diff options
Diffstat (limited to 'gnu')
42 files changed, 706 insertions, 370 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 84d6df771f..fbc5f52c9c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -782,6 +782,7 @@ dist_patch_DATA = \ %D%/packages/patches/liba52-set-soname.patch \ %D%/packages/patches/liba52-use-mtune-not-mcpu.patch \ %D%/packages/patches/libarchive-CVE-2017-14166.patch \ + %D%/packages/patches/libarchive-CVE-2017-14502.patch \ %D%/packages/patches/libbase-fix-includes.patch \ %D%/packages/patches/libbase-use-own-logging.patch \ %D%/packages/patches/libbonobo-activation-test-race.patch \ @@ -796,6 +797,7 @@ dist_patch_DATA = \ %D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \ %D%/packages/patches/libevent-2.1-dns-tests.patch \ %D%/packages/patches/libevent-2.1-skip-failing-test.patch \ + %D%/packages/patches/libexif-CVE-2017-7544.patch \ %D%/packages/patches/libgit2-0.25.1-mtime-0.patch \ %D%/packages/patches/libgdata-fix-tests.patch \ %D%/packages/patches/libgdata-glib-duplicate-tests.patch \ @@ -832,6 +834,7 @@ dist_patch_DATA = \ %D%/packages/patches/lierolibre-newer-libconfig.patch \ %D%/packages/patches/lierolibre-remove-arch-warning.patch \ %D%/packages/patches/lierolibre-try-building-other-arch.patch \ + %D%/packages/patches/links-CVE-2017-11114.patch \ %D%/packages/patches/linux-pam-no-setfsuid.patch \ %D%/packages/patches/lirc-localstatedir.patch \ %D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \ @@ -873,11 +876,7 @@ dist_patch_DATA = \ %D%/packages/patches/mozjs38-tracelogger.patch \ %D%/packages/patches/mozjs38-version-detection.patch \ %D%/packages/patches/mumps-build-parallelism.patch \ - %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \ - %D%/packages/patches/mupdf-CVE-2017-14685.patch \ - %D%/packages/patches/mupdf-CVE-2017-14686.patch \ - %D%/packages/patches/mupdf-CVE-2017-14687.patch \ - %D%/packages/patches/mupdf-CVE-2017-15587.patch \ + %D%/packages/patches/mupdf-build-with-latest-openjpeg.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/mutt-store-references.patch \ %D%/packages/patches/net-tools-bitrot.patch \ @@ -1119,6 +1118,7 @@ dist_patch_DATA = \ %D%/packages/patches/wpa-supplicant-fix-zeroed-keys.patch \ %D%/packages/patches/wpa-supplicant-fix-nonce-reuse.patch \ %D%/packages/patches/wpa-supplicant-krack-followups.patch \ + %D%/packages/patches/xboing-CVE-2004-0149.patch \ %D%/packages/patches/xcb-proto-python3-print.patch \ %D%/packages/patches/xcb-proto-python3-whitespace.patch \ %D%/packages/patches/xdotool-fix-makefile.patch \ diff --git a/gnu/packages/avr.scm b/gnu/packages/avr.scm index ecb7cd19a8..e9e93cbb9a 100644 --- a/gnu/packages/avr.scm +++ b/gnu/packages/avr.scm @@ -158,7 +158,7 @@ C++.") (native-inputs `(("unzip" ,unzip) ("xxd" ,xxd))) - (home-page "http://microscheme.org/") + (home-page "https://github.com/ryansuchocki/microscheme/") (synopsis "Scheme subset for Atmel microcontrollers") (description "Microscheme, or @code{(ms)} for short, is a functional programming diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index 28d618381f..db1af031fb 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -195,7 +195,8 @@ backups (called chunks) to allow easy burning to CD/DVD.") (method url-fetch) (uri (string-append "http://libarchive.org/downloads/libarchive-" version ".tar.gz")) - (patches (search-patches "libarchive-CVE-2017-14166.patch")) + (patches (search-patches "libarchive-CVE-2017-14166.patch" + "libarchive-CVE-2017-14502.patch")) (sha256 (base32 "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd")))) diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 479404b4a2..f956aef5af 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -5857,14 +5857,14 @@ information as possible.") (define-public r-vegan (package (name "r-vegan") - (version "2.4-4") + (version "2.4-5") (source (origin (method url-fetch) (uri (cran-uri "vegan" version)) (sha256 (base32 - "1n57dzv2aid6iqd9fkqik401sidqanhzsawyak94qbiyh6dbd1x9")))) + "0cyyvn3xsjn24w590jn6z4xajafv7yzvj6c51vqi9q6m8v5831ya")))) (build-system r-build-system) (native-inputs `(("gfortran" ,gfortran))) @@ -6025,14 +6025,14 @@ distribution.") (define-public r-dexseq (package (name "r-dexseq") - (version "1.24.1") + (version "1.24.2") (source (origin (method url-fetch) (uri (bioconductor-uri "DEXSeq" version)) (sha256 (base32 - "1hwckj4ijgpdchbakvh60nmcaz4fwd5yplhn0880z3dnlsrp8ik3")))) + "18nh8ynxirfwkmc4sawdxgl7w1sl9ny5zpv8zbhv9vi5vgb8pxmj")))) (properties `((upstream-name . "DEXSeq"))) (build-system r-build-system) (propagated-inputs @@ -6703,13 +6703,13 @@ authoring books and technical documents with R Markdown.") (define-public r-biocstyle (package (name "r-biocstyle") - (version "2.6.0") + (version "2.6.1") (source (origin (method url-fetch) (uri (bioconductor-uri "BiocStyle" version)) (sha256 (base32 - "05f2j9fx8s5gh4f8qkl6wcz32ghz04wxhqb3xxcn1bj24qd7x1x8")))) + "03pp04pkcq99kdv2spzr995h2cxsza7l6w3d4gp4112m06prcybm")))) (properties `((upstream-name . "BiocStyle"))) (build-system r-build-system) @@ -6973,13 +6973,13 @@ names in their natural, rather than lexicographic, order.") (define-public r-edger (package (name "r-edger") - (version "3.20.1") + (version "3.20.2") (source (origin (method url-fetch) (uri (bioconductor-uri "edgeR" version)) (sha256 (base32 - "01qnxwr9rmz8r5ga3hvjk632365ga2aygx71mxkk7jiad2pjznsp")))) + "0j5s3i33qmld9l7gs1rzpv601zxyqz711x8mq35hml088c8s99w9")))) (properties `((upstream-name . "edgeR"))) (build-system r-build-system) (propagated-inputs @@ -7039,13 +7039,13 @@ coding changes and predict coding outcomes.") (define-public r-limma (package (name "r-limma") - (version "3.34.2") + (version "3.34.4") (source (origin (method url-fetch) (uri (bioconductor-uri "limma" version)) (sha256 (base32 - "1zyw01z9crm1jc86fva4pqxd9zxfsbsqwjq6ry39gag9pfb7pwcz")))) + "1vcxf9jg8xngxg5kb9bp8rw5sghpnkpj320iq309m2fp41ahsk3f")))) (build-system r-build-system) (home-page "http://bioinf.wehi.edu.au/limma") (synopsis "Package for linear models for microarray and RNA-seq data") @@ -7172,18 +7172,19 @@ annotation data packages using SQLite data storage.") (define-public r-biomart (package (name "r-biomart") - (version "2.34.0") + (version "2.34.1") (source (origin (method url-fetch) (uri (bioconductor-uri "biomaRt" version)) (sha256 (base32 - "1dn3ysf0vb3mmg2b3380g0j1ajf88x4rh7fddfp990h2xlnsy2cx")))) + "0jzv8b86vpvavwnzi5xf7y18xmn72zkabkn2kclg1mgl847cq13k")))) (properties `((upstream-name . "biomaRt"))) (build-system r-build-system) (propagated-inputs `(("r-annotationdbi" ,r-annotationdbi) + ("r-httr" ,r-httr) ("r-progress" ,r-progress) ("r-rcurl" ,r-rcurl) ("r-stringr" ,r-stringr) @@ -7393,13 +7394,13 @@ alignments.") (define-public r-rtracklayer (package (name "r-rtracklayer") - (version "1.38.0") + (version "1.38.2") (source (origin (method url-fetch) (uri (bioconductor-uri "rtracklayer" version)) (sha256 (base32 - "12al1ygzy9p4myxa1fd817m28x2fj6f863znk9bw3hp7knbi98dh")))) + "1sjn3976f1sqvrq6jq2hgc60ffxgfr3jlklaxfrk3xad5cv2kr2d")))) (build-system r-build-system) (arguments `(#:phases @@ -10168,14 +10169,14 @@ defining LD blocks.") (define-public r-gqtlstats (package (name "r-gqtlstats") - (version "1.10.0") + (version "1.10.1") (source (origin (method url-fetch) (uri (bioconductor-uri "gQTLstats" version)) (sha256 (base32 - "1cbdqawxzgna8rrgj3siph5sw4d2pb57qc0gn6ibfkhyk45f8gdv")))) + "0gvq1sf2zjbkk431x40z6wql3c1rpclnnwa2f1hvykb8mmw70kmq")))) (properties `((upstream-name . "gQTLstats"))) (build-system r-build-system) (propagated-inputs @@ -10222,14 +10223,14 @@ family of feature/genome hypotheses.") (define-public r-gviz (package (name "r-gviz") - (version "1.22.0") + (version "1.22.2") (source (origin (method url-fetch) (uri (bioconductor-uri "Gviz" version)) (sha256 (base32 - "1lrw65a8426wpxw975wjcaiacpp6fqa00nif1yxigyankbfs23c8")))) + "173n99mc95sij2vb8n3xd016x7mxhjs961q3l29xkg1lrnnm2sva")))) (properties `((upstream-name . "Gviz"))) (build-system r-build-system) (propagated-inputs diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index fc3aea31fe..37a934b5a2 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -1602,7 +1602,7 @@ or junctions, and always follows hard links.") (define-public zstd (package (name "zstd") - (version "1.3.2") + (version "1.3.3") (source (origin (method url-fetch) (uri (string-append "https://github.com/facebook/zstd/archive/v" @@ -1610,7 +1610,7 @@ or junctions, and always follows hard links.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "12krs9k5f408kyn0d7dwxqyc67177mgd14783ay10rafqsim8l5c")))) + "0yr91gwi380632w9y7p6idl72svq0mq0jajvdii05pp77qalfz57")))) (build-system gnu-build-system) (arguments `(#:phases @@ -1618,7 +1618,13 @@ or junctions, and always follows hard links.") (delete 'configure)) ; no configure script #:make-flags (list "CC=gcc" - (string-append "PREFIX=" (assoc-ref %outputs "out"))) + (string-append "PREFIX=" (assoc-ref %outputs "out")) + ;; Skip auto-detection of, and creating a dependency on, the build + ;; environment's ‘xz’ for what amounts to a dubious feature anyway. + "HAVE_LZMA=0" + ;; Not currently detected, but be explicit & avoid surprises later. + "HAVE_LZ4=0" + "HAVE_ZLIB=0") #:test-target "test")) (home-page "http://zstd.net/") (synopsis "Zstandard real-time compression algorithm") diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm index e7c9c6588a..9b80b68984 100644 --- a/gnu/packages/cran.scm +++ b/gnu/packages/cran.scm @@ -541,14 +541,14 @@ plot networks.") (define-public r-proxy (package (name "r-proxy") - (version "0.4-19") + (version "0.4-20") (source (origin (method url-fetch) (uri (cran-uri "proxy" version)) (sha256 (base32 - "0ladwgi70jw2a3adgg2xadw8hz3mm6llsw428c1fcrl305sy49vb")))) + "15g6dacdmlbkcnimblscghl23aj732cn6qwbs583r4im9v5nvbla")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/proxy") (synopsis "Distance and similarity measures") @@ -1444,22 +1444,66 @@ imputations.") ;; Any of these two versions. (license (list license:gpl2 license:gpl3)))) +(define-public r-truncnorm + (package + (name "r-truncnorm") + (version "1.0-7") + (source + (origin + (method url-fetch) + (uri (cran-uri "truncnorm" version)) + (sha256 + (base32 + "1qac05z50618y4bw1d7yznsli1bv82s0g8h37iacrjrdkv87bmy7")))) + (build-system r-build-system) + (home-page "http://cran.r-project.org/web/packages/truncnorm/") + (synopsis "Truncated normal distribution") + (description "This package provides functions for the truncated normal +distribution with mean equal to @code{mean} and standard deviation equal to +@code{sd}. It includes density, distribution, quantile, and expected value +functions, as well as a random generation function.") + (license license:gpl2))) + +(define-public r-rsolnp + (package + (name "r-rsolnp") + (version "1.16") + (source + (origin + (method url-fetch) + (uri (cran-uri "Rsolnp" version)) + (sha256 + (base32 + "0w7nkj6igr0gi7r7jg950lsx7dj6aipgxi6vbjsf5f5yc9h7fhii")))) + (properties `((upstream-name . "Rsolnp"))) + (build-system r-build-system) + (propagated-inputs + `(("r-truncnorm" ,r-truncnorm))) + (home-page "http://cran.r-project.org/web/packages/Rsolnp/") + (synopsis "General non-linear optimization") + (description "The Rsolnp package implements a general non-linear augmented +Lagrange multiplier method solver, a @dfn{sequential quadratic +programming} (SQP) based solver).") + ;; Any version of the GPL. + (license license:gpl2+))) + (define-public r-hardyweinberg (package (name "r-hardyweinberg") - (version "1.5.8") + (version "1.5.9") (source (origin (method url-fetch) (uri (cran-uri "HardyWeinberg" version)) (sha256 (base32 - "0xbcchmzii0jv0ygr91n72r39j1axraxd2i607b56v4yd5d8sy4k")))) + "0qk3lly5qczn61rj0q9xzscppspvk238yjgr4p71pkzkjhiv40jz")))) (properties `((upstream-name . "HardyWeinberg"))) (build-system r-build-system) (propagated-inputs `(("r-mice" ,r-mice) - ("r-rcpp" ,r-rcpp))) + ("r-rcpp" ,r-rcpp) + ("r-rsolnp" ,r-rsolnp))) (home-page "https://cran.r-project.org/package=HardyWeinberg") (synopsis "Statistical tests and graphics for Hardy-Weinberg equilibrium") (description @@ -1620,14 +1664,14 @@ modeling for empirical income distributions.") (define-public r-vcd (package (name "r-vcd") - (version "1.4-3") + (version "1.4-4") (source (origin (method url-fetch) (uri (cran-uri "vcd" version)) (sha256 (base32 - "05azric2w8mrsdk7y0484cjygcgcmbp96q2v500wvn91fj98kkhp")))) + "1lp99h0wvsc61l1dgcqjxdrcgpgw88ak430cdsv43kmm43qssqd5")))) (build-system r-build-system) (propagated-inputs `(("r-colorspace" ,r-colorspace) @@ -1773,3 +1817,25 @@ plots in @code{ggplot2}.") distributions over time or space. This package enables the creation of such plots in @code{ggplot2}.") (license license:gpl2))) + +(define-public r-cli + (package + (name "r-cli") + (version "1.0.0") + (source + (origin + (method url-fetch) + (uri (cran-uri "cli" version)) + (sha256 + (base32 + "07as3dr7vwx02p3qgzlmxz1dlrd3x3lysrzp222ip9jcjpydp8wg")))) + (build-system r-build-system) + (propagated-inputs + `(("r-assertthat" ,r-assertthat) + ("r-crayon" ,r-crayon))) + (home-page "https://github.com/r-lib/cli#readme") + (synopsis "Helpers for developing command line interfaces") + (description "This package provides a suite of tools designed to build +attractive command line interfaces (CLIs). It includes tools for drawing +rules, boxes, trees, and Unicode symbols with ASCII alternatives.") + (license license:expat))) diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index df9eed72e8..fb129d4393 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -1072,7 +1072,8 @@ Portable Game Notation.") (uri (string-append "http://www.techrescue.org/xboing/xboing" version ".tar.gz")) (sha256 - (base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7")))) + (base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7")) + (patches (search-patches "xboing-CVE-2004-0149.patch")))) (arguments `(#:tests? #f #:phases @@ -2515,6 +2516,7 @@ emulation community. It provides highly accurate emulation.") (uri (git-reference (url "https://github.com/Aloshi/EmulationStation.git") (commit commit))) ; no version tag + (file-name (string-append name "-" version "-checkout")) (sha256 (base32 "0cm0sq2wri2l9cvab1l0g02za59q7klj0h3p028vr96n6njj4w9v")))) @@ -5136,3 +5138,47 @@ abilities and powers. With a modern graphical and customisable interface, intuitive mouse control, streamlined mechanics and deep, challenging combat, Tales of Maj’Eyal offers engaging roguelike gameplay for the 21st century.") (license license:gpl3+))) + +(define-public quakespasm + (package + (name "quakespasm") + (version "0.93.0") + (source + (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/quakespasm/Source/quakespasm-" + version ".tgz")) + (sha256 + (base32 + "0b2nz7w4za32pc34r62ql270z692qcjs2pm0i3svkxkvfammhdfq")))) + (arguments + `(#:tests? #f + #:make-flags '("CC=gcc" + "MP3LIB=mpg123" + "USE_CODEC_FLAC=1" + "USE_CODEC_MIKMOD=1" + "USE_SDL2=1" + "-CQuake") + #:phases (modify-phases %standard-phases + (delete 'configure) + (add-after 'unpack 'fix-makefile-paths + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (mkdir-p (string-append out "/bin")) + (substitute* "Quake/Makefile" + (("/usr/local/games") + (string-append out "/bin"))) + #t)))))) + (build-system gnu-build-system) + (inputs `(("libmikmod" ,libmikmod) + ("libvorbis" ,libvorbis) + ("flac" ,flac) + ("mesa" ,mesa) + ("mpg123" ,mpg123) + ("sdl2" ,sdl2))) + (synopsis "First person shooter engine for Quake 1") + (description "Quakespasm is a modern engine for id software's Quake 1. +It includes support for 64 bit CPUs, custom music playback, a new sound driver, +some graphical niceities, and numerous bug-fixes and other improvements.") + (home-page "http://quakespasm.sourceforge.net/") + (license license:gpl2+))) diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm index c820818687..b0797453fa 100644 --- a/gnu/packages/gimp.scm +++ b/gnu/packages/gimp.scm @@ -43,7 +43,7 @@ (define-public babl (package (name "babl") - (version "0.1.30") + (version "0.1.38") (source (origin (method url-fetch) (uri (list (string-append "https://download.gimp.org/pub/babl/" @@ -54,7 +54,7 @@ version ".tar.bz2"))) (sha256 (base32 - "1k2k3phh9ybma2snw6hm8inx2dw1jq6cf7w2aqvi4rfr0rxjrha5")))) + "11pfbyzq20596p9sgwraxspg3djg1jzz6wvz4bapf0yyr97jiyd0")))) (build-system gnu-build-system) (home-page "http://gegl.org/babl/") (synopsis "Image pixel format conversion library") diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index c8d494c401..bb01aac978 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -127,7 +127,7 @@ generation.") (define-public libassuan (package (name "libassuan") - (version "2.4.4") + (version "2.5.1") (source (origin (method url-fetch) @@ -135,10 +135,11 @@ generation.") version ".tar.bz2")) (sha256 (base32 - "18bwffjkx9pn0lawbsn6zhd90i7xhjgpf9b0nl5xw9134w1a2scy")))) + "0jb4nb4nrjr949gd3lw8lh4v5d6qigxaq6xwy24w5apjnhvnrya7")))) (build-system gnu-build-system) (propagated-inputs - `(("libgpg-error" ,libgpg-error) ("pth" ,pth))) + `(("libgpg-error" ,libgpg-error) + ("pth" ,pth))) (home-page "https://gnupg.org") (synopsis "IPC library used by GnuPG and related software") @@ -212,14 +213,14 @@ compatible to GNU Pth.") (define-public gnupg (package (name "gnupg") - (version "2.2.3") + (version "2.2.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnupg/gnupg-" version ".tar.bz2")) (sha256 (base32 - "1d4482c4pbi0p1k8cc0f9c4q51k56v8navrbz5samxrrs42p3lyb")))) + "1v7j8v2ww1knknbrhw3svfrqkmf9ll58iq0dczbsdpqgg1j3w6j0")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -327,7 +328,8 @@ libskba (working with X.509 certificates and CMS data).") ;; Keep the old name around to ease transition. (symlink "gpgv" "gpgv2") (symlink "gpg" "gpg2") - #t))))))))) + #t))))))) + (properties `((superseded . ,gnupg))))) (define-public gnupg-1 (package (inherit gnupg) @@ -371,10 +373,14 @@ libskba (working with X.509 certificates and CMS data).") ;; Needs to be propagated because gpgme.h includes gpg-error.h. `(("libgpg-error" ,libgpg-error))) (inputs - `(("gnupg" ,gnupg-2.0) + `(("gnupg" ,gnupg) ("libassuan" ,libassuan))) (arguments - `(#:phases + `(#:configure-flags + (list (string-append "--enable-fixed-path=" + (assoc-ref %build-inputs "gnupg") + "/bin")) + #:phases (modify-phases %standard-phases (add-after 'configure 'patch-cmake-file (lambda _ @@ -478,9 +484,10 @@ distributed separately.") (lambda _ (zero? (system* "make" "check"))))))) (build-system python-build-system) + (native-inputs + `(("gnupg" ,gnupg-1))) (inputs - `(("gnupg" ,gnupg-2.0) - ("gpgme" ,gpgme))) + `(("gpgme" ,gpgme))) (home-page "https://launchpad.net/pygpgme") (synopsis "Python module for working with OpenPGP messages") (description @@ -714,14 +721,14 @@ including tools for signing keys, keyring analysis, and party preparation. (define-public pinentry-tty (package (name "pinentry-tty") - (version "1.0.0") + (version "1.1.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/pinentry/pinentry-" version ".tar.bz2")) (sha256 (base32 - "0ni7g4plq6x78p32al7m8h2zsakvg1rhfz0qbc3kdc7yq7nw4whn")))) + "0w35ypl960pczg5kp6km3dyr000m1hf0vpwwlh72jjkjza36c1v8")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--enable-pinentry-tty"))) diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index ac9fca8600..29ce574197 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -46,14 +46,14 @@ ;; The 7 release series has an incompatible API, while the 6 series is still ;; maintained. Don't update to 7 until we've made sure that the ImageMagick ;; users are ready for the 7-series API. - (version "6.9.9-23") + (version "6.9.9-27") (source (origin (method url-fetch) (uri (string-append "mirror://imagemagick/ImageMagick-" version ".tar.xz")) (sha256 (base32 - "0cd6zcbcfvznf0i3q4xz1c4wm4cfplg4zc466lvlb1w8qbn25948")))) + "0z71az1bfar1r6mm3ijxbci0vb1ri66ypaals8wb17h1d85hkl17")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch") diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm index fbcc0b6f1b..ec329ade7e 100644 --- a/gnu/packages/irc.scm +++ b/gnu/packages/irc.scm @@ -153,18 +153,21 @@ SILC and ICB protocols via plugins.") (define-public weechat (package (name "weechat") - (version "2.0") + (version "2.0.1") (source (origin (method url-fetch) (uri (string-append "https://weechat.org/files/src/weechat-" version ".tar.xz")) (sha256 (base32 - "1ix2izrlr5jx5vl49kz9jbib7cq9mr6i7iyxkcz6xjfrryx2s5x9")) + "1l854dramvn9vfba7jpazkjwm4k4i5pshq58vjv6z2mxmcp5hhv9")) (patches (search-patches "weechat-python.patch")))) (build-system cmake-build-system) - (native-inputs `(("gettext" ,gettext-minimal) - ("pkg-config" ,pkg-config))) + (native-inputs + `(("gettext" ,gettext-minimal) + ("pkg-config" ,pkg-config) + ;; For tests. + ("cpputest" ,cpputest))) (inputs `(("ncurses" ,ncurses) ("libgcrypt" ,libgcrypt "out") ("zlib" ,zlib) @@ -177,15 +180,30 @@ SILC and ICB protocols via plugins.") ("perl" ,perl) ("tcl" ,tcl))) (arguments - `(#:tests? #f ; tests require cpputime - #:phases (modify-phases %standard-phases - (add-after 'install 'wrap - (lambda* (#:key inputs outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out")) - (py2 (assoc-ref inputs "python"))) - (wrap-program (string-append out "/bin/weechat") - `("PATH" ":" prefix (,(string-append py2 "/bin")))) - #t)))))) + `(#:configure-flags + (list "-DENABLE_TESTS=ON") ; ‘make test’ fails otherwise + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'disable-failing-tests + ;; For reasons best left to the imagination, CppUTest cannot skip + ;; more than one single test... Resort to manual patching instead. + ;; See <https://cpputest.github.io/manual.html#command_line>. + (λ _ + ;; Don't test plugin support for languages we don't enable. + (substitute* "tests/unit/test-plugins.cpp" + ((".*\\$\\{plugin.name\\} == (javascript|php|ruby)" all) + (string-append "// SKIP" all))) + (substitute* "tests/scripts/test-scripts.cpp" + ((".*\\{ \"(jvascript|php|ruby)\", " all) ; sic + (string-append "// SKIP" all))) + #t)) + (add-after 'install 'wrap + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (py2 (assoc-ref inputs "python"))) + (wrap-program (string-append out "/bin/weechat") + `("PATH" ":" prefix (,(string-append py2 "/bin")))) + #t)))))) (synopsis "Extensible chat client") (description "WeeChat (Wee Enhanced Environment for Chat) is an @dfn{Internet Relay Chat} (IRC) client, which is designed to be light and fast. diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index f2336093d9..a2e8dc287e 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -370,8 +370,8 @@ It has been modified to remove all non-free binary blobs.") (define %intel-compatible-systems '("x86_64-linux" "i686-linux")) (define %linux-compatible-systems '("x86_64-linux" "i686-linux" "armhf-linux")) -(define %linux-libre-version "4.14.6") -(define %linux-libre-hash "0q6dl2shkj5dkf0wgzgfyaq0axk97w05j618xi619y9xqph4ql79") +(define %linux-libre-version "4.14.8") +(define %linux-libre-hash "0y8nggpdgfqfx6dy5k39vj552k5mxamwjn6mldwrhs2aqpsrbwr3") ;; linux-libre configuration for armhf-linux is derived from Debian armmp. It ;; supports qemu "virt" machine and possibly a large number of ARM boards. @@ -384,14 +384,14 @@ It has been modified to remove all non-free binary blobs.") #:configuration-file kernel-config)) (define-public linux-libre-4.9 - (make-linux-libre "4.9.69" - "0xkqbh8fpx47appszjbxzljr6vr0wyk0fphlkynpcrmingk4b98j" + (make-linux-libre "4.9.71" + "0z4m77zbndlqy43bgl1xhklpjilbvrhbfbcppc55z3f61qwjf0mc" %intel-compatible-systems #:configuration-file kernel-config)) (define-public linux-libre-4.4 - (make-linux-libre "4.4.105" - "177qvci7wfrc23vi11bnyayfivxf6d8hankgrzv26jr3z6j0rall" + (make-linux-libre "4.4.107" + "0pfzv15c1qj7a77n8cdmsi77yhlbzv35y7qa03j0b96ajwjsclsp" %intel-compatible-systems #:configuration-file kernel-config)) @@ -3397,16 +3397,30 @@ The following service daemons are also provided: (define-public rng-tools (package (name "rng-tools") - (version "5") + (version "6.1") (source (origin (method url-fetch) - (uri (string-append - "http://downloads.sourceforge.net/sourceforge/gkernel/" - "rng-tools-" version ".tar.gz")) + (uri (string-append "https://github.com/nhorman/rng-tools/" + "archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "13h7lc8wl9khhvkr0i3bl5j9bapf8anhqis1lcnwxg1vc2v058b0")))) + "00ywsknjpc9jd9kfmz2syk9l0xkiiwyx5qhl5zvhhc69v6682i31")))) (build-system gnu-build-system) + (arguments + `(;; Avoid using OpenSSL, curl, and libxml2, reducing the closure by 166 MiB. + #:configure-flags '("--without-nistbeacon") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'bootstrap + (lambda _ + (zero? (system* "sh" "autogen.sh"))))))) + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("pkg-config" ,pkg-config))) + (inputs + `(("libsysfs" ,sysfsutils))) (synopsis "Random number generator daemon") (description "Monitor a hardware random number generator, and supply entropy diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index 0423dd7c56..6aedcf7c3a 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -1049,7 +1049,7 @@ delivery.") (define-public exim (package (name "exim") - (version "4.89.1") + (version "4.90") (source (origin (method url-fetch) @@ -1059,7 +1059,7 @@ delivery.") version ".tar.bz2"))) (sha256 (base32 - "133sjkcm9wlhpcxflr5v865varc1995bqa1y3vjs1w6zc34kp18w")))) + "1cmx2648zhpsc4pznky7qsqbjazd3wn4gpslbl30j56cv1m6rb3x")))) (build-system gnu-build-system) (inputs `(("bdb" ,bdb) diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 22d11302a5..11213bea94 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -2482,7 +2482,7 @@ point numbers.") (define-public wxmaxima (package (name "wxmaxima") - (version "17.05.1") + (version "17.10.1") (source (origin (method url-fetch) @@ -2491,7 +2491,7 @@ point numbers.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0dv0cy0cf46v0cbw32izscpkdmpxg1qhwq1f4cz46kkqd8k4yfbj")))) + "0qlzc31cqkwpfgrb9cif9bcnkj3rq487plg4rns7jxv6pq4609v1")))) (build-system gnu-build-system) (native-inputs `(("autoconf" ,autoconf) diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm index 1780536d05..8b3bf5cf68 100644 --- a/gnu/packages/messaging.scm +++ b/gnu/packages/messaging.scm @@ -493,14 +493,14 @@ simultaneously and therefore appear under the same nickname on IRC.") (define-public python-nbxmpp (package (name "python-nbxmpp") - (version "0.5.5") + (version "0.6.1") (source (origin (method url-fetch) (uri (pypi-uri "nbxmpp" version)) (sha256 (base32 - "1gnzrzrdl4nii1sc5x8p5iw2ya5sl70j3nn34abqsny51p2pzmv6")))) + "0qvkiscy42nhzhccszi049ws8cnhpxgc13g8naq1rsa5x9zy163c")))) (build-system python-build-system) (arguments `(#:tests? #f)) ; no tests @@ -518,7 +518,7 @@ was initially a fork of xmpppy, but uses non-blocking sockets.") (define-public gajim (package (name "gajim") - (version "0.16.8") + (version "0.16.9") (source (origin (method url-fetch) (uri (string-append "https://gajim.org/downloads/" @@ -526,7 +526,7 @@ was initially a fork of xmpppy, but uses non-blocking sockets.") "/gajim-" version ".tar.bz2")) (sha256 (base32 - "0ckakdjg30fsyjsgyy2573x9nmjivdg76y049l86wns5axw8im26")))) + "0v08zdvpqaig0wxpxn1l8rsj3wr3fqvnagn8cnvch17vfqv9gcr1")))) (build-system gnu-build-system) (arguments `(#:phases @@ -568,8 +568,8 @@ end-to-end encryption support; XML console.") (define-public dino ;; The only release tarball is for version 0.0, but it is very old and fails ;; to build. - (let ((commit "2a514d0969f5c25d5e2d14421125a47df6b14974") - (revision "2")) + (let ((commit "f25fadde2d6c9492b9cafe2cddbcc7b966942e47") + (revision "3")) (package (name "dino") (version (string-append "0.0-" revision "." (string-take commit 9))) @@ -581,7 +581,7 @@ end-to-end encryption support; XML console.") (file-name (string-append name "-" version "-checkout")) (sha256 (base32 - "0v9fqikxvamdw7bxbwc4s01x0vf30vl77149y16krijaqnq6kzv0")))) + "1nhzrw3pbpybn9qclckk6z427vbgnqd0y1l63zd1rfw4zw099mzs")))) (build-system cmake-build-system) (arguments `(#:tests? #f ; there are no tests diff --git a/gnu/packages/mpd.scm b/gnu/packages/mpd.scm index 74b53afce1..e6bc2b4e71 100644 --- a/gnu/packages/mpd.scm +++ b/gnu/packages/mpd.scm @@ -76,7 +76,7 @@ interfacing MPD in the C, C++ & Objective C languages.") (define-public mpd (package (name "mpd") - (version "0.20.12") + (version "0.20.13") (source (origin (method url-fetch) (uri @@ -85,7 +85,7 @@ interfacing MPD in the C, C++ & Objective C languages.") "/mpd-" version ".tar.xz")) (sha256 (base32 - "02gpfkki61c24hphaas9pb29wpvd0pbmwdqrpn8wi1gv103aqng1")))) + "0h7z90dnpwlyad4kfi1ja9v9vzqic0xg93iy4q0dwlhav0scbha6")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 7aeb4967bf..633708a6f5 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -757,14 +757,14 @@ written entirely in Python."))) (define-public gwl (package (name "gwl") - (version "0.1.0") + (version "0.1.1") (source (origin (method url-fetch) (uri (string-append "https://www.guixwl.org/releases/gwl-" version ".tar.gz")) (sha256 (base32 - "1x4swwp7kmhd57j3scii5c4h8swkcvab2r6mz7wxwwbx300wcqpy")))) + "06pm967mq1wyggx7l0nfapw5s0k5qc5r9lawk2v3db868br779a7")))) (build-system gnu-build-system) (native-inputs `(("autoconf" ,autoconf) diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index d83c2449e1..07197de0d5 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -88,7 +88,7 @@ human.") (define-public keepassxc (package (name "keepassxc") - (version "2.2.2") + (version "2.2.4") (source (origin (method url-fetch) @@ -97,7 +97,7 @@ human.") version "-src.tar.xz")) (sha256 (base32 - "0wrl8kxb16wzdgfjj057yv18cfg0b8z8lxp1fl2q8fkdgr7phm9g")))) + "1pfkq1m5vb90kx67vyw70s1hc4ivjsvq2535vm6wdwwsncna6bz5")))) (build-system cmake-build-system) (inputs `(("libgcrypt" ,libgcrypt) diff --git a/gnu/packages/patches/libarchive-CVE-2017-14502.patch b/gnu/packages/patches/libarchive-CVE-2017-14502.patch new file mode 100644 index 0000000000..8e0508afb5 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2017-14502.patch @@ -0,0 +1,40 @@ +Fix CVE-2017-14502: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502 +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573 + +Patch copied from upstream source repository: + +https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6 + +From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001 +From: Joerg Sonnenberger <joerg@bec.de> +Date: Sat, 9 Sep 2017 17:47:32 +0200 +Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR + archives. + +Reported-By: OSS-Fuzz issue 573 +--- + libarchive/archive_read_support_format_rar.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index cbb14c32..751de697 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry, + return (ARCHIVE_FATAL); + } + filename[filename_size++] = '\0'; +- filename[filename_size++] = '\0'; ++ /* ++ * Do not increment filename_size here as the computations below ++ * add the space for the terminating NUL explicitly. ++ */ ++ filename[filename_size] = '\0'; + + /* Decoded unicode form is UTF-16BE, so we have to update a string + * conversion object for it. */ +-- +2.15.1 + diff --git a/gnu/packages/patches/libexif-CVE-2017-7544.patch b/gnu/packages/patches/libexif-CVE-2017-7544.patch new file mode 100644 index 0000000000..c4ea373dc5 --- /dev/null +++ b/gnu/packages/patches/libexif-CVE-2017-7544.patch @@ -0,0 +1,29 @@ +Fix CVE-2017-7544: + +https://sourceforge.net/p/libexif/bugs/130/ +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544 + +Patch copied from upstream bug tracker: + +https://sourceforge.net/p/libexif/bugs/130/#489a + +Index: libexif/exif-data.c +=================================================================== +RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v +retrieving revision 1.131 +diff -u -r1.131 exif-data.c +--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131 ++++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000 +@@ -255,6 +255,12 @@ + exif_mnote_data_set_offset (data->priv->md, *ds - 6); + exif_mnote_data_save (data->priv->md, &e->data, &e->size); + e->components = e->size; ++ if (exif_format_get_size (e->format) != 1) { ++ /* e->format is taken from input code, ++ * but we need to make sure it is a 1 byte ++ * entity due to the multiplication below. */ ++ e->format = EXIF_FORMAT_UNDEFINED; ++ } + } + } + diff --git a/gnu/packages/patches/links-CVE-2017-11114.patch b/gnu/packages/patches/links-CVE-2017-11114.patch new file mode 100644 index 0000000000..c5ac9884b5 --- /dev/null +++ b/gnu/packages/patches/links-CVE-2017-11114.patch @@ -0,0 +1,99 @@ +Fix CVE-2017-11114: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114 +http://seclists.org/fulldisclosure/2017/Jul/76 + +Patch copied from Debian: + +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12 + +Origin: upstream, commit: fee5dca79a93a37024e494b985386a5fe60bc1b7 +Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12 +Author: Mikulas Patocka <mikulas@twibright.com> +Date: Wed Aug 2 20:13:29 2017 +0200 +Subject: Fix read out of memory in case of corrupted UTF-8 data + +--- + charsets.c | 37 +------------------------------------ + links.h | 9 ++++----- + 2 files changed, 5 insertions(+), 41 deletions(-) + +Index: links-2.14/charsets.c +=================================================================== +--- links-2.14.orig/charsets.c ++++ links-2.14/charsets.c +@@ -215,41 +215,6 @@ static struct conv_table *get_translatio + return utf_table; + } + +-unsigned short int utf8_2_uni_table[0x200] = { +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 0, 0, 0, 192, 0, +- 0, 0, 256, 0, 0, 0, 320, 0, 0, 0, 384, 0, 0, 0, 448, 0, +- 0, 0, 512, 0, 0, 0, 576, 0, 0, 0, 640, 0, 0, 0, 704, 0, +- 0, 0, 768, 0, 0, 0, 832, 0, 0, 0, 896, 0, 0, 0, 960, 0, +- 0, 0, 1024, 0, 0, 0, 1088, 0, 0, 0, 1152, 0, 0, 0, 1216, 0, +- 0, 0, 1280, 0, 0, 0, 1344, 0, 0, 0, 1408, 0, 0, 0, 1472, 0, +- 0, 0, 1536, 0, 0, 0, 1600, 0, 0, 0, 1664, 0, 0, 0, 1728, 0, +- 0, 0, 1792, 0, 0, 0, 1856, 0, 0, 0, 1920, 0, 0, 0, 1984, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +-}; +- + unsigned char utf_8_1[256] = { + 6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, +@@ -269,7 +234,7 @@ unsigned char utf_8_1[256] = { + 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 6, 6, + }; + +-static_const unsigned min_utf_8[9] = { ++static_const unsigned min_utf_8[8] = { + 0, 0x4000000, 0x200000, 0x10000, 0x800, 0x80, 0x100, 0x1, + }; + +Index: links-2.14/links.h +=================================================================== +--- links-2.14.orig/links.h ++++ links-2.14/links.h +@@ -3906,15 +3906,14 @@ unsigned char *cp_strchr(int charset, un + void init_charset(void); + + unsigned get_utf_8(unsigned char **p); +-extern unsigned short int utf8_2_uni_table[0x200]; + #define GET_UTF_8(s, c) \ + do { \ + if ((unsigned char)(s)[0] < 0x80) \ + (c) = (s)++[0]; \ +- else if (((c) = utf8_2_uni_table[((unsigned char)(s)[0] << 2) + \ +- ((unsigned char)(s)[1] >> 6) - 0x200])) \ +- (c) += (unsigned char)(s)[1] & 0x3f, (s) += 2; \ +- else \ ++ else if ((unsigned char)(s)[0] >= 0xc2 && (unsigned char)(s)[0] < 0xe0 &&\ ++ ((unsigned char)(s)[1] & 0xc0) == 0x80) { \ ++ (c) = (unsigned char)(s)[0] * 0x40 + (unsigned char)(s)[1], (c) -= 0x3080, (s) += 2;\ ++ } else \ + (c) = get_utf_8(&(s)); \ + } while (0) + #define FWD_UTF_8(s) \ diff --git a/gnu/packages/patches/mupdf-CVE-2017-14685.patch b/gnu/packages/patches/mupdf-CVE-2017-14685.patch deleted file mode 100644 index 3fcce5fedf..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-14685.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2017-14685: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685 - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a - -From ab1a420613dec93c686acbee2c165274e922f82a Mon Sep 17 00:00:00 2001 -From: Tor Andersson <tor.andersson@artifex.com> -Date: Tue, 19 Sep 2017 15:23:04 +0200 -Subject: [PATCH] Fix 698539: Don't use xps font if it could not be loaded. - -xps_load_links_in_glyphs did not cope with font loading failures. ---- - source/xps/xps-link.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c -index c07e0d7..c26a8d9 100644 ---- a/source/xps/xps-link.c -+++ b/source/xps/xps-link.c -@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ct - bidi_level = atoi(bidi_level_att); - - font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, style_att); -+ if (!font) -+ return; - text = xps_parse_glyphs_imp(ctx, doc, &local_ctm, font, fz_atof(font_size_att), - fz_atof(origin_x_att), fz_atof(origin_y_att), - is_sideways, bidi_level, indices_att, unicode_att); --- -2.9.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2017-14686.patch b/gnu/packages/patches/mupdf-CVE-2017-14686.patch deleted file mode 100644 index e462a6ffeb..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-14686.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2017-14686: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686 - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 - -From 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 Mon Sep 17 00:00:00 2001 -From: Tor Andersson <tor.andersson@artifex.com> -Date: Tue, 19 Sep 2017 16:33:38 +0200 -Subject: [PATCH] Fix 698540: Check name, comment and meta size field signs. - ---- - source/fitz/unzip.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c -index f2d4f32..0bcce0f 100644 ---- a/source/fitz/unzip.c -+++ b/source/fitz/unzip.c -@@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, fz_zip_archive *zip, int start_off - (void) fz_read_int32_le(ctx, file); /* ext file atts */ - offset = fz_read_int32_le(ctx, file); - -+ if (namesize < 0 || metasize < 0 || commentsize < 0) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip entry"); -+ - name = fz_malloc(ctx, namesize + 1); - n = fz_read(ctx, file, (unsigned char*)name, namesize); - if (n < (size_t)namesize) --- -2.9.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2017-14687.patch b/gnu/packages/patches/mupdf-CVE-2017-14687.patch deleted file mode 100644 index cdc41df813..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-14687.patch +++ /dev/null @@ -1,130 +0,0 @@ -Fix CVE-2017-14687: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687 - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 - -From 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 Mon Sep 17 00:00:00 2001 -From: Tor Andersson <tor.andersson@artifex.com> -Date: Tue, 19 Sep 2017 17:17:12 +0200 -Subject: [PATCH] Fix 698558: Handle non-tags in tag name comparisons. - -Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom. ---- - source/html/css-apply.c | 2 +- - source/svg/svg-run.c | 2 +- - source/xps/xps-common.c | 6 +++--- - source/xps/xps-glyphs.c | 2 +- - source/xps/xps-path.c | 4 ++-- - source/xps/xps-resource.c | 2 +- - 6 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/source/html/css-apply.c b/source/html/css-apply.c -index de55490..6a91df0 100644 ---- a/source/html/css-apply.c -+++ b/source/html/css-apply.c -@@ -328,7 +328,7 @@ match_selector(fz_css_selector *sel, fz_xml *node) - - if (sel->name) - { -- if (strcmp(sel->name, fz_xml_tag(node))) -+ if (!fz_xml_is_tag(node, sel->name)) - return 0; - } - -diff --git a/source/svg/svg-run.c b/source/svg/svg-run.c -index f974c67..5302c64 100644 ---- a/source/svg/svg-run.c -+++ b/source/svg/svg-run.c -@@ -1044,7 +1044,7 @@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co - fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1); - if (linked) - { -- if (!strcmp(fz_xml_tag(linked), "symbol")) -+ if (fz_xml_is_tag(linked, "symbol")) - svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state); - else - svg_run_element(ctx, dev, doc, linked, &local_state); -diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c -index cc7fed9..f2f9b93 100644 ---- a/source/xps/xps-common.c -+++ b/source/xps/xps-common.c -@@ -47,7 +47,7 @@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const - else if (fz_xml_is_tag(node, "RadialGradientBrush")) - xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node); - else -- fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node)); -+ fz_warn(ctx, "unknown brush tag"); - } - - void -@@ -85,7 +85,7 @@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons - if (opacity_att) - opacity = fz_atof(opacity_att); - -- if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush")) -+ if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush")) - { - char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity"); - char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color"); -@@ -129,7 +129,7 @@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource - - if (opacity_mask_tag) - { -- if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush")) -+ if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush")) - fz_pop_clip(ctx, dev); - } - } -diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c -index 29dc5b3..5b26d78 100644 ---- a/source/xps/xps-glyphs.c -+++ b/source/xps/xps-glyphs.c -@@ -592,7 +592,7 @@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, - - /* If it's a solid color brush fill/stroke do a simple fill */ - -- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush")) -+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush")) - { - fill_opacity_att = fz_xml_att(fill_tag, "Opacity"); - fill_att = fz_xml_att(fill_tag, "Color"); -diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c -index 6faeb0c..021d202 100644 ---- a/source/xps/xps-path.c -+++ b/source/xps/xps-path.c -@@ -879,14 +879,14 @@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b - if (!data_att && !data_tag) - return; - -- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush")) -+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush")) - { - fill_opacity_att = fz_xml_att(fill_tag, "Opacity"); - fill_att = fz_xml_att(fill_tag, "Color"); - fill_tag = NULL; - } - -- if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush")) -+ if (fz_xml_is_tag(stroke_tag, "SolidColorBrush")) - { - stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity"); - stroke_att = fz_xml_att(stroke_tag, "Color"); -diff --git a/source/xps/xps-resource.c b/source/xps/xps-resource.c -index c2292e6..8e81ab8 100644 ---- a/source/xps/xps-resource.c -+++ b/source/xps/xps-resource.c -@@ -84,7 +84,7 @@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b - if (!xml) - return NULL; - -- if (strcmp(fz_xml_tag(xml), "ResourceDictionary")) -+ if (!fz_xml_is_tag(xml, "ResourceDictionary")) - { - fz_drop_xml(ctx, xml); - fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element"); --- -2.9.1 - diff --git a/gnu/packages/patches/mupdf-CVE-2017-15587.patch b/gnu/packages/patches/mupdf-CVE-2017-15587.patch deleted file mode 100644 index 7d24666756..0000000000 --- a/gnu/packages/patches/mupdf-CVE-2017-15587.patch +++ /dev/null @@ -1,25 +0,0 @@ -Fix CVE-2017-15587. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587 -https://nandynarwhals.org/CVE-2017-15587/ - -This patch is these two upstream commits squashed together: -<https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8> -<https://git.ghostscript.com/?p=mupdf.git;h=d18bc728e46c5a5708f14d27c2b6c44e1d0c3232> - -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 66bd0ed8..89499e61 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz - pdf_xref_entry *table; - int i, n; - -- if (i0 < 0 || i1 < 0) -+ if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1) - fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index"); - //if (i0 + i1 > pdf_xref_len(ctx, doc)) - // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries"); --- -2.15.0 - diff --git a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch index 0b5b735ff3..d5c9c60242 100644 --- a/gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch +++ b/gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch @@ -1,4 +1,4 @@ -Make it possible to build MuPDF with OpenJPEG 2.1, which is the latest +Make it possible to build MuPDF with OpenJPEG 2.3, which is the latest release series and contains many important bug fixes. Patch adapted from Debian: @@ -10,16 +10,16 @@ And related to this upstream commit: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c -index 6b92e5c..72dea50 100644 +index 65699ba..ea84778 100644 --- a/source/fitz/load-jpx.c +++ b/source/fitz/load-jpx.c -@@ -444,11 +444,6 @@ +@@ -445,11 +445,6 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w #else /* HAVE_LURATECH */ -#define OPJ_STATIC -#define OPJ_HAVE_INTTYPES_H --#if !defined(_WIN32) && !defined(_WIN64) +-#if !defined(_MSC_VER) || _MSC_VER >= 1600 -#define OPJ_HAVE_STDINT_H -#endif #define USE_JPIP diff --git a/gnu/packages/patches/xboing-CVE-2004-0149.patch b/gnu/packages/patches/xboing-CVE-2004-0149.patch new file mode 100644 index 0000000000..b40146b434 --- /dev/null +++ b/gnu/packages/patches/xboing-CVE-2004-0149.patch @@ -0,0 +1,134 @@ +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0149 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174924 +--- + demo.c | 2 +- + editor.c | 12 ++++++------ + file.c | 2 +- + highscore.c | 6 +++--- + misc.c | 2 +- + preview.c | 2 +- + 6 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/demo.c b/demo.c +index 9084e70..f4fc2cd 100644 +--- a/demo.c ++++ b/demo.c +@@ -154,7 +154,7 @@ static void DoBlocks(display, window) + + /* Construct the demo level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/demo.data", str); ++ snprintf(levelPath, sizeof(levelPath),"%s/demo.data", str); + else + sprintf(levelPath, "%s/demo.data", LEVEL_INSTALL_DIR); + +diff --git a/editor.c b/editor.c +index f2bb9ed..66d0679 100644 +--- a/editor.c ++++ b/editor.c +@@ -213,7 +213,7 @@ static void DoLoadLevel(display, window) + + /* Construct the Edit level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/editor.data", str); ++ snprintf(levelPath,sizeof(levelPath)-1, "%s/editor.data", str); + else + sprintf(levelPath, "%s/editor.data", LEVEL_INSTALL_DIR); + +@@ -958,8 +958,8 @@ static void LoadALevel(display) + if ((num > 0) && (num <= MAX_NUM_LEVELS)) + { + /* Construct the Edit level filename */ +- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num); ++ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) ++ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num); + else + sprintf(levelPath, "%s/level%02ld.data", + LEVEL_INSTALL_DIR, (u_long) num); +@@ -1017,9 +1017,9 @@ static void SaveALevel(display) + num = atoi(str); + if ((num > 0) && (num <= MAX_NUM_LEVELS)) + { +- /* Construct the Edit level filename */ +- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num); ++ /* Construct the Edit level filename */ ++ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL) ++ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num); + else + sprintf(levelPath, "%s/level%02ld.data", + LEVEL_INSTALL_DIR, (u_long) num); +diff --git a/file.c b/file.c +index 4c043cd..99a0854 100644 +--- a/file.c ++++ b/file.c +@@ -139,7 +139,7 @@ void SetupStage(display, window) + + /* Construct the level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02ld.data", str, newLevel); ++ snprintf(levelPath,sizeof(levelPath), "%s/level%02ld.data", str, newLevel); + else + sprintf(levelPath, "%s/level%02ld.data", LEVEL_INSTALL_DIR, newLevel); + +diff --git a/highscore.c b/highscore.c +index f0db3e9..792273e 100644 +--- a/highscore.c ++++ b/highscore.c +@@ -1023,7 +1023,7 @@ int ReadHighScoreTable(type) + { + /* Use the environment variable if it exists */ + if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); ++ strncpy(filename, str, sizeof(filename)-1); + else + strcpy(filename, HIGH_SCORE_FILE); + } +@@ -1095,7 +1095,7 @@ int WriteHighScoreTable(type) + { + /* Use the environment variable if it exists */ + if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); ++ strncpy(filename, str, sizeof(filename)-1); + else + strcpy(filename, HIGH_SCORE_FILE); + } +@@ -1218,7 +1218,7 @@ static int LockUnlock(cmd) + + /* Use the environment variable if it exists */ + if ((str = getenv("XBOING_SCORE_FILE")) != NULL) +- strcpy(filename, str); ++ strncpy(filename, str, sizeof(filename)-1); + else + strcpy(filename, HIGH_SCORE_FILE); + +diff --git a/misc.c b/misc.c +index f3ab37e..7f3ddce 100644 +--- a/misc.c ++++ b/misc.c +@@ -427,7 +427,7 @@ char *GetHomeDir() + */ + + if ((ptr = getenv("HOME")) != NULL) +- (void) strcpy(dest, ptr); ++ (void) strncpy(dest, ptr,sizeof(dest)-1); + else + { + /* HOME variable is not present so get USER var */ +diff --git a/preview.c b/preview.c +index 41c1187..687f566 100644 +--- a/preview.c ++++ b/preview.c +@@ -139,7 +139,7 @@ static void DoLoadLevel(display, window) + + /* Construct the Preview level filename */ + if ((str = getenv("XBOING_LEVELS_DIR")) != NULL) +- sprintf(levelPath, "%s/level%02d.data", str, lnum); ++ snprintf(levelPath, sizeof(levelPath)-1, "%s/level%02d.data", str, lnum); + else + sprintf(levelPath, "%s/level%02d.data", LEVEL_INSTALL_DIR, lnum); + +-- +2.15.1 + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 43c832c6dd..6f5df68ece 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -555,25 +555,22 @@ extracting content or merging files.") (define-public mupdf (package (name "mupdf") - (version "1.11") + (version "1.12.0") (source (origin (method url-fetch) (uri (string-append "https://mupdf.com/downloads/archive/" - name "-" version "-source.tar.gz")) + name "-" version "-source.tar.xz")) + (patches (search-patches "mupdf-build-with-latest-openjpeg.patch")) (sha256 (base32 - "02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510")) - (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch" - "mupdf-CVE-2017-14685.patch" - "mupdf-CVE-2017-14686.patch" - "mupdf-CVE-2017-14687.patch" - "mupdf-CVE-2017-15587.patch")) + "0b9j0gqbc3jhmx87r6idcsh8lnb30840c3hyx6dk2gdjqqh3hysp")) (modules '((guix build utils))) (snippet '(delete-file-recursively "thirdparty")))) (build-system gnu-build-system) (inputs `(("curl" ,curl) + ("freeglut" ,freeglut) ("freetype" ,freetype) ("harfbuzz" ,harfbuzz) ("jbig2dec" ,jbig2dec) diff --git a/gnu/packages/perl-check.scm b/gnu/packages/perl-check.scm index b1d1f08150..5df2940bd6 100644 --- a/gnu/packages/perl-check.scm +++ b/gnu/packages/perl-check.scm @@ -869,6 +869,30 @@ checks for pod coverage of all appropriate files.") If this fails, then rather than failing tests this skips all tests.") (license perl-license))) +(define-public perl-test-requiresinternet + (package + (name "perl-test-requiresinternet") + (version "0.05") + (source + (origin + (method url-fetch) + (uri (string-append + "mirror://cpan/authors/id/M/MA/MALLEN/Test-RequiresInternet-" + version + ".tar.gz")) + (sha256 + (base32 + "0gl33vpj9bb78pzyijp884b66sbw6jkh1ci0xki8rmf03hmb79xv")))) + (build-system perl-build-system) + (home-page "http://search.cpan.org/dist/Test-RequiresInternet/") + (synopsis "Easily test network connectivity when running tests") + (description + "This Perl module is intended to easily test network connectivity to +non-local Internet resources before functional tests begin. If the sockets +cannot connect to the specified hosts and ports, the exception is caught and +reported, and the tests skipped.") + (license perl-license))) + (define-public perl-test-script (package (name "perl-test-script") diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm index 94174cc392..8c3f34ea6b 100644 --- a/gnu/packages/photo.scm +++ b/gnu/packages/photo.scm @@ -28,6 +28,7 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix utils) + #:use-module (gnu packages) #:use-module (gnu packages algebra) #:use-module (gnu packages autotools) #:use-module (gnu packages base) @@ -89,6 +90,7 @@ cameras (CRW/CR2, NEF, RAF, DNG, and others).") (method url-fetch) (uri (string-append "mirror://sourceforge/libexif/libexif/" version "/libexif-" version ".tar.bz2")) + (patches (search-patches "libexif-CVE-2017-7544.patch")) (sha256 (base32 "06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n")))) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 37aa43e2c4..b2a2d84d00 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -12045,3 +12045,30 @@ belong to tagged versions.") "BooleanOperations provides a Python library that enables boolean operations on paths.") (license license:expat))) + +(define-public python-tempdir + (package + (name "python-tempdir") + (version "0.7.1") + (source + (origin + (method url-fetch) + (uri (pypi-uri "tempdir" version)) + (sha256 + (base32 + "13msyyxqbicr111a294x7fsqbkl6a31fyrqflx3q7k547gnq15k8")))) + (build-system python-build-system) + (home-page "https://pypi.org/project/tempdir/") + (arguments + ;; the package has no tests + '(#:tests? #f)) + (synopsis "Python library for managing temporary directories") + (description + "This library manages temporary directories that are automatically +deleted with all their contents when they are no longer needed. It is +particularly convenient for use in tests.") + (license license:expat))) + +(define-public python2-tempdir + (package-with-python2 python-tempdir)) + diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm index 7c6b957411..7ce531bb6d 100644 --- a/gnu/packages/security-token.scm +++ b/gnu/packages/security-token.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; ;;; This file is part of GNU Guix. ;;; diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm index d4d9c0e786..7c6ca70314 100644 --- a/gnu/packages/statistics.scm +++ b/gnu/packages/statistics.scm @@ -703,13 +703,13 @@ effects of different types of color-blindness.") (define-public r-digest (package (name "r-digest") - (version "0.6.12") + (version "0.6.13") (source (origin (method url-fetch) (uri (cran-uri "digest" version)) (sha256 - (base32 "1awy9phxdvqnadby7rvwy2hkbrj210bqf4xvi27asdq028zlcyd4")))) + (base32 "1bsgl07bvf4nk6bn7n3l2ilvk4qvn3nk7yxp22miil7x405xdks6")))) (build-system r-build-system) ;; Vignettes require r-knitr, which requires r-digest, so we have to ;; disable them and the tests. @@ -988,13 +988,13 @@ the input of another.") (define-public r-reshape2 (package (name "r-reshape2") - (version "1.4.2") + (version "1.4.3") (source (origin (method url-fetch) (uri (cran-uri "reshape2" version)) (sha256 - (base32 "0swvjmc9f8cvkrsz463cp6snd8bncbv6q8yrfrb4rgkr0dhq6dvd")))) + (base32 "03ki5ka1dj208fc0dclbm0b4xp9d769pah2j9cs34l776p4r9zwa")))) (build-system r-build-system) (propagated-inputs `(("r-plyr" ,r-plyr) @@ -1328,13 +1328,13 @@ syntax that can be converted to XHTML or other formats.") (define-public r-yaml (package (name "r-yaml") - (version "2.1.14") + (version "2.1.16") (source (origin (method url-fetch) (uri (cran-uri "yaml" version)) (sha256 (base32 - "0x88xicrf7vwp77xgan27mnpdljhpkn0pz5kphnwqi3ddy25k9a1")))) + "1xlsmqal607w6c9rx86061y1fwpbyd5lqp9bad5n7cc9a0blpnkm")))) (build-system r-build-system) (home-page "https://cran.r-project.org/web/packages/yaml/") (synopsis "Methods to convert R data to YAML and back") @@ -1502,20 +1502,23 @@ R packages that praise their users.") (define-public r-testthat (package (name "r-testthat") - (version "1.0.2") + (version "2.0.0") (source (origin (method url-fetch) (uri (cran-uri "testthat" version)) (sha256 (base32 - "0pj1r01x4ny4capr83dfa19hi5i2sjjxky99schzip8zrq5dzxqf")))) + "155l53kb69jga5d8c5nvdwqlvlgfmk4vzyyl4d0108j53jnlgh1v")))) (build-system r-build-system) (propagated-inputs - `(("r-digest" ,r-digest) + `(("r-cli" ,r-cli) ("r-crayon" ,r-crayon) + ("r-digest" ,r-digest) ("r-magrittr" ,r-magrittr) ("r-praise" ,r-praise) - ("r-r6" ,r-r6))) + ("r-r6" ,r-r6) + ("r-rlang" ,r-rlang) + ("r-withr" ,r-withr))) (home-page "https://github.com/hadley/testthat") (synopsis "Unit testing for R") (description @@ -1898,15 +1901,17 @@ chain.") (define-public r-ade4 (package (name "r-ade4") - (version "1.7-8") + (version "1.7-10") (source (origin (method url-fetch) (uri (cran-uri "ade4" version)) (sha256 (base32 - "1a5p3wf8l9cp1bjp57b1pc5bqs39kw1v21i4waj9j18wawzlmpb6")))) + "0zk81x0yn30gbyc0jpzyw1nxd08ccihl6vyk0ijvj3aw3nr5flc6")))) (build-system r-build-system) + (propagated-inputs + `(("r-mass" ,r-mass))) (home-page "http://pbil.univ-lyon1.fr/ADE-4") (synopsis "Multivariate data analysis and graphical display") (description @@ -2007,14 +2012,14 @@ limited to R.") (define-public r-backports (package (name "r-backports") - (version "1.1.1") + (version "1.1.2") (source (origin (method url-fetch) (uri (cran-uri "backports" version)) (sha256 (base32 - "15w8psmv203wzijrk4hvwaw3i4byh2m5s09yrkqwhfckhaj82kj9")))) + "0mml9h3xagi7144pyb3jj9zbh9qzns7izkhdg7df20v7bikr6nz8")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/backports") (synopsis "Reimplementations of functions introduced since R 3.0.0") @@ -2278,13 +2283,13 @@ functions make it easy to control additional request components.") (define-public r-git2r (package (name "r-git2r") - (version "0.19.0") + (version "0.20.0") (source (origin (method url-fetch) (uri (cran-uri "git2r" version)) (sha256 (base32 - "0ws6fbndmaafk2am4dwnz24qizxhld0yh54hgx0z6lzv3p1j209q")))) + "1pqggijvsalb5cc2pr5gwfj3s713s63f4xii1xrd0qagfgbgz846")))) (build-system r-build-system) ;; This R package contains modified sources of libgit2. This modified ;; version of libgit2 is built as the package is built. Hence libgit2 is @@ -2415,13 +2420,13 @@ disk (or a connection).") (define-public r-plotrix (package (name "r-plotrix") - (version "3.6-6") + (version "3.7") (source (origin (method url-fetch) (uri (cran-uri "plotrix" version)) (sha256 (base32 - "07hywp3ym0gbpqdj3f4vhr0bhmynhby8vh6p1b9cm2hv26pzs9q4")))) + "0rw81n9p3d2i03b4pgcfj5blryc94f29bm9a4j9bnp5h8qjj6pry")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/plotrix") (synopsis "Various plotting functions") @@ -2474,13 +2479,13 @@ well as additional utilities such as panel and axis annotation functions.") (define-public r-rcpparmadillo (package (name "r-rcpparmadillo") - (version "0.8.100.1.0") + (version "0.8.300.1.0") (source (origin (method url-fetch) (uri (cran-uri "RcppArmadillo" version)) (sha256 (base32 - "19sghlkslz6llcrjk5pd8c6dsb338jsi4dnwrbbrjkfq6jdr5jlp")))) + "0p6cbnwxgzigf7n5qhqvxdr3nd3pq3c2qq6pskqz7avzf813fy83")))) (properties `((upstream-name . "RcppArmadillo"))) (build-system r-build-system) (native-inputs @@ -2545,14 +2550,14 @@ encoder/decoder, round-off-error-free sum and cumsum, etc.") (define-public r-rprojroot (package (name "r-rprojroot") - (version "1.2") + (version "1.3-1") (source (origin (method url-fetch) (uri (cran-uri "rprojroot" version)) (sha256 (base32 - "1fgyxv1zv04sllcclzz089xl6hpdzac7xk61l0l4acb7rqsx5d18")))) + "1jigr2jh3hzy35h94im52yq81lyikw7nfvmbxij84a1b9c32r332")))) (build-system r-build-system) (propagated-inputs `(("r-backports" ,r-backports))) @@ -2859,14 +2864,14 @@ statements.") (define-public r-segmented (package (name "r-segmented") - (version "0.5-2.2") + (version "0.5-3.0") (source (origin (method url-fetch) (uri (cran-uri "segmented" version)) (sha256 (base32 - "1wdjxkgqjqw5q2nywmgkf6y21lb0alhvaqg0m0dr2xyxf1ii79rs")))) + "0nrik5fyq59hwiwjcpbi4p5yfavgfjq6wyrynhkrbm4k6v1g1wlq")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/segmented") (synopsis "Regression models with breakpoints estimation") @@ -2923,14 +2928,14 @@ standard R subsetting and Kronecker products.") (define-public r-iterators (package (name "r-iterators") - (version "1.0.8") + (version "1.0.9") (source (origin (method url-fetch) (uri (cran-uri "iterators" version)) (sha256 (base32 - "1f057pabs7ss9h1n244can26qsi5n2k3salrdk0b0vkphlrs4kmf")))) + "16sycjq912ix52fjxjhcwiaqr0yj1v5iqmrvjljd3z857031w06y")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/iterators") (synopsis "Iterator construct for R") @@ -3144,14 +3149,14 @@ options and registries, vignette, unit test and bibtex related utilities.") (define-public r-registry (package (name "r-registry") - (version "0.3") + (version "0.5") (source (origin (method url-fetch) (uri (cran-uri "registry" version)) (sha256 (base32 - "0c7lscfxncwwd8zp46h2xfw9gw14dypqv6m2kx85xjhjh0xw99aq")))) + "1yqfl1g6vsl28zn8brzc39659k8lqsmfms7900j7p64ilydyb2sx")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/registry") (synopsis "Infrastructure for R package registries") @@ -4394,14 +4399,14 @@ Farebrother's algorithm or Liu et al.'s algorithm.") (define-public r-cowplot (package (name "r-cowplot") - (version "0.9.1") + (version "0.9.2") (source (origin (method url-fetch) (uri (cran-uri "cowplot" version)) (sha256 (base32 - "0iq0wsi7467cj8hqml06whk3xsiv89x8dvm9ynwp411pzzbdjgwm")))) + "13yjw7yv7imyqiawqqp304hkp6x36iv6rf6gn03dwzwkj9zwx4lb")))) (build-system r-build-system) (propagated-inputs `(("r-ggplot2" ,r-ggplot2) diff --git a/gnu/packages/textutils.scm b/gnu/packages/textutils.scm index 674a3507d0..2fb1d1495e 100644 --- a/gnu/packages/textutils.scm +++ b/gnu/packages/textutils.scm @@ -388,7 +388,14 @@ regular expression object can be specified.") (assoc-ref %outputs "out") "/share/antiword")) #:phases (modify-phases %standard-phases - (delete 'configure) + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + ;; Ensure that mapping files can be found in the actual package + ;; data directory. + (substitute* "antiword.h" + (("/usr/share/antiword") + (string-append (assoc-ref outputs "out") "/share/antiword"))) + #t)) (replace 'install (lambda* (#:key make-flags #:allow-other-keys) (zero? (apply system* "make" `("global_install" ,@make-flags)))))))) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 64ee404417..09e65d9037 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -459,14 +459,14 @@ required structures.") (define-public libressl (package (name "libressl") - (version "2.6.3") + (version "2.6.4") (source (origin (method url-fetch) (uri (string-append "mirror://openbsd/LibreSSL/" name "-" version ".tar.gz")) (sha256 (base32 - "162wgzmg4zzqj5cxrsrmkfv1623dc4g8h3fsf1lvjw9i4sc6bbdf")))) + "07yi37a2ghsgj2b4w30q1s4d2inqnix7ika1m21y57p9z71212k3")))) (build-system gnu-build-system) (arguments ;; Do as if 'getentropy' was missing since older Linux kernels lack it diff --git a/gnu/packages/web-browsers.scm b/gnu/packages/web-browsers.scm index 385147c379..95d2878835 100644 --- a/gnu/packages/web-browsers.scm +++ b/gnu/packages/web-browsers.scm @@ -83,6 +83,7 @@ older or slower computers and embedded systems.") (method url-fetch) (uri (string-append "http://links.twibright.com/download/" name "-" version ".tar.bz2")) + (patches (search-patches "links-CVE-2017-11114.patch")) (sha256 (base32 "1f24y83wa1vzzjq5kp857gjqdpnmf8pb29yw7fam0m8wxxw0c3gp")))) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 8eb4b885bd..f752cffded 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -3876,22 +3876,26 @@ applications.") (define-public r-htmltable (package (name "r-htmltable") - (version "1.9") + (version "1.11.0") (source (origin (method url-fetch) (uri (cran-uri "htmlTable" version)) (sha256 (base32 - "0ciic1f4iczq14j81fg7kxibn65sy8z1zxkvk1yxnxxg6dzplj2v")))) + "0x0qrzx6igg5z8jh901d2a8g2idpm5f4frwp1m02910scifcrxwf")))) (properties `((upstream-name . "htmlTable"))) (build-system r-build-system) (propagated-inputs `(("r-checkmate" ,r-checkmate) + ("r-dplyr" ,r-dplyr) + ("r-htmltools" ,r-htmltools) ("r-htmlwidgets" ,r-htmlwidgets) ("r-knitr" ,r-knitr) ("r-magrittr" ,r-magrittr) - ("r-stringr" ,r-stringr))) + ("r-rstudioapi" ,r-rstudioapi) + ("r-stringr" ,r-stringr) + ("r-tidyr" ,r-tidyr))) (home-page "http://gforge.se/packages/") (synopsis "Advanced tables for Markdown/HTML") (description @@ -3907,13 +3911,13 @@ LaTeX.") (define-public r-curl (package (name "r-curl") - (version "3.0") + (version "3.1") (source (origin (method url-fetch) (uri (cran-uri "curl" version)) (sha256 (base32 - "01m52jz2q38yc32xbnmpm48hck2xj9fyhxq262p04y67gjpf7y3v")))) + "15fbjya2xrf2k9hhvg3frisrram4yk5wlfz67zj1z8ahpsb2a3r7")))) (build-system r-build-system) (arguments `(#:phases diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index 89fe9102ed..e2d753aa3d 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -54,14 +54,14 @@ (define-public webkitgtk (package (name "webkitgtk") - (version "2.18.3") + (version "2.18.4") (source (origin (method url-fetch) (uri (string-append "https://www.webkitgtk.org/releases/" name "-" version ".tar.xz")) (sha256 (base32 - "17lgn7qwrwqxl1lgmq5icvzmna6aymx4c7al47rp0vvac7hj0m71")))) + "1f1j0r996l20cgkvbwpizn7d4yp58cy334b1pvn4kfb5c2dbpdl7")))) (build-system cmake-build-system) (arguments '(#:tests? #f ; no tests diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm index 7668a1d380..bbe6ab4545 100644 --- a/gnu/packages/xfce.scm +++ b/gnu/packages/xfce.scm @@ -492,7 +492,10 @@ your system in categories, so you can quickly find and launch them.") (build-system gnu-build-system) (arguments '(#:configure-flags - (list (string-append "--with-xsession-prefix=" %output)))) + (list (string-append "--with-xsession-prefix=" %output)) + ;; Disable icon cache update. + #:make-flags + '("gtk_update_icon_cache=true"))) (native-inputs `(("pkg-config" ,pkg-config) ("intltool" ,intltool))) diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index ca5e996d6a..6fce328565 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -179,6 +179,15 @@ project (but it is usable outside of the Gnome platform).") based on libxml for XML parsing, tree manipulation and XPath support.") (license license:x11))) +(define libxslt/fixed + (package + (inherit libxslt) + (source (origin + (inherit (package-source libxslt)) + (patches (search-patches "libxslt-CVE-2016-4738.patch" + "libxslt-CVE-2017-5029.patch" + "libxslt-generated-ids.patch")))))) + (define-public perl-graph-readwrite (package (name "perl-graph-readwrite") diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 5e08927af3..a3654fd4d3 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -516,6 +516,24 @@ stopped before 'kill' is called." (call-with-output-file "/dev/urandom" (lambda (urandom) (dump-port seed urandom)))))) + + ;; Try writing from /dev/hwrng into /dev/urandom. + ;; It seems that the file /dev/hwrng always exists, even + ;; when there is no hardware random number generator + ;; available. So, we handle a failed read or any other error + ;; reported by the operating system. + (let ((buf (catch 'system-error + (lambda () + (call-with-input-file "/dev/hwrng" + (lambda (hwrng) + (get-bytevector-n hwrng 512)))) + ;; Silence is golden... + (const #f)))) + (when buf + (call-with-output-file "/dev/urandom" + (lambda (urandom) + (put-bytevector urandom buf))))) + ;; Immediately refresh the seed in case the system doesn't ;; shut down cleanly. (call-with-input-file "/dev/urandom" diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm index f1214fb5fd..336f25b3c7 100644 --- a/gnu/tests/web.scm +++ b/gnu/tests/web.scm @@ -154,7 +154,7 @@ echo(\"Computed by php:\".((string)(2+3))); (root "/srv") (locations (list (nginx-php-location))) - (listen "8042") + (listen '("8042")) (ssl-certificate #f) (ssl-certificate-key #f)))) |