment set through Direnv.")
+ (license license:gpl3+)))
+
(define-public emacs-google-maps
(package
(name "emacs-google-maps")
@@ -4587,9 +4618,12 @@ It should enable you to implement low-level X11 applications.")
TryExec=~@*~a~@
Type=Application~%" ,name ,synopsis exwm-executable)))
;; Add a shell wrapper to bin
+ ;; Set DISPLAY variable to work around
+ ;; https://github.com/ch11ng/exwm/issues/213
(with-output-to-file exwm-executable
(lambda _
(format #t "#!~a ~@
+ export DISPLAY=:0 ~@
~a +SI:localuser:$USER ~@
exec ~a --exit-with-session ~a \"$@\" --eval '~s' ~%"
(string-append (assoc-ref inputs "bash") "/bin/sh")
@@ -4877,3 +4911,31 @@ running tests easier.")
pair of minor modes which suppress all mouse events by intercepting them and
running a customisable handler command (@code{ignore} by default). ")
(license license:gpl3+)))
+
+(define-public emacs-restclient
+ (let ((commit "07a3888bb36d0e29608142ebe743b4362b800f40")
+ (revision "1")) ;Guix package revision,
+ ;upstream doesn't have official releases
+ (package
+ (name "emacs-restclient")
+ (version (string-append revision "."
+ (string-take commit 7)))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/pashky/restclient.el.git")
+ (commit commit)))
+ (sha256
+ (base32
+ "00lmjhb5im1kgrp54yipf1h9pshxzgjlg71yf2rq5n973gvb0w0q"))
+ (file-name (git-file-name name version))))
+ (build-system emacs-build-system)
+ (propagated-inputs
+ `(("emacs-helm" ,emacs-helm)))
+ (home-page "https://github.com/pashky/restclient.el")
+ (synopsis "Explore and test HTTP REST webservices")
+ (description
+ "This tool allows for testing and exploration of HTTP REST Web services
+from within Emacs. Restclient runs queries from a plan-text query sheet,
+displays results pretty-printed in XML or JSON with @code{restclient-mode}")
+ (license license:public-domain))))
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 03a1f6f796..954c588189 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -42,6 +42,7 @@
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
+ #:use-module (guix build-system font)
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
#:use-module (gnu packages base)
@@ -64,18 +65,7 @@
(sha256
(base32
"06js6znbcf7swn8y3b8ki416bz96ay7d3yvddqnvi88lqhbfcq8m"))))
- (build-system trivial-build-system)
- (arguments
- `(#:modules ((guix build utils))
- #:builder (begin
- (use-modules (guix build utils))
- (let ((font-dir (string-append %output
- "/share/fonts/opentype"))
- (source (assoc-ref %build-inputs "source")))
- (mkdir-p font-dir)
- (copy-file source
- (string-append font-dir "/" "inconsolata.otf"))))))
- (native-inputs `(("source" ,source)))
+ (build-system font-build-system)
(home-page "http://levien.com/type/myfonts/inconsolata.html")
(synopsis "Monospace font")
(description "A monospace font, designed for code listings and the like,
@@ -94,34 +84,7 @@ in print. With attention to detail for high resolution rendering.")
(sha256
(base32
"0hjvq2x758dx0sfwqhzflns0ns035qm7h6ygskbx1svzg517sva5"))))
- (build-system trivial-build-system)
- (arguments
- `(#:modules ((guix build utils))
- #:builder (begin
- (use-modules (guix build utils)
- (srfi srfi-26))
-
- (let ((PATH (string-append (assoc-ref %build-inputs
- "unzip")
- "/bin"))
- (font-dir (string-append %output
- "/share/fonts/truetype"))
- (doc-dir (string-append %output "/share/doc/"
- ,name "-" ,version)))
- (setenv "PATH" PATH)
- (system* "unzip" (assoc-ref %build-inputs "source"))
-
- (mkdir-p font-dir)
- (mkdir-p doc-dir)
- (chdir (string-append "ubuntu-font-family-" ,version))
- (for-each (lambda (ttf)
- (install-file ttf font-dir))
- (find-files "." "\\.ttf$"))
- (for-each (lambda (doc)
- (install-file doc doc-dir))
- (find-files "." "\\.txt$"))))))
- (native-inputs `(("source" ,source)
- ("unzip" ,unzip)))
+ (build-system font-build-system)
(home-page "http://font.ubuntu.com/")
(synopsis "The Ubuntu Font Family")
(description "The Ubuntu Font Family is a unique, custom designed font
@@ -145,42 +108,15 @@ TrueType (TTF) files.")
(base32
"1mqpds24wfs5cmfhj57fsfs07mji2z8812i5c4pi5pbi738s977s"))))
(build-system trivial-build-system)
+ (build-system font-build-system)
(arguments
- `(#:modules ((guix build utils))
- #:builder (begin
- (use-modules (guix build utils))
-
- (let ((tar (string-append (assoc-ref %build-inputs
- "tar")
- "/bin/tar"))
- (PATH (string-append (assoc-ref %build-inputs
- "bzip2")
- "/bin"))
- (font-dir (string-append
- %output "/share/fonts/truetype"))
- (conf-dir (string-append
- %output "/share/fontconfig/conf.avail"))
- (doc-dir (string-append
- %output "/share/doc/" ,name "-" ,version)))
- (setenv "PATH" PATH)
- (system* tar "xvf" (assoc-ref %build-inputs "source"))
-
- (mkdir-p font-dir)
- (mkdir-p conf-dir)
- (mkdir-p doc-dir)
- (chdir (string-append "dejavu-fonts-ttf-" ,version))
- (for-each (lambda (ttf)
- (install-file ttf font-dir))
- (find-files "ttf" "\\.ttf$"))
- (for-each (lambda (conf)
- (install-file conf conf-dir))
- (find-files "fontconfig" "\\.conf$"))
- (for-each (lambda (doc)
- (install-file doc doc-dir))
- (find-files "." "\\.txt$|^[A-Z][A-Z]*$"))))))
- (native-inputs `(("source" ,source)
- ("tar" ,tar)
- ("bzip2" ,bzip2)))
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-after 'install 'install-conf
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((conf-dir (string-append (assoc-ref outputs "out")
+ "/share/fontconfig/conf.avail")))
+ (copy-recursively "fontconfig" conf-dir)))))))
(home-page "http://dejavu-fonts.org/")
(synopsis "Vera font family derivate with additional characters")
(description "DejaVu provides an expanded version of the Vera font family
@@ -204,38 +140,7 @@ provide serif, sans and monospaced variants.")
(sha256
(base32
"1p3qs51x5327gnk71yq8cvmxc6wgx79sqxfvxcv80cdvgggjfnyv"))))
- (build-system trivial-build-system)
- (arguments
- `(#:modules ((guix build utils))
- #:builder (begin
- (use-modules (guix build utils)
- (srfi srfi-26))
-
- (let ((tar (string-append (assoc-ref %build-inputs
- "tar")
- "/bin/tar"))
- (PATH (string-append (assoc-ref %build-inputs
- "bzip2")
- "/bin"))
- (font-dir (string-append %output
- "/share/fonts/truetype"))
- (doc-dir (string-append %output "/share/doc/"
- ,name "-" ,version)))
- (setenv "PATH" PATH)
- (system* tar "xvf" (assoc-ref %build-inputs "source"))
-
- (mkdir-p font-dir)
- (mkdir-p doc-dir)
- (chdir (string-append "ttf-bitstream-vera-" ,version))
- (for-each (lambda (ttf)
- (install-file ttf font-dir))
- (find-files "." "\\.ttf$"))
- (for-each (lambda (doc)
- (install-file doc doc-dir))
- (find-files "." "\\.TXT$"))))))
- (native-inputs `(("source" ,source)
- ("tar" ,tar)
- ("bzip2" ,bzip2)))
+ (build-system font-build-system)
(home-page "http://www.gnome.org/fonts/")
(synopsis "Bitstream Vera sans-serif typeface")
(description "Vera is a sans-serif typeface from Bitstream, Inc. This
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 1c4d7d07ff..efea81dc11 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -415,22 +415,17 @@ and returns a sequence of positioned glyphids from the font.")
(package
(inherit graphite2)
(name "graphite2")
- (version "1.3.9")
(replacement #f)
(source
(origin
(method url-fetch)
- (uri (string-append "https://github.com/silnrsi/graphite/releases/"
- "download/" version "/" name "-" version ".tgz"))
- (patches (search-patches
- "graphite2-ffloat-store.patch"
- "graphite2-check-code-point-limit.patch"
- "graphite2-CVE-2017-5436.patch"
- "graphite2-fix-32-bit-wrap-arounds.patch"
- "graphite2-non-linear-classes-even-number.patch"))
+ (uri (let ((version "1.3.10"))
+ (string-append "https://github.com/silnrsi/graphite/releases/"
+ "download/" version "/" name "-" version ".tgz")))
+ (patches (search-patches "graphite2-ffloat-store.patch"))
(sha256
(base32
- "0rs5h7m340z75kygx8d72cps0q6yvvqa9i788vym7585cfv8a0gc"))))))
+ "1bm1rl2ww0m8rvmknh8fpajyz9xqv43qs9qrzf7xd5gaz6rf7zch"))))))
(define-public potrace
(package
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index d9901fd0fb..8d03f0e00d 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -451,7 +451,61 @@ standards.")
(mozilla-patch "icecat-bug-1346012.patch" "1ce6d0652921" "163ji64a86h682frh1jq016w1mjf8g24r8cni0irsdmiihis7zxc")
(mozilla-patch "icecat-bug-1324140.patch" "8886f9cd5dd3" "0byabs9md8r3pc4r67sv2759427n1za0gfayln40nx47n2p52kmg")
(mozilla-patch "icecat-bug-1342552.patch" "ad995e90916b" "02nq9sg675p26z99nr2pykbz51hi2phf0gmrb1bjpq9pjbll7gsa")
- (mozilla-patch "icecat-bug-1355039.patch" "4ae71415fecf" "0yfkkdkkimad9a3w734xx85lb7hrl870c8k8an7w78fq3vl3fjnd")))
+ (mozilla-patch "icecat-bug-1355039.patch" "4ae71415fecf" "0yfkkdkkimad9a3w734xx85lb7hrl870c8k8an7w78fq3vl3fjnd")
+ (mozilla-patch "icecat-bug-1363396.patch" "24cbb7f2e0ff" "006f0zhz5nxs72q9plwzhq4l79b47svzizvv510m5g2krsfrccza")
+ (mozilla-patch "icecat-bug-1356558.patch" "89c7fb6c5be3" "19650nmc4vn1prbpn5h06kz9d1al279xkc23v39577h4zhdrknkj")
+ (mozilla-patch "icecat-bug-1337810.patch" "0f6dd3564c76" "1sxajqh6r7fjs45xhvjwg94smpvyvplh3rdvq11d3q5m9v4kg7mz")
+ (mozilla-patch "icecat-bug-1347748.patch" "145905da25d3" "0c2q9f000snpm9x0qda2y0awrsm313iwxbv0kh33ca0kpza49a76")
+ (mozilla-patch "icecat-bug-1345355.patch" "c5012009a0b2" "0m772bgrwb8iwv2bdgx694ybg5wgbf58xg5v245x0p7gwhgwiwmr")
+ (mozilla-patch "icecat-bug-1351340.patch" "047f19a1b9a0" "0qjnhybibs3cpcba3ga4g7d4c0w716xa9jf87y2ir8yz7dw1f9vl")
+ (mozilla-patch "icecat-bug-1056322.patch" "f076a30f6c29" "0xgskjl6zmxi3v4l0f3wlas0qb2403fin5lv1hi3jf2142ihpaml")
+ (mozilla-patch "icecat-bug-1355414.patch" "28e09d4ac3e9" "06clr2kwz28nyjlj13y036x6rxwh6frdh11aq6kbm1nj6s01i9zl")
+ (mozilla-patch "icecat-bug-1313977.patch" "4c0b09f70aea" "04jq1xrlhj04n5bgh93xkbqwnh01pswfjhv81zk7i87c7xz6h92q")
+ (mozilla-patch "icecat-bug-1357366.patch" "0b855945ce34" "0va8kqlgx6qhq2qrawkcm66kqrwwpmxblyjp3c7ifplxd0j0ijaf")
+ (mozilla-patch "icecat-bug-1338574-pt0.patch" "243d7bffa4f1" "1d1v68amhnygc0g4w1afs374pjs7z5fx5inyq8idawbh4kxfncq7")
+ (mozilla-patch "icecat-bug-1338574-pt1.patch" "337398a83aa5" "1141n7dhy9rh70sww8v58cbkba74xm5i75j1sgm5qwvkhh69qr5h")
+ (mozilla-patch "icecat-bug-1338574-pt2.patch" "50e120d7ac64" "0dbcaq27vsjlh7vm30c88rlhkx8c1195rnr01six40mymh09rhym")
+ (mozilla-patch "icecat-bug-1338574-pt3.patch" "2d4da5a366e8" "1761npkpw5zsm4q8rzfrg8m1ayrf8c857iq3vdd8rbqcswzv6xq0")
+ (mozilla-patch "icecat-bug-1338574-pt4.patch" "b10d9b0c187f" "044zq9gzw4v5r3ki8dwfjg9dznai0jch29y0xrxzb2rfr6yvx0sb")
+ (mozilla-patch "icecat-bug-1338574-pt5.patch" "697713a6841c" "1m9q4rh4ny945xsx3p3f5bg1izs9q58d71la5drj31z6kvbhnsi2")
+ (mozilla-patch "icecat-bug-1338574-pt6.patch" "1d14abf37cf8" "1xyja9hjb7qfqi7kh85bw5nxkhyzw1rijjhnh5pgr5z0v718kjyc")
+ (mozilla-patch "icecat-bug-1338574-pt7.patch" "5e85bc599d0c" "1pmhs3hmhkgj6q19padcbpi5qvgnhx6ib09zpcwxr8ll6lllxhig")
+ (mozilla-patch "icecat-bug-1152353.patch" "d893dea8e7b4" "1pbayv7np6z7hlkk1dhvx3ppkni7f8n3cz8hs67l3nssw214c1ih")
+ (mozilla-patch "icecat-bug-1345893.patch" "3a747480ead1" "0sxd23y9g77mx5indjs9isxnnrkin835qrh6dn62dlvbll8lgqi2")
+ (mozilla-patch "icecat-bug-1343172.patch" "c7b064f6b93a" "1sh10j3h8cnqi3rpr70lv2yz14zhy1v9ms4f64fmrbjlz7q09j6q")
+ (mozilla-patch "icecat-bug-1352348.patch" "1d86e96610a1" "02ybn2608v57pjh8kjgnhkg157asawjk5xia59qb63m5vfvrinwv")
+ (mozilla-patch "icecat-bug-1354308.patch" "c8ba3f911eb1" "0w70b8dmvqjn1d8sphfkwnbwii8nh2q5k48clkvbhn7kpc2890mi")
+ (mozilla-patch "icecat-bug-1335904.patch" "366cdd623cfb" "0gcmld4bplaakx6d50gw223lg1jjcni7866q1f2hxm0h1r9wwd3k")
+ (mozilla-patch "icecat-bug-1355340.patch" "6b174b41fa44" "0zdgfy0zsrs3cvfkmrhxw0mrfibpnb58xp3z8fapx5ja59wmcabs")
+ (mozilla-patch "icecat-bug-1360574-pt1.patch" "237eee780619" "1iw6z762zdc42kwjvv58a2cjc0s4kzwwy7838apl7y7cq85g0jg2")
+ (mozilla-patch "icecat-bug-1360574-pt2.patch" "46a5a4aac189" "1i553f9qvav0fn5avbp8912995pqbhzbzamxxfz8gn2ik17y3xly")
+ (mozilla-patch "icecat-bug-1358776.patch" "bd35fa23f79a" "12nicgwhcn63knmlcl0c2askn9sj35bfclaab3826pkd9yq5g4p5")
+ (mozilla-patch "icecat-bug-1362590.patch" "c1314a709b41" "0klgrcyc20fig6rbm9znjpcnfsz6xnlp1v03fbvaww0riy2qm42k")
+ (mozilla-patch "icecat-bug-1359859.patch" "e38948fb79d6" "1sfyc5s9ndv6q72k8n9x0rvj4sz40k51iljrs42gwykzkjm2fx5m")
+ (mozilla-patch "icecat-bug-1342057.patch" "278bef1d7a64" "0zk18s9pnbwz9ankmc9mj4197s55j1jvax04ansqymmmc3a5ciif")
+ (mozilla-patch "icecat-bug-1325513.patch" "218e0963406f" "0wqms5nany4sx2g4p01lbam7la2dyazz87dhv5hcsf8ifxrfww11")
+ (mozilla-patch "icecat-bug-1304566.patch" "188e39630fcd" "1bfxfgj5ywx4bcf91kwyrjh5ppiv59gadx4445achyabdi639l8d")
+ (mozilla-patch "icecat-bug-1356601.patch" "8191e403fedf" "1k4zmq0923f5dc3dwbz1q0bkcbm90ldwkczym366hgwadb2305nd")
+ (mozilla-patch "icecat-bug-1334097.patch" "fe2a2c7e88cb" "1rppaivaddigwk65krn8m9f9mcdkiiv28ws9n9zj62n0rc1shyvc")
+ (mozilla-patch "icecat-bug-1359051.patch" "8d7dbe5c6587" "14zh74bbld4s0jy0a48fi9acxkc236mh9wjid3vrf72yj6bi5xnp")
+ (mozilla-patch "icecat-bug-1359697.patch" "ca2b5274549f" "1ns7v70i1hfkxqnjhf9fp0lk9095hdcllg94j3dl1nfaif4w6vbf")
+ (mozilla-patch "icecat-bug-1343256.patch" "a30dd7dd6617" "1k078176fp8vz871wirjz9d3yx9l2lfl8p75c4905n3j3zv2297q")
+ (mozilla-patch "icecat-bug-1349310.patch" "81b3ce7d37b3" "0ad0wqczy4kpggj6m3b8bzxi6ax340mik1mfawhkq89a1h2sfpxv")
+ (mozilla-patch "icecat-bug-1356179.patch" "66d8893f37f0" "0izl31lagvdv4qpb9gkjxvgpmxzw50x5bviap4l7bbnb56cv7d8p")
+ (mozilla-patch "icecat-bug-1365602.patch" "aad883966edd" "058axnrwrbvy2h9r9pb766lyky45hb92rap142sbp17yz0sxfmww")
+ (mozilla-patch "icecat-bug-1355520.patch" "7ca2d8839f7a" "1xbmpvr2x720x9ghd5wgbg6lknbnhcyqmkkfamdf97mqcyizyr21")
+ (mozilla-patch "icecat-bug-1358469.patch" "4d432638c0f9" "0qpjmwik3dryjwmgfwmkqk0rs9rb2lafb2k9fc3pkjnrq5y0l9xg")
+ (mozilla-patch "icecat-bug-1356025.patch" "f5967db0a0f3" "045wbvkm21kbm314dd6lbq2disiaf26kmsxi6brf442fd0028gwq")
+ (mozilla-patch "icecat-bug-1345910.patch" "ec6b6720e54e" "0lm15jl46mdlsds6947jsiyvhf9agb8hcdrqj2svc3kn9kzvyr2n")
+ (mozilla-patch "icecat-bug-1359639.patch" "a4f8d8a12afa" "0d7sjc21af074rvgvijj42gmpjvcb1v1zlpgb3s7ky7w6wjr35vx")
+ (mozilla-patch "icecat-bug-1357090.patch" "d07f24a72ce4" "1qbwska76b2zslb95wnx9v04znb6k9fqylr4ajyfqpwk1sr363hg")
+ (mozilla-patch "icecat-bug-1364283.patch" "a6caa7628e36" "1yv5f4h8js9bry9krcx130w6ic8rdmmq4fap6va24kfx8qflg70h")
+ (mozilla-patch "icecat-bug-1237868.patch" "41138235d4ea" "0mcj4x2kmagwf5hp8xhczf04sxm995pk1zarc9yffk84z7fcrxkj")
+ (mozilla-patch "icecat-bug-1331335.patch" "b724283e3b31" "1xbb1vcdzfpcmrmxm8ihwzslh2vz15k0k601nvyhh6vgx270h1wn")
+ (mozilla-patch "icecat-bug-1367267.patch" "4c2f4d8b693e" "1hrndhfnz0vnjnspwh5mbvgl2j8d1cs62awp04wx2w6z4l4wrmbv")
+ (mozilla-patch "icecat-bug-1366595.patch" "cce3fd607206" "1z97jw8jpfyx61jxf0j8nsplnna2c5bwihwnl9cvlc2cspp3kgp5")
+ (mozilla-patch "icecat-bug-1349266.patch" "dc4e3c64d781" "1zd666k4qpdamly3av09k602pmirjcs9l6la6ba0qq9w9vfan3g5")
+ (mozilla-patch "icecat-bug-1366140.patch" "379c348250e8" "0kvsyhi9j3bjx14ffr13dslqp8ghcgrz6ds2fikdkrrrk4syskd5")))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 86902d5680..fe9e457f34 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -335,7 +335,7 @@ extracting icontainer icon files.")
(define-public libtiff
(package
(name "libtiff")
- (replacement libtiff/fixed)
+ (replacement libtiff-4.0.8)
(version "4.0.7")
(source (origin
(method url-fetch)
@@ -384,18 +384,18 @@ collection of tools for doing simple manipulations of TIFF images.")
"See COPYRIGHT in the distribution."))
(home-page "http://www.simplesystems.org/libtiff/")))
-(define libtiff/fixed
+(define libtiff-4.0.8
(package
(inherit libtiff)
+ (version "4.0.8")
(source
(origin
- (inherit (package-source libtiff))
- (patches
- (append
- (origin-patches (package-source libtiff))
- (search-patches "libtiff-CVE-2017-7593.patch"
- "libtiff-CVE-2017-7594.patch"
- "libtiff-multiple-UBSAN-crashes.patch")))))))
+ (method url-fetch)
+ (uri (string-append "http://download.osgeo.org/libtiff/tiff-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))))
(define-public libwmf
(package
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index b4dfef6ec0..a35221cff9 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -421,7 +421,7 @@ and corrections. It is based on a Bayesian filter.")
(define-public offlineimap
(package
(name "offlineimap")
- (version "7.1.0")
+ (version "7.1.1")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/OfflineIMAP/offlineimap/"
@@ -429,7 +429,7 @@ and corrections. It is based on a Bayesian filter.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "1r0sbgwyirpbks82ri9g88raf3mp8shq9rg0r92gkr7h6888v6fw"))))
+ "00xpxh0pxcvv3mjgb3vq3x51v498dhqcaixyb3a4srmfgskzh956"))))
(build-system python-build-system)
(native-inputs
`(("asciidoc" ,asciidoc)))
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index c22d3d4dc8..425a7c4c23 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -490,6 +490,8 @@ was initially a fork of xmpppy, but uses non-blocking sockets.")
(uri (string-append "https://gajim.org/downloads/"
(version-major+minor version)
"/gajim-" version ".tar.bz2"))
+ (patches
+ (search-patches "gajim-CVE-2016-10376.patch"))
(sha256
(base32
"13sxz0hpvyj2yvcbsfqq9yn0hp1d1zsxsj40r0v16jlibha5da9n"))))
diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm
index 66b67eac6d..c1f962a4b6 100644
--- a/gnu/packages/parallel.scm
+++ b/gnu/packages/parallel.scm
@@ -45,7 +45,7 @@
(define-public parallel
(package
(name "parallel")
- (version "20170422")
+ (version "20170522")
(source
(origin
(method url-fetch)
@@ -53,7 +53,7 @@
version ".tar.bz2"))
(sha256
(base32
- "0afk1q8mqzz02h6imyykgi9gwk5gj08hzs6lwgd65ilj4slkh93s"))))
+ "1k5wlcc0dr2fxna0vi48s0l6pvbyl4pbclbih4103f1155im23ca"))))
(build-system gnu-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/patches/gajim-CVE-2016-10376.patch b/gnu/packages/patches/gajim-CVE-2016-10376.patch
new file mode 100644
index 0000000000..591dd1af21
--- /dev/null
+++ b/gnu/packages/patches/gajim-CVE-2016-10376.patch
@@ -0,0 +1,57 @@
+Fix CVE-2016-10376.
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376
+http://seclists.org/oss-sec/2017/q2/341
+https://dev.gajim.org/gajim/gajim/issues/8378
+
+Patch copied from upstream source repository:
+
+https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
+
+(adapted for context in config.py)
+
+From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001
+From: Philipp Hörist <forenjunkie@chello.at>
+Date: Fri, 26 May 2017 23:10:05 +0200
+Subject: [PATCH] Add config option to activate XEP-0146 commands
+
+Some of the Commands have security implications, thats why we disable them per default
+Fixes #8378
+---
+ src/common/commands.py | 7 ++++---
+ src/common/config.py | 1 +
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/common/commands.py b/src/common/commands.py
+index 19d8c13..0eeb57c 100644
+--- a/src/common/commands.py
++++ b/src/common/commands.py
+@@ -345,9 +345,10 @@ class ConnectionCommands:
+ def __init__(self):
+ # a list of all commands exposed: node -> command class
+ self.__commands = {}
+- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
+- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
+- self.__commands[cmdobj.commandnode] = cmdobj
++ if gajim.config.get('remote_commands'):
++ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
++ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
++ self.__commands[cmdobj.commandnode] = cmdobj
+
+ # a list of sessions; keys are tuples (jid, sessionid, node)
+ self.__sessions = {}
+diff --git a/src/common/config.py b/src/common/config.py
+index cde1f81..fe25455 100644
+--- a/src/common/config.py
++++ b/src/common/config.py
+@@ -314,6 +314,7 @@ class Config:
+ 'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')],
+ 'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')],
+ 'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')],
++ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')],
+ }, {})
+
+ __options_per_key = {
+--
+libgit2 0.24.0
+
diff --git a/gnu/packages/patches/graphite2-CVE-2017-5436.patch b/gnu/packages/patches/graphite2-CVE-2017-5436.patch
deleted file mode 100644
index d7383ec8de..0000000000
--- a/gnu/packages/patches/graphite2-CVE-2017-5436.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 1ce331d5548b98ed8b818532b2556d6f2c7a3b83 Mon Sep 17 00:00:00 2001
-From: Martin Hosken <martin_hosken@sil.org>
-Date: Thu, 9 Mar 2017 22:04:04 +0000
-Subject: [PATCH] Ensure features have enough space. Fix from Mozilla
-
----
- src/FeatureMap.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/FeatureMap.cpp b/src/FeatureMap.cpp
-index b8c8405..83bd5f6 100644
---- a/src/FeatureMap.cpp
-+++ b/src/FeatureMap.cpp
-@@ -275,7 +275,7 @@ bool FeatureRef::applyValToFeature(uint32 val, Features & pDest) const
- else
- if (pDest.m_pMap!=&m_pFace->theSill().theFeatureMap())
- return false; //incompatible
-- pDest.reserve(m_index);
-+ pDest.reserve(m_index+1);
- pDest[m_index] &= ~m_mask;
- pDest[m_index] |= (uint32(val) << m_bits);
- return true;
---
-2.12.2
-
diff --git a/gnu/packages/patches/graphite2-check-code-point-limit.patch b/gnu/packages/patches/graphite2-check-code-point-limit.patch
deleted file mode 100644
index a9b6caf53f..0000000000
--- a/gnu/packages/patches/graphite2-check-code-point-limit.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 348c11e4571b534efdbd58a575bbea979c880b2f Mon Sep 17 00:00:00 2001
-From: Tim Eves <tim_eves@sil.org>
-Date: Wed, 1 Mar 2017 14:23:46 +0700
-Subject: [PATCH] Fix decoding of USV greater than U+110000
-
-Add test cases too
----
- src/inc/UtfCodec.h | 4 ++--
- tests/utftest/utftest.cpp | 3 +++
- 2 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/inc/UtfCodec.h b/src/inc/UtfCodec.h
-index 3417bac..9dc760f 100644
---- a/src/inc/UtfCodec.h
-+++ b/src/inc/UtfCodec.h
-@@ -124,7 +124,7 @@ struct _utf_codec<8>
- private:
- static const int8 sz_lut[16];
- static const byte mask_lut[5];
--
-+ static const uchar_t limit = 0x110000;
-
- public:
- typedef uint8 codeunit_t;
-@@ -157,7 +157,7 @@ public:
- case 0: l = -1; return 0xFFFD;
- }
-
-- if (l != seq_sz || toolong)
-+ if (l != seq_sz || toolong || u >= limit)
- {
- l = -l;
- return 0xFFFD;
-diff --git a/tests/utftest/utftest.cpp b/tests/utftest/utftest.cpp
-index 21cb188..a23553a 100644
---- a/tests/utftest/utftest.cpp
-+++ b/tests/utftest/utftest.cpp
-@@ -8,6 +8,9 @@ struct test8
- unsigned char str[12];
- };
- struct test8 tests8[] = {
-+ { 0, 0, {0xF4, 0x90, 0x80, 0x80, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000]
-+ { 0, 0, {0xC0, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000]
-+ { 0, 0, {0xA0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000]
- { 4, -1, {0x7F, 0xDF, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0, 0} }, // U+7F, U+7FF, U+FFFF, U+10FFF
- { 2, 3, {0x7F, 0xDF, 0xBF, 0xF0, 0x8F, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, U+7FF, long(U+FFFF), U+10FFF
- { 1, 1, {0x7F, 0xE0, 0x9F, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, long(U+7FF), U+FFFF, U+10FFF
---
-2.12.2
-
diff --git a/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch b/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch
deleted file mode 100644
index 57d4ce2c6e..0000000000
--- a/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-This patch incorporates the following 6 consecutive commits from the upstream
-graphite2 repository:
-
-75b83cd..: Martin Hosken 2017-03-28 Fix 32-bit wrap arounds
-1f97e36..: Martin Hosken 2017-03-28 balance comparisons in decompressor
-9493785..: Martin Hosken 2017-03-29 Speculative rounding fix
-09af043..: Tim Eves 2017-03-31 Move a MINMATCH to rhs of a comparisio
-28cc60d..: Tim Eves 2017-03-31 Deal with similar wrap around in literal_len
-8afc7d0..: Martin Hosken 2017-04-03 Fix 32-bit rollover in decompressor, again
-
-This diff was generated by the following command:
-
- git diff 1ce331d5548b98ed..8afc7d0081959866
-
-
-diff --git a/src/Decompressor.cpp b/src/Decompressor.cpp
-index 084570f..56d531f 100644
---- a/src/Decompressor.cpp
-+++ b/src/Decompressor.cpp
-@@ -51,7 +51,7 @@ bool read_sequence(u8 const * &src, u8 const * const end, u8 const * &literal, u
- literal = src;
- src += literal_len;
-
-- if (src > end - 2)
-+ if (src > end - 2 || src < literal)
- return false;
-
- match_dist = *src++;
-@@ -85,7 +85,7 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
- {
- // Copy in literal. At this point the last full sequence must be at
- // least MINMATCH + 5 from the end of the output buffer.
-- if (dst + align(literal_len) > dst_end - (MINMATCH+5))
-+ if (align(literal_len) > unsigned(dst_end - dst - (MINMATCH+5)) || dst_end - dst < MINMATCH + 5)
- return -1;
- dst = overrun_copy(dst, literal, literal_len);
- }
-@@ -94,7 +94,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
- // decoded output.
- u8 const * const pcpy = dst - match_dist;
- if (pcpy < static_cast<u8*>(out)
-- || dst + match_len + MINMATCH > dst_end - 5)
-+ || match_len > unsigned(dst_end - dst - (MINMATCH+5))
-+ || dst_end - dst < MINMATCH + 5)
- return -1;
- if (dst > pcpy+sizeof(unsigned long)
- && dst + align(match_len + MINMATCH) <= dst_end)
-@@ -103,8 +104,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
- dst = safe_copy(dst, pcpy, match_len + MINMATCH);
- }
-
-- if (literal + literal_len > src_end
-- || dst + literal_len > dst_end)
-+ if (literal_len > src_end - literal
-+ || literal_len > dst_end - dst)
- return -1;
- dst = fast_copy(dst, literal, literal_len);
-
-diff --git a/src/Pass.cpp b/src/Pass.cpp
-index a4bac2e..683143c 100644
---- a/src/Pass.cpp
-+++ b/src/Pass.cpp
-@@ -171,7 +171,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su
- const uint16 * const o_actions = reinterpret_cast<const uint16 *>(p);
- be::skip<uint16>(p, m_numRules + 1);
- const byte * const states = p;
-- if (e.test(p + 2u*m_numTransition*m_numColumns >= pass_end, E_BADPASSLENGTH)) return face.error(e);
-+ if (e.test(2u*m_numTransition*m_numColumns >= (unsigned)(pass_end - p), E_BADPASSLENGTH)) return face.error(e);
- be::skip<int16>(p, m_numTransition*m_numColumns);
- be::skip<uint8>(p);
- if (e.test(p != pcCode, E_BADPASSCCODEPTR)) return face.error(e);
-@@ -192,7 +192,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su
- m_cPConstraint = vm::Machine::Code(true, pcCode, pcCode + pass_constraint_len,
- precontext[0], be::peek<uint16>(sort_keys), *m_silf, face, PASS_TYPE_UNKNOWN);
- if (e.test(!m_cPConstraint, E_OUTOFMEM)
-- || e.test(!m_cPConstraint, m_cPConstraint.status() + E_CODEFAILURE))
-+ || e.test(m_cPConstraint.status() != Code::loaded, m_cPConstraint.status() + E_CODEFAILURE))
- return face.error(e);
- face.error_context(face.error_context() - 1);
- }
-diff --git a/src/Silf.cpp b/src/Silf.cpp
-index 72a22cd..d661992 100644
---- a/src/Silf.cpp
-+++ b/src/Silf.cpp
-@@ -191,7 +191,7 @@ bool Silf::readGraphite(const byte * const silf_start, size_t lSilf, Face& face,
-
- const size_t clen = readClassMap(p, passes_start - p, version, e);
- m_passes = new Pass[m_numPasses];
-- if (e || e.test(p + clen > passes_start, E_BADPASSESSTART)
-+ if (e || e.test(clen > unsigned(passes_start - p), E_BADPASSESSTART)
- || e.test(!m_passes, E_OUTOFMEM))
- { releaseBuffers(); return face.error(e); }
-
diff --git a/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch b/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch
deleted file mode 100644
index 2bb1c9f94e..0000000000
--- a/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 0646e4ee471183994f78a759269f0505617711f3 Mon Sep 17 00:00:00 2001
-From: Martin Hosken <martin_hosken@sil.org>
-Date: Tue, 18 Apr 2017 13:17:14 +0100
-Subject: [PATCH] Ensure non linear classes have even number of elements
-
----
- src/Silf.cpp | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/Silf.cpp b/src/Silf.cpp
-index d661992..9f2f954 100644
---- a/src/Silf.cpp
-+++ b/src/Silf.cpp
-@@ -293,7 +293,8 @@ size_t Silf::readClassMap(const byte *p, size_t data_len, uint32 version, Error
- if (e.test(*o + 4 > max_off, E_HIGHCLASSOFFSET) // LookupClass doesn't stretch over max_off
- || e.test(lookup[0] == 0 // A LookupClass with no looks is a suspicious thing ...
- || lookup[0] * 2 + *o + 4 > max_off // numIDs lookup pairs fits within (start of LookupClass' lookups array, max_off]
-- || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO)) // rangeShift: numIDs - searchRange
-+ || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO) // rangeShift: numIDs - searchRange
-+ || e.test(((o[1] - *o) & 1) != 0, ERROROFFSET)) // glyphs are in pairs so difference must be even.
- return ERROROFFSET;
- }
-
---
-2.12.2
-
diff --git a/gnu/packages/patches/libtiff-CVE-2017-7593.patch b/gnu/packages/patches/libtiff-CVE-2017-7593.patch
deleted file mode 100644
index 496efb73b9..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2017-7593.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-Fixes CVE-2017-7593 (Potential uninitialized-memory access from tif_rawdata):
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2651
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7593
-https://security-tracker.debian.org/tracker/CVE-2017-7593
-
-2017-01-11 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add
- _TIFFcalloc()
-
- * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
- initialize tif_rawdata.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1208; previous revision: 1.1207
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c
-new revision: 1.53; previous revision: 1.52
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_unix.c,v <-- libtiff/tif_unix.c
-new revision: 1.28; previous revision: 1.27
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_vms.c,v <-- libtiff/tif_vms.c
-new revision: 1.14; previous revision: 1.13
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_win32.c,v <-- libtiff/tif_win32.c
-new revision: 1.42; previous revision: 1.41
-/cvs/maptools/cvsroot/libtiff/libtiff/tiffio.h,v <-- libtiff/tiffio.h
-new revision: 1.94; previous revision: 1.93
-
-diff -ru tiff-4.0.7/libtiff/tiffio.h tiff-4.0.7.new/libtiff/tiffio.h
---- tiff-4.0.7/libtiff/tiffio.h 1969-12-31 19:00:00.000000000 -0500
-+++ tiff-4.0.7.new/libtiff/tiffio.h 2017-05-05 19:08:03.772999790 -0400
-@@ -1,4 +1,4 @@
--/* $Id: tiffio.h,v 1.92 2016-01-23 21:20:34 erouault Exp $ */
-+/* $Id: tiffio.h,v 1.94 2017-01-11 19:02:49 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -293,6 +293,7 @@
- */
-
- extern void* _TIFFmalloc(tmsize_t s);
-+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
- extern void* _TIFFrealloc(void* p, tmsize_t s);
- extern void _TIFFmemset(void* p, int v, tmsize_t c);
- extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
-diff -ru tiff-4.0.7/libtiff/tif_read.c tiff-4.0.7.new/libtiff/tif_read.c
---- tiff-4.0.7/libtiff/tif_read.c 2017-05-05 19:04:09.740966642 -0400
-+++ tiff-4.0.7.new/libtiff/tif_read.c 2017-05-05 18:59:11.070709441 -0400
-@@ -1,4 +1,4 @@
--/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */
-+/* $Id: tif_read.c,v 1.53 2017-01-11 19:02:49 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -976,7 +976,9 @@
- "Invalid buffer size");
- return (0);
- }
-- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
-+ /* Initialize to zero to avoid uninitialized buffers in case of */
-+ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
-+ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
- tif->tif_flags |= TIFF_MYBUFFER;
- }
- if (tif->tif_rawdata == NULL) {
-diff -ru tiff-4.0.7/libtiff/tif_unix.c tiff-4.0.7.new/libtiff/tif_unix.c
---- tiff-4.0.7/libtiff/tif_unix.c 1969-12-31 19:00:00.000000000 -0500
-+++ tiff-4.0.7.new/libtiff/tif_unix.c 2017-05-05 19:10:48.302645187 -0400
-@@ -1,4 +1,4 @@
--/* $Id: tif_unix.c,v 1.27 2015-08-19 02:31:04 bfriesen Exp $ */
-+/* $Id: tif_unix.c,v 1.28 2017-01-11 19:02:49 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -316,6 +316,14 @@
- return (malloc((size_t) s));
- }
-
-+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
-+{
-+ if( nmemb == 0 || siz == 0 )
-+ return ((void *) NULL);
-+
-+ return calloc((size_t) nmemb, (size_t)siz);
-+}
-+
- void
- _TIFFfree(void* p)
- {
-diff -ru tiff-4.0.7/libtiff/tif_win32.c tiff-4.0.7.new/libtiff/tif_win32.c
---- tiff-4.0.7/libtiff/tif_win32.c 1969-12-31 19:00:00.000000000 -0500
-+++ tiff-4.0.7.new/libtiff/tif_win32.c 2017-05-05 19:13:06.903399627 -0400
-@@ -1,4 +1,4 @@
--/* $Id: tif_win32.c,v 1.41 2015-08-23 20:12:44 bfriesen Exp $ */
-+/* $Id: tif_win32.c,v 1.42 2017-01-11 19:02:49 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -360,6 +360,14 @@
- return (malloc((size_t) s));
- }
-
-+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
-+{
-+ if( nmemb == 0 || siz == 0 )
-+ return ((void *) NULL);
-+
-+ return calloc((size_t) nmemb, (size_t)siz);
-+}
-+
- void
- _TIFFfree(void* p)
- {
diff --git a/gnu/packages/patches/libtiff-CVE-2017-7594.patch b/gnu/packages/patches/libtiff-CVE-2017-7594.patch
deleted file mode 100644
index d17997d447..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2017-7594.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Fixes CVE-2017-7594 (Direct leak in tif_ojpeg.c):
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2659
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7594
-https://security-tracker.debian.org/tracker/CVE-2017-7594
-
-2017-01-12 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
- when read fails.
- Patch by Nicolás Peña.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1212; previous revision: 1.1211
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v <-- libtiff/tif_ojpeg.c
-new revision: 1.67; previous revision: 1.66
-
-Index: libtiff/libtiff/tif_ojpeg.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v
-retrieving revision 1.67
-retrieving revision 1.68
-diff -u -r1.67 -r1.68
---- libtiff/libtiff/tif_ojpeg.c 12 Jan 2017 17:43:26 -0000 1.67
-+++ libtiff/libtiff/tif_ojpeg.c 12 Jan 2017 19:23:20 -0000 1.68
-@@ -1,4 +1,4 @@
--/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */
-+/* $Id: tif_ojpeg.c,v 1.68 2017-01-12 19:23:20 erouault Exp $ */
-
- /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0
- specification is now totally obsolete and deprecated for new applications and
-@@ -1790,7 +1790,10 @@
- TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET);
- p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
- if (p!=64)
-+ {
-+ _TIFFfree(ob);
- return(0);
-+ }
- sp->qtable[m]=ob;
- sp->sof_tq[m]=m;
- }
-@@ -1854,7 +1857,10 @@
- rb[sizeof(uint32)+5+n]=o[n];
- p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
- if (p!=q)
-+ {
-+ _TIFFfree(rb);
- return(0);
-+ }
- sp->dctable[m]=rb;
- sp->sos_tda[m]=(m<<4);
- }
diff --git a/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch b/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch
deleted file mode 100644
index 2f4509f386..0000000000
--- a/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch
+++ /dev/null
@@ -1,449 +0,0 @@
-Fixes CVE-2017-{7595,7596,7597,7598,7599,7600,7601,7602}:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7595
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7596
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7597
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7598
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7599
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7600
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7601
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7602
-
-2017-01-11 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various
- clampings
- of double to other data types to avoid undefined behaviour if the
- output range
- isn't big enough to hold the input value.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643
- http://bugzilla.maptools.org/show_bug.cgi?id=2642
- http://bugzilla.maptools.org/show_bug.cgi?id=2646
- http://bugzilla.maptools.org/show_bug.cgi?id=2647
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1204; previous revision: 1.1203
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v <-- libtiff/tif_dir.c
-new revision: 1.129; previous revision: 1.128
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c
-new revision: 1.207; previous revision: 1.206
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v <-- libtiff/tif_dirwrite.c
-new revision: 1.85; previous revision: 1.84
-
-2017-01-11 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_dirread.c: avoid division by floating point 0 in
- TIFFReadDirEntryCheckedRational() and
- TIFFReadDirEntryCheckedSrational(),
- and return 0 in that case (instead of infinity as before presumably)
- Apparently some sanitizers do not like those divisions by zero.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1203; previous revision: 1.1202
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c
-new revision: 1.206; previous revision: 1.205
-
-2017-01-11 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to
- avoid undefined behaviour caused by invalid shift exponent.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1205; previous revision: 1.1204
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v <-- libtiff/tif_jpeg.c
-new revision: 1.126; previous revision: 1.125
-
-2017-01-11 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_read.c: avoid potential undefined behaviour on signed
- integer addition in TIFFReadRawStrip1() in isMapped() case.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1206; previous revision: 1.1205
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c
-new revision: 1.51; previous revision: 1.50
-
-Index: libtiff/libtiff/tif_dir.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v
-retrieving revision 1.128
-retrieving revision 1.129
-diff -u -r1.128 -r1.129
---- libtiff/libtiff/tif_dir.c 3 Dec 2016 15:30:31 -0000 1.128
-+++ libtiff/libtiff/tif_dir.c 11 Jan 2017 16:09:02 -0000 1.129
-@@ -1,4 +1,4 @@
--/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */
-+/* $Id: tif_dir.c,v 1.129 2017-01-11 16:09:02 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -31,6 +31,7 @@
- * (and also some miscellaneous stuff)
- */
- #include "tiffiop.h"
-+#include <float.h>
-
- /*
- * These are used in the backwards compatibility code...
-@@ -154,6 +155,15 @@
- return (0);
- }
-
-+static float TIFFClampDoubleToFloat( double val )
-+{
-+ if( val > FLT_MAX )
-+ return FLT_MAX;
-+ if( val < -FLT_MAX )
-+ return -FLT_MAX;
-+ return (float)val;
-+}
-+
- static int
- _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
- {
-@@ -312,13 +322,13 @@
- dblval = va_arg(ap, double);
- if( dblval < 0 )
- goto badvaluedouble;
-- td->td_xresolution = (float) dblval;
-+ td->td_xresolution = TIFFClampDoubleToFloat( dblval );
- break;
- case TIFFTAG_YRESOLUTION:
- dblval = va_arg(ap, double);
- if( dblval < 0 )
- goto badvaluedouble;
-- td->td_yresolution = (float) dblval;
-+ td->td_yresolution = TIFFClampDoubleToFloat( dblval );
- break;
- case TIFFTAG_PLANARCONFIG:
- v = (uint16) va_arg(ap, uint16_vap);
-@@ -327,10 +337,10 @@
- td->td_planarconfig = (uint16) v;
- break;
- case TIFFTAG_XPOSITION:
-- td->td_xposition = (float) va_arg(ap, double);
-+ td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
- break;
- case TIFFTAG_YPOSITION:
-- td->td_yposition = (float) va_arg(ap, double);
-+ td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
- break;
- case TIFFTAG_RESOLUTIONUNIT:
- v = (uint16) va_arg(ap, uint16_vap);
-Index: libtiff/libtiff/tif_dirread.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
-retrieving revision 1.206
-retrieving revision 1.207
-diff -u -r1.206 -r1.207
---- libtiff/libtiff/tif_dirread.c 11 Jan 2017 13:28:01 -0000 1.206
-+++ libtiff/libtiff/tif_dirread.c 11 Jan 2017 16:09:02 -0000 1.207
-@@ -1,4 +1,4 @@
--/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */
-+/* $Id: tif_dirread.c,v 1.207 2017-01-11 16:09:02 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -40,6 +40,7 @@
- */
-
- #include "tiffiop.h"
-+#include <float.h>
-
- #define IGNORE 0 /* tag placeholder used below */
- #define FAILED_FII ((uint32) -1)
-@@ -2406,7 +2407,14 @@
- ma=(double*)origdata;
- mb=data;
- for (n=0; n<count; n++)
-- *mb++=(float)(*ma++);
-+ {
-+ double val = *ma++;
-+ if( val > FLT_MAX )
-+ val = FLT_MAX;
-+ else if( val < -FLT_MAX )
-+ val = -FLT_MAX;
-+ *mb++=(float)val;
-+ }
- }
- break;
- }
-Index: libtiff/libtiff/tif_dirwrite.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v
-retrieving revision 1.84
-retrieving revision 1.85
-diff -u -r1.84 -r1.85
---- libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 12:51:59 -0000 1.84
-+++ libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 16:09:02 -0000 1.85
-@@ -1,4 +1,4 @@
--/* $Id: tif_dirwrite.c,v 1.83 2016-10-25 21:35:15 erouault Exp $ */
-+/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -30,6 +30,7 @@
- * Directory Write Support Routines.
- */
- #include "tiffiop.h"
-+#include <float.h>
-
- #ifdef HAVE_IEEEFP
- #define TIFFCvtNativeToIEEEFloat(tif, n, fp)
-@@ -939,6 +940,69 @@
- return(0);
- }
-
-+static float TIFFClampDoubleToFloat( double val )
-+{
-+ if( val > FLT_MAX )
-+ return FLT_MAX;
-+ if( val < -FLT_MAX )
-+ return -FLT_MAX;
-+ return (float)val;
-+}
-+
-+static int8 TIFFClampDoubleToInt8( double val )
-+{
-+ if( val > 127 )
-+ return 127;
-+ if( val < -128 || val != val )
-+ return -128;
-+ return (int8)val;
-+}
-+
-+static int16 TIFFClampDoubleToInt16( double val )
-+{
-+ if( val > 32767 )
-+ return 32767;
-+ if( val < -32768 || val != val )
-+ return -32768;
-+ return (int16)val;
-+}
-+
-+static int32 TIFFClampDoubleToInt32( double val )
-+{
-+ if( val > 0x7FFFFFFF )
-+ return 0x7FFFFFFF;
-+ if( val < -0x7FFFFFFF-1 || val != val )
-+ return -0x7FFFFFFF-1;
-+ return (int32)val;
-+}
-+
-+static uint8 TIFFClampDoubleToUInt8( double val )
-+{
-+ if( val < 0 )
-+ return 0;
-+ if( val > 255 || val != val )
-+ return 255;
-+ return (uint8)val;
-+}
-+
-+static uint16 TIFFClampDoubleToUInt16( double val )
-+{
-+ if( val < 0 )
-+ return 0;
-+ if( val > 65535 || val != val )
-+ return 65535;
-+ return (uint16)val;
-+}
-+
-+static uint32 TIFFClampDoubleToUInt32( double val )
-+{
-+ if( val < 0 )
-+ return 0;
-+ if( val > 0xFFFFFFFFU || val != val )
-+ return 0xFFFFFFFFU;
-+ return (uint32)val;
-+}
-+
- static int
- TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, double* value)
- {
-@@ -959,7 +1023,7 @@
- if (tif->tif_dir.td_bitspersample<=32)
- {
- for (i = 0; i < count; ++i)
-- ((float*)conv)[i] = (float)value[i];
-+ ((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]);
- ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv);
- }
- else
-@@ -971,19 +1035,19 @@
- if (tif->tif_dir.td_bitspersample<=8)
- {
- for (i = 0; i < count; ++i)
-- ((int8*)conv)[i] = (int8)value[i];
-+ ((int8*)conv)[i] = TIFFClampDoubleToInt8(value[i]);
- ok = TIFFWriteDirectoryTagSbyteArray(tif,ndir,dir,tag,count,(int8*)conv);
- }
- else if (tif->tif_dir.td_bitspersample<=16)
- {
- for (i = 0; i < count; ++i)
-- ((int16*)conv)[i] = (int16)value[i];
-+ ((int16*)conv)[i] = TIFFClampDoubleToInt16(value[i]);
- ok = TIFFWriteDirectoryTagSshortArray(tif,ndir,dir,tag,count,(int16*)conv);
- }
- else
- {
- for (i = 0; i < count; ++i)
-- ((int32*)conv)[i] = (int32)value[i];
-+ ((int32*)conv)[i] = TIFFClampDoubleToInt32(value[i]);
- ok = TIFFWriteDirectoryTagSlongArray(tif,ndir,dir,tag,count,(int32*)conv);
- }
- break;
-@@ -991,19 +1055,19 @@
- if (tif->tif_dir.td_bitspersample<=8)
- {
- for (i = 0; i < count; ++i)
-- ((uint8*)conv)[i] = (uint8)value[i];
-+ ((uint8*)conv)[i] = TIFFClampDoubleToUInt8(value[i]);
- ok = TIFFWriteDirectoryTagByteArray(tif,ndir,dir,tag,count,(uint8*)conv);
- }
- else if (tif->tif_dir.td_bitspersample<=16)
- {
- for (i = 0; i < count; ++i)
-- ((uint16*)conv)[i] = (uint16)value[i];
-+ ((uint16*)conv)[i] = TIFFClampDoubleToUInt16(value[i]);
- ok = TIFFWriteDirectoryTagShortArray(tif,ndir,dir,tag,count,(uint16*)conv);
- }
- else
- {
- for (i = 0; i < count; ++i)
-- ((uint32*)conv)[i] = (uint32)value[i];
-+ ((uint32*)conv)[i] = TIFFClampDoubleToUInt32(value[i]);
- ok = TIFFWriteDirectoryTagLongArray(tif,ndir,dir,tag,count,(uint32*)conv);
- }
- break;
-@@ -2102,7 +2102,7 @@
- m[0]=0;
- m[1]=1;
- }
-- else if (value==(double)(uint32)value)
-+ else if (value <= 0xFFFFFFFFU && value==(double)(uint32)value)
- {
- m[0]=(uint32)value;
- m[1]=1;
-@@ -2148,12 +2217,13 @@
- }
- for (na=value, nb=m, nc=0; nc<count; na++, nb+=2, nc++)
- {
-- if (*na<=0.0)
-+ if (*na<=0.0 || *na != *na)
- {
- nb[0]=0;
- nb[1]=1;
- }
-- else if (*na==(float)(uint32)(*na))
-+ else if (*na >= 0 && *na <= (float)0xFFFFFFFFU &&
-+ *na==(float)(uint32)(*na))
- {
- nb[0]=(uint32)(*na);
- nb[1]=1;
-Index: libtiff/libtiff/tif_dirread.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
-retrieving revision 1.205
-retrieving revision 1.206
-diff -u -r1.205 -r1.206
---- libtiff/libtiff/tif_dirread.c 3 Dec 2016 11:02:15 -0000 1.205
-+++ libtiff/libtiff/tif_dirread.c 11 Jan 2017 13:28:01 -0000 1.206
-@@ -2872,7 +2872,10 @@
- m.l = direntry->tdir_offset.toff_long8;
- if (tif->tif_flags&TIFF_SWAB)
- TIFFSwabArrayOfLong(m.i,2);
-- if (m.i[0]==0)
-+ /* Not completely sure what we should do when m.i[1]==0, but some */
-+ /* sanitizers do not like division by 0.0: */
-+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
-+ if (m.i[0]==0 || m.i[1]==0)
- *value=0.0;
- else
- *value=(double)m.i[0]/(double)m.i[1];
-@@ -2900,7 +2903,10 @@
- m.l=direntry->tdir_offset.toff_long8;
- if (tif->tif_flags&TIFF_SWAB)
- TIFFSwabArrayOfLong(m.i,2);
-- if ((int32)m.i[0]==0)
-+ /* Not completely sure what we should do when m.i[1]==0, but some */
-+ /* sanitizers do not like division by 0.0: */
-+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
-+ if ((int32)m.i[0]==0 || m.i[1]==0)
- *value=0.0;
- else
- *value=(double)((int32)m.i[0])/(double)m.i[1];
-Index: libtiff/libtiff/tif_jpeg.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v
-retrieving revision 1.125
-retrieving revision 1.126
-diff -u -r1.125 -r1.126
---- libtiff/libtiff/tif_jpeg.c 11 Jan 2017 12:15:01 -0000 1.125
-+++ libtiff/libtiff/tif_jpeg.c 11 Jan 2017 16:13:50 -0000 1.126
-@@ -1,4 +1,4 @@
--/* $Id: tif_jpeg.c,v 1.123 2016-01-23 21:20:34 erouault Exp $ */
-+/* $Id: tif_jpeg.c,v 1.126 2017-01-11 16:13:50 erouault Exp $ */
-
- /*
- * Copyright (c) 1994-1997 Sam Leffler
-@@ -1632,6 +1632,13 @@
- "Invalig horizontal/vertical sampling value");
- return (0);
- }
-+ if( td->td_bitspersample > 16 )
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "BitsPerSample %d not allowed for JPEG",
-+ td->td_bitspersample);
-+ return (0);
-+ }
-
- /*
- * A ReferenceBlackWhite field *must* be present since the
-Index: libtiff/libtiff/tif_read.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v
-retrieving revision 1.50
-retrieving revision 1.51
-diff -u -r1.50 -r1.51
---- libtiff/libtiff/tif_read.c 2 Dec 2016 21:56:56 -0000 1.50
-+++ libtiff/libtiff/tif_read.c 11 Jan 2017 16:33:34 -0000 1.51
-@@ -420,16 +420,25 @@
- return ((tmsize_t)(-1));
- }
- } else {
-- tmsize_t ma,mb;
-+ tmsize_t ma;
- tmsize_t n;
-- ma=(tmsize_t)td->td_stripoffset[strip];
-- mb=ma+size;
-- if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
-- n=0;
-- else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
-- n=tif->tif_size-ma;
-- else
-- n=size;
-+ if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
-+ ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
-+ {
-+ n=0;
-+ }
-+ else if( ma > TIFF_TMSIZE_T_MAX - size )
-+ {
-+ n=0;
-+ }
-+ else
-+ {
-+ tmsize_t mb=ma+size;
-+ if (mb>tif->tif_size)
-+ n=tif->tif_size-ma;
-+ else
-+ n=size;
-+ }
- if (n!=size) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- TIFFErrorExt(tif->tif_clientdata, module,
diff --git a/gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch b/gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch
new file mode 100644
index 0000000000..4e40c1daa1
--- /dev/null
+++ b/gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch
@@ -0,0 +1,151 @@
+From 86b98a11559da7d1b21dc9b4c6b10511b9095bc4 Mon Sep 17 00:00:00 2001
+From: Simon Cross <hodgestar@gmail.com>
+Date: Sun, 16 Feb 2014 18:46:15 +0000
+Subject: [PATCH 05/16] Add support for Python 3.4 AST (support for
+ NameConstants and changes to existing to arguments node attributes).
+
+---
+ genshi/template/astutil.py | 31 ++++++++++++++++++++++++++++---
+ genshi/template/eval.py | 34 +++++++++++++++++++---------------
+ 2 files changed, 47 insertions(+), 18 deletions(-)
+
+diff --git a/genshi/template/astutil.py b/genshi/template/astutil.py
+index a4c21c8..a3946b4 100644
+--- a/genshi/template/astutil.py
++++ b/genshi/template/astutil.py
+@@ -21,7 +21,7 @@ else:
+ def parse(source, mode):
+ return compile(source, '', mode, _ast.PyCF_ONLY_AST)
+
+-from genshi.compat import IS_PYTHON2
++from genshi.compat import IS_PYTHON2, isstring
+
+ __docformat__ = 'restructuredtext en'
+
+@@ -103,8 +103,13 @@ class ASTCodeGenerator(object):
+ self._new_line()
+ return self.visit(node.body)
+
++ # Python < 3.4
+ # arguments = (expr* args, identifier? vararg,
+ # identifier? kwarg, expr* defaults)
++ #
++ # Python >= 3.4
++ # arguments = (arg* args, arg? vararg, arg* kwonlyargs, expr* kw_defaults,
++ # arg? kwarg, expr* defaults)
+ def visit_arguments(self, node):
+ first = True
+ no_default_count = len(node.args) - len(node.defaults)
+@@ -122,13 +127,21 @@ class ASTCodeGenerator(object):
+ self._write(', ')
+ else:
+ first = False
+- self._write('*' + node.vararg)
++ self._write('*')
++ if isstring(node.vararg):
++ self._write(node.vararg)
++ else:
++ self.visit(node.vararg)
+ if getattr(node, 'kwarg', None):
+ if not first:
+ self._write(', ')
+ else:
+ first = False
+- self._write('**' + node.kwarg)
++ self._write('**')
++ if isstring(node.kwarg):
++ self._write(node.kwarg)
++ else:
++ self.visit(node.kwarg)
+
+ if not IS_PYTHON2:
+ # In Python 3 arguments get a special node
+@@ -724,6 +737,17 @@ class ASTCodeGenerator(object):
+ def visit_Name(self, node):
+ self._write(node.id)
+
++ # NameConstant(singleton value)
++ def visit_NameConstant(self, node):
++ if node.value is None:
++ self._write('None')
++ elif node.value is True:
++ self._write('True')
++ elif node.value is False:
++ self._write('False')
++ else:
++ raise Exception("Unknown NameConstant %r" % (node.value,))
++
+ # List(expr* elts, expr_context ctx)
+ def visit_List(self, node):
+ self._write('[')
+@@ -829,6 +853,7 @@ class ASTTransformer(object):
+ visit_Attribute = _clone
+ visit_Subscript = _clone
+ visit_Name = _clone
++ visit_NameConstant = _clone
+ visit_List = _clone
+ visit_Tuple = _clone
+
+diff --git a/genshi/template/eval.py b/genshi/template/eval.py
+index 89aec49..de4bc86 100644
+--- a/genshi/template/eval.py
++++ b/genshi/template/eval.py
+@@ -24,7 +24,8 @@ from genshi.template.astutil import ASTTransformer, ASTCodeGenerator, \
+ from genshi.template.base import TemplateRuntimeError
+ from genshi.util import flatten
+
+-from genshi.compat import get_code_params, build_code_chunk, IS_PYTHON2
++from genshi.compat import get_code_params, build_code_chunk, isstring, \
++ IS_PYTHON2
+
+ __all__ = ['Code', 'Expression', 'Suite', 'LenientLookup', 'StrictLookup',
+ 'Undefined', 'UndefinedError']
+@@ -495,28 +496,31 @@ class TemplateASTTransformer(ASTTransformer):
+ def __init__(self):
+ self.locals = [CONSTANTS]
+
++ def _process(self, names, node):
++ if not IS_PYTHON2 and isinstance(node, _ast.arg):
++ names.add(node.arg)
++ elif isstring(node):
++ names.add(node)
++ elif isinstance(node, _ast.Name):
++ names.add(node.id)
++ elif isinstance(node, _ast.alias):
++ names.add(node.asname or node.name)
++ elif isinstance(node, _ast.Tuple):
++ for elt in node.elts:
++ self._process(names, elt)
++
+ def _extract_names(self, node):
+ names = set()
+- def _process(node):
+- if not IS_PYTHON2 and isinstance(node, _ast.arg):
+- names.add(node.arg)
+- if isinstance(node, _ast.Name):
+- names.add(node.id)
+- elif isinstance(node, _ast.alias):
+- names.add(node.asname or node.name)
+- elif isinstance(node, _ast.Tuple):
+- for elt in node.elts:
+- _process(elt)
+ if hasattr(node, 'args'):
+ for arg in node.args:
+- _process(arg)
++ self._process(names, arg)
+ if hasattr(node, 'vararg'):
+- names.add(node.vararg)
++ self._process(names, node.vararg)
+ if hasattr(node, 'kwarg'):
+- names.add(node.kwarg)
++ self._process(names, node.kwarg)
+ elif hasattr(node, 'names'):
+ for elt in node.names:
+- _process(elt)
++ self._process(names, elt)
+ return names
+
+ def visit_Str(self, node):
+--
+2.12.0
+
diff --git a/gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch b/gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch
new file mode 100644
index 0000000000..2bc516c697
--- /dev/null
+++ b/gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch
@@ -0,0 +1,25 @@
+From 32bfaa7cc1c736fd62fcbb6414de9498dc20ed07 Mon Sep 17 00:00:00 2001
+From: Adriano Peluso <catonano@gmail.com>
+Date: Wed, 5 Apr 2017 15:13:06 +0200
+Subject: [PATCH 2/2] buildable on python27 too
+
+---
+ genshi/template/directives.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/genshi/template/directives.py b/genshi/template/directives.py
+index 6fd0f28..1f70ef6 100644
+--- a/genshi/template/directives.py
++++ b/genshi/template/directives.py
+@@ -266,7 +266,7 @@ class DefDirective(Directive):
+ if isinstance(ast, _ast.Call):
+ self.name = ast.func.id
+ for arg in ast.args:
+- if isinstance(arg, _ast.Starred):
++ if hasattr(_ast, 'Starred') and isinstance(arg, _ast.Starred):
+ # Python 3.5+
+ self.star_args = arg.value.id
+ else:
+--
+2.12.0
+
diff --git a/gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch b/gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch
new file mode 100644
index 0000000000..c25c3bd7a9
--- /dev/null
+++ b/gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch
@@ -0,0 +1,32 @@
+From cef2c8df44166195e1705638f9f17033a4943bb7 Mon Sep 17 00:00:00 2001
+From: Simon Cross <hodgestar@gmail.com>
+Date: Sun, 16 Feb 2014 18:32:21 +0000
+Subject: [PATCH 02/15] Disable the speedups C extension on CPython >= 3.3
+ since Genshi doesn't support the new Unicode C API yet.
+
+---
+ setup.py | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 123a2cb..a3d748c 100755
+--- a/setup.py
++++ b/setup.py
+@@ -65,9 +65,13 @@ available.""")
+
+
+ if Feature:
++ # Optional C extension module for speeding up Genshi:
++ # Not activated by default on:
++ # - PyPy (where it harms performance)
++ # - CPython >= 3.3 (the new Unicode C API is not supported yet)
+ speedups = Feature(
+ "optional C speed-enhancements",
+- standard = not is_pypy,
++ standard = not is_pypy and sys.version_info < (3, 3),
+ ext_modules = [
+ Extension('genshi._speedups', ['genshi/_speedups.c']),
+ ],
+--
+2.12.0
+
diff --git a/gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch b/gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch
new file mode 100644
index 0000000000..05be080cdf
--- /dev/null
+++ b/gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch
@@ -0,0 +1,112 @@
+From ce796ad4bae5c47011876778674ad036357febdf Mon Sep 17 00:00:00 2001
+From: Adriano Peluso <catonano@gmail.com>
+Date: Wed, 5 Apr 2017 15:10:06 +0200
+Subject: [PATCH 1/2] fixing the tests on python35
+
+---
+ genshi/filters/i18n.py | 6 ++++--
+ genshi/template/astutil.py | 14 +++++++++++---
+ genshi/template/directives.py | 20 ++++++++++++++------
+ genshi/template/eval.py | 5 +++++
+ 4 files changed, 34 insertions(+), 11 deletions(-)
+
+diff --git a/genshi/filters/i18n.py b/genshi/filters/i18n.py
+index 526fda4..5387fcf 100644
+--- a/genshi/filters/i18n.py
++++ b/genshi/filters/i18n.py
+@@ -1194,8 +1194,10 @@ def extract_from_code(code, gettext_functions):
+ elif arg:
+ strings.append(None)
+ [_add(arg) for arg in node.args]
+- _add(node.starargs)
+- _add(node.kwargs)
++ if hasattr(node, 'starargs'):
++ _add(node.starargs)
++ if hasattr(node, 'kwargs'):
++ _add(node.kwargs)
+ if len(strings) == 1:
+ strings = strings[0]
+ else:
+diff --git a/genshi/template/astutil.py b/genshi/template/astutil.py
+index f4e1edd..e561846 100644
+--- a/genshi/template/astutil.py
++++ b/genshi/template/astutil.py
+@@ -151,6 +151,10 @@ class ASTCodeGenerator(object):
+ def visit_arg(self, node):
+ self._write(node.arg)
+
++ def visit_Starred(self, node):
++ self._write('*')
++ self.visit(node.value)
++
+ # FunctionDef(identifier name, arguments args,
+ # stmt* body, expr* decorator_list)
+ def visit_FunctionDef(self, node):
+@@ -664,9 +668,13 @@ class ASTCodeGenerator(object):
+ if not first:
+ self._write(', ')
+ first = False
+- # keyword = (identifier arg, expr value)
+- self._write(keyword.arg)
+- self._write('=')
++ if not keyword.arg:
++ # Python 3.5+ star-star args
++ self._write('**')
++ else:
++ # keyword = (identifier arg, expr value)
++ self._write(keyword.arg)
++ self._write('=')
+ self.visit(keyword.value)
+ if getattr(node, 'starargs', None):
+ if not first:
+diff --git a/genshi/template/directives.py b/genshi/template/directives.py
+index 7301c2d..6fd0f28 100644
+--- a/genshi/template/directives.py
++++ b/genshi/template/directives.py
+@@ -266,13 +266,21 @@ class DefDirective(Directive):
+ if isinstance(ast, _ast.Call):
+ self.name = ast.func.id
+ for arg in ast.args:
+- # only names
+- self.args.append(arg.id)
++ if isinstance(arg, _ast.Starred):
++ # Python 3.5+
++ self.star_args = arg.value.id
++ else:
++ # only names
++ self.args.append(arg.id)
+ for kwd in ast.keywords:
+- self.args.append(kwd.arg)
+- exp = Expression(kwd.value, template.filepath,
+- lineno, lookup=template.lookup)
+- self.defaults[kwd.arg] = exp
++ if kwd.arg is None:
++ # Python 3.5+
++ self.dstar_args = kwd.value.id
++ else:
++ self.args.append(kwd.arg)
++ exp = Expression(kwd.value, template.filepath,
++ lineno, lookup=template.lookup)
++ self.defaults[kwd.arg] = exp
+ if getattr(ast, 'starargs', None):
+ self.star_args = ast.starargs.id
+ if getattr(ast, 'kwargs', None):
+diff --git a/genshi/template/eval.py b/genshi/template/eval.py
+index d378419..81644a7 100644
+--- a/genshi/template/eval.py
++++ b/genshi/template/eval.py
+@@ -600,6 +600,11 @@ class TemplateASTTransformer(ASTTransformer):
+ finally:
+ self.locals.pop()
+
++ # Only used in Python 3.5+
++ def visit_Starred(self, node):
++ node.value = self.visit(node.value)
++ return node
++
+ def visit_Name(self, node):
+ # If the name refers to a local inside a lambda, list comprehension, or
+ # generator expression, leave it alone
+--
+2.12.0
+
diff --git a/gnu/packages/patches/python-genshi-isstring-helper.patch b/gnu/packages/patches/python-genshi-isstring-helper.patch
new file mode 100644
index 0000000000..4f6c19bba9
--- /dev/null
+++ b/gnu/packages/patches/python-genshi-isstring-helper.patch
@@ -0,0 +1,37 @@
+From cc5e07284f44cdd9beec178c69070a53f55d1323 Mon Sep 17 00:00:00 2001
+From: Simon Cross <hodgestar@gmail.com>
+Date: Sun, 16 Feb 2014 18:43:20 +0000
+Subject: [PATCH 03/15] Add isstring helper.
+
+---
+ genshi/compat.py | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/genshi/compat.py b/genshi/compat.py
+index 9787325..6574e39 100644
+--- a/genshi/compat.py
++++ b/genshi/compat.py
+@@ -35,6 +35,15 @@ else:
+ 'Python 2 compatibility function. Not usable in Python 3.')
+
+
++# We need to test if an object is an instance of a string type in places
++
++if IS_PYTHON2:
++ def isstring(obj):
++ return isinstance(obj, basestring)
++else:
++ def isstring(obj):
++ return isinstance(obj, str)
++
+ # We need to differentiate between StringIO and BytesIO in places
+
+ if IS_PYTHON2:
+@@ -112,4 +121,3 @@ except NameError:
+ if not x:
+ return False
+ return True
+-
+--
+2.12.0
+
diff --git a/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch b/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch
new file mode 100644
index 0000000000..29951a6149
--- /dev/null
+++ b/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch
@@ -0,0 +1,51 @@
+From 0769be04c3891ae5c724c6779ba13d1d0f53b4ae Mon Sep 17 00:00:00 2001
+From: Simon Cross <hodgestar@gmail.com>
+Date: Sun, 16 Feb 2014 18:25:17 +0000
+Subject: [PATCH 01/15] Also allow stripping of unsafe script tags (Python 3.4
+ parses the second example as a tag whose name is script&xyz).
+
+---
+ genshi/filters/tests/test_html.py | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/genshi/filters/tests/test_html.py b/genshi/filters/tests/test_html.py
+index 0c6cfe1..45ec0da 100644
+--- a/genshi/filters/tests/test_html.py
++++ b/genshi/filters/tests/test_html.py
+@@ -368,12 +368,16 @@ def StyleSanitizer():
+
+ class HTMLSanitizerTestCase(unittest.TestCase):
+
+- def assert_parse_error_or_equal(self, expected, exploit):
++ def assert_parse_error_or_equal(self, expected, exploit,
++ allow_strip=False):
+ try:
+ html = HTML(exploit)
+ except ParseError:
+ return
+- self.assertEquals(expected, (html | HTMLSanitizer()).render())
++ sanitized_html = (html | HTMLSanitizer()).render()
++ if not sanitized_html and allow_strip:
++ return
++ self.assertEquals(expected, sanitized_html)
+
+ def test_sanitize_unchanged(self):
+ html = HTML(u'<a href="#">fo<br />o</a>')
+@@ -416,10 +420,12 @@ class HTMLSanitizerTestCase(unittest.TestCase):
+ html = HTML(u'<SCRIPT SRC="http://example.com/"></SCRIPT>')
+ self.assertEquals('', (html | HTMLSanitizer()).render())
+ src = u'<SCR\0IPT>alert("foo")</SCR\0IPT>'
+- self.assert_parse_error_or_equal('&lt;SCR\x00IPT&gt;alert("foo")', src)
++ self.assert_parse_error_or_equal('&lt;SCR\x00IPT&gt;alert("foo")', src,
++ allow_strip=True)
+ src = u'<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>'
+ self.assert_parse_error_or_equal('&lt;SCRIPT&amp;XYZ; '
+- 'SRC="http://example.com/"&gt;', src)
++ 'SRC="http://example.com/"&gt;', src,
++ allow_strip=True)
+
+ def test_sanitize_remove_onclick_attr(self):
+ html = HTML(u'<div onclick=\'alert("foo")\' />')
+--
+2.12.0
+
diff --git a/gnu/packages/patches/rxvt-unicode-escape-sequences.patch b/gnu/packages/patches/rxvt-unicode-escape-sequences.patch
new file mode 100644
index 0000000000..064dd51e2d
--- /dev/null
+++ b/gnu/packages/patches/rxvt-unicode-escape-sequences.patch
@@ -0,0 +1,35 @@
+This patch prevents a code execution vector involving terminal escape
+sequences when rxvt-unicode is in "secure mode".
+
+This change was spurred by the following conversation on the
+oss-security mailing list:
+
+Problem description and proof of concept:
+http://seclists.org/oss-sec/2017/q2/190
+
+Upstream response:
+http://seclists.org/oss-sec/2017/q2/291
+
+Patch copied from upstream source repository:
+http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
+
+--- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582
++++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583
+@@ -2695,7 +2695,7 @@
+ /* kidnapped escape sequence: Should be 8.3.48 */
+ case C1_ESA: /* ESC G */
+ // used by original rxvt for rob nations own graphics mode
+- if (cmd_getc () == 'Q')
++ if (cmd_getc () == 'Q' && option (Opt_insecure))
+ tt_printf ("\033G0\012"); /* query graphics - no graphics */
+ break;
+
+@@ -2914,7 +2914,7 @@
+ break;
+
+ case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */
+- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
++ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
+ #ifdef ISO6429
+ arg[0] = -arg[0];
+ #else /* emulate common DEC VTs */
diff --git a/gnu/packages/patches/synfig-build-fix.patch b/gnu/packages/patches/synfig-build-fix.patch
deleted file mode 100644
index 3f6168e0fb..0000000000
--- a/gnu/packages/patches/synfig-build-fix.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Allow Synfig to build in C++11 mode.
-
-Taken from here:
-https://projects.archlinux.org/svntogit/community.git/plain/trunk/build-fix.patch?h=packages/synfig
-
-diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.cpp synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.cpp
---- synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.cpp 2015-03-28 13:15:00.000000000 +0300
-+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.cpp 2015-04-28 16:56:11.568749053 +0300
-@@ -56,8 +56,8 @@
- /* === M E T H O D S ======================================================= */
-
-
--Importer_LibAVCodec::Importer_LibAVCodec(const char *file):
-- filename(file)
-+Importer_LibAVCodec::Importer_LibAVCodec(const synfig::FileSystem::Identifier &identifier):
-+ Importer(identifier)
- {
- }
-
-diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.h synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.h
---- synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.h 2015-03-28 13:15:00.000000000 +0300
-+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.h 2015-04-28 16:55:18.699192946 +0300
-@@ -46,7 +46,7 @@
- synfig::String filename;
-
- public:
-- Importer_LibAVCodec(const char *filename);
-+ Importer_LibAVCodec(const synfig::FileSystem::Identifier &identifier);
- ~Importer_LibAVCodec();
-
- virtual bool get_frame(synfig::Surface &surface, const synfig::RendDesc &renddesc, synfig::Time time, synfig::ProgressCallback *callback);
-diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/trgt_av.cpp synfig-1.0-RC5.my/src/modules/mod_libavcodec/trgt_av.cpp
---- synfig-1.0-RC5/src/modules/mod_libavcodec/trgt_av.cpp 2015-03-28 13:15:00.000000000 +0300
-+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/trgt_av.cpp 2015-04-28 16:46:54.720091106 +0300
-@@ -121,14 +121,14 @@
- picture = avcodec_alloc_frame();
- if (!picture)
- return NULL;
-- size = avpicture_get_size(pix_fmt, width, height);
-+ size = avpicture_get_size((::PixelFormat)pix_fmt, width, height);
- picture_buf = (uint8_t *)malloc(size);
- if (!picture_buf) {
- av_free(picture);
- return NULL;
- }
- avpicture_fill((AVPicture *)picture, picture_buf,
-- pix_fmt, width, height);
-+ (::PixelFormat)pix_fmt, width, height);
- return picture;
- }
-
-diff -wbBur synfig-1.0.2/src/synfig/time.cpp synfig-1.0.2.my/src/synfig/time.cpp
---- synfig-1.0.2/src/synfig/time.cpp 2015-07-09 10:33:03.000000000 +0300
-+++ synfig-1.0.2.my/src/synfig/time.cpp 2015-10-12 13:54:58.382313903 +0300
-@@ -319,5 +319,5 @@
- bool
- Time::is_valid()const
- {
-- return !isnan(value_);
-+ return !::isnan(value_);
- }
diff --git a/gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch b/gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch
new file mode 100644
index 0000000000..d7b3e92507
--- /dev/null
+++ b/gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch
@@ -0,0 +1,55 @@
+Downloaded from
+https://github.com/synfig/synfig/commit/b9c3b73ee35b83c4d9183c800809040cef98b2f2.patch
+
+Without this patch the UI of Synfig Studio (when built with the latest version
+of GTK) displays very large buttons in the header of every frame.
+
+This patch can be removed with the next release.
+
+
+From b9c3b73ee35b83c4d9183c800809040cef98b2f2 Mon Sep 17 00:00:00 2001
+From: caryoscelus <caryoscelus@gmx.com>
+Date: Wed, 25 Jan 2017 18:34:39 +0300
+Subject: [PATCH] Fix dock drop area size
+
+Fixes #227
+
+By using Frame instead of Button we avoid intrusive Gtk themes
+from forcing huge drop area size.
+---
+ synfig-studio/src/gui/docks/dockdroparea.cpp | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/src/gui/docks/dockdroparea.cpp b/synfig-studio/src/gui/docks/dockdroparea.cpp
+index 0f8936fdb..e012282f0 100644
+--- a/src/gui/docks/dockdroparea.cpp
++++ b/src/gui/docks/dockdroparea.cpp
+@@ -35,7 +35,7 @@
+ #include "app.h"
+ #include "docks/dockdroparea.h"
+ #include "docks/dockmanager.h"
+-#include <gtkmm/button.h>
++#include <gtkmm/frame.h>
+
+ #endif
+
+@@ -61,10 +61,15 @@ DockDropArea::DockDropArea(Gtk::Widget *target):
+ std::vector<Gtk::TargetEntry> listTargets;
+ listTargets.push_back( Gtk::TargetEntry("SYNFIG_DOCK") );
+
+- Gtk::Button *button_left = manage(new Gtk::Button());
+- Gtk::Button *button_right = manage(new Gtk::Button());
+- Gtk::Button *button_top = manage(new Gtk::Button());
+- Gtk::Button *button_bottom = manage(new Gtk::Button());
++ Gtk::Frame *button_left = manage(new Gtk::Frame());
++ Gtk::Frame *button_right = manage(new Gtk::Frame());
++ Gtk::Frame *button_top = manage(new Gtk::Frame());
++ Gtk::Frame *button_bottom = manage(new Gtk::Frame());
++
++ button_left->set_size_request(20, 10);
++ button_right->set_size_request(20, 10);
++ button_top->set_size_request(20, 10);
++ button_bottom->set_size_request(20, 10);
+
+ button_left->drag_dest_set(listTargets);
+ button_right->drag_dest_set(listTargets);
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index b958199bdb..3e2141e7f4 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -14804,3 +14804,125 @@ information.")
(define-public python2-packaging
(package-with-python2 python-packaging))
+
+(define-public python-sql
+ (package
+ (name "python-sql")
+ (version "0.9")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (pypi-uri "python-sql" version))
+ (sha256
+ (base32
+ "0p6kaqj02vz0habmdx37zjk6hjxdfm8aw737zs059vvpr70ird87"))))
+ (build-system python-build-system)
+ (home-page "https://python-sql.tryton.org/")
+ (synopsis "Library to write SQL queries in a pythonic way")
+ (description "@code{python-sql} is a library to write SQL queries, that
+transforms idiomatic python function calls to well-formed SQL queries.")
+ (license license:bsd-3)))
+
+(define-public python2-sql
+ (package-with-python2 python-sql))
+
+(define-public python-genshi
+ (package
+ (name "python-genshi")
+ (version "0.7")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://ftp.edgewall.org/pub/genshi/Genshi-"
+ version ".tar.gz"))
+ (patches
+ (search-patches
+ ;; The first 4 patches are in the master branch upstream.
+ ;; See this as a reference https://genshi.edgewall.org/ticket/582
+ ;; The last 2 are NOT in any branch.
+ ;; They were sent as attachments to a ticket opened at
+ ;; https://genshi.edgewall.org/ticket/602#no1
+ "python-genshi-stripping-of-unsafe-script-tags.patch"
+ "python-genshi-disable-speedups-on-python-3.3.patch"
+ "python-genshi-isstring-helper.patch"
+ "python-genshi-add-support-for-python-3.4-AST.patch"
+ "python-genshi-fix-tests-on-python-3.5.patch"
+ "python-genshi-buildable-on-python-2.7.patch"))
+ (sha256
+ (base32
+ "0lkkbp6fbwzv0zda5iqc21rr7rdldkwh3hfabfjl9i4bwq14858x"))))
+ (build-system python-build-system)
+ (home-page "https://genshi.edgewall.org/")
+ (synopsis "Toolkit for generation of output for the web")
+ (description "Genshi is a Python library that provides an integrated set
+of components for parsing, generating, and processing HTML, XML or other
+textual content for output generation on the web.")
+ (license license:bsd-3)))
+
+;; The linter here claims that patch file names should start with the package
+;; name. But, in this case the patches are inherited from python-genshi with
+;; the "python-genshi-" prefix instead of "python2-genshi-".
+(define-public python2-genshi
+ (package-with-python2 python-genshi))
+
+(define-public python-relatorio
+ (package
+ (name "python-relatorio")
+ (version "0.6.4")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (pypi-uri "relatorio" version))
+ (sha256
+ (base32
+ "0lincq79mzgazwd9gh41dybjh9c3n87r83pl8nk3j79aihyfk84z"))))
+ (build-system python-build-system)
+ (propagated-inputs
+ `(("python-lxml" ,python-lxml)
+ ("python-genshi" ,python-genshi)))
+ (home-page "https://relatorio.tryton.org/")
+ (synopsis "Templating library able to output ODT and PDF files")
+ (description "Relatorio is a templating library which provides a way to
+easily output ODT, ODS, PNG, SVG and several other kinds of files. Support
+for more filetypes can be easily added by creating plugins for them.")
+ (license license:gpl3+)))
+
+(define-public python2-relatorio
+ (package-with-python2 python-relatorio))
+
+(define-public python-radon
+ (package
+ (name "python-radon")
+ (version "1.5.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (pypi-uri "radon" version))
+ (sha256
+ (base32
+ "1h6jv36am0i827182a04ki6291lyx4kp957xfr5njgprj4nd0qsl"))))
+ (build-system python-build-system)
+ (propagated-inputs
+ `(("python-colorama" ,python-colorama)
+ ("python-flake8-polyfill" ,python-flake8-polyfill)
+ ("python-mando" ,python-mando-0.3.1)))
+ (native-inputs
+ `(("python-flake8" ,python-flake8)
+ ("python-tox" ,python-tox)
+ ("python-pytest" ,python-pytest)
+ ("python-paramunittest" ,python-paramunittest)))
+ (home-page "https://radon.readthedocs.org/")
+ (synopsis "Code Metrics in Python")
+ (description "Radon is a Python tool which computes various code metrics.
+Supported metrics are:
+@itemize @bullet
+@item raw metrics: SLOC, comment lines, blank lines, &c.
+@item Cyclomatic Complexity (i.e. McCabe’s Complexity)
+@item Halstead metrics (all of them)
+@item the Maintainability Index (a Visual Studio metric)
+@end itemize")
+ (license license:expat)))
+
+(define-public python2-radon
+ (package-with-python2 python-radon))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 2025a778ac..7f62b37690 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -484,13 +484,13 @@ security, and applying best practice development processes.")
(package
(name "python-acme")
;; Remember to update the hash of certbot when updating python-acme.
- (version "0.14.1")
+ (version "0.14.2")
(source (origin
(method url-fetch)
(uri (pypi-uri "acme" version))
(sha256
(base32
- "0asmkfkzbswnkrvbj5m01xgy4f6g1fjbj2nir1hhrn3ipcdrsv8f"))))
+ "1kbgpjabbly7r757vyr1050ixnm9hyvrbf9n6aq49cgmb147ysqn"))))
(build-system python-build-system)
(arguments
`(#:phases
@@ -549,7 +549,7 @@ security, and applying best practice development processes.")
(uri (pypi-uri name version))
(sha256
(base32
- "0rdby57hw35qdrbl7kigscphnz4kqb608bqzrcb73nb99092i6si"))))
+ "1b39hybswzm8mkarg1mwpx47wffqg57jcgi52mz5iz60rxym9j2v"))))
(build-system python-build-system)
(arguments
`(#:python ,python-2
diff --git a/gnu/packages/tryton.scm b/gnu/packages/tryton.scm
new file mode 100644
index 0000000000..c9e9e50f84
--- /dev/null
+++ b/gnu/packages/tryton.scm
@@ -0,0 +1,93 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages tryton)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (gnu packages)
+ #:use-module (gnu packages gtk)
+ #:use-module (gnu packages python)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix build-system python))
+
+(define-public trytond
+ (package
+ (name "trytond")
+ (version "4.4.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://downloads.tryton.org/4.4/trytond-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "15gm34qwj5fpnkqvrxzndl8653zbczhsa76dm1gi4cqj1r29bbpr"))))
+ (build-system python-build-system)
+ (inputs
+ `(("python-dateutil" ,python-dateutil)
+ ("python-genshi" ,python-genshi)
+ ("python-polib" ,python-polib)
+ ;; there's no python-mysql in Guix right now
+ ;; so python-psycopg2 (postgresql) only for now
+ ("python-psycopg2" ,python-psycopg2)
+ ("python-relatorio" ,python-relatorio)
+ ("python-lxml" ,python-lxml)
+ ("python-sql" ,python-sql)
+ ("python-werkzeug" ,python-werkzeug)
+ ("python-wrapt" ,python-wrapt)))
+ (native-inputs
+ `(("python-mock" ,python-mock)))
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-before 'check 'preparations
+ (lambda _
+ (setenv "DB_NAME" ":memory:"))))))
+ (home-page "https://www.tryton.org/")
+ (synopsis "Server component of Tryton")
+ (description "Tryton is a three-tier high-level general purpose
+application platform using PostgreSQL as its main database engine. It is the
+core base of a complete business solution providing modularity, scalability
+and security.")
+ (license license:gpl3+)))
+
+(define-public tryton
+ (package
+ (name "tryton")
+ (version "4.4.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://downloads.tryton.org/4.4/tryton-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "1lklcz5fs6rkrd7z2m2f5gz4fdwzkgnhg2hyvzp20kdsvi33bq2j"))))
+ (build-system python-build-system)
+ (inputs
+ `(("python2-chardet" ,python2-chardet)
+ ("python2-dateutil" ,python2-dateutil)
+ ("python2-pygtk" ,python2-pygtk)))
+ (arguments
+ `(#:python ,python-2))
+ (home-page "https://www.tryton.org/")
+ (synopsis "Client component of Tryton")
+ (description "This package is the client component of Tryton.")
+ (license license:gpl3+)))
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index 607ef2b0e7..cd53091ced 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -9,7 +9,7 @@
;;; Copyright © 2016 Al McElrath <hello@yrns.org>
;;; Copyright © 2016 Carlo Zancanaro <carlo@zancanaro.id.au>
;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.pramatique.xyz>
;;; Copyright © 2016 doncatnip <gnopap@gmail.com>
;;; Copyright © 2016 Ivan Vilata i Balaguer <ivan@selidor.net>
;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
@@ -675,3 +675,80 @@ all of them. Currently supported window managers include:
Keybinder works with GTK-based applications using the X Window System.")
(home-page "https://github.com/engla/keybinder")
(license license:gpl2+)))
+
+(define-public spectrwm
+ (package
+ (name "spectrwm")
+ (version "3.0.2")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (let ((version-with-underscores
+ (string-join (string-split version #\.) "_")))
+ (string-append "https://github.com/conformal/spectrwm/archive/"
+ "SPECTRWM_" version-with-underscores ".tar.gz")))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "065b7j8s0lxw3p58fyf3c1mr5203pdm0kww42v245rlx0f005kl2"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:make-flags (let ((pkg-config (lambda (flag)
+ (string-append
+ "$(shell pkg-config " flag " "
+ "xft fontconfig x11 libpng)"))))
+ (list
+ "CC=gcc"
+ (string-append "PREFIX=" %output)
+ (string-append "INCS=-I. " (pkg-config "--cflags"))
+ (string-append "LIBS=" (pkg-config "--libs") " -lm")))
+ #:tests? #f ;No test suite
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'build 'change-dir
+ (lambda _
+ (chdir "linux") #t))
+ (add-after 'change-dir 'patch-makefile
+ (lambda _
+ (substitute* "Makefile"
+ (("-g") ""))))
+ (add-after 'change-dir 'fix-freetype-include
+ (lambda _
+ (substitute* "Makefile"
+ (("/usr/include/freetype2")
+ (string-append (assoc-ref %build-inputs "freetype")
+ "/include/freetype2")))))
+ (delete 'configure)))) ;no 'configure' exists
+ (inputs
+ `(("freetype" ,freetype)
+ ("fontconfig" ,fontconfig)
+ ("libx11" ,libx11)
+ ("libxcursor" ,libxcursor)
+ ("libxrandr" ,libxrandr)
+ ("libxtst" ,libxtst)
+ ("libxft" ,libxft)
+ ("xcb-util" ,xcb-util)
+ ("xcb-util-wm" ,xcb-util-wm)
+ ("xcb-util-keysyms" ,xcb-util-keysyms)))
+ (native-inputs
+ `(("libxt" ,libxt)
+ ("pkg-config" ,pkg-config)))
+ (synopsis "Minimalistic automatic tiling window manager")
+ (description
+ "Spectrwm is a small dynamic tiling and reparenting window manager for X11.
+It is inspired by Xmonad and dwm. Its major features include:
+
+@itemize
+@item Navigation anywhere on all screens with either the keyboard or mouse
+@item Customizable status bar
+@item Restartable without losing state
+@item Quick launch menu
+@item Many screen layouts possible with a few simple key strokes
+@item Move/resize floating windows
+@item Extended Window Manager Hints (EWMH) support
+@item Configureable tiling
+@item Adjustable tile gap allows for a true one pixel border
+@item Customizable colors and border width
+@end itemize\n")
+ (home-page "https://github.com/conformal/spectrwm")
+ (license license:isc)))
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index ad919a6b28..a2230c4e93 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -682,6 +682,7 @@ compact configuration syntax.")
(method url-fetch)
(uri (string-append "http://dist.schmorp.de/rxvt-unicode/Attic/"
name "-" version ".tar.bz2"))
+ (patches (search-patches "rxvt-unicode-escape-sequences.patch"))
(sha256
(base32
"1pddjn5ynblwfrdmskylrsxb9vfnk3w4jdnq2l8xn2pspkljhip9"))))
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
new file mode 100644
index 0000000000..2ed7b9e22f
--- /dev/null
+++ b/gnu/services/dns.scm
@@ -0,0 +1,593 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services dns)
+ #:use-module (gnu services)
+ #:use-module (gnu services configuration)
+ #:use-module (gnu services shepherd)
+ #:use-module (gnu system shadow)
+ #:use-module (gnu packages admin)
+ #:use-module (gnu packages dns)
+ #:use-module (guix packages)
+ #:use-module (guix records)
+ #:use-module (guix gexp)
+ #:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-34)
+ #:use-module (srfi srfi-35)
+ #:use-module (ice-9 match)
+ #:use-module (ice-9 regex)
+ #:export (knot-service-type
+ knot-acl-configuration
+ knot-key-configuration
+ knot-keystore-configuration
+ knot-zone-configuration
+ knot-remote-configuration
+ knot-policy-configuration
+ knot-configuration
+ define-zone-entries
+ zone-file
+ zone-entry))
+
+;;;
+;;; Knot DNS.
+;;;
+
+(define-record-type* <knot-key-configuration>
+ knot-key-configuration make-knot-key-configuration
+ knot-key-configuration?
+ (id knot-key-configuration-id
+ (default ""))
+ (algorithm knot-key-configuration-algorithm
+ (default #f)); one of #f, or an algorithm name
+ (secret knot-key-configuration-secret
+ (default "")))
+
+(define-record-type* <knot-acl-configuration>
+ knot-acl-configuration make-knot-acl-configuration
+ knot-acl-configuration?
+ (id knot-acl-configuration-id
+ (default ""))
+ (address knot-acl-configuration-address
+ (default '()))
+ (key knot-acl-configuration-key
+ (default '()))
+ (action knot-acl-configuration-action
+ (default '()))
+ (deny? knot-acl-configuration-deny?
+ (default #f)))
+
+(define-record-type* <zone-entry>
+ zone-entry make-zone-entry
+ zone-entry?
+ (name zone-entry-name
+ (default "@"))
+ (ttl zone-entry-ttl
+ (default ""))
+ (class zone-entry-class
+ (default "IN"))
+ (type zone-entry-type
+ (default "A"))
+ (data zone-entry-data
+ (default "")))
+
+(define-record-type* <zone-file>
+ zone-file make-zone-file
+ zone-file?
+ (entries zone-file-entries
+ (default '()))
+ (origin zone-file-origin
+ (default ""))
+ (ns zone-file-ns
+ (default "ns"))
+ (mail zone-file-mail
+ (default "hostmaster"))
+ (serial zone-file-serial
+ (default 1))
+ (refresh zone-file-refresh
+ (default "2d"))
+ (retry zone-file-retry
+ (default "15m"))
+ (expiry zone-file-expiry
+ (default "2w"))
+ (nx zone-file-nx
+ (default "1h")))
+(define-record-type* <knot-keystore-configuration>
+ knot-keystore-configuration make-knot-keystore-configuration
+ knot-keystore-configuration?
+ (id knot-keystore-configuration-id
+ (default ""))
+ (backend knot-keystore-configuration-backend
+ (default 'pem))
+ (config knot-keystore-configuration-config
+ (default "/var/lib/knot/keys/keys")))
+
+(define-record-type* <knot-policy-configuration>
+ knot-policy-configuration make-knot-policy-configuration
+ knot-policy-configuration?
+ (id knot-policy-configuration-id
+ (default ""))
+ (keystore knot-policy-configuration-keystore
+ (default "default"))
+ (manual? knot-policy-configuration-manual?
+ (default #f))
+ (single-type-signing? knot-policy-configuration-single-type-signing?
+ (default #f))
+ (algorithm knot-policy-configuration-algorithm
+ (default "ecdsap256sha256"))
+ (ksk-size knot-policy-configuration-ksk-size
+ (default 256))
+ (zsk-size knot-policy-configuration-zsk-size
+ (default 256))
+ (dnskey-ttl knot-policy-configuration-dnskey-ttl
+ (default 'default))
+ (zsk-lifetime knot-policy-configuration-zsk-lifetime
+ (default "30d"))
+ (propagation-delay knot-policy-configuration-propagation-delay
+ (default "1d"))
+ (rrsig-lifetime knot-policy-configuration-rrsig-lifetime
+ (default "14d"))
+ (rrsig-refresh knot-policy-configuration-rrsig-refresh
+ (default "7d"))
+ (nsec3? knot-policy-configuration-nsec3?
+ (default #f))
+ (nsec3-iterations knot-policy-configuration-nsec3-iterations
+ (default 5))
+ (nsec3-salt-length knot-policy-configuration-nsec3-salt-length
+ (default 8))
+ (nsec3-salt-lifetime knot-policy-configuration-nsec3-salt-lifetime
+ (default "30d")))
+
+(define-record-type* <knot-zone-configuration>
+ knot-zone-configuration make-knot-zone-configuration
+ knot-zone-configuration?
+ (domain knot-zone-configuration-domain
+ (default ""))
+ (file knot-zone-configuration-file
+ (default "")) ; the file where this zone is saved.
+ (zone knot-zone-configuration-zone
+ (default (zone-file))) ; initial content of the zone file
+ (master knot-zone-configuration-master
+ (default '()))
+ (ddns-master knot-zone-configuration-ddns-master
+ (default #f))
+ (notify knot-zone-configuration-notify
+ (default '()))
+ (acl knot-zone-configuration-acl
+ (default '()))
+ (semantic-checks? knot-zone-configuration-semantic-checks?
+ (default #f))
+ (disable-any? knot-zone-configuration-disable-any?
+ (default #f))
+ (zonefile-sync knot-zone-configuration-zonefile-sync
+ (default 0))
+ (dnssec-policy knot-zone-configuration-dnssec-policy
+ (default #f))
+ (serial-policy knot-zone-configuration-serial-policy
+ (default 'increment)))
+
+(define-record-type* <knot-remote-configuration>
+ knot-remote-configuration make-knot-remote-configuration
+ knot-remote-configuration?
+ (id knot-remote-configuration-id
+ (default ""))
+ (address knot-remote-configuration-address
+ (default '()))
+ (via knot-remote-configuration-via
+ (default '()))
+ (key knot-remote-configuration-key
+ (default #f)))
+
+(define-record-type* <knot-configuration>
+ knot-configuration make-knot-configuration
+ knot-configuration?
+ (knot knot-configuration-knot
+ (default knot))
+ (run-directory knot-configuration-run-directory
+ (default "/var/run/knot"))
+ (listen-v4 knot-configuration-listen-v4
+ (default "0.0.0.0"))
+ (listen-v6 knot-configuration-listen-v6
+ (default "::"))
+ (listen-port knot-configuration-listen-port
+ (default 53))
+ (keys knot-configuration-keys
+ (default '()))
+ (keystores knot-configuration-keystores
+ (default '()))
+ (acls knot-configuration-acls
+ (default '()))
+ (remotes knot-configuration-remotes
+ (default '()))
+ (policies knot-configuration-policies
+ (default '()))
+ (zones knot-configuration-zones
+ (default '())))
+
+(define-syntax define-zone-entries
+ (syntax-rules ()
+ ((_ id (name ttl class type data) ...)
+ (define id (list (make-zone-entry name ttl class type data) ...)))))
+
+(define (error-out msg)
+ (raise (condition (&message (message msg)))))
+
+(define (verify-knot-key-configuration key)
+ (unless (knot-key-configuration? key)
+ (error-out "keys must be a list of only knot-key-configuration."))
+ (let ((id (knot-key-configuration-id key)))
+ (unless (and (string? id) (not (equal? id "")))
+ (error-out "key id must be a non empty string.")))
+ (unless (memq '(#f hmac-md5 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512)
+ (knot-key-configuration-algorithm key))
+ (error-out "algorithm must be one of: #f, 'hmac-md5, 'hmac-sha1,
+'hmac-sha224, 'hmac-sha256, 'hmac-sha384 or 'hmac-sha512")))
+
+(define (verify-knot-keystore-configuration keystore)
+ (unless (knot-keystore-configuration? keystore)
+ (error-out "keystores must be a list of only knot-keystore-configuration."))
+ (let ((id (knot-keystore-configuration-id keystore)))
+ (unless (and (string? id) (not (equal? id "")))
+ (error-out "keystore id must be a non empty string.")))
+ (unless (memq '(pem pkcs11)
+ (knot-keystore-configuration-backend keystore))
+ (error-out "backend must be one of: 'pem or 'pkcs11")))
+
+(define (verify-knot-policy-configuration policy)
+ (unless (knot-keystore-configuration? policy)
+ (error-out "policies must be a list of only knot-policy-configuration."))
+ (let ((id (knot-policy-configuration-id policy)))
+ (unless (and (string? id) (not (equal? id "")))
+ (error-out "policy id must be a non empty string."))))
+
+(define (verify-knot-acl-configuration acl)
+ (unless (knot-acl-configuration? acl)
+ (error-out "acls must be a list of only knot-acl-configuration."))
+ (let ((id (knot-acl-configuration-id acl))
+ (address (knot-acl-configuration-address acl))
+ (key (knot-acl-configuration-key acl))
+ (action (knot-acl-configuration-action acl)))
+ (unless (and (string? id) (not (equal? id "")))
+ (error-out "acl id must be a non empty string."))
+ (unless (and (list? address)
+ (fold (lambda (x1 x2) (and (string? x1) (string? x2))) "" address))
+ (error-out "acl address must be a list of strings.")))
+ (unless (boolean? (knot-acl-configuration-deny? acl))
+ (error-out "deny? must be #t or #f.")))
+
+(define (verify-knot-zone-configuration zone)
+ (unless (knot-zone-configuration? zone)
+ (error-out "zones must be a list of only knot-zone-configuration."))
+ (let ((domain (knot-zone-configuration-domain zone)))
+ (unless (and (string? domain) (not (equal? domain "")))
+ (error-out "zone domain must be a non empty string."))))
+
+(define (verify-knot-remote-configuration remote)
+ (unless (knot-remote-configuration? remote)
+ (error-out "remotes must be a list of only knot-remote-configuration."))
+ (let ((id (knot-remote-configuration-id remote)))
+ (unless (and (string? id) (not (equal? id "")))
+ (error-out "remote id must be a non empty string."))))
+
+(define (verify-knot-configuration config)
+ (unless (package? (knot-configuration-knot config))
+ (error-out "knot configuration field must be a package."))
+ (unless (string? (knot-configuration-run-directory config))
+ (error-out "run-directory must be a string."))
+ (unless (list? (knot-configuration-keys config))
+ (error-out "keys must be a list of knot-key-configuration."))
+ (for-each (lambda (key) (verify-knot-key-configuration key))
+ (knot-configuration-keys config))
+ (unless (list? (knot-configuration-keystores config))
+ (error-out "keystores must be a list of knot-keystore-configuration."))
+ (for-each (lambda (keystore) (verify-knot-keystore-configuration keystore))
+ (knot-configuration-keystores config))
+ (unless (list? (knot-configuration-acls config))
+ (error-out "acls must be a list of knot-acl-configuration."))
+ (for-each (lambda (acl) (verify-knot-acl-configuration acl))
+ (knot-configuration-acls config))
+ (unless (list? (knot-configuration-zones config))
+ (error-out "zones must be a list of knot-zone-configuration."))
+ (for-each (lambda (zone) (verify-knot-zone-configuration zone))
+ (knot-configuration-zones config))
+ (unless (list? (knot-configuration-policies config))
+ (error-out "policies must be a list of knot-policy-configuration."))
+ (for-each (lambda (policy) (verify-knot-policy-configuration policy))
+ (knot-configuration-policies config))
+ (unless (list? (knot-configuration-remotes config))
+ (error-out "remotes must be a list of knot-remote-configuration."))
+ (for-each (lambda (remote) (verify-knot-remote-configuration remote))
+ (knot-configuration-remotes config))
+ #t)
+
+(define (format-string-list l)
+ "Formats a list of string in YAML"
+ (if (eq? l '())
+ ""
+ (let ((l (reverse l)))
+ (string-append
+ "["
+ (fold (lambda (x1 x2)
+ (string-append (if (symbol? x1) (symbol->string x1) x1) ", "
+ (if (symbol? x2) (symbol->string x2) x2)))
+ (car l) (cdr l))
+ "]"))))
+
+(define (knot-acl-config acls)
+ (with-output-to-string
+ (lambda ()
+ (for-each
+ (lambda (acl-config)
+ (let ((id (knot-acl-configuration-id acl-config))
+ (address (knot-acl-configuration-address acl-config))
+ (key (knot-acl-configuration-key acl-config))
+ (action (knot-acl-configuration-action acl-config))
+ (deny? (knot-acl-configuration-deny? acl-config)))
+ (format #t " - id: ~a\n" id)
+ (unless (eq? address '())
+ (format #t " address: ~a\n" (format-string-list address)))
+ (unless (eq? key '())
+ (format #t " key: ~a\n" (format-string-list key)))
+ (unless (eq? action '())
+ (format #t " action: ~a\n" (format-string-list action)))
+ (format #t " deny: ~a\n" (if deny? "on" "off"))))
+ acls))))
+
+(define (knot-key-config keys)
+ (with-output-to-string
+ (lambda ()
+ (for-each
+ (lambda (key-config)
+ (let ((id (knot-key-configuration-id key-config))
+ (algorithm (knot-key-configuration-algorithm key-config))
+ (secret (knot-key-configuration-secret key-config)))
+ (format #t " - id: ~a\n" id)
+ (if algorithm
+ (format #t " algorithm: ~a\n" (symbol->string algorithm)))
+ (format #t " secret: ~a\n" secret)))
+ keys))))
+
+(define (knot-keystore-config keystores)
+ (with-output-to-string
+ (lambda ()
+ (for-each
+ (lambda (keystore-config)
+ (let ((id (knot-keystore-configuration-id keystore-config))
+ (backend (knot-keystore-configuration-backend keystore-config))
+ (config (knot-keystore-configuration-config keystore-config)))
+ (format #t " - id: ~a\n" id)
+ (format #t " backend: ~a\n" (symbol->string backend))
+ (format #t " config: \"~a\"\n" config)))
+ keystores))))
+
+(define (knot-policy-config policies)
+ (with-output-to-string
+ (lambda ()
+ (for-each
+ (lambda (policy-config)
+ (let ((id (knot-policy-configuration-id policy-config))
+ (keystore (knot-policy-configuration-keystore policy-config))
+ (manual? (knot-policy-configuration-manual? policy-config))
+ (single-type-signing? (knot-policy-configuration-single-type-signing?
+ policy-config))
+ (algorithm (knot-policy-configuration-algorithm policy-config))
+ (ksk-size (knot-policy-configuration-ksk-size policy-config))
+ (zsk-size (knot-policy-configuration-zsk-size policy-config))
+ (dnskey-ttl (knot-policy-configuration-dnskey-ttl policy-config))
+ (zsk-lifetime (knot-policy-configuration-zsk-lifetime policy-config))
+ (propagation-delay (knot-policy-configuration-propagation-delay
+ policy-config))
+ (rrsig-lifetime (knot-policy-configuration-rrsig-lifetime
+ policy-config))
+ (nsec3? (knot-policy-configuration-nsec3? policy-config))
+ (nsec3-iterations (knot-policy-configuration-nsec3-iterations
+ policy-config))
+ (nsec3-salt-length (knot-policy-configuration-nsec3-salt-length
+ policy-config))
+ (nsec3-salt-lifetime (knot-policy-configuration-nsec3-salt-lifetime
+ policy-config)))
+ (format #t " - id: ~a\n" id)
+ (format #t " keystore: ~a\n" keystore)
+ (format #t " manual: ~a\n" (if manual? "on" "off"))
+ (format #t " single-type-signing: ~a\n" (if single-type-signing?
+ "on" "off"))
+ (format #t " algorithm: ~a\n" algorithm)
+ (format #t " ksk-size: ~a\n" (number->string ksk-size))
+ (format #t " zsk-size: ~a\n" (number->string zsk-size))
+ (unless (eq? dnskey-ttl 'default)
+ (format #t " dnskey-ttl: ~a\n" dnskey-ttl))
+ (format #t " zsk-lifetime: ~a\n" zsk-lifetime)
+ (format #t " propagation-delay: ~a\n" propagation-delay)
+ (format #t " rrsig-lifetime: ~a\n" rrsig-lifetime)
+ (format #t " nsec3: ~a\n" (if nsec3? "on" "off"))
+ (format #t " nsec3-iterations: ~a\n"
+ (number->string nsec3-iterations))
+ (format #t " nsec3-salt-length: ~a\n"
+ (number->string nsec3-salt-length))
+ (format #t " nsec3-salt-lifetime: ~a\n" nsec3-salt-lifetime)))
+ policies))))
+
+(define (knot-remote-config remotes)
+ (with-output-to-string
+ (lambda ()
+ (for-each
+ (lambda (remote-config)
+ (let ((id (knot-remote-configuration-id remote-config))
+ (address (knot-remote-configuration-address remote-config))
+ (via (knot-remote-configuration-via remote-config))
+ (key (knot-remote-configuration-key remote-config)))
+ (format #t " - id: ~a\n" id)
+ (unless (eq? address '())
+ (format #t " address: ~a\n" (format-string-list address)))
+ (unless (eq? via '())
+ (format #t " via: ~a\n" (format-string-list via)))
+ (if key
+ (format #t " key: ~a\n" key))))
+ remotes))))
+
+(define (serialize-zone-entries entries)
+ (with-output-to-string
+ (lambda ()
+ (for-each
+ (lambda (entry)
+ (let ((name (zone-entry-name entry))
+ (ttl (zone-entry-ttl entry))
+ (class (zone-entry-class entry))
+ (type (zone-entry-type entry))
+ (data (zone-entry-data entry)))
+ (format #t "~a ~a ~a ~a ~a\n" name ttl class type data)))
+ entries))))
+
+(define (serialize-zone-file zone domain)
+ (computed-file (string-append domain ".zone")
+ #~(begin
+ (call-with-output-file #$output
+ (lambda (port)
+ (format port "$ORIGIN ~a.\n"
+ #$(zone-file-origin zone))
+ (format port "@ IN SOA ~a ~a (~a ~a ~a ~a ~a)\n"
+ #$(zone-file-ns zone)
+ #$(zone-file-mail zone)
+ #$(zone-file-serial zone)
+ #$(zone-file-refresh zone)
+ #$(zone-file-retry zone)
+ #$(zone-file-expiry zone)
+ #$(zone-file-nx zone))
+ (format port "~a\n"
+ #$(serialize-zone-entries (zone-file-entries zone))))))))
+
+(define (knot-zone-config zone)
+ (let ((content (knot-zone-configuration-zone zone)))
+ #~(with-output-to-string
+ (lambda ()
+ (let ((domain #$(knot-zone-configuration-domain zone))
+ (file #$(knot-zone-configuration-file zone))
+ (master (list #$@(knot-zone-configuration-master zone)))
+ (ddns-master #$(knot-zone-configuration-ddns-master zone))
+ (notify (list #$@(knot-zone-configuration-notify zone)))
+ (acl (list #$@(knot-zone-configuration-acl zone)))
+ (semantic-checks? #$(knot-zone-configuration-semantic-checks? zone))
+ (disable-any? #$(knot-zone-configuration-disable-any? zone))
+ (dnssec-policy #$(knot-zone-configuration-dnssec-policy zone))
+ (serial-policy '#$(knot-zone-configuration-serial-policy zone)))
+ (format #t " - domain: ~a\n" domain)
+ (if (eq? master '())
+ ;; This server is a master
+ (if (equal? file "")
+ (format #t " file: ~a\n"
+ #$(serialize-zone-file content
+ (knot-zone-configuration-domain zone)))
+ (format #t " file: ~a\n" file))
+ ;; This server is a slave (has masters)
+ (begin
+ (format #t " master: ~a\n"
+ #$(format-string-list
+ (knot-zone-configuration-master zone)))
+ (if ddns-master (format #t " ddns-master ~a\n" ddns-master))))
+ (unless (eq? notify '())
+ (format #t " notify: ~a\n"
+ #$(format-string-list
+ (knot-zone-configuration-notify zone))))
+ (unless (eq? acl '())
+ (format #t " acl: ~a\n"
+ #$(format-string-list
+ (knot-zone-configuration-acl zone))))
+ (format #t " semantic-checks: ~a\n" (if semantic-checks? "on" "off"))
+ (format #t " disable-any: ~a\n" (if disable-any? "on" "off"))
+ (if dnssec-policy
+ (begin
+ (format #t " dnssec-signing: on\n")
+ (format #t " dnssec-policy: ~a\n" dnssec-policy)))
+ (format #t " serial-policy: ~a\n"
+ (symbol->string serial-policy)))))))
+
+(define (knot-config-file config)
+ (verify-knot-configuration config)
+ (computed-file "knot.conf"
+ #~(begin
+ (call-with-output-file #$output
+ (lambda (port)
+ (format port "server:\n")
+ (format port " rundir: ~a\n" #$(knot-configuration-run-directory config))
+ (format port " user: knot\n")
+ (format port " listen: ~a@~a\n"
+ #$(knot-configuration-listen-v4 config)
+ #$(knot-configuration-listen-port config))
+ (format port " listen: ~a@~a\n"
+ #$(knot-configuration-listen-v6 config)
+ #$(knot-configuration-listen-port config))
+ (format port "\nkey:\n")
+ (format port #$(knot-key-config (knot-configuration-keys config)))
+ (format port "\nkeystore:\n")
+ (format port #$(knot-keystore-config (knot-configuration-keystores config)))
+ (format port "\nacl:\n")
+ (format port #$(knot-acl-config (knot-configuration-acls config)))
+ (format port "\nremote:\n")
+ (format port #$(knot-remote-config (knot-configuration-remotes config)))
+ (format port "\npolicy:\n")
+ (format port #$(knot-policy-config (knot-configuration-policies config)))
+ (unless #$(eq? (knot-configuration-zones config) '())
+ (format port "\nzone:\n")
+ (format port "~a\n"
+ (string-concatenate
+ (list #$@(map knot-zone-config
+ (knot-configuration-zones config)))))))))))
+
+(define %knot-accounts
+ (list (user-group (name "knot") (system? #t))
+ (user-account
+ (name "knot")
+ (group "knot")
+ (system? #t)
+ (comment "knot dns server user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define (knot-activation config)
+ #~(begin
+ (use-modules (guix build utils))
+ (define (mkdir-p/perms directory owner perms)
+ (mkdir-p directory)
+ (chown directory (passwd:uid owner) (passwd:gid owner))
+ (chmod directory perms))
+ (mkdir-p/perms #$(knot-configuration-run-directory config)
+ (getpwnam "knot") #o755)
+ (mkdir-p/perms "/var/lib/knot" (getpwnam "knot") #o755)
+ (mkdir-p/perms "/var/lib/knot/keys" (getpwnam "knot") #o755)
+ (mkdir-p/perms "/var/lib/knot/keys/keys" (getpwnam "knot") #o755)))
+
+(define (knot-shepherd-service config)
+ (let* ((config-file (knot-config-file config))
+ (knot (knot-configuration-knot config)))
+ (list (shepherd-service
+ (documentation "Run the Knot DNS daemon.")
+ (provision '(knot dns))
+ (requirement '(networking))
+ (start #~(make-forkexec-constructor
+ (list (string-append #$knot "/sbin/knotd")
+ "-c" #$config-file)))
+ (stop #~(make-kill-destructor))))))
+
+(define knot-service-type
+ (service-type (name 'knot)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ knot-shepherd-service)
+ (service-extension activation-service-type
+ knot-activation)
+ (service-extension account-service-type
+ (const %knot-accounts))))))
diff --git a/guix/build-system/font.scm b/guix/build-system/font.scm
new file mode 100644
index 0000000000..f448c302c2
--- /dev/null
+++ b/guix/build-system/font.scm
@@ -0,0 +1,130 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix build-system font)
+ #:use-module (guix utils)
+ #:use-module (guix packages)
+ #:use-module (guix derivations)
+ #:use-module (guix search-paths)
+ #:use-module (guix build-system)
+ #:use-module (guix build-system gnu)
+ #:use-module (ice-9 match)
+ #:export (%font-build-system-modules
+ font-build
+ font-build-system))
+
+;; Commentary:
+;;
+;; Standard build procedure for fonts. This is implemented as an extension of
+;; 'gnu-build-system'.
+;;
+;; Code:
+
+(define %font-build-system-modules
+ ;; Build-side modules imported by default.
+ `((guix build font-build-system)
+ ,@%gnu-build-system-modules))
+
+(define* (lower name
+ #:key source inputs native-inputs outputs system target
+ #:allow-other-keys
+ #:rest arguments)
+ "Return a bag for NAME."
+ (define private-keywords
+ '(#:target #:inputs #:native-inputs))
+
+ (bag
+ (name name)
+ (system system)
+ (host-inputs `(,@(if source
+ `(("source" ,source))
+ '())
+ ,@inputs
+ ,(list "tar" (module-ref (resolve-interface '(gnu packages base)) 'tar))
+ ,(list "unzip" (module-ref (resolve-interface '(gnu packages zip)) 'unzip))
+ ,@(let ((compression (resolve-interface '(gnu packages compression))))
+ (map (match-lambda
+ ((name package)
+ (list name (module-ref compression package))))
+ `(("gzip" gzip)
+ ("bzip2" bzip2)
+ ("xz" xz))))))
+ (build-inputs native-inputs)
+ (outputs outputs)
+ (build font-build)
+ (arguments (strip-keyword-arguments private-keywords arguments))))
+
+(define* (font-build store name inputs
+ #:key source
+ (tests? #t)
+ (test-target "test")
+ (configure-flags ''())
+ (phases '(@ (guix build font-build-system)
+ %standard-phases))
+ (outputs '("out"))
+ (search-paths '())
+ (system (%current-system))
+ (guile #f)
+ (imported-modules %font-build-system-modules)
+ (modules '((guix build font-build-system)
+ (guix build utils))))
+ "Build SOURCE with INPUTS."
+ (define builder
+ `(begin
+ (use-modules ,@modules)
+ (font-build #:name ,name
+ #:source ,(match (assoc-ref inputs "source")
+ (((? derivation? source))
+ (derivation->output-path source))
+ ((source)
+ source)
+ (source
+ source))
+ #:configure-flags ,configure-flags
+ #:system ,system
+ #:test-target ,test-target
+ #:tests? ,tests?
+ #:phases ,phases
+ #:outputs %outputs
+ #:search-paths ',(map search-path-specification->sexp
+ search-paths)
+ #:inputs %build-inputs)))
+
+ (define guile-for-build
+ (match guile
+ ((? package?)
+ (package-derivation store guile system #:graft? #f))
+ (#f ; the default
+ (let* ((distro (resolve-interface '(gnu packages commencement)))
+ (guile (module-ref distro 'guile-final)))
+ (package-derivation store guile system #:graft? #f)))))
+
+ (build-expression->derivation store name builder
+ #:inputs inputs
+ #:system system
+ #:modules imported-modules
+ #:outputs outputs
+ #:guile-for-build guile-for-build))
+
+(define font-build-system
+ (build-system
+ (name 'font)
+ (description "The build system for font packages")
+ (lower lower)))
+
+;;; font.scm ends here
diff --git a/guix/build/font-build-system.scm b/guix/build/font-build-system.scm
new file mode 100644
index 0000000000..cca1e93f0f
--- /dev/null
+++ b/guix/build/font-build-system.scm
@@ -0,0 +1,71 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (guix build font-build-system)
+ #:use-module ((guix build gnu-build-system) #:prefix gnu:)
+ #:use-module (guix build utils)
+ #:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-26)
+ #:export (%standard-phases
+ font-build))
+
+;; Commentary:
+;;
+;; Builder-side code of the build procedure for font packages.
+;;
+;; Code:
+
+(define gnu:unpack (assoc-ref gnu:%standard-phases 'unpack))
+
+(define* (unpack #:key source #:allow-other-keys)
+ "Unpack SOURCE into the build directory. SOURCE may be a compressed
+archive, or a font file."
+ (if (any (cut string-suffix? <> source)
+ (list ".ttf" ".otf"))
+ (begin
+ (mkdir "source")
+ (chdir "source")
+ (copy-file source (strip-store-file-name source))
+ #t)
+ (gnu:unpack #:source source)))
+
+(define* (install #:key outputs #:allow-other-keys)
+ "Install the package contents."
+ (let* ((out (assoc-ref outputs "out"))
+ (source (getcwd))
+ (fonts (string-append out "/share/fonts")))
+ (for-each (cut install-file <> (string-append fonts "/truetype"))
+ (find-files source "\\.ttf$"))
+ (for-each (cut install-file <> (string-append fonts "/opentype"))
+ (find-files source "\\.otf$"))
+ #t))
+
+(define %standard-phases
+ (modify-phases gnu:%standard-phases
+ (replace 'unpack unpack)
+ (delete 'configure)
+ (delete 'check)
+ (delete 'build)
+ (replace 'install install)))
+
+(define* (font-build #:key inputs (phases %standard-phases)
+ #:allow-other-keys #:rest args)
+ "Build the given font package, applying all of PHASES in order."
+ (apply gnu:gnu-build #:inputs inputs #:phases phases args))
+
+;;; font-build-system.scm ends here
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 0529c228a5..52439afd44 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -69,6 +69,9 @@
pivot-root
fcntl-flock
+ set-thread-name
+ thread-name
+
CLONE_CHILD_CLEARTID
CLONE_CHILD_SETTID
CLONE_NEWNS
@@ -884,6 +887,52 @@ exception if it's already taken."
;;;
+;;; Miscellaneous, aka. 'prctl'.
+;;;
+
+(define %prctl
+ ;; Should it win the API contest against 'ioctl'? You tell us!
+ (syscall->procedure int "prctl"
+ (list int unsigned-long unsigned-long
+ unsigned-long unsigned-long)))
+
+(define PR_SET_NAME 15) ;<linux/prctl.h>
+(define PR_GET_NAME 16)
+
+(define %max-thread-name-length
+ ;; Maximum length in bytes of the process name, including the terminating
+ ;; zero.
+ 16)
+
+(define (set-thread-name name)
+ "Set the name of the calling thread to NAME. NAME is truncated to 15
+bytes."
+ (let ((ptr (string->pointer name)))
+ (let-values (((ret err)
+ (%prctl PR_SET_NAME
+ (pointer-address ptr) 0 0 0)))
+ (unless (zero? ret)
+ (throw 'set-process-name "set-process-name"
+ "set-process-name: ~A"
+ (list (strerror err))
+ (list err))))))
+
+(define (thread-name)
+ "Return the name of the calling thread as a string."
+ (let ((buf (make-bytevector %max-thread-name-length)))
+ (let-values (((ret err)
+ (%prctl PR_GET_NAME
+ (pointer-address (bytevector->pointer buf))
+ 0 0 0)))
+ (if (zero? ret)
+ (bytes->string (bytevector->u8-list buf))
+ (throw 'process-name "process-name"
+ "process-name: ~A"
+ (list (strerror err))
+ (list err))))))
+
+
+;;;
;;; Network interfaces.
;;;
diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm
index 74c0c5484c..77b340cff6 100644
--- a/guix/scripts/offload.scm
+++ b/guix/scripts/offload.scm
@@ -34,7 +34,8 @@
#:select (nar-error? nar-error-file))
#:use-module (guix nar)
#:use-module (guix utils)
- #:use-module ((guix build syscalls) #:select (fcntl-flock))
+ #:use-module ((guix build syscalls)
+ #:select (fcntl-flock set-thread-name))
#:use-module ((guix build utils) #:select (which mkdir-p))
#:use-module (guix ui)
#:use-module (srfi srfi-1)
@@ -641,6 +642,7 @@ machine."
(let ((max-silent-time (string->number max-silent-time))
(build-timeout (string->number build-timeout))
(print-build-trace? (string=? print-build-trace? "1")))
+ (set-thread-name "guix offload")
(parameterize ((%current-system system))
(let loop ((line (read-line)))
(unless (eof-object? line)
diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index c306b809a7..c49c0c3e20 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -58,6 +58,7 @@
#:select (with-atomic-file-output compressed-file?))
#:use-module ((guix build utils)
#:select (dump-port mkdir-p find-files))
+ #:use-module ((guix build syscalls) #:select (set-thread-name))
#:export (%public-key
%private-key
@@ -649,6 +650,7 @@ blocking."
;; thread so that the main thread can keep working in the meantime.
(call-with-new-thread
(lambda ()
+ (set-thread-name "publish nar")
(let* ((response (write-response (sans-content-length response)
client))
(port (begin
@@ -670,6 +672,7 @@ blocking."
;; Send a raw file in a separate thread.
(call-with-new-thread
(lambda ()
+ (set-thread-name "publish file")
(catch 'system-error
(lambda ()
(call-with-input-file (utf8->string body)
@@ -858,10 +861,16 @@ consider using the '--user' option!~%")))
(sockaddr:port address))
(when repl-port
(repl:spawn-server (repl:make-tcp-server-socket #:port repl-port)))
+
+ ;; Set the name of the main thread.
+ (set-thread-name "guix publish")
+
(with-store store
(run-publish-server socket store
#:cache cache
- #:pool (and cache (make-pool workers))
+ #:pool (and cache (make-pool workers
+ #:thread-name
+ "publish worker"))
#:nar-path nar-path
#:compression compression
#:narinfo-ttl ttl))))))
diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm
index 73d4f6e2eb..4ee15ba67d 100755
--- a/guix/scripts/substitute.scm
+++ b/guix/scripts/substitute.scm
@@ -39,6 +39,8 @@
. guix:open-connection-for-uri)
close-connection
store-path-abbreviation byte-count->string))
+ #:use-module ((guix build syscalls)
+ #:select (set-thread-name))
#:use-module (ice-9 rdelim)
#:use-module (ice-9 regex)
#:use-module (ice-9 match)
@@ -1015,6 +1017,8 @@ default value."
(#f #f)
(locale (false-if-exception (setlocale LC_ALL locale))))
+ (set-thread-name "guix substitute")
+
(with-networking
(with-error-handling ; for signature errors
(match args
diff --git a/guix/workers.scm b/guix/workers.scm
index e3452d249a..846f5e50a9 100644
--- a/guix/workers.scm
+++ b/guix/workers.scm
@@ -23,6 +23,7 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-26)
+ #:use-module ((guix build syscalls) #:select (set-thread-name))
#:export (pool?
make-pool
pool-enqueue!
@@ -60,7 +61,8 @@
(lambda ()
(lock-mutex mutex))))
-(define (worker-thunk mutex condvar pop-queue)
+(define* (worker-thunk mutex condvar pop-queue
+ #:key (thread-name "guix worker"))
"Return the thunk executed by worker threads."
(define (loop)
(match (pop-queue)
@@ -80,11 +82,18 @@
(loop))
(lambda ()
+ (catch 'system-error
+ (lambda ()
+ (set-thread-name thread-name))
+ (const #f))
+
(with-mutex mutex
(loop))))
-(define* (make-pool #:optional (count (current-processor-count)))
- "Return a pool of COUNT workers."
+(define* (make-pool #:optional (count (current-processor-count))
+ #:key (thread-name "guix worker"))
+ "Return a pool of COUNT workers. Use THREAD-NAME as the name of these
+threads as reported by the operating system."
(let* ((mutex (make-mutex))
(condvar (make-condition-variable))
(queue (make-q))
@@ -93,7 +102,8 @@
(worker-thunk mutex condvar
(lambda ()
(and (not (q-empty? queue))
- (q-pop! queue)))))
+ (q-pop! queue)))
+ #:thread-name thread-name))
1+
0))
(threads (map (lambda (proc)
diff --git a/tests/syscalls.scm b/tests/syscalls.scm
index 8db45b41b6..e20f0600bc 100644
--- a/tests/syscalls.scm
+++ b/tests/syscalls.scm
@@ -266,6 +266,14 @@
(close-port file)
result)))))))))
+(test-equal "set-thread-name"
+ "Syscall Test"
+ (let ((name (thread-name)))
+ (set-thread-name "Syscall Test")
+ (let ((new-name (thread-name)))
+ (set-thread-name name)
+ new-name)))
+
(test-assert "all-network-interface-names"
(match (all-network-interface-names)
(((? string? names) ..1)