diff options
Diffstat (limited to 'gnu/packages')
62 files changed, 1071 insertions, 2554 deletions
diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm index de7f1f6d15..21ed0e6179 100644 --- a/gnu/packages/autotools.scm +++ b/gnu/packages/autotools.scm @@ -218,7 +218,8 @@ output is indexed in many ways to simplify browsing.") "0dl6vfi2lzz8alnklwxzfz624b95hb1ipjvd3mk177flmddcf24r")) (patches (search-patches "automake-regexp-syntax.patch" - "automake-skip-amhello-tests.patch")))) + "automake-skip-amhello-tests.patch" + "automake-test-gzip-warning.patch")))) (build-system gnu-build-system) (native-inputs `(("autoconf" ,(autoconf-wrapper)) diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index cb47ef36cb..a0ff535dfe 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -136,8 +136,7 @@ backups (called chunks) to allow easy burning to CD/DVD.") (define-public libarchive (package (name "libarchive") - (replacement libarchive/fixed) - (version "3.1.2") + (version "3.2.0") (source (origin (method url-fetch) @@ -145,12 +144,7 @@ backups (called chunks) to allow easy burning to CD/DVD.") version ".tar.gz")) (sha256 (base32 - "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb")) - (patches - (search-patches "libarchive-mtree-filename-length-fix.patch" - "libarchive-fix-lzo-test-case.patch" - "libarchive-CVE-2013-0211.patch" - "libarchive-bsdtar-test.patch")))) + "11xabdpmvdmcdkidigmqh4ymhra95lr7ipcys4hdq0gzf7ylbkkv")))) (build-system gnu-build-system) ;; TODO: Add -L/path/to/nettle in libarchive.pc. (inputs @@ -194,14 +188,6 @@ archive. In particular, note that there is currently no built-in support for random access nor for in-place modification.") (license license:bsd-2))) -(define libarchive/fixed - (package - (inherit libarchive) - (source (origin - (inherit (package-source libarchive)) - (patches (cons (search-patch "libarchive-CVE-2016-1541.patch") - (origin-patches (package-source libarchive)))))))) - (define-public rdup (package (name "rdup") diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index b5e229e06c..422424cbe8 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -44,7 +44,9 @@ #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix build-system gnu) - #:use-module (guix build-system trivial)) + #:use-module (guix build-system trivial) + #:use-module (ice-9 match) + #:export (glibc)) ;;; Commentary: ;;; @@ -75,14 +77,14 @@ command-line arguments, multiple languages, and so on.") (define-public grep (package (name "grep") - (version "2.22") + (version "2.25") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/grep/grep-" version ".tar.xz")) (sha256 (base32 - "1srn321x7whlhs5ks36zlcrrmj4iahll8fxwsh1vbz3v04px54fa")) + "0c38b67cnwchwzv4wq2gpz6smkhdxrac2hhssv8f0l04qnx867p2")) (patches (search-patches "grep-timing-sensitive-test.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) ;some of the tests require it @@ -137,17 +139,34 @@ implementation offers several extensions over the standard utility.") (define-public tar (package (name "tar") - (version "1.28") + (version "1.29") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/tar/tar-" version ".tar.xz")) (sha256 (base32 - "1wi2zwm4c9r3h3b8y4w0nm0qq897kn8kyj9k22ba0iqvxj48vvk4")) - (patches (search-patches "tar-d_ino_in_dirent-fix.patch" - "tar-skip-unreliable-tests.patch")))) + "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0")) + (patches (search-patches "tar-skip-unreliable-tests.patch")))) (build-system gnu-build-system) + ;; Note: test suite requires ~1GiB of disk space. + (arguments + '(#:phases (modify-phases %standard-phases + (add-before 'build 'set-shell-file-name + (lambda* (#:key inputs #:allow-other-keys) + ;; Do not use "/bin/sh" to run programs. + (let ((bash (assoc-ref inputs "bash"))) + (substitute* "src/system.c" + (("/bin/sh") + (string-append bash "/bin/sh"))) + #t)))))) + + ;; When cross-compiling, the 'set-shell-file-name' phase needs to be able + ;; to refer to the target Bash. + (inputs (if (%current-target-system) + `(("bash" ,bash)) + '())) + (synopsis "Managing tar archives") (description "Tar provides the ability to create tar archives, as well as the @@ -243,23 +262,14 @@ used to apply commands with arbitrarily long arguments.") (define-public coreutils (package (name "coreutils") - (version "8.24") + (version "8.25") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/coreutils/coreutils-" version ".tar.xz")) (sha256 (base32 - "0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2")) - (patches - (list (origin - (method url-fetch) - (uri "http://git.savannah.gnu.org/cgit/coreutils.git/\ -patch/?id=3ba68f9e64fa2eb8af22d510437a0c6441feb5e0") - (sha256 - (base32 - "1dnlszhc8lihhg801i9sz896mlrgfsjfcz62636prb27k5hmixqz")) - (file-name "coreutils-tail-inotify-race.patch")))))) + "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii")))) (build-system gnu-build-system) (inputs `(("acl" ,acl) ; TODO: add SELinux ("gmp" ,gmp) ;bignums in 'expr', yay! @@ -315,14 +325,14 @@ functionality beyond that which is outlined in the POSIX standard.") (define-public gnu-make (package (name "make") - (version "4.1") + (version "4.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/make/make-" version ".tar.bz2")) (sha256 (base32 - "19gwwhik3wdwn0r42b7xcihkbxvjl9r2bdal8nifc3k5i4rn3iqb")) + "0pv5rvz5pp4njxiz3syf786d2xp4j7gzddwjvgw5zmz55yvf6p2f")) (patches (search-patches "make-impure-dirs.patch")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) ; to detect Guile @@ -463,17 +473,17 @@ store.") (export make-ld-wrapper) -(define-public glibc +(define-public glibc/linux (package (name "glibc") - (version "2.22") + (version "2.23") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb")) + "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl")) (snippet ;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is ;; required on LFS distros to avoid loading the distro's libc.so @@ -482,17 +492,14 @@ store.") (("use_ldconfig=yes") "use_ldconfig=no"))) (modules '((guix build utils))) - (patches - (search-patches "glibc-ldd-x86_64.patch" - "glibc-locale-incompatibility.patch" - "glibc-versioned-locpath.patch" - "glibc-o-largefile.patch" - "glibc-CVE-2015-7547.patch")))) + (patches (search-patches "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch")))) (build-system gnu-build-system) ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc ;; users should automatically pull Linux headers as well. - (propagated-inputs `(("linux-headers" ,linux-libre-headers))) + (propagated-inputs `(("kernel-headers" ,linux-libre-headers))) (outputs '("out" "debug")) @@ -504,7 +511,7 @@ store.") #:parallel-build? #f ;; The libraries have an empty RUNPATH, but some, such as the versioned - ;; libraries (libdl-2.22.so, etc.) have ld.so marked as NEEDED. Since + ;; libraries (libdl-2.23.so, etc.) have ld.so marked as NEEDED. Since ;; these libraries are always going to be found anyway, just skip ;; RUNPATH checks. #:validate-runpath? #f @@ -535,7 +542,7 @@ store.") (assoc-ref ,(if (%current-target-system) '%build-target-inputs '%build-inputs) - "linux-headers") + "kernel-headers") "/include") ;; This is the default for most architectures as of GNU libc 2.21, @@ -549,7 +556,7 @@ store.") "/bin/bash") ;; XXX: Work around "undefined reference to `__stack_chk_guard'". - "libc_cv_ssp=no") + "libc_cv_ssp=no" "libc_cv_ssp_strong=no") #:tests? #f ; XXX #:phases (modify-phases %standard-phases @@ -563,10 +570,6 @@ store.") ;; but cross-base uses it as a native input. (bash (or (assoc-ref inputs "static-bash") (assoc-ref native-inputs "static-bash")))) - ;; Use `pwd', not `/bin/pwd'. - (substitute* "configure" - (("/bin/pwd") "pwd")) - ;; Install the rpc data base file under `$out/etc/rpc'. ;; FIXME: Use installFlags = [ "sysconfdir=$(out)/etc" ]; (substitute* "sunrpc/Makefile" @@ -647,6 +650,75 @@ with the Linux kernel.") (license lgpl2.0+) (home-page "http://www.gnu.org/software/libc/"))) +(define-public glibc/hurd + ;; The Hurd's libc variant. + (package (inherit glibc/linux) + (name "glibc-hurd") + (version "2.19") + (source (origin + (method url-fetch) + (uri (string-append "http://alpha.gnu.org/gnu/hurd/glibc-" + version "-hurd+libpthread-20160518" ".tar.gz")) + (sha256 + (base32 + "12zmdjviybpsdb2kq4cg98rds7909f0cc96fzdahdfrzlxx1q0px")))) + + ;; Libc provides <hurd.h>, which includes a bunch of Hurd and Mach headers, + ;; so both should be propagated. + (propagated-inputs `(("hurd-core-headers" ,hurd-core-headers))) + (native-inputs + `(,@(package-native-inputs glibc/linux) + ("mig" ,mig) + ("perl" ,perl))) + + (arguments + (substitute-keyword-arguments (package-arguments glibc/linux) + ((#:phases original-phases) + ;; Add libmachuser.so and libhurduser.so to libc.so's search path. + ;; See <http://lists.gnu.org/archive/html/bug-hurd/2015-07/msg00051.html>. + `(alist-cons-after + 'install 'augment-libc.so + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out"))) + (substitute* (string-append out "/lib/libc.so") + (("/[^ ]+/lib/libc.so.0.3") + (string-append out "/lib/libc.so.0.3" " libmachuser.so" " libhurduser.so")))) + #t) + (alist-cons-after + 'pre-configure 'pre-configure-set-pwd + (lambda _ + ;; Use the right 'pwd'. + (substitute* "configure" + (("/bin/pwd") "pwd"))) + ,original-phases))) + ((#:configure-flags original-configure-flags) + `(append (list "--host=i586-pc-gnu" + + ;; We need this to get a working openpty() function. + "--enable-pt_chown" + + ;; nscd fails to build for GNU/Hurd: + ;; <https://lists.gnu.org/archive/html/bug-hurd/2014-07/msg00006.html>. + ;; Disable it. + "--disable-nscd") + (filter (lambda (flag) + (not (string-prefix? "--enable-kernel=" flag))) + ,original-configure-flags))))) + (synopsis "The GNU C Library (GNU Hurd variant)") + (supported-systems %hurd-systems))) + +(define* (glibc-for-target #:optional + (target (or (%current-target-system) + (%current-system)))) + "Return the glibc for TARGET, GLIBC/LINUX for a Linux host or +GLIBC/HURD for a Hurd host" + (match target + ((or "i586-pc-gnu" "i586-gnu") glibc/hurd) + (_ glibc/linux))) + +(define-syntax glibc + (identifier-syntax (glibc-for-target))) + (define-public glibc-2.21 ;; The old libc, which we use mostly to build locale data in the old format ;; (which the new libc can cope with.) @@ -766,73 +838,6 @@ variety of options. It is an alternative to the shell \"type\" built-in command.") (license gpl3+))) ; some files are under GPLv2+ -(define-public glibc/hurd - ;; The Hurd's libc variant. - (package (inherit glibc) - (name "glibc-hurd") - (version "2.18") - (source (origin - (method git-fetch) - (uri (git-reference - (url "git://git.sv.gnu.org/hurd/glibc") - (commit "cc94b3cfe65523f980359e5f0e93a26196bda1d3"))) - (sha256 - (base32 - "17gsh0kaz0zyvghjmx861mi2p65m9901lngi179x61zm6v2v3xc4")) - (file-name (string-append name "-" version)) - (patches (search-patches "glibc-hurd-extern-inline.patch")))) - - ;; Libc provides <hurd.h>, which includes a bunch of Hurd and Mach headers, - ;; so both should be propagated. - (propagated-inputs `(("gnumach-headers" ,gnumach-headers) - ("hurd-headers" ,hurd-headers) - ("hurd-minimal" ,hurd-minimal))) - (native-inputs - `(,@(package-native-inputs glibc) - ("patch/libpthread-patch" ,(search-patch "libpthread-glibc-preparation.patch")) - ("mig" ,mig) - ("perl" ,perl) - ("libpthread" ,(origin - (method git-fetch) - (uri (git-reference - (url "git://git.sv.gnu.org/hurd/libpthread") - (commit "0ef7b75c4ba91b6660f0d3d8b51d14d25e3d5bfb"))) - (sha256 - (base32 - "031py18fls15z0wprni33mf762kg6fx8xqijppimhp83yp6ky3l3")) - (file-name "libpthread"))))) - - (arguments - (substitute-keyword-arguments (package-arguments glibc) - ((#:configure-flags original-configure-flags) - `(append (list "--host=i686-pc-gnu" - - ;; nscd fails to build for GNU/Hurd: - ;; <https://lists.gnu.org/archive/html/bug-hurd/2014-07/msg00006.html>. - ;; Disable it. - "--disable-nscd") - (filter (lambda (flag) - (not (or (string-prefix? "--with-headers=" flag) - (string-prefix? "--enable-kernel=" flag)))) - ;; Evaluate 'original-configure-flags' in a - ;; lexical environment that has a dummy - ;; "linux-headers" input, to prevent errors. - (let ((%build-inputs `(("linux-headers" . "@DUMMY@") - ,@%build-inputs))) - ,original-configure-flags)))) - ((#:phases phases) - `(alist-cons-after - 'unpack 'prepare-libpthread - (lambda* (#:key inputs #:allow-other-keys) - (copy-recursively (assoc-ref inputs "libpthread") "libpthread") - - (system* "patch" "--force" "-p1" "-i" - (assoc-ref inputs "patch/libpthread-patch")) - #t) - ,phases)))) - (synopsis "The GNU C Library (GNU Hurd variant)") - (supported-systems %hurd-systems))) - (define-public glibc/hurd-headers (package (inherit glibc/hurd) (name "glibc-hurd-headers") @@ -844,7 +849,7 @@ command.") ;; We just pass the flags really needed to build the headers. ((#:configure-flags _) `(list "--enable-add-ons" - "--host=i686-pc-gnu" + "--host=i586-pc-gnu" "--enable-obsolete-rpc")) ((#:phases _) '(alist-replace diff --git a/gnu/packages/boost.scm b/gnu/packages/boost.scm index 0a644e8940..882f9cc7c0 100644 --- a/gnu/packages/boost.scm +++ b/gnu/packages/boost.scm @@ -51,50 +51,50 @@ ("python" ,python-2) ("tcsh" ,tcsh))) (arguments - (let ((build-flags - `("threading=multi" "link=shared" + `(#:tests? #f + #:make-flags + (list "threading=multi" "link=shared" - ;; Set the RUNPATH to $libdir so that the libs find each other. - (string-append "linkflags=-Wl,-rpath=" - (assoc-ref outputs "out") "/lib") + ;; Set the RUNPATH to $libdir so that the libs find each other. + (string-append "linkflags=-Wl,-rpath=" + (assoc-ref %outputs "out") "/lib") - ;; Boost's 'context' library is not yet supported on mips64, so - ;; we disable it. The 'coroutine' library depends on 'context', - ;; so we disable that too. - ,@(if (string-prefix? "mips64" (or (%current-target-system) - (%current-system))) - '("--without-context" - "--without-coroutine" "--without-coroutine2") - '())))) - `(#:tests? #f - #:phases - (modify-phases %standard-phases - (replace - 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (substitute* '("libs/config/configure" - "libs/spirit/classic/phoenix/test/runtest.sh" - "tools/build/doc/bjam.qbk" - "tools/build/src/engine/execunix.c" - "tools/build/src/engine/Jambase" - "tools/build/src/engine/jambase.c") - (("/bin/sh") (which "sh"))) + ;; Boost's 'context' library is not yet supported on mips64, so + ;; we disable it. The 'coroutine' library depends on 'context', + ;; so we disable that too. + ,@(if (string-prefix? "mips64" (or (%current-target-system) + (%current-system))) + '("--without-context" + "--without-coroutine" "--without-coroutine2") + '())) + #:phases + (modify-phases %standard-phases + (replace + 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (substitute* '("libs/config/configure" + "libs/spirit/classic/phoenix/test/runtest.sh" + "tools/build/doc/bjam.qbk" + "tools/build/src/engine/execunix.c" + "tools/build/src/engine/Jambase" + "tools/build/src/engine/jambase.c") + (("/bin/sh") (which "sh"))) - (setenv "SHELL" (which "sh")) - (setenv "CONFIG_SHELL" (which "sh")) + (setenv "SHELL" (which "sh")) + (setenv "CONFIG_SHELL" (which "sh")) - (zero? (system* "./bootstrap.sh" - (string-append "--prefix=" out) - "--with-toolset=gcc"))))) - (replace - 'build - (lambda* (#:key outputs #:allow-other-keys) - (zero? (system* "./b2" ,@build-flags)))) - (replace - 'install - (lambda* (#:key outputs #:allow-other-keys) - (zero? (system* "./b2" "install" ,@build-flags)))))))) + (zero? (system* "./bootstrap.sh" + (string-append "--prefix=" out) + "--with-toolset=gcc"))))) + (replace + 'build + (lambda* (#:key outputs make-flags #:allow-other-keys) + (zero? (apply system* "./b2" make-flags)))) + (replace + 'install + (lambda* (#:key outputs make-flags #:allow-other-keys) + (zero? (apply system* "./b2" "install" make-flags))))))) (home-page "http://boost.org") (synopsis "Peer-reviewed portable C++ source libraries") diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm index 6a4eba99ef..f47a343ca6 100644 --- a/gnu/packages/bootstrap.scm +++ b/gnu/packages/bootstrap.scm @@ -62,7 +62,7 @@ (define (boot fetch) (lambda* (url hash-algo hash #:optional name #:key system) - (fetch url hash-algo hash + (fetch url hash-algo hash name #:guile %bootstrap-guile #:system system))) diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm index cecc026479..95c80438e9 100644 --- a/gnu/packages/check.scm +++ b/gnu/packages/check.scm @@ -37,15 +37,15 @@ (define-public check (package (name "check") - (version "0.9.14") + (version "0.10.0") (source (origin (method url-fetch) - (uri (string-append "mirror://sourceforge/check/check/" - version "/check-" version ".tar.gz")) + (uri (string-append "https://github.com/libcheck/check/files/71408/" + "/check-" version ".tar.gz")) (sha256 (base32 - "02l4g79d81s07hzywcv1knwj5dyrwjiq2pgxaz7kidxi8m364wn2")))) + "0lhhywf5nxl3dd0hdakra3aasl590756c9kmvyifb3vgm9k0gxgm")))) (build-system gnu-build-system) (home-page "https://libcheck.github.io/check/") (synopsis "Unit test framework for C") diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm index 1cb1e06993..cac059ec37 100644 --- a/gnu/packages/cmake.scm +++ b/gnu/packages/cmake.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -36,7 +37,7 @@ (define-public cmake (package (name "cmake") - (version "3.3.2") + (version "3.5.0") (source (origin (method url-fetch) (uri (string-append "https://www.cmake.org/files/v" @@ -44,7 +45,7 @@ "/cmake-" version ".tar.gz")) (sha256 (base32 - "08pwy9ip9cgwgynhn5vrjw8drw29gijy1rmziq22n65zds6ifnp7")) + "1yly38mpk2s08b4rglp9xcw5pxalk0whp9hrcg7j8qpxlkc3mj4j")) (patches (search-patches "cmake-fix-tests.patch")))) (build-system gnu-build-system) (arguments diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index c52b6e8389..8c82644cc6 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -270,21 +270,24 @@ (name "perl-boot0") (replacement #f) (arguments - (substitute-keyword-arguments (package-arguments perl) - ((#:phases phases) - `(modify-phases ,phases - ;; Pthread support is missing in the bootstrap compiler - ;; (broken spec file), so disable it. - (add-before 'configure 'disable-pthreads - (lambda _ - (substitute* "Configure" - (("^libswanted=(.*)pthread" _ before) - (string-append "libswanted=" before)))))))))))) - (package-with-bootstrap-guile - (package-with-explicit-inputs perl - %boot0-inputs - (current-source-location) - #:guile %bootstrap-guile)))) + ;; At the very least, this must not depend on GCC & co. + (let ((args `(#:disallowed-references + ,(list %bootstrap-binutils)))) + (substitute-keyword-arguments (package-arguments perl) + ((#:phases phases) + `(modify-phases ,phases + ;; Pthread support is missing in the bootstrap compiler + ;; (broken spec file), so disable it. + (add-before 'configure 'disable-pthreads + (lambda _ + (substitute* "Configure" + (("^libswanted=(.*)pthread" _ before) + (string-append "libswanted=" before))))))))))))) + (package-with-bootstrap-guile + (package-with-explicit-inputs perl + %boot0-inputs + (current-source-location) + #:guile %bootstrap-guile)))) (define (linux-libre-headers-boot0) "Return Linux-Libre header files for the bootstrap environment." @@ -306,7 +309,12 @@ ;; Also, use %BOOT0-INPUTS to avoid building Perl once more. (let ((texinfo (package (inherit texinfo) (native-inputs '()) - (inputs `(("perl" ,perl-boot0)))))) + (inputs `(("perl" ,perl-boot0))) + + ;; Some of Texinfo 6.1's tests would fail with "Couldn't + ;; set UTF-8 character type in locale" but we don't have a + ;; UTF-8 locale at this stage, so skip them. + (arguments '(#:tests? #f))))) (package-with-bootstrap-guile (package-with-explicit-inputs texinfo %boot0-inputs (current-source-location) @@ -355,7 +363,7 @@ "export CPATH\n" all "\n")))) ,phases))))) - (propagated-inputs `(("linux-headers" ,(linux-libre-headers-boot0)))) + (propagated-inputs `(("kernel-headers" ,(linux-libre-headers-boot0)))) (native-inputs `(("texinfo" ,texinfo-boot0) ("perl" ,perl-boot0))) diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index dd107487fb..0fc61d3927 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -148,14 +148,14 @@ adding and extracting files to/from a tar archive.") (define-public gzip (package (name "gzip") - (version "1.6") + (version "1.8") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gzip/gzip-" - version ".tar.gz")) + version ".tar.xz")) (sha256 (base32 - "0zlgdm4v3dndrbiz7b67mbbj25dpwqbmbzjiycssvrfrcfvq7swp")))) + "1lxv3p4iyx7833mlihkn5wfwmz4cys5nybwpz3dfawag8kn6f5zz")))) (build-system gnu-build-system) (synopsis "General file (de)compression (using lzw)") (arguments diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm index a9c337e6ed..718e56e3de 100644 --- a/gnu/packages/cross-base.scm +++ b/gnu/packages/cross-base.scm @@ -167,24 +167,25 @@ may be either a libc package or #f.)" `(alist-cons-before 'configure 'set-cross-path (lambda* (#:key inputs #:allow-other-keys) - ;; Add the cross Linux headers to CROSS_C_*_INCLUDE_PATH, - ;; and remove them from C_*INCLUDE_PATH. + ;; Add the cross kernel headers to CROSS_CPATH, and remove them + ;; from CPATH. (let ((libc (assoc-ref inputs "libc")) - (linux (assoc-ref inputs "xlinux-headers"))) + (kernel (assoc-ref inputs "xkernel-headers"))) (define (cross? x) ;; Return #t if X is a cross-libc or cross Linux. (or (string-prefix? libc x) - (string-prefix? linux x))) + (string-prefix? kernel x))) (let ((cpath (string-append libc "/include" - ":" linux "/include"))) + ":" kernel "/include"))) (for-each (cut setenv <> cpath) '("CROSS_C_INCLUDE_PATH" "CROSS_CPLUS_INCLUDE_PATH" "CROSS_OBJC_INCLUDE_PATH" "CROSS_OBJCPLUS_INCLUDE_PATH"))) (setenv "CROSS_LIBRARY_PATH" - (string-append libc "/lib")) + (string-append libc "/lib:" + kernel "/lib")) ;for Hurd's libihash (for-each (lambda (var) (and=> (getenv var) @@ -255,9 +256,9 @@ GCC that does not target a libc; otherwise, target that libc." (alist-delete "libc" %final-inputs)))) (if libc `(("libc" ,libc) - ("xlinux-headers" ;the target headers + ("xkernel-headers" ;the target headers ,@(assoc-ref (package-propagated-inputs libc) - "linux-headers")) + "kernel-headers")) ,@inputs) inputs)))) @@ -334,10 +335,10 @@ XBINUTILS and the cross tool chain." ,flags)) ((#:phases phases) `(alist-cons-before - 'configure 'set-cross-linux-headers-path + 'configure 'set-cross-kernel-headers-path (lambda* (#:key inputs #:allow-other-keys) - (let* ((linux (assoc-ref inputs "linux-headers")) - (cpath (string-append linux "/include"))) + (let* ((kernel (assoc-ref inputs "kernel-headers")) + (cpath (string-append kernel "/include"))) (for-each (cut setenv <> cpath) '("CROSS_C_INCLUDE_PATH" "CROSS_CPLUS_INCLUDE_PATH" @@ -346,9 +347,9 @@ XBINUTILS and the cross tool chain." #t)) ,phases)))) - ;; Shadow the native "linux-headers" because glibc's recipe expects the - ;; "linux-headers" input to point to the right thing. - (propagated-inputs `(("linux-headers" ,xlinux-headers))) + ;; Shadow the native "kernel-headers" because glibc's recipe expects the + ;; "kernel-headers" input to point to the right thing. + (propagated-inputs `(("kernel-headers" ,xlinux-headers))) ;; FIXME: 'static-bash' should really be an input, not a native input, but ;; to do that will require building an intermediate cross libc. diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index 8437170bfa..c055315321 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -135,20 +135,17 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.") ;; cups-filters package. #:tests? #f #:phases - (alist-cons-before - 'configure - 'patch-makedefs - (lambda _ - (substitute* "Makedefs.in" - (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@") - (("/bin/sh") (which "sh")))) - (alist-cons-before - 'build - 'patch-tests - (lambda _ - (substitute* "test/ippserver.c" - (("# else /\\* HAVE_AVAHI \\*/") "#elif defined(HAVE_AVAHI)"))) - %standard-phases)))) + (modify-phases %standard-phases + (add-before 'configure 'patch-makedefs + (lambda _ + (substitute* "Makedefs.in" + (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@") + (("/bin/sh") (which "sh"))))) + (add-before 'build 'patch-tests + (lambda _ + (substitute* "test/ippserver.c" + (("# else /\\* HAVE_AVAHI \\*/") + "#elif defined(HAVE_AVAHI)"))))))) (native-inputs `(("pkg-config" ,pkg-config))) (inputs diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index e99f1fb3a2..2fbb439083 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2012, 2014, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com> ;;; Copyright © 2014, 2016 David Thompson <davet@gnu.org> @@ -114,14 +114,14 @@ either single machines or networked clusters.") (define-public gdbm (package (name "gdbm") - (version "1.11") + (version "1.12") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gdbm/gdbm-" version ".tar.gz")) (sha256 (base32 - "1hz3jgh3pd4qzp6jy0l8pd8x01g9abw7csnrlnj1a2sxy122z4cd")))) + "1smwz4x5qa4js0zf1w3asq6z7mh20zlgwbh2bk5dczw6xrk22yyr")))) (arguments `(#:configure-flags '("--enable-libgdbm-compat"))) (build-system gnu-build-system) (home-page "http://www.gnu.org/software/gdbm/") @@ -136,18 +136,20 @@ and provides interfaces to the traditional file format.") (define-public bdb (package (name "bdb") - (version "5.3.21") + (version "6.2.23") (source (origin (method url-fetch) - (uri (string-append "http://download.oracle.com/berkeley-db/db-" version - ".tar.gz")) - (sha256 (base32 - "1f2g2612lf8djbwbwhxsvmffmf9d7693kh2l20195pqp0f9jmnfx")))) + (uri (string-append "http://download.oracle.com/berkeley-db/db-" + version ".tar.gz")) + (sha256 + (base32 + "1isxx4jfmnh913jzhp8hhfngbk6dsg46f4kjpvvc56maj64jqqa7")))) (build-system gnu-build-system) (outputs '("out" ; programs, libraries, headers "doc")) ; 94 MiB of HTML docs (arguments '(#:tests? #f ; no check target available + #:disallowed-references ("doc") #:phases (alist-replace 'configure @@ -165,6 +167,9 @@ and provides interfaces to the traditional file format.") (string-append "CONFIG_SHELL=" (which "bash")) (string-append "SHELL=" (which "bash")) + ;; Remove 7 MiB of .a files. + "--disable-static" + ;; The compatibility mode is needed by some packages, ;; notably iproute2. "--enable-compat185" @@ -464,7 +469,7 @@ for example from a shell script.") (define-public sqlite (package (name "sqlite") - (version "3.10.0") + (version "3.12.2") (source (origin (method url-fetch) ;; TODO: Download from sqlite.org once this bug : @@ -495,7 +500,7 @@ for example from a shell script.") )) (sha256 (base32 - "0hhhv6si0pyf5i8bv7a71953m0b4gk6s3j2h09caf7vif0njkk23")))) + "1fwss0i2lixv39b27gkqiibdd2syym90wh3qbiaxnfgxk867f07x")))) (build-system gnu-build-system) (inputs `(("readline" ,readline))) (arguments diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm index 7cd1fcd71d..3668aac19a 100644 --- a/gnu/packages/ed.scm +++ b/gnu/packages/ed.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org> ;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,23 +28,24 @@ (define-public ed (package (name "ed") - (version "1.12") + (version "1.13") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/ed/ed-" version ".tar.lz")) (sha256 (base32 - "0bw0187a311rci58vznvncsj6pfp8bhs5phrlrqn03sa2i1mfrfj")))) + "1ly7i1iw02vbcd0zrx084z577ngxnarffmkm45dg6vndad5carnd")))) (build-system gnu-build-system) (native-inputs `(("lzip" ,lzip))) (arguments '(#:configure-flags '("CC=gcc") - #:phases (alist-cons-before 'patch-source-shebangs 'patch-test-suite - (lambda _ - (substitute* "testsuite/check.sh" - (("/bin/sh") (which "sh")))) - %standard-phases))) + #:phases + (modify-phases %standard-phases + (add-before 'patch-source-shebangs 'patch-test-suite + (lambda _ + (substitute* "testsuite/check.sh" + (("/bin/sh") (which "sh")))))))) (home-page "http://www.gnu.org/software/ed/") (synopsis "Line-oriented text editor") (description diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index cb6464df9d..ae3ebc1504 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -108,14 +108,6 @@ (substitute* (find-files "." "^Makefile\\.in$") (("/bin/pwd") "pwd")))) - (add-after 'install 'remove-info.info - (lambda* (#:key outputs #:allow-other-keys) - ;; Remove 'info.info', which is provided by Texinfo <= 6.0. - ;; TODO: Remove this phase when we switch to Texinfo 6.1. - (let ((out (assoc-ref outputs "out"))) - (delete-file - (string-append out "/share/info/info.info.gz")) - #t))) (add-after 'install 'install-site-start ;; Copy guix-emacs.el from Guix and add it to site-start.el. This ;; way, Emacs packages provided by Guix and installed in diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm index fd3962dbc3..4b8a278610 100644 --- a/gnu/packages/fonts.scm +++ b/gnu/packages/fonts.scm @@ -125,7 +125,7 @@ TrueType (TTF) files.") (define-public font-dejavu (package (name "font-dejavu") - (version "2.34") + (version "2.35") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/dejavu/" @@ -133,7 +133,7 @@ TrueType (TTF) files.") version ".tar.bz2")) (sha256 (base32 - "0pgb0a3ngamidacmrvasg51ck3gp8gn93w6sf1s8snwzx4x2r9yh")))) + "122d35y93r820zhi6d7m9xhakdib10z51v63lnlg67qhhrardmzn")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 73ce685d51..38068008ca 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -245,10 +245,10 @@ fonts to/from the WOFF2 format.") (assoc-ref %build-inputs "gs-fonts") "/share/fonts") - ;; register fonts from user profile - ;; TODO: Add /run/current-system/profile/share/fonts and remove - ;; the skeleton that works around it from 'default-skeletons'. - "--with-add-fonts=~/.guix-profile/share/fonts" + ;; Register fonts from user and system profiles. + (string-append "--with-add-fonts=" + "~/.guix-profile/share/fonts," + "/run/current-system/profile/share/fonts") ;; python is not actually needed "PYTHON=false") diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index 233a20bc86..1ca8ca0d59 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -153,7 +153,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC ("libelf" ,libelf) ("zlib" ,zlib))) - ;; GCC is one of the few packages that doesn't ship .info files. + ;; GCC < 5 is one of the few packages that doesn't ship .info files. (native-inputs `(("texinfo" ,texinfo))) (arguments @@ -352,7 +352,9 @@ Go. It also includes runtime support libraries for these languages.") (sha256 (base32 "1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq")) - (patches (search-patches "gcc-5.0-libvtv-runpath.patch")))))) + (patches (search-patches "gcc-5.0-libvtv-runpath.patch")))) + ;; GCC 5 ships with .info files, so no need for Texinfo. + (native-inputs '()))) (define-public gcc-6 (package diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm index 34338f936b..bf38543178 100644 --- a/gnu/packages/gettext.scm +++ b/gnu/packages/gettext.scm @@ -41,14 +41,14 @@ (define-public gnu-gettext (package (name "gettext") - (version "0.19.7") + (version "0.19.8") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gettext/gettext-" version ".tar.gz")) (sha256 (base32 - "0gy2b2aydj8r0sapadnjw8cmb8j2rynj28d5qs1mfa800njd51jk")))) + "13ylc6n3hsk919c7xl0yyibc3pfddzb53avdykn4hmk8g6yzd91x")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;8 MiB of HTML diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 0a65813f97..ae00eea1dc 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -156,7 +156,8 @@ printing, and psresize, for adjusting page sizes.") ("python" ,python-wrapper) ("tcl" ,tcl))) (arguments - `(#:phases + `(#:disallowed-references ("doc") + #:phases (modify-phases %standard-phases (add-after 'configure 'patch-config-files (lambda _ @@ -172,12 +173,15 @@ printing, and psresize, for adjusting page sizes.") (substitute* "base/gscdef.c" (("GS_DOCDIR") "\"~/.guix-profile/share/doc/ghostscript\"")))) - (add-after 'build 'build-so - (lambda _ - (zero? (system* "make" "so")))) - (add-after 'install 'install-so - (lambda _ - (zero? (system* "make" "install-so"))))))) + (replace 'build + (lambda _ + ;; Build 'libgs.so', but don't build the statically-linked 'gs' + ;; binary (saves 18 MiB). + (zero? (system* "make" "so" "-j" + (number->string (parallel-job-count)))))) + (replace 'install + (lambda _ + (zero? (system* "make" "soinstall"))))))) (synopsis "PostScript and PDF interpreter") (description "Ghostscript is an interpreter for the PostScript language and the PDF diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index b99a13cb05..2ef241036a 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org> ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org> +;;; Copyright © 2016 Nils Gillmann <ng0@libertad.pw> ;;; ;;; This file is part of GNU Guix. ;;; @@ -49,7 +50,7 @@ (define-public libgpg-error (package (name "libgpg-error") - (version "1.21") + (version "1.22") (source (origin (method url-fetch) @@ -57,7 +58,7 @@ version ".tar.bz2")) (sha256 (base32 - "0kdq2cbnk84fr4jqcv689rlxpbyl6bda2cn6y3ll19v3mlydpnxp")))) + "0ywxwswizmkyciy480kzczxn6nhbgzf3z8my4nk43nvv67k4x87j")))) (build-system gnu-build-system) (home-page "http://gnupg.org") (synopsis "Library of error values for GnuPG components") @@ -73,14 +74,14 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package (name "libgcrypt") - (version "1.6.5") + (version "1.7.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" version ".tar.bz2")) (sha256 (base32 - "0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl")))) + "14pspxwrqcgfklw3dgmywbxqwdzcym7fznfrqh9rk4vl8jkpxrmh")))) (build-system gnu-build-system) (propagated-inputs `(("libgpg-error-host" ,libgpg-error))) diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm index 6f00edb06b..7c0254e3b6 100644 --- a/gnu/packages/guile.scm +++ b/gnu/packages/guile.scm @@ -162,7 +162,8 @@ without requiring the source code to be rewritten.") (outputs '("out" "debug")) (arguments - `(#:phases (alist-cons-before + `(#:configure-flags '("--disable-static") ;saves 3MiB + #:phases (alist-cons-before 'configure 'pre-configure (lambda* (#:key inputs #:allow-other-keys) ;; Tell (ice-9 popen) the file name of Bash. diff --git a/gnu/packages/hurd.scm b/gnu/packages/hurd.scm index 2b2e162107..a4c0296b04 100644 --- a/gnu/packages/hurd.scm +++ b/gnu/packages/hurd.scm @@ -21,12 +21,12 @@ #:use-module (guix download) #:use-module (guix packages) #:use-module (gnu packages) + #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) #:use-module (gnu packages flex) #:use-module (gnu packages bison) #:use-module (gnu packages perl) - #:use-module (gnu packages autotools) #:use-module (gnu packages base) #:use-module (guix git-download)) @@ -55,7 +55,11 @@ ;; GNU Mach supports only IA32 currently, so cheat so that we can at ;; least install its headers. - #:configure-flags '("--build=i686-pc-gnu") + ,@(if (%current-target-system) + '() + ;; See <http://lists.gnu.org/archive/html/bug-hurd/2015-06/msg00042.html> + ;; <http://lists.gnu.org/archive/html/guix-devel/2015-06/msg00716.html> + '(#:configure-flags '("--build=i586-pc-gnu"))) #:tests? #f)) (home-page "https://www.gnu.org/software/hurd/microkernel/mach/gnumach.html") @@ -108,11 +112,7 @@ communication.") "1pbc4aqgzxvkgivw80ghp3w755cl0fwxmg357vq7chimj64jk78d")))) (build-system gnu-build-system) (native-inputs - `(;; Autoconf shouldn't be necessary but there seems to be a bug in the - ;; build system triggering its use. - ("autoconf" ,autoconf) - - ("mig" ,mig))) + `(("mig" ,mig))) (arguments `(#:phases (alist-replace 'install @@ -122,10 +122,19 @@ communication.") #:configure-flags '(;; Pretend we're on GNU/Hurd; 'configure' wants ;; that. - "--build=i686-pc-gnu" + ,@(if (%current-target-system) + '() + '("--host=i586-pc-gnu")) ;; Reduce set of dependencies. - "--without-parted") + "--without-parted" + "--disable-ncursesw" + "--disable-test" + "--without-libbz2" + "--without-libz" + ;; Skip the clnt_create check because it expects + ;; a working glibc causing a circular dependency. + "ac_cv_search_clnt_create=no") #:tests? #f)) (home-page "http://www.gnu.org/software/hurd/hurd.html") @@ -140,46 +149,28 @@ Library and other user programs.") (name "hurd-minimal") (inputs `(("glibc-hurd-headers" ,glibc/hurd-headers))) (native-inputs - `(("autoconf" ,(autoconf-wrapper)) - ("mig" ,mig))) - + `(("mig" ,mig))) (arguments - `(#:phases (alist-replace - 'install - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - ;; We need to copy libihash.a to the output directory manually, - ;; since there is no target for that in the makefile. - (mkdir-p (string-append out "/include")) - (copy-file "libihash/ihash.h" - (string-append out "/include/ihash.h")) - (mkdir-p (string-append out "/lib")) - (copy-file "libihash/libihash.a" - (string-append out "/lib/libihash.a")) - #t)) - (alist-replace - 'build - (lambda _ - (zero? (system* "make" "-Clibihash" "libihash.a"))) - (alist-cons-before - 'configure 'bootstrap - (lambda _ - (zero? (system* "autoreconf" "-vfi"))) - %standard-phases))) - #:configure-flags '(;; Pretend we're on GNU/Hurd; 'configure' wants - ;; that. - "--host=i686-pc-gnu" - - ;; Reduce set of dependencies. - "--disable-ncursesw" - "--disable-test" - "--without-libbz2" - "--without-libz" - "--without-parted" - ;; Skip the clnt_create check because it expects - ;; a working glibc causing a circular dependency. - "ac_cv_search_clnt_create=no") - #:tests? #f)) + (substitute-keyword-arguments (package-arguments hurd-headers) + ((#:phases _) + '(alist-replace + 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + ;; We need to copy libihash.a to the output directory manually, + ;; since there is no target for that in the makefile. + (mkdir-p (string-append out "/include")) + (copy-file "libihash/ihash.h" + (string-append out "/include/ihash.h")) + (mkdir-p (string-append out "/lib")) + (copy-file "libihash/libihash.a" + (string-append out "/lib/libihash.a")) + #t)) + (alist-replace + 'build + (lambda _ + (zero? (system* "make" "-Clibihash" "libihash.a"))) + %standard-phases))))) (home-page "http://www.gnu.org/software/hurd/hurd.html") (synopsis "GNU Hurd libraries") (description diff --git a/gnu/packages/ld-wrapper.in b/gnu/packages/ld-wrapper.in index c92ed1dcc7..ebfd8332c4 100644 --- a/gnu/packages/ld-wrapper.in +++ b/gnu/packages/ld-wrapper.in @@ -6,12 +6,16 @@ # the shebang line in Linux. # Use `load-compiled' because `load' (and `-l') doesn't otherwise load our # .go file (see <http://bugs.gnu.org/12519>). +# Unset 'GUILE_LOAD_COMPILED_PATH' to make sure we do not stumble upon +# incompatible .go files. See +# <https://lists.gnu.org/archive/html/guile-devel/2016-03/msg00000.html>. +unset GUILE_LOAD_COMPILED_PATH main="(@ (gnu build-support ld-wrapper) ld-wrapper)" exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)))" "$@" !# ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index b6fa7c0545..3aa3adea72 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -105,7 +105,7 @@ version "-gnu.tar.xz"))) (define-public linux-libre-headers - (let* ((version "3.14.37") + (let* ((version "4.1.18") (build-phase (lambda (arch) `(lambda _ @@ -143,7 +143,7 @@ (uri (linux-libre-urls version)) (sha256 (base32 - "1blxr2bsvfqi9khj4cpspv434bmx252zak2wsbi2mgl60zh77gza")))) + "1bddh2rg645lavhjkk9z75vflba5y0g73z2fjwgbfrj5jb44x9i7")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (arguments @@ -468,12 +468,11 @@ providing the system administrator with some help in common tasks.") (("build_kill=yes") "build_kill=no")) #t)))) (build-system gnu-build-system) + (outputs '("out" + "static")) ; >2 MiB of static .a libraries (arguments `(#:configure-flags (list "--disable-use-tty-group" - ;; Do not build .a files to save 2 MiB. - "--disable-static" - ;; Install completions where our ;; bash-completion package expects them. (string-append "--with-bashcompletiondir=" @@ -498,6 +497,19 @@ providing the system administrator with some help in common tasks.") (substitute* "tests/ts/misc/mcookie" (("/etc/services") (string-append net "/etc/services"))) + #t))) + (add-after + 'install 'move-static-libraries + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (static (assoc-ref outputs "static"))) + (mkdir-p (string-append static "/lib")) + (with-directory-excursion out + (for-each (lambda (file) + (rename-file file + (string-append static "/" + file))) + (find-files "lib" "\\.a$"))) #t)))))) (inputs `(("zlib" ,zlib) ("ncurses" ,ncurses))) @@ -526,7 +538,9 @@ block devices, UUIDs, TTYs, and many other tools.") "procps-ng-" version ".tar.xz")) (sha256 (base32 - "1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9")))) + "1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9")) + (patches + (list (search-patch "procps-non-linux.patch"))))) (build-system gnu-build-system) (arguments '(#:modules ((guix build utils) @@ -1562,7 +1576,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.") (define-public kmod (package (name "kmod") - (version "17") + (version "22") (source (origin (method url-fetch) (uri @@ -1570,7 +1584,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.") "kmod-" version ".tar.xz")) (sha256 (base32 - "1yid3a9b64a60ybj66fk2ysrq5klnl0ijl4g624cl16y8404g9rv")) + "10lzfkmnpq6a43a3gkx7x633njh216w0bjwz31rv8a1jlgg1sfxs")) (patches (search-patches "kmod-module-directory.patch")))) (build-system gnu-build-system) (native-inputs @@ -2558,12 +2572,26 @@ and copy/paste text in the console and in xterm.") (base32 "1lzbw275xgv69v4z8hmsf3jnip38116hxhkpv0madk8wv049drz6")))) (build-system gnu-build-system) + (outputs '("out" + "static")) ; static versions of binaries in "out" (~16MiB!) (arguments - '(#:test-target "test" + '(#:phases (modify-phases %standard-phases + (add-after 'build 'build-static + (lambda _ (zero? (system* "make" "static")))) + (add-after 'install 'install-static + (let ((staticbin (string-append (assoc-ref %outputs "static") + "/bin"))) + (lambda _ + (zero? (system* "make" + (string-append "bindir=" staticbin) + "install-static")))))) + #:test-target "test" #:parallel-tests? #f)) ; tests fail when run in parallel (inputs `(("e2fsprogs" ,e2fsprogs) ("libblkid" ,util-linux) + ("libblkid:static" ,util-linux "static") ("libuuid" ,util-linux) + ("libuuid:static" ,util-linux "static") ("zlib" ,zlib) ("lzo" ,lzo))) (native-inputs `(("pkg-config" ,pkg-config) diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index c3baa728ec..cea4c44e50 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2014 Sou Bunnbu <iyzsong@gmail.com> @@ -1168,8 +1168,7 @@ deliver it in various ways.") ;; filesystem are performed during 'make install'. However, these ;; are performed before the actual build process. (build-system gnu-build-system) - (inputs `(("glibc" ,glibc) - ("exim" ,exim))) + (inputs `(("exim" ,exim))) (home-page "http://www.procmail.org/") (synopsis "Versatile mail delivery agent (MDA)") (description "Procmail is a mail delivery agent (MDA) featuring support diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm index 85dfaa6b6f..def9c23b17 100644 --- a/gnu/packages/make-bootstrap.scm +++ b/gnu/packages/make-bootstrap.scm @@ -344,7 +344,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules." (libdir (string-append out "/lib")) (incdir (string-append out "/include")) (libc (assoc-ref %build-inputs "libc")) - (linux (assoc-ref %build-inputs "linux-headers"))) + (linux (assoc-ref %build-inputs "kernel-headers"))) (mkdir-p libdir) (for-each (lambda (file) (let ((target (string-append libdir "/" @@ -379,7 +379,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules." (parameterize ((%current-target-system #f)) (cross-libc target))) glibc))) - ("linux-headers" ,linux-libre-headers))) + ("kernel-headers" ,linux-libre-headers))) ;; Only one output. (outputs '("out"))))) diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm index 565163732e..43cc376281 100644 --- a/gnu/packages/mit-krb5.scm +++ b/gnu/packages/mit-krb5.scm @@ -30,7 +30,7 @@ (define-public mit-krb5 (package (name "mit-krb5") - (version "1.13.3") + (version "1.14.2") (source (origin (method url-fetch) (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/" @@ -38,18 +38,20 @@ "/krb5-" version ".tar.gz")) (sha256 (base32 - "1gpscn78lv48dxccxq9ncyj53w9l2a15xmngjfa1wylvmn7g0jjx")) - (patches - (search-patches "mit-krb5-init-context-null-spnego.patch" - "mit-krb5-CVE-2015-8629.patch" - "mit-krb5-CVE-2015-8630.patch" - "mit-krb5-CVE-2015-8631.patch")))) + "09wbv969ak4fqlqr1ip5bi62fny1zlp1vwjarvj6a6cdfzkdgjkb")))) (build-system gnu-build-system) (native-inputs `(("bison" ,bison) ("perl" ,perl))) (arguments - `(#:phases + `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h', + ;; needed by 'authgss_prot.so'." + #:parallel-build? #f + + ;; Likewise with tests. + #:parallel-tests? #f + + #:phases (modify-phases %standard-phases (add-after 'unpack 'enter-source-directory (lambda _ diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm index 99243235ad..46540be5c4 100644 --- a/gnu/packages/multiprecision.scm +++ b/gnu/packages/multiprecision.scm @@ -80,13 +80,13 @@ cryptography and computational algebra.") (define-public mpfr (package (name "mpfr") - (version "3.1.3") + (version "3.1.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/mpfr/mpfr-" version ".tar.xz")) (sha256 (base32 - "05jaa5z78lvrayld09nyr0v27c1m5dm9l7kr85v2bj4jv65s0db8")))) + "1x8pcnpn1vxfzfsr0js07rwhwyq27fmdzcfjpzi5773ldnqi653n")))) (build-system gnu-build-system) (outputs '("out" "debug")) (propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h> diff --git a/gnu/packages/netpbm.scm b/gnu/packages/netpbm.scm index 475635e7e1..cd0c3d950d 100644 --- a/gnu/packages/netpbm.scm +++ b/gnu/packages/netpbm.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> -;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,6 +27,7 @@ #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) #:use-module (gnu packages xml) + #:use-module (gnu packages xorg) #:use-module (guix build-system gnu) #:use-module ((guix licenses) #:select (gpl2)) #:use-module (guix packages) @@ -54,9 +55,8 @@ (file-name (string-append name "-" version "-checkout")) (modules '((guix build utils))) (snippet - ;; Remove non-FSDG-compliant code. '(begin - (use-modules (guix build utils)) + ;; Remove non-FSDG-compliant code. (define-syntax drop (syntax-rules (in) @@ -84,13 +84,22 @@ (drop "pbmto4425" "pbmtoln03" "pbmtolps" "pbmtopk" "pktopbm" in "converter/pbm") (drop "spottopgm" in "converter/pgm") - (drop "ppmtopjxl" in "converter/ppm"))))) + (drop "ppmtopjxl" in "converter/ppm") + + ;; Remove timestamps from the generated code. + (substitute* "buildtools/stamp-date" + (("^DATE=.*") + "DATE=\"Thu Jan 01 00:00:00+0000 1970\"\n") + (("^USER=.*") + "USER=Guix\n")))))) + (build-system gnu-build-system) (inputs `(("ghostscript" ,ghostscript) ("libjpeg" ,libjpeg) ("libpng" ,libpng) ("libtiff" ,libtiff) ("libxml2" ,libxml2) + ("xorg-rgb" ,xorg-rgb) ("zlib" ,zlib))) (native-inputs `(("flex" ,flex) @@ -99,50 +108,62 @@ ("python" ,python-wrapper))) (arguments `(#:phases - (alist-replace - 'configure - (lambda _ - (copy-file "config.mk.in" "config.mk") - (chmod "config.mk" #o664) - (let ((f (open-file "config.mk" "a"))) - (display "CC=gcc\n" f) - (display "CFLAGS_SHLIB += -fPIC\n" f) - (display "TIFFLIB = libtiff.so\n" f) - (display "JPEGLIB = libjpeg.so\n" f) - (display "ZLIB = libz.so\n" f) - (display (string-append "LDFLAGS += -Wl,-rpath=" %output "/lib") f) - (close-port f))) - (alist-cons-before - 'check 'setup-check - (lambda _ - ;; install temporarily into /tmp/netpbm - (system* "make" "package") - ;; remove test requiring X - (substitute* "test/all-in-place.test" (("pamx") "")) - ;; do not worry about non-existing file - (substitute* "test/all-in-place.test" (("^rm ") "rm -f ")) - ;; remove four tests that fail for unknown reasons - (substitute* "test/Test-Order" - (("all-in-place.test") "") - (("pnmpsnr.test") "") - (("pnmremap1.test") "") - (("gif-roundtrip.test") ""))) - (alist-replace - 'install - (lambda* (#:key outputs make-flags #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (apply system* "make" "package" - (string-append "pkgdir=" out) make-flags) - ;; copy static library - (copy-file (string-append out "/link/libnetpbm.a") - (string-append out "/lib/libnetpbm.a")) - ;; remove superfluous folders and files - (system* "rm" "-r" (string-append out "/link")) - (system* "rm" "-r" (string-append out "/misc")) - (with-directory-excursion out - (for-each delete-file - '("config_template" "pkginfo" "README" "VERSION"))))) - %standard-phases))))) + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key inputs outputs #:allow-other-keys) + (copy-file "config.mk.in" "config.mk") + (chmod "config.mk" #o664) + (let ((f (open-file "config.mk" "a"))) + (display "CC=gcc\n" f) + (display "CFLAGS_SHLIB += -fPIC\n" f) + (display "TIFFLIB = libtiff.so\n" f) + (display "JPEGLIB = libjpeg.so\n" f) + (display "ZLIB = libz.so\n" f) + (display (string-append "LDFLAGS += -Wl,-rpath=" %output "/lib") f) + (close-port f)) + + (let ((rgb (string-append (assoc-ref inputs "xorg-rgb") + "/share/X11/rgb.txt"))) + (substitute* "pm_config.in.h" + (("/usr/share/X11/rgb.txt") rgb)) + + ;; Our Ghostscript no longer provides the 'gs' command, only + ;; 'gsc', so look for that instead. + (substitute* "converter/other/pstopnm.c" + (("\"%s/gs\"") + "\"%s/gsc\""))) + #t)) + (add-before 'check 'setup-check + (lambda _ + ;; install temporarily into /tmp/netpbm + (system* "make" "package") + ;; remove test requiring X + (substitute* "test/all-in-place.test" (("pamx") "")) + ;; do not worry about non-existing file + (substitute* "test/all-in-place.test" (("^rm ") "rm -f ")) + ;; remove four tests that fail for unknown reasons + (substitute* "test/Test-Order" + (("all-in-place.test") "") + (("pnmpsnr.test") "") + (("pnmremap1.test") "") + (("gif-roundtrip.test") "")) + #t)) + (replace 'install + (lambda* (#:key outputs make-flags #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (apply system* "make" "package" + (string-append "pkgdir=" out) make-flags) + ;; copy static library + (copy-file (string-append out "/link/libnetpbm.a") + (string-append out "/lib/libnetpbm.a")) + ;; remove superfluous folders and files + (system* "rm" "-r" (string-append out "/link")) + (system* "rm" "-r" (string-append out "/misc")) + (with-directory-excursion out + (for-each delete-file + '("config_template" "pkginfo" "README" + "VERSION"))) + #t)))))) (synopsis "Toolkit for manipulation of images") (description "Netpbm is a toolkit for the manipulation of graphic images, including diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm index 429078fc92..adb6f36fe8 100644 --- a/gnu/packages/openldap.scm +++ b/gnu/packages/openldap.scm @@ -34,9 +34,8 @@ (define-public openldap (package - (replacement openldap-2.4.44) (name "openldap") - (version "2.4.42") + (version "2.4.44") (source (origin (method url-fetch) @@ -53,7 +52,7 @@ "openldap-release/openldap-" version ".tgz"))) (sha256 (base32 - "0qwfpb5ipp2l76v11arghq5mr0sjc6xhjfg8a0kgsaw5qpib1dzf")))) + "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp")))) (build-system gnu-build-system) (inputs `(("bdb" ,bdb) ("openssl" ,openssl) @@ -78,24 +77,3 @@ "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.") (license openldap2.8) (home-page "http://www.openldap.org/"))) - -(define openldap-2.4.44 - (package - (inherit openldap) - (replacement #f) - (source - (let ((version "2.4.44")) - (origin - (method url-fetch) - (uri (list (string-append - "ftp://mirror.switch.ch/mirror/OpenLDAP/" - "openldap-release/openldap-" version ".tgz") - (string-append - "ftp://ftp.OpenLDAP.org/pub/OpenLDAP/" - "openldap-release/openldap-" version ".tgz") - (string-append - "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/" - "openldap-release/openldap-" version ".tgz"))) - (sha256 - (base32 - "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))))) diff --git a/gnu/packages/patches/automake-test-gzip-warning.patch b/gnu/packages/patches/automake-test-gzip-warning.patch new file mode 100644 index 0000000000..bcc9c207ae --- /dev/null +++ b/gnu/packages/patches/automake-test-gzip-warning.patch @@ -0,0 +1,17 @@ +Adjust test to ignore gzip 1.8+ warnings. + +--- automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:36:26.554218552 +0200 ++++ automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:37:52.903157770 +0200 +@@ -49,7 +49,11 @@ grep "cannot find sources.* in foobar" s + + ./configure + run_make -E -O distcheck +-test ! -s stderr ++ ++# Gzip 1.8+ emits warnings like "gzip: warning: GZIP environment ++# variable is deprecated"; filter them out. ++test `grep -v '^gzip: warning' stderr | wc -l` -eq 0 ++ + # Sanity check: the flags have been actually seen. + $PERL -e 'undef $/; $_ = <>; s/ \\\n/ /g; print;' <stdout >t + grep '/configure .* --srcdir am-src' t || exit 99 diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch index af5e3bcc3e..fc8d6291f5 100644 --- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch +++ b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch @@ -1,42 +1,39 @@ -Update previous fix for CVE-2015-1283 to not rely on undefined behavior. +Follow-up upstream fix for CVE-2015-1283 to not rely on undefined +behavior. -Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2. +Adapted from a patch from Debian (found in Debian package version +2.1.0-6+deb8u2) to apply to upstream code: https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/ -From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001 -From: Pascal Cuoq <cuoq@trust-in-soft.com> -Date: Sun, 15 May 2016 09:05:46 +0200 -Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. - --- - expat/lib/xmlparse.c | 6 ++++-- + lib/xmlparse.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 13e080d..cdb12ef 100644 +index 0f6f4cd..5c70c17 100644 --- a/lib/xmlparse.c +++ b/lib/xmlparse.c -@@ -1695,7 +1695,8 @@ XML_GetBuffer(XML_Parser parser, int len +@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len) } if (len > bufferLim - bufferEnd) { - int neededSize = len + (int)(bufferEnd - bufferPtr); + /* Do not invoke signed arithmetic overflow: */ + int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr)); - /* BEGIN MOZILLA CHANGE (sanity check neededSize) */ if (neededSize < 0) { errorCode = XML_ERROR_NO_MEMORY; -@@ -1729,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len + return NULL; +@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len) if (bufferSize == 0) bufferSize = INIT_BUFFER_SIZE; do { - bufferSize *= 2; + /* Do not invoke signed arithmetic overflow: */ + bufferSize = (int) (2U * (unsigned) bufferSize); - /* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ } while (bufferSize < neededSize && bufferSize > 0); - /* END MOZILLA CHANGE */ + if (bufferSize <= 0) { + errorCode = XML_ERROR_NO_MEMORY; -- -2.8.2 +2.8.3 diff --git a/gnu/packages/patches/expat-CVE-2015-1283.patch b/gnu/packages/patches/expat-CVE-2015-1283.patch deleted file mode 100644 index f9065bea16..0000000000 --- a/gnu/packages/patches/expat-CVE-2015-1283.patch +++ /dev/null @@ -1,89 +0,0 @@ -Copied from Debian. - -Description: fix multiple integer overflows in the XML_GetBuffer function - Multiple integer overflows in the XML_GetBuffer function in Expat through - 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, - allow remote attackers to cause a denial of service (heap-based buffer - overflow) or possibly have unspecified other impact via crafted XML data, - a related issue to CVE-2015-2716. -Origin: Mozilla, https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c -Author: Eric Rahm <erahm@mozilla.com> -Forwarded: not-needed -Last-Update: 2015-07-24 - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -1673,29 +1673,40 @@ XML_ParseBuffer(XML_Parser parser, int l - XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position); - positionPtr = bufferPtr; - return result; - } - - void * XMLCALL - XML_GetBuffer(XML_Parser parser, int len) - { -+/* BEGIN MOZILLA CHANGE (sanity check len) */ -+ if (len < 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - switch (ps_parsing) { - case XML_SUSPENDED: - errorCode = XML_ERROR_SUSPENDED; - return NULL; - case XML_FINISHED: - errorCode = XML_ERROR_FINISHED; - return NULL; - default: ; - } - - if (len > bufferLim - bufferEnd) { -- /* FIXME avoid integer overflow */ - int neededSize = len + (int)(bufferEnd - bufferPtr); -+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */ -+ if (neededSize < 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - #ifdef XML_CONTEXT_BYTES - int keep = (int)(bufferPtr - buffer); - - if (keep > XML_CONTEXT_BYTES) - keep = XML_CONTEXT_BYTES; - neededSize += keep; - #endif /* defined XML_CONTEXT_BYTES */ - if (neededSize <= bufferLim - buffer) { -@@ -1714,17 +1725,25 @@ XML_GetBuffer(XML_Parser parser, int len - } - else { - char *newBuf; - int bufferSize = (int)(bufferLim - bufferPtr); - if (bufferSize == 0) - bufferSize = INIT_BUFFER_SIZE; - do { - bufferSize *= 2; -- } while (bufferSize < neededSize); -+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ -+ } while (bufferSize < neededSize && bufferSize > 0); -+/* END MOZILLA CHANGE */ -+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */ -+ if (bufferSize <= 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - newBuf = (char *)MALLOC(bufferSize); - if (newBuf == 0) { - errorCode = XML_ERROR_NO_MEMORY; - return NULL; - } - bufferLim = newBuf + bufferSize; - #ifdef XML_CONTEXT_BYTES - if (bufferPtr) { - - - - diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch deleted file mode 100644 index 9a0909af74..0000000000 --- a/gnu/packages/patches/glibc-CVE-2015-7547.patch +++ /dev/null @@ -1,559 +0,0 @@ -Copied from Fedora: -http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584 - -Adapted to apply cleanly to glibc-2.22. - -Index: b/resolv/nss_dns/dns-host.c -=================================================================== ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an - int h_namelen = 0; - - if (ancount == 0) -- return NSS_STATUS_NOTFOUND; -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } - - while (ancount-- > 0 && cp < end_of_message && had_error == 0) - { -@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an - /* Special case here: if the resolver sent a result but it only - contains a CNAME while we are looking for a T_A or T_AAAA record, - we fail with NOTFOUND instead of TRYAGAIN. */ -- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; -+ if (canon != NULL) -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } -+ -+ *h_errnop = NETDB_INTERNAL; -+ return NSS_STATUS_TRYAGAIN; - } - - -@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, - - enum nss_status status = NSS_STATUS_NOTFOUND; - -+ /* Combining the NSS status of two distinct queries requires some -+ compromise and attention to symmetry (A or AAAA queries can be -+ returned in any order). What follows is a breakdown of how this -+ code is expected to work and why. We discuss only SUCCESS, -+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns -+ that apply (though RETURN and MERGE exist). We make a distinction -+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). -+ A recoverable TRYAGAIN is almost always due to buffer size issues -+ and returns ERANGE in errno and the caller is expected to retry -+ with a larger buffer. -+ -+ Lastly, you may be tempted to make significant changes to the -+ conditions in this code to bring about symmetry between responses. -+ Please don't change anything without due consideration for -+ expected application behaviour. Some of the synthesized responses -+ aren't very well thought out and sometimes appear to imply that -+ IPv4 responses are always answer 1, and IPv6 responses are always -+ answer 2, but that's not true (see the implemetnation of send_dg -+ and send_vc to see response can arrive in any order, particlarly -+ for UDP). However, we expect it holds roughly enough of the time -+ that this code works, but certainly needs to be fixed to make this -+ a more robust implementation. -+ -+ ---------------------------------------------- -+ | Answer 1 Status / | Synthesized | Reason | -+ | Answer 2 Status | Status | | -+ |--------------------------------------------| -+ | SUCCESS/SUCCESS | SUCCESS | [1] | -+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | -+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | -+ | SUCCESS/NOTFOUND | SUCCESS | [1] | -+ | SUCCESS/UNAVAIL | SUCCESS | [1] | -+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | -+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | -+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | -+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | -+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | -+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | -+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | -+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | -+ | NOTFOUND/SUCCESS | SUCCESS | [3] | -+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | -+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | -+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | -+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | -+ | UNAVAIL/SUCCESS | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | -+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | -+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | -+ ---------------------------------------------- -+ -+ [1] If the first response is a success we return success. -+ This ignores the state of the second answer and in fact -+ incorrectly sets errno and h_errno to that of the second -+ answer. However because the response is a success we ignore -+ *errnop and *h_errnop (though that means you touched errno on -+ success). We are being conservative here and returning the -+ likely IPv4 response in the first answer as a success. -+ -+ [2] If the first response is a recoverable TRYAGAIN we return -+ that instead of looking at the second response. The -+ expectation here is that we have failed to get an IPv4 response -+ and should retry both queries. -+ -+ [3] If the first response was not a SUCCESS and the second -+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, -+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the -+ result from the second response, otherwise the first responses -+ status is used. Again we have some odd side-effects when the -+ second response is NOTFOUND because we overwrite *errnop and -+ *h_errnop that means that a first answer of NOTFOUND might see -+ its *errnop and *h_errnop values altered. Whether it matters -+ in practice that a first response NOTFOUND has the wrong -+ *errnop and *h_errnop is undecided. -+ -+ [4] If the first response is UNAVAIL we return that instead of -+ looking at the second response. The expectation here is that -+ it will have failed similarly e.g. configuration failure. -+ -+ [5] Testing this code is complicated by the fact that truncated -+ second response buffers might be returned as SUCCESS if the -+ first answer is a SUCCESS. To fix this we add symmetry to -+ TRYAGAIN with the second response. If the second response -+ is a recoverable error we now return TRYAGIN even if the first -+ response was SUCCESS. */ -+ - if (anslen1 > 0) - status = gaih_getanswer_slice(answer1, anslen1, qname, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ - if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND - || (status == NSS_STATUS_TRYAGAIN - /* We want to look at the second answer in case of an -@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ /* Use the second response status in some cases. */ - if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) - status = status2; -+ /* Do not return a truncated second response (unless it was -+ unavoidable e.g. unrecoverable TRYAGAIN). */ -+ if (status == NSS_STATUS_SUCCESS -+ && (status2 == NSS_STATUS_TRYAGAIN -+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) -+ status = NSS_STATUS_TRYAGAIN; - } - - return status; -Index: b/resolv/res_query.c -=================================================================== ---- a/resolv/res_query.c -+++ b/resolv/res_query.c -@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - } -@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - -@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - if (saved_herrno != -1) -Index: b/resolv/res_send.c -=================================================================== ---- a/resolv/res_send.c -+++ b/resolv/res_send.c -@@ -1,3 +1,20 @@ -+/* Copyright (C) 2016 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ <http://www.gnu.org/licenses/>. */ -+ - /* - * Copyright (c) 1985, 1989, 1993 - * The Regents of the University of California. All rights reserved. -@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const - #ifdef USE_HOOKS - if (__glibc_unlikely (statp->qhook || statp->rhook)) { - if (anssiz < MAXPACKET && ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *buf = malloc (MAXPACKET); - if (buf == NULL) - return (-1); -@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend) - - /* Private */ - -+/* The send_vc function is responsible for sending a DNS query over TCP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and -+ IPv6 queries at the same serially on the same socket. -+ -+ Please note that for TCP there is no way to disable sending both -+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP -+ and sends the queries serially and waits for the result after each -+ sent query. This implemetnation should be corrected to honour these -+ options. -+ -+ Please also note that for TCP we send both queries over the same -+ socket one after another. This technically violates best practice -+ since the server is allowed to read the first query, respond, and -+ then close the socket (to service another client). If the server -+ does this, then the remaining second query in the socket data buffer -+ will cause the server to send the client an RST which will arrive -+ asynchronously and the client's OS will likely tear down the socket -+ receive buffer resulting in a potentially short read and lost -+ response data. This will force the client to retry the query again, -+ and this process may repeat until all servers and connection resets -+ are exhausted and then the query will fail. It's not known if this -+ happens with any frequency in real DNS server implementations. This -+ implementation should be corrected to use two sockets by default for -+ parallel queries. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ serially on the same socket. -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message and the rest of the socket data will be read and discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_vc(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -669,11 +759,7 @@ send_vc(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; -- // XXX REMOVE -- // int anssiz = *anssizp; -- HEADER *anhp = (HEADER *) ans; -+ HEADER *anhp = (HEADER *) *ansp; - struct sockaddr *nsap = get_nsaddr (statp, ns); - int truncating, connreset, n; - /* On some architectures compiler might emit a warning indicating -@@ -766,6 +852,8 @@ send_vc(res_state statp, - * Receive length & response - */ - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - uint16_t rlen16; - read_len: -@@ -802,40 +890,14 @@ send_vc(res_state statp, - u_char **thisansp; - int *thisresplenp; - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if __GNUC_PREREQ (4, 7) -- DIAG_PUSH_NEEDS_COMMENT; -- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); --#endif --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif --#if __GNUC_PREREQ (4, 7) -- DIAG_POP_NEEDS_COMMENT; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; -@@ -843,10 +905,14 @@ send_vc(res_state statp, - anhp = (HEADER *) *thisansp; - - *thisresplenp = rlen; -- if (rlen > *thisanssizp) { -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- if (__glibc_likely (anscp != NULL)) { -+ /* Is the answer buffer too small? */ -+ if (*thisanssizp < rlen) { -+ /* If the current buffer is non-NULL and it's not -+ pointing at the static user-supplied buffer then -+ we can reallocate it. */ -+ if (thisansp != NULL && thisansp != ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp == NULL) { - *terrno = ENOMEM; -@@ -858,6 +924,9 @@ send_vc(res_state statp, - if (thisansp == ansp2) - *ansp2_malloced = 1; - anhp = (HEADER *) newp; -+ /* A uint16_t can't be larger than MAXPACKET -+ thus it's safe to allocate MAXPACKET but -+ read RLEN bytes instead. */ - len = rlen; - } else { - Dprint(statp->options & RES_DEBUG, -@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in - return 1; - } - -+/* The send_dg function is responsible for sending a DNS query over UDP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries -+ along with the ability to send the query in parallel for both stacks -+ (default) or serially (RES_SINGLKUP). It also supports serial lookup -+ with a close and reopen of the socket used to talk to the server -+ (RES_SNGLKUPREOP) to work around broken name servers. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message, while the rest of the UDP packet is discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If an answer is truncated because of UDP datagram DNS limits then -+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to -+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 -+ if any progress was made reading a response from the nameserver and -+ is used by the caller to distinguish between ECONNREFUSED and -+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_dg(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -1030,8 +1159,6 @@ send_dg(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; - struct timespec now, timeout, finish; - struct pollfd pfd[1]; - int ptimeout; -@@ -1064,6 +1191,8 @@ send_dg(res_state statp, - int need_recompute = 0; - int nwritten = 0; - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - pfd[0].fd = EXT(statp).nssocks[ns]; - pfd[0].events = POLLOUT; -@@ -1227,55 +1356,56 @@ send_dg(res_state statp, - int *thisresplenp; - - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; - } - - if (*thisanssizp < MAXPACKET -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- && anscp -+ /* If the current buffer is non-NULL and it's not -+ pointing at the static user-supplied buffer then -+ we can reallocate it. */ -+ && (thisansp != NULL && thisansp != ansp) - #ifdef FIONREAD -+ /* Is the size too small? */ - && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 - || *thisanssizp < *thisresplenp) - #endif - ) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp != NULL) { -- *anssizp = MAXPACKET; -- *thisansp = ans = newp; -+ *thisanssizp = MAXPACKET; -+ *thisansp = newp; - if (thisansp == ansp2) - *ansp2_malloced = 1; - } - } -+ /* We could end up with truncation if anscp was NULL -+ (not allowed to change caller's buffer) and the -+ response buffer size is too small. This isn't a -+ reliable way to detect truncation because the ioctl -+ may be an inaccurate report of the UDP message size. -+ Therefore we use this only to issue debug output. -+ To do truncation accurately with UDP we need -+ MSG_TRUNC which is only available on Linux. We -+ can abstract out the Linux-specific feature in the -+ future to detect truncation. */ -+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { -+ Dprint(statp->options & RES_DEBUG, -+ (stdout, ";; response may be truncated (UDP)\n") -+ ); -+ } -+ - HEADER *anhp = (HEADER *) *thisansp; - socklen_t fromlen = sizeof(struct sockaddr_in6); - assert (sizeof(from) <= fromlen); diff --git a/gnu/packages/patches/glibc-hurd-extern-inline.patch b/gnu/packages/patches/glibc-hurd-extern-inline.patch deleted file mode 100644 index a609b1f54a..0000000000 --- a/gnu/packages/patches/glibc-hurd-extern-inline.patch +++ /dev/null @@ -1,35 +0,0 @@ -This changes the way _EXTERN_INLINE is defined so we can -avoid external definition errors. -https://lists.gnu.org/archive/html/bug-hurd/2014-04/msg00002.html - -diff --git a/signal/sigsetops.c b/signal/sigsetops.c -index 0317662..b92c296 100644 ---- a/signal/sigsetops.c -+++ b/signal/sigsetops.c -@@ -3,7 +3,9 @@ - - #include <features.h> - --#define _EXTERN_INLINE -+#ifndef _EXTERN_INLINE -+#define _EXTERN_INLINE __extern_inline -+#endif - #ifndef __USE_EXTERN_INLINES - # define __USE_EXTERN_INLINES 1 - #endif - -Link libmachuser and libhurduser automatically with libc, since they are -considered a standard part of the API in GNU-land. - ---- a/Makerules -+++ b/Makerules -@@ -978,6 +978,9 @@ - '$(libdir)/$(patsubst %,$(libtype.oS),$(libprefix)$(libc-name))'\ - ' AS_NEEDED (' $(rtlddir)/$(rtld-installed-name) ') )' \ - ) > $@.new -+ifeq ($(patsubst gnu%,,$(config-os)),) -+ echo 'INPUT ( AS_NEEDED ( -lmachuser -lhurduser ) )' >> $@.new -+endif - mv -f $@.new $@ - - endif
\ No newline at end of file diff --git a/gnu/packages/patches/glibc-locale-incompatibility.patch b/gnu/packages/patches/glibc-locale-incompatibility.patch deleted file mode 100644 index baf30a79a7..0000000000 --- a/gnu/packages/patches/glibc-locale-incompatibility.patch +++ /dev/null @@ -1,23 +0,0 @@ -This patch avoids an assertion failure when incompatible locale data -is encountered: - - https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html - ---- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200 -+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200 -@@ -120,10 +120,11 @@ - _nl_value_type_LC_XYZ array. There are all pointers. */ - switch (category) - { --#define CATTEST(cat) \ -- case LC_##cat: \ -- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \ -- / sizeof (_nl_value_type_LC_##cat[0]))); \ -+#define CATTEST(cat) \ -+ case LC_##cat: \ -+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \ -+ / sizeof (_nl_value_type_LC_##cat[0]))) \ -+ goto puntdata; \ - break - CATTEST (NUMERIC); - CATTEST (TIME); diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch deleted file mode 100644 index b024a7d4a8..0000000000 --- a/gnu/packages/patches/libarchive-CVE-2013-0211.patch +++ /dev/null @@ -1,21 +0,0 @@ -Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems -Origin: upstream -Bug-Debian: http://bugs.debian.org/703957 -Forwarded: not-needed - ---- libarchive-3.0.4.orig/libarchive/archive_write.c -+++ libarchive-3.0.4/libarchive/archive_write.c -@@ -665,8 +665,13 @@ static ssize_t - _archive_write_data(struct archive *_a, const void *buff, size_t s) - { - struct archive_write *a = (struct archive_write *)_a; -+ const size_t max_write = INT_MAX; -+ - archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, - ARCHIVE_STATE_DATA, "archive_write_data"); -+ /* In particular, this catches attempts to pass negative values. */ -+ if (s > max_write) -+ s = max_write; - archive_clear_error(&a->archive); - return ((a->format_write_data)(a, buff, s)); - } diff --git a/gnu/packages/patches/libarchive-CVE-2016-1541.patch b/gnu/packages/patches/libarchive-CVE-2016-1541.patch deleted file mode 100644 index 6ac8773244..0000000000 --- a/gnu/packages/patches/libarchive-CVE-2016-1541.patch +++ /dev/null @@ -1,67 +0,0 @@ -Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata) - -Taken from upstream source repository: -https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 - -When reading OS X metadata entries in Zip archives that were stored -without compression, libarchive would use the uncompressed entry size -to allocate a buffer but would use the compressed entry size to limit -the amount of data copied into that buffer. Since the compressed -and uncompressed sizes are provided by data in the archive itself, -an attacker could manipulate these values to write data beyond -the end of the allocated buffer. - -This fix provides three new checks to guard against such -manipulation and to make libarchive generally more robust when -handling this type of entry: - 1. If an OS X metadata entry is stored without compression, - abort the entire archive if the compressed and uncompressed - data sizes do not match. - 2. When sanity-checking the size of an OS X metadata entry, - abort this entry if either the compressed or uncompressed - size is larger than 4MB. - 3. When copying data into the allocated buffer, check the copy - size against both the compressed entry size and uncompressed - entry size. ---- - libarchive/archive_read_support_format_zip.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c -index 0f8262c..0a0be96 100644 ---- a/libarchive/archive_read_support_format_zip.c -+++ b/libarchive/archive_read_support_format_zip.c -@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - - switch(rsrc->compression) { - case 0: /* No compression. */ -+ if (rsrc->uncompressed_size != rsrc->compressed_size) { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Malformed OS X metadata entry: inconsistent size"); -+ return (ARCHIVE_FATAL); -+ } - #ifdef HAVE_ZLIB_H - case 8: /* Deflate compression. */ - #endif -@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - (intmax_t)rsrc->uncompressed_size); - return (ARCHIVE_WARN); - } -+ if (rsrc->compressed_size > (4 * 1024 * 1024)) { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Mac metadata is too large: %jd > 4M bytes", -+ (intmax_t)rsrc->compressed_size); -+ return (ARCHIVE_WARN); -+ } - - metadata = malloc((size_t)rsrc->uncompressed_size); - if (metadata == NULL) { -@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - bytes_avail = remaining_bytes; - switch(rsrc->compression) { - case 0: /* No compression. */ -+ if ((size_t)bytes_avail > metadata_bytes) -+ bytes_avail = metadata_bytes; - memcpy(mp, p, bytes_avail); - bytes_used = (size_t)bytes_avail; - metadata_bytes -= bytes_used; diff --git a/gnu/packages/patches/libarchive-bsdtar-test.patch b/gnu/packages/patches/libarchive-bsdtar-test.patch deleted file mode 100644 index 6a533a9a07..0000000000 --- a/gnu/packages/patches/libarchive-bsdtar-test.patch +++ /dev/null @@ -1,74 +0,0 @@ -commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d -Author: Pavel Raiskup <praiskup@redhat.com> -Date: Thu Jun 27 16:01:30 2013 +0200 - - Use ustar format in the test_option_b test - - .. because the ustar archive does not store SELinux context. As the default - format for bsdtar is "restricted pax" (trying to store xattrs and other - things by default), the test failed on Fedora because our files have by - default SELinux context set. This results in additional data in tested - archive ~> and the test failed because the archive was unexpectedly big: - - tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048 - - Reviewed by Konrad Kleine <konrad.wilhelm.kleine@gmail.com> - -diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c -index be2ae65..6fea474 100644 ---- a/tar/test/test_option_b.c -+++ b/tar/test/test_option_b.c -@@ -25,8 +25,14 @@ - #include "test.h" - __FBSDID("$FreeBSD$"); - -+#define USTAR_OPT " --format=ustar" -+ - DEFINE_TEST(test_option_b) - { -+ char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1); -+ strcpy(testprog_ustar, testprog); -+ strcat(testprog_ustar, USTAR_OPT); -+ - assertMakeFile("file1", 0644, "file1"); - if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) { - skipping("Platform doesn't have cat"); -@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b) - /* - * Bsdtar does not pad if the output is going directly to a disk file. - */ -- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog)); -+ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar)); - failure("bsdtar does not pad archives written directly to regular files"); - assertFileSize("archive1.tar", 2048); - assertEmptyFile("test1.out"); -@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b) - * Bsdtar does pad to the block size if the output is going to a socket. - */ - /* Default is -b 20 */ -- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar)); - failure("bsdtar does pad archives written to pipes"); - assertFileSize("archive2.tar", 10240); - assertEmptyFile("test2.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar)); - assertFileSize("archive3.tar", 10240); - assertEmptyFile("test3.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar)); - assertFileSize("archive4.tar", 5120); - assertEmptyFile("test4.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar)); - assertFileSize("archive5.tar", 2048); - assertEmptyFile("test5.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar)); - assertFileSize("archive6.tar", 4194304); - assertEmptyFile("test6.err"); - diff --git a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch deleted file mode 100644 index ffdc0db922..0000000000 --- a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch +++ /dev/null @@ -1,83 +0,0 @@ -Description: This patch fixes test cases for LZO write support in various - architectures, such as armhf. Writing a certain amount of files would - cause the LZO compressor level 9 to produce a bigger archive than the - default compressor level. -Author: Andres Mejia <amejia@debian.org> - ---- a/libarchive/test/test_write_filter_lzop.c -+++ b/libarchive/test/test_write_filter_lzop.c -@@ -39,7 +39,7 @@ - size_t buffsize, datasize; - char path[16]; - size_t used1, used2; -- int i, r, use_prog = 0; -+ int i, r, use_prog = 0, filecount; - - assert((a = archive_write_new()) != NULL); - r = archive_write_add_filter_lzop(a); -@@ -58,9 +58,10 @@ - - datasize = 10000; - assert(NULL != (data = (char *)calloc(1, datasize))); -+ filecount = 10; - - /* -- * Write a 100 files and read them all back. -+ * Write a filecount files and read them all back. - */ - assert((a = archive_write_new()) != NULL); - assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a)); -@@ -77,7 +78,7 @@ - assert((ae = archive_entry_new()) != NULL); - archive_entry_set_filetype(ae, AE_IFREG); - archive_entry_set_size(ae, datasize); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - archive_entry_copy_pathname(ae, path); - assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); -@@ -97,7 +98,7 @@ - } else { - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used1)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) -@@ -133,7 +134,7 @@ - archive_write_set_options(a, "lzop:compression-level=9")); - assertEqualIntA(a, ARCHIVE_OK, - archive_write_open_memory(a, buff, buffsize, &used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - assert((ae = archive_entry_new()) != NULL); - archive_entry_copy_pathname(ae, path); -@@ -161,7 +162,7 @@ - archive_read_support_filter_all(a)); - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) -@@ -186,7 +187,7 @@ - archive_write_set_filter_option(a, NULL, "compression-level", "1")); - assertEqualIntA(a, ARCHIVE_OK, - archive_write_open_memory(a, buff, buffsize, &used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - assert((ae = archive_entry_new()) != NULL); - archive_entry_copy_pathname(ae, path); -@@ -216,7 +217,7 @@ - } else { - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) diff --git a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch deleted file mode 100644 index ad94592c05..0000000000 --- a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch +++ /dev/null @@ -1,18 +0,0 @@ -Description: Patch to fix filename length calculation when writing mtree archives. -Author: Dave Reisner <dreisner@archlinux.org> -Origin: upstream - ---- a/libarchive/archive_write_set_format_mtree.c -+++ b/libarchive/archive_write_set_format_mtree.c -@@ -1855,9 +1855,9 @@ - return (ret); - } - -- /* Make a basename from dirname and slash */ -+ /* Make a basename from file->parentdir.s and slash */ - *slash = '\0'; -- file->parentdir.length = slash - dirname; -+ file->parentdir.length = slash - file->parentdir.s; - archive_strcpy(&(file->basename), slash + 1); - return (ret); - } diff --git a/gnu/packages/patches/libpthread-glibc-preparation.patch b/gnu/packages/patches/libpthread-glibc-preparation.patch deleted file mode 100644 index a43245436c..0000000000 --- a/gnu/packages/patches/libpthread-glibc-preparation.patch +++ /dev/null @@ -1,146 +0,0 @@ -This patch helps to integrate the Hurd's libpthread as a libc add-on. - -It writes the configure file, removes an rpc call not yet -implemented on the version of gnumach we use and defines -a missing macro. - -diff --git a/libpthread/configure b/libpthread/configure -new file mode 100644 -index 0000000..2cdbc71 ---- /dev/null -+++ b/libpthread/configure -@@ -0,0 +1,2 @@ -+libc_add_on_canonical=libpthread -+libc_add_on_subdirs=. --- -1.9.0 - -We are using a version of GNU Mach that lacks 'thread_terminate_release' -(not introduced yet). The 'thread_terminate' RPC call will be enough for -our needs. -See <http://lists.gnu.org/archive/html/bug-hurd/2014-05/msg00127.html>. - -diff --git a/libpthread/sysdeps/mach/pt-thread-terminate.c b/libpthread/sysdeps/mach/pt-thread-terminate.c -index 6672065..129a611 100644 ---- a/libpthread/sysdeps/mach/pt-thread-terminate.c -+++ b/libpthread/sysdeps/mach/pt-thread-terminate.c -@@ -70,9 +70,9 @@ __pthread_thread_terminate (struct __pthread *thread) - __mach_port_destroy (__mach_task_self (), wakeup_port); - - /* Terminate and release all that's left. */ -- err = __thread_terminate_release (kernel_thread, mach_task_self (), -- kernel_thread, reply_port, -- stackaddr, stacksize); -+ /* err = __thread_terminate_release (kernel_thread, mach_task_self (), */ -+ /* kernel_thread, reply_port, */ -+ /* stackaddr, stacksize); */ - - /* The kernel does not support it yet. Leak but at least terminate - correctly. */ --- -1.9.2 - -The __PTHREAD_SPIN_LOCK_INITIALIZER definition is missing, so we -define it to __SPIN_LOCK_INITIALIZER which already exists. -See <http://lists.gnu.org/archive/html/commit-hurd/2009-04/msg00006.html>. - -diff --git a/libpthread/sysdeps/mach/bits/spin-lock.h b/libpthread/sysdeps/mach/bits/spin-lock.h -index 537dac9..fca0e5a 100644 ---- a/libpthread/sysdeps/mach/bits/spin-lock.h -+++ b/libpthread/sysdeps/mach/bits/spin-lock.h -@@ -30,7 +30,7 @@ typedef __spin_lock_t __pthread_spinlock_t; - - /* Initializer for a spin lock object. */ - #ifndef __PTHREAD_SPIN_LOCK_INITIALIZER --#error __PTHREAD_SPIN_LOCK_INITIALIZER undefined: should be defined by <lock-intern.h>. -+#define __PTHREAD_SPIN_LOCK_INITIALIZER __SPIN_LOCK_INITIALIZER - #endif - - __END_DECLS - -The version of the glibc we use doesn't include the shm-directory.c file and does -not yet support IS_IN. -See <https://lists.gnu.org/archive/html/bug-hurd/2015-03/msg00078.html> - -diff --git a/libpthread/Makefile b/libpthread/Makefile -index 2906788..b8dee58 100644 ---- a/libpthread/Makefile -+++ b/libpthread/Makefile -@@ -149,8 +149,6 @@ libpthread-routines := pt-attr pt-attr-destroy pt-attr-getdetachstate \ - sem-post sem-timedwait sem-trywait sem-unlink \ - sem-wait \ - \ -- shm-directory \ -- \ - cthreads-compat \ - $(SYSDEPS) - --- -2.3.6 - -diff --git a/libpthread/pthread/pt-create.c b/libpthread/pthread/pt-create.c -index d88afae..84044dc 100644 ---- a/libpthread/pthread/pt-create.c -+++ b/libpthread/pthread/pt-create.c -@@ -28,7 +28,7 @@ - - #include <pt-internal.h> - --#if IS_IN (libpthread) -+#ifdef IS_IN_libpthread - # include <ctype.h> - #endif - #ifdef HAVE_USELOCALE -@@ -50,7 +50,7 @@ entry_point (struct __pthread *self, void *(*start_routine)(void *), void *arg) - __resp = &self->res_state; - #endif - --#if IS_IN (libpthread) -+#ifdef IS_IN_libpthread - /* Initialize pointers to locale data. */ - __ctype_init (); - #endif -diff --git a/libpthread/pthread/pt-initialize.c b/libpthread/pthread/pt-initialize.c -index 9e5404b..b9cacbd 100644 ---- a/libpthread/pthread/pt-initialize.c -+++ b/libpthread/pthread/pt-initialize.c -@@ -28,7 +28,7 @@ - - DEFINE_HOOK (__pthread_init, (void)); - --#if IS_IN (libpthread) -+#ifdef IS_IN_libpthread - static const struct pthread_functions pthread_functions = - { - .ptr_pthread_attr_destroy = __pthread_attr_destroy, -@@ -81,7 +81,7 @@ static const struct pthread_functions pthread_functions = - void - ___pthread_init (void) - { --#if IS_IN (libpthread) -+#ifdef IS_IN_libpthread - __libc_pthread_init(&pthread_functions); - #endif - RUN_HOOK (__pthread_init, ()); -diff --git a/libpthread/pthread/pt-internal.h b/libpthread/pthread/pt-internal.h -index 18b5b4c..8cdcfce 100644 ---- a/libpthread/pthread/pt-internal.h -+++ b/libpthread/pthread/pt-internal.h -@@ -35,7 +35,7 @@ - #include <pt-sysdep.h> - #include <pt-machdep.h> - --#if IS_IN (libpthread) -+#ifdef IS_IN_libpthread - # include <ldsodefs.h> - #endif - -@@ -60,7 +60,7 @@ enum pthread_state - # define PTHREAD_SYSDEP_MEMBERS - #endif - --#if !(IS_IN (libpthread)) -+#ifndef IS_IN_libpthread - #ifdef ENABLE_TLS - /* Type of the TCB. */ - typedef struct diff --git a/gnu/packages/patches/libxslt-CVE-2015-7995.patch b/gnu/packages/patches/libxslt-CVE-2015-7995.patch deleted file mode 100644 index f291d5b387..0000000000 --- a/gnu/packages/patches/libxslt-CVE-2015-7995.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Thu, 29 Oct 2015 19:33:23 +0800 -Subject: [PATCH] Fix for type confusion in preprocessing attributes - -CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 -We need to check that the parent node is an element before dereferencing -its namespace ---- - libxslt/preproc.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libxslt/preproc.c b/libxslt/preproc.c -index 0eb80a0..7f69325 100644 ---- a/libxslt/preproc.c -+++ b/libxslt/preproc.c -@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) { - } else if (IS_XSLT_NAME(inst, "attribute")) { - xmlNodePtr parent = inst->parent; - -- if ((parent == NULL) || (parent->ns == NULL) || -+ if ((parent == NULL) || -+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) || - ((parent->ns != inst->ns) && - (!xmlStrEqual(parent->ns->href, inst->ns->href))) || - (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) { --- -2.6.3 - diff --git a/gnu/packages/patches/libxslt-generated-ids.patch b/gnu/packages/patches/libxslt-generated-ids.patch new file mode 100644 index 0000000000..4273875c7c --- /dev/null +++ b/gnu/packages/patches/libxslt-generated-ids.patch @@ -0,0 +1,173 @@ +This makes generated IDs deterministic. + +Written by Daniel Veillard. + +This should be fixed in next release (2.29). +See https://bugzilla.gnome.org/show_bug.cgi?id=751621. + +diff --git a/libxslt/functions.c b/libxslt/functions.c +index 6448bde..5b00a6d 100644 +--- a/libxslt/functions.c ++++ b/libxslt/functions.c +@@ -651,6 +651,63 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs) + } + + /** ++ * xsltCleanupIds: ++ * @ctxt: the transformation context ++ * @root: the root of the resulting document ++ * ++ * This clean up ids which may have been saved in Element contents ++ * by xsltGenerateIdFunction() to provide stable IDs on elements. ++ * ++ * Returns the number of items cleaned or -1 in case of error ++ */ ++int ++xsltCleanupIds(xsltTransformContextPtr ctxt, xmlNodePtr root) { ++ xmlNodePtr cur; ++ int count = 0; ++ ++ if ((ctxt == NULL) || (root == NULL)) ++ return(-1); ++ if (root->type != XML_ELEMENT_NODE) ++ return(-1); ++ ++ cur = root; ++ while (cur != NULL) { ++ if (cur->type == XML_ELEMENT_NODE) { ++ if (cur->content != NULL) { ++ cur->content = NULL; ++ count++; ++ } ++ if (cur->children != NULL) { ++ cur = cur->children; ++ continue; ++ } ++ } ++ if (cur->next != NULL) { ++ cur = cur->next; ++ continue; ++ } ++ do { ++ cur = cur->parent; ++ if (cur == NULL) ++ break; ++ if (cur == (xmlNodePtr) root) { ++ cur = NULL; ++ break; ++ } ++ if (cur->next != NULL) { ++ cur = cur->next; ++ break; ++ } ++ } while (cur != NULL); ++ } ++ ++fprintf(stderr, "Attributed %d IDs for element, cleaned up %d\n", ++ ctxt->nextid, count); ++ ++ return(count); ++} ++ ++/** + * xsltGenerateIdFunction: + * @ctxt: the XPath Parser context + * @nargs: the number of arguments +@@ -701,7 +758,39 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){ + if (obj) + xmlXPathFreeObject(obj); + +- val = (long)((char *)cur - (char *)&base_address); ++ /* ++ * Try to provide stable ID for generated document: ++ * - usually ID are computed to be placed on elements via attributes ++ * so using the element as the node for the ID ++ * - the cur->content should be a correct placeholder for this, we use ++ * it to hold element node numbers in xmlXPathOrderDocElems to ++ * speed up XPath too ++ * - xsltCleanupIds() clean them up before handing the XSLT output ++ * to the API client. ++ * - other nodes types use the node address method but that should ++ * not end up in resulting document ID ++ * - we can enable this by default without risk of performance issues ++ * only the one pass xsltCleanupIds() is added ++ */ ++ if (cur->type == XML_ELEMENT_NODE) { ++ if (cur->content == NULL) { ++ xsltTransformContextPtr tctxt; ++ ++ tctxt = xsltXPathGetTransformContext(ctxt); ++ if (tctxt == NULL) { ++ val = (long)((char *)cur - (char *)&base_address); ++ } else { ++ tctxt->nextid++; ++ val = tctxt->nextid; ++ cur->content = (void *) (val); ++ } ++ } else { ++ val = (long) cur->content; ++ } ++ } else { ++ val = (long)((char *)cur - (char *)&base_address); ++ } ++ + if (val >= 0) { + sprintf((char *)str, "idp%ld", val); + } else { +diff --git a/libxslt/functions.h b/libxslt/functions.h +index e0e0bf9..4a1e163 100644 +--- a/libxslt/functions.h ++++ b/libxslt/functions.h +@@ -64,6 +64,13 @@ XSLTPUBFUN void XSLTCALL + int nargs); + + /* ++ * Cleanup for ID generation ++ */ ++XSLTPUBFUN int XSLTCALL ++ xsltCleanupIds (xsltTransformContextPtr ctxt, ++ xmlNodePtr root); ++ ++/* + * And the registration + */ + +diff --git a/libxslt/transform.c b/libxslt/transform.c +index 24f9eb2..2bdf6bf 100644 +--- a/libxslt/transform.c ++++ b/libxslt/transform.c +@@ -700,6 +700,7 @@ xsltNewTransformContext(xsltStylesheetPtr style, xmlDocPtr doc) { + cur->traceCode = (unsigned long*) &xsltDefaultTrace; + cur->xinclude = xsltGetXIncludeDefault(); + cur->keyInitLevel = 0; ++ cur->nextid = 0; + + return(cur); + +@@ -6092,6 +6093,13 @@ xsltApplyStylesheetInternal(xsltStylesheetPtr style, xmlDocPtr doc, + if (root != NULL) { + const xmlChar *doctype = NULL; + ++ /* ++ * cleanup ids which may have been saved in Elements content ptrs ++ */ ++ if (ctxt->nextid != 0) { ++ xsltCleanupIds(ctxt, root); ++ } ++ + if ((root->ns != NULL) && (root->ns->prefix != NULL)) + doctype = xmlDictQLookup(ctxt->dict, root->ns->prefix, root->name); + if (doctype == NULL) +diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h +index 95e8fe6..8eedae4 100644 +--- a/libxslt/xsltInternals.h ++++ b/libxslt/xsltInternals.h +@@ -1786,6 +1786,8 @@ struct _xsltTransformContext { + int funcLevel; /* Needed to catch recursive functions issues */ + int maxTemplateDepth; + int maxTemplateVars; ++ ++ unsigned long nextid;/* for generating stable ids */ + }; + + /** diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch deleted file mode 100644 index a296d8cb1b..0000000000 --- a/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch +++ /dev/null @@ -1,51 +0,0 @@ -Copied from Fedora. -http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8629.patch?h=f22 - -From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001 -From: Greg Hudson <ghudson@mit.edu> -Date: Fri, 8 Jan 2016 12:45:25 -0500 -Subject: [PATCH 1/3] Verify decoded kadmin C strings [CVE-2015-8629] - -In xdr_nullstring(), check that the decoded string is terminated with -a zero byte and does not contain any internal zero bytes. - -CVE-2015-8629: - -In all versions of MIT krb5, an authenticated attacker can cause -kadmind to read beyond the end of allocated memory by sending a string -without a terminating zero byte. Information leakage may be possible -for an attacker with permission to modify the database. - - CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C - -ticket: 8341 (new) -target_version: 1.14-next -target_version: 1.13-next -tags: pullup ---- - src/lib/kadm5/kadm_rpc_xdr.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c -index 2bef858..ba67084 100644 ---- a/src/lib/kadm5/kadm_rpc_xdr.c -+++ b/src/lib/kadm5/kadm_rpc_xdr.c -@@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp) - return FALSE; - } - } -- return (xdr_opaque(xdrs, *objp, size)); -+ if (!xdr_opaque(xdrs, *objp, size)) -+ return FALSE; -+ /* Check that the unmarshalled bytes are a C string. */ -+ if ((*objp)[size - 1] != '\0') -+ return FALSE; -+ if (memchr(*objp, '\0', size - 1) != NULL) -+ return FALSE; -+ return TRUE; - - case XDR_ENCODE: - if (size != 0) --- -2.7.0.rc3 - diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch deleted file mode 100644 index c21d84b1e7..0000000000 --- a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch +++ /dev/null @@ -1,81 +0,0 @@ -Copied from Fedora. -http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8630.patch?h=f22 - -From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001 -From: Greg Hudson <ghudson@mit.edu> -Date: Fri, 8 Jan 2016 12:52:28 -0500 -Subject: [PATCH 2/3] Check for null kadm5 policy name [CVE-2015-8630] - -In kadm5_create_principal_3() and kadm5_modify_principal(), check for -entry->policy being null when KADM5_POLICY is included in the mask. - -CVE-2015-8630: - -In MIT krb5 1.12 and later, an authenticated attacker with permission -to modify a principal entry can cause kadmind to dereference a null -pointer by supplying a null policy value but including KADM5_POLICY in -the mask. - - CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C - -ticket: 8342 (new) -target_version: 1.14-next -target_version: 1.13-next -tags: pullup ---- - src/lib/kadm5/srv/svr_principal.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c -index 5b95fa3..1d4365c 100644 ---- a/src/lib/kadm5/srv/svr_principal.c -+++ b/src/lib/kadm5/srv/svr_principal.c -@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle, - /* - * Argument sanity checking, and opening up the DB - */ -+ if (entry == NULL) -+ return EINVAL; - if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) || - (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) || - (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || -@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle, - return KADM5_BAD_MASK; - if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0) - return KADM5_BAD_MASK; -+ if((mask & KADM5_POLICY) && entry->policy == NULL) -+ return KADM5_BAD_MASK; - if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) - return KADM5_BAD_MASK; - if((mask & ~ALL_PRINC_MASK)) - return KADM5_BAD_MASK; -- if (entry == NULL) -- return EINVAL; - - /* - * Check to see if the principal exists -@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle, - - krb5_clear_error_message(handle->context); - -+ if(entry == NULL) -+ return EINVAL; - if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) || - (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) || - (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || -@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle, - return KADM5_BAD_MASK; - if((mask & ~ALL_PRINC_MASK)) - return KADM5_BAD_MASK; -+ if((mask & KADM5_POLICY) && entry->policy == NULL) -+ return KADM5_BAD_MASK; - if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) - return KADM5_BAD_MASK; -- if(entry == (kadm5_principal_ent_t) NULL) -- return EINVAL; - if (mask & KADM5_TL_DATA) { - tl_data_orig = entry->tl_data; - while (tl_data_orig) { --- -2.7.0.rc3 - diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch deleted file mode 100644 index dd1eb2945c..0000000000 --- a/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch +++ /dev/null @@ -1,576 +0,0 @@ -Copied from Fedora. -http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8631.patch?h=f22 - -From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001 -From: Greg Hudson <ghudson@mit.edu> -Date: Fri, 8 Jan 2016 13:16:54 -0500 -Subject: [PATCH 3/3] Fix leaks in kadmin server stubs [CVE-2015-8631] - -In each kadmind server stub, initialize the client_name and -server_name variables, and release them in the cleanup handler. Many -of the stubs will otherwise leak the client and server name if -krb5_unparse_name() fails. Also make sure to free the prime_arg -variables in rename_principal_2_svc(), or we can leak the first one if -unparsing the second one fails. Discovered by Simo Sorce. - -CVE-2015-8631: - -In all versions of MIT krb5, an authenticated attacker can cause -kadmind to leak memory by supplying a null principal name in a request -which uses one. Repeating these requests will eventually cause -kadmind to exhaust all available memory. - - CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C - -ticket: 8343 (new) -target_version: 1.14-next -target_version: 1.13-next -tags: pullup ---- - src/kadmin/server/server_stubs.c | 151 ++++++++++++++++++++------------------- - 1 file changed, 77 insertions(+), 74 deletions(-) - -diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c -index 1879dc6..6ac797e 100644 ---- a/src/kadmin/server/server_stubs.c -+++ b/src/kadmin/server/server_stubs.c -@@ -334,7 +334,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; -@@ -382,10 +383,10 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -- gss_release_buffer(&minor_stat, &client_name); -- gss_release_buffer(&minor_stat, &service_name); - - exit_func: -+ gss_release_buffer(&minor_stat, &client_name); -+ gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; - } -@@ -395,7 +396,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; -@@ -444,10 +446,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -- gss_release_buffer(&minor_stat, &client_name); -- gss_release_buffer(&minor_stat, &service_name); - - exit_func: -+ gss_release_buffer(&minor_stat, &client_name); -+ gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; - } -@@ -457,8 +459,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -501,10 +503,10 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) - - } - free(prime_arg); -- gss_release_buffer(&minor_stat, &client_name); -- gss_release_buffer(&minor_stat, &service_name); - - exit_func: -+ gss_release_buffer(&minor_stat, &client_name); -+ gss_release_buffer(&minor_stat, &service_name); - free_server_handle(handle); - return &ret; - } -@@ -514,8 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; -@@ -559,9 +561,9 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -570,10 +572,9 @@ generic_ret * - rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; -- char *prime_arg1, -- *prime_arg2; -- gss_buffer_desc client_name, -- service_name; -+ char *prime_arg1 = NULL, *prime_arg2 = NULL; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - restriction_t *rp; -@@ -655,11 +656,11 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - - } -+exit_func: - free(prime_arg1); - free(prime_arg2); - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -669,8 +670,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) - { - static gprinc_ret ret; - char *prime_arg, *funcname; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -719,9 +720,9 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -731,8 +732,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) - { - static gprincs_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -777,9 +778,9 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -789,8 +790,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -840,9 +841,9 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) - } - - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -852,8 +853,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -909,9 +910,9 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) - } - - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -921,8 +922,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -969,9 +970,9 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) - } - - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -981,8 +982,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1029,9 +1030,9 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) - } - - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1041,8 +1042,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1092,9 +1093,9 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) - } - - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1106,8 +1107,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) - krb5_keyblock *k; - int nkeys; - char *prime_arg, *funcname; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1164,9 +1165,9 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1178,8 +1179,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) - krb5_keyblock *k; - int nkeys; - char *prime_arg, *funcname; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1241,9 +1242,9 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1253,8 +1254,8 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1295,9 +1296,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1307,8 +1308,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1347,9 +1348,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1359,8 +1360,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1400,9 +1401,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1413,8 +1414,8 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) - static gpol_ret ret; - kadm5_ret_t ret2; - char *prime_arg, *funcname; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_principal_ent_rec caller_ent; - kadm5_server_handle_t handle; -@@ -1475,9 +1476,9 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) - log_unauth(funcname, prime_arg, - &client_name, &service_name, rqstp); - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - -@@ -1488,8 +1489,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) - { - static gpols_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1531,9 +1532,9 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); - } -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1541,7 +1542,8 @@ exit_func: - getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) - { - static getprivs_ret ret; -- gss_buffer_desc client_name, service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1571,9 +1573,9 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) - if (errmsg != NULL) - krb5_free_error_message(handle->context, errmsg); - -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1583,7 +1585,8 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg, *funcname; -- gss_buffer_desc client_name, service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - -@@ -1629,9 +1632,9 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1641,8 +1644,8 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp) - { - static gstrings_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1688,9 +1691,9 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1700,8 +1703,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) - { - static generic_ret ret; - char *prime_arg; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - OM_uint32 minor_stat; - kadm5_server_handle_t handle; - const char *errmsg = NULL; -@@ -1744,9 +1747,9 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) - krb5_free_error_message(handle->context, errmsg); - } - free(prime_arg); -+exit_func: - gss_release_buffer(&minor_stat, &client_name); - gss_release_buffer(&minor_stat, &service_name); --exit_func: - free_server_handle(handle); - return &ret; - } -@@ -1754,8 +1757,8 @@ exit_func: - generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) - { - static generic_ret ret; -- gss_buffer_desc client_name, -- service_name; -+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; -+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; - kadm5_server_handle_t handle; - OM_uint32 minor_stat; - const char *errmsg = NULL; -@@ -1797,10 +1800,10 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) - rqstp->rq_cred.oa_flavor); - if (errmsg != NULL) - krb5_free_error_message(NULL, errmsg); -- gss_release_buffer(&minor_stat, &client_name); -- gss_release_buffer(&minor_stat, &service_name); - - exit_func: -+ gss_release_buffer(&minor_stat, &client_name); -+ gss_release_buffer(&minor_stat, &service_name); - return(&ret); - } - --- -2.7.0.rc3 - diff --git a/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch b/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch deleted file mode 100644 index 195db38d08..0000000000 --- a/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch +++ /dev/null @@ -1,49 +0,0 @@ -Copied from Fedora. -http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-init_context_null_spnego.patch?h=f22 - -From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001 -From: Simo Sorce <simo@redhat.com> -Date: Tue, 5 Jan 2016 12:11:59 -0500 -Subject: [PATCH] Check internal context on init context errors - -If the mechanism deletes the internal context handle on error, the -mechglue must do the same with the union context, to avoid crashes if -the application calls other functions with this invalid union context. - -[ghudson@mit.edu: edit commit message and code comment] - -ticket: 8337 (new) -target_version: 1.14-next -target_version: 1.13-next -tags: pullup ---- - src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c -index aaae767..9f154b8 100644 ---- a/src/lib/gssapi/mechglue/g_init_sec_context.c -+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c -@@ -224,12 +224,15 @@ OM_uint32 * time_rec; - - if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) { - /* -- * the spec says (the preferred) method is to delete all -- * context info on the first call to init, and on all -- * subsequent calls make the caller responsible for -- * calling gss_delete_sec_context -+ * The spec says the preferred method is to delete all context info on -+ * the first call to init, and on all subsequent calls make the caller -+ * responsible for calling gss_delete_sec_context. However, if the -+ * mechanism decided to delete the internal context, we should also -+ * delete the union context. - */ - map_error(minor_status, mech); -+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) -+ *context_handle = GSS_C_NO_CONTEXT; - if (*context_handle == GSS_C_NO_CONTEXT) { - free(union_ctx_id->mech_type->elements); - free(union_ctx_id->mech_type); --- -2.6.4 - diff --git a/gnu/packages/patches/procps-non-linux.patch b/gnu/packages/patches/procps-non-linux.patch new file mode 100644 index 0000000000..9d369aeb2c --- /dev/null +++ b/gnu/packages/patches/procps-non-linux.patch @@ -0,0 +1,40 @@ +From aa9bd38d0a6fe53aff7f78fb2d9f61e55677c7b5 Mon Sep 17 00:00:00 2001 +From: Craig Small <csmall@enc.com.au> +Date: Sun, 17 Apr 2016 09:09:41 +1000 +Subject: [PATCH] tests: Conditionally add prctl to test process + +prctl was already bypassed on Cygwin systems. This extends to +non-Linux systems such as kFreeBSD and Hurd. + +--- + lib/test_process.c | 4 ++-- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/test_process.c b/lib/test_process.c +index 6e652ed..6a4776c 100644 +--- a/lib/test_process.c ++++ b/lib/test_process.c +@@ -21,7 +21,9 @@ + #include <stdlib.h> + #include <unistd.h> + #include <signal.h> ++#ifdef __linux__ + #include <sys/prctl.h> ++#endif + #include "c.h" + + #define DEFAULT_SLEEPTIME 300 +@@ -78,8 +80,10 @@ + sigaction(SIGUSR1, &signal_action, NULL); + sigaction(SIGUSR2, &signal_action, NULL); + ++#ifdef __linux__ + /* set process name */ + prctl(PR_SET_NAME, MY_NAME, NULL, NULL, NULL); ++#endif + + while (sleep_time > 0) { + sleep_time = sleep(sleep_time); +-- +2.8.2 + diff --git a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch b/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch deleted file mode 100644 index 39d8e2b20a..0000000000 --- a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch +++ /dev/null @@ -1,33 +0,0 @@ -commit e9ddc08da0982f36581ae5a8c7763453ff41cfe8 -Author: Sergey Poznyakoff <gray@gnu.org> -Date: Thu Sep 25 00:22:16 2014 +0300 - - Bugfixes. - - * doc/tar.1: Fix typo in font spec. - * src/tar.c (sort_mode_arg, sort_mode_flag): Protect "inode" - (SAVEDIR_SORT_INODE) with D_INO_IN_DIRENT - -diff --git a/src/tar.c b/src/tar.c -index 225c624..f8102e0 100644 ---- a/src/tar.c -+++ b/src/tar.c -@@ -1341,14 +1341,18 @@ static char filename_terminator; - static char const *const sort_mode_arg[] = { - "none", - "name", -+#if D_INO_IN_DIRENT - "inode", -+#endif - NULL - }; - - static int sort_mode_flag[] = { - SAVEDIR_SORT_NONE, - SAVEDIR_SORT_NAME, -+#if D_INO_IN_DIRENT - SAVEDIR_SORT_INODE -+#endif - }; - - ARGMATCH_VERIFY (sort_mode_arg, sort_mode_flag);
\ No newline at end of file diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm index e954492554..fe9157af12 100644 --- a/gnu/packages/pcre.scm +++ b/gnu/packages/pcre.scm @@ -32,7 +32,6 @@ (package (name "pcre") (version "8.38") - (replacement pcre-fixed) (source (origin (method url-fetch) (uri (list @@ -43,15 +42,18 @@ version "/pcre-" version ".tar.bz2"))) (sha256 (base32 - "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r")))) + "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r")) + (patches (list (search-patch "pcre-CVE-2016-3191.patch"))))) (build-system gnu-build-system) - (outputs '("out" - "doc")) ;1.8 MiB of HTML + (outputs '("out" ;library & headers + "bin" ;depends on Readline (adds 20MiB to the closure) + "doc")) ;1.8 MiB of HTML (inputs `(("bzip2" ,bzip2) ("readline" ,readline) ("zlib" ,zlib))) (arguments - `(#:configure-flags '("--enable-utf" + '(#:disallowed-references ("doc") + #:configure-flags '("--enable-utf" "--enable-pcregrep-libz" "--enable-pcregrep-libbz2" "--enable-pcretest-libreadline" @@ -68,13 +70,6 @@ POSIX regular expression API.") (license license:bsd-3) (home-page "http://www.pcre.org/"))) -(define pcre-fixed ;for CVE-2016-3191 - (package - (inherit pcre) - (source (origin - (inherit (package-source pcre)) - (patches (search-patches "pcre-CVE-2016-3191.patch")))))) - (define-public pcre2 (package (name "pcre2") diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index d46bd1f8ba..7c2651764a 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -87,7 +87,10 @@ `(#:tests? #f ; no test data provided with the tarball #:configure-flags '("--enable-xpdf-headers" ; to install header files - "--enable-zlib") + "--enable-zlib" + + ;; Saves 8 MiB of .a files. + "--disable-static") #:phases (alist-cons-before 'configure 'setenv @@ -469,27 +472,38 @@ and examining the file structure (pdfshow).") (uri (string-append "mirror://sourceforge/qpdf/qpdf-" version ".tar.gz")) (sha256 (base32 - "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm")))) + "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm")) + (modules '((guix build utils))) + (snippet + ;; Replace shebang with the bi-lingual shell/Perl trick to remove + ;; dependency on Perl. + '(substitute* "qpdf/fix-qdf" + (("#!/usr/bin/env perl") + "\ +eval '(exit $?0)' && eval 'exec perl -wS \"$0\" ${1+\"$@\"}' + & eval 'exec perl -wS \"$0\" $argv:q' + if 0;\n"))))) (build-system gnu-build-system) (arguments - '(#:phases (alist-cons-before - 'configure 'patch-paths - (lambda _ - (substitute* "make/libtool.mk" - (("SHELL=/bin/bash") - (string-append "SHELL=" (which "bash")))) - (substitute* (append - '("qtest/bin/qtest-driver") - (find-files "." "\\.test")) - (("/usr/bin/env") (which "env")))) - %standard-phases))) + `(#:disallowed-references (,perl) + #:phases (alist-cons-before + 'configure 'patch-paths + (lambda _ + (substitute* "make/libtool.mk" + (("SHELL=/bin/bash") + (string-append "SHELL=" (which "bash")))) + (substitute* (append + '("qtest/bin/qtest-driver") + (find-files "." "\\.test")) + (("/usr/bin/env") (which "env")))) + %standard-phases))) (native-inputs - `(("pkg-config" ,pkg-config))) + `(("pkg-config" ,pkg-config) + ("perl" ,perl))) (propagated-inputs `(("pcre" ,pcre))) (inputs - `(("zlib" ,zlib) - ("perl" ,perl))) + `(("zlib" ,zlib))) (synopsis "Command-line tools and library for transforming PDF files") (description "QPDF is a command-line program that does structural, content-preserving diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index e45db041e7..e2b39c7d12 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -87,15 +87,7 @@ "-Dinstallstyle=lib/perl5" "-Duseshrplib" (string-append "-Dlocincpth=" libc "/include") - (string-append "-Dloclibpth=" libc "/lib") - - ;; Force the library search path to contain only libc - ;; because it is recorded in Config.pm and - ;; Config_heavy.pl; we don't want to keep a reference - ;; to everything that's in $LIBRARY_PATH at build - ;; time (Binutils, bzip2, file, etc.) - (string-append "-Dlibpth=" libc "/lib") - (string-append "-Dplibpth=" libc "/lib")))))) + (string-append "-Dloclibpth=" libc "/lib")))))) (add-before 'strip 'make-shared-objects-writable @@ -106,7 +98,34 @@ (lib (string-append out "/lib"))) (for-each (lambda (dso) (chmod dso #o755)) - (find-files lib "\\.so$")))))))) + (find-files lib "\\.so$"))))) + + (add-after 'install 'remove-extra-references + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (libc (assoc-ref inputs "libc")) + (config1 (car (find-files (string-append out "/lib/perl5") + "^Config_heavy\\.pl$"))) + (config2 (find-files (string-append out "/lib/perl5") + "^Config\\.pm$"))) + ;; Force the library search path to contain only libc because + ;; it is recorded in Config.pm and Config_heavy.pl; we don't + ;; want to keep a reference to everything that's in + ;; $LIBRARY_PATH at build time (GCC, Binutils, bzip2, file, + ;; etc.) + (substitute* config1 + (("^incpth=.*$") + (string-append "incpth='" libc "/include'\n")) + (("^(libpth|plibpth|libspath)=.*$" _ variable) + (string-append variable "='" libc "/lib'\n"))) + + (for-each (lambda (file) + (substitute* config2 + (("libpth => .*$") + (string-append "libpth => '" libc + "/lib',\n")))) + config2) + #t)))))) (native-search-paths (list (search-path-specification (variable "PERL5LIB") (files '("lib/perl5/site_perl"))))) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 97f4e6cdb7..dbc4533a52 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -97,7 +97,7 @@ (define-public python-2.7 (package (name "python") - (version "2.7.10") + (version "2.7.11") (source (origin (method url-fetch) @@ -105,56 +105,44 @@ version "/Python-" version ".tar.xz")) (sha256 (base32 - "1h7zbrf9pkj29hlm18b10548ch9757f75m64l47sy75rh43p7lqw")) - (patches (search-patches - "python-2.7-search-paths.patch" - "python-2-deterministic-build-info.patch" - "python-2.7-source-date-epoch.patch")))) + "0iiz844riiznsyhhyy962710pz228gmhv8qi3yk4w4jhmx2lqawn")) + (patches (search-patches "python-2.7-search-paths.patch" + "python-2-deterministic-build-info.patch" + "python-2.7-source-date-epoch.patch")) + (modules '((guix build utils))) + ;; suboptimal to delete failing tests here, but if we delete them in the + ;; arguments then we need to make sure to strip out that phase when it + ;; gets inherited by python and python-minimal. + (snippet + '(begin + (for-each delete-file + '("Lib/test/test_compileall.py" + "Lib/test/test_distutils.py" + "Lib/test/test_import.py" + "Lib/test/test_shutil.py" + "Lib/test/test_socket.py" + "Lib/test/test_subprocess.py")) + #t)))) (outputs '("out" "tk")) ;tkinter; adds 50 MiB to the closure (build-system gnu-build-system) (arguments - `(#:tests? #f - ;; 268 tests OK. - ;; 103 tests failed: - ;; test_distutils test_shutil test_signal test_site test_slice - ;; test_smtplib test_smtpnet test_socket test_socketserver - ;; test_softspace test_sort test_spwd test_sqlite test_ssl - ;; test_startfile test_stat test_str test_strftime test_string - ;; test_stringprep test_strop test_strptime test_strtod test_struct - ;; test_structmembers test_structseq test_subprocess test_sunau - ;; test_sunaudiodev test_sundry test_symtable test_syntax test_sys - ;; test_sys_setprofile test_sys_settrace test_sysconfig test_tarfile - ;; test_tcl test_telnetlib test_tempfile test_textwrap test_thread - ;; test_threaded_import test_threadedtempfile test_threading - ;; test_threading_local test_threadsignals test_time test_timeit - ;; test_timeout test_tk test_tokenize test_tools test_trace - ;; test_traceback test_transformer test_ttk_guionly test_ttk_textonly - ;; test_tuple test_typechecks test_ucn test_unary - ;; test_undocumented_details test_unicode test_unicode_file - ;; test_unicodedata test_univnewlines test_univnewlines2k test_unpack - ;; test_urllib test_urllib2 test_urllib2_localnet test_urllib2net - ;; test_urllibnet test_urlparse test_userdict test_userlist - ;; test_userstring test_uu test_uuid test_wait3 test_wait4 - ;; test_warnings test_wave test_weakref test_weakset test_whichdb - ;; test_winreg test_winsound test_with test_wsgiref test_xdrlib - ;; test_xml_etree test_xml_etree_c test_xmllib test_xmlrpc - ;; test_xpickle test_xrange test_zipfile test_zipfile64 - ;; test_zipimport test_zipimport_support test_zlib - ;; 30 tests skipped: + `(;; 356 tests OK. + ;; 6 tests failed: + ;; test_compileall test_distutils test_import test_shutil test_socket + ;; test_subprocess + ;; 39 tests skipped: ;; test_aepack test_al test_applesingle test_bsddb test_bsddb185 ;; test_bsddb3 test_cd test_cl test_codecmaps_cn test_codecmaps_hk - ;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_crypt - ;; test_curses test_dl test_gdb test_gl test_idle test_imageop - ;; test_imgfile test_ioctl test_kqueue test_linuxaudiodev test_macos - ;; test_macostools test_msilib test_nis test_ossaudiodev - ;; test_scriptpackages - ;; 6 skips unexpected on linux2: - ;; test_bsddb test_bsddb3 test_crypt test_gdb test_idle test_ioctl - ;; One of the typical errors: - ;; test_unicode - ;; test test_unicode crashed -- <type 'exceptions.OSError'>: [Errno 2] No - ;; such file or directory + ;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_curses + ;; test_dl test_gdb test_gl test_imageop test_imgfile test_ioctl + ;; test_kqueue test_linuxaudiodev test_macos test_macostools + ;; test_msilib test_ossaudiodev test_scriptpackages test_smtpnet + ;; test_socketserver test_startfile test_sunaudiodev test_timeout + ;; test_tk test_ttk_guionly test_urllib2net test_urllibnet + ;; test_winreg test_winsound test_zipfile64 + ;; 4 skips unexpected on linux2: + ;; test_bsddb test_bsddb3 test_gdb test_ioctl #:test-target "test" #:configure-flags (list "--enable-shared" ;allow embedding @@ -217,6 +205,37 @@ (utime file circa-1980 circa-1980) #t)) #t))) + (add-after 'install 'remove-tests + ;; Remove 25 MiB of unneeded unit tests. Keep test_support.* + ;; because these files are used by some libraries out there. + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (match (scandir (string-append out "/lib") + (lambda (name) + (string-prefix? "python" name))) + ((pythonX.Y) + (let ((testdir (string-append out "/lib/" pythonX.Y + "/test"))) + (with-directory-excursion testdir + (for-each delete-file-recursively + (scandir testdir + (match-lambda + ((or "." "..") #f) + (file + (not + (string-prefix? "test_support." + file)))))) + (call-with-output-file "__init__.py" (const #t)) + #t))))))) + (add-before 'strip 'make-libraries-writable + (lambda* (#:key outputs #:allow-other-keys) + ;; Make .so files writable so they can be stripped. + (let ((out (assoc-ref outputs "out"))) + (for-each (lambda (file) + (chmod file #o755)) + (find-files (string-append out "/lib") + "\\.so")) + #t))) (add-after 'install 'move-tk-inter (lambda* (#:key outputs #:allow-other-keys) ;; When Tkinter support is built move it to a separate output so @@ -349,8 +368,8 @@ data types.") (lambda (old new) (symlink (string-append python old) (string-append bin "/" new))) - `("python3" ,"pydoc3" ,"idle3") - `("python" ,"pydoc" ,"idle")))))) + '("python3" "pydoc3" "idle3" "pip3" "python3-config") + '("python" "pydoc" "idle" "pip" "python-config")))))) (synopsis "Wrapper for the Python 3 commands") (description "This package provides wrappers for the commands of Python@tie{}3.x such diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 6baee2b309..e409dd546e 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com> -;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch> +;;; Copyright © 2015, 2016 Federico Beffa <beffa@fbengineering.ch> ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> @@ -23,17 +23,23 @@ (define-module (gnu packages scheme) #:use-module (gnu packages) - #:use-module (guix licenses) + #:use-module ((guix licenses) + #:select (gpl2+ lgpl2.0+ lgpl2.1+ asl2.0 bsd-3 + cc-by-sa4.0)) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) + #:use-module (gnu packages compression) #:use-module (gnu packages m4) #:use-module (gnu packages multiprecision) + #:use-module (gnu packages ncurses) #:use-module (gnu packages databases) #:use-module (gnu packages emacs) + #:use-module (gnu packages ghostscript) + #:use-module (gnu packages netpbm) #:use-module (gnu packages texinfo) #:use-module (gnu packages tex) #:use-module (gnu packages base) @@ -548,6 +554,160 @@ an isolated heap allowing multiple VMs to run simultaneously in different OS threads.") (license bsd-3))) +(define nanopass + (let ((version "1.9")) + (origin + (method url-fetch) + (uri (string-append + "https://github.com/nanopass/nanopass-framework-scheme/archive" + "/v" version ".tar.gz")) + (sha256 (base32 "11pwyy4jiwhcl2am3a4ciczacjbjkyvdizqzdglb3l1hj2gj6nv2")) + (file-name (string-append "nanopass-" version ".tar.gz"))))) + +(define stex + (let ((version "1.2.1")) + (origin + (method url-fetch) + (uri (string-append + "https://github.com/dybvig/stex/archive" + "/v" version ".tar.gz")) + (sha256 (base32 "03pl3f668h24dn51vccr1sj5lsba9zq3j37bnxjvdadcdaj4qy5z")) + (file-name (string-append "stex-" version ".tar.gz"))))) + +(define-public chez-scheme + (package + (name "chez-scheme") + (version "9.4") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/cisco/ChezScheme/archive/" + "v" version ".tar.gz")) + (sha256 + (base32 "0lprmpsjg2plc6ykgkz482zyvhkzv6gd0vnar71ph21h6zknyklz")) + (file-name (string-append "chez-scheme-" version ".tar.gz")))) + (build-system gnu-build-system) + (inputs + `(("ncurses" ,ncurses) + ("libx11" ,libx11) + ("xorg-rgb" ,xorg-rgb) + ("nanopass" ,nanopass) + ("zlib" ,zlib) + ("stex" ,stex))) + (native-inputs + `(("texlive" ,texlive) + ("ghostscript" ,ghostscript) + ("netpbm" ,netpbm))) + (outputs '("out" "doc")) + (arguments + `(#:modules ((guix build gnu-build-system) + (guix build utils) + (ice-9 match)) + #:test-target "test" + #:phases + (modify-phases %standard-phases + ;; Adapt the custom 'configure' script. + (replace 'configure + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (nanopass (assoc-ref inputs "nanopass")) + (stex (assoc-ref inputs "stex")) + (zlib (assoc-ref inputs "zlib")) + (unpack (assoc-ref %standard-phases 'unpack)) + (patch-source-shebangs + (assoc-ref %standard-phases 'patch-source-shebangs))) + (map (match-lambda + ((src orig-name new-name) + (with-directory-excursion "." + (apply unpack (list #:source src)) + (apply patch-source-shebangs (list #:source src))) + (delete-file-recursively new-name) + (system* "mv" orig-name new-name))) + `((,nanopass "nanopass-framework-scheme-1.9" "nanopass") + (,stex "stex-1.2.1" "stex"))) + ;; The Makefile wants to download and compile "zlib". We patch + ;; it to use the one from our 'zlib' package. + (substitute* "configure" + (("rmdir zlib .*$") "echo \"using system zlib\"\n")) + (substitute* (find-files "./c" "Mf-[a-zA-Z0-9.]+") + (("\\$\\{Kernel\\}: \\$\\{kernelobj\\} \\.\\./zlib/libz\\.a") + "${Kernel}: ${kernelobj}") + (("ld -melf_x86_64 -r -X -o \\$\\{Kernel\\} \\$\\{kernelobj\\} \\.\\./zlib/libz\\.a") + (string-append "ld -melf_x86_64 -r -X -o ${Kernel} ${kernelobj} " + zlib "/lib/libz.a")) + (("\\(cd \\.\\./zlib; CFLAGS=-m64 \\./configure --64)") + (which "true")) + (("(cd \\.\\./zlib; make)") + (which "true"))) + (substitute* (find-files "mats" "Mf-.*") + (("^[[:space:]]+(cc ) *") "\tgcc ")) + (substitute* + (find-files "." (string-append + "(" + "Mf-[a-zA-Z0-9.]+" + "|Makefile[a-zA-Z0-9.]*" + "|checkin" + "|stex\\.stex" + "|newrelease" + "|workarea" + ;;"|[a-zA-Z0-9.]+\\.ms" ; guile can't read + ")")) + (("/bin/rm") (which "rm")) + (("/bin/ln") (which "ln")) + (("/bin/cp") (which "cp"))) + (substitute* "makefiles/installsh" + (("/bin/true") (which "true"))) + (substitute* "stex/Makefile" + (("PREFIX=/usr") (string-append "PREFIX=" out))) + (zero? (system* "./configure" "--threads" + (string-append "--installprefix=" out)))))) + ;; Installation of the documentation requires a running "chez". + (add-after 'install 'install-doc + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((bin (string-append (assoc-ref outputs "out") "/bin")) + (doc (string-append (assoc-ref outputs "doc") + "/share/doc/" ,name "-" ,version))) + (setenv "HOME" (getcwd)) + (setenv "PATH" (string-append (getenv "PATH") ":" bin)) + (with-directory-excursion "stex" + (system* "make" (string-append "BIN=" bin))) + (system* "make" "docs") + (with-directory-excursion "csug" + (substitute* "Makefile" + (("/tmp/csug9") doc) + (("^m = a6le") + "m := $(shell echo '(machine-type)' | scheme -q)")) + (system* "make" "install") + (install-file "csug.pdf" doc)) + (with-directory-excursion "release_notes" + (install-file "release_notes.pdf" doc)) + #t))) + ;; The binary file name is called "scheme" as the one from MIT/GNU + ;; Scheme. We add a symlink to use in case both are installed. + (add-after 'install 'install-symlink + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin")) + (lib (string-append out "/lib")) + (name "chez-scheme")) + (symlink (string-append bin "/scheme") + (string-append bin "/" name)) + (map (lambda (file) + (symlink file (string-append (dirname file) + "/" name ".boot"))) + (find-files lib "scheme.boot")) + #t)))))) + ;; According to the documentation MIPS is not supported. + (supported-systems (delete "mips64el-linux" %supported-systems)) + (home-page "http://www.scheme.com") + (synopsis "R6RS Scheme compiler and run-time") + (description + "Chez Scheme is a compiler and run-time system for the language of the +Revised^6 Report on Scheme (R6RS), with numerous extensions. The compiler +generates native code for each target processor, with support for x86, x86_64, +and 32-bit PowerPC architectures.") + (license asl2.0))) + (define-public scmutils (let () (define (system-suffix) diff --git a/gnu/packages/swig.scm b/gnu/packages/swig.scm index 273d0c48b1..6a66a71f1b 100644 --- a/gnu/packages/swig.scm +++ b/gnu/packages/swig.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; ;;; This file is part of GNU Guix. @@ -41,10 +41,9 @@ (base32 "0g1a69vrqxgsnr1wkx851ljn73a2x3jqzxa66s2l3w0kyblbjk4z")))) (build-system gnu-build-system) - (native-inputs `(("boost" ,boost))) - (inputs `(("pcre" ,pcre) - - ;; Provide these to run the corresponding tests. + (native-inputs `(("boost" ,boost) + ("pcre" ,pcre "bin"))) ;for 'pcre-config' + (inputs `(;; Provide these to run the corresponding tests. ("guile" ,guile-2.0) ("perl" ,perl))) ;; FIXME: reactivate input python as soon as the test failures diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm index 4921b10124..d645ef4bc1 100644 --- a/gnu/packages/texinfo.scm +++ b/gnu/packages/texinfo.scm @@ -32,14 +32,14 @@ (define-public texinfo (package (name "texinfo") - (version "6.0") + (version "6.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/texinfo/texinfo-" version ".tar.xz")) (sha256 (base32 - "1r3i6jyynn6ab45fxw5bms8mflk9ry4qpj6gqyry72vfd5c47fhi")))) + "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c")))) (build-system gnu-build-system) (native-inputs `(("procps" ,procps))) ;one of the tests needs pgrep (inputs `(("ncurses" ,ncurses) @@ -62,18 +62,6 @@ their source and the command-line Info reader. The emphasis of the language is on expressing the content semantically, avoiding physical markup commands.") (license gpl3+))) -(define-public texinfo-6.1 - (package - (inherit texinfo) - (version "6.1") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/texinfo/texinfo-" - version ".tar.xz")) - (sha256 - (base32 - "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c")))))) - (define-public texinfo-5 (package (inherit texinfo) (version "5.2") @@ -105,10 +93,10 @@ is on expressing the content semantically, avoiding physical markup commands.") ;; The idea of this package is to have the standalone Info reader without ;; the dependency on Perl that 'makeinfo' drags. (package - (inherit texinfo-6.1) + (inherit texinfo) (name "info-reader") (arguments - `(#:disallowed-references ,(assoc-ref (package-inputs texinfo-6.1) + `(#:disallowed-references ,(assoc-ref (package-inputs texinfo) "perl") #:modules ((ice-9 ftw) (srfi srfi-1) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 0add9ef96e..74cbb16ebb 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -47,7 +47,7 @@ (define-public libtasn1 (package (name "libtasn1") - (version "4.7") + (version "4.8") (source (origin (method url-fetch) @@ -55,7 +55,7 @@ version ".tar.gz")) (sha256 (base32 - "1j8iixynchziw1y39lnibyl5h81m4p78w3i4f28q2vgwjgf801x4")))) + "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "http://www.gnu.org/software/libtasn1/") @@ -65,22 +65,8 @@ for transmitting machine-neutral encodings of data objects in computer networking, allowing for formal validation of data according to some specifications.") - (replacement libtasn1/fixed) (license license:lgpl2.0+))) -(define libtasn1/fixed ;for CVE-2016-4008 - (package - (inherit libtasn1) - (source - (let ((version "4.8")) - (origin - (method url-fetch) - (uri (string-append "mirror://gnu/libtasn1/libtasn1-" - version ".tar.gz")) - (sha256 - (base32 - "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))))) - (define-public p11-kit (package (name "p11-kit") @@ -122,7 +108,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.4.7") + (version "3.5.0") (source (origin (method url-fetch) (uri @@ -133,7 +119,7 @@ living in the same process.") "/gnutls-" version ".tar.xz")) (sha256 (base32 - "0nifi3mr5jhz608pidkp8cjs4vwfj1m2qczsjrgpnp99615rxgn1")))) + "09dfb0fn4spmdja6hs2yl470fn85fx0pa5nn9njnq7j19ma3nszw")))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -183,7 +169,7 @@ living in the same process.") ("libidn" ,libidn) ("nettle" ,nettle) ("zlib" ,zlib))) - (home-page "http://www.gnu.org/software/gnutls/") + (home-page "https://www.gnu.org/software/gnutls/") (synopsis "Transport layer security library") (description "GnuTLS is a secure communications library implementing the SSL, TLS @@ -197,8 +183,7 @@ required structures.") (define-public openssl (package (name "openssl") - (version "1.0.2g") - (replacement openssl/fixed) + (version "1.0.2h") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -208,15 +193,25 @@ required structures.") "/" name "-" version ".tar.gz"))) (sha256 (base32 - "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p")) + "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch")))) + "openssl-c-rehash-in.patch" + "openssl-CVE-2016-2177.patch" + "openssl-CVE-2016-2178.patch")))) (build-system gnu-build-system) + (outputs '("out" + "doc" ;1.5MiB of man3 pages + "static")) ;6MiB of .a files (native-inputs `(("perl" ,perl))) (arguments - `(#:parallel-build? #f + `(#:disallowed-references (,perl) + #:parallel-build? #f #:parallel-tests? #f #:test-target "test" + + ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure, + ;; so we explicitly disallow it here. + #:disallowed-references ,(list (canonical-package perl)) #:phases (modify-phases %standard-phases (add-before @@ -263,6 +258,33 @@ required structures.") (find-files (string-append out "/lib") "\\.so")) #t))) + (add-after 'install 'move-static-libraries + (lambda* (#:key outputs #:allow-other-keys) + ;; Move static libraries to the "static" output. + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (static (assoc-ref outputs "static")) + (slib (string-append static "/lib"))) + (mkdir-p slib) + (for-each (lambda (file) + (install-file file slib) + (delete-file file)) + (find-files lib "\\.a$")) + #t))) + (add-after 'install 'move-man3-pages + (lambda* (#:key outputs #:allow-other-keys) + ;; Move section 3 man pages to "doc". + (let* ((out (assoc-ref outputs "out")) + (man3 (string-append out "/share/man/man3")) + (doc (assoc-ref outputs "doc")) + (target (string-append doc "/share/man/man3"))) + (mkdir-p target) + (for-each (lambda (file) + (rename-file file + (string-append target "/" + (basename file)))) + (find-files man3)) + #t))) (add-before 'patch-source-shebangs 'patch-tests (lambda* (#:key inputs native-inputs #:allow-other-keys) @@ -299,27 +321,6 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) -(define openssl/fixed - (package - (inherit openssl) - (source - (let ((name "openssl") - (version "1.0.2h")) - (origin - (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" - name "-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/" name "-" version ".tar.gz"))) - (sha256 - (base32 - "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) - (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch" - "openssl-CVE-2016-2177.patch" - "openssl-CVE-2016-2178.patch"))))))) - (define-public libressl (package (name "libressl") diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 9685317bc0..c77a7e1529 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -323,7 +323,7 @@ SMPTE 314M.") (define-public libva (package (name "libva") - (version "1.6.1") + (version "1.7.0") (source (origin (method url-fetch) @@ -331,7 +331,7 @@ SMPTE 314M.") "https://www.freedesktop.org/software/vaapi/releases/libva/libva-" version".tar.bz2")) (sha256 - (base32 "0bjfb5s8dk3lql843l91ffxzlq47isqks5sj19cxh7j3nhzw58kz")))) + (base32 "0py9igf4kicj7ji22bjawkpd6my013qpg0s4ir2np9l1rk5vr2d6")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -362,7 +362,7 @@ SMPTE 314M.") #:make-flags (list (string-append "dummy_drv_video_ladir=" (assoc-ref %outputs "out") "/lib/dri")))) - (home-page "http://www.freedesktop.org/wiki/Software/vaapi/") + (home-page "https://www.freedesktop.org/wiki/Software/vaapi/") (synopsis "Video acceleration library") (description "The main motivation for VA-API (Video Acceleration API) is to enable hardware accelerated video decode/encode at various diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 1ece2e164b..bfcba473a8 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -261,7 +261,7 @@ rasterisation.") (define-public libdrm (package (name "libdrm") - (version "2.4.65") + (version "2.4.67") (source (origin (method url-fetch) @@ -271,7 +271,7 @@ rasterisation.") ".tar.bz2")) (sha256 (base32 - "1i4n7mz49l0j4kr0dg9n1j3hlc786ncqgj0v5fci1mz7pp40m5ki")) + "1gnf206zs8dwszvkv4z2hbvh23045z0q29kms127bqrv27hp2nzf")) (patches (search-patches "libdrm-symbol-check.patch")))) (build-system gnu-build-system) (inputs diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 81a71bde6c..ef7f257139 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -4,9 +4,10 @@ ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com> +;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org> ;;; Copyright © 2016 Leo Famulari <leo@famulari.name> ;;; ;;; This file is part of GNU Guix. @@ -46,16 +47,17 @@ (define-public expat (package (name "expat") - (replacement expat/fixed) - (version "2.1.0") + (version "2.1.1") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/expat/expat/" - version "/expat-" version ".tar.gz")) + version "/expat-" version ".tar.bz2")) + (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch" + "expat-CVE-2015-1283-refix.patch" + "expat-CVE-2016-0718.patch")) (sha256 (base32 - "11pblz61zyxh68s5pdcbhc30ha1b2vfjd83aiwfg4vc15x3hadw2")) - (patches (search-patches "expat-CVE-2015-1283.patch")))) + "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg")))) (build-system gnu-build-system) (home-page "http://www.libexpat.org/") (synopsis "Stream-oriented XML parser library written in C") @@ -65,28 +67,17 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat))) -(define expat/fixed - (package - (inherit expat) - (source (origin - (inherit (package-source expat)) - (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch" - "expat-CVE-2015-1283.patch" - "expat-CVE-2015-1283-refix.patch" - "expat-CVE-2016-0718.patch")))))) - (define-public libxml2 (package (name "libxml2") - (version "2.9.3") - (replacement libxml2/fixed) ;multiple CVEs + (version "2.9.4") (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-" version ".tar.gz")) (sha256 (base32 - "0bd17g6znn2r98gzpjppsqjg33iraky4px923j3k8kdl8qgy7sad")))) + "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz")))) (build-system gnu-build-system) (home-page "http://www.xmlsoft.org/") (synopsis "C parser for XML") @@ -106,20 +97,6 @@ things the parser might find in the XML document (like start tags).") project (but it is usable outside of the Gnome platform).") (license license:x11))) -(define libxml2/fixed - (package - (inherit libxml2) - (source - (let ((name "libxml2") - (version "2.9.4")) - (origin - (method url-fetch) - (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-" - version ".tar.gz")) - (sha256 - (base32 - "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz"))))))) - (define-public python-libxml2 (package (inherit libxml2) (name "python-libxml2") @@ -153,15 +130,15 @@ project (but it is usable outside of the Gnome platform).") (define-public libxslt (package (name "libxslt") - (version "1.1.28") + (version "1.1.29") (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" version ".tar.gz")) (sha256 (base32 - "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz")) - (patches (search-patches "libxslt-CVE-2015-7995.patch")))) + "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")) + (patches (search-patches "libxslt-generated-ids.patch")))) (build-system gnu-build-system) (home-page "http://xmlsoft.org/XSLT/index.html") (synopsis "C library for applying XSLT stylesheets to XML documents") diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 46f0f6ec99..ad81f975dc 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -4281,7 +4281,30 @@ Various information is displayed depending on which options are selected.") formatted dump file, such as produced by xwd.") (license license:x11))) - +(define-public xorg-rgb + (package + (name "xorg-rgb") + (version "1.0.6") + (source + (origin + (method url-fetch) + (uri (string-append + "mirror://xorg/individual/app/rgb-" + version + ".tar.bz2")) + (sha256 + (base32 + "1c76zcjs39ljil6f6jpx1x17c8fnvwazz7zvl3vbjfcrlmm7rjmv")))) + (build-system gnu-build-system) + (inputs + `(("xproto" ,xproto))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "http://www.x.org/wiki/") + (synopsis "X color name database") + (description + "This package provides the X color name database.") + (license license:x11))) ;; packages of height 1 in the propagated-inputs tree |