diff options
138 files changed, 4171 insertions, 4966 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 47fc199c6c..66316ecd84 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -7658,6 +7658,7 @@ declaration. * Log Rotation:: The rottlog service. * Networking Services:: Network setup, SSH daemon, etc. * X Window:: Graphical display. +* Printing Services:: Local and remote printer support. * Desktop Services:: D-Bus and desktop services. * Database Services:: SQL databases. * Mail Services:: IMAP, POP3, SMTP, and all that. @@ -8702,6 +8703,837 @@ makes the good ol' XlockMore usable. @end deffn +@node Printing Services +@subsubsection Printing Services + +The @code{(gnu services cups)} module provides a Guix service definition +for the CUPS printing service. To add printer support to a GuixSD +system, add a @code{cups-service} to the operating system definition: + +@deffn {Scheme Variable} cups-service-type +The service type for the CUPS print server. Its value should be a valid +CUPS configuration (see below). For example: +@example +(service cups-service-type (cups-configuration)) +@end example +@end deffn + +The CUPS configuration controls the basic things about your CUPS +installation: what interfaces it listens on, what to do if a print job +fails, how much logging to do, and so on. To actually add a printer, +you have to visit the @url{http://localhost:631} URL, or use a tool such +as GNOME's printer configuration services. By default, configuring a +CUPS service will generate a self-signed certificate if needed, for +secure connections to the print server. + +One way you might want to customize CUPS is to enable or disable the web +interface. You can do that directly, like this: + +@example +(service cups-service-type + (cups-configuration + (web-interface? #f))) +@end example + +The available configuration parameters follow. Each parameter +definition is preceded by its type; for example, @samp{string-list foo} +indicates that the @code{foo} parameter should be specified as a list of +strings. There is also a way to specify the configuration as a string, +if you have an old @code{cupsd.conf} file that you want to port over +from some other system; see the end for more details. + +@c The following documentation was initially generated by +@c (generate-documentation) in (gnu services cups). Manually maintained +@c documentation is better, so we shouldn't hesitate to edit below as +@c needed. However if the change you want to make to this documentation +@c can be done in an automated way, it's probably easier to change +@c (generate-documentation) than to make it below and have to deal with +@c the churn as CUPS updates. + + +Available @code{cups-configuration} fields are: + +@deftypevr {@code{cups-configuration} parameter} package cups +The CUPS package. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} package-list extensions +Drivers and other extensions to the CUPS package. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} files-configuration files-configuration +Configuration of where to write logs, what directories to use for print +spools, and related privileged configuration parameters. + +Available @code{files-configuration} fields are: + +@deftypevr {@code{files-configuration} parameter} log-location access-log +Defines the access log filename. Specifying a blank filename disables +access log generation. The value @code{stderr} causes log entries to be +sent to the standard error file when the scheduler is running in the +foreground, or to the system log daemon when run in the background. The +value @code{syslog} causes log entries to be sent to the system log +daemon. The server name may be included in filenames using the string +@code{%s}, as in @code{/var/log/cups/%s-access_log}. + +Defaults to @samp{"/var/log/cups/access_log"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} file-name cache-dir +Where CUPS should cache data. + +Defaults to @samp{"/var/cache/cups"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} string config-file-perm +Specifies the permissions for all configuration files that the scheduler +writes. + +Note that the permissions for the printers.conf file are currently +masked to only allow access from the scheduler user (typically root). +This is done because printer device URIs sometimes contain sensitive +authentication information that should not be generally known on the +system. There is no way to disable this security feature. + +Defaults to @samp{"0640"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} log-location error-log +Defines the error log filename. Specifying a blank filename disables +access log generation. The value @code{stderr} causes log entries to be +sent to the standard error file when the scheduler is running in the +foreground, or to the system log daemon when run in the background. The +value @code{syslog} causes log entries to be sent to the system log +daemon. The server name may be included in filenames using the string +@code{%s}, as in @code{/var/log/cups/%s-error_log}. + +Defaults to @samp{"/var/log/cups/error_log"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} string fatal-errors +Specifies which errors are fatal, causing the scheduler to exit. The +kind strings are: + +@table @code +@item none +No errors are fatal. + +@item all +All of the errors below are fatal. + +@item browse +Browsing initialization errors are fatal, for example failed connections +to the DNS-SD daemon. + +@item config +Configuration file syntax errors are fatal. + +@item listen +Listen or Port errors are fatal, except for IPv6 failures on the +loopback or @code{any} addresses. + +@item log +Log file creation or write errors are fatal. + +@item permissions +Bad startup file permissions are fatal, for example shared TLS +certificate and key files with world-read permissions. +@end table + +Defaults to @samp{"all -browse"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} boolean file-device? +Specifies whether the file pseudo-device can be used for new printer +queues. The URI @uref{file:///dev/null} is always allowed. + +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} string group +Specifies the group name or ID that will be used when executing external +programs. + +Defaults to @samp{"lp"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} string log-file-perm +Specifies the permissions for all log files that the scheduler writes. + +Defaults to @samp{"0644"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} log-location page-log +Defines the page log filename. Specifying a blank filename disables +access log generation. The value @code{stderr} causes log entries to be +sent to the standard error file when the scheduler is running in the +foreground, or to the system log daemon when run in the background. The +value @code{syslog} causes log entries to be sent to the system log +daemon. The server name may be included in filenames using the string +@code{%s}, as in @code{/var/log/cups/%s-page_log}. + +Defaults to @samp{"/var/log/cups/page_log"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} string remote-root +Specifies the username that is associated with unauthenticated accesses +by clients claiming to be the root user. The default is @code{remroot}. + +Defaults to @samp{"remroot"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} file-name request-root +Specifies the directory that contains print jobs and other HTTP request +data. + +Defaults to @samp{"/var/spool/cups"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} sandboxing sandboxing +Specifies the level of security sandboxing that is applied to print +filters, backends, and other child processes of the scheduler; either +@code{relaxed} or @code{strict}. This directive is currently only +used/supported on macOS. + +Defaults to @samp{strict}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} file-name server-keychain +Specifies the location of TLS certificates and private keys. CUPS will +look for public and private keys in this directory: a @code{.crt} files +for PEM-encoded certificates and corresponding @code{.key} files for +PEM-encoded private keys. + +Defaults to @samp{"/etc/cups/ssl"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} file-name server-root +Specifies the directory containing the server configuration files. + +Defaults to @samp{"/etc/cups"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} boolean sync-on-close? +Specifies whether the scheduler calls fsync(2) after writing +configuration or state files. + +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} space-separated-string-list system-group +Specifies the group(s) to use for @code{@@SYSTEM} group authentication. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} file-name temp-dir +Specifies the directory where temporary files are stored. + +Defaults to @samp{"/var/spool/cups/tmp"}. +@end deftypevr + +@deftypevr {@code{files-configuration} parameter} string user +Specifies the user name or ID that is used when running external +programs. + +Defaults to @samp{"lp"}. +@end deftypevr +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} access-log-level access-log-level +Specifies the logging level for the AccessLog file. The @code{config} +level logs when printers and classes are added, deleted, or modified and +when configuration files are accessed or updated. The @code{actions} +level logs when print jobs are submitted, held, released, modified, or +canceled, and any of the conditions for @code{config}. The @code{all} +level logs all requests. + +Defaults to @samp{actions}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} boolean auto-purge-jobs? +Specifies whether to purge job history data automatically when it is no +longer required for quotas. + +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} browse-local-protocols browse-local-protocols +Specifies which protocols to use for local printer sharing. + +Defaults to @samp{dnssd}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} boolean browse-web-if? +Specifies whether the CUPS web interface is advertised. + +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} boolean browsing? +Specifies whether shared printers are advertised. + +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} string classification +Specifies the security classification of the server. Any valid banner +name can be used, including "classified", "confidential", "secret", +"topsecret", and "unclassified", or the banner can be omitted to disable +secure printing functions. + +Defaults to @samp{""}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} boolean classify-override? +Specifies whether users may override the classification (cover page) of +individual print jobs using the @code{job-sheets} option. + +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} default-auth-type default-auth-type +Specifies the default type of authentication to use. + +Defaults to @samp{Basic}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} default-encryption default-encryption +Specifies whether encryption will be used for authenticated requests. + +Defaults to @samp{Required}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} string default-language +Specifies the default language to use for text and web content. + +Defaults to @samp{"en"}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} string default-paper-size +Specifies the default paper size for new print queues. @samp{"Auto"} +uses a locale-specific default, while @samp{"None"} specifies there is +no default paper size. Specific size names are typically +@samp{"Letter"} or @samp{"A4"}. + +Defaults to @samp{"Auto"}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} string default-policy +Specifies the default access policy to use. + +Defaults to @samp{"default"}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} boolean default-shared? +Specifies whether local printers are shared by default. + +Defaults to @samp{#t}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer dirty-clean-interval +Specifies the delay for updating of configuration and state files, in +seconds. A value of 0 causes the update to happen as soon as possible, +typically within a few milliseconds. + +Defaults to @samp{30}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} error-policy error-policy +Specifies what to do when an error occurs. Possible values are +@code{abort-job}, which will discard the failed print job; +@code{retry-job}, which will retry the job at a later time; +@code{retry-this-job}, which retries the failed job immediately; and +@code{stop-printer}, which stops the printer. + +Defaults to @samp{stop-printer}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer filter-limit +Specifies the maximum cost of filters that are run concurrently, which +can be used to minimize disk, memory, and CPU resource problems. A +limit of 0 disables filter limiting. An average print to a +non-PostScript printer needs a filter limit of about 200. A PostScript +printer needs about half that (100). Setting the limit below these +thresholds will effectively limit the scheduler to printing a single job +at any time. + +Defaults to @samp{0}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer filter-nice +Specifies the scheduling priority of filters that are run to print a +job. The nice value ranges from 0, the highest priority, to 19, the +lowest priority. + +Defaults to @samp{0}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} host-name-lookups host-name-lookups +Specifies whether to do reverse lookups on connecting clients. The +@code{double} setting causes @code{cupsd} to verify that the hostname +resolved from the address matches one of the addresses returned for that +hostname. Double lookups also prevent clients with unregistered +addresses from connecting to your server. Only set this option to +@code{#t} or @code{double} if absolutely required. + +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-kill-delay +Specifies the number of seconds to wait before killing the filters and +backend associated with a canceled or held job. + +Defaults to @samp{30}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-retry-interval +Specifies the interval between retries of jobs in seconds. This is +typically used for fax queues but can also be used with normal print +queues whose error policy is @code{retry-job} or +@code{retry-current-job}. + +Defaults to @samp{30}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-retry-limit +Specifies the number of retries that are done for jobs. This is +typically used for fax queues but can also be used with normal print +queues whose error policy is @code{retry-job} or +@code{retry-current-job}. + +Defaults to @samp{5}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} boolean keep-alive? +Specifies whether to support HTTP keep-alive connections. + +Defaults to @samp{#t}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer keep-alive-timeout +Specifies how long an idle client connection remains open, in seconds. + +Defaults to @samp{30}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer limit-request-body +Specifies the maximum size of print files, IPP requests, and HTML form +data. A limit of 0 disables the limit check. + +Defaults to @samp{0}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} multiline-string-list listen +Listens on the specified interfaces for connections. Valid values are +of the form @var{address}:@var{port}, where @var{address} is either an +IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to +indicate all addresses. Values can also be file names of local UNIX +domain sockets. The Listen directive is similar to the Port directive +but allows you to restrict access to specific interfaces or networks. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer listen-back-log +Specifies the number of pending connections that will be allowed. This +normally only affects very busy servers that have reached the MaxClients +limit, but can also be triggered by large numbers of simultaneous +connections. When the limit is reached, the operating system will +refuse additional connections until the scheduler can accept the pending +ones. + +Defaults to @samp{128}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} location-access-control-list location-access-controls +Specifies a set of additional access controls. + +Available @code{location-access-controls} fields are: + +@deftypevr {@code{location-access-controls} parameter} file-name path +Specifies the URI path to which the access control applies. +@end deftypevr + +@deftypevr {@code{location-access-controls} parameter} access-control-list access-controls +Access controls for all access to this path, in the same format as the +@code{access-controls} of @code{operation-access-control}. + +Defaults to @samp{()}. +@end deftypevr + +@deftypevr {@code{location-access-controls} parameter} method-access-control-list method-access-controls +Access controls for method-specific access to this path. + +Defaults to @samp{()}. + +Available @code{method-access-controls} fields are: + +@deftypevr {@code{method-access-controls} parameter} boolean reverse? +If @code{#t}, apply access controls to all methods except the listed +methods. Otherwise apply to only the listed methods. + +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{method-access-controls} parameter} method-list methods +Methods to which this access control applies. + +Defaults to @samp{()}. +@end deftypevr + +@deftypevr {@code{method-access-controls} parameter} access-control-list access-controls +Access control directives, as a list of strings. Each string should be +one directive, such as "Order allow,deny". + +Defaults to @samp{()}. +@end deftypevr +@end deftypevr +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer log-debug-history +Specifies the number of debugging messages that are retained for logging +if an error occurs in a print job. Debug messages are logged regardless +of the LogLevel setting. + +Defaults to @samp{100}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} log-level log-level +Specifies the level of logging for the ErrorLog file. The value +@code{none} stops all logging while @code{debug2} logs everything. + +Defaults to @samp{info}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} log-time-format log-time-format +Specifies the format of the date and time in the log files. The value +@code{standard} logs whole seconds while @code{usecs} logs microseconds. + +Defaults to @samp{standard}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-clients +Specifies the maximum number of simultaneous clients that are allowed by +the scheduler. + +Defaults to @samp{100}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-clients-per-host +Specifies the maximum number of simultaneous clients that are allowed +from a single address. + +Defaults to @samp{100}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-copies +Specifies the maximum number of copies that a user can print of each +job. + +Defaults to @samp{9999}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-hold-time +Specifies the maximum time a job may remain in the @code{indefinite} +hold state before it is canceled. A value of 0 disables cancellation of +held jobs. + +Defaults to @samp{0}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs +Specifies the maximum number of simultaneous jobs that are allowed. Set +to 0 to allow an unlimited number of jobs. + +Defaults to @samp{500}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs-per-printer +Specifies the maximum number of simultaneous jobs that are allowed per +printer. A value of 0 allows up to MaxJobs jobs per printer. + +Defaults to @samp{0}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs-per-user +Specifies the maximum number of simultaneous jobs that are allowed per +user. A value of 0 allows up to MaxJobs jobs per user. + +Defaults to @samp{0}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-job-time +Specifies the maximum time a job may take to print before it is +canceled, in seconds. Set to 0 to disable cancellation of "stuck" jobs. + +Defaults to @samp{10800}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-log-size +Specifies the maximum size of the log files before they are rotated, in +bytes. The value 0 disables log rotation. + +Defaults to @samp{1048576}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer multiple-operation-timeout +Specifies the maximum amount of time to allow between files in a +multiple file print job, in seconds. + +Defaults to @samp{300}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} string page-log-format +Specifies the format of PageLog lines. Sequences beginning with percent +(@samp{%}) characters are replaced with the corresponding information, +while all other characters are copied literally. The following percent +sequences are recognized: + +@table @samp +@item %% +insert a single percent character + +@item %@{name@} +insert the value of the specified IPP attribute + +@item %C +insert the number of copies for the current page + +@item %P +insert the current page number + +@item %T +insert the current date and time in common log format + +@item %j +insert the job ID + +@item %p +insert the printer name + +@item %u +insert the username +@end table + +A value of the empty string disables page logging. The string @code{%p +%u %j %T %P %C %@{job-billing@} %@{job-originating-host-name@} +%@{job-name@} %@{media@} %@{sides@}} creates a page log with the +standard items. + +Defaults to @samp{""}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} environment-variables environment-variables +Passes the specified environment variable(s) to child processes; a list +of strings. + +Defaults to @samp{()}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} policy-configuration-list policies +Specifies named access control policies. + +Available @code{policy-configuration} fields are: + +@deftypevr {@code{policy-configuration} parameter} string name +Name of the policy. +@end deftypevr + +@deftypevr {@code{policy-configuration} parameter} string job-private-access +Specifies an access list for a job's private values. @code{@@ACL} maps +to the printer's requesting-user-name-allowed or +requesting-user-name-denied values. @code{@@OWNER} maps to the job's +owner. @code{@@SYSTEM} maps to the groups listed for the +@code{system-group} field of the @code{files-config} configuration, +which is reified into the @code{cups-files.conf(5)} file. Other +possible elements of the access list include specific user names, and +@code{@@@var{group}} to indicate members of a specific group. The +access list may also be simply @code{all} or @code{default}. + +Defaults to @samp{"@@OWNER @@SYSTEM"}. +@end deftypevr + +@deftypevr {@code{policy-configuration} parameter} string job-private-values +Specifies the list of job values to make private, or @code{all}, +@code{default}, or @code{none}. + +Defaults to @samp{"job-name job-originating-host-name +job-originating-user-name phone"}. +@end deftypevr + +@deftypevr {@code{policy-configuration} parameter} string subscription-private-access +Specifies an access list for a subscription's private values. +@code{@@ACL} maps to the printer's requesting-user-name-allowed or +requesting-user-name-denied values. @code{@@OWNER} maps to the job's +owner. @code{@@SYSTEM} maps to the groups listed for the +@code{system-group} field of the @code{files-config} configuration, +which is reified into the @code{cups-files.conf(5)} file. Other +possible elements of the access list include specific user names, and +@code{@@@var{group}} to indicate members of a specific group. The +access list may also be simply @code{all} or @code{default}. + +Defaults to @samp{"@@OWNER @@SYSTEM"}. +@end deftypevr + +@deftypevr {@code{policy-configuration} parameter} string subscription-private-values +Specifies the list of job values to make private, or @code{all}, +@code{default}, or @code{none}. + +Defaults to @samp{"notify-events notify-pull-method notify-recipient-uri +notify-subscriber-user-name notify-user-data"}. +@end deftypevr + +@deftypevr {@code{policy-configuration} parameter} operation-access-control-list access-controls +Access control by IPP operation. + +Defaults to @samp{()}. +@end deftypevr +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} boolean-or-non-negative-integer preserve-job-files +Specifies whether job files (documents) are preserved after a job is +printed. If a numeric value is specified, job files are preserved for +the indicated number of seconds after printing. Otherwise a boolean +value applies indefinitely. + +Defaults to @samp{86400}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} boolean-or-non-negative-integer preserve-job-history +Specifies whether the job history is preserved after a job is printed. +If a numeric value is specified, the job history is preserved for the +indicated number of seconds after printing. If @code{#t}, the job +history is preserved until the MaxJobs limit is reached. + +Defaults to @samp{#t}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer reload-timeout +Specifies the amount of time to wait for job completion before +restarting the scheduler. + +Defaults to @samp{30}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} string rip-cache +Specifies the maximum amount of memory to use when converting documents +into bitmaps for a printer. + +Defaults to @samp{"128m"}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} string server-admin +Specifies the email address of the server administrator. + +Defaults to @samp{"root@@localhost.localdomain"}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} host-name-list-or-* server-alias +The ServerAlias directive is used for HTTP Host header validation when +clients connect to the scheduler from external interfaces. Using the +special name @code{*} can expose your system to known browser-based DNS +rebinding attacks, even when accessing sites through a firewall. If the +auto-discovery of alternate names does not work, we recommend listing +each alternate name with a ServerAlias directive instead of using +@code{*}. + +Defaults to @samp{*}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} string server-name +Specifies the fully-qualified host name of the server. + +Defaults to @samp{"localhost"}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} server-tokens server-tokens +Specifies what information is included in the Server header of HTTP +responses. @code{None} disables the Server header. @code{ProductOnly} +reports @code{CUPS}. @code{Major} reports @code{CUPS 2}. @code{Minor} +reports @code{CUPS 2.0}. @code{Minimal} reports @code{CUPS 2.0.0}. +@code{OS} reports @code{CUPS 2.0.0 (@var{uname})} where @var{uname} is +the output of the @code{uname} command. @code{Full} reports @code{CUPS +2.0.0 (@var{uname}) IPP/2.0}. + +Defaults to @samp{Minimal}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} string set-env +Set the specified environment variable to be passed to child processes. + +Defaults to @samp{"variable value"}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} multiline-string-list ssl-listen +Listens on the specified interfaces for encrypted connections. Valid +values are of the form @var{address}:@var{port}, where @var{address} is +either an IPv6 address enclosed in brackets, an IPv4 address, or +@code{*} to indicate all addresses. + +Defaults to @samp{()}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} ssl-options ssl-options +Sets encryption options. By default, CUPS only supports encryption +using TLS v1.0 or higher using known secure cipher suites. The +@code{AllowRC4} option enables the 128-bit RC4 cipher suites, which are +required for some older clients that do not implement newer ones. The +@code{AllowSSL3} option enables SSL v3.0, which is required for some +older clients that do not support TLS v1.0. + +Defaults to @samp{()}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} boolean strict-conformance? +Specifies whether the scheduler requires clients to strictly adhere to +the IPP specifications. + +Defaults to @samp{#f}. +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} non-negative-integer timeout +Specifies the HTTP request timeout, in seconds. + +Defaults to @samp{300}. + +@end deftypevr + +@deftypevr {@code{cups-configuration} parameter} boolean web-interface? +Specifies whether the web interface is enabled. + +Defaults to @samp{#f}. +@end deftypevr + +At this point you're probably thinking ``oh dear, Guix manual, I like +you but you can stop already with the configuration options''. Indeed. +However, one more point: it could be that you have an existing +@code{cupsd.conf} that you want to use. In that case, you can pass an +@code{opaque-cups-configuration} as the configuration of a +@code{cups-service-type}. + +Available @code{opaque-cups-configuration} fields are: + +@deftypevr {@code{opaque-cups-configuration} parameter} package cups +The CUPS package. +@end deftypevr + +@deftypevr {@code{opaque-cups-configuration} parameter} string cupsd.conf +The contents of the @code{cupsd.conf}, as a string. +@end deftypevr + +@deftypevr {@code{opaque-cups-configuration} parameter} string cups-files.conf +The contents of the @code{cups-files.conf} file, as a string. +@end deftypevr + +For example, if your @code{cupsd.conf} and @code{cups-files.conf} are in +strings of the same name, you could instantiate a CUPS service like +this: + +@example +(service cups-service-type + (opaque-cups-configuration + (cupsd.conf cupsd.conf) + (cups-files.conf cups-files.conf))) +@end example + + @node Desktop Services @subsubsection Desktop Services diff --git a/gnu/local.mk b/gnu/local.mk index c80b213078..1c91e79fea 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -5,6 +5,7 @@ # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com> # Copyright © 2016 Kei Kebreau <kei@openmailbox.org> +# Copyright © 2016 Rene Saavedra <rennes@openmailbox.org> # Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org> # # This file is part of GNU Guix. @@ -391,6 +392,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/admin.scm \ %D%/services/avahi.scm \ %D%/services/base.scm \ + %D%/services/cups.scm \ %D%/services/databases.scm \ %D%/services/dbus.scm \ %D%/services/desktop.scm \ @@ -471,6 +473,7 @@ dist_patch_DATA = \ %D%/packages/patches/bigloo-gc-shebangs.patch \ %D%/packages/patches/binutils-ld-new-dtags.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ + %D%/packages/patches/binutils-mips-bash-bug.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/calibre-drop-unrar.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ @@ -510,9 +513,6 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-source-date-epoch.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ - %D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \ - %D%/packages/patches/expat-CVE-2015-1283-refix.patch \ - %D%/packages/patches/expat-CVE-2016-0718.patch \ %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulSetup.patch \ @@ -523,15 +523,15 @@ dist_patch_DATA = \ %D%/packages/patches/fasthenry-spFactor.patch \ %D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-test-xargs.patch \ + %D%/packages/patches/flex-CVE-2016-6354.patch \ %D%/packages/patches/flint-ldconfig.patch \ %D%/packages/patches/fltk-shared-lib-defines.patch \ %D%/packages/patches/fltk-xfont-on-demand.patch \ - %D%/packages/patches/fontconfig-CVE-2016-5384.patch \ %D%/packages/patches/fontforge-svg-modtime.patch \ %D%/packages/patches/freeimage-CVE-2015-0852.patch \ %D%/packages/patches/freeimage-CVE-2016-5684.patch \ - %D%/packages/patches/gawk-fts-test.patch \ %D%/packages/patches/gawk-shell.patch \ + %D%/packages/patches/gcc-arm-bug-71399.patch \ %D%/packages/patches/gcc-arm-link-spec-fix.patch \ %D%/packages/patches/gcc-cross-environment-variables.patch \ %D%/packages/patches/gcc-libvtv-runpath.patch \ @@ -562,7 +562,6 @@ dist_patch_DATA = \ %D%/packages/patches/gmp-faulty-test.patch \ %D%/packages/patches/gnome-tweak-tool-search-paths.patch \ %D%/packages/patches/gnucash-price-quotes-perl.patch \ - %D%/packages/patches/gnupg-fix-expired-test.patch \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ @@ -604,6 +603,7 @@ dist_patch_DATA = \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ %D%/packages/patches/inkscape-drop-wait-for-targets.patch \ + %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/jansson-CVE-2016-4425.patch \ %D%/packages/patches/jasper-CVE-2007-2721.patch \ %D%/packages/patches/jasper-CVE-2008-3520.patch \ @@ -675,17 +675,8 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ - %D%/packages/patches/libx11-CVE-2016-7942.patch \ - %D%/packages/patches/libx11-CVE-2016-7943.patch \ - %D%/packages/patches/libxfixes-CVE-2016-7944.patch \ - %D%/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch \ - %D%/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch \ - %D%/packages/patches/libxrender-CVE-2016-7949.patch \ - %D%/packages/patches/libxrender-CVE-2016-7950.patch \ - %D%/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch \ - %D%/packages/patches/libxv-CVE-2016-5407.patch \ - %D%/packages/patches/libxvmc-CVE-2016-7953.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ + %D%/packages/patches/linux-pam-no-setfsuid.patch \ %D%/packages/patches/lirc-localstatedir.patch \ %D%/packages/patches/llvm-for-extempore.patch \ %D%/packages/patches/lm-sensors-hwmon-attrs.patch \ @@ -742,8 +733,6 @@ dist_patch_DATA = \ %D%/packages/patches/openssl-runpath.patch \ %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \ %D%/packages/patches/openssl-c-rehash-in.patch \ - %D%/packages/patches/openssl-CVE-2016-2177.patch \ - %D%/packages/patches/openssl-CVE-2016-2178.patch \ %D%/packages/patches/orpheus-cast-errors-and-includes.patch \ %D%/packages/patches/ots-no-include-missing-file.patch \ %D%/packages/patches/p7zip-remove-unused-code.patch \ @@ -753,8 +742,6 @@ dist_patch_DATA = \ %D%/packages/patches/patch-hurd-path-max.patch \ %D%/packages/patches/pcre-CVE-2016-3191.patch \ %D%/packages/patches/pcre2-CVE-2016-3191.patch \ - %D%/packages/patches/perl-CVE-2015-8607.patch \ - %D%/packages/patches/perl-CVE-2016-2381.patch \ %D%/packages/patches/perl-autosplit-default-time.patch \ %D%/packages/patches/perl-deterministic-ordering.patch \ %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \ @@ -763,10 +750,9 @@ dist_patch_DATA = \ %D%/packages/patches/perl-net-amazon-s3-moose-warning.patch \ %D%/packages/patches/perl-net-ssleay-disable-ede-test.patch \ %D%/packages/patches/perl-net-dns-resolver-programmable-Fix-broken-interface.patch \ - %D%/packages/patches/perl-no-build-time.patch \ %D%/packages/patches/perl-no-sys-dirs.patch \ %D%/packages/patches/perl-module-pluggable-search.patch \ - %D%/packages/patches/perl-source-date-epoch.patch \ + %D%/packages/patches/perl-reproducible-build-date.patch \ %D%/packages/patches/pidgin-add-search-path.patch \ %D%/packages/patches/pinball-const-fix.patch \ %D%/packages/patches/pinball-cstddef.patch \ @@ -782,7 +768,6 @@ dist_patch_DATA = \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/procmail-ambiguous-getline-debian.patch \ %D%/packages/patches/procmail-CVE-2014-3618.patch \ - %D%/packages/patches/procps-non-linux.patch \ %D%/packages/patches/pt-scotch-build-parallelism.patch \ %D%/packages/patches/pulseaudio-fix-mult-test.patch \ %D%/packages/patches/pulseaudio-longer-test-timeout.patch \ @@ -796,8 +781,9 @@ dist_patch_DATA = \ %D%/packages/patches/python-2.7-source-date-epoch.patch \ %D%/packages/patches/python-3-deterministic-build-info.patch \ %D%/packages/patches/python-3-search-paths.patch \ + %D%/packages/patches/python-3.4-fix-tests.patch \ + %D%/packages/patches/python-3.5-fix-tests.patch \ %D%/packages/patches/python-dendropy-exclude-failing-tests.patch \ - %D%/packages/patches/python-disable-ssl-test.patch \ %D%/packages/patches/python-django-fix-testcase.patch \ %D%/packages/patches/python-fix-tests.patch \ %D%/packages/patches/python-ipython-inputhook-ctype.patch \ @@ -847,6 +833,7 @@ dist_patch_DATA = \ %D%/packages/patches/tar-skip-unreliable-tests.patch \ %D%/packages/patches/tcl-mkindex-deterministic.patch \ %D%/packages/patches/tclxml-3.2-install.patch \ + %D%/packages/patches/tcsh-do-not-define-BSDWAIT.patch \ %D%/packages/patches/tcsh-fix-autotest.patch \ %D%/packages/patches/teensy-loader-cli-help.patch \ %D%/packages/patches/texi2html-document-encoding.patch \ diff --git a/gnu/packages/acl.scm b/gnu/packages/acl.scm index 415fae496b..ae6764993b 100644 --- a/gnu/packages/acl.scm +++ b/gnu/packages/acl.scm @@ -59,7 +59,7 @@ %standard-phases)))) (inputs `(("attr" ,attr))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("perl" ,perl))) (home-page "http://savannah.nongnu.org/projects/acl") (synopsis diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index d9b08efc4c..9724c9b652 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -178,7 +178,7 @@ interface and is based on GNU Guile.") "0zk1ppx93ijimf4sbgqilxxikpsa2gmpbynknyh41xy7jbdjxp0b")))) (build-system cmake-build-system) (arguments '(#:tests? #f)) ; There are no tests. - (native-inputs `(("gettext" ,gnu-gettext))) + (native-inputs `(("gettext" ,gettext-minimal))) (home-page "http://projects.gw-computing.net/projects/dfc") (synopsis "Display file system space usage using graphs and colors") (description @@ -1761,7 +1761,7 @@ highly portable. Great for heterogenous networks.") (delete 'configure)))) ; no configure script (inputs `(("gtk+" ,gtk+) - ("gnu-gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("libnotify" ,libnotify))) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm index 9e19d5552f..32f23597ae 100644 --- a/gnu/packages/algebra.scm +++ b/gnu/packages/algebra.scm @@ -534,14 +534,14 @@ a C program.") (define-public fftw (package (name "fftw") - (version "3.3.4") + (version "3.3.5") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.fftw.org/pub/fftw/fftw-" version".tar.gz")) (sha256 (base32 - "10h9mzjxnwlsjziah4lri85scc05rlajz39nqf3mbh4vja8dw34g")))) + "1kwbx92ps0r7s2mqy7lxbxanslxdzj7dp7r7gmdkzv1j8yqf3kwf")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--enable-shared" "--enable-openmp") diff --git a/gnu/packages/apl.scm b/gnu/packages/apl.scm index 5b55c9cef3..1c7d42b713 100644 --- a/gnu/packages/apl.scm +++ b/gnu/packages/apl.scm @@ -41,7 +41,7 @@ (build-system gnu-build-system) (home-page "http://www.gnu.org/software/apl/") (inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("lapack" ,lapack) ("sqlite" ,sqlite) ("readline" ,readline))) diff --git a/gnu/packages/attr.scm b/gnu/packages/attr.scm index 53766af06f..907a568bdd 100644 --- a/gnu/packages/attr.scm +++ b/gnu/packages/attr.scm @@ -69,7 +69,7 @@ '() `(("perl" ,perl)))) (native-inputs - `(("gettext" ,gnu-gettext))) + `(("gettext" ,gettext-minimal))) (home-page "http://savannah.nongnu.org/projects/attr/") (synopsis "Library and tools for manipulating extended attributes") diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm index d2203229af..811da498cc 100644 --- a/gnu/packages/audio.scm +++ b/gnu/packages/audio.scm @@ -397,7 +397,7 @@ envelope follower, distortion effects, tape effects and more.") ("liblo" ,liblo) ("ladspa" ,ladspa) ("jack" ,jack-1) - ("gettext" ,gnu-gettext))) + ("gettext" ,gettext-minimal))) (native-inputs `(("bison" ,bison) ("flex" ,flex) @@ -948,7 +948,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.") `(("gperf" ,gperf) ("faust" ,faust) ("intltool" ,intltool) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) (native-search-paths (list (search-path-specification diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index 797c06e149..ffd7ef4c3e 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -172,13 +172,17 @@ backups (called chunks) to allow easy burning to CD/DVD.") (define-public libarchive (package (name "libarchive") - (replacement libarchive/fixed) (version "3.2.1") (source (origin (method url-fetch) (uri (string-append "http://libarchive.org/downloads/libarchive-" version ".tar.gz")) + (patches (search-patches + "libarchive-7zip-heap-overflow.patch" + "libarchive-fix-symlink-check.patch" + "libarchive-fix-filesystem-attacks.patch" + "libarchive-safe_fprintf-buffer-overflow.patch")) (sha256 (base32 "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj")))) @@ -228,17 +232,6 @@ archive. In particular, note that there is currently no built-in support for random access nor for in-place modification.") (license license:bsd-2))) -(define libarchive/fixed - (package - (inherit libarchive) - (source (origin - (inherit (package-source libarchive)) - (patches (search-patches - "libarchive-7zip-heap-overflow.patch" - "libarchive-fix-symlink-check.patch" - "libarchive-fix-filesystem-attacks.patch" - "libarchive-safe_fprintf-buffer-overflow.patch")))))) - (define-public rdup (package (name "rdup") @@ -435,7 +428,27 @@ detection, and lossless compression.") (setenv "BORG_OPENSSL_PREFIX" openssl) (setenv "BORG_LZ4_PREFIX" lz4) (setenv "PYTHON_EGG_CACHE" "/tmp") + ;; The test 'test_return_codes[python]' fails when + ;; HOME=/homeless-shelter. + (setenv "HOME" "/tmp") #t))) + ;; The tests need to be run after Borg is installed. + (delete 'check) + (add-after 'install 'check + (lambda _ + (zero? + (system* "py.test" "-v" "--pyargs" "borg.testsuite" "-k" + (string-append + ;; These tests need to write to '/var'. + "not test_get_cache_dir " + "and not test_get_keys_dir " + ;; These tests assume there is a root user in + ;; '/etc/passwd'. + "and not test_access_acl " + "and not test_default_acl " + "and not test_non_ascii_acl " + ;; This test needs the unpackaged pytest-benchmark. + "and not benchmark"))))) (add-after 'install 'install-doc (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) @@ -449,6 +462,7 @@ detection, and lossless compression.") (native-inputs `(("python-cython" ,python-cython) ("python-setuptools-scm" ,python-setuptools-scm) + ("python-pytest" ,python-pytest) ;; For generating the documentation. ("python-sphinx" ,python-sphinx) ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme))) @@ -482,7 +496,10 @@ to not fully trusted targets. Borg is a fork of Attic.") "0b5skd36r4c0915lwpkqg5hxm49gls9pprs1b7hc40910wlcsl36")))) (build-system python-build-system) (arguments - `(#:phases + `(;; The tests assume they are run as root: + ;; https://github.com/jborg/attic/issues/7 + #:tests? #f + #:phases (modify-phases %standard-phases (add-before 'build 'set-openssl-prefix diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index a476837102..5aea2cee0e 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -88,6 +88,20 @@ command-line arguments, multiple languages, and so on.") (patches (search-patches "grep-timing-sensitive-test.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) ;some of the tests require it + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'install 'fix-egrep-and-fgrep + ;; Patch 'egrep' and 'fgrep' to execute 'grep' via its + ;; absolute file name instead of searching for it in $PATH. + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin"))) + (substitute* (list (string-append bin "/egrep") + (string-append bin "/fgrep")) + (("^exec grep") + (string-append "exec " bin "/grep"))) + #t)))))) (synopsis "Print lines matching a pattern") (description "grep is a tool for finding text inside files. Text is found by @@ -205,14 +219,14 @@ differences.") (define-public diffutils (package (name "diffutils") - (version "3.3") + (version "3.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/diffutils/diffutils-" version ".tar.xz")) (sha256 (base32 - "1761vymxbp4wb5rzjvabhdkskk95pghnn67464byvzb5mfl8jpm2")))) + "0csmqfz8ks23kdjsq0v2ll1acqiz8lva06dj19mwmymrsp69ilys")))) (build-system gnu-build-system) (synopsis "Comparing and merging files") (description @@ -325,30 +339,30 @@ functionality beyond that which is outlined in the POSIX standard.") (define-public gnu-make (package (name "make") - (version "4.2") + (version "4.2.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/make/make-" version ".tar.bz2")) (sha256 (base32 - "0pv5rvz5pp4njxiz3syf786d2xp4j7gzddwjvgw5zmz55yvf6p2f")) + "12f5zzyq2w56g95nni65hc0g5p7154033y2f3qmjvd016szn5qnn")) (patches (search-patches "make-impure-dirs.patch")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) ; to detect Guile (inputs `(("guile" ,guile-2.0))) (outputs '("out" "debug")) (arguments - '(#:phases (alist-cons-before - 'build 'set-default-shell - (lambda* (#:key inputs #:allow-other-keys) - ;; Change the default shell from /bin/sh. - (let ((bash (assoc-ref inputs "bash"))) - (substitute* "job.c" - (("default_shell =.*$") - (format #f "default_shell = \"~a/bin/bash\";\n" - bash))))) - %standard-phases))) + '(#:phases + (modify-phases %standard-phases + (add-before 'build 'set-default-shell + (lambda* (#:key inputs #:allow-other-keys) + ;; Change the default shell from /bin/sh. + (let ((bash (assoc-ref inputs "bash"))) + (substitute* "job.c" + (("default_shell =.*$") + (format #f "default_shell = \"~a/bin/bash\";\n" + bash))))))))) (synopsis "Remake files automatically") (description "Make is a program that is used to control the production of @@ -363,16 +377,17 @@ change. GNU make offers many powerful extensions over the standard utility.") (define-public binutils (package (name "binutils") - (version "2.25.1") + (version "2.27") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/binutils/binutils-" version ".tar.bz2")) (sha256 (base32 - "08lzmhidzc16af1zbx34f8cy4z7mzrswpdbhrb8shy3xxpflmcdm")) + "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn")) (patches (search-patches "binutils-ld-new-dtags.patch" - "binutils-loongson-workaround.patch")))) + "binutils-loongson-workaround.patch" + "binutils-mips-bash-bug.patch")))) (build-system gnu-build-system) ;; TODO: Add dependency on zlib + those for Gold. @@ -476,14 +491,14 @@ store.") (define-public glibc/linux (package (name "glibc") - (version "2.23") + (version "2.24") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl")) + "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r")) (snippet ;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is ;; required on LFS distros to avoid loading the distro's libc.so @@ -511,7 +526,7 @@ store.") #:parallel-build? #f ;; The libraries have an empty RUNPATH, but some, such as the versioned - ;; libraries (libdl-2.23.so, etc.) have ld.so marked as NEEDED. Since + ;; libraries (libdl-2.24.so, etc.) have ld.so marked as NEEDED. Since ;; these libraries are always going to be found anyway, just skip ;; RUNPATH checks. #:validate-runpath? #f @@ -527,7 +542,7 @@ store.") ;; Set the default locale path. In practice, $LOCPATH may be ;; defined to point whatever locales users want. However, setuid ;; binaries don't honor $LOCPATH, so they'll instead look into - ;; $libc_cv_localedir; we choose /run/current-system/locale/X.Y, + ;; $libc_cv_complocaledir; we choose /run/current-system/locale/X.Y, ;; with the idea that it is going to be populated by the sysadmin. ;; The "X.Y" sub-directory is because locale data formats are ;; incompatible across libc versions; see @@ -535,8 +550,7 @@ store.") ;; ;; `--localedir' is not honored, so work around it. ;; See <http://sourceware.org/ml/libc-alpha/2013-03/msg00093.html>. - ;; FIXME: This hack no longer works on 2.23! - (string-append "libc_cv_localedir=/run/current-system/locale/" + (string-append "libc_cv_complocaledir=/run/current-system/locale/" ,version) (string-append "--with-headers=" @@ -629,7 +643,7 @@ store.") ;; install the message catalogs, with 'msgfmt'. (native-inputs `(("texinfo" ,texinfo) ("perl" ,perl) - ("gettext" ,gnu-gettext))) + ("gettext" ,gettext-minimal))) (native-search-paths ;; Search path for packages that provide locale data. This is useful @@ -905,7 +919,7 @@ command.") (define-public tzdata (package (name "tzdata") - (version "2015g") + (version "2016g") (source (origin (method url-fetch) (uri (string-append @@ -913,7 +927,7 @@ command.") version ".tar.gz")) (sha256 (base32 - "0qb1awqrn3215zd2jikpqnmkzrxwfjf0d3dw2xmnk4c40yzws8xr")))) + "1lgbh49bsbysibzr7imjsh1xa7pqmimphxvvwh6kncj7pjr3fw9w")))) (build-system gnu-build-system) (arguments '(#:tests? #f @@ -936,23 +950,24 @@ command.") (guix build gnu-build-system) (srfi srfi-1)) #:phases - (alist-replace - 'unpack - (lambda* (#:key source inputs #:allow-other-keys) - (and (zero? (system* "tar" "xvf" source)) - (zero? (system* "tar" "xvf" (assoc-ref inputs "tzcode"))))) - (alist-cons-after - 'install 'post-install - (lambda* (#:key outputs #:allow-other-keys) - ;; Move data in the right place. - (let ((out (assoc-ref outputs "out"))) - (copy-recursively (string-append out "/share/zoneinfo-posix") - (string-append out "/share/zoneinfo/posix")) - (copy-recursively (string-append out "/share/zoneinfo-leaps") - (string-append out "/share/zoneinfo/right")) - (delete-file-recursively (string-append out "/share/zoneinfo-posix")) - (delete-file-recursively (string-append out "/share/zoneinfo-leaps")))) - (alist-delete 'configure %standard-phases))))) + (modify-phases %standard-phases + (replace 'unpack + (lambda* (#:key source inputs #:allow-other-keys) + (and (zero? (system* "tar" "xvf" source)) + (zero? (system* "tar" "xvf" (assoc-ref inputs "tzcode")))))) + (add-after 'install 'post-install + (lambda* (#:key outputs #:allow-other-keys) + ;; Move data in the right place. + (let ((out (assoc-ref outputs "out"))) + (symlink (string-append out "/share/zoneinfo") + (string-append out "/share/zoneinfo/posix")) + (delete-file-recursively + (string-append out "/share/zoneinfo-posix")) + (copy-recursively (string-append out "/share/zoneinfo-leaps") + (string-append out "/share/zoneinfo/right")) + (delete-file-recursively + (string-append out "/share/zoneinfo-leaps"))))) + (delete 'configure)))) (inputs `(("tzcode" ,(origin (method url-fetch) (uri (string-append @@ -960,7 +975,7 @@ command.") version ".tar.gz")) (sha256 (base32 - "1i3y1kzjiz2j62c7vd4wf85983sqk9x9lg3473njvbdz4kph5r0q")))))) + "0azsz436vd65bkdkdmjgsh7zhh0whnqqfliva45191krmm3hpy8z")))))) (home-page "http://www.iana.org/time-zones") (synopsis "Database of current and historical time zones") (description "The Time Zone Database (often called tz or zoneinfo) diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm index f3d851717f..d328d711d1 100644 --- a/gnu/packages/bash.scm +++ b/gnu/packages/bash.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Leo Famulari <leo@famulari.name> ;;; @@ -51,52 +51,10 @@ (list (bash-patch seqno (base32 hash)) ...)) -(define %patch-series-4.3 - ;; This is the current patches series for 4.3, generated using +(define %patch-series-4.4 + ;; This is the current patches series for 4.4, generated using ;; 'download-patches' below. - (patch-series - (1 "0hip2n2s5hws8p4nfcz37379zn6cak83ljsm64z52rw6ckrdzczc") - (2 "0ashj5d1g3zbyr7zf0r72s5wnk96cz1xj919y3jajadbc9qcvrzf") - (3 "0z88q4daq7dmw93iqd9c5i5d1sndklih3nrh0v75746da2n6w3h0") - (4 "0f0kh9j5k4ym6knshscx31przm50x5cc7ifkwqk0swh6clna982y") - (5 "1ym3b8b7lgmdp3dklp8qaqhyq965wd5392namq8mz7rb0d231j0s") - (6 "04q20igq49py49ynb0f83f6f52cdkyqwd9bpic6akr0m5pkqwr50") - (7 "18zkz23d9myshrwfcwcdjk7qmkqp8az5n91ni9jaixlwqlhy64qi") - (8 "0pprcwvh7ngdli0x95pc1cpssg4qg7layi9xrv2jq6c7965ajhcr") - (9 "19a0pf0alp30d1bjj0zf3zq2f5n0s6y91w7brm9jyswl51kns8n0") - (10 "1dzhr5ammyijisz48cqi5vaw26hfr5vh9smnqxq4qc9p06f7j1ff") - (11 "0fvzdzzi142a8rf3v965r6gbpn0k7fv2gif1yq8a4160vcn40qvw") - (12 "04lcgfcyz7p3zagb4hkia3hkpd7lii9m8ycy9qqwzyrm1c1pj4ry") - (13 "0y9cqi378z6flapkd5k5lfl4lq3ivzg4njj3i3wmw7xb6r9wma5z") - (14 "04xcb0k9fxxq4vashgzb98567xzdnm4655nlm4jvfvjv6si6ykas") - (15 "13ay6lldy1p00xj41nfjpq8lai3vw2qwca79gx6s80z04j53wa8k") - (16 "0wq7bvx3pfw90pnfb86yg5nr9jgjsvm2nq5rrkqxf6zn977hpmlj") - (17 "103p7sibihv6cshqj12k546zsbz0dnd5cv5vlx1719avddfc4rqj") - (18 "0n1x3812y1brb9xbabaj3fvr4cpvm2225iwckmqk2fcpkq5b9a3s") - (19 "08rd1p7zpzgbpmmmnj2im8wj2pcwmbbx51psr9vdc5c049si9ad7") - (20 "163c6g05qpag2plx5q795pmw3f3m904jy7z93xj2i08pgzc8cpna") - (21 "1a90cl3h10dh8k9f2ddrsjmw5ywaw2d5x78xb4fd2sryi039yhs1") - (22 "120s0s4qcqd0q12j1iv0hkpf9fp3w5jnqw646kv66n66jnxlfkgx") - (23 "1m00sfi88p2akgiyrg4hw0gvz3s1586pkzjdr3dm73vs773m1hls") - (24 "0v0gjqzjsqjfgj5x17fq7g649k94jn8zq92qsxkhc2d6l215hl1v") - (25 "0lcj96i659q35f1jcmwwbnw3p7w7vvlxjxqi989vn6d6qksqcl8y") ;CVE-2014-6271 - (26 "0k919ir0inwn4wai2vdzpbwqq5h54fnrlkmgccxjg91v3ch15k1f") ;CVE-2014-7169 - (27 "1gnsfvq6bhb3srlbh0cannj2hackdsipcg7z0ds7zlk1hp96mdqy") - (28 "17a65c4fn4c5rgsiw9gqqnzhznh3gwnd2xzzv2dppyi48znxpc78") ;CVE-2014-7186 - (29 "14k27p28r5l2fz3r03kd0x72vvsq8bja8c6hjz5kxikbzsbs7i2c") ;CVE-2014-6277 - (30 "0nrqb0m7s89qsrbfaffpilc5gcf82bx9yvgzld4hr79p5y54yhw5") ;CVE-2014-6278 - (31 "07d62bl3z7qa8v6kgk47vzzazw563mlk9zhrsr4xsbqgvmcrylnd") - (32 "0jjgapfq4qhmndfrw8c3q3lva8xjdhlbd9cc631v41b0kb95g4w8") - (33 "05ma5rlxiadnfh925p4y7s0vvk917kmsdb1mfdx05gizl63pfapv") - (34 "12gq9whkq3naa3iy7c7x5pfpvrg7d0kwqld8609zxphhy424ysgi") - (35 "1qy1jflmbazjykq766gwabkaiswnx7pwa66whqiny0w02zjqa39p") - (36 "0z6jbyy70lfdm6d3x0sbazbqdxb3xnpn9bmz7madpvrnbd284pxc") - (37 "04sqr8zkl6s5fccfvb775ppn3ldij5imria9swc39aq0fkfp1w9k") - (38 "0rv3g14mpgv8br267bf7rmgqlgwnc4v6g3g8y0sjba571i8amgmd") - (39 "1v3l3vkc3g2b6fjycqwlakr8xhiw6bmw6q0zd6bi0m0m4bnxr55b") - (40 "0sypv66vsldmc95gwvf7ylz1k7y37vnvdsjg8ajjr6b2j9mkkfw4") - (41 "06ic2gdpbi1afik3wqf9d4vh95if4bz8bmhcgr555621dsb35i2f") - (42 "06a90k0p6bqc4wk2dsmapna69124an76xvlnlj3xm497vci968dc"))) + (patch-series)) (define (download-patches store count) "Download COUNT Bash patches into store. Return a list of @@ -134,34 +92,7 @@ number/base32-hash tuples, directly usable in the 'patch-series' form." " -Wl,-rpath -Wl," (assoc-ref %build-inputs "ncurses") "/lib"))) - (post-install-phase - '(lambda* (#:key outputs #:allow-other-keys) - ;; Add a `bash' -> `sh' link. - (let ((out (assoc-ref outputs "out"))) - (with-directory-excursion (string-append out "/bin") - (symlink "bash" "sh"))))) - (install-headers-phase - '(lambda* (#:key outputs #:allow-other-keys) - ;; Install Bash headers so that packages that provide extensions - ;; can use them. We install them in include/bash; that's what - ;; Debian does and what Bash extensions like recutils or - ;; guile-bash expect. - (let ((include (string-append (assoc-ref outputs "include") - "/include/bash")) - (includes "^\\./include/[^/]+\\.h$") - (headers "^\\./(builtins/|lib/glob/|lib/tilde/|)[^/]+\\.h$")) - (mkdir-p include) - (for-each (lambda (file) - (when (string-match includes file) - (install-file file include)) - (when (string-match headers file) - (install-file file - (string-append include "/" - (dirname file))))) - (find-files "." "\\.h$")) - (delete-file (string-append include "/" "y.tab.h")) - #t))) - (version "4.3")) + (version "4.4")) (package (name "bash") (source (origin @@ -170,22 +101,16 @@ number/base32-hash tuples, directly usable in the 'patch-series' form." "mirror://gnu/bash/bash-" version ".tar.gz")) (sha256 (base32 - "1m14s1f61mf6bijfibcjm9y6pkyvz6gibyl8p4hxq90fisi8gimg")) + "1jyz6snd63xjn6skk7za6psgidsd53k05cr3lksqybi0q6936syq")) (patch-flags '("-p0")) - (patches %patch-series-4.3) - - ;; The patches above modify 'parse.y', so force a rebuild of the - ;; parser. - (snippet '(for-each delete-file - '("y.tab.c" "y.tab.h" "parser-built"))))) + (patches %patch-series-4.4))) (version (string-append version "." - (number->string (length %patch-series-4.3)))) + (number->string (length %patch-series-4.4)))) (build-system gnu-build-system) (outputs '("out" "doc" ;1.7 MiB of HTML and extra files "include")) ;headers used by extensions - (native-inputs `(("bison" ,bison))) ;to rebuild the parser (inputs `(("readline" ,readline) ("ncurses" ,ncurses))) ;TODO: add texinfo (arguments @@ -206,14 +131,41 @@ number/base32-hash tuples, directly usable in the 'patch-series' form." ;; for now. #:tests? #f - #:modules ((ice-9 regex) + #:modules ((srfi srfi-26) (guix build utils) (guix build gnu-build-system)) - #:phases (modify-phases %standard-phases - (add-after 'install 'post-install ,post-install-phase) - (add-after 'install 'install-headers - ,install-headers-phase)))) + #:phases + (modify-phases %standard-phases + (add-after 'install 'install-sh-symlink + (lambda* (#:key outputs #:allow-other-keys) + ;; Add a `sh' -> `bash' link. + (let ((out (assoc-ref outputs "out"))) + (with-directory-excursion (string-append out "/bin") + (symlink "bash" "sh"))))) + + (add-after 'install 'move-development-files + (lambda* (#:key outputs #:allow-other-keys) + ;; Move 'Makefile.inc' and 'bash.pc' to "include" to avoid + ;; circular references among the outputs. + (let ((out (assoc-ref outputs "out")) + (include (assoc-ref outputs "include")) + (lib (cut string-append <> "/lib/bash"))) + (mkdir-p (lib include)) + (rename-file (string-append (lib out) + "/Makefile.inc") + (string-append (lib include) + "/Makefile.inc")) + (rename-file (string-append out "/lib/pkgconfig") + (string-append include + "/lib/pkgconfig")) + #t)))))) + + (native-search-paths + (list (search-path-specification ;new in 4.4 + (variable "BASH_LOADABLES_PATH") + (files '("lib/bash"))))) + (synopsis "The GNU Bourne-Again SHell") (description "Bash is the shell, or command-line interpreter, of the GNU system. It @@ -230,6 +182,10 @@ without modification.") (package (inherit bash) (name "bash-minimal") (inputs '()) ; no readline, no curses + + ;; No "include" output because there's no support for loadable modules. + (outputs (delete "include" (package-outputs bash))) + (arguments (let ((args `(#:modules ((guix build gnu-build-system) (guix build utils) @@ -246,9 +202,17 @@ without modification.") "--disable-net-redirections" "--disable-nls" + ;; Pretend 'dlopen' is missing so we don't build loadable + ;; modules and related code. + "ac_cv_func_dlopen=no" + ,@(if (%current-target-system) '("bash_cv_job_control_missing=no") - '())))))))) + '()))) + ((#:phases phases) + `(modify-phases ,phases + ;; No loadable modules. + (delete 'move-development-files)))))))) (define-public static-bash ;; Statically-linked Bash that contains nothing but the 'bash' binary and @@ -261,16 +225,15 @@ without modification.") (substitute-keyword-arguments `(#:allowed-references ("out") ,@(package-arguments bash)) ((#:phases phases) - `(alist-cons-after - 'strip 'remove-everything-but-the-binary - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (bin (string-append out "/bin"))) - (remove-store-references (string-append bin "/bash")) - (delete-file (string-append bin "/bashbug")) - (delete-file-recursively (string-append out "/share")) - #t)) - ,phases))))))) + `(modify-phases ,phases + (add-after 'strip 'remove-everything-but-the-binary + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin"))) + (remove-store-references (string-append bin "/bash")) + (delete-file (string-append bin "/bashbug")) + (delete-file-recursively (string-append out "/share")) + #t)))))))))) (define-public bash-completion (package diff --git a/gnu/packages/cdrom.scm b/gnu/packages/cdrom.scm index 39c7b52426..1524ef530b 100644 --- a/gnu/packages/cdrom.scm +++ b/gnu/packages/cdrom.scm @@ -205,7 +205,7 @@ reconstruction capability.") (inputs `(("gtk+" ,gtk+-2))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config) ("which" ,which))) (arguments diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm index ac88e59ec1..cd82978de2 100644 --- a/gnu/packages/cmake.scm +++ b/gnu/packages/cmake.scm @@ -32,12 +32,13 @@ #:use-module (gnu packages compression) #:use-module (gnu packages curl) #:use-module (gnu packages file) + #:use-module (gnu packages ncurses) #:use-module (gnu packages xml)) (define-public cmake (package (name "cmake") - (version "3.5.2") + (version "3.6.1") (source (origin (method url-fetch) (uri (string-append "https://www.cmake.org/files/v" @@ -45,7 +46,7 @@ "/cmake-" version ".tar.gz")) (sha256 (base32 - "0ap6nlmv6nda942db43k9k9mhnm5dm3fsapzvy0vh6wq7l6l3n4j")) + "04ggm9c0zklxypm6df1v4klrrd85m6vpv13kasj42za283n9ivi8")) (patches (search-patches "cmake-fix-tests.patch")))) (build-system gnu-build-system) (arguments @@ -97,27 +98,20 @@ "--mandir=share/man" ,(string-append "--docdir=share/doc/cmake-" - (version-major+minor version))))))) - (add-after 'unpack 'remove-libarchive-version-test - ; This test check has been failing consistantly over libarchive 3.2.x - ; and cmake 3.4.x and 3.5.x so we disable it for now - (lambda _ - (substitute* - "Tests/CMakeOnly/AllFindModules/CMakeLists.txt" - (("LibArchive") "")) - #t))))) + (version-major+minor version)))))))))) (inputs `(("file" ,file) ("curl" ,curl) ("zlib" ,zlib) ("expat" ,expat) ("bzip2" ,bzip2) + ("ncurses" ,ncurses) ; required for ccmake ("libarchive" ,libarchive))) (native-search-paths (list (search-path-specification (variable "CMAKE_PREFIX_PATH") (files '(""))))) - (home-page "http://www.cmake.org/") + (home-page "https://www.cmake.org/") (synopsis "Cross-platform build system") (description "CMake is a family of tools designed to build, test and package software. diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index cce831bfb6..53ba7189b4 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -27,15 +27,18 @@ #:use-module (gnu packages bash) #:use-module (gnu packages gcc) #:use-module (gnu packages m4) + #:use-module (gnu packages indent) #:use-module (gnu packages file) #:use-module (gnu packages gawk) #:use-module (gnu packages bison) + #:use-module (gnu packages flex) #:use-module (gnu packages guile) #:use-module (gnu packages gettext) #:use-module (gnu packages multiprecision) #:use-module (gnu packages compression) #:use-module (gnu packages perl) #:use-module (gnu packages linux) + #:use-module (gnu packages hurd) #:use-module (gnu packages texinfo) #:use-module (gnu packages pkg-config) #:use-module (guix packages) @@ -46,7 +49,8 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (ice-9 vlist) - #:use-module (ice-9 match)) + #:use-module (ice-9 match) + #:use-module (ice-9 regex)) ;;; Commentary: ;;; @@ -71,17 +75,15 @@ #:tests? #f ; cannot run "make check" ,@(substitute-keyword-arguments (package-arguments gnu-make) ((#:phases phases) - `(alist-replace - 'build (lambda _ - (zero? (system* "./build.sh"))) - (alist-replace - 'install (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (bin (string-append out "/bin"))) - (mkdir-p bin) - (copy-file "make" - (string-append bin "/make")))) - ,phases)))))) + `(modify-phases ,phases + (replace 'build + (lambda _ + (zero? (system* "./build.sh")))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin"))) + (install-file "make" bin))))))))) (native-inputs '()) ; no need for 'pkg-config' (inputs %bootstrap-inputs)))) @@ -282,13 +284,55 @@ (lambda _ (substitute* "Configure" (("^libswanted=(.*)pthread" _ before) - (string-append "libswanted=" before))))))))))))) + (string-append "libswanted=" before))))))) + ;; Do not configure with '-Dusethreads' since pthread + ;; support is missing. + ((#:configure-flags configure-flags) + `(delete "-Dusethreads" ,configure-flags)))))))) (package-with-bootstrap-guile (package-with-explicit-inputs perl %boot0-inputs (current-source-location) #:guile %bootstrap-guile)))) +(define bison-boot0 + ;; This Bison is needed to build MiG so we need it early in the process. + ;; It is also needed to rebuild Bash's parser, which is modified by + ;; its CVE patches. Remove it when it's no longer needed. + (let* ((m4 (package-with-bootstrap-guile + (package-with-explicit-inputs m4 %boot0-inputs + (current-source-location) + #:guile %bootstrap-guile))) + (bison (package (inherit bison) + (propagated-inputs `(("m4" ,m4))) + (inputs '()) ;remove Flex... + (arguments + '(#:tests? #f ;... and thus disable tests + + ;; Zero timestamps in liby.a; this must be done + ;; explicitly here because the bootstrap Binutils don't + ;; do that (default is "cru".) + #:make-flags '("ARFLAGS=crD" "RANLIB=ranlib -D" + "V=1")))))) + (package + (inherit (package-with-bootstrap-guile + (package-with-explicit-inputs bison %boot0-inputs + (current-source-location) + #:guile %bootstrap-guile))) + (native-inputs `(("perl" ,perl-boot0)))))) + +(define flex-boot0 + ;; This Flex is needed to build MiG. + (let* ((flex (package (inherit flex) + (native-inputs `(("bison" ,bison-boot0))) + (propagated-inputs `(("m4" ,m4))) + (inputs `(("indent" ,indent))) + (arguments '(#:tests? #f))))) + (package-with-bootstrap-guile + (package-with-explicit-inputs flex %boot0-inputs + (current-source-location) + #:guile %bootstrap-guile)))) + (define (linux-libre-headers-boot0) "Return Linux-Libre header files for the bootstrap environment." ;; Note: this is wrapped in a thunk to nicely handle circular dependencies @@ -302,6 +346,63 @@ `(("perl" ,perl-boot0) ,@%boot0-inputs))))) +(define gnumach-headers-boot0 + (package-with-bootstrap-guile + (package-with-explicit-inputs gnumach-headers + %boot0-inputs + (current-source-location) + #:guile %bootstrap-guile))) + +(define mig-boot0 + (let* ((mig (package (inherit mig) + (native-inputs `(("bison" ,bison-boot0) + ("flex" ,flex-boot0))) + (inputs `(("flex" ,flex-boot0))) + (arguments + `(#:configure-flags + `(,(string-append "LDFLAGS=-Wl,-rpath=" + (assoc-ref %build-inputs "flex") "/lib/"))))))) + (package-with-bootstrap-guile + (package-with-explicit-inputs mig %boot0-inputs + (current-source-location) + #:guile %bootstrap-guile)))) + +(define hurd-headers-boot0 + (let ((hurd-headers (package (inherit hurd-headers) + (native-inputs `(("mig" ,mig-boot0))) + (inputs '())))) + (package-with-bootstrap-guile + (package-with-explicit-inputs hurd-headers %boot0-inputs + (current-source-location) + #:guile %bootstrap-guile)))) + +(define hurd-minimal-boot0 + (let ((hurd-minimal (package (inherit hurd-minimal) + (native-inputs `(("mig" ,mig-boot0))) + (inputs '())))) + (package-with-bootstrap-guile + (package-with-explicit-inputs hurd-minimal %boot0-inputs + (current-source-location) + #:guile %bootstrap-guile)))) + +(define (hurd-core-headers-boot0) + "Return the Hurd and Mach headers as well as initial Hurd libraries for +the bootstrap environment." + (package-with-bootstrap-guile + (package (inherit hurd-core-headers) + (arguments `(#:guile ,%bootstrap-guile + ,@(package-arguments hurd-core-headers))) + (inputs + `(("gnumach-headers" ,gnumach-headers-boot0) + ("hurd-headers" ,hurd-headers-boot0) + ("hurd-minimal" ,hurd-minimal-boot0) + ,@%boot0-inputs))))) + +(define* (kernel-headers-boot0 #:optional (system (%current-system))) + (match system + ("i586-gnu" (hurd-core-headers-boot0)) + (_ (linux-libre-headers-boot0)))) + (define texinfo-boot0 ;; Texinfo used to build libc's manual. ;; We build without ncurses because it fails to build at this stage, and @@ -320,9 +421,19 @@ (current-source-location) #:guile %bootstrap-guile)))) +(define ld-wrapper-boot0 + ;; We need this so binaries on Hurd will have libmachuser and libhurduser + ;; in their RUNPATH, otherwise validate-runpath will fail. + (make-ld-wrapper (string-append "ld-wrapper-" (boot-triplet)) + #:target (boot-triplet) + #:binutils binutils-boot0 + #:guile %bootstrap-guile + #:bash (car (assoc-ref %boot0-inputs "bash")))) + (define %boot1-inputs ;; 2nd stage inputs. `(("gcc" ,gcc-boot0) + ("ld-wrapper-cross" ,ld-wrapper-boot0) ("binutils-cross" ,binutils-boot0) ,@(alist-delete "binutils" %boot0-inputs))) @@ -356,6 +467,15 @@ (setenv "NATIVE_CPATH" (getenv "CPATH")) (unsetenv "CPATH") + ;; Tell 'libpthread' where to find 'libihash' on Hurd systems. + ,@(if (string-match "i586-gnu" (%current-system)) + `((substitute* "libpthread/Makefile" + (("LDLIBS-pthread.so =.*") + (string-append "LDLIBS-pthread.so = " + (assoc-ref %build-inputs "kernel-headers") + "/lib/libihash.a\n")))) + '()) + ;; 'rpcgen' needs native libc headers to be built. (substitute* "sunrpc/Makefile" (("sunrpc-CPPFLAGS =.*" all) @@ -363,7 +483,7 @@ "export CPATH\n" all "\n")))) ,phases))))) - (propagated-inputs `(("kernel-headers" ,(linux-libre-headers-boot0)))) + (propagated-inputs `(("kernel-headers" ,(kernel-headers-boot0)))) (native-inputs `(("texinfo" ,texinfo-boot0) ("perl" ,perl-boot0))) @@ -372,6 +492,11 @@ ;; it in $CPATH, hence the 'pre-configure' phase above. ,@%boot1-inputs + ;; A native MiG is needed to build Glibc on Hurd. + ,@(if (string-match "i586-gnu" (%current-system)) + `(("mig" ,mig-boot0)) + '()) + ;; A native GCC is needed to build `cross-rpcgen'. ("native-gcc" ,@(assoc-ref %boot0-inputs "gcc")) @@ -430,31 +555,6 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" ("bash" ,bash))) (inputs '()))) -(define bison-boot1 - ;; XXX: This Bison is needed to rebuild Bash's parser, which is modified by - ;; its CVE patches. Remove it when it's no longer needed. - (let* ((m4 (package-with-bootstrap-guile - (package-with-explicit-inputs m4 %boot0-inputs - (current-source-location) - #:guile %bootstrap-guile))) - (bison (package (inherit bison) - (propagated-inputs `(("m4" ,m4))) - (inputs '()) ;remove Flex... - (arguments - '(#:tests? #f ;... and thus disable tests - - ;; Zero timestamps in liby.a; this must be done - ;; explicitly here because the bootstrap Binutils don't - ;; do that (default is "cru".) - #:make-flags '("ARFLAGS=crD" "RANLIB=ranlib -D" - "V=1")))))) - (package - (inherit (package-with-bootstrap-guile - (package-with-explicit-inputs bison %boot0-inputs - (current-source-location) - #:guile %bootstrap-guile))) - (native-inputs `(("perl" ,perl-boot0)))))) - (define static-bash-for-glibc ;; A statically-linked Bash to be used by GLIBC-FINAL in system(3) & co. (let* ((gcc (cross-gcc-wrapper gcc-boot0 binutils-boot0 @@ -468,23 +568,21 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" ("libc" ,glibc-final-with-bootstrap-bash) ,@(fold alist-delete %boot1-inputs '("gcc" "libc"))))) - (package - (inherit (package-with-bootstrap-guile - (package-with-explicit-inputs bash inputs - (current-source-location) - #:guile %bootstrap-guile))) - (native-inputs `(("bison" ,bison-boot1)))))) + (package-with-bootstrap-guile + (package-with-explicit-inputs bash inputs + (current-source-location) + #:guile %bootstrap-guile)))) (define gettext-boot0 ;; A minimal gettext used during bootstrap. (let ((gettext-minimal - (package (inherit gnu-gettext) + (package (inherit gettext-minimal) (name "gettext-boot0") (inputs '()) ;zero dependencies (arguments (substitute-keyword-arguments `(#:tests? #f - ,@(package-arguments gnu-gettext)) + ,@(package-arguments gettext-minimal)) ((#:phases phases) `(modify-phases ,phases ;; Build only the tools. @@ -527,7 +625,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" ;; if 'allowed-references' were per-output. (arguments `(#:allowed-references - ,(cons* `(,gcc-boot0 "lib") (linux-libre-headers-boot0) + ,(cons* `(,gcc-boot0 "lib") (kernel-headers-boot0) static-bash-for-glibc (package-outputs glibc-final-with-bootstrap-bash)) @@ -679,13 +777,11 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" (define bash-final ;; Link with `-static-libgcc' to make sure we don't retain a reference ;; to the bootstrap GCC. - (package - (inherit (package-with-bootstrap-guile - (package-with-explicit-inputs (static-libgcc-package bash) - %boot3-inputs - (current-source-location) - #:guile %bootstrap-guile))) - (native-inputs `(("bison" ,bison-boot1))))) + (package-with-bootstrap-guile + (package-with-explicit-inputs (static-libgcc-package bash) + %boot3-inputs + (current-source-location) + #:guile %bootstrap-guile))) (define %boot4-inputs ;; Now use the final Bash. diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm index 3bd30fd78c..b4324c2aeb 100644 --- a/gnu/packages/cross-base.scm +++ b/gnu/packages/cross-base.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> +;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -25,6 +26,7 @@ #:use-module (gnu packages base) #:use-module (gnu packages commencement) #:use-module (gnu packages linux) + #:use-module (gnu packages hurd) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix utils) @@ -33,6 +35,7 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (ice-9 match) + #:use-module (ice-9 regex) #:export (cross-binutils cross-libc cross-gcc)) @@ -292,12 +295,12 @@ GCC that does not target a libc; otherwise, target that libc." (files '("lib" "lib64"))))) (native-search-paths '()))) -(define* (cross-libc target - #:optional - (xgcc (cross-gcc target)) - (xbinutils (cross-binutils target))) - "Return a libc cross-built for TARGET, a GNU triplet. Use XGCC and -XBINUTILS and the cross tool chain." +(define* (cross-kernel-headers target + #:optional + (xgcc (cross-gcc target)) + (xbinutils (cross-binutils target))) + "Return headers depending on TARGET." + (define xlinux-headers (package (inherit linux-libre-headers) (name (string-append (package-name linux-libre-headers) @@ -320,6 +323,147 @@ XBINUTILS and the cross tool chain." ("cross-binutils" ,xbinutils) ,@(package-native-inputs linux-libre-headers))))) + (define xgnumach-headers + (package (inherit gnumach-headers) + (name (string-append (package-name gnumach-headers) + "-cross-" target)) + + (native-inputs `(("cross-gcc" ,xgcc) + ("cross-binutils" ,xbinutils) + ,@(package-native-inputs gnumach-headers))))) + + (define xmig + (package (inherit mig) + (name (string-append "mig-cross")) + (arguments + `(#:modules ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-26)) + #:phases (alist-cons-before + 'configure 'set-cross-headers-path + (lambda* (#:key inputs #:allow-other-keys) + (let* ((mach (assoc-ref inputs "cross-gnumach-headers")) + (cpath (string-append mach "/include"))) + (for-each (cut setenv <> cpath) + '("CROSS_C_INCLUDE_PATH" + "CROSS_CPLUS_INCLUDE_PATH" + "CROSS_OBJC_INCLUDE_PATH" + "CROSS_OBJCPLUS_INCLUDE_PATH")))) + %standard-phases) + #:configure-flags (list ,(string-append "--target=" target)) + ,@(package-arguments mig))) + + (propagated-inputs `(("cross-gnumach-headers" ,xgnumach-headers))) + (native-inputs `(("cross-gcc" ,xgcc) + ("cross-binutils" ,xbinutils) + ,@(package-native-inputs mig))))) + + (define xhurd-headers + (package (inherit hurd-headers) + (name (string-append (package-name hurd-headers) + "-cross-" target)) + + (propagated-inputs `(("cross-mig" ,xmig))) + (native-inputs `(("cross-gcc" ,xgcc) + ("cross-binutils" ,xbinutils) + ("cross-mig" ,xmig) + ,@(alist-delete "mig"(package-native-inputs hurd-headers)))))) + + (define xglibc/hurd-headers + (package (inherit glibc/hurd-headers) + (name (string-append (package-name glibc/hurd-headers) + "-cross-" target)) + + (arguments + (substitute-keyword-arguments + `(#:modules ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-26)) + ,@(package-arguments glibc/hurd-headers)) + ((#:phases phases) + `(alist-cons-before + 'pre-configure 'set-cross-headers-path + (lambda* (#:key inputs #:allow-other-keys) + (let* ((mach (assoc-ref inputs "gnumach-headers")) + (hurd (assoc-ref inputs "hurd-headers")) + (cpath (string-append mach "/include:" + hurd "/include"))) + (for-each (cut setenv <> cpath) + '("CROSS_C_INCLUDE_PATH" + "CROSS_CPLUS_INCLUDE_PATH" + "CROSS_OBJC_INCLUDE_PATH" + "CROSS_OBJCPLUS_INCLUDE_PATH")))) + ,phases)))) + + (propagated-inputs `(("gnumach-headers" ,xgnumach-headers) + ("hurd-headers" ,xhurd-headers))) + + (native-inputs `(("cross-gcc" ,xgcc) + ("cross-binutils" ,xbinutils) + ("cross-mig" ,xmig) + ,@(alist-delete "mig"(package-native-inputs glibc/hurd-headers)))))) + + (define xhurd-minimal + (package (inherit hurd-minimal) + (name (string-append (package-name hurd-minimal) + "-cross-" target)) + (arguments + (substitute-keyword-arguments + `(#:modules ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-26)) + ,@(package-arguments hurd-minimal)) + ((#:phases phases) + `(alist-cons-before + 'configure 'set-cross-headers-path + (lambda* (#:key inputs #:allow-other-keys) + (let* ((glibc-headers (assoc-ref inputs "cross-glibc-hurd-headers")) + (cpath (string-append glibc-headers "/include"))) + (for-each (cut setenv <> cpath) + '("CROSS_C_INCLUDE_PATH" + "CROSS_CPLUS_INCLUDE_PATH" + "CROSS_OBJC_INCLUDE_PATH" + "CROSS_OBJCPLUS_INCLUDE_PATH")))) + ,phases)))) + + (inputs `(("cross-glibc-hurd-headers" ,xglibc/hurd-headers))) + + (native-inputs `(("cross-gcc" ,xgcc) + ("cross-binutils" ,xbinutils) + ("cross-mig" ,xmig) + ,@(alist-delete "mig"(package-native-inputs hurd-minimal)))))) + + (define xhurd-core-headers + (package (inherit hurd-core-headers) + (name (string-append (package-name hurd-core-headers) + "-cross-" target)) + + (inputs `(("gnumach-headers" ,xgnumach-headers) + ("hurd-headers" ,xhurd-headers) + ("hurd-minimal" ,xhurd-minimal))) + + (native-inputs `(("cross-gcc" ,xgcc) + ("cross-binutils" ,xbinutils) + ("cross-mig" ,xmig) + ,@(package-native-inputs hurd-core-headers))))) + + (match target + ((or "i586-pc-gnu" "i586-gnu") xhurd-core-headers) + (_ xlinux-headers))) + +(define* (cross-libc target + #:optional + (xgcc (cross-gcc target)) + (xbinutils (cross-binutils target)) + (xheaders (cross-kernel-headers target))) + "Return a libc cross-built for TARGET, a GNU triplet. Use XGCC and +XBINUTILS and the cross tool chain." + (define (cross-libc-for-target target) + "Return libc depending on TARGET." + (match target + ((or "i586-pc-gnu" "i586-gnu") glibc/hurd) + (_ glibc/linux))) + (package (inherit glibc) (name (string-append "glibc-cross-" target)) (arguments @@ -337,7 +481,9 @@ XBINUTILS and the cross tool chain." (guix build utils) (srfi srfi-26)) - ,@(package-arguments glibc)) + ;; Package-arguments does not use the correct libc, so we use + ;; (cross-libc-for-target ...) to determine the correct one. + ,@(package-arguments (cross-libc-for-target target))) ((#:configure-flags flags) `(cons ,(string-append "--host=" target) ,flags)) @@ -352,12 +498,14 @@ XBINUTILS and the cross tool chain." "CROSS_CPLUS_INCLUDE_PATH" "CROSS_OBJC_INCLUDE_PATH" "CROSS_OBJCPLUS_INCLUDE_PATH")) + (setenv "CROSS_LIBRARY_PATH" + (string-append kernel "/lib")) ;for Hurd's libihash #t)) ,phases)))) ;; Shadow the native "kernel-headers" because glibc's recipe expects the ;; "kernel-headers" input to point to the right thing. - (propagated-inputs `(("kernel-headers" ,xlinux-headers))) + (propagated-inputs `(("kernel-headers" ,xheaders))) ;; FIXME: 'static-bash' should really be an input, not a native input, but ;; to do that will require building an intermediate cross libc. @@ -365,6 +513,11 @@ XBINUTILS and the cross tool chain." (native-inputs `(("cross-gcc" ,xgcc) ("cross-binutils" ,xbinutils) + ,@(if (string-match (or "i586-pc-gnu" "i586-gnu") target) + `(("cross-mig" + ,@(assoc-ref (package-native-inputs xheaders) + "cross-mig"))) + '()) ,@(package-inputs glibc) ;FIXME: static-bash ,@(package-native-inputs glibc))))) diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index 14084c91b1..88e9038dc3 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -189,7 +189,7 @@ communication.") #:directories? #t))))) (build-system cmake-build-system) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ;; Test dependencies. ("expect" ,expect) diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index e51dcb5e8c..2050c9b7e7 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -40,10 +40,18 @@ #:use-module (gnu packages pkg-config) #:use-module (gnu packages tls)) +;; Delay to avoid module circularity problems. +(define ghostscript/cups + (delay + (package (inherit ghostscript) + (name "ghostscript-with-cups") + (inputs `(("cups" ,cups-minimal) + ,@(package-inputs ghostscript)))))) + (define-public cups-filters (package (name "cups-filters") - (version "1.4.0") + (version "1.11.2") (source (origin (method url-fetch) (uri @@ -51,22 +59,28 @@ "cups-filters-" version ".tar.xz")) (sha256 (base32 - "16jpqqlixlv2dxqv8gak5qg4qnsnw4p745xr6rhw9dgylf13z9ha")) + "0x864p794m10kn157n6iv1q9nix5f7x82a8xwjf8hlvri4458j2b")) (modules '((guix build utils))) (snippet ;; install backends, banners and filters to cups-filters output ;; directory, not the cups server directory - '(substitute* "Makefile.in" - (("CUPS_DATADIR = @CUPS_DATADIR@") - "CUPS_DATADIR = $(PREFIX)/share/cups") - (("pkgcupsserverrootdir = \\$\\(CUPS_SERVERROOT\\)") - "pkgcupsserverrootdir = $(PREFIX)") - ;; Choose standard directories notably so that binaries are - ;; stripped. - (("pkgbackenddir = \\$\\(CUPS_SERVERBIN\\)/backend") - "pkgbackenddir = $(PREFIX)/lib/cups/backend") - (("pkgfilterdir = \\$\\(CUPS_SERVERBIN\\)/filter") - "pkgfilterdir = $(PREFIX)/lib/cups/filter"))))) + '(begin + (substitute* "Makefile.in" + (("CUPS_DATADIR = @CUPS_DATADIR@") + "CUPS_DATADIR = $(PREFIX)/share/cups") + (("pkgcupsserverrootdir = \\$\\(CUPS_SERVERROOT\\)") + "pkgcupsserverrootdir = $(PREFIX)") + ;; Choose standard directories notably so that binaries are + ;; stripped. + (("pkgbackenddir = \\$\\(CUPS_SERVERBIN\\)/backend") + "pkgbackenddir = $(PREFIX)/lib/cups/backend") + (("pkgfilterdir = \\$\\(CUPS_SERVERBIN\\)/filter") + "pkgfilterdir = $(PREFIX)/lib/cups/filter")) + ;; Find bannertopdf data such as the print test page in our + ;; output directory, not CUPS's prefix. + (substitute* "configure" + (("\\{CUPS_DATADIR\\}/data") + "{prefix}/share/cups/data")))))) (build-system gnu-build-system) (arguments `(#:make-flags (list (string-append "PREFIX=" %output)) @@ -74,16 +88,20 @@ `(,(string-append "--with-test-font-path=" (assoc-ref %build-inputs "font-dejavu") "/share/fonts/truetype/DejaVuSans.ttf") + ,(string-append "--with-gs-path=" + (assoc-ref %build-inputs "ghostscript") + "/bin/gsc") ,(string-append "--with-rcdir=" (assoc-ref %outputs "out") "/etc/rc.d")))) (native-inputs `(("glib" ,glib "bin") ; for gdbus-codegen ("pkg-config" ,pkg-config))) (inputs - `(("fontconfig" ,fontconfig) + `(("avahi" ,avahi) + ("fontconfig" ,fontconfig) ("freetype" ,freetype) ("font-dejavu" ,font-dejavu) ;needed by test suite - ("ghostscript" ,ghostscript) + ("ghostscript" ,(force ghostscript/cups)) ("ijs" ,ijs) ("dbus" ,dbus) ("lcms" ,lcms) @@ -94,7 +112,7 @@ ("qpdf" ,qpdf) ("poppler" ,poppler) ("cups-minimal" ,cups-minimal))) - (home-page "http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters") + (home-page "https://wiki.linuxfoundation.org/openprinting/cups-filters") (synopsis "OpenPrinting CUPS filters and backends") (description "Contains backends, filters, and other software that was once part of the @@ -116,14 +134,18 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.") (define-public cups-minimal (package (name "cups-minimal") - (version "2.1.0") + (version "2.1.4") (source (origin (method url-fetch) - (uri (string-append "http://www.cups.org/software/" - version "/cups-" version "-source.tar.bz2")) + (uri (list (string-append "https://www.cups.org/software/" + version "/cups-" + version "-source.tar.gz") + (string-append "https://github.com/apple/cups/releases" + "/download/release-" version + "/cups-" version "-source.tar.gz"))) (sha256 (base32 - "1jfjqsw9l7jbn5kb9i96k0wj12kjdbgx0rd8157dif22hi0kh0ms")))) + "13bjxw256wd1nff22vj2z25mdhllj2h6d9xypsg55b40661zs52b")))) (build-system gnu-build-system) (arguments `(#:configure-flags @@ -151,7 +173,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.") (inputs `(("zlib" ,zlib) ("gnutls" ,gnutls))) - (home-page "http://www.cups.org") + (home-page "https://www.cups.org") (synopsis "The Common Unix Printing System") (description "CUPS is a printing system that uses the Internet Printing @@ -178,122 +200,116 @@ device-specific programs to convert and print many types of files.") '("--disable-launchd" "--disable-systemd") #:phases - (alist-cons-before - 'configure - 'patch-makedefs - (lambda _ - (substitute* "Makedefs.in" - (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@") - (("/bin/sh") (which "sh")))) - (alist-cons-before - 'check - 'patch-tests - (lambda _ - (let ((filters (assoc-ref %build-inputs "cups-filters")) - (catpath (string-append - (assoc-ref %build-inputs "coreutils") "/bin/")) - (testdir (string-append (getcwd) "/tmp/"))) - (mkdir testdir) - (substitute* "test/run-stp-tests.sh" - ((" *BASE=/tmp/") (string-append "BASE=" testdir)) + (modify-phases %standard-phases + (add-before 'configure 'patch-makedefs + (lambda _ + (substitute* "Makedefs.in" + (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@") + (("/bin/sh") (which "sh"))))) + (add-before 'check 'patch-tests + (lambda _ + (let ((filters (assoc-ref %build-inputs "cups-filters")) + (catpath (string-append + (assoc-ref %build-inputs "coreutils") "/bin/")) + (testdir (string-append (getcwd) "/tmp/"))) + (mkdir testdir) + (substitute* "test/run-stp-tests.sh" + ((" *BASE=/tmp/") (string-append "BASE=" testdir)) - ;; allow installation of filters from output dir and from - ;; cups-filters - (("for dir in /usr/libexec/cups/filter /usr/lib/cups/filter") - (string-append - "for dir in " - (assoc-ref %outputs "out") "/lib/cups/filter " - filters "/lib/cups/filter")) + ;; allow installation of filters from output dir and from + ;; cups-filters + (("for dir in /usr/libexec/cups/filter /usr/lib/cups/filter") + (string-append + "for dir in " + (assoc-ref %outputs "out") "/lib/cups/filter " + filters "/lib/cups/filter")) - ;; check for charsets in cups-filters output - (("/usr/share/cups/charsets") - (string-append filters "/share/cups/charsets")) + ;; check for charsets in cups-filters output + (("/usr/share/cups/charsets") + (string-append filters "/share/cups/charsets")) - ;; install additional required filters - (("instfilter texttopdf texttopdf pdf") - (string-append - "instfilter texttopdf texttopdf pdf;" - "instfilter imagetoraster imagetoraster raster;" - "instfilter gstoraster gstoraster raster;" - "instfilter urftopdf urftopdf pdf;" - "instfilter rastertopdf rastertopdf pdf;" - "instfilter pstopdf pstopdf pdf")) + ;; install additional required filters + (("instfilter texttopdf texttopdf pdf") + (string-append + "instfilter texttopdf texttopdf pdf;" + "instfilter imagetoraster imagetoraster raster;" + "instfilter gstoraster gstoraster raster;" + "instfilter urftopdf urftopdf pdf;" + "instfilter rastertopdf rastertopdf pdf;" + "instfilter pstopdf pstopdf pdf")) - ;; specify location of lpstat binary - (("description=\"`lpstat -l") - "description=\"`../systemv/lpstat -l") + ;; specify location of lpstat binary + (("description=\"`lpstat -l") + "description=\"`../systemv/lpstat -l") - ;; patch shebangs of embedded scripts - (("#!/bin/sh") (string-append "#!" (which "sh"))) + ;; patch shebangs of embedded scripts + (("#!/bin/sh") (string-append "#!" (which "sh"))) - ;; also link mime definitions from cups-filters - ;; to enable the additional filters for the test suite - (("ln -s \\$root/conf/mime\\.types") - (string-append - "ln -s " filters - "/share/cups/mime/cupsfilters.types $BASE/share/mime; " - "ln -s $root/conf/mime.types")) - (("ln -s \\$root/conf/mime\\.convs") - (string-append - "ln -s " filters - "/share/cups/mime/cupsfilters.convs $BASE/share/mime; " - "ln -s $root/conf/mime.convs"))) + ;; also link mime definitions from cups-filters + ;; to enable the additional filters for the test suite + (("ln -s \\$root/conf/mime\\.types") + (string-append + "ln -s " filters + "/share/cups/mime/cupsfilters.types $BASE/share/mime; " + "ln -s $root/conf/mime.types")) + (("ln -s \\$root/conf/mime\\.convs") + (string-append + "ln -s " filters + "/share/cups/mime/cupsfilters.convs $BASE/share/mime; " + "ln -s $root/conf/mime.convs"))) - ;; fix search path for "cat" - (substitute* "cups/testfile.c" - (("cupsFileFind\\(\"cat\", \"/bin\"") - (string-append "cupsFileFind(\"cat\", \"" catpath "\"")) - (("cupsFileFind\\(\"cat\", \"/bin:/usr/bin\"") - (string-append "cupsFileFind(\"cat\", \"" catpath "\""))))) - (alist-cons-after - 'install - 'install-cups-filters-symlinks - (lambda* (#:key inputs outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out")) - (cups-filters (assoc-ref inputs "cups-filters"))) - ;; charsets - (symlink - (string-append cups-filters "/share/cups/charsets") - (string-append out "/share/charsets")) + ;; fix search path for "cat" + (substitute* "cups/testfile.c" + (("cupsFileFind\\(\"cat\", \"/bin\"") + (string-append "cupsFileFind(\"cat\", \"" catpath "\"")) + (("cupsFileFind\\(\"cat\", \"/bin:/usr/bin\"") + (string-append "cupsFileFind(\"cat\", \"" catpath "\"")))))) + (add-after 'install 'install-cups-filters-symlinks + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (cups-filters (assoc-ref inputs "cups-filters"))) + ;; charsets + (symlink + (string-append cups-filters "/share/cups/charsets") + (string-append out "/share/charsets")) - ;; mime types, driver file, ppds - (for-each - (lambda (f) - (symlink (string-append cups-filters f) - (string-append out f))) - '("/share/cups/mime/cupsfilters.types" - "/share/cups/mime/cupsfilters.convs" - "/share/cups/drv/cupsfilters.drv" - "/share/ppd")) + ;; mime types, driver file, ppds + (for-each + (lambda (f) + (symlink (string-append cups-filters f) + (string-append out f))) + '("/share/cups/mime/cupsfilters.types" + "/share/cups/mime/cupsfilters.convs" + "/share/cups/drv/cupsfilters.drv" + "/share/ppd")) - ;; filters - (for-each - (lambda (f) - (symlink f - (string-append out "/lib/cups/filter" (basename f)))) - (find-files (string-append cups-filters "/lib/cups/filter"))) + ;; filters + (for-each + (lambda (f) + (symlink f + (string-append out "/lib/cups/filter" (basename f)))) + (find-files (string-append cups-filters "/lib/cups/filter"))) - ;; backends - (for-each - (lambda (f) - (symlink (string-append cups-filters f) - (string-append out "/lib/cups/backend/" - (basename f)))) - '("/lib/cups/backend/parallel" - "/lib/cups/backend/serial")) + ;; backends + (for-each + (lambda (f) + (symlink (string-append cups-filters f) + (string-append out "/lib/cups/backend/" + (basename f)))) + '("/lib/cups/backend/parallel" + "/lib/cups/backend/serial")) - ;; banners - (let ((banners "/share/cups/banners")) - (delete-file-recursively (string-append out banners)) - (symlink (string-append cups-filters banners) - (string-append out banners))) + ;; banners + (let ((banners "/share/cups/banners")) + (delete-file-recursively (string-append out banners)) + (symlink (string-append cups-filters banners) + (string-append out banners))) - ;; assorted data - (let ((data "/share/cups/data")) - (delete-file-recursively (string-append out data)) - (symlink (string-append cups-filters data) - (string-append out data))))) - %standard-phases))))) + ;; assorted data + (let ((data "/share/cups/data")) + (delete-file-recursively (string-append out data)) + (symlink (string-append cups-filters data) + (string-append out data))))))))) (inputs `(("avahi" ,avahi) ("gnutls" ,gnutls) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 5cd80868f7..b267497c7c 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -40,15 +40,14 @@ (define-public curl (package (name "curl") - (replacement curl-7.50.3) - (version "7.47.0") + (version "7.50.3") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.lzma")) (sha256 (base32 - "1n284wdqzwb4bkmv0fnh36zl6lhlzy3clw2b7pn28kpgdy09ly7p")))) + "1spmk0345hq0sgpwxs8d410268lmg3wf1x9v23hxff7wxki5fm4c")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.2 MiB of man3 pages @@ -84,10 +83,6 @@ (lambda _ (substitute* "tests/runtests.pl" (("/bin/sh") (which "sh"))) - ;; Test #1135 requires extern-scan.pl, which is not part of the - ;; tarball due to a mistake. It has been fixed upstream. We can - ;; simply disable the test as it is specific to VMS and OS/400. - (delete-file "tests/data/test1135") ;; XXX FIXME: Test #1510 seems to work on some machines and not ;; others, possibly based on the kernel version. It works on GuixSD @@ -124,16 +119,3 @@ tunneling, and so on.") (license (license:non-copyleft "file://COPYING" "See COPYING in the distribution.")) (home-page "http://curl.haxx.se/"))) - -(define curl-7.50.3 - (package - (inherit curl) - (source - (let ((version "7.50.3")) - (origin - (method url-fetch) - (uri (string-append "https://curl.haxx.se/download/curl-" - version ".tar.lzma")) - (sha256 - (base32 - "1spmk0345hq0sgpwxs8d410268lmg3wf1x9v23hxff7wxki5fm4c"))))))) diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 902b3f32fa..5219766133 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -91,7 +91,7 @@ ("python" ,python-2) ("autoconf" ,autoconf) ("automake" ,automake) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("libtool" ,libtool) ("pcre" ,pcre "bin") ;for 'pcre-config' ("pkg-config" ,pkg-config))) @@ -405,7 +405,24 @@ pictures, sounds, or video.") #:configure-flags (list (string-append "--with-bash-headers=" (assoc-ref %build-inputs "bash:include") - "/include/bash")))) + "/include/bash")) + + #:phases (modify-phases %standard-phases + (add-before 'build 'set-bash4.4-header-location + (lambda _ + (substitute* "bash/Makefile.in" + ;; Adjust the header search path for Bash + ;; 4.4 in accordance with 'bash.pc'. + (("AM_CPPFLAGS = (.*)$" _ rest) + (string-append "AM_CPPFLAGS = " + "-I$(BASH_HEADERS)/include " + rest)) + + ;; Install to PREFIX/lib/bash to match Bash + ;; 4.4's search path. + (("^libdir = .*$") + "libdir = @libdir@/bash\n")) + #t))))) (native-inputs `(("emacs" ,emacs-minimal) ("bc" ,bc) @@ -490,7 +507,7 @@ for example from a shell script.") (define-public sqlite (package (name "sqlite") - (version "3.12.2") + (version "3.14.1") (source (origin (method url-fetch) ;; TODO: Download from sqlite.org once this bug : @@ -521,15 +538,17 @@ for example from a shell script.") )) (sha256 (base32 - "1fwss0i2lixv39b27gkqiibdd2syym90wh3qbiaxnfgxk867f07x")))) + "19j73j44akqgc6m82wm98yvnmm3mfzmfqr8mp3n7n080d53q4wdw")))) (build-system gnu-build-system) (inputs `(("readline" ,readline))) (arguments `(#:configure-flags - ;; Add -DSQLITE_SECURE_DELETE and -DSQLITE_ENABLE_UNLOCK_NOTIFY to - ;; CFLAGS. GNU Icecat will refuse to use the system SQLite unless these - ;; options are enabled. - '("CFLAGS=-O2 -DSQLITE_SECURE_DELETE -DSQLITE_ENABLE_UNLOCK_NOTIFY"))) + ;; Add -DSQLITE_SECURE_DELETE, -DSQLITE_ENABLE_UNLOCK_NOTIFY and + ;; -DSQLITE_ENABLE_DBSTAT_VTAB to CFLAGS. GNU Icecat will refuse + ;; to use the system SQLite unless these options are enabled. + (list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE " + "-DSQLITE_ENABLE_UNLOCK_NOTIFY " + "-DSQLITE_ENABLE_DBSTAT_VTAB")))) (home-page "http://www.sqlite.org/") (synopsis "The SQLite database management system") (description diff --git a/gnu/packages/dav.scm b/gnu/packages/dav.scm index be6c40f4ba..ba56d0d852 100644 --- a/gnu/packages/dav.scm +++ b/gnu/packages/dav.scm @@ -34,6 +34,14 @@ (base32 "1c5lv8qca21mndkx350wxv34qypqh6gb4rhzms4anr642clq3jg2")))) (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'check + (lambda _ + (zero? (system* "py.test"))))))) + (native-inputs + `(("python-pytest" ,python-pytest))) (propagated-inputs ;; TODO: Add python-pam `(("python-requests" ,python-requests))) diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm index a3ace8ab16..e75eb081ed 100644 --- a/gnu/packages/disk.scm +++ b/gnu/packages/disk.scm @@ -72,7 +72,7 @@ ("readline" ,readline) ("util-linux" ,util-linux))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ;; For the tests. ("perl" ,perl) ("python" ,python-2))) @@ -97,7 +97,7 @@ tables. It includes a library and command-line utility.") "04nd7civ561x2lwcmxhsqbprml3178jfc58fy1v7hzqg5k4nbhy3")))) (build-system gnu-build-system) (inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("guile" ,guile-1.8) ("util-linux" ,util-linux) ("parted" ,parted))) @@ -123,7 +123,7 @@ tables, and it understands a variety of different formats.") "1izazbyv5n2d81qdym77i8mg9m870hiydmq4d0s51npx5vp8lk46")))) (build-system gnu-build-system) (inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("ncurses" ,ncurses) ("popt" ,popt) ("util-linux" ,util-linux))) ; libuuid diff --git a/gnu/packages/documentation.scm b/gnu/packages/documentation.scm index 080c0dba8e..bbc25e8797 100644 --- a/gnu/packages/documentation.scm +++ b/gnu/packages/documentation.scm @@ -126,7 +126,7 @@ and to some extent D.") (build-system gnu-build-system) (native-inputs `(("flex" ,flex) - ("gettext" ,gnu-gettext))) + ("gettext" ,gettext-minimal))) (home-page "http://docpp.sourceforge.net/") (synopsis "Documentation system for C, C++, IDL, and Java") (description diff --git a/gnu/packages/education.scm b/gnu/packages/education.scm index 14c1bac322..3a883079fe 100644 --- a/gnu/packages/education.scm +++ b/gnu/packages/education.scm @@ -59,7 +59,7 @@ ("zlib" ,zlib) ("qtserialport" ,qtserialport) ("qtscript" ,qtscript) - ("gettext" ,gnu-gettext))) + ("gettext" ,gettext-minimal))) (native-inputs `(("qtbase" ,qtbase) ;Qt MOC is needed at compile time ("qttools" ,qttools) diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm index dad38e0310..c8391f0798 100644 --- a/gnu/packages/engineering.scm +++ b/gnu/packages/engineering.scm @@ -233,8 +233,7 @@ optimizer; and it can produce photorealistic and design review images.") (build-system gnu-build-system) (native-inputs `(("texlive" ,texlive) - ("ghostscript" ,ghostscript) - ("ghostscript" ,ghostscript-gs))) + ("ghostscript" ,ghostscript))) (arguments `(#:make-flags '("CC=gcc" "RM=rm" "SHELL=sh" "all") #:parallel-build? #f @@ -444,7 +443,7 @@ ready for production.") `(("autoconf" ,autoconf) ("automake" ,automake) ("libtool" ,libtool) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("po4a" ,po4a) ("pkg-config" ,pkg-config))) (inputs diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm index e8bd387ef3..f642943892 100644 --- a/gnu/packages/enlightenment.scm +++ b/gnu/packages/enlightenment.scm @@ -209,7 +209,7 @@ Libraries with some extra bells and whistles.") (arguments `(#:configure-flags '("--enable-mount-eeze"))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) (inputs `(("alsa-lib" ,alsa-lib) diff --git a/gnu/packages/fcitx.scm b/gnu/packages/fcitx.scm index c89896eafe..dd8eead7fb 100644 --- a/gnu/packages/fcitx.scm +++ b/gnu/packages/fcitx.scm @@ -70,7 +70,7 @@ (inputs `(("dbus" ,dbus) ("enchant" ,enchant) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("gtk2" ,gtk+-2) ("gtk3" ,gtk+) ("icu4c" ,icu4c) diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index 90e9a70626..a6239877a0 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,14 +28,14 @@ (define-public file (package (name "file") - (version "5.25") + (version "5.28") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.astron.com/pub/file/file-" version ".tar.gz")) (sha256 (base32 - "1jhfi5mivdnqvry5la5q919l503ahwdwbf3hjhiv97znccakhd9p")))) + "04p0w9ggqq6cqvwhyni0flji1z0rwrz896hmhkxd2mc6dca5xjqf")))) (build-system gnu-build-system) ;; When cross-compiling, this package depends upon a native install of diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm index 20aff196e9..c2135a1bc0 100644 --- a/gnu/packages/flex.scm +++ b/gnu/packages/flex.scm @@ -36,6 +36,7 @@ (method url-fetch) (uri (string-append "mirror://sourceforge/flex/flex-" version ".tar.bz2")) + (patches (search-patches "flex-CVE-2016-6354.patch")) (sha256 (base32 "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4")))) diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm index c8642b72ae..22857e84b5 100644 --- a/gnu/packages/fonts.scm +++ b/gnu/packages/fonts.scm @@ -11,6 +11,7 @@ ;;; Copyright © 2016 Jookia <166291@gmail.com> ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2016 Dmitry Nikolaev <cameltheman@gmail.com> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -126,7 +127,7 @@ TrueType (TTF) files.") (define-public font-dejavu (package (name "font-dejavu") - (version "2.35") + (version "2.37") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/dejavu/dejavu/" @@ -134,7 +135,7 @@ TrueType (TTF) files.") version ".tar.bz2")) (sha256 (base32 - "122d35y93r820zhi6d7m9xhakdib10z51v63lnlg67qhhrardmzn")))) + "1mqpds24wfs5cmfhj57fsfs07mji2z8812i5c4pi5pbi738s977s")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index d6872d05fd..60cff2e330 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -223,15 +223,14 @@ fonts to/from the WOFF2 format.") (define-public fontconfig (package (name "fontconfig") - (replacement fontconfig/fixed) - (version "2.11.94") + (version "2.12.1") (source (origin (method url-fetch) (uri (string-append "https://www.freedesktop.org/software/fontconfig/release/fontconfig-" version ".tar.bz2")) (sha256 (base32 - "1psrl4b4gi4wmbvwwh43lk491wsl8lgvqj146prlcha3vwjc0qyp")))) + "1wy7svvp7df6bjpg1m5vizb3ngd7rhb20vpclv3x3qa71khs6jdl")))) (build-system gnu-build-system) (propagated-inputs `(("expat" ,expat) ("freetype" ,freetype))) @@ -276,13 +275,6 @@ high quality, anti-aliased and subpixel rendered text on a display.") "See COPYING in the distribution.")) (home-page "http://www.freedesktop.org/wiki/Software/fontconfig"))) -(define fontconfig/fixed - (package - (inherit fontconfig) - (source (origin - (inherit (package-source fontconfig)) - (patches (search-patches "fontconfig-CVE-2016-5384.patch")))))) - (define-public t1lib (package (name "t1lib") @@ -529,7 +521,7 @@ definitions.") (inputs `(("cairo" ,cairo) ("fontconfig" ,fontconfig) ;dlopen'd ("freetype" ,freetype) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("glib" ,glib) ;needed for pango detection ("libICE" ,libice) ("libSM" ,libsm) diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm index 84154b309b..4bef23c1ae 100644 --- a/gnu/packages/freedesktop.scm +++ b/gnu/packages/freedesktop.scm @@ -191,7 +191,7 @@ the freedesktop.org XDG Base Directory specification.") "/libexec/elogind/elogind\n")))))))) (native-inputs `(("intltool" ,intltool) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("docbook-xsl" ,docbook-xsl) ("docbook-xml" ,docbook-xml) ("xsltproc" ,libxslt) diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index 17ca12bce6..e4c34d08a5 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -160,7 +160,7 @@ representation of the playing board.") ("libx11" ,libx11) ("guile" ,guile-2.0) ("gtkglext" ,gtkglext))) - (native-inputs `(("gettext" ,gnu-gettext) + (native-inputs `(("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) (home-page "https://www.gnu.org/software/gnubik/") (synopsis "3d Rubik's cube game") @@ -358,7 +358,7 @@ interface or via an external visual interface such as GNU XBoard.") "08c51imfjfcydm7h0va09z8qfw5nc837bi2x754ni2z737hb5kw2")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--disable-embedded-resources"))) - (native-inputs `(("gettext" ,gnu-gettext) + (native-inputs `(("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) (inputs `(("sdl" ,sdl) ("sdl-image" ,sdl-image) @@ -729,7 +729,7 @@ match, cannon keep, and grave-itation pit.") ("freetype" ,(@ (gnu packages fontutils) freetype)) ("curl" ,curl) ("luajit" ,luajit) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("sqlite" ,sqlite))) (propagated-inputs `(("minetest-data" ,minetest-data))) @@ -1027,7 +1027,7 @@ falling, themeable graphics and sounds, and replays.") ;; cc1plus: all warnings being treated as errors '("-DENABLE_STRICT_COMPILATION=OFF"))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) (inputs `(("boost" ,boost) @@ -2550,7 +2550,7 @@ safety of the Chromium vessel.") (inputs `(("cairo" ,cairo) ("fribidi" ,fribidi) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("libpng" ,libpng) ("librsvg" ,librsvg) ("libpaper" ,libpaper) @@ -2646,7 +2646,7 @@ with the \"Stamp\" tool within Tux Paint.") "1z12s46mvy87qs3vgq9m0ki9pp21zqc52mmgphahpihw3s7haf6v")))) (build-system gnu-build-system) (native-inputs - `(("gettext" ,gnu-gettext))) + `(("gettext" ,gettext-minimal))) (inputs `(("fltk" ,fltk) ("libpaper" ,libpaper) diff --git a/gnu/packages/gawk.scm b/gnu/packages/gawk.scm index c6d322b708..86f01335a8 100644 --- a/gnu/packages/gawk.scm +++ b/gnu/packages/gawk.scm @@ -29,37 +29,49 @@ (define-public gawk (package (name "gawk") - (version "4.1.3") + (version "4.1.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gawk/gawk-" version ".tar.xz")) (sha256 - (base32 "09d6pmx6h3i2glafm0jd1v1iyrs03vcyv2rkz12jisii3vlmbkz3")) - (patches (search-patches "gawk-fts-test.patch")))) + (base32 "0rn2mmjxm767zliqzd67j7h2ncjn4j0321c60y9fy3grs3i89qak")))) (build-system gnu-build-system) (arguments `(#:parallel-tests? #f ; test suite fails in parallel - #:phases (alist-cons-before - 'configure 'set-shell-file-name - (lambda* (#:key inputs #:allow-other-keys) - ;; Refer to the right shell. - (let ((bash (assoc-ref inputs "bash"))) - (substitute* "io.c" - (("/bin/sh") - (string-append bash "/bin/bash"))) + #:phases (modify-phases %standard-phases + (add-before 'configure 'set-shell-file-name + (lambda* (#:key inputs #:allow-other-keys) + ;; Refer to the right shell. + (let ((bash (assoc-ref inputs "bash"))) + (substitute* "io.c" + (("/bin/sh") + (string-append bash "/bin/bash"))) - ;; When cross-compiling, remove dependencies on the - ;; `check-for-shared-lib-support' target, which tries to - ;; run the cross-built `gawk'. - ,@(if (%current-target-system) - '((substitute* "extension/Makefile.in" - (("^.*: check-for-shared-lib-support" match) - (string-append "### " match)))) - '()))) + ;; When cross-compiling, remove dependencies on the + ;; `check-for-shared-lib-support' target, which tries + ;; to run the cross-built `gawk'. + ,@(if (%current-target-system) + '((substitute* "extension/Makefile.in" + (("^.*: check-for-shared-lib-support" match) + (string-append "### " match)))) + '())))) + + (add-before 'check 'adjust-test-infrastructure + (lambda _ + ;; Remove dependency on 'more' (from util-linux), which + ;; would needlessly complicate bootstrapping. + (substitute* "test/Makefile" + (("\\| more") "")) + + ;; Adjust the shebang in that file since it is then diff'd + ;; against the actual test output. + (substitute* "test/watchpoint1.ok" + (("#! /usr/bin/gawk") + (string-append "#!" (which "gawk")))) + #t))))) - %standard-phases))) (inputs `(("libsigsegv" ,libsigsegv) ,@(if (%current-target-system) diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index c961c84fca..bed277b1e0 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -3,7 +3,7 @@ ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr> -;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -40,6 +40,7 @@ #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) #:use-module (guix utils) + #:use-module (srfi srfi-1) #:use-module (ice-9 regex)) (define %gcc-infrastructure @@ -328,32 +329,38 @@ Go. It also includes runtime support libraries for these languages.") (sha256 (base32 "08yggr18v373a1ihj0rg2vd6psnic42b518xcgp3r9k81xz1xyr2")) - (patches (search-patches "gcc-arm-link-spec-fix.patch")))))) + (patches (search-patches "gcc-arm-link-spec-fix.patch")))) + + ;; Texinfo 6.3 fails to build the manual: + ;; ../../gcc-4.8.5/gcc/doc/gcc.texi:208: no matching `@end tex' + ;; Use an older one. + (native-inputs `(("texinfo" ,texinfo-5))))) (define-public gcc-4.9 - (package (inherit gcc-4.8) - (version "4.9.3") + (package (inherit gcc-4.7) + (version "4.9.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gcc/gcc-" version "/gcc-" version ".tar.bz2")) (sha256 (base32 - "0zmnm00d2a1hsd41g34bhvxzvxisa2l584q3p447bd91lfjv4ci3")) - (patches (search-patches "gcc-libvtv-runpath.patch")))))) + "14l06m7nvcvb0igkbip58x59w3nq6315k6jcz3wr9ch1rn9d44bc")) + (patches (search-patches "gcc-arm-bug-71399.patch" + "gcc-libvtv-runpath.patch")))))) (define-public gcc-5 ;; Note: GCC >= 5 ships with .info files but 'make install' fails to install ;; them in a VPATH build. (package (inherit gcc-4.9) - (version "5.3.0") + (version "5.4.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gcc/gcc-" version "/gcc-" version ".tar.bz2")) (sha256 (base32 - "1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq")) + "0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0")) (patches (search-patches "gcc-5.0-libvtv-runpath.patch")))))) (define-public gcc-6 @@ -724,7 +731,8 @@ as the 'native-search-paths' field." name "-" version ".tar.gz"))) (sha256 (base32 - "13d9cqa5rzhbjq0xf0b2dyxag7pqa72xj9dhsa03m8ccr1a4npq9")))) + "13d9cqa5rzhbjq0xf0b2dyxag7pqa72xj9dhsa03m8ccr1a4npq9")) + (patches (search-patches "isl-0.11.1-aarch64-support.patch")))) (build-system gnu-build-system) (inputs `(("gmp" ,gmp))) (home-page "http://isl.gforge.inria.fr/") diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm index bf38543178..26ab6777fe 100644 --- a/gnu/packages/gettext.scm +++ b/gnu/packages/gettext.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016 Alex Kost <alezost@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,28 +28,23 @@ #:use-module (guix build-system gnu) #:use-module (guix build-system perl) #:use-module (gnu packages docbook) + #:use-module (gnu packages emacs) #:use-module (gnu packages perl) #:use-module (gnu packages tex) - #:use-module (gnu packages xml)) + #:use-module (gnu packages xml) + #:use-module (guix utils)) -;; Use that name to avoid clashes with Guile's 'gettext' procedure. -;; -;; We used to resort to #:renamer on the user side, but that prevented -;; circular dependencies involving (gnu packages gettext). This is because -;; 'resolve-interface' (as of Guile 2.0.9) iterates eagerly over the used -;; module when there's a #:renamer, and that module may be empty at that point -;; in case or circular dependencies. -(define-public gnu-gettext +(define-public gettext-minimal (package - (name "gettext") - (version "0.19.8") + (name "gettext-minimal") + (version "0.19.8.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gettext/gettext-" version ".tar.gz")) (sha256 (base32 - "13ylc6n3hsk919c7xl0yyibc3pfddzb53avdykn4hmk8g6yzd91x")))) + "0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;8 MiB of HTML @@ -90,15 +86,41 @@ ;; When tests fail, we want to know the details. #:make-flags '("VERBOSE=yes"))) (home-page "http://www.gnu.org/software/gettext/") - (synopsis "Tools and documentation for translation") + (synopsis + "Tools and documentation for translation (used to build other packages)") (description "GNU Gettext is a package providing a framework for translating the textual output of programs into multiple languages. It provides translators -with the means to create message catalogs, as well as an Emacs mode to work -with them, and a runtime library to load translated messages from the -catalogs. Nearly all GNU packages use Gettext.") +with the means to create message catalogs, and a runtime library to load +translated messages from the catalogs. Nearly all GNU packages use Gettext.") (license gpl3+))) ;some files are under GPLv2+ +;; Use that name to avoid clashes with Guile's 'gettext' procedure. +;; +;; We used to resort to #:renamer on the user side, but that prevented +;; circular dependencies involving (gnu packages gettext). This is because +;; 'resolve-interface' (as of Guile 2.0.9) iterates eagerly over the used +;; module when there's a #:renamer, and that module may be empty at that point +;; in case or circular dependencies. +(define-public gnu-gettext + (package + (inherit gettext-minimal) + (name "gettext") + (arguments + (substitute-keyword-arguments (package-arguments gettext-minimal) + ((#:phases phases) + `(modify-phases ,phases + (add-after 'install 'add-emacs-autoloads + (lambda* (#:key outputs #:allow-other-keys) + ;; Make 'po-mode' and other things available by default. + (with-directory-excursion + (string-append (assoc-ref outputs "out") + "/share/emacs/site-lisp") + (symlink "start-po.el" "gettext-autoloads.el") + #t))))))) + (native-inputs `(("emacs" ,emacs-minimal))) ; for Emacs tools + (synopsis "Tools and documentation for translation"))) + (define-public po4a (package (name "po4a") @@ -140,7 +162,7 @@ catalogs. Nearly all GNU packages use Gettext.") (find-files bin "\\.*$")) #t)))))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("perl-module-build" ,perl-module-build) ("docbook-xsl" ,docbook-xsl) ("docbook-xml" ,docbook-xml) ;for tests diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 09b10f7741..87e4d0e3f2 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -127,7 +127,6 @@ printing, and psresize, for adjusting page sizes.") (package (name "ghostscript") (version "9.14.0") - (replacement ghostscript/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-" @@ -135,7 +134,12 @@ printing, and psresize, for adjusting page sizes.") (sha256 (base32 "0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1")) - (patches (search-patches "ghostscript-CVE-2015-3228.patch" + (patches (search-patches "ghostscript-CVE-2013-5653.patch" + "ghostscript-CVE-2015-3228.patch" + "ghostscript-CVE-2016-7976.patch" + "ghostscript-CVE-2016-7978.patch" + "ghostscript-CVE-2016-7979.patch" + "ghostscript-CVE-2016-8602.patch" "ghostscript-runpath.patch")) (modules '((guix build utils))) (snippet @@ -183,7 +187,12 @@ printing, and psresize, for adjusting page sizes.") (number->string (parallel-job-count)))))) (replace 'install (lambda _ - (zero? (system* "make" "soinstall"))))))) + (zero? (system* "make" "soinstall")))) + (add-after 'install 'create-gs-symlink + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + ;; some programs depend on having a 'gs' binary available + (symlink "gsc" (string-append out "/bin/gs")))))))) (synopsis "PostScript and PDF interpreter") (description "Ghostscript is an interpreter for the PostScript language and the PDF @@ -193,61 +202,13 @@ output file formats and printers.") (license license:agpl3+) (home-page "http://www.gnu.org/software/ghostscript/"))) -(define ghostscript/fixed - (package - (inherit ghostscript) - (replacement #f) ; Prevent ghostscript/x from inheriting the replacement - (source (origin - (inherit (package-source ghostscript)) - (patches (search-patches "ghostscript-CVE-2013-5653.patch" - "ghostscript-CVE-2015-3228.patch" - "ghostscript-CVE-2016-7976.patch" - "ghostscript-CVE-2016-7978.patch" - "ghostscript-CVE-2016-7979.patch" - "ghostscript-CVE-2016-8602.patch" - "ghostscript-runpath.patch")))))) - (define-public ghostscript/x - (package (inherit ghostscript/fixed) + (package (inherit ghostscript) (name (string-append (package-name ghostscript) "-with-x")) (inputs `(("libxext" ,libxext) ("libxt" ,libxt) ,@(package-inputs ghostscript))))) -(define (ghostscript-wrapper name ghostscript) - ;; Return a GHOSTSCRIPT wrapper that provides the 'gs' command. - ;; See <https://lists.gnu.org/archive/html/guix-devel/2016-07/msg00987.html>. - (package - (name name) - (version (package-version ghostscript)) - (source #f) - (build-system trivial-build-system) - (inputs `(("ghostscript" ,ghostscript))) - (arguments - `(#:modules ((guix build utils)) - #:builder (begin - (use-modules (guix build utils)) - - (let* ((out (assoc-ref %outputs "out")) - (bin (string-append out "/bin")) - (gs (assoc-ref %build-inputs "ghostscript"))) - (mkdir-p bin) - (with-directory-excursion bin - (symlink (string-append gs "/bin/gsc") "gs") - #t))))) - (synopsis "Wrapper providing Ghostscript's 'gs' command") - (description - "This package provides the @command{gs} command, which used to be -provided by Ghostscript itself and no longer is.") - (license (package-license ghostscript)) - (home-page (package-home-page ghostscript)))) - -(define-public ghostscript-gs - (ghostscript-wrapper "ghostscript-gs" ghostscript)) - -(define-public ghostscript-gs/x - (ghostscript-wrapper "ghostscript-gs-with-x" ghostscript/x)) - (define-public ijs (package (name "ijs") diff --git a/gnu/packages/gkrellm.scm b/gnu/packages/gkrellm.scm index ed83186ae8..68853eb8fc 100644 --- a/gnu/packages/gkrellm.scm +++ b/gnu/packages/gkrellm.scm @@ -41,7 +41,7 @@ "12rc6zaa7kb60b9744lbrlfkxxfniprm6x0mispv63h4kh75navh")))) (build-system gnu-build-system) (inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("gtk+" ,gtk+-2) ("libice" ,libice) ("libsm" ,libsm))) diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm index a4ec3a3536..ee56998da7 100644 --- a/gnu/packages/gl.scm +++ b/gnu/packages/gl.scm @@ -195,7 +195,7 @@ also known as DXTn or DXTC) for Mesa.") (define-public mesa (package (name "mesa") - (version "11.0.9") + (version "12.0.1") (source (origin (method url-fetch) @@ -203,44 +203,50 @@ also known as DXTn or DXTC) for Mesa.") version "/mesa-" version ".tar.xz")) (sha256 (base32 - "009b3nq8ly5nzy9cxi9cxf4qasrhggjz0v0q87rwq5kaqvqjy9m1")))) + "12b3i59xdn2in2hchrkgh4fwij8zhznibx976l3pdj3qkyvlzcms")))) (build-system gnu-build-system) (propagated-inputs `(("glproto" ,glproto) ;; The following are in the Requires.private field of gl.pc. ("libdrm" ,libdrm) + ("libvdpau" ,libvdpau) ("libx11" ,libx11) ("libxdamage" ,libxdamage) ("libxfixes" ,libxfixes) ("libxshmfence" ,libxshmfence) ("libxxf86vm" ,libxxf86vm))) - ;; TODO: Add vdpau. (inputs - `(("udev" ,eudev) + `(("expat" ,expat) ("dri2proto" ,dri2proto) ("dri3proto" ,dri3proto) - ("presentproto" ,presentproto) - ("expat" ,expat) ("libva" ,(force libva-without-mesa)) ("libxml2" ,libxml2) ;; TODO: Add 'libxml2-python' for OpenGL ES 1.1 and 2.0 support ("libxvmc" ,libxvmc) ("makedepend" ,makedepend) - ("s2tc" ,s2tc))) + ("presentproto" ,presentproto) + ("s2tc" ,s2tc) + ("udev" ,eudev) + ("wayland" ,wayland))) (native-inputs - `(("pkg-config" ,pkg-config))) + `(("pkg-config" ,pkg-config) + ("python" ,python-2))) (arguments `(#:configure-flags '(;; drop r300 from default gallium drivers, as it requires llvm - "--with-gallium-drivers=r600,svga,swrast,nouveau" + "--with-gallium-drivers=r600,svga,swrast,nouveau,virgl" ;; Enable various optional features. TODO: opencl requires libclc, ;; omx requires libomxil-bellagio - "--with-egl-platforms=x11,drm" + "--with-egl-platforms=x11,drm,wayland" "--enable-glx-tls" ;Thread Local Storage, improves performance ;; "--enable-opencl" ;; "--enable-omx" "--enable-osmesa" "--enable-xa" + ;; features required by wayland + "--enable-gles2" + "--enable-gbm" + "--enable-shared-glapi" ;; on non-intel systems, drop i915 and i965 ;; from the default dri drivers @@ -249,41 +255,44 @@ also known as DXTn or DXTC) for Mesa.") '()) (_ '("--with-dri-drivers=nouveau,r200,radeon,swrast")))) - #:phases (alist-cons-after - 'unpack 'patch-create_test_cases - (lambda _ - (substitute* "src/glsl/tests/lower_jumps/create_test_cases.py" - (("/usr/bin/env bash") (which "bash")))) - (alist-cons-before - 'build 'fix-dlopen-libnames - (lambda* (#:key inputs outputs #:allow-other-keys) - (let ((s2tc (assoc-ref inputs "s2tc")) - (udev (assoc-ref inputs "udev")) - (out (assoc-ref outputs "out"))) - ;; Remain agnostic to .so.X.Y.Z versions while doing - ;; the substitutions so we're future-safe. - (substitute* - '("src/gallium/auxiliary/util/u_format_s3tc.c" - "src/mesa/main/texcompress_s3tc.c") - (("\"libtxc_dxtn\\.so") - (string-append "\"" s2tc "/lib/libtxc_dxtn.so"))) - (substitute* "src/loader/loader.c" - (("udev_handle = dlopen\\(name") - (string-append "udev_handle = dlopen(\"" - udev "/lib/libudev.so\""))) - (substitute* "src/glx/dri_common.c" - (("dlopen\\(\"libGL\\.so") - (string-append "dlopen(\"" out "/lib/libGL.so"))) - (substitute* "src/egl/drivers/dri2/egl_dri2.c" - (("\"libglapi\\.so") - (string-append "\"" out "/lib/libglapi.so"))) - (substitute* "src/gbm/main/backend.c" - ;; No need to patch the gbm_gallium_drm.so reference; - ;; it's never installed since Mesa removed its - ;; egl_gallium support. - (("\"gbm_dri\\.so") - (string-append "\"" out "/lib/dri/gbm_dri.so"))))) - %standard-phases)))) + #:phases + (modify-phases %standard-phases + (add-after + 'unpack 'patch-create_test_cases + (lambda _ + (substitute* "src/compiler/glsl/tests/lower_jumps/create_test_cases.py" + (("/usr/bin/env bash") (which "bash"))) + (substitute* "src/intel/genxml/gen_pack_header.py" + (("/usr/bin/env python2") (which "python"))))) + (add-before + 'build 'fix-dlopen-libnames + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((s2tc (assoc-ref inputs "s2tc")) + (udev (assoc-ref inputs "udev")) + (out (assoc-ref outputs "out"))) + ;; Remain agnostic to .so.X.Y.Z versions while doing + ;; the substitutions so we're future-safe. + (substitute* + '("src/gallium/auxiliary/util/u_format_s3tc.c" + "src/mesa/main/texcompress_s3tc.c") + (("\"libtxc_dxtn\\.so") + (string-append "\"" s2tc "/lib/libtxc_dxtn.so"))) + (substitute* "src/loader/loader.c" + (("udev_handle = dlopen\\(name") + (string-append "udev_handle = dlopen(\"" + udev "/lib/libudev.so\""))) + (substitute* "src/glx/dri_common.c" + (("dlopen\\(\"libGL\\.so") + (string-append "dlopen(\"" out "/lib/libGL.so"))) + (substitute* "src/egl/drivers/dri2/egl_dri2.c" + (("\"libglapi\\.so") + (string-append "\"" out "/lib/libglapi.so"))) + (substitute* "src/gbm/main/backend.c" + ;; No need to patch the gbm_gallium_drm.so reference; + ;; it's never installed since Mesa removed its + ;; egl_gallium support. + (("\"gbm_dri\\.so") + (string-append "\"" out "/lib/dri/gbm_dri.so"))))))))) (home-page "http://mesa3d.org/") (synopsis "OpenGL implementation") (description "Mesa is a free implementation of the OpenGL specification - @@ -459,32 +468,32 @@ OpenGL graphics API.") "1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037")))) (arguments `(#:phases - (alist-cons-after - 'unpack 'autoreconf - (lambda _ - (zero? (system* "autoreconf" "-vif"))) - (alist-cons-before - 'configure 'patch-paths - (lambda* (#:key inputs #:allow-other-keys) - (let ((python (assoc-ref inputs "python")) - (mesa (assoc-ref inputs "mesa"))) - (substitute* "src/gen_dispatch.py" - (("/usr/bin/env python") python)) - (substitute* (find-files "." "\\.[ch]$") - (("libGL.so.1") (string-append mesa "/lib/libGL.so.1")) - (("libEGL.so.1") (string-append mesa "/lib/libEGL.so.1"))) + (modify-phases %standard-phases + (add-after + 'unpack 'autoreconf + (lambda _ + (zero? (system* "autoreconf" "-vif")))) + (add-before + 'configure 'patch-paths + (lambda* (#:key inputs #:allow-other-keys) + (let ((python (assoc-ref inputs "python")) + (mesa (assoc-ref inputs "mesa"))) + (substitute* "src/gen_dispatch.py" + (("/usr/bin/env python") python)) + (substitute* (find-files "." "\\.[ch]$") + (("libGL.so.1") (string-append mesa "/lib/libGL.so.1")) + (("libEGL.so.1") (string-append mesa "/lib/libEGL.so.1"))) - ;; XXX On armhf systems, we must add "GLIBC_2.4" to the list of - ;; versions in test/dlwrap.c:dlwrap_real_dlsym. It would be - ;; better to make this a normal patch, but for now we do it here - ;; to prevent rebuilding on other platforms. - ,@(if (string-prefix? "arm" (or (%current-target-system) - (%current-system))) - '((substitute* '"test/dlwrap.c" - (("\"GLIBC_2\\.0\"") "\"GLIBC_2.0\", \"GLIBC_2.4\""))) - '()) - #t)) - %standard-phases)))) + ;; XXX On armhf systems, we must add "GLIBC_2.4" to the list of + ;; versions in test/dlwrap.c:dlwrap_real_dlsym. It would be + ;; better to make this a normal patch, but for now we do it here + ;; to prevent rebuilding on other platforms. + ,@(if (string-prefix? "arm" (or (%current-target-system) + (%current-system))) + '((substitute* '"test/dlwrap.c" + (("\"GLIBC_2\\.0\"") "\"GLIBC_2.0\", \"GLIBC_2.4\""))) + '()) + #t)))))) (build-system gnu-build-system) (native-inputs `(("autoconf" ,autoconf) diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index 802c809c26..9a1459ab09 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -65,7 +65,7 @@ (package (name "dbus") (replacement dbus-1.10.12) - (version "1.10.8") + (version "1.10.10") (source (origin (method url-fetch) (uri (string-append @@ -73,7 +73,7 @@ version ".tar.gz")) (sha256 (base32 - "0560y3hxpgh346w6avcrcz79c8ansmn771y5xpcvvlr6m8mx5wxs")) + "0hwsfczhx2djmc9116vj5v230i7gpjihwh3vbljs1ldlk831v3wx")) (patches (search-patches "dbus-helper-search-path.patch")))) (build-system gnu-build-system) (arguments @@ -139,6 +139,7 @@ shared NFS home directories.") (source (let ((version "1.10.12")) (origin + (method url-fetch) (inherit (package-source dbus)) (uri (string-append "https://dbus.freedesktop.org/releases/dbus/dbus-" @@ -150,7 +151,7 @@ shared NFS home directories.") (define glib (package (name "glib") - (version "2.48.0") + (version "2.48.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" @@ -158,7 +159,7 @@ shared NFS home directories.") name "-" version ".tar.xz")) (sha256 (base32 - "0d3w2hblrw7vvpx60l1kbvb830ygn3v8zhwdz65cc5593j9ycjvl")) + "1x6kwrk1zyd3csv0ca3pmwc4bnkc33agn95cds15h6nbi4apappj")) (patches (search-patches "glib-tests-timer.patch")))) (build-system gnu-build-system) (outputs '("out" ; everything @@ -172,7 +173,7 @@ shared NFS home directories.") ("zlib" ,zlib) ("tzdata" ,tzdata))) ; for tests/gdatetime.c (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("dbus" ,dbus) ; for GDBus tests ("pkg-config" ,pkg-config) ("python" ,python-wrapper) @@ -362,7 +363,7 @@ bindings to call into the C library.") (propagated-inputs `(;; Propagate gettext because users expect it to be there, and so does ;; the `intltool-update' script. - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("perl-xml-parser" ,perl-xml-parser) ("perl" ,perl))) @@ -443,7 +444,7 @@ translated.") (define dbus-glib (package (name "dbus-glib") - (version "0.104") + (version "0.106") (source (origin (method url-fetch) (uri @@ -451,7 +452,7 @@ translated.") version ".tar.gz")) (sha256 (base32 - "1xi1v1msz75qs0s4lkyf1psrksdppa3hwkg0mznc6gpw5flg3hdz")))) + "0in0i6v68ixcy0ip28i84hdczf10ykq9x682qgcvls6gdmq552dk")))) (build-system gnu-build-system) (propagated-inputs ; according to dbus-glib-1.pc `(("dbus" ,dbus) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 52d6cd4c82..a45f6589ac 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -243,7 +243,7 @@ commonly used macros.") (define-public gnome-desktop (package (name "gnome-desktop") - (version "3.20.1") + (version "3.20.2") (source (origin (method url-fetch) @@ -252,7 +252,7 @@ commonly used macros.") name "-" version ".tar.xz")) (sha256 (base32 - "0h6185lmkaf49dr43pb6gsb9yi25rc32n7dq5186hwln38mppb3f")))) + "1cp2c6q1ybirfq6rqyfj5lr5vyqdizy730bfg5jqnflcmakjsb29")))) (build-system gnu-build-system) (native-inputs `(("gobject-introspection" ,gobject-introspection) @@ -465,7 +465,7 @@ forgotten when the session ends.") (define-public evince (package (name "evince") - (version "3.20.0") + (version "3.20.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -473,7 +473,7 @@ forgotten when the session ends.") name "-" version ".tar.xz")) (sha256 (base32 - "1052lm4i5qq27sgk6ck5xc1cxh0qx4zzhifjhmzjlv38afj5i0yg")))) + "0m80s98k4i463dclpyk01fqb91cawbb6vvcz5vq2974k6qqc4ypw")))) (build-system glib-or-gtk-build-system) (arguments `(#:configure-flags '("--disable-nautilus") @@ -481,7 +481,15 @@ forgotten when the session ends.") ;; FIXME: Tests fail with: ;; ImportError: No module named gi.repository ;; Where should that module come from? - #:tests? #f)) + #:tests? #f + #:phases + (modify-phases %standard-phases + (add-before 'install 'skip-gtk-update-icon-cache + ;; Don't create 'icon-theme.cache'. + (lambda _ + (substitute* "data/Makefile" + (("gtk-update-icon-cache") "true")) + #t))))) (inputs `(("libspectre" ,libspectre) ("djvulibre" ,djvulibre) @@ -638,9 +646,14 @@ update-desktop-database: updates the database containing a cache of MIME types (base32 "0fjh9qmmgj34zlgxb09231ld7khys562qxbpsjlaplq2j85p57im")))) (build-system gnu-build-system) + (arguments + '(#:configure-flags + ;; Don't create 'icon-theme.cache'. + (let* ((coreutils (assoc-ref %build-inputs "coreutils")) + (true (string-append coreutils "/bin/true"))) + (list (string-append "GTK_UPDATE_ICON_CACHE=" true))))) (native-inputs - `(("gtk+" ,gtk+) ; for gtk-update-icon-cache - ("icon-naming-utils" ,icon-naming-utils) + `(("icon-naming-utils" ,icon-naming-utils) ("intltool" ,intltool) ("pkg-config" ,pkg-config))) (home-page "http://art.gnome.org/") @@ -662,7 +675,9 @@ update-desktop-database: updates the database containing a cache of MIME types name "-" version ".tar.xz")) (sha256 (base32 - "0ddfwwqx8s63qbqimmbb015lqsab4s0rvy1j81jdsh7k95rqh2ks")))))) + "0ddfwwqx8s63qbqimmbb015lqsab4s0rvy1j81jdsh7k95rqh2ks")))) + (native-inputs + `(("gtk-encode-symbolic-svg" ,gtk+ "bin"))))) (define-public shared-mime-info (package @@ -890,7 +905,7 @@ XML/CSS rendering engine.") (define-public libgsf (package (name "libgsf") - (version "1.14.36") + (version "1.14.40") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -898,7 +913,7 @@ XML/CSS rendering engine.") name "-" version ".tar.xz")) (sha256 (base32 - "0h19ssxzz0cmznwga2xy55kjibm24mwxqarnpd0w7xy0hrzm1dvi")))) + "1q2i5p9s5zw0y0502risykrzkfma7p24n3mmh244scjy9f4kh1im")))) (build-system gnu-build-system) (native-inputs `(("intltool" ,intltool) @@ -923,7 +938,7 @@ dealing with different structured file formats.") (define-public librsvg (package (name "librsvg") - (version "2.40.15") + (version "2.40.16") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -931,7 +946,7 @@ dealing with different structured file formats.") name "-" version ".tar.xz")) (sha256 (base32 - "1x05vd2llpmskq3prkp7kbpmshmpp9whj4kfl99ybipf4fhw9jnr")))) + "0bpz6gsq8xi1pb5k9ax6vinph460v14znch3y5yz167s0dmwz2yl")))) (build-system gnu-build-system) (arguments `(#:phases @@ -1478,14 +1493,14 @@ controls using the Bonobo component framework.") (define-public libwnck (package (name "libwnck") - (version "3.14.1") + (version "3.20.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" (version-major+minor version) "/" name "-" version ".tar.xz")) (sha256 - (base32 "1ymya8gkjygvg0i901wr3q6ihfqxx5yf4g4pb6fag2iw8af3qr5v")))) + (base32 "0wms3hli6y0b9l3cszq6maqi6fyy6kss9gryvzgmhw27phb3gc0w")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config) @@ -1524,14 +1539,14 @@ Hints specification (EWMH).") (define-public goffice (package (name "goffice") - (version "0.10.28") + (version "0.10.32") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" (version-major+minor version) "/" name "-" version ".tar.xz")) (sha256 - (base32 "12rsgxrixkfpk420gv026i74pnlgqjzsvm6vffrmih54w46hd3q6")))) + (base32 "1hvs5558x98yzm43dc3f93v596x45lfmv1vkp4jjgfagynlpvcq2")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;4.1 MiB of gtk-doc @@ -1589,7 +1604,7 @@ Hints specification (EWMH).") (define-public gnumeric (package (name "gnumeric") - (version "1.12.31") + (version "1.12.32") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -1597,7 +1612,7 @@ Hints specification (EWMH).") name "-" version ".tar.xz")) (sha256 (base32 - "1rvadlgikklwb6rccqc3rlhqv3m9qx27rchm7znxr062fn7fgb68")))) + "1s3dxvdwzmppsp2dfg90rccilf4hknhwjdy7lazr9sys58zchyx0")))) (build-system gnu-build-system) (arguments `(;; The gnumeric developers don't worry much about failing tests. @@ -1648,7 +1663,7 @@ engineering.") (define-public gnome-themes-standard (package (name "gnome-themes-standard") - (version "3.20") + (version "3.20.2") (source (origin (method url-fetch) @@ -1657,8 +1672,14 @@ engineering.") version ".tar.xz")) (sha256 (base32 - "1p1vvmzfky1ax3yv9ld10xgqwydhmglxpgq3skrfc4539nrq9phw")))) + "05br99z67f82i18nljpxnwssfnaqp7mph61w3hq0i44z5i5rq3cx")))) (build-system gnu-build-system) + (arguments + '(#:configure-flags + ;; Don't create 'icon-theme.cache'. + (let* ((coreutils (assoc-ref %build-inputs "coreutils")) + (true (string-append coreutils "/bin/true"))) + (list (string-append "GTK_UPDATE_ICON_CACHE=" true))))) (inputs `(("gtk+" ,gtk+) ("gtk+-2" ,gtk+-2) @@ -1714,7 +1735,7 @@ passwords in the GNOME keyring.") (define-public vala (package (name "vala") - (version "0.32.0") + (version "0.32.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -1722,7 +1743,7 @@ passwords in the GNOME keyring.") name "-" version ".tar.xz")) (sha256 (base32 - "0vpvq403vdd25irvgk7zibz3nw4x4i17m0dgnns8j1q4vr7am8h7")))) + "1ab1l44abf9fj1wznzq5956431ia136rl5049cggnk5393jlf3fx")))) (build-system gnu-build-system) (arguments '(#:phases @@ -1756,7 +1777,7 @@ libraries written in C.") (define-public vte (package (name "vte") - (version "0.44.1") + (version "0.44.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -1764,7 +1785,7 @@ libraries written in C.") name "-" version ".tar.xz")) (sha256 (base32 - "0kjxzqcwqxky0l7bl8ydn9hl6fm1f0k2pl91wbbhyq4z6d4dabbi")))) + "0j899ccrkzh7208w29c835m1yms0cas5cxkck8x6l4xv2i45ksm1")))) (build-system gnu-build-system) (arguments ;; XXX: fails to compile tests with the default flags. @@ -1930,7 +1951,7 @@ configuration storage systems.") (define-public json-glib (package (name "json-glib") - (version "1.2.0") + (version "1.2.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -1938,7 +1959,7 @@ configuration storage systems.") name "-" version ".tar.xz")) (sha256 (base32 - "1lx7p1c7cl21byvfgw92n8dhm09vi6qxrs0zkx9dg3y096zdzmlr")) + "08d6449sgnwfh92x8rhwsm03g8frv0mvp3s4wl3cskw25asql4pa")) (modules '((guix build utils))) (snippet ;; Don't duplicate test names. @@ -2037,7 +2058,7 @@ library.") (define-public glib-networking (package (name "glib-networking") - (version "2.48.1") + (version "2.48.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/glib-networking/" @@ -2045,7 +2066,7 @@ library.") name "-" version ".tar.xz")) (sha256 (base32 - "0jm4pr91kbq7rcyll08840zkagb9vfhhm2ymyrd1q0b0k2mj76fg")) + "111spcar6wbp6m0rdxzjscc7vfqx5nawscrfbxlvbf5jsr4hqp4j")) (patches (search-patches "glib-networking-ssl-cert-file.patch")))) (build-system gnu-build-system) @@ -2237,7 +2258,7 @@ and other secrets. It communicates with the \"Secret Service\" using DBus.") (define-public gnome-mines (package (name "gnome-mines") - (version "3.20.0") + (version "3.20.1") (source (origin (method url-fetch) @@ -2246,7 +2267,7 @@ and other secrets. It communicates with the \"Secret Service\" using DBus.") name "-" version ".tar.xz")) (sha256 (base32 - "19khp4ckqbdgk6828gprxy52fsg8klf957dnwsin75nskk8whxbp")))) + "0frb1r0f55giz7yqxl9920vvzqlirdivz54ygc9d85r8v63fh5aq")))) (build-system glib-or-gtk-build-system) (arguments '(#:phases @@ -2274,7 +2295,7 @@ floating in an ocean using only your brain and a little bit of luck.") (define-public gnome-sudoku (package (name "gnome-sudoku") - (version "3.20.0") + (version "3.20.5") (source (origin (method url-fetch) @@ -2283,7 +2304,7 @@ floating in an ocean using only your brain and a little bit of luck.") name "-" version ".tar.xz")) (sha256 (base32 - "1n8hp3pl56p9s0c5kldk11zg1vg7ykhgn3ndp8nf375h1q49ldh8")))) + "166bbv5k50v7pjp3wbl2rmxcmv1adwr14hxg5rw2ws8kams8151k")))) (build-system glib-or-gtk-build-system) (native-inputs `(("pkg-config" ,pkg-config) @@ -2309,7 +2330,7 @@ more fun.") (define-public gnome-terminal (package (name "gnome-terminal") - (version "3.20.1") + (version "3.20.2") (source (origin (method url-fetch) @@ -2318,7 +2339,7 @@ more fun.") name "-" version ".tar.xz")) (sha256 (base32 - "1508nm35znlfq9v1s2j4ypx5x608yq391c565b4hazxk2f5z9dwq")))) + "08ssch8h1y85wyhddkyr7ab4v8dnsn17z4ayyc5ff78gfdh30f7m")))) (build-system glib-or-gtk-build-system) (arguments '(#:configure-flags @@ -2560,7 +2581,7 @@ service via the system message bus.") (define-public libgweather (package (name "libgweather") - (version "3.20.0") + (version "3.20.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -2568,7 +2589,7 @@ service via the system message bus.") name "-" version ".tar.xz")) (sha256 (base32 - "1mmqg7wf0bhk450akyj0x71x75kh1v7j68isyivr75ydky79nqjj")))) + "15ycgvdvika57rhnb46j6pj1907nj5y5nyy7sgj0yvpjbqsiskzp")))) (build-system gnu-build-system) (arguments `(#:configure-flags @@ -2701,7 +2722,7 @@ playlists in a variety of formats.") (define-public aisleriot (package (name "aisleriot") - (version "3.20.1") + (version "3.20.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -2709,7 +2730,7 @@ playlists in a variety of formats.") name "-" version ".tar.xz")) (sha256 (base32 - "1nipky336jj81mhm8wwxp96zilgcrarihf95dnyj3r1pw8kpg7gy")))) + "0vhpi7bzm4gbraky1d3ma26rbwnylcqdakav82j67bpqd7f6n0v2")))) (build-system glib-or-gtk-build-system) (arguments '(#:configure-flags @@ -3048,7 +3069,7 @@ GNOME Games, but it may be used by others.") (define-public gnome-klotski (package (name "gnome-klotski") - (version "3.20.1") + (version "3.20.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -3056,7 +3077,7 @@ GNOME Games, but it may be used by others.") name "-" version ".tar.xz")) (sha256 (base32 - "1130v6sk9h74b3xgv0bq43anaw7xs9x8vdab3q7p9db6w0px02wj")))) + "14w40a1gjlg4l1vhcy0qcf3scmwm2v3vhxnxj269pfqlv8s7alaw")))) (build-system glib-or-gtk-build-system) (native-inputs `(("desktop-file-utils" ,desktop-file-utils) @@ -3352,7 +3373,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.") (define-public eog (package (name "eog") - (version "3.20.1") + (version "3.20.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -3360,7 +3381,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.") name "-" version ".tar.xz")) (sha256 (base32 - "0ll3vz1kyjagiqmrpypk1a4nwjhrjsapiz45bxblsjxjy641j0jg")))) + "1qsv3brhi8l8fr22nd3d0fwq5xhwspqw0bammhkkq3ga0z6791wn")))) (build-system glib-or-gtk-build-system) (arguments `(#:phases @@ -3547,7 +3568,7 @@ USB transfers with your high-level application or system daemon.") ("gusb" ,gusb) ("libsane" ,sane-backends))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("itstool" ,itstool) ("colord" ,colord) ("glib" ,glib "bin") ; glib-compile-schemas, etc. @@ -3856,7 +3877,7 @@ metadata in photo and video files of various formats.") (native-inputs `(("pkg-config" ,pkg-config) ("itstool" ,itstool) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("itstool" ,itstool) ("vala" ,vala))) (inputs @@ -3895,6 +3916,15 @@ share them with others via social networking and more.") (base32 "1sa46vjx78d670m6bikpibgz39a5zb6ri8yjmj632lmxqvj2sp3b")))) (build-system glib-or-gtk-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (add-before 'install 'skip-gtk-update-icon-cache + (lambda _ + ;; Don't create 'icon-theme.cache' + (substitute* (find-files "data" "^Makefile$") + (("gtk-update-icon-cache") (which "true"))) + #t))))) (native-inputs `(("intltool" ,intltool) ("pkg-config" ,pkg-config))) @@ -4050,7 +4080,7 @@ javascript engine and the GObject introspection framework.") (define-public gedit (package (name "gedit") - (version "3.20.1") + (version "3.20.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -4058,7 +4088,7 @@ javascript engine and the GObject introspection framework.") name "-" version ".tar.xz")) (sha256 (base32 - "1i0x1jd9x1vpv8lwdlzwf0ml8jxh3b3l6nlg6pbnfjw47w3y6iws")))) + "1y330hanqfld3kssf77wfphah2qpfg17pa109spsbm50f5m2g89j")))) (build-system glib-or-gtk-build-system) (arguments `(#:configure-flags '("--disable-spell") ; XXX: gspell not packaged yet @@ -4121,7 +4151,7 @@ powerful general purpose text editor.") "0j2sy6imwp41l75hy3fwr68n35drvanbwgmr42kc04zqjy9pbs02")))) (build-system gnu-build-system) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("itstool" ,itstool) ("pkg-config" ,pkg-config))) (inputs @@ -4137,7 +4167,7 @@ to display dialog boxes from the commandline and shell scripts.") (define-public mutter (package (name "mutter") - (version "3.20.1") + (version "3.20.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -4145,7 +4175,7 @@ to display dialog boxes from the commandline and shell scripts.") name "-" version ".tar.xz")) (sha256 (base32 - "0752vkkmaaay8ziczqrf7z3735bq3brx2djw36arqsdhwawh6jba")))) + "05pr78vgq52bkkqpbfnp9mxw14ij2wk91l2yfa69dpjbvxqm4b0l")))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -4187,7 +4217,7 @@ window manager.") (define-public gnome-online-accounts (package (name "gnome-online-accounts") - (version "3.20.1") + (version "3.20.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -4195,7 +4225,7 @@ window manager.") name "-" version ".tar.xz")) (sha256 (base32 - "14qcih1g136sn2aklzagv83jl82d3qc598rkdm8zac9gw70ynyn3")))) + "0ip0q539bik3wqwl867rjc63w2d5rjyvbqzwczkard70yd6c0kq9")))) (build-system glib-or-gtk-build-system) (native-inputs `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc. @@ -4225,7 +4255,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.") (define-public evolution-data-server (package (name "evolution-data-server") - (version "3.20.1") + (version "3.20.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -4233,7 +4263,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.") name "-" version ".tar.xz")) (sha256 (base32 - "0lsbhzacr2bs90z8sx44vf403r0h2yqsy4l2svrh5hjnassgdyqx")))) + "0zmybf63y0d5zn48q3xjgkh2p2c3ka9xvzd6labp96bd6b6qc58d")))) (build-system gnu-build-system) (arguments '(;; XXX: fails with: @@ -4289,7 +4319,7 @@ Evolution (hence the name), but is now used by other packages as well.") (define-public caribou (package (name "caribou") - (version "0.4.20") + (version "0.4.21") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -4297,7 +4327,7 @@ Evolution (hence the name), but is now used by other packages as well.") name "-" version ".tar.xz")) (sha256 (base32 - "1nahpfs5ap9f9wsvn93kg8isqffk60v785f1q6k64awcd7an8ris")))) + "0mfychh1q3dx0b96pjz9a9y112bm9yqyim40yykzxx1hppsdjhww")))) (build-system glib-or-gtk-build-system) (arguments '(#:phases @@ -4472,7 +4502,7 @@ services.") (define-public network-manager-applet (package (name "network-manager-applet") - (version "1.2.0") + (version "1.2.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -4480,7 +4510,7 @@ services.") name "-" version ".tar.xz")) (sha256 (base32 - "0dhvk3dvy6djn6blpkv46dn6yfh28wsh6mpl0v53qxfip97j8kwk")))) + "0ym31m55hj65mmbq2yihy49z5x5z1qpx7jalk64kwx1rr5b2kxyz")))) (build-system glib-or-gtk-build-system) (arguments '(#:configure-flags '("--disable-migration"))) (native-inputs @@ -4608,7 +4638,7 @@ providing graphical log-ins and managing local and remote displays.") (define-public libgtop (package (name "libgtop") - (version "2.34.0") + (version "2.34.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -4616,7 +4646,7 @@ providing graphical log-ins and managing local and remote displays.") name "-" version ".tar.xz")) (sha256 (base32 - "0apfnh9k6vmbdm8ms5wxyhagrrl8r88fv48k7q5qq70df2gf72ld")))) + "1qh9srg8pqmrsl12mwnclncs7agmjjvx3q6v5qwqvcb2cskpi6f8")))) (build-system gnu-build-system) (native-inputs `(("gobject-introspection" ,gobject-introspection) @@ -4635,7 +4665,7 @@ usage and information about running processes.") (define-public gnome-bluetooth (package (name "gnome-bluetooth") - (version "3.18.3") + (version "3.20.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -4643,7 +4673,7 @@ usage and information about running processes.") name "-" version ".tar.xz")) (sha256 (base32 - "1qwc9q7x22sc71zhqv4db78rqzxl6fqfw6d978ydqap54c2bg0g4")))) + "0lzbwk2kn7kp39sv5bf4ja92mfkxkc27gxxk8k86i8a8ncbcmcwk")))) (build-system glib-or-gtk-build-system) (native-inputs `(("glib:bin" ,glib "bin") ; for gdbus-codegen, etc. @@ -4738,7 +4768,7 @@ properties, screen resolution, and other GNOME parameters.") (define-public gnome-shell (package (name "gnome-shell") - (version "3.20.1") + (version "3.20.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -4746,7 +4776,7 @@ properties, screen resolution, and other GNOME parameters.") name "-" version ".tar.xz")) (sha256 (base32 - "08cgbr15cim3rgcngrv98rm48pkdxwj4nqx5za1lsnv376m4x5bs")))) + "0kd9y847pw9v3zl0g52ly7xdcjz0b9v37aqmi19iddfkxjjyn4qc")))) (build-system glib-or-gtk-build-system) (arguments '(#:phases @@ -4820,7 +4850,7 @@ like switching to windows and launching applications.") (define-public gtk-vnc (package (name "gtk-vnc") - (version "0.5.4") + (version "0.6.0") (source (origin (method url-fetch) @@ -4829,7 +4859,7 @@ like switching to windows and launching applications.") name "-" version ".tar.xz")) (sha256 (base32 - "1rwwdh7lb16xdmy76ca6mpqfc3zfl3a4bkcr0qb6hs6ffrxak2j8")))) + "0cq42dghjp4bhsxlj9hd2nz5s5rhd53fx7snmq6i6kg60n438ncm")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--with-gtk=3.0"))) @@ -4858,7 +4888,7 @@ as SASL, TLS and VeNCrypt. Additionally it supports encoding extensions.") (define-public nautilus (package (name "nautilus") - (version "3.20.1") + (version "3.20.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -4866,7 +4896,7 @@ as SASL, TLS and VeNCrypt. Additionally it supports encoding extensions.") name "-" version ".tar.xz")) (sha256 (base32 - "1s41bsihacs7cywm60vqgv46m22gmga4b0bwxnki4r02jjwhgagj")))) + "1bnalv0ljdjzqzvh3rfyg7r4z8vdbq1gdard5q68riqdi2dnfvld")))) (build-system glib-or-gtk-build-system) (arguments '(#:configure-flags @@ -4994,7 +5024,7 @@ beautifying border effects.") (define-public dconf-editor (package (name "dconf-editor") - (version "3.20.1") + (version "3.20.3") (source (origin (method url-fetch) @@ -5003,8 +5033,17 @@ beautifying border effects.") name "-" version ".tar.xz")) (sha256 (base32 - "0pfpmvpv57a01nsd1fah3np33avihm5ic43fi6b60dyw6c5z953p")))) + "0yf553bd9l030shhs0jkl5gvkzkfxbxxm56xv0l0nmbplaci8wm8")))) (build-system glib-or-gtk-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (add-before 'install 'skip-gtk-update-icon-cache + (lambda _ + ;; Don't create 'icon-theme.cache'. + (substitute* "editor/Makefile" + (("gtk-update-icon-cache") "true")) + #t))))) (native-inputs `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, gio-2.0. ("intltool" ,intltool) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 5fcc03a222..dd75ea5c34 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -52,7 +52,7 @@ (define-public libgpg-error (package (name "libgpg-error") - (version "1.22") + (version "1.24") (source (origin (method url-fetch) @@ -60,7 +60,7 @@ version ".tar.bz2")) (sha256 (base32 - "0ywxwswizmkyciy480kzczxn6nhbgzf3z8my4nk43nvv67k4x87j")))) + "0h75sf1ngr750c3fjfn4583q7wz40qm63jhg8vjfdrbx936f2s4j")))) (build-system gnu-build-system) (home-page "https://gnupg.org") (synopsis "Library of error values for GnuPG components") @@ -76,15 +76,14 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package (name "libgcrypt") - (replacement libgcrypt-1.7.3) - (version "1.7.0") + (version "1.7.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" version ".tar.bz2")) (sha256 (base32 - "14pspxwrqcgfklw3dgmywbxqwdzcym7fznfrqh9rk4vl8jkpxrmh")))) + "0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x")))) (build-system gnu-build-system) (propagated-inputs `(("libgpg-error-host" ,libgpg-error))) @@ -110,22 +109,9 @@ generation.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgcrypt"))))) -(define libgcrypt-1.7.3 - (package - (inherit libgcrypt) - (version "1.7.3") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" - version ".tar.bz2")) - (sha256 - (base32 - "0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x")))))) - (define-public libgcrypt-1.5 (package (inherit libgcrypt) - (replacement libgcrypt-1.5.6) - (version "1.5.4") + (version "1.5.6") (source (origin (method url-fetch) @@ -133,20 +119,7 @@ generation.") version ".tar.bz2")) (sha256 (base32 - "0czvqxkzd5y872ipy6s010ifwdwv29sqbnqc4pf56sd486gqvy6m")))))) - -(define libgcrypt-1.5.6 - (package - (inherit libgcrypt-1.5) - (source - (let ((version "1.5.6")) - (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" - version ".tar.bz2")) - (sha256 - (base32 - "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))) + "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))) (define-public libassuan (package @@ -238,15 +211,14 @@ compatible to GNU Pth.") (define-public gnupg (package (name "gnupg") - (version "2.1.13") + (version "2.1.15") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnupg/gnupg-" version ".tar.bz2")) - (patches (search-patches "gnupg-fix-expired-test.patch")) (sha256 (base32 - "0xcn46vcb5x5qx0bc803vpzhzhnn6wfhp7x71w9n1ahx4ak877ag")))) + "1pgz02gd84ab94w4xdg67p9z8kvkyr9d523bvcxxd2hviwh1m362")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -272,6 +244,17 @@ compatible to GNU Pth.") (lambda _ (substitute* "tests/openpgp/defs.inc" (("/bin/pwd") (which "pwd"))) + #t)) + (add-after 'build 'patch-scheme-tests + (lambda _ + (substitute* (find-files "tests" ".\\.scm$") + (("/usr/bin/env gpgscm") + (string-append (getcwd) "/tests/gpgscm/gpgscm"))))) + (add-before 'check 'set-home + ;; Some tests require write access to $HOME, otherwise leading to + ;; 'failed to create directory /homeless-shelter/.asy' error. + (lambda _ + (setenv "HOME" "/tmp") #t))))) (home-page "https://gnupg.org/") (synopsis "GNU Privacy Guard") diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 4927a516e2..d15066cbd6 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -431,21 +431,7 @@ standards.") ("mit-krb5" ,mit-krb5) ("nspr" ,nspr) ("nss" ,nss) - - ;; XXX Work around the fact that our 'sqlite' package was not built - ;; with -DSQLITE_ENABLE_DBSTAT_VTAB. - ("sqlite" ,(package - (inherit sqlite) - (arguments - `(#:configure-flags - ;; Add -DSQLITE_SECURE_DELETE, -DSQLITE_ENABLE_UNLOCK_NOTIFY and - ;; -DSQLITE_ENABLE_DBSTAT_VTAB to CFLAGS. GNU Icecat will refuse - ;; to use the system SQLite unless these options are enabled. - (list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE " - "-DSQLITE_ENABLE_UNLOCK_NOTIFY " - "-DSQLITE_ENABLE_DBSTAT_VTAB")))))) - ;;("sqlite" ,sqlite) - + ("sqlite" ,sqlite) ("startup-notification" ,startup-notification) ("unzip" ,unzip) ("yasm" ,yasm) diff --git a/gnu/packages/grub.scm b/gnu/packages/grub.scm index ffce1bf86b..b920be9ea2 100644 --- a/gnu/packages/grub.scm +++ b/gnu/packages/grub.scm @@ -128,8 +128,8 @@ #t))))) (inputs `(;; ("lvm2" ,lvm2) + ("gettext" ,gettext-minimal) ("mdadm" ,mdadm) - ("gettext" ,gnu-gettext) ("freetype" ,freetype) ;; ("libusb" ,libusb) ;; ("fuse" ,fuse) diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index df79239951..0de1409406 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -357,7 +357,7 @@ printing and other features typical of a source code editor.") (define-public gtksourceview (package (name "gtksourceview") - (version "3.20.2") + (version "3.20.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -365,7 +365,7 @@ printing and other features typical of a source code editor.") name "-" version ".tar.xz")) (sha256 (base32 - "03vxirdbjpgjrkl5ph0p9b1saq17xxr4kvhz1ijpg40a9jf3ci4y")))) + "009xag7df07ngav2wzs0rdrrx4s2m6ahx93pxzc2p1pkbz4nl3ks")))) (build-system gnu-build-system) (arguments '(#:phases @@ -486,7 +486,7 @@ in the GNOME project.") (define-public at-spi2-core (package (name "at-spi2-core") - (version "2.20.1") + (version "2.20.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -494,7 +494,7 @@ in the GNOME project.") name "-" version ".tar.xz")) (sha256 (base32 - "0039y6bj1zfzhmfjbj5g830dlczphbpvbgmkcab9mapmh7kmin3f")))) + "0hx12snd9as4cq99ka3bn056xdf13f87pd1ilp6177qk8ffxx948")))) (build-system gnu-build-system) (outputs '("out" "doc")) (arguments @@ -594,7 +594,7 @@ is part of the GNOME accessibility project.") ("libxrandr" ,libxrandr))) (native-inputs `(("perl" ,perl) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("glib" ,glib "bin") ("gobject-introspection" ,gobject-introspection) ("pkg-config" ,pkg-config) @@ -629,7 +629,7 @@ application suites.") (define-public gtk+ (package (inherit gtk+-2) (name "gtk+") - (version "3.20.3") + (version "3.20.9") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -637,9 +637,10 @@ application suites.") name "-" version ".tar.xz")) (sha256 (base32 - "157nh9gg0p2avw765hrnkvr8lsh2w811397yxgjv6q5j4fzz6d1q")) + "05xcwvy68p7f4hdhi4bgdm3aycvqqr4pr5kkkr8ba91l5yx0k9l3")) (patches (search-patches "gtk3-respect-GUIX_GTK3_PATH.patch" "gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch")))) + (outputs '("out" "bin" "doc")) (propagated-inputs `(("at-spi2-atk" ,at-spi2-atk) ("atk" ,atk) @@ -662,7 +663,7 @@ application suites.") (native-inputs `(("perl" ,perl) ("glib" ,glib "bin") - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config) ("gobject-introspection" ,gobject-introspection) ("python-wrapper" ,python-wrapper) @@ -684,7 +685,16 @@ application suites.") (substitute* "testsuite/Makefile.in" (("SUBDIRS = gdk gtk a11y css reftests") "SUBDIRS = gdk")) - #t))))) + #t)) + (add-after 'install 'move-desktop-files + ;; Move desktop files into 'bin' to avoid cycle references. + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (bin (assoc-ref outputs "bin"))) + (mkdir-p (string-append bin "/share")) + (rename-file (string-append out "/share/applications") + (string-append bin "/share/applications")) + #t)))))) (native-search-paths (list (search-path-specification (variable "GUIX_GTK3_PATH") @@ -928,7 +938,7 @@ library.") (define-public pangomm (package (name "pangomm") - (version "2.40.0") + (version "2.40.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -936,7 +946,7 @@ library.") name "-" version ".tar.xz")) (sha256 (base32 - "03fpqdjp7plybf4zsgszbm8yhgl28vmajzfpmaqcsmyfvjlszl3x")))) + "1bz3gciff23bpw9bqc4v2l3lkq9w7394v3a4jxkvx0ap5lmfwqlp")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) (propagated-inputs @@ -1177,7 +1187,7 @@ write GNOME applications.") (base32 "03wsxj27hvcbs3x96nah7j3paclifwlfag8kdph4kldl48srp9pb")))) (native-inputs `(("pkg-config" ,pkg-config) - ("gettext" ,gnu-gettext))) + ("gettext" ,gettext-minimal))) (inputs `(("gtk+" ,gtk+) ("check" ,check))) (arguments @@ -1241,7 +1251,7 @@ information.") `(("pkg-config" ,pkg-config) ("itstool" ,itstool) ("libxml" ,libxml2) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("bc" ,bc))) (inputs `(("perl" ,perl) diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm index 43071e6968..691a7fe22e 100644 --- a/gnu/packages/guile.scm +++ b/gnu/packages/guile.scm @@ -131,15 +131,15 @@ without requiring the source code to be rewritten.") (define-public guile-2.0 (package (name "guile") - (version "2.0.11") + (version "2.0.12") + (replacement guile-2.0.13) ;CVE-2016-8606 and CVE-2016-8605 (source (origin (method url-fetch) (uri (string-append "mirror://gnu/guile/guile-" version ".tar.xz")) (sha256 (base32 - "1qh3j7308qvsjgwf7h94yqgckpbgz2k3yqdkzsyhqcafvfka9l5f")) - (patches (search-patches "guile-arm-fixes.patch")))) + "1sdpjq0jf1h65w29q0zprj4x6kdp5jskkvbnlwphy9lvdxrqg0fy")))) (build-system gnu-build-system) (native-inputs `(("pkgconfig" ,pkg-config))) (inputs `(("libffi" ,libffi) @@ -184,7 +184,7 @@ without requiring the source code to be rewritten.") (files '("share/guile/site/2.0"))) (search-path-specification (variable "GUILE_LOAD_COMPILED_PATH") - (files '("lib/guile/2.0/ccache" + (files '("lib/guile/2.0/site-ccache" "share/guile/site/2.0"))))) (synopsis "Scheme implementation intended especially for extensions") @@ -200,12 +200,28 @@ without requiring the source code to be rewritten.") (define-public guile-2.0/fixed ;; A package of Guile 2.0 that's rarely changed. It is the one used ;; in the `base' module, and thus changing it entails a full rebuild. - guile-2.0) + (package + (inherit guile-2.0) + (properties '((hidden? . #t))) ;people should install 'guile-2.0' + (replacement #f))) + +(define guile-2.0.13 + (package + (inherit guile-2.0) + (version "2.0.13") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/guile/guile-" version + ".tar.xz")) + (sha256 + (base32 + "12yqkr974y91ylgw6jnmci2v90i90s7h9vxa4zk0sai8vjnz4i1p")))))) (define-public guile-next (package (inherit guile-2.0) (name "guile-next") (version "2.1.4") + (replacement #f) (source (origin (method url-fetch) (uri (string-append "ftp://alpha.gnu.org/gnu/guile/guile-" @@ -279,7 +295,7 @@ applicable." ("libtool" ,libtool) ("flex" ,flex) ("texinfo" ,texinfo) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ,@(package-native-inputs guile-next))) ;; Same as in guile-2.0 (native-search-paths @@ -495,23 +511,33 @@ format is also supported.") (define-public guile-lib (package (name "guile-lib") - (version "0.2.2") + (version "0.2.3") (source (origin (method url-fetch) (uri (string-append "mirror://savannah/guile-lib/guile-lib-" version ".tar.gz")) (sha256 (base32 - "1f9n2b5b5r75lzjinyk6zp6g20g60msa0jpfrk5hhg4j8cy0ih4b")))) + "0pwdd52vakni1fabaiav8v0ad7xp3bx8x3brijbr1mpgamm9dxqc")))) (build-system gnu-build-system) (arguments - '(#:phases (alist-cons-before - 'configure 'patch-module-dir - (lambda _ - (substitute* "src/Makefile.in" - (("^moddir[[:blank:]]*=[[:blank:]]*([[:graph:]]+)" _ rhs) - (string-append "moddir = " rhs "/2.0\n")))) - %standard-phases))) + '(#:phases (modify-phases %standard-phases + (add-before 'configure 'patch-module-dir + (lambda _ + (substitute* "src/Makefile.in" + (("^moddir = ([[:graph:]]+)") + "moddir = $(datadir)/guile/site/@GUILE_EFFECTIVE_VERSION@\n") + (("^godir = ([[:graph:]]+)") + "godir = \ +$(libdir)/guile/@GUILE_EFFECTIVE_VERSION@/site-ccache\n")) + #t)) + (replace 'check + (lambda _ + ;; Work around a harmless test failure involving + ;; two-spaces-after-period rendering. + (zero? (system* "make" "check" ;"-C" "unit-tests" + "XFAIL_TESTS=texinfo.serialize.scm"))))))) + (native-inputs `(("pkg-config" ,pkg-config))) (inputs `(("guile" ,guile-2.0))) (home-page "http://www.nongnu.org/guile-lib/") (synopsis "Collection of useful Guile Scheme modules") diff --git a/gnu/packages/gv.scm b/gnu/packages/gv.scm index 240e3fc96c..e1e86a83a6 100644 --- a/gnu/packages/gv.scm +++ b/gnu/packages/gv.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -39,7 +40,7 @@ (sha256 (base32 "0q8s43z14vxm41pfa8s5h9kyyzk1fkwjhkiwbf2x70alm6rv6qi1")))) (build-system gnu-build-system) - (propagated-inputs `(("ghostscript" ,ghostscript-gs/x))) + (propagated-inputs `(("ghostscript" ,ghostscript/x))) (inputs `(("libx11" ,libx11) ("libxaw3d" ,libxaw3d) ("libxinerama" ,libxinerama) diff --git a/gnu/packages/ibus.scm b/gnu/packages/ibus.scm index 814984f16f..8dc5cdb742 100644 --- a/gnu/packages/ibus.scm +++ b/gnu/packages/ibus.scm @@ -265,7 +265,7 @@ Chinese pinyin input methods.") '("ibus-engine-anthy" "ibus-setup-anthy")) #t)))))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("intltool" ,intltool) ("pkg-config" ,pkg-config) ("python" ,python))) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 7455bb8889..4b05cca3b4 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -58,18 +58,18 @@ (define-public libpng (package (name "libpng") - (version "1.5.26") + (version "1.6.25") (source (origin (method url-fetch) ;; Note: upstream removes older tarballs. - (uri (list (string-append "mirror://sourceforge/libpng/libpng15/" + (uri (list (string-append "mirror://sourceforge/libpng/libpng16/" version "/libpng-" version ".tar.xz") (string-append "ftp://ftp.simplesystems.org/pub/libpng/png/src" "/libpng15/libpng-" version ".tar.xz"))) (sha256 - (base32 "0kbissyd7d4ahwdpm968nnzl7q15p6hadg44i9x0vrkrzdgdi93v")))) + (base32 "04c8inn745hw25wz2dc5vll5n5d2gsndj01i4srwzgz8861qvzh9")))) (build-system gnu-build-system) ;; libpng.la says "-lz", so propagate it. @@ -101,13 +101,13 @@ library. It supports almost all PNG features and is extensible.") (define-public libjpeg (package (name "libjpeg") - (version "9a") + (version "9b") (source (origin (method url-fetch) (uri (string-append "http://www.ijg.org/files/jpegsrc.v" version ".tar.gz")) (sha256 (base32 - "19q5zr4n60sjcvfbyv06n4pcl1mai3ipvnd2akflayciinj3wx9s")))) + "0lnhpahgdwlrkd41lx6cr90r199f8mc6ydlh7jznj5klvacd63r4")))) (build-system gnu-build-system) (synopsis "Library for handling JPEG files") (description @@ -186,7 +186,6 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") - (replacement libtiff/fixed) (version "4.0.6") (source (origin (method url-fetch) @@ -197,7 +196,14 @@ extracting icontainer icon files.") (patches (search-patches "libtiff-oob-accesses-in-decode.patch" "libtiff-oob-write-in-nextdecode.patch" - "libtiff-CVE-2015-8665+CVE-2015-8683.patch")))) + "libtiff-CVE-2015-8665+CVE-2015-8683.patch" + "libtiff-CVE-2016-3623.patch" + "libtiff-CVE-2016-3945.patch" + "libtiff-CVE-2016-3990.patch" + "libtiff-CVE-2016-3991.patch" + "libtiff-CVE-2016-5314.patch" + "libtiff-CVE-2016-5321.patch" + "libtiff-CVE-2016-5323.patch")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.3 MiB of HTML documentation @@ -219,23 +225,6 @@ collection of tools for doing simple manipulations of TIFF images.") "See COPYRIGHT in the distribution.")) (home-page "http://www.remotesensing.org/libtiff/"))) -(define libtiff/fixed - (package - (inherit libtiff) - (source (origin - (inherit (package-source libtiff)) - (patches (search-patches - "libtiff-oob-accesses-in-decode.patch" - "libtiff-oob-write-in-nextdecode.patch" - "libtiff-CVE-2015-8665+CVE-2015-8683.patch" - "libtiff-CVE-2016-3623.patch" - "libtiff-CVE-2016-3945.patch" - "libtiff-CVE-2016-3990.patch" - "libtiff-CVE-2016-3991.patch" - "libtiff-CVE-2016-5314.patch" - "libtiff-CVE-2016-5321.patch" - "libtiff-CVE-2016-5323.patch")))))) - (define-public libwmf (package (name "libwmf") diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm index db398de530..a516629dbf 100644 --- a/gnu/packages/irc.scm +++ b/gnu/packages/irc.scm @@ -157,7 +157,7 @@ SILC and ICB protocols via plugins.") ("libtool" ,libtool))) (inputs `(("ncurses" ,ncurses) ("diffutils" ,diffutils) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("libltdl" ,libltdl) ("libgcrypt" ,libgcrypt "out") ("zlib" ,zlib) diff --git a/gnu/packages/iso-codes.scm b/gnu/packages/iso-codes.scm index 0a9427cef2..dbdd868b3b 100644 --- a/gnu/packages/iso-codes.scm +++ b/gnu/packages/iso-codes.scm @@ -40,7 +40,7 @@ "037hmfs5pk3g36psm378vap1mbrkk86vv8wsdnv65mzbnph52gv0")))) (build-system gnu-build-system) (inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("perl" ,perl) ("python" ,python-wrapper))) (home-page "https://pkg-isocodes.alioth.debian.org/") diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm index 011f9e0deb..3790e8f63f 100644 --- a/gnu/packages/kde-frameworks.scm +++ b/gnu/packages/kde-frameworks.scm @@ -601,7 +601,7 @@ interfaces in the areas of colors, fonts, text, images, keyboard input.") "0cw24spmwsqa3ppkw03cm6yjd3sfll0dbbk2ya76fd4nw9hb00dv")))) (build-system cmake-build-system) (propagated-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("python" ,python))) (native-inputs `(("extra-cmake-modules" ,extra-cmake-modules))) diff --git a/gnu/packages/kodi.scm b/gnu/packages/kodi.scm index ec4e72e8ba..929894d61e 100644 --- a/gnu/packages/kodi.scm +++ b/gnu/packages/kodi.scm @@ -199,7 +199,7 @@ generator library for C++.") ("cmake" ,cmake) ("doxygen" ,doxygen) ("gawk" ,gawk) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("icedtea" ,icedtea) ; needed at build-time only, mandatory ("libtool" ,libtool) ("pkg-config" ,pkg-config) diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm index 432c1fe675..0c9d0af3c8 100644 --- a/gnu/packages/libidn.scm +++ b/gnu/packages/libidn.scm @@ -27,14 +27,14 @@ (define-public libidn (package (name "libidn") - (replacement libidn-1.33) - (version "1.32") + (version "1.33") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/libidn/libidn-" version ".tar.gz")) - (sha256 (base32 - "1xf4hphhahcjm2xwx147lfpsavjwv9l4c2gf6hx71zxywbz5lpds")))) + (sha256 + (base32 + "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4")))) (build-system gnu-build-system) ;; FIXME: No Java and C# libraries are currently built. (synopsis "Internationalized string processing library") @@ -46,16 +46,3 @@ names. It includes native C, C# and Java libraries.") ;; the command line tool is gpl3+. (license (list gpl2+ gpl3+ lgpl3+ fdl1.3+)) (home-page "http://www.gnu.org/software/libidn/"))) - -(define libidn-1.33 - (package - (inherit libidn) - (source - (let ((version "1.33")) - (origin - (method url-fetch) - (uri (string-append "mirror://gnu/libidn/libidn-" version - ".tar.gz")) - (sha256 - (base32 - "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4"))))))) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 08fd7ac9bb..53baa21fdd 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -15,6 +15,7 @@ ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2016 David Craven <david@craven.ch> ;;; Copyright © 2016 John Darrington <jmd@gnu.org> +;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -110,17 +111,36 @@ version "-gnu.tar.xz"))) (define-public linux-libre-headers - (let* ((version "4.1.18") - (build-phase - (lambda (arch) - `(lambda _ - (setenv "ARCH" ,(system->linux-architecture arch)) + (package + (name "linux-libre-headers") + (version "4.4.18") + (source (origin + (method url-fetch) + (uri (linux-libre-urls version)) + (sha256 + (base32 + "0k8k17in7dkjd9d8zg3i8l1ax466dba6bxw28flxizzyq8znljps")))) + (build-system gnu-build-system) + (native-inputs `(("perl" ,perl))) + (arguments + `(#:modules ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-1)) + #:phases + (modify-phases %standard-phases + (delete 'configure) + (replace 'build + (lambda _ + (let ((arch ,(system->linux-architecture + (or (%current-target-system) + (%current-system))))) + (setenv "ARCH" arch) (format #t "`ARCH' set to `~a'~%" (getenv "ARCH")) (and (zero? (system* "make" "defconfig")) (zero? (system* "make" "mrproper" "headers_check")))))) - (install-phase - `(lambda* (#:key outputs #:allow-other-keys) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out"))) (and (zero? (system* "make" (string-append "INSTALL_HDR_PATH=" out) @@ -140,33 +160,12 @@ (for-each delete-file (find-files out "\\.install")) #t)))))) - (package - (name "linux-libre-headers") - (version version) - (source (origin - (method url-fetch) - (uri (linux-libre-urls version)) - (sha256 - (base32 - "1bddh2rg645lavhjkk9z75vflba5y0g73z2fjwgbfrj5jb44x9i7")))) - (build-system gnu-build-system) - (native-inputs `(("perl" ,perl))) - (arguments - `(#:modules ((guix build gnu-build-system) - (guix build utils) - (srfi srfi-1)) - #:phases (alist-replace - 'build ,(build-phase (or (%current-target-system) - (%current-system))) - (alist-replace - 'install ,install-phase - (alist-delete 'configure %standard-phases))) #:allowed-references () #:tests? #f)) + (home-page "http://www.gnu.org/software/linux-libre") (synopsis "GNU Linux-Libre kernel headers") (description "Headers of the Linux-Libre kernel.") - (license license:gpl2) - (home-page "http://www.gnu.org/software/linux-libre/")))) + (license license:gpl2))) (define %boot-logo-patch ;; Linux-Libre boot logo featuring Freedo and a gnu. @@ -359,17 +358,18 @@ It has been modified to remove all non-free binary blobs.") (define-public linux-pam (package (name "linux-pam") - (version "1.2.1") + (version "1.3.0") (source (origin (method url-fetch) - (uri (list (string-append "http://www.linux-pam.org/library/Linux-PAM-" - version ".tar.bz2") - (string-append "mirror://kernel.org/linux/libs/pam/library/Linux-PAM-" - version ".tar.bz2"))) + (uri (string-append + "http://www.linux-pam.org/library/" + "Linux-PAM-" version ".tar.bz2")) (sha256 (base32 - "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl")))) + "1fyi04d5nsh8ivd0rn2y0z83ylgc0licz7kifbb6xxi2ylgfs6i4")) + (patches (search-patches "linux-pam-no-setfsuid.patch")))) + (build-system gnu-build-system) (native-inputs `(("flex" ,flex) @@ -397,6 +397,21 @@ be used through the PAM API to perform tasks, like authenticating a user at login. Local and dynamic reconfiguration are its key features.") (license license:bsd-3))) +(define-public linux-pam-1.2 + (package + (inherit linux-pam) + (version "1.2.1") + (source + (origin + (method url-fetch) + (uri (string-append + "http://www.linux-pam.org/library/" + "Linux-PAM-" version ".tar.bz2")) + (sha256 + (base32 + "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl")) + (patches (search-patches "linux-pam-no-setfsuid.patch")))))) + ;;; ;;; Miscellaneous. @@ -428,7 +443,7 @@ providing the system administrator with some help in common tasks.") (define-public util-linux (package (name "util-linux") - (version "2.27") + (version "2.28.1") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/linux/utils/" @@ -436,7 +451,7 @@ providing the system administrator with some help in common tasks.") name "-" version ".tar.xz")) (sha256 (base32 - "1ivdx1bhjbakf77agm9dn3wyxia1wgz9lzxgd61zqxw3xzih9gzw")) + "03xnaw3c7pavxvvh1vnimcr44hlhhf25whawiyv8dxsflfj4xkiy")) (patches (search-patches "util-linux-tests.patch")) (modules '((guix build utils))) (snippet @@ -511,16 +526,14 @@ block devices, UUIDs, TTYs, and many other tools.") (define-public procps (package (name "procps") - (version "3.3.11") + (version "3.3.12") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/procps-ng/Production/" "procps-ng-" version ".tar.xz")) (sha256 (base32 - "1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9")) - (patches - (list (search-patch "procps-non-linux.patch"))))) + "1m57w6jmry84njd5sgk5afycbglql0al80grx027kwqqcfw5mmkf")))) (build-system gnu-build-system) (arguments '(#:modules ((guix build utils) @@ -529,6 +542,15 @@ block devices, UUIDs, TTYs, and many other tools.") (srfi srfi-26)) #:phases (modify-phases %standard-phases + (add-before 'check 'disable-strtod-test + (lambda _ + ;; Disable the 'strtod' test, which fails on 32-bit systems. + ;; This is what upstream does: + ;; <https://gitlab.com/procps-ng/procps/commit/100afbc1491be388f1429021ff65d969f4b1e08f>. + (substitute* "Makefile" + (("^(TESTS|check_PROGRAMS) = .*$" all) + (string-append "# " all "\n"))) + #t)) (add-after 'install 'post-install ;; Remove commands and man pages redudant with @@ -855,7 +877,7 @@ MIDI functionality to the Linux-based operating system.") ("ncurses" ,ncurses) ("alsa-lib" ,alsa-lib) ("xmlto" ,xmlto) - ("gettext" ,gnu-gettext))) + ("gettext" ,gettext-minimal))) (home-page "http://www.alsa-project.org/") (synopsis "Utilities for the Advanced Linux Sound Architecture (ALSA)") (description @@ -1044,7 +1066,7 @@ manpages.") (sha256 (base32 "0p93lsqx23v5fv4hpbrydmfvw1ha2rgqpn2zqbs2jhxkzhjc030p")))))) - (native-inputs `(("gettext" ,gnu-gettext))) + (native-inputs `(("gettext" ,gettext-minimal))) (synopsis "Tools for controlling the network subsystem in Linux") (description @@ -1605,7 +1627,7 @@ from the module-init-tools project.") ;; The post-systemd fork, maintained by Gentoo. (package (name "eudev") - (version "3.1.5") + (version "3.2") (source (origin (method url-fetch) (uri (string-append @@ -1613,7 +1635,7 @@ from the module-init-tools project.") version ".tar.gz")) (sha256 (base32 - "0akg9gcc3c2p56xbhlvbybqavcprly5q0bvk655zwl6d62j8an7p")) + "099w62ncq78nxpxizf910mx18hc8x4qvzw3azjd00fir89wmyjnq")) (patches (search-patches "eudev-rules-directory.patch")))) (build-system gnu-build-system) (native-inputs @@ -2471,7 +2493,7 @@ Bluetooth audio output devices like headphones or loudspeakers.") #t)))))) (native-inputs `(("pkg-config" ,pkg-config) - ("gettext" ,gnu-gettext))) + ("gettext" ,gettext-minimal))) (inputs `(("glib" ,glib) ("dbus" ,dbus) @@ -2811,7 +2833,7 @@ from that to the system kernel's @file{/dev/random} machinery.") "DEBUG=false" "PACKAGE_BUGREPORT=bug-guix@gnu.org")) #:tests? #f)) ;no tests - (native-inputs `(("gettext" ,gnu-gettext))) + (native-inputs `(("gettext" ,gettext-minimal))) (inputs `(("pciutils" ,pciutils))) (home-page (package-home-page linux-libre)) (synopsis "CPU frequency and voltage scaling tools for Linux") diff --git a/gnu/packages/lout.scm b/gnu/packages/lout.scm index 1355e0387a..f2c724ae07 100644 --- a/gnu/packages/lout.scm +++ b/gnu/packages/lout.scm @@ -88,8 +88,7 @@ (build-system gnu-build-system) ; actually, just a makefile (outputs '("out" "doc")) (native-inputs - `(("ghostscript" ,ghostscript) - ("ghostscript-gs" ,ghostscript-gs))) + `(("ghostscript" ,ghostscript))) (arguments `(#:modules ((guix build utils) (guix build gnu-build-system) (srfi srfi-1)) ; we need SRFI-1 diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm index def9c23b17..1b7352fc10 100644 --- a/gnu/packages/make-bootstrap.scm +++ b/gnu/packages/make-bootstrap.scm @@ -114,9 +114,6 @@ for `sh' in $PATH, and without nscd, and with static NSS modules." (current-source-location) #:native-inputs native-inputs)) -(define %bash-static - (static-package bash-minimal)) - (define %static-inputs ;; Packages that are to be used as %BOOTSTRAP-INPUTS. (let ((coreutils (package (inherit coreutils) @@ -184,7 +181,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules." (("-Wl,-export-dynamic") ""))) ,phases))))) (inputs (if (%current-target-system) - `(("bash" ,%bash-static)) + `(("bash" ,static-bash)) '())))) (finalize (compose static-package package-with-relocatable-glibc))) @@ -200,7 +197,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules." ("sed" ,sed) ("grep" ,grep) ("gawk" ,gawk))) - ("bash" ,%bash-static)))) + ("bash" ,static-bash)))) (define %static-binaries (package @@ -515,6 +512,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules." (patches patches))) (guile (package (inherit guile-2.0) (name (string-append (package-name guile-2.0) "-static")) + (replacement #f) (source source) (synopsis "Statically-linked and relocatable Guile") diff --git a/gnu/packages/man.scm b/gnu/packages/man.scm index cdefbdedbb..2d99438420 100644 --- a/gnu/packages/man.scm +++ b/gnu/packages/man.scm @@ -189,7 +189,7 @@ Linux kernel and C library interfaces employed by user-space programs.") `(("perl" ,perl) ;; TODO: Add these optional dependencies. ;; ("perl-LocaleGettext" ,perl-LocaleGettext) - ;; ("gettext" ,gnu-gettext) + ;; ("gettext" ,gettext-minimal) )) (home-page "http://www.gnu.org/software/help2man/") (synopsis "Automatically generate man pages from program --help") diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 07934e3114..83f55c9f18 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -1982,7 +1982,7 @@ parts of it.") (define-public openblas (package (name "openblas") - (version "0.2.15") + (version "0.2.19") (source (origin (method url-fetch) @@ -1991,7 +1991,7 @@ parts of it.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1k5f6vjlk54qlplk5m7xkbaw6g2y7dl50lwwdv6xsbcsgsbxfcpy")))) + "071zqnmnxhh0c9phzyn3f198yxa0hjxda7016azdbq2056sm70w7")))) (build-system gnu-build-system) (arguments `(#:tests? #f ;no "check" target @@ -2552,7 +2552,7 @@ evaluates expressions using the standard order of operations.") (base32 "15cd1cx1dyygw6g2nhjqq3bsfdj8sj8m4va9n75i0f3ryww3x7wq")))) (build-system gnu-build-system) - (native-inputs `(("gettext" ,gnu-gettext))) + (native-inputs `(("gettext" ,gettext-minimal))) (inputs `(("libx11" ,libx11) ("zlib" ,zlib) ("libpng" ,libpng) diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm index 3d11f3a450..3299c7b5c4 100644 --- a/gnu/packages/mit-krb5.scm +++ b/gnu/packages/mit-krb5.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016 Leo Famulari <leo@famulari.name> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -31,8 +32,7 @@ (define-public mit-krb5 (package (name "mit-krb5") - (replacement mit-krb5-1.14.3) - (version "1.14.2") + (version "1.14.3") (source (origin (method url-fetch) (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/" @@ -40,7 +40,7 @@ "/krb5-" version ".tar.gz")) (sha256 (base32 - "09wbv969ak4fqlqr1ip5bi62fny1zlp1vwjarvj6a6cdfzkdgjkb")))) + "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind")))) (build-system gnu-build-system) (native-inputs `(("bison" ,bison) @@ -84,17 +84,3 @@ cryptography.") (license (non-copyleft "file://NOTICE" "See NOTICE in the distribution.")) (home-page "http://web.mit.edu/kerberos/"))) - -(define mit-krb5-1.14.3 - (package - (inherit mit-krb5) - (source - (let ((version "1.14.3")) - (origin - (method url-fetch) - (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/" - (version-major+minor version) - "/krb5-" version ".tar.gz")) - (sha256 - (base32 - "1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind"))))))) diff --git a/gnu/packages/mono.scm b/gnu/packages/mono.scm index 75e39afdf0..343cebc99f 100644 --- a/gnu/packages/mono.scm +++ b/gnu/packages/mono.scm @@ -44,7 +44,7 @@ "0jibyvyv2jy8dq5ij0j00iq3v74r0y90dcjc3dkspcfbnn37cphn")))) (build-system gnu-build-system) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("glib" ,glib) ("libxslt" ,libxslt) ("perl" ,perl) diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm index 37407cdc17..73a9a23efd 100644 --- a/gnu/packages/mp3.scm +++ b/gnu/packages/mp3.scm @@ -443,7 +443,7 @@ format.") (install-file "mpc123" bin))))) #:tests? #f)) (native-inputs - `(("gettext" ,gnu-gettext))) + `(("gettext" ,gettext-minimal))) (inputs `(("libao" ,ao) ("libmpcdec" ,libmpcdec))) diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm index 46540be5c4..23ae68a28f 100644 --- a/gnu/packages/multiprecision.scm +++ b/gnu/packages/multiprecision.scm @@ -31,7 +31,7 @@ (define-public gmp (package (name "gmp") - (version "6.1.0") + (version "6.1.1") (source (origin (method url-fetch) (uri @@ -39,7 +39,7 @@ version ".tar.xz")) (sha256 (base32 - "12b9s4jn48gbar6dbs5qrlmljdmnq43xy3ji9yjzic0mwp6dmnk8")) + "0cg84n482gcvl0s4xq4wgwsk4r0x0m8dnzpizwqdd2j8vw2rqvnk")) (patches (search-patches "gmp-faulty-test.patch")))) (build-system gnu-build-system) (native-inputs `(("m4" ,m4))) diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm index d5805b0403..bbae98532d 100644 --- a/gnu/packages/music.scm +++ b/gnu/packages/music.scm @@ -493,7 +493,7 @@ for path in [path for path in sys.path if 'site-packages' in path]: site.addsite ("python2-pyliblo" ,python2-pyliblo) ("python2-pygtk" ,python2-pygtk))) (native-inputs - `(("gettext" ,gnu-gettext))) + `(("gettext" ,gettext-minimal))) (home-page "http://das.nasophon.de/gtklick/") (synopsis "Simple metronome with an easy-to-use graphical interface") (description @@ -555,7 +555,7 @@ interface. It is implemented as a frontend to @code{klick}.") ("font-tex-gyre" ,font-tex-gyre) ("fontconfig" ,fontconfig) ("freetype" ,freetype) - ("ghostscript" ,ghostscript-gs) + ("ghostscript" ,ghostscript) ("pango" ,pango) ("python" ,python-2))) (native-inputs @@ -564,7 +564,7 @@ interface. It is implemented as a frontend to @code{klick}.") ("flex" ,flex) ("fontforge" ,fontforge) ("dblatex" ,dblatex) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("imagemagick" ,imagemagick) ("netpbm" ,netpbm) ;for pngtopnm ("texlive" ,texlive) ;metafont and metapost @@ -712,7 +712,7 @@ for path in [path for path in sys.path if 'site-packages' in path]: site.addsite (inputs `(("python" ,python-2) ("pygtk" ,python2-pygtk) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("gtk" ,gtk+) ("lilypond" ,lilypond) ;; players needed at runtime @@ -987,7 +987,7 @@ Laurens Hammond and Don Leslie.") ("flac" ,flac) ("alsa-lib" ,alsa-lib) ("libvorbis" ,libvorbis) - ("gettext" ,gnu-gettext))) + ("gettext" ,gettext-minimal))) (native-inputs `(("pkg-config" ,pkg-config) ("glib:bin" ,glib "bin") @@ -1180,7 +1180,7 @@ export.") `(("autoconf" ,autoconf) ("automake" ,automake) ("libtool" ,libtool) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) (inputs `(("tk" ,tk) diff --git a/gnu/packages/nano.scm b/gnu/packages/nano.scm index 3c4c699983..01ef5dc800 100644 --- a/gnu/packages/nano.scm +++ b/gnu/packages/nano.scm @@ -40,7 +40,7 @@ "1hzazcrbwjqiw89jjvlj97q0wf385qqkzcm0870pdrixiv7yklax")))) (build-system gnu-build-system) (inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("ncurses" ,ncurses))) (home-page "http://www.nano-editor.org/") (synopsis "Small, user-friendly console text editor") diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 4b77aad792..cc843c97ff 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -488,7 +488,7 @@ network frames.") "1y7sbgkhgadmd93x1zafqc4yp26ssiv16ni5bbi9vmvvdl55m29y")))) (build-system gnu-build-system) (native-inputs - `(("gettext" ,gnu-gettext))) + `(("gettext" ,gettext-minimal))) (inputs `(("fftw" ,fftw) ("ncurses" ,ncurses) diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index f6f7308ff0..f1b4bdbf6f 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com> ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -573,7 +574,6 @@ libpanel, librsvg and quartz.") (native-inputs `(("ocaml" ,ocaml) ;; For documentation - ("ghostscript-gs" ,ghostscript-gs) ("ghostscript" ,ghostscript) ("texlive" ,texlive) ("hevea" ,hevea) diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm index 4bbc6a6bf8..627319bda8 100644 --- a/gnu/packages/openldap.scm +++ b/gnu/packages/openldap.scm @@ -55,14 +55,11 @@ "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp")))) (build-system gnu-build-system) (inputs `(("bdb" ,bdb-5.3) - ("openssl" ,openssl) ("cyrus-sasl" ,cyrus-sasl) + ("gnutls" ,gnutls) ("groff" ,groff) ("icu4c" ,icu4c) ("libgcrypt" ,libgcrypt) - ;; FIXME: currently, openldap requires openssl or gnutls<3, see - ;; http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17 - ;; Once this is fixed, switch to gnutls. ("zlib" ,zlib))) (native-inputs `(("libtool" ,libtool))) (arguments diff --git a/gnu/packages/openstack.scm b/gnu/packages/openstack.scm index 62f1e84a3b..fc865d36e0 100644 --- a/gnu/packages/openstack.scm +++ b/gnu/packages/openstack.scm @@ -256,6 +256,7 @@ tested on Python version 3.2, 2.7 and 2.6.") `(("python-pbr" ,python-pbr))) (native-inputs `(("python-discover" ,python-discover) + ("python-docutils" ,python-docutils) ("python-fixtures" ,python-fixtures) ("python-mock" ,python-mock) ("python-sphinx" ,python-sphinx) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 70a6a49921..34515f1d22 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -247,7 +247,7 @@ the Nix package manager.") (native-inputs `(("autoconf" ,(autoconf-wrapper)) ("automake" ,automake) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("texinfo" ,texinfo) ("graphviz" ,graphviz) ("help2man" ,help2man) diff --git a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch index edd411e1a8..aa253e135f 100644 --- a/gnu/packages/patches/ath9k-htc-firmware-binutils.patch +++ b/gnu/packages/patches/ath9k-htc-firmware-binutils.patch @@ -1,6 +1,12 @@ -This Binutils patch is from the ath9k-htc-firmware repository (version 1.3.2). -Not applying it (apparently) leads to miscompiled firmware, and loading it -fails with a "Target is unresponsive" message from the 'ath9k_htc' module. +These Binutils patches are from the ath9k-htc-firmware repository +(commit f6af791348b68ceadab375e4ed0f7bcda86cb3c0). + +Not applying the first patch (apparently) leads to miscompiled firmware, +and loading it fails with a "Target is unresponsive" message from the +'ath9k_htc' module. + +The final hunk, applied to 'gas/config/tc-xtensa.c', is copied from the +upstream file 'local/patches/binutils-2.27_fixup.patch'. From dbca73446265ce01b8e11462c3346b25953e3399 Mon Sep 17 00:00:00 2001 From: Sujith Manoharan <c_manoha@qca.qualcomm.com> @@ -28873,16 +28879,6 @@ diff --git a/include/xtensa-config.h b/include/xtensa-config.h index 30f4f41..fe9b051 100644 --- a/include/xtensa-config.h +++ b/include/xtensa-config.h -@@ -1,7 +1,7 @@ - /* Xtensa configuration settings. -- Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2010 -+ Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007 - Free Software Foundation, Inc. -- Contributed by Bob Wilson (bob.wilson@acm.org) at Tensilica. -+ Contributed by Bob Wilson (bwilson@tensilica.com) at Tensilica. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by @@ -44,10 +44,7 @@ #define XCHAL_HAVE_L32R 1 @@ -28973,3 +28969,20 @@ index 30f4f41..fe9b051 100644 #define XCHAL_MAX_INSTRUCTION_SIZE 3 -- 1.8.1 + +diff --git a/gas/config/tc-xtensa.c b/gas/config/tc-xtensa.c +index d062044..ca261ae 100644 +--- a/gas/config/tc-xtensa.c ++++ b/gas/config/tc-xtensa.c +@@ -2228,7 +2228,7 @@ xg_reverse_shift_count (char **cnt_argp) + cnt_arg = *cnt_argp; + + /* replace the argument with "31-(argument)" */ +- new_arg = concat ("31-(", cnt_argp, ")", (char *) NULL); ++ new_arg = concat ("31-(", cnt_arg, ")", (char *) NULL); + + free (cnt_arg); + *cnt_argp = new_arg; +-- +2.10.1 + diff --git a/gnu/packages/patches/binutils-mips-bash-bug.patch b/gnu/packages/patches/binutils-mips-bash-bug.patch new file mode 100644 index 0000000000..08d3a79749 --- /dev/null +++ b/gnu/packages/patches/binutils-mips-bash-bug.patch @@ -0,0 +1,22 @@ +Bash 4.2.0(1)-release, which we use during bootstrap, does not yield the +"x" case in: + + case x"$EMULATION_NAME" in x) ;; *) ;; esac + +when 'EMULATION_NAME' is undefined. Bash 4.3.30(1)-release doesn't have this +problem. Work around it. + +This Bash bug was fixed +in <http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-007>. + +--- a/ld/emulparams/elf32bmipn32-defs.sh ++++ b/ld/emulparams/elf32bmipn32-defs.sh +@@ -13,7 +13,7 @@ LITTLE_OUTPUT_FORMAT="elf32-littlemips" + TEMPLATE_NAME=elf32 + EXTRA_EM_FILE=mipself + +-case x"$EMULATION_NAME" in ++case "x$EMULATION_NAME" in + xelf32*n32*) ELFSIZE=32 ;; + xelf64*) ELFSIZE=64 ;; + x) ;; diff --git a/gnu/packages/patches/cmake-fix-tests.patch b/gnu/packages/patches/cmake-fix-tests.patch index f59e2cd625..732b0023ab 100644 --- a/gnu/packages/patches/cmake-fix-tests.patch +++ b/gnu/packages/patches/cmake-fix-tests.patch @@ -1,6 +1,17 @@ ---- cmake-3.2.2.orig/Tests/CMakeLists.txt 2015-04-14 01:09:00.000000000 +0800 -+++ cmake-3.2.2/Tests/CMakeLists.txt 2015-04-28 15:02:34.913039742 +0800 -@@ -342,10 +342,12 @@ +From af0a62dadfb3db25880bc653e2e4c97435a604c9 Mon Sep 17 00:00:00 2001 +From: Efraim Flashner <efraim@flashner.co.il> +Date: Mon, 29 Aug 2016 20:07:58 +0300 +Subject: [PATCH] cmake-fix-tests + +--- + Tests/CMakeLists.txt | 83 ++++++++++++++++++++++++++++------------------------ + 1 file changed, 44 insertions(+), 39 deletions(-) + +diff --git a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt +index f21e430..56014a2 100644 +--- a/Tests/CMakeLists.txt ++++ b/Tests/CMakeLists.txt +@@ -416,10 +416,12 @@ if(BUILD_TESTING) endif() # run test for BundleUtilities on supported platforms/compilers @@ -17,7 +28,7 @@ if(NOT "${CMAKE_GENERATOR}" STREQUAL "Watcom WMake") add_test(BundleUtilities ${CMAKE_CTEST_COMMAND} -@@ -2257,16 +2259,17 @@ +@@ -2481,30 +2483,32 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release PASS_REGULAR_EXPRESSION "Could not find executable" FAIL_REGULAR_EXPRESSION "SegFault") @@ -31,6 +42,20 @@ - ) - set_tests_properties(CTestTestUpload PROPERTIES - PASS_REGULAR_EXPRESSION "Upload\\.xml") +- +- configure_file( +- "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in" +- "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" +- @ONLY ESCAPE_QUOTES) +- add_test(CTestCoverageCollectGCOV ${CMAKE_CTEST_COMMAND} +- -C \${CTEST_CONFIGURATION_TYPE} +- -S "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -VV +- --output-log "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/testOut.log" +- ) +- set_tests_properties(CTestCoverageCollectGCOV PROPERTIES +- PASS_REGULAR_EXPRESSION +- "PASSED with correct output.*Testing/CoverageInfo/main.cpp.gcov") +- set_property(TEST CTestCoverageCollectGCOV PROPERTY ENVIRONMENT CTEST_PARALLEL_LEVEL=) +# This test requires network connectivity: skip it. +# configure_file( +# "${CMake_SOURCE_DIR}/Tests/CTestTestUpload/test.cmake.in" @@ -42,6 +67,54 @@ +# ) +# set_tests_properties(CTestTestUpload PROPERTIES +# PASS_REGULAR_EXPRESSION "Upload\\.xml") ++ ++# This test times out ++# configure_file( ++# "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in" ++# "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" ++# @ONLY ESCAPE_QUOTES) ++# add_test(CTestCoverageCollectGCOV ${CMAKE_CTEST_COMMAND} ++# -C \${CTEST_CONFIGURATION_TYPE} ++# -S "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -VV ++# --output-log "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/testOut.log" ++# ) ++# set_tests_properties(CTestCoverageCollectGCOV PROPERTIES ++# PASS_REGULAR_EXPRESSION ++# "PASSED with correct output.*Testing/CoverageInfo/main.cpp.gcov") ++# set_property(TEST CTestCoverageCollectGCOV PROPERTY ENVIRONMENT CTEST_PARALLEL_LEVEL=) + + configure_file( + "${CMake_SOURCE_DIR}/Tests/CTestTestEmptyBinaryDirectory/test.cmake.in" +@@ -2860,17 +2864,18 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release + set_tests_properties(CTestTestStopTime PROPERTIES + PASS_REGULAR_EXPRESSION "The stop time has been passed") + +- configure_file( +- "${CMake_SOURCE_DIR}/Tests/CTestTestSubdir/test.cmake.in" +- "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" +- @ONLY ESCAPE_QUOTES) +- add_test(CTestTestSubdir ${CMAKE_CTEST_COMMAND} +- -S "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -V +- --output-log "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/testOutput.log" +- ) +- #make sure all 3 subdirs were added +- set_tests_properties(CTestTestSubdir PROPERTIES +- PASS_REGULAR_EXPRESSION "0 tests failed out of 3") ++# This test fails to build 2 of the 3 tests ++# configure_file( ++# "${CMake_SOURCE_DIR}/Tests/CTestTestSubdir/test.cmake.in" ++# "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" ++# @ONLY ESCAPE_QUOTES) ++# add_test(CTestTestSubdir ${CMAKE_CTEST_COMMAND} ++# -S "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -V ++# --output-log "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/testOutput.log" ++# ) ++# #make sure all 3 subdirs were added ++# set_tests_properties(CTestTestSubdir PROPERTIES ++# PASS_REGULAR_EXPRESSION "0 tests failed out of 3") configure_file( - "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in" + "${CMake_SOURCE_DIR}/Tests/CTestTestTimeout/test.cmake.in" +-- +2.9.3 + diff --git a/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch b/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch deleted file mode 100644 index edc43f84f1..0000000000 --- a/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch +++ /dev/null @@ -1,142 +0,0 @@ -Fix CVE-2012-6702 and CVE-2016-5300. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300 - -Patch copied from: -https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u3/debian/patches/cve-2012-6702-plus-cve-2016-5300-v1.patch/ - -From cb31522769d11a375078a073cba94e7176cb48a4 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping <sebastian@pipping.org> -Date: Wed, 16 Mar 2016 15:30:12 +0100 -Subject: [PATCH] Resolve call to srand, use more entropy (patch version 1.0) - -Squashed backport against vanilla Expat 2.1.1, addressing: -* CVE-2012-6702 -- unanticipated internal calls to srand -* CVE-2016-5300 -- use of too little entropy - -Since commit e3e81a6d9f0885ea02d3979151c358f314bf3d6d -(released with Expat 2.1.0) Expat called srand by itself -from inside generate_hash_secret_salt for an instance -of XML_Parser if XML_SetHashSalt was either (a) not called -for that instance or if (b) salt 0 was passed to XML_SetHashSalt -prior to parsing. That call to srand passed (rather litle) -entropy extracted from the current time as a seed for srand. - -That call to srand (1) broke repeatability for code calling -srand with a non-random seed prior to parsing with Expat, -and (2) resulted in a rather small set of hashing salts in -Expat in total. - -For a short- to mid-term fix, the new approach avoids calling -srand altogether, extracts more entropy out of the clock and -other sources, too. - -For a long term fix, we may want to read sizeof(long) bytes -from a source like getrandom(..) on Linux, and from similar -sources on other supported architectures. - -https://bugzilla.redhat.com/show_bug.cgi?id=1197087 ---- - CMakeLists.txt | 3 +++ - lib/xmlparse.c | 48 +++++++++++++++++++++++++++++++++++++++++------- - 2 files changed, 44 insertions(+), 7 deletions(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 353627e..524d514 100755 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -41,6 +41,9 @@ include_directories(${CMAKE_BINARY_DIR} ${CMAKE_SOURCE_DIR}/lib) - if(MSVC) - add_definitions(-D_CRT_SECURE_NO_WARNINGS -wd4996) - endif(MSVC) -+if(WIN32) -+ add_definitions(-DCOMPILED_FROM_DSP) -+endif(WIN32) - - set(expat_SRCS - lib/xmlparse.c -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index e308c79..c5f942f 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -6,7 +6,14 @@ - #include <string.h> /* memset(), memcpy() */ - #include <assert.h> - #include <limits.h> /* UINT_MAX */ --#include <time.h> /* time() */ -+ -+#ifdef COMPILED_FROM_DSP -+#define getpid GetCurrentProcessId -+#else -+#include <sys/time.h> /* gettimeofday() */ -+#include <sys/types.h> /* getpid() */ -+#include <unistd.h> /* getpid() */ -+#endif - - #define XML_BUILDING_EXPAT 1 - -@@ -432,7 +439,7 @@ static ELEMENT_TYPE * - getElementType(XML_Parser parser, const ENCODING *enc, - const char *ptr, const char *end); - --static unsigned long generate_hash_secret_salt(void); -+static unsigned long generate_hash_secret_salt(XML_Parser parser); - static XML_Bool startParsing(XML_Parser parser); - - static XML_Parser -@@ -691,11 +698,38 @@ static const XML_Char implicitContext[] = { - }; - - static unsigned long --generate_hash_secret_salt(void) -+gather_time_entropy(void) - { -- unsigned int seed = time(NULL) % UINT_MAX; -- srand(seed); -- return rand(); -+#ifdef COMPILED_FROM_DSP -+ FILETIME ft; -+ GetSystemTimeAsFileTime(&ft); /* never fails */ -+ return ft.dwHighDateTime ^ ft.dwLowDateTime; -+#else -+ struct timeval tv; -+ int gettimeofday_res; -+ -+ gettimeofday_res = gettimeofday(&tv, NULL); -+ assert (gettimeofday_res == 0); -+ -+ /* Microseconds time is <20 bits entropy */ -+ return tv.tv_usec; -+#endif -+} -+ -+static unsigned long -+generate_hash_secret_salt(XML_Parser parser) -+{ -+ /* Process ID is 0 bits entropy if attacker has local access -+ * XML_Parser address is few bits of entropy if attacker has local access */ -+ const unsigned long entropy = -+ gather_time_entropy() ^ getpid() ^ (unsigned long)parser; -+ -+ /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */ -+ if (sizeof(unsigned long) == 4) { -+ return entropy * 2147483647; -+ } else { -+ return entropy * 2305843009213693951; -+ } - } - - static XML_Bool /* only valid for root parser */ -@@ -703,7 +737,7 @@ startParsing(XML_Parser parser) - { - /* hash functions must be initialized before setContext() is called */ - if (hash_secret_salt == 0) -- hash_secret_salt = generate_hash_secret_salt(); -+ hash_secret_salt = generate_hash_secret_salt(parser); - if (ns) { - /* implicit context only set for root parser, since child - parsers (i.e. external entity parsers) will inherit it --- -2.8.2 - diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch deleted file mode 100644 index fc8d6291f5..0000000000 --- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch +++ /dev/null @@ -1,39 +0,0 @@ -Follow-up upstream fix for CVE-2015-1283 to not rely on undefined -behavior. - -Adapted from a patch from Debian (found in Debian package version -2.1.0-6+deb8u2) to apply to upstream code: - -https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/ - ---- - lib/xmlparse.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 0f6f4cd..5c70c17 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len) - } - - if (len > bufferLim - bufferEnd) { -- int neededSize = len + (int)(bufferEnd - bufferPtr); -+ /* Do not invoke signed arithmetic overflow: */ -+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr)); - if (neededSize < 0) { - errorCode = XML_ERROR_NO_MEMORY; - return NULL; -@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len) - if (bufferSize == 0) - bufferSize = INIT_BUFFER_SIZE; - do { -- bufferSize *= 2; -+ /* Do not invoke signed arithmetic overflow: */ -+ bufferSize = (int) (2U * (unsigned) bufferSize); - } while (bufferSize < neededSize && bufferSize > 0); - if (bufferSize <= 0) { - errorCode = XML_ERROR_NO_MEMORY; --- -2.8.3 - diff --git a/gnu/packages/patches/expat-CVE-2016-0718.patch b/gnu/packages/patches/expat-CVE-2016-0718.patch deleted file mode 100644 index 22436c20cc..0000000000 --- a/gnu/packages/patches/expat-CVE-2016-0718.patch +++ /dev/null @@ -1,761 +0,0 @@ -Fix CVE-2016-0718. - -Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2. - -https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2016-0718-v2-2-1.patch/ - -From cdfcb1b5c95e93b00ae9e9d25708b4a3bee72c15 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping <sebastian@pipping.org> -Date: Mon, 2 May 2016 00:02:44 +0200 -Subject: [PATCH] Address CVE-2016-0718 (/patch/ version 2.2.1) - -* Out of bounds memory access when doing text conversion on malformed input -* Integer overflow related to memory allocation - -Reported by Gustavo Grieco - -Patch credits go to -* Christian Heimes -* Karl Waclawek -* Gustavo Grieco -* Sebastian Pipping -* Pascal Cuoq ---- - expat/lib/xmlparse.c | 34 +++++++++----- - expat/lib/xmltok.c | 115 +++++++++++++++++++++++++++++++++++------------- - expat/lib/xmltok.h | 10 ++++- - expat/lib/xmltok_impl.c | 62 +++++++++++++------------- - 4 files changed, 146 insertions(+), 75 deletions(-) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index e308c79..13e080d 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -2436,11 +2436,11 @@ doContent(XML_Parser parser, - for (;;) { - int bufSize; - int convLen; -- XmlConvert(enc, -+ const enum XML_Convert_Result convert_res = XmlConvert(enc, - &fromPtr, rawNameEnd, - (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1); - convLen = (int)(toPtr - (XML_Char *)tag->buf); -- if (fromPtr == rawNameEnd) { -+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { - tag->name.strLen = convLen; - break; - } -@@ -2661,11 +2661,11 @@ doContent(XML_Parser parser, - if (MUST_CONVERT(enc, s)) { - for (;;) { - ICHAR *dataPtr = (ICHAR *)dataBuf; -- XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd); -+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd); - *eventEndPP = s; - charDataHandler(handlerArg, dataBuf, - (int)(dataPtr - (ICHAR *)dataBuf)); -- if (s == next) -+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) - break; - *eventPP = s; - } -@@ -3269,11 +3269,11 @@ doCdataSection(XML_Parser parser, - if (MUST_CONVERT(enc, s)) { - for (;;) { - ICHAR *dataPtr = (ICHAR *)dataBuf; -- XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd); -+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd); - *eventEndPP = next; - charDataHandler(handlerArg, dataBuf, - (int)(dataPtr - (ICHAR *)dataBuf)); -- if (s == next) -+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) - break; - *eventPP = s; - } -@@ -5350,6 +5350,7 @@ reportDefault(XML_Parser parser, const ENCODING *enc, - const char *s, const char *end) - { - if (MUST_CONVERT(enc, s)) { -+ enum XML_Convert_Result convert_res; - const char **eventPP; - const char **eventEndPP; - if (enc == encoding) { -@@ -5362,11 +5363,11 @@ reportDefault(XML_Parser parser, const ENCODING *enc, - } - do { - ICHAR *dataPtr = (ICHAR *)dataBuf; -- XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd); -+ convert_res = XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd); - *eventEndPP = s; - defaultHandler(handlerArg, dataBuf, (int)(dataPtr - (ICHAR *)dataBuf)); - *eventPP = s; -- } while (s != end); -+ } while ((convert_res != XML_CONVERT_COMPLETED) && (convert_res != XML_CONVERT_INPUT_INCOMPLETE)); - } - else - defaultHandler(handlerArg, (XML_Char *)s, (int)((XML_Char *)end - (XML_Char *)s)); -@@ -6169,8 +6170,8 @@ poolAppend(STRING_POOL *pool, const ENCODING *enc, - if (!pool->ptr && !poolGrow(pool)) - return NULL; - for (;;) { -- XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end); -- if (ptr == end) -+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end); -+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) - break; - if (!poolGrow(pool)) - return NULL; -@@ -6254,8 +6255,13 @@ poolGrow(STRING_POOL *pool) - } - } - if (pool->blocks && pool->start == pool->blocks->s) { -- int blockSize = (int)(pool->end - pool->start)*2; -- BLOCK *temp = (BLOCK *) -+ BLOCK *temp; -+ int blockSize = (int)((unsigned)(pool->end - pool->start)*2U); -+ -+ if (blockSize < 0) -+ return XML_FALSE; -+ -+ temp = (BLOCK *) - pool->mem->realloc_fcn(pool->blocks, - (offsetof(BLOCK, s) - + blockSize * sizeof(XML_Char))); -@@ -6270,6 +6276,10 @@ poolGrow(STRING_POOL *pool) - else { - BLOCK *tem; - int blockSize = (int)(pool->end - pool->start); -+ -+ if (blockSize < 0) -+ return XML_FALSE; -+ - if (blockSize < INIT_BLOCK_SIZE) - blockSize = INIT_BLOCK_SIZE; - else -diff --git a/lib/xmltok.c b/lib/xmltok.c -index bf09dfc..cb98ce1 100644 ---- a/lib/xmltok.c -+++ b/lib/xmltok.c -@@ -318,39 +318,55 @@ enum { /* UTF8_cvalN is value of masked first byte of N byte sequence */ - UTF8_cval4 = 0xf0 - }; - --static void PTRCALL -+static enum XML_Convert_Result PTRCALL - utf8_toUtf8(const ENCODING *enc, - const char **fromP, const char *fromLim, - char **toP, const char *toLim) - { -+ enum XML_Convert_Result res = XML_CONVERT_COMPLETED; - char *to; - const char *from; - if (fromLim - *fromP > toLim - *toP) { - /* Avoid copying partial characters. */ -+ res = XML_CONVERT_OUTPUT_EXHAUSTED; - for (fromLim = *fromP + (toLim - *toP); fromLim > *fromP; fromLim--) - if (((unsigned char)fromLim[-1] & 0xc0) != 0x80) - break; - } -- for (to = *toP, from = *fromP; from != fromLim; from++, to++) -+ for (to = *toP, from = *fromP; (from < fromLim) && (to < toLim); from++, to++) - *to = *from; - *fromP = from; - *toP = to; -+ -+ if ((to == toLim) && (from < fromLim)) -+ return XML_CONVERT_OUTPUT_EXHAUSTED; -+ else -+ return res; - } - --static void PTRCALL -+static enum XML_Convert_Result PTRCALL - utf8_toUtf16(const ENCODING *enc, - const char **fromP, const char *fromLim, - unsigned short **toP, const unsigned short *toLim) - { -+ enum XML_Convert_Result res = XML_CONVERT_COMPLETED; - unsigned short *to = *toP; - const char *from = *fromP; -- while (from != fromLim && to != toLim) { -+ while (from < fromLim && to < toLim) { - switch (((struct normal_encoding *)enc)->type[(unsigned char)*from]) { - case BT_LEAD2: -+ if (fromLim - from < 2) { -+ res = XML_CONVERT_INPUT_INCOMPLETE; -+ break; -+ } - *to++ = (unsigned short)(((from[0] & 0x1f) << 6) | (from[1] & 0x3f)); - from += 2; - break; - case BT_LEAD3: -+ if (fromLim - from < 3) { -+ res = XML_CONVERT_INPUT_INCOMPLETE; -+ break; -+ } - *to++ = (unsigned short)(((from[0] & 0xf) << 12) - | ((from[1] & 0x3f) << 6) | (from[2] & 0x3f)); - from += 3; -@@ -358,8 +374,14 @@ utf8_toUtf16(const ENCODING *enc, - case BT_LEAD4: - { - unsigned long n; -- if (to + 1 == toLim) -+ if (toLim - to < 2) { -+ res = XML_CONVERT_OUTPUT_EXHAUSTED; - goto after; -+ } -+ if (fromLim - from < 4) { -+ res = XML_CONVERT_INPUT_INCOMPLETE; -+ goto after; -+ } - n = ((from[0] & 0x7) << 18) | ((from[1] & 0x3f) << 12) - | ((from[2] & 0x3f) << 6) | (from[3] & 0x3f); - n -= 0x10000; -@@ -377,6 +399,7 @@ utf8_toUtf16(const ENCODING *enc, - after: - *fromP = from; - *toP = to; -+ return res; - } - - #ifdef XML_NS -@@ -425,7 +448,7 @@ static const struct normal_encoding internal_utf8_encoding = { - STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_) - }; - --static void PTRCALL -+static enum XML_Convert_Result PTRCALL - latin1_toUtf8(const ENCODING *enc, - const char **fromP, const char *fromLim, - char **toP, const char *toLim) -@@ -433,30 +456,35 @@ latin1_toUtf8(const ENCODING *enc, - for (;;) { - unsigned char c; - if (*fromP == fromLim) -- break; -+ return XML_CONVERT_COMPLETED; - c = (unsigned char)**fromP; - if (c & 0x80) { - if (toLim - *toP < 2) -- break; -+ return XML_CONVERT_OUTPUT_EXHAUSTED; - *(*toP)++ = (char)((c >> 6) | UTF8_cval2); - *(*toP)++ = (char)((c & 0x3f) | 0x80); - (*fromP)++; - } - else { - if (*toP == toLim) -- break; -+ return XML_CONVERT_OUTPUT_EXHAUSTED; - *(*toP)++ = *(*fromP)++; - } - } - } - --static void PTRCALL -+static enum XML_Convert_Result PTRCALL - latin1_toUtf16(const ENCODING *enc, - const char **fromP, const char *fromLim, - unsigned short **toP, const unsigned short *toLim) - { -- while (*fromP != fromLim && *toP != toLim) -+ while (*fromP < fromLim && *toP < toLim) - *(*toP)++ = (unsigned char)*(*fromP)++; -+ -+ if ((*toP == toLim) && (*fromP < fromLim)) -+ return XML_CONVERT_OUTPUT_EXHAUSTED; -+ else -+ return XML_CONVERT_COMPLETED; - } - - #ifdef XML_NS -@@ -483,13 +511,18 @@ static const struct normal_encoding latin1_encoding = { - STANDARD_VTABLE(sb_) - }; - --static void PTRCALL -+static enum XML_Convert_Result PTRCALL - ascii_toUtf8(const ENCODING *enc, - const char **fromP, const char *fromLim, - char **toP, const char *toLim) - { -- while (*fromP != fromLim && *toP != toLim) -+ while (*fromP < fromLim && *toP < toLim) - *(*toP)++ = *(*fromP)++; -+ -+ if ((*toP == toLim) && (*fromP < fromLim)) -+ return XML_CONVERT_OUTPUT_EXHAUSTED; -+ else -+ return XML_CONVERT_COMPLETED; - } - - #ifdef XML_NS -@@ -536,13 +569,14 @@ unicode_byte_type(char hi, char lo) - } - - #define DEFINE_UTF16_TO_UTF8(E) \ --static void PTRCALL \ -+static enum XML_Convert_Result PTRCALL \ - E ## toUtf8(const ENCODING *enc, \ - const char **fromP, const char *fromLim, \ - char **toP, const char *toLim) \ - { \ -- const char *from; \ -- for (from = *fromP; from != fromLim; from += 2) { \ -+ const char *from = *fromP; \ -+ fromLim = from + (((fromLim - from) >> 1) << 1); /* shrink to even */ \ -+ for (; from < fromLim; from += 2) { \ - int plane; \ - unsigned char lo2; \ - unsigned char lo = GET_LO(from); \ -@@ -552,7 +586,7 @@ E ## toUtf8(const ENCODING *enc, \ - if (lo < 0x80) { \ - if (*toP == toLim) { \ - *fromP = from; \ -- return; \ -+ return XML_CONVERT_OUTPUT_EXHAUSTED; \ - } \ - *(*toP)++ = lo; \ - break; \ -@@ -562,7 +596,7 @@ E ## toUtf8(const ENCODING *enc, \ - case 0x4: case 0x5: case 0x6: case 0x7: \ - if (toLim - *toP < 2) { \ - *fromP = from; \ -- return; \ -+ return XML_CONVERT_OUTPUT_EXHAUSTED; \ - } \ - *(*toP)++ = ((lo >> 6) | (hi << 2) | UTF8_cval2); \ - *(*toP)++ = ((lo & 0x3f) | 0x80); \ -@@ -570,7 +604,7 @@ E ## toUtf8(const ENCODING *enc, \ - default: \ - if (toLim - *toP < 3) { \ - *fromP = from; \ -- return; \ -+ return XML_CONVERT_OUTPUT_EXHAUSTED; \ - } \ - /* 16 bits divided 4, 6, 6 amongst 3 bytes */ \ - *(*toP)++ = ((hi >> 4) | UTF8_cval3); \ -@@ -580,7 +614,11 @@ E ## toUtf8(const ENCODING *enc, \ - case 0xD8: case 0xD9: case 0xDA: case 0xDB: \ - if (toLim - *toP < 4) { \ - *fromP = from; \ -- return; \ -+ return XML_CONVERT_OUTPUT_EXHAUSTED; \ -+ } \ -+ if (fromLim - from < 4) { \ -+ *fromP = from; \ -+ return XML_CONVERT_INPUT_INCOMPLETE; \ - } \ - plane = (((hi & 0x3) << 2) | ((lo >> 6) & 0x3)) + 1; \ - *(*toP)++ = ((plane >> 2) | UTF8_cval4); \ -@@ -596,20 +634,32 @@ E ## toUtf8(const ENCODING *enc, \ - } \ - } \ - *fromP = from; \ -+ if (from < fromLim) \ -+ return XML_CONVERT_INPUT_INCOMPLETE; \ -+ else \ -+ return XML_CONVERT_COMPLETED; \ - } - - #define DEFINE_UTF16_TO_UTF16(E) \ --static void PTRCALL \ -+static enum XML_Convert_Result PTRCALL \ - E ## toUtf16(const ENCODING *enc, \ - const char **fromP, const char *fromLim, \ - unsigned short **toP, const unsigned short *toLim) \ - { \ -+ enum XML_Convert_Result res = XML_CONVERT_COMPLETED; \ -+ fromLim = *fromP + (((fromLim - *fromP) >> 1) << 1); /* shrink to even */ \ - /* Avoid copying first half only of surrogate */ \ - if (fromLim - *fromP > ((toLim - *toP) << 1) \ -- && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) \ -+ && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) { \ - fromLim -= 2; \ -- for (; *fromP != fromLim && *toP != toLim; *fromP += 2) \ -+ res = XML_CONVERT_INPUT_INCOMPLETE; \ -+ } \ -+ for (; *fromP < fromLim && *toP < toLim; *fromP += 2) \ - *(*toP)++ = (GET_HI(*fromP) << 8) | GET_LO(*fromP); \ -+ if ((*toP == toLim) && (*fromP < fromLim)) \ -+ return XML_CONVERT_OUTPUT_EXHAUSTED; \ -+ else \ -+ return res; \ - } - - #define SET2(ptr, ch) \ -@@ -1288,7 +1338,7 @@ unknown_isInvalid(const ENCODING *enc, const char *p) - return (c & ~0xFFFF) || checkCharRefNumber(c) < 0; - } - --static void PTRCALL -+static enum XML_Convert_Result PTRCALL - unknown_toUtf8(const ENCODING *enc, - const char **fromP, const char *fromLim, - char **toP, const char *toLim) -@@ -1299,21 +1349,21 @@ unknown_toUtf8(const ENCODING *enc, - const char *utf8; - int n; - if (*fromP == fromLim) -- break; -+ return XML_CONVERT_COMPLETED; - utf8 = uenc->utf8[(unsigned char)**fromP]; - n = *utf8++; - if (n == 0) { - int c = uenc->convert(uenc->userData, *fromP); - n = XmlUtf8Encode(c, buf); - if (n > toLim - *toP) -- break; -+ return XML_CONVERT_OUTPUT_EXHAUSTED; - utf8 = buf; - *fromP += (AS_NORMAL_ENCODING(enc)->type[(unsigned char)**fromP] - - (BT_LEAD2 - 2)); - } - else { - if (n > toLim - *toP) -- break; -+ return XML_CONVERT_OUTPUT_EXHAUSTED; - (*fromP)++; - } - do { -@@ -1322,13 +1372,13 @@ unknown_toUtf8(const ENCODING *enc, - } - } - --static void PTRCALL -+static enum XML_Convert_Result PTRCALL - unknown_toUtf16(const ENCODING *enc, - const char **fromP, const char *fromLim, - unsigned short **toP, const unsigned short *toLim) - { - const struct unknown_encoding *uenc = AS_UNKNOWN_ENCODING(enc); -- while (*fromP != fromLim && *toP != toLim) { -+ while (*fromP < fromLim && *toP < toLim) { - unsigned short c = uenc->utf16[(unsigned char)**fromP]; - if (c == 0) { - c = (unsigned short) -@@ -1340,6 +1390,11 @@ unknown_toUtf16(const ENCODING *enc, - (*fromP)++; - *(*toP)++ = c; - } -+ -+ if ((*toP == toLim) && (*fromP < fromLim)) -+ return XML_CONVERT_OUTPUT_EXHAUSTED; -+ else -+ return XML_CONVERT_COMPLETED; - } - - ENCODING * -@@ -1503,7 +1558,7 @@ initScan(const ENCODING * const *encodingTable, - { - const ENCODING **encPtr; - -- if (ptr == end) -+ if (ptr >= end) - return XML_TOK_NONE; - encPtr = enc->encPtr; - if (ptr + 1 == end) { -diff --git a/lib/xmltok.h b/lib/xmltok.h -index ca867aa..752007e 100644 ---- a/lib/xmltok.h -+++ b/lib/xmltok.h -@@ -130,6 +130,12 @@ typedef int (PTRCALL *SCANNER)(const ENCODING *, - const char *, - const char **); - -+enum XML_Convert_Result { -+ XML_CONVERT_COMPLETED = 0, -+ XML_CONVERT_INPUT_INCOMPLETE = 1, -+ XML_CONVERT_OUTPUT_EXHAUSTED = 2 /* and therefore potentially input remaining as well */ -+}; -+ - struct encoding { - SCANNER scanners[XML_N_STATES]; - SCANNER literalScanners[XML_N_LITERAL_TYPES]; -@@ -158,12 +164,12 @@ struct encoding { - const char *ptr, - const char *end, - const char **badPtr); -- void (PTRCALL *utf8Convert)(const ENCODING *enc, -+ enum XML_Convert_Result (PTRCALL *utf8Convert)(const ENCODING *enc, - const char **fromP, - const char *fromLim, - char **toP, - const char *toLim); -- void (PTRCALL *utf16Convert)(const ENCODING *enc, -+ enum XML_Convert_Result (PTRCALL *utf16Convert)(const ENCODING *enc, - const char **fromP, - const char *fromLim, - unsigned short **toP, -diff --git a/lib/xmltok_impl.c b/lib/xmltok_impl.c -index 9c2895b..6c5a3ba 100644 ---- a/lib/xmltok_impl.c -+++ b/lib/xmltok_impl.c -@@ -93,13 +93,13 @@ static int PTRCALL - PREFIX(scanComment)(const ENCODING *enc, const char *ptr, - const char *end, const char **nextTokPtr) - { -- if (ptr != end) { -+ if (ptr < end) { - if (!CHAR_MATCHES(enc, ptr, ASCII_MINUS)) { - *nextTokPtr = ptr; - return XML_TOK_INVALID; - } - ptr += MINBPC(enc); -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - INVALID_CASES(ptr, nextTokPtr) - case BT_MINUS: -@@ -147,7 +147,7 @@ PREFIX(scanDecl)(const ENCODING *enc, const char *ptr, - *nextTokPtr = ptr; - return XML_TOK_INVALID; - } -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - case BT_PERCNT: - if (ptr + MINBPC(enc) == end) -@@ -233,7 +233,7 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr, - *nextTokPtr = ptr; - return XML_TOK_INVALID; - } -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) - case BT_S: case BT_CR: case BT_LF: -@@ -242,7 +242,7 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr, - return XML_TOK_INVALID; - } - ptr += MINBPC(enc); -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - INVALID_CASES(ptr, nextTokPtr) - case BT_QUEST: -@@ -305,7 +305,7 @@ static int PTRCALL - PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr, - const char *end, const char **nextTokPtr) - { -- if (ptr == end) -+ if (ptr >= end) - return XML_TOK_NONE; - if (MINBPC(enc) > 1) { - size_t n = end - ptr; -@@ -348,7 +348,7 @@ PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr, - ptr += MINBPC(enc); - break; - } -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - #define LEAD_CASE(n) \ - case BT_LEAD ## n: \ -@@ -391,11 +391,11 @@ PREFIX(scanEndTag)(const ENCODING *enc, const char *ptr, - *nextTokPtr = ptr; - return XML_TOK_INVALID; - } -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) - case BT_S: case BT_CR: case BT_LF: -- for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { -+ for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) { - switch (BYTE_TYPE(enc, ptr)) { - case BT_S: case BT_CR: case BT_LF: - break; -@@ -432,7 +432,7 @@ static int PTRCALL - PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr, - const char *end, const char **nextTokPtr) - { -- if (ptr != end) { -+ if (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - case BT_DIGIT: - case BT_HEX: -@@ -441,7 +441,7 @@ PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr, - *nextTokPtr = ptr; - return XML_TOK_INVALID; - } -- for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { -+ for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) { - switch (BYTE_TYPE(enc, ptr)) { - case BT_DIGIT: - case BT_HEX: -@@ -464,7 +464,7 @@ static int PTRCALL - PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr, - const char *end, const char **nextTokPtr) - { -- if (ptr != end) { -+ if (ptr < end) { - if (CHAR_MATCHES(enc, ptr, ASCII_x)) - return PREFIX(scanHexCharRef)(enc, ptr + MINBPC(enc), end, nextTokPtr); - switch (BYTE_TYPE(enc, ptr)) { -@@ -474,7 +474,7 @@ PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr, - *nextTokPtr = ptr; - return XML_TOK_INVALID; - } -- for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { -+ for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) { - switch (BYTE_TYPE(enc, ptr)) { - case BT_DIGIT: - break; -@@ -506,7 +506,7 @@ PREFIX(scanRef)(const ENCODING *enc, const char *ptr, const char *end, - *nextTokPtr = ptr; - return XML_TOK_INVALID; - } -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) - case BT_SEMI: -@@ -529,7 +529,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end, - #ifdef XML_NS - int hadColon = 0; - #endif -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) - #ifdef XML_NS -@@ -716,7 +716,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end, - hadColon = 0; - #endif - /* we have a start-tag */ -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) - #ifdef XML_NS -@@ -740,7 +740,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end, - case BT_S: case BT_CR: case BT_LF: - { - ptr += MINBPC(enc); -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr) - case BT_GT: -@@ -785,7 +785,7 @@ static int PTRCALL - PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end, - const char **nextTokPtr) - { -- if (ptr == end) -+ if (ptr >= end) - return XML_TOK_NONE; - if (MINBPC(enc) > 1) { - size_t n = end - ptr; -@@ -832,7 +832,7 @@ PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end, - ptr += MINBPC(enc); - break; - } -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - #define LEAD_CASE(n) \ - case BT_LEAD ## n: \ -@@ -895,7 +895,7 @@ PREFIX(scanPercent)(const ENCODING *enc, const char *ptr, const char *end, - *nextTokPtr = ptr; - return XML_TOK_INVALID; - } -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) - case BT_SEMI: -@@ -921,7 +921,7 @@ PREFIX(scanPoundName)(const ENCODING *enc, const char *ptr, const char *end, - *nextTokPtr = ptr; - return XML_TOK_INVALID; - } -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) - case BT_CR: case BT_LF: case BT_S: -@@ -941,7 +941,7 @@ PREFIX(scanLit)(int open, const ENCODING *enc, - const char *ptr, const char *end, - const char **nextTokPtr) - { -- while (ptr != end) { -+ while (ptr < end) { - int t = BYTE_TYPE(enc, ptr); - switch (t) { - INVALID_CASES(ptr, nextTokPtr) -@@ -973,7 +973,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end, - const char **nextTokPtr) - { - int tok; -- if (ptr == end) -+ if (ptr >= end) - return XML_TOK_NONE; - if (MINBPC(enc) > 1) { - size_t n = end - ptr; -@@ -1141,7 +1141,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end, - *nextTokPtr = ptr; - return XML_TOK_INVALID; - } -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) - case BT_GT: case BT_RPAR: case BT_COMMA: -@@ -1204,10 +1204,10 @@ PREFIX(attributeValueTok)(const ENCODING *enc, const char *ptr, - const char *end, const char **nextTokPtr) - { - const char *start; -- if (ptr == end) -+ if (ptr >= end) - return XML_TOK_NONE; - start = ptr; -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - #define LEAD_CASE(n) \ - case BT_LEAD ## n: ptr += n; break; -@@ -1262,10 +1262,10 @@ PREFIX(entityValueTok)(const ENCODING *enc, const char *ptr, - const char *end, const char **nextTokPtr) - { - const char *start; -- if (ptr == end) -+ if (ptr >= end) - return XML_TOK_NONE; - start = ptr; -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - #define LEAD_CASE(n) \ - case BT_LEAD ## n: ptr += n; break; -@@ -1326,7 +1326,7 @@ PREFIX(ignoreSectionTok)(const ENCODING *enc, const char *ptr, - end = ptr + n; - } - } -- while (ptr != end) { -+ while (ptr < end) { - switch (BYTE_TYPE(enc, ptr)) { - INVALID_CASES(ptr, nextTokPtr) - case BT_LT: -@@ -1373,7 +1373,7 @@ PREFIX(isPublicId)(const ENCODING *enc, const char *ptr, const char *end, - { - ptr += MINBPC(enc); - end -= MINBPC(enc); -- for (; ptr != end; ptr += MINBPC(enc)) { -+ for (; ptr < end; ptr += MINBPC(enc)) { - switch (BYTE_TYPE(enc, ptr)) { - case BT_DIGIT: - case BT_HEX: -@@ -1760,7 +1760,7 @@ PREFIX(updatePosition)(const ENCODING *enc, - case BT_CR: - pos->lineNumber++; - ptr += MINBPC(enc); -- if (ptr != end && BYTE_TYPE(enc, ptr) == BT_LF) -+ if (ptr < end && BYTE_TYPE(enc, ptr) == BT_LF) - ptr += MINBPC(enc); - pos->columnNumber = (XML_Size)-1; - break; --- -2.8.2 - diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch new file mode 100644 index 0000000000..1f3cb028d4 --- /dev/null +++ b/gnu/packages/patches/flex-CVE-2016-6354.patch @@ -0,0 +1,30 @@ +Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354 +https://security-tracker.debian.org/tracker/CVE-2016-6354 + +Patch copied from upstream source repository: +https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 + +From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001 +From: Will Estes <westes575@gmail.com> +Date: Sat, 27 Feb 2016 11:56:05 -0500 +Subject: [PATCH] Fixed incorrect integer type + +--- + src/flex.skl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/flex.skl b/src/flex.skl +index 36a526a..64f853d 100644 +--- a/src/flex.skl ++++ b/src/flex.skl +@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer() + + else + { +- yy_size_t num_to_read = ++ int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) diff --git a/gnu/packages/patches/fontconfig-CVE-2016-5384.patch b/gnu/packages/patches/fontconfig-CVE-2016-5384.patch deleted file mode 100644 index 617d5afbaf..0000000000 --- a/gnu/packages/patches/fontconfig-CVE-2016-5384.patch +++ /dev/null @@ -1,170 +0,0 @@ -Fix CVE-2016-5384 (double-free resulting in arbitrary code execution): - -<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5384> - -Copied from upstream code repository: - -<https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940> - -From 7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sat, 25 Jun 2016 19:18:53 +0200 -Subject: Properly validate offsets in cache files. - -The cache files are insufficiently validated. Even though the magic -number at the beginning of the file as well as time stamps are checked, -it is not verified if contained offsets are in legal ranges or are -even pointers. - -The lack of validation allows an attacker to trigger arbitrary free() -calls, which in turn allows double free attacks and therefore arbitrary -code execution. Due to the conversion from offsets into pointers through -macros, this even allows to circumvent ASLR protections. - -This attack vector allows privilege escalation when used with setuid -binaries like fbterm. A user can create ~/.fonts or any other -system-defined user-private font directory, run fc-cache and adjust -cache files in ~/.cache/fontconfig. The execution of setuid binaries will -scan these files and therefore are prone to attacks. - -If it's not about code execution, an endless loop can be created by -letting linked lists become circular linked lists. - -This patch verifies that: - -- The file is not larger than the maximum addressable space, which - basically only affects 32 bit systems. This allows out of boundary - access into unallocated memory. -- Offsets are always positive or zero -- Offsets do not point outside file boundaries -- No pointers are allowed in cache files, every "pointer or offset" - field must be an offset or NULL -- Iterating linked lists must not take longer than the amount of elements - specified. A violation of this rule can break a possible endless loop. - -If one or more of these points are violated, the cache is recreated. -This is current behaviour. - -Even though this patch fixes many issues, the use of mmap() shall be -forbidden in setuid binaries. It is impossible to guarantee with these -checks that a malicious user does not change cache files after -verification. This should be handled in a different patch. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> - -diff --git a/src/fccache.c b/src/fccache.c -index 71e8f03..02ec301 100644 ---- a/src/fccache.c -+++ b/src/fccache.c -@@ -27,6 +27,7 @@ - #include <fcntl.h> - #include <dirent.h> - #include <string.h> -+#include <limits.h> - #include <sys/types.h> - #include <sys/stat.h> - #include <assert.h> -@@ -587,6 +588,82 @@ FcCacheTimeValid (FcConfig *config, FcCache *cache, struct stat *dir_stat) - return cache->checksum == (int) dir_stat->st_mtime && fnano; - } - -+static FcBool -+FcCacheOffsetsValid (FcCache *cache) -+{ -+ char *base = (char *)cache; -+ char *end = base + cache->size; -+ intptr_t *dirs; -+ FcFontSet *fs; -+ int i, j; -+ -+ if (cache->dir < 0 || cache->dir > cache->size - sizeof (intptr_t) || -+ memchr (base + cache->dir, '\0', cache->size - cache->dir) == NULL) -+ return FcFalse; -+ -+ if (cache->dirs < 0 || cache->dirs >= cache->size || -+ cache->dirs_count < 0 || -+ cache->dirs_count > (cache->size - cache->dirs) / sizeof (intptr_t)) -+ return FcFalse; -+ -+ dirs = FcCacheDirs (cache); -+ if (dirs) -+ { -+ for (i = 0; i < cache->dirs_count; i++) -+ { -+ FcChar8 *dir; -+ -+ if (dirs[i] < 0 || -+ dirs[i] > end - (char *) dirs - sizeof (intptr_t)) -+ return FcFalse; -+ -+ dir = FcOffsetToPtr (dirs, dirs[i], FcChar8); -+ if (memchr (dir, '\0', end - (char *) dir) == NULL) -+ return FcFalse; -+ } -+ } -+ -+ if (cache->set < 0 || cache->set > cache->size - sizeof (FcFontSet)) -+ return FcFalse; -+ -+ fs = FcCacheSet (cache); -+ if (fs) -+ { -+ if (fs->nfont > (end - (char *) fs) / sizeof (FcPattern)) -+ return FcFalse; -+ -+ if (fs->fonts != 0 && !FcIsEncodedOffset(fs->fonts)) -+ return FcFalse; -+ -+ for (i = 0; i < fs->nfont; i++) -+ { -+ FcPattern *font = FcFontSetFont (fs, i); -+ FcPatternElt *e; -+ FcValueListPtr l; -+ -+ if ((char *) font < base || -+ (char *) font > end - sizeof (FcFontSet) || -+ font->elts_offset < 0 || -+ font->elts_offset > end - (char *) font || -+ font->num > (end - (char *) font - font->elts_offset) / sizeof (FcPatternElt)) -+ return FcFalse; -+ -+ -+ e = FcPatternElts(font); -+ if (e->values != 0 && !FcIsEncodedOffset(e->values)) -+ return FcFalse; -+ -+ for (j = font->num, l = FcPatternEltValues(e); j >= 0 && l; j--, l = FcValueListNext(l)) -+ if (l->next != NULL && !FcIsEncodedOffset(l->next)) -+ break; -+ if (j < 0) -+ return FcFalse; -+ } -+ } -+ -+ return FcTrue; -+} -+ - /* - * Map a cache file into memory - */ -@@ -596,7 +673,8 @@ FcDirCacheMapFd (FcConfig *config, int fd, struct stat *fd_stat, struct stat *di - FcCache *cache; - FcBool allocated = FcFalse; - -- if (fd_stat->st_size < (int) sizeof (FcCache)) -+ if (fd_stat->st_size > INTPTR_MAX || -+ fd_stat->st_size < (int) sizeof (FcCache)) - return NULL; - cache = FcCacheFindByStat (fd_stat); - if (cache) -@@ -652,6 +730,7 @@ FcDirCacheMapFd (FcConfig *config, int fd, struct stat *fd_stat, struct stat *di - if (cache->magic != FC_CACHE_MAGIC_MMAP || - cache->version < FC_CACHE_VERSION_NUMBER || - cache->size != (intptr_t) fd_stat->st_size || -+ !FcCacheOffsetsValid (cache) || - !FcCacheTimeValid (config, cache, dir_stat) || - !FcCacheInsert (cache, fd_stat)) - { --- -cgit v0.10.2 - diff --git a/gnu/packages/patches/gawk-fts-test.patch b/gnu/packages/patches/gawk-fts-test.patch deleted file mode 100644 index de1f5c431c..0000000000 --- a/gnu/packages/patches/gawk-fts-test.patch +++ /dev/null @@ -1,51 +0,0 @@ -This is upstream commit c9a018c. We have observed random failures of -this test on i686 that seem related to load. - -2015-05-21 Arnold D. Robbins <arnold@skeeve.com> - - * fts.awk: Really remove atime from the output. - This avoids spurious failures on heavily loaded systems. - -diff --git a/test/fts.awk b/test/fts.awk -index b1df060..dea5b68 100644 ---- a/test/fts.awk -+++ b/test/fts.awk -@@ -50,6 +50,11 @@ function sort_traverse(data, sorted, i) - { - asorti(data, sorted) - for (i = 1; i in sorted; i++) { -+ # 5/2015: skip for atime, since there can -+ # occasionally be small differences. -+ if (sorted[i] == "atime") -+ continue -+ - indent() - printf("%s --> %s\n", sorted[i], data[sorted[i]]) > output - } -@@ -63,17 +68,20 @@ function traverse(data, i) - printf("%s:\n", i) > output - - Level++ -- if (("mtime" in data[i]) && ! isarray(data[i][mtime])) { -+ if (("mtime" in data[i]) && ! isarray(data[i]["mtime"])) { - sort_traverse(data[i]) - } else { - traverse(data[i]) - } - Level-- -- } else if (data[i] != "atime") { -- # 4/2015: skip for atime, since there can -- # occasionally be small differences. -- indent() -- printf("%s --> %s\n", i, data[i]) > output -+# } else { -+# JUNK = 1 -+# if (i != "atime") { -+# # 4/2015: skip for atime, since there can -+# # occasionally be small differences. -+# indent() -+# printf("%s --> %s\n", i, data[i]) > output -+# } - } - } - } diff --git a/gnu/packages/patches/gcc-arm-bug-71399.patch b/gnu/packages/patches/gcc-arm-bug-71399.patch new file mode 100644 index 0000000000..6f04fece0e --- /dev/null +++ b/gnu/packages/patches/gcc-arm-bug-71399.patch @@ -0,0 +1,55 @@ +Revert the following commit to work around a bootstrap comparison failure on +ARMv7, as reported at <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71399>. + +commit f6ab85b7049a03962ea98924d00802da357a1ad3 +Author: renlin <renlin@138bc75d-0d04-0410-961f-82ee72b054a4> +Date: Wed Dec 2 14:06:31 2015 +0000 + + [PR67383][ARM][4.9]Backport of "Allow any register for DImode values in Thumb2" + + This partially fix PR67383. It allows the reload more flexibility to choose + spilling pseudo registers. + + + gcc/ChangeLog: + + 2015-12-02 Renlin Li <renlin.li@arm.com> + + Backport from mainline. + 2014-04-22 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com> + + * config/arm/arm.c (arm_hard_regno_mode_ok): Loosen + restrictions on core registers for DImode values in Thumb2. + + + git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-4_9-branch@231177 138bc75d-0d04-0410-961f-82ee72b054a4 + +diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c +index 8ba6060..d9028a1 100644 +--- b/gcc/config/arm/arm.c ++++ a/gcc/config/arm/arm.c +@@ -22624,19 +22624,12 @@ + } + + /* We allow almost any value to be stored in the general registers. +- Restrict doubleword quantities to even register pairs in ARM state +- so that we can use ldrd. Do not allow very large Neon structure +- opaque modes in general registers; they would use too many. */ ++ Restrict doubleword quantities to even register pairs so that we can ++ use ldrd. Do not allow very large Neon structure opaque modes in ++ general registers; they would use too many. */ + if (regno <= LAST_ARM_REGNUM) +- { +- if (ARM_NUM_REGS (mode) > 4) +- return FALSE; +- +- if (TARGET_THUMB2) +- return TRUE; +- +- return !(TARGET_LDRD && GET_MODE_SIZE (mode) > 4 && (regno & 1) != 0); +- } ++ return !(TARGET_LDRD && GET_MODE_SIZE (mode) > 4 && (regno & 1) != 0) ++ && ARM_NUM_REGS (mode) <= 4; + + if (regno == FRAME_POINTER_REGNUM + || regno == ARG_POINTER_REGNUM) diff --git a/gnu/packages/patches/gnupg-fix-expired-test.patch b/gnu/packages/patches/gnupg-fix-expired-test.patch deleted file mode 100644 index ac2564f50c..0000000000 --- a/gnu/packages/patches/gnupg-fix-expired-test.patch +++ /dev/null @@ -1,78 +0,0 @@ -Fix a test that has an expiration date of 2016-09-17: - -https://bugs.gnupg.org/gnupg/issue2393 - -Patch adapted from upstream source repository: - -https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e584d6468a2e72cd01e55f46104f9f96b56c0b66 - -The patch has been altered by commenting out a diff that does not apply -to the version of GnuPG that we are applying it to, 2.1.13. This is -what the patch author refers to below with "This commit includes changes -to the old test as well, for those who need to backport it." We keep the -old test and comment out the new test. - -From e584d6468a2e72cd01e55f46104f9f96b56c0b66 Mon Sep 17 00:00:00 2001 -From: Justus Winter <justus@g10code.com> -Date: Thu, 23 Jun 2016 17:24:23 +0200 -Subject: [PATCH] tests/openpgp: Fake the system time for the tofu test. - -The keys in the tofu test are set to expire on 2016-09-17. Fake the -system time for this test. - -This commit includes changes to the old test as well, for those who -need to backport it. - -* tests/openpgp/gpg-agent.conf.tmpl: Drop trailing newlines. -* tests/openpgp/tofu.scm: Fake system time. -* tests/openpgp/tofu.test: Likewise. - -GnuPG-bug-id: 2393 -Signed-off-by: Justus Winter <justus@g10code.com> ---- - tests/openpgp/gpg-agent.conf.tmpl | 2 -- - tests/openpgp/tofu.scm | 4 +++- - tests/openpgp/tofu.test | 3 +++ - 3 files changed, 6 insertions(+), 3 deletions(-) - -diff --git a/tests/openpgp/gpg-agent.conf.tmpl b/tests/openpgp/gpg-agent.conf.tmpl -index b3cb54f..70e1633 100644 ---- a/tests/openpgp/gpg-agent.conf.tmpl -+++ b/tests/openpgp/gpg-agent.conf.tmpl -@@ -1,4 +1,2 @@ - allow-preset-passphrase - no-grab -- -- -#diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm -#index 24fa9df..38b6a0f 100755 -#--- a/tests/openpgp/tofu.scm -#+++ b/tests/openpgp/tofu.scm -#@@ -19,7 +19,9 @@ -# -# (load (with-path "defs.scm")) -# -#-(define GPG `(,(tool 'gpg) --no-permission-warning)) ;; w/o --always-trust -#+ ;; Redefine GPG without --always-trust and a fixed time. -#+(define GPG `(,(tool 'gpg) --no-permission-warning -#+ --faked-system-time=1466684990)) -# (define GNUPGHOME (getenv "GNUPGHOME")) -# (if (string=? "" GNUPGHOME) -# (error "GNUPGHOME not set")) -diff --git a/tests/openpgp/tofu.test b/tests/openpgp/tofu.test -index 18c1756..0d34af4 100755 ---- a/tests/openpgp/tofu.test -+++ b/tests/openpgp/tofu.test -@@ -4,6 +4,9 @@ - - # set -x - -+# Redefine GPG with a fixed time. -+GPG="$GPG --faked-system-time=1466684990" -+ - KEYS="2183839A BC15C85A EE37CF96" - - # Make sure $srcdir is set. --- -2.10.0 - diff --git a/gnu/packages/patches/guile-relocatable.patch b/gnu/packages/patches/guile-relocatable.patch index 077394cdde..2431495f24 100644 --- a/gnu/packages/patches/guile-relocatable.patch +++ b/gnu/packages/patches/guile-relocatable.patch @@ -1,8 +1,6 @@ This patch changes Guile to use a default search path relative to the location of the `guile' binary, allowing it to be relocated. -diff --git a/libguile/load.c b/libguile/load.c -index af2ca45..19dd338 100644 --- a/libguile/load.c +++ b/libguile/load.c @@ -26,6 +26,7 @@ @@ -12,8 +10,8 @@ index af2ca45..19dd338 100644 +#include <libgen.h> #include "libguile/_scm.h" - #include "libguile/private-gc.h" /* scm_getenv_int */ -@@ -255,6 +256,32 @@ scm_init_load_path () + #include "libguile/alist.h" +@@ -325,6 +326,32 @@ SCM cpath = SCM_EOL; #ifdef SCM_LIBRARY_DIR @@ -43,10 +41,10 @@ index af2ca45..19dd338 100644 + strcpy (ccache_dir, prefix); + strcat (ccache_dir, "/lib/guile/2.0/ccache"); + - env = getenv ("GUILE_SYSTEM_PATH"); + env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_PATH")); if (env && strcmp (env, "") == 0) /* special-case interpret system-path=="" as meaning no system path instead -@@ -263,10 +290,7 @@ scm_init_load_path () +@@ -333,10 +360,7 @@ else if (env) path = scm_parse_path (scm_from_locale_string (env), path); else @@ -56,9 +54,9 @@ index af2ca45..19dd338 100644 - scm_from_locale_string (SCM_PKGDATA_DIR)); + path = scm_list_1 (scm_from_locale_string (module_dir)); - env = getenv ("GUILE_SYSTEM_COMPILED_PATH"); + env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_COMPILED_PATH")); if (env && strcmp (env, "") == 0) -@@ -276,8 +300,7 @@ scm_init_load_path () +@@ -346,8 +370,7 @@ cpath = scm_parse_path (scm_from_locale_string (env), cpath); else { diff --git a/gnu/packages/patches/isl-0.11.1-aarch64-support.patch b/gnu/packages/patches/isl-0.11.1-aarch64-support.patch new file mode 100644 index 0000000000..c5607fc80d --- /dev/null +++ b/gnu/packages/patches/isl-0.11.1-aarch64-support.patch @@ -0,0 +1,40 @@ +Add aarch64 support to config.guess and config.sub, as would be found if using +a more recent version of autoconf. +--- + config.guess | 7 +++++++ + config.sub | 1 + + 2 files changed, 8 insertions(+) + +diff --git a/config.guess b/config.guess +index 40eaed4..baad294 100755 +--- a/config.guess ++++ b/config.guess +@@ -861,6 +861,13 @@ EOF + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; ++ aarch64:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ aarch64_be:Linux:*:*) ++ UNAME_MACHINE=aarch64_be ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; +diff --git a/config.sub b/config.sub +index 30fdca8..8f5b018 100755 +--- a/config.sub ++++ b/config.sub +@@ -247,6 +247,7 @@ case $basic_machine in + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ ++ | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ +-- +2.9.0 + diff --git a/gnu/packages/patches/libx11-CVE-2016-7942.patch b/gnu/packages/patches/libx11-CVE-2016-7942.patch deleted file mode 100644 index 75770235ef..0000000000 --- a/gnu/packages/patches/libx11-CVE-2016-7942.patch +++ /dev/null @@ -1,76 +0,0 @@ -Fix CVE-2016-7942: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17 - -From 8ea762f94f4c942d898fdeb590a1630c83235c17 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 25 Sep 2016 21:25:25 +0200 -Subject: [PATCH] Validation of server responses in XGetImage() - -Check if enough bytes were received for specified image type and -geometry. Otherwise GetPixel and other functions could trigger an -out of boundary read later on. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> ---- - src/GetImage.c | 29 ++++++++++++++++++++--------- - 1 file changed, 20 insertions(+), 9 deletions(-) - -diff --git a/src/GetImage.c b/src/GetImage.c -index c461abc..ff32d58 100644 ---- a/src/GetImage.c -+++ b/src/GetImage.c -@@ -59,6 +59,7 @@ XImage *XGetImage ( - char *data; - unsigned long nbytes; - XImage *image; -+ int planes; - LockDisplay(dpy); - GetReq (GetImage, req); - /* -@@ -91,18 +92,28 @@ XImage *XGetImage ( - return (XImage *) NULL; - } - _XReadPad (dpy, data, nbytes); -- if (format == XYPixmap) -- image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual), -- Ones (plane_mask & -- (((unsigned long)0xFFFFFFFF) >> (32 - rep.depth))), -- format, 0, data, width, height, dpy->bitmap_pad, 0); -- else /* format == ZPixmap */ -- image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual), -- rep.depth, ZPixmap, 0, data, width, height, -- _XGetScanlinePad(dpy, (int) rep.depth), 0); -+ if (format == XYPixmap) { -+ image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual), -+ Ones (plane_mask & -+ (((unsigned long)0xFFFFFFFF) >> (32 - rep.depth))), -+ format, 0, data, width, height, dpy->bitmap_pad, 0); -+ planes = image->depth; -+ } else { /* format == ZPixmap */ -+ image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual), -+ rep.depth, ZPixmap, 0, data, width, height, -+ _XGetScanlinePad(dpy, (int) rep.depth), 0); -+ planes = 1; -+ } - - if (!image) - Xfree(data); -+ if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 || -+ INT_MAX / image->height <= image->bytes_per_line || -+ INT_MAX / planes <= image->height * image->bytes_per_line || -+ nbytes < planes * image->height * image->bytes_per_line) { -+ XDestroyImage(image); -+ image = NULL; -+ } - UnlockDisplay(dpy); - SyncHandle(); - return (image); --- -2.10.1 - diff --git a/gnu/packages/patches/libx11-CVE-2016-7943.patch b/gnu/packages/patches/libx11-CVE-2016-7943.patch deleted file mode 100644 index 7bcbc58dd4..0000000000 --- a/gnu/packages/patches/libx11-CVE-2016-7943.patch +++ /dev/null @@ -1,113 +0,0 @@ -Fix CVE-2016-7943: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943. - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9 - -From 8c29f1607a31dac0911e45a0dd3d74173822b3c9 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 25 Sep 2016 21:22:57 +0200 -Subject: [PATCH] The validation of server responses avoids out of boundary - accesses. - -v2: FontNames.c return a NULL list whenever a single -length field from the server is incohent. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> ---- - src/FontNames.c | 23 +++++++++++++++++------ - src/ListExt.c | 12 ++++++++---- - src/ModMap.c | 3 ++- - 3 files changed, 27 insertions(+), 11 deletions(-) - -diff --git a/src/FontNames.c b/src/FontNames.c -index 21dcafe..e55f338 100644 ---- a/src/FontNames.c -+++ b/src/FontNames.c -@@ -66,7 +66,7 @@ int *actualCount) /* RETURN */ - - if (rep.nFonts) { - flist = Xmalloc (rep.nFonts * sizeof(char *)); -- if (rep.length < (INT_MAX >> 2)) { -+ if (rep.length > 0 && rep.length < (INT_MAX >> 2)) { - rlen = rep.length << 2; - ch = Xmalloc(rlen + 1); - /* +1 to leave room for last null-terminator */ -@@ -93,11 +93,22 @@ int *actualCount) /* RETURN */ - if (ch + length < chend) { - flist[i] = ch + 1; /* skip over length */ - ch += length + 1; /* find next length ... */ -- length = *(unsigned char *)ch; -- *ch = '\0'; /* and replace with null-termination */ -- count++; -- } else -- flist[i] = NULL; -+ if (ch <= chend) { -+ length = *(unsigned char *)ch; -+ *ch = '\0'; /* and replace with null-termination */ -+ count++; -+ } else { -+ Xfree(flist); -+ flist = NULL; -+ count = 0; -+ break; -+ } -+ } else { -+ Xfree(flist); -+ flist = NULL; -+ count = 0; -+ break; -+ } - } - } - *actualCount = count; -diff --git a/src/ListExt.c b/src/ListExt.c -index be6b989..0516e45 100644 ---- a/src/ListExt.c -+++ b/src/ListExt.c -@@ -55,7 +55,7 @@ char **XListExtensions( - - if (rep.nExtensions) { - list = Xmalloc (rep.nExtensions * sizeof (char *)); -- if (rep.length < (INT_MAX >> 2)) { -+ if (rep.length > 0 && rep.length < (INT_MAX >> 2)) { - rlen = rep.length << 2; - ch = Xmalloc (rlen + 1); - /* +1 to leave room for last null-terminator */ -@@ -80,9 +80,13 @@ char **XListExtensions( - if (ch + length < chend) { - list[i] = ch+1; /* skip over length */ - ch += length + 1; /* find next length ... */ -- length = *ch; -- *ch = '\0'; /* and replace with null-termination */ -- count++; -+ if (ch <= chend) { -+ length = *ch; -+ *ch = '\0'; /* and replace with null-termination */ -+ count++; -+ } else { -+ list[i] = NULL; -+ } - } else - list[i] = NULL; - } -diff --git a/src/ModMap.c b/src/ModMap.c -index a809aa2..49a5d08 100644 ---- a/src/ModMap.c -+++ b/src/ModMap.c -@@ -42,7 +42,8 @@ XGetModifierMapping(register Display *dpy) - GetEmptyReq(GetModifierMapping, req); - (void) _XReply (dpy, (xReply *)&rep, 0, xFalse); - -- if (rep.length < (INT_MAX >> 2)) { -+ if (rep.length < (INT_MAX >> 2) && -+ (rep.length >> 1) == rep.numKeyPerModifier) { - nbytes = (unsigned long)rep.length << 2; - res = Xmalloc(sizeof (XModifierKeymap)); - if (res) --- -2.10.1 - diff --git a/gnu/packages/patches/libxfixes-CVE-2016-7944.patch b/gnu/packages/patches/libxfixes-CVE-2016-7944.patch deleted file mode 100644 index 2ce463fc46..0000000000 --- a/gnu/packages/patches/libxfixes-CVE-2016-7944.patch +++ /dev/null @@ -1,62 +0,0 @@ -Fix CVE-2016-7944: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e - -From 61c1039ee23a2d1de712843bed3480654d7ef42e Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 25 Sep 2016 22:38:44 +0200 -Subject: [PATCH] Integer overflow on illegal server response - -The 32 bit field "rep.length" is not checked for validity, which allows -an integer overflow on 32 bit systems. - -A malicious server could send INT_MAX as length, which gets multiplied -by the size of XRectangle. In that case the client won't read the whole -data from server, getting out of sync. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> ---- - src/Region.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/Region.c b/src/Region.c -index cb0cf6e..59bcc1a 100644 ---- a/src/Region.c -+++ b/src/Region.c -@@ -23,6 +23,7 @@ - #ifdef HAVE_CONFIG_H - #include <config.h> - #endif -+#include <limits.h> - #include "Xfixesint.h" - - XserverRegion -@@ -333,9 +334,17 @@ XFixesFetchRegionAndBounds (Display *dpy, - bounds->y = rep.y; - bounds->width = rep.width; - bounds->height = rep.height; -- nbytes = (long) rep.length << 2; -- nrects = rep.length >> 1; -- rects = Xmalloc (nrects * sizeof (XRectangle)); -+ -+ if (rep.length < (INT_MAX >> 2)) { -+ nbytes = (long) rep.length << 2; -+ nrects = rep.length >> 1; -+ rects = Xmalloc (nrects * sizeof (XRectangle)); -+ } else { -+ nbytes = 0; -+ nrects = 0; -+ rects = NULL; -+ } -+ - if (!rects) - { - _XEatDataWords(dpy, rep.length); --- -2.10.1 - diff --git a/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch b/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch deleted file mode 100644 index ca899e34c0..0000000000 --- a/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch +++ /dev/null @@ -1,420 +0,0 @@ -Fix CVE-2016-7945: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5 - -From 19a9cd607de73947fcfb104682f203ffe4e1f4e5 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 25 Sep 2016 22:31:34 +0200 -Subject: [PATCH] Properly validate server responses. - -By validating length fields from server responses, out of boundary -accesses and endless loops can be mitigated. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> ---- - src/XGMotion.c | 3 ++- - src/XGetBMap.c | 3 ++- - src/XGetDCtl.c | 6 ++++-- - src/XGetFCtl.c | 7 ++++++- - src/XGetKMap.c | 14 +++++++++++--- - src/XGetMMap.c | 11 +++++++++-- - src/XIQueryDevice.c | 36 ++++++++++++++++++++++++++++++++++-- - src/XListDev.c | 21 +++++++++++++++------ - src/XOpenDev.c | 13 ++++++++++--- - src/XQueryDv.c | 8 ++++++-- - 10 files changed, 99 insertions(+), 23 deletions(-) - -diff --git a/src/XGMotion.c b/src/XGMotion.c -index 7785843..9433e29 100644 ---- a/src/XGMotion.c -+++ b/src/XGMotion.c -@@ -114,7 +114,8 @@ XGetDeviceMotionEvents( - } - /* rep.axes is a CARD8, so assume max number of axes for bounds check */ - if (rep.nEvents < -- (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int))))) { -+ (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int)))) && -+ rep.nEvents * (rep.axes + 1) <= rep.length) { - size_t bsize = rep.nEvents * - (sizeof(XDeviceTimeCoord) + (rep.axes * sizeof(int))); - bufp = Xmalloc(bsize); -diff --git a/src/XGetBMap.c b/src/XGetBMap.c -index 002daba..13bb8c6 100644 ---- a/src/XGetBMap.c -+++ b/src/XGetBMap.c -@@ -92,7 +92,8 @@ XGetDeviceButtonMapping( - - status = _XReply(dpy, (xReply *) & rep, 0, xFalse); - if (status == 1) { -- if (rep.length <= (sizeof(mapping) >> 2)) { -+ if (rep.length <= (sizeof(mapping) >> 2) && -+ rep.nElts <= (rep.length << 2)) { - unsigned long nbytes = rep.length << 2; - _XRead(dpy, (char *)mapping, nbytes); - -diff --git a/src/XGetDCtl.c b/src/XGetDCtl.c -index c5d3b53..7f6b396 100644 ---- a/src/XGetDCtl.c -+++ b/src/XGetDCtl.c -@@ -93,7 +93,8 @@ XGetDeviceControl( - if (rep.length > 0) { - unsigned long nbytes; - size_t size = 0; -- if (rep.length < (INT_MAX >> 2)) { -+ if (rep.length < (INT_MAX >> 2) && -+ (rep.length << 2) >= sizeof(xDeviceState)) { - nbytes = (unsigned long) rep.length << 2; - d = Xmalloc(nbytes); - } -@@ -117,7 +118,8 @@ XGetDeviceControl( - size_t val_size; - - r = (xDeviceResolutionState *) d; -- if (r->num_valuators >= (INT_MAX / (3 * sizeof(int)))) -+ if (sizeof(xDeviceResolutionState) > nbytes || -+ r->num_valuators >= (INT_MAX / (3 * sizeof(int)))) - goto out; - val_size = 3 * sizeof(int) * r->num_valuators; - if ((sizeof(xDeviceResolutionState) + val_size) > nbytes) -diff --git a/src/XGetFCtl.c b/src/XGetFCtl.c -index 7fd6d0e..82dcc64 100644 ---- a/src/XGetFCtl.c -+++ b/src/XGetFCtl.c -@@ -73,6 +73,7 @@ XGetFeedbackControl( - XFeedbackState *Sav = NULL; - xFeedbackState *f = NULL; - xFeedbackState *sav = NULL; -+ char *end = NULL; - xGetFeedbackControlReq *req; - xGetFeedbackControlReply rep; - XExtDisplayInfo *info = XInput_find_display(dpy); -@@ -105,10 +106,12 @@ XGetFeedbackControl( - goto out; - } - sav = f; -+ end = (char *)f + nbytes; - _XRead(dpy, (char *)f, nbytes); - - for (i = 0; i < *num_feedbacks; i++) { -- if (f->length > nbytes) -+ if ((char *)f + sizeof(*f) > end || -+ f->length == 0 || f->length > nbytes) - goto out; - nbytes -= f->length; - -@@ -125,6 +128,8 @@ XGetFeedbackControl( - case StringFeedbackClass: - { - xStringFeedbackState *strf = (xStringFeedbackState *) f; -+ if ((char *)f + sizeof(*strf) > end) -+ goto out; - size += sizeof(XStringFeedbackState) + - (strf->num_syms_supported * sizeof(KeySym)); - } -diff --git a/src/XGetKMap.c b/src/XGetKMap.c -index 0540ce4..008a72b 100644 ---- a/src/XGetKMap.c -+++ b/src/XGetKMap.c -@@ -54,6 +54,7 @@ SOFTWARE. - #include <config.h> - #endif - -+#include <limits.h> - #include <X11/extensions/XI.h> - #include <X11/extensions/XIproto.h> - #include <X11/Xlibint.h> -@@ -93,9 +94,16 @@ XGetDeviceKeyMapping(register Display * dpy, XDevice * dev, - return (KeySym *) NULL; - } - if (rep.length > 0) { -- *syms_per_code = rep.keySymsPerKeyCode; -- nbytes = (long)rep.length << 2; -- mapping = (KeySym *) Xmalloc((unsigned)nbytes); -+ if (rep.length < INT_MAX >> 2 && -+ rep.length == rep.keySymsPerKeyCode * keycount) { -+ *syms_per_code = rep.keySymsPerKeyCode; -+ nbytes = (long)rep.length << 2; -+ mapping = (KeySym *) Xmalloc((unsigned)nbytes); -+ } else { -+ *syms_per_code = 0; -+ nbytes = 0; -+ mapping = NULL; -+ } - if (mapping) - _XRead(dpy, (char *)mapping, nbytes); - else -diff --git a/src/XGetMMap.c b/src/XGetMMap.c -index 246698c..33c114f 100644 ---- a/src/XGetMMap.c -+++ b/src/XGetMMap.c -@@ -53,6 +53,7 @@ SOFTWARE. - #include <config.h> - #endif - -+#include <limits.h> - #include <X11/extensions/XI.h> - #include <X11/extensions/XIproto.h> - #include <X11/Xlibint.h> -@@ -85,8 +86,14 @@ XGetDeviceModifierMapping( - SyncHandle(); - return (XModifierKeymap *) NULL; - } -- nbytes = (unsigned long)rep.length << 2; -- res = (XModifierKeymap *) Xmalloc(sizeof(XModifierKeymap)); -+ if (rep.length < (INT_MAX >> 2) && -+ rep.numKeyPerModifier == rep.length >> 1) { -+ nbytes = (unsigned long)rep.length << 2; -+ res = (XModifierKeymap *) Xmalloc(sizeof(XModifierKeymap)); -+ } else { -+ nbytes = 0; -+ res = NULL; -+ } - if (res) { - res->modifiermap = (KeyCode *) Xmalloc(nbytes); - if (res->modifiermap) -diff --git a/src/XIQueryDevice.c b/src/XIQueryDevice.c -index fb8504f..a457cd6 100644 ---- a/src/XIQueryDevice.c -+++ b/src/XIQueryDevice.c -@@ -26,6 +26,7 @@ - #include <config.h> - #endif - -+#include <limits.h> - #include <stdint.h> - #include <X11/Xlibint.h> - #include <X11/extensions/XI2proto.h> -@@ -43,6 +44,7 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return) - xXIQueryDeviceReq *req; - xXIQueryDeviceReply reply; - char *ptr; -+ char *end; - int i; - char *buf; - -@@ -60,14 +62,24 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return) - if (!_XReply(dpy, (xReply*) &reply, 0, xFalse)) - goto error; - -- *ndevices_return = reply.num_devices; -- info = Xmalloc((reply.num_devices + 1) * sizeof(XIDeviceInfo)); -+ if (reply.length < INT_MAX / 4) -+ { -+ *ndevices_return = reply.num_devices; -+ info = Xmalloc((reply.num_devices + 1) * sizeof(XIDeviceInfo)); -+ } -+ else -+ { -+ *ndevices_return = 0; -+ info = NULL; -+ } -+ - if (!info) - goto error; - - buf = Xmalloc(reply.length * 4); - _XRead(dpy, buf, reply.length * 4); - ptr = buf; -+ end = buf + reply.length * 4; - - /* info is a null-terminated array */ - info[reply.num_devices].name = NULL; -@@ -79,6 +91,9 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return) - XIDeviceInfo *lib = &info[i]; - xXIDeviceInfo *wire = (xXIDeviceInfo*)ptr; - -+ if (ptr + sizeof(xXIDeviceInfo) > end) -+ goto error_loop; -+ - lib->deviceid = wire->deviceid; - lib->use = wire->use; - lib->attachment = wire->attachment; -@@ -87,12 +102,23 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return) - - ptr += sizeof(xXIDeviceInfo); - -+ if (ptr + wire->name_len > end) -+ goto error_loop; -+ - lib->name = Xcalloc(wire->name_len + 1, 1); -+ if (lib->name == NULL) -+ goto error_loop; - strncpy(lib->name, ptr, wire->name_len); -+ lib->name[wire->name_len] = '\0'; - ptr += ((wire->name_len + 3)/4) * 4; - - sz = size_classes((xXIAnyInfo*)ptr, nclasses); - lib->classes = Xmalloc(sz); -+ if (lib->classes == NULL) -+ { -+ Xfree(lib->name); -+ goto error_loop; -+ } - ptr += copy_classes(lib, (xXIAnyInfo*)ptr, &nclasses); - /* We skip over unused classes */ - lib->num_classes = nclasses; -@@ -103,6 +129,12 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return) - SyncHandle(); - return info; - -+error_loop: -+ while (--i >= 0) -+ { -+ Xfree(info[i].name); -+ Xfree(info[i].classes); -+ } - error: - UnlockDisplay(dpy); - error_unlocked: -diff --git a/src/XListDev.c b/src/XListDev.c -index b85ff3c..f850cd0 100644 ---- a/src/XListDev.c -+++ b/src/XListDev.c -@@ -74,7 +74,7 @@ static int pad_to_xid(int base_size) - } - - static size_t --SizeClassInfo(xAnyClassPtr *any, int num_classes) -+SizeClassInfo(xAnyClassPtr *any, size_t len, int num_classes) - { - int size = 0; - int j; -@@ -90,6 +90,8 @@ SizeClassInfo(xAnyClassPtr *any, int num_classes) - { - xValuatorInfoPtr v; - -+ if (len < sizeof(v)) -+ return 0; - v = (xValuatorInfoPtr) *any; - size += pad_to_xid(sizeof(XValuatorInfo) + - (v->num_axes * sizeof(XAxisInfo))); -@@ -98,6 +100,8 @@ SizeClassInfo(xAnyClassPtr *any, int num_classes) - default: - break; - } -+ if ((*any)->length > len) -+ return 0; - *any = (xAnyClassPtr) ((char *)(*any) + (*any)->length); - } - -@@ -170,7 +174,7 @@ XListInputDevices( - register Display *dpy, - int *ndevices) - { -- size_t size; -+ size_t s, size; - xListInputDevicesReq *req; - xListInputDevicesReply rep; - xDeviceInfo *list, *slist = NULL; -@@ -178,6 +182,7 @@ XListInputDevices( - XDeviceInfo *clist = NULL; - xAnyClassPtr any, sav_any; - XAnyClassPtr Any; -+ char *end = NULL; - unsigned char *nptr, *Nptr; - int i; - unsigned long rlen; -@@ -213,16 +218,20 @@ XListInputDevices( - - any = (xAnyClassPtr) ((char *)list + (*ndevices * sizeof(xDeviceInfo))); - sav_any = any; -+ end = (char *)list + rlen; - for (i = 0; i < *ndevices; i++, list++) { -- size += SizeClassInfo(&any, (int)list->num_classes); -+ s = SizeClassInfo(&any, end - (char *)any, (int)list->num_classes); -+ if (!s) -+ goto out; -+ size += s; - } - -- Nptr = ((unsigned char *)list) + rlen + 1; -+ Nptr = ((unsigned char *)list) + rlen; - for (i = 0, nptr = (unsigned char *)any; i < *ndevices; i++) { -+ if (nptr >= Nptr) -+ goto out; - size += *nptr + 1; - nptr += (*nptr + 1); -- if (nptr > Nptr) -- goto out; - } - - clist = (XDeviceInfoPtr) Xmalloc(size); -diff --git a/src/XOpenDev.c b/src/XOpenDev.c -index 029dec2..4b3c460 100644 ---- a/src/XOpenDev.c -+++ b/src/XOpenDev.c -@@ -53,6 +53,7 @@ SOFTWARE. - #include <config.h> - #endif - -+#include <limits.h> - #include <X11/extensions/XI.h> - #include <X11/extensions/XIproto.h> - #include <X11/Xlibint.h> -@@ -86,9 +87,15 @@ XOpenDevice( - return (XDevice *) NULL; - } - -- rlen = rep.length << 2; -- dev = (XDevice *) Xmalloc(sizeof(XDevice) + rep.num_classes * -- sizeof(XInputClassInfo)); -+ if (rep.length < INT_MAX >> 2 && -+ (rep.length << 2) >= rep.num_classes * sizeof(xInputClassInfo)) { -+ rlen = rep.length << 2; -+ dev = (XDevice *) Xmalloc(sizeof(XDevice) + rep.num_classes * -+ sizeof(XInputClassInfo)); -+ } else { -+ rlen = 0; -+ dev = NULL; -+ } - if (dev) { - int dlen; /* data length */ - -diff --git a/src/XQueryDv.c b/src/XQueryDv.c -index de1c0e5..7ee2272 100644 ---- a/src/XQueryDv.c -+++ b/src/XQueryDv.c -@@ -73,7 +73,7 @@ XQueryDeviceState( - xQueryDeviceStateReply rep; - XDeviceState *state = NULL; - XInputClass *any, *Any; -- char *data = NULL; -+ char *data = NULL, *end = NULL; - XExtDisplayInfo *info = XInput_find_display(dpy); - - LockDisplay(dpy); -@@ -92,6 +92,7 @@ XQueryDeviceState( - if (rep.length < (INT_MAX >> 2)) { - rlen = (unsigned long) rep.length << 2; - data = Xmalloc(rlen); -+ end = data + rlen; - } - if (!data) { - _XEatDataWords(dpy, rep.length); -@@ -100,7 +101,8 @@ XQueryDeviceState( - _XRead(dpy, data, rlen); - - for (i = 0, any = (XInputClass *) data; i < (int)rep.num_classes; i++) { -- if (any->length > rlen) -+ if ((char *)any + sizeof(XInputClass) > end || -+ any->length == 0 || any->length > rlen) - goto out; - rlen -= any->length; - -@@ -114,6 +116,8 @@ XQueryDeviceState( - case ValuatorClass: - { - xValuatorState *v = (xValuatorState *) any; -+ if ((char *)any + sizeof(xValuatorState) > end) -+ goto out; - size += (sizeof(XValuatorState) + - (v->num_valuators * sizeof(int))); - } --- -2.10.1 - diff --git a/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch b/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch deleted file mode 100644 index ece8b18309..0000000000 --- a/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch +++ /dev/null @@ -1,447 +0,0 @@ -Fix CVE-2016-7947 and CVE-2016-7948. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6 - -From a0df3e1c7728205e5c7650b2e6dce684139254a6 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 25 Sep 2016 22:21:40 +0200 -Subject: [PATCH] Avoid out of boundary accesses on illegal responses - -The responses of the connected X server have to be properly checked -to avoid out of boundary accesses that could otherwise be triggered -by a malicious server. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> ---- - src/XrrConfig.c | 32 +++++++++++++-------- - src/XrrCrtc.c | 83 ++++++++++++++++++++++++++++++++++++++++++------------- - src/XrrMonitor.c | 18 ++++++++++++ - src/XrrOutput.c | 11 ++++++++ - src/XrrProvider.c | 28 ++++++++++++++++--- - src/XrrScreen.c | 52 ++++++++++++++++++++++------------ - 6 files changed, 172 insertions(+), 52 deletions(-) - -diff --git a/src/XrrConfig.c b/src/XrrConfig.c -index 2f0282b..e68c45a 100644 ---- a/src/XrrConfig.c -+++ b/src/XrrConfig.c -@@ -29,6 +29,7 @@ - #include <config.h> - #endif - -+#include <limits.h> - #include <stdio.h> - #include <X11/Xlib.h> - /* we need to be able to manipulate the Display structure on events */ -@@ -272,23 +273,30 @@ static XRRScreenConfiguration *_XRRGetScreenInfo (Display *dpy, - rep.rate = 0; - rep.nrateEnts = 0; - } -+ if (rep.length < INT_MAX >> 2) { -+ nbytes = (long) rep.length << 2; - -- nbytes = (long) rep.length << 2; -+ nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) + -+ ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF(CARD16) */); - -- nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) + -- ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF (CARD16) */); -+ /* -+ * first we must compute how much space to allocate for -+ * randr library's use; we'll allocate the structures in a single -+ * allocation, on cleanlyness grounds. -+ */ - -- /* -- * first we must compute how much space to allocate for -- * randr library's use; we'll allocate the structures in a single -- * allocation, on cleanlyness grounds. -- */ -+ rbytes = sizeof (XRRScreenConfiguration) + -+ (rep.nSizes * sizeof (XRRScreenSize) + -+ rep.nrateEnts * sizeof (int)); - -- rbytes = sizeof (XRRScreenConfiguration) + -- (rep.nSizes * sizeof (XRRScreenSize) + -- rep.nrateEnts * sizeof (int)); -+ scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes); -+ } else { -+ nbytes = 0; -+ nbytesRead = 0; -+ rbytes = 0; -+ scp = NULL; -+ } - -- scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes); - if (scp == NULL) { - _XEatData (dpy, (unsigned long) nbytes); - return NULL; -diff --git a/src/XrrCrtc.c b/src/XrrCrtc.c -index 5ae35c5..6665092 100644 ---- a/src/XrrCrtc.c -+++ b/src/XrrCrtc.c -@@ -24,6 +24,7 @@ - #include <config.h> - #endif - -+#include <limits.h> - #include <stdio.h> - #include <X11/Xlib.h> - /* we need to be able to manipulate the Display structure on events */ -@@ -57,22 +58,33 @@ XRRGetCrtcInfo (Display *dpy, XRRScreenResources *resources, RRCrtc crtc) - return NULL; - } - -- nbytes = (long) rep.length << 2; -+ if (rep.length < INT_MAX >> 2) -+ { -+ nbytes = (long) rep.length << 2; - -- nbytesRead = (long) (rep.nOutput * 4 + -- rep.nPossibleOutput * 4); -+ nbytesRead = (long) (rep.nOutput * 4 + -+ rep.nPossibleOutput * 4); - -- /* -- * first we must compute how much space to allocate for -- * randr library's use; we'll allocate the structures in a single -- * allocation, on cleanlyness grounds. -- */ -+ /* -+ * first we must compute how much space to allocate for -+ * randr library's use; we'll allocate the structures in a single -+ * allocation, on cleanlyness grounds. -+ */ - -- rbytes = (sizeof (XRRCrtcInfo) + -- rep.nOutput * sizeof (RROutput) + -- rep.nPossibleOutput * sizeof (RROutput)); -+ rbytes = (sizeof (XRRCrtcInfo) + -+ rep.nOutput * sizeof (RROutput) + -+ rep.nPossibleOutput * sizeof (RROutput)); -+ -+ xci = (XRRCrtcInfo *) Xmalloc(rbytes); -+ } -+ else -+ { -+ nbytes = 0; -+ nbytesRead = 0; -+ rbytes = 0; -+ xci = NULL; -+ } - -- xci = (XRRCrtcInfo *) Xmalloc(rbytes); - if (xci == NULL) { - _XEatDataWords (dpy, rep.length); - UnlockDisplay (dpy); -@@ -194,12 +206,21 @@ XRRGetCrtcGamma (Display *dpy, RRCrtc crtc) - if (!_XReply (dpy, (xReply *) &rep, 0, xFalse)) - goto out; - -- nbytes = (long) rep.length << 2; -+ if (rep.length < INT_MAX >> 2) -+ { -+ nbytes = (long) rep.length << 2; - -- /* three channels of CARD16 data */ -- nbytesRead = (rep.size * 2 * 3); -+ /* three channels of CARD16 data */ -+ nbytesRead = (rep.size * 2 * 3); - -- crtc_gamma = XRRAllocGamma (rep.size); -+ crtc_gamma = XRRAllocGamma (rep.size); -+ } -+ else -+ { -+ nbytes = 0; -+ nbytesRead = 0; -+ crtc_gamma = NULL; -+ } - - if (!crtc_gamma) - { -@@ -357,7 +378,7 @@ XRRGetCrtcTransform (Display *dpy, - xRRGetCrtcTransformReq *req; - int major_version, minor_version; - XRRCrtcTransformAttributes *attr; -- char *extra = NULL, *e; -+ char *extra = NULL, *end = NULL, *e; - int p; - - *attributes = NULL; -@@ -395,9 +416,17 @@ XRRGetCrtcTransform (Display *dpy, - else - { - int extraBytes = rep.length * 4 - CrtcTransformExtra; -- extra = Xmalloc (extraBytes); -+ if (rep.length < INT_MAX / 4 && -+ rep.length * 4 >= CrtcTransformExtra) { -+ extra = Xmalloc (extraBytes); -+ end = extra + extraBytes; -+ } else -+ extra = NULL; - if (!extra) { -- _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2)); -+ if (rep.length > (CrtcTransformExtra >> 2)) -+ _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2)); -+ else -+ _XEatDataWords (dpy, rep.length); - UnlockDisplay (dpy); - SyncHandle (); - return False; -@@ -429,22 +458,38 @@ XRRGetCrtcTransform (Display *dpy, - - e = extra; - -+ if (e + rep.pendingNbytesFilter > end) { -+ XFree (extra); -+ return False; -+ } - memcpy (attr->pendingFilter, e, rep.pendingNbytesFilter); - attr->pendingFilter[rep.pendingNbytesFilter] = '\0'; - e += (rep.pendingNbytesFilter + 3) & ~3; - for (p = 0; p < rep.pendingNparamsFilter; p++) { - INT32 f; -+ if (e + 4 > end) { -+ XFree (extra); -+ return False; -+ } - memcpy (&f, e, 4); - e += 4; - attr->pendingParams[p] = (XFixed) f; - } - attr->pendingNparams = rep.pendingNparamsFilter; - -+ if (e + rep.currentNbytesFilter > end) { -+ XFree (extra); -+ return False; -+ } - memcpy (attr->currentFilter, e, rep.currentNbytesFilter); - attr->currentFilter[rep.currentNbytesFilter] = '\0'; - e += (rep.currentNbytesFilter + 3) & ~3; - for (p = 0; p < rep.currentNparamsFilter; p++) { - INT32 f; -+ if (e + 4 > end) { -+ XFree (extra); -+ return False; -+ } - memcpy (&f, e, 4); - e += 4; - attr->currentParams[p] = (XFixed) f; -diff --git a/src/XrrMonitor.c b/src/XrrMonitor.c -index a9eaa7b..adc5330 100644 ---- a/src/XrrMonitor.c -+++ b/src/XrrMonitor.c -@@ -24,6 +24,7 @@ - #include <config.h> - #endif - -+#include <limits.h> - #include <stdio.h> - #include <X11/Xlib.h> - /* we need to be able to manipulate the Display structure on events */ -@@ -65,6 +66,15 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors) - return NULL; - } - -+ if (rep.length > INT_MAX >> 2 || -+ rep.nmonitors > INT_MAX / SIZEOF(xRRMonitorInfo) || -+ rep.noutputs > INT_MAX / 4 || -+ rep.nmonitors * SIZEOF(xRRMonitorInfo) > INT_MAX - rep.noutputs * 4) { -+ _XEatData (dpy, rep.length); -+ UnlockDisplay (dpy); -+ SyncHandle (); -+ return NULL; -+ } - nbytes = (long) rep.length << 2; - nmon = rep.nmonitors; - noutput = rep.noutputs; -@@ -111,6 +121,14 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors) - mon[m].outputs = output; - buf += SIZEOF (xRRMonitorInfo); - xoutput = (CARD32 *) buf; -+ if (xmon->noutput > rep.noutputs) { -+ Xfree(buf); -+ Xfree(mon); -+ UnlockDisplay (dpy); -+ SyncHandle (); -+ return NULL; -+ } -+ rep.noutputs -= xmon->noutput; - for (o = 0; o < xmon->noutput; o++) - output[o] = xoutput[o]; - output += xmon->noutput; -diff --git a/src/XrrOutput.c b/src/XrrOutput.c -index 85f0b6e..30f3d40 100644 ---- a/src/XrrOutput.c -+++ b/src/XrrOutput.c -@@ -25,6 +25,7 @@ - #include <config.h> - #endif - -+#include <limits.h> - #include <stdio.h> - #include <X11/Xlib.h> - /* we need to be able to manipulate the Display structure on events */ -@@ -60,6 +61,16 @@ XRRGetOutputInfo (Display *dpy, XRRScreenResources *resources, RROutput output) - return NULL; - } - -+ if (rep.length > INT_MAX >> 2 || rep.length < (OutputInfoExtra >> 2)) -+ { -+ if (rep.length > (OutputInfoExtra >> 2)) -+ _XEatDataWords (dpy, rep.length - (OutputInfoExtra >> 2)); -+ else -+ _XEatDataWords (dpy, rep.length); -+ UnlockDisplay (dpy); -+ SyncHandle (); -+ return NULL; -+ } - nbytes = ((long) (rep.length) << 2) - OutputInfoExtra; - - nbytesRead = (long) (rep.nCrtcs * 4 + -diff --git a/src/XrrProvider.c b/src/XrrProvider.c -index 9e620c7..d796cd0 100644 ---- a/src/XrrProvider.c -+++ b/src/XrrProvider.c -@@ -25,6 +25,7 @@ - #include <config.h> - #endif - -+#include <limits.h> - #include <stdio.h> - #include <X11/Xlib.h> - /* we need to be able to manipulate the Display structure on events */ -@@ -59,12 +60,20 @@ XRRGetProviderResources(Display *dpy, Window window) - return NULL; - } - -- nbytes = (long) rep.length << 2; -+ if (rep.length < INT_MAX >> 2) { -+ nbytes = (long) rep.length << 2; - -- nbytesRead = (long) (rep.nProviders * 4); -+ nbytesRead = (long) (rep.nProviders * 4); - -- rbytes = (sizeof(XRRProviderResources) + rep.nProviders * sizeof(RRProvider)); -- xrpr = (XRRProviderResources *) Xmalloc(rbytes); -+ rbytes = (sizeof(XRRProviderResources) + rep.nProviders * -+ sizeof(RRProvider)); -+ xrpr = (XRRProviderResources *) Xmalloc(rbytes); -+ } else { -+ nbytes = 0; -+ nbytesRead = 0; -+ rbytes = 0; -+ xrpr = NULL; -+ } - - if (xrpr == NULL) { - _XEatDataWords (dpy, rep.length); -@@ -121,6 +130,17 @@ XRRGetProviderInfo(Display *dpy, XRRScreenResources *resources, RRProvider provi - return NULL; - } - -+ if (rep.length > INT_MAX >> 2 || rep.length < ProviderInfoExtra >> 2) -+ { -+ if (rep.length < ProviderInfoExtra >> 2) -+ _XEatDataWords (dpy, rep.length); -+ else -+ _XEatDataWords (dpy, rep.length - (ProviderInfoExtra >> 2)); -+ UnlockDisplay (dpy); -+ SyncHandle (); -+ return NULL; -+ } -+ - nbytes = ((long) rep.length << 2) - ProviderInfoExtra; - - nbytesRead = (long)(rep.nCrtcs * 4 + -diff --git a/src/XrrScreen.c b/src/XrrScreen.c -index b8ce7e5..1f7ffe6 100644 ---- a/src/XrrScreen.c -+++ b/src/XrrScreen.c -@@ -24,6 +24,7 @@ - #include <config.h> - #endif - -+#include <limits.h> - #include <stdio.h> - #include <X11/Xlib.h> - /* we need to be able to manipulate the Display structure on events */ -@@ -105,27 +106,36 @@ doGetScreenResources (Display *dpy, Window window, int poll) - xrri->has_rates = _XRRHasRates (xrri->minor_version, xrri->major_version); - } - -- nbytes = (long) rep.length << 2; -+ if (rep.length < INT_MAX >> 2) { -+ nbytes = (long) rep.length << 2; - -- nbytesRead = (long) (rep.nCrtcs * 4 + -- rep.nOutputs * 4 + -- rep.nModes * SIZEOF (xRRModeInfo) + -- ((rep.nbytesNames + 3) & ~3)); -+ nbytesRead = (long) (rep.nCrtcs * 4 + -+ rep.nOutputs * 4 + -+ rep.nModes * SIZEOF (xRRModeInfo) + -+ ((rep.nbytesNames + 3) & ~3)); - -- /* -- * first we must compute how much space to allocate for -- * randr library's use; we'll allocate the structures in a single -- * allocation, on cleanlyness grounds. -- */ -+ /* -+ * first we must compute how much space to allocate for -+ * randr library's use; we'll allocate the structures in a single -+ * allocation, on cleanlyness grounds. -+ */ -+ -+ rbytes = (sizeof (XRRScreenResources) + -+ rep.nCrtcs * sizeof (RRCrtc) + -+ rep.nOutputs * sizeof (RROutput) + -+ rep.nModes * sizeof (XRRModeInfo) + -+ rep.nbytesNames + rep.nModes); /* '\0' terminate names */ - -- rbytes = (sizeof (XRRScreenResources) + -- rep.nCrtcs * sizeof (RRCrtc) + -- rep.nOutputs * sizeof (RROutput) + -- rep.nModes * sizeof (XRRModeInfo) + -- rep.nbytesNames + rep.nModes); /* '\0' terminate names */ -+ xrsr = (XRRScreenResources *) Xmalloc(rbytes); -+ wire_names = (char *) Xmalloc (rep.nbytesNames); -+ } else { -+ nbytes = 0; -+ nbytesRead = 0; -+ rbytes = 0; -+ xrsr = NULL; -+ wire_names = NULL; -+ } - -- xrsr = (XRRScreenResources *) Xmalloc(rbytes); -- wire_names = (char *) Xmalloc (rep.nbytesNames); - if (xrsr == NULL || wire_names == NULL) { - Xfree (xrsr); - Xfree (wire_names); -@@ -174,6 +184,14 @@ doGetScreenResources (Display *dpy, Window window, int poll) - wire_name = wire_names; - for (i = 0; i < rep.nModes; i++) { - xrsr->modes[i].name = names; -+ if (xrsr->modes[i].nameLength > rep.nbytesNames) { -+ Xfree (xrsr); -+ Xfree (wire_names); -+ UnlockDisplay (dpy); -+ SyncHandle (); -+ return NULL; -+ } -+ rep.nbytesNames -= xrsr->modes[i].nameLength; - memcpy (names, wire_name, xrsr->modes[i].nameLength); - names[xrsr->modes[i].nameLength] = '\0'; - names += xrsr->modes[i].nameLength + 1; --- -2.10.1 - diff --git a/gnu/packages/patches/libxrender-CVE-2016-7949.patch b/gnu/packages/patches/libxrender-CVE-2016-7949.patch deleted file mode 100644 index 3a2be4ea8e..0000000000 --- a/gnu/packages/patches/libxrender-CVE-2016-7949.patch +++ /dev/null @@ -1,66 +0,0 @@ -Fix CVE-2016-7949: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4 - -From 9362c7ddd1af3b168953d0737877bc52d79c94f4 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 25 Sep 2016 21:43:09 +0200 -Subject: [PATCH] Validate lengths while parsing server data. - -Individual lengths inside received server data can overflow -the previously reserved memory. - -It is therefore important to validate every single length -field to not overflow the previously agreed sum of all invidual -length fields. - -v2: consume remaining bytes in the reply buffer on error. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -Reviewed-by: Matthieu Herrb@laas.fr ---- - src/Xrender.c | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -diff --git a/src/Xrender.c b/src/Xrender.c -index 3102eb2..71cf3e6 100644 ---- a/src/Xrender.c -+++ b/src/Xrender.c -@@ -533,12 +533,30 @@ XRenderQueryFormats (Display *dpy) - screen->fallback = _XRenderFindFormat (xri, xScreen->fallback); - screen->subpixel = SubPixelUnknown; - xDepth = (xPictDepth *) (xScreen + 1); -+ if (screen->ndepths > rep.numDepths) { -+ Xfree (xri); -+ Xfree (xData); -+ _XEatDataWords (dpy, rep.length); -+ UnlockDisplay (dpy); -+ SyncHandle (); -+ return 0; -+ } -+ rep.numDepths -= screen->ndepths; - for (nd = 0; nd < screen->ndepths; nd++) - { - depth->depth = xDepth->depth; - depth->nvisuals = xDepth->nPictVisuals; - depth->visuals = visual; - xVisual = (xPictVisual *) (xDepth + 1); -+ if (depth->nvisuals > rep.numVisuals) { -+ Xfree (xri); -+ Xfree (xData); -+ _XEatDataWords (dpy, rep.length); -+ UnlockDisplay (dpy); -+ SyncHandle (); -+ return 0; -+ } -+ rep.numVisuals -= depth->nvisuals; - for (nv = 0; nv < depth->nvisuals; nv++) - { - visual->visual = _XRenderFindVisual (dpy, xVisual->visual); --- -2.10.1 - diff --git a/gnu/packages/patches/libxrender-CVE-2016-7950.patch b/gnu/packages/patches/libxrender-CVE-2016-7950.patch deleted file mode 100644 index 1a64b6e724..0000000000 --- a/gnu/packages/patches/libxrender-CVE-2016-7950.patch +++ /dev/null @@ -1,73 +0,0 @@ -Fix CVE-2016-7950: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714 - -From 8fad00b0b647ee662ce4737ca15be033b7a21714 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 25 Sep 2016 21:42:09 +0200 -Subject: [PATCH] Avoid OOB write in XRenderQueryFilters - -The memory for filter names is reserved right after receiving the reply. -After that, filters are iterated and each individual filter name is -stored in that reserved memory. - -The individual name lengths are not checked for validity, which means -that a malicious server can reserve less memory than it will write to -during each iteration. - -v2: consume remaining bytes in reply buffer on error. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> ---- - src/Filter.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/src/Filter.c b/src/Filter.c -index edfa572..8d701eb 100644 ---- a/src/Filter.c -+++ b/src/Filter.c -@@ -38,7 +38,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable) - char *name; - char len; - int i; -- unsigned long nbytes, nbytesAlias, nbytesName; -+ unsigned long nbytes, nbytesAlias, nbytesName, reply_left; - - if (!RenderHasExtension (info)) - return NULL; -@@ -114,6 +114,7 @@ XRenderQueryFilters (Display *dpy, Drawable drawable) - * Read the filter aliases - */ - _XRead16Pad (dpy, filters->alias, 2 * rep.numAliases); -+ reply_left = 8 + rep.length - 2 * rep.numAliases;; - - /* - * Read the filter names -@@ -122,9 +123,19 @@ XRenderQueryFilters (Display *dpy, Drawable drawable) - { - int l; - _XRead (dpy, &len, 1); -+ reply_left--; - l = len & 0xff; -+ if ((unsigned long)l + 1 > nbytesName) { -+ _XEatDataWords(dpy, reply_left); -+ Xfree(filters); -+ UnlockDisplay (dpy); -+ SyncHandle (); -+ return NULL; -+ } -+ nbytesName -= l + 1; - filters->filter[i] = name; - _XRead (dpy, name, l); -+ reply_left -= l; - name[l] = '\0'; - name += l + 1; - } --- -2.10.1 - diff --git a/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch b/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch deleted file mode 100644 index 9df6cf3f4d..0000000000 --- a/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch +++ /dev/null @@ -1,152 +0,0 @@ -Fix CVE-2016-7951 and CVE-2016-7952 - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3 - -From 9556ad67af3129ec4a7a4f4b54a0d59701beeae3 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 25 Sep 2016 21:37:01 +0200 -Subject: [PATCH] Out of boundary access and endless loop in libXtst - -A lack of range checks in libXtst allows out of boundary accesses. -The checks have to be done in-place here, because it cannot be done -without in-depth knowledge of the read data. - -If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied -without a client sequence have attached data, an endless loop would -occur. The do-while-loop continues until the current index reaches -the end. But in these cases, the current index would not be -incremented, leading to an endless processing. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> ---- - src/XRecord.c | 43 +++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 39 insertions(+), 4 deletions(-) - -diff --git a/src/XRecord.c b/src/XRecord.c -index 50420c0..fefd842 100644 ---- a/src/XRecord.c -+++ b/src/XRecord.c -@@ -749,15 +749,23 @@ parse_reply_call_callback( - switch (rep->category) { - case XRecordFromServer: - if (rep->elementHeader&XRecordFromServerTime) { -+ if (current_index + 4 > rep->length << 2) -+ return Error; - EXTRACT_CARD32(rep->clientSwapped, - reply->buf+current_index, - data->server_time); - current_index += 4; - } -+ if (current_index + 1 > rep->length << 2) -+ return Error; - switch (reply->buf[current_index]) { - case X_Reply: /* reply */ -+ if (current_index + 8 > rep->length << 2) -+ return Error; - EXTRACT_CARD32(rep->clientSwapped, - reply->buf+current_index+4, datum_bytes); -+ if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8)) -+ return Error; - datum_bytes = (datum_bytes+8) << 2; - break; - default: /* error or event */ -@@ -766,52 +774,73 @@ parse_reply_call_callback( - break; - case XRecordFromClient: - if (rep->elementHeader&XRecordFromClientTime) { -+ if (current_index + 4 > rep->length << 2) -+ return Error; - EXTRACT_CARD32(rep->clientSwapped, - reply->buf+current_index, - data->server_time); - current_index += 4; - } - if (rep->elementHeader&XRecordFromClientSequence) { -+ if (current_index + 4 > rep->length << 2) -+ return Error; - EXTRACT_CARD32(rep->clientSwapped, - reply->buf+current_index, - data->client_seq); - current_index += 4; - } -+ if (current_index + 4 > rep->length<<2) -+ return Error; - if (reply->buf[current_index+2] == 0 - && reply->buf[current_index+3] == 0) /* needn't swap 0 */ - { /* BIG-REQUESTS */ -+ if (current_index + 8 > rep->length << 2) -+ return Error; - EXTRACT_CARD32(rep->clientSwapped, - reply->buf+current_index+4, datum_bytes); - } else { - EXTRACT_CARD16(rep->clientSwapped, - reply->buf+current_index+2, datum_bytes); - } -+ if (datum_bytes < 0 || datum_bytes > INT_MAX >> 2) -+ return Error; - datum_bytes <<= 2; - break; - case XRecordClientStarted: -+ if (current_index + 8 > rep->length << 2) -+ return Error; - EXTRACT_CARD16(rep->clientSwapped, - reply->buf+current_index+6, datum_bytes); - datum_bytes = (datum_bytes+2) << 2; - break; - case XRecordClientDied: - if (rep->elementHeader&XRecordFromClientSequence) { -+ if (current_index + 4 > rep->length << 2) -+ return Error; - EXTRACT_CARD32(rep->clientSwapped, - reply->buf+current_index, - data->client_seq); - current_index += 4; -- } -- /* fall through */ -+ } else if (current_index < rep->length << 2) -+ return Error; -+ datum_bytes = 0; -+ break; - case XRecordStartOfData: - case XRecordEndOfData: -+ if (current_index < rep->length << 2) -+ return Error; - datum_bytes = 0; -+ break; - } - - if (datum_bytes > 0) { -- if (current_index + datum_bytes > rep->length << 2) -+ if (INT_MAX - datum_bytes < (rep->length << 2) - current_index) { - fprintf(stderr, - "XRecord: %lu-byte reply claims %d-byte element (seq %lu)\n", -- (long)rep->length << 2, current_index + datum_bytes, -+ (unsigned long)rep->length << 2, current_index + datum_bytes, - dpy->last_request_read); -+ return Error; -+ } - /* - * This assignment (and indeed the whole buffer sharing - * scheme) assumes arbitrary 4-byte boundaries are -@@ -863,6 +892,12 @@ XRecordEnableContext(Display *dpy, XRecordContext context, - return 0; - } - -+ if (rep.length > INT_MAX >> 2) { -+ UnlockDisplay(dpy); -+ SyncHandle(); -+ return 0; -+ } -+ - if (rep.length > 0) { - reply = alloc_reply_buffer(info, rep.length<<2); - if (!reply) { --- -2.10.1 - diff --git a/gnu/packages/patches/libxv-CVE-2016-5407.patch b/gnu/packages/patches/libxv-CVE-2016-5407.patch deleted file mode 100644 index e6a76c9f70..0000000000 --- a/gnu/packages/patches/libxv-CVE-2016-5407.patch +++ /dev/null @@ -1,162 +0,0 @@ -Fix CVE-2016-5407: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17 - -From d9da580b46a28ab497de2e94fdc7b9ff953dab17 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 25 Sep 2016 21:30:03 +0200 -Subject: [PATCH] Protocol handling issues in libXv - CVE-2016-5407 - -The Xv query functions for adaptors and encodings suffer from out of -boundary accesses if a hostile X server sends a maliciously crafted -response. - -A previous fix already checks the received length against fixed values -but ignores additional length specifications which are stored inside -the received data. - -These lengths are accessed in a for-loop. The easiest way to guarantee -a correct processing is by validating all lengths against the -remaining size left before accessing referenced memory. - -This makes the previously applied check obsolete, therefore I removed -it. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> ---- - src/Xv.c | 46 +++++++++++++++++++++++++++++----------------- - 1 file changed, 29 insertions(+), 17 deletions(-) - -diff --git a/src/Xv.c b/src/Xv.c -index e47093a..be450c4 100644 ---- a/src/Xv.c -+++ b/src/Xv.c -@@ -158,6 +158,7 @@ XvQueryAdaptors( - size_t size; - unsigned int ii, jj; - char *name; -+ char *end; - XvAdaptorInfo *pas = NULL, *pa; - XvFormat *pfs, *pf; - char *buffer = NULL; -@@ -197,17 +198,13 @@ XvQueryAdaptors( - /* GET INPUT ADAPTORS */ - - if (rep.num_adaptors == 0) { -- /* If there's no adaptors, there's nothing more to do. */ -+ /* If there are no adaptors, there's nothing more to do. */ - status = Success; - goto out; - } - -- if (size < (rep.num_adaptors * sz_xvAdaptorInfo)) { -- /* If there's not enough data for the number of adaptors, -- then we have a problem. */ -- status = XvBadReply; -- goto out; -- } -+ u.buffer = buffer; -+ end = buffer + size; - - size = rep.num_adaptors * sizeof(XvAdaptorInfo); - if ((pas = Xmalloc(size)) == NULL) { -@@ -225,9 +222,12 @@ XvQueryAdaptors( - pa++; - } - -- u.buffer = buffer; - pa = pas; - for (ii = 0; ii < rep.num_adaptors; ii++) { -+ if (u.buffer + sz_xvAdaptorInfo > end) { -+ status = XvBadReply; -+ goto out; -+ } - pa->type = u.pa->type; - pa->base_id = u.pa->base_id; - pa->num_ports = u.pa->num_ports; -@@ -239,6 +239,10 @@ XvQueryAdaptors( - size = u.pa->name_size; - u.buffer += pad_to_int32(sz_xvAdaptorInfo); - -+ if (u.buffer + size > end) { -+ status = XvBadReply; -+ goto out; -+ } - if ((name = Xmalloc(size + 1)) == NULL) { - status = XvBadAlloc; - goto out; -@@ -259,6 +263,11 @@ XvQueryAdaptors( - - pf = pfs; - for (jj = 0; jj < pa->num_formats; jj++) { -+ if (u.buffer + sz_xvFormat > end) { -+ Xfree(pfs); -+ status = XvBadReply; -+ goto out; -+ } - pf->depth = u.pf->depth; - pf->visual_id = u.pf->visual; - pf++; -@@ -327,6 +336,7 @@ XvQueryEncodings( - size_t size; - unsigned int jj; - char *name; -+ char *end; - XvEncodingInfo *pes = NULL, *pe; - char *buffer = NULL; - union { -@@ -364,17 +374,13 @@ XvQueryEncodings( - /* GET ENCODINGS */ - - if (rep.num_encodings == 0) { -- /* If there's no encodings, there's nothing more to do. */ -+ /* If there are no encodings, there's nothing more to do. */ - status = Success; - goto out; - } - -- if (size < (rep.num_encodings * sz_xvEncodingInfo)) { -- /* If there's not enough data for the number of adaptors, -- then we have a problem. */ -- status = XvBadReply; -- goto out; -- } -+ u.buffer = buffer; -+ end = buffer + size; - - size = rep.num_encodings * sizeof(XvEncodingInfo); - if ((pes = Xmalloc(size)) == NULL) { -@@ -391,10 +397,12 @@ XvQueryEncodings( - pe++; - } - -- u.buffer = buffer; -- - pe = pes; - for (jj = 0; jj < rep.num_encodings; jj++) { -+ if (u.buffer + sz_xvEncodingInfo > end) { -+ status = XvBadReply; -+ goto out; -+ } - pe->encoding_id = u.pe->encoding; - pe->width = u.pe->width; - pe->height = u.pe->height; -@@ -405,6 +413,10 @@ XvQueryEncodings( - size = u.pe->name_size; - u.buffer += pad_to_int32(sz_xvEncodingInfo); - -+ if (u.buffer + size > end) { -+ status = XvBadReply; -+ goto out; -+ } - if ((name = Xmalloc(size + 1)) == NULL) { - status = XvBadAlloc; - goto out; --- -2.10.1 - diff --git a/gnu/packages/patches/libxvmc-CVE-2016-7953.patch b/gnu/packages/patches/libxvmc-CVE-2016-7953.patch deleted file mode 100644 index 737abdeb9f..0000000000 --- a/gnu/packages/patches/libxvmc-CVE-2016-7953.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix CVE-2016-7953: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb - -From 2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 25 Sep 2016 22:34:27 +0200 -Subject: [PATCH] Avoid buffer underflow on empty strings. - -If an empty string is received from an x-server, do not underrun the -buffer by accessing "rep.nameLen - 1" unconditionally, which could end -up being -1. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> ---- - src/XvMC.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/XvMC.c b/src/XvMC.c -index 7336760..3ee4212 100644 ---- a/src/XvMC.c -+++ b/src/XvMC.c -@@ -576,9 +576,9 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port, - if (*name && *busID && tmpBuf) { - _XRead(dpy, tmpBuf, realSize); - strncpy(*name,tmpBuf,rep.nameLen); -- (*name)[rep.nameLen - 1] = '\0'; -+ (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0'; - strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen); -- (*busID)[rep.busIDLen - 1] = '\0'; -+ (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0'; - XFree(tmpBuf); - } else { - XFree(*name); --- -2.10.1 - diff --git a/gnu/packages/patches/linux-pam-no-setfsuid.patch b/gnu/packages/patches/linux-pam-no-setfsuid.patch new file mode 100644 index 0000000000..f92fbc057a --- /dev/null +++ b/gnu/packages/patches/linux-pam-no-setfsuid.patch @@ -0,0 +1,75 @@ +On systems without 'setfsuid', use 'setreuid' instead. + +The patch originates from the Debian project for GNU/Hurd. +Authors: Steve Langasek <vorlon@debian.org> +Upstream status: A ticket was opened to request apply the patch, +ticket: 'https://fedorahosted.org/linux-pam/ticket/64'. + +--- Linux-PAM-1.2.1/libpam/pam_modutil_priv.c 2015-03-24 06:02:32.000000000 -0600 ++++ pam_modutil_priv-mod.c 2016-09-20 13:36:53.150663205 -0500 +@@ -14,7 +14,9 @@ + #include <syslog.h> + #include <pwd.h> + #include <grp.h> ++#ifdef HAVE_SYS_FSUID_H + #include <sys/fsuid.h> ++#endif /* HAVE_SYS_FSUID_H */ + + /* + * Two setfsuid() calls in a row are necessary to check +@@ -22,17 +24,55 @@ + */ + static int change_uid(uid_t uid, uid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + uid_t tmp = setfsuid(uid); + if (save) + *save = tmp; + return (uid_t) setfsuid(uid) == uid ? 0 : -1; ++#else ++ uid_t euid = geteuid(); ++ uid_t ruid = getuid(); ++ if (save) ++ *save = ruid; ++ if (ruid == uid && uid != 0) ++ if (setreuid(euid, uid)) ++ return -1; ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, uid)) ++ return -1; ++ } ++ } ++#endif + } + static int change_gid(gid_t gid, gid_t *save) + { ++#ifdef HAVE_SYS_FSUID_H + gid_t tmp = setfsgid(gid); + if (save) + *save = tmp; + return (gid_t) setfsgid(gid) == gid ? 0 : -1; ++#else ++ gid_t egid = getegid(); ++ gid_t rgid = getgid(); ++ if (save) ++ *save = rgid; ++ if (rgid == gid) ++ if (setregid(egid, gid)) ++ return -1; ++ else { ++ setregid(0, -1); ++ if (setregid(-1, gid)) { ++ setregid(-1, 0); ++ setregid(0, -1); ++ if (setregid(-1, gid)) ++ return -1; ++ } ++ } ++#endif + } + + static int cleanup(struct pam_modutil_privs *p) diff --git a/gnu/packages/patches/openssl-CVE-2016-2177.patch b/gnu/packages/patches/openssl-CVE-2016-2177.patch deleted file mode 100644 index f6465aeaa7..0000000000 --- a/gnu/packages/patches/openssl-CVE-2016-2177.patch +++ /dev/null @@ -1,286 +0,0 @@ -Fix CVE-2016-2177. - -<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177> - -Source: -<https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7> - -From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Thu, 5 May 2016 11:10:26 +0100 -Subject: [PATCH] Avoid some undefined pointer arithmetic - -A common idiom in the codebase is: - -if (p + len > limit) -{ - return; /* Too long */ -} - -Where "p" points to some malloc'd data of SIZE bytes and -limit == p + SIZE - -"len" here could be from some externally supplied data (e.g. from a TLS -message). - -The rules of C pointer arithmetic are such that "p + len" is only well -defined where len <= SIZE. Therefore the above idiom is actually -undefined behaviour. - -For example this could cause problems if some malloc implementation -provides an address for "p" such that "p + len" actually overflows for -values of len that are too big and therefore p + len < limit! - -Issue reported by Guido Vranken. - -CVE-2016-2177 - -Reviewed-by: Rich Salz <rsalz@openssl.org> ---- - ssl/s3_srvr.c | 14 +++++++------- - ssl/ssl_sess.c | 2 +- - ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++-------------------------- - 3 files changed, 38 insertions(+), 34 deletions(-) - -diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c -index ab28702..ab7f690 100644 ---- a/ssl/s3_srvr.c -+++ b/ssl/s3_srvr.c -@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s) - - session_length = *(p + SSL3_RANDOM_SIZE); - -- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { -+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s) - /* get the session-id */ - j = *(p++); - -- if (p + j > d + n) { -+ if ((d + n) - p < j) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s) - - if (SSL_IS_DTLS(s)) { - /* cookie stuff */ -- if (p + 1 > d + n) { -+ if ((d + n) - p < 1) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - cookie_len = *(p++); - -- if (p + cookie_len > d + n) { -+ if ((d + n ) - p < cookie_len) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s) - } - } - -- if (p + 2 > d + n) { -+ if ((d + n ) - p < 2) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s) - } - - /* i bytes of cipher data + 1 byte for compression length later */ -- if ((p + i + 1) > (d + n)) { -+ if ((d + n) - p < i + 1) { - /* not enough data */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); -@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s) - - /* compression */ - i = *(p++); -- if ((p + i) > (d + n)) { -+ if ((d + n) - p < i) { - /* not enough data */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c -index b182998..54ee783 100644 ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, - int r; - #endif - -- if (session_id + len > limit) { -+ if (limit - session_id < len) { - fatal = 1; - goto err; - } -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index fb64607..cdac011 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - 0x02, 0x03, /* SHA-1/ECDSA */ - }; - -- if (data >= (limit - 2)) -+ if (limit - data <= 2) - return; - data += 2; - -- if (data > (limit - 4)) -+ if (limit - data < 4) - return; - n2s(data, type); - n2s(data, size); -@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - if (type != TLSEXT_TYPE_server_name) - return; - -- if (data + size > limit) -+ if (limit - data < size) - return; - data += size; - -@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - const size_t len1 = sizeof(kSafariExtensionsBlock); - const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - -- if (data + len1 + len2 != limit) -+ if (limit - data != (int)(len1 + len2)) - return; - if (memcmp(data, kSafariExtensionsBlock, len1) != 0) - return; -@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - } else { - const size_t len = sizeof(kSafariExtensionsBlock); - -- if (data + len != limit) -+ if (limit - data != (int)(len)) - return; - if (memcmp(data, kSafariExtensionsBlock, len) != 0) - return; -@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, - if (data == limit) - goto ri_check; - -- if (data > (limit - 2)) -+ if (limit - data < 2) - goto err; - - n2s(data, len); - -- if (data + len != limit) -+ if (limit - data != len) - goto err; - -- while (data <= (limit - 4)) { -+ while (limit - data >= 4) { - n2s(data, type); - n2s(data, size); - -- if (data + size > (limit)) -+ if (limit - data < size) - goto err; - # if 0 - fprintf(stderr, "Received extension type %d size %d\n", type, size); -@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s, - if (s->hit || s->cert->srv_ext.meths_count == 0) - return 1; - -- if (data >= limit - 2) -+ if (limit - data <= 2) - return 1; - n2s(data, len); - -- if (data > limit - len) -+ if (limit - data < len) - return 1; - -- while (data <= limit - 4) { -+ while (limit - data >= 4) { - n2s(data, type); - n2s(data, size); - -- if (data + size > limit) -+ if (limit - data < size) - return 1; - if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0) - return 0; -@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, - SSL_TLSEXT_HB_DONT_SEND_REQUESTS); - # endif - -- if (data >= (d + n - 2)) -+ if ((d + n) - data <= 2) - goto ri_check; - - n2s(data, length); -- if (data + length != d + n) { -+ if ((d + n) - data != length) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - -- while (data <= (d + n - 4)) { -+ while ((d + n) - data >= 4) { - n2s(data, type); - n2s(data, size); - -- if (data + size > (d + n)) -+ if ((d + n) - data < size) - goto ri_check; - - if (s->tlsext_debug_cb) -@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, - /* Skip past DTLS cookie */ - if (SSL_IS_DTLS(s)) { - i = *(p++); -- p += i; -- if (p >= limit) -+ -+ if (limit - p <= i) - return -1; -+ -+ p += i; - } - /* Skip past cipher list */ - n2s(p, i); -- p += i; -- if (p >= limit) -+ if (limit - p <= i) - return -1; -+ p += i; -+ - /* Skip past compression algorithm list */ - i = *(p++); -- p += i; -- if (p > limit) -+ if (limit - p < i) - return -1; -+ p += i; -+ - /* Now at start of extensions */ -- if ((p + 2) >= limit) -+ if (limit - p <= 2) - return 0; - n2s(p, i); -- while ((p + 4) <= limit) { -+ while (limit - p >= 4) { - unsigned short type, size; - n2s(p, type); - n2s(p, size); -- if (p + size > limit) -+ if (limit - p < size) - return 0; - if (type == TLSEXT_TYPE_session_ticket) { - int r; --- -2.8.4 - diff --git a/gnu/packages/patches/openssl-CVE-2016-2178.patch b/gnu/packages/patches/openssl-CVE-2016-2178.patch deleted file mode 100644 index 37cf2763af..0000000000 --- a/gnu/packages/patches/openssl-CVE-2016-2178.patch +++ /dev/null @@ -1,112 +0,0 @@ -Fix CVE-2016-2178. - -<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178> - -Source: -<https://git.openssl.org/?p=openssl.git;a=commit;h=621eaf49a289bfac26d4cbcdb7396e796784c534> -<https://git.openssl.org/?p=openssl.git;a=commit;h=b7d0f2834e139a20560d64c73e2565e93715ce2b> - -From 621eaf49a289bfac26d4cbcdb7396e796784c534 Mon Sep 17 00:00:00 2001 -From: Cesar Pereida <cesar.pereida@aalto.fi> -Date: Mon, 23 May 2016 12:45:25 +0300 -Subject: [PATCH 1/2] Fix DSA, preserve BN_FLG_CONSTTIME - -Operations in the DSA signing algorithm should run in constant time in -order to avoid side channel attacks. A flaw in the OpenSSL DSA -implementation means that a non-constant time codepath is followed for -certain operations. This has been demonstrated through a cache-timing -attack to be sufficient for an attacker to recover the private DSA key. - -CVE-2016-2178 - -Reviewed-by: Richard Levitte <levitte@openssl.org> -Reviewed-by: Matt Caswell <matt@openssl.org> ---- - crypto/dsa/dsa_ossl.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c -index efc4f1b..b29eb4b 100644 ---- a/crypto/dsa/dsa_ossl.c -+++ b/crypto/dsa/dsa_ossl.c -@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - if (!BN_rand_range(&k, dsa->q)) - goto err; - while (BN_is_zero(&k)) ; -- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -- BN_set_flags(&k, BN_FLG_CONSTTIME); -- } - - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, -@@ -279,9 +276,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - } - - K = &kq; -+ -+ BN_set_flags(K, BN_FLG_CONSTTIME); - } else { - K = &k; - } -+ - DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, - dsa->method_mont_p); - if (!BN_mod(r, r, dsa->q, ctx)) --- -2.8.4 - -From b7d0f2834e139a20560d64c73e2565e93715ce2b Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Tue, 7 Jun 2016 09:12:51 +0100 -Subject: [PATCH 2/2] More fix DSA, preserve BN_FLG_CONSTTIME - -The previous "fix" still left "k" exposed to constant time problems in -the later BN_mod_inverse() call. Ensure both k and kq have the -BN_FLG_CONSTTIME flag set at the earliest opportunity after creation. - -CVE-2016-2178 - -Reviewed-by: Rich Salz <rsalz@openssl.org> ---- - crypto/dsa/dsa_ossl.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c -index b29eb4b..58013a4 100644 ---- a/crypto/dsa/dsa_ossl.c -+++ b/crypto/dsa/dsa_ossl.c -@@ -247,7 +247,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - do - if (!BN_rand_range(&k, dsa->q)) - goto err; -- while (BN_is_zero(&k)) ; -+ while (BN_is_zero(&k)); -+ -+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -+ BN_set_flags(&k, BN_FLG_CONSTTIME); -+ } -+ - - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, -@@ -261,6 +266,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - if (!BN_copy(&kq, &k)) - goto err; - -+ BN_set_flags(&kq, BN_FLG_CONSTTIME); -+ - /* - * We do not want timing information to leak the length of k, so we - * compute g^k using an equivalent exponent of fixed length. (This -@@ -276,8 +283,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - } - - K = &kq; -- -- BN_set_flags(K, BN_FLG_CONSTTIME); - } else { - K = &k; - } --- -2.8.4 - diff --git a/gnu/packages/patches/perl-CVE-2015-8607.patch b/gnu/packages/patches/perl-CVE-2015-8607.patch deleted file mode 100644 index 4c25d41740..0000000000 --- a/gnu/packages/patches/perl-CVE-2015-8607.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 3a629609084d147838368262171b923f0770e564 Mon Sep 17 00:00:00 2001 -From: Tony Cook <tony@develop-help.com> -Date: Tue, 15 Dec 2015 10:56:54 +1100 -Subject: ensure File::Spec::canonpath() preserves taint - -Previously the unix specific XS implementation of canonpath() would -return an untainted path when supplied a tainted path. - -For the empty string case, newSVpvs() already sets taint as needed on -its result. - -This issue was assigned CVE-2015-8607. - -Bug: https://rt.perl.org/Ticket/Display.html?id=126862 -Bug-Debian: https://bugs.debian.org/810719 -Origin: upstream -Patch-Name: fixes/CVE-2015-8607_file_spec_taint_fix.diff ---- - dist/PathTools/Cwd.xs | 1 + - dist/PathTools/t/taint.t | 19 ++++++++++++++++++- - 2 files changed, 19 insertions(+), 1 deletion(-) - -diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs -index 9d4dcf0..3d018dc 100644 ---- a/dist/PathTools/Cwd.xs -+++ b/dist/PathTools/Cwd.xs -@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path) - *o = 0; - SvPOK_on(retval); - SvCUR_set(retval, o - SvPVX(retval)); -+ SvTAINT(retval); - return retval; - } - -diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t -index 309b3e5..48f8c5b 100644 ---- a/dist/PathTools/t/taint.t -+++ b/dist/PathTools/t/taint.t -@@ -12,7 +12,7 @@ use Test::More; - BEGIN { - plan( - ${^TAINT} -- ? (tests => 17) -+ ? (tests => 21) - : (skip_all => "A perl without taint support") - ); - } -@@ -34,3 +34,20 @@ foreach my $func (@Functions) { - - # Previous versions of Cwd tainted $^O - is !tainted($^O), 1, "\$^O should not be tainted"; -+ -+{ -+ # [perl #126862] canonpath() loses taint -+ my $tainted = substr($ENV{PATH}, 0, 0); -+ # yes, getcwd()'s result should be tainted, and is tested above -+ # but be sure -+ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)), -+ "canonpath() keeps taint on non-empty string"; -+ ok tainted(File::Spec->canonpath($tainted)), -+ "canonpath() keeps taint on empty string"; -+ -+ (Cwd::getcwd() =~ /^(.*)/); -+ my $untainted = $1; -+ ok !tainted($untainted), "make sure our untainted value is untainted"; -+ ok !tainted(File::Spec->canonpath($untainted)), -+ "canonpath() doesn't add taint to untainted string"; -+} diff --git a/gnu/packages/patches/perl-CVE-2016-2381.patch b/gnu/packages/patches/perl-CVE-2016-2381.patch deleted file mode 100644 index 99d1944a5d..0000000000 --- a/gnu/packages/patches/perl-CVE-2016-2381.patch +++ /dev/null @@ -1,116 +0,0 @@ -Fix CVE-2016-2381 (ambiguous handling of duplicated environment variables). - -Copied from upstream: -http://perl5.git.perl.org/perl.git/commit/ae37b791a73a9e78dedb89fb2429d2628cf58076 - -References: -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381 -http://www.nntp.perl.org/group/perl.perl5.porters/2016/03/msg234747.html -https://security-tracker.debian.org/tracker/CVE-2016-2381 - ---- - -From 1237ea93fb2475a5ae576d5ee1358a5bb4ebe426 Mon Sep 17 00:00:00 2001 -From: Tony Cook <tony@develop-help.com> -Date: Wed, 27 Jan 2016 11:52:15 +1100 -Subject: remove duplicate environment variables from environ - -If we see duplicate environment variables while iterating over -environ[]: - -a) make sure we use the same value in %ENV that getenv() returns. - -Previously on a duplicate, %ENV would have the last entry for the name -from environ[], but a typical getenv() would return the first entry. - -Rather than assuming all getenv() implementations return the first entry -explicitly call getenv() to ensure they agree. - -b) remove duplicate entries from environ - -Previously if there was a duplicate definition for a name in environ[] -setting that name in %ENV could result in an unsafe value being passed -to a child process, so ensure environ[] has no duplicates. - -Patch-Name: fixes/CVE-2016-2381_duplicate_env.diff ---- - perl.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 49 insertions(+), 2 deletions(-) - -diff --git a/perl.c b/perl.c -index 67d32ce..26aeb91 100644 ---- a/perl.c -+++ b/perl.c -@@ -4277,23 +4277,70 @@ S_init_postdump_symbols(pTHX_ int argc, char **argv, char **env) - } - if (env) { - char *s, *old_var; -+ STRLEN nlen; - SV *sv; -+ HV *dups = newHV(); -+ - for (; *env; env++) { - old_var = *env; - - if (!(s = strchr(old_var,'=')) || s == old_var) - continue; -+ nlen = s - old_var; - - #if defined(MSDOS) && !defined(DJGPP) - *s = '\0'; - (void)strupr(old_var); - *s = '='; - #endif -- sv = newSVpv(s+1, 0); -- (void)hv_store(hv, old_var, s - old_var, sv, 0); -+ if (hv_exists(hv, old_var, nlen)) { -+ const char *name = savepvn(old_var, nlen); -+ -+ /* make sure we use the same value as getenv(), otherwise code that -+ uses getenv() (like setlocale()) might see a different value to %ENV -+ */ -+ sv = newSVpv(PerlEnv_getenv(name), 0); -+ -+ /* keep a count of the dups of this name so we can de-dup environ later */ -+ if (hv_exists(dups, name, nlen)) -+ ++SvIVX(*hv_fetch(dups, name, nlen, 0)); -+ else -+ (void)hv_store(dups, name, nlen, newSViv(1), 0); -+ -+ Safefree(name); -+ } -+ else { -+ sv = newSVpv(s+1, 0); -+ } -+ (void)hv_store(hv, old_var, nlen, sv, 0); - if (env_is_not_environ) - mg_set(sv); - } -+ if (HvKEYS(dups)) { -+ /* environ has some duplicate definitions, remove them */ -+ HE *entry; -+ hv_iterinit(dups); -+ while ((entry = hv_iternext_flags(dups, 0))) { -+ STRLEN nlen; -+ const char *name = HePV(entry, nlen); -+ IV count = SvIV(HeVAL(entry)); -+ IV i; -+ SV **valp = hv_fetch(hv, name, nlen, 0); -+ -+ assert(valp); -+ -+ /* try to remove any duplicate names, depending on the -+ * implementation used in my_setenv() the iteration might -+ * not be necessary, but let's be safe. -+ */ -+ for (i = 0; i < count; ++i) -+ my_setenv(name, 0); -+ -+ /* and set it back to the value we set $ENV{name} to */ -+ my_setenv(name, SvPV_nolen(*valp)); -+ } -+ } -+ SvREFCNT_dec_NN(dups); - } - #endif /* USE_ENVIRON_ARRAY */ - #endif /* !PERL_MICRO */ diff --git a/gnu/packages/patches/perl-no-build-time.patch b/gnu/packages/patches/perl-no-build-time.patch deleted file mode 100644 index 5d78e8f462..0000000000 --- a/gnu/packages/patches/perl-no-build-time.patch +++ /dev/null @@ -1,26 +0,0 @@ -Do not record the configuration and build time so that builds can be -reproduced bit-for-bit. - ---- perl-5.22.0/Configure 1970-01-01 01:00:00.000000000 +0100 -+++ perl-5.22.0/Configure 2015-12-13 00:14:43.148165080 +0100 -@@ -3834,6 +3817,7 @@ esac - - : who configured the system - cf_time=`LC_ALL=C; LANGUAGE=C; export LC_ALL; export LANGUAGE; $date 2>&1` -+cf_time='Thu Jan 1 00:00:01 UTC 1970' - case "$cf_by" in - "") - cf_by=`(logname) 2>/dev/null` - ---- perl-5.22.0/perl.c 2015-12-13 00:25:30.269156627 +0100 -+++ perl-5.22.0/perl.c 2015-12-13 00:25:38.265218175 +0100 -@@ -1795,7 +1795,7 @@ S_Internals_V(pTHX_ CV *cv) - PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options, - sizeof(non_bincompat_options) - 1, SVs_TEMP)); - --#ifdef __DATE__ -+#if 0 - # ifdef __TIME__ - PUSHs(Perl_newSVpvn_flags(aTHX_ - STR_WITH_LEN("Compiled at " __DATE__ " " __TIME__), - diff --git a/gnu/packages/patches/perl-reproducible-build-date.patch b/gnu/packages/patches/perl-reproducible-build-date.patch new file mode 100644 index 0000000000..bf0d4b8f6d --- /dev/null +++ b/gnu/packages/patches/perl-reproducible-build-date.patch @@ -0,0 +1,50 @@ +Don't encode the current timestamp. + +This affects the output of `perl -V`, specifically the message "Compiled +at [...]". + +The 'cf_time' and 'cf_by' values show up in 'config.h' and +in 'Config_heavy.pl'. + +Use the output of 'uname -s' instead of 'uname -a' to avoid recording +the kernel version ('uname -o' leads to directory names like +'x86_64-gnulinux' instead of 'x86_64-linux', which might cause breakage +down the road.) + +diff --git a/perl.c b/perl.c +index 228a0d8..ed38313 100644 +--- a/perl.c ++++ b/perl.c +@@ -1825,6 +1825,7 @@ S_Internals_V(pTHX_ CV *cv) + PUSHs(Perl_newSVpvn_flags(aTHX_ non_bincompat_options, + sizeof(non_bincompat_options) - 1, SVs_TEMP)); + ++#define PERL_BUILD_DATE "Jan 1 1970 00:00:00" + #ifndef PERL_BUILD_DATE + # ifdef __DATE__ + # ifdef __TIME__ + +--- a/Configure 1970-01-01 01:00:00.000000000 +0100 ++++ b/Configure 2016-10-01 14:47:20.017319739 +0200 +@@ -3276,7 +3276,7 @@ $eunicefix tr + : Try to determine whether config.sh was made on this system + case "$config_sh" in + '') +-myuname=`$uname -a 2>/dev/null` ++myuname=`$uname -s 2>/dev/null` + $test -z "$myuname" && myuname=`hostname 2>/dev/null` + # Downcase everything to avoid ambiguity. + # Remove slashes and single quotes so we can use parts of this in +@@ -3845,10 +3845,10 @@ + . ./posthint.sh + + : who configured the system +-cf_time=`LC_ALL=C; LANGUAGE=C; export LC_ALL; export LANGUAGE; $date 2>&1` ++cf_time="1970-01-01" + case "$cf_by" in + "") +- cf_by=`(logname) 2>/dev/null` ++ cf_by="guix" + case "$cf_by" in + "") + cf_by=`(whoami) 2>/dev/null` diff --git a/gnu/packages/patches/perl-source-date-epoch.patch b/gnu/packages/patches/perl-source-date-epoch.patch deleted file mode 100644 index 37330c9537..0000000000 --- a/gnu/packages/patches/perl-source-date-epoch.patch +++ /dev/null @@ -1,19 +0,0 @@ -Adapted from <https://bugs.debian.org/801621>. -Make Pod::Man honor the SOURCE_DATE_EPOCH environment variable. - ---- perl-5.22.0/cpan/podlators/lib/Pod/Man.pm 2015-12-12 22:33:03.321787590 +0100 -+++ perl-5.22.0/cpan/podlators/lib/Pod/Man.pm 2015-12-12 22:36:33.367361338 +0100 -@@ -884,7 +884,12 @@ sub devise_date { - my ($self) = @_; - my $input = $self->source_filename; - my $time; -- if ($input) { -+ -+ if (defined($ENV{SOURCE_DATE_EPOCH}) && -+ $ENV{SOURCE_DATE_EPOCH} !~ /\D/) { -+ $time = $ENV{SOURCE_DATE_EPOCH}; -+ } -+ elsif ($input) { - $time = (stat $input)[9] || time; - } else { - $time = time; diff --git a/gnu/packages/patches/procps-non-linux.patch b/gnu/packages/patches/procps-non-linux.patch deleted file mode 100644 index 9d369aeb2c..0000000000 --- a/gnu/packages/patches/procps-non-linux.patch +++ /dev/null @@ -1,40 +0,0 @@ -From aa9bd38d0a6fe53aff7f78fb2d9f61e55677c7b5 Mon Sep 17 00:00:00 2001 -From: Craig Small <csmall@enc.com.au> -Date: Sun, 17 Apr 2016 09:09:41 +1000 -Subject: [PATCH] tests: Conditionally add prctl to test process - -prctl was already bypassed on Cygwin systems. This extends to -non-Linux systems such as kFreeBSD and Hurd. - ---- - lib/test_process.c | 4 ++-- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/lib/test_process.c b/lib/test_process.c -index 6e652ed..6a4776c 100644 ---- a/lib/test_process.c -+++ b/lib/test_process.c -@@ -21,7 +21,9 @@ - #include <stdlib.h> - #include <unistd.h> - #include <signal.h> -+#ifdef __linux__ - #include <sys/prctl.h> -+#endif - #include "c.h" - - #define DEFAULT_SLEEPTIME 300 -@@ -78,8 +80,10 @@ - sigaction(SIGUSR1, &signal_action, NULL); - sigaction(SIGUSR2, &signal_action, NULL); - -+#ifdef __linux__ - /* set process name */ - prctl(PR_SET_NAME, MY_NAME, NULL, NULL, NULL); -+#endif - - while (sleep_time > 0) { - sleep_time = sleep(sleep_time); --- -2.8.2 - diff --git a/gnu/packages/patches/python-3.4-fix-tests.patch b/gnu/packages/patches/python-3.4-fix-tests.patch new file mode 100644 index 0000000000..d1f8138e79 --- /dev/null +++ b/gnu/packages/patches/python-3.4-fix-tests.patch @@ -0,0 +1,12 @@ +--- Lib/test/test_posixpath.py 2014-03-01 05:46:56.984311000 +0100 ++++ Lib/test/test_posixpath.py 2014-03-07 00:59:20.888311000 +0100 +@@ -319,7 +319,11 @@ + del env['HOME'] + home = pwd.getpwuid(os.getuid()).pw_dir + # $HOME can end with a trailing /, so strip it (see #17809) +- self.assertEqual(posixpath.expanduser("~"), home.rstrip("/")) ++ # The Guix builders have '/' as a home directory, so ++ # home.rstrip("/") will be an empty string and the test will ++ # fail. Let's just disable it since it does not really make ++ # sense with such a bizarre setup. ++ # self.assertEqual(posixpath.expanduser("~"), home.rstrip("/")) diff --git a/gnu/packages/patches/python-3.5-fix-tests.patch b/gnu/packages/patches/python-3.5-fix-tests.patch new file mode 100644 index 0000000000..46d2a84efb --- /dev/null +++ b/gnu/packages/patches/python-3.5-fix-tests.patch @@ -0,0 +1,46 @@ +Additional test fixes which affect Python 3.5 (and presumably later) but not +prior revisions of Python. + +--- Lib/test/test_pathlib.py 2014-03-01 03:02:36.088311000 +0100 ++++ Lib/test/test_pathlib.py 2014-03-01 04:56:37.768311000 +0100 +@@ -1986,8 +1986,9 @@ + expect = set() if not support.fs_is_case_insensitive(BASE) else given + self.assertEqual(given, expect) + self.assertEqual(set(p.rglob("FILEd*")), set()) + ++ @unittest.skipIf(True, "Guix builder home is '/' which causes trouble for these tests") + def test_expanduser(self): + P = self.cls + support.import_module('pwd') + import pwd +--- Lib/test/test_tarfile.py 2016-02-24 19:22:52.597208055 +0000 ++++ Lib/test/test_tarfile.py 2016-02-24 20:50:48.941950135 +0000 +@@ -2305,11 +2305,14 @@ + try: + import pwd, grp + except ImportError: + return False +- if pwd.getpwuid(0)[0] != 'root': +- return False +- if grp.getgrgid(0)[0] != 'root': ++ try: ++ if pwd.getpwuid(0)[0] != 'root': ++ return False ++ if grp.getgrgid(0)[0] != 'root': ++ return False ++ except KeyError: + return False + return True + + +--- Lib/test/test_asyncio/test_base_events.py ++++ Lib/test/test_asyncio/test_base_events.py +@@ -142,6 +142,8 @@ class BaseEventTests(test_utils.TestCase): + (INET, STREAM, TCP, '', ('1.2.3.4', 1)), + base_events._ipaddr_info('1.2.3.4', b'1', INET, STREAM, TCP)) + ++ @unittest.skipUnless(support.is_resource_enabled('network'), ++ 'network is not enabled') + def test_getaddrinfo_servname(self): + INET = socket.AF_INET + STREAM = socket.SOCK_STREAM diff --git a/gnu/packages/patches/python-disable-ssl-test.patch b/gnu/packages/patches/python-disable-ssl-test.patch deleted file mode 100644 index e351c77505..0000000000 --- a/gnu/packages/patches/python-disable-ssl-test.patch +++ /dev/null @@ -1,12 +0,0 @@ -Disable a test that fails with openssl-1.0.2b. - ---- Lib/test/test_ssl.py.orig 2015-02-25 06:27:45.000000000 -0500 -+++ Lib/test/test_ssl.py 2015-06-12 03:14:09.395212502 -0400 -@@ -2718,6 +2718,7 @@ - chatty=True, connectionchatty=True) - self.assertIs(stats['compression'], None) - -+ @unittest.skipIf(True, "openssl 1.0.2b complains: dh key too small") - def test_dh_params(self): - # Check we can get a connection with ephemeral Diffie-Hellman - context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) diff --git a/gnu/packages/patches/python-fix-tests.patch b/gnu/packages/patches/python-fix-tests.patch index 82c19980f9..e093307c51 100644 --- a/gnu/packages/patches/python-fix-tests.patch +++ b/gnu/packages/patches/python-fix-tests.patch @@ -20,21 +20,6 @@ http://bugs.python.org/issue20868 . def test_tarfile_root_owner(self): tmpdir, tmpdir2, base_name = self._create_files() ---- Lib/test/test_posixpath.py 2014-03-01 05:46:56.984311000 +0100 -+++ Lib/test/test_posixpath.py 2014-03-07 00:59:20.888311000 +0100 -@@ -319,7 +319,11 @@ - del env['HOME'] - home = pwd.getpwuid(os.getuid()).pw_dir - # $HOME can end with a trailing /, so strip it (see #17809) -- self.assertEqual(posixpath.expanduser("~"), home.rstrip("/")) -+ # The Guix builders have '/' as a home directory, so -+ # home.rstrip("/") will be an empty string and the test will -+ # fail. Let's just disable it since it does not really make -+ # sense with such a bizarre setup. -+ # self.assertEqual(posixpath.expanduser("~"), home.rstrip("/")) - - def test_normpath(self): - self.assertEqual(posixpath.normpath(""), ".") --- Lib/test/test_socket.py.orig 2014-03-02 22:14:12.264311000 +0100 +++ Lib/test/test_socket.py 2014-03-21 03:50:45.660311000 +0100 @@ -819,6 +819,8 @@ diff --git a/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch b/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch new file mode 100644 index 0000000000..1426883216 --- /dev/null +++ b/gnu/packages/patches/tcsh-do-not-define-BSDWAIT.patch @@ -0,0 +1,33 @@ +Do not define BSDWAIT to avoid error "storage size of ‘w’ isn’t known". + +This is an adapted version of the upstream patch taken from here: +https://github.com/tcsh-org/tcsh/commit/4689eb60a74bf13bc146ca3d76e9d7a124ab7b49.patch + +From 4689eb60a74bf13bc146ca3d76e9d7a124ab7b49 Mon Sep 17 00:00:00 2001 +From: christos <christos> +Date: Fri, 23 Sep 2016 19:17:28 +0000 +Subject: [PATCH] Don't define BSDWAIT for linux anymore. + +--- + sh.proc.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/sh.proc.c b/sh.proc.c +index 49b199f..874d67c 100644 +--- sh.proc.c ++++ sh.proc.c +@@ -47,11 +47,9 @@ RCSID("$tcsh$") + # define HZ 16 + #endif /* aiws */ + +-#if defined(_BSD) || (defined(IRIS4D) && __STDC__) || defined(__lucid) || defined(__linux__) || defined(__GNU__) || defined(__GLIBC__) +-# if !defined(__ANDROID__) +-# define BSDWAIT +-# endif +-#endif /* _BSD || (IRIS4D && __STDC__) || __lucid || glibc */ ++#if defined(_BSD) || (defined(IRIS4D) && __STDC__) || defined(__lucid) ++# define BSDWAIT ++#endif /* _BSD || (IRIS4D && __STDC__) || __lucid */ + #ifndef WTERMSIG + # define WTERMSIG(w) (((union wait *) &(w))->w_termsig) + # ifndef BSDWAIT diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 461472abe9..8bfe2c1a89 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org> ;;; Copyright © 2016 Roel Janssen <roel@gnu.org> ;;; Coypright © 2016 ng0 <ng0@we.make.ritual.n0.is> +;;; Coypright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Coypright © 2016 Marius Bakke <mbakke@fastmail.com> ;;; Coypright © 2016 Ludovic Courtès <ludo@gnu.org> ;;; Coypright © 2016 Julien Lepiller <julien@lepiller.eu> @@ -70,14 +71,14 @@ (define-public poppler (package (name "poppler") - (version "0.43.0") + (version "0.47.0") (source (origin (method url-fetch) (uri (string-append "https://poppler.freedesktop.org/poppler-" version ".tar.xz")) (sha256 (base32 - "0mi4zf0pz3x3fx3ir7szz1n57nywgbpd4mp2r7mvf47f4rmf4867")))) + "0hnjkcqqk87dw3hlda4gh4l7brkslniax9a79g772jn3iwiffwmq")))) (build-system gnu-build-system) ;; FIXME: ;; use libcurl: no @@ -109,19 +110,18 @@ ;; Saves 8 MiB of .a files. "--disable-static") #:phases - (alist-cons-before - 'configure 'setenv - (lambda _ - (setenv "CPATH" - (string-append (assoc-ref %build-inputs "openjpeg-1") - "/include/openjpeg-1.5" - ":" (or (getenv "CPATH") "")))) - %standard-phases))) + (modify-phases %standard-phases + (add-before 'configure 'setenv + (lambda _ + (setenv "CPATH" + (string-append (assoc-ref %build-inputs "openjpeg-1") + "/include/openjpeg-1.5" + ":" (or (getenv "CPATH") "")))))))) (synopsis "PDF rendering library") (description "Poppler is a PDF rendering library based on the xpdf-3.0 code base.") (license license:gpl2+) - (home-page "http://poppler.freedesktop.org/"))) + (home-page "https://poppler.freedesktop.org/"))) (define-public poppler-qt4 (package (inherit poppler) @@ -408,7 +408,7 @@ by using the poppler rendering engine.") (patches (search-patches "zathura-plugindir-environment-variable.patch")))) (native-inputs `(("pkg-config" ,pkg-config) - ("gettext" ,gnu-gettext))) + ("gettext" ,gettext-minimal))) (inputs `(("girara" ,girara) ("sqlite" ,sqlite) ("gtk+" ,gtk+))) @@ -541,13 +541,14 @@ and examining the file structure (pdfshow).") (define-public qpdf (package (name "qpdf") - (version "5.1.3") + (version "6.0.0") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/qpdf/qpdf/" version "/qpdf-" version ".tar.gz")) - (sha256 (base32 - "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm")) + (sha256 + (base32 + "0csj2p2gkxrc0rk8ykymlsdgfas96vzf1dip3y1x7z1q9plwgzd9")) (modules '((guix build utils))) (snippet ;; Replace shebang with the bi-lingual shell/Perl trick to remove @@ -561,17 +562,17 @@ eval '(exit $?0)' && eval 'exec perl -wS \"$0\" ${1+\"$@\"}' (build-system gnu-build-system) (arguments `(#:disallowed-references (,perl) - #:phases (alist-cons-before - 'configure 'patch-paths - (lambda _ - (substitute* "make/libtool.mk" - (("SHELL=/bin/bash") - (string-append "SHELL=" (which "bash")))) - (substitute* (append - '("qtest/bin/qtest-driver") - (find-files "." "\\.test")) - (("/usr/bin/env") (which "env")))) - %standard-phases))) + #:phases + (modify-phases %standard-phases + (add-before 'configure 'patch-paths + (lambda _ + (substitute* "make/libtool.mk" + (("SHELL=/bin/bash") + (string-append "SHELL=" (which "bash")))) + (substitute* (append + '("qtest/bin/qtest-driver") + (find-files "." "\\.test")) + (("/usr/bin/env") (which "env")))))))) (native-inputs `(("pkg-config" ,pkg-config) ("perl" ,perl))) diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index ba6f71a412..ac7ac49ac2 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -45,55 +45,55 @@ ;; Yeah, Perl... It is required early in the bootstrap process by Linux. (package (name "perl") - (version "5.22.1") + (version "5.24.0") (source (origin (method url-fetch) (uri (string-append "http://www.cpan.org/src/5.0/perl-" version ".tar.gz")) (sha256 (base32 - "09wg24w5syyafyv87l6z8pxwz4bjgcdj996bx5844k6m9445sirb")) + "00jj8zr8fnihrxxhl8h936ssczv5x86qb618yz1ig40d1rp0qhvy")) (patches (search-patches "perl-no-sys-dirs.patch" "perl-autosplit-default-time.patch" - "perl-source-date-epoch.patch" "perl-deterministic-ordering.patch" - "perl-no-build-time.patch" - "perl-CVE-2015-8607.patch" - "perl-CVE-2016-2381.patch")))) + "perl-reproducible-build-date.patch")))) (build-system gnu-build-system) (arguments '(#:tests? #f + #:configure-flags + (let ((out (assoc-ref %outputs "out")) + (libc (assoc-ref %build-inputs "libc"))) + (list + (string-append "-Dprefix=" out) + (string-append "-Dman1dir=" out "/share/man/man1") + (string-append "-Dman3dir=" out "/share/man/man3") + "-de" "-Dcc=gcc" + "-Uinstallusrbinperl" + "-Dinstallstyle=lib/perl5" + "-Duseshrplib" + (string-append "-Dlocincpth=" libc "/include") + (string-append "-Dloclibpth=" libc "/lib") + "-Dusethreads")) #:phases (modify-phases %standard-phases - (replace - 'configure - (lambda* (#:key inputs outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out")) - (libc (assoc-ref inputs "libc"))) - ;; Use the right path for `pwd'. - (substitute* "dist/PathTools/Cwd.pm" - (("/bin/pwd") - (which "pwd"))) - - ;; Build in GNU89 mode to tolerate C++-style comment in libc's - ;; <bits/string3.h>. - (substitute* "cflags.SH" - (("-std=c89") - "-std=gnu89")) - - (zero? - (system* "./Configure" - (string-append "-Dprefix=" out) - (string-append "-Dman1dir=" out "/share/man/man1") - (string-append "-Dman3dir=" out "/share/man/man3") - "-de" "-Dcc=gcc" - "-Uinstallusrbinperl" - "-Dinstallstyle=lib/perl5" - "-Duseshrplib" - (string-append "-Dlocincpth=" libc "/include") - (string-append "-Dloclibpth=" libc "/lib")))))) - + (add-before 'configure 'setup-configure + (lambda _ + ;; Use the right path for `pwd'. + (substitute* "dist/PathTools/Cwd.pm" + (("/bin/pwd") + (which "pwd"))) + + ;; Build in GNU89 mode to tolerate C++-style comment in libc's + ;; <bits/string3.h>. + (substitute* "cflags.SH" + (("-std=c89") + "-std=gnu89")) + #t)) + (replace 'configure + (lambda* (#:key configure-flags #:allow-other-keys) + (format #t "Perl configure flags: ~s~%" configure-flags) + (zero? (apply system* "./Configure" configure-flags)))) (add-before 'strip 'make-shared-objects-writable (lambda* (#:key outputs #:allow-other-keys) @@ -7009,7 +7009,7 @@ MYMETA.yml.") (define-public perl-module-build (package (name "perl-module-build") - (version "0.4211") + (version "0.4220") (source (origin (method url-fetch) @@ -7017,7 +7017,7 @@ MYMETA.yml.") "Module-Build-" version ".tar.gz")) (sha256 (base32 - "1c5hfhajr963w4mdjivsc7yz4vf4pz1rrfch5a93fbac1x2mr58h")))) + "18mm6k7d7cmj9l6na1c50vbc8hc1pwsz38yxi9x6ydlrwz3hf4pv")))) (build-system perl-build-system) (propagated-inputs `(("perl-cpan-meta" ,perl-cpan-meta))) diff --git a/gnu/packages/plotutils.scm b/gnu/packages/plotutils.scm index c913955975..74d209192f 100644 --- a/gnu/packages/plotutils.scm +++ b/gnu/packages/plotutils.scm @@ -186,8 +186,7 @@ colors, styles, options and details.") ;; "help" command in interactive mode, so adding a "doc" output is not ;; currently useful. (native-inputs - `(("gs" ,ghostscript-gs) ;For tests - ("gs-2" ,ghostscript) ;For dvipdfm + `(("gs" ,ghostscript) ;For tests ("texinfo" ,texinfo) ;For generating documentation ("texlive" ,texlive) ;For tests and documentation ("emacs" ,emacs-minimal) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index c5a39f49ee..0e648cd724 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -52,6 +52,7 @@ #:use-module (gnu packages adns) #:use-module (gnu packages attr) #:use-module (gnu packages backup) + #:use-module (gnu packages bash) #:use-module (gnu packages compression) #:use-module (gnu packages databases) #:use-module (gnu packages django) @@ -106,7 +107,7 @@ (define-public python-2.7 (package (name "python") - (version "2.7.11") + (version "2.7.12") (source (origin (method url-fetch) @@ -114,7 +115,7 @@ version "/Python-" version ".tar.xz")) (sha256 (base32 - "0iiz844riiznsyhhyy962710pz228gmhv8qi3yk4w4jhmx2lqawn")) + "0y7rl603vmwlxm6ilkhc51rx2mfj14ckcz40xxgs0ljnvlhp30yp")) (patches (search-patches "python-2.7-search-paths.patch" "python-2-deterministic-build-info.patch" "python-2.7-source-date-epoch.patch")) @@ -126,6 +127,7 @@ '(begin (for-each delete-file '("Lib/test/test_compileall.py" + "Lib/test/test_ctypes.py" ; fails on mips64el "Lib/test/test_distutils.py" "Lib/test/test_import.py" "Lib/test/test_shutil.py" @@ -201,13 +203,6 @@ (lambda _ ;; 'Lib/test/test_site.py' needs a valid $HOME (setenv "HOME" (getcwd)) - ,@(if (string-prefix? "mips64el" (%current-system)) - - ;; XXX: The following test fails on mips64el. - '((false-if-exception - (delete-file "Lib/test/test_ctypes.py"))) - - '()) #t)) (add-after 'unpack 'set-source-file-times-to-1980 @@ -289,7 +284,7 @@ (list (search-path-specification (variable "PYTHONPATH") (files '("lib/python2.7/site-packages"))))) - (home-page "http://python.org") + (home-page "https://www.python.org") (synopsis "High-level, dynamically-typed programming language") (description "Python is a remarkably powerful dynamic programming language that @@ -304,23 +299,22 @@ data types.") ;; Current 2.x version. (define-public python-2 python-2.7) -(define-public python-3.4 +(define-public python-3.5 (package (inherit python-2) - (version "3.4.3") + (version "3.5.2") (source (origin (method url-fetch) (uri (string-append "https://www.python.org/ftp/python/" version "/Python-" version ".tar.xz")) (patches (search-patches "python-fix-tests.patch" - ;; XXX Try removing this patch for python > 3.4.3 - "python-disable-ssl-test.patch" + "python-3.5-fix-tests.patch" "python-3-deterministic-build-info.patch" "python-3-search-paths.patch")) (patch-flags '("-p0")) (sha256 (base32 - "1f4nm4z08sy0kqwisvv95l02crv6dyysdmx44p1mz3bn6csrdcxm")))) + "0h6a5fr7ram2s483lh0pnmc4ncijb8llnpfdxdcl5dxr01hza400")))) (arguments (substitute-keyword-arguments (package-arguments python-2) ((#:tests? _) #t))) (native-search-paths @@ -330,8 +324,25 @@ data types.") (version-major+minor version) "/site-packages")))))))) +(define-public python-3.4 + (package (inherit python-3.5) + (version "3.4.5") + (source (origin + (method url-fetch) + (uri (string-append "https://www.python.org/ftp/python/" + version "/Python-" version ".tar.xz")) + (patches (search-patches + "python-fix-tests.patch" + "python-3.4-fix-tests.patch" + "python-3-deterministic-build-info.patch" + "python-3-search-paths.patch")) + (patch-flags '("-p0")) + (sha256 + (base32 + "12l9klp778wklxmckhghniy5hklss8r26995pyd00qbllk4b2r7f")))))) + ;; Current 3.x version. -(define-public python-3 python-3.4) +(define-public python-3 python-3.5) ;; Current major version. (define-public python python-3) @@ -353,14 +364,12 @@ data types.") (package (inherit python) (name "python-minimal") (outputs '("out")) - (arguments - (substitute-keyword-arguments (package-arguments python) - ((#:configure-flags cf) - `(append ,cf '("--without-system-ffi"))))) + ;; Build fails due to missing ctypes without libffi. ;; OpenSSL is a mandatory dependency of Python 3.x, for urllib; ;; zlib is required by 'zipimport', used by pip. - (inputs `(("openssl" ,openssl) + (inputs `(("libffi" ,libffi) + ("openssl" ,openssl) ("zlib" ,zlib))))) (define* (wrap-python3 python @@ -371,6 +380,7 @@ data types.") (source #f) (build-system trivial-build-system) (outputs '("out")) + (inputs `(("bash" ,bash))) (propagated-inputs `(("python" ,python))) (arguments `(#:modules ((guix build utils)) @@ -384,8 +394,20 @@ data types.") (lambda (old new) (symlink (string-append python old) (string-append bin "/" new))) - '("python3" "pydoc3" "idle3") - '("python" "pydoc" "idle")))))) + `("python3" ,"pydoc3" ,"idle3" ,"pip3") + `("python" ,"pydoc" ,"idle" ,"pip")) + ;; python-config outputs search paths based upon its location, + ;; use a bash wrapper to avoid changing its outputs. + (let ((bash (string-append (assoc-ref %build-inputs "bash") + "/bin/bash")) + (old (string-append python "python3-config")) + (new (string-append bin "/python-config"))) + (with-output-to-file new + (lambda () + (format #t "#!~a~%" bash) + (format #t "exec \"~a\" \"$@\"~%" old) + (chmod new #o755) + #t))))))) (synopsis "Wrapper for the Python 3 commands") (description "This package provides wrappers for the commands of Python@tie{}3.x such @@ -6208,6 +6230,20 @@ responses, rather than doing any computation.") (base32 "1a85l548w5vvq3yhz0az7ajg2ijixzp6gagapw6wgrqvq28ghgs2")))) (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'check 'disable-failing-test + (lambda _ + ;; This test is known to fail with OpenSSL >= 1.0.2i and older + ;; versions of python-cryptography: + ;; https://github.com/pyca/cryptography/issues/3196 + ;; TODO: Try re-enabling the test when upgrading + ;; python-cryptography. + (substitute* "tests/hazmat/backends/test_openssl.py" + (("def test_numeric_string_x509_name_entry") + "@pytest.mark.xfail\n def test_numeric_string_x509_name_entry")) + #t))))) (inputs `(("openssl" ,openssl))) (propagated-inputs @@ -6443,10 +6479,16 @@ Python's @code{ctypes} foreign function interface (FFI).") (synopsis "Python bindings to the libmagic file type guesser. Note that this module and the python-magic module both provide a \"magic.py\" file; these two modules, which are different and were developed separately, both -serve the same purpose: provide Python bindings for libmagic."))) +serve the same purpose: provide Python bindings for libmagic.") + (properties `((python2-variant . ,(delay python2-file)))))) (define-public python2-file - (package-with-python2 python-file)) + (let ((base (package-with-python2 (strip-python2-variant python-file)))) + (package + (inherit base) + (native-inputs + `(("python2-setuptools" ,python2-setuptools) + ,@(package-native-inputs base)))))) (define-public python-debian (package @@ -7066,6 +7108,9 @@ be set via config files and/or environment variables.") (base32 "0x32ibixm3vv5m9xfk83xsqm8xcqw4dd0khbh6qbri6rxgymbhg8")))) (build-system python-build-system) + (arguments + '(;; The tests appear to require networking. + #:tests? #f)) (propagated-inputs `(("python-pyopenssl" ,python-pyopenssl))) (synopsis "HTTPS support for Python's httplib and urllib2") @@ -7201,6 +7246,10 @@ for atomic file system operations.") (base32 "15q9nrgp85nqlr4kdz1zvj8z2npafi2sr12y7fqgxbkq28j1aci6")))) (build-system python-build-system) + (native-inputs + `(("python-betamax" ,python-betamax) + ("python-mock" ,python-mock) + ("python-pytest" ,python-pytest))) (propagated-inputs `(("python-requests" ,python-requests))) (synopsis "Extensions to python-requests") @@ -7289,8 +7338,14 @@ pure Python module that works on virtually all Python versions.") (base32 "1rpk1vyclhg911p3hql0m0nrpq7q7mysxnaaw6vs29cpa6kx8vgn")))) (build-system python-build-system) + (arguments + `(;; 2 failed, 275 passed, 670 skipped, 4 xfailed + ;; The two test failures are caused by the lack of an `ssh` executable. + ;; The test suite can be run with pytest after the 'install' phase. + #:tests? #f)) (native-inputs - `(("python-setuptools-scm" ,python-setuptools-scm))) + `(("python-pytest" ,python-pytest) + ("python-setuptools-scm" ,python-setuptools-scm))) (inputs `(("python-apipkg" ,python-apipkg))) (synopsis "Rapid multi-Python deployment") @@ -7394,7 +7449,8 @@ framework which enables you to test server connections locally.") (build-system python-build-system) (native-inputs `(("python-pytest" ,python-pytest) - ("python-six" ,python-six))) + ("python-six" ,python-six) + ("python-urllib3" ,python-urllib3))) (propagated-inputs `(("python-httplib2" ,python-httplib2) ("python-requests" ,python-requests))) @@ -8422,21 +8478,22 @@ alternative when librabbitmq is not available.") (define-public python-kombu (package (name "python-kombu") - (version "3.0.33") + (version "3.0.37") (source (origin (method url-fetch) (uri (pypi-uri "kombu" version)) (sha256 (base32 - "16brjx2lgwbj2a37d0pjbfb84nvld6irghmqrs3qfncajp51hgc5")))) + "0l16chb314gpq2v7fh94a22c30lcv6w3ylmhsa60bldlcq6a0r70")))) (build-system python-build-system) (native-inputs `(("python-mock" ,python-mock) ("python-nose" ,python-nose))) (propagated-inputs `(("python-anyjson" ,python-anyjson) - ("python-amqp" ,python-amqp))) + ("python-amqp" ,python-amqp) + ("python-redis" ,python-redis))) (home-page "http://kombu.readthedocs.org") (synopsis "Message passing library for Python") (description "The aim of Kombu is to make messaging in Python as easy as @@ -8460,14 +8517,14 @@ RabbitMQ messaging server is the most popular implementation.") (define-public python-billiard (package (name "python-billiard") - (version "3.3.0.22") + (version "3.3.0.23") (source (origin (method url-fetch) (uri (pypi-uri "billiard" version)) (sha256 (base32 - "0zp7h6a58alrb3mwdw61jds07395j4j0mj6iqsb8czrihw9ih5nj")))) + "02wxsc6bhqvzh8j6w758kvgqbnj14l796mvmrcms8fgfamd2lak9")))) (build-system python-build-system) (native-inputs `(("python-nose" ,python-nose))) @@ -8495,15 +8552,24 @@ Python 2.4 and 2.5, and will draw its fixes/improvements from python-trunk.") (define-public python-celery (package (name "python-celery") - (version "3.1.20") + (version "3.1.24") (source (origin (method url-fetch) (uri (pypi-uri "celery" version)) (sha256 (base32 - "1md6ywg1s0946qyp8ndnsd677wm0yax933h2sb4m3a4j7lf1jbyh")))) + "0yh2prhdnx2dgkb67a5drj12hh2zvzx5f611p7mqqg01ydghif4r")))) (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + ;; These tests break with Python 3.5: + ;; https://github.com/celery/celery/issues/2897#issuecomment-253066295 + (replace 'check + (lambda _ + (zero? + (system* "nosetests" "--exclude=^test_safe_to_remove.*"))))))) (native-inputs `(("python-nose" ,python-nose))) (inputs @@ -8686,6 +8752,9 @@ introspection of @code{zope.interface} instances in code.") (base32 "1qfnwlx8qwkgr6nf5wvl6ff1r3kll53dh3z6nyp173nmlhhhqccb")))) (build-system python-build-system) + (arguments + '(;; The test suite relies on some non-portable Windows interfaces. + #:tests? #f)) (inputs `(("python-dateutil-2" ,python-dateutil-2) ("python-pyicu" ,python-pyicu))) @@ -11058,3 +11127,35 @@ with an associated set of resolve methods that know how to fetch data.") provide extendible implementations of common aspects of a cloud so that you can focus on building massively scalable web applications.") (license license:expat))) + +(define-public python-betamax + (package + (name "python-betamax") + (version "0.8.0") + (source + (origin + (method url-fetch) + (uri (pypi-uri "betamax" version)) + (sha256 + (base32 + "18f8v5gng3j773jlbbzx4rg1i4y2zw3m2l1zpmbvp8bh5a2q1i42")))) + (build-system python-build-system) + (arguments + '(;; Many tests fail because they require networking. + #:tests? #f)) + (inputs + `(("python-requests" ,python-requests))) + (home-page "https://github.com/sigmavirus24/betamax") + (synopsis "Record HTTP interactions with python-requests") + (description "Betamax will record your test suite's HTTP interactions and +replay them during future tests. It is designed to work with python-requests.") + (license license:expat) + (properties `((python2-variant . ,(delay python2-betamax)))))) + +(define-public python2-betamax + (let ((base (package-with-python2 (strip-python2-variant python-betamax)))) + (package + (inherit base) + (native-inputs + `(("python2-setuptools" ,python2-setuptools) + ,@(package-native-inputs base)))))) diff --git a/gnu/packages/readline.scm b/gnu/packages/readline.scm index 169a7386c4..6435e98234 100644 --- a/gnu/packages/readline.scm +++ b/gnu/packages/readline.scm @@ -40,14 +40,14 @@ (find-files lib "\\.a")))))) (package (name "readline") - (version "6.3") + (version "7.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/readline/readline-" version ".tar.gz")) (sha256 (base32 - "0hzxr9jxqqx5sxsv9vmlxdnvlr9vi4ih1avjb869hbs6p5qn1fjn")) + "0d13sg9ksf982rrrmv5mb6a2p4ys9rvg9r71d6il0vr8hmql63bm")) (patches (search-patches "readline-link-ncurses.patch")) (patch-flags '("-p0")))) (build-system gnu-build-system) diff --git a/gnu/packages/sawfish.scm b/gnu/packages/sawfish.scm index 9b09b6171e..54b72ffe03 100644 --- a/gnu/packages/sawfish.scm +++ b/gnu/packages/sawfish.scm @@ -152,7 +152,7 @@ backend of Sawfish.") "/lib/sawfish/sawfish-menu"))) %standard-phases)))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("makeinfo" ,texinfo) ("pkg-config" ,pkg-config) ("which" ,which))) diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 9597473ad4..9ad9e707e7 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -633,7 +633,7 @@ threads.") ("stex" ,stex))) (native-inputs `(("texlive" ,texlive) - ("ghostscript" ,ghostscript-gs) + ("ghostscript" ,ghostscript) ("netpbm" ,netpbm))) (outputs '("out" "doc")) (arguments diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm index 6d510c2e4c..78ff1730c9 100644 --- a/gnu/packages/shells.scm +++ b/gnu/packages/shells.scm @@ -185,7 +185,8 @@ has a small feature set similar to a traditional Bourne shell.") (sha256 (base32 "1a4z9kwgx1iqqzvv64si34m60gj34p7lp6rrcrb59s7ka5wa476q")) - (patches (search-patches "tcsh-fix-autotest.patch")) + (patches (search-patches "tcsh-fix-autotest.patch" + "tcsh-do-not-define-BSDWAIT.patch")) (patch-flags '("-p0")))) (build-system gnu-build-system) (inputs @@ -304,6 +305,11 @@ ksh, and tcsh.") (("'xonsh\\.ply',") "")) #t)))) (build-system python-build-system) + (arguments + '(;; TODO Try running run the test suite. + ;; See 'requirements-tests.txt' in the source distribution for more + ;; information. + #:tests? #f)) (inputs `(("python-ply" ,python-ply))) (home-page "http://xon.sh/") diff --git a/gnu/packages/shishi.scm b/gnu/packages/shishi.scm index 30351fb517..7e02843d38 100644 --- a/gnu/packages/shishi.scm +++ b/gnu/packages/shishi.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org> ;;; Copyright © 2012 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -48,7 +49,7 @@ (inputs `(("gnutls" ,gnutls) ("libidn" ,libidn) - ("linux-pam" ,linux-pam) + ("linux-pam" ,linux-pam-1.2) ("zlib" ,zlib) ;; libgcrypt 1.6 fails because of the following test: ;; #include <gcrypt.h> diff --git a/gnu/packages/skribilo.scm b/gnu/packages/skribilo.scm index 40bf659297..52ed1c34e3 100644 --- a/gnu/packages/skribilo.scm +++ b/gnu/packages/skribilo.scm @@ -63,8 +63,7 @@ #:parallel-build? #f)) - (native-inputs `(("pkg-config" ,pkg-config) - ("ghostscript-gs" , ghostscript-gs))) + (native-inputs `(("pkg-config" ,pkg-config))) (inputs `(("guile" ,guile-2.0) ("imagemagick" ,imagemagick) diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm index 959251d84c..0748b5d860 100644 --- a/gnu/packages/statistics.scm +++ b/gnu/packages/statistics.scm @@ -75,7 +75,7 @@ (build-system gnu-build-system) (inputs `(("cairo" ,cairo) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("gsl" ,gsl) ("libxml2" ,libxml2) ("pango" ,pango) @@ -101,7 +101,7 @@ be output in text, PostScript, PDF or HTML.") (define-public r (package (name "r") - (version "3.3.0") + (version "3.3.1") (source (origin (method url-fetch) (uri (string-append "mirror://cran/src/base/R-" @@ -109,7 +109,7 @@ be output in text, PostScript, PDF or HTML.") version ".tar.gz")) (sha256 (base32 - "1r0i0cqs3p0vrpiwq0zg5kbrmja9rmaijyzf9f23v6d5n5ab2mlj")))) + "1qm9znh8akfy9fkzzi6f1vz2w1dd0chsr6qn7kw80lqzhgjrmi9x")))) (build-system gnu-build-system) (arguments `(#:make-flags @@ -137,6 +137,7 @@ be output in text, PostScript, PDF or HTML.") (lambda _ (zero? (system* "make" "install-info"))))) #:configure-flags '("--with-cairo" + "--with-blas=-lopenblas" "--with-libpng" "--with-jpeglib" "--with-libtiff" @@ -171,6 +172,7 @@ be output in text, PostScript, PDF or HTML.") ("pango" ,pango) ("curl" ,curl) ("tzdata" ,tzdata) + ("openblas" ,openblas) ("gfortran" ,gfortran) ("icu4c" ,icu4c) ("libjpeg" ,libjpeg) diff --git a/gnu/packages/terminals.scm b/gnu/packages/terminals.scm index ef80371ecb..97dd0a82bd 100644 --- a/gnu/packages/terminals.scm +++ b/gnu/packages/terminals.scm @@ -69,7 +69,7 @@ (native-inputs `(("autoconf" ,autoconf) ("automake" ,automake) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) (inputs `(("glib" ,glib "bin") diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm index 5b22e84fb8..d21394e74f 100644 --- a/gnu/packages/texinfo.scm +++ b/gnu/packages/texinfo.scm @@ -32,14 +32,14 @@ (define-public texinfo (package (name "texinfo") - (version "6.1") + (version "6.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/texinfo/texinfo-" version ".tar.xz")) (sha256 (base32 - "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c")))) + "0fpr9kdjjl6nj2pc50k2zr7134hvqz8bi8pfqa7131a9lpzz6v14")))) (build-system gnu-build-system) (native-inputs `(("procps" ,procps))) ;one of the tests needs pgrep (inputs `(("ncurses" ,ncurses) @@ -62,18 +62,6 @@ their source and the command-line Info reader. The emphasis of the language is on expressing the content semantically, avoiding physical markup commands.") (license gpl3+))) -(define-public texinfo-6.3 - (package - (inherit texinfo) - (version "6.3") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/texinfo/texinfo-" - version ".tar.xz")) - (sha256 - (base32 - "0fpr9kdjjl6nj2pc50k2zr7134hvqz8bi8pfqa7131a9lpzz6v14")))))) - (define-public texinfo-5 (package (inherit texinfo) (version "5.2") diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index b85fdde524..e965ca92cd 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015 David Thompson <davet@gnu.org> -;;; Copyright © 2015 Leo Famulari <leo@famulari.name> +;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> @@ -50,7 +50,7 @@ (define-public libtasn1 (package (name "libtasn1") - (version "4.8") + (version "4.9") (source (origin (method url-fetch) @@ -58,7 +58,7 @@ version ".tar.gz")) (sha256 (base32 - "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s")))) + "0869cp6jx7cajgv6cnddsh3vc7bimmdkdjn80y1jpb4iss7plvsg")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "http://www.gnu.org/software/libtasn1/") @@ -100,7 +100,7 @@ in intelligent transportation networks.") (define-public p11-kit (package (name "p11-kit") - (version "0.23.1") + (version "0.23.2") (source (origin (method url-fetch) @@ -108,7 +108,7 @@ in intelligent transportation networks.") version ".tar.gz")) (sha256 (base32 - "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5")) + "1w7szm190phlkg7qx05ychlj2dbvkgkhx9gw6dx4d5rw62l6wwms")) (modules '((guix build utils))) ; for substitute* (snippet '(begin @@ -138,8 +138,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (replacement gnutls-3.5.4) - (version "3.5.2") + (version "3.5.4") (source (origin (method url-fetch) (uri @@ -150,7 +149,7 @@ living in the same process.") "/gnutls-" version ".tar.xz")) (sha256 (base32 - "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b")))) + "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -212,25 +211,10 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) -(define gnutls-3.5.4 - (package - (inherit gnutls) - (source - (let ((version "3.5.4")) - (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/gnutls/v" - (version-major+minor version) - "/gnutls-" version ".tar.xz")) - (sha256 - (base32 - "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))))) - (define-public openssl (package (name "openssl") - (replacement openssl-1.0.2j) - (version "1.0.2h") + (version "1.0.2j") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -240,11 +224,9 @@ required structures.") "/" name "-" version ".tar.gz"))) (sha256 (base32 - "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) + "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7")) (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch" - "openssl-CVE-2016-2177.patch" - "openssl-CVE-2016-2178.patch")))) + "openssl-c-rehash-in.patch")))) (build-system gnu-build-system) (outputs '("out" "doc" ;1.5MiB of man3 pages @@ -331,6 +313,7 @@ required structures.") (string-append target "/" (basename file)))) (find-files man3)) + (delete-file-recursively man3) #t))) (add-before 'patch-source-shebangs 'patch-tests @@ -368,29 +351,10 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) -(define openssl-1.0.2j - (package - (inherit openssl) - (name "openssl") - (version "1.0.2j") - (source (origin - (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" - name "-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/" name "-" version ".tar.gz"))) - (sha256 - (base32 - "0cf4ar97ijfc7mg35zdgpad6x8ivkdx9qii6mz35khi1ps9g5bz7")) - (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch")))))) - (define-public openssl-next (package (inherit openssl) (name "openssl") - (replacement #f) (version "1.1.0b") (source (origin (method url-fetch) diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 47383b71d4..4ca5a97311 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -89,7 +89,7 @@ (inputs ;; Note: 'tools/packaging/lp-upload-release' and 'tools/weavemerge.sh' ;; require Zsh. - `(("gettext" ,gnu-gettext))) + `(("gettext" ,gettext-minimal))) (arguments `(#:tests? #f ; no test target #:python ,python-2 ; Python 3 apparently not yet supported, see @@ -123,7 +123,7 @@ as well as the classic centralized workflow.") (build-system gnu-build-system) (native-inputs `(("native-perl" ,perl) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("git-manpages" ,(origin (method url-fetch) @@ -938,7 +938,7 @@ accessed and migrated on modern systems.") ("file" ,file) ("libxml2" ,libxml2) ("zlib" ,zlib) - ("gettext" ,gnu-gettext))) + ("gettext" ,gettext-minimal))) (native-inputs `(("bison" ,bison) ("groff" ,groff) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 3ddf8587f6..6d59ccc490 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -353,7 +353,7 @@ SMPTE 314M.") (define-public libva (package (name "libva") - (version "1.7.0") + (version "1.7.1") (source (origin (method url-fetch) @@ -361,7 +361,7 @@ SMPTE 314M.") "https://www.freedesktop.org/software/vaapi/releases/libva/libva-" version".tar.bz2")) (sha256 - (base32 "0py9igf4kicj7ji22bjawkpd6my013qpg0s4ir2np9l1rk5vr2d6")))) + (base32 "1j8mb3p9kafhp30r3kmndnrklvzycc2ym0w6xdqz6m7jap626028")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -943,7 +943,8 @@ access to mpv's powerful playback capabilities.") ;; So, we need pass the prefix directly. In addition, make sure the Bash ;; completion file is called 'youtube-dl' rather than ;; 'youtube-dl.bash-completion'. - `(#:phases (modify-phases %standard-phases + `(#:tests? #f ; Many tests fail. The test suite can be run with pytest. + #:phases (modify-phases %standard-phases (add-before 'install 'fix-the-data-directories (lambda* (#:key outputs #:allow-other-keys) (let ((prefix (assoc-ref outputs "out"))) diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm index 477b05189c..6449f0d57a 100644 --- a/gnu/packages/vpn.scm +++ b/gnu/packages/vpn.scm @@ -130,7 +130,7 @@ Only \"Universal TUN/TAP device driver support\" is needed in the kernel.") ("vpnc" ,vpnc) ("zlib" ,zlib))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) (arguments `(#:configure-flags diff --git a/gnu/packages/w3m.scm b/gnu/packages/w3m.scm index e7dd583c11..afda239356 100644 --- a/gnu/packages/w3m.scm +++ b/gnu/packages/w3m.scm @@ -69,7 +69,7 @@ ("openssl" ,openssl) ("zlib" ,zlib))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("perl" ,perl) ("pkg-config" ,pkg-config))) (home-page "http://w3m.sourceforge.net/") diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index 46ae30aa9a..fde5ff2c6f 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -87,7 +87,7 @@ "/include/gstreamer-1.0"))))))) (native-inputs `(("bison" ,bison) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("glib:bin" ,glib "bin") ; for glib-mkenums, etc. ("gobject-introspection" ,gobject-introspection) ("gperf" ,gperf) diff --git a/gnu/packages/wicd.scm b/gnu/packages/wicd.scm index f9aa657e56..e70bf736a5 100644 --- a/gnu/packages/wicd.scm +++ b/gnu/packages/wicd.scm @@ -52,7 +52,7 @@ "wicd-urwid-1.3.patch" "wicd-wpa2-ttls.patch")))) (build-system python-build-system) - (native-inputs `(("gettext" ,gnu-gettext))) + (native-inputs `(("gettext" ,gettext-minimal))) (inputs `(("dbus-glib" ,dbus-glib) ("python2-dbus" ,python2-dbus) ("python2-pygtk" ,python2-pygtk) diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm index 03a896b8e1..9a1bd56608 100644 --- a/gnu/packages/wine.scm +++ b/gnu/packages/wine.scm @@ -63,7 +63,7 @@ "1nmd65knzyh8b0yhxlqqvzai5rpnmhhm0c46n789zr5hj74jm6fg")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config) - ("gettext" ,gnu-gettext) + ("gettext" ,gettext-minimal) ("flex" ,flex) ("bison" ,bison) ("perl" ,perl))) diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 323ff111d4..a26c716866 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -90,7 +90,7 @@ #t))))) (inputs `(("pygtk" ,python2-pygtk) ("xrandr" ,xrandr))) - (native-inputs `(("gettext" ,gnu-gettext) + (native-inputs `(("gettext" ,gettext-minimal) ("python-docutils" ,python2-docutils) ("python-setuptools" ,python2-setuptools))) (home-page "https://christian.amsuess.com/tools/arandr/") @@ -266,7 +266,7 @@ rasterisation.") (define-public libdrm (package (name "libdrm") - (version "2.4.67") + (version "2.4.68") (source (origin (method url-fetch) @@ -275,8 +275,8 @@ rasterisation.") version ".tar.bz2")) (sha256 - (base32 - "1gnf206zs8dwszvkv4z2hbvh23045z0q29kms127bqrv27hp2nzf")) + (base32 + "1px91j6imaaq2fy8ksvgldmv0cdz3w379jqiciqvqa99jajxjjsv")) (patches (search-patches "libdrm-symbol-check.patch")))) (build-system gnu-build-system) (inputs @@ -1010,7 +1010,7 @@ by name.") ("libxrandr" ,libxrandr) ("startup-notification" ,startup-notification))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) (home-page "https://gitlab.com/o9000/tint2") (synopsis "Lightweight task bar") diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 879b37a337..94a017d1d5 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -52,18 +52,16 @@ (define-public expat (package (name "expat") - (replacement expat/fixed) - (version "2.1.1") + (version "2.2.0") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/expat/expat/" version "/expat-" version ".tar.bz2")) - (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch" - "expat-CVE-2015-1283-refix.patch" - "expat-CVE-2016-0718.patch")) + (patches + (search-patches "expat-CVE-2016-0718-fix-regression.patch")) (sha256 (base32 - "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg")))) + "1zq4lnwjlw8s9mmachwfvfjf2x3lk24jm41746ykhdcvs7r0zrfr")))) (build-system gnu-build-system) (home-page "http://www.libexpat.org/") (synopsis "Stream-oriented XML parser library written in C") @@ -73,17 +71,6 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat))) -(define expat/fixed - (package - (inherit expat) - (source (origin - (inherit (package-source expat)) - (patches (search-patches - "expat-CVE-2012-6702-and-CVE-2016-5300.patch" - "expat-CVE-2015-1283-refix.patch" - "expat-CVE-2016-0718.patch" - "expat-CVE-2016-0718-fix-regression.patch")))))) - (define-public libxml2 (package (name "libxml2") diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index aa2b99a720..9f9549b6b9 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014, 2015 Eric Bavier <bavier@member.fsf.org> -;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr> ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org> ;;; Copyright © 2015 Cyrill Schenkel <cyrill.schenkel@gmail.com> @@ -999,7 +999,7 @@ authentication records.") (define-public inputproto (package (name "inputproto") - (version "2.3.1") + (version "2.3.2") (source (origin (method url-fetch) @@ -1009,7 +1009,7 @@ authentication records.") ".tar.bz2")) (sha256 (base32 - "1lf1jlxp0fc8h6fjdffhd084dqab94966l1zm3rwwsis0mifwiss")))) + "07gk7v006zqn3dcfh16l06gnccy7xnqywf3vl9c209ikazsnlfl9")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) (home-page "https://www.x.org/wiki/") @@ -1432,7 +1432,7 @@ treat it as part of their software base when porting.") "07041q4k8m4nirzl7lrqn8by2zylx0xvh6n0za301qqs3njszgf5")))) (build-system gnu-build-system) (inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("libxt" ,libxt) ("xproto" ,xproto) ("libxext" ,libxext))) @@ -1920,7 +1920,7 @@ generate new versions of their configure scripts with autoconf.") (define-public videoproto (package (name "videoproto") - (version "2.3.2") + (version "2.3.3") (source (origin (method url-fetch) @@ -1930,7 +1930,7 @@ generate new versions of their configure scripts with autoconf.") ".tar.bz2")) (sha256 (base32 - "1dnlkd9nb0m135lgd6hd61vc29sdyarsyya8aqpx7z10p261dbld")))) + "00m7rh3pwmsld4d5fpii3xfk5ciqn17kkk38gfpzrrh8zn4ki067")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) (home-page "https://www.x.org/wiki/") @@ -3675,7 +3675,7 @@ alternative implementations like XRandR or TwinView.") (define xkbcomp-intermediate ; used as input for xkeyboard-config (package (name "xkbcomp-intermediate") - (version "1.3.0") + (version "1.3.1") (source (origin (method url-fetch) @@ -3684,8 +3684,8 @@ alternative implementations like XRandR or TwinView.") version ".tar.bz2")) (sha256 - (base32 - "0aibcbhhjlwcrxh943xg2dswwx5bz1x0pmhs28b55gzsg0vrgb6g")))) + (base32 + "0gcjy70ppmcl610z8gxc7sydsx93f8cm8pggm4qhihaa1ngdq103")))) (build-system gnu-build-system) (inputs `(("xproto" ,xproto) @@ -3789,7 +3789,7 @@ extension to the X11 protocol. It includes: (define-public xkeyboard-config (package (name "xkeyboard-config") - (version "2.17") + (version "2.18") (source (origin (method url-fetch) @@ -3799,10 +3799,10 @@ extension to the X11 protocol. It includes: ".tar.bz2")) (sha256 (base32 - "00878f1v3034ki78pjpf2db0bh7jsmszsnxr3bf5qxripm2bxiny")))) + "1l6x2w357ja8vm94ns79s7yj9a5dlr01r9dxrjvzwncadiyr27f4")))) (build-system gnu-build-system) (inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("libx11" ,libx11) ("xkbcomp-intermediate" ,xkbcomp-intermediate))) (native-inputs @@ -4008,7 +4008,7 @@ Font Description (XLFD) full name for a font.") ("libxmu" ,libxmu) ("libxrender" ,libxrender))) (native-inputs - `(("gettext" ,gnu-gettext) + `(("gettext" ,gettext-minimal) ("pkg-config" ,pkg-config))) (home-page "https://www.x.org/wiki/") (synopsis "Display all the characters in an X font") @@ -4602,8 +4602,7 @@ cannot be adequately worked around on the client side of the wire.") (define-public libxrender (package (name "libxrender") - (replacement libxrender/fixed) - (version "0.9.9") + (version "0.9.10") (source (origin (method url-fetch) @@ -4613,7 +4612,7 @@ cannot be adequately worked around on the client side of the wire.") ".tar.bz2")) (sha256 (base32 - "06myx7044qqdswxndsmd82fpp670klnizkgzdm194h51h1wyabzw")))) + "0j89cnb06g8x79wmmnwzykgkkfdhin9j7hjpvsxwlr3fz1wmjvf0")))) (build-system gnu-build-system) (propagated-inputs `(("renderproto" ,renderproto))) @@ -4627,20 +4626,10 @@ cannot be adequately worked around on the client side of the wire.") (description "Library for the Render Extension to the X11 protocol.") (license license:x11))) -(define libxrender/fixed - (package - (inherit libxrender) - (source (origin - (inherit (package-source libxrender)) - (patches (search-patches - "libxrender-CVE-2016-7949.patch" - "libxrender-CVE-2016-7950.patch")))))) - (define-public libxtst (package (name "libxtst") - (replacement libxtst/fixed) - (version "1.2.2") + (version "1.2.3") (source (origin (method url-fetch) @@ -4650,7 +4639,7 @@ cannot be adequately worked around on the client side of the wire.") ".tar.bz2")) (sha256 (base32 - "1ngn161nq679ffmbwl81i2hn75jjg5b3ffv6n4jilpvyazypy2pg")))) + "012jpyj7xfm653a9jcfqbzxyywdmwb2b5wr1dwylx14f3f54jma6")))) (build-system gnu-build-system) (propagated-inputs `(("recordproto" ,recordproto) @@ -4675,19 +4664,10 @@ The RECORD extension supports the recording and reporting of all core X protocol and arbitrary X extension protocol.") (license license:x11))) -(define libxtst/fixed - (package - (inherit libxtst) - (source (origin - (inherit (package-source libxtst)) - (patches (search-patches - "libxtst-CVE-2016-7951-CVE-2016-7952.patch")))))) - (define-public libxv (package (name "libxv") - (replacement libxv/fixed) - (version "1.0.10") + (version "1.0.11") (source (origin (method url-fetch) @@ -4697,7 +4677,7 @@ protocol and arbitrary X extension protocol.") ".tar.bz2")) (sha256 (base32 - "09a5j6bisysiipd0nw6s352565bp0n6gbyhv5hp63s3cd3w95zjm")))) + "125hn06bd3d8y97hm2pbf5j55gg4r2hpd3ifad651i4sr7m16v6j")))) (build-system gnu-build-system) (propagated-inputs `(("videoproto" ,videoproto))) @@ -4712,14 +4692,6 @@ protocol and arbitrary X extension protocol.") (description "Library for the X Video Extension to the X11 protocol.") (license license:x11))) -(define libxv/fixed - (package - (inherit libxv) - (source (origin - (inherit (package-source libxv)) - (patches (search-patches - "libxv-CVE-2016-5407.patch")))))) - (define-public mkfontdir (package (name "mkfontdir") @@ -4761,7 +4733,7 @@ script around the mkfontscale program.") (define-public xproto (package (name "xproto") - (version "7.0.28") + (version "7.0.29") (source (origin (method url-fetch) @@ -4771,7 +4743,7 @@ script around the mkfontscale program.") ".tar.bz2")) (sha256 (base32 - "1jpnvm33vi2dar5y5zgz7jjh0m8fpkcxm0f0lbwfx37ns5l5bs19")))) + "12lzpa9mrzkyrhrphzpi1014np3328qg7mdq08wj6wyaj9q4f6kc")))) (build-system gnu-build-system) (propagated-inputs `(("util-macros" ,util-macros))) ; to get util-macros in (almost?) all package inputs @@ -4848,8 +4820,7 @@ an X Window System display.") (define-public libxfixes (package (name "libxfixes") - (replacement libxfixes/fixed) - (version "5.0.1") + (version "5.0.3") (source (origin (method url-fetch) @@ -4859,7 +4830,7 @@ an X Window System display.") ".tar.bz2")) (sha256 (base32 - "0rs7qgzr6dpr62db7sd91c1b47hzhzfr010qwnpcm8sg122w1gk3")))) + "1miana3y4hwdqdparsccmygqr3ic3hs5jrqfzp70hvi2zwxd676y")))) (build-system gnu-build-system) (propagated-inputs `(("fixesproto" ,fixesproto))) @@ -4873,14 +4844,6 @@ an X Window System display.") (description "Library for the XFixes Extension to the X11 protocol.") (license license:x11))) -(define libxfixes/fixed - (package - (inherit libxfixes) - (source (origin - (inherit (package-source libxfixes)) - (patches (search-patches - "libxfixes-CVE-2016-7944.patch")))))) - (define-public libxfont (package (name "libxfont") @@ -4921,8 +4884,7 @@ new API's in libXft, or the legacy API's in libX11.") (define-public libxi (package (name "libxi") - (replacement libxi/fixed) - (version "1.7.6") + (version "1.7.7") (source (origin (method url-fetch) @@ -4932,7 +4894,7 @@ new API's in libXft, or the legacy API's in libX11.") ".tar.bz2")) (sha256 (base32 - "1b5p0l19ynmd6blnqr205wyngh6fagl35nqb4v05dw60rr9aachz")))) + "0c70n4aq0ba628wr88ih4740nci9d9f6y3v96sx376vvlm7q6vwr")))) (build-system gnu-build-system) (propagated-inputs `(("inputproto" ,inputproto) @@ -4948,19 +4910,10 @@ new API's in libXft, or the legacy API's in libX11.") (description "Library for the XInput Extension to the X11 protocol.") (license license:x11))) -(define libxi/fixed - (package - (inherit libxi) - (source (origin - (inherit (package-source libxi)) - (patches (search-patches - "libxi-CVE-2016-7945-CVE-2016-7946.patch")))))) - (define-public libxrandr (package (name "libxrandr") - (replacement libxrandr/fixed) - (version "1.5.0") + (version "1.5.1") (source (origin (method url-fetch) @@ -4970,7 +4923,7 @@ new API's in libXft, or the legacy API's in libX11.") ".tar.bz2")) (sha256 (base32 - "0n6ycs1arf4wb1cal9il6v7vbxbf21qhs9sbfl8xndgwnxclk1kg")))) + "06pmphx8lp3iywqnh88fvbfb0d8xgkx0qpvan49akpja1vxfgy8z")))) (build-system gnu-build-system) (propagated-inputs ;; In accordance with xrandr.pc. @@ -4987,19 +4940,10 @@ new API's in libXft, or the legacy API's in libX11.") "Library for the Resize and Rotate Extension to the X11 protocol.") (license license:x11))) -(define libxrandr/fixed - (package - (inherit libxrandr) - (source (origin - (inherit (package-source libxrandr)) - (patches (search-patches - "libxrandr-CVE-2016-7947-CVE-2016-7948.patch")))))) - (define-public libxvmc (package (name "libxvmc") - (replacement libxvmc/fixed) - (version "1.0.9") + (version "1.0.10") (source (origin (method url-fetch) @@ -5009,7 +4953,7 @@ new API's in libXft, or the legacy API's in libX11.") ".tar.bz2")) (sha256 (base32 - "0mjp1b21dvkaz7r0iq085r92nh5vkpmx99awfgqq9hgzyvgxf0q7")))) + "0bpffxr5dal90a8miv2w0rif61byqxq2f5angj4z1bnznmws00g5")))) (build-system gnu-build-system) (propagated-inputs `(("libxv" ,libxv))) @@ -5024,14 +4968,6 @@ new API's in libXft, or the legacy API's in libX11.") (description "Xorg XvMC library.") (license license:x11))) -(define libxvmc/fixed - (package - (inherit libxvmc) - (source (origin - (inherit (package-source libxvmc)) - (patches (search-patches - "libxvmc-CVE-2016-7953.patch")))))) - (define-public libxxf86vm (package (name "libxxf86vm") @@ -5067,7 +5003,7 @@ protocol.") (define-public libxcb (package (name "libxcb") - (version "1.11") + (version "1.11.1") (source (origin (method url-fetch) @@ -5075,7 +5011,7 @@ protocol.") name "-" version ".tar.bz2")) (sha256 (base32 - "1xqgc81krx14f2c8yl5chzg5g2l26mhm2rwffy8dx7jv0iq5sqq3")))) + "0c4xyvdyx5adh8dzyhnrmvwwz24gri4z1czxmxqm63i0gmngs85p")))) (build-system gnu-build-system) (propagated-inputs `(("libpthread-stubs" ,libpthread-stubs) @@ -5111,7 +5047,7 @@ over Xlib, including: (define-public xorg-server (package (name "xorg-server") - (version "1.18.1") + (version "1.18.4") (source (origin (method url-fetch) @@ -5120,7 +5056,7 @@ over Xlib, including: name "-" version ".tar.bz2")) (sha256 (base32 - "17bq40als48v12ld81jysc0gj5g572zkjkyzbhlm3ac9xgdmdv45")))) + "1j1i3n5xy1wawhk95kxqdc54h34kg7xp4nnramba2q8xqfr5k117")))) (build-system gnu-build-system) (propagated-inputs `(("dri2proto" ,dri2proto) @@ -5169,7 +5105,13 @@ over Xlib, including: ("xkbcomp" ,xkbcomp) ("xkeyboard-config" ,xkeyboard-config) ("xtrans" ,xtrans) - ("zlib" ,zlib))) + ("zlib" ,zlib) + ;; Inputs for Xephyr + ("xcb-util" ,xcb-util) + ("xcb-util-image" ,xcb-util-image) + ("xcb-util-keysyms" ,xcb-util-keysyms) + ("xcb-util-renderutil" ,xcb-util-renderutil) + ("xcb-util-wm" ,xcb-util-wm))) (native-inputs `(("python" ,python-minimal-wrapper) ("pkg-config" ,pkg-config))) @@ -5185,9 +5127,17 @@ over Xlib, including: (string-append "--with-xkb-bin-directory=" (assoc-ref %build-inputs "xkbcomp") "/bin") + ;; By default, it ends up with invalid '${prefix}/...', causes: + ;; _FontTransOpen: Unable to Parse address ${prefix}/share/... + ;; It's not used anyway, so set it to empty. + "--with-default-font-path=" + ;; For the log file, etc. - "--localstatedir=/var") + "--localstatedir=/var" + ;; For sddm + "--enable-kdrive" + "--enable-xephyr") #:phases (alist-cons-before 'configure 'pre-configure @@ -5238,8 +5188,7 @@ draggable titlebars and borders.") (define-public libx11 (package (name "libx11") - (replacement libx11/fixed) - (version "1.6.3") + (version "1.6.4") (source (origin (method url-fetch) @@ -5249,7 +5198,7 @@ draggable titlebars and borders.") ".tar.bz2")) (sha256 (base32 - "04c1vj53xq2xgyxx5vhln3wm2d76hh1n95fvs3myhligkz1sfcfg")))) + "0hg46i6h92pmb7xp1cis2j43zq3fkdz89p0yv35w4vm17az4iixp")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;8 MiB of man pages + XML @@ -5271,15 +5220,6 @@ draggable titlebars and borders.") (description "Xorg Core X11 protocol client library.") (license license:x11))) -(define libx11/fixed - (package - (inherit libx11) - (source (origin - (inherit (package-source libx11)) - (patches (search-patches - "libx11-CVE-2016-7942.patch" - "libx11-CVE-2016-7943.patch")))))) - ;; packages of height 5 in the propagated-inputs tree (define-public libxcursor diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm new file mode 100644 index 0000000000..7542ee26c0 --- /dev/null +++ b/gnu/services/cups.scm @@ -0,0 +1,1166 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016 Andy Wingo <wingo@pobox.com> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu services cups) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (gnu packages cups) + #:use-module (gnu packages tls) + #:use-module (guix packages) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (texinfo) + #:use-module (texinfo serialize) + #:use-module (ice-9 match) + #:use-module ((srfi srfi-1) #:select (append-map)) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) + #:export (&cups-configuation-error + cups-configuration-error? + + cups-service-type + cups-configuration + opaque-cups-configuration + + files-configuration + policy-configuration + location-access-control + operation-access-control + method-access-control)) + +;;; Commentary: +;;; +;;; Service defininition for the CUPS printing system. +;;; +;;; Code: + +(define-condition-type &cups-configuration-error &error + cups-configuration-error?) + +(define (cups-error message) + (raise (condition (&message (message message)) + (&cups-configuration-error)))) +(define (cups-configuration-field-error field val) + (cups-error + (format #f "Invalid value for field ~a: ~s" field val))) +(define (cups-configuration-missing-field kind field) + (cups-error + (format #f "~a configuration missing required field ~a" kind field))) + +(define-record-type* <configuration-field> + configuration-field make-configuration-field configuration-field? + (name configuration-field-name) + (type configuration-field-type) + (getter configuration-field-getter) + (predicate configuration-field-predicate) + (serializer configuration-field-serializer) + (default-value-thunk configuration-field-default-value-thunk) + (documentation configuration-field-documentation)) + +(define (serialize-configuration config fields) + (for-each (lambda (field) + ((configuration-field-serializer field) + (configuration-field-name field) + ((configuration-field-getter field) config))) + fields)) + +(define (validate-configuration config fields) + (for-each (lambda (field) + (let ((val ((configuration-field-getter field) config))) + (unless ((configuration-field-predicate field) val) + (cups-configuration-field-error + (configuration-field-name field) val)))) + fields)) + +(define-syntax define-configuration + (lambda (stx) + (define (id ctx part . parts) + (let ((part (syntax->datum part))) + (datum->syntax + ctx + (match parts + (() part) + (parts (symbol-append part + (syntax->datum (apply id ctx parts)))))))) + (syntax-case stx () + ((_ stem (field (field-type def) doc) ...) + (with-syntax (((field-getter ...) + (map (lambda (field) + (id #'stem #'stem #'- field)) + #'(field ...))) + ((field-predicate ...) + (map (lambda (type) + (id #'stem type #'?)) + #'(field-type ...))) + ((field-serializer ...) + (map (lambda (type) + (id #'stem #'serialize- type)) + #'(field-type ...)))) + #`(begin + (define-record-type* #,(id #'stem #'< #'stem #'>) + #,(id #'stem #'% #'stem) + #,(id #'stem #'make- #'stem) + #,(id #'stem #'stem #'?) + (field field-getter (default def)) + ...) + (define #,(id #'stem #'stem #'-fields) + (list (configuration-field + (name 'field) + (type 'field-type) + (getter field-getter) + (predicate field-predicate) + (serializer field-serializer) + (default-value-thunk (lambda () def)) + (documentation doc)) + ...)) + (define-syntax-rule (stem arg (... ...)) + (let ((conf (#,(id #'stem #'% #'stem) arg (... ...)))) + (validate-configuration conf + #,(id #'stem #'stem #'-fields)) + conf)))))))) + +(define %cups-accounts + (list (user-group (name "lp") (system? #t)) + (user-group (name "lpadmin") (system? #t)) + (user-account + (name "lp") + (group "lp") + (system? #t) + (comment "System user for invoking printing helper programs") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define (uglify-field-name field-name) + (let ((str (symbol->string field-name))) + (string-concatenate + (map string-titlecase + (string-split (if (string-suffix? "?" str) + (substring str 0 (1- (string-length str))) + str) + #\-))))) + +(define (serialize-field field-name val) + (format #t "~a ~a\n" (uglify-field-name field-name) val)) + +(define (serialize-package field-name val) + #f) + +(define (serialize-string field-name val) + (serialize-field field-name val)) + +(define (multiline-string-list? val) + (and (list? val) + (and-map (lambda (x) + (and (string? x) (not (string-index x #\space)))) + val))) +(define (serialize-multiline-string-list field-name val) + (for-each (lambda (str) (serialize-field field-name str)) val)) + +(define (space-separated-string-list? val) + (and (list? val) + (and-map (lambda (x) + (and (string? x) (not (string-index x #\space)))) + val))) +(define (serialize-space-separated-string-list field-name val) + (serialize-field field-name (string-join val " "))) + +(define (space-separated-symbol-list? val) + (and (list? val) (and-map symbol? val))) +(define (serialize-space-separated-symbol-list field-name val) + (serialize-field field-name (string-join (map symbol->string val) " "))) + +(define (file-name? val) + (and (string? val) + (string-prefix? "/" val))) +(define (serialize-file-name field-name val) + (serialize-string field-name val)) + +(define (serialize-boolean field-name val) + (serialize-string field-name (if val "yes" "no"))) + +(define (non-negative-integer? val) + (and (exact-integer? val) (not (negative? val)))) +(define (serialize-non-negative-integer field-name val) + (serialize-field field-name val)) + +(define-syntax define-enumerated-field-type + (lambda (x) + (define (id-append ctx . parts) + (datum->syntax ctx (apply symbol-append (map syntax->datum parts)))) + (syntax-case x () + ((_ name (option ...)) + #`(begin + (define (#,(id-append #'name #'name #'?) x) + (memq x '(option ...))) + (define (#,(id-append #'name #'serialize- #'name) field-name val) + (serialize-field field-name val))))))) + +(define-enumerated-field-type access-log-level + (config actions all)) +(define-enumerated-field-type browse-local-protocols + (all dnssd none)) +(define-enumerated-field-type default-auth-type + (Basic Negotiate)) +(define-enumerated-field-type default-encryption + (Never IfRequested Required)) +(define-enumerated-field-type error-policy + (abort-job retry-job retry-this-job stop-printer)) +(define-enumerated-field-type log-level + (none emerg alert crit error warn notice info debug debug2)) +(define-enumerated-field-type log-time-format + (standard usecs)) +(define-enumerated-field-type server-tokens + (None ProductOnly Major Minor Minimal OS Full)) +(define-enumerated-field-type method + (DELETE GET HEAD OPTIONS POST PUT TRACE)) +(define-enumerated-field-type sandboxing + (relaxed strict)) + +(define (method-list? val) + (and (list? val) (and-map method? val))) +(define (serialize-method-list field-name val) + (serialize-field field-name (string-join (map symbol->string val) " "))) + +(define (host-name-lookups? val) + (memq val '(#f #t 'double))) +(define (serialize-host-name-lookups field-name val) + (serialize-field field-name + (match val (#f "No") (#t "Yes") ('double "Double")))) + +(define (host-name-list-or-*? x) + (or (eq? x '*) + (and (list? x) (and-map string? x)))) +(define (serialize-host-name-list-or-* field-name val) + (serialize-field field-name (match val + ('* '*) + (names (string-join names " "))))) + +(define (boolean-or-non-negative-integer? x) + (or (boolean? x) (non-negative-integer? x))) +(define (serialize-boolean-or-non-negative-integer field-name x) + (if (boolean? x) + (serialize-boolean field-name x) + (serialize-non-negative-integer field-name x))) + +(define (ssl-options? x) + (and (list? x) + (and-map (lambda (elt) (memq elt '(AllowRC4 AllowSSL3))) x))) +(define (serialize-ssl-options field-name val) + (serialize-field field-name + (match val + (() "None") + (opts (string-join (map symbol->string opts) " "))))) + +(define (serialize-access-control x) + (display x) + (newline)) +(define (serialize-access-control-list field-name val) + (for-each serialize-access-control val)) +(define (access-control-list? val) + (and (list? val) (and-map string? val))) + +(define-configuration operation-access-control + (operations + (space-separated-symbol-list '()) + "IPP operations to which this access control applies.") + (access-controls + (access-control-list '()) + "Access control directives, as a list of strings. Each string should be one directive, such as \"Order allow,deny\".")) + +(define-configuration method-access-control + (reverse? + (boolean #f) + "If @code{#t}, apply access controls to all methods except the listed +methods. Otherwise apply to only the listed methods.") + (methods + (method-list '()) + "Methods to which this access control applies.") + (access-controls + (access-control-list '()) + "Access control directives, as a list of strings. Each string should be one directive, such as \"Order allow,deny\".")) + +(define (serialize-operation-access-control x) + (format #t "<Limit ~a>\n" + (string-join (map symbol->string + (operation-access-control-operations x)) " ")) + (serialize-configuration + x + (filter (lambda (field) + (not (eq? (configuration-field-name field) 'operations))) + operation-access-control-fields)) + (format #t "</Limit>\n")) + +(define (serialize-method-access-control x) + (let ((limit (if (method-access-control-reverse? x) "LimitExcept" "Limit"))) + (format #t "<~a ~a>\n" limit + (string-join (map symbol->string + (method-access-control-methods x)) " ")) + (serialize-configuration + x + (filter (lambda (field) + (case (configuration-field-name field) + ((reverse? methods) #f) + (else #t))) + method-access-control-fields)) + (format #t "</~a>\n" limit))) + +(define (operation-access-control-list? val) + (and (list? val) (and-map operation-access-control? val))) +(define (serialize-operation-access-control-list field-name val) + (for-each serialize-operation-access-control val)) + +(define (method-access-control-list? val) + (and (list? val) (and-map method-access-control? val))) +(define (serialize-method-access-control-list field-name val) + (for-each serialize-method-access-control val)) + +(define-configuration location-access-control + (path + (file-name (cups-configuration-missing-field 'location-access-control 'path)) + "Specifies the URI path to which the access control applies.") + (access-controls + (access-control-list '()) + "Access controls for all access to this path, in the same format as the +@code{access-controls} of @code{operation-access-control}.") + (method-access-controls + (method-access-control-list '()) + "Access controls for method-specific access to this path.")) + +(define (serialize-location-access-control x) + (format #t "<Location ~a>\n" (location-access-control-path x)) + (serialize-configuration + x + (filter (lambda (field) + (not (eq? (configuration-field-name field) 'path))) + location-access-control-fields)) + (format #t "</Location>\n")) + +(define (location-access-control-list? val) + (and (list? val) (and-map location-access-control? val))) +(define (serialize-location-access-control-list field-name val) + (for-each serialize-location-access-control val)) + +(define-configuration policy-configuration + (name + (string (cups-configuration-missing-field 'policy-configuration 'name)) + "Name of the policy.") + (job-private-access + (string "@OWNER @SYSTEM") + "Specifies an access list for a job's private values. @code{@@ACL} maps to +the printer's requesting-user-name-allowed or requesting-user-name-denied +values. @code{@@OWNER} maps to the job's owner. @code{@@SYSTEM} maps to the +groups listed for the @code{system-group} field of the @code{files-config} +configuration, which is reified into the @code{cups-files.conf(5)} file. +Other possible elements of the access list include specific user names, and +@code{@@@var{group}} to indicate members of a specific group. The access list +may also be simply @code{all} or @code{default}.") + (job-private-values + (string (string-join '("job-name" "job-originating-host-name" + "job-originating-user-name" "phone"))) + "Specifies the list of job values to make private, or @code{all}, +@code{default}, or @code{none}.") + + (subscription-private-access + (string "@OWNER @SYSTEM") + "Specifies an access list for a subscription's private values. +@code{@@ACL} maps to the printer's requesting-user-name-allowed or +requesting-user-name-denied values. @code{@@OWNER} maps to the job's owner. +@code{@@SYSTEM} maps to the groups listed for the @code{system-group} field of +the @code{files-config} configuration, which is reified into the +@code{cups-files.conf(5)} file. Other possible elements of the access list +include specific user names, and @code{@@@var{group}} to indicate members of a +specific group. The access list may also be simply @code{all} or +@code{default}.") + (subscription-private-values + (string (string-join '("notify-events" "notify-pull-method" + "notify-recipient-uri" "notify-subscriber-user-name" + "notify-user-data") + " ")) + "Specifies the list of job values to make private, or @code{all}, +@code{default}, or @code{none}.") + + (access-controls + (operation-access-control-list '()) + "Access control by IPP operation.")) + +(define (serialize-policy-configuration x) + (format #t "<Policy ~a>\n" (policy-configuration-name x)) + (serialize-configuration + x + (filter (lambda (field) + (not (eq? (configuration-field-name field) 'name))) + policy-configuration-fields)) + (format #t "</Policy>\n")) + +(define (policy-configuration-list? x) + (and (list? x) (and-map policy-configuration? x))) +(define (serialize-policy-configuration-list field-name x) + (for-each serialize-policy-configuration x)) + +(define (log-location? x) + (or (file-name? x) + (eq? x 'stderr) + (eq? x 'syslog))) +(define (serialize-log-location field-name x) + (if (string? x) + (serialize-file-name field-name x) + (serialize-field field-name x))) + +(define-configuration files-configuration + (access-log + (log-location "/var/log/cups/access_log") + "Defines the access log filename. Specifying a blank filename disables +access log generation. The value @code{stderr} causes log entries to be sent +to the standard error file when the scheduler is running in the foreground, or +to the system log daemon when run in the background. The value @code{syslog} +causes log entries to be sent to the system log daemon. The server name may +be included in filenames using the string @code{%s}, as in +@code{/var/log/cups/%s-access_log}.") + (cache-dir + (file-name "/var/cache/cups") + "Where CUPS should cache data.") + (config-file-perm + (string "0640") + "Specifies the permissions for all configuration files that the scheduler +writes. + +Note that the permissions for the printers.conf file are currently masked to +only allow access from the scheduler user (typically root). This is done +because printer device URIs sometimes contain sensitive authentication +information that should not be generally known on the system. There is no way +to disable this security feature.") + ;; Not specifying data-dir and server-bin options as we handle these + ;; manually. For document-root, the CUPS package has that path + ;; preconfigured. + (error-log + (log-location "/var/log/cups/error_log") + "Defines the error log filename. Specifying a blank filename disables +access log generation. The value @code{stderr} causes log entries to be sent +to the standard error file when the scheduler is running in the foreground, or +to the system log daemon when run in the background. The value @code{syslog} +causes log entries to be sent to the system log daemon. The server name may +be included in filenames using the string @code{%s}, as in +@code{/var/log/cups/%s-error_log}.") + (fatal-errors + (string "all -browse") + "Specifies which errors are fatal, causing the scheduler to exit. The kind +strings are: +@table @code +@item none +No errors are fatal. +@item all +All of the errors below are fatal. +@item browse +Browsing initialization errors are fatal, for example failed connections to +the DNS-SD daemon. +@item config +Configuration file syntax errors are fatal. +@item listen +Listen or Port errors are fatal, except for IPv6 failures on the loopback or +@code{any} addresses. +@item log +Log file creation or write errors are fatal. +@item permissions +Bad startup file permissions are fatal, for example shared TLS certificate and +key files with world-read permissions. +@end table") + (file-device? + (boolean #f) + "Specifies whether the file pseudo-device can be used for new printer +queues. The URI @url{file:///dev/null} is always allowed.") + (group + (string "lp") + "Specifies the group name or ID that will be used when executing external +programs.") + (log-file-perm + (string "0644") + "Specifies the permissions for all log files that the scheduler writes.") + (page-log + (log-location "/var/log/cups/page_log") + "Defines the page log filename. Specifying a blank filename disables +access log generation. The value @code{stderr} causes log entries to be sent +to the standard error file when the scheduler is running in the foreground, or +to the system log daemon when run in the background. The value @code{syslog} +causes log entries to be sent to the system log daemon. The server name may +be included in filenames using the string @code{%s}, as in +@code{/var/log/cups/%s-page_log}.") + (remote-root + (string "remroot") + "Specifies the username that is associated with unauthenticated accesses by +clients claiming to be the root user. The default is @code{remroot}.") + (request-root + (file-name "/var/spool/cups") + "Specifies the directory that contains print jobs and other HTTP request +data.") + (sandboxing + (sandboxing 'strict) + "Specifies the level of security sandboxing that is applied to print +filters, backends, and other child processes of the scheduler; either +@code{relaxed} or @code{strict}. This directive is currently only +used/supported on macOS.") + (server-keychain + (file-name "/etc/cups/ssl") + "Specifies the location of TLS certificates and private keys. CUPS will +look for public and private keys in this directory: a @code{.crt} files for +PEM-encoded certificates and corresponding @code{.key} files for PEM-encoded +private keys.") + (server-root + (file-name "/etc/cups") + "Specifies the directory containing the server configuration files.") + (sync-on-close? + (boolean #f) + "Specifies whether the scheduler calls fsync(2) after writing configuration +or state files.") + (system-group + (space-separated-string-list '("lpadmin" "wheel" "root")) + "Specifies the group(s) to use for @code{@@SYSTEM} group authentication.") + (temp-dir + (file-name "/var/spool/cups/tmp") + "Specifies the directory where temporary files are stored.") + (user + (string "lp") + "Specifies the user name or ID that is used when running external +programs.")) + +(define (serialize-files-configuration field-name val) + #f) + +(define (environment-variables? vars) + (space-separated-string-list? vars)) +(define (serialize-environment-variables field-name vars) + (unless (null? vars) + (serialize-space-separated-string-list field-name vars))) + +(define (package-list? val) + (and (list? val) (and-map package? val))) +(define (serialize-package-list field-name val) + #f) + +(define-configuration cups-configuration + (cups + (package cups) + "The CUPS package.") + (extensions + (package-list (list cups-filters)) + "Drivers and other extensions to the CUPS package.") + (files-configuration + (files-configuration (files-configuration)) + "Configuration of where to write logs, what directories to use for print +spools, and related privileged configuration parameters.") + (access-log-level + (access-log-level 'actions) + "Specifies the logging level for the AccessLog file. The @code{config} +level logs when printers and classes are added, deleted, or modified and when +configuration files are accessed or updated. The @code{actions} level logs +when print jobs are submitted, held, released, modified, or canceled, and any +of the conditions for @code{config}. The @code{all} level logs all +requests.") + (auto-purge-jobs? + (boolean #f) + "Specifies whether to purge job history data automatically when it is no +longer required for quotas.") + (browse-local-protocols + (browse-local-protocols 'dnssd) + "Specifies which protocols to use for local printer sharing.") + (browse-web-if? + (boolean #f) + "Specifies whether the CUPS web interface is advertised.") + (browsing? + (boolean #f) + "Specifies whether shared printers are advertised.") + (classification + (string "") + "Specifies the security classification of the server. +Any valid banner name can be used, including \"classified\", \"confidential\", +\"secret\", \"topsecret\", and \"unclassified\", or the banner can be omitted +to disable secure printing functions.") + (classify-override? + (boolean #f) + "Specifies whether users may override the classification (cover page) of +individual print jobs using the @code{job-sheets} option.") + (default-auth-type + (default-auth-type 'Basic) + "Specifies the default type of authentication to use.") + (default-encryption + (default-encryption 'Required) + "Specifies whether encryption will be used for authenticated requests.") + (default-language + (string "en") + "Specifies the default language to use for text and web content.") + (default-paper-size + (string "Auto") + "Specifies the default paper size for new print queues. @samp{\"Auto\"} +uses a locale-specific default, while @samp{\"None\"} specifies there is no +default paper size. Specific size names are typically @samp{\"Letter\"} or +@samp{\"A4\"}.") + (default-policy + (string "default") + "Specifies the default access policy to use.") + (default-shared? + (boolean #t) + "Specifies whether local printers are shared by default.") + (dirty-clean-interval + (non-negative-integer 30) + "Specifies the delay for updating of configuration and state files, in +seconds. A value of 0 causes the update to happen as soon as possible, +typically within a few milliseconds.") + (error-policy + (error-policy 'stop-printer) + "Specifies what to do when an error occurs. Possible values are +@code{abort-job}, which will discard the failed print job; @code{retry-job}, +which will retry the job at a later time; @code{retry-this-job}, which retries +the failed job immediately; and @code{stop-printer}, which stops the +printer.") + (filter-limit + (non-negative-integer 0) + "Specifies the maximum cost of filters that are run concurrently, which can +be used to minimize disk, memory, and CPU resource problems. A limit of 0 +disables filter limiting. An average print to a non-PostScript printer needs +a filter limit of about 200. A PostScript printer needs about half +that (100). Setting the limit below these thresholds will effectively limit +the scheduler to printing a single job at any time.") + (filter-nice + (non-negative-integer 0) + "Specifies the scheduling priority of filters that are run to print a job. +The nice value ranges from 0, the highest priority, to 19, the lowest +priority.") + ;; Add this option if the package is built with Kerberos support. + ;; (gss-service-name + ;; (string "http") + ;; "Specifies the service name when using Kerberos authentication.") + (host-name-lookups + (host-name-lookups #f) + "Specifies whether to do reverse lookups on connecting clients. +The @code{double} setting causes @code{cupsd} to verify that the hostname +resolved from the address matches one of the addresses returned for that +hostname. Double lookups also prevent clients with unregistered addresses +from connecting to your server. Only set this option to @code{#t} or +@code{double} if absolutely required.") + ;; Add this option if the package is built with launchd/systemd support. + ;; (idle-exit-timeout + ;; (non-negative-integer 60) + ;; "Specifies the length of time to wait before shutting down due to + ;; inactivity. Note: Only applicable when @code{cupsd} is run on-demand + ;; (e.g., with @code{-l}).") + (job-kill-delay + (non-negative-integer 30) + "Specifies the number of seconds to wait before killing the filters and +backend associated with a canceled or held job.") + (job-retry-interval + (non-negative-integer 30) + "Specifies the interval between retries of jobs in seconds. This is +typically used for fax queues but can also be used with normal print queues +whose error policy is @code{retry-job} or @code{retry-current-job}.") + (job-retry-limit + (non-negative-integer 5) + "Specifies the number of retries that are done for jobs. This is typically +used for fax queues but can also be used with normal print queues whose error +policy is @code{retry-job} or @code{retry-current-job}.") + (keep-alive? + (boolean #t) + "Specifies whether to support HTTP keep-alive connections.") + (keep-alive-timeout + (non-negative-integer 30) + "Specifies how long an idle client connection remains open, in seconds.") + (limit-request-body + (non-negative-integer 0) + "Specifies the maximum size of print files, IPP requests, and HTML form +data. A limit of 0 disables the limit check.") + (listen + (multiline-string-list '("localhost:631" "/var/run/cups/cups.sock")) + "Listens on the specified interfaces for connections. Valid values are of +the form @var{address}:@var{port}, where @var{address} is either an IPv6 +address enclosed in brackets, an IPv4 address, or @code{*} to indicate all +addresses. Values can also be file names of local UNIX domain sockets. The +Listen directive is similar to the Port directive but allows you to restrict +access to specific interfaces or networks.") + (listen-back-log + (non-negative-integer 128) + "Specifies the number of pending connections that will be allowed. This +normally only affects very busy servers that have reached the MaxClients +limit, but can also be triggered by large numbers of simultaneous connections. +When the limit is reached, the operating system will refuse additional +connections until the scheduler can accept the pending ones.") + (location-access-controls + (location-access-control-list + (list (location-access-control + (path "/") + (access-controls '("Order allow,deny" + "Allow localhost"))) + (location-access-control + (path "/admin") + (access-controls '("Order allow,deny" + "Allow localhost"))) + (location-access-control + (path "/admin/conf") + (access-controls '("Order allow,deny" + "AuthType Basic" + "Require user @SYSTEM" + "Allow localhost"))))) + "Specifies a set of additional access controls.") + (log-debug-history + (non-negative-integer 100) + "Specifies the number of debugging messages that are retained for logging +if an error occurs in a print job. Debug messages are logged regardless of +the LogLevel setting.") + (log-level + (log-level 'info) + "Specifies the level of logging for the ErrorLog file. The value +@code{none} stops all logging while @code{debug2} logs everything.") + (log-time-format + (log-time-format 'standard) + "Specifies the format of the date and time in the log files. The value +@code{standard} logs whole seconds while @code{usecs} logs microseconds.") + (max-clients + (non-negative-integer 100) + "Specifies the maximum number of simultaneous clients that are allowed by +the scheduler.") + (max-clients-per-host + (non-negative-integer 100) + "Specifies the maximum number of simultaneous clients that are allowed from +a single address.") + (max-copies + (non-negative-integer 9999) + "Specifies the maximum number of copies that a user can print of each +job.") + (max-hold-time + (non-negative-integer 0) + "Specifies the maximum time a job may remain in the @code{indefinite} hold +state before it is canceled. A value of 0 disables cancellation of held +jobs.") + (max-jobs + (non-negative-integer 500) + "Specifies the maximum number of simultaneous jobs that are allowed. Set +to 0 to allow an unlimited number of jobs.") + (max-jobs-per-printer + (non-negative-integer 0) + "Specifies the maximum number of simultaneous jobs that are allowed per +printer. A value of 0 allows up to MaxJobs jobs per printer.") + (max-jobs-per-user + (non-negative-integer 0) + "Specifies the maximum number of simultaneous jobs that are allowed per +user. A value of 0 allows up to MaxJobs jobs per user.") + (max-job-time + (non-negative-integer 10800) + "Specifies the maximum time a job may take to print before it is canceled, +in seconds. Set to 0 to disable cancellation of \"stuck\" jobs.") + (max-log-size + (non-negative-integer 1048576) + "Specifies the maximum size of the log files before they are rotated, in +bytes. The value 0 disables log rotation.") + (multiple-operation-timeout + (non-negative-integer 300) + "Specifies the maximum amount of time to allow between files in a multiple +file print job, in seconds.") + (page-log-format + (string "") + "Specifies the format of PageLog lines. Sequences beginning with +percent (@samp{%}) characters are replaced with the corresponding information, +while all other characters are copied literally. The following percent +sequences are recognized: + +@table @samp +@item %% +insert a single percent character +@item %@{name@} +insert the value of the specified IPP attribute +@item %C +insert the number of copies for the current page +@item %P +insert the current page number +@item %T +insert the current date and time in common log format +@item %j +insert the job ID +@item %p +insert the printer name +@item %u +insert the username +@end table + +A value of the empty string disables page logging. The string @code{%p %u %j +%T %P %C %@{job-billing@} %@{job-originating-host-name@} %@{job-name@} +%@{media@} %@{sides@}} creates a page log with the standard items.") + (environment-variables + (environment-variables '()) + "Passes the specified environment variable(s) to child processes; a list of +strings.") + (policies + (policy-configuration-list + (list (policy-configuration + (name "default") + (access-controls + (list + (operation-access-control + (operations + '(Send-Document + Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs + Cancel-Job Close-Job Cancel-My-Jobs Set-Job-Attributes + Create-Job-Subscription Renew-Subscription + Cancel-Subscription Get-Notifications + Reprocess-Job Cancel-Current-Job Suspend-Current-Job + Resume-Job CUPS-Move-Job Validate-Job + CUPS-Get-Document)) + (access-controls '("Require user @OWNER @SYSTEM" + "Order deny,allow"))) + (operation-access-control + (operations + '(Pause-Printer + Cancel-Jobs + Resume-Printer Set-Printer-Attributes Enable-Printer + Disable-Printer Pause-Printer-After-Current-Job + Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer + Activate-Printer Restart-Printer Shutdown-Printer + Startup-Printer Promote-Job Schedule-Job-After + CUPS-Authenticate-Job CUPS-Add-Printer + CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class + CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default)) + (access-controls '("AuthType Basic" + "Require user @SYSTEM" + "Order deny,allow"))) + (operation-access-control + (operations '(All)) + (access-controls '("Order deny,allow")))))))) + "Specifies named access control policies.") + #; + (port + (non-negative-integer 631) + "Listens to the specified port number for connections.") + (preserve-job-files + (boolean-or-non-negative-integer 86400) + "Specifies whether job files (documents) are preserved after a job is +printed. If a numeric value is specified, job files are preserved for the +indicated number of seconds after printing. Otherwise a boolean value applies +indefinitely.") + (preserve-job-history + (boolean-or-non-negative-integer #t) + "Specifies whether the job history is preserved after a job is printed. +If a numeric value is specified, the job history is preserved for the +indicated number of seconds after printing. If @code{#t}, the job history is +preserved until the MaxJobs limit is reached.") + (reload-timeout + (non-negative-integer 30) + "Specifies the amount of time to wait for job completion before restarting +the scheduler.") + (rip-cache + (string "128m") + "Specifies the maximum amount of memory to use when converting documents into bitmaps for a printer.") + (server-admin + (string "root@localhost.localdomain") + "Specifies the email address of the server administrator.") + (server-alias + (host-name-list-or-* '*) + "The ServerAlias directive is used for HTTP Host header validation when +clients connect to the scheduler from external interfaces. Using the special +name @code{*} can expose your system to known browser-based DNS rebinding +attacks, even when accessing sites through a firewall. If the auto-discovery +of alternate names does not work, we recommend listing each alternate name +with a ServerAlias directive instead of using @code{*}.") + (server-name + (string "localhost") + "Specifies the fully-qualified host name of the server.") + (server-tokens + (server-tokens 'Minimal) + "Specifies what information is included in the Server header of HTTP +responses. @code{None} disables the Server header. @code{ProductOnly} +reports @code{CUPS}. @code{Major} reports @code{CUPS 2}. @code{Minor} +reports @code{CUPS 2.0}. @code{Minimal} reports @code{CUPS 2.0.0}. @code{OS} +reports @code{CUPS 2.0.0 (@var{uname})} where @var{uname} is the output of the +@code{uname} command. @code{Full} reports @code{CUPS 2.0.0 (@var{uname}) +IPP/2.0}.") + (set-env + (string "variable value") + "Set the specified environment variable to be passed to child processes.") + (ssl-listen + (multiline-string-list '()) + "Listens on the specified interfaces for encrypted connections. Valid +values are of the form @var{address}:@var{port}, where @var{address} is either +an IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to indicate +all addresses.") + (ssl-options + (ssl-options '()) + "Sets encryption options. +By default, CUPS only supports encryption using TLS v1.0 or higher using known +secure cipher suites. The @code{AllowRC4} option enables the 128-bit RC4 +cipher suites, which are required for some older clients that do not implement +newer ones. The @code{AllowSSL3} option enables SSL v3.0, which is required +for some older clients that do not support TLS v1.0.") + #; + (ssl-port + (non-negative-integer 631) + "Listens on the specified port for encrypted connections.") + (strict-conformance? + (boolean #f) + "Specifies whether the scheduler requires clients to strictly adhere to the +IPP specifications.") + (timeout + (non-negative-integer 300) + "Specifies the HTTP request timeout, in seconds.") + (web-interface? + (boolean #f) + "Specifies whether the web interface is enabled.")) + +(define-configuration opaque-cups-configuration + (cups + (package cups) + "The CUPS package.") + (extensions + (package-list '()) + "Drivers and other extensions to the CUPS package.") + (cupsd.conf + (string (cups-configuration-missing-field 'opaque-cups-configuration + 'cupsd.conf)) + "The contents of the @code{cupsd.conf} to use.") + (cups-files.conf + (string (cups-configuration-missing-field 'opaque-cups-configuration + 'cups-files.conf)) + "The contents of the @code{cups-files.conf} to use.")) + +(define %cups-activation + ;; Activation gexp. + (with-imported-modules '((guix build utils)) + #~(begin + (define (mkdir-p/perms directory owner perms) + (mkdir-p directory) + (chown "/var/run/cups" (passwd:uid owner) (passwd:gid owner)) + (chmod directory perms)) + (define (build-subject parameters) + (string-concatenate + (map (lambda (pair) + (let ((k (car pair)) (v (cdr pair))) + (define (escape-char str chr) + (string-join (string-split str chr) (string #\\ chr))) + (string-append "/" k "=" + (escape-char (escape-char v #\=) #\/)))) + (filter (lambda (pair) (cdr pair)) parameters)))) + (define* (create-self-signed-certificate-if-absent + #:key private-key public-key (owner (getpwnam "root")) + (common-name (gethostname)) + (organization-name "GuixSD") + (organization-unit-name "Default Self-Signed Certificate") + (subject-parameters `(("CN" . ,common-name) + ("O" . ,organization-name) + ("OU" . ,organization-unit-name))) + (subject (build-subject subject-parameters))) + ;; Note that by default, OpenSSL outputs keys in PEM format. This + ;; is what we want. + (unless (file-exists? private-key) + (cond + ((zero? (system* (string-append #$openssl "/bin/openssl") + "genrsa" "-out" private-key "2048")) + (chown private-key (passwd:uid owner) (passwd:gid owner)) + (chmod private-key #o400)) + (else + (format (current-error-port) + "Failed to create private key at ~a.\n" private-key)))) + (unless (file-exists? public-key) + (cond + ((zero? (system* (string-append #$openssl "/bin/openssl") + "req" "-new" "-x509" "-key" private-key + "-out" public-key "-days" "3650" + "-batch" "-subj" subject)) + (chown public-key (passwd:uid owner) (passwd:gid owner)) + (chmod public-key #o444)) + (else + (format (current-error-port) + "Failed to create public key at ~a.\n" public-key))))) + (let ((user (getpwnam "lp"))) + (mkdir-p/perms "/var/run/cups" user #o755) + (mkdir-p/perms "/var/spool/cups" user #o755) + (mkdir-p/perms "/var/spool/cups/tmp" user #o755) + (mkdir-p/perms "/var/log/cups" user #o755) + (mkdir-p/perms "/etc/cups" user #o755) + (mkdir-p/perms "/etc/cups/ssl" user #o700) + ;; This certificate is used for HTTPS connections to the CUPS web + ;; interface. + (create-self-signed-certificate-if-absent + #:private-key "/etc/cups/ssl/localhost.key" + #:public-key "/etc/cups/ssl/localhost.crt" + #:owner (getpwnam "root") + #:common-name (format #f "CUPS service on ~a" (gethostname))))))) + +(define (union-directory name packages paths) + (computed-file + name + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils) + (srfi srfi-1)) + (mkdir #$output) + (for-each + (lambda (package) + (for-each + (lambda (path) + (for-each + (lambda (src) + (let* ((tail (substring src (string-length package))) + (dst (string-append #$output tail))) + (mkdir-p (dirname dst)) + ;; CUPS currently symlinks in some data from cups-filters + ;; to its output dir. Probably we should stop doing this + ;; and instead rely only on the CUPS service to union the + ;; relevant set of CUPS packages. + (if (file-exists? dst) + (format (current-error-port) "warning: ~a exists\n" dst) + (symlink src dst)))) + (find-files (string-append package path)))) + (list #$@paths))) + (list #$@packages)) + #t)))) + +(define (cups-server-bin-directory extensions) + "Return the CUPS ServerBin directory, containing binaries for CUPS and all +extensions that it uses." + (union-directory "cups-server-bin" extensions + ;; /bin + '("/lib/cups" "/share/ppd" "/share/cups"))) + +(define (cups-shepherd-service config) + "Return a list of <shepherd-service> for CONFIG." + (let* ((cupsd.conf-str + (cond + ((opaque-cups-configuration? config) + (opaque-cups-configuration-cupsd.conf config)) + (else + (with-output-to-string + (lambda () + (serialize-configuration config + cups-configuration-fields)))))) + (cups-files.conf-str + (cond + ((opaque-cups-configuration? config) + (opaque-cups-configuration-cups-files.conf config)) + (else + (with-output-to-string + (lambda () + (serialize-configuration + (cups-configuration-files-configuration config) + files-configuration-fields)))))) + (cups (if (opaque-cups-configuration? config) + (opaque-cups-configuration-cups config) + (cups-configuration-cups config))) + (server-bin + (cups-server-bin-directory + (cons cups + (cond + ((opaque-cups-configuration? config) + (opaque-cups-configuration-extensions config)) + (else + (cups-configuration-extensions config)))))) + ;;"SetEnv PATH " server-bin "/bin" "\n" + (cupsd.conf + (plain-file "cupsd.conf" cupsd.conf-str)) + (cups-files.conf + (mixed-text-file + "cups-files.conf" + cups-files.conf-str + "CacheDir /var/cache/cups\n" + "StateDir /var/run/cups\n" + "DataDir " server-bin "/share/cups" "\n" + "ServerBin " server-bin "/lib/cups" "\n"))) + (list (shepherd-service + (documentation "Run the CUPS print server.") + (provision '(cups)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + (list (string-append #$cups "/sbin/cupsd") + "-f" "-c" #$cupsd.conf "-s" #$cups-files.conf))) + (stop #~(make-kill-destructor)))))) + +(define cups-service-type + (service-type (name 'cups) + (extensions + (list (service-extension shepherd-root-service-type + cups-shepherd-service) + (service-extension activation-service-type + (const %cups-activation)) + (service-extension account-service-type + (const %cups-accounts)))) + + ;; Extensions consist of lists of packages (representing CUPS + ;; drivers, etc) that we just concatenate. + (compose append) + + ;; Add extension packages by augmenting the cups-configuration + ;; 'extensions' field. + (extend + (lambda (config extensions) + (cond + ((cups-configuration? config) + (cups-configuration + (inherit config) + (extensions + (append (cups-configuration-extensions config) + extensions)))) + (else + (opaque-cups-configuration + (inherit config) + (extensions + (append (opaque-cups-configuration-extensions config) + extensions))))))))) + +;; A little helper to make it easier to document all those fields. +(define (generate-documentation) + (define documentation + `((cups-configuration + ,cups-configuration-fields + (files-configuration files-configuration) + (policies policy-configuration) + (location-access-controls location-access-controls)) + (files-configuration ,files-configuration-fields) + (policy-configuration + ,policy-configuration-fields + (operation-access-controls operation-access-controls)) + (location-access-controls + ,location-access-control-fields + (method-access-controls method-access-controls)) + (operation-access-controls ,operation-access-control-fields) + (method-access-controls ,method-access-control-fields))) + (define (str x) (object->string x)) + (define (generate configuration-name) + (match (assq-ref documentation configuration-name) + ((fields . sub-documentation) + `((para "Available " (code ,(str configuration-name)) " fields are:") + ,@(map + (lambda (f) + (let ((field-name (configuration-field-name f)) + (field-type (configuration-field-type f)) + (field-docs (cdr (texi-fragment->stexi + (configuration-field-documentation f)))) + (default (catch #t + (configuration-field-default-value-thunk f) + (lambda _ '%invalid)))) + (define (show-default? val) + (or (string? default) (number? default) (boolean? default) + (and (symbol? val) (not (eq? val '%invalid))) + (and (list? val) (and-map show-default? val)))) + `(deftypevr (% (category + (code ,(str configuration-name)) " parameter") + (data-type ,(str field-type)) + (name ,(str field-name))) + ,@field-docs + ,@(if (show-default? default) + `((para "Defaults to " (samp ,(str default)) ".")) + '()) + ,@(append-map + generate + (or (assq-ref sub-documentation field-name) '()))))) + fields))))) + (stexi->texi `(*fragment* . ,(generate 'cups-configuration)))) diff --git a/gnu/system.scm b/gnu/system.scm index 38ae8f1771..43117b1714 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -562,12 +562,7 @@ use 'plain-file' instead~%") ;; By default, applications that use D-Bus, such as Emacs, abort at startup ;; when /etc/machine-id is missing. Make sure these warnings are non-fatal. - ("DBUS_FATAL_WARNINGS" . "0") - - ;; XXX: Normally we wouldn't need to do this, but our glibc@2.23 package - ;; looks things up in 'PREFIX/lib/locale' instead of - ;; '/run/current-system/locale' as was intended. - ("GUIX_LOCPATH" . "/run/current-system/locale"))) + ("DBUS_FATAL_WARNINGS" . "0"))) (define %setuid-programs ;; Default set of setuid-root programs. diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm index 34edff7f40..1dfd85450c 100644 --- a/guix/build/gnu-build-system.scm +++ b/guix/build/gnu-build-system.scm @@ -172,22 +172,23 @@ files such as `.in' templates. Most scripts honor $SHELL and $CONFIG_SHELL, but some don't, such as `mkinstalldirs' or Automake's `missing' script." (for-each patch-shebang - (remove (lambda (file) - (or (not (file-exists? file)) ;dangling symlink - (file-is-directory? file))) - (find-files ".")))) + (find-files "." + (lambda (file stat) + ;; Filter out symlinks. + (eq? 'regular (stat:type stat))) + #:stat lstat))) (define (patch-generated-file-shebangs . rest) "Patch shebangs in generated files, including `SHELL' variables in makefiles." - ;; Patch executable files, some of which might have been generated by - ;; `configure'. + ;; Patch executable regular files, some of which might have been generated + ;; by `configure'. (for-each patch-shebang - (filter (lambda (file) - (and (file-exists? file) - (executable-file? file) - (not (file-is-directory? file)))) - (find-files "."))) + (find-files "." + (lambda (file stat) + (and (eq? 'regular (stat:type stat)) + (not (zero? (logand (stat:mode stat) #o100))))) + #:stat lstat)) ;; Patch `SHELL' in generated makefiles. (for-each patch-makefile-SHELL (find-files "." "^(GNU)?[mM]akefile$"))) @@ -386,26 +387,17 @@ makefiles." (when debug-output (format #t "debugging output written to ~s using ~s~%" debug-output objcopy-command)) - (file-system-fold (const #t) - (lambda (path stat result) ; leaf - (and (file-exists? path) ;discard dangling symlinks - (or (elf-file? path) (ar-file? path)) - (or (not debug-output) - (make-debug-file path)) - (zero? (apply system* strip-command - (append strip-flags (list path)))) - (or (not debug-output) - (add-debug-link path)))) - (const #t) ; down - (const #t) ; up - (const #t) ; skip - (lambda (path stat errno result) - (format (current-error-port) - "strip: failed to access `~a': ~a~%" - path (strerror errno)) - #f) - #t - dir)) + + (for-each (lambda (file) + (and (file-exists? file) ;discard dangling symlinks + (or (elf-file? file) (ar-file? file)) + (or (not debug-output) + (make-debug-file file)) + (zero? (apply system* strip-command + (append strip-flags (list file)))) + (or (not debug-output) + (add-debug-link file)))) + (find-files dir))) (or (not strip-binaries?) (every strip-dir @@ -552,6 +544,47 @@ DOCUMENTATION-COMPRESSOR-FLAGS." outputs) #t) + +(define* (patch-dot-desktop-files #:key outputs inputs #:allow-other-keys) + "Replace any references to executables in '.desktop' files with their +absolute file names." + (define bin-directories + (append-map (match-lambda + ((_ . directory) + (list (string-append directory "/bin") + (string-append directory "/sbin")))) + outputs)) + + (define (which program) + (or (search-path bin-directories program) + (begin + (format (current-error-port) + "warning: '.desktop' file refers to '~a', \ +which cannot be found~%" + program) + program))) + + (for-each (match-lambda + ((_ . directory) + (let ((applications (string-append directory + "/share/applications"))) + (when (directory-exists? applications) + (let ((files (find-files applications "\\.desktop$"))) + (format #t "adjusting ~a '.desktop' files in ~s~%" + (length files) applications) + + ;; '.desktop' files contain translations and are always + ;; UTF-8-encoded. + (with-fluids ((%default-port-encoding "UTF-8")) + (substitute* files + (("^Exec=([^/[:blank:]\r\n]*)(.*)$" _ binary rest) + (string-append "Exec=" (which binary) rest)) + (("^TryExec=([^/[:blank:]\r\n]*)(.*)$" _ binary rest) + (string-append "TryExec=" + (which binary) rest))))))))) + outputs) + #t) + (define %standard-phases ;; Standard build phases, as a list of symbol/procedure pairs. (let-syntax ((phases (syntax-rules () @@ -564,6 +597,7 @@ DOCUMENTATION-COMPRESSOR-FLAGS." validate-runpath validate-documentation-location delete-info-dir-file + patch-dot-desktop-files compress-documentation))) diff --git a/guix/build/utils.scm b/guix/build/utils.scm index 2988193fce..bc6f114152 100644 --- a/guix/build/utils.scm +++ b/guix/build/utils.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> @@ -518,8 +518,8 @@ following forms: (add-before <old-phase-name> <new-phase-name> <new-phase>) (add-after <old-phase-name> <new-phase-name> <new-phase>) -Where every <*-phase-name> is an automatically quoted symbol, and <new-phase> -an expression evaluating to a procedure." +Where every <*-phase-name> is an expression evaluating to a symbol, and +<new-phase> an expression evaluating to a procedure." (let* ((phases* phases) (phases* (%modify-phases phases* mod-spec)) ...) @@ -944,64 +944,76 @@ This is useful for scripts that expect particular programs to be in $PATH, for programs that expect particular shared libraries to be in $LD_LIBRARY_PATH, or modules in $GUILE_LOAD_PATH, etc. -If PROG has previously been wrapped by wrap-program the wrapper will point to -the previous wrapper." - (define (wrapper-file-name number) - (format #f "~a/.~a-wrap-~2'0d" (dirname prog) (basename prog) number)) - (define (next-wrapper-number) - (let ((wrappers - (find-files (dirname prog) - (string-append "\\." (basename prog) "-wrap-.*")))) - (if (null? wrappers) - 0 - (string->number (string-take-right (last wrappers) 2))))) - (define (wrapper-target number) - (if (zero? number) - (let ((prog-real (string-append (dirname prog) "/." - (basename prog) "-real"))) - (rename-file prog prog-real) - prog-real) - (wrapper-file-name number))) - - (let* ((number (next-wrapper-number)) - (target (wrapper-target number)) - (wrapper (wrapper-file-name (1+ number))) - (prog-tmp (string-append target "-tmp"))) - (define (export-variable lst) - ;; Return a string that exports an environment variable. - (match lst - ((var sep '= rest) - (format #f "export ~a=\"~a\"" - var (string-join rest sep))) - ((var sep 'prefix rest) - (format #f "export ~a=\"~a${~a~a+~a}$~a\"" - var (string-join rest sep) var sep sep var)) - ((var sep 'suffix rest) - (format #f "export ~a=\"$~a${~a~a+~a}~a\"" - var var var sep sep (string-join rest sep))) - ((var '= rest) - (format #f "export ~a=\"~a\"" - var (string-join rest ":"))) - ((var 'prefix rest) - (format #f "export ~a=\"~a${~a:+:}$~a\"" - var (string-join rest ":") var var)) - ((var 'suffix rest) - (format #f "export ~a=\"$~a${~a:+:}~a\"" - var var var (string-join rest ":"))))) - - (with-output-to-file prog-tmp - (lambda () - (format #t - "#!~a~%~a~%exec -a \"$0\" \"~a\" \"$@\"~%" - (which "bash") - (string-join (map export-variable vars) - "\n") - (canonicalize-path target)))) - - (chmod prog-tmp #o755) - (rename-file prog-tmp wrapper) - (symlink wrapper prog-tmp) - (rename-file prog-tmp prog))) +If PROG has previously been wrapped by 'wrap-program', the wrapper is extended +with definitions for VARS." + (define wrapped-file + (string-append (dirname prog) "/." (basename prog) "-real")) + + (define already-wrapped? + (file-exists? wrapped-file)) + + (define (last-line port) + ;; Return the last line read from PORT and leave PORT's cursor right + ;; before it. + (let loop ((previous-line-offset 0) + (previous-line "") + (position (seek port 0 SEEK_CUR))) + (match (read-line port 'concat) + ((? eof-object?) + (seek port previous-line-offset SEEK_SET) + previous-line) + ((? string? line) + (loop position line (+ (string-length line) position)))))) + + (define (export-variable lst) + ;; Return a string that exports an environment variable. + (match lst + ((var sep '= rest) + (format #f "export ~a=\"~a\"" + var (string-join rest sep))) + ((var sep 'prefix rest) + (format #f "export ~a=\"~a${~a~a+~a}$~a\"" + var (string-join rest sep) var sep sep var)) + ((var sep 'suffix rest) + (format #f "export ~a=\"$~a${~a~a+~a}~a\"" + var var var sep sep (string-join rest sep))) + ((var '= rest) + (format #f "export ~a=\"~a\"" + var (string-join rest ":"))) + ((var 'prefix rest) + (format #f "export ~a=\"~a${~a:+:}$~a\"" + var (string-join rest ":") var var)) + ((var 'suffix rest) + (format #f "export ~a=\"$~a${~a:+:}~a\"" + var var var (string-join rest ":"))))) + + (if already-wrapped? + + ;; PROG is already a wrapper: add the new "export VAR=VALUE" lines just + ;; before the last line. + (let* ((port (open-file prog "r+")) + (last (last-line port))) + (for-each (lambda (var) + (display (export-variable var) port) + (newline port)) + vars) + (display last port) + (close-port port)) + + ;; PROG is not wrapped yet: create a shell script that sets VARS. + (let ((prog-tmp (string-append wrapped-file "-tmp"))) + (link prog wrapped-file) + + (call-with-output-file prog-tmp + (lambda (port) + (format port + "#!~a~%~a~%exec -a \"$0\" \"~a\" \"$@\"~%" + (which "bash") + (string-join (map export-variable vars) "\n") + (canonicalize-path wrapped-file)))) + + (chmod prog-tmp #o755) + (rename-file prog-tmp prog)))) ;;; diff --git a/guix/packages.scm b/guix/packages.scm index a3fab4dc13..beb958f156 100644 --- a/guix/packages.scm +++ b/guix/packages.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org> +;;; Copyright © 2016 Alex Kost <alezost@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -493,9 +494,11 @@ specifies modules in scope when evaluating SNIPPET." (format (current-error-port) "applying '~a'...~%" patch) ;; Use '--force' so that patches that do not apply perfectly are - ;; rejected. + ;; rejected. Use '--no-backup-if-mismatch' to prevent making + ;; "*.orig" file if a patch is applied with offset. (zero? (system* (string-append #+patch "/bin/patch") - "--force" #+@flags "--input" patch))) + "--force" "--no-backup-if-mismatch" + #+@flags "--input" patch))) (define (first-file directory) ;; Return the name of the first file in DIRECTORY. diff --git a/guix/profiles.scm b/guix/profiles.scm index e7319a8a10..d162f6241b 100644 --- a/guix/profiles.scm +++ b/guix/profiles.scm @@ -680,7 +680,18 @@ MANIFEST. Single-file bundles are required by programs such as Git and Lynx." (define (gtk-icon-themes manifest) "Return a derivation that unions all icon themes from manifest entries and creates the GTK+ 'icon-theme.cache' file for each theme." - (mlet %store-monad ((gtk+ (manifest-lookup-package manifest "gtk+"))) + (define gtk+ ; lazy reference + (module-ref (resolve-interface '(gnu packages gtk)) 'gtk+)) + + (mlet %store-monad ((%gtk+ (manifest-lookup-package manifest "gtk+")) + ;; XXX: Can't use gtk-update-icon-cache corresponding + ;; to the gtk+ referenced by 'manifest'. Because + ;; '%gtk+' can be either a package or store path, and + ;; there's no way to get the "bin" output for the later. + (gtk-update-icon-cache + -> #~(string-append #+gtk+:bin + "/bin/gtk-update-icon-cache"))) + (define build (with-imported-modules '((guix build utils) (guix build union) @@ -697,9 +708,7 @@ creates the GTK+ 'icon-theme.cache' file for each theme." (let* ((destdir (string-append #$output "/share/icons")) (icondirs (filter file-exists? (map (cut string-append <> "/share/icons") - '#$(manifest-inputs manifest)))) - (update-icon-cache (string-append - #+gtk+ "/bin/gtk-update-icon-cache"))) + '#$(manifest-inputs manifest))))) ;; Union all the icons. (mkdir-p (string-append #$output "/share")) @@ -714,11 +723,11 @@ creates the GTK+ 'icon-theme.cache' file for each theme." ;; "abiword_48.png". Ignore these. (when (file-is-directory? dir) (ensure-writable-directory dir) - (system* update-icon-cache "-t" dir "--quiet")))) + (system* #+gtk-update-icon-cache "-t" dir "--quiet")))) (scandir destdir (negate (cut member <> '("." ".."))))))))) ;; Don't run the hook when there's nothing to do. - (if gtk+ + (if %gtk+ (gexp->derivation "gtk-icon-themes" build #:local-build? #t #:substitutable? #f) diff --git a/m4/guix.m4 b/m4/guix.m4 index 949ae4ca7c..6d8ec2e4e0 100644 --- a/m4/guix.m4 +++ b/m4/guix.m4 @@ -74,6 +74,9 @@ AC_DEFUN([GUIX_SYSTEM_TYPE], [ linux-gnu*) # For backward compatibility, strip the `-gnu' part. guix_system="$machine_name-linux";; + gnu*) + # Always use i586 for GNU/Hurd. + guix_system="i586-gnu";; *) # Strip the version number from names such as `gnu0.3', # `darwin10.2.0', etc. diff --git a/tests/build-utils.scm b/tests/build-utils.scm index cc96738e36..7d49446f66 100644 --- a/tests/build-utils.scm +++ b/tests/build-utils.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -19,12 +19,9 @@ (define-module (test-build-utils) #:use-module (guix tests) - #:use-module (guix store) - #:use-module (guix derivations) #:use-module (guix build utils) - #:use-module (guix packages) - #:use-module (guix build-system) - #:use-module (guix build-system trivial) + #:use-module ((guix utils) + #:select (%current-system call-with-temporary-directory)) #:use-module (gnu packages) #:use-module (gnu packages bootstrap) #:use-module (srfi srfi-34) @@ -32,9 +29,6 @@ #:use-module (rnrs io ports) #:use-module (ice-9 popen)) -(define %store - (open-connection-for-tests)) - (test-begin "build-utils") @@ -95,49 +89,37 @@ port cons))))) -(test-assert "wrap-program, one input, multiple calls" - (let* ((p (package - (name "test-wrap-program") (version "0") (source #f) - (synopsis #f) (description #f) (license #f) (home-page #f) - (build-system trivial-build-system) - (arguments - `(#:guile ,%bootstrap-guile - #:modules ((guix build utils)) - #:builder - (let* ((out (assoc-ref %outputs "out")) - (bash (assoc-ref %build-inputs "bash")) - (foo (string-append out "/foo"))) - (begin - (use-modules (guix build utils)) - (mkdir out) - (call-with-output-file foo - (lambda (p) - (format p - "#!~a~%echo \"${GUIX_FOO} ${GUIX_BAR}\"~%" - bash))) - (chmod foo #o777) - ;; wrap-program uses `which' to find bash for the wrapper - ;; shebang, but it can't know about the bootstrap bash in - ;; the store, since it's not named "bash". Help it out a - ;; bit by providing a symlink it this package's output. - (symlink bash (string-append out "/bash")) - (setenv "PATH" out) - (wrap-program foo `("GUIX_FOO" prefix ("hello"))) - (wrap-program foo `("GUIX_BAR" prefix ("world"))) - #t)))) - (inputs `(("bash" ,(search-bootstrap-binary "bash" - (%current-system))))))) - (d (package-derivation %store p))) - - ;; The bootstrap Bash is linked against an old libc and would abort with - ;; an assertion failure when trying to load incompatible locale data. - (unsetenv "LOCPATH") - - (and (build-derivations %store (pk 'drv d (list d))) - (let* ((p (derivation->output-path d)) - (foo (string-append p "/foo")) - (pipe (open-input-pipe foo)) - (str (get-string-all pipe))) - (equal? str "hello world\n"))))) +(test-equal "wrap-program, one input, multiple calls" + "hello world\n" + (call-with-temporary-directory + (lambda (directory) + (let ((bash (search-bootstrap-binary "bash" (%current-system))) + (foo (string-append directory "/foo"))) + + (call-with-output-file foo + (lambda (p) + (format p + "#!~a~%echo \"${GUIX_FOO} ${GUIX_BAR}\"~%" + bash))) + (chmod foo #o777) + + ;; wrap-program uses `which' to find bash for the wrapper shebang, but + ;; it can't know about the bootstrap bash in the store, since it's not + ;; named "bash". Help it out a bit by providing a symlink it this + ;; package's output. + (setenv "PATH" (dirname bash)) + (wrap-program foo `("GUIX_FOO" prefix ("hello"))) + (wrap-program foo `("GUIX_BAR" prefix ("world"))) + + ;; The bootstrap Bash is linked against an old libc and would abort with + ;; an assertion failure when trying to load incompatible locale data. + (unsetenv "LOCPATH") + + (let* ((pipe (open-input-pipe foo)) + (str (get-string-all pipe))) + (with-directory-excursion directory + (for-each delete-file '("foo" ".foo-real"))) + (and (zero? (close-pipe pipe)) + str)))))) (test-end) |