aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk8
-rw-r--r--gnu/packages/admin.scm9
-rw-r--r--gnu/packages/autotools.scm37
-rw-r--r--gnu/packages/backup.scm9
-rw-r--r--gnu/packages/base.scm59
-rw-r--r--gnu/packages/bash.scm10
-rw-r--r--gnu/packages/bdw-gc.scm36
-rw-r--r--gnu/packages/bootstrap.scm1
-rw-r--r--gnu/packages/commencement.scm27
-rw-r--r--gnu/packages/cross-base.scm2
-rw-r--r--gnu/packages/cyrus-sasl.scm9
-rw-r--r--gnu/packages/databases.scm45
-rw-r--r--gnu/packages/flex.scm61
-rw-r--r--gnu/packages/fontutils.scm6
-rw-r--r--gnu/packages/gcc.scm24
-rw-r--r--gnu/packages/gnupg.scm8
-rw-r--r--gnu/packages/guile.scm19
-rw-r--r--gnu/packages/icu4c.scm25
-rw-r--r--gnu/packages/kde-frameworks.scm12
-rw-r--r--gnu/packages/libunistring.scm11
-rw-r--r--gnu/packages/linux.scm26
-rw-r--r--gnu/packages/m4.scm6
-rw-r--r--gnu/packages/make-bootstrap.scm5
-rw-r--r--gnu/packages/mit-krb5.scm4
-rw-r--r--gnu/packages/multiprecision.scm8
-rw-r--r--gnu/packages/ncurses.scm23
-rw-r--r--gnu/packages/nettle.scm6
-rw-r--r--gnu/packages/patches/flex-CVE-2016-6354.patch30
-rw-r--r--gnu/packages/patches/gcc-libiberty-printf-decl.patch28
-rw-r--r--gnu/packages/patches/libarchive-7zip-heap-overflow.patch77
-rw-r--r--gnu/packages/patches/libarchive-fix-filesystem-attacks.patch445
-rw-r--r--gnu/packages/patches/libarchive-fix-symlink-check.patch60
-rw-r--r--gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch44
-rw-r--r--gnu/packages/patches/sed-hurd-path-max.patch34
-rw-r--r--gnu/packages/patches/tar-CVE-2016-6321.patch51
-rw-r--r--gnu/packages/php.scm2
-rw-r--r--gnu/packages/ssh.scm4
-rw-r--r--gnu/packages/tls.scm5
-rw-r--r--gnu/packages/xorg.scm8
39 files changed, 331 insertions, 953 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 1889a0ecd6..6dcd174bc3 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -546,7 +546,6 @@ dist_patch_DATA = \
%D%/packages/patches/fcgi-2.4.0-poll.patch \
%D%/packages/patches/findutils-localstatedir.patch \
%D%/packages/patches/findutils-test-xargs.patch \
- %D%/packages/patches/flex-CVE-2016-6354.patch \
%D%/packages/patches/flint-ldconfig.patch \
%D%/packages/patches/fltk-shared-lib-defines.patch \
%D%/packages/patches/fltk-xfont-on-demand.patch \
@@ -557,6 +556,7 @@ dist_patch_DATA = \
%D%/packages/patches/gcc-arm-bug-71399.patch \
%D%/packages/patches/gcc-arm-link-spec-fix.patch \
%D%/packages/patches/gcc-cross-environment-variables.patch \
+ %D%/packages/patches/gcc-libiberty-printf-decl.patch \
%D%/packages/patches/gcc-libvtv-runpath.patch \
%D%/packages/patches/gcc-strmov-store-file-names.patch \
%D%/packages/patches/gcc-4.9.3-mingw-gthr-default.patch \
@@ -657,10 +657,6 @@ dist_patch_DATA = \
%D%/packages/patches/liba52-link-with-libm.patch \
%D%/packages/patches/liba52-set-soname.patch \
%D%/packages/patches/liba52-use-mtune-not-mcpu.patch \
- %D%/packages/patches/libarchive-7zip-heap-overflow.patch \
- %D%/packages/patches/libarchive-fix-symlink-check.patch \
- %D%/packages/patches/libarchive-fix-filesystem-attacks.patch \
- %D%/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch \
%D%/packages/patches/libbonobo-activation-test-race.patch \
%D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \
%D%/packages/patches/libcmis-fix-test-onedrive.patch \
@@ -844,7 +840,6 @@ dist_patch_DATA = \
%D%/packages/patches/ruby-rack-ignore-failing-test.patch \
%D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
%D%/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch \
- %D%/packages/patches/sed-hurd-path-max.patch \
%D%/packages/patches/scheme48-tests.patch \
%D%/packages/patches/scotch-test-threading.patch \
%D%/packages/patches/sdl-libx11-1.6.patch \
@@ -866,6 +861,7 @@ dist_patch_DATA = \
%D%/packages/patches/t1lib-CVE-2010-2642.patch \
%D%/packages/patches/t1lib-CVE-2011-0764.patch \
%D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \
+ %D%/packages/patches/tar-CVE-2016-6321.patch \
%D%/packages/patches/tar-skip-unreliable-tests.patch \
%D%/packages/patches/tcl-mkindex-deterministic.patch \
%D%/packages/patches/tclxml-3.2-install.patch \
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 8a7dc6af89..9e912a9543 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -112,20 +112,23 @@ usual file attributes can be checked for inconsistencies.")
(define-public progress
(package
(name "progress")
- (version "0.13")
+ (version "0.13.1")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/Xfennec/"
name "/archive/v" version ".tar.gz"))
(sha256
- (base32 "133iar4vq5vlklydb4cyazjy6slmpbndrws474mg738bd8avc30n"))
+ (base32 "199rk6608q9m6l0fbjm0xl2w1c5krf8245dqnksdp4rqp7l9ak06"))
(file-name (string-append name "-" version ".tar.gz"))))
(build-system gnu-build-system)
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("which" ,which)))
(inputs
`(("ncurses" ,ncurses)))
(arguments
`(#:tests? #f ; There is no test suite.
- #:make-flags (list "CC=gcc" "LDFLAGS+=-lncurses"
+ #:make-flags (list "CC=gcc"
(string-append "PREFIX=" (assoc-ref %outputs "out")))
#:phases
(modify-phases %standard-phases
diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm
index 72492e70eb..442c87c1f1 100644
--- a/gnu/packages/autotools.scm
+++ b/gnu/packages/autotools.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2014 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 David Thompson <davet@gnu.org>
+;;; Copyright © 2017 ng0 <ng0@libertad.pw>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -26,6 +27,7 @@
#:use-module (gnu packages)
#:use-module (gnu packages perl)
#:use-module (gnu packages m4)
+ #:use-module (gnu packages man)
#:use-module (gnu packages bash)
#:use-module (guix utils)
#:use-module (guix packages)
@@ -300,6 +302,7 @@ Makefile, simplifying the entire process for the developer.")
(propagated-inputs `(("m4" ,m4)))
(native-inputs `(("m4" ,m4)
("perl" ,perl)
+ ("help2man" ,help2man) ;because we modify ltmain.sh
("automake" ,automake) ;some tests rely on 'aclocal'
("autoconf" ,(autoconf-wrapper)))) ;others on 'autom4te'
@@ -313,21 +316,27 @@ Makefile, simplifying the entire process for the developer.")
(or (%current-target-system)
(%current-system))))
- #:phases (alist-cons-before
- 'check 'pre-check
- (lambda* (#:key inputs #:allow-other-keys)
- ;; Run the test suite in parallel, if possible.
- (setenv "TESTSUITEFLAGS"
- (string-append
- "-j"
- (number->string (parallel-job-count))))
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'check 'pre-check
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; Run the test suite in parallel, if possible.
+ (setenv "TESTSUITEFLAGS"
+ (string-append
+ "-j"
+ (number->string (parallel-job-count))))
+ ;; Patch references to /bin/sh.
+ (let ((bash (assoc-ref inputs "bash")))
+ (substitute* "tests/testsuite"
+ (("/bin/sh")
+ (string-append bash "/bin/sh")))
+ #t)))
+ (add-after 'patch-source-shebangs 'restore-ltmain-shebang
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "build-aux/ltmain.in"
+ (("^#!.*/bin/sh$") "#!/bin/sh"))
+ #t)))))
- ;; Path references to /bin/sh.
- (let ((bash (assoc-ref inputs "bash")))
- (substitute* "tests/testsuite"
- (("/bin/sh")
- (string-append bash "/bin/bash")))))
- %standard-phases)))
(synopsis "Generic shared library support tools")
(description
"GNU Libtool helps in the creation and use of shared libraries, by
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 8cfe470ec6..8308616a1f 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -173,20 +173,15 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
- (version "3.2.1")
+ (version "3.2.2")
(source
(origin
(method url-fetch)
(uri (string-append "http://libarchive.org/downloads/libarchive-"
version ".tar.gz"))
- (patches (search-patches
- "libarchive-7zip-heap-overflow.patch"
- "libarchive-fix-symlink-check.patch"
- "libarchive-fix-filesystem-attacks.patch"
- "libarchive-safe_fprintf-buffer-overflow.patch"))
(sha256
(base32
- "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj"))))
+ "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739"))))
(build-system gnu-build-system)
;; TODO: Add -L/path/to/nettle in libarchive.pc.
(inputs
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index c75e038289..93b598f808 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -78,14 +78,14 @@ command-line arguments, multiple languages, and so on.")
(define-public grep
(package
(name "grep")
- (version "2.25")
+ (version "2.27")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/grep/grep-"
version ".tar.xz"))
(sha256
(base32
- "0c38b67cnwchwzv4wq2gpz6smkhdxrac2hhssv8f0l04qnx867p2"))
+ "1syadppgpxpfhpwhhqcsibrn131azypzps5aicx1qjh74d6w8k5d"))
(patches (search-patches "grep-timing-sensitive-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl))) ;some of the tests require it
@@ -118,30 +118,32 @@ including, for example, recursive directory searching.")
(define-public sed
(package
(name "sed")
- (version "4.2.2")
+ (version "4.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/sed/sed-" version
- ".tar.bz2"))
+ ".tar.xz"))
(sha256
(base32
- "1myvrmh99jsvk7v3d7crm0gcrq51hmmm1r2kjyyci152in1x2j7h"))
- (patches (search-patches "sed-hurd-path-max.patch"))))
+ "1anhdgah8h423hlmn9hwzxzr7hjbqjm6hxq3z1p7p7nf8640vhj7"))))
(build-system gnu-build-system)
(synopsis "Stream editor")
(arguments
(if (%current-target-system)
'()
- `(#:phases (alist-cons-before
- 'patch-source-shebangs 'patch-test-suite
- (lambda* (#:key inputs #:allow-other-keys)
- (let ((bash (assoc-ref inputs "bash")))
- (patch-makefile-SHELL "testsuite/Makefile.tests")
- (substitute* '("testsuite/bsd.sh"
- "testsuite/bug-regex9.c")
- (("/bin/sh")
- (string-append bash "/bin/bash")))))
- %standard-phases))))
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-before 'patch-source-shebangs 'patch-test-suite
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((bash (assoc-ref inputs "bash")))
+ (patch-makefile-SHELL "testsuite/Makefile.tests")
+ (substitute* '("testsuite/bsd.sh"
+ "testsuite/bug-regex9.c")
+ (("/bin/sh")
+ (string-append bash "/bin/sh")))
+ #t)))))))
+ (native-inputs
+ `(("perl" ,perl))) ; for build-aux/help2man
(description
"Sed is a non-interactive, text stream editor. It receives a text
input from a file or from standard input and it then applies a series of text
@@ -149,7 +151,7 @@ editing commands to the stream and prints its output to standard output. It
is often used for substituting text patterns in a stream. The GNU
implementation offers several extensions over the standard utility.")
(license gpl3+)
- (home-page "http://www.gnu.org/software/sed/")))
+ (home-page "https://www.gnu.org/software/sed/")))
(define-public tar
(package
@@ -162,7 +164,8 @@ implementation offers several extensions over the standard utility.")
(sha256
(base32
"097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"))
- (patches (search-patches "tar-skip-unreliable-tests.patch"))))
+ (patches (search-patches "tar-CVE-2016-6321.patch"
+ "tar-skip-unreliable-tests.patch"))))
(build-system gnu-build-system)
;; Note: test suite requires ~1GiB of disk space.
(arguments
@@ -277,14 +280,14 @@ used to apply commands with arbitrarily long arguments.")
(define-public coreutils
(package
(name "coreutils")
- (version "8.25")
+ (version "8.26")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/coreutils/coreutils-"
version ".tar.xz"))
(sha256
(base32
- "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii"))))
+ "13lspazc7xkviy93qz7ks9jv4sldvgmwpq36ghrbrqpq93br8phm"))))
(build-system gnu-build-system)
(inputs `(("acl" ,acl) ; TODO: add SELinux
("gmp" ,gmp) ;bignums in 'expr', yay!
@@ -715,7 +718,21 @@ with the Linux kernel.")
;; Use the right 'pwd'.
(substitute* "configure"
(("/bin/pwd") "pwd")))
- ,original-phases)))
+ (alist-replace
+ 'build
+ (lambda _
+ ;; Force mach/hurd/libpthread subdirs to build first in order to avoid
+ ;; linking errors.
+ ;; See <https://lists.gnu.org/archive/html/bug-hurd/2016-11/msg00045.html>
+ (let ((-j (list "-j" (number->string (parallel-job-count)))))
+ (let-syntax ((make (syntax-rules ()
+ ((_ target)
+ (zero? (apply system* "make" target -j))))))
+ (and (make "mach/subdir_lib")
+ (make "hurd/subdir_lib")
+ (make "libpthread/subdir_lib")
+ (zero? (apply system* "make" -j))))))
+ ,original-phases))))
((#:configure-flags original-configure-flags)
`(append (list "--host=i586-pc-gnu"
diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm
index d328d711d1..90b6c3f17e 100644
--- a/gnu/packages/bash.scm
+++ b/gnu/packages/bash.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Efraim Flashenr <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -38,7 +39,7 @@
(define (patch-url seqno)
"Return the URL of Bash patch number SEQNO."
- (format #f "mirror://gnu/bash/bash-4.3-patches/bash43-~3,'0d" seqno))
+ (format #f "mirror://gnu/bash/bash-4.4-patches/bash44-~3,'0d" seqno))
(define (bash-patch seqno sha256)
"Return the origin of Bash patch SEQNO, with expected hash SHA256"
@@ -54,7 +55,12 @@
(define %patch-series-4.4
;; This is the current patches series for 4.4, generated using
;; 'download-patches' below.
- (patch-series))
+ (patch-series
+ (1 "03vzy7qwjdd5qvl3ydg99naazas2qmyd0yhnrflgjbbm64axja1y")
+ (2 "0lrwq6vyqism3yqv9s7kzaf3dsl4q5w9r5svcqz279qp7qca083h")
+ (3 "1chqww2rj6g42b8s60q5zlzy0jzp684jkpsbrbfy1vzxja8mmpsi")
+ (4 "1cy8abf96hkrjhw921ndr0shlcnc52bg45rn6xri4v5clhq0l25d")
+ (5 "0a8515kyk4zsgmvlqvlganjfr7pq0j6kzpr4d6xx02kpbdr4n7i2")))
(define (download-patches store count)
"Download COUNT Bash patches into store. Return a list of
diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm
index 992a11bac0..b9732374d7 100644
--- a/gnu/packages/bdw-gc.scm
+++ b/gnu/packages/bdw-gc.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -24,24 +25,23 @@
#:use-module (guix build-system gnu)
#:use-module (gnu packages pkg-config))
-(define-public libgc-7.2
+(define-public libgc
(package
(name "libgc")
- (version "7.2f")
+ (version "7.6.0")
(source (origin
(method url-fetch)
(uri (string-append "http://www.hboehm.info/gc/gc_source/gc-"
version ".tar.gz"))
(sha256
(base32
- "119x7p1cqw40mpwj80xfq879l9m1dkc7vbc1f3bz3kvkf8bf6p16"))))
+ "143x7g0d0k6250ai6m2x3l4y352mzizi4wbgrmahxscv2aqjhjm1"))))
(build-system gnu-build-system)
(arguments
- ;; Make it so that we don't rely on /proc. This is especially useful in
- ;; an initrd run before /proc is mounted.
- '(#:configure-flags '("CPPFLAGS=-DUSE_LIBC_PRIVATES"
- ;; Install gc_cpp.h et al.
+ '(#:configure-flags '(;; Install gc_cpp.h et al.
"--enable-cplusplus")))
+ (native-inputs `(("pkg-config" ,pkg-config)))
+ (inputs `(("libatomic-ops" ,libatomic-ops)))
(outputs '("out" "debug"))
(synopsis "The Boehm-Demers-Weiser conservative garbage collector
for C and C++")
@@ -67,7 +67,7 @@ C or C++ programs, though that is not its primary goal.")
(define-public libatomic-ops
(package
(name "libatomic-ops")
- (version "7.4.2")
+ (version "7.4.4")
(source (origin
(method url-fetch)
(uri (string-append
@@ -75,7 +75,7 @@ C or C++ programs, though that is not its primary goal.")
version ".tar.gz"))
(sha256
(base32
- "1pdm0h1y7bgkczr8byg20r6bq15m5072cqm5pny4f9crc9gn3yh4"))))
+ "13vg5fqwil17zpf4hj4h8rh3blzmym693lkdjgvwpgni1mh0l8dz"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(synopsis "Accessing hardware atomic memory update operations")
@@ -88,21 +88,3 @@ lock-free code, experiment with thread programming paradigms, etc.")
;; Some source files are X11-style, others are GPLv2+.
(license gpl2+)))
-
-(define-public libgc
- (package (inherit libgc-7.2)
- (version "7.4.2")
- (source (origin
- (method url-fetch)
- (uri (string-append "http://www.hboehm.info/gc/gc_source/gc-"
- version ".tar.gz"))
- (sha256
- (base32
- "18mg28rr6kwr5clc65k4l4hkyy4kd16amx831sjf8q2lqkbhlck3"))))
-
- ;; New dependencies.
- (native-inputs `(("pkg-config" ,pkg-config)))
- (inputs `(("libatomic-ops" ,libatomic-ops)))
-
- ;; 'USE_LIBC_PRIVATES' is now the default.
- (arguments '(#:configure-flags '("--enable-cplusplus")))))
diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index dd922c3ae4..c4a3fc3e7c 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -168,6 +168,7 @@ successful, or false to signal an error."
((string=? system "i586-gnu") "/lib/ld.so.1")
((string=? system "i686-gnu") "/lib/ld.so.1")
((string=? system "aarch64-linux") "/lib/ld-linux-aarch64.so.1")
+ ((string=? system "powerpc-linux") "/lib/ld.so.1")
;; XXX: This one is used bare-bones, without a libc, so add a case
;; here just so we can keep going.
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 7df1d3fca9..273e3ca808 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -172,6 +172,26 @@
,cf)))))
(inputs %boot0-inputs))))
+(define libstdc++-boot0
+ ;; GCC's libcc1 is always built as a shared library (the top-level
+ ;; 'Makefile.def' forcefully adds --enable-shared) and thus needs to refer
+ ;; to libstdc++.so. We cannot build libstdc++-5.3 because it relies on
+ ;; C++14 features missing in our bootstrap compiler.
+ (let ((lib (package-with-bootstrap-guile (make-libstdc++ gcc-4.9))))
+ (package
+ (inherit lib)
+ (name "libstdc++-boot0")
+ (arguments
+ `(#:guile ,%bootstrap-guile
+ #:implicit-inputs? #f
+
+ ;; XXX: libstdc++.so NEEDs ld.so for some reason.
+ #:validate-runpath? #f
+
+ ,@(package-arguments lib)))
+ (inputs %boot0-inputs)
+ (native-inputs '()))))
+
(define gcc-boot0
(package-with-bootstrap-guile
(package (inherit gcc)
@@ -257,6 +277,9 @@
("mpc-source" ,(package-source mpc))
("binutils-cross" ,binutils-boot0)
+ ;; The libstdc++ that libcc1 links against.
+ ("libstdc++" ,libstdc++-boot0)
+
;; Call it differently so that the builder can check whether
;; the "libc" input is #f.
("libc-native" ,@(assoc-ref %boot0-inputs "libc"))
@@ -987,10 +1010,10 @@ and binaries, plus debugging symbols in the 'debug' output), and Binutils.")
(gcc-toolchain gcc-4.8))
(define-public gcc-toolchain-4.9
- (gcc-toolchain gcc-final))
+ (gcc-toolchain gcc-4.9))
(define-public gcc-toolchain-5
- (gcc-toolchain gcc-5))
+ (gcc-toolchain gcc-final))
(define-public gcc-toolchain-6
(gcc-toolchain gcc-6))
diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm
index a3dfb8f477..47e0958193 100644
--- a/gnu/packages/cross-base.scm
+++ b/gnu/packages/cross-base.scm
@@ -281,7 +281,7 @@ GCC that does not target a libc; otherwise, target that libc."
(setenv "ARCH" ,(system->linux-architecture target))
(format #t "`ARCH' set to `~a' (cross compiling)~%" (getenv "ARCH"))
- (and (zero? (system* "make" "defconfig"))
+ (and (zero? (system* "make" ,(system->defconfig target)))
(zero? (system* "make" "mrproper" "headers_check"))))
,phases))))
(native-inputs `(("cross-gcc" ,xgcc)
diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm
index 89a4a49797..3c6a87828a 100644
--- a/gnu/packages/cyrus-sasl.scm
+++ b/gnu/packages/cyrus-sasl.scm
@@ -31,7 +31,6 @@
(define-public cyrus-sasl
(package
(name "cyrus-sasl")
- (replacement cyrus-sasl/fixed)
(version "2.1.26")
(source (origin
(method url-fetch)
@@ -41,6 +40,7 @@
(string-append
"ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-"
version ".tar.gz")))
+ (patches (search-patches "cyrus-sasl-CVE-2013-4122.patch"))
(sha256 (base32
"1hvvbcsg21nlncbgs0cgn3iwlnb3vannzwsp6rwvnn9ba4v53g4g"))))
(build-system gnu-build-system)
@@ -66,10 +66,3 @@ server writers.")
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "http://cyrusimap.web.cmu.edu")))
-
-(define cyrus-sasl/fixed
- (package
- (inherit cyrus-sasl)
- (source (origin
- (inherit (package-source cyrus-sasl))
- (patches (search-patches "cyrus-sasl-CVE-2013-4122.patch"))))))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index e05a337e47..c5e8599028 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -507,12 +507,9 @@ for example from a shell script.")
(define-public sqlite
(package
(name "sqlite")
- (version "3.14.1")
+ (version "3.15.2")
(source (origin
(method url-fetch)
- ;; TODO: Download from sqlite.org once this bug :
- ;; http://lists.gnu.org/archive/html/bug-guile/2013-01/msg00027.html
- ;; has been fixed.
(uri (let ((numeric-version
(match (string-split version #\.)
((first-digit other-digits ...)
@@ -522,23 +519,11 @@ for example from a shell script.")
(map (cut string-pad <> 2 #\0)
other-digits))
6 #\0))))))
- (list
- (string-append
- "https://fossies.org/linux/misc/sqlite-autoconf-"
- numeric-version ".tar.gz")
- (string-append
- "http://distfiles.gentoo.org/distfiles/"
- "/sqlite-autoconf-" numeric-version ".tar.gz"))
-
- ;; XXX: As of 2015-09-08, SourceForge is squatting the URL
- ;; below, returning 200 and showing an advertising page.
- ;; (string-append
- ;; "mirror://sourceforge/sqlite.mirror/SQLite%20" version
- ;; "/sqlite-autoconf-" numeric-version ".tar.gz")
- ))
+ (string-append "https://sqlite.org/2016/sqlite-autoconf-"
+ numeric-version ".tar.gz")))
(sha256
(base32
- "19j73j44akqgc6m82wm98yvnmm3mfzmfqr8mp3n7n080d53q4wdw"))))
+ "0j9i1zrwxc7dfd6xr3xagal3incrlalsrk96havnas1qp5im1cq7"))))
(build-system gnu-build-system)
(inputs `(("readline" ,readline)))
(arguments
@@ -549,7 +534,7 @@ for example from a shell script.")
(list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE "
"-DSQLITE_ENABLE_UNLOCK_NOTIFY "
"-DSQLITE_ENABLE_DBSTAT_VTAB"))))
- (home-page "http://www.sqlite.org/")
+ (home-page "https://www.sqlite.org/")
(synopsis "The SQLite database management system")
(description
"SQLite is a software library that implements a self-contained, serverless,
@@ -558,26 +543,6 @@ widely deployed SQL database engine in the world. The source code for SQLite
is in the public domain.")
(license public-domain)))
-(define-public sqlite-3.15.1
- (package (inherit sqlite)
- (version "3.15.1")
- (source (origin
- (method url-fetch)
- (uri (let ((numeric-version
- (match (string-split version #\.)
- ((first-digit other-digits ...)
- (string-append first-digit
- (string-pad-right
- (string-concatenate
- (map (cut string-pad <> 2 #\0)
- other-digits))
- 6 #\0))))))
- (string-append "https://sqlite.org/2016/sqlite-autoconf-"
- numeric-version ".tar.gz")))
- (sha256
- (base32
- "1ig2d9jzzixiifmgqsl6kjcvy17jwxby3s24gfnc5qvyd6vqkyjx"))))))
-
(define-public tdb
(package
(name "tdb")
diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm
index c1f74d65ad..d9abbfa4e2 100644
--- a/gnu/packages/flex.scm
+++ b/gnu/packages/flex.scm
@@ -24,6 +24,7 @@
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages m4)
+ #:use-module (gnu packages man)
#:use-module (gnu packages bison)
#:use-module (gnu packages indent)
#:use-module (srfi srfi-1))
@@ -31,29 +32,32 @@
(define-public flex
(package
(name "flex")
- (version "2.6.0")
+ (version "2.6.2")
(source (origin
- (method url-fetch)
- (uri (string-append "mirror://sourceforge/flex/flex-"
- version ".tar.bz2"))
- (patches (search-patches "flex-CVE-2016-6354.patch"))
- (sha256
- (base32
- "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4"))))
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/westes/flex"
+ "/releases/download/v" version "/"
+ "flex-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1jdjghh1qjq3z7snphshcak6p07gch2n4215vjvrkism25x460cs"))))
(build-system gnu-build-system)
(inputs
(let ((bison-for-tests
;; Work around an incompatibility with Bison 3.0:
;; <http://lists.gnu.org/archive/html/bug-bison/2013-09/msg00014.html>.
- (package (inherit bison)
+ (package
+ (inherit bison)
(version "2.7.1")
(source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/bison/bison-"
- version ".tar.xz"))
- (sha256
- (base32
- "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
+ (method url-fetch)
+ (uri (string-append
+ "mirror://gnu/bison/"
+ "bison-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
;; Unlike Bison 3.0, this version did not need Flex for its
;; tests, so it allows us to break the cycle.
@@ -61,9 +65,11 @@
`(("bison" ,bison-for-tests)
("indent" ,indent))))
;; m4 is not present in PATH when cross-building
- (native-inputs `(("m4" ,m4)))
+ (native-inputs
+ `(("help2man" ,help2man)
+ ("m4" ,m4)))
(propagated-inputs `(("m4" ,m4)))
- (home-page "http://flex.sourceforge.net/")
+ (home-page "https://github.com/westes/flex")
(synopsis "Fast lexical analyser generator")
(description
"Flex is a tool for generating scanners. A scanner, sometimes
@@ -78,23 +84,4 @@ is run, it analyzes its input for occurrences of text matching the
regular expressions for each rule. Whenever it finds a match, it
executes the corresponding C code.")
(license (non-copyleft "file://COPYING"
- "See COPYING in the distribution."))))
-
-(define-public flex-2.6.1
- ;; The kservice and solid packages use flex. extra-cmake-modules
- ;; forces C89 for all C files for compatibility with windows.
- ;; Flex 2.6.0 generates a lexer containing a single line comment. Single
- ;; line comments are part of the C99 standard, so the lexer won't compile
- ;; if C89 is used.
- (package
- (inherit flex)
- (version "2.6.1")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/westes/flex"
- "/releases/download/v" version "/"
- "flex-" version ".tar.gz"))
- (sha256
- (base32
- "0fy14c35yz2m1n1m4f02by3501fn0cca37zn7jp8lpp4b3kgjhrw"))))))
+ "See COPYING in the distribution."))))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 60cff2e330..1ffb427529 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -46,13 +46,13 @@
(define-public freetype
(package
(name "freetype")
- (version "2.6.3")
+ (version "2.7")
(source (origin
(method url-fetch)
(uri (string-append "mirror://savannah/freetype/freetype-"
version ".tar.bz2"))
(sha256 (base32
- "18k3b026762lmyrxfil5xv8qwnvj7hc12gz9bjqzbb12lmx707ip"))))
+ "0j3xgzn6pchgg1nm294vhx7cdicb7x3x8kwnlcm7v1alnzsm396n"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@@ -69,7 +69,7 @@ It supports both bitmap and scalable formats, including TrueType, OpenType,
Type1, CID, CFF, Windows FON/FNT, X11 PCF, and others. It supports high-speed
anti-aliased glyph bitmap generation with 256 gray levels.")
(license license:freetype) ; some files have other licenses
- (home-page "http://www.freetype.org/")))
+ (home-page "https://www.freetype.org/")))
(define-public ttfautohint
(package
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index cfd33f85ab..206c67ed99 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -211,7 +212,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC
;; Fix the dynamic linker's file name.
(substitute* (find-files "gcc/config"
- "^(linux|gnu)(64|-elf|-eabi)?\\.h$")
+ "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$")
(("#define GLIBC_DYNAMIC_LINKER([^ ]*).*$" _ suffix)
(format #f "#define GLIBC_DYNAMIC_LINKER~a \"~a\"~%"
suffix
@@ -240,7 +241,21 @@ where the OS part is overloaded to denote a specific ABI---into GCC
(format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\"
#define STANDARD_STARTFILE_PREFIX_2 \"\"
~a"
- libc line))))
+ libc line)))
+
+ ;; The rs6000 (a.k.a. powerpc) config in GCC does not use
+ ;; GNU_USER_* defines. Do the above for this case.
+ (substitute*
+ "gcc/config/rs6000/sysv4.h"
+ (("#define LIB_LINUX_SPEC (.*)$" _ suffix)
+ (format #f "#define LIB_LINUX_SPEC \
+\"-L~a/lib %{!static:-rpath=~a/lib %{!static-libgcc:-rpath=~a/lib -lgcc_s}} \" ~a"
+ libc libc libdir suffix))
+ (("#define STARTFILE_LINUX_SPEC.*$" line)
+ (format #f "#define STANDARD_STARTFILE_PREFIX_1 \"~a/lib\"
+#define STANDARD_STARTFILE_PREFIX_2 \"\"
+~a"
+ libc line))))
;; Don't retain a dependency on the build-time sed.
(substitute* "fixincludes/fixincl.x"
@@ -358,7 +373,8 @@ Go. It also includes runtime support libraries for these languages.")
(sha256
(base32
"0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0"))
- (patches (search-patches "gcc-strmov-store-file-names.patch"
+ (patches (search-patches "gcc-arm-bug-71399.patch"
+ "gcc-strmov-store-file-names.patch"
"gcc-5.0-libvtv-runpath.patch"))))))
(define-public gcc-6
@@ -377,7 +393,7 @@ Go. It also includes runtime support libraries for these languages.")
;; Note: When changing the default gcc version, update
;; the gcc-toolchain-* definitions accordingly.
-(define-public gcc gcc-4.9)
+(define-public gcc gcc-5)
(define-public (make-libstdc++ gcc)
"Return a libstdc++ package based on GCC. The primary use case is when
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 56fba45e3a..151952663b 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -58,7 +58,7 @@
(define-public libgpg-error
(package
(name "libgpg-error")
- (version "1.24")
+ (version "1.25")
(source
(origin
(method url-fetch)
@@ -66,7 +66,7 @@
version ".tar.bz2"))
(sha256
(base32
- "0h75sf1ngr750c3fjfn4583q7wz40qm63jhg8vjfdrbx936f2s4j"))))
+ "031jc5196fdcxn2g61i1pdabvdbxxcdi4j7jbaq3hfs38dcgfa7n"))))
(build-system gnu-build-system)
(home-page "https://gnupg.org")
(synopsis "Library of error values for GnuPG components")
@@ -82,14 +82,14 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
- (version "1.7.3")
+ (version "1.7.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
- "0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x"))))
+ "0078pbzm6nlgvnwlylshsg707ifcmfpnpbvhlhqbpwpfic9a9zni"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error-host" ,libgpg-error)))
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 9458ab714f..a408f8f9aa 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -133,15 +133,15 @@ without requiring the source code to be rewritten.")
(define-public guile-2.0
(package
(name "guile")
- (version "2.0.12")
- (replacement guile-2.0.13) ;CVE-2016-8606 and CVE-2016-8605
+ (version "2.0.13")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/guile/guile-" version
".tar.xz"))
(sha256
(base32
- "1sdpjq0jf1h65w29q0zprj4x6kdp5jskkvbnlwphy9lvdxrqg0fy"))))
+ "12yqkr974y91ylgw6jnmci2v90i90s7h9vxa4zk0sai8vjnz4i1p"))
+ (patches (search-patches "guile-repl-server-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("pkgconfig" ,pkg-config)))
(inputs `(("libffi" ,libffi)
@@ -214,19 +214,6 @@ without requiring the source code to be rewritten.")
(properties '((hidden? . #t))) ;people should install 'guile-2.0'
(replacement #f)))
-(define guile-2.0.13
- (package
- (inherit guile-2.0)
- (version "2.0.13")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/guile/guile-" version
- ".tar.xz"))
- (sha256
- (base32
- "12yqkr974y91ylgw6jnmci2v90i90s7h9vxa4zk0sai8vjnz4i1p"))
- (patches (search-patches "guile-repl-server-test.patch"))))))
-
(define-public guile-next
(package (inherit guile-2.0)
(name "guile-next")
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 13723bf585..d842f03b4e 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -28,20 +29,17 @@
(define-public icu4c
(package
(name "icu4c")
- (version "55.1")
+ (version "58.2")
(source (origin
(method url-fetch)
(uri (string-append
- "mirror://sourceforge/icu/ICU4C/"
+ "http://download.icu-project.org/files/icu4c/"
version
"/icu4c-"
(string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
"-src.tgz"))
(sha256
- (base32 "0ys5f5spizg45qlaa31j2lhgry0jka2gfha527n4ndfxxz5j4sz1"))
- (patches (search-patches "icu4c-CVE-2014-6585.patch"
- "icu4c-CVE-2015-1270.patch"
- "icu4c-CVE-2015-4760.patch"))))
+ (base32 "036shcb3f8bm1lynhlsb4kpjm9s9c2vdiir01vg216rs2l8482ib"))))
(build-system gnu-build-system)
(inputs
`(("perl" ,perl)))
@@ -55,18 +53,9 @@
'("--with-data-packaging=archive")
'()))
#:phases
- (alist-cons-after
- 'unpack 'chdir-to-source
- (lambda _ (chdir "source"))
- (alist-cons-before
- 'configure 'patch-configure
- (lambda _
- ;; patch out two occurrences of /bin/sh from configure script
- ;; that might have disappeared in a release later than 54.1
- (substitute* "configure"
- (("`/bin/sh")
- (string-append "`" (which "bash")))))
- %standard-phases))))
+ (modify-phases %standard-phases
+ (add-after 'unpack 'chdir-to-source
+ (lambda _ (chdir "source") #t)))))
(synopsis "International Components for Unicode")
(description
"ICU is a set of C/C++ and Java libraries providing Unicode and
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index 94145fb95d..a7f2cabbc4 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -1117,11 +1117,7 @@ which are used in DBus communication.")
(native-inputs
`(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules)
- ;; extra-cmake-modules forces C89 for all C files for compatibility with
- ;; Windows. Flex 2.6.0 generates a lexer containing a single line
- ;; comment. Single line comments are part of the C99 standard, so the
- ;; lexer won't compile if C89 is used.
- ("flex" ,flex-2.6.1)
+ ("flex" ,flex)
("qttools" ,qttools)))
(inputs
`(("qtbase" ,qtbase)
@@ -2535,11 +2531,7 @@ typed.")
(native-inputs
`(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules)
- ;; extra-cmake-modules forces C89 for all C files for compatibility with
- ;; Windows. Flex 2.6.0 generates a lexer containing a single line
- ;; comment. Single line comments are part of the C99 standard, so the
- ;; lexer won't compile if C89 is used.
- ("flex" ,flex-2.6.1)))
+ ("flex" ,flex)))
(inputs
`(("kcrash" ,kcrash)
("kdbusaddons" ,kdbusaddons)
diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm
index a9779d4ffd..212bec4b49 100644
--- a/gnu/packages/libunistring.scm
+++ b/gnu/packages/libunistring.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
@@ -28,15 +29,15 @@
(define-public libunistring
(package
(name "libunistring")
- (version "0.9.6")
+ (version "0.9.7")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://gnu/libunistring/libunistring-"
- version ".tar.gz"))
+ version ".tar.xz"))
(sha256
(base32
- "0ixxmgpgh2v8ifm6hbwsjxl023myk3dfnj7wnvmqjivza31fw9cn"))))
+ "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf"))))
(propagated-inputs (libiconv-if-needed))
(build-system gnu-build-system)
(arguments
@@ -49,5 +50,5 @@
"GNU libunistring is a library providing functions to manipulate
Unicode strings and for manipulating C strings according to the Unicode
standard.")
- (home-page "http://www.gnu.org/software/libunistring/")
- (license lgpl3+)))
+ (home-page "https://www.gnu.org/software/libunistring/")
+ (license (list lgpl3+ gpl2))))
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 0c191629ce..5e450a72a7 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -17,6 +17,7 @@
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
+;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com>
;;; Copyright © 2016 ng0 <ng0@libertad.pw>
;;;
;;; This file is part of GNU Guix.
@@ -101,6 +102,13 @@
((string-prefix? "aarch64" arch) "arm64")
(else arch))))
+(define-public (system->defconfig system)
+ "Some systems (notably powerpc-linux) require a special target for kernel
+defconfig. Return the appropiate make target if applicable, otherwise return
+\"defconfig\"."
+ (cond ((string-prefix? "powerpc-" system) "pmac32_defconfig")
+ (else "defconfig")))
+
(define (linux-libre-urls version)
"Return a list of URLs for Linux-Libre VERSION."
(list (string-append
@@ -140,11 +148,13 @@
(lambda _
(let ((arch ,(system->linux-architecture
(or (%current-target-system)
- (%current-system)))))
+ (%current-system))))
+ (defconfig ,(system->defconfig
+ (or (%current-target-system)
+ (%current-system)))))
(setenv "ARCH" arch)
(format #t "`ARCH' set to `~a'~%" (getenv "ARCH"))
-
- (and (zero? (system* "make" "defconfig"))
+ (and (zero? (system* "make" defconfig))
(zero? (system* "make" "mrproper" "headers_check"))))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
@@ -453,7 +463,7 @@ providing the system administrator with some help in common tasks.")
(define-public util-linux
(package
(name "util-linux")
- (version "2.28.1")
+ (version "2.28.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/utils/"
@@ -461,7 +471,7 @@ providing the system administrator with some help in common tasks.")
name "-" version ".tar.xz"))
(sha256
(base32
- "03xnaw3c7pavxvvh1vnimcr44hlhhf25whawiyv8dxsflfj4xkiy"))
+ "1kgh16j3ywzf5gdz4vq6v3dyc5qsi377p11clj9xxgi0dwa3g7dq"))
(patches (search-patches "util-linux-tests.patch"))
(modules '((guix build utils)))
(snippet
@@ -477,7 +487,7 @@ providing the system administrator with some help in common tasks.")
"static")) ; >2 MiB of static .a libraries
(arguments
`(#:configure-flags (list "--disable-use-tty-group"
-
+ "--enable-fs-paths-default=/run/current-system/profile/sbin"
;; Install completions where our
;; bash-completion package expects them.
(string-append "--with-bashcompletiondir="
@@ -1156,7 +1166,7 @@ advanced aspects of IP configuration (iptunnel, ipmaddr).")
(define-public libcap
(package
(name "libcap")
- (version "2.24")
+ (version "2.25")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1164,7 +1174,7 @@ advanced aspects of IP configuration (iptunnel, ipmaddr).")
"libcap2/libcap-" version ".tar.xz"))
(sha256
(base32
- "0rbc9qbqs5bp9am9s9g83wxj5k4ixps2agy9dxr1v1fwg27mdr6f"))))
+ "0qjiqc5pknaal57453nxcbz3mn1r4hkyywam41wfcglq3v2qlg39"))))
(build-system gnu-build-system)
(arguments '(#:phases
(modify-phases %standard-phases
diff --git a/gnu/packages/m4.scm b/gnu/packages/m4.scm
index d1ba928768..6ad00f8a58 100644
--- a/gnu/packages/m4.scm
+++ b/gnu/packages/m4.scm
@@ -26,14 +26,14 @@
(define-public m4
(package
(name "m4")
- (version "1.4.17")
+ (version "1.4.18")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/m4/m4-"
- version ".tar.bz2"))
+ version ".tar.xz"))
(sha256
(base32
- "0w0da1chh12mczxa5lnwzjk9czi3dq6gnnndbpa6w4rj76b1yklf"))))
+ "01sfjd5a4waqw83bibvmn522g69qfqvwig9i2qlgy154l1nfihgj"))))
(build-system gnu-build-system)
(arguments
`(;; Explicitly disable tests when cross-compiling, otherwise 'make check'
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index e5c614cee7..d2a559c084 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -416,8 +416,9 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
;; the 'pre-configure phase of our main gcc package, because
;; that shared library is not present in this static gcc. See
;; <https://lists.gnu.org/archive/html/guix-devel/2015-01/msg00008.html>.
- (substitute* (find-files "gcc/config"
- "^gnu-user.*\\.h$")
+ (substitute* (cons "gcc/config/rs6000/sysv4.h"
+ (find-files "gcc/config"
+ "^gnu-user.*\\.h$"))
((" -lgcc_s}}") "}}")))
,phases)))))
(native-inputs
diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm
index 3299c7b5c4..87fe57dc4b 100644
--- a/gnu/packages/mit-krb5.scm
+++ b/gnu/packages/mit-krb5.scm
@@ -32,7 +32,7 @@
(define-public mit-krb5
(package
(name "mit-krb5")
- (version "1.14.3")
+ (version "1.14.4")
(source (origin
(method url-fetch)
(uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
@@ -40,7 +40,7 @@
"/krb5-" version ".tar.gz"))
(sha256
(base32
- "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind"))))
+ "158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3"))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm
index 36e35ca00c..b6d2d7f4af 100644
--- a/gnu/packages/multiprecision.scm
+++ b/gnu/packages/multiprecision.scm
@@ -32,7 +32,7 @@
(define-public gmp
(package
(name "gmp")
- (version "6.1.1")
+ (version "6.1.2")
(source (origin
(method url-fetch)
(uri
@@ -40,7 +40,7 @@
version ".tar.xz"))
(sha256
(base32
- "0cg84n482gcvl0s4xq4wgwsk4r0x0m8dnzpizwqdd2j8vw2rqvnk"))
+ "04hrwahdxyqdik559604r7wrj9ffklwvipgfxgj4ys4skbl6bdc7"))
(patches (search-patches "gmp-faulty-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("m4" ,m4)))
@@ -87,13 +87,13 @@ cryptography and computational algebra.")
(define-public mpfr
(package
(name "mpfr")
- (version "3.1.4")
+ (version "3.1.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/mpfr/mpfr-" version
".tar.xz"))
(sha256 (base32
- "1x8pcnpn1vxfzfsr0js07rwhwyq27fmdzcfjpzi5773ldnqi653n"))))
+ "1g32l2fg8f62lcyzzh88y3fsh6rk539qc6ahhdgvx7wpnf1dwpq1"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h>
diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm
index 6949e1e03f..d725a71c0d 100644
--- a/gnu/packages/ncurses.scm
+++ b/gnu/packages/ncurses.scm
@@ -30,6 +30,7 @@
#:use-module (guix build-system perl)
#:use-module (gnu packages)
#:use-module (gnu packages perl)
+ #:use-module (gnu packages pkg-config)
#:use-module (gnu packages swig)
#:use-module (guix utils))
@@ -87,7 +88,7 @@
(let ((out (assoc-ref outputs "out")))
;; When building a wide-character (Unicode) build, create backward
;; compatibility links from the the "normal" libraries to the
- ;; wide-character libraries (e.g. libncurses.so to libncursesw.so).
+ ;; wide-character ones (e.g. libncurses.so to libncursesw.so).
,@(if (target-mingw?)
'( ;; TODO: create .la files to link to the .dll?
(with-directory-excursion (string-append out "/bin")
@@ -116,7 +117,11 @@
(define lib.so.x
(string-append "lib" lib ".so.6"))
(define lib.so
- (string-append "lib" lib ".so")))
+ (string-append "lib" lib ".so"))
+ (define packagew.pc
+ (string-append lib "w.pc"))
+ (define package.pc
+ (string-append lib ".pc")))
'())
(when (file-exists? libw.a)
@@ -127,7 +132,12 @@
(false-if-exception (delete-file lib.so))
(call-with-output-file lib.so
(lambda (p)
- (format p "INPUT (-l~aw)~%" lib))))
+ (format p "INPUT (-l~aw)~%" lib)))
+ (with-directory-excursion "pkgconfig"
+ (format #t "creating symlink for `~a'~%"
+ package.pc)
+ (when (file-exists? packagew.pc)
+ (symlink packagew.pc package.pc))))
'())))
'("curses" "ncurses" "form" "panel" "menu")))))))
`(#:configure-flags
@@ -135,6 +145,11 @@
'quasiquote
`(("--with-shared" "--without-debug" "--enable-widec"
+ "--enable-pc-files"
+ ,(list 'unquote '(string-append "--with-pkg-config-libdir="
+ (assoc-ref %outputs "out")
+ "/lib/pkgconfig"))
+
;; By default headers land in an `ncursesw' subdir, which is not
;; what users expect.
,(list 'unquote '(string-append "--includedir=" (assoc-ref %outputs "out")
@@ -157,6 +172,8 @@
(add-after 'unpack 'remove-unneeded-shebang
,remove-shebang-phase)))))
(self-native-input? #t) ; for `tic'
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
(native-search-paths
(list (search-path-specification
(variable "TERMINFO_DIRS")
diff --git a/gnu/packages/nettle.scm b/gnu/packages/nettle.scm
index d1203dfe75..e4e0eedc05 100644
--- a/gnu/packages/nettle.scm
+++ b/gnu/packages/nettle.scm
@@ -47,7 +47,7 @@
(outputs '("out" "debug"))
(native-inputs `(("m4" ,m4)))
(propagated-inputs `(("gmp" ,gmp)))
- (home-page "http://www.lysator.liu.se/~nisse/nettle/")
+ (home-page "https://www.lysator.liu.se/~nisse/nettle/")
(synopsis "C library for low-level cryptographic functionality")
(description
"GNU Nettle is a low-level cryptographic library. It is designed to
@@ -60,14 +60,14 @@ themselves.")
;; This version is not API-compatible with version 2. In particular, lsh
;; cannot use it yet. So keep it separate.
(package (inherit nettle-2)
- (version "3.2")
+ (version "3.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/nettle/nettle-"
version ".tar.gz"))
(sha256
(base32
- "15wxhk52yc62rx0pddmry66hqm6z5brrrkx4npd3wh9nybg86hpa"))))
+ "07mif3af077763vc35s1x8vzhzlgqcgxh67c1xr13jnhslkjd526"))))
(arguments
(substitute-keyword-arguments (package-arguments nettle-2)
((#:configure-flags flags)
diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch
deleted file mode 100644
index 1f3cb028d4..0000000000
--- a/gnu/packages/patches/flex-CVE-2016-6354.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
-https://security-tracker.debian.org/tracker/CVE-2016-6354
-
-Patch copied from upstream source repository:
-https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
-
-From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
-From: Will Estes <westes575@gmail.com>
-Date: Sat, 27 Feb 2016 11:56:05 -0500
-Subject: [PATCH] Fixed incorrect integer type
-
----
- src/flex.skl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/flex.skl b/src/flex.skl
-index 36a526a..64f853d 100644
---- a/src/flex.skl
-+++ b/src/flex.skl
-@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
-
- else
- {
-- yy_size_t num_to_read =
-+ int num_to_read =
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )
diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch
new file mode 100644
index 0000000000..a612c9e00e
--- /dev/null
+++ b/gnu/packages/patches/gcc-libiberty-printf-decl.patch
@@ -0,0 +1,28 @@
+This patch makes the exeception specifier of libiberty's 'asprintf'
+and 'vasprintf' declarations match those of glibc to work around the
+problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>.
+
+The problem in part stems from the fact that libiberty is configured
+without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1
+is configured and built with _GNU_SOURCE, hence the conflicting declarations.
+
+--- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200
++++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200
+@@ -625,7 +625,7 @@ extern int pwait (int, int *, int);
+ /* Like sprintf but provides a pointer to malloc'd storage, which must
+ be freed by the caller. */
+
+-extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2;
++extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2;
+ #endif
+
+ /* Like asprintf but allocates memory without fail. This works like
+@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, ..
+ /* Like vsprintf but provides a pointer to malloc'd storage, which
+ must be freed by the caller. */
+
+-extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0);
++extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0);
+ #endif
+
+ /* Like vasprintf but allocates memory without fail. This works like
diff --git a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch b/gnu/packages/patches/libarchive-7zip-heap-overflow.patch
deleted file mode 100644
index bef628f0a8..0000000000
--- a/gnu/packages/patches/libarchive-7zip-heap-overflow.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Fix buffer overflow reading 7Zip files:
-
-https://github.com/libarchive/libarchive/issues/761
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126
-
-From 7f17c791dcfd8c0416e2cd2485b19410e47ef126 Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 18 Sep 2016 18:14:58 -0700
-Subject: [PATCH] Issue 761: Heap overflow reading corrupted 7Zip files
-
-The sample file that demonstrated this had multiple 'EmptyStream'
-attributes. The first one ended up being used to calculate
-certain statistics, then was overwritten by the second which
-was incompatible with those statistics.
-
-The fix here is to reject any header with multiple EmptyStream
-attributes. While here, also reject headers with multiple
-EmptyFile, AntiFile, Name, or Attributes markers.
----
- libarchive/archive_read_support_format_7zip.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
-index 1dfe52b..c0a536c 100644
---- a/libarchive/archive_read_support_format_7zip.c
-+++ b/libarchive/archive_read_support_format_7zip.c
-@@ -2431,6 +2431,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
-
- switch (type) {
- case kEmptyStream:
-+ if (h->emptyStreamBools != NULL)
-+ return (-1);
- h->emptyStreamBools = calloc((size_t)zip->numFiles,
- sizeof(*h->emptyStreamBools));
- if (h->emptyStreamBools == NULL)
-@@ -2451,6 +2453,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- return (-1);
- break;
- }
-+ if (h->emptyFileBools != NULL)
-+ return (-1);
- h->emptyFileBools = calloc(empty_streams,
- sizeof(*h->emptyFileBools));
- if (h->emptyFileBools == NULL)
-@@ -2465,6 +2469,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- return (-1);
- break;
- }
-+ if (h->antiBools != NULL)
-+ return (-1);
- h->antiBools = calloc(empty_streams,
- sizeof(*h->antiBools));
- if (h->antiBools == NULL)
-@@ -2491,6 +2497,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- if ((ll & 1) || ll < zip->numFiles * 4)
- return (-1);
-
-+ if (zip->entry_names != NULL)
-+ return (-1);
- zip->entry_names = malloc(ll);
- if (zip->entry_names == NULL)
- return (-1);
-@@ -2543,6 +2551,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- if ((p = header_bytes(a, 2)) == NULL)
- return (-1);
- allAreDefined = *p;
-+ if (h->attrBools != NULL)
-+ return (-1);
- h->attrBools = calloc((size_t)zip->numFiles,
- sizeof(*h->attrBools));
- if (h->attrBools == NULL)
---
-2.10.0
-
diff --git a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch b/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch
deleted file mode 100644
index bce63d5e4e..0000000000
--- a/gnu/packages/patches/libarchive-fix-filesystem-attacks.patch
+++ /dev/null
@@ -1,445 +0,0 @@
-This patch fixes two bugs that allow attackers to overwrite or change
-the permissions of arbitrary files:
-
-https://github.com/libarchive/libarchive/issues/745
-https://github.com/libarchive/libarchive/issues/746
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
-
-From dfd6b54ce33960e420fb206d8872fb759b577ad9 Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 11 Sep 2016 13:21:57 -0700
-Subject: [PATCH] Fixes for Issue #745 and Issue #746 from Doran Moppert.
-
----
- libarchive/archive_write_disk_posix.c | 294 ++++++++++++++++++++++++++--------
- 1 file changed, 227 insertions(+), 67 deletions(-)
-
-diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
-index 8f0421e..abe1a86 100644
---- a/libarchive/archive_write_disk_posix.c
-+++ b/libarchive/archive_write_disk_posix.c
-@@ -326,12 +326,14 @@ struct archive_write_disk {
-
- #define HFS_BLOCKS(s) ((s) >> 12)
-
-+static int check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
- static int check_symlinks(struct archive_write_disk *);
- static int create_filesystem_object(struct archive_write_disk *);
- static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
- #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
- static void edit_deep_directories(struct archive_write_disk *ad);
- #endif
-+static int cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
- static int cleanup_pathname(struct archive_write_disk *);
- static int create_dir(struct archive_write_disk *, char *);
- static int create_parent_dir(struct archive_write_disk *, char *);
-@@ -2014,6 +2016,10 @@ create_filesystem_object(struct archive_write_disk *a)
- const char *linkname;
- mode_t final_mode, mode;
- int r;
-+ /* these for check_symlinks_fsobj */
-+ char *linkname_copy; /* non-const copy of linkname */
-+ struct archive_string error_string;
-+ int error_number;
-
- /* We identify hard/symlinks according to the link names. */
- /* Since link(2) and symlink(2) don't handle modes, we're done here. */
-@@ -2022,6 +2028,27 @@ create_filesystem_object(struct archive_write_disk *a)
- #if !HAVE_LINK
- return (EPERM);
- #else
-+ archive_string_init(&error_string);
-+ linkname_copy = strdup(linkname);
-+ if (linkname_copy == NULL) {
-+ return (EPERM);
-+ }
-+ /* TODO: consider using the cleaned-up path as the link target? */
-+ r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags);
-+ if (r != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ free(linkname_copy);
-+ /* EPERM is more appropriate than error_number for our callers */
-+ return (EPERM);
-+ }
-+ r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags);
-+ if (r != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ free(linkname_copy);
-+ /* EPERM is more appropriate than error_number for our callers */
-+ return (EPERM);
-+ }
-+ free(linkname_copy);
- r = link(linkname, a->name) ? errno : 0;
- /*
- * New cpio and pax formats allow hardlink entries
-@@ -2362,115 +2389,228 @@ current_fixup(struct archive_write_disk *a, const char *pathname)
- * recent paths.
- */
- /* TODO: Extend this to support symlinks on Windows Vista and later. */
-+
-+/*
-+ * Checks the given path to see if any elements along it are symlinks. Returns
-+ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
-+ */
- static int
--check_symlinks(struct archive_write_disk *a)
-+check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
- {
- #if !defined(HAVE_LSTAT)
- /* Platform doesn't have lstat, so we can't look for symlinks. */
- (void)a; /* UNUSED */
-+ (void)path; /* UNUSED */
-+ (void)error_number; /* UNUSED */
-+ (void)error_string; /* UNUSED */
-+ (void)flags; /* UNUSED */
- return (ARCHIVE_OK);
- #else
-- char *pn;
-+ int res = ARCHIVE_OK;
-+ char *tail;
-+ char *head;
-+ int last;
- char c;
- int r;
- struct stat st;
-+ int restore_pwd;
-+
-+ /* Nothing to do here if name is empty */
-+ if(path[0] == '\0')
-+ return (ARCHIVE_OK);
-
- /*
- * Guard against symlink tricks. Reject any archive entry whose
- * destination would be altered by a symlink.
-+ *
-+ * Walk the filename in chunks separated by '/'. For each segment:
-+ * - if it doesn't exist, continue
-+ * - if it's symlink, abort or remove it
-+ * - if it's a directory and it's not the last chunk, cd into it
-+ * As we go:
-+ * head points to the current (relative) path
-+ * tail points to the temporary \0 terminating the segment we're currently examining
-+ * c holds what used to be in *tail
-+ * last is 1 if this is the last tail
- */
-- /* Whatever we checked last time doesn't need to be re-checked. */
-- pn = a->name;
-- if (archive_strlen(&(a->path_safe)) > 0) {
-- char *p = a->path_safe.s;
-- while ((*pn != '\0') && (*p == *pn))
-- ++p, ++pn;
-- }
-+ restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
-+ __archive_ensure_cloexec_flag(restore_pwd);
-+ if (restore_pwd < 0)
-+ return (ARCHIVE_FATAL);
-+ head = path;
-+ tail = path;
-+ last = 0;
-+ /* TODO: reintroduce a safe cache here? */
- /* Skip the root directory if the path is absolute. */
-- if(pn == a->name && pn[0] == '/')
-- ++pn;
-- c = pn[0];
-- /* Keep going until we've checked the entire name. */
-- while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
-+ if(tail == path && tail[0] == '/')
-+ ++tail;
-+ /* Keep going until we've checked the entire name.
-+ * head, tail, path all alias the same string, which is
-+ * temporarily zeroed at tail, so be careful restoring the
-+ * stashed (c=tail[0]) for error messages.
-+ * Exiting the loop with break is okay; continue is not.
-+ */
-+ while (!last) {
-+ /* Skip the separator we just consumed, plus any adjacent ones */
-+ while (*tail == '/')
-+ ++tail;
- /* Skip the next path element. */
-- while (*pn != '\0' && *pn != '/')
-- ++pn;
-- c = pn[0];
-- pn[0] = '\0';
-+ while (*tail != '\0' && *tail != '/')
-+ ++tail;
-+ /* is this the last path component? */
-+ last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0');
-+ /* temporarily truncate the string here */
-+ c = tail[0];
-+ tail[0] = '\0';
- /* Check that we haven't hit a symlink. */
-- r = lstat(a->name, &st);
-+ r = lstat(head, &st);
- if (r != 0) {
-+ tail[0] = c;
- /* We've hit a dir that doesn't exist; stop now. */
- if (errno == ENOENT) {
- break;
- } else {
-- /* Note: This effectively disables deep directory
-+ /* Treat any other error as fatal - best to be paranoid here
-+ * Note: This effectively disables deep directory
- * support when security checks are enabled.
- * Otherwise, very long pathnames that trigger
- * an error here could evade the sandbox.
- * TODO: We could do better, but it would probably
- * require merging the symlink checks with the
- * deep-directory editing. */
-- return (ARCHIVE_FAILED);
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not stat %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
-+ }
-+ } else if (S_ISDIR(st.st_mode)) {
-+ if (!last) {
-+ if (chdir(head) != 0) {
-+ tail[0] = c;
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not chdir %s",
-+ path);
-+ res = (ARCHIVE_FATAL);
-+ break;
-+ }
-+ /* Our view is now from inside this dir: */
-+ head = tail + 1;
- }
- } else if (S_ISLNK(st.st_mode)) {
-- if (c == '\0') {
-+ if (last) {
- /*
- * Last element is symlink; remove it
- * so we can overwrite it with the
- * item being extracted.
- */
-- if (unlink(a->name)) {
-- archive_set_error(&a->archive, errno,
-- "Could not remove symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ if (unlink(head)) {
-+ tail[0] = c;
-+ if (error_number) *error_number = errno;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Could not remove symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
-- a->pst = NULL;
- /*
- * Even if we did remove it, a warning
- * is in order. The warning is silly,
- * though, if we're just replacing one
- * symlink with another symlink.
- */
-- if (!S_ISLNK(a->mode)) {
-- archive_set_error(&a->archive, 0,
-- "Removing symlink %s",
-- a->name);
-+ tail[0] = c;
-+ /* FIXME: not sure how important this is to restore
-+ if (!S_ISLNK(path)) {
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Removing symlink %s",
-+ path);
- }
-+ */
- /* Symlink gone. No more problem! */
-- pn[0] = c;
-- return (0);
-- } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
-+ res = ARCHIVE_OK;
-+ break;
-+ } else if (flags & ARCHIVE_EXTRACT_UNLINK) {
- /* User asked us to remove problems. */
-- if (unlink(a->name) != 0) {
-- archive_set_error(&a->archive, 0,
-- "Cannot remove intervening symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ if (unlink(head) != 0) {
-+ tail[0] = c;
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Cannot remove intervening symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
-- a->pst = NULL;
-+ tail[0] = c;
- } else {
-- archive_set_error(&a->archive, 0,
-- "Cannot extract through symlink %s",
-- a->name);
-- pn[0] = c;
-- return (ARCHIVE_FAILED);
-+ tail[0] = c;
-+ if (error_number) *error_number = 0;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Cannot extract through symlink %s",
-+ path);
-+ res = ARCHIVE_FAILED;
-+ break;
- }
- }
-- pn[0] = c;
-- if (pn[0] != '\0')
-- pn++; /* Advance to the next segment. */
-+ /* be sure to always maintain this */
-+ tail[0] = c;
-+ if (tail[0] != '\0')
-+ tail++; /* Advance to the next segment. */
- }
-- pn[0] = c;
-- /* We've checked and/or cleaned the whole path, so remember it. */
-- archive_strcpy(&a->path_safe, a->name);
-- return (ARCHIVE_OK);
-+ /* Catches loop exits via break */
-+ tail[0] = c;
-+#ifdef HAVE_FCHDIR
-+ /* If we changed directory above, restore it here. */
-+ if (restore_pwd >= 0) {
-+ r = fchdir(restore_pwd);
-+ if (r != 0) {
-+ if(error_number) *error_number = errno;
-+ if(error_string)
-+ archive_string_sprintf(error_string,
-+ "chdir() failure");
-+ }
-+ close(restore_pwd);
-+ restore_pwd = -1;
-+ if (r != 0) {
-+ res = (ARCHIVE_FATAL);
-+ }
-+ }
-+#endif
-+ /* TODO: reintroduce a safe cache here? */
-+ return res;
- #endif
- }
-
-+/*
-+ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise
-+ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED}
-+ */
-+static int
-+check_symlinks(struct archive_write_disk *a)
-+{
-+ struct archive_string error_string;
-+ int error_number;
-+ int rc;
-+ archive_string_init(&error_string);
-+ rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags);
-+ if (rc != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ }
-+ archive_string_free(&error_string);
-+ a->pst = NULL; /* to be safe */
-+ return rc;
-+}
-+
-+
- #if defined(__CYGWIN__)
- /*
- * 1. Convert a path separator from '\' to '/' .
-@@ -2544,15 +2684,17 @@ cleanup_pathname_win(struct archive_write_disk *a)
- * is set) if the path is absolute.
- */
- static int
--cleanup_pathname(struct archive_write_disk *a)
-+cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
- {
- char *dest, *src;
- char separator = '\0';
-
-- dest = src = a->name;
-+ dest = src = path;
- if (*src == '\0') {
-- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-- "Invalid empty pathname");
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Invalid empty pathname");
- return (ARCHIVE_FAILED);
- }
-
-@@ -2561,9 +2703,11 @@ cleanup_pathname(struct archive_write_disk *a)
- #endif
- /* Skip leading '/'. */
- if (*src == '/') {
-- if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
-- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-- "Path is absolute");
-+ if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Path is absolute");
- return (ARCHIVE_FAILED);
- }
-
-@@ -2590,10 +2734,11 @@ cleanup_pathname(struct archive_write_disk *a)
- } else if (src[1] == '.') {
- if (src[2] == '/' || src[2] == '\0') {
- /* Conditionally warn about '..' */
-- if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
-- archive_set_error(&a->archive,
-- ARCHIVE_ERRNO_MISC,
-- "Path contains '..'");
-+ if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
-+ if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
-+ if (error_string)
-+ archive_string_sprintf(error_string,
-+ "Path contains '..'");
- return (ARCHIVE_FAILED);
- }
- }
-@@ -2624,7 +2769,7 @@ cleanup_pathname(struct archive_write_disk *a)
- * We've just copied zero or more path elements, not including the
- * final '/'.
- */
-- if (dest == a->name) {
-+ if (dest == path) {
- /*
- * Nothing got copied. The path must have been something
- * like '.' or '/' or './' or '/././././/./'.
-@@ -2639,6 +2784,21 @@ cleanup_pathname(struct archive_write_disk *a)
- return (ARCHIVE_OK);
- }
-
-+static int
-+cleanup_pathname(struct archive_write_disk *a)
-+{
-+ struct archive_string error_string;
-+ int error_number;
-+ int rc;
-+ archive_string_init(&error_string);
-+ rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags);
-+ if (rc != ARCHIVE_OK) {
-+ archive_set_error(&a->archive, error_number, "%s", error_string.s);
-+ }
-+ archive_string_free(&error_string);
-+ return rc;
-+}
-+
- /*
- * Create the parent directory of the specified path, assuming path
- * is already in mutable storage.
diff --git a/gnu/packages/patches/libarchive-fix-symlink-check.patch b/gnu/packages/patches/libarchive-fix-symlink-check.patch
deleted file mode 100644
index f042c31a84..0000000000
--- a/gnu/packages/patches/libarchive-fix-symlink-check.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Make sure to check for symlinks even if the pathname is very long:
-
-https://github.com/libarchive/libarchive/issues/744
-
-Patch copied from upstream repository:
-
-https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a
-
-From 1fa9c7bf90f0862036a99896b0501c381584451a Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 21 Aug 2016 17:11:45 -0700
-Subject: [PATCH] Issue #744 (part of Issue #743): Enforce sandbox with very
- long pathnames
-
-Because check_symlinks is handled separately from the deep-directory
-support, very long pathnames cause problems. Previously, the code
-ignored most failures to lstat() a path component. In particular,
-this led to check_symlinks always passing for very long paths, which
-in turn provides a way to evade the symlink checks in the sandboxing
-code.
-
-We now fail on unrecognized lstat() failures, which plugs this
-hole at the cost of disabling deep directory support when the
-user requests sandboxing.
-
-TODO: This probably cannot be completely fixed without
-entirely reimplementing the deep directory support to
-integrate the symlink checks. I want to reimplement the
-deep directory hanlding someday anyway; openat() and
-related system calls now provide a much cleaner way to
-handle deep directories than the chdir approach used by this
-code.
----
- libarchive/archive_write_disk_posix.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
-index 39ee3b6..8f0421e 100644
---- a/libarchive/archive_write_disk_posix.c
-+++ b/libarchive/archive_write_disk_posix.c
-@@ -2401,8 +2401,18 @@ check_symlinks(struct archive_write_disk *a)
- r = lstat(a->name, &st);
- if (r != 0) {
- /* We've hit a dir that doesn't exist; stop now. */
-- if (errno == ENOENT)
-+ if (errno == ENOENT) {
- break;
-+ } else {
-+ /* Note: This effectively disables deep directory
-+ * support when security checks are enabled.
-+ * Otherwise, very long pathnames that trigger
-+ * an error here could evade the sandbox.
-+ * TODO: We could do better, but it would probably
-+ * require merging the symlink checks with the
-+ * deep-directory editing. */
-+ return (ARCHIVE_FAILED);
-+ }
- } else if (S_ISLNK(st.st_mode)) {
- if (c == '\0') {
- /*
diff --git a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch b/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch
deleted file mode 100644
index 0e70ac90ce..0000000000
--- a/gnu/packages/patches/libarchive-safe_fprintf-buffer-overflow.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fixes this buffer overflow:
-https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
-
-Patch copied from upstream source repository:
-https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
-
-From e37b620fe8f14535d737e89a4dcabaed4517bf1a Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 21 Aug 2016 10:51:43 -0700
-Subject: [PATCH] Issue #767: Buffer overflow printing a filename
-
-The safe_fprintf function attempts to ensure clean output for an
-arbitrary sequence of bytes by doing a trial conversion of the
-multibyte characters to wide characters -- if the resulting wide
-character is printable then we pass through the corresponding bytes
-unaltered, otherwise, we convert them to C-style ASCII escapes.
-
-The stack trace in Issue #767 suggest that the 20-byte buffer
-was getting overflowed trying to format a non-printable multibyte
-character. This should only happen if there is a valid multibyte
-character of more than 5 bytes that was unprintable. (Each byte
-would get expanded to a four-charcter octal-style escape of the form
-"\123" resulting in >20 characters for the >5 byte multibyte character.)
-
-I've not been able to reproduce this, but have expanded the conversion
-buffer to 128 bytes on the belief that no multibyte character set
-has a single character of more than 32 bytes.
----
- tar/util.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tar/util.c b/tar/util.c
-index 9ff22f2..2b4aebe 100644
---- a/tar/util.c
-+++ b/tar/util.c
-@@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...)
- }
-
- /* If our output buffer is full, dump it and keep going. */
-- if (i > (sizeof(outbuff) - 20)) {
-+ if (i > (sizeof(outbuff) - 128)) {
- outbuff[i] = '\0';
- fprintf(f, "%s", outbuff);
- i = 0;
diff --git a/gnu/packages/patches/sed-hurd-path-max.patch b/gnu/packages/patches/sed-hurd-path-max.patch
deleted file mode 100644
index 5226cba4cb..0000000000
--- a/gnu/packages/patches/sed-hurd-path-max.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-7bb8d35d0330161a5af5341471d0c183a067e8c2
-Author: Jose E. Marchesi <jemarch@gnu.org>
-Date: Sun Oct 6 14:43:38 2013 +0200
-
- Set PATH_MAX to some constant in case it is not defined in system
- headers.
-
- 2013-10-06 Jose E. Marchesi <jemarch@gnu.org>
-
- * basicdefs.h (PATH_MAX): Defined to some constant in case it is
- not defined by system headers.
- * sed/utils.c: Do not include pathmax.h anymore.
- * bootstrap.conf (gnulib_modules): Do not use the gnulib module
- pathmax.
-
-diff --git a/basicdefs.h b/basicdefs.h
-index 0d28a97..09f5beb 100644
---- a/basicdefs.h
-+++ b/basicdefs.h
-@@ -40,6 +41,13 @@ typedef unsigned long countT;
- #define obstack_chunk_alloc ck_malloc
- #define obstack_chunk_free free
-
-+/* MAX_PATH is not defined in some platforms, most notably GNU/Hurd.
-+ In that case we define it here to some constant. Note however that
-+ this relies in the fact that sed does reallocation if a buffer
-+ needs to be larger than PATH_MAX. */
-+#ifndef PATH_MAX
-+# define PATH_MAX 200
-+#endif
-
- /* handle misdesigned <ctype.h> macros (snarfed from lib/regex.c) */
- /* Jim Meyering writes:
-
diff --git a/gnu/packages/patches/tar-CVE-2016-6321.patch b/gnu/packages/patches/tar-CVE-2016-6321.patch
new file mode 100644
index 0000000000..b79be9bc94
--- /dev/null
+++ b/gnu/packages/patches/tar-CVE-2016-6321.patch
@@ -0,0 +1,51 @@
+Fix CVE-2016-6321:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321
+https://security-tracker.debian.org/tracker/CVE-2016-6321
+
+Patch adapted from upstream source repository (the changes to 'NEWS'
+don't apply to the Tar 1.29 release tarball).
+
+http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
+
+From 7340f67b9860ea0531c1450e5aa261c50f67165d Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@Penguin.CS.UCLA.EDU>
+Date: Sat, 29 Oct 2016 21:04:40 -0700
+Subject: [PATCH] When extracting, skip ".." members
+
+* NEWS: Document this.
+* src/extract.c (extract_archive): Skip members whose names
+contain "..".
+---
+ NEWS | 8 +++++++-
+ src/extract.c | 8 ++++++++
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/src/extract.c b/src/extract.c
+index f982433..7904148 100644
+--- a/src/extract.c
++++ b/src/extract.c
+@@ -1629,12 +1629,20 @@ extract_archive (void)
+ {
+ char typeflag;
+ tar_extractor_t fun;
++ bool skip_dotdot_name;
+
+ fatal_exit_hook = extract_finish;
+
+ set_next_block_after (current_header);
+
++ skip_dotdot_name = (!absolute_names_option
++ && contains_dot_dot (current_stat_info.orig_file_name));
++ if (skip_dotdot_name)
++ ERROR ((0, 0, _("%s: Member name contains '..'"),
++ quotearg_colon (current_stat_info.orig_file_name)));
++
+ if (!current_stat_info.file_name[0]
++ || skip_dotdot_name
+ || (interactive_option
+ && !confirm ("extract", current_stat_info.file_name)))
+ {
+--
+2.11.0
+
diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm
index a84ff43d77..16b098517a 100644
--- a/gnu/packages/php.scm
+++ b/gnu/packages/php.scm
@@ -309,7 +309,7 @@
("pcre" ,pcre)
("postgresql" ,postgresql)
("readline" ,readline)
- ("sqlite" ,sqlite-3.15.1)
+ ("sqlite" ,sqlite)
("tidy" ,tidy)
("zip" ,zip)
("zlib" ,zlib)))
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 0fe6598bb2..5b6800346c 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -85,7 +85,7 @@ remote applications.")
(define-public libssh2
(package
(name "libssh2")
- (version "1.7.0")
+ (version "1.8.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -93,7 +93,7 @@ remote applications.")
version ".tar.gz"))
(sha256
(base32
- "116mh112w48vv9k3f15ggp5kxw5sj4b88dzb5j69llsh7ba1ymp4"))))
+ "1m3n8spv79qhjq4yi0wgly5s5rc8783jb1pyra9bkx1md0plxwrr"))))
(build-system gnu-build-system)
;; The installed libssh2.pc file does not include paths to libgcrypt and
;; zlib libraries, so we need to propagate the inputs.
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index e577421fac..111942ab1f 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -138,7 +138,7 @@ living in the same process.")
(define-public gnutls
(package
(name "gnutls")
- (version "3.5.4")
+ (version "3.5.7")
(source (origin
(method url-fetch)
(uri
@@ -149,7 +149,7 @@ living in the same process.")
"/gnutls-" version ".tar.xz"))
(sha256
(base32
- "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))
+ "06l6sza1wk7cr910i70jbc68labklkd229kiiniwys32kq8zrjv0"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
@@ -294,7 +294,6 @@ required structures.")
(lib (string-append out "/lib"))
(static (assoc-ref outputs "static"))
(slib (string-append static "/lib")))
- (mkdir-p slib)
(for-each (lambda (file)
(install-file file slib)
(delete-file file))
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 3930d21617..1267d3106d 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -3830,7 +3830,7 @@ extension to the X11 protocol. It includes:
(define-public xkeyboard-config
(package
(name "xkeyboard-config")
- (version "2.18")
+ (version "2.19")
(source
(origin
(method url-fetch)
@@ -3840,7 +3840,7 @@ extension to the X11 protocol. It includes:
".tar.bz2"))
(sha256
(base32
- "1l6x2w357ja8vm94ns79s7yj9a5dlr01r9dxrjvzwncadiyr27f4"))))
+ "09sqyi430bbg13pp8j0j60p9p9xn2lpqx38xw1lyv77bp63d3pw3"))))
(build-system gnu-build-system)
(inputs
`(("gettext" ,gettext-minimal)
@@ -4774,7 +4774,7 @@ script around the mkfontscale program.")
(define-public xproto
(package
(name "xproto")
- (version "7.0.29")
+ (version "7.0.31")
(source
(origin
(method url-fetch)
@@ -4784,7 +4784,7 @@ script around the mkfontscale program.")
".tar.bz2"))
(sha256
(base32
- "12lzpa9mrzkyrhrphzpi1014np3328qg7mdq08wj6wyaj9q4f6kc"))))
+ "0ivpxz0rx2a7nahkpkhfgymz7j0pwzaqvyqpdgw9afmxl1yp9yf6"))))
(build-system gnu-build-system)
(propagated-inputs
`(("util-macros" ,util-macros))) ; to get util-macros in (almost?) all package inputs