diff options
author | Mark H Weaver <mhw@netris.org> | 2016-12-10 23:03:57 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2016-12-10 23:03:57 -0500 |
commit | d94691e0c21440657ad198b03145743d4a876829 (patch) | |
tree | 20dd105c352c117244eed15f6ffcc3ea3ba43b00 | |
parent | 72c0b687800a617b891565f5a85bb06c1e1ba015 (diff) | |
parent | edd1652e0a66c7d0713c810c1e3711840d5ab8bc (diff) | |
download | guix-d94691e0c21440657ad198b03145743d4a876829.tar.gz |
Merge branch 'master' into staging
-rw-r--r-- | doc/guix.texi | 6 | ||||
-rw-r--r-- | gnu/local.mk | 2 | ||||
-rw-r--r-- | gnu/packages/bioinformatics.scm | 11 | ||||
-rw-r--r-- | gnu/packages/gnustep.scm | 8 | ||||
-rw-r--r-- | gnu/packages/gnuzilla.scm | 10 | ||||
-rw-r--r-- | gnu/packages/haskell.scm | 213 | ||||
-rw-r--r-- | gnu/packages/image.scm | 17 | ||||
-rw-r--r-- | gnu/packages/libevent.scm | 4 | ||||
-rw-r--r-- | gnu/packages/linux.scm | 72 | ||||
-rw-r--r-- | gnu/packages/maths.scm | 4 | ||||
-rw-r--r-- | gnu/packages/music.scm | 68 | ||||
-rw-r--r-- | gnu/packages/ocaml.scm | 70 | ||||
-rw-r--r-- | gnu/packages/password-utils.scm | 4 | ||||
-rw-r--r-- | gnu/packages/patches/openjpeg-CVE-2015-6581.patch | 47 | ||||
-rw-r--r-- | gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch | 245 | ||||
-rw-r--r-- | gnu/packages/tls.scm | 45 | ||||
-rw-r--r-- | gnu/packages/video.scm | 4 | ||||
-rw-r--r-- | gnu/packages/web.scm | 4 | ||||
-rw-r--r-- | guix/scripts/offload.scm | 38 |
19 files changed, 726 insertions, 146 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 71de73b953..0cb1bc7665 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -1005,6 +1005,12 @@ command line: # guix offload test machines-qualif.scm @end example +Last, you can test the subset of the machines whose name matches a +regular expression like this: + +@example +# guix offload test machines.scm '\.gnu\.org$' +@end example @node Invoking guix-daemon @section Invoking @command{guix-daemon} diff --git a/gnu/local.mk b/gnu/local.mk index f8202e2e72..c6cb55b06f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -747,9 +747,9 @@ dist_patch_DATA = \ %D%/packages/patches/ola-readdir-r.patch \ %D%/packages/patches/onionshare-fix-install-paths.patch \ %D%/packages/patches/openexr-missing-samples.patch \ - %D%/packages/patches/openjpeg-CVE-2015-6581.patch \ %D%/packages/patches/openjpeg-CVE-2016-5157.patch \ %D%/packages/patches/openjpeg-CVE-2016-7163.patch \ + %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch \ %D%/packages/patches/openjpeg-use-after-free-fix.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssh-memory-exhaustion.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 625935dfd7..9ab55fb965 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -5629,7 +5629,7 @@ track. The database is exposed as a @code{TxDb} object.") (define-public vsearch (package (name "vsearch") - (version "2.3.3") + (version "2.3.4") (source (origin (method url-fetch) @@ -5639,7 +5639,7 @@ track. The database is exposed as a @code{TxDb} object.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1d3670apjy15c9l40fpq71lifxga6j9z2gisdirycwk18s4mvcp2")) + "1xyraxmhyx62mxx8z7c8waygvcijwkh48ms1ar60w2cv2y2sn4al")) (modules '((guix build utils))) (snippet '(begin @@ -5699,15 +5699,16 @@ Needleman-Wunsch).") (define-public pardre (package (name "pardre") - (version "1.1.5") + ;; The source of 1.1.5 changed in place, so we append "-1" to the version. + (version "1.1.5-1") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/pardre/ParDRe-rel" - version ".tar.gz")) + "1.1.5" ".tar.gz")) (sha256 (base32 - "0zkyjzv4s8q2h5npalhirbk17r5b1h0n2a42mh7njzlf047h9bhy")))) + "17j73nc0viq4f6qj50nrndsrif5d6b71q8fl87m54psiv0ilns2b")))) (build-system gnu-build-system) (arguments `(#:tests? #f ; no tests included diff --git a/gnu/packages/gnustep.scm b/gnu/packages/gnustep.scm index 6c365cbbc4..8f72bb3253 100644 --- a/gnu/packages/gnustep.scm +++ b/gnu/packages/gnustep.scm @@ -60,7 +60,13 @@ (string-append "\"" bin "/wmaker.inst"))) (substitute* '("src/defaults.c" "WPrefs.app/Menu.c") (("\"wmsetbg") - (string-append "\"" bin "/wmsetbg"))))) + (string-append "\"" bin "/wmsetbg"))) + ;; Add enough cells to the command character array to + ;; allow passing our large path to the wmsetbg binary. + ;; The path to wmsetbg in Guix requires 67 extra characters. + (substitute* "src/defaults.c" + (("len = strlen\\(text\\) \\+ 40;") + (string-append "len = strlen(text) + 107;"))))) (alist-cons-after 'install 'wrap (lambda* (#:key outputs #:allow-other-keys) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index f63e950f29..5f7e45183b 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -337,7 +337,15 @@ standards.") (mozilla-patch "icecat-bug-1279202.patch" "e560997291af" "1hn35slasfcj3ryka4fsarx4l9r99z0iwj67fmbv6zxz4z133kks") (mozilla-patch "icecat-bug-1320039.patch" "21c615b65048" "0ibgsxa36x9ajn2jqbhxxvrfvj6x6iyspsmzzn4brdz11n93skhr") (mozilla-patch "icecat-bug-1320057.patch" "c15e5afc0430" "17gj32agqs94548z8lvz0l6zz3kbwajn8as0y4iw5nb6jsll4c66") - (mozilla-patch "icecat-bug-1163212.patch" "46163fb1cb34" "1yikayczfgfla3aka0159apq3149d52sgvlca0sivx4myd0lvjm7"))) + (mozilla-patch "icecat-bug-1163212.patch" "46163fb1cb34" "1yikayczfgfla3aka0159apq3149d52sgvlca0sivx4myd0lvjm7") + (mozilla-patch "icecat-bug-1317805.patch" "cde2a37100f5" "100abggnhwyw84almxrkxqfpyfkd4pqkcrh5y9g4d3jd2h16asvl") + (mozilla-patch "icecat-bug-1298773-pt1.patch" "9b78ab1e6d07" "19ib6bp96xk000ll40b8qxvizkncyzclz2rsb9w5fa42qs9978ff") + (mozilla-patch "icecat-bug-1298773-pt2.patch" "78ebf9c9dfb0" "1shgr4rk6r2zxr1qqk1j3qnnqzqxnbi093qhlrfh8q5q1ivqf6k1") + (mozilla-patch "icecat-bug-1299098.patch" "a46a9f16823c" "0dwkyz3kcqnfcbhbfh2lss7s0yh87rgzb871qxx3x4ynyqph9mnz") + (mozilla-patch "icecat-bug-1311687.patch" "6bc7cc7a33a6" "1wggcqv84n8mp7xps7hy4rwy61fkh45imfqzc0b46s3w5hyhypn2") + (mozilla-patch "icecat-bug-1287912.patch" "778f65148b40" "0j2a153sk0654vv2lnxjib4lwml3mlqn6vs46c2pp82iba8nyfrm") + (mozilla-patch "icecat-bug-1312272.patch" "94bd2b43c766" "10h0qpr6m9cqyqxxnkbb6mzb3cagavzlynkxgd7a4izyq1bv28rk") + (mozilla-patch "icecat-bug-1315631.patch" "893de7431d51" "11gyik8mwipl6ipypkvdq519pw7ccbg0g0bnvxb7271n44cqqcq5"))) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm index 7a7d6bab87..8e5927a00b 100644 --- a/gnu/packages/haskell.scm +++ b/gnu/packages/haskell.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2016 David Craven <david@craven.ch> ;;; ;;; This file is part of GNU Guix. ;;; @@ -2315,36 +2316,34 @@ the parsers provided by @code{parsec}, @code{attoparsec} and @code{base}'s (define-public ghc-trifecta (package (name "ghc-trifecta") - (version "1.5.2") - (source - (origin - (method url-fetch) - (uri (string-append - "https://hackage.haskell.org/package/trifecta/trifecta-" - version - ".tar.gz")) - (sha256 - (base32 - "0fjhnsbafl3yw34pyhcsvrqy6a2mnhyqys6gna3rrlygs8ck7hpb")))) + (version "1.6") + (source (origin + (method url-fetch) + (uri (string-append + "https://hackage.haskell.org/package/trifecta/" + "trifecta-" version ".tar.gz")) + (sha256 + (base32 + "0rbhv9m17k7l1zr70i0yw5da0qjgxmfh1da8brj0zdzwjn9ac0mk")))) (build-system haskell-build-system) - (arguments `(#:tests? #f)) ; FIXME: Test fails with "cannot satisfy - ; -package ansi-terminal-0.6.2.3" (inputs - `(("ghc-charset" ,ghc-charset) - ("ghc-comonad" ,ghc-comonad) - ("ghc-lens" ,ghc-lens) - ("ghc-profunctors" ,ghc-profunctors) - ("ghc-reducers" ,ghc-reducers) + `(("ghc-reducers" ,ghc-reducers) ("ghc-semigroups" ,ghc-semigroups) ("ghc-ansi-wl-pprint" ,ghc-ansi-wl-pprint) ("ghc-ansi-terminal" ,ghc-ansi-terminal) ("ghc-blaze-builder" ,ghc-blaze-builder) ("ghc-blaze-html" ,ghc-blaze-html) ("ghc-blaze-markup" ,ghc-blaze-markup) + ("ghc-charset" ,ghc-charset) + ("ghc-comonad" ,ghc-comonad) + ("ghc-doctest" ,ghc-doctest) ("ghc-fingertree" ,ghc-fingertree) ("ghc-hashable" ,ghc-hashable) + ("ghc-lens" ,ghc-lens) ("ghc-mtl" ,ghc-mtl) ("ghc-parsers" ,ghc-parsers) + ("ghc-profunctors" ,ghc-profunctors) + ("ghc-quickcheck" ,ghc-quickcheck) ("ghc-unordered-containers" ,ghc-unordered-containers) ("ghc-utf8-string" ,ghc-utf8-string))) (home-page "https://github.com/ekmett/trifecta/") @@ -6671,34 +6670,47 @@ constant-time: (license license:bsd-3))) (define-public idris + ;; TODO: IDRIS_LIBRARY_PATH only accepts a single path and not a colon + ;; separated list. + ;; TODO: When installing idris the location of the standard libraries + ;; cannot be specified. + ;; NOTE: Creating an idris build system: + ;; Idris packages can be packaged and installed using a trivial + ;; build system. + ;; (zero? (system* (string-append idris "/bin/idris") + ;; "--ibcsubdir" + ;; (string-append out "/idris/libs/lightyear") + ;; "--install" "lightyear.ipkg") + ;; (native-search-paths + ;; (list (search-path-specification + ;; (variable "IDRIS_LIBRARY_PATH") + ;; (files '("idris/libs"))))) (package (name "idris") - (version "0.9.19.1") - (source - (origin - (method url-fetch) - (uri (string-append "https://hackage.haskell.org/package/idris-" - version "/idris-" version ".tar.gz")) - (sha256 - (base32 - "10641svdsjlxbxmbvylpia04cz5nn9486lpiay8ibqcrc1792qgc")) - (modules '((guix build utils))) - (snippet - '(substitute* "idris.cabal" - ;; Package description file has a too-tight version restriction, - ;; rendering it incompatible with GHC 7.10.2. This is fixed - ;; upstream. See - ;; <https://github.com/idris-lang/Idris-dev/issues/2734>. - (("vector < 0.11") "vector < 0.12"))))) + (version "0.12.3") + (source (origin + (method url-fetch) + (uri (string-append + "https://hackage.haskell.org/package/" + "idris-" version "/idris-" version ".tar.gz")) + (sha256 + (base32 + "1ijrbgzaahw9aagn4al55nqcggrg9ajlrkq2fjc1saq3xdd3v7rs")))) (build-system haskell-build-system) (arguments - `(#:phases (modify-phases %standard-phases - (add-before 'configure 'patch-cc-command - (lambda _ - (setenv "CC" "gcc")))))) + `(;; FIXME: runhaskell Setup.hs test doesn't set paths required by test + ;; suite. + #:tests? #f + #:phases + (modify-phases %standard-phases + (add-before 'configure 'patch-cc-command + (lambda _ + (setenv "CC" "gcc")))))) (inputs `(("gmp" ,gmp) ("ncurses" ,ncurses) + ("ghc-aeson" ,ghc-aeson) + ("ghc-async" ,ghc-async) ("ghc-annotated-wl-pprint" ,ghc-annotated-wl-pprint) ("ghc-ansi-terminal" ,ghc-ansi-terminal) ("ghc-ansi-wl-pprint" ,ghc-ansi-wl-pprint) @@ -6707,12 +6719,19 @@ constant-time: ("ghc-blaze-markup" ,ghc-blaze-markup) ("ghc-cheapskate" ,ghc-cheapskate) ("ghc-fingertree" ,ghc-fingertree) + ("ghc-fsnotify" ,ghc-fsnotify) + ("ghc-ieee754" ,ghc-ieee754) ("ghc-mtl" ,ghc-mtl) ("ghc-network" ,ghc-network) ("ghc-optparse-applicative" ,ghc-optparse-applicative) ("ghc-parsers" ,ghc-parsers) + ("ghc-regex-tdfa" ,ghc-regex-tdfa) ("ghc-safe" ,ghc-safe) ("ghc-split" ,ghc-split) + ("ghc-tasty" ,ghc-tasty) + ("ghc-tasty-golden" ,ghc-tasty-golden) + ("ghc-tasty-rerun" ,ghc-tasty-rerun) + ("ghc-terminal-size" ,ghc-terminal-size) ("ghc-text" ,ghc-text) ("ghc-trifecta" ,ghc-trifecta) ("ghc-uniplate" ,ghc-uniplate) @@ -7994,4 +8013,120 @@ helper functions for Lists, Maybes, Tuples, Functions.") 3D plots using gnuplot.") (license license:bsd-3))) +(define-public ghc-hinotify + (package + (name "ghc-hinotify") + (version "0.3.8.1") + (source (origin + (method url-fetch) + (uri (string-append + "https://hackage.haskell.org/package/hinotify/" + "hinotify-" version ".tar.gz")) + (sha256 + (base32 + "03c1f4d7x805zdiq2w26kl09xrfjw19saycdkhnixzv2qcr6xm1p")))) + (build-system haskell-build-system) + (home-page "https://github.com/kolmodin/hinotify.git") + (synopsis "Haskell binding to inotify") + (description "This library provides a wrapper to the Linux kernel's inotify +feature, allowing applications to subscribe to notifications when a file is +accessed or modified.") + (license license:bsd-3))) + +(define-public ghc-fsnotify + (package + (name "ghc-fsnotify") + (version "0.2.1") + (source (origin + (method url-fetch) + (uri (string-append + "https://hackage.haskell.org/package/fsnotify/" + "fsnotify-" version ".tar.gz")) + (sha256 + (base32 + "0asl313a52qx2w6dw25g845683xsl840bwjh118nkwi5v1xipkzb")))) + (build-system haskell-build-system) + (inputs + `(("ghc-text" ,ghc-text) + ("ghc-async" ,ghc-async) + ("ghc-unix-compat" ,ghc-unix-compat) + ("ghc-hinotify" ,ghc-hinotify) + ("ghc-tasty" ,ghc-tasty) + ("ghc-tasty-hunit" ,ghc-tasty-hunit) + ("ghc-temporary-rc" ,ghc-temporary-rc))) + (home-page "https://github.com/haskell-fswatch/hfsnotify") + (synopsis "Cross platform library for file change notification.") + (description "Cross platform library for file creation, modification, and +deletion notification. This library builds upon existing libraries for platform +specific Windows, Mac, and Linux filesystem event notification.") + (license license:bsd-3))) + +(define-public ghc-tasty-rerun + (package + (name "ghc-tasty-rerun") + (version "1.1.6") + (source (origin + (method url-fetch) + (uri (string-append + "https://hackage.haskell.org/package/tasty-rerun/" + "tasty-rerun-" version ".tar.gz")) + (sha256 + (base32 + "0ycxg7whabgcxyzy6gr536x8ykzx45whh1wrbsc7c58zi862fczd")))) + (build-system haskell-build-system) + (inputs + `(("ghc-mtl" ,ghc-mtl) + ("ghc-optparse-applicative" ,ghc-optparse-applicative) + ("ghc-reducers" ,ghc-reducers) + ("ghc-split" ,ghc-split) + ("ghc-stm" ,ghc-stm) + ("ghc-tagged" ,ghc-tagged) + ("ghc-tasty" ,ghc-tasty))) + (home-page "http://github.com/ocharles/tasty-rerun") + (synopsis "Run tests by filtering the test tree") + (description "This package adds the ability to run tests by filtering the +test tree based on the result of a previous test run. You can use this to run +only those tests that failed in the last run, or to only run the tests that have +been added since previous test run.") + (license license:bsd-3))) + +(define-public ghc-ieee754 + (package + (name "ghc-ieee754") + (version "0.7.8") + (source (origin + (method url-fetch) + (uri (string-append + "https://hackage.haskell.org/package/ieee754/" + "ieee754-" version ".tar.gz")) + (sha256 + (base32 + "1zvfnnd5nm5kgr60214cdyks0kqdqyzpwk5sdh0s60yr8b7fyjny")))) + (build-system haskell-build-system) + (home-page "http://github.com/patperry/hs-ieee754") + (synopsis "Utilities for dealing with IEEE floating point numbers") + (description "Utilities for dealing with IEEE floating point numbers, +ported from the Tango math library; approximate and exact equality comparisons +for general types.") + (license license:bsd-3))) + +(define-public ghc-terminal-size + (package + (name "ghc-terminal-size") + (version "0.3.2.1") + (source (origin + (method url-fetch) + (uri (string-append + "https://hackage.haskell.org/package/terminal-size/" + "terminal-size-" version ".tar.gz")) + (sha256 + (base32 + "0n4nvj3dbj9gxfnprgish45asn9z4dipv9j98s8i7g2n8yb3xhmm")))) + (build-system haskell-build-system) + (home-page "http://hackage.haskell.org/package/terminal-size") + (synopsis "Get terminal window height and width") + (description "Get terminal window height and width without ncurses +dependency.") + (license license:bsd-3))) + ;;; haskell.scm ends here diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 7bf330be30..9c8a3fcde6 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -425,6 +425,7 @@ work.") (define-public openjpeg (package (name "openjpeg") + (replacement openjpeg/fixed) (version "2.1.1") (source (origin @@ -461,9 +462,21 @@ error-resilience, a Java-viewer for j2k-images, ...") (home-page "https://github.com/uclouvain/openjpeg") (license license:bsd-2))) +(define openjpeg/fixed + (package + (inherit openjpeg) + (source + (origin + (inherit (package-source openjpeg)) + (patches + (append + (origin-patches (package-source openjpeg)) + (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"))))))) + (define-public openjpeg-1 (package (inherit openjpeg) (name "openjpeg") + (replacement #f) (version "1.5.2") (source (origin @@ -860,14 +873,14 @@ convert, manipulate, filter and display a wide variety of image formats.") (define-public jasper (package (name "jasper") - (version "2.0.0") + (version "2.0.6") (source (origin (method url-fetch) (uri (string-append "https://www.ece.uvic.ca/~frodo/jasper" "/software/jasper-" version ".tar.gz")) (sha256 (base32 - "1kg5yrdwgazhbczybyx4548m0ijssabcp8hl5l87w78z833vikks")))) + "0g6fl8rrbspa9vpswixmpxrg71l19kqgc2b5cak7vmwxphj01wbk")))) (build-system cmake-build-system) (inputs `(("libjpeg" ,libjpeg))) (synopsis "JPEG-2000 library") diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm index c9e57d6331..cb76915ef7 100644 --- a/gnu/packages/libevent.scm +++ b/gnu/packages/libevent.scm @@ -65,7 +65,7 @@ loop.") (define-public libev (package (name "libev") - (version "4.20") + (version "4.23") (source (origin (method url-fetch) (uri (string-append "http://dist.schmorp.de/libev/Attic/libev-" @@ -73,7 +73,7 @@ loop.") ".tar.gz")) (sha256 (base32 - "17j47pbkr65a18mfvy2861p5k7w4pxmdgiw723ryfqd9gx636w7q")))) + "0ynxxm7giy4hg3qp9q8wshqw1jla9sxbsbi2pwsdsl1v1hz79zn7")))) (build-system gnu-build-system) (home-page "http://software.schmorp.de/pkg/libev.html") (synopsis "Event loop loosely modelled after libevent") diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 3c24987aae..8f8bd32e1d 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -327,16 +327,52 @@ It has been modified to remove all non-free binary blobs.") (define %intel-compatible-systems '("x86_64-linux" "i686-linux")) (define-public linux-libre - (make-linux-libre "4.8.12" - "1vhqpi5r219a9y1drc3pdzwjif8r974hbc0x9dk4w25c8bsr3cm1" + (make-linux-libre "4.8.13" + "1n1bhasqih8acag2glwaqsh76avpinvchvwg6g4q1pfm2vs1499x" %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=9bd018da073c1360c260d2e11e0da9b24911c4a8") + (file-name "linux-libre-4.8-CVE-2016-8655.patch") + (sha256 + (base32 + "1pq80vnwv01l0rj2g0r7i4rjnx3ll8iq4rpl6w3fmc77agdb3bpq"))) + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=af8a38c78233a3356c626c1fabfc93c66094e6e8") + (file-name "linux-libre-4.8-iovec-fix.patch") + (sha256 + (base32 + "082a5dpkgsc0mjlzqc03d815xx8gdqk0s4glvi4y1b9vl8c4vmwy")))))) (define-public linux-libre-4.4 - (make-linux-libre "4.4.36" - "0cvax02jj9zyk818gi6fjgacxa5z89y03kxwclb8l7cr8mcbwcdf" + (make-linux-libre "4.4.37" + "1zw3hwpgxkxwplb81in5969vgbaamcwqarmxj3aq88yg6bqnh6b5" %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=668dc0c33815e4f9ec02989785658516d343bc31") + (file-name "linux-libre-4.4-CVE-2016-8655.patch") + (sha256 + (base32 + "1bzgj36y8v7gflq3dlhmbbvvn9098a4yk4pcpixdz5c5pm7wrdv3"))) + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=82330dbfb463389f2b0214dbcc69b78cc8e6cf8f") + (file-name "linux-libre-4.4-iovec-fix.patch") + (sha256 + (base32 + "1mqmgiqjm4pf4b3jzknclmdjfaqqr4708gcdgzhn84brrcm5iz30")))))) (define-public linux-libre-4.1 (make-linux-libre "4.1.36" @@ -345,15 +381,33 @@ It has been modified to remove all non-free binary blobs.") #:configuration-file kernel-config)) ;; Avoid rebuilding kernel variants when there is a minor version bump. -(define %linux-libre-version "4.8.12") -(define %linux-libre-hash "1vhqpi5r219a9y1drc3pdzwjif8r974hbc0x9dk4w25c8bsr3cm1") +(define %linux-libre-version "4.8.13") +(define %linux-libre-hash "1n1bhasqih8acag2glwaqsh76avpinvchvwg6g4q1pfm2vs1499x") (define-public linux-libre-arm-generic (make-linux-libre %linux-libre-version %linux-libre-hash '("armhf-linux") #:defconfig "multi_v7_defconfig" - #:extra-version "arm-generic")) + #:extra-version "arm-generic" + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=9bd018da073c1360c260d2e11e0da9b24911c4a8") + (file-name "linux-libre-4.8-CVE-2016-8655.patch") + (sha256 + (base32 + "1pq80vnwv01l0rj2g0r7i4rjnx3ll8iq4rpl6w3fmc77agdb3bpq"))) + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=af8a38c78233a3356c626c1fabfc93c66094e6e8") + (file-name "linux-libre-4.8-iovec-fix.patch") + (sha256 + (base32 + "082a5dpkgsc0mjlzqc03d815xx8gdqk0s4glvi4y1b9vl8c4vmwy")))))) ;;; diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index fc98eae4f7..313f6acc2b 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -959,14 +959,14 @@ script files.") (define-public gmsh (package (name "gmsh") - (version "2.14.1") + (version "2.15.0") (source (origin (method url-fetch) (uri (string-append "http://gmsh.info/src/gmsh-" version "-source.tgz")) (sha256 - (base32 "1vsxp47j6srmy8kqb3p1z9pmlm42whhhz7r0vzpa2a86gga4zx17")) + (base32 "02h7fk4vv8qwnq3ymm409c5sp4nksd0m9h2vkxqmy42l0ic4nalr")) (modules '((guix build utils))) (snippet ;; Remove non-free METIS code diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm index 34beb09f44..116e8d4823 100644 --- a/gnu/packages/music.scm +++ b/gnu/packages/music.scm @@ -231,6 +231,74 @@ score, keyboard, guitar, drum and controller views.") many input formats and provides a customisable Vi-style user interface.") (license license:gpl2+))) +(define-public denemo + (package + (name "denemo") + (version "2.0.14") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/denemo/denemo-" + version ".tar.gz")) + (sha256 + (base32 + "1a7g38695g7jjypx25qp0dx0asrh72xwdj0mdhmb9pfyzlppq0wh")))) + (build-system gnu-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'check + ;; Denemo's documentation says to use this command to run its + ;; testsuite. + (lambda _ + (zero? (system* "make" "-C" "tests" "check")))) + (add-after 'install 'correct-filename + ;; "graft-derivation/shallow" from the (guix grafts) module runs in + ;; the C locale, expecting file names to be ASCII encoded. This + ;; phase renames a filename with a Unicode character in it to meet + ;; the aforementioned condition. + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out"))) + (chdir (string-append + out + "/share/denemo/templates/instruments/woodwind")) + (rename-file "Clarinet in B♭.denemo" + "Clarinet in Bb.denemo")) + #t))))) + (native-inputs + `(("glib:bin", glib "bin") ; for gtester + ("pkg-config" ,pkg-config))) + (inputs + `(("alsa-lib" ,alsa-lib) + ("aubio" ,aubio) + ("evince" ,evince) + ("fftw" ,fftw) + ("fluidsynth" ,fluidsynth) + ("glib" ,glib) + ("gtk+" ,gtk+) + ("gtk-doc" ,gtk-doc) + ("gtksourceview" ,gtksourceview) + ("guile" ,guile-2.0) + ("intltool" ,intltool) + ("librsvg" ,librsvg) + ("libsndfile" ,libsndfile) + ("libtool" ,libtool) + ("libxml2" ,libxml2) + ("portaudio" ,portaudio) + ("portmidi" ,portmidi) + ("rubberband" ,rubberband))) + (propagated-inputs + `(("lilypond", lilypond))) + (synopsis "Graphical music notation, front-end to GNU Lilypond") + (description + "GNU Denemo is a music notation editor that provides a convenient +interface to the powerful music engraving program Lilypond. Music can be +typed in using the computer keyboard, played in using a MIDI keyboard, or +even input via a microphone connected to the sound card. The final product +is publication-quality music notation that is continuously generated in the +background while you work.") + (home-page "http://www.denemo.org") + (license license:gpl3+))) + (define-public hydrogen (package (name "hydrogen") diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index f1b4bdbf6f..61d51074e7 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -329,14 +329,14 @@ written in Objective Caml.") (define-public coq (package (name "coq") - (version "8.4pl6") + (version "8.5pl2") (source (origin (method url-fetch) (uri (string-append "https://coq.inria.fr/distrib/V" version "/files/" name "-" version ".tar.gz")) (sha256 (base32 - "1mpbj4yf36kpjg2v2sln12i8dzqn8rag6fd07hslj2lpm4qs4h55")))) + "0wyywia0darak2zmc5v0ra9rn0b9whwdfiahralm8v5za499s8w3")))) (build-system gnu-build-system) (native-inputs `(("texlive" ,texlive) @@ -348,24 +348,24 @@ written in Objective Caml.") `(#:phases (modify-phases %standard-phases (replace 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (mandir (string-append out "/share/man")) - (browser "icecat -remote \"OpenURL(%s,new-tab)\"")) - (zero? (system* "./configure" - "--prefix" out - "--mandir" mandir - "--browser" browser))))) + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (mandir (string-append out "/share/man")) + (browser "icecat -remote \"OpenURL(%s,new-tab)\"")) + (zero? (system* "./configure" + "-prefix" out + "-mandir" mandir + "-browser" browser))))) (replace 'build - (lambda _ - (zero? (system* "make" "-j" (number->string - (parallel-job-count)) - "world")))) + (lambda _ + (zero? (system* "make" "-j" (number->string + (parallel-job-count)) + "world")))) (delete 'check) (add-after 'install 'check - (lambda _ - (with-directory-excursion "test-suite" - (zero? (system* "make")))))))) + (lambda _ + (with-directory-excursion "test-suite" + (zero? (system* "make")))))))) (home-page "https://coq.inria.fr") (synopsis "Proof assistant for higher-order logic") (description @@ -454,6 +454,42 @@ assistant to write formal mathematical proofs using a variety of theorem provers.") (license gpl2+))) +(define-public ocaml-menhir + (package + (name "ocaml-menhir") + (version "20161115") + (source (origin + (method url-fetch) + (uri (string-append + "http://gallium.inria.fr/~fpottier/menhir/" + "menhir-" version ".tar.gz")) + (sha256 + (base32 + "1j8nmcj2gq6hyyi16z27amiahplgrnk4ppchpm0v4qy80kwkf47k")))) + (build-system gnu-build-system) + (inputs + `(("ocaml" ,ocaml))) + (arguments + `(#:parallel-build? #f ; Parallel build causes failure + #:tests? #f ; No check target + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (setenv "PREFIX" out)) + #t))))) + (home-page "http://gallium.inria.fr/~fpottier/menhir") + (synopsis "Parser generator") + (description "Menhir is a parser generator. It turns high-level grammar +specifications, decorated with semantic actions expressed in the OCaml +programming language into parsers, again expressed in OCaml. It is based on +Knuth’s LR(1) parser construction technique.") + ;; The file src/standard.mly and all files listed in src/mnehirLib.mlpack + ;; that have an *.ml or *.mli extension are GPL licensed. All other files + ;; are QPL licensed. + (license (list gpl2+ qpl)))) + (define-public lablgtk (package (name "lablgtk") diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index cf030ecc82..8f6210880c 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -280,6 +280,7 @@ any X11 window.") '(#:phases (modify-phases %standard-phases (delete 'configure) + (delete 'build) (add-after 'install 'wrap-path (lambda* (#:key inputs outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out")) @@ -290,6 +291,9 @@ any X11 window.") (wrap-program (string-append out "/bin/pass") `("PATH" ":" prefix (,(string-join path ":")))))))) #:make-flags (list "CC=gcc" (string-append "PREFIX=" %output)) + ;; Parallel tests may cause a race condition leading to a + ;; timeout in some circumstances. + #:parallel-tests? #f #:test-target "test")) (inputs `(("getopt" ,util-linux) diff --git a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch deleted file mode 100644 index 7ce03501f4..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Mon Sep 17 00:00:00 2001 -From: Matthieu Darbois <mayeut@users.noreply.github.com> -Date: Tue, 19 May 2015 21:57:27 +0000 -Subject: [PATCH] [trunk] Correct potential double free on malloc failure in - opj_j2k_copy_default_tcp_and_create_tcp (fixes issue 492) - ---- - src/lib/openjp2/j2k.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c -index 8c62a39..cbdd368 100644 ---- a/src/lib/openjp2/j2k.c -+++ b/src/lib/openjp2/j2k.c -@@ -7365,6 +7365,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 - l_tcp->cod = 0; - l_tcp->ppt = 0; - l_tcp->ppt_data = 00; -+ /* Remove memory not owned by this tile in case of early error return. */ -+ l_tcp->m_mct_decoding_matrix = 00; -+ l_tcp->m_nb_max_mct_records = 0; -+ l_tcp->m_mct_records = 00; -+ l_tcp->m_nb_max_mcc_records = 0; -+ l_tcp->m_mcc_records = 00; - /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/ - l_tcp->tccps = l_current_tccp; - -@@ -7402,6 +7408,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 - - ++l_src_mct_rec; - ++l_dest_mct_rec; -+ /* Update with each pass to free exactly what has been allocated on early return. */ -+ l_tcp->m_nb_max_mct_records += 1; - } - - /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/ -@@ -7411,6 +7419,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 - return OPJ_FALSE; - } - memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size); -+ l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records; - - /* Copy the mcc record data from dflt_tile_cp to the current tile*/ - l_src_mcc_rec = l_default_tcp->m_mcc_records; --- -2.5.0 - diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch new file mode 100644 index 0000000000..3f637fa88b --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch @@ -0,0 +1,245 @@ +From cadff5fb6e73398de26a92e96d3d7cac893af255 Mon Sep 17 00:00:00 2001 +From: szukw000 <szukw000@arcor.de> +Date: Fri, 9 Dec 2016 08:29:55 +0100 +Subject: [PATCH] These changes repair bugs of #871 and #872 + +email from http://openwall.com/lists/oss-security/2016/12/09/4 +patch is against openjpeg-2.1.2, applies cleanly to 2.1.1. + +--- + src/bin/jp2/converttif.c | 107 +++++++++++++++++++++++++++++++---------------- + 1 file changed, 70 insertions(+), 37 deletions(-) + +diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c +index 143d3be..c690f8b 100644 +--- a/src/bin/jp2/converttif.c ++++ b/src/bin/jp2/converttif.c +@@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len + + int imagetotif(opj_image_t * image, const char *outfile) + { +- int width, height; +- int bps,adjust, sgnd; +- int tiPhoto; ++ uint32 width, height, bps, tiPhoto; ++ int adjust, sgnd; + TIFF *tif; + tdata_t buf; +- tsize_t strip_size; ++ tmsize_t strip_size, rowStride; + OPJ_UINT32 i, numcomps; +- OPJ_SIZE_T rowStride; + OPJ_INT32* buffer32s = NULL; + OPJ_INT32 const* planes[4]; + convert_32s_PXCX cvtPxToCx = NULL; + convert_32sXXx_C1R cvt32sToTif = NULL; + +- bps = (int)image->comps[0].prec; ++ bps = (uint32)image->comps[0].prec; + planes[0] = image->comps[0].data; + + numcomps = image->numcomps; +@@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile) + break; + } + sgnd = (int)image->comps[0].sgnd; +- adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0; +- width = (int)image->comps[0].w; +- height = (int)image->comps[0].h; ++ adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0; ++ width = (uint32)image->comps[0].w; ++ height = (uint32)image->comps[0].h; + + TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width); + TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height); +- TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps); ++ TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps); + TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps); + TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT); + TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); +@@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile) + TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1); + + strip_size = TIFFStripSize(tif); +- rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U; +- if (rowStride != (OPJ_SIZE_T)strip_size) { ++ rowStride = (width * numcomps * bps + 7U) / 8U; ++ if (rowStride != strip_size) { + fprintf(stderr, "Invalid TIFF strip size\n"); + TIFFClose(tif); + return 1; +@@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile) + TIFFClose(tif); + return 1; + } +- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32)); ++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32))); + if (buffer32s == NULL) { + _TIFFfree(buf); + TIFFClose(tif); +@@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + TIFF *tif; + tdata_t buf; + tstrip_t strip; +- tsize_t strip_size; ++ tmsize_t strip_size; + int j, currentPlane, numcomps = 0, w, h; + OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN; + opj_image_cmptparm_t cmptparm[4]; /* RGBA */ + opj_image_t *image = NULL; + int has_alpha = 0; +- unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC; +- unsigned int tiWidth, tiHeight; ++ uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight; + OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz); + convert_XXx32s_C1R cvtTifTo32s = NULL; + convert_32s_CXPX cvtCxToPx = NULL; + OPJ_INT32* buffer32s = NULL; + OPJ_INT32* planes[4]; +- OPJ_SIZE_T rowStride; ++ tmsize_t rowStride; + + tif = TIFFOpen(filename, "r"); + +@@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp); + TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto); + TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC); +- w= (int)tiWidth; +- h= (int)tiHeight; +- +- if(tiBps > 16U) { +- fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps); +- fprintf(stderr,"\tAborting\n"); ++ ++ if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */ ++ fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n" ++ "\tAborting.\n", tiSpp); ++ TIFFClose(tif); ++ return NULL; ++ } ++ if(tiBps > 16U || tiBps == 0) { ++ fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n" ++ "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps); + TIFFClose(tif); + return NULL; + } + if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) { +- fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); ++ fprintf(stderr,"tiftoimage: Bad color format %d.\n" ++ "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); + fprintf(stderr,"\tAborting\n"); + TIFFClose(tif); + return NULL; + } +- ++ if(tiWidth == 0 || tiHeight == 0) { ++ fprintf(stderr,"tiftoimage: Bad values for width(%u) " ++ "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight); ++ TIFFClose(tif); ++ return NULL; ++ } ++ w= (int)tiWidth; ++ h= (int)tiHeight; ++ + switch (tiBps) { + case 1: + case 2: +@@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + + TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES, + &extrasamples, &sampleinfo); +- ++ + if(extrasamples >= 1) + { + switch(sampleinfo[0]) +@@ -1333,7 +1343,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + else /* extrasamples == 0 */ + if(tiSpp == 4 || tiSpp == 2) has_alpha = 1; + } +- ++ + /* initialize image components */ + memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t)); + +@@ -1346,7 +1356,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + } else { + is_cinema = 0U; + } +- ++ + if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */ + { + numcomps = 3 + has_alpha; +@@ -1384,10 +1394,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + image->x0 = (OPJ_UINT32)parameters->image_offset_x0; + image->y0 = (OPJ_UINT32)parameters->image_offset_y0; + image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 : +- image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; ++ image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; ++ if(image->x1 <= image->x0) { ++ fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. " ++ "image->x0(%d)\n\tAborting.\n",image->x1,image->x0); ++ TIFFClose(tif); ++ opj_image_destroy(image); ++ return NULL; ++ } + image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 : +- image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; +- ++ image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; ++ if(image->y1 <= image->y0) { ++ fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. " ++ "image->y0(%d)\n\tAborting.\n",image->y1,image->y0); ++ TIFFClose(tif); ++ opj_image_destroy(image); ++ return NULL; ++ } ++ + for(j = 0; j < numcomps; j++) + { + planes[j] = image->comps[j].data; +@@ -1395,15 +1419,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1)); + + strip_size = TIFFStripSize(tif); +- ++ + buf = _TIFFmalloc(strip_size); + if (buf == NULL) { + TIFFClose(tif); + opj_image_destroy(image); + return NULL; + } +- rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U; +- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32)); ++ rowStride = (w * tiSpp * tiBps + 7U) / 8U; ++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32))); + if (buffer32s == NULL) { + _TIFFfree(buf); + TIFFClose(tif); +@@ -1421,11 +1445,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) + for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++) + { + const OPJ_UINT8 *dat8; +- OPJ_SIZE_T ssize; ++ tmsize_t ssize; + +- ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size); ++ ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size); ++ if(ssize < 1 || ssize > strip_size) { ++ fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) " ++ "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size); ++ _TIFFfree(buf); ++ _TIFFfree(buffer32s); ++ TIFFClose(tif); ++ opj_image_destroy(image); ++ return NULL; ++ } + dat8 = (const OPJ_UINT8*)buf; +- ++ + while (ssize >= rowStride) { + cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp); + cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w); diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 854ba1cb47..f5ffe42b91 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -355,7 +355,7 @@ required structures.") (package (inherit openssl) (name "openssl") - (version "1.1.0b") + (version "1.1.0c") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -366,7 +366,7 @@ required structures.") (patches (search-patches "openssl-1.1.0-c-rehash-in.patch")) (sha256 (base32 - "1xznrqvb1dbngv2k2nb6da6fdw00c01sy2i36yjdxr4vpxrf0pd4")))) + "1xfn5ydl14myd9wgxm4nxy5a42cpp1g12ijf3g9m4mz0l90n8hzw")))) (outputs '("out" "doc" ;1.3MiB of man3 pages "static")) ; 5.5MiB of .a files @@ -377,13 +377,42 @@ required structures.") (delete 'patch-tests) ; These two phases are not needed by (delete 'patch-Makefile.org) ; OpenSSL 1.1.0. - (add-after 'configure 'patch-runpath + ;; Override configure phase since -rpath is now a configure option. + (replace 'configure (lambda* (#:key outputs #:allow-other-keys) - (let ((lib (string-append (assoc-ref outputs "out") "/lib"))) - (substitute* "Makefile.shared" - (("\\$\\$\\{SHAREDCMD\\} \\$\\$\\{SHAREDFLAGS\\}") - (string-append "$${SHAREDCMD} $${SHAREDFLAGS}" - " -Wl,-rpath," lib))) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib"))) + (zero? + (system* "./config" + "shared" ;build shared libraries + "--libdir=lib" + + ;; The default for this catch-all directory is + ;; PREFIX/ssl. Change that to something more + ;; conventional. + (string-append "--openssldir=" out + "/share/openssl-" ,version) + + (string-append "--prefix=" out) + (string-append "-Wl,-rpath," lib) + + ;; XXX FIXME: Work around a code generation bug in GCC + ;; 4.9.3 on ARM when compiled with -mfpu=neon. See: + ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917> + ,@(if (and (not (%current-target-system)) + (string-prefix? "armhf" (%current-system))) + '("-mfpu=vfpv3") + '())))))) + + ;; XXX: Duplicate this phase to make sure 'version' evaluates + ;; in the current scope and not the inherited one. + (replace 'remove-miscellany + (lambda* (#:key outputs #:allow-other-keys) + ;; The 'misc' directory contains random undocumented shell and Perl + ;; scripts. Remove them to avoid retaining a reference on Perl. + (let ((out (assoc-ref outputs "out"))) + (delete-file-recursively (string-append out "/share/openssl-" + ,version "/misc")) #t))))))))) (define-public libressl diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index acacaea15d..446de429f3 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -610,14 +610,14 @@ audio/video codec library.") (define-public ffmpeg-2.8 (package (inherit ffmpeg) - (version "2.8.8") + (version "2.8.9") (source (origin (method url-fetch) (uri (string-append "https://ffmpeg.org/releases/ffmpeg-" version ".tar.xz")) (sha256 (base32 - "1691bmq8j56rcys09xwvzjq16z25m8vczj5a50gdn7ydm9qjykpr")))) + "1s3011q7sxyb55n3r8aiv7xh53bwxjdxa83s2ilqhq5rygrrgg8i")))) (arguments (substitute-keyword-arguments (package-arguments ffmpeg) ((#:configure-flags flags) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 81676386a0..3fa70980d7 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -523,7 +523,7 @@ for efficient socket-like bidirectional reliable communication channels.") (define-public libpsl (package (name "libpsl") - (version "0.15.0") + (version "0.16.0") (source (origin (method url-fetch) (uri (string-append "https://github.com/rockdaboot/libpsl/" @@ -531,7 +531,7 @@ for efficient socket-like bidirectional reliable communication channels.") "/libpsl-" version ".tar.gz")) (sha256 (base32 - "0wm9i3qshfdasd5s5nrdihl4f5c6zrd1nkqrqjnh7zhhv1an755m")))) + "1ghhwrn3y047ngs6d59z6ssnx6f7zr3fjvxji17ln9r10sj4njvi")))) (build-system gnu-build-system) (inputs `(("icu4c" ,icu4c) diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm index ebff11664d..c98cf8c534 100644 --- a/guix/scripts/offload.scm +++ b/guix/scripts/offload.scm @@ -177,6 +177,14 @@ private key from '~a': ~a") ;; #:log-verbosity 'protocol #:identity (build-machine-private-key machine) + ;; By default libssh reads ~/.ssh/known_hosts + ;; and uses that to adjust its choice of cipher + ;; suites, which changes the type of host key + ;; that the server sends (RSA vs. Ed25519, + ;; etc.). Opt for something reproducible and + ;; stateless instead. + #:knownhosts "/dev/null" + ;; We need lightweight compression when ;; exchanging full archives. #:compression @@ -700,9 +708,18 @@ allowed on MACHINE. Return +∞ if MACHINE is unreachable." (leave (_ "failed to import '~a' from '~a'~%") item name))))) -(define (check-machine-availability machine-file) - "Check that each machine in MACHINE-FILE is usable as a build machine." - (let ((machines (build-machines machine-file))) +(define (check-machine-availability machine-file pred) + "Check that each machine matching PRED in MACHINE-FILE is usable as a build +machine." + (define (build-machine=? m1 m2) + (and (string=? (build-machine-name m1) (build-machine-name m2)) + (= (build-machine-port m1) (build-machine-port m2)))) + + ;; A given build machine may appear several times (e.g., once for + ;; "x86_64-linux" and a second time for "i686-linux"); test them only once. + (let ((machines (filter pred + (delete-duplicates (build-machines machine-file) + build-machine=?)))) (info (_ "testing ~a build machines defined in '~a'...~%") (length machines) machine-file) (let* ((names (map build-machine-name machines)) @@ -766,11 +783,16 @@ allowed on MACHINE. Return +∞ if MACHINE is unreachable." (loop (read-line))))))) (("test" rest ...) (with-error-handling - (let ((file (match rest - ((file) file) - (() %machine-file) - (_ (leave (_ "wrong number of arguments~%")))))) - (check-machine-availability (or file %machine-file))))) + (let-values (((file pred) + (match rest + ((file regexp) + (values file + (compose (cut string-match regexp <>) + build-machine-name))) + ((file) (values file (const #t))) + (() (values %machine-file (const #t))) + (_ (leave (_ "wrong number of arguments~%")))))) + (check-machine-availability (or file %machine-file) pred)))) (("--version") (show-version-and-exit "guix offload")) (("--help") |