diff options
author | Mark H Weaver <mhw@netris.org> | 2017-06-20 00:25:59 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2017-06-20 00:25:59 -0400 |
commit | 9815739e9bc5de4a4fbcc710221c2cee377664d4 (patch) | |
tree | cbbbc05fff4acdfdb05d9b1e5ae5f5eea6fdefbd | |
parent | e46e9573855d5ee4f71db0ce77159bbc636330c1 (diff) | |
parent | 16b0f205cf03eb94ef228d763d94718342027117 (diff) | |
download | guix-9815739e9bc5de4a4fbcc710221c2cee377664d4.tar.gz |
Merge branch 'master' into core-updates
-rw-r--r-- | gnu/local.mk | 2 | ||||
-rw-r--r-- | gnu/packages/connman.scm | 5 | ||||
-rw-r--r-- | gnu/packages/embedded.scm | 3 | ||||
-rw-r--r-- | gnu/packages/enlightenment.scm | 65 | ||||
-rw-r--r-- | gnu/packages/finance.scm | 4 | ||||
-rw-r--r-- | gnu/packages/gnome.scm | 6 | ||||
-rw-r--r-- | gnu/packages/guile.scm | 2 | ||||
-rw-r--r-- | gnu/packages/linux.scm | 36 | ||||
-rw-r--r-- | gnu/packages/mail.scm | 5 | ||||
-rw-r--r-- | gnu/packages/maths.scm | 4 | ||||
-rw-r--r-- | gnu/packages/networking.scm | 31 | ||||
-rw-r--r-- | gnu/packages/patches/exim-CVE-2017-1000369.patch | 59 | ||||
-rw-r--r-- | gnu/packages/patches/miniupnpc-CVE-2017-8798.patch | 55 | ||||
-rw-r--r-- | gnu/packages/python.scm | 41 | ||||
-rw-r--r-- | gnu/packages/security-token.scm | 6 | ||||
-rw-r--r-- | gnu/packages/shells.scm | 2 | ||||
-rw-r--r-- | gnu/packages/tex.scm | 12 | ||||
-rw-r--r-- | gnu/packages/tls.scm | 41 | ||||
-rw-r--r-- | gnu/packages/upnp.scm | 5 | ||||
-rw-r--r-- | gnu/packages/version-control.scm | 9 | ||||
-rw-r--r-- | gnu/packages/video.scm | 6 | ||||
-rw-r--r-- | gnu/packages/web.scm | 4 | ||||
-rw-r--r-- | guix/build-system/texlive.scm | 4 | ||||
-rw-r--r-- | guix/store.scm | 63 |
24 files changed, 335 insertions, 135 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 4acc699753..1ae2a2d264 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -571,6 +571,7 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-source-date-epoch.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ + %D%/packages/patches/exim-CVE-2017-1000369.patch \ %D%/packages/patches/fabric-tests.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulSetup.patch \ @@ -805,7 +806,6 @@ dist_patch_DATA = \ %D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch \ %D%/packages/patches/metabat-remove-compilation-date.patch \ %D%/packages/patches/mhash-keygen-test-segfault.patch \ - %D%/packages/patches/miniupnpc-CVE-2017-8798.patch \ %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch \ %D%/packages/patches/mpc123-initialize-ao.patch \ %D%/packages/patches/module-init-tools-moduledir.patch \ diff --git a/gnu/packages/connman.scm b/gnu/packages/connman.scm index 08e725118d..8f567fa61b 100644 --- a/gnu/packages/connman.scm +++ b/gnu/packages/connman.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> @@ -114,6 +114,9 @@ sharing) to clients via USB, ethernet, WiFi, cellular and Bluetooth.") `(#:configure-flags '("--localstatedir=/var") #:phases (modify-phases %standard-phases + (add-after 'unpack 'set-home-directory + ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2 + (lambda _ (setenv "HOME" "/tmp") #t)) (add-after 'install 'wrap-binary (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm index b81eedbd80..e0e1793db1 100644 --- a/gnu/packages/embedded.scm +++ b/gnu/packages/embedded.scm @@ -507,7 +507,8 @@ with a layered architecture of JTAG interface and TAP support.") (patches (append (origin-patches (package-source gcc-4.7)) - (search-patches "gcc-4.6-gnu-inline.patch"))))) + (search-patches "gcc-4.6-gnu-inline.patch" + "gcc-cross-environment-variables.patch"))))) (home-page "https://github.com/dbetz/propgcc-gcc")))) ;; There is no release, so we take the latest version as referenced from here: diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm index 6487446336..50da8c8d2f 100644 --- a/gnu/packages/enlightenment.scm +++ b/gnu/packages/enlightenment.scm @@ -58,7 +58,7 @@ (define-public efl (package (name "efl") - (version "1.18.5") + (version "1.19.1") (source (origin (method url-fetch) (uri (string-append @@ -66,7 +66,7 @@ version ".tar.xz")) (sha256 (base32 - "0wxz00cijynamm0sx4ss4hp89zyz5y6zliv5zd905jn4nak2mw2n")))) + "0fndwraca9rg0bz3al4isdprvyw56szr88qiyvglb4j8ygsylscc")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -109,7 +109,7 @@ ("xproto" ,xproto))) (propagated-inputs ;; All these inputs are in package config files in section - ;; Require.private. + ;; Requires.private. `(("bullet" ,bullet) ; ephysics.pc ("dbus" ,dbus) ; eldbus.pc, elementary.pc, elocation.pc, ethumb_client.pc ("eudev" ,eudev) ; eeze.pc @@ -123,17 +123,23 @@ ("libsndfile" ,libsndfile) ; ecore-audio.pc, ecore-audio-cxx.pc ("openssl" ,openssl) ; ecore-con.pc, eet.pc, eet-cxx.pc, emile.pc ("pulseaudio" ,pulseaudio) ; ecore-audio.pc, ecore-audio-cxx.pc - ("util-linux" ,util-linux) ; eeze.pc + ("util-linux" ,util-linux) ; mount: eeze.pc ("zlib" ,zlib))) ; eet.pc, eet-cxx.pc, emile.pc (arguments `(#:configure-flags '("--disable-silent-rules" + "--disable-systemd" "--enable-liblz4" "--enable-xinput22" "--enable-image-loader-webp" "--enable-multisense" "--with-opengl=es" "--enable-egl" - "--enable-harfbuzz"))) + "--enable-harfbuzz") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'set-home-directory + ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2 + (lambda _ (setenv "HOME" "/tmp") #t))))) (home-page "https://www.enlightenment.org/about-efl") (synopsis "Enlightenment Foundation Libraries") (description @@ -157,6 +163,12 @@ removable devices or support for multimedia.") (base32 "1x4j2q4qqj10ckbka0zaq2r2zm66ff1x791kp8slv1ff7fw45vdz")))) (build-system gnu-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'set-home-directory + ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2 + (lambda _ (setenv "HOME" "/tmp") #t))))) (native-inputs `(("pkg-config" ,pkg-config))) (inputs @@ -184,6 +196,12 @@ contents and more.") (base32 "06kbgcnbhl9clhdl7k983m4d0n6ggsl4qvizzi1nrp8c7np87fix")))) (build-system gnu-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'set-home-directory + ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2 + (lambda _ (setenv "HOME" "/tmp") #t))))) (native-inputs `(("pkg-config" ,pkg-config))) (inputs @@ -198,7 +216,7 @@ Libraries with some extra bells and whistles.") (define-public enlightenment (package (name "enlightenment") - (version "0.21.7") + (version "0.21.8") (source (origin (method url-fetch) (uri @@ -206,25 +224,34 @@ Libraries with some extra bells and whistles.") name "/" name "-" version ".tar.xz")) (sha256 (base32 - "1xvngjdsa0p901vfhrh2qpa50k32hwwhc8bgi16a9b5d9byzfhvn")))) + "0cjjiip12hd8bfjl9ccl3vzl81pxh1wpymxk2yvrzf6ap5girhps")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--enable-mount-eeze") #:phases (modify-phases %standard-phases - (add-before 'configure 'fix-keyboard - (lambda _ - (let ((xkeyboard (assoc-ref %build-inputs "xkeyboard-config"))) + (add-before 'configure 'set-system-actions + (lambda* (#:key inputs #:allow-other-keys) + (let ((xkeyboard (assoc-ref inputs "xkeyboard-config")) + (utils (assoc-ref inputs "util-linux"))) ;; We need to patch the path to 'base.lst' to be able ;; to switch the keyboard layout in E. (substitute* "src/modules/xkbswitch/e_mod_parse.c" (("/usr/share/X11/xkb/rules/xorg.lst") (string-append xkeyboard "/share/X11/xkb/rules/base.lst"))) + (substitute* "configure" + (("/bin/mount") (string-append utils "/bin/mount")) + (("/bin/umount") (string-append utils "/bin/umount")) + (("/usr/bin/eject") (string-append utils "/bin/eject")) + ; TODO: Replace suspend and hibernate also. + (("/sbin/shutdown -h now") "/run/current-system/profile/sbin/halt") + (("/sbin/shutdown -r now") "/run/current-system/profile/sbin/reboot")) #t)))))) (native-inputs `(("gettext" ,gettext-minimal) - ("pkg-config" ,pkg-config))) + ("pkg-config" ,pkg-config) + ("util-linux" ,util-linux))) (inputs `(("alsa-lib" ,alsa-lib) ("dbus" ,dbus) @@ -247,14 +274,14 @@ embedded systems.") (define-public python-efl (package (name "python-efl") - (version "1.18.0") + (version "1.19.0") (source (origin (method url-fetch) (uri (pypi-uri "python-efl" version)) (sha256 (base32 - "0x49rb7mx7ysjp23m919r2rx8qnl4xackhl9s9x2697m7cs77n1r")))) + "0l0f9bv1134qh5376p5asycncidrhp8hdb6qwd8ybr1a61q9zq67")))) (build-system python-build-system) (arguments '(#:phases @@ -297,7 +324,7 @@ Libraries stack (eo, evas, ecore, edje, emotion, ethumb and elementary).") (define-public edi (package (name "edi") - (version "0.4.0") + (version "0.5.0") (source (origin (method url-fetch) @@ -305,9 +332,15 @@ Libraries stack (eo, evas, ecore, edje, emotion, ethumb and elementary).") "download/v" version "/edi-" version ".tar.bz2")) (sha256 (base32 - "0qczz5psryxasphg5km95845h510237rf0k1dy8f0dad52ii90j1")))) + "1l90x1bw82a0df6r11wd55qizhi99gg0qcljwxga606ahy6ycnkn")))) (build-system gnu-build-system) - (arguments '(#:configure-flags '("--with-tests=coverage"))) + (arguments + '(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'set-home-directory + ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2 + (lambda _ (setenv "HOME" "/tmp") #t))) + #:configure-flags '("--with-tests=coverage"))) (native-inputs `(("check" ,check) ("lcov" ,lcov) diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm index fb2543bceb..04ae70b07a 100644 --- a/gnu/packages/finance.scm +++ b/gnu/packages/finance.scm @@ -49,7 +49,7 @@ (define-public bitcoin-core (package (name "bitcoin-core") - (version "0.14.1") + (version "0.14.2") (source (origin (method url-fetch) (uri @@ -57,7 +57,7 @@ version "/bitcoin-" version ".tar.gz")) (sha256 (base32 - "18zrsinlwkj4q5bj2hzswbhswkvd0sdfi6skfwqwwk85gzh064pj")))) + "1jp8vdc25gs46gj1d9mraqa1xnampffpa7mdy0fw80xca77fbi0s")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 29b8dab7f8..32e3e37562 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -6291,7 +6291,11 @@ text views, and buttons to choose the language.") ;; Disable the Python bindings because the Planner program functions ;; without them, and (as of 2017-06-13) we have not packaged all of ;; packages that are necessary for building the Python bindings. - `(#:configure-flags (list "--disable-python"))) + `(#:configure-flags + (list "--disable-python" + ,@(if (string=? "aarch64-linux" (%current-system)) + '("--build=aarch64-unknown-linux-gnu") + '())))) (inputs `(("libgnomecanvas" ,libgnomecanvas) ("libgnomeui" ,libgnomeui) diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm index e4629d90d6..5577ad98e7 100644 --- a/gnu/packages/guile.scm +++ b/gnu/packages/guile.scm @@ -239,7 +239,7 @@ without requiring the source code to be rewritten.") (snippet '(for-each delete-file (find-files "prebuilt" "\\.go$"))))) (properties '((timeout . 72000) ;20 hours - (max-silent-time . 21600))) ;6 hours (needed on ARM + (max-silent-time . 36000))) ;10 hours (needed on ARM ; when heavily loaded) (native-search-paths (list (search-path-specification diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index f7e6853b62..93b29ed781 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -365,19 +365,49 @@ It has been modified to remove all non-free binary blobs.") (make-linux-libre %linux-libre-version %linux-libre-hash %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=167ec8235f978d7af78c73e9490dae1af3fee67f") + (file-name "linux-libre-4.11-CVE-2017-1000364.patch") + (sha256 + (base32 + "0hv3lxjgpssvsldkydg5q7znnzxv5ncpzrk6g11q01k3gkl0q689")))))) (define-public linux-libre-4.9 (make-linux-libre "4.9.33" "1dam6vqymhlx1vsl0lzxphamiifgyf97snxg18b2czqq402nz094" %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=37c40b6777f0bc8a63f616479c469b371097f333") + (file-name "linux-libre-4.9-CVE-2017-1000364.patch") + (sha256 + (base32 + "0zhnh8ysiqldxlnd50bjrxagzx29kc8nlajdrikii2x2ibkbfb4i")))))) (define-public linux-libre-4.4 (make-linux-libre "4.4.73" "144ssqw1dr86z4cgl797pq5rggfibsxqk7wmfbl6j92l1cj6yjrz" %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=87422f5b9b4f43efef4eaf37d7d040aed96500cb") + (file-name "linux-libre-4.4-CVE-2017-1000364.patch") + (sha256 + (base32 + "137p1cpiwlbvw4x12w1l23iy593xmdry60kd7j9kk690r9arfagw")))))) (define-public linux-libre-4.1 (make-linux-libre "4.1.41" diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index f4003d7391..4f16853a97 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -996,7 +996,7 @@ delivery.") (define-public exim (package (name "exim") - (version "4.87.1") + (version "4.89") (source (origin (method url-fetch) @@ -1004,9 +1004,10 @@ delivery.") version ".tar.bz2") (string-append "ftp://ftp.exim.org/pub/exim/exim4/old/exim-" version ".tar.bz2"))) + (patches (search-patches "exim-CVE-2017-1000369.patch")) (sha256 (base32 - "050m2gjzpc6vyik458h1j0vi8bxplkzjsyndkyd2y394i569kdyl")))) + "1c0syp7yxngmq7y8vqsrvijinzin5m941vn0ljihdfld7kh2wbwi")))) (build-system gnu-build-system) (inputs `(("bdb" ,bdb) diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 94109b559a..014ad5d7d5 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -317,7 +317,7 @@ the OCaml language.") (define-public glpk (package (name "glpk") - (version "4.61") + (version "4.62") (source (origin (method url-fetch) @@ -325,7 +325,7 @@ the OCaml language.") version ".tar.gz")) (sha256 (base32 - "1adbvwiaqrv9pql9ry3lhn2vfsxnff2vh4fs477d90kpfx0xwrlq")))) + "0w7s3869ybwyq9a4490dikpib1qp3jnn5nqz1vvwqy1qz3ilnvh9")))) (build-system gnu-build-system) (inputs `(("gmp" ,gmp))) diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 5d1c432da3..ed0420b422 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2014, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> -;;; Copyright © 2015, 2016 Stefan Reichör <stefan@xsteve.at> +;;; Copyright © 2015, 2016, 2017 Stefan Reichör <stefan@xsteve.at> ;;; Copyright © 2016 Raimon Grau <raimonster@gmail.com> ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2016 John Darrington <jmd@gnu.org> @@ -474,7 +474,7 @@ which can be used to encrypt a password with @code{crypt(3)}.") (define-public wireshark (package (name "wireshark") - (version "2.2.6") + (version "2.2.7") (synopsis "Network traffic analyzer") (source (origin @@ -483,7 +483,7 @@ which can be used to encrypt a password with @code{crypt(3)}.") version ".tar.bz2")) (sha256 (base32 - "0jd89i9si43lyv3hsl6p1lkjmz4zagvc37wcbigsxxc5v8gda9zn")))) + "1dfvhra5v6xhzbp097qsxi0zvirw0srbasl4v1wjf58v49idz7b8")))) (build-system glib-or-gtk-build-system) (inputs `(("bison" ,bison) ("c-ares" ,c-ares) @@ -522,6 +522,31 @@ network frames.") (license license:gpl2+) (home-page "https://www.wireshark.org/"))) +(define-public fping + (package + (name "fping") + (version "4.0") + (source + (origin + (method url-fetch) + (uri (string-append "https://fping.org/dist/fping-" + version ".tar.gz")) + (sha256 + (base32 + "1kp81wchi79l8z8rrj602fpjrd8bi84y3i7fsaclzlwap5943sv7")))) + (build-system gnu-build-system) + (home-page "http://fping.org/") + (synopsis "Send ICMP ECHO_REQUEST packets to network hosts") + (description + "fping is a ping like program which uses the Internet Control Message +Protocol (ICMP) echo request to determine if a target host is responding. +fping differs from ping in that you can specify any number of targets on the +command line, or specify a file containing the lists of targets to ping. +Instead of sending to one target until it times out or replies, fping will +send out a ping packet and move on to the next target in a round-robin +fashion.") + (license license:expat))) + (define-public httping (package (name "httping") diff --git a/gnu/packages/patches/exim-CVE-2017-1000369.patch b/gnu/packages/patches/exim-CVE-2017-1000369.patch new file mode 100644 index 0000000000..a67a8afb0e --- /dev/null +++ b/gnu/packages/patches/exim-CVE-2017-1000369.patch @@ -0,0 +1,59 @@ +Fix CVE-2017-1000369: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369 +https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt + +Patch adapted from upstream source repository: + +https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21 + +From 65e061b76867a9ea7aeeb535341b790b90ae6c21 Mon Sep 17 00:00:00 2001 +From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> +Date: Wed, 31 May 2017 23:08:56 +0200 +Subject: [PATCH] Cleanup (prevent repeated use of -p/-oMr to avoid mem leak) + +--- + doc/doc-docbook/spec.xfpt | 3 ++- + src/src/exim.c | 19 +++++++++++++++++-- + 2 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/src/src/exim.c b/src/src/exim.c +index 67583e58..88e11977 100644 +--- a/src/exim.c ++++ b/src/exim.c +@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++) + + /* -oMr: Received protocol */ + +- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i]; ++ else if (Ustrcmp(argrest, "Mr") == 0) ++ ++ if (received_protocol) ++ { ++ fprintf(stderr, "received_protocol is set already\n"); ++ exit(EXIT_FAILURE); ++ } ++ else received_protocol = argv[++i]; + + /* -oMs: Set sender host name */ + +@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++) + + if (*argrest != 0) + { +- uschar *hn = Ustrchr(argrest, ':'); ++ uschar *hn; ++ ++ if (received_protocol) ++ { ++ fprintf(stderr, "received_protocol is set already\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ hn = Ustrchr(argrest, ':'); + if (hn == NULL) + { + received_protocol = argrest; +-- +2.13.1 + diff --git a/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch b/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch deleted file mode 100644 index 24eed60af9..0000000000 --- a/gnu/packages/patches/miniupnpc-CVE-2017-8798.patch +++ /dev/null @@ -1,55 +0,0 @@ -Fix CVE-2017-8798. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8798 -http://seclists.org/oss-sec/2017/q2/247 - -Patch copied from upstream source repository, with Changelog entry removed: - -https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229 - -diff --git a/miniwget.c b/miniwget.c -index 37cb47b..1eda57c 100644 ---- a/miniwget.c -+++ b/miniwget.c -@@ -284,11 +284,12 @@ getHTTPResponse(int s, int * size, int * status_code) - goto end_of_stream; - } - } -- bytestocopy = ((int)chunksize < (n - i))?chunksize:(unsigned int)(n - i); -+ /* it is guaranteed that (n >= i) */ -+ bytestocopy = (chunksize < (unsigned int)(n - i))?chunksize:(unsigned int)(n - i); - if((content_buf_used + bytestocopy) > content_buf_len) - { - char * tmp; -- if(content_length >= (int)(content_buf_used + bytestocopy)) { -+ if((content_length >= 0) && ((unsigned int)content_length >= (content_buf_used + bytestocopy))) { - content_buf_len = content_length; - } else { - content_buf_len = content_buf_used + bytestocopy; -@@ -313,14 +314,15 @@ getHTTPResponse(int s, int * size, int * status_code) - { - /* not chunked */ - if(content_length > 0 -- && (int)(content_buf_used + n) > content_length) { -+ && (content_buf_used + n) > (unsigned int)content_length) { - /* skipping additional bytes */ - n = content_length - content_buf_used; - } - if(content_buf_used + n > content_buf_len) - { - char * tmp; -- if(content_length >= (int)(content_buf_used + n)) { -+ if(content_length >= 0 -+ && (unsigned int)content_length >= (content_buf_used + n)) { - content_buf_len = content_length; - } else { - content_buf_len = content_buf_used + n; -@@ -340,7 +342,7 @@ getHTTPResponse(int s, int * size, int * status_code) - } - } - /* use the Content-Length header value if available */ -- if(content_length > 0 && (int)content_buf_used >= content_length) -+ if(content_length > 0 && content_buf_used >= (unsigned int)content_length) - { - #ifdef DEBUG - printf("End of HTTP content\n"); diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 505e4a813b..911cf2dc12 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -925,6 +925,24 @@ have been used.") (define-public python2-mock (package-with-python2 python-mock)) +;;; Some packages (notably, certbot and python-acme) rely on this newer version +;;; of python-mock. However, a large number of packages fail to build with +;;; mock@2, so we add a new variable for now. Also, there may be a dependency +;;; cycle between mock and six, so we avoid creating python2-mock@2 for now. +(define-public python-mock-2 + (package + (inherit python-mock) + (version "2.0.0") + (source + (origin + (method url-fetch) + (uri (pypi-uri "mock" version)) + (sha256 + (base32 + "1flbpksir5sqrvq2z0dp8sl4bzbadg21sj4d42w3klpdfvgvcn5i")))) + (propagated-inputs + `(("python-pbr" ,python-pbr-minimal) + ,@(package-propagated-inputs python-mock))))) (define-public python-setuptools (package @@ -15382,3 +15400,26 @@ many of the popular cloud service providers using a unified API.") (define-public python2-apache-libcloud (package-with-python2 python-apache-libcloud)) + +(define-public python-smmap2 + (package + (name "python-smmap2") + (version "2.0.3") + (source + (origin + (method url-fetch) + (uri (pypi-uri "smmap2" version)) + (sha256 + (base32 + "1hvn28p3zvxa98sbi9lrqvv2ps4q284j4jq9a619zw0m7yv0sly7")))) + (build-system python-build-system) + (native-inputs + `(("python-nosexcover" ,python-nosexcover))) + (home-page "https://github.com/Byron/smmap") + (synopsis "Python sliding window memory map manager") + (description "@code{smmap2} is a pure Python implementation of a sliding +window memory map manager.") + (license license:bsd-3))) + +(define-public python2-smmap2 + (package-with-python2 python-smmap2)) diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm index 5873d85b55..8ae2dda1c3 100644 --- a/gnu/packages/security-token.scm +++ b/gnu/packages/security-token.scm @@ -93,15 +93,15 @@ the low-level development kit for the Yubico YubiKey authentication device.") (define-public pcsc-lite (package (name "pcsc-lite") - (version "1.8.21") + (version "1.8.22") (source (origin (method url-fetch) (uri (string-append - "https://alioth.debian.org/frs/download.php/file/4216/" + "https://alioth.debian.org/frs/download.php/file/4225/" "pcsc-lite-" version ".tar.bz2")) (sha256 (base32 - "1b8kwl81f6s3y7qh68ahr8sp8a0w6m464v9b3s4zxq2cgpmnaczy")))) + "01flkdyqs7kr6c63dv2qg8dwir3v9jlr9rzlw7vafrivxmhqydba")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--enable-usbdropdir=/var/lib/pcsc/drivers"))) diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm index 6b9125e77f..65e0eda50a 100644 --- a/gnu/packages/shells.scm +++ b/gnu/packages/shells.scm @@ -172,7 +172,7 @@ highlighting.") #:phases (modify-phases %standard-phases (delete 'configure)))) ; No configure script. - (home-page "https://pragmatique.xyz/software/fish-guix.html") + (home-page "https://www.infotropique.org/projects/fish-guix/") (synopsis "Fish completions for Guix") (description "Fish-guix provides completions for Guix for users of the fish shell.") diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm index 71aa5c7f3a..21af9d7df4 100644 --- a/gnu/packages/tex.scm +++ b/gnu/packages/tex.scm @@ -195,7 +195,7 @@ This package contains the binaries.") (revision %texlive-revision))) (sha256 (base32 - "1k11yvz4q95bxyxczwvd4r177h6a2gg03xmf51kmgjgz8an2gq2w")))) + "0fcy2hpapbj01ncpjj3v39yhr0jjxb6rm13qaxjjw66s3vydxls1")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) @@ -650,7 +650,7 @@ symbol fonts.") (revision %texlive-revision))) (sha256 (base32 - "1ifmbyl3ir8k0v1g25xjb5rcyy5vhj8a3fa2088nczga09hna5vn")))) + "0mjgl3gscn3ps29yjambz1j9fg81ynnncb96vpprwx4xsijhsns0")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) @@ -835,7 +835,7 @@ overwrite existing files and letting you use @code{filecontents} / (define-public texlive-generic-ifxetex (package (name "texlive-generic-ifxetex") - (version "0.6") + (version (number->string %texlive-revision)) (source (origin (method svn-fetch) (uri (texlive-ref "generic" "ifxetex")) @@ -892,7 +892,7 @@ verbatim source).") (uri (texlive-ref "latex" "graphics")) (sha256 (base32 - "17ka701xr9nqsjlhz30hphr8d9j4zzwgv5zl5r2f118yzqh9c34v")))) + "07azyn0b1s49vbdlr6dmygrminxp72ndl24j1091hiiccvrjq3xc")))) (build-system texlive-build-system) (arguments '(#:tex-directory "latex/graphics" @@ -1101,7 +1101,7 @@ of file names.") (uri (texlive-ref "latex" "l3kernel")) (sha256 (base32 - "0ndqw0flhl20f4ny5lssp8rqpnj5kglyg59whbdrxbh2zc7w7j0b")))) + "0r0wfk594j8wkdqhh21haimwsfq8x5jch4ldm21hkzk5dnmvpbg6")))) (build-system texlive-build-system) (arguments '(#:tex-directory "latex/l3kernel")) @@ -1124,7 +1124,7 @@ that the LaTeX3 conventions can be used with regular LaTeX 2e packages.") (uri (texlive-ref "latex" "l3packages")) (sha256 (base32 - "1p1y9my6ccmp2ab91fzqqgih8ifrk4y3wyh397kagiq9f6a6v91f")))) + "16jplkvzdysfssijq9l051nsks65c2nrarsl17k8gjhc28yznj8y")))) (build-system texlive-build-system) (arguments '(#:tex-directory "latex/l3packages" diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index f3d7177102..f2c949ad69 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -498,7 +498,7 @@ security, and applying best practice development processes.") #t)))))) ;; TODO: Add optional inputs for testing. (native-inputs - `(("python-mock" ,python-mock) + `(("python-mock" ,python-mock-2) ;; For documentation ("python-sphinx" ,python-sphinx) ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput) @@ -534,8 +534,7 @@ security, and applying best practice development processes.") "1srvmjxz75dbafx7xfg1w3n9h3srr9p2ljnfsih9dwwd5cxh9i5q")))) (build-system python-build-system) (arguments - `(#:python ,python-2 - ,@(substitute-keyword-arguments (package-arguments python-acme) + `(,@(substitute-keyword-arguments (package-arguments python-acme) ((#:phases phases) `(modify-phases ,phases (replace 'install-documentation @@ -550,27 +549,27 @@ security, and applying best practice development processes.") #t)))))))) ;; TODO: Add optional inputs for testing. (native-inputs - `(("python2-nose" ,python2-nose) - ("python2-mock" ,python2-mock) + `(("python-nose" ,python-nose) + ("python-mock" ,python-mock-2) ;; For documentation - ("python2-sphinx" ,python2-sphinx) - ("python2-sphinx-rtd-theme" ,python2-sphinx-rtd-theme) - ("python2-sphinx-repoze-autointerface" ,python2-sphinx-repoze-autointerface) - ("python2-sphinxcontrib-programoutput" ,python2-sphinxcontrib-programoutput) + ("python-sphinx" ,python-sphinx) + ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme) + ("python-sphinx-repoze-autointerface" ,python-sphinx-repoze-autointerface) + ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput) ("texinfo" ,texinfo))) (propagated-inputs - `(("python2-acme" ,python2-acme) - ("python2-zope-interface" ,python2-zope-interface) - ("python2-pyrfc3339" ,python2-pyrfc3339) - ("python2-pyopenssl" ,python2-pyopenssl) - ("python2-configobj" ,python2-configobj) - ("python2-configargparse" ,python2-configargparse) - ("python2-zope-component" ,python2-zope-component) - ("python2-parsedatetime" ,python2-parsedatetime) - ("python2-six" ,python2-six) - ("python2-psutil" ,python2-psutil) - ("python2-requests" ,python2-requests) - ("python2-pytz" ,python2-pytz))) + `(("python-acme" ,python-acme) + ("python-zope-interface" ,python-zope-interface) + ("python-pyrfc3339" ,python-pyrfc3339) + ("python-pyopenssl" ,python-pyopenssl) + ("python-configobj" ,python-configobj) + ("python-configargparse" ,python-configargparse) + ("python-zope-component" ,python-zope-component) + ("python-parsedatetime" ,python-parsedatetime) + ("python-six" ,python-six) + ("python-psutil" ,python-psutil) + ("python-requests" ,python-requests) + ("python-pytz" ,python-pytz))) (synopsis "Let's Encrypt client by the Electronic Frontier Foundation") (description "Certbot automatically receives and installs X.509 certificates to enable Transport Layer Security (TLS) on servers. It interoperates with the diff --git a/gnu/packages/upnp.scm b/gnu/packages/upnp.scm index 645e9a6573..3c449937da 100644 --- a/gnu/packages/upnp.scm +++ b/gnu/packages/upnp.scm @@ -28,15 +28,14 @@ (define-public miniupnpc (package (name "miniupnpc") - (version "2.0.20170421") + (version "2.0.20170509") (source (origin (method url-fetch) (uri (string-append "https://miniupnp.tuxfamily.org/files/" name "-" version ".tar.gz")) - (patches (search-patches "miniupnpc-CVE-2017-8798.patch")) (sha256 - (base32 "0n11m2wq812zms5b21h8ihw1kbyaihj9nqjiida0hskf4dmw4m13")))) + (base32 "0spi75q6nafxp3ndnrhrlqagzmjlp8wwlr5x7rnvdpswgxi6ihyk")))) (build-system gnu-build-system) (native-inputs `(("python" ,python-2))) diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 953440a6fd..4b78704537 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -186,12 +186,16 @@ as well as the classic centralized workflow.") ,@%gnu-build-system-modules) #:phases (modify-phases %standard-phases - (add-after 'configure 'patch-makefile-shebangs + (add-after 'configure 'patch-makefiles (lambda _ (substitute* "Makefile" (("/bin/sh") (which "sh")) (("/usr/bin/perl") (which "perl")) - (("/usr/bin/python") (which "python"))))) + (("/usr/bin/python") (which "python"))) + (substitute* "perl/Makefile" + ;; Don't create timestamped 'perllocal.pod'. + (("\\$< PREFIX=") "$< NO_PERLLOCAL=1 PREFIX=")) + #t)) (add-after 'configure 'add-PM.stamp (lambda _ ;; Add the "PM.stamp" to avoid "no rule to make target". @@ -816,6 +820,7 @@ following features: "subversion/bindings/swig/perl/native" (and (zero? (system* "perl" "Makefile.PL" + "NO_PERLLOCAL=1" (string-append "PREFIX=" out))) (zero? (system* "make" "install" diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index adae0d3d3e..4acfb24220 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -1144,7 +1144,7 @@ audio, images) from the Web. It can use either mpv or vlc for playback.") (define-public libbluray (package (name "libbluray") - (version "1.0.0") + (version "1.0.1") (source (origin (method url-fetch) (uri (string-append "https://download.videolan.org/videolan/" @@ -1152,10 +1152,10 @@ audio, images) from the Web. It can use either mpv or vlc for playback.") name "-" version ".tar.bz2")) (sha256 (base32 - "1k3lag4lxi2jjd3zh4wcb5l3hadzm54j5kagh92yzfy76p9svqzp")))) + "0fl5cxfj870rwqmmz3s04wh7wnabb7rnynfj1v3sz37ln8frm7qg")))) (build-system gnu-build-system) (arguments - `(#:configure-flags '("--disable-bdjava") + `(#:configure-flags '("--disable-bdjava-jar") #:phases (modify-phases %standard-phases (add-before 'build 'fix-dlopen-paths diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 10945d4975..fba0d99f4a 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -94,14 +94,14 @@ (define-public httpd (package (name "httpd") - (version "2.4.25") + (version "2.4.26") (source (origin (method url-fetch) (uri (string-append "mirror://apache/httpd/httpd-" version ".tar.bz2")) (sha256 (base32 - "1cl0bkqg6srb1sypga0cn8dcmdyxldavij73zmmkxvlz3kgw4zpq")))) + "11ykcfv7b9zpd7fb93a7yhnyfwrilryjz21iklaf0yf8mwpvazm0")))) (build-system gnu-build-system) (native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config' (inputs `(("apr" ,apr) diff --git a/guix/build-system/texlive.scm b/guix/build-system/texlive.scm index d4085ea7e8..0357c47a47 100644 --- a/guix/build-system/texlive.scm +++ b/guix/build-system/texlive.scm @@ -40,8 +40,8 @@ ;; Code: ;; These variables specify the SVN tag and the matching SVN revision. -(define %texlive-tag "texlive-2017.0") -(define %texlive-revision 44445) +(define %texlive-tag "texlive-2017.1") +(define %texlive-revision 44591) (define (texlive-ref component id) "Return a <svn-reference> object for the package ID, which is part of the diff --git a/guix/store.scm b/guix/store.scm index 2acab6b1a3..b584caa073 100644 --- a/guix/store.scm +++ b/guix/store.scm @@ -322,12 +322,16 @@ (define-record-type <nix-server> (%make-nix-server socket major minor + buffer flush ats-cache atts-cache) nix-server? (socket nix-server-socket) (major nix-server-major-version) (minor nix-server-minor-version) + (buffer nix-server-output-port) ;output port + (flush nix-server-flush-output) ;thunk + ;; Caches. We keep them per-connection, because store paths build ;; during the session are temporary GC roots kept for the duration of ;; the session. @@ -481,7 +485,11 @@ for this connection will be pinned. Return a server object." (&nix-connection-error (file (or port uri)) (errno EPROTO)) (&message (message "build daemon handshake failed")))))) - (let ((port (or port (connect-to-daemon uri)))) + (let*-values (((port) + (or port (connect-to-daemon uri))) + ((output flush) + (buffering-output-port port + (make-bytevector 8192)))) (write-int %worker-magic-1 port) (let ((r (read-int port))) (and (eqv? r %worker-magic-2) @@ -499,12 +507,18 @@ for this connection will be pinned. Return a server object." (let ((conn (%make-nix-server port (protocol-major v) (protocol-minor v) + output flush (make-hash-table 100) (make-hash-table 100)))) (let loop ((done? (process-stderr conn))) (or done? (process-stderr conn))) conn))))))))) +(define (write-buffered-output server) + "Flush SERVER's output port." + (force-output (nix-server-output-port server)) + ((nix-server-flush-output server))) + (define (close-connection server) "Close the connection to SERVER." (close (nix-server-socket server))) @@ -718,6 +732,44 @@ encoding conversion errors." (let loop ((done? (process-stderr server))) (or done? (process-stderr server))))) +(define (buffering-output-port port buffer) + "Return two value: an output port wrapped around PORT that uses BUFFER (a +bytevector) as its internal buffer, and a thunk to flush this output port." + ;; Note: In Guile 2.2.2, custom binary output ports already have their own + ;; 4K internal buffer. + (define size + (bytevector-length buffer)) + + (define total 0) + + (define (flush) + (put-bytevector port buffer 0 total) + (set! total 0)) + + (define (write bv offset count) + (if (zero? count) ;end of file + (flush) + (let loop ((offset offset) + (count count) + (written 0)) + (cond ((= total size) + (flush) + (loop offset count written)) + ((zero? count) + written) + (else + (let ((to-copy (min count (- size total)))) + (bytevector-copy! bv offset buffer total to-copy) + (set! total (+ total to-copy)) + (loop (+ offset to-copy) (- count to-copy) + (+ written to-copy)))))))) + + ;; Note: We need to return FLUSH because the custom binary port has no way + ;; to be notified of a 'force-output' call on itself. + (values (make-custom-binary-output-port "buffering-output-port" + write #f #f flush) + flush)) + (define %rpc-calls ;; Mapping from RPC names (symbols) to invocation counts. (make-hash-table)) @@ -755,11 +807,14 @@ encoding conversion errors." ((_ (name (type arg) ...) docstring return ...) (lambda (server arg ...) docstring - (let ((s (nix-server-socket server))) + (let* ((s (nix-server-socket server)) + (buffered (nix-server-output-port server))) (record-operation 'name) - (write-int (operation-id name) s) - (write-arg type arg s) + (write-int (operation-id name) buffered) + (write-arg type arg buffered) ... + (write-buffered-output server) + ;; Loop until the server is done sending error output. (let loop ((done? (process-stderr server))) (or done? (loop (process-stderr server)))) |