diff options
author | Leo Famulari <leo@famulari.name> | 2018-01-03 14:18:01 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2018-01-03 14:18:01 -0500 |
commit | 4ed41f472bd2be465b371abf6760e8713ec59f92 (patch) | |
tree | e44eec8362c732ae3c5f1e773fe7797d3e69cc5f /gnu/packages | |
parent | 9d7d8e71810388985edbc0cb6e6e46e6038ae830 (diff) | |
parent | 0c84e8679c6d41e46416cfe97d63221a64beee55 (diff) | |
download | guix-4ed41f472bd2be465b371abf6760e8713ec59f92.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages')
33 files changed, 908 insertions, 122 deletions
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index f8b0cc388e..d90bc7c050 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -13,7 +13,7 @@ ;;; Copyright © 2016 Peter Feigl <peter.feigl@nexoid.at> ;;; Copyright © 2016 John J. Foerch <jjfoerch@earthlink.net> ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net> -;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2016 John Darrington <jmd@gnu.org> ;;; Copyright © 2017 Ben Sturmfels <ben@sturm.com.au> ;;; Copyright © 2017 Ethan R. Jones <doubleplusgood23@gmail.com> @@ -1387,14 +1387,14 @@ of supported upstream metrics systems simultaneously.") (define-public ansible (package (name "ansible") - (version "2.4.1.0") + (version "2.4.2.0") (source (origin (method url-fetch) (uri (pypi-uri "ansible" version)) (sha256 (base32 - "0spv0kjaicwss4q52s727b6grdizcxpa0bbsfg26pgf5kjrayqfs")) + "0n3n9py4s3aykiii31xq8g4wmd6693jvby0424pjrg0bna01apri")) (patches (search-patches "ansible-wrap-program-hack.patch")))) (build-system python-build-system) (native-inputs @@ -1413,12 +1413,12 @@ of supported upstream metrics systems simultaneously.") ("python2-paramiko" ,python2-paramiko))) (arguments `(#:python ,python-2)) ; incompatible with Python 3 - (home-page "http://ansible.com/") + (home-page "https://www.ansible.com/") (synopsis "Radically simple IT automation") (description "Ansible is a radically simple IT automation system. It -handles configuration-management, application deployment, cloud provisioning, -ad-hoc task-execution, and multinode orchestration - including trivializing -things like zero downtime rolling updates with load balancers.") +handles configuration management, application deployment, cloud provisioning, +ad hoc task execution, and multinode orchestration---including trivializing +things like zero-downtime rolling updates with load balancers.") (license license:gpl3+))) (define-public cpulimit diff --git a/gnu/packages/assembly.scm b/gnu/packages/assembly.scm index 769e5d2fca..22765b456a 100644 --- a/gnu/packages/assembly.scm +++ b/gnu/packages/assembly.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -34,14 +35,14 @@ (define-public nasm (package (name "nasm") - (version "2.13.01") + (version "2.13.02") (source (origin (method url-fetch) (uri (string-append "http://www.nasm.us/pub/nasm/releasebuilds/" version "/" name "-" version ".tar.xz")) (sha256 (base32 - "0plsvcwxc7q3llr3bz10prwq1gn4ll38aqmv0yzfqcq4iw0160ma")))) + "0mqp559rypkv4cz3wb8crkp0s3a3lhcprvypm3vqz0x695gj7hwa")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl) ;for doc and test target ("texinfo" ,texinfo))) diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index d3d9344322..0e9c20f1f1 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -7,7 +7,7 @@ ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2016 Raoul Bonnal <ilpuccio.febo@gmail.com> -;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net> ;;; ;;; This file is part of GNU Guix. @@ -493,6 +493,20 @@ BED, GFF/GTF, VCF.") (base32 "0ykjbps1y3z3085q94npw8i9x5gldc6shy8vlc08v76zljsm07hv")))) (build-system gnu-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'install 'wrap-executables + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out"))) + (for-each + (lambda (script) + (wrap-program (string-append out "/bin/" script) + `("R_LIBS_SITE" ":" = (,(getenv "R_LIBS_SITE"))))) + '("create_annotations_files.bash" + "create_metaplots.bash" + "Ribotaper_ORF_find.sh" + "Ribotaper.sh")))))))) (inputs `(("bedtools" ,bedtools-2.18) ("samtools" ,samtools-0.1) @@ -1439,7 +1453,7 @@ multiple sequence alignments.") (define-public python-pysam (package (name "python-pysam") - (version "0.11.2.2") + (version "0.13.0") (source (origin (method url-fetch) ;; Test data is missing on PyPi. @@ -1449,7 +1463,7 @@ multiple sequence alignments.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1cfqdxsqs3xhacns9n0271ck6wkc76px66ddjm91wfw2jxxfklvc")) + "0dzap2axin9cbbl0d825w294bpn00zagfm1sigamm4v2pm5bj9lp")) (modules '((guix build utils))) (snippet ;; Drop bundled htslib. TODO: Also remove samtools and bcftools. @@ -3213,7 +3227,7 @@ VCF.") (define-public htslib (package (name "htslib") - (version "1.5") + (version "1.6") (source (origin (method url-fetch) (uri (string-append @@ -3221,7 +3235,7 @@ VCF.") version "/htslib-" version ".tar.bz2")) (sha256 (base32 - "0bcjmnbwp2bib1z1bkrp95w9v2syzdwdfqww10mkb1hxlmg52ax0")))) + "1jsca3hg4rbr6iqq6imkj4lsvgl8g9768bcmny3hlff2w25vx24m")))) (build-system gnu-build-system) (arguments `(#:phases @@ -3242,7 +3256,8 @@ VCF.") (synopsis "C library for reading/writing high-throughput sequencing data") (description "HTSlib is a C library for reading/writing high-throughput sequencing -data. It also provides the bgzip, htsfile, and tabix utilities.") +data. It also provides the @command{bgzip}, @command{htsfile}, and +@command{tabix} utilities.") ;; Files under cram/ are released under the modified BSD license; ;; the rest is released under the Expat license (license (list license:expat license:bsd-3)))) diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 47241321fe..c92442042f 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -10,7 +10,7 @@ ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com> ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org> -;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2016 David Craven <david@craven.ch> ;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net> ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> @@ -58,6 +58,7 @@ #:use-module (gnu packages java) #:use-module (gnu packages maths) #:use-module (gnu packages perl) + #:use-module (gnu packages perl-check) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) #:use-module (gnu packages tls) @@ -1810,24 +1811,27 @@ recreates the stored directory structure by default.") "ZZipLib is a library based on zlib for accessing zip files.") (license license:lgpl2.0+))) -(define-public perl-zip +(define-public perl-archive-zip (package - (name "perl-zip") - (version "1.59") + (name "perl-archive-zip") + (version "1.60") (source (origin (method url-fetch) (uri (string-append - "mirror://cpan/authors/id/A/AD/ADAMK/Archive-Zip-" + "mirror://cpan/authors/id/P/PH/PHRED/Archive-Zip-" version ".tar.gz")) (sha256 (base32 - "0m31qlppg65vh32pwxkwjby02q70abx49d2yk6vfd4585fqb27cx")))) + "02y2ylq83hy9kgj57sc0239x65br9sm98c0chsm61s08yc2mpiza")))) (build-system perl-build-system) - (synopsis "Provides an interface to ZIP archive files") - (description "The Archive::Zip module allows a Perl program to create, -manipulate, read, and write Zip archive files.") - (home-page "http://search.cpan.org/~adamk/Archive-Zip-1.30/") + (native-inputs + ;; For tests. + `(("perl-test-mockmodule" ,perl-test-mockmodule))) + (synopsis "Provides an interface to Zip archive files") + (description "The @code{Archive::Zip} module allows a Perl program to +create, manipulate, read, and write Zip archive files.") + (home-page "http://search.cpan.org/dist/Archive-Zip/") (license license:perl-license))) (define-public libzip diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index 92da952999..1ac704ddb8 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -3,7 +3,7 @@ ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox> -;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org> ;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com> @@ -595,6 +595,13 @@ data on your platform, so the seed itself will be as random as possible. (list (string-append "PREFIX=" (assoc-ref %outputs "out"))) #:phases (modify-phases %standard-phases + (add-after 'unpack 'disable-native-optimisation + ;; This package installs more than just headers. Ensure that the + ;; cryptest.exe binary & static library aren't CPU model specific. + (lambda _ + (substitute* "GNUmakefile" + ((" -march=native") "")) + #t)) (delete 'configure)))) (native-inputs `(("unzip" ,unzip))) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 3df8acc2c7..302c696233 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -26,10 +26,13 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix git-download) #:use-module (guix utils) #:use-module (guix build-system gnu) + #:use-module (guix build-system go) #:use-module (gnu packages) #:use-module (gnu packages compression) + #:use-module (gnu packages golang) #:use-module (gnu packages groff) #:use-module (gnu packages gsasl) #:use-module (gnu packages libidn) @@ -131,3 +134,31 @@ tunneling, and so on.") (license (license:non-copyleft "file://COPYING" "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) + +(define-public kurly + (package + (name "kurly") + (version "1.1.0") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/davidjpeacock/kurly.git") + (commit (string-append "v" version)))) + (sha256 + (base32 + "1q192f457sjypgvwq7grrf8gq8w272p3zf1d5ppc20mriqm0mbc3")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/davidjpeacock/kurly")) + (inputs + `(("go-github-com-alsm-ioprogress" ,go-github-com-alsm-ioprogress) + ("go-github-com-aki237-nscjar" ,go-github-com-aki237-nscjar) + ("go-github-com-davidjpeacock-cli" ,go-github-com-davidjpeacock-cli))) + (synopsis "Command-line HTTP client") + (description "kurly is an alternative to the @code{curl} program written in +Go. kurly is designed to operate in a similar manner to curl, with select +features. Notably, kurly is not aiming for feature parity, but common flags and +mechanisms particularly within the HTTP(S) realm are to be expected. kurly does +not offer a replacement for libcurl.") + (home-page "https://github.com/davidjpeacock/kurly") + (license license:asl2.0))) diff --git a/gnu/packages/digest.scm b/gnu/packages/digest.scm new file mode 100644 index 0000000000..5f14ab913b --- /dev/null +++ b/gnu/packages/digest.scm @@ -0,0 +1,55 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu packages digest) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system gnu)) + +(define-public xxhash + (package + (name "xxhash") + (version "0.6.4") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/Cyan4973/xxHash/archive/v" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 "08nv9h3jzg6y85ysy2dj3qvvfsdz0rwkk497a2366syz278wqw25")))) + (build-system gnu-build-system) + (arguments + `(#:make-flags + (list "CC=gcc" + "XXH_FORCE_MEMORY_ACCESS=1" ; improved performance with GCC + (string-append "prefix=" (assoc-ref %outputs "out"))) + #:test-target "test" + #:phases + (modify-phases %standard-phases + (delete 'configure)))) ; no configure script + (home-page "https://cyan4973.github.io/xxHash/") + (synopsis "Extremely fast hash algorithm") + (description + "xxHash is an extremely fast non-cryptographic hash algorithm. It works +at speeds close to RAM limits, and comes in both 32- and 64-bit flavours. +The code is highly portable, and hashes of the same length are identical on all +platforms (both big and little endian).") + (license (list license:bsd-2 ; xxhash library (xxhash.[ch]) + license:gpl2+)))) ; xxhsum.c diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm index e0197fca32..85b44fb6fb 100644 --- a/gnu/packages/dns.scm +++ b/gnu/packages/dns.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 John Darrington <jmd@gnu.org> ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is> -;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com> ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net> @@ -483,14 +483,14 @@ Extensions} (DNSSEC).") (define-public knot (package (name "knot") - (version "2.6.3") + (version "2.6.4") (source (origin (method url-fetch) (uri (string-append "https://secure.nic.cz/files/knot-dns/" name "-" version ".tar.xz")) (sha256 (base32 - "143pk2124liiq1r4ja1s579nbv3hm2scbbfbfclc2pw60r07mcig")) + "0siqfm6iibx5yfshw40wa2dvmh99bibda6bmj96mbkby0jskf38x")) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index c4d7e7bc60..b9280728c4 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -6575,3 +6575,28 @@ Feautures: "@code{evil-matchit} is a minor mode for jumping between matching tags in evil mode using @kbd{%}. It is a port of @code{matchit} for Vim.") (license license:gpl3+))) + +(define-public emacs-evil-smartparens + (package + (name "emacs-evil-smartparens") + (version "0.4.0") + (source + (origin + (method url-fetch) + (uri (string-append + "https://github.com/expez/evil-smartparens/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1bwzdd3054d407d5j4m3njsbvmc9r8zzp33m32pj3b3irxrl68q0")))) + (build-system emacs-build-system) + (propagated-inputs + `(("emacs-evil" ,emacs-evil) + ("emacs-smartparens" ,emacs-smartparens))) + (home-page "https://github.com/expez/evil-smartparens") + (synopsis "Emacs Evil integration for Smartparens") + (description "@code{emacs-evil-smartparens} is an Emacs minor mode which +makes Evil play nice with Smartparens. Evil is an Emacs minor mode that +emulates Vim features and provides Vim-like key bindings.") + (license license:gpl3+))) diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index b879fbd5a8..8d0db5ee4f 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -4919,7 +4919,8 @@ fight against their plot and save his fellow rabbits from slavery.") ("python-2" ,python-2))) (build-system gnu-build-system) (arguments - `(#:phases + `(#:make-flags '("config=release" "verbose=1" "-C" "build/workspaces/gcc") + #:phases (modify-phases %standard-phases (add-after 'unpack 'delete-bundles (lambda _ @@ -4946,17 +4947,12 @@ fight against their plot and save his fellow rabbits from slavery.") (zero? (system* "./update-workspaces.sh" (string-append "--libdir=" lib) (string-append "--datadir=" data) - "--minimal-flags" ;; TODO: "--with-system-nvtt" "--with-system-mozjs38")))))) - (add-before 'build 'chdir - (lambda _ - (chdir "build/workspaces/gcc") - #t)) (delete 'check) (replace 'install (lambda* (#:key inputs outputs #:allow-other-keys) - (chdir "../../../binaries") + (chdir "binaries") (let* ((out (assoc-ref outputs "out")) (bin (string-append out "/bin")) (lib (string-append out "/lib")) diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm index b0797453fa..fc2c8ff516 100644 --- a/gnu/packages/gimp.scm +++ b/gnu/packages/gimp.scm @@ -133,6 +133,11 @@ buffers.") (uri (string-append "http://download.gimp.org/pub/gimp/v" (version-major+minor version) "/gimp-" version ".tar.bz2")) + (patches (search-patches "gimp-CVE-2017-17784.patch" + "gimp-CVE-2017-17785.patch" + "gimp-CVE-2017-17786.patch" + "gimp-CVE-2017-17787.patch" + "gimp-CVE-2017-17789.patch")) (sha256 (base32 "12k3lp938qdc9cqj29scg55f3bb8iav2fysd29w0s49bqmfa71wi")))) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index b8f86ac5fd..e7c2d228cc 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -27,8 +27,10 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix utils) #:use-module (guix download) + #:use-module (guix git-download) #:use-module (guix packages) #:use-module (guix build-system gnu) + #:use-module (guix build-system go) #:use-module (gnu packages admin) #:use-module (gnu packages gcc) #:use-module (gnu packages base) @@ -377,3 +379,76 @@ sequential processes (CSP) concurrent programming features added.") (supported-systems %supported-systems))) (define-public go go-1.9) + +(define-public go-github-com-alsm-ioprogress + (let ((commit "063c3725f436e7fba0c8f588547bee21ffec7ac5") + (revision "0")) + (package + (name "go-github-com-alsm-ioprogress") + (version (git-version "0.0.0" revision commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/alsm/ioprogress.git") + (commit commit))) + (sha256 + (base32 + "10ym5qlq77nynmkxbk767f2hfwyxg2k7hrzph05hvgzv833dhivh")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/alsm/ioprogress")) + (synopsis "Textual progress bars in Go") + (description "@code{ioprogress} is a Go library with implementations of +@code{io.Reader} and @code{io.Writer} that draws progress bars. The primary use +case for these are for command-line applications but alternate progress bar +writers can be supplied for alternate environments.") + (home-page "https://github.com/alsm/ioprogress") + (license license:expat)))) + +(define-public go-github-com-aki237-nscjar + (let ((commit "e2df936ddd6050d30dd90c7214c02b5019c42f06") + (revision "0")) + (package + (name "go-github-com-aki237-nscjar") + (version (git-version "0.0.0" revision commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/aki237/nscjar.git") + (commit commit))) + (sha256 + (base32 + "03y7zzq12qvhsq86lb06sgns8xrkblbn7i7wd886wk3zr5574b96")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/aki237/nscjar")) + (synopsis "Handle Netscape / Mozilla cookies") + (description "@code{nscjar} is a Go library used to parse and output +Netscape/Mozilla's old-style cookie files. It also implements a simple cookie +jar struct to manage the cookies added to the cookie jar.") + (home-page "https://github.com/aki237/nscjar") + (license license:expat)))) + +(define-public go-github-com-davidjpeacock-cli + (let ((commit "8ba6f23b6e36d03666a14bd9421f5e3efcb59aca") + (revision "0")) + (package + (name "go-github-com-davidjpeacock-cli") + (version (git-version "1.19.1" revision commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/davidjpeacock/cli.git") + (commit commit))) + (sha256 + (base32 + "01s53ny3p0fdx64rnwcnmjj4xpc5adihnh6islsfq5z1ph2phhnj")))) + (build-system go-build-system) + (arguments + '(#:import-path "github.com/davidjpeacock/cli")) + (synopsis "Build command-line interfaces in Go") + (description "@code{cli} is a package for building command line +interfaces in Go. The goal is to enable developers to write fast and +distributable command line applications in an expressive way.") + (home-page "https://github.com/davidjpeacock/cli") + (license license:expat)))) diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm index 72dff868cc..ef2a7cb07c 100644 --- a/gnu/packages/kde-frameworks.scm +++ b/gnu/packages/kde-frameworks.scm @@ -3359,6 +3359,10 @@ workspace.") (mkdir-p ".kde-unit-test/xdg/config") (with-output-to-file ".kde-unit-test/xdg/config/foorc" (lambda () #t)) ;; simply touch the file + ;; Blacklist a test-function (failing at build.kde.org, too). + (with-output-to-file "autotests/BLACKLIST" + (lambda _ + (display "[testSmb]\n*\n"))) ;; kuniqueapptest hangs. TODO: Make this test pass. (zero? (system* "dbus-launch" "ctest" "." "-E" "kstandarddirstest|kuniqueapptest"))))))) diff --git a/gnu/packages/kde.scm b/gnu/packages/kde.scm index 89ad30ecd2..f0df44528e 100644 --- a/gnu/packages/kde.scm +++ b/gnu/packages/kde.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016, 2017 Thomas Danckaert <post@thomasdanckaert.be> ;;; Copyright © 2017 Mark Meyer <mark@ofosos.org> +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -259,7 +260,22 @@ plugins, as well as code to create plugins, or complete applications.") (assoc-ref %build-inputs "libtiff")) (string-append "-DCMAKE_CXX_FLAGS=-I" (assoc-ref %build-inputs "ilmbase") - "/include/OpenEXR")))) + "/include/OpenEXR")) + #:phases + (modify-phases %standard-phases + ;; Ensure that icons are found at runtime. + ;; This works around <https://bugs.gnu.org/22138>. + (add-after 'install 'wrap-executable + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (qt '("qtbase" "qtsvg"))) + (wrap-program (string-append out "/bin/krita") + `("QT_PLUGIN_PATH" ":" prefix + ,(map (lambda (label) + (string-append (assoc-ref inputs label) + "/lib/qt5/plugins/")) + qt))) + #t)))))) (native-inputs `(("curl" ,curl) ("eigen" ,eigen) @@ -349,7 +365,7 @@ used in KDE development tools Kompare and KDevelop.") (define-public libksysguard (package (name "libksysguard") - (version "5.11.2") + (version "5.11.4") (source (origin (method url-fetch) @@ -357,7 +373,7 @@ used in KDE development tools Kompare and KDevelop.") "/libksysguard-" version ".tar.xz")) (sha256 (base32 - "12d0r4rilydbqdgkm256khvkb9m0hya3p27xqvv3hg77wgxzdl3f")))) + "1ry4478fv7blp80zyhz0xr3qragsddrkzjzmxkdarh01f4p987aq")))) (native-inputs `(("extra-cmake-modules" ,extra-cmake-modules) ("pkg-config" ,pkg-config))) @@ -399,7 +415,7 @@ used in KDE development tools Kompare and KDevelop.") (lambda _ ;; TODO: Fix this failing test-case (zero? (system* "ctest" "-E" "processtest"))))))) - (home-page "https://www.kde.org/info/plasma-5.11.2.php") + (home-page "https://www.kde.org/info/plasma-5.11.4.php") (synopsis "Network enabled task and system monitoring") (description "KSysGuard can obtain information on system load and manage running processes. It obtains this information by interacting diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm index 6524e58400..799b062439 100644 --- a/gnu/packages/libreoffice.scm +++ b/gnu/packages/libreoffice.scm @@ -926,7 +926,7 @@ and to return information on pronunciations, meanings and synonyms.") ("openssl" ,openssl) ("orcus" ,orcus) ("perl" ,perl) - ("perl-zip" ,perl-zip) + ("perl-archive-zip" ,perl-archive-zip) ("poppler" ,poppler) ("postgresql" ,postgresql) ("python" ,python) diff --git a/gnu/packages/moreutils.scm b/gnu/packages/moreutils.scm index bb6228af7f..34bce23c30 100644 --- a/gnu/packages/moreutils.scm +++ b/gnu/packages/moreutils.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com> ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> -;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -30,7 +30,7 @@ (define-public moreutils (package (name "moreutils") - (version "0.61") + (version "0.62") (source (origin (method url-fetch) @@ -43,7 +43,7 @@ name "-" version ".tar.gz"))) (sha256 (base32 - "12rhzy8hw8vljlf10b7ys9zky0p94fdvd6ihq8w8cnkia4rd6izb")))) + "1gc3rswr0jl0z42pbrmw2zc4gxsyp60hq8cnvrlsig1vk1s9vpwx")))) (build-system gnu-build-system) ;; For building the manual pages. (native-inputs diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 0c1bb4183c..3c53de63af 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2017 Muriithi Frederick Muriuki <fredmanglis@gmail.com> ;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com> ;;; Copyright © 2017 Roel Janssen <roel@gnu.org> +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -500,13 +501,13 @@ transactions from C or Python.") (define-public diffoscope (package (name "diffoscope") - (version "88") + (version "90") (source (origin (method url-fetch) (uri (pypi-uri name version)) (sha256 (base32 - "1zp6nb37igssxg4bqsi3cw5klx4prhcx50mzg4463l50mssn8mp2")))) + "0hhg26vi0z2q4gwklwq4k16hibc4kq16jvyzp6zhr4kspi07wl6i")))) (build-system python-build-system) (arguments `(#:phases (modify-phases %standard-phases diff --git a/gnu/packages/patches/fossil-CVE-2017-17459.patch b/gnu/packages/patches/fossil-CVE-2017-17459.patch new file mode 100644 index 0000000000..e566235b4e --- /dev/null +++ b/gnu/packages/patches/fossil-CVE-2017-17459.patch @@ -0,0 +1,57 @@ +Fix CVE-2017-17459: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17459 + +Patch copied from upstream source repository: + +https://www.fossil-scm.org/xfer/info/1f63db591c77108c + +Index: src/http_transport.c +================================================================== +--- src/http_transport.c ++++ src/http_transport.c +@@ -73,10 +73,23 @@ + if( resetFlag ){ + transport.nSent = 0; + transport.nRcvd = 0; + } + } ++ ++/* ++** Remove leading "-" characters from the input string. ++** ++** This prevents attacks that try to trick a victim into using ++** a ssh:// URI with a carefully crafted hostname of other ++** parameter that ends up being interpreted as a command-line ++** option by "ssh". ++*/ ++static const char *stripLeadingMinus(const char *z){ ++ while( z[0]=='-' ) z++; ++ return z; ++} + + /* + ** Default SSH command + */ + #ifdef _WIN32 +@@ -116,17 +129,17 @@ + }else{ + zHost = mprintf("%s", pUrlData->name); + } + n = blob_size(&zCmd); + blob_append(&zCmd, " ", 1); +- shell_escape(&zCmd, zHost); ++ shell_escape(&zCmd, stripLeadingMinus(zHost)); + blob_append(&zCmd, " ", 1); + shell_escape(&zCmd, mprintf("%s", pUrlData->fossil)); + blob_append(&zCmd, " test-http", 10); + if( pUrlData->path && pUrlData->path[0] ){ + blob_append(&zCmd, " ", 1); +- shell_escape(&zCmd, mprintf("%s", pUrlData->path)); ++ shell_escape(&zCmd, mprintf("%s", stripLeadingMinus(pUrlData->path))); + } + if( g.fSshTrace ){ + fossil_print("%s\n", blob_str(&zCmd)+n); /* Show tail of SSH command */ + } + free(zHost); + diff --git a/gnu/packages/patches/gimp-CVE-2017-17784.patch b/gnu/packages/patches/gimp-CVE-2017-17784.patch new file mode 100644 index 0000000000..c791772fb5 --- /dev/null +++ b/gnu/packages/patches/gimp-CVE-2017-17784.patch @@ -0,0 +1,41 @@ +Fix CVE-2017-17784: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784 +https://bugzilla.gnome.org/show_bug.cgi?id=790784 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270 + +From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Thu, 21 Dec 2017 12:25:32 +0100 +Subject: [PATCH] Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / + load_image. + +We were assuming the input name was well formed, hence was +nul-terminated. As any data coming from external input, this has to be +thorougly checked. +Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted +to older gimp-2-8 code. +--- + plug-ins/common/file-gbr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c +index b028100bef..d3f01d9c56 100644 +--- a/plug-ins/common/file-gbr.c ++++ b/plug-ins/common/file-gbr.c +@@ -443,7 +443,8 @@ load_image (const gchar *filename, + { + gchar *temp = g_new (gchar, bn_size); + +- if ((read (fd, temp, bn_size)) < bn_size) ++ if ((read (fd, temp, bn_size)) < bn_size || ++ temp[bn_size - 1] != '\0') + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("Error in GIMP brush file '%s'"), +-- +2.15.1 + diff --git a/gnu/packages/patches/gimp-CVE-2017-17785.patch b/gnu/packages/patches/gimp-CVE-2017-17785.patch new file mode 100644 index 0000000000..939b01f214 --- /dev/null +++ b/gnu/packages/patches/gimp-CVE-2017-17785.patch @@ -0,0 +1,171 @@ +Fix CVE-2017-17785: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785 +https://bugzilla.gnome.org/show_bug.cgi?id=739133 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54 + +From 1882bac996a20ab5c15c42b0c5e8f49033a1af54 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Sun, 29 Oct 2017 15:19:41 +0100 +Subject: [PATCH] Bug 739133 - (CVE-2017-17785) Heap overflow while parsing FLI + files. + +It is possible to trigger a heap overflow while parsing FLI files. The +RLE decoder is vulnerable to out of boundary writes due to lack of +boundary checks. + +The variable "framebuf" points to a memory area which was allocated +with fli_header->width * fli_header->height bytes. The RLE decoder +therefore must never write beyond that limit. + +If an illegal frame is detected, the parser won't stop, which means +that the next valid sequence is properly parsed again. This should +allow GIMP to parse FLI files as good as possible even if they are +broken by an attacker or by accident. + +While at it, I changed the variable xc to be of type size_t, because +the multiplication of width and height could overflow a 16 bit type. + +Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> +(cherry picked from commit edb251a7ef1602d20a5afcbf23f24afb163de63b) +--- + plug-ins/file-fli/fli.c | 50 ++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 35 insertions(+), 15 deletions(-) + +diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c +index 313efeb977..ffb651e2af 100644 +--- a/plug-ins/file-fli/fli.c ++++ b/plug-ins/file-fli/fli.c +@@ -25,6 +25,8 @@ + + #include "config.h" + ++#include <glib/gstdio.h> ++ + #include <string.h> + #include <stdio.h> + +@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header *fli_header, unsigned char *framebuf) + unsigned short yc; + unsigned char *pos; + for (yc=0; yc < fli_header->height; yc++) { +- unsigned short xc, pc, pcnt; ++ unsigned short pc, pcnt; ++ size_t n, xc; + pc=fli_read_char(f); + xc=0; + pos=framebuf+(fli_header->width * yc); ++ n=(size_t)fli_header->width * (fli_header->height-yc); + for (pcnt=pc; pcnt>0; pcnt--) { + unsigned short ps; + ps=fli_read_char(f); + if (ps & 0x80) { + unsigned short len; +- for (len=-(signed char)ps; len>0; len--) { ++ for (len=-(signed char)ps; len>0 && xc<n; len--) { + pos[xc++]=fli_read_char(f); + } + } else { + unsigned char val; ++ size_t len; ++ len=MIN(n-xc,ps); + val=fli_read_char(f); +- memset(&(pos[xc]), val, ps); +- xc+=ps; ++ memset(&(pos[xc]), val, len); ++ xc+=len; + } + } + } +@@ -564,25 +570,34 @@ void fli_read_lc(FILE *f, s_fli_header *fli_header, unsigned char *old_framebuf, + memcpy(framebuf, old_framebuf, fli_header->width * fli_header->height); + firstline = fli_read_short(f); + numline = fli_read_short(f); ++ if (numline > fli_header->height || fli_header->height-numline < firstline) ++ return; ++ + for (yc=0; yc < numline; yc++) { +- unsigned short xc, pc, pcnt; ++ unsigned short pc, pcnt; ++ size_t n, xc; + pc=fli_read_char(f); + xc=0; + pos=framebuf+(fli_header->width * (firstline+yc)); ++ n=(size_t)fli_header->width * (fli_header->height-firstline-yc); + for (pcnt=pc; pcnt>0; pcnt--) { + unsigned short ps,skip; + skip=fli_read_char(f); + ps=fli_read_char(f); +- xc+=skip; ++ xc+=MIN(n-xc,skip); + if (ps & 0x80) { + unsigned char val; ++ size_t len; + ps=-(signed char)ps; + val=fli_read_char(f); +- memset(&(pos[xc]), val, ps); +- xc+=ps; ++ len=MIN(n-xc,ps); ++ memset(&(pos[xc]), val, len); ++ xc+=len; + } else { +- fread(&(pos[xc]), ps, 1, f); +- xc+=ps; ++ size_t len; ++ len=MIN(n-xc,ps); ++ fread(&(pos[xc]), len, 1, f); ++ xc+=len; + } + } + } +@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu + yc=0; + numline = fli_read_short(f); + for (lc=0; lc < numline; lc++) { +- unsigned short xc, pc, pcnt, lpf, lpn; ++ unsigned short pc, pcnt, lpf, lpn; ++ size_t n, xc; + pc=fli_read_short(f); + lpf=0; lpn=0; + while (pc & 0x8000) { +@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu + } + pc=fli_read_short(f); + } ++ yc=MIN(yc, fli_header->height); + xc=0; + pos=framebuf+(fli_header->width * yc); ++ n=(size_t)fli_header->width * (fli_header->height-yc); + for (pcnt=pc; pcnt>0; pcnt--) { + unsigned short ps,skip; + skip=fli_read_char(f); + ps=fli_read_char(f); +- xc+=skip; ++ xc+=MIN(n-xc,skip); + if (ps & 0x80) { + unsigned char v1,v2; + ps=-(signed char)ps; + v1=fli_read_char(f); + v2=fli_read_char(f); +- while (ps>0) { ++ while (ps>0 && xc+1<n) { + pos[xc++]=v1; + pos[xc++]=v2; + ps--; + } + } else { +- fread(&(pos[xc]), ps, 2, f); +- xc+=ps << 1; ++ size_t len; ++ len=MIN((n-xc)/2,ps); ++ fread(&(pos[xc]), len, 2, f); ++ xc+=len << 1; + } + } + if (lpf) pos[xc]=lpn; +-- +2.15.1 + diff --git a/gnu/packages/patches/gimp-CVE-2017-17786.patch b/gnu/packages/patches/gimp-CVE-2017-17786.patch new file mode 100644 index 0000000000..851227ac1d --- /dev/null +++ b/gnu/packages/patches/gimp-CVE-2017-17786.patch @@ -0,0 +1,94 @@ +Fix CVE-2017-17786: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786 +https://bugzilla.gnome.org/show_bug.cgi?id=739134 + +Both patches copied from upstream source repository: + +https://git.gnome.org/browse/gimp/commit/?id=ef9c821fff8b637a2178eab1c78cae6764c50e12 +https://git.gnome.org/browse/gimp/commit/?id=22e2571c25425f225abdb11a566cc281fca6f366 + +From ef9c821fff8b637a2178eab1c78cae6764c50e12 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Wed, 20 Dec 2017 13:02:38 +0100 +Subject: [PATCH] Bug 739134 - (CVE-2017-17786) Out of bounds read / heap + overflow in... +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +... TGA importer. + +Be more thorough on valid TGA RGB and RGBA images. +In particular current TGA plug-in can import RGBA as 32 bits (8 bits per +channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and +RGB as 15 and 24 bits. +Maybe there exist more variants, but if they do exist, we simply don't +support them yet. + +Thanks to Hanno Böck for the report and a first patch attempt. + +(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b) +--- + plug-ins/common/file-tga.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c +index aef98702d4..426acc2925 100644 +--- a/plug-ins/common/file-tga.c ++++ b/plug-ins/common/file-tga.c +@@ -564,12 +564,16 @@ load_image (const gchar *filename, + } + break; + case TGA_TYPE_COLOR: +- if (info.bpp != 15 && info.bpp != 16 && +- info.bpp != 24 && info.bpp != 32) ++ if ((info.bpp != 15 && info.bpp != 16 && ++ info.bpp != 24 && info.bpp != 32) || ++ ((info.bpp == 15 || info.bpp == 24) && ++ info.alphaBits != 0) || ++ (info.bpp == 16 && info.alphaBits != 1) || ++ (info.bpp == 32 && info.alphaBits != 8)) + { +- g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)", ++ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", + gimp_filename_to_utf8 (filename), +- info.imageType, info.bpp); ++ info.imageType, info.bpp, info.alphaBits); + return -1; + } + break; +-- +2.15.1 + +From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Wed, 20 Dec 2017 13:26:26 +0100 +Subject: [PATCH] plug-ins: TGA 16-bit RGB (without alpha bit) is also valid. + +According to some spec on the web, 16-bit RGB is also valid. In this +case, the last bit is simply ignored (at least that's how it is +implemented right now). + +(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077) +--- + plug-ins/common/file-tga.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c +index 426acc2925..eb14a1dadc 100644 +--- a/plug-ins/common/file-tga.c ++++ b/plug-ins/common/file-tga.c +@@ -568,7 +568,8 @@ load_image (const gchar *filename, + info.bpp != 24 && info.bpp != 32) || + ((info.bpp == 15 || info.bpp == 24) && + info.alphaBits != 0) || +- (info.bpp == 16 && info.alphaBits != 1) || ++ (info.bpp == 16 && info.alphaBits != 1 && ++ info.alphaBits != 0) || + (info.bpp == 32 && info.alphaBits != 8)) + { + g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", +-- +2.15.1 + diff --git a/gnu/packages/patches/gimp-CVE-2017-17787.patch b/gnu/packages/patches/gimp-CVE-2017-17787.patch new file mode 100644 index 0000000000..b5310d33d9 --- /dev/null +++ b/gnu/packages/patches/gimp-CVE-2017-17787.patch @@ -0,0 +1,42 @@ +Fix CVE-2017-17787: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787 +https://bugzilla.gnome.org/show_bug.cgi?id=790853 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/gimp/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d + +From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Thu, 21 Dec 2017 12:49:41 +0100 +Subject: [PATCH] Bug 790853 - (CVE-2017-17787) heap overread in psp importer. + +As any external data, we have to check that strings being read at fixed +length are properly nul-terminated. + +(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d) +--- + plug-ins/common/file-psp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c +index 4cbafe37b1..e350e4d88d 100644 +--- a/plug-ins/common/file-psp.c ++++ b/plug-ins/common/file-psp.c +@@ -890,6 +890,12 @@ read_creator_block (FILE *f, + g_free (string); + return -1; + } ++ if (string[length - 1] != '\0') ++ { ++ g_message ("Creator keyword data not nul-terminated"); ++ g_free (string); ++ return -1; ++ } + switch (keyword) + { + case PSP_CRTR_FLD_TITLE: +-- +2.15.1 + diff --git a/gnu/packages/patches/gimp-CVE-2017-17789.patch b/gnu/packages/patches/gimp-CVE-2017-17789.patch new file mode 100644 index 0000000000..6dfa435fd0 --- /dev/null +++ b/gnu/packages/patches/gimp-CVE-2017-17789.patch @@ -0,0 +1,48 @@ +Fix CVE-2017-17789: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789 +https://bugzilla.gnome.org/show_bug.cgi?id=790849 + +Patch copied from upstream source repository: + +https://git.gnome.org/browse/gimp/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f + +From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Wed, 20 Dec 2017 16:44:20 +0100 +Subject: [PATCH] Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer + overflow... + +... in PSP importer. +Check if declared block length is valid (i.e. within the actual file) +before going further. +Consider the file as broken otherwise and fail loading it. + +(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8) +--- + plug-ins/common/file-psp.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c +index ac0fff78f0..4cbafe37b1 100644 +--- a/plug-ins/common/file-psp.c ++++ b/plug-ins/common/file-psp.c +@@ -1771,6 +1771,15 @@ load_image (const gchar *filename, + { + block_start = ftell (f); + ++ if (block_start + block_total_len > st.st_size) ++ { ++ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, ++ _("Could not open '%s' for reading: %s"), ++ gimp_filename_to_utf8 (filename), ++ _("invalid block size")); ++ goto error; ++ } ++ + if (id == PSP_IMAGE_BLOCK) + { + if (block_number != 0) +-- +2.15.1 + diff --git a/gnu/packages/patches/httpd-CVE-2017-9798.patch b/gnu/packages/patches/httpd-CVE-2017-9798.patch deleted file mode 100644 index 8391a3db4a..0000000000 --- a/gnu/packages/patches/httpd-CVE-2017-9798.patch +++ /dev/null @@ -1,22 +0,0 @@ -Fixes "options bleed", aka. CVE-2017-9798: - - https://nvd.nist.gov/vuln/detail/CVE-2017-9798 - https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html - -From <https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch>. - ---- a/server/core.c 2017/08/16 16:50:29 1805223 -+++ b/server/core.c 2017/09/08 13:13:11 1807754 -@@ -2266,6 +2266,12 @@ - /* method has not been registered yet, but resource restriction - * is always checked before method handling, so register it. - */ -+ if (cmd->pool == cmd->temp_pool) { -+ /* In .htaccess, we can't globally register new methods. */ -+ return apr_psprintf(cmd->pool, "Could not register method '%s' " -+ "for %s from .htaccess configuration", -+ method, cmd->cmd->name); -+ } - methnum = ap_method_register(cmd->pool, - apr_pstrdup(cmd->pool, method)); - } diff --git a/gnu/packages/perl-check.scm b/gnu/packages/perl-check.scm index 5df2940bd6..121ebec414 100644 --- a/gnu/packages/perl-check.scm +++ b/gnu/packages/perl-check.scm @@ -10,7 +10,7 @@ ;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Christopher Baines <mail@cbaines.net> ;;; Copyright © 2017 Petter <petter@mykolab.ch> -;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -35,6 +35,11 @@ #:use-module (guix build-system perl) #:use-module (gnu packages perl)) +;;; +;;; Please: Try to add new module packages in alphabetic order. +;;; + + (define-public perl-test2-bundle-extended (package (name "perl-test2-bundle-extended") @@ -606,6 +611,36 @@ memory_cycle_ok( $object ); @end example") (license artistic2.0))) +(define-public perl-test-mockmodule + (package + (name "perl-test-mockmodule") + (version "0.13") + (source + (origin + (method url-fetch) + (uri (string-append "mirror://cpan/authors/id/G/GF/GFRANKS/" + "Test-MockModule-" version ".tar.gz")) + (sha256 + (base32 "0lwh6fvnc16r6d74vvh5h4b5a1spcslpjb3mcqbv23k01lm78wvl")))) + (build-system perl-build-system) + (native-inputs + `(("perl-module-build" ,perl-module-build) + ;; For tests. + ("perl-test-pod" ,perl-test-pod) + ("perl-test-pod-coverage" ,perl-test-pod-coverage))) + (propagated-inputs + `(("perl-super" ,perl-super))) + (home-page "http://search.cpan.org/dist/Test-MockModule/") + (synopsis "Override subroutines in a module for unit testing") + (description + "@code{Test::MockModule} lets you temporarily redefine subroutines in other +packages for the purposes of unit testing. A @code{Test::MockModule} object is +set up to mock subroutines for a given module. The mocked object remembers the +original subroutine so it can be easily restored. This happens automatically +when all @code{MockModule} objects for the given module go out of scope, or when +you @code{unmock()} the subroutine.") + (license gpl3))) + (define-public perl-test-mockobject (package (name "perl-test-mockobject") diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 4dbe77c4e9..520395b5b5 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -15,7 +15,7 @@ ;;; Copyright © 2017 Raoul J.P. Bonnal <ilpuccio.febo@gmail.com> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com> -;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Christopher Allan Webber <cwebber@dustycloud.org> ;;; @@ -42,6 +42,7 @@ #:use-module (guix build-system gnu) #:use-module (guix build-system perl) #:use-module (gnu packages base) + #:use-module (gnu packages compression) #:use-module (gnu packages perl-check) #:use-module (gnu packages perl-web) #:use-module (gnu packages pkg-config)) @@ -261,26 +262,6 @@ variable ANY_MOOSE to be Moose or Mouse.") configuration files and parsing command line arguments.") (license (package-license perl)))) -(define-public perl-archive-zip - (package - (name "perl-archive-zip") - (version "1.30") - (source - (origin - (method url-fetch) - (uri (string-append - "mirror://cpan/authors/id/A/AD/ADAMK/Archive-Zip-" - version ".tar.gz")) - (sha256 - (base32 - "0633zah5z9njiqnvy3vh42fjymncmil1jdfb7d18w8xpfzzp5d7q")))) - (build-system perl-build-system) - (synopsis "Perl API to zip files") - (description "The Archive::Zip module allows a Perl program to create, -manipulate, read, and write Zip archive files.") - (home-page "http://search.cpan.org/~phred/Archive-Zip-1.37/lib/Archive/Zip.pm") - (license (package-license perl)))) - (define-public perl-array-utils (package (name "perl-array-utils") @@ -7106,6 +7087,32 @@ The idea is just to fool caller(). All the really naughty bits of Tcl's uplevel() are avoided.") (license (package-license perl)))) +(define-public perl-super + (package + (name "perl-super") + (version "1.20141117") + (source + (origin + (method url-fetch) + (uri (string-append "mirror://cpan/authors/id/C/CH/CHROMATIC/" + "SUPER-" version ".tar.gz")) + (sha256 + (base32 "1cn05kacg0xfbm1zzksm2yx2pnrzqja4d9163cxv3sdfc1yhwqhs")))) + (build-system perl-build-system) + (native-inputs + `(("perl-module-build" ,perl-module-build))) + (propagated-inputs + `(("perl-sub-identify" ,perl-sub-identify))) + (home-page "http://search.cpan.org/dist/SUPER/") + (synopsis "Control superclass method dispatching") + (description + "When subclassing a class, you may occasionally want to dispatch control to +the superclass---at least conditionally and temporarily. This module provides +nicer equivalents to the native Perl syntax for calling superclasses, along with +a universal @code{super} method to determine a class' own superclass, and better +support for run-time mix-ins and roles.") + (license perl-license))) + (define-public perl-svg (package (name "perl-svg") diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 34f40f0c72..931b37eb6a 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org> -;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013, 2014, 2015, 2016 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014, 2017 Eric Bavier <bavier@member.fsf.org> @@ -5452,14 +5452,14 @@ plugins that intend to support Flake8 2.x and 3.x simultaneously.") (define-public python-mistune (package (name "python-mistune") - (version "0.7.3") + (version "0.8.3") (source (origin (method url-fetch) (uri (pypi-uri "mistune" version)) (sha256 (base32 - "04xpk1zvslhq3xpnf01g3ag0dy9wfv4z28p093r8k49vvxlyil11")))) + "06b662p6kf46wh2jsabaqhaq4bz1srh2zxkrnx4yg96azlxw645w")))) (build-system python-build-system) (native-inputs `(("python-nose" ,python-nose) @@ -6582,6 +6582,7 @@ Jupyter kernels such as IJulia and IRKernel.") (define python-jupyter-console-minimal (package (inherit python-jupyter-console) + (name "python-jupyter-console-minimal") (arguments (substitute-keyword-arguments (package-arguments python-jupyter-console) diff --git a/gnu/packages/regex.scm b/gnu/packages/regex.scm index 4648a4d004..20242322b1 100644 --- a/gnu/packages/regex.scm +++ b/gnu/packages/regex.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2014 John Darrington ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -28,7 +29,7 @@ (define-public re2 (package (name "re2") - (version "2017-12-01") + (version "2018-01-01") (source (origin (method url-fetch) (uri @@ -38,7 +39,7 @@ (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "03gv50hv7yaspx3ls8g8l1yj8nszbc3mplhcf4cr95fcsxy7wyb2")))) + "1hhp8gi0lzw1mvnksb112rc9kcz4j9kjic7v6gbgzyfgk43996mr")))) (build-system gnu-build-system) (arguments `(#:modules ((guix build gnu-build-system) diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm index 590b2c741d..022287dbf5 100644 --- a/gnu/packages/shells.scm +++ b/gnu/packages/shells.scm @@ -381,14 +381,14 @@ ksh, and tcsh.") (define-public xonsh (package (name "xonsh") - (version "0.5.12") + (version "0.6.0") (source (origin (method url-fetch) (uri (pypi-uri "xonsh" version)) (sha256 (base32 - "1yz595hx5bni524m73cx8a08vcr6vfksfci14nx2ylz53igzva2c")) + "1ikd1xg4iyjqp51y8g8n6c4y39bgx85xnb4bdd3zibkqac3lrahr")) (modules '((guix build utils))) (snippet `(begin diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index cbf5ce7d87..d400afd6ef 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -1503,6 +1503,8 @@ repository\" with git-annex.") (string-append "https://www.fossil-scm.org/index.html/uv/" "fossil-src-" version ".tar.gz"))) + (patches (search-patches "fossil-CVE-2017-17459.patch")) + (patch-flags '("-p0")) (sha256 (base32 "0wfgacfg29dkl0c3l1rp5ji0kraa64gcbg5lh8p4m7mqdqcq53wv")))) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 111ae9b7c8..a43934257d 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -1808,7 +1808,7 @@ be used for realtime video capture via Linux-specific APIs.") (define-public obs (package (name "obs") - (version "18.0.2") + (version "20.1.3") (source (origin (method url-fetch) (uri (string-append "https://github.com/jp9000/obs-studio" @@ -1816,7 +1816,7 @@ be used for realtime video capture via Linux-specific APIs.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "02pbiyvf5x0zh448h5rpmyn33qnsqk694xxlyns83mdi74savyqw")))) + "1g5z6z050v25whc7n3xvg6l238wmg5crp7ihvk73qngvzxr8bg28")))) (build-system cmake-build-system) (arguments `(#:tests? #f)) ; no tests diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 2cae88523c..aef54982db 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -109,15 +109,14 @@ (define-public httpd (package (name "httpd") - (version "2.4.27") + (version "2.4.29") (source (origin (method url-fetch) (uri (string-append "mirror://apache/httpd/httpd-" version ".tar.bz2")) (sha256 (base32 - "0fn1778mxhf78np2d8qlycg1c2ak18rxax41plahasca4clc3z3i")) - (patches (search-patches "httpd-CVE-2017-9798.patch")))) + "003z3yckkdihfv69rgqsik1w2jsnh14j3ci8fjia4s2mlajm6xvp")))) (build-system gnu-build-system) (native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config' (inputs `(("apr" ,apr) diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm index b4a303df93..da7620cd3d 100644 --- a/gnu/packages/wine.scm +++ b/gnu/packages/wine.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2014, 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> -;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com> +;;; Copyright © 2017, 2018 Rutger Helling <rhelling@mykolab.com> ;;; Copyright © 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr> ;;; ;;; This file is part of GNU Guix. @@ -55,19 +55,20 @@ #:use-module (gnu packages tls) #:use-module (gnu packages video) #:use-module (gnu packages xml) - #:use-module (gnu packages xorg)) + #:use-module (gnu packages xorg) + #:use-module (ice-9 match)) (define-public wine (package (name "wine") - (version "2.0.3") + (version "2.0.4") (source (origin (method url-fetch) (uri (string-append "https://dl.winehq.org/wine/source/2.0" "/wine-" version ".tar.xz")) (sha256 (base32 - "0mmyc94r5drffir8zr8jx6iawhgfzjk96fj494aa18vhz1jcc4d8")))) + "0nlq6apyq7hq36l3g6gw76lhi8ijz11v3v8m4vxy8d6x1qsppq5m")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config) ("gettext" ,gettext-minimal) @@ -113,19 +114,24 @@ ("v4l-utils" ,v4l-utils) ("zlib" ,zlib))) (arguments - `(;; Force a 32-bit build (under the assumption that this package is - ;; being used on an IA32-compatible architecture.) - #:system "i686-linux" + `(;; Force a 32-bit build targeting a similar architecture, i.e.: + ;; armhf for armhf/aarch64, i686 for i686/x86_64. + #:system ,@(match (%current-system) + ((or "armhf-linux" "aarch64-linux") + `("armhf-linux")) + (_ + `("i686-linux"))) ;; XXX: There's a test suite, but it's unclear whether it's supposed to ;; pass. #:tests? #f #:configure-flags - (list (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib")) + (list (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib/wine32")) #:make-flags - (list "SHELL=bash") + (list "SHELL=bash" + (string-append "libdir=" %output "/lib/wine32")) #:phases (modify-phases %standard-phases @@ -141,7 +147,7 @@ (format #f "~a\"~a\"" defso (find-so soname)))) #t)))))) (home-page "https://www.winehq.org/") - (synopsis "Implementation of the Windows API") + (synopsis "Implementation of the Windows API (32-bit only)") (description "Wine (originally an acronym for \"Wine Is Not an Emulator\") is a compatibility layer capable of running Windows applications. Instead of @@ -153,22 +159,56 @@ integrate Windows applications into your desktop.") ;; It really only supports IA32, but building on x86_64 will have the same ;; effect as building on i686 anyway. - (supported-systems '("i686-linux" "x86_64-linux")))) + (supported-systems (delete "mips64el-linux" %supported-systems)))) (define-public wine64 (package (inherit wine) (name "wine64") + (inputs `(("wine" ,wine) + ,@(package-inputs wine))) (arguments `(#:make-flags (list "SHELL=bash" - (string-append "libdir=" %output "/lib")) + (string-append "libdir=" %output "/lib/wine64")) + #:phases + (modify-phases %standard-phases + (add-after 'install 'copy-wine32-binaries + (lambda* (#:key outputs #:allow-other-keys) + (let* ((wine32 (assoc-ref %build-inputs "wine")) + (out (assoc-ref %outputs "out"))) + ;; Copy the 32-bit binaries needed for WoW64. + (copy-file (string-append wine32 "/bin/wine") + (string-append out "/bin/wine")) + (copy-file (string-append wine32 "/bin/wine-preloader") + (string-append out "/bin/wine-preloader")) + #t))) + (add-after 'compress-documentation 'copy-wine32-manpage + (lambda* (#:key outputs #:allow-other-keys) + (let* ((wine32 (assoc-ref %build-inputs "wine")) + (out (assoc-ref %outputs "out"))) + ;; Copy the missing man file for the wine binary from wine. + (copy-file (string-append wine32 "/share/man/man1/wine.1.gz") + (string-append out "/share/man/man1/wine.1.gz")) + #t))) + (add-after 'configure 'patch-dlopen-paths + ;; Hardcode dlopened sonames to absolute paths. + (lambda _ + (let* ((library-path (search-path-as-string->list + (getenv "LIBRARY_PATH"))) + (find-so (lambda (soname) + (search-path library-path soname)))) + (substitute* "include/config.h" + (("(#define SONAME_.* )\"(.*)\"" _ defso soname) + (format #f "~a\"~a\"" defso (find-so soname)))) + #t)))) #:configure-flags (list "--enable-win64" - (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib")) - ,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:system) + (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib/wine64")) + ,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:phases + #:system) (package-arguments wine)))) - (synopsis "Implementation of the Windows API (64-bit version)") + (synopsis "Implementation of the Windows API (WoW64 version)") (supported-systems '("x86_64-linux" "aarch64-linux")))) ;; TODO: This is wine development version, provided for historical reasons. @@ -202,7 +242,7 @@ integrate Windows applications into your desktop.") (inputs `(("gtk+", gtk+) ("libva", libva) ,@(package-inputs wine))) - (synopsis "Implementation of the Windows API (staging branch)") + (synopsis "Implementation of the Windows API (staging branch, 32-bit only)") (description "Wine-Staging is the testing area of Wine. It contains bug fixes and features, which have not been integrated into the development branch yet. The idea of Wine-Staging is to provide @@ -221,15 +261,50 @@ integrated into the main branch.") (package (inherit wine-staging) (name "wine64-staging") + (inputs `(("wine-staging" ,wine-staging) + ,@(package-inputs wine-staging))) (arguments `(#:make-flags (list "SHELL=bash" - (string-append "libdir=" %output "/lib")) + (string-append "libdir=" %output "/lib/wine64")) + #:phases + (modify-phases %standard-phases + (add-after 'install 'copy-wine32-binaries + (lambda* (#:key outputs #:allow-other-keys) + (let* ((wine32 (assoc-ref %build-inputs "wine-staging")) + (out (assoc-ref %outputs "out"))) + ;; Copy the 32-bit binaries needed for WoW64. + (copy-file (string-append wine32 "/bin/wine") + (string-append out "/bin/wine")) + (copy-file (string-append wine32 "/bin/wine-preloader") + (string-append out "/bin/wine-preloader")) + #t))) + (add-after 'compress-documentation 'copy-wine32-manpage + (lambda* (#:key outputs #:allow-other-keys) + (let* ((wine32 (assoc-ref %build-inputs "wine-staging")) + (out (assoc-ref %outputs "out"))) + ;; Copy the missing man file for the wine binary from + ;; wine-staging. + (copy-file (string-append wine32 "/share/man/man1/wine.1.gz") + (string-append out "/share/man/man1/wine.1.gz")) + #t))) + (add-after 'configure 'patch-dlopen-paths + ;; Hardcode dlopened sonames to absolute paths. + (lambda _ + (let* ((library-path (search-path-as-string->list + (getenv "LIBRARY_PATH"))) + (find-so (lambda (soname) + (search-path library-path soname)))) + (substitute* "include/config.h" + (("(#define SONAME_.* )\"(.*)\"" _ defso soname) + (format #f "~a\"~a\"" defso (find-so soname)))) + #t)))) #:configure-flags (list "--enable-win64" - (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib")) - ,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:system) + (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib/wine64")) + ,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:phases + #:system) (package-arguments wine-staging)))) - (synopsis "Implementation of the Windows API (staging branch, 64-bit + (synopsis "Implementation of the Windows API (staging branch, WoW64 version)") (supported-systems '("x86_64-linux" "aarch64-linux")))) |