diff options
Diffstat (limited to 'gnu/packages')
101 files changed, 1331 insertions, 6326 deletions
diff --git a/gnu/packages/acl.scm b/gnu/packages/acl.scm index ae6764993b..66e4c33fcc 100644 --- a/gnu/packages/acl.scm +++ b/gnu/packages/acl.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org> ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014 Andreas Enge <andreas@enge.fr> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -41,22 +42,32 @@ (sha256 (base32 "08qd9s3wfhv0ajswsylnfwr5h0d7j9d4rgip855nrh400nxp940p")) - (patches (search-patches "acl-hurd-path-max.patch")))) + (patches (search-patches "acl-fix-perl-regex.patch" + "acl-hurd-path-max.patch")))) (build-system gnu-build-system) (arguments - `(#:tests? #f ; FIXME: Investigate test suite failures - #:test-target "tests" + `(#:test-target "tests" #:phases - (alist-cons-after - 'build 'patch-exec-bin-sh - (lambda _ - (substitute* "test/run" - (("/bin/sh") (which "sh")))) - (alist-replace - 'install - (lambda _ - (zero? (system* "make" "install" "install-lib" "install-dev"))) - %standard-phases)))) + (modify-phases %standard-phases + (add-after 'build 'patch-exec-bin-sh + (lambda _ + (substitute* "test/run" + (("/bin/sh") (which "sh"))) + #t)) + (add-before 'check 'patch-tests + (lambda _ + ;; The coreutils do not have an ACL bit to remove from their + ;; output, so the sed expression that removes the bit is disabled. + (substitute* "test/sbits-restore.test" + (("\\| sed.*'") "")) + ;; These tests require the existence of a user named "bin", but + ;; this user does not exist within Guix's build environment. + (for-each (lambda (file) + (delete-file (string-append "test/" file))) + '("setfacl-X.test" "cp.test" "misc.test")))) + (replace 'install + (lambda _ + (zero? (system* "make" "install" "install-lib" "install-dev"))))))) (inputs `(("attr" ,attr))) (native-inputs `(("gettext" ,gettext-minimal) diff --git a/gnu/packages/augeas.scm b/gnu/packages/augeas.scm index 077105155c..6939e4147f 100644 --- a/gnu/packages/augeas.scm +++ b/gnu/packages/augeas.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -38,7 +39,17 @@ version ".tar.gz")) (sha256 (base32 - "1yf93fqwav1zsl8dpyfkf0g11w05mmfckqy6qsjy5zkklnspbkv5")))) + "1yf93fqwav1zsl8dpyfkf0g11w05mmfckqy6qsjy5zkklnspbkv5")) + (modules '((guix build utils))) + (snippet + '(begin + ;; The gnulib test-lock test is prone to writer starvation + ;; with our glibc@2.25, which prefers readers, so disable it. + ;; The gnulib commit b20e8afb0b2 should fix this once + ;; incorporated here. + (substitute* "gnulib/tests/Makefile.in" + (("test-lock\\$\\(EXEEXT\\) ") "")) + #t)))) (build-system gnu-build-system) ;; Marked as "required" in augeas.pc (propagated-inputs diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm index 8a906a7d4a..b45800f0a1 100644 --- a/gnu/packages/autotools.scm +++ b/gnu/packages/autotools.scm @@ -238,21 +238,18 @@ output is indexed in many ways to simplify browsing.") (license gpl3+))) (define-public automake - ;; Replace with 'automake/latest' on the next rebuild cycle. (package (name "automake") - (version "1.15") + (version "1.15.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/automake/automake-" version ".tar.xz")) (sha256 (base32 - "0dl6vfi2lzz8alnklwxzfz624b95hb1ipjvd3mk177flmddcf24r")) + "1bzd9g32dfm4rsbw93ld9x7b5nc1y6i4m6zp032qf1i28a8s6sxg")) (patches - (search-patches "automake-regexp-syntax.patch" - "automake-skip-amhello-tests.patch" - "automake-test-gzip-warning.patch")))) + (search-patches "automake-skip-amhello-tests.patch")))) (build-system gnu-build-system) (native-inputs `(("autoconf" ,(autoconf-wrapper)) @@ -267,47 +264,47 @@ output is indexed in many ways to simplify browsing.") (srfi srfi-1) (srfi srfi-26) (rnrs io ports)) - #:phases (alist-cons-before - 'patch-source-shebangs 'patch-tests-shebangs - (lambda _ - (let ((sh (which "sh"))) - (substitute* (find-files "t" "\\.(sh|tap)$") - (("#![[:blank:]]?/bin/sh") - (string-append "#!" sh))) + #:phases + (modify-phases %standard-phases + (add-before 'patch-source-shebangs 'patch-tests-shebangs + (lambda _ + (let ((sh (which "sh"))) + (substitute* (find-files "t" "\\.(sh|tap)$") + (("#![[:blank:]]?/bin/sh") + (string-append "#!" sh))) - ;; Set these variables for all the `configure' runs - ;; that occur during the test suite. - (setenv "SHELL" sh) - (setenv "CONFIG_SHELL" sh))) + ;; Set these variables for all the `configure' runs + ;; that occur during the test suite. + (setenv "SHELL" sh) + (setenv "CONFIG_SHELL" sh) + #t))) - ;; Files like `install-sh', `mdate.sh', etc. must use - ;; #!/bin/sh, otherwise users could leak erroneous shebangs - ;; in the wild. See <http://bugs.gnu.org/14201> for an - ;; example. - (alist-cons-after - 'install 'unpatch-shebangs - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (dir (string-append out "/share"))) - (define (starts-with-shebang? file) - (equal? (call-with-input-file file - (lambda (p) - (list (get-u8 p) (get-u8 p)))) - (map char->integer '(#\# #\!)))) + ;; Files like `install-sh', `mdate.sh', etc. must use + ;; #!/bin/sh, otherwise users could leak erroneous shebangs + ;; in the wild. See <http://bugs.gnu.org/14201> for an + ;; example. + (add-after 'install 'unpatch-shebangs + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (dir (string-append out "/share"))) + (define (starts-with-shebang? file) + (equal? (call-with-input-file file + (lambda (p) + (list (get-u8 p) (get-u8 p)))) + (map char->integer '(#\# #\!)))) - (for-each (lambda (file) - (when (and (starts-with-shebang? file) - (executable-file? file)) - (format #t "restoring shebang on `~a'~%" - file) - (substitute* file - (("^#!.*/bin/sh") - "#!/bin/sh") - (("^#!.*/bin/env(.*)$" _ args) - (string-append "#!/usr/bin/env" - args))))) - (find-files dir ".*")))) - %standard-phases)))) + (for-each (lambda (file) + (when (and (starts-with-shebang? file) + (executable-file? file)) + (format #t "restoring shebang on `~a'~%" + file) + (substitute* file + (("^#!.*/bin/sh") + "#!/bin/sh") + (("^#!.*/bin/env(.*)$" _ args) + (string-append "#!/usr/bin/env" + args))))) + (find-files dir ".*")))))))) (home-page "https://www.gnu.org/software/automake/") (synopsis "Making GNU standards-compliant Makefiles") (description @@ -317,22 +314,6 @@ intuitive format and then Automake works with Autoconf to produce a robust Makefile, simplifying the entire process for the developer.") (license gpl2+))) ; some files are under GPLv3+ - -(define-public automake/latest - ;; Merge with 'automake' on the next rebuild cycle. - (package - (inherit automake) - (version "1.15.1") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/automake/automake-" - version ".tar.xz")) - (sha256 - (base32 - "1bzd9g32dfm4rsbw93ld9x7b5nc1y6i4m6zp032qf1i28a8s6sxg")) - (patches - (search-patches "automake-skip-amhello-tests.patch")))))) - (define-public libtool (package (name "libtool") @@ -410,11 +391,9 @@ complexity of working with shared libraries across platforms.") (build-system gnu-build-system) (arguments '(#:configure-flags '("--enable-ltdl-install") ;really install it - #:phases (alist-cons-before - 'configure 'change-directory - (lambda _ - (chdir "libltdl")) - %standard-phases))) + #:phases (modify-phases %standard-phases + (add-before 'configure 'change-directory + (lambda _ (chdir "libltdl") #t))))) (synopsis "System-independent dlopen wrapper of GNU libtool") (description (package-description libtool)) diff --git a/gnu/packages/avahi.scm b/gnu/packages/avahi.scm index 73e63ab0dc..94af0a1be3 100644 --- a/gnu/packages/avahi.scm +++ b/gnu/packages/avahi.scm @@ -33,7 +33,7 @@ (define-public avahi (package (name "avahi") - (version "0.6.31") + (version "0.7") (home-page "http://avahi.org") (source (origin (method url-fetch) @@ -41,7 +41,7 @@ version ".tar.gz")) (sha256 (base32 - "0j5b5ld6bjyh3qhd2nw0jb84znq0wqai7fsrdzg7bpg24jdp2wl3")) + "0128n7jlshw4bpx0vg8lwj8qwdisjxi7mvniwfafgnkzzrfrpaap")) (patches (search-patches "avahi-localstatedir.patch")))) (build-system gnu-build-system) (arguments diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index f021aa83d8..2ee0d5336b 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net> ;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017 Christopher Allan Webber <cwebber@dustycloud.org> ;;; ;;; This file is part of GNU Guix. @@ -188,16 +189,16 @@ backups (called chunks) to allow easy burning to CD/DVD.") (define-public libarchive (package (name "libarchive") - (replacement libarchive-3.3.2) - (version "3.3.1") + (version "3.3.2") (source (origin (method url-fetch) (uri (string-append "http://libarchive.org/downloads/libarchive-" version ".tar.gz")) + (patches (search-patches "libarchive-CVE-2017-14166.patch")) (sha256 (base32 - "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9")))) + "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd")))) (build-system gnu-build-system) ;; TODO: Add -L/path/to/nettle in libarchive.pc. (inputs @@ -209,26 +210,25 @@ backups (called chunks) to allow easy burning to CD/DVD.") ("xz" ,xz))) (arguments `(#:phases - (alist-cons-before - 'build 'patch-pwd - (lambda _ - (substitute* "Makefile" - (("/bin/pwd") (which "pwd")))) - (alist-replace - 'check - (lambda _ - ;; XXX: The test_owner_parse, test_read_disk, and - ;; test_write_disk_lookup tests expect user 'root' to exist, but - ;; the chroot's /etc/passwd doesn't have it. Turn off those tests. - ;; - ;; The tests allow one to disable tests matching a globbing pattern. - (and (zero? (system* "make" - "libarchive_test" "bsdcpio_test" "bsdtar_test")) - ;; XXX: This glob disables too much. - (zero? (system* "./libarchive_test" "^test_*_disk*")) - (zero? (system* "./bsdcpio_test" "^test_owner_parse")) - (zero? (system* "./bsdtar_test")))) - %standard-phases)) + (modify-phases %standard-phases + (add-before 'build 'patch-pwd + (lambda _ + (substitute* "Makefile" + (("/bin/pwd") (which "pwd"))) + #t)) + (replace 'check + (lambda _ + ;; XXX: The test_owner_parse, test_read_disk, and + ;; test_write_disk_lookup tests expect user 'root' to exist, but + ;; the chroot's /etc/passwd doesn't have it. Turn off those tests. + ;; + ;; The tests allow one to disable tests matching a globbing pattern. + (and (zero? (system* "make" + "libarchive_test" "bsdcpio_test" "bsdtar_test")) + ;; XXX: This glob disables too much. + (zero? (system* "./libarchive_test" "^test_*_disk*")) + (zero? (system* "./bsdcpio_test" "^test_owner_parse")) + (zero? (system* "./bsdtar_test")))))) ;; libarchive/test/test_write_format_gnutar_filenames.c needs to be ;; compiled with C99 or C11 or a gnu variant. #:configure-flags '("CFLAGS=-O2 -g -std=c99"))) @@ -244,20 +244,6 @@ archive. In particular, note that there is currently no built-in support for random access nor for in-place modification.") (license license:bsd-2))) -(define libarchive-3.3.2 - (package - (inherit libarchive) - (version "3.3.2") - (source - (origin - (method url-fetch) - (uri (string-append "http://libarchive.org/downloads/libarchive-" - version ".tar.gz")) - (patches (search-patches "libarchive-CVE-2017-14166.patch")) - (sha256 - (base32 - "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd")))))) - (define-public rdup (package (name "rdup") @@ -541,9 +527,7 @@ detection, and lossless compression.") (native-inputs `(("python-cython" ,python-cython) ("python-setuptools-scm" ,python-setuptools-scm) - ;; Borg 1.0.8's test suite uses 'tmpdir_factory', which was introduced in - ;; pytest 2.8. - ("python-pytest" ,python-pytest-3.0) + ("python-pytest" ,python-pytest) ;; For generating the documentation. ("python-sphinx" ,python-sphinx) ("python-guzzle-sphinx-theme" ,python-guzzle-sphinx-theme))) diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 9cb628d8d7..776a995106 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -10,6 +10,7 @@ ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -81,16 +82,15 @@ command-line arguments, multiple languages, and so on.") (define-public grep (package (name "grep") - (version "3.0") + (version "3.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/grep/grep-" version ".tar.xz")) (sha256 (base32 - "1dcasjp3a578nrvzrcn38mpizb8w1q6mvfzhjmcqqgkf0nsivj72")) - (patches (search-patches "grep-timing-sensitive-test.patch" - "grep-gnulib-lock.patch")))) + "0zm0ywmyz9g8vn1plw14mn8kj74yipx5qsljndbyfgmvndx5qqnv")) + (patches (search-patches "grep-timing-sensitive-test.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) ;some of the tests require it (arguments @@ -263,11 +263,17 @@ interactive means to merge two files.") "178nn4dl7wbcw499czikirnkniwnx36argdnqgz4ik9i6zvwkm6y")) (patches (search-patches "findutils-localstatedir.patch" - "findutils-test-xargs.patch" - ;; test-lock has performance issues on multi-core - ;; machines, it hangs or takes a long time to complete. - ;; This is a commit from gnulib to fix this issue. - "findutils-gnulib-multi-core.patch")))) + "findutils-test-xargs.patch")) + (modules '((guix build utils))) + (snippet + '(begin + ;; The gnulib test-lock test is prone to writer starvation + ;; with our glibc@2.25, which prefers readers, so disable it. + ;; The gnulib commit b20e8afb0b2 should fix this once + ;; incorporated here. + (substitute* "tests/Makefile.in" + (("test-lock\\$\\(EXEEXT\\) ") "")) + #t)))) (build-system gnu-build-system) (arguments `(#:configure-flags (list @@ -293,15 +299,14 @@ used to apply commands with arbitrarily long arguments.") (define-public coreutils (package (name "coreutils") - (version "8.27") + (version "8.28") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/coreutils/coreutils-" version ".tar.xz")) (sha256 (base32 - "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8")) - (patches (search-patches "coreutils-cut-huge-range-test.patch")))) + "0r8c1bgm68kl70j1lgd0rv12iykw6143k4m9a56xip9rc2hv25qi")))) (build-system gnu-build-system) (inputs `(("acl" ,acl) ; TODO: add SELinux ("gmp" ,gmp) ;bignums in 'expr', yay! @@ -322,21 +327,18 @@ used to apply commands with arbitrarily long arguments.") (outputs '("out" "debug")) (arguments `(#:parallel-build? #f ; help2man may be called too early - #:phases (alist-cons-before - 'build 'patch-shell-references - (lambda* (#:key inputs #:allow-other-keys) - (let ((bash (assoc-ref inputs "bash"))) - ;; 'split' uses either $SHELL or /bin/sh. Set $SHELL so - ;; that tests pass, since /bin/sh isn't in the chroot. - (setenv "SHELL" (which "sh")) - - (substitute* (find-files "gnulib-tests" "\\.c$") - (("/bin/sh") - (format #f "~a/bin/sh" bash))) - (substitute* (find-files "tests" "\\.sh$") - (("#!/bin/sh") - (format #f "#!~a/bin/sh" bash))))) - %standard-phases))) + #:phases (modify-phases %standard-phases + (add-before 'build 'patch-shell-references + (lambda _ + ;; 'split' uses either $SHELL or /bin/sh. Set $SHELL so + ;; that tests pass, since /bin/sh isn't in the chroot. + (setenv "SHELL" (which "sh")) + + (substitute* (find-files "gnulib-tests" "\\.c$") + (("/bin/sh") (which "sh"))) + (substitute* (find-files "tests" "\\.sh$") + (("#!/bin/sh") (which "sh"))) + #t))))) (synopsis "Core GNU utilities (file, text, shell)") (description "GNU Coreutils includes all of the basic command-line tools that are @@ -394,16 +396,15 @@ change. GNU make offers many powerful extensions over the standard utility.") (define-public binutils (package - (replacement binutils/fixed) (name "binutils") - (version "2.28") + (version "2.28.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/binutils/binutils-" version ".tar.bz2")) (sha256 (base32 - "0wiasgns7i8km8nrxas265sh2dfpsw93b3qw195ipc90w4z475v2")) + "1sj234nd05cdgga1r36zalvvdkvpfbr12g5mir2n8i1dwsdrj939")) (patches (search-patches "binutils-ld-new-dtags.patch" "binutils-loongson-workaround.patch")))) (build-system gnu-build-system) @@ -436,19 +437,6 @@ included.") (license gpl3+) (home-page "https://www.gnu.org/software/binutils/"))) -(define binutils/fixed - (package - (inherit binutils) - ;; 2.28.1 is two characters longer than 2.28, so grafting fails due to - ;; mismatched lengths of filenames, so we have to force it to the same length. - (version "2281") - (source - (origin (inherit (package-source binutils)) - (uri "mirror://gnu/binutils/binutils-2.28.1.tar.bz2") - (sha256 - (base32 - "1sj234nd05cdgga1r36zalvvdkvpfbr12g5mir2n8i1dwsdrj939")))))) - (define* (make-ld-wrapper name #:key (target (const #f)) binutils @@ -527,15 +515,26 @@ store.") (define-public glibc/linux (package (name "glibc") - (version "2.25") - (replacement glibc/fixed) + ;; Glibc has stable branches that continuously pick fixes for each supported + ;; release. Unfortunately they do not do point-releases, so we are stuck + ;; with copying almost all patches, or use a snapshot of the release branch. + ;; + ;; This version number corresponds to the output of `git describe` and the + ;; archive can be generated by checking out the commit ID and running: + ;; git archive --prefix=$(git describe)/ HEAD | xz > $(git describe).tar.xz + ;; See <https://bugs.gnu.org/29406> for details. + ;; + ;; Note: Always use a dot after the minor version since various places rely + ;; on "version-major+minor" to determine where locales are found. + (version "2.26.105-g0890d5379c") (source (origin (method url-fetch) - (uri (string-append "mirror://gnu/glibc/glibc-" - version ".tar.xz")) + (uri (string-append "https://alpha.gnu.org/gnu/guix/mirror/" + "glibc-" (version-major+minor version) "-" + (caddr (string-split version #\.)) ".tar.xz")) (sha256 (base32 - "1813dzkgw6v8q8q1m4v96yfis7vjqc9pslqib6j9mrwh6fxxjyq6")) + "1jck0c1i248sn02rvsfjykk77qncma34bjq89dyy2irwm50d7s3g")) (snippet ;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is ;; required on LFS distros to avoid loading the distro's libc.so @@ -546,19 +545,15 @@ store.") (modules '((guix build utils))) (patches (search-patches "glibc-ldd-x86_64.patch" "glibc-versioned-locpath.patch" - "glibc-o-largefile.patch" - "glibc-memchr-overflow-i686.patch" - "glibc-vectorized-strcspn-guards.patch" - "glibc-CVE-2017-1000366-pt1.patch" - "glibc-CVE-2017-1000366-pt2.patch" - "glibc-CVE-2017-1000366-pt3.patch")))) + "glibc-o-largefile.patch")))) (build-system gnu-build-system) ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc ;; users should automatically pull Linux headers as well. (propagated-inputs `(("kernel-headers" ,linux-libre-headers))) - (outputs '("out" "debug")) + (outputs '("out" "debug" + "static")) ;9 MiB of .a files (arguments `(#:out-of-source? #t @@ -569,6 +564,11 @@ store.") ;; RUNPATH checks. #:validate-runpath? #f + #:modules ((ice-9 ftw) + (srfi srfi-26) + (guix build utils) + (guix build gnu-build-system)) + #:configure-flags (list "--enable-add-ons" "--sysconfdir=/etc" @@ -589,7 +589,7 @@ store.") ;; `--localedir' is not honored, so work around it. ;; See <http://sourceware.org/ml/libc-alpha/2013-03/msg00093.html>. (string-append "libc_cv_complocaledir=/run/current-system/locale/" - ,version) + ,(version-major+minor version)) (string-append "--with-headers=" (assoc-ref ,(if (%current-target-system) @@ -598,10 +598,10 @@ store.") "kernel-headers") "/include") - ;; This is the default for most architectures as of GNU libc 2.21, + ;; This is the default for most architectures as of GNU libc 2.26, ;; but we specify it explicitly for clarity and consistency. See ;; "kernel-features.h" in the GNU libc for details. - "--enable-kernel=2.6.32" + "--enable-kernel=3.2.0" ;; Use our Bash instead of /bin/sh. (string-append "BASH_SHELL=" @@ -673,7 +673,46 @@ store.") ;; "bilingual" eval/exec magic at the top of the file. "") (("exec @PERL@") - "exec perl")))))))) + "exec perl"))))) + + (add-after 'install 'move-static-libs + (lambda* (#:key outputs #:allow-other-keys) + ;; Move static libraries to the "static" output. + (define (static-library? file) + ;; Return true if FILE is a static library. The + ;; "_nonshared.a" files are referred to by libc.so, + ;; libpthread.so, etc., which are in fact linker + ;; scripts. + (and (string-suffix? ".a" file) + (not (string-contains file "_nonshared")))) + + (define (linker-script? file) + ;; Guess whether FILE, a ".a" file, is actually a + ;; linker script. + (and (not (ar-file? file)) + (not (elf-file? file)))) + + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (files (scandir lib static-library?)) + (static (assoc-ref outputs "static")) + (slib (string-append static "/lib"))) + (mkdir-p slib) + (for-each (lambda (base) + (rename-file (string-append lib "/" base) + (string-append slib "/" base))) + files) + + ;; Usually libm.a is a linker script so we need to + ;; change the file names in there to refer to STATIC + ;; instead of OUT. + (for-each (lambda (ld-script) + (substitute* ld-script + ((out) static))) + (filter linker-script? + (map (cut string-append slib "/" <>) + files))) + #t)))))) (inputs `(("static-bash" ,static-bash))) @@ -787,17 +826,29 @@ GLIBC/HURD for a Hurd host" (define-syntax glibc (identifier-syntax (glibc-for-target))) -(define glibc/fixed +;; Below are old libc versions, which we use mostly to build locale data in +;; the old format (which the new libc cannot cope with.) + +(define-public glibc-2.25 (package (inherit glibc) + (version "2.25") (source (origin (inherit (package-source glibc)) - (patches (append - (origin-patches (package-source glibc)) - (search-patches "glibc-CVE-2017-15670-15671.patch"))))))) - -;; Below are old libc versions, which we use mostly to build locale data in -;; the old format (which the new libc cannot cope with.) + (uri (string-append "mirror://gnu/glibc/glibc-" + version ".tar.xz")) + (sha256 + (base32 + "1813dzkgw6v8q8q1m4v96yfis7vjqc9pslqib6j9mrwh6fxxjyq6")) + (patches (search-patches "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch" + "glibc-vectorized-strcspn-guards.patch" + "glibc-CVE-2015-5180.patch" + "glibc-CVE-2017-15670-15671.patch" + "glibc-CVE-2017-1000366-pt1.patch" + "glibc-CVE-2017-1000366-pt2.patch" + "glibc-CVE-2017-1000366-pt3.patch")))))) (define-public glibc-2.24 (package @@ -908,7 +959,8 @@ the 'share/locale' sub-directory of this package.") (list (string-append "libc_cv_complocaledir=" (assoc-ref %outputs "out") "/lib/locale/" - ,(package-version glibc)))))))))) + ,(version-major+minor + (package-version glibc))))))))))) (define-public glibc-utf8-locales (package @@ -926,7 +978,7 @@ the 'share/locale' sub-directory of this package.") (gzip (assoc-ref %build-inputs "gzip")) (out (assoc-ref %outputs "out")) (localedir (string-append out "/lib/locale/" - ,version))) + ,(version-major+minor version)))) ;; 'localedef' needs 'gzip'. (setenv "PATH" (string-append libc "/bin:" gzip "/bin")) @@ -1023,7 +1075,7 @@ command.") (define-public tzdata (package (name "tzdata") - (version "2017b") + (version "2017c") (source (origin (method url-fetch) (uri (string-append @@ -1031,7 +1083,7 @@ command.") version ".tar.gz")) (sha256 (base32 - "11l0s43vx33dcs78p80122i8s5s9l1sjwkzzwh66njd35r92l97q")))) + "02yrrfj0p7ar885ja41ylijzbr8wc6kz6kzlw8c670i9m693ym6n")))) (build-system gnu-build-system) (arguments '(#:tests? #f @@ -1079,7 +1131,7 @@ command.") version ".tar.gz")) (sha256 (base32 - "0h1d567gn8l3iqgyadcswwdy2yh07nhz3lfl8ds8saz2ajxka5sd")))))) + "1dvrq0b2hz7cjqdyd7x21wpy4qcng3rvysr61ij0c2g64fyb9s41")))))) (home-page "https://www.iana.org/time-zones") (synopsis "Database of current and historical time zones") (description "The Time Zone Database (often called tz or zoneinfo) @@ -1089,13 +1141,14 @@ reflect changes made by political bodies to time zone boundaries, UTC offsets, and daylight-saving rules.") (license public-domain))) -;;; A "fixed" version of tzdata, which is used in the test suites of -;;; glib and R. We can update this whenever we are able to rebuild -;;; thousands of packages (for example, in a core-updates rebuild). -(define-public tzdata-2017a - (package - (inherit tzdata) - (version "2017a") +;;; A "fixed" version of tzdata, which is used in the test suites of glib and R +;;; and a few other places. We can update this whenever we are able to rebuild +;;; thousands of packages (for example, in a core-updates rebuild). This package +;;; will typically be obsolete and should never be referred to by a built +;;; package. +(define-public tzdata-for-tests + (hidden-package (package (inherit tzdata) + (version "2017c") (source (origin (method url-fetch) @@ -1103,7 +1156,7 @@ and daylight-saving rules.") "/releases/tzdata" version ".tar.gz")) (sha256 (base32 - "1mmv4rvcs12lrvgghw4fidczvb69yv69cmzknghcvw1c196mqfnz")))) + "02yrrfj0p7ar885ja41ylijzbr8wc6kz6kzlw8c670i9m693ym6n")))) (inputs `(("tzcode" ,(origin (method url-fetch) (uri (string-append @@ -1111,7 +1164,7 @@ and daylight-saving rules.") version ".tar.gz")) (sha256 (base32 - "1b1q7gnlsh5hjgs5065pvajd37rmbc3k9b8cgzad1vcrifswdwh2")))))))) + "1dvrq0b2hz7cjqdyd7x21wpy4qcng3rvysr61ij0c2g64fyb9s41"))))))))) (define-public libiconv diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm index ca47227826..f9fda96bb2 100644 --- a/gnu/packages/bdw-gc.scm +++ b/gnu/packages/bdw-gc.scm @@ -91,15 +91,15 @@ C or C++ programs, though that is not its primary goal.") (define-public libatomic-ops (package (name "libatomic-ops") - (version "7.4.4") + (version "7.4.8") (source (origin (method url-fetch) (uri (string-append - "http://www.ivmaisoft.com/_bin/atomic_ops/libatomic_ops-" - version ".tar.gz")) + "https://github.com/ivmai/libatomic_ops/releases/download/v" + version "/libatomic_ops-" version ".tar.gz")) (sha256 (base32 - "13vg5fqwil17zpf4hj4h8rh3blzmym693lkdjgvwpgni1mh0l8dz")))) + "0sj3plzpbqgxrqpjq3w2zi3zxxqqps71ncdwk5s1k30i9d9da1f4")))) (build-system gnu-build-system) (outputs '("out" "debug")) (synopsis "Accessing hardware atomic memory update operations") diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm index ba733b3a9e..d1b03eb882 100644 --- a/gnu/packages/bootstrap.scm +++ b/gnu/packages/bootstrap.scm @@ -26,8 +26,10 @@ #:use-module (guix build-system) #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) - #:use-module ((guix store) #:select (add-to-store add-text-to-store)) - #:use-module ((guix derivations) #:select (derivation)) + #:use-module ((guix store) + #:select (run-with-store add-to-store add-text-to-store)) + #:use-module ((guix derivations) + #:select (derivation derivation->output-path)) #:use-module ((guix utils) #:select (gnu-triplet->nix-system)) #:use-module ((guix build utils) #:select (elf-file?)) #:use-module (guix memoization) @@ -38,6 +40,8 @@ package-with-bootstrap-guile glibc-dynamic-linker + bootstrap-guile-origin + %bootstrap-guile %bootstrap-coreutils&co %bootstrap-binutils @@ -191,6 +195,56 @@ successful, or false to signal an error." ;;; Bootstrap packages. ;;; +(define %bootstrap-base-urls + ;; This is where the initial binaries come from. + '("https://alpha.gnu.org/gnu/guix/bootstrap" + "http://alpha.gnu.org/gnu/guix/bootstrap" + "ftp://alpha.gnu.org/gnu/guix/bootstrap" + "http://www.fdn.fr/~lcourtes/software/guix/packages" + "http://flashner.co.il/guix/bootstrap")) + +(define (bootstrap-guile-url-path system) + "Return the URI for FILE." + (string-append "/" system + (match system + ("aarch64-linux" + "/20170217/guile-2.0.14.tar.xz") + ("armhf-linux" + "/20150101/guile-2.0.11.tar.xz") + (_ + "/20131110/guile-2.0.9.tar.xz")))) + +(define (bootstrap-guile-hash system) + "Return the SHA256 hash of the Guile bootstrap tarball for SYSTEM." + (match system + ("x86_64-linux" + (base32 "1w2p5zyrglzzniqgvyn1b55vprfzhgk8vzbzkkbdgl5248si0yq3")) + ("i686-linux" + (base32 "0im800m30abgh7msh331pcbjvb4n02smz5cfzf1srv0kpx3csmxp")) + ("mips64el-linux" + (base32 "0fzp93lvi0hn54acc0fpvhc7bvl0yc853k62l958cihk03q80ilr")) + ("armhf-linux" + (base32 "1mi3brl7l58aww34rawhvja84xc7l1b4hmwdmc36fp9q9mfx0lg5")) + ("aarch64-linux" + (base32 "1giy2aprjmn5fp9c4s9r125fljw4wv6ixy5739i5bffw4jgr0f9r")))) + +(define (bootstrap-guile-origin system) + "Return an <origin> object for the Guile tarball of SYSTEM." + (origin + (method url-fetch) + (uri (map (cute string-append <> (bootstrap-guile-url-path system)) + %bootstrap-base-urls)) + (sha256 (bootstrap-guile-hash system)))) + +(define (download-bootstrap-guile store system) + "Return a derivation that downloads the bootstrap Guile tarball for SYSTEM." + (let* ((path (bootstrap-guile-url-path system)) + (base (basename path)) + (urls (map (cut string-append <> path) %bootstrap-base-urls))) + (run-with-store store + (url-fetch urls 'sha256 (bootstrap-guile-hash system) + #:system system)))) + (define* (raw-build store name inputs #:key outputs system search-paths #:allow-other-keys) @@ -205,13 +259,7 @@ successful, or false to signal an error." (xz (->store "xz")) (mkdir (->store "mkdir")) (bash (->store "bash")) - (guile (->store (match system - ("armhf-linux" - "guile-2.0.11.tar.xz") - ("aarch64-linux" - "guile-2.0.14.tar.xz") - (_ - "guile-2.0.9.tar.xz")))) + (guile (download-bootstrap-guile store system)) ;; The following code, run by the bootstrap guile after it is ;; unpacked, creates a wrapper for itself to set its load path. ;; This replaces the previous non-portable method based on @@ -246,7 +294,7 @@ exec -a \"~a0\" ~a \"~a@\"\n" echo \"unpacking bootstrap Guile to '$out'...\" ~a $out cd $out -~a -dc < ~a | ~a xv +~a -dc < $GUILE_TARBALL | ~a xv # Use the bootstrap guile to create its own wrapper to set the load path. GUILE_SYSTEM_PATH=$out/share/guile/2.0 \ @@ -255,14 +303,16 @@ $out/bin/guile -c ~s $out ~a # Sanity check. $out/bin/guile --version~%" - mkdir xz guile tar + mkdir xz tar (format #f "~s" make-guile-wrapper) bash) - (list mkdir xz guile tar bash)))) + (list mkdir xz tar bash)))) (derivation store name bash `(,builder) #:system system - #:inputs `((,bash) (,builder))))) + #:inputs `((,bash) (,builder) (,guile)) + #:env-vars `(("GUILE_TARBALL" + . ,(derivation->output-path guile)))))) (define* (make-raw-bag name #:key source inputs native-inputs outputs @@ -294,13 +344,6 @@ $out/bin/guile --version~%" (home-page #f) (license lgpl3+)))) -(define %bootstrap-base-urls - ;; This is where the initial binaries come from. - '("ftp://alpha.gnu.org/gnu/guix/bootstrap" - "http://alpha.gnu.org/gnu/guix/bootstrap" - "http://www.fdn.fr/~lcourtes/software/guix/packages" - "http://flashner.co.il/guix/bootstrap")) - (define %bootstrap-coreutils&co (package-from-tarball "bootstrap-binaries" (lambda (system) diff --git a/gnu/packages/calcurse.scm b/gnu/packages/calcurse.scm index 44e90448cd..93eeaf0ee6 100644 --- a/gnu/packages/calcurse.scm +++ b/gnu/packages/calcurse.scm @@ -40,7 +40,7 @@ "0il0y06akdqgy0f9p40m4x6arn66nh7sr1w1i41bszycs7div266")))) (build-system gnu-build-system) (inputs `(("ncurses" ,ncurses))) - (native-inputs `(("tzdata" ,tzdata-2017a))) + (native-inputs `(("tzdata" ,tzdata-for-tests))) (arguments ;; The ical tests all want to create a ".calcurse" directory, and may ;; fail with "cannot create directory '.calcurse': File exists" if run @@ -49,7 +49,7 @@ ;; Since this tzdata is only used for tests and not referenced by the ;; built package, used the "fixed" obsolete version of tzdata and ensure ;; it does not sneak in to the closure. - #:disallowed-references (,tzdata-2017a) + #:disallowed-references (,tzdata-for-tests) #:phases (modify-phases %standard-phases (add-before 'check 'check-setup (lambda* (#:key inputs #:allow-other-keys) diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm index 159e606a24..0f5cabd628 100644 --- a/gnu/packages/calendar.scm +++ b/gnu/packages/calendar.scm @@ -120,8 +120,7 @@ data units.") "not test_printics_read_from_stdin " "and not test_import_from_stdin")))))))) (native-inputs - ;; XXX Uses tmpdir_factory, introduced in pytest 2.8. - `(("python-pytest" ,python-pytest-3.0) + `(("python-pytest" ,python-pytest) ("python-pytest-cov" ,python-pytest-cov) ("python-setuptools-scm" ,python-setuptools-scm) ;; Required for tests diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm index 5a926eb596..4f24335d6b 100644 --- a/gnu/packages/check.scm +++ b/gnu/packages/check.scm @@ -64,15 +64,15 @@ (define-public check (package (name "check") - (version "0.10.0") + (version "0.12.0") (source (origin (method url-fetch) - (uri (string-append "https://github.com/libcheck/check/files/71408/" - "/check-" version ".tar.gz")) + (uri (string-append "https://github.com/libcheck/check/releases/download/" + version "/check-" version ".tar.gz")) (sha256 (base32 - "0lhhywf5nxl3dd0hdakra3aasl590756c9kmvyifb3vgm9k0gxgm")))) + "0d22h8xshmbpl9hba9ch3xj8vb9ybm5akpsbbh7yj07fic4h2hj6")))) (build-system gnu-build-system) (home-page "https://libcheck.github.io/check/") (synopsis "Unit test framework for C") @@ -85,20 +85,6 @@ faults or other signals. The output from unit tests can be used within source code editors and IDEs.") (license license:lgpl2.1+))) -;; XXX: Some packages require this newer version. Incorporate this -;; into the main 'check' package during the next rebuild cycle. -(define-public check-0.11.0 - (package - (inherit check) - (version "0.11.0") - (source (origin - (method url-fetch) - (uri (string-append "https://github.com/libcheck/check/releases" - "/download/" version "/check-" version ".tar.gz")) - (sha256 - (base32 - "05jn1pgb7hqb937xky2147nnq3r4qy5wwr79rddpax3bms5a9xr4")))))) - (define-public cunit (package (name "cunit") @@ -356,45 +342,43 @@ for every Python test framework. It supports nose, py.test, and unittest.") (define-public python-mock (package (name "python-mock") - (version "1.0.1") + (version "2.0.0") (source (origin (method url-fetch) (uri (pypi-uri "mock" version)) (sha256 (base32 - "0kzlsbki6q0awf89rc287f3aj8x431lrajf160a70z0ikhnxsfdq")))) + "1flbpksir5sqrvq2z0dp8sl4bzbadg21sj4d42w3klpdfvgvcn5i")))) + (propagated-inputs + `(("python-pbr" ,python-pbr-minimal) + ("python-six" ,python-six))) (build-system python-build-system) - (arguments '(#:test-target "check")) + (native-inputs + `(("python-unittest2" ,python-unittest2))) + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'check + (lambda _ + (zero? (system* "unit2"))))))) (home-page "https://github.com/testing-cabal/mock") (synopsis "Python mocking and patching library for testing") (description "Mock is a library for testing in Python. It allows you to replace parts of your system under test with mock objects and make assertions about how they have been used.") + (properties `((python2-variant . ,(delay python2-mock)))) (license license:expat))) (define-public python2-mock - (package-with-python2 python-mock)) - -;;; Some packages (notably, certbot and python-acme) rely on this newer version -;;; of python-mock. However, a large number of packages fail to build with -;;; mock@2, so we add a new variable for now. Also, there may be a dependency -;;; cycle between mock and six, so we avoid creating python2-mock@2 for now. -(define-public python-mock-2 - (package - (inherit python-mock) - (version "2.0.0") - (source - (origin - (method url-fetch) - (uri (pypi-uri "mock" version)) - (sha256 - (base32 - "1flbpksir5sqrvq2z0dp8sl4bzbadg21sj4d42w3klpdfvgvcn5i")))) - (propagated-inputs - `(("python-pbr" ,python-pbr-minimal) - ,@(package-propagated-inputs python-mock))))) + (let ((base (package-with-python2 + (strip-python2-variant python-mock)))) + (package (inherit base) + (propagated-inputs + `(("python2-functools32" ,python2-functools32) + ("python2-funcsigs" ,python2-funcsigs) + ,@(package-propagated-inputs base)))))) (define-public python-nose (package @@ -451,17 +435,27 @@ interfaces and processes.") (define-public python-unittest2 (package (name "python-unittest2") - (version "0.5.1") + (version "1.1.0") (source (origin (method url-fetch) - (uri (string-append - "https://pypi.python.org/packages/source/u/unittest2py3k/unittest2py3k-" - version ".tar.gz")) + (uri (pypi-uri "unittest2" version)) + (patches + (search-patches "python-unittest2-python3-compat.patch" + "python-unittest2-remove-argparse.patch")) (sha256 (base32 - "00yl6lskygcrddx5zspkhr0ibgvpknl4678kkm6s626539grq93q")))) + "0y855kmx7a8rnf81d3lh5lyxai1908xjp0laf4glwa4c8472m212")))) (build-system python-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (replace 'check + (lambda _ + (zero? (system* "python" "-m" "unittest2" "discover" "--verbose"))))))) + (propagated-inputs + `(("python-six" ,python-six) + ("python-traceback2" ,python-traceback2))) (home-page "http://pypi.python.org/pypi/unittest2") (synopsis "Python unit testing library") (description @@ -470,54 +464,44 @@ standard library.") (license license:psfl))) (define-public python2-unittest2 - (package (inherit python-unittest2) - (name "python2-unittest2") - (version "1.1.0") - (source - (origin - (method url-fetch) - (uri (string-append - "https://pypi.python.org/packages/source/u/unittest2/unittest2-" - version ".tar.gz")) - (sha256 - (base32 - "0y855kmx7a8rnf81d3lh5lyxai1908xjp0laf4glwa4c8472m212")) - (patches - (search-patches "python2-unittest2-remove-argparse.patch")))) - (propagated-inputs - `(("python2-six" ,python2-six) - ("python2-traceback2" ,python2-traceback2))) - (arguments - `(#:python ,python-2 - #:tests? #f)))) ; no setup.py test command + (package-with-python2 python-unittest2)) (define-public python-pytest (package (name "python-pytest") - (version "2.7.3") + (version "3.2.3") (source (origin (method url-fetch) - (uri (string-append - "https://pypi.python.org/packages/source/p/pytest/pytest-" - version ".tar.gz")) + (uri (pypi-uri "pytest" version)) (sha256 (base32 - "1z4yi986f9n0p8qmzmn21m21m8j1x78hk3505f89baqm6pdw7afm")) - (modules '((guix build utils))) - (snippet - ;; One of the tests involves the /usr directory, so it fails. - '(substitute* "testing/test_argcomplete.py" - (("def test_remove_dir_prefix\\(self\\):") - "@pytest.mark.xfail\n def test_remove_dir_prefix(self):"))))) + "0g6w86ks73fnrnsyib9ii2rbyx830vn7aglsjqz9v1n2xwbndyi7")))) (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'check 'disable-invalid-tests + (lambda _ + ;; Some tests involves the /usr directory, and fails. + (substitute* "testing/test_argcomplete.py" + (("def test_remove_dir_prefix\\(self\\):") + "@pytest.mark.xfail\n def test_remove_dir_prefix(self):")) + (substitute* "testing/test_argcomplete.py" + (("def test_remove_dir_prefix" line) + (string-append "@pytest.mark.skip" + "(reason=\"Assumes that /usr exists.\")\n " + line))) + #t))))) (propagated-inputs `(("python-py" ,python-py))) (native-inputs `(;; Tests need the "regular" bash since 'bash-final' lacks `compgen`. ("bash" ,bash) + ("python-hypothesis" ,python-hypothesis) ("python-nose" ,python-nose) - ("python-mock" ,python-mock))) + ("python-mock" ,python-mock) + ("python-setuptools-scm" ,python-setuptools-scm))) (home-page "http://pytest.org") (synopsis "Python testing library") (description @@ -529,41 +513,15 @@ and many external plugins.") (define-public python2-pytest (package-with-python2 python-pytest)) -;; Some packages require a newer pytest. -(define-public python-pytest-3.0 +(define-public python-pytest-bootstrap (package (inherit python-pytest) - (name "python-pytest") - (version "3.0.7") - (source (origin - (method url-fetch) - (uri (pypi-uri "pytest" version)) - (sha256 - (base32 - "1asc4b2nd2a4f0g3r12y97rslq5wliji7b73wwkvdrm5s7mrc1mp")))) - (arguments - `(#:phases - (modify-phases %standard-phases - (add-before 'check 'disable-invalid-test - (lambda _ - (substitute* "testing/test_argcomplete.py" - (("def test_remove_dir_prefix" line) - (string-append "@pytest.mark.skip" - "(reason=\"Assumes that /usr exists.\")\n " - line))) - #t))))) - (native-inputs - `(("python-hypothesis" ,python-hypothesis) - ,@(package-native-inputs python-pytest))) - (properties `((python2-variant . ,(delay python2-pytest-3.0)))))) + (name "python-pytest-bootstrap") + (native-inputs `(("python-setuptools-scm" ,python-setuptools-scm))) + (arguments `(#:tests? #f)))) -(define-public python2-pytest-3.0 - (let ((base (package-with-python2 - (strip-python2-variant python-pytest-3.0)))) - (package (inherit base) - (native-inputs - `(("python2-enum34" ,python2-enum34) - ,@(package-native-inputs base)))))) +(define-public python2-pytest-bootstrap + (package-with-python2 python-pytest-bootstrap)) (define-public python-pytest-cov (package @@ -625,7 +583,7 @@ supports coverage of subprocesses.") (string-append "version = \"" ,version "\""))) #t))))) (native-inputs - `(("python-pytest" ,python-pytest) + `(("python-pytest" ,python-pytest-bootstrap) ("python-setuptools-scm" ,python-setuptools-scm))) (home-page "https://github.com/pytest-dev/pytest-runner") (synopsis "Invoke py.test as a distutils command") @@ -950,14 +908,14 @@ have failed since the last commit or what tests are currently failing.") (define-public python-coverage (package (name "python-coverage") - (version "4.1") + (version "4.4.1") (source (origin (method url-fetch) (uri (pypi-uri "coverage" version)) (sha256 (base32 - "01rbr4br4lsk0lwn8fb96zwd2xr4f0mg1w7iq3j11i8f5ig2nqs1")))) + "097l4s3ssxm1vncsn0nw3a1pbzah28773q36c1ab9wz01r04973s")))) (build-system python-build-system) (arguments ;; FIXME: 95 tests failed, 539 passed, 6 skipped, 2 errors. @@ -1183,7 +1141,7 @@ normally the case.") (build-system python-build-system) (native-inputs `(("python-flake8" ,python-flake8) - ("python-pytest" ,python-pytest))) + ("python-pytest" ,python-pytest-bootstrap))) (synopsis "Library for property based testing") (description "Hypothesis is a library for testing your Python code against a much larger range of examples than you would ever want to write by hand. It’s @@ -1417,7 +1375,7 @@ recognize TestCases.") "0gf2dpahpl5igb7jh1sr9acj3z3gp7zahqdqb69nk6wx01c8kc1g")))) (build-system python-build-system) (propagated-inputs - `(("pytest" ,python-pytest-3.0))) + `(("pytest" ,python-pytest))) (home-page "https://github.com/fschulze/pytest-warnings") (synopsis "Pytest plugin to list Python warnings in pytest report") (description @@ -1441,7 +1399,7 @@ pytest report.") "038049nyjl7di59ycnxvc9nydivc5m8np3hqq84j2iirkccdbs5n")))) (build-system python-build-system) (propagated-inputs - `(("pytest" ,python-pytest-3.0))) + `(("pytest" ,python-pytest))) (home-page "http://bitbucket.org/memedough/pytest-capturelog/overview") (synopsis "Pytest plugin to catch log messages") (description @@ -1466,7 +1424,7 @@ pytest report.") (native-inputs `(("unzip" ,unzip))) (propagated-inputs - `(("pytest" ,python-pytest-3.0))) + `(("pytest" ,python-pytest))) (home-page "https://github.com/eisensheng/pytest-catchlog") (synopsis "Pytest plugin to catch log messages") (description diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 406a23b21c..f3afb28e18 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -113,7 +113,7 @@ (define file-boot0 (package-with-bootstrap-guile - (package-with-explicit-inputs (package/inherit file + (package-with-explicit-inputs (package (inherit file) (name "file-boot0")) `(("make" ,gnu-make-boot0) ,@%bootstrap-inputs) @@ -140,7 +140,7 @@ (define binutils-boot0 (package-with-bootstrap-guile - (package/inherit binutils + (package (inherit binutils) (name "binutils-cross-boot0") (arguments `(#:guile ,%bootstrap-guile @@ -149,23 +149,22 @@ #:modules ((guix build gnu-build-system) (guix build utils) (ice-9 ftw)) ; for 'scandir' - #:phases (alist-cons-after - 'install 'add-symlinks - (lambda* (#:key outputs #:allow-other-keys) - ;; The cross-gcc invokes 'as', 'ld', etc, without the - ;; triplet prefix, so add symlinks. - (let ((out (assoc-ref outputs "out")) - (triplet-prefix (string-append ,(boot-triplet) "-"))) - (define (has-triplet-prefix? name) - (string-prefix? triplet-prefix name)) - (define (remove-triplet-prefix name) - (substring name (string-length triplet-prefix))) - (with-directory-excursion (string-append out "/bin") - (for-each (lambda (name) - (symlink name (remove-triplet-prefix name))) - (scandir "." has-triplet-prefix?))) - #t)) - %standard-phases) + #:phases (modify-phases %standard-phases + (add-after 'install 'add-symlinks + (lambda* (#:key outputs #:allow-other-keys) + ;; The cross-gcc invokes 'as', 'ld', etc, without the + ;; triplet prefix, so add symlinks. + (let ((out (assoc-ref outputs "out")) + (triplet-prefix (string-append ,(boot-triplet) "-"))) + (define (has-triplet-prefix? name) + (string-prefix? triplet-prefix name)) + (define (remove-triplet-prefix name) + (substring name (string-length triplet-prefix))) + (with-directory-excursion (string-append out "/bin") + (for-each (lambda (name) + (symlink name (remove-triplet-prefix name))) + (scandir "." has-triplet-prefix?))) + #t)))) ,@(substitute-keyword-arguments (package-arguments binutils) ((#:configure-flags cf) @@ -286,9 +285,8 @@ ("libc-native" ,@(assoc-ref %boot0-inputs "libc")) ,@(alist-delete "libc" %boot0-inputs))) - ;; No need for Texinfo at this stage. - (native-inputs (alist-delete "texinfo" - (package-native-inputs gcc)))))) + ;; No need for the native-inputs to build the documentation at this stage. + (native-inputs `())))) (define perl-boot0 (let ((perl (package @@ -466,7 +464,7 @@ the bootstrap environment." ;; built just below; the only difference is that this one uses the ;; bootstrap Bash. (package-with-bootstrap-guile - (package/inherit glibc + (package (inherit glibc) (name "glibc-intermediate") (arguments `(#:guile ,%bootstrap-guile @@ -583,12 +581,24 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" (let* ((gcc (cross-gcc-wrapper gcc-boot0 binutils-boot0 glibc-final-with-bootstrap-bash (car (assoc-ref %boot1-inputs "bash")))) - (bash (package (inherit static-bash) + (bash (package + (inherit static-bash) (arguments - `(#:guile ,%bootstrap-guile - ,@(package-arguments static-bash))))) + (substitute-keyword-arguments + (package-arguments static-bash) + ((#:guile _ #f) + '%bootstrap-guile) + ((#:configure-flags flags '()) + ;; Add a '-L' flag so that the pseudo-cross-ld of + ;; BINUTILS-BOOT0 can find libc.a. + `(append ,flags + (list (string-append "LDFLAGS=-static -L" + (assoc-ref %build-inputs + "libc:static") + "/lib")))))))) (inputs `(("gcc" ,gcc) ("libc" ,glibc-final-with-bootstrap-bash) + ("libc:static" ,glibc-final-with-bootstrap-bash "static") ,@(fold alist-delete %boot1-inputs '("gcc" "libc"))))) (package-with-bootstrap-guile @@ -632,7 +642,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" (define glibc-final ;; The final glibc, which embeds the statically-linked Bash built above. - (package/inherit glibc-final-with-bootstrap-bash + (package (inherit glibc-final-with-bootstrap-bash) (name "glibc") (inputs `(("static-bash" ,static-bash-for-glibc) ,@(alist-delete @@ -663,12 +673,13 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" (define %boot2-inputs ;; 3rd stage inputs. `(("libc" ,glibc-final) + ("libc:static" ,glibc-final "static") ("gcc" ,gcc-boot0-wrapped) ,@(fold alist-delete %boot1-inputs '("libc" "gcc")))) (define binutils-final (package-with-bootstrap-guile - (package/inherit binutils + (package (inherit binutils) (arguments `(#:guile ,%bootstrap-guile #:implicit-inputs? #f @@ -679,34 +690,29 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" (define libstdc++ ;; Intermediate libstdc++ that will allow us to build the final GCC ;; (remember that GCC-BOOT0 cannot build libstdc++.) - ;; TODO: Write in terms of 'make-libstdc++'. - (package-with-bootstrap-guile - (package (inherit gcc) - (name "libstdc++") - (arguments - `(#:guile ,%bootstrap-guile - #:implicit-inputs? #f - #:allowed-references ("out") - #:out-of-source? #t - #:phases (alist-cons-before - 'configure 'chdir - (lambda _ - (chdir "libstdc++-v3")) - %standard-phases) - #:configure-flags `("--disable-shared" - "--disable-libstdcxx-threads" - "--disable-libstdcxx-pch" - ,(string-append "--with-gxx-include-dir=" - (assoc-ref %outputs "out") - "/include" - ;; "/include/c++/" - ;; ,(package-version gcc) - )))) - (outputs '("out")) - (inputs %boot2-inputs) - (native-inputs '()) - (propagated-inputs '()) - (synopsis "GNU C++ standard library (intermediate)")))) + (let ((lib (package-with-bootstrap-guile (make-libstdc++ gcc)))) + (package + (inherit lib) + (arguments + `(#:guile ,%bootstrap-guile + #:implicit-inputs? #f + #:allowed-references ("out") + + ;; XXX: libstdc++.so NEEDs ld.so for some reason. + #:validate-runpath? #f + + ;; All of the package arguments from 'make-libstdc++ + ;; except for the configure-flags. + ,@(package-arguments lib) + #:configure-flags `("--disable-shared" + "--disable-libstdcxx-threads" + "--disable-libstdcxx-pch" + ,(string-append "--with-gxx-include-dir=" + (assoc-ref %outputs "out") + "/include")))) + (outputs '("out")) + (inputs %boot2-inputs) + (synopsis "GNU C++ standard library (intermediate)")))) (define zlib-final ;; Zlib used by GCC-FINAL. @@ -779,6 +785,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" ;; scripts such as 'mkheaders' and 'fixinc.sh' (XXX: who cares about these ;; scripts?). (native-inputs `(("texinfo" ,texinfo-boot0) + ("perl" ,perl-boot0) ;for manpages ("static-bash" ,static-bash-for-glibc) ,@(package-native-inputs gcc-boot0))) @@ -923,12 +930,13 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" ("binutils" ,binutils-final) ("gcc" ,gcc-final) ("libc" ,glibc-final) + ("libc:static" ,glibc-final "static") ("locales" ,glibc-utf8-locales-final)))) (define-public canonical-package (let ((name->package (fold (lambda (input result) (match input - ((_ package) + ((_ package . outputs) (vhash-cons (package-full-name package) package result)))) vlist-null diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 6b8b28b9ff..0cee54848c 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -209,7 +209,16 @@ adding and extracting files to/from a tar archive.") (synopsis "General file (de)compression (using lzw)") (arguments ;; FIXME: The test suite wants `less', and optionally Perl. - '(#:tests? #f)) + '(#:tests? #f + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'use-absolute-name-of-gzip + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "gunzip.in" + (("exec gzip") + (string-append "exec " (assoc-ref outputs "out") + "/bin/gzip"))) + #t))))) (description "GNU Gzip provides data compression and decompression utilities; the typical extension is \".gz\". Unlike the \"zip\" format, it compresses a single @@ -348,7 +357,7 @@ compressed with pbzip2 can be decompressed with bzip2).") (define-public xz (package (name "xz") - (version "5.2.2") + (version "5.2.3") (source (origin (method url-fetch) (uri (list (string-append "http://tukaani.org/xz/xz-" version @@ -357,7 +366,7 @@ compressed with pbzip2 can be decompressed with bzip2).") version ".tar.gz"))) (sha256 (base32 - "18h2k4jndhzjs8ln3a54qdnfv59y6spxiwh9gpaqniph6iflvpvk")))) + "1jr8pxnz55ifc8cvp3ivgl79ph9iik5aypsc9cma228aglsqp4ki")))) (build-system gnu-build-system) (synopsis "General-purpose data compression") (description @@ -376,7 +385,7 @@ than gzip and 15 % smaller output than bzip2.") (define-public lzo (package (name "lzo") - (version "2.09") + (version "2.10") (source (origin (method url-fetch) @@ -384,7 +393,7 @@ than gzip and 15 % smaller output than bzip2.") version ".tar.gz")) (sha256 (base32 - "0k5kpj3jnsjfxqqkblpfpx0mqcy86zs5fhjhgh2kq1hksg7ag57j")))) + "0wm04519pd3g8hqpjqhfr72q8qmbiwqaxcs3cndny9h86aa95y60")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--enable-shared"))) (home-page "http://www.oberhumer.com/opensource/lzo") @@ -463,14 +472,14 @@ some compression ratio).") (define-public lzip (package (name "lzip") - (version "1.18") + (version "1.19") (source (origin (method url-fetch) (uri (string-append "mirror://savannah/lzip/lzip-" version ".tar.gz")) (sha256 (base32 - "1p8lvc22sv3damld9ng8y6i8z2dvvpsbi9v7yhr5bc2a20m8iya7")))) + "1abbch762gv8rjr579q3qyyk6c80plklbv2mw4x0vg71dgsw9bgz")))) (build-system gnu-build-system) (home-page "http://www.nongnu.org/lzip/lzip.html") (synopsis "Lossless data compressor based on the LZMA algorithm") diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm index abc3a2821c..369083eab0 100644 --- a/gnu/packages/cross-base.scm +++ b/gnu/packages/cross-base.scm @@ -248,6 +248,7 @@ target that libc." ,@inputs))) (libc `(("libc" ,libc) + ("libc:static" ,libc "static") ("xkernel-headers" ;the target headers ,@(assoc-ref (package-propagated-inputs libc) "kernel-headers")) diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index bbf2699f00..4cb76b9181 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org> ;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. ;;; @@ -57,7 +58,7 @@ (define-public cups-filters (package (name "cups-filters") - (version "1.17.7") + (version "1.17.9") (source(origin (method url-fetch) (uri @@ -65,7 +66,7 @@ "cups-filters-" version ".tar.xz")) (sha256 (base32 - "1mg397kgfx0rs9j852f8ppmvaz2al5l75ildbgiqg6j3gwq5jssw")) + "0i7mvvnq7ayhxn1ajci8h7l3cijzwr9d50p58h0rbsh9hf63zblq")) (modules '((guix build utils))) (snippet ;; install backends, banners and filters to cups-filters output @@ -179,7 +180,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.") (define-public cups-minimal (package (name "cups-minimal") - (version "2.2.4") + (version "2.2.6") (source (origin (method url-fetch) @@ -187,7 +188,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.") version "/cups-" version "-source.tar.gz")) (sha256 (base32 - "1k4qxafmapq6hzbkh273fdyzkj9alw6ppwz5k933bhsi4svlsvar")))) + "16qn41b84xz6khrr2pa2wdwlqxr29rrrkjfi618gbgdkq9w5ff20")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 49703c0925..8cc590daf4 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -42,7 +43,7 @@ (define-public curl (package (name "curl") - (version "7.55.1") + (version "7.56.1") (replacement curl-7.57.0) (source (origin (method url-fetch) @@ -50,7 +51,7 @@ version ".tar.xz")) (sha256 (base32 - "1dvbcwcar3dv488h9378hy145ma3ws2fwpbr6mgszd7chipcmbry")))) + "1l9r386qz7l7h4n5lysrf1wq93lyc72a7shgg9b8s5d0ycn2ivcf")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.2 MiB of man3 pages @@ -109,7 +110,15 @@ ;; The top-level "make check" does "make -C tests quiet-test", which ;; is too quiet. Use the "test" target instead, which is more ;; verbose. - (zero? (system* "make" "-C" "tests" "test"))))))) + (zero? (system* "make" "-C" "tests" "test")))) + (add-before 'install 'fix-Makefile + ;; Fix a regression in 7.55.0 where docs are not installed. + ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b + (lambda _ + (substitute* "Makefile" + (("install-data-hook:\n") + "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n")) + #t))))) (synopsis "Command line tool for transferring data with URL syntax") (description "curl is a command line tool for transferring data with URL syntax, diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 56749320b3..bf071fb1c2 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -932,7 +932,7 @@ for example from a shell script.") (define-public sqlite (package (name "sqlite") - (version "3.19.3") + (version "3.21.0") (source (origin (method url-fetch) (uri (let ((numeric-version @@ -948,7 +948,7 @@ for example from a shell script.") numeric-version ".tar.gz"))) (sha256 (base32 - "00b3l2qglpl1inx21fckiwxnfq5xf6441flc79rqg7zdvh1rq4h6")))) + "1qxvzdjwzw6k0kqjfabj86rnq87xdbwbca7laxxdhnh0fmkm3pfp")))) (build-system gnu-build-system) (inputs `(("readline" ,readline))) (arguments @@ -1922,7 +1922,7 @@ Memory-Mapped Database} (LMDB), a high-performance key-value store.") #t))))) (native-inputs `(("python-pytest-mock" ,python-pytest-mock) - ("python-pytest" ,python-pytest-3.0) + ("python-pytest" ,python-pytest) ("python-flexmock" ,python-flexmock))) (propagated-inputs `(("python-backpack" ,python-backpack) @@ -2205,14 +2205,15 @@ PickleShare.") (define-public python-apsw (package (name "python-apsw") - (version "3.9.2-r1") + (version "3.20.1-r1") (source (origin (method url-fetch) - (uri (pypi-uri "apsw" version)) + (uri (string-append "https://github.com/rogerbinns/apsw/archive/" + version ".tar.gz")) (sha256 (base32 - "0w4jb0wpx785qw42r3h4fh7gl5w2968q48i7gygybsfxck8nzffs")))) + "00ai7m2pqi26qaflhz314d8k5i3syw7xzr145fhfl0crhyh6adz2")))) (build-system python-build-system) (inputs `(("sqlite" ,sqlite))) diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm index 7f39817332..a413500486 100644 --- a/gnu/packages/django.scm +++ b/gnu/packages/django.scm @@ -154,7 +154,7 @@ with arguments to the field constructor.") `(("python-django" ,python-django) ("python-setuptools-scm" ,python-setuptools-scm))) (propagated-inputs - `(("python-pytest" ,python-pytest-3.0))) + `(("python-pytest" ,python-pytest))) (home-page "http://pytest-django.readthedocs.org/") (synopsis "Django plugin for py.test") (description "Pytest-django is a plugin for py.test that provides a set of diff --git a/gnu/packages/documentation.scm b/gnu/packages/documentation.scm index 9c5ca74d73..c870084746 100644 --- a/gnu/packages/documentation.scm +++ b/gnu/packages/documentation.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016 Roel Janssen <roel@gnu.org> ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be> ;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -126,7 +127,7 @@ markup) can be customized and extended by the user.") (build-system cmake-build-system) (native-inputs `(("bison" ,bison) - ("flex" ,flex) + ("flex" ,flex-2.6.1) ; sefaults with 2.6.4 ("libxml2" ,libxml2) ; provides xmllint for the tests ("python" ,python-2))) ; for creating the documentation (inputs diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index 3bc8e1dcfe..63aa3fac49 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -27,16 +27,15 @@ (define-public file (package - (replacement file/fixed) (name "file") - (version "5.30") + (version "5.32") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.astron.com/pub/file/file-" version ".tar.gz")) (sha256 (base32 - "057jpcyy8ws7q4s4sm8r1rxb8xycdbng2z4y9i98f094wlr28k39")))) + "0l1bfa0icng9vdwya00ff48fhvjazi5610ylbhl35qi13d6xqfc6")))) (build-system gnu-build-system) ;; When cross-compiling, this package depends upon a native install of @@ -50,11 +49,4 @@ you in words what kind of data a file contains. It does not rely on filename extensions to tell you the type of a file, but looks at the actual contents of the file.") (license bsd-2) - (home-page "http://www.darwinsys.com/file/"))) - -(define file/fixed - (package - (inherit file) - (source (origin - (inherit (package-source file)) - (patches (search-patches "file-CVE-2017-1000249.patch")))))) + (home-page "https://www.darwinsys.com/file/"))) diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm index 6a4e118f76..e015fcbc36 100644 --- a/gnu/packages/freedesktop.scm +++ b/gnu/packages/freedesktop.scm @@ -415,28 +415,17 @@ Python.") (define-public wayland (package (name "wayland") - (version "1.13.0") + (version "1.14.0") (source (origin (method url-fetch) (uri (string-append "https://wayland.freedesktop.org/releases/" name "-" version ".tar.xz")) (sha256 (base32 - "0lgywr1m0d79vr4s8aimj8a307nss29hhy68gjpqj7m667055c39")))) + "1f3sla6h0bw15fz8pjc67jhwj7pwmfdc7qlj42j5k9v116ycm07d")))) (build-system gnu-build-system) (arguments - `(#:parallel-tests? #f - #:phases - (modify-phases %standard-phases - ;; Remove record shapes to workaround graphviz 2.40.1 problems. - ;; http://www.graphviz.org/content/i-havent-been-able-render-these-files-graphviz-226 - ;; This will likely be fixed upstream in the next release. - ;; https://lists.freedesktop.org/archives/wayland-devel/2017-June/034218.html - (add-before 'build 'fix-graphviz - (lambda _ - (substitute* "doc/doxygen/dot/x-architecture.gv" - (("Mrecord") "none")) - #t))))) + `(#:parallel-tests? #f)) (native-inputs `(("doxygen" ,doxygen) ("graphviz" ,graphviz) @@ -462,7 +451,7 @@ applications, X servers (rootless or fullscreen) or other display servers.") (define-public wayland-protocols (package (name "wayland-protocols") - (version "1.9") + (version "1.12") (source (origin (method url-fetch) (uri (string-append @@ -470,7 +459,7 @@ applications, X servers (rootless or fullscreen) or other display servers.") "wayland-protocols-" version ".tar.xz")) (sha256 (base32 - "0xag2yci0l13brmq2k12vdv0wlnb2j0rxk2cnp170fya63g74sv6")))) + "1cn8ny4zr9xlcdh8qi1qnkmvia8cp4ixnsbhd9sp9571w6lyh69v")))) (build-system gnu-build-system) (inputs `(("wayland" ,wayland))) diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index ad8992289d..84d2f9a8d2 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -139,7 +139,8 @@ where the OS part is overloaded to denote a specific ABI---into GCC (patches (search-patches "gcc-4-compile-with-gcc-5.patch")) (sha256 (base32 - "10k2k71kxgay283ylbbhhs51cl55zn2q38vj5pk4k950qdnirrlj")))) + "10k2k71kxgay283ylbbhhs51cl55zn2q38vj5pk4k950qdnirrlj")) + (patches (search-patches "gcc-fix-texi2pod.patch")))) (build-system gnu-build-system) ;; Separate out the run-time support libraries because all the @@ -156,7 +157,8 @@ where the OS part is overloaded to denote a specific ABI---into GCC ;; GCC < 5 is one of the few packages that doesn't ship .info files. ;; Newer texinfos fail to build the manual, so we use an older one. - (native-inputs `(("texinfo" ,texinfo-5))) + (native-inputs `(("perl" ,perl) ;for manpages + ("texinfo" ,texinfo-5))) (arguments `(#:out-of-source? #t @@ -352,7 +354,8 @@ Go. It also includes runtime support libraries for these languages.") (sha256 (base32 "08yggr18v373a1ihj0rg2vd6psnic42b518xcgp3r9k81xz1xyr2")) - (patches (search-patches "gcc-arm-link-spec-fix.patch")))) + (patches (search-patches "gcc-arm-link-spec-fix.patch" + "gcc-fix-texi2pod.patch")))) (supported-systems %supported-systems) (inputs `(("isl" ,isl-0.11) @@ -370,31 +373,33 @@ Go. It also includes runtime support libraries for these languages.") (base32 "14l06m7nvcvb0igkbip58x59w3nq6315k6jcz3wr9ch1rn9d44bc")) (patches (search-patches "gcc-arm-bug-71399.patch" - "gcc-libvtv-runpath.patch")))) - (native-inputs `(("texinfo" ,texinfo))))) + "gcc-libvtv-runpath.patch" + "gcc-fix-texi2pod.patch")))) + ;; Override inherited texinfo-5 with latest version. + (native-inputs `(("perl" ,perl) ;for manpages + ("texinfo" ,texinfo))))) (define-public gcc-5 ;; Note: GCC >= 5 ships with .info files but 'make install' fails to install ;; them in a VPATH build. (package (inherit gcc-4.9) - (version "5.4.0") + (version "5.5.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gcc/gcc-" - version "/gcc-" version ".tar.bz2")) + version "/gcc-" version ".tar.xz")) (sha256 (base32 - "0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0")) + "11zd1hgzkli3b2v70qsm2hyqppngd4616qc96lmm9zl2kl9yl32k")) (patches (search-patches "gcc-arm-bug-71399.patch" "gcc-strmov-store-file-names.patch" - "gcc-asan-powerpc-missing-include.patch" "gcc-5.0-libvtv-runpath.patch" "gcc-5-source-date-epoch-1.patch" - "gcc-5-source-date-epoch-2.patch")))))) - ;; TODO: gcc-5 doesn't need cloog. - ;;(inputs - ;; `(("isl" ,isl) - ;; ,@(package-inputs gcc-4.7))))) + "gcc-5-source-date-epoch-2.patch" + "gcc-fix-texi2pod.patch")))) + (inputs + `(("isl" ,isl) + ,@(package-inputs gcc-4.7))))) (define-public gcc-6 (package diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm index 76c01b1e09..51b772a586 100644 --- a/gnu/packages/gettext.scm +++ b/gnu/packages/gettext.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2016 Alex Kost <alezost@gmail.com> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> +;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -47,12 +48,18 @@ (sha256 (base32 "0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z")) - ;; test-lock has performance issues on multi-core machines, - ;; it hangs or takes a long time to complete. - ;; There is one commit in gettext and one commit - ;; in gettext's embedded gnulib to fix this issue. - (patches (search-patches "gettext-multi-core.patch" - "gettext-gnulib-multi-core.patch")))) + (modules '((guix build utils))) + (snippet + '(begin + ;; The gnulib test-lock test is prone to writer starvation + ;; with our glibc@2.25, which prefers readers, so disable it. + ;; The gnulib commit b20e8afb0b2 should fix this once + ;; incorporated here. + (substitute* "gettext-runtime/tests/Makefile.in" + (("TESTS = test-lock\\$\\(EXEEXT\\)") "TESTS =")) + (substitute* "gettext-tools/gnulib-tests/Makefile.in" + (("test-lock\\$\\(EXEEXT\\) ") "")) + #t)))) (build-system gnu-build-system) (outputs '("out" "doc")) ;8 MiB of HTML diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 28477b2c42..72a737b013 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -100,23 +100,23 @@ paper size.") (arguments `(#:tests? #f ; none provided #:phases - (alist-replace - 'configure - (lambda* (#:key inputs outputs #:allow-other-keys #:rest args) - (let ((perl (assoc-ref inputs "perl")) - (out (assoc-ref outputs "out"))) - (copy-file "Makefile.unix" "Makefile") - (substitute* "Makefile" - (("/usr/local/bin/perl") (string-append perl "/bin/perl"))) - (substitute* "Makefile" - (("/usr/local") out)) - ;; for the install phase - (substitute* "Makefile" - (("-mkdir") "mkdir -p")) - ;; drop installation of non-free files - (substitute* "Makefile" - ((" install.include") "")))) - %standard-phases))) + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key inputs outputs #:allow-other-keys #:rest args) + (let ((perl (assoc-ref inputs "perl")) + (out (assoc-ref outputs "out"))) + (copy-file "Makefile.unix" "Makefile") + (substitute* "Makefile" + (("/usr/local/bin/perl") (string-append perl "/bin/perl"))) + (substitute* "Makefile" + (("/usr/local") out)) + ;; for the install phase + (substitute* "Makefile" + (("-mkdir") "mkdir -p")) + ;; drop installation of non-free files + (substitute* "Makefile" + ((" install.include") ""))) + #t))))) (synopsis "Collection of utilities for manipulating PostScript documents") (description "PSUtils is a collection of utilities for manipulating PostScript @@ -131,8 +131,7 @@ printing, and psresize, for adjusting page sizes.") (define-public ghostscript (package (name "ghostscript") - (replacement ghostscript-9.22) - (version "9.21") + (version "9.22") (source (origin (method url-fetch) @@ -142,9 +141,8 @@ printing, and psresize, for adjusting page sizes.") "/ghostscript-" version ".tar.xz")) (sha256 (base32 - "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b")) + "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61")) (patches (search-patches "ghostscript-runpath.patch" - "ghostscript-CVE-2017-8291.patch" "ghostscript-no-header-creationdate.patch" "ghostscript-no-header-id.patch" "ghostscript-no-header-uuid.patch")) @@ -255,25 +253,6 @@ output file formats and printers.") (home-page "https://www.ghostscript.com/") (license license:agpl3+))) -(define ghostscript-9.22 - (package - (inherit ghostscript) - (version "9.22") - (source - (origin - (inherit (package-source ghostscript)) - (uri (string-append "https://github.com/ArtifexSoftware/" - "ghostpdl-downloads/releases/download/gs" - (string-delete #\. version) - "/ghostscript-" version ".tar.xz")) - (sha256 - (base32 - "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61")) - (patches (search-patches "ghostscript-runpath.patch" - "ghostscript-no-header-creationdate.patch" - "ghostscript-no-header-id.patch" - "ghostscript-no-header-uuid.patch")))))) - (define-public ghostscript/x (package/inherit ghostscript (name (string-append (package-name ghostscript) "-with-x")) diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm index 5f96ab3038..90ba81c37f 100644 --- a/gnu/packages/gl.scm +++ b/gnu/packages/gl.scm @@ -217,7 +217,7 @@ also known as DXTn or DXTC) for Mesa.") (define-public mesa (package (name "mesa") - (version "17.2.1") + (version "17.2.5") (source (origin (method url-fetch) @@ -229,7 +229,7 @@ also known as DXTn or DXTC) for Mesa.") version "/mesa-" version ".tar.xz"))) (sha256 (base32 - "07msr6xismw2jq87irwhz7vygvzj6hi38d71paij9zvwh8bmsf3p")) + "03q7n4g6ks3wlvlbi0snwn80w6ribqvs80cx5mgv384ygd5r2zvz")) (patches (search-patches "mesa-wayland-egl-symbols-check-mips.patch" "mesa-skip-disk-cache-test.patch")))) @@ -305,6 +305,10 @@ also known as DXTn or DXTC) for Mesa.") "--enable-llvm")) ; default is x86/x86_64 only (_ '("--with-dri-drivers=nouveau,r200,radeon,swrast")))) + #:modules ((ice-9 match) + (srfi srfi-1) + (guix build utils) + (guix build gnu-build-system)) #:phases (modify-phases %standard-phases (add-after @@ -339,6 +343,41 @@ also known as DXTn or DXTC) for Mesa.") ;; egl_gallium support. (("\"gbm_dri\\.so") (string-append "\"" out "/lib/dri/gbm_dri.so"))) + #t))) + (add-after 'install 'symlinks-instead-of-hard-links + (lambda* (#:key outputs #:allow-other-keys) + ;; All the drivers and gallium targets create hard links upon + ;; installation (search for "hardlink each megadriver instance" + ;; in the makefiles). This is no good for us since we'd produce + ;; nars that contain several copies of these files. Thus, turn + ;; them into symlinks, which saves ~124 MiB. + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (files (find-files lib + (lambda (file stat) + (and (string-contains file ".so") + (eq? 'regular + (stat:type stat)))))) + (inodes (map (compose stat:ino stat) files))) + (for-each (lambda (inode) + (match (filter-map (match-lambda + ((file ino) + (and (= ino inode) file))) + (zip files inodes)) + ((_) + #f) + ((reference others ..1) + (format #t "creating ~a symlinks to '~a'~%" + (length others) reference) + (for-each delete-file others) + (for-each (lambda (file) + (if (string=? (dirname file) + (dirname reference)) + (symlink (basename reference) + file) + (symlink reference file))) + others)))) + (delete-duplicates inodes)) #t)))))) (home-page "https://mesa3d.org/") (synopsis "OpenGL implementation") diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index de74278597..ccb11565b3 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -73,7 +73,7 @@ (define dbus (package (name "dbus") - (version "1.10.22") + (version "1.12.2") (source (origin (method url-fetch) (uri (string-append @@ -81,7 +81,7 @@ version ".tar.gz")) (sha256 (base32 - "15vv9gz5i4f5l7h0d045qz5iyvl89hjk2k83lb4vbizd7qg41cg2")) + "121xm3cy48vbv6nv522lfkk4zyiqc1g6v4lb3344gc3h2w4vaar7")) (patches (search-patches "dbus-helper-search-path.patch")))) (build-system gnu-build-system) (arguments @@ -143,7 +143,7 @@ shared NFS home directories.") (define glib (package (name "glib") - (version "2.52.3") + (version "2.54.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" @@ -151,8 +151,9 @@ shared NFS home directories.") name "-" version ".tar.xz")) (sha256 (base32 - "0a71wkkhkvad84gm30w13micxxgqqw3sxhybj7nd9z60lwspdvi5")) - (patches (search-patches "glib-tests-timer.patch")))) + "0v4ffl172kbqgxrhgxyafhpw36bq3iklb2zjqyl6jcfkmb2yb2dv")) + (patches (search-patches "glib-respect-datadir.patch" + "glib-tests-timer.patch")))) (build-system gnu-build-system) (outputs '("out" ; everything "bin" ; glib-mkenums, gtester, etc.; depends on Python @@ -171,9 +172,9 @@ shared NFS home directories.") ("python" ,python-wrapper) ("perl" ,perl) ; needed by GIO tests ("bash" ,bash) - ("tzdata" ,tzdata-2017a))) ; for tests/gdatetime.c + ("tzdata" ,tzdata-for-tests))) ; for tests/gdatetime.c (arguments - `(#:disallowed-references (,tzdata-2017a) + `(#:disallowed-references (,tzdata-for-tests) #:phases (modify-phases %standard-phases (add-before 'build 'pre-build @@ -253,12 +254,7 @@ shared NFS home directories.") ("gio/tests/gdbus-unix-addresses.c" (;; Requires /etc/machine-id. - "/gdbus/x11-autolaunch")) - - ("glib/tests/gdatetime.c" - (;; Assumes that the Brasilian time zone is named 'BRT', - ;; which is no longer true as of tzdata-2017a. - "/GDateTime/new_full"))))) + "/gdbus/x11-autolaunch"))))) (and-map (lambda (x) (apply disable x)) failing-tests))))) ;; Note: `--docdir' and `--htmldir' are not honored, so work around it. @@ -290,19 +286,19 @@ shared NFS home directories.") and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.") (home-page "https://developer.gnome.org/glib/") - (license license:lgpl2.0+))) ; some files are under lgpl2.1+ + (license license:lgpl2.1+))) (define gobject-introspection (package (name "gobject-introspection") - (version "1.52.1") + (version "1.54.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" "gobject-introspection/" (version-major+minor version) "/gobject-introspection-" version ".tar.xz")) (sha256 - (base32 "1x5gkyrglv3dn9b4fsgw6asqgjw1wj7qc37g9pyac6pyaa6w7l1f")) + (base32 "0zl7pfkzkm07733391b4f3cwjbnvb1nwvpmajf5bajh6bxgfv3dq")) (modules '((guix build utils))) (snippet '(substitute* "tools/g-ir-tool-template.in" diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 2c07d7bd91..8f9b1bac98 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -1179,7 +1179,7 @@ dealing with different structured file formats.") (define-public librsvg (package (name "librsvg") - (version "2.40.18") + (version "2.40.19") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -1187,24 +1187,30 @@ dealing with different structured file formats.") name "-" version ".tar.xz")) (sha256 (base32 - "0k2nbd4g31qinkdfd8r5c5ih2ixl85fbkgkqqh9747lwr24c9j5z")))) + "1xy12qi29xqf3i61awf9qmm5ysw6v5qgxqwvi5fny0q9hs5lsav1")))) (build-system gnu-build-system) (arguments `(#:phases - (alist-cons-before - 'configure 'pre-configure - (lambda* (#:key inputs #:allow-other-keys) - (substitute* "gdk-pixbuf-loader/Makefile.in" - ;; By default the gdk-pixbuf loader is installed under - ;; gdk-pixbuf's prefix. Work around that. - (("gdk_pixbuf_moduledir = .*$") - (string-append "gdk_pixbuf_moduledir = " - "$(prefix)/lib/gdk-pixbuf-2.0/2.10.0/" - "loaders\n")) - ;; Drop the 'loaders.cache' file, it's in gdk-pixbuf+svg. - (("gdk_pixbuf_cache_file = .*$") - "gdk_pixbuf_cache_file = $(TMPDIR)/loaders.cache\n"))) - %standard-phases))) + (modify-phases %standard-phases + (add-before 'configure 'pre-configure + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "gdk-pixbuf-loader/Makefile.in" + ;; By default the gdk-pixbuf loader is installed under + ;; gdk-pixbuf's prefix. Work around that. + (("gdk_pixbuf_moduledir = .*$") + (string-append "gdk_pixbuf_moduledir = " + "$(prefix)/lib/gdk-pixbuf-2.0/2.10.0/" + "loaders\n")) + ;; Drop the 'loaders.cache' file, it's in gdk-pixbuf+svg. + (("gdk_pixbuf_cache_file = .*$") + "gdk_pixbuf_cache_file = $(TMPDIR)/loaders.cache\n")) + #t)) + (add-after 'unpack 'remove-failing-test + ;; This test fails on aarch64. + (lambda _ + (delete-file "tests/fixtures/reftests/bugs/777834-empty-text-children.svg") + (delete-file "tests/fixtures/reftests/bugs/777834-empty-text-children-ref.png") + #t))))) (native-inputs `(("pkg-config" ,pkg-config) ("glib" ,glib "bin") ; glib-mkenums, etc. diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index d2b74c4721..a8424a87f6 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -90,16 +90,15 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package - (replacement libgcrypt/fixed) (name "libgcrypt") - (version "1.7.8") + (version "1.8.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" version ".tar.bz2")) (sha256 (base32 - "16f1rsv4y4w2pk1il2jbcqggsb6mrlfva5vayd205fp68zm7d0ll")))) + "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s")))) (build-system gnu-build-system) (propagated-inputs `(("libgpg-error-host" ,libgpg-error))) @@ -125,18 +124,6 @@ generation.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgcrypt"))))) -(define libgcrypt/fixed - (package - (inherit libgcrypt) - (version "1.8.1") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" - version ".tar.bz2")) - (sha256 - (base32 - "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s")))))) - (define-public libassuan (package (name "libassuan") diff --git a/gnu/packages/groff.scm b/gnu/packages/groff.scm index 9b949f8ff3..fd098cd770 100644 --- a/gnu/packages/groff.scm +++ b/gnu/packages/groff.scm @@ -57,7 +57,14 @@ ("perl" ,perl) ("psutils" ,psutils) ("texinfo" ,texinfo))) - (arguments '(#:parallel-build? #f)) ; parallel build fails + (arguments + `(#:parallel-build? #f ; parallel build fails + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'setenv + (lambda _ + (setenv "GS_GENERATE_UUIDS" "0") + #t))))) (synopsis "Typesetting from plain text mixed with formatting commands") (description "Groff is a typesetting package that reads plain text and produces diff --git a/gnu/packages/gsasl.scm b/gnu/packages/gsasl.scm index 727d0f0d52..3146f408c3 100644 --- a/gnu/packages/gsasl.scm +++ b/gnu/packages/gsasl.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -81,7 +82,17 @@ the underlying security implementation.") (uri (string-append "mirror://gnu/gsasl/gsasl-" version ".tar.gz")) (sha256 (base32 - "1rci64cxvcfr8xcjpqc4inpfq7aw4snnsbf5xz7d30nhvv8n40ii")))) + "1rci64cxvcfr8xcjpqc4inpfq7aw4snnsbf5xz7d30nhvv8n40ii")) + (modules '((guix build utils))) + (snippet + '(begin + ;; The gnulib test-lock test is prone to writer starvation + ;; with our glibc@2.25, which prefers readers, so disable it. + ;; The gnulib commit b20e8afb0b2 should fix this once + ;; incorporated here. + (substitute* "tests/Makefile.in" + (("test-lock\\$\\(EXEEXT\\) ") "")) + #t)))) (build-system gnu-build-system) (inputs `(("libidn" ,libidn) ("libntlm" ,libntlm) diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 235d2c3718..dfa7a59b11 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com> ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com> ;;; Coypright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Fabian Harfert <fhmgufs@web.de> ;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net> ;;; Copyright © 2016 Patrick Hetu <patrick.hetu@auf.org> @@ -171,7 +171,7 @@ affine transformation (scale, rotation, shear, etc.).") (define-public harfbuzz (package (name "harfbuzz") - (version "1.5.1") + (version "1.7.1") (source (origin (method url-fetch) (uri (string-append "https://www.freedesktop.org/software/" @@ -179,7 +179,7 @@ affine transformation (scale, rotation, shear, etc.).") version ".tar.bz2")) (sha256 (base32 - "0lbwzif7ndvx1iqzp7wxv6j3ilal6di2vj33cy3bha97mpyqv0sn")))) + "0khmcm4k0cckw5ql9z66ahp1zy5dn978vw8p41h91dhk6glacicn")))) (build-system gnu-build-system) (outputs '("out" "bin")) ; 160K, only hb-view depend on cairo @@ -209,7 +209,7 @@ affine transformation (scale, rotation, shear, etc.).") (define-public pango (package (name "pango") - (version "1.40.12") + (version "1.40.14") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/pango/" @@ -217,7 +217,7 @@ affine transformation (scale, rotation, shear, etc.).") name "-" version ".tar.xz")) (sha256 (base32 - "1z0w2vrx3qh3aryfkbfijkcxxr3yjbxc2l4b0yy8rcp2wjlakwbm")))) + "1qqpd8x1pl483ynj3mc5q4n8y2pxqhg2bv19vd94r7mzlzm1pbwh")))) (build-system gnu-build-system) (propagated-inputs `(("cairo" ,cairo) @@ -428,7 +428,7 @@ highlighting and other features typical of a source code editor.") (define-public gdk-pixbuf (package (name "gdk-pixbuf") - (version "2.36.10") + (version "2.36.11") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -436,7 +436,7 @@ highlighting and other features typical of a source code editor.") name "-" version ".tar.xz")) (sha256 (base32 - "1klsjkdbashd8yb8xjsc9ff3bz32n2id5s79nrrmqiw9df4zmxpq")))) + "1wz2vpciwdpdv612s8kbww08q80hgcs5dxrfsxp1a4q44n3snqmf")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--with-x11") @@ -654,7 +654,7 @@ application suites.") (name "gtk+") ;; NOTE: When updating the version of 'gtk+', the hash of 'mate-themes' in ;; mate.scm will also need to be updated. - (version "3.22.21") + (version "3.22.24") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -662,7 +662,7 @@ application suites.") name "-" version ".tar.xz")) (sha256 (base32 - "11vb1shgr4rlayfk0b858gz986jsn2mpjlxvr89b2kgvbjlc3lqv")) + "0asr6gccw1vv02i29ivwr74fpxlmdxhr0wigybsvi2ljzi66xcfb")) (patches (search-patches "gtk3-respect-GUIX_GTK3_PATH.patch" "gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch")))) (outputs '("out" "bin" "doc")) diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index 55bc9f2035..c40a2e7d59 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org> -;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; @@ -32,8 +32,7 @@ (define-public icu4c (package (name "icu4c") - (replacement icu4c-fixed) - (version "58.2") + (version "60.1") (source (origin (method url-fetch) (uri (string-append @@ -42,11 +41,8 @@ "/icu4c-" (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version) "-src.tgz")) - (patches - (search-patches "icu4c-CVE-2017-7867-CVE-2017-7868.patch" - "icu4c-reset-keyword-list-iterator.patch")) (sha256 - (base32 "036shcb3f8bm1lynhlsb4kpjm9s9c2vdiir01vg216rs2l8482ib")))) + (base32 "09g2bvmmww8qs9p8p47avzazbibx8yqvswkr8rd02b7kzg4adxgq")))) (build-system gnu-build-system) (inputs `(("perl" ,perl))) @@ -71,15 +67,6 @@ C/C++ part.") (license x11) (home-page "http://site.icu-project.org/"))) -(define icu4c-fixed - (package - (inherit icu4c) - (source (origin - (inherit (package-source icu4c)) - (patches (append - (origin-patches (package-source icu4c)) - (search-patches "icu4c-CVE-2017-14952.patch"))))))) - (define-public java-icu4j (package (name "java-icu4j") diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index e220ac242a..4ea51710e7 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -73,7 +73,7 @@ (define-public libpng (package (name "libpng") - (version "1.6.29") + (version "1.6.34") (source (origin (method url-fetch) (uri (list (string-append "mirror://sourceforge/libpng/libpng16/" @@ -86,7 +86,7 @@ "/libpng16/libpng-" version ".tar.xz"))) (sha256 (base32 - "0fgjqp7x6jynacmqh6dj72cn6nnf6yxjfqqqfsxrx0pyx22bcia2")))) + "1xjr0v34fyjgnhvaa1zixcpx5yvxcg4zwvfh0fyklfyfj86rc7ig")))) (build-system gnu-build-system) ;; libpng.la says "-lz", so propagate it. @@ -390,21 +390,15 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") - (version "4.0.8") + (version "4.0.9") (source (origin (method url-fetch) (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" version ".tar.gz")) - (patches - (search-patches "libtiff-tiffgetfield-bugs.patch" - "libtiff-CVE-2016-10688.patch" - "libtiff-CVE-2017-9936.patch" - "libtiff-tiffycbcrtorgb-integer-overflow.patch" - "libtiff-tiffycbcrtorgbinit-integer-overflow.patch")) (sha256 (base32 - "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr")))) + "1kfg4q01r4mqn7dj63ifhi6pmqzbf4xax6ni6kkk81ri5kndwyvf")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.3 MiB of HTML documentation @@ -483,20 +477,15 @@ arithmetic ops.") (define-public jbig2dec (package (name "jbig2dec") - (version "0.13") + (version "0.14") (source (origin (method url-fetch) (uri (string-append "http://downloads.ghostscript.com/public/" name "/" name "-" version ".tar.gz")) (sha256 - (base32 "04akiwab8iy5iy34razcvh9mcja9wy737civ3sbjxk4j143s1b2s")) - (patches (search-patches "jbig2dec-ignore-testtest.patch" - "jbig2dec-CVE-2016-9601.patch" - "jbig2dec-CVE-2017-7885.patch" - "jbig2dec-CVE-2017-7975.patch" - "jbig2dec-CVE-2017-7976.patch")))) - + (base32 "0k01hp0q4275fj4rbr1gy64svfraw5w7wvwl08yjhvsnpb1rid11")) + (patches (search-patches "jbig2dec-ignore-testtest.patch")))) (build-system gnu-build-system) (synopsis "Decoder of the JBIG2 image compression format") (description diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index 801b4e44a9..b9f774a32a 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -46,8 +46,7 @@ (define-public mit-krb5 (package (name "mit-krb5") - (replacement mit-krb5-1.15.2) - (version "1.15.1") + (version "1.15.2") (source (origin (method url-fetch) (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/" @@ -55,7 +54,7 @@ "/krb5-" version ".tar.gz")) (sha256 (base32 - "0igbi5d095c2hgpn2cixpc4q2ij8vgg2bx7yjfly5zfmvlqqhz23")))) + "0zn8s7anb10hw3nzwjz7vg10fgmmgvwnibn2zrn3nppjxn9f6f8n")))) (build-system gnu-build-system) (native-inputs `(("bison" ,bison) @@ -94,19 +93,6 @@ cryptography.") (home-page "http://web.mit.edu/kerberos/") (properties '((cpe-name . "kerberos"))))) -(define mit-krb5-1.15.2 ; CVE-2017-{11368,11462} - (package - (inherit mit-krb5) - (version "1.15.2") - (source (origin - (method url-fetch) - (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/" - (version-major+minor version) - "/krb5-" version ".tar.gz")) - (sha256 - (base32 - "0zn8s7anb10hw3nzwjz7vg10fgmmgvwnibn2zrn3nppjxn9f6f8n")))))) - (define-public shishi (package (name "shishi") diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm index 55f39f2a6d..c80cbb1799 100644 --- a/gnu/packages/libevent.scm +++ b/gnu/packages/libevent.scm @@ -121,23 +121,22 @@ programs.") (define-public libuv (package (name "libuv") - (version "1.14.1") + (version "1.18.0") (source (origin (method url-fetch) (uri (string-append "https://dist.libuv.org/dist/v" version "/libuv-v" version ".tar.gz")) (sha256 (base32 - "08kx4mzjsdv90n9pivqxqjxlxk5vaf9p33zzvx661dwfmp9468pk")))) + "125bzmzc32m52hd9iv8jvjlc7r3gadxgvp31a2fz2wlil16p7r2l")))) (build-system gnu-build-system) (arguments - '(#:phases (alist-cons-after - 'unpack 'autogen - (lambda _ - ;; Fashionable people don't run 'make dist' these days, so - ;; we need to do that ourselves. - (zero? (system* "sh" "autogen.sh"))) - %standard-phases) + '(#:phases (modify-phases %standard-phases + (add-after 'unpack 'autogen + (lambda _ + ;; Fashionable people don't run 'make dist' these days, so + ;; we need to do that ourselves. + (zero? (system* "sh" "autogen.sh"))))) ;; XXX: Some tests want /dev/tty, attempt to make connections, etc. #:tests? #f)) diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm index dfb1be6c4f..c2290b53af 100644 --- a/gnu/packages/libidn.scm +++ b/gnu/packages/libidn.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -38,7 +39,17 @@ ".tar.gz")) (sha256 (base32 - "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4")))) + "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4")) + (modules '((guix build utils))) + (snippet + '(begin + ;; The gnulib test-lock test is prone to writer starvation + ;; with our glibc@2.25, which prefers readers, so disable it. + ;; The gnulib commit b20e8afb0b2 should fix this once + ;; incorporated here. + (substitute* "lib/gltests/Makefile.in" + (("test-lock\\$\\(EXEEXT\\) ") "")) + #t)))) (build-system gnu-build-system) ;; FIXME: No Java and C# libraries are currently built. (synopsis "Internationalized string processing library") @@ -55,15 +66,14 @@ Java libraries.") (define-public libidn2 (package (name "libidn2") - (version "2.0.2") - (replacement libidn2-2.0.4) + (version "2.0.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/libidn/" name "-" version ".tar.lz")) (sha256 (base32 - "0pqaj8d01aj4i110669fincqs10kgynyqcrmq2q7pss8v9dcd1jq")))) + "00f2fyw5kwr9is3cdn5h9arzxp0lnvg0z9bb9zyfs0dq81gaqim4")))) (native-inputs `(("lzip" ,lzip))) (inputs @@ -75,19 +85,7 @@ the IDNA2008 specifications. Libidn2 is believed to be a complete IDNA2008 implementation, but has yet to be as extensively used as the original Libidn library.") (home-page "https://www.gnu.org/software/libidn/#libidn2") + (properties '((ftp-directory . "/gnu/libidn"))) ;; The command-line tool 'idn2' is GPL3+, while the library is dual-licensed ;; GPL2+ or LGPL3+. (license (list gpl2+ gpl3+ lgpl3+)))) - -(define-public libidn2-2.0.4 - (package - (inherit libidn2) - (name "libidn2") - (version "2.0.4") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/libidn/" name "-" version - ".tar.lz")) - (sha256 - (base32 - "00f2fyw5kwr9is3cdn5h9arzxp0lnvg0z9bb9zyfs0dq81gaqim4")))))) diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm index df02f68cea..1d421fb17d 100644 --- a/gnu/packages/libunistring.scm +++ b/gnu/packages/libunistring.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> +;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -31,7 +32,7 @@ (define-public libunistring (package (name "libunistring") - (version "0.9.7") + (version "0.9.8") (source (origin (method url-fetch) (uri (string-append @@ -39,11 +40,17 @@ version ".tar.xz")) (sha256 (base32 - "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf")) - ;; test-lock has performance issues on multi-core machines, - ;; it hangs or takes a long time to complete. - ;; This is a commit from gnulib to fix this issue. - (patches (search-patches "libunistring-gnulib-multi-core.patch")))) + "101gjj9q39pjlcaixylya6is5i7vlbnxr1w5w6raqvvhab7ki4vv")) + (modules '((guix build utils))) + (snippet + '(begin + ;; The gnulib test-lock test is prone to writer starvation + ;; with our glibc@2.25, which prefers readers, so disable it. + ;; The gnulib commit b20e8afb0b2 should fix this once + ;; incorporated here. + (substitute* "tests/Makefile.in" + (("test-lock\\$\\(EXEEXT\\) ") "")) + #t)))) (propagated-inputs (libiconv-if-needed)) (build-system gnu-build-system) (arguments diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 995864f33e..af4b63f278 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -156,13 +156,13 @@ defconfig. Return the appropriate make target if applicable, otherwise return (define-public linux-libre-headers (package (name "linux-libre-headers") - (version "4.4.47") + (version "4.9.59") (source (origin (method url-fetch) (uri (linux-libre-urls version)) (sha256 (base32 - "00zdq7swhvzbbnnhzizq6m34q5k4fycpcp215bmkbxh1ic76v7bs")))) + "0z8hq8a6ic38xh33idzl0k0yi4isgd7ncl2g1d6mzf9ixw5krhvc")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (arguments @@ -514,7 +514,7 @@ providing the system administrator with some help in common tasks.") (define-public util-linux (package (name "util-linux") - (version "2.30.1") + (version "2.31") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/linux/utils/" @@ -522,7 +522,7 @@ providing the system administrator with some help in common tasks.") name "-" version ".tar.xz")) (sha256 (base32 - "0hdq2fz405a89fyha4bgwg0rx8b65inxq17w8fg8qhmcj4x3dr0v")) + "12nw108xjhm63sh2n5a0qs33vpvbvb6rln96l9j50p7wykf7rgpr")) (patches (search-patches "util-linux-tests.patch")) (modules '((guix build utils))) (snippet @@ -539,6 +539,8 @@ providing the system administrator with some help in common tasks.") (arguments `(#:configure-flags (list "--disable-use-tty-group" "--enable-fs-paths-default=/run/current-system/profile/sbin" + ;; Don't try to chown root:root mount and umount + "--disable-makeinstall-chown" ;; Install completions where our ;; bash-completion package expects them. (string-append "--with-bashcompletiondir=" @@ -1195,16 +1197,6 @@ primary network configuration tools, but ifconfig is known to behave inadequately in modern network environments, and both should be deprecated.") (license license:gpl2+))) -;; There are two packages for net-tools. The first, net-tools, is more recent -;; and probably safer to use with untrusted inputs (i.e. the internet). The -;; second, net-tools-for-tests, is relatively old and buggy. It can be used in -;; package test suites and should never be referred to by a built package. Use -;; #:disallowed-references to enforce this. -;; -;; When we are able to rebuild many packages (i.e. core-updates), we can update -;; net-tools-for-tests if appropriate. -;; -;; See <https://bugs.gnu.org/27811> for more information. (define-public net-tools ;; XXX: This package is basically unmaintained, but it provides a few ;; commands not yet provided by Inetutils, such as 'route', so we have to @@ -1280,108 +1272,6 @@ network hardware types (plipconfig, slattach) and advanced aspects of IP configuration (iptunnel, ipmaddr).") (license license:gpl2+)))) -(define-public net-tools-for-tests - (hidden-package (package (inherit net-tools) - (version "1.60") - ;; Git depends on net-tools-for-tests via GnuTLS, so we can't use git-fetch - ;; here. We should find a better workaround for this problem so that we can - ;; use the latest upstream source. - (source (origin - (method url-fetch) - (uri (list (string-append - "mirror://sourceforge/net-tools/net-tools-" - version ".tar.bz2") - (string-append - "http://distro.ibiblio.org/rootlinux/rootlinux-ports" - "/base/net-tools/net-tools-1.60.tar.bz2"))) - (sha256 - (base32 - "0yvxrzk0mzmspr7sa34hm1anw6sif39gyn85w4c5ywfn8inxvr3s")) - (patches (search-patches "net-tools-bitrot.patch")))) - (build-system gnu-build-system) - (arguments - '(#:modules ((guix build gnu-build-system) - (guix build utils) - (srfi srfi-1) - (srfi srfi-26)) - #:phases (alist-cons-after - 'unpack 'patch - (lambda* (#:key inputs #:allow-other-keys) - (define (apply-patch file) - (zero? (system* "patch" "-p1" "--force" - "--input" file))) - - (let ((patch.gz (assoc-ref inputs "patch"))) - (format #t "applying Debian patch set '~a'...~%" - patch.gz) - (system (string-append "gunzip < " patch.gz " > the-patch")) - (and (apply-patch "the-patch") - (for-each apply-patch - (find-files "debian/patches" - "\\.patch"))))) - (alist-replace - 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (mkdir-p (string-append out "/bin")) - (mkdir-p (string-append out "/sbin")) - - ;; Pretend we have everything... - (system "yes | make config") - - ;; ... except for the things we don't have. - ;; HAVE_AFDECnet requires libdnet, which we don't have. - ;; HAVE_HWSTRIP and HAVE_HWTR require kernel headers - ;; that have been removed. - (substitute* '("config.make" "config.h") - (("^.*HAVE_(AFDECnet|HWSTRIP|HWTR)[ =]1.*$") "")))) - (alist-cons-after - 'install 'remove-redundant-commands - (lambda* (#:key outputs #:allow-other-keys) - ;; Remove commands and man pages redundant with - ;; Inetutils. - (let* ((out (assoc-ref outputs "out")) - (dup (append-map (cut find-files out <>) - '("^hostname" - "^(yp|nis|dns)?domainname")))) - (for-each delete-file dup) - #t)) - %standard-phases))) - - ;; Binaries that depend on libnet-tools.a don't declare that - ;; dependency, making it parallel-unsafe. - #:parallel-build? #f - - #:tests? #f ; no test suite - #:make-flags (let ((out (assoc-ref %outputs "out"))) - (list "CC=gcc" - (string-append "BASEDIR=" out) - (string-append "INSTALLNLSDIR=" out "/share/locale") - (string-append "mandir=/share/man"))))) - - ;; We added unzip to the net-tools package's native-inputs when - ;; switching its source from a Git checkout to a zip archive. We - ;; need to specify the native-inputs here to keep unzip out of the - ;; build of net-tools-for-tests, so that we don't have to rebuild - ;; many packages on the master branch. We can make - ;; net-tools-for-tests inherit directly from net-tools in the next - ;; core-updates cycle. - (native-inputs `(("gettext" ,gettext-minimal))) - - ;; Use the big Debian patch set (the thing does not even compile out of - ;; the box.) - ;; XXX The patch is not actually applied, due to a bug in the 'patch' phase - ;; above. However, this package variant is only used in GnuTLS's tests. It - ;; will be adjusted when convenient for the build farm. - ;; See <https://bugs.gnu.org/27811> for more information. - (inputs `(("patch" ,(origin - (method url-fetch) - (uri - "http://ftp.de.debian.org/debian/pool/main/n/net-tools/net-tools_1.60-24.2.diff.gz") - (sha256 - (base32 - "0p93lsqx23v5fv4hpbrydmfvw1ha2rgqpn2zqbs2jhxkzhjc030p"))))))))) - (define-public libcap (package (name "libcap") @@ -2058,30 +1948,50 @@ from the module-init-tools project.") ;; The post-systemd fork, maintained by Gentoo. (package (name "eudev") - (version "3.2.2") + (version "3.2.4") (source (origin (method url-fetch) - (uri (string-append - "http://dev.gentoo.org/~blueness/eudev/eudev-" - version ".tar.gz")) + (uri (string-append "https://github.com/gentoo/eudev/archive/v" + version ".zip")) + (file-name (string-append name "-" version ".zip")) (sha256 (base32 - "0qqgbgpm5wdllk0s04pf80nwc8pr93xazwri1bylm1f15zn5ck1y")) + "1r1ag0snarygrj5qqxi2xdq9w6g3sfjd5jx1b0fl7zmqlsz3vvxx")) (patches (search-patches "eudev-rules-directory.patch")))) (build-system gnu-build-system) (arguments - '(#:phases (modify-phases %standard-phases - (add-after 'install 'build-hwdb - (lambda* (#:key outputs #:allow-other-keys) - ;; Build OUT/etc/udev/hwdb.bin. This allows 'lsusb' and - ;; similar tools to display product names. - (let ((out (assoc-ref outputs "out"))) - (zero? (system* (string-append out "/bin/udevadm") - "hwdb" "--update")))))))) + '(#:phases + (modify-phases %standard-phases + (add-before 'configure 'bootstrap + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "man/make.sh" + (("/usr/bin/xsltproc") + (string-append (assoc-ref inputs "xsltproc") + "/bin/xsltproc"))) + ;; Manual pages are regenerated here. + (zero? (system* "./autogen.sh")))) + (add-after 'install 'build-hwdb + (lambda* (#:key outputs #:allow-other-keys) + ;; Build OUT/etc/udev/hwdb.bin. This allows 'lsusb' and + ;; similar tools to display product names. + (let ((out (assoc-ref outputs "out"))) + (zero? (system* (string-append out "/bin/udevadm") + "hwdb" "--update")))))) + #:configure-flags (list "--enable-manpages"))) (native-inputs - `(("pkg-config" ,pkg-config) + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("gperf" ,gperf) + ("libtool" ,libtool) + ("pkg-config" ,pkg-config) + ;; For tests. ("perl" ,perl) - ("gperf" ,gperf))) + ("python" ,python-wrapper) + ;; For documentation. + ("docbook-xml" ,docbook-xml-4.2) + ("docbook-xsl" ,docbook-xsl) + ("libxml2" ,libxml2) ;for $XML_CATALOG_FILES + ("xsltproc", libxslt))) (inputs ;; When linked against libblkid, eudev can populate /dev/disk/by-label ;; and similar; it also installs the '60-persistent-storage.rules' file, @@ -2633,7 +2543,9 @@ Command Translation} (SAT) are also supported.") which is used to enable and disable wireless networking devices, typically WLAN, Bluetooth and mobile broadband.") (license (license:non-copyleft "file://COPYING" - "See COPYING in the distribution.")))) + "See COPYING in the distribution.")) + ;; rfkill is part of util-linux as of 2.31. + (properties `((superseded . ,util-linux))))) (define-public acpi (package @@ -3056,16 +2968,14 @@ Bluetooth audio output devices like headphones or loudspeakers.") (string-append "--with-udevdir=" out "/lib/udev"))) #:phases (modify-phases %standard-phases - ,@(if (string=? (%current-system) "armhf-linux") - ;; This test fails unpredictably. - ;; TODO: skip it for all architectures. - `((add-before 'check 'skip-wonky-test - (lambda _ - (substitute* "unit/test-gatt.c" - (("tester_init\\(&argc, &argv\\);") "return 77;")) - #t))) - `()) - + ;; Test unit/test-gatt fails unpredictably. Seems to be a timing + ;; issue (discussion on upstream mailing list: + ;; https://marc.info/?t=149578476300002&r=1&w=2) + (add-before 'check 'skip-wonky-test + (lambda _ + (substitute* "unit/test-gatt.c" + (("tester_init\\(&argc, &argv\\);") "return 77;")) + #t)) (add-after 'install 'post-install (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 7216db0bda..f6ea4ffc91 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -2616,7 +2616,7 @@ parts of it.") (define-public openblas (package (name "openblas") - (version "0.2.19") + (version "0.2.20") (source (origin (method url-fetch) @@ -2625,10 +2625,10 @@ parts of it.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "071zqnmnxhh0c9phzyn3f198yxa0hjxda7016azdbq2056sm70w7")))) + "1bd03c5xni0bla0wg1wba841b36b0sg13sjja955kn5xzvy4i61a")))) (build-system gnu-build-system) (arguments - `(#:tests? #f ;no "check" target + `(#:test-target "test" ;; DYNAMIC_ARCH is only supported on x86. When it is disabled and no ;; TARGET is specified, OpenBLAS will tune itself to the build host, so ;; we need to disable substitutions. diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm index b6d2d7f4af..69272eb18a 100644 --- a/gnu/packages/multiprecision.scm +++ b/gnu/packages/multiprecision.scm @@ -87,13 +87,13 @@ cryptography and computational algebra.") (define-public mpfr (package (name "mpfr") - (version "3.1.5") + (version "3.1.6") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/mpfr/mpfr-" version ".tar.xz")) (sha256 (base32 - "1g32l2fg8f62lcyzzh88y3fsh6rk539qc6ahhdgvx7wpnf1dwpq1")))) + "0l598h9klpgkz2bp0rxiqb90mkqh9f2f81n5rpy191j00hdaqqks")))) (build-system gnu-build-system) (outputs '("out" "debug")) (propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h> diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm index 9f5905bc89..524252da75 100644 --- a/gnu/packages/ncurses.scm +++ b/gnu/packages/ncurses.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> +;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -38,12 +39,12 @@ (define-public ncurses (package (name "ncurses") - (version "6.0") + (version "6.0-20170930") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/ncurses/ncurses-" - version ".tar.gz")) - (patches (search-patches "ncurses-CVE-2017-10684-10685.patch")) + (car (string-split version #\-)) + ".tar.gz")) (sha256 (base32 "0q3jck7lna77z5r42f13c4xglc7azd19pxfrjrpgp2yf615w4lgm")))) @@ -71,6 +72,12 @@ (cons (string-append "--host=" target) configure-flags) configure-flags)))))) + (apply-rollup-patch-phase + '(lambda* (#:key inputs #:allow-other-keys) + (copy-file (assoc-ref inputs "rollup-patch") + (string-append (getcwd) "/rollup-patch.sh.bz2")) + (and (zero? (system* "bzip2" "-d" "rollup-patch.sh.bz2")) + (zero? (system* "sh" "rollup-patch.sh"))))) (remove-shebang-phase '(lambda _ ;; To avoid retaining a reference to the bootstrap Bash via the @@ -166,6 +173,8 @@ ,@(if (target-mingw?) '("--enable-term-driver") '())))) #:tests? #f ; no "check" target #:phases (modify-phases %standard-phases + (add-after 'unpack 'apply-rollup-patch + ,apply-rollup-patch-phase) (replace 'configure ,configure-phase) (add-after 'install 'post-install ,post-install-phase) @@ -174,8 +183,23 @@ (add-after 'unpack 'remove-unneeded-shebang ,remove-shebang-phase))))) (self-native-input? #t) ; for `tic' - (native-inputs - `(("pkg-config" ,pkg-config))) + (native-inputs + `(("pkg-config" ,pkg-config) + + ;; Ncurses distributes "stable" patchsets to be applied on top + ;; of the release tarball. These are only available as shell + ;; scripts(!) so we decompress and apply them in a phase. + ;; See <https://invisible-mirror.net/archives/ncurses/6.0/README>. + ("rollup-patch" + ,(origin + (method url-fetch) + (uri (string-append + "https://invisible-mirror.net/archives/ncurses/" + (car (string-split version #\-)) + "/ncurses-" version "-patch.sh.bz2")) + (sha256 + (base32 + "08a1pp8wnj1fwpa1pz3fgrmd6xwp21idniswqz8lx3w3z2nb4ydi")))))) (native-search-paths (list (search-path-specification (variable "TERMINFO_DIRS") diff --git a/gnu/packages/nettle.scm b/gnu/packages/nettle.scm index e4e0eedc05..67a3062a5a 100644 --- a/gnu/packages/nettle.scm +++ b/gnu/packages/nettle.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -60,14 +61,14 @@ themselves.") ;; This version is not API-compatible with version 2. In particular, lsh ;; cannot use it yet. So keep it separate. (package (inherit nettle-2) - (version "3.3") + (version "3.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/nettle/nettle-" version ".tar.gz")) (sha256 (base32 - "07mif3af077763vc35s1x8vzhzlgqcgxh67c1xr13jnhslkjd526")))) + "150y8655h629wn946dvzasq16qxsc1m9nf58mifvhl350bgl4ymf")))) (arguments (substitute-keyword-arguments (package-arguments nettle-2) ((#:configure-flags flags) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index a1fb3b9cf7..ed6b5c29ac 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -35,6 +35,7 @@ #:use-module (gnu packages guile) #:use-module (gnu packages file) #:use-module (gnu packages backup) + #:use-module (gnu packages bootstrap) ;for 'bootstrap-guile-origin' #:use-module (gnu packages check) #:use-module (gnu packages compression) #:use-module (gnu packages gnupg) @@ -244,39 +245,19 @@ ("graphviz" ,graphviz) ("help2man" ,help2man))) (inputs - (let ((boot-guile (lambda (arch hash) - (origin - (method url-fetch) - (uri (boot-guile-uri arch)) - (sha256 hash))))) - `(("bzip2" ,bzip2) - ("gzip" ,gzip) - ("zlib" ,zlib) ;for 'guix publish' - - ("sqlite" ,sqlite) - ("libgcrypt" ,libgcrypt) - ("guile" ,guile-2.2) - - ("boot-guile/i686" - ,(boot-guile "i686" - (base32 - "0im800m30abgh7msh331pcbjvb4n02smz5cfzf1srv0kpx3csmxp"))) - ("boot-guile/x86_64" - ,(boot-guile "x86_64" - (base32 - "1w2p5zyrglzzniqgvyn1b55vprfzhgk8vzbzkkbdgl5248si0yq3"))) - ("boot-guile/mips64el" - ,(boot-guile "mips64el" - (base32 - "0fzp93lvi0hn54acc0fpvhc7bvl0yc853k62l958cihk03q80ilr"))) - ("boot-guile/armhf" - ,(boot-guile "armhf" - (base32 - "1mi3brl7l58aww34rawhvja84xc7l1b4hmwdmc36fp9q9mfx0lg5"))) - ("boot-guile/aarch64" - ,(boot-guile "aarch64" - (base32 - "1giy2aprjmn5fp9c4s9r125fljw4wv6ixy5739i5bffw4jgr0f9r")))))) + `(("bzip2" ,bzip2) + ("gzip" ,gzip) + ("zlib" ,zlib) ;for 'guix publish' + + ("sqlite" ,sqlite) + ("libgcrypt" ,libgcrypt) + ("guile" ,guile-2.2) + + ("boot-guile/i686" ,(bootstrap-guile-origin "i686-linux")) + ("boot-guile/x86_64" ,(bootstrap-guile-origin "x86_64-linux")) + ("boot-guile/mips64el" ,(bootstrap-guile-origin "mips64el-linux")) + ("boot-guile/armhf" ,(bootstrap-guile-origin "armhf-linux")) + ("boot-guile/aarch64" ,(bootstrap-guile-origin "aarch64-linux")))) (propagated-inputs `(("gnutls" ,gnutls) ("guile-json" ,guile-json) diff --git a/gnu/packages/patches/acl-fix-perl-regex.patch b/gnu/packages/patches/acl-fix-perl-regex.patch new file mode 100644 index 0000000000..f682abc058 --- /dev/null +++ b/gnu/packages/patches/acl-fix-perl-regex.patch @@ -0,0 +1,22 @@ +This can be removed with the next acl release + +--- + test/run | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/run b/test/run +index 2cf52e8..4627cd2 100755 +--- a/test/run ++++ b/test/run +@@ -70,7 +70,7 @@ for (;;) { + if (defined $line) { + # Substitute %VAR and %{VAR} with environment variables. + $line =~ s[%(\w+)][$ENV{$1}]eg; +- $line =~ s[%{(\w+)}][$ENV{$1}]eg; ++ $line =~ s[%\{(\w+)\}][$ENV{$1}]eg; + } + if (defined $line) { + if ($line =~ s/^\s*< ?//) { +-- +2.15.0 + diff --git a/gnu/packages/patches/automake-regexp-syntax.patch b/gnu/packages/patches/automake-regexp-syntax.patch deleted file mode 100644 index 2e965c8c50..0000000000 --- a/gnu/packages/patches/automake-regexp-syntax.patch +++ /dev/null @@ -1,34 +0,0 @@ -From <https://lists.gnu.org/archive/html/automake-patches/2015-07/msg00000.html>. -See also <http://bugs.gnu.org/22372>. - -From 34163794a58b5bd91c5d6bd9adf5437571c7a479 Mon Sep 17 00:00:00 2001 -From: Pavel Raiskup <praiskup@redhat.com> -Date: Tue, 7 Jul 2015 10:54:24 +0200 -Subject: [PATCH] bin/automake: escape '{' in regexp pattern - -Based on perlre(1) documentation: -.. in Perl v5.26, literal uses of a curly bracket will be required -to be escaped, say by preceding them with a backslash ("\{" ) or -enclosing them within square brackets ("[{]") .. - -References: -https://bugzilla.redhat.com/1239379 - -* bin/automake.in (substitute_ac_subst_variables): Escape the -occurrence of '{' character. ---- - bin/automake.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bin/automake.in b/bin/automake.in -index 0c29184..c294ced 100644 ---- a/bin/automake.in -+++ b/bin/automake.in -@@ -3898,7 +3898,7 @@ sub substitute_ac_subst_variables_worker - sub substitute_ac_subst_variables - { - my ($text) = @_; -- $text =~ s/\${([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge; -+ $text =~ s/\$\{([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge; - return $text; - } diff --git a/gnu/packages/patches/automake-test-gzip-warning.patch b/gnu/packages/patches/automake-test-gzip-warning.patch deleted file mode 100644 index bcc9c207ae..0000000000 --- a/gnu/packages/patches/automake-test-gzip-warning.patch +++ /dev/null @@ -1,17 +0,0 @@ -Adjust test to ignore gzip 1.8+ warnings. - ---- automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:36:26.554218552 +0200 -+++ automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:37:52.903157770 +0200 -@@ -49,7 +49,11 @@ grep "cannot find sources.* in foobar" s - - ./configure - run_make -E -O distcheck --test ! -s stderr -+ -+# Gzip 1.8+ emits warnings like "gzip: warning: GZIP environment -+# variable is deprecated"; filter them out. -+test `grep -v '^gzip: warning' stderr | wc -l` -eq 0 -+ - # Sanity check: the flags have been actually seen. - $PERL -e 'undef $/; $_ = <>; s/ \\\n/ /g; print;' <stdout >t - grep '/configure .* --srcdir am-src' t || exit 99 diff --git a/gnu/packages/patches/avahi-localstatedir.patch b/gnu/packages/patches/avahi-localstatedir.patch index 76377d1057..a531e99b67 100644 --- a/gnu/packages/patches/avahi-localstatedir.patch +++ b/gnu/packages/patches/avahi-localstatedir.patch @@ -2,11 +2,11 @@ Don't "mkdir $(localstatedir)" since we can't do it (/var). --- avahi-0.6.27/avahi-daemon/Makefile.in 2010-07-13 05:06:35.000000000 +0200 +++ avahi-0.6.27/avahi-daemon/Makefile.in 2010-07-13 18:03:45.000000000 +0200 -@@ -1554,7 +1554,6 @@ xmllint: +@@ -1625,7 +1625,6 @@ done install-data-local: -- test -z "$(localstatedir)/run" || $(mkdir_p) "$(DESTDIR)$(localstatedir)/run" +- test -z "$(avahi_runtime_dir)" || $(MKDIR_P) "$(DESTDIR)$(avahi_runtime_dir)" update-systemd: curl http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c > sd-daemon.c diff --git a/gnu/packages/patches/coreutils-cut-huge-range-test.patch b/gnu/packages/patches/coreutils-cut-huge-range-test.patch deleted file mode 100644 index e3a0ef28eb..0000000000 --- a/gnu/packages/patches/coreutils-cut-huge-range-test.patch +++ /dev/null @@ -1,33 +0,0 @@ -This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our -the build environment chroot, as reported at <https://bugs.gnu.org/26253>, -and now on x86_64-linux-gnu as well. It is a variant of this upstream patch: - - commit f5422009389678680dba9ff4ecb7d33632ee3383 - Author: Ludovic Courtès <ludo@gnu.org> - Date: Mon Mar 27 20:34:39 2017 -0700 - - tests: avoid false ulimit failure on some systems - - * tests/misc/cut-huge-range.sh: On some systems returns_ may - use more memory, so incorporate that in the determination - of the ulimit value to use. Noticed on ARMv7 with bash-4.4.12, - and x86_64 with bash-4.2.37. - Fixes http://bugs.gnu.org/26253 - -... which appeared to be insufficient. - -diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh -index 6b3c5b6ed..55b7b640e 100755 ---- a/tests/misc/cut-huge-range.sh -+++ b/tests/misc/cut-huge-range.sh -@@ -20,9 +20,9 @@ - print_ver_ cut - getlimits_ - --vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \ -+vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \ - || skip_ "this shell lacks ulimit support" - vm=$(($vm + 1000)) # avoid spurious failures - - # sed script to subtract one from the input. - # Each input line should consist of a positive decimal number. diff --git a/gnu/packages/patches/findutils-gnulib-multi-core.patch b/gnu/packages/patches/findutils-gnulib-multi-core.patch deleted file mode 100644 index 5a37f4f1f9..0000000000 --- a/gnu/packages/patches/findutils-gnulib-multi-core.patch +++ /dev/null @@ -1,294 +0,0 @@ -This patch fixes performance problems on multi-core machines -as reported at <https://bugs.gnu.org/26441>. - -See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib -by Bruno Haible <bruno@clisp.org>. - -diff --git a/tests/test-lock.c b/tests/test-lock.c -index a992f64..fb18dee 100644 ---- a/tests/test-lock.c -+++ b/tests/test-lock.c -@@ -1,5 +1,5 @@ - /* Test of locking in multithreaded situations. -- Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc. -+ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -@@ -50,6 +50,28 @@ - Uncomment this to see if the operating system has a fair scheduler. */ - #define EXPLICIT_YIELD 1 - -+/* Whether to use 'volatile' on some variables that communicate information -+ between threads. If set to 0, a semaphore or a lock is used to protect -+ these variables. If set to 1, 'volatile' is used; this is theoretically -+ equivalent but can lead to much slower execution (e.g. 30x slower total -+ run time on a 40-core machine), because 'volatile' does not imply any -+ synchronization/communication between different CPUs. */ -+#define USE_VOLATILE 0 -+ -+#if USE_POSIX_THREADS && HAVE_SEMAPHORE_H -+/* Whether to use a semaphore to communicate information between threads. -+ If set to 0, a lock is used. If set to 1, a semaphore is used. -+ Uncomment this to reduce the dependencies of this test. */ -+# define USE_SEMAPHORE 1 -+/* Mac OS X provides only named semaphores (sem_open); its facility for -+ unnamed semaphores (sem_init) does not work. */ -+# if defined __APPLE__ && defined __MACH__ -+# define USE_NAMED_SEMAPHORE 1 -+# else -+# define USE_UNNAMED_SEMAPHORE 1 -+# endif -+#endif -+ - /* Whether to print debugging messages. */ - #define ENABLE_DEBUGGING 0 - -@@ -90,6 +112,12 @@ - - #include "glthread/thread.h" - #include "glthread/yield.h" -+#if USE_SEMAPHORE -+# include <errno.h> -+# include <fcntl.h> -+# include <semaphore.h> -+# include <unistd.h> -+#endif - - #if ENABLE_DEBUGGING - # define dbgprintf printf -@@ -103,6 +131,132 @@ - # define yield() - #endif - -+#if USE_VOLATILE -+struct atomic_int { -+ volatile int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ return ai->value; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ ai->value = new_value; -+} -+#elif USE_SEMAPHORE -+/* This atomic_int implementation can only support the values 0 and 1. -+ It is initially 0 and can be set to 1 only once. */ -+# if USE_UNNAMED_SEMAPHORE -+struct atomic_int { -+ sem_t semaphore; -+}; -+#define atomic_int_semaphore(ai) (&(ai)->semaphore) -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ sem_init (&ai->semaphore, 0, 0); -+} -+# endif -+# if USE_NAMED_SEMAPHORE -+struct atomic_int { -+ sem_t *semaphore; -+}; -+#define atomic_int_semaphore(ai) ((ai)->semaphore) -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ sem_t *s; -+ unsigned int count; -+ for (count = 0; ; count++) -+ { -+ char name[80]; -+ /* Use getpid() in the name, so that different processes running at the -+ same time will not interfere. Use ai in the name, so that different -+ atomic_int in the same process will not interfere. Use a count in -+ the name, so that even in the (unlikely) case that a semaphore with -+ the specified name already exists, we can try a different name. */ -+ sprintf (name, "test-lock-%lu-%p-%u", -+ (unsigned long) getpid (), ai, count); -+ s = sem_open (name, O_CREAT | O_EXCL, 0600, 0); -+ if (s == SEM_FAILED) -+ { -+ if (errno == EEXIST) -+ /* Retry with a different name. */ -+ continue; -+ else -+ { -+ perror ("sem_open failed"); -+ abort (); -+ } -+ } -+ else -+ { -+ /* Try not to leave a semaphore hanging around on the file system -+ eternally, if we can avoid it. */ -+ sem_unlink (name); -+ break; -+ } -+ } -+ ai->semaphore = s; -+} -+# endif -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ if (sem_trywait (atomic_int_semaphore (ai)) == 0) -+ { -+ if (sem_post (atomic_int_semaphore (ai))) -+ abort (); -+ return 1; -+ } -+ else if (errno == EAGAIN) -+ return 0; -+ else -+ abort (); -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ if (new_value == 0) -+ /* It's already initialized with 0. */ -+ return; -+ /* To set the value 1: */ -+ if (sem_post (atomic_int_semaphore (ai))) -+ abort (); -+} -+#else -+struct atomic_int { -+ gl_lock_define (, lock) -+ int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ gl_lock_init (ai->lock); -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ gl_lock_lock (ai->lock); -+ int ret = ai->value; -+ gl_lock_unlock (ai->lock); -+ return ret; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ gl_lock_lock (ai->lock); -+ ai->value = new_value; -+ gl_lock_unlock (ai->lock); -+} -+#endif -+ - #define ACCOUNT_COUNT 4 - - static int account[ACCOUNT_COUNT]; -@@ -170,12 +324,12 @@ lock_mutator_thread (void *arg) - return NULL; - } - --static volatile int lock_checker_done; -+static struct atomic_int lock_checker_done; - - static void * - lock_checker_thread (void *arg) - { -- while (!lock_checker_done) -+ while (get_atomic_int_value (&lock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_lock_lock (my_lock); -@@ -200,7 +354,8 @@ test_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- lock_checker_done = 0; -+ init_atomic_int (&lock_checker_done); -+ set_atomic_int_value (&lock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (lock_checker_thread, NULL); -@@ -210,7 +365,7 @@ test_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- lock_checker_done = 1; -+ set_atomic_int_value (&lock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } -@@ -254,12 +409,12 @@ rwlock_mutator_thread (void *arg) - return NULL; - } - --static volatile int rwlock_checker_done; -+static struct atomic_int rwlock_checker_done; - - static void * - rwlock_checker_thread (void *arg) - { -- while (!rwlock_checker_done) -+ while (get_atomic_int_value (&rwlock_checker_done) == 0) - { - dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); - gl_rwlock_rdlock (my_rwlock); -@@ -284,7 +439,8 @@ test_rwlock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- rwlock_checker_done = 0; -+ init_atomic_int (&rwlock_checker_done); -+ set_atomic_int_value (&rwlock_checker_done, 0); - - /* Spawn the threads. */ - for (i = 0; i < THREAD_COUNT; i++) -@@ -295,7 +451,7 @@ test_rwlock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- rwlock_checker_done = 1; -+ set_atomic_int_value (&rwlock_checker_done, 1); - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (checkerthreads[i], NULL); - check_accounts (); -@@ -356,12 +512,12 @@ reclock_mutator_thread (void *arg) - return NULL; - } - --static volatile int reclock_checker_done; -+static struct atomic_int reclock_checker_done; - - static void * - reclock_checker_thread (void *arg) - { -- while (!reclock_checker_done) -+ while (get_atomic_int_value (&reclock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_recursive_lock_lock (my_reclock); -@@ -386,7 +542,8 @@ test_recursive_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- reclock_checker_done = 0; -+ init_atomic_int (&reclock_checker_done); -+ set_atomic_int_value (&reclock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (reclock_checker_thread, NULL); -@@ -396,7 +553,7 @@ test_recursive_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- reclock_checker_done = 1; -+ set_atomic_int_value (&reclock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } diff --git a/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch deleted file mode 100644 index 74b10c4a44..0000000000 --- a/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch +++ /dev/null @@ -1,20 +0,0 @@ -Add missing include that triggers a build failure on PowerPC: - - ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc: In function ‘bool __asan::AsanInterceptsSignal(int)’: - ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc:222:20: error: ‘SIGSEGV’ was not declared in this scope - return signum == SIGSEGV && common_flags()->handle_segv; - ^ -From <https://patchwork.ozlabs.org/patch/725596/>. - -diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc -index c504168..59087b9 100644 ---- a/libsanitizer/asan/asan_linux.cc -+++ b/libsanitizer/asan/asan_linux.cc -@@ -29,6 +29,7 @@ - #include <dlfcn.h> - #include <fcntl.h> - #include <pthread.h> -+#include <signal.h> - #include <stdio.h> - #include <unistd.h> - #include <unwind.h> diff --git a/gnu/packages/patches/gcc-fix-texi2pod.patch b/gnu/packages/patches/gcc-fix-texi2pod.patch new file mode 100644 index 0000000000..28bd56a382 --- /dev/null +++ b/gnu/packages/patches/gcc-fix-texi2pod.patch @@ -0,0 +1,19 @@ +This patch was taken from the official GCC git repository. +X-Git-Url: https://gcc.gnu.org/git/?p=gcc.git;a=blobdiff_plain;f=contrib%2Ftexi2pod.pl;h=91bdbb5cea933d0381f2924ab94490fca31d5800;hp=eba1bcaa3cffa78b46030b219d04fe7d68367658;hb=67b56c905078d49d3e4028085e5cb1e1fb87a8aa;hpb=2f508a78310caab123e9794d3dcfe41f2769449b + +It fixes a defect in the contrib/texi2pod.pl script that prevented generating +manual pages. It was corrected in the GCC 6.X series. + +diff --git a/contrib/texi2pod.pl b/contrib/texi2pod.pl +index eba1bca..91bdbb5 100755 +--- a/contrib/texi2pod.pl ++++ b/contrib/texi2pod.pl +@@ -316,7 +316,7 @@ while(<$inf>) { + @columns = (); + for $column (split (/\s*\@tab\s*/, $1)) { + # @strong{...} is used a @headitem work-alike +- $column =~ s/^\@strong{(.*)}$/$1/; ++ $column =~ s/^\@strong\{(.*)\}$/$1/; + push @columns, $column; + } + $_ = "\n=item ".join (" : ", @columns)."\n"; diff --git a/gnu/packages/patches/gettext-gnulib-multi-core.patch b/gnu/packages/patches/gettext-gnulib-multi-core.patch deleted file mode 100644 index 5ccdbe4ca1..0000000000 --- a/gnu/packages/patches/gettext-gnulib-multi-core.patch +++ /dev/null @@ -1,178 +0,0 @@ -This patch fixes performance problems on multi-core machines -as reported at <https://bugs.gnu.org/26441>. - -See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib -by Bruno Haible <bruno@clisp.org>. - -diff --git a/gettext-tools/gnulib-tests/test-lock.c b/gettext-tools/gnulib-tests/test-lock.c -index cb734b4e6..aa6de2739 100644 ---- a/gettext-tools/gnulib-tests/test-lock.c -+++ b/gettext-tools/gnulib-tests/test-lock.c -@@ -50,6 +50,13 @@ - Uncomment this to see if the operating system has a fair scheduler. */ - #define EXPLICIT_YIELD 1 - -+/* Whether to use 'volatile' on some variables that communicate information -+ between threads. If set to 0, a lock is used to protect these variables. -+ If set to 1, 'volatile' is used; this is theoretically equivalent but can -+ lead to much slower execution (e.g. 30x slower total run time on a 40-core -+ machine. */ -+#define USE_VOLATILE 0 -+ - /* Whether to print debugging messages. */ - #define ENABLE_DEBUGGING 0 - -@@ -103,6 +110,51 @@ - # define yield() - #endif - -+#if USE_VOLATILE -+struct atomic_int { -+ volatile int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ return ai->value; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ ai->value = new_value; -+} -+#else -+struct atomic_int { -+ gl_lock_define (, lock) -+ int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ gl_lock_init (ai->lock); -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ gl_lock_lock (ai->lock); -+ int ret = ai->value; -+ gl_lock_unlock (ai->lock); -+ return ret; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ gl_lock_lock (ai->lock); -+ ai->value = new_value; -+ gl_lock_unlock (ai->lock); -+} -+#endif -+ - #define ACCOUNT_COUNT 4 - - static int account[ACCOUNT_COUNT]; -@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg) - return NULL; - } - --static volatile int lock_checker_done; -+static struct atomic_int lock_checker_done; - - static void * - lock_checker_thread (void *arg) - { -- while (!lock_checker_done) -+ while (get_atomic_int_value (&lock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_lock_lock (my_lock); -@@ -200,7 +252,8 @@ test_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- lock_checker_done = 0; -+ init_atomic_int (&lock_checker_done); -+ set_atomic_int_value (&lock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (lock_checker_thread, NULL); -@@ -210,7 +263,7 @@ test_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- lock_checker_done = 1; -+ set_atomic_int_value (&lock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } -@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg) - return NULL; - } - --static volatile int rwlock_checker_done; -+static struct atomic_int rwlock_checker_done; - - static void * - rwlock_checker_thread (void *arg) - { -- while (!rwlock_checker_done) -+ while (get_atomic_int_value (&rwlock_checker_done) == 0) - { - dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); - gl_rwlock_rdlock (my_rwlock); -@@ -284,7 +337,8 @@ test_rwlock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- rwlock_checker_done = 0; -+ init_atomic_int (&rwlock_checker_done); -+ set_atomic_int_value (&rwlock_checker_done, 0); - - /* Spawn the threads. */ - for (i = 0; i < THREAD_COUNT; i++) -@@ -295,7 +349,7 @@ test_rwlock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- rwlock_checker_done = 1; -+ set_atomic_int_value (&rwlock_checker_done, 1); - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (checkerthreads[i], NULL); - check_accounts (); -@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg) - return NULL; - } - --static volatile int reclock_checker_done; -+static struct atomic_int reclock_checker_done; - - static void * - reclock_checker_thread (void *arg) - { -- while (!reclock_checker_done) -+ while (get_atomic_int_value (&reclock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_recursive_lock_lock (my_reclock); -@@ -386,7 +440,8 @@ test_recursive_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- reclock_checker_done = 0; -+ init_atomic_int (&reclock_checker_done); -+ set_atomic_int_value (&reclock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (reclock_checker_thread, NULL); -@@ -396,7 +451,7 @@ test_recursive_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- reclock_checker_done = 1; -+ set_atomic_int_value (&reclock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } diff --git a/gnu/packages/patches/gettext-multi-core.patch b/gnu/packages/patches/gettext-multi-core.patch deleted file mode 100644 index 31a378cfd0..0000000000 --- a/gnu/packages/patches/gettext-multi-core.patch +++ /dev/null @@ -1,185 +0,0 @@ -This patch fixes performance problems on multi-core machines -as reported at <https://bugs.gnu.org/26441>. - -See commit 1afbcb06fded2a427b761dd1615b1e48e1e853cc in Gettext -by Bruno Haible <bruno@clisp.org>. - -diff --git a/gettext-runtime/tests/test-lock.c b/gettext-runtime/tests/test-lock.c -index d279d1d60..51cec3d6b 100644 ---- a/gettext-runtime/tests/test-lock.c -+++ b/gettext-runtime/tests/test-lock.c -@@ -1,5 +1,5 @@ - /* Test of locking in multithreaded situations. -- Copyright (C) 2005, 2008-2016 Free Software Foundation, Inc. -+ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as published by -@@ -50,6 +50,13 @@ - Uncomment this to see if the operating system has a fair scheduler. */ - #define EXPLICIT_YIELD 1 - -+/* Whether to use 'volatile' on some variables that communicate information -+ between threads. If set to 0, a lock is used to protect these variables. -+ If set to 1, 'volatile' is used; this is theoretically equivalent but can -+ lead to much slower execution (e.g. 30x slower total run time on a 40-core -+ machine. */ -+#define USE_VOLATILE 0 -+ - /* Whether to print debugging messages. */ - #define ENABLE_DEBUGGING 0 - -@@ -214,6 +221,51 @@ static inline void * gl_thread_self_pointer (void) - # define yield() - #endif - -+#if USE_VOLATILE -+struct atomic_int { -+ volatile int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ return ai->value; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ ai->value = new_value; -+} -+#else -+struct atomic_int { -+ gl_lock_define (, lock) -+ int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ gl_lock_init (ai->lock); -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ gl_lock_lock (ai->lock); -+ int ret = ai->value; -+ gl_lock_unlock (ai->lock); -+ return ret; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ gl_lock_lock (ai->lock); -+ ai->value = new_value; -+ gl_lock_unlock (ai->lock); -+} -+#endif -+ - #define ACCOUNT_COUNT 4 - - static int account[ACCOUNT_COUNT]; -@@ -281,12 +333,12 @@ lock_mutator_thread (void *arg) - return NULL; - } - --static volatile int lock_checker_done; -+static struct atomic_int lock_checker_done; - - static void * - lock_checker_thread (void *arg) - { -- while (!lock_checker_done) -+ while (get_atomic_int_value (&lock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_lock_lock (my_lock); -@@ -311,7 +363,8 @@ test_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- lock_checker_done = 0; -+ init_atomic_int (&lock_checker_done); -+ set_atomic_int_value (&lock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (lock_checker_thread, NULL); -@@ -321,7 +374,7 @@ test_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- lock_checker_done = 1; -+ set_atomic_int_value (&lock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } -@@ -365,12 +418,12 @@ rwlock_mutator_thread (void *arg) - return NULL; - } - --static volatile int rwlock_checker_done; -+static struct atomic_int rwlock_checker_done; - - static void * - rwlock_checker_thread (void *arg) - { -- while (!rwlock_checker_done) -+ while (get_atomic_int_value (&rwlock_checker_done) == 0) - { - dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); - gl_rwlock_rdlock (my_rwlock); -@@ -395,7 +448,8 @@ test_rwlock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- rwlock_checker_done = 0; -+ init_atomic_int (&rwlock_checker_done); -+ set_atomic_int_value (&rwlock_checker_done, 0); - - /* Spawn the threads. */ - for (i = 0; i < THREAD_COUNT; i++) -@@ -406,7 +460,7 @@ test_rwlock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- rwlock_checker_done = 1; -+ set_atomic_int_value (&rwlock_checker_done, 1); - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (checkerthreads[i], NULL); - check_accounts (); -@@ -467,12 +521,12 @@ reclock_mutator_thread (void *arg) - return NULL; - } - --static volatile int reclock_checker_done; -+static struct atomic_int reclock_checker_done; - - static void * - reclock_checker_thread (void *arg) - { -- while (!reclock_checker_done) -+ while (get_atomic_int_value (&reclock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_recursive_lock_lock (my_reclock); -@@ -497,7 +551,8 @@ test_recursive_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- reclock_checker_done = 0; -+ init_atomic_int (&reclock_checker_done); -+ set_atomic_int_value (&reclock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (reclock_checker_thread, NULL); -@@ -507,7 +562,7 @@ test_recursive_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- reclock_checker_done = 1; -+ set_atomic_int_value (&reclock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch deleted file mode 100644 index d38bd593c0..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch +++ /dev/null @@ -1,195 +0,0 @@ -Fix CVE-2017-8291: - -https://bugs.ghostscript.com/show_bug.cgi?id=697799 -https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291 - -Patches copied from upstream source repository: - -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad - -From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 27 Apr 2017 13:03:33 +0100 -Subject: [PATCH] Bug 697799: have .eqproc check its parameters - -The Ghostscript custom operator .eqproc was not check the number or type of -the parameters it was given. ---- - psi/zmisc3.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 54b304246..37293ff4b 100644 ---- a/psi/zmisc3.c -+++ b/psi/zmisc3.c -@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) - ref2_t stack[MAX_DEPTH + 1]; - ref2_t *top = stack; - -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(gs_error_stackunderflow); -+ if (!r_is_array(op - 1) || !r_is_array(op)) { -+ return_error(gs_error_typecheck); -+ } -+ - make_array(&stack[0].proc1, 0, 1, op - 1); - make_array(&stack[0].proc2, 0, 1, op); - for (;;) { --- -2.13.0 - -From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 27 Apr 2017 13:21:31 +0100 -Subject: [PATCH] Bug 697799: have .rsdparams check its parameters - -The Ghostscript internal operator .rsdparams wasn't checking the number or -type of the operands it was being passed. Do so. ---- - psi/zfrsd.c | 22 +++++++++++++++------- - 1 file changed, 15 insertions(+), 7 deletions(-) - -diff --git a/psi/zfrsd.c b/psi/zfrsd.c -index 191107d8a..950588d69 100644 ---- a/psi/zfrsd.c -+++ b/psi/zfrsd.c -@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p) - ref *pFilter; - ref *pDecodeParms; - int Intent = 0; -- bool AsyncRead; -+ bool AsyncRead = false; - ref empty_array, filter1_array, parms1_array; - uint i; -- int code; -+ int code = 0; -+ -+ if (ref_stack_count(&o_stack) < 1) -+ return_error(gs_error_stackunderflow); -+ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { -+ return_error(gs_error_typecheck); -+ } - - make_empty_array(&empty_array, a_readonly); -- if (dict_find_string(op, "Filter", &pFilter) > 0) { -+ if (r_has_type(op, t_dictionary) -+ && dict_find_string(op, "Filter", &pFilter) > 0) { - if (!r_is_array(pFilter)) { - if (!r_has_type(pFilter, t_name)) - return_error(gs_error_typecheck); -@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p) - return_error(gs_error_typecheck); - } - } -- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); -+ if (r_has_type(op, t_dictionary)) -+ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); - if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */ - return code; -- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0 -- ) -- return code; -+ if (r_has_type(op, t_dictionary)) -+ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0) -+ return code; - push(1); - op[-1] = *pFilter; - if (pDecodeParms) --- -2.13.0 - -From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 3 May 2017 12:05:45 +0100 -Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc) - -When using the "DELAYBIND" feature, it turns out that .eqproc can be called with -parameters that are not both procedures. In this case, it turns out, the -expectation is for the operator to return 'false', rather than throw an error. ---- - psi/zmisc3.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 37293ff4b..3f01d39a3 100644 ---- a/psi/zmisc3.c -+++ b/psi/zmisc3.c -@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p) - return gs_cliprestore(igs); - } - -+static inline bool -+eqproc_check_type(ref *r) -+{ -+ return r_has_type(r, t_array) -+ || r_has_type(r, t_mixedarray) -+ || r_has_type(r, t_shortarray) -+ || r_has_type(r, t_oparray); -+} -+ - /* <proc1> <proc2> .eqproc <bool> */ - /* - * Test whether two procedures are equal to depth 10. -@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p) - - if (ref_stack_count(&o_stack) < 2) - return_error(gs_error_stackunderflow); -- if (!r_is_array(op - 1) || !r_is_array(op)) { -- return_error(gs_error_typecheck); -+ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { -+ make_false(op - 1); -+ pop(1); -+ return 0; - } - - make_array(&stack[0].proc1, 0, 1, op - 1); --- -2.13.0 - -From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 11 May 2017 14:07:48 +0100 -Subject: [PATCH] Bug 697892: fix check for op stack underflow. - -In the original fix, I used the wrong method to check for stack underflow, this -is using the correct method. ---- - psi/zfrsd.c | 3 +-- - psi/zmisc3.c | 3 +-- - 2 files changed, 2 insertions(+), 4 deletions(-) - -diff --git a/psi/zfrsd.c b/psi/zfrsd.c -index 950588d69..9c035b96d 100644 ---- a/psi/zfrsd.c -+++ b/psi/zfrsd.c -@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p) - uint i; - int code = 0; - -- if (ref_stack_count(&o_stack) < 1) -- return_error(gs_error_stackunderflow); -+ check_op(1); - if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { - return_error(gs_error_typecheck); - } -diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 3f01d39a3..43803b55b 100644 ---- a/psi/zmisc3.c -+++ b/psi/zmisc3.c -@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p) - ref2_t stack[MAX_DEPTH + 1]; - ref2_t *top = stack; - -- if (ref_stack_count(&o_stack) < 2) -- return_error(gs_error_stackunderflow); -+ check_op(2); - if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { - make_false(op - 1); - pop(1); --- -2.13.0 - diff --git a/gnu/packages/patches/glib-respect-datadir.patch b/gnu/packages/patches/glib-respect-datadir.patch new file mode 100644 index 0000000000..309ce9fc0b --- /dev/null +++ b/gnu/packages/patches/glib-respect-datadir.patch @@ -0,0 +1,21 @@ +On Guix, Python modules are in a different output from the executables, +so searching "../share/glib-2.0" will not work. + +This patch restores behaviour prior to this commit: +<https://git.gnome.org/browse/glib/commit/?id=fe2a9887a8ccb14f2386e01b14834e97a33bc2d7> + +--- a/gio/gdbus-2.0/codegen/gdbus-codegen.in ++++ b/gio/gdbus-2.0/codegen/gdbus-codegen.in +@@ -25,9 +25,12 @@ + + srcdir = os.getenv('UNINSTALLED_GLIB_SRCDIR', None) + filedir = os.path.dirname(__file__) ++datadir = os.path.join('@datadir@', 'glib-2.0') + + if srcdir is not None: + path = os.path.join(srcdir, 'gio', 'gdbus-2.0') ++elif os.path.exists(os.path.join(datadir, 'codegen')): ++ path = datadir + elif os.path.basename(filedir) == 'bin': + # Make the prefix containing gdbus-codegen 'relocatable' at runtime by + # adding /some/prefix/bin/../share/glib-2.0 to the python path diff --git a/gnu/packages/patches/grep-gnulib-lock.patch b/gnu/packages/patches/grep-gnulib-lock.patch deleted file mode 100644 index 68c33f1031..0000000000 --- a/gnu/packages/patches/grep-gnulib-lock.patch +++ /dev/null @@ -1,32 +0,0 @@ -This patch fix error on 'gnulib' library required to build -'grep' package on GNU/Hurd. -The patch was adapted from upstream source repository: -'<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=4084b3a1094372b960ce4a97634e08f4538c8bdd>' - -Commit: 4084b3a1094372b960ce4a97634e08f4538c8bdd - -diff --git a/lib/glthread/lock.c b/lib/glthread/lock.c -index 061562b..afc86f4 100644 ---- a/lib/glthread/lock.c -+++ b/lib/glthread/lock.c -@@ -30,7 +30,7 @@ - - /* ------------------------- gl_rwlock_t datatype ------------------------- */ - --# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) -+# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) - - # ifdef PTHREAD_RWLOCK_INITIALIZER - -diff --git a/lib/glthread/lock.h b/lib/glthread/lock.h -index ec16d39..67932aa 100644 ---- a/lib/glthread/lock.h -+++ b/lib/glthread/lock.h -@@ -179,7 +179,7 @@ typedef pthread_mutex_t gl_lock_t; - - /* ------------------------- gl_rwlock_t datatype ------------------------- */ - --# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) -+# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) - - # ifdef PTHREAD_RWLOCK_INITIALIZER diff --git a/gnu/packages/patches/icu4c-CVE-2017-14952.patch b/gnu/packages/patches/icu4c-CVE-2017-14952.patch deleted file mode 100644 index 564f69d01d..0000000000 --- a/gnu/packages/patches/icu4c-CVE-2017-14952.patch +++ /dev/null @@ -1,18 +0,0 @@ -Fix CVE-2017-14952: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952 - -Patch copied from upstream source repository: - -http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0 - -Index: trunk/icu4c/source/i18n/zonemeta.cpp -=================================================================== ---- icu/source/i18n/zonemeta.cpp (revision 40283) -+++ icu/source/i18n/zonemeta.cpp (revision 40324) -@@ -691,5 +691,4 @@ - if (U_FAILURE(status)) { - delete mzMappings; -- deleteOlsonToMetaMappingEntry(entry); - uprv_free(entry); - break; diff --git a/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch b/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch deleted file mode 100644 index 4db8f27998..0000000000 --- a/gnu/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch +++ /dev/null @@ -1,164 +0,0 @@ -Fix CVE-2017-7867 and CVE-2017-7868: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868 - -Patch copied from upstream source repository: - -http://bugs.icu-project.org/trac/changeset/39671 - -Index: icu/source/common/utext.cpp -=================================================================== ---- icu/source/common/utext.cpp (revision 39670) -+++ icu/source/common/utext.cpp (revision 39671) -@@ -848,7 +848,13 @@ - - // Chunk size. --// Must be less than 85, because of byte mapping from UChar indexes to native indexes. --// Worst case is three native bytes to one UChar. (Supplemenaries are 4 native bytes --// to two UChars.) -+// Must be less than 42 (256/6), because of byte mapping from UChar indexes to native indexes. -+// Worst case there are six UTF-8 bytes per UChar. -+// obsolete 6 byte form fd + 5 trails maps to fffd -+// obsolete 5 byte form fc + 4 trails maps to fffd -+// non-shortest 4 byte forms maps to fffd -+// normal supplementaries map to a pair of utf-16, two utf8 bytes per utf-16 unit -+// mapToUChars array size must allow for the worst case, 6. -+// This could be brought down to 4, by treating fd and fc as pure illegal, -+// rather than obsolete lead bytes. But that is not compatible with the utf-8 access macros. - // - enum { UTF8_TEXT_CHUNK_SIZE=32 }; -@@ -890,5 +896,5 @@ - // one for a supplementary starting in the last normal position, - // and one for an entry for the buffer limit position. -- uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*3+6]; // Map native offset from bufNativeStart to -+ uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*6+6]; // Map native offset from bufNativeStart to - // correspoding offset in filled part of buf. - int32_t align; -@@ -1033,4 +1039,5 @@ - u8b = (UTF8Buf *)ut->p; // the current buffer - mapIndex = ix - u8b->toUCharsMapStart; -+ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars)); - ut->chunkOffset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx; - return TRUE; -@@ -1299,4 +1306,8 @@ - // If index is at the end, there is no character there to look at. - if (ix != ut->b) { -+ // Note: this function will only move the index back if it is on a trail byte -+ // and there is a preceding lead byte and the sequence from the lead -+ // through this trail could be part of a valid UTF-8 sequence -+ // Otherwise the index remains unchanged. - U8_SET_CP_START(s8, 0, ix); - } -@@ -1312,5 +1323,8 @@ - uint8_t *mapToNative = u8b->mapToNative; - uint8_t *mapToUChars = u8b->mapToUChars; -- int32_t toUCharsMapStart = ix - (UTF8_TEXT_CHUNK_SIZE*3 + 1); -+ int32_t toUCharsMapStart = ix - sizeof(UTF8Buf::mapToUChars) + 1; -+ // Note that toUCharsMapStart can be negative. Happens when the remaining -+ // text from current position to the beginning is less than the buffer size. -+ // + 1 because mapToUChars must have a slot at the end for the bufNativeLimit entry. - int32_t destIx = UTF8_TEXT_CHUNK_SIZE+2; // Start in the overflow region - // at end of buffer to leave room -@@ -1339,4 +1353,5 @@ - // Special case ASCII range for speed. - buf[destIx] = (UChar)c; -+ U_ASSERT(toUCharsMapStart <= srcIx); - mapToUChars[srcIx - toUCharsMapStart] = (uint8_t)destIx; - mapToNative[destIx] = (uint8_t)(srcIx - toUCharsMapStart); -@@ -1368,4 +1383,5 @@ - mapToUChars[sIx-- - toUCharsMapStart] = (uint8_t)destIx; - } while (sIx >= srcIx); -+ U_ASSERT(toUCharsMapStart <= (srcIx+1)); - - // Set native indexing limit to be the current position. -@@ -1542,4 +1558,5 @@ - U_ASSERT(index<=ut->chunkNativeLimit); - int32_t mapIndex = index - u8b->toUCharsMapStart; -+ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars)); - int32_t offset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx; - U_ASSERT(offset>=0 && offset<=ut->chunkLength); -Index: icu/source/test/intltest/utxttest.cpp -=================================================================== ---- icu/source/test/intltest/utxttest.cpp (revision 39670) -+++ icu/source/test/intltest/utxttest.cpp (revision 39671) -@@ -68,4 +68,6 @@ - case 7: name = "Ticket12130"; - if (exec) Ticket12130(); break; -+ case 8: name = "Ticket12888"; -+ if (exec) Ticket12888(); break; - default: name = ""; break; - } -@@ -1584,2 +1586,62 @@ - utext_close(&ut); - } -+ -+// Ticket 12888: bad handling of illegal utf-8 containing many instances of the archaic, now illegal, -+// six byte utf-8 forms. Original implementation had an assumption that -+// there would be at most three utf-8 bytes per UTF-16 code unit. -+// The five and six byte sequences map to a single replacement character. -+ -+void UTextTest::Ticket12888() { -+ const char *badString = -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80" -+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"; -+ -+ UErrorCode status = U_ZERO_ERROR; -+ LocalUTextPointer ut(utext_openUTF8(NULL, badString, -1, &status)); -+ TEST_SUCCESS(status); -+ for (;;) { -+ UChar32 c = utext_next32(ut.getAlias()); -+ if (c == U_SENTINEL) { -+ break; -+ } -+ } -+ int32_t endIdx = utext_getNativeIndex(ut.getAlias()); -+ if (endIdx != (int32_t)strlen(badString)) { -+ errln("%s:%d expected=%d, actual=%d", __FILE__, __LINE__, strlen(badString), endIdx); -+ return; -+ } -+ -+ for (int32_t prevIndex = endIdx; prevIndex>0;) { -+ UChar32 c = utext_previous32(ut.getAlias()); -+ int32_t currentIndex = utext_getNativeIndex(ut.getAlias()); -+ if (c != 0xfffd) { -+ errln("%s:%d (expected, actual, index) = (%d, %d, %d)\n", -+ __FILE__, __LINE__, 0xfffd, c, currentIndex); -+ break; -+ } -+ if (currentIndex != prevIndex - 6) { -+ errln("%s:%d: wrong index. Expected, actual = %d, %d", -+ __FILE__, __LINE__, prevIndex - 6, currentIndex); -+ break; -+ } -+ prevIndex = currentIndex; -+ } -+} -Index: icu/source/test/intltest/utxttest.h -=================================================================== ---- icu/source/test/intltest/utxttest.h (revision 39670) -+++ icu/source/test/intltest/utxttest.h (revision 39671) -@@ -39,4 +39,5 @@ - void Ticket10983(); - void Ticket12130(); -+ void Ticket12888(); - - private: diff --git a/gnu/packages/patches/icu4c-reset-keyword-list-iterator.patch b/gnu/packages/patches/icu4c-reset-keyword-list-iterator.patch deleted file mode 100644 index 17970aa4a8..0000000000 --- a/gnu/packages/patches/icu4c-reset-keyword-list-iterator.patch +++ /dev/null @@ -1,130 +0,0 @@ -Copied from upstream: http://bugs.icu-project.org/trac/changeset/39484/. - -Fixes <http://bugs.gnu.org/26462> (crashes). - -Paths and line endings have been adapted. - -Index: icu/source/common/ulist.c -=================================================================== ---- icu/source/common/ulist.c (revision 39483) -+++ icu/source/common/ulist.c (revision 39484) -@@ -30,5 +30,4 @@ - - int32_t size; -- int32_t currentIndex; - }; - -@@ -52,5 +51,4 @@ - newList->tail = NULL; - newList->size = 0; -- newList->currentIndex = -1; - - return newList; -@@ -81,6 +79,7 @@ - p->next->previous = p->previous; - } -- list->curr = NULL; -- list->currentIndex = 0; -+ if (p == list->curr) { -+ list->curr = p->next; -+ } - --list->size; - if (p->forceDelete) { -@@ -151,5 +150,4 @@ - list->head->previous = newItem; - list->head = newItem; -- list->currentIndex++; - } - -@@ -194,5 +192,4 @@ - curr = list->curr; - list->curr = curr->next; -- list->currentIndex++; - - return curr->data; -@@ -210,5 +207,4 @@ - if (list != NULL) { - list->curr = list->head; -- list->currentIndex = 0; - } - } -@@ -273,3 +269,2 @@ - return (UList *)(en->context); - } -- -Index: icu/source/i18n/ucol_res.cpp -=================================================================== ---- icu/source/i18n/ucol_res.cpp (revision 39483) -+++ icu/source/i18n/ucol_res.cpp (revision 39484) -@@ -681,4 +681,5 @@ - } - memcpy(en, &defaultKeywordValues, sizeof(UEnumeration)); -+ ulist_resetList(sink.values); // Initialize the iterator. - en->context = sink.values; - sink.values = NULL; // Avoid deletion in the sink destructor. -Index: icu/source/test/intltest/apicoll.cpp -=================================================================== ---- icu/source/test/intltest/apicoll.cpp (revision 39483) -+++ icu/source/test/intltest/apicoll.cpp (revision 39484) -@@ -82,14 +82,7 @@ - col = Collator::createInstance(Locale::getEnglish(), success); - if (U_FAILURE(success)){ -- errcheckln(success, "Default Collator creation failed. - %s", u_errorName(success)); -- return; -- } -- -- StringEnumeration* kwEnum = col->getKeywordValuesForLocale("", Locale::getEnglish(),true,success); -- if (U_FAILURE(success)){ -- errcheckln(success, "Get Keyword Values for Locale failed. - %s", u_errorName(success)); -- return; -- } -- delete kwEnum; -+ errcheckln(success, "English Collator creation failed. - %s", u_errorName(success)); -+ return; -+ } - - col->getVersion(versionArray); -@@ -230,4 +223,27 @@ - delete aFrCol; - delete junk; -+} -+ -+void CollationAPITest::TestKeywordValues() { -+ IcuTestErrorCode errorCode(*this, "TestKeywordValues"); -+ LocalPointer<Collator> col(Collator::createInstance(Locale::getEnglish(), errorCode)); -+ if (errorCode.logIfFailureAndReset("English Collator creation failed")) { -+ return; -+ } -+ -+ LocalPointer<StringEnumeration> kwEnum( -+ col->getKeywordValuesForLocale("collation", Locale::getEnglish(), TRUE, errorCode)); -+ if (errorCode.logIfFailureAndReset("Get Keyword Values for English Collator failed")) { -+ return; -+ } -+ assertTrue("expect at least one collation tailoring for English", kwEnum->count(errorCode) > 0); -+ const char *kw; -+ UBool hasStandard = FALSE; -+ while ((kw = kwEnum->next(NULL, errorCode)) != NULL) { -+ if (strcmp(kw, "standard") == 0) { -+ hasStandard = TRUE; -+ } -+ } -+ assertTrue("expect at least the 'standard' collation tailoring for English", hasStandard); - } - -@@ -2467,4 +2483,5 @@ - TESTCASE_AUTO_BEGIN; - TESTCASE_AUTO(TestProperty); -+ TESTCASE_AUTO(TestKeywordValues); - TESTCASE_AUTO(TestOperators); - TESTCASE_AUTO(TestDuplicate); -Index: icu/source/test/intltest/apicoll.h -=================================================================== ---- icu/source/test/intltest/apicoll.h (revision 39483) -+++ icu/source/test/intltest/apicoll.h (revision 39484) -@@ -36,4 +36,5 @@ - */ - void TestProperty(/* char* par */); -+ void TestKeywordValues(); - - /** diff --git a/gnu/packages/patches/jbig2dec-CVE-2016-9601.patch b/gnu/packages/patches/jbig2dec-CVE-2016-9601.patch deleted file mode 100644 index f45209068f..0000000000 --- a/gnu/packages/patches/jbig2dec-CVE-2016-9601.patch +++ /dev/null @@ -1,906 +0,0 @@ -Fix CVE-2016-9601: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9601 -https://bugs.ghostscript.com/show_bug.cgi?id=697457 - -Patch copied from upstream source repository: - -http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092 - -From e698d5c11d27212aa1098bc5b1673a3378563092 Mon Sep 17 00:00:00 2001 -From: Robin Watts <robin.watts@artifex.com> -Date: Mon, 12 Dec 2016 17:47:17 +0000 -Subject: [PATCH] Squash signed/unsigned warnings in MSVC jbig2 build. - -Also rename "new" to "new_dict", because "new" is a bad -variable name. ---- - jbig2.c | 4 +-- - jbig2.h | 8 +++--- - jbig2_generic.c | 2 +- - jbig2_halftone.c | 24 ++++++++---------- - jbig2_huffman.c | 10 ++++---- - jbig2_huffman.h | 2 +- - jbig2_image.c | 32 +++++++++++------------ - jbig2_mmr.c | 66 +++++++++++++++++++++++++----------------------- - jbig2_page.c | 6 ++--- - jbig2_priv.h | 4 +-- - jbig2_segment.c | 10 ++++---- - jbig2_symbol_dict.c | 73 +++++++++++++++++++++++++++-------------------------- - jbig2_symbol_dict.h | 6 ++--- - jbig2_text.c | 16 ++++++------ - jbig2_text.h | 2 +- - 15 files changed, 134 insertions(+), 131 deletions(-) - -diff --git a/jbig2.c b/jbig2.c -index f729e29..e51380f 100644 ---- a/jbig2.c -+++ b/jbig2.c -@@ -379,7 +379,7 @@ typedef struct { - } Jbig2WordStreamBuf; - - static int --jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t *word) -+jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, size_t offset, uint32_t *word) - { - Jbig2WordStreamBuf *z = (Jbig2WordStreamBuf *) self; - const byte *data = z->data; -@@ -390,7 +390,7 @@ jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t - else if (offset > z->size) - return -1; - else { -- int i; -+ size_t i; - - result = 0; - for (i = 0; i < z->size - offset; i++) -diff --git a/jbig2.h b/jbig2.h -index d5aa52f..624e0ed 100644 ---- a/jbig2.h -+++ b/jbig2.h -@@ -56,17 +56,19 @@ typedef struct _Jbig2SymbolDictionary Jbig2SymbolDictionary; - */ - - struct _Jbig2Image { -- int width, height, stride; -+ uint32_t width; -+ uint32_t height; -+ uint32_t stride; - uint8_t *data; - int refcount; - }; - --Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, int width, int height); -+Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height); - Jbig2Image *jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image); - void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image); - void jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image); - void jbig2_image_clear(Jbig2Ctx *ctx, Jbig2Image *image, int value); --Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height); -+Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height); - - /* errors are returned from the library via a callback. If no callback - is provided (a NULL argument is passed ot jbig2_ctx_new) a default -diff --git a/jbig2_generic.c b/jbig2_generic.c -index 02fdbfb..9656198 100644 ---- a/jbig2_generic.c -+++ b/jbig2_generic.c -@@ -718,7 +718,7 @@ jbig2_immediate_generic_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte - byte seg_flags; - int8_t gbat[8]; - int offset; -- int gbat_bytes = 0; -+ uint32_t gbat_bytes = 0; - Jbig2GenericRegionParams params; - int code = 0; - Jbig2Image *image = NULL; -diff --git a/jbig2_halftone.c b/jbig2_halftone.c -index aeab576..acfbc56 100644 ---- a/jbig2_halftone.c -+++ b/jbig2_halftone.c -@@ -257,8 +257,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, - { - uint8_t **GSVALS = NULL; - size_t consumed_bytes = 0; -- int i, j, code, stride; -- int x, y; -+ uint32_t i, j, stride, x, y; -+ int code; - Jbig2Image **GSPLANES; - Jbig2GenericRegionParams rparams; - Jbig2WordStream *ws = NULL; -@@ -276,9 +276,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, - if (GSPLANES[i] == NULL) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %dx%d image for GSPLANES", GSW, GSH); - /* free already allocated */ -- for (j = i - 1; j >= 0; --j) { -- jbig2_image_release(ctx, GSPLANES[j]); -- } -+ for (j = i; j > 0;) -+ jbig2_image_release(ctx, GSPLANES[--j]); - jbig2_free(ctx->allocator, GSPLANES); - return NULL; - } -@@ -323,9 +322,10 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, - } - - /* C.5 step 2. Set j = GSBPP-2 */ -- j = GSBPP - 2; -+ j = GSBPP - 1; - /* C.5 step 3. decode loop */ -- while (j >= 0) { -+ while (j > 0) { -+ j--; - /* C.5 step 3. (a) */ - if (GSMMR) { - code = jbig2_decode_halftone_mmr(ctx, &rparams, data + consumed_bytes, size - consumed_bytes, GSPLANES[j], &consumed_bytes); -@@ -345,7 +345,6 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, - GSPLANES[j]->data[i] ^= GSPLANES[j + 1]->data[i]; - - /* C.5 step 3. (c) */ -- --j; - } - - /* allocate GSVALS */ -@@ -359,9 +358,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment, - if (GSVALS[i] == NULL) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate GSVALS: %d bytes", GSH * GSW); - /* free already allocated */ -- for (j = i - 1; j >= 0; --j) { -- jbig2_free(ctx->allocator, GSVALS[j]); -- } -+ for (j = i; j > 0;) -+ jbig2_free(ctx->allocator, GSVALS[--j]); - jbig2_free(ctx->allocator, GSVALS); - GSVALS = NULL; - goto cleanup; -@@ -450,7 +448,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, - uint8_t **GI; - Jbig2Image *HSKIP = NULL; - Jbig2PatternDict *HPATS; -- int i; -+ uint32_t i; - uint32_t mg, ng; - int32_t x, y; - uint8_t gray_val; -@@ -476,7 +474,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, - - /* calculate ceil(log2(HNUMPATS)) */ - HBPP = 0; -- while (HNUMPATS > (1 << ++HBPP)); -+ while (HNUMPATS > (1U << ++HBPP)); - - /* 6.6.5 point 4. decode gray-scale image as mentioned in annex C */ - GI = jbig2_decode_gray_scale_image(ctx, segment, data, size, -diff --git a/jbig2_huffman.c b/jbig2_huffman.c -index 4521b48..f77981b 100644 ---- a/jbig2_huffman.c -+++ b/jbig2_huffman.c -@@ -47,16 +47,16 @@ struct _Jbig2HuffmanState { - is (offset + 4) * 8. */ - uint32_t this_word; - uint32_t next_word; -- int offset_bits; -- int offset; -- int offset_limit; -+ uint32_t offset_bits; -+ uint32_t offset; -+ uint32_t offset_limit; - - Jbig2WordStream *ws; - Jbig2Ctx *ctx; - }; - - static uint32_t --huff_get_next_word(Jbig2HuffmanState *hs, int offset) -+huff_get_next_word(Jbig2HuffmanState *hs, uint32_t offset) - { - uint32_t word = 0; - Jbig2WordStream *ws = hs->ws; -@@ -213,7 +213,7 @@ jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset) - /* return the offset of the huffman decode pointer (in bytes) - * from the beginning of the WordStream - */ --int -+uint32_t - jbig2_huffman_offset(Jbig2HuffmanState *hs) - { - return hs->offset + (hs->offset_bits >> 3); -diff --git a/jbig2_huffman.h b/jbig2_huffman.h -index 5d1e6e0..cfda9e0 100644 ---- a/jbig2_huffman.h -+++ b/jbig2_huffman.h -@@ -64,7 +64,7 @@ void jbig2_huffman_skip(Jbig2HuffmanState *hs); - - void jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset); - --int jbig2_huffman_offset(Jbig2HuffmanState *hs); -+uint32_t jbig2_huffman_offset(Jbig2HuffmanState *hs); - - int32_t jbig2_huffman_get(Jbig2HuffmanState *hs, const Jbig2HuffmanTable *table, bool *oob); - -diff --git a/jbig2_image.c b/jbig2_image.c -index 1ae614e..94e5a4c 100644 ---- a/jbig2_image.c -+++ b/jbig2_image.c -@@ -32,10 +32,10 @@ - - /* allocate a Jbig2Image structure and its associated bitmap */ - Jbig2Image * --jbig2_image_new(Jbig2Ctx *ctx, int width, int height) -+jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height) - { - Jbig2Image *image; -- int stride; -+ uint32_t stride; - int64_t check; - - image = jbig2_new(ctx, Jbig2Image, 1); -@@ -99,7 +99,7 @@ jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image) - - /* resize a Jbig2Image */ - Jbig2Image * --jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height) -+jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height) - { - if (width == image->width) { - /* check for integer multiplication overflow */ -@@ -133,11 +133,11 @@ jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height) - static int - jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op) - { -- int i, j; -- int sw = src->width; -- int sh = src->height; -- int sx = 0; -- int sy = 0; -+ uint32_t i, j; -+ uint32_t sw = src->width; -+ uint32_t sh = src->height; -+ uint32_t sx = 0; -+ uint32_t sy = 0; - - /* clip to the dst image boundaries */ - if (x < 0) { -@@ -200,10 +200,10 @@ jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x - int - jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op) - { -- int i, j; -- int w, h; -- int leftbyte, rightbyte; -- int shift; -+ uint32_t i, j; -+ uint32_t w, h; -+ uint32_t leftbyte, rightbyte; -+ uint32_t shift; - uint8_t *s, *ss; - uint8_t *d, *dd; - uint8_t mask, rightmask; -@@ -226,8 +226,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int - h += y; - y = 0; - } -- w = (x + w < dst->width) ? w : dst->width - x; -- h = (y + h < dst->height) ? h : dst->height - y; -+ w = ((uint32_t)x + w < dst->width) ? w : ((dst->width >= (uint32_t)x) ? dst->width - (uint32_t)x : 0); -+ h = ((uint32_t)y + h < dst->height) ? h : ((dst->height >= (uint32_t)y) ? dst->height - (uint32_t)y : 0); - #ifdef JBIG2_DEBUG - jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "compositing %dx%d at (%d, %d) after clipping\n", w, h, x, y); - #endif -@@ -249,8 +249,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int - } - #endif - -- leftbyte = x >> 3; -- rightbyte = (x + w - 1) >> 3; -+ leftbyte = (uint32_t)x >> 3; -+ rightbyte = ((uint32_t)x + w - 1) >> 3; - shift = x & 7; - - /* general OR case */ -diff --git a/jbig2_mmr.c b/jbig2_mmr.c -index d4cd3a2..390e27c 100644 ---- a/jbig2_mmr.c -+++ b/jbig2_mmr.c -@@ -38,19 +38,21 @@ - #include "jbig2_mmr.h" - - typedef struct { -- int width; -- int height; -+ uint32_t width; -+ uint32_t height; - const byte *data; - size_t size; -- int data_index; -- int bit_index; -+ uint32_t data_index; -+ uint32_t bit_index; - uint32_t word; - } Jbig2MmrCtx; - -+#define MINUS1 ((uint32_t)-1) -+ - static void - jbig2_decode_mmr_init(Jbig2MmrCtx *mmr, int width, int height, const byte *data, size_t size) - { -- int i; -+ size_t i; - uint32_t word = 0; - - mmr->width = width; -@@ -732,14 +734,14 @@ const mmr_table_node jbig2_mmr_black_decode[] = { - #define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 ) - - static int --jbig2_find_changing_element(const byte *line, int x, int w) -+jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w) - { - int a, b; - - if (line == 0) -- return w; -+ return (int)w; - -- if (x == -1) { -+ if (x == MINUS1) { - a = 0; - x = 0; - } else { -@@ -758,7 +760,7 @@ jbig2_find_changing_element(const byte *line, int x, int w) - } - - static int --jbig2_find_changing_element_of_color(const byte *line, int x, int w, int color) -+jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color) - { - if (line == 0) - return w; -@@ -772,9 +774,9 @@ static const byte lm[8] = { 0xFF, 0x7F, 0x3F, 0x1F, 0x0F, 0x07, 0x03, 0x01 }; - static const byte rm[8] = { 0x00, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE }; - - static void --jbig2_set_bits(byte *line, int x0, int x1) -+jbig2_set_bits(byte *line, uint32_t x0, uint32_t x1) - { -- int a0, a1, b0, b1, a; -+ uint32_t a0, a1, b0, b1, a; - - a0 = x0 >> 3; - a1 = x1 >> 3; -@@ -831,8 +833,8 @@ jbig2_decode_get_run(Jbig2MmrCtx *mmr, const mmr_table_node *table, int initial_ - static int - jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - { -- int a0 = -1; -- int a1, a2, b1, b2; -+ uint32_t a0 = MINUS1; -+ uint32_t a1, a2, b1, b2; - int c = 0; /* 0 is white, black is 1 */ - - while (1) { -@@ -840,7 +842,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - - /* printf ("%08x\n", word); */ - -- if (a0 >= mmr->width) -+ if (a0 != MINUS1 && a0 >= mmr->width) - break; - - if ((word >> (32 - 3)) == 1) { -@@ -848,7 +850,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - - jbig2_decode_mmr_consume(mmr, 3); - -- if (a0 == -1) -+ if (a0 == MINUS1) - a0 = 0; - - if (c == 0) { -@@ -860,7 +862,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - a1 = mmr->width; - if (a2 > mmr->width) - a2 = mmr->width; -- if (a2 < a1 || a1 < 0) -+ if (a1 == MINUS1 || a2 < a1) - return -1; - jbig2_set_bits(dst, a1, a2); - a0 = a2; -@@ -874,7 +876,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - a1 = mmr->width; - if (a2 > mmr->width) - a2 = mmr->width; -- if (a1 < a0 || a0 < 0) -+ if (a0 == MINUS1 || a1 < a0) - return -1; - jbig2_set_bits(dst, a0, a1); - a0 = a2; -@@ -888,7 +890,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); - b2 = jbig2_find_changing_element(ref, b1, mmr->width); - if (c) { -- if (b2 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b2 < a0) - return -1; - jbig2_set_bits(dst, a0, b2); - } -@@ -900,7 +902,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - jbig2_decode_mmr_consume(mmr, 1); - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); - if (c) { -- if (b1 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 < a0) - return -1; - jbig2_set_bits(dst, a0, b1); - } -@@ -915,7 +917,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - if (b1 + 1 > mmr->width) - break; - if (c) { -- if (b1 + 1 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 + 1 < a0) - return -1; - jbig2_set_bits(dst, a0, b1 + 1); - } -@@ -930,7 +932,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - if (b1 + 2 > mmr->width) - break; - if (c) { -- if (b1 + 2 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 + 2 < a0) - return -1; - jbig2_set_bits(dst, a0, b1 + 2); - } -@@ -942,10 +944,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - /* printf ("VR(3)\n"); */ - jbig2_decode_mmr_consume(mmr, 7); - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); -- if (b1 + 3 > mmr->width) -+ if (b1 + 3 > (int)mmr->width) - break; - if (c) { -- if (b1 + 3 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 + 3 < a0) - return -1; - jbig2_set_bits(dst, a0, b1 + 3); - } -@@ -957,10 +959,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - /* printf ("VL(1)\n"); */ - jbig2_decode_mmr_consume(mmr, 3); - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); -- if (b1 - 1 < 0) -+ if (b1 < 1) - break; - if (c) { -- if (b1 - 1 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 - 1 < a0) - return -1; - jbig2_set_bits(dst, a0, b1 - 1); - } -@@ -972,7 +974,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - /* printf ("VL(2)\n"); */ - jbig2_decode_mmr_consume(mmr, 6); - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); -- if (b1 - 2 < 0) -+ if (b1 < 2) - break; - if (c) { - if (b1 - 2 < a0 || a0 < 0) -@@ -987,10 +989,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - /* printf ("VL(3)\n"); */ - jbig2_decode_mmr_consume(mmr, 7); - b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c); -- if (b1 - 3 < 0) -+ if (b1 < 3) - break; - if (c) { -- if (b1 - 3 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 - 3 < a0) - return -1; - jbig2_set_bits(dst, a0, b1 - 3); - } -@@ -1009,10 +1011,10 @@ int - jbig2_decode_generic_mmr(Jbig2Ctx *ctx, Jbig2Segment *segment, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image) - { - Jbig2MmrCtx mmr; -- const int rowstride = image->stride; -+ const uint32_t rowstride = image->stride; - byte *dst = image->data; - byte *ref = NULL; -- int y; -+ uint32_t y; - int code = 0; - - jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size); -@@ -1047,10 +1049,10 @@ int - jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image, size_t *consumed_bytes) - { - Jbig2MmrCtx mmr; -- const int rowstride = image->stride; -+ const uint32_t rowstride = image->stride; - byte *dst = image->data; - byte *ref = NULL; -- int y; -+ uint32_t y; - int code = 0; - const uint32_t EOFB = 0x001001; - -diff --git a/jbig2_page.c b/jbig2_page.c -index 110ff7c..1ed1c8a 100644 ---- a/jbig2_page.c -+++ b/jbig2_page.c -@@ -155,9 +155,9 @@ int - jbig2_end_of_stripe(Jbig2Ctx *ctx, Jbig2Segment *segment, const uint8_t *segment_data) - { - Jbig2Page page = ctx->pages[ctx->current_page]; -- int end_row; -+ uint32_t end_row; - -- end_row = jbig2_get_int32(segment_data); -+ end_row = jbig2_get_uint32(segment_data); - if (end_row < page.end_row) { - jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, - "end of stripe segment with non-positive end row advance" " (new end row %d vs current end row %d)", end_row, page.end_row); -@@ -248,7 +248,7 @@ jbig2_page_add_result(Jbig2Ctx *ctx, Jbig2Page *page, Jbig2Image *image, int x, - - /* grow the page to accomodate a new stripe if necessary */ - if (page->striped) { -- int new_height = y + image->height + page->end_row; -+ uint32_t new_height = y + image->height + page->end_row; - - if (page->image->height < new_height) { - jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %d rows " "to accomodate new stripe", new_height); -diff --git a/jbig2_priv.h b/jbig2_priv.h -index 42ba496..3d44b42 100644 ---- a/jbig2_priv.h -+++ b/jbig2_priv.h -@@ -132,7 +132,7 @@ struct _Jbig2Page { - uint32_t x_resolution, y_resolution; /* in pixels per meter */ - uint16_t stripe_size; - bool striped; -- int end_row; -+ uint32_t end_row; - uint8_t flags; - Jbig2Image *image; - }; -@@ -182,7 +182,7 @@ int jbig2_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segm - typedef struct _Jbig2WordStream Jbig2WordStream; - - struct _Jbig2WordStream { -- int (*get_next_word)(Jbig2WordStream *self, int offset, uint32_t *word); -+ int (*get_next_word)(Jbig2WordStream *self, size_t offset, uint32_t *word); - }; - - Jbig2WordStream *jbig2_word_stream_buf_new(Jbig2Ctx *ctx, const byte *data, size_t size); -diff --git a/jbig2_segment.c b/jbig2_segment.c -index 2e0db67..5b63706 100644 ---- a/jbig2_segment.c -+++ b/jbig2_segment.c -@@ -39,10 +39,10 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t - uint8_t rtscarf; - uint32_t rtscarf_long; - uint32_t *referred_to_segments; -- int referred_to_segment_count; -- int referred_to_segment_size; -- int pa_size; -- int offset; -+ uint32_t referred_to_segment_count; -+ uint32_t referred_to_segment_size; -+ uint32_t pa_size; -+ uint32_t offset; - - /* minimum possible size of a jbig2 segment header */ - if (buf_size < 11) -@@ -83,7 +83,7 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t - - /* 7.2.5 */ - if (referred_to_segment_count) { -- int i; -+ uint32_t i; - - referred_to_segments = jbig2_new(ctx, uint32_t, referred_to_segment_count * referred_to_segment_size); - if (referred_to_segments == NULL) { -diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c -index 2c71a4c..11a2252 100644 ---- a/jbig2_symbol_dict.c -+++ b/jbig2_symbol_dict.c -@@ -88,40 +88,40 @@ jbig2_dump_symbol_dict(Jbig2Ctx *ctx, Jbig2Segment *segment) - - /* return a new empty symbol dict */ - Jbig2SymbolDict * --jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols) -+jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols) - { -- Jbig2SymbolDict *new = NULL; -+ Jbig2SymbolDict *new_dict = NULL; - - if (n_symbols < 0) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols); - return NULL; - } - -- new = jbig2_new(ctx, Jbig2SymbolDict, 1); -- if (new != NULL) { -- new->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols); -- new->n_symbols = n_symbols; -+ new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1); -+ if (new_dict != NULL) { -+ new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols); -+ new_dict->n_symbols = n_symbols; - } else { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate new empty symbol dict"); - return NULL; - } - -- if (new->glyphs != NULL) { -- memset(new->glyphs, 0, n_symbols * sizeof(Jbig2Image *)); -+ if (new_dict->glyphs != NULL) { -+ memset(new_dict->glyphs, 0, n_symbols * sizeof(Jbig2Image *)); - } else { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate glyphs for new empty symbol dict"); -- jbig2_free(ctx->allocator, new); -+ jbig2_free(ctx->allocator, new_dict); - return NULL; - } - -- return new; -+ return new_dict; - } - - /* release the memory associated with a symbol dict */ - void - jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict) - { -- int i; -+ uint32_t i; - - if (dict == NULL) - return; -@@ -142,12 +142,12 @@ jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id) - } - - /* count the number of dictionary segments referred to by the given segment */ --int -+uint32_t - jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment) - { - int index; - Jbig2Segment *rsegment; -- int n_dicts = 0; -+ uint32_t n_dicts = 0; - - for (index = 0; index < segment->referred_to_segment_count; index++) { - rsegment = jbig2_find_segment(ctx, segment->referred_to_segments[index]); -@@ -166,8 +166,8 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment) - int index; - Jbig2Segment *rsegment; - Jbig2SymbolDict **dicts; -- int n_dicts = jbig2_sd_count_referred(ctx, segment); -- int dindex = 0; -+ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment); -+ uint32_t dindex = 0; - - dicts = jbig2_new(ctx, Jbig2SymbolDict *, n_dicts); - if (dicts == NULL) { -@@ -195,10 +195,10 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment) - /* generate a new symbol dictionary by concatenating a list of - existing dictionaries */ - Jbig2SymbolDict * --jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts) -+jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts) - { -- int i, j, k, symbols; -- Jbig2SymbolDict *new = NULL; -+ uint32_t i, j, k, symbols; -+ Jbig2SymbolDict *new_dict = NULL; - - /* count the imported symbols and allocate a new array */ - symbols = 0; -@@ -206,17 +206,17 @@ jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts) - symbols += dicts[i]->n_symbols; - - /* fill a new array with cloned glyph pointers */ -- new = jbig2_sd_new(ctx, symbols); -- if (new != NULL) { -+ new_dict = jbig2_sd_new(ctx, symbols); -+ if (new_dict != NULL) { - k = 0; - for (i = 0; i < n_dicts; i++) - for (j = 0; j < dicts[i]->n_symbols; j++) -- new->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]); -+ new_dict->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]); - } else { - jbig2_error(ctx, JBIG2_SEVERITY_WARNING, -1, "failed to allocate new symbol dictionary"); - } - -- return new; -+ return new_dict; - } - - /* Decoding routines */ -@@ -431,7 +431,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - - if (REFAGGNINST > 1) { - Jbig2Image *image; -- int i; -+ uint32_t i; - - if (tparams == NULL) { - /* First time through, we need to initialise the */ -@@ -512,7 +512,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - uint32_t ID; - int32_t RDX, RDY; - int BMSIZE = 0; -- int ninsyms = params->SDNUMINSYMS; -+ uint32_t ninsyms = params->SDNUMINSYMS; - int code1 = 0; - int code2 = 0; - int code3 = 0; -@@ -609,8 +609,9 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - if (params->SDHUFF && !params->SDREFAGG) { - /* 6.5.9 */ - Jbig2Image *image; -- int BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code); -- int j, x; -+ uint32_t BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code); -+ uint32_t j; -+ int x; - - if (code || (BMSIZE < 0)) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!"); -@@ -700,22 +701,22 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate symbols exported from symbols dictionary"); - goto cleanup4; - } else { -- int i = 0; -- int j = 0; -- int k; -+ uint32_t i = 0; -+ uint32_t j = 0; -+ uint32_t k; - int exflag = 0; -- int64_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS; -- int32_t exrunlength; -+ uint32_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS; -+ uint32_t exrunlength; - int zerolength = 0; - - while (i < limit) { - if (params->SDHUFF) - exrunlength = jbig2_huffman_get(hs, SBHUFFRSIZE, &code); - else -- code = jbig2_arith_int_decode(IAEX, as, &exrunlength); -+ code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength); - /* prevent infinite loop */ - zerolength = exrunlength > 0 ? 0 : zerolength + 1; -- if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength > params->SDNUMEXSYMS - j))) { -+ if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) { - if (code) - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols"); - else if (exrunlength <= 0) -@@ -797,8 +798,8 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen - { - Jbig2SymbolDictParams params; - uint16_t flags; -- int sdat_bytes; -- int offset; -+ uint32_t sdat_bytes; -+ uint32_t offset; - Jbig2ArithCx *GB_stats = NULL; - Jbig2ArithCx *GR_stats = NULL; - int table_index = 0; -@@ -951,7 +952,7 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen - - /* 7.4.2.2 (2) */ - { -- int n_dicts = jbig2_sd_count_referred(ctx, segment); -+ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment); - Jbig2SymbolDict **dicts = NULL; - - if (n_dicts > 0) { -diff --git a/jbig2_symbol_dict.h b/jbig2_symbol_dict.h -index d56d62d..30211d4 100644 ---- a/jbig2_symbol_dict.h -+++ b/jbig2_symbol_dict.h -@@ -32,18 +32,18 @@ int jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *se - Jbig2Image *jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id); - - /* return a new empty symbol dict */ --Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols); -+Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols); - - /* release the memory associated with a symbol dict */ - void jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict); - - /* generate a new symbol dictionary by concatenating a list of - existing dictionaries */ --Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts); -+Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts); - - /* count the number of dictionary segments referred - to by the given segment */ --int jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment); -+uint32_t jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment); - - /* return an array of pointers to symbol dictionaries referred - to by a segment */ -diff --git a/jbig2_text.c b/jbig2_text.c -index 5c99640..e77460f 100644 ---- a/jbig2_text.c -+++ b/jbig2_text.c -@@ -55,7 +55,7 @@ - int - jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, - const Jbig2TextRegionParams *params, -- const Jbig2SymbolDict *const *dicts, const int n_dicts, -+ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts, - Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws) - { - /* relevent bits of 6.4.4 */ -@@ -476,19 +476,19 @@ cleanup2: - int - jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data) - { -- int offset = 0; -+ uint32_t offset = 0; - Jbig2RegionSegmentInfo region_info; - Jbig2TextRegionParams params; - Jbig2Image *image = NULL; - Jbig2SymbolDict **dicts = NULL; -- int n_dicts = 0; -+ uint32_t n_dicts = 0; - uint16_t flags = 0; - uint16_t huffman_flags = 0; - Jbig2ArithCx *GR_stats = NULL; - int code = 0; - Jbig2WordStream *ws = NULL; - Jbig2ArithState *as = NULL; -- int table_index = 0; -+ uint32_t table_index = 0; - const Jbig2HuffmanParams *huffman_params = NULL; - - /* 7.4.1 */ -@@ -779,7 +779,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data - code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "unable to retrive symbol dictionaries! previous parsing error?"); - goto cleanup1; - } else { -- int index; -+ uint32_t index; - - if (dicts[0] == NULL) { - code = jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "unable to find first referenced symbol dictionary!"); -@@ -823,8 +823,8 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data - } - - if (!params.SBHUFF) { -- int SBSYMCODELEN, index; -- int SBNUMSYMS = 0; -+ uint32_t SBSYMCODELEN, index; -+ uint32_t SBNUMSYMS = 0; - - for (index = 0; index < n_dicts; index++) { - SBNUMSYMS += dicts[index]->n_symbols; -@@ -840,7 +840,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data - } - - /* Table 31 */ -- for (SBSYMCODELEN = 0; (1 << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) { -+ for (SBSYMCODELEN = 0; (1U << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) { - } - params.IAID = jbig2_arith_iaid_ctx_new(ctx, SBSYMCODELEN); - params.IARI = jbig2_arith_int_ctx_new(ctx); -diff --git a/jbig2_text.h b/jbig2_text.h -index aec2732..51d242e 100644 ---- a/jbig2_text.h -+++ b/jbig2_text.h -@@ -70,5 +70,5 @@ typedef struct { - int - jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, - const Jbig2TextRegionParams *params, -- const Jbig2SymbolDict *const *dicts, const int n_dicts, -+ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts, - Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws); --- -2.9.1 - diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch deleted file mode 100644 index a598392765..0000000000 --- a/gnu/packages/patches/jbig2dec-CVE-2017-7885.patch +++ /dev/null @@ -1,38 +0,0 @@ -Fix CVE-2017-7885: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7885 -https://bugs.ghostscript.com/show_bug.cgi?id=697703 - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=258290340bb657c9efb44457f717b0d8b49f4aa3 - -From 258290340bb657c9efb44457f717b0d8b49f4aa3 Mon Sep 17 00:00:00 2001 -From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> -Date: Wed, 3 May 2017 22:06:01 +0100 -Subject: [PATCH] Bug 697703: Prevent integer overflow vulnerability. - -Add extra check for the offset being greater than the size -of the image and hence reading off the end of the buffer. - -Thank you to Dai Ge for finding this issue and suggesting a patch. ---- - jbig2_symbol_dict.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c -index 4acaba9..36225cb 100644 ---- a/jbig2_symbol_dict.c -+++ b/jbig2_symbol_dict.c -@@ -629,7 +629,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - byte *dst = image->data; - - /* SumatraPDF: prevent read access violation */ -- if (size - jbig2_huffman_offset(hs) < image->height * stride) { -+ if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride, - size - jbig2_huffman_offset(hs)); - jbig2_image_release(ctx, image); --- -2.13.0 - diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch deleted file mode 100644 index c83fe9d9f2..0000000000 --- a/gnu/packages/patches/jbig2dec-CVE-2017-7975.patch +++ /dev/null @@ -1,40 +0,0 @@ -Fix CVE-2017-7975: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7975 -https://bugs.ghostscript.com/show_bug.cgi?id=697693 - -Patch copied from upstream source repository: - -https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=f8992b8fe65c170c8624226f127c5c4bfed42c66 - -From f8992b8fe65c170c8624226f127c5c4bfed42c66 Mon Sep 17 00:00:00 2001 -From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> -Date: Wed, 26 Apr 2017 22:12:14 +0100 -Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow. - -While building a Huffman table, the start and end points were susceptible -to integer overflow. - -Thank you to Jiaqi for finding this issue and suggesting a patch. ---- - jbig2_huffman.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/jbig2_huffman.c b/jbig2_huffman.c -index 511e461..b4189a1 100644 ---- a/jbig2_huffman.c -+++ b/jbig2_huffman.c -@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params) - - if (PREFLEN == CURLEN) { - int RANGELEN = lines[CURTEMP].RANGELEN; -- int start_j = CURCODE << shift; -- int end_j = (CURCODE + 1) << shift; -+ uint32_t start_j = CURCODE << shift; -+ uint32_t end_j = (CURCODE + 1) << shift; - byte eflags = 0; - - if (end_j > max_j) { --- -2.13.0 - diff --git a/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch b/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch deleted file mode 100644 index 2fe02358b8..0000000000 --- a/gnu/packages/patches/jbig2dec-CVE-2017-7976.patch +++ /dev/null @@ -1,122 +0,0 @@ -Fix CVE-2017-7976: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7976 -https://bugs.ghostscript.com/show_bug.cgi?id=697683 - -In order to make the bug-fix patch apply, we also include an earlier commit -that it depends on. - -Patches copied from upstream source repository: - -Earlier commit, creating context for the CVE fix: -https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=9d2c4f3bdb0bd003deae788e7187c0f86e624544 - -CVE-2017-7976 bug fix: -https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=cfa054925de49675ac5445515ebf036fa9379ac6 - -From 9d2c4f3bdb0bd003deae788e7187c0f86e624544 Mon Sep 17 00:00:00 2001 -From: Tor Andersson <tor.andersson@artifex.com> -Date: Wed, 14 Dec 2016 15:56:31 +0100 -Subject: [PATCH] Fix warnings: remove unsigned < 0 tests that are always - false. - ---- - jbig2_image.c | 2 +- - jbig2_mmr.c | 2 +- - jbig2_symbol_dict.c | 9 ++------- - 3 files changed, 4 insertions(+), 9 deletions(-) - -diff --git a/jbig2_image.c b/jbig2_image.c -index 94e5a4c..00f966b 100644 ---- a/jbig2_image.c -+++ b/jbig2_image.c -@@ -256,7 +256,7 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int - /* general OR case */ - s = ss; - d = dd = dst->data + y * dst->stride + leftbyte; -- if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) { -+ if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) { - return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose"); - } - if (leftbyte == rightbyte) { -diff --git a/jbig2_mmr.c b/jbig2_mmr.c -index 390e27c..da54934 100644 ---- a/jbig2_mmr.c -+++ b/jbig2_mmr.c -@@ -977,7 +977,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst) - if (b1 < 2) - break; - if (c) { -- if (b1 - 2 < a0 || a0 < 0) -+ if (a0 == MINUS1 || b1 - 2 < a0) - return -1; - jbig2_set_bits(dst, a0, b1 - 2); - } -diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c -index 11a2252..4acaba9 100644 ---- a/jbig2_symbol_dict.c -+++ b/jbig2_symbol_dict.c -@@ -92,11 +92,6 @@ jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols) - { - Jbig2SymbolDict *new_dict = NULL; - -- if (n_symbols < 0) { -- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols); -- return NULL; -- } -- - new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1); - if (new_dict != NULL) { - new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols); -@@ -613,7 +608,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - uint32_t j; - int x; - -- if (code || (BMSIZE < 0)) { -+ if (code) { - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!"); - goto cleanup4; - } -@@ -716,7 +711,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, - code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength); - /* prevent infinite loop */ - zerolength = exrunlength > 0 ? 0 : zerolength + 1; -- if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) { -+ if (code || (exrunlength > limit - i) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) { - if (code) - jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols"); - else if (exrunlength <= 0) --- -2.13.0 - -From cfa054925de49675ac5445515ebf036fa9379ac6 Mon Sep 17 00:00:00 2001 -From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk> -Date: Wed, 10 May 2017 17:50:39 +0100 -Subject: [PATCH] Bug 697683: Bounds check before reading from image source - data. - -Add extra check to prevent reading off the end of the image source -data buffer. - -Thank you to Dai Ge for finding this issue and suggesting a patch. ---- - jbig2_image.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/jbig2_image.c b/jbig2_image.c -index 661d0a5..ae161b9 100644 ---- a/jbig2_image.c -+++ b/jbig2_image.c -@@ -263,7 +263,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int - /* general OR case */ - s = ss; - d = dd = dst->data + y * dst->stride + leftbyte; -- if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) { -+ if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride || -+ s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) { - return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose"); - } - if (leftbyte == rightbyte) { --- -2.13.0 - diff --git a/gnu/packages/patches/jbig2dec-ignore-testtest.patch b/gnu/packages/patches/jbig2dec-ignore-testtest.patch index 1efde8628c..7c80c545e9 100644 --- a/gnu/packages/patches/jbig2dec-ignore-testtest.patch +++ b/gnu/packages/patches/jbig2dec-ignore-testtest.patch @@ -1,8 +1,8 @@ -Do not run the "testtest script", it doesn't seem to do anything and reports -failiute. TODO: Actually fix the test instead of ignoring it. +Do not run the test 'test_jbig2dec.py'. It doesn't seem to do anything +and reports failure. TODO: Actually fix the test instead of ignoring it. diff --git a/Makefile.in b/Makefile.in -index 0573592..1a5de77 100644 +index 63982d4..8af1d61 100644 --- a/Makefile.in +++ b/Makefile.in @@ -93,7 +93,7 @@ host_triplet = @host@ diff --git a/gnu/packages/patches/libtiff-CVE-2016-10688.patch b/gnu/packages/patches/libtiff-CVE-2016-10688.patch deleted file mode 100644 index 1630274c61..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-10688.patch +++ /dev/null @@ -1,92 +0,0 @@ -Fix CVE-2017-10688: - -http://bugzilla.maptools.org/show_bug.cgi?id=2712 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688 -https://security-tracker.debian.org/tracker/CVE-2017-10688 - -Patch lifted from upstream source repository (the changes to 'ChangeLog' -don't apply to the libtiff 4.0.8 release tarball). - -3rd party Git reference: - -https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1 - -2017-06-30 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX() - functions associated with LONG8/SLONG8 data type, replace assertion -that - the file is BigTIFF, by a non-fatal error. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712 - Reported by team OWL337 - - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1259; previous revision: 1.1258 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v <-- -libtiff/tif_dirwrite.c -new revision: 1.86; previous revision: 1.85 - -Index: libtiff/libtiff/tif_dirwrite.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v -retrieving revision 1.85 -retrieving revision 1.86 -diff -u -r1.85 -r1.86 ---- libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 16:09:02 -0000 1.85 -+++ libtiff/libtiff/tif_dirwrite.c 30 Jun 2017 17:29:44 -0000 1.86 -@@ -1,4 +1,4 @@ --/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */ -+/* $Id: tif_dirwrite.c,v 1.86 2017-06-30 17:29:44 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -2111,7 +2111,10 @@ - { - uint64 m; - assert(sizeof(uint64)==8); -- assert(tif->tif_flags&TIFF_BIGTIFF); -+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { -+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF"); -+ return(0); -+ } - m=value; - if (tif->tif_flags&TIFF_SWAB) - TIFFSwabLong8(&m); -@@ -2124,7 +2127,10 @@ - { - assert(count<0x20000000); - assert(sizeof(uint64)==8); -- assert(tif->tif_flags&TIFF_BIGTIFF); -+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { -+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF"); -+ return(0); -+ } - if (tif->tif_flags&TIFF_SWAB) - TIFFSwabArrayOfLong8(value,count); - return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value)); -@@ -2136,7 +2142,10 @@ - { - int64 m; - assert(sizeof(int64)==8); -- assert(tif->tif_flags&TIFF_BIGTIFF); -+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { -+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF"); -+ return(0); -+ } - m=value; - if (tif->tif_flags&TIFF_SWAB) - TIFFSwabLong8((uint64*)(&m)); -@@ -2149,7 +2158,10 @@ - { - assert(count<0x20000000); - assert(sizeof(int64)==8); -- assert(tif->tif_flags&TIFF_BIGTIFF); -+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) { -+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF"); -+ return(0); -+ } - if (tif->tif_flags&TIFF_SWAB) - TIFFSwabArrayOfLong8((uint64*)value,count); - return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value)); diff --git a/gnu/packages/patches/libtiff-CVE-2017-9936.patch b/gnu/packages/patches/libtiff-CVE-2017-9936.patch deleted file mode 100644 index fbdbcd0f0b..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2017-9936.patch +++ /dev/null @@ -1,47 +0,0 @@ -Fix CVE-2017-9936: - -http://bugzilla.maptools.org/show_bug.cgi?id=2706 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936 -https://security-tracker.debian.org/tracker/CVE-2017-9936 - -Patch lifted from upstream source repository (the changes to 'ChangeLog' -don't apply to the libtiff 4.0.8 release tarball). - -3rd party Git reference: - -https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a - -2017-06-26 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_jbig.c: fix memory leak in error code path of -JBIGDecode() - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 - Reported by team OWL337 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1254; previous revision: 1.1253 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v <-- libtiff/tif_jbig.c -new revision: 1.16; previous revision: 1.15 - -Index: libtiff/libtiff/tif_jbig.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v -retrieving revision 1.15 -retrieving revision 1.16 -diff -u -r1.15 -r1.16 ---- libtiff/libtiff/tif_jbig.c 10 Mar 2010 18:56:48 -0000 1.15 -+++ libtiff/libtiff/tif_jbig.c 26 Jun 2017 15:20:00 -0000 1.16 -@@ -1,4 +1,4 @@ --/* $Id: tif_jbig.c,v 1.15 2010-03-10 18:56:48 bfriesen Exp $ */ -+/* $Id: tif_jbig.c,v 1.16 2017-06-26 15:20:00 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -94,6 +94,7 @@ - jbg_strerror(decodeStatus) - #endif - ); -+ jbg_dec_free(&decoder); - return 0; - } - diff --git a/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch b/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch deleted file mode 100644 index 84566ca23e..0000000000 --- a/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch +++ /dev/null @@ -1,201 +0,0 @@ -Fix several bugs in libtiff related to use of TIFFGetField(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2580 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7554 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5318 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095 - -Patch copied from upstream CVS. 3rd-party Git reference: -https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06 - -2017-06-01 Even Rouault <even.rouault at spatialys.com> - -* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(), -and use it in TIFFReadDirectory() so as to ignore fields whose tag is a -codec-specified tag but this codec is not enabled. This avoids TIFFGetField() -to behave differently depending on whether the codec is enabled or not, and -thus can avoid stack based buffer overflows in a number of TIFF utilities -such as tiffsplit, tiffcmp, thumbnail, etc. -Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch -(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog. -Fixes: -http://bugzilla.maptools.org/show_bug.cgi?id=2580 -http://bugzilla.maptools.org/show_bug.cgi?id=2693 -http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) -http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) -http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) -http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) -http://bugzilla.maptools.org/show_bug.cgi?id=2441 -http://bugzilla.maptools.org/show_bug.cgi?id=2433 -Index: libtiff/libtiff/tif_dirread.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v -retrieving revision 1.208 -retrieving revision 1.209 -diff -u -r1.208 -r1.209 ---- libtiff/libtiff/tif_dirread.c 27 Apr 2017 15:46:22 -0000 1.208 -+++ libtiff/libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209 -@@ -1,4 +1,4 @@ --/* $Id: tif_dirread.c,v 1.208 2017-04-27 15:46:22 erouault Exp $ */ -+/* $Id: tif_dirread.c,v 1.209 2017-06-01 12:44:04 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -3580,6 +3580,10 @@ - goto bad; - dp->tdir_tag=IGNORE; - break; -+ default: -+ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) -+ dp->tdir_tag=IGNORE; -+ break; - } - } - } -Index: libtiff/libtiff/tif_dirinfo.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v -retrieving revision 1.126 -retrieving revision 1.127 -diff -u -r1.126 -r1.127 ---- libtiff/libtiff/tif_dirinfo.c 18 Nov 2016 02:52:13 -0000 1.126 -+++ libtiff/libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127 -@@ -1,4 +1,4 @@ --/* $Id: tif_dirinfo.c,v 1.126 2016-11-18 02:52:13 bfriesen Exp $ */ -+/* $Id: tif_dirinfo.c,v 1.127 2017-06-01 12:44:04 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -956,6 +956,109 @@ - return 0; - } - -+int -+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) -+{ -+ /* Filter out non-codec specific tags */ -+ switch (tag) { -+ /* Shared tags */ -+ case TIFFTAG_PREDICTOR: -+ /* JPEG tags */ -+ case TIFFTAG_JPEGTABLES: -+ /* OJPEG tags */ -+ case TIFFTAG_JPEGIFOFFSET: -+ case TIFFTAG_JPEGIFBYTECOUNT: -+ case TIFFTAG_JPEGQTABLES: -+ case TIFFTAG_JPEGDCTABLES: -+ case TIFFTAG_JPEGACTABLES: -+ case TIFFTAG_JPEGPROC: -+ case TIFFTAG_JPEGRESTARTINTERVAL: -+ /* CCITT* */ -+ case TIFFTAG_BADFAXLINES: -+ case TIFFTAG_CLEANFAXDATA: -+ case TIFFTAG_CONSECUTIVEBADFAXLINES: -+ case TIFFTAG_GROUP3OPTIONS: -+ case TIFFTAG_GROUP4OPTIONS: -+ break; -+ default: -+ return 1; -+ } -+ /* Check if codec specific tags are allowed for the current -+ * compression scheme (codec) */ -+ switch (tif->tif_dir.td_compression) { -+ case COMPRESSION_LZW: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ case COMPRESSION_PACKBITS: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_THUNDERSCAN: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_NEXT: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_JPEG: -+ if (tag == TIFFTAG_JPEGTABLES) -+ return 1; -+ break; -+ case COMPRESSION_OJPEG: -+ switch (tag) { -+ case TIFFTAG_JPEGIFOFFSET: -+ case TIFFTAG_JPEGIFBYTECOUNT: -+ case TIFFTAG_JPEGQTABLES: -+ case TIFFTAG_JPEGDCTABLES: -+ case TIFFTAG_JPEGACTABLES: -+ case TIFFTAG_JPEGPROC: -+ case TIFFTAG_JPEGRESTARTINTERVAL: -+ return 1; -+ } -+ break; -+ case COMPRESSION_CCITTRLE: -+ case COMPRESSION_CCITTRLEW: -+ case COMPRESSION_CCITTFAX3: -+ case COMPRESSION_CCITTFAX4: -+ switch (tag) { -+ case TIFFTAG_BADFAXLINES: -+ case TIFFTAG_CLEANFAXDATA: -+ case TIFFTAG_CONSECUTIVEBADFAXLINES: -+ return 1; -+ case TIFFTAG_GROUP3OPTIONS: -+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3) -+ return 1; -+ break; -+ case TIFFTAG_GROUP4OPTIONS: -+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4) -+ return 1; -+ break; -+ } -+ break; -+ case COMPRESSION_JBIG: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_DEFLATE: -+ case COMPRESSION_ADOBE_DEFLATE: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ case COMPRESSION_PIXARLOG: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ case COMPRESSION_SGILOG: -+ case COMPRESSION_SGILOG24: -+ /* No codec-specific tags */ -+ break; -+ case COMPRESSION_LZMA: -+ if (tag == TIFFTAG_PREDICTOR) -+ return 1; -+ break; -+ -+ } -+ return 0; -+} -+ - /* vim: set ts=8 sts=8 sw=8 noet: */ - - /* -Index: libtiff/libtiff/tif_dir.h -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v -retrieving revision 1.54 -retrieving revision 1.55 -diff -u -r1.54 -r1.55 ---- libtiff/libtiff/tif_dir.h 18 Feb 2011 20:53:05 -0000 1.54 -+++ libtiff/libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55 -@@ -1,4 +1,4 @@ --/* $Id: tif_dir.h,v 1.54 2011-02-18 20:53:05 fwarmerdam Exp $ */ -+/* $Id: tif_dir.h,v 1.55 2017-06-01 12:44:04 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -291,6 +291,7 @@ - extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); - extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); - extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); -+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); - - #if defined(__cplusplus) - } diff --git a/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch b/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch deleted file mode 100644 index 060740d953..0000000000 --- a/gnu/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch +++ /dev/null @@ -1,57 +0,0 @@ -Fix an integer overflow TIFFYCbCrtoRGB(): - -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844 - -3rd party Git reference: - -https://github.com/vadz/libtiff/commit/02669064e927074819ce1ed39aba0fccaa167717 - -2017-05-29 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoid - int32 overflow in TIFFYCbCrtoRGB(). - Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844 - Credit to OSS Fuzz - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1241; previous revision: 1.1240 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v <-- libtiff/tif_color.c -new revision: 1.24; previous revision: 1.23 - -Index: libtiff/libtiff/tif_color.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v -retrieving revision 1.23 -retrieving revision 1.24 -diff -u -r1.23 -r1.24 ---- libtiff/libtiff/tif_color.c 13 May 2017 18:17:34 -0000 1.23 -+++ libtiff/libtiff/tif_color.c 29 May 2017 10:12:54 -0000 1.24 -@@ -1,4 +1,4 @@ --/* $Id: tif_color.c,v 1.23 2017-05-13 18:17:34 erouault Exp $ */ -+/* $Id: tif_color.c,v 1.24 2017-05-29 10:12:54 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -275,10 +275,10 @@ - for (i = 0, x = -128; i < 256; i++, x++) { - int32 Cr = (int32)CLAMPw(Code2V(x, refBlackWhite[4] - 128.0F, - refBlackWhite[5] - 128.0F, 127), -- -128.0F * 64, 128.0F * 64); -+ -128.0F * 32, 128.0F * 32); - int32 Cb = (int32)CLAMPw(Code2V(x, refBlackWhite[2] - 128.0F, - refBlackWhite[3] - 128.0F, 127), -- -128.0F * 64, 128.0F * 64); -+ -128.0F * 32, 128.0F * 32); - - ycbcr->Cr_r_tab[i] = (int32)((D1*Cr + ONE_HALF)>>SHIFT); - ycbcr->Cb_b_tab[i] = (int32)((D3*Cb + ONE_HALF)>>SHIFT); -@@ -286,7 +286,7 @@ - ycbcr->Cb_g_tab[i] = D4*Cb + ONE_HALF; - ycbcr->Y_tab[i] = - (int32)CLAMPw(Code2V(x + 128, refBlackWhite[0], refBlackWhite[1], 255), -- -128.0F * 64, 128.0F * 64); -+ -128.0F * 32, 128.0F * 32); - } - } - diff --git a/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch b/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch deleted file mode 100644 index a990641a49..0000000000 --- a/gnu/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch +++ /dev/null @@ -1,43 +0,0 @@ -Fix an integer overflow in initYCbCrConversion(): - -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907 - -3rd party Git reference - -https://github.com/vadz/libtiff/commit/468988860e0dae62ebbf991627c74bcbb4bd256f - - * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for - refBlackWhite coefficients values. To avoid invalid float->int32 conversion - (when refBlackWhite[0] == 2147483648.f) - Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907 - Credit to OSS Fuzz - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1243; previous revision: 1.1242 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v <-- libtiff/tif_getimage.c -new revision: 1.107; previous revision: 1.106 - -Index: libtiff/libtiff/tif_getimage.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v -retrieving revision 1.106 -retrieving revision 1.107 -diff -u -r1.106 -r1.107 ---- libtiff/libtiff/tif_getimage.c 20 May 2017 11:29:02 -0000 1.106 -+++ libtiff/libtiff/tif_getimage.c 29 May 2017 11:29:06 -0000 1.107 -@@ -1,4 +1,4 @@ --/* $Id: tif_getimage.c,v 1.106 2017-05-20 11:29:02 erouault Exp $ */ -+/* $Id: tif_getimage.c,v 1.107 2017-05-29 11:29:06 erouault Exp $ */ - - /* - * Copyright (c) 1991-1997 Sam Leffler -@@ -2241,7 +2241,7 @@ - - static int isInRefBlackWhiteRange(float f) - { -- return f >= (float)(-0x7FFFFFFF + 128) && f <= (float)0x7FFFFFFF; -+ return f > (float)(-0x7FFFFFFF + 128) && f < (float)0x7FFFFFFF; - } - - static int diff --git a/gnu/packages/patches/libunistring-gnulib-multi-core.patch b/gnu/packages/patches/libunistring-gnulib-multi-core.patch deleted file mode 100644 index 709b20c6d2..0000000000 --- a/gnu/packages/patches/libunistring-gnulib-multi-core.patch +++ /dev/null @@ -1,178 +0,0 @@ -This patch fixes performance problems on multi-core machines -as reported at <https://bugs.gnu.org/26441>. - -See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib -by Bruno Haible <bruno@clisp.org>. - -diff --git a/tests/test-lock.c b/tests/test-lock.c -index cb734b4e6..aa6de2739 100644 ---- a/tests/test-lock.c -+++ b/tests/test-lock.c -@@ -50,6 +50,13 @@ - Uncomment this to see if the operating system has a fair scheduler. */ - #define EXPLICIT_YIELD 1 - -+/* Whether to use 'volatile' on some variables that communicate information -+ between threads. If set to 0, a lock is used to protect these variables. -+ If set to 1, 'volatile' is used; this is theoretically equivalent but can -+ lead to much slower execution (e.g. 30x slower total run time on a 40-core -+ machine. */ -+#define USE_VOLATILE 0 -+ - /* Whether to print debugging messages. */ - #define ENABLE_DEBUGGING 0 - -@@ -103,6 +110,51 @@ - # define yield() - #endif - -+#if USE_VOLATILE -+struct atomic_int { -+ volatile int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ return ai->value; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ ai->value = new_value; -+} -+#else -+struct atomic_int { -+ gl_lock_define (, lock) -+ int value; -+}; -+static void -+init_atomic_int (struct atomic_int *ai) -+{ -+ gl_lock_init (ai->lock); -+} -+static int -+get_atomic_int_value (struct atomic_int *ai) -+{ -+ gl_lock_lock (ai->lock); -+ int ret = ai->value; -+ gl_lock_unlock (ai->lock); -+ return ret; -+} -+static void -+set_atomic_int_value (struct atomic_int *ai, int new_value) -+{ -+ gl_lock_lock (ai->lock); -+ ai->value = new_value; -+ gl_lock_unlock (ai->lock); -+} -+#endif -+ - #define ACCOUNT_COUNT 4 - - static int account[ACCOUNT_COUNT]; -@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg) - return NULL; - } - --static volatile int lock_checker_done; -+static struct atomic_int lock_checker_done; - - static void * - lock_checker_thread (void *arg) - { -- while (!lock_checker_done) -+ while (get_atomic_int_value (&lock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_lock_lock (my_lock); -@@ -200,7 +252,8 @@ test_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- lock_checker_done = 0; -+ init_atomic_int (&lock_checker_done); -+ set_atomic_int_value (&lock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (lock_checker_thread, NULL); -@@ -210,7 +263,7 @@ test_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- lock_checker_done = 1; -+ set_atomic_int_value (&lock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } -@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg) - return NULL; - } - --static volatile int rwlock_checker_done; -+static struct atomic_int rwlock_checker_done; - - static void * - rwlock_checker_thread (void *arg) - { -- while (!rwlock_checker_done) -+ while (get_atomic_int_value (&rwlock_checker_done) == 0) - { - dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); - gl_rwlock_rdlock (my_rwlock); -@@ -284,7 +337,8 @@ test_rwlock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- rwlock_checker_done = 0; -+ init_atomic_int (&rwlock_checker_done); -+ set_atomic_int_value (&rwlock_checker_done, 0); - - /* Spawn the threads. */ - for (i = 0; i < THREAD_COUNT; i++) -@@ -295,7 +349,7 @@ test_rwlock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- rwlock_checker_done = 1; -+ set_atomic_int_value (&rwlock_checker_done, 1); - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (checkerthreads[i], NULL); - check_accounts (); -@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg) - return NULL; - } - --static volatile int reclock_checker_done; -+static struct atomic_int reclock_checker_done; - - static void * - reclock_checker_thread (void *arg) - { -- while (!reclock_checker_done) -+ while (get_atomic_int_value (&reclock_checker_done) == 0) - { - dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); - gl_recursive_lock_lock (my_reclock); -@@ -386,7 +440,8 @@ test_recursive_lock (void) - /* Initialization. */ - for (i = 0; i < ACCOUNT_COUNT; i++) - account[i] = 1000; -- reclock_checker_done = 0; -+ init_atomic_int (&reclock_checker_done); -+ set_atomic_int_value (&reclock_checker_done, 0); - - /* Spawn the threads. */ - checkerthread = gl_thread_create (reclock_checker_thread, NULL); -@@ -396,7 +451,7 @@ test_recursive_lock (void) - /* Wait for the threads to terminate. */ - for (i = 0; i < THREAD_COUNT; i++) - gl_thread_join (threads[i], NULL); -- reclock_checker_done = 1; -+ set_atomic_int_value (&reclock_checker_done, 1); - gl_thread_join (checkerthread, NULL); - check_accounts (); - } diff --git a/gnu/packages/patches/libxml2-CVE-2016-4658.patch b/gnu/packages/patches/libxml2-CVE-2016-4658.patch deleted file mode 100644 index a4e1f31fae..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2016-4658.patch +++ /dev/null @@ -1,257 +0,0 @@ -Fix CVE-2016-4658: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b - -From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 28 Jun 2016 18:34:52 +0200 -Subject: [PATCH] Disallow namespace nodes in XPointer ranges - -Namespace nodes must be copied to avoid use-after-free errors. -But they don't necessarily have a physical representation in a -document, so simply disallow them in XPointer ranges. - -Found with afl-fuzz. - -Fixes CVE-2016-4658. ---- - xpointer.c | 149 +++++++++++++++++++++++-------------------------------------- - 1 file changed, 56 insertions(+), 93 deletions(-) - -diff --git a/xpointer.c b/xpointer.c -index a7b03fbd..694d120e 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) { - } - - /** -+ * xmlXPtrNewRangeInternal: -+ * @start: the starting node -+ * @startindex: the start index -+ * @end: the ending point -+ * @endindex: the ending index -+ * -+ * Internal function to create a new xmlXPathObjectPtr of type range -+ * -+ * Returns the newly created object. -+ */ -+static xmlXPathObjectPtr -+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, -+ xmlNodePtr end, int endindex) { -+ xmlXPathObjectPtr ret; -+ -+ /* -+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). -+ * Disallow them for now. -+ */ -+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ -+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -+ if (ret == NULL) { -+ xmlXPtrErrMemory("allocating range"); -+ return(NULL); -+ } -+ memset(ret, 0, sizeof(xmlXPathObject)); -+ ret->type = XPATH_RANGE; -+ ret->user = start; -+ ret->index = startindex; -+ ret->user2 = end; -+ ret->index2 = endindex; -+ return(ret); -+} -+ -+/** - * xmlXPtrNewRange: - * @start: the starting node - * @startindex: the start index -@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, - if (endindex < 0) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = startindex; -- ret->user2 = end; -- ret->index2 = endindex; -+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user, -+ end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) { - if (start->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) { - if (end == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - if (start == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = NULL; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1); - return(ret); - } - -@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - */ - xmlXPathObjectPtr - xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { -+ xmlNodePtr endNode; -+ int endIndex; - xmlXPathObjectPtr ret; - - if (start == NULL) -@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - return(NULL); - switch (end->type) { - case XPATH_POINT: -+ endNode = end->user; -+ endIndex = end->index; -+ break; - case XPATH_RANGE: -+ endNode = end->user2; -+ endIndex = end->index2; - break; - case XPATH_NODESET: - /* -@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - */ - if (end->nodesetval->nodeNr <= 0) - return(NULL); -+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -+ endIndex = -1; - break; - default: - /* TODO */ - return(NULL); - } - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- switch (end->type) { -- case XPATH_POINT: -- ret->user2 = end->user; -- ret->index2 = end->index; -- break; -- case XPATH_RANGE: -- ret->user2 = end->user2; -- ret->index2 = end->index2; -- break; -- case XPATH_NODESET: { -- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -- ret->index2 = -1; -- break; -- } -- default: -- STRANGE -- return(NULL); -- } -+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } --- -2.11.0 - diff --git a/gnu/packages/patches/libxml2-CVE-2016-5131.patch b/gnu/packages/patches/libxml2-CVE-2016-5131.patch deleted file mode 100644 index 38938c8e3e..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2016-5131.patch +++ /dev/null @@ -1,218 +0,0 @@ -Fix CVE-2016-5131: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131 - -Patches copied from upstream source repository (the test suite fails -without the 2nd patch): - -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e -https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8 - -From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 28 Jun 2016 14:22:23 +0200 -Subject: [PATCH] Fix XPointer paths beginning with range-to - -The old code would invoke the broken xmlXPtrRangeToFunction. range-to -isn't really a function but a special kind of location step. Remove -this function and always handle range-to in the XPath code. - -The old xmlXPtrRangeToFunction could also be abused to trigger a -use-after-free error with the potential for remote code execution. - -Found with afl-fuzz. - -Fixes CVE-2016-5131. ---- - result/XPath/xptr/vidbase | 13 ++++++++ - test/XPath/xptr/vidbase | 1 + - xpath.c | 7 ++++- - xpointer.c | 76 ++++------------------------------------------- - 4 files changed, 26 insertions(+), 71 deletions(-) - -diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase -index 8b9e92d6..f19193e7 100644 ---- a/result/XPath/xptr/vidbase -+++ b/result/XPath/xptr/vidbase -@@ -17,3 +17,16 @@ Object is a Location Set: - To node - ELEMENT p - -+ -+======================== -+Expression: xpointer(range-to(id('chapter2'))) -+Object is a Location Set: -+1 : Object is a range : -+ From node -+ / -+ To node -+ ELEMENT chapter -+ ATTRIBUTE id -+ TEXT -+ content=chapter2 -+ -diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase -index b1463830..884b1065 100644 ---- a/test/XPath/xptr/vidbase -+++ b/test/XPath/xptr/vidbase -@@ -1,2 +1,3 @@ - xpointer(id('chapter1')/p) - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) -+xpointer(range-to(id('chapter2'))) -diff --git a/xpath.c b/xpath.c -index d992841e..5a01b1b3 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) { - lc = 1; - break; - } else if ((NXT(len) == '(')) { -- /* Note Type or Function */ -+ /* Node Type or Function */ - if (xmlXPathIsNodeType(name)) { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, - "PathExpr: Type search\n"); - #endif - lc = 1; -+#ifdef LIBXML_XPTR_ENABLED -+ } else if (ctxt->xptr && -+ xmlStrEqual(name, BAD_CAST "range-to")) { -+ lc = 1; -+#endif - } else { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, -diff --git a/xpointer.c b/xpointer.c -index 676c5105..d74174a3 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) { - ret->here = here; - ret->origin = origin; - -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", -- xmlXPtrRangeToFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range", - xmlXPtrRangeFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", -@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) { - * @nargs: the number of args - * - * Implement the range-to() XPointer function -+ * -+ * Obsolete. range-to is not a real function but a special type of location -+ * step which is handled in xpath.c. - */ - void --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { -- xmlXPathObjectPtr range; -- const xmlChar *cur; -- xmlXPathObjectPtr res, obj; -- xmlXPathObjectPtr tmp; -- xmlLocationSetPtr newset = NULL; -- xmlNodeSetPtr oldset; -- int i; -- -- if (ctxt == NULL) return; -- CHECK_ARITY(1); -- /* -- * Save the expression pointer since we will have to evaluate -- * it multiple times. Initialize the new set. -- */ -- CHECK_TYPE(XPATH_NODESET); -- obj = valuePop(ctxt); -- oldset = obj->nodesetval; -- ctxt->context->node = NULL; -- -- cur = ctxt->cur; -- newset = xmlXPtrLocationSetCreate(NULL); -- -- for (i = 0; i < oldset->nodeNr; i++) { -- ctxt->cur = cur; -- -- /* -- * Run the evaluation with a node list made of a single item -- * in the nodeset. -- */ -- ctxt->context->node = oldset->nodeTab[i]; -- tmp = xmlXPathNewNodeSet(ctxt->context->node); -- valuePush(ctxt, tmp); -- -- xmlXPathEvalExpr(ctxt); -- CHECK_ERROR; -- -- /* -- * The result of the evaluation need to be tested to -- * decided whether the filter succeeded or not -- */ -- res = valuePop(ctxt); -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); -- if (range != NULL) { -- xmlXPtrLocationSetAdd(newset, range); -- } -- -- /* -- * Cleanup -- */ -- if (res != NULL) -- xmlXPathFreeObject(res); -- if (ctxt->value == tmp) { -- res = valuePop(ctxt); -- xmlXPathFreeObject(res); -- } -- -- ctxt->context->node = NULL; -- } -- -- /* -- * The result is used as the new evaluation set. -- */ -- xmlXPathFreeObject(obj); -- ctxt->context->node = NULL; -- ctxt->context->contextSize = -1; -- ctxt->context->proximityPosition = -1; -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, -+ int nargs ATTRIBUTE_UNUSED) { -+ XP_ERROR(XPATH_EXPR_ERROR); - } - - /** --- -2.11.0 - -From a005199330b86dada19d162cae15ef9bdcb6baa8 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 28 Jun 2016 14:19:58 +0200 -Subject: [PATCH] Fix comparison with root node in xmlXPathCmpNodes - -This change has already been made in xmlXPathCmpNodesExt but not in -xmlXPathCmpNodes. ---- - xpath.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/xpath.c b/xpath.c -index 751665b8..d992841e 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) { - * compute depth to root - */ - for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { -- if (cur == node1) -+ if (cur->parent == node1) - return(1); - depth2++; - } - root = cur; - for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { -- if (cur == node2) -+ if (cur->parent == node2) - return(-1); - depth1++; - } --- -2.11.0 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-0663.patch b/gnu/packages/patches/libxml2-CVE-2017-0663.patch deleted file mode 100644 index b0277a2d23..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-0663.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix CVE-2017-0663: - -https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663 -https://security-tracker.debian.org/tracker/CVE-2017-0663 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66 - -From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 6 Jun 2017 12:56:28 +0200 -Subject: [PATCH] Fix type confusion in xmlValidateOneNamespace - -Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on -namespace declarations make no practical sense anyway. - -Fixes bug 780228. - -Found with libFuzzer and ASan. ---- - valid.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/valid.c b/valid.c -index 8075d3a0..c51ea290 100644 ---- a/valid.c -+++ b/valid.c -@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - } - } - -+ /* -+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions -+ * xmlAddID and xmlAddRef for namespace declarations, but it makes -+ * no practical sense to use ID types anyway. -+ */ -+#if 0 - /* Validity Constraint: ID uniqueness */ - if (attrDecl->atype == XML_ATTRIBUTE_ID) { - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) -@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) - ret = 0; - } -+#endif - - /* Validity Constraint: Notation Attributes */ - if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-7375.patch b/gnu/packages/patches/libxml2-CVE-2017-7375.patch deleted file mode 100644 index 32af1ff6ba..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-7375.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2017-7375: - -https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375 -https://security-tracker.debian.org/tracker/CVE-2017-7375 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e - -From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001 -From: Neel Mehta <nmehta@google.com> -Date: Fri, 7 Apr 2017 17:43:02 +0200 -Subject: [PATCH] Prevent unwanted external entity reference - -For https://bugzilla.gnome.org/show_bug.cgi?id=780691 - -* parser.c: add a specific check to avoid PE reference ---- - parser.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/parser.c b/parser.c -index 609a2703..c2c812de 100644 ---- a/parser.c -+++ b/parser.c -@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt) - if (xmlPushInput(ctxt, input) < 0) - return; - } else { -+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && -+ ((ctxt->options & XML_PARSE_NOENT) == 0) && -+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) && -+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) && -+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) && -+ (ctxt->replaceEntities == 0) && -+ (ctxt->validate == 0)) -+ return; -+ - /* - * TODO !!! - * handle the extra spaces added before and after --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-7376.patch b/gnu/packages/patches/libxml2-CVE-2017-7376.patch deleted file mode 100644 index 5b9e45bd83..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-7376.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix CVE-2017-7376: - -https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376 -https://security-tracker.debian.org/tracker/CVE-2017-7376 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e - -From 5dca9eea1bd4263bfa4d037ab2443de1cd730f7e Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Fri, 7 Apr 2017 17:13:28 +0200 -Subject: [PATCH] Increase buffer space for port in HTTP redirect support - -For https://bugzilla.gnome.org/show_bug.cgi?id=780690 - -nanohttp.c: the code wrongly assumed a short int port value. ---- - nanohttp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/nanohttp.c b/nanohttp.c -index e109ad75..373425de 100644 ---- a/nanohttp.c -+++ b/nanohttp.c -@@ -1423,9 +1423,9 @@ retry: - if (ctxt->port != 80) { - /* reserve space for ':xxxxx', incl. potential proxy */ - if (proxy) -- blen += 12; -+ blen += 17; - else -- blen += 6; -+ blen += 11; - } - bp = (char*)xmlMallocAtomic(blen); - if ( bp == NULL ) { --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch b/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch deleted file mode 100644 index 0a0e6d34cf..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch +++ /dev/null @@ -1,130 +0,0 @@ -Fix CVE-2017-{9047,9048}: - -https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not yet public) -https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048 -http://www.openwall.com/lists/oss-security/2017/05/15/1 -https://security-tracker.debian.org/tracker/CVE-2017-9047 -https://security-tracker.debian.org/tracker/CVE-2017-9048 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74 - -From 932cc9896ab41475d4aa429c27d9afd175959d74 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Sat, 3 Jun 2017 02:01:29 +0200 -Subject: [PATCH] Fix buffer size checks in xmlSnprintfElementContent -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -xmlSnprintfElementContent failed to correctly check the available -buffer space in two locations. - -Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). - -Thanks to Marcel Böhme and Thuan Pham for the report. ---- - result/valid/781333.xml | 5 +++++ - result/valid/781333.xml.err | 3 +++ - result/valid/781333.xml.err.rdr | 6 ++++++ - test/valid/781333.xml | 4 ++++ - valid.c | 20 +++++++++++--------- - 5 files changed, 29 insertions(+), 9 deletions(-) - create mode 100644 result/valid/781333.xml - create mode 100644 result/valid/781333.xml.err - create mode 100644 result/valid/781333.xml.err.rdr - create mode 100644 test/valid/781333.xml - -diff --git a/result/valid/781333.xml b/result/valid/781333.xml -new file mode 100644 -index 00000000..45dc451d ---- /dev/null -+++ b/result/valid/781333.xml -@@ -0,0 +1,5 @@ -+<?xml version="1.0"?> -+<!DOCTYPE a [ -+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> -+]> -+<a/> -diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err -new file mode 100644 -index 00000000..b401b49a ---- /dev/null -+++ b/result/valid/781333.xml.err -@@ -0,0 +1,3 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+<a/> -+ ^ -diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr -new file mode 100644 -index 00000000..5ff56992 ---- /dev/null -+++ b/result/valid/781333.xml.err.rdr -@@ -0,0 +1,6 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+<a/> -+ ^ -+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child -+ -+^ -diff --git a/test/valid/781333.xml b/test/valid/781333.xml -new file mode 100644 -index 00000000..b29e5a68 ---- /dev/null -+++ b/test/valid/781333.xml -@@ -0,0 +1,4 @@ -+<!DOCTYPE a [ -+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> -+]> -+<a/> -diff --git a/valid.c b/valid.c -index 19f84b82..9b2df56a 100644 ---- a/valid.c -+++ b/valid.c -@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - case XML_ELEMENT_CONTENT_PCDATA: - strcat(buf, "#PCDATA"); - break; -- case XML_ELEMENT_CONTENT_ELEMENT: -+ case XML_ELEMENT_CONTENT_ELEMENT: { -+ int qnameLen = xmlStrlen(content->name); -+ -+ if (content->prefix != NULL) -+ qnameLen += xmlStrlen(content->prefix) + 1; -+ if (size - len < qnameLen + 10) { -+ strcat(buf, " ..."); -+ return; -+ } - if (content->prefix != NULL) { -- if (size - len < xmlStrlen(content->prefix) + 10) { -- strcat(buf, " ..."); -- return; -- } - strcat(buf, (char *) content->prefix); - strcat(buf, ":"); - } -- if (size - len < xmlStrlen(content->name) + 10) { -- strcat(buf, " ..."); -- return; -- } - if (content->name != NULL) - strcat(buf, (char *) content->name); - break; -+ } - case XML_ELEMENT_CONTENT_SEQ: - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - xmlSnprintfElementContent(buf, size, content->c2, 0); - break; - } -+ if (size - strlen(buf) <= 2) return; - if (englob) - strcat(buf, ")"); - switch (content->ocur) { --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch b/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch deleted file mode 100644 index 890e9c2284..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch +++ /dev/null @@ -1,319 +0,0 @@ -Fix CVE-2017-{9049,9050}: - -https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not yet public) -https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050 -http://www.openwall.com/lists/oss-security/2017/05/15/1 -https://security-tracker.debian.org/tracker/CVE-2017-9049 -https://security-tracker.debian.org/tracker/CVE-2017-9050 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3 - -Changes to 'runtest.c' are removed since they introduce test failure -when applying to libxml2 2.9.4 release tarball. - -From e26630548e7d138d2c560844c43820b6767251e3 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Mon, 5 Jun 2017 15:37:17 +0200 -Subject: [PATCH] Fix handling of parameter-entity references -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There were two bugs where parameter-entity references could lead to an -unexpected change of the input buffer in xmlParseNameComplex and -xmlDictLookup being called with an invalid pointer. - -Percent sign in DTD Names -========================= - -The NEXTL macro used to call xmlParserHandlePEReference. When parsing -"complex" names inside the DTD, this could result in entity expansion -which created a new input buffer. The fix is to simply remove the call -to xmlParserHandlePEReference from the NEXTL macro. This is safe because -no users of the macro require expansion of parameter entities. - -- xmlParseNameComplex -- xmlParseNCNameComplex -- xmlParseNmtoken - -The percent sign is not allowed in names, which are grammatical tokens. - -- xmlParseEntityValue - -Parameter-entity references in entity values are expanded but this -happens in a separate step in this function. - -- xmlParseSystemLiteral - -Parameter-entity references are ignored in the system literal. - -- xmlParseAttValueComplex -- xmlParseCharDataComplex -- xmlParseCommentComplex -- xmlParsePI -- xmlParseCDSect - -Parameter-entity references are ignored outside the DTD. - -- xmlLoadEntityContent - -This function is only called from xmlStringLenDecodeEntities and -entities are replaced in a separate step immediately after the function -call. - -This bug could also be triggered with an internal subset and double -entity expansion. - -This fixes bug 766956 initially reported by Wei Lei and independently by -Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone -involved. - -xmlParseNameComplex with XML_PARSE_OLD10 -======================================== - -When parsing Names inside an expanded parameter entity with the -XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the -GROW macro if the input buffer was exhausted. At the end of the -parameter entity's replacement text, this function would then call -xmlPopInput which invalidated the input buffer. - -There should be no need to invoke GROW in this situation because the -buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, -at least for UTF-8, in xmlCurrentChar. This also matches the code path -executed when XML_PARSE_OLD10 is not set. - -This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). -Thanks to Marcel Böhme and Thuan Pham for the report. - -Additional hardening -==================== - -A separate check was added in xmlParseNameComplex to validate the -buffer size. ---- - Makefile.am | 18 ++++++++++++++++++ - parser.c | 18 ++++++++++-------- - result/errors10/781205.xml | 0 - result/errors10/781205.xml.err | 21 +++++++++++++++++++++ - result/errors10/781361.xml | 0 - result/errors10/781361.xml.err | 13 +++++++++++++ - result/valid/766956.xml | 0 - result/valid/766956.xml.err | 9 +++++++++ - result/valid/766956.xml.err.rdr | 10 ++++++++++ - runtest.c | 3 +++ - test/errors10/781205.xml | 3 +++ - test/errors10/781361.xml | 3 +++ - test/valid/766956.xml | 2 ++ - test/valid/dtds/766956.dtd | 2 ++ - 14 files changed, 94 insertions(+), 8 deletions(-) - create mode 100644 result/errors10/781205.xml - create mode 100644 result/errors10/781205.xml.err - create mode 100644 result/errors10/781361.xml - create mode 100644 result/errors10/781361.xml.err - create mode 100644 result/valid/766956.xml - create mode 100644 result/valid/766956.xml.err - create mode 100644 result/valid/766956.xml.err.rdr - create mode 100644 test/errors10/781205.xml - create mode 100644 test/errors10/781361.xml - create mode 100644 test/valid/766956.xml - create mode 100644 test/valid/dtds/766956.dtd - -diff --git a/Makefile.am b/Makefile.am -index 6fc8ffa9..10e716a5 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -427,6 +427,24 @@ Errtests : xmllint$(EXEEXT) - if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ - rm result.$$name error.$$name ; \ - fi ; fi ; done) -+ @echo "## Error cases regression tests (old 1.0)" -+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \ -+ name=`basename $$i`; \ -+ if [ ! -d $$i ] ; then \ -+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \ -+ echo New test file $$name ; \ -+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \ -+ 2> $(srcdir)/result/errors10/$$name.err \ -+ > $(srcdir)/result/errors10/$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ else \ -+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ diff $(srcdir)/result/errors10/$$name result.$$name ; \ -+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \ -+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ -+ rm result.$$name error.$$name ; \ -+ fi ; fi ; done) - @echo "## Error cases stream regression tests" - -@(for i in $(srcdir)/test/errors/*.xml ; do \ - name=`basename $$i`; \ -diff --git a/parser.c b/parser.c -index df2efa55..a175ac4e 100644 ---- a/parser.c -+++ b/parser.c -@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) { - ctxt->input->line++; ctxt->input->col = 1; \ - } else ctxt->input->col++; \ - ctxt->input->cur += l; \ -- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \ - } while (0) - - #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l) -@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - len += l; - NEXTL(l); - c = CUR_CHAR(l); -- if (c == 0) { -- count = 0; -- GROW; -- if (ctxt->instate == XML_PARSER_EOF) -- return(NULL); -- c = CUR_CHAR(l); -- } - } - } - if ((len > XML_MAX_NAME_LENGTH) && -@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); - return(NULL); - } -+ if (ctxt->input->cur - ctxt->input->base < len) { -+ /* -+ * There were a couple of bugs where PERefs lead to to a change -+ * of the buffer. Check the buffer size to avoid passing an invalid -+ * pointer to xmlDictLookup. -+ */ -+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, -+ "unexpected change of input buffer"); -+ return (NULL); -+ } - if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); -diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml -new file mode 100644 -index 00000000..e69de29b -diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err -new file mode 100644 -index 00000000..da15c3f7 ---- /dev/null -+++ b/result/errors10/781205.xml.err -@@ -0,0 +1,21 @@ -+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+Entity: line 1: parser error : DOCTYPE improperly terminated -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+namespace error : Failed to parse QName ':0000' -+ %a; -+ ^ -+<:0000 -+ ^ -+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1 -+ -+^ -diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml -new file mode 100644 -index 00000000..e69de29b -diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err -new file mode 100644 -index 00000000..655f41a2 ---- /dev/null -+++ b/result/errors10/781361.xml.err -@@ -0,0 +1,13 @@ -+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected -+ -+^ -+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ -+^ -+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated -+ -+^ -+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found -+ -+^ -diff --git a/result/valid/766956.xml b/result/valid/766956.xml -new file mode 100644 -index 00000000..e69de29b -diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err -new file mode 100644 -index 00000000..34b1dae6 ---- /dev/null -+++ b/result/valid/766956.xml.err -@@ -0,0 +1,9 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr -new file mode 100644 -index 00000000..77603462 ---- /dev/null -+++ b/result/valid/766956.xml.err.rdr -@@ -0,0 +1,10 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -+./test/valid/766956.xml : failed to parse -diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml -new file mode 100644 -index 00000000..d9e9e839 ---- /dev/null -+++ b/test/errors10/781205.xml -@@ -0,0 +1,3 @@ -+<!DOCTYPE D [ -+ <!ENTITY % a "<:0000"> -+ %a; -diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml -new file mode 100644 -index 00000000..67476bcb ---- /dev/null -+++ b/test/errors10/781361.xml -@@ -0,0 +1,3 @@ -+<!DOCTYPE doc [ -+ <!ENTITY % elem "<!ELEMENT e0000000000"> -+ %elem; -diff --git a/test/valid/766956.xml b/test/valid/766956.xml -new file mode 100644 -index 00000000..19a95a0e ---- /dev/null -+++ b/test/valid/766956.xml -@@ -0,0 +1,2 @@ -+<!DOCTYPE test SYSTEM "dtds/766956.dtd"> -+<test/> -diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd -new file mode 100644 -index 00000000..dddde68b ---- /dev/null -+++ b/test/valid/dtds/766956.dtd -@@ -0,0 +1,2 @@ -+<!ENTITY % ent "value"> -+%ä%ent; --- -2.14.1 - diff --git a/gnu/packages/patches/libxslt-CVE-2016-4738.patch b/gnu/packages/patches/libxslt-CVE-2016-4738.patch deleted file mode 100644 index a7537c66ca..0000000000 --- a/gnu/packages/patches/libxslt-CVE-2016-4738.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix CVE-2016-4738: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738 -https://bugs.chromium.org/p/chromium/issues/detail?id=619006 - -Patch copied from upstream source repository: -https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880 - -From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Fri, 10 Jun 2016 14:23:58 +0200 -Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion - -An empty decimal-separator could cause a heap overread. This can be -exploited to leak a couple of bytes after the buffer that holds the -pattern string. - -Found with afl-fuzz and ASan. ---- - libxslt/numbers.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libxslt/numbers.c b/libxslt/numbers.c -index d1549b4..e78c46b 100644 ---- a/libxslt/numbers.c -+++ b/libxslt/numbers.c -@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self, - } - - /* We have finished the integer part, now work on fraction */ -- if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) { -+ if ( (*the_format != 0) && -+ (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) { - format_info.add_decimal = TRUE; - the_format += xsltUTF8Size(the_format); /* Skip over the decimal */ - } --- -2.10.2 - diff --git a/gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch b/gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch deleted file mode 100644 index 1f1b26801d..0000000000 --- a/gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch +++ /dev/null @@ -1,200 +0,0 @@ -Fix CVE-2017-10684 and CVE-2017-10685: - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684 -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685 - -Bug reports included proof of concept reproducer inputs: - -https://bugzilla.redhat.com/show_bug.cgi?id=1464684 -https://bugzilla.redhat.com/show_bug.cgi?id=1464685 -https://bugzilla.redhat.com/show_bug.cgi?id=1464686 -https://bugzilla.redhat.com/show_bug.cgi?id=1464687 -https://bugzilla.redhat.com/show_bug.cgi?id=1464688 -https://bugzilla.redhat.com/show_bug.cgi?id=1464691 -https://bugzilla.redhat.com/show_bug.cgi?id=1464692 - -Patches copied from ncurses patch release 20170701: - -ftp://invisible-island.net/ncurses/6.0/ncurses-6.0-20170701.patch.gz - -Excerpt from patch release announcement: - - + add/improve checks in tic's parser to address invalid input - (Redhat #1464684, #1464685, #1464686, #1464691). - + alloc_entry.c, add a check for a null-pointer. - + parse_entry.c, add several checks for valid pointers as well as - one check to ensure that a single character on a line is not - treated as the 2-character termcap short-name. - + the fixes for Redhat #1464685 obscured a problem subsequently - reported in Redhat #1464687; the given test-case was no longer - reproducible. Testing without the fixes for the earlier reports - showed a problem with buffer overflow in dump_entry.c, which is - addressed by reducing the use of a fixed-size buffer. - -https://lists.gnu.org/archive/html/bug-ncurses/2017-07/msg00001.html - ---- ncurses-6.0-20170624+/ncurses/tinfo/alloc_entry.c 2017-04-09 23:33:51.000000000 +0000 -+++ ncurses-6.0-20170701/ncurses/tinfo/alloc_entry.c 2017-06-27 23:48:55.000000000 +0000 -@@ -96,7 +96,11 @@ - { - char *result = 0; - size_t old_next_free = next_free; -- size_t len = strlen(string) + 1; -+ size_t len; -+ -+ if (string == 0) -+ return _nc_save_str(""); -+ len = strlen(string) + 1; - - if (len == 1 && next_free != 0) { - /* ---- ncurses-6.0-20170624+/ncurses/tinfo/parse_entry.c 2017-06-24 22:59:46.000000000 +0000 -+++ ncurses-6.0-20170701/ncurses/tinfo/parse_entry.c 2017-06-28 00:53:12.000000000 +0000 -@@ -236,13 +236,14 @@ - * implemented it. Note that the resulting terminal type was never the - * 2-character name, but was instead the first alias after that. - */ -+#define ok_TC2(s) (isgraph(UChar(s)) && (s) != '|') - ptr = _nc_curr_token.tk_name; - if (_nc_syntax == SYN_TERMCAP - #if NCURSES_XNAMES - && !_nc_user_definable - #endif - ) { -- if (ptr[2] == '|') { -+ if (ok_TC2(ptr[0]) && ok_TC2(ptr[1]) && (ptr[2] == '|')) { - ptr += 3; - _nc_curr_token.tk_name[2] = '\0'; - } -@@ -284,9 +285,11 @@ - if (is_use || is_tc) { - entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring); - entryp->uses[entryp->nuses].line = _nc_curr_line; -- entryp->nuses++; -- if (entryp->nuses > 1 && is_tc) { -- BAD_TC_USAGE -+ if (VALID_STRING(entryp->uses[entryp->nuses].name)) { -+ entryp->nuses++; -+ if (entryp->nuses > 1 && is_tc) { -+ BAD_TC_USAGE -+ } - } - } else { - /* normal token lookup */ -@@ -588,7 +591,7 @@ - static void - append_acs(string_desc * dst, int code, char *src) - { -- if (src != 0 && strlen(src) == 1) { -+ if (VALID_STRING(src) && strlen(src) == 1) { - append_acs0(dst, code, *src); - } - } -@@ -849,15 +852,14 @@ - } - - if (tp->Strings[to_ptr->nte_index]) { -+ const char *s = tp->Strings[from_ptr->nte_index]; -+ const char *t = tp->Strings[to_ptr->nte_index]; - /* There's no point in warning about it if it's the same - * string; that's just an inefficiency. - */ -- if (strcmp( -- tp->Strings[from_ptr->nte_index], -- tp->Strings[to_ptr->nte_index]) != 0) -+ if (VALID_STRING(s) && VALID_STRING(t) && strcmp(s, t) != 0) - _nc_warning("%s (%s) already has an explicit value %s, ignoring ko", -- ap->to, ap->from, -- _nc_visbuf(tp->Strings[to_ptr->nte_index])); -+ ap->to, ap->from, t); - continue; - } - ---- ncurses-6.0-20170624+/progs/dump_entry.c 2017-06-23 22:47:43.000000000 +0000 -+++ ncurses-6.0-20170701/progs/dump_entry.c 2017-07-01 11:27:29.000000000 +0000 -@@ -841,9 +841,10 @@ - PredIdx num_strings = 0; - bool outcount = 0; - --#define WRAP_CONCAT \ -- wrap_concat(buffer); \ -- outcount = TRUE -+#define WRAP_CONCAT1(s) wrap_concat(s); outcount = TRUE -+#define WRAP_CONCAT2(a,b) wrap_concat(a); WRAP_CONCAT1(b) -+#define WRAP_CONCAT3(a,b,c) wrap_concat(a); WRAP_CONCAT2(b,c) -+#define WRAP_CONCAT WRAP_CONCAT1(buffer) - - len = 12; /* terminfo file-header */ - -@@ -1007,9 +1008,9 @@ - set_attributes = save_sgr; - - trimmed_sgr0 = _nc_trim_sgr0(tterm); -- if (strcmp(capability, trimmed_sgr0)) -+ if (strcmp(capability, trimmed_sgr0)) { - capability = trimmed_sgr0; -- else { -+ } else { - if (trimmed_sgr0 != exit_attribute_mode) - free(trimmed_sgr0); - } -@@ -1046,13 +1047,21 @@ - _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer)) - "%s=!!! %s WILL NOT CONVERT !!!", - name, srccap); -+ WRAP_CONCAT; - } else if (suppress_untranslatable) { - continue; - } else { - char *s = srccap, *d = buffer; -- _nc_SPRINTF(d, _nc_SLIMIT(sizeof(buffer)) "..%s=", name); -- d += strlen(d); -+ WRAP_CONCAT3("..", name, "="); - while ((*d = *s++) != 0) { -+ if ((d - buffer - 1) >= (int) sizeof(buffer)) { -+ fprintf(stderr, -+ "%s: value for %s is too long\n", -+ _nc_progname, -+ name); -+ *d = '\0'; -+ break; -+ } - if (*d == ':') { - *d++ = '\\'; - *d = ':'; -@@ -1061,13 +1070,12 @@ - } - d++; - } -+ WRAP_CONCAT; - } - } else { -- _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer)) -- "%s=%s", name, cv); -+ WRAP_CONCAT3(name, "=", cv); - } - len += (int) strlen(capability) + 1; -- WRAP_CONCAT; - } else { - char *src = _nc_tic_expand(capability, - outform == F_TERMINFO, numbers); -@@ -1083,8 +1091,7 @@ - strcpy_DYN(&tmpbuf, src); - } - len += (int) strlen(capability) + 1; -- wrap_concat(tmpbuf.text); -- outcount = TRUE; -+ WRAP_CONCAT1(tmpbuf.text); - } - } - /* e.g., trimmed_sgr0 */ -@@ -1526,7 +1533,8 @@ - } - if (len > critlen) { - (void) fprintf(stderr, -- "warning: %s entry is %d bytes long\n", -+ "%s: %s entry is %d bytes long\n", -+ _nc_progname, - _nc_first_name(tterm->term_names), - len); - SHOW_WHY("# WARNING: this entry, %d bytes long, may core-dump %s libraries!\n", diff --git a/gnu/packages/patches/pcre-CVE-2017-7186.patch b/gnu/packages/patches/pcre-CVE-2017-7186.patch deleted file mode 100644 index d23aa10374..0000000000 --- a/gnu/packages/patches/pcre-CVE-2017-7186.patch +++ /dev/null @@ -1,56 +0,0 @@ -Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186> -from <https://vcs.pcre.org/pcre?view=revision&revision=1688>. - ---- trunk/pcre_internal.h 2016/05/21 13:34:44 1649 -+++ trunk/pcre_internal.h 2017/02/24 17:30:30 1688 -@@ -2772,6 +2772,9 @@ - extern const pcre_uint16 PRIV(ucd_stage2)[]; - extern const pcre_uint32 PRIV(ucp_gentype)[]; - extern const pcre_uint32 PRIV(ucp_gbtable)[]; -+#ifdef COMPILE_PCRE32 -+extern const ucd_record PRIV(dummy_ucd_record)[]; -+#endif - #ifdef SUPPORT_JIT - extern const int PRIV(ucp_typerange)[]; - #endif -@@ -2780,9 +2783,15 @@ - /* UCD access macros */ - - #define UCD_BLOCK_SIZE 128 --#define GET_UCD(ch) (PRIV(ucd_records) + \ -+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \ - PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \ - UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE]) -+ -+#ifdef COMPILE_PCRE32 -+#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch)) -+#else -+#define GET_UCD(ch) REAL_GET_UCD(ch) -+#endif - - #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype - #define UCD_SCRIPT(ch) GET_UCD(ch)->script - ---- trunk/pcre_ucd.c 2014/06/19 07:51:39 1490 -+++ trunk/pcre_ucd.c 2017/02/24 17:30:30 1688 -@@ -38,6 +38,20 @@ - const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0}; - #else - -+/* If the 32-bit library is run in non-32-bit mode, character values -+greater than 0x10ffff may be encountered. For these we set up a -+special record. */ -+ -+#ifdef COMPILE_PCRE32 -+const ucd_record PRIV(dummy_ucd_record)[] = {{ -+ ucp_Common, /* script */ -+ ucp_Cn, /* type unassigned */ -+ ucp_gbOther, /* grapheme break property */ -+ 0, /* case set */ -+ 0, /* other case */ -+ }}; -+#endif -+ - /* When recompiling tables with a new Unicode version, please check the - types in this structure definition from pcre_internal.h (the actual - field names will be different): diff --git a/gnu/packages/patches/python-2.7-adjust-tests.patch b/gnu/packages/patches/python-2.7-adjust-tests.patch new file mode 100644 index 0000000000..12fe6e2e1e --- /dev/null +++ b/gnu/packages/patches/python-2.7-adjust-tests.patch @@ -0,0 +1,22 @@ +SIGINT is ignored in the Guix build environment. + +--- a/Lib/test/test_regrtest.py ++++ b/Lib/test/test_regrtest.py +@@ -399,6 +399,8 @@ + output = self.run_tests('--fromfile', filename) + self.check_executed_tests(output, tests) + ++ @unittest.skipIf(True, ++ "KeyboardInterrupts do not work in the build environment") + def test_interrupted(self): + code = TEST_INTERRUPTED + test = self.create_test('sigint', code=code) +@@ -416,6 +418,8 @@ + % (self.TESTNAME_REGEX, len(tests))) + self.check_line(output, regex) + ++ @unittest.skipIf(True, ++ "KeyboardInterrupts do not work in the build environment") + def test_slow_interrupted(self): + # Issue #25373: test --slowest with an interrupted test + code = TEST_INTERRUPTED diff --git a/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch b/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch deleted file mode 100644 index 5a09b4ac52..0000000000 --- a/gnu/packages/patches/python-2.7-getentropy-on-old-kernels.patch +++ /dev/null @@ -1,54 +0,0 @@ -This patch resolves a compatibility issue when compiled against glibc -2.25 -and run runder kernels < 3.17: - -https://bugzilla.redhat.com/show_bug.cgi?id=1410175 - -Upstream bug URLs: - -https://bugs.python.org/issue29157 -https://bugs.python.org/issue29188 - -Patch adapted from upstream source repository: - -https://github.com/python/cpython/commit/01bdbad3e951014c58581635b94b22868537901c - -From 01bdbad3e951014c58581635b94b22868537901c Mon Sep 17 00:00:00 2001 -From: Victor Stinner <victor.stinner@gmail.com> -Date: Mon, 9 Jan 2017 11:10:41 +0100 -Subject: [PATCH] Don't use getentropy() on Linux - -Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but -read from /dev/urandom to get random bytes, for example in os.urandom(). On -Linux, getentropy() is implemented which getrandom() is blocking mode, whereas -os.urandom() should not block. ---- - Misc/NEWS | 5 +++++ - Python/random.c | 11 +++++++++-- - 2 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/Python/random.c b/Python/random.c -index 57c41ffcd6..000cb36938 100644 ---- a/Python/random.c -+++ b/Python/random.c -@@ -97,8 +97,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) - } - - /* Issue #25003: Don't use getentropy() on Solaris (available since -- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ --#elif defined(HAVE_GETENTROPY) && !defined(sun) -+ Solaris 11.3), it is blocking whereas os.urandom() should not block. -+ -+ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24 -+ implements it with the getrandom() syscall which can fail with ENOSYS, -+ and this error is not supported in py_getentropy() and getrandom() is called -+ with flags=0 which blocks until system urandom is initialized, which is not -+ the desired behaviour to seed the Python hash secret nor for os.urandom(): -+ see the PEP 524 which was only implemented in Python 3.6. */ -+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux) - #define PY_GETENTROPY 1 - - /* Fill buffer with size pseudo-random bytes generated by getentropy(). --- -2.12.0 - diff --git a/gnu/packages/patches/python-3-fix-tests.patch b/gnu/packages/patches/python-3-fix-tests.patch new file mode 100644 index 0000000000..ab713c54dd --- /dev/null +++ b/gnu/packages/patches/python-3-fix-tests.patch @@ -0,0 +1,149 @@ +Additional test fixes which affect Python 3.5 (and presumably later) but not +prior revisions of Python. + +--- Lib/test/test_pathlib.py 2014-03-01 03:02:36.088311000 +0100 ++++ Lib/test/test_pathlib.py 2014-03-01 04:56:37.768311000 +0100 +@@ -2132,8 +2132,7 @@ + self.assertEqual(given, expect) + self.assertEqual(set(p.rglob("FILEd*")), set()) + +- @unittest.skipUnless(hasattr(pwd, 'getpwall'), +- 'pwd module does not expose getpwall()') ++ @unittest.skipIf(True, "Guix builder home is '/' which causes trouble for these tests") + def test_expanduser(self): + P = self.cls + support.import_module('pwd') +--- Lib/test/test_tarfile.py 2016-02-24 19:22:52.597208055 +0000 ++++ Lib/test/test_tarfile.py 2016-02-24 20:50:48.941950135 +0000 +@@ -2305,11 +2305,14 @@ + try: + import pwd, grp + except ImportError: + return False +- if pwd.getpwuid(0)[0] != 'root': +- return False +- if grp.getgrgid(0)[0] != 'root': ++ try: ++ if pwd.getpwuid(0)[0] != 'root': ++ return False ++ if grp.getgrgid(0)[0] != 'root': ++ return False ++ except KeyError: + return False + return True + + +--- Lib/test/test_asyncio/test_base_events.py ++++ Lib/test/test_asyncio/test_base_events.py +@@ -1216,6 +1216,8 @@ + self._test_create_connection_ip_addr(m_socket, False) + + @patch_socket ++ @unittest.skipUnless(support.is_resource_enabled('network'), ++ 'network is not enabled') + def test_create_connection_service_name(self, m_socket): + m_socket.getaddrinfo = socket.getaddrinfo + sock = m_socket.socket.return_value + +--- Lib/test/test_pdb.py.org 2017-03-12 03:09:01.991856701 +0100 ++++ Lib/test/test_pdb.py 2017-03-12 03:26:17.742572869 +0100 + +For some reason, KeyboardInterrupts do not work in the build +environment (lack of controlling TTY?). Just change the expected +outcome. Unfortunately, this will make it fail for users running +`python -m test test_pdb test_pdb` interactively. + +@@ -928,11 +928,11 @@ + > <doctest test.test_pdb.test_pdb_issue_20766[0]>(6)test_function() + -> print('pdb %d: %s' % (i, sess._previous_sigint_handler)) + (Pdb) continue +- pdb 1: <built-in function default_int_handler> ++ pdb 1: Handlers.SIG_IGN + > <doctest test.test_pdb.test_pdb_issue_20766[0]>(5)test_function() + -> sess.set_trace(sys._getframe()) + (Pdb) continue +- pdb 2: <built-in function default_int_handler> ++ pdb 2: Handlers.SIG_IGN + """ + + class PdbTestCase(unittest.TestCase): +--- Lib/test/test_socket.py ++++ Lib/test/test_socket.py +@@ -802,6 +802,8 @@ + if not fqhn in all_host_names: + self.fail("Error testing host resolution mechanisms. (fqdn: %s, all: %s)" % (fqhn, repr(all_host_names))) + ++ @unittest.skipUnless(support.is_resource_enabled('network'), ++ 'network is not enabled') + def test_host_resolution(self): + for addr in [support.HOST, '10.0.0.1', '255.255.255.255']: + self.assertEqual(socket.gethostbyname(addr), addr) +--- Lib/test/test_spwd.py ++++ Lib/test/test_spwd.py +@@ -5,8 +5,7 @@ + spwd = support.import_module('spwd') + + +-@unittest.skipUnless(hasattr(os, 'geteuid') and os.geteuid() == 0, +- 'root privileges required') ++@unittest.skipUnless(os.path.exists("/etc/shadow"), 'spwd tests require /etc/shadow') + class TestSpwdRoot(unittest.TestCase): + + def test_getspall(self): +@@ -56,8 +55,7 @@ + self.assertRaises(TypeError, spwd.getspnam, bytes_name) + + +-@unittest.skipUnless(hasattr(os, 'geteuid') and os.geteuid() != 0, +- 'non-root user required') ++@unittest.skipUnless(os.path.exists("/etc/shadow"), 'spwd tests require /etc/shadow') + class TestSpwdNonRoot(unittest.TestCase): + + def test_getspnam_exception(self): +--- Lib/test/test_regrtest.py ++++ Lib/test/test_regrtest.py +@@ -700,6 +700,7 @@ + output = self.run_tests('--fromfile', filename) + self.check_executed_tests(output, tests) + ++ @unittest.skipIf(True, 'Keyboard interrupts do not work in the Guix build environment.') + def test_interrupted(self): + code = TEST_INTERRUPTED + test = self.create_test('sigint', code=code) +@@ -717,6 +718,7 @@ + % (self.TESTNAME_REGEX, len(tests))) + self.check_line(output, regex) + ++ @unittest.skipIf(True, 'Keyboard interrupts do not work in the Guix build environment.') + def test_slow_interrupted(self): + # Issue #25373: test --slowest with an interrupted test + code = TEST_INTERRUPTED +--- Lib/test/test_generators.py ++++ Lib/test/test_generators.py +@@ -29,6 +29,7 @@ + else: + return "FAILED" + ++ @unittest.skipIf(True, 'Keyboard interrupts do not work in the Guix build environment') + def test_raise_and_yield_from(self): + gen = self.generator1() + gen.send(None) +--- Lib/test/test_normalization.py ++++ Lib/test/test_normalization.py +@@ -2,6 +2,7 @@ + import unittest + + from http.client import HTTPException ++from urllib.error import URLError + import sys + from unicodedata import normalize, unidata_version + +@@ -43,6 +44,8 @@ + except PermissionError: + self.skipTest(f"Permission error when downloading {TESTDATAURL} " + f"into the test data directory") ++ except URLError: ++ self.skipTest("DNS lookups are not enabled.") + except (OSError, HTTPException): + self.fail(f"Could not retrieve {TESTDATAURL}") + diff --git a/gnu/packages/patches/python-3.5-fix-tests.patch b/gnu/packages/patches/python-3.5-fix-tests.patch deleted file mode 100644 index 9778b88dbd..0000000000 --- a/gnu/packages/patches/python-3.5-fix-tests.patch +++ /dev/null @@ -1,69 +0,0 @@ -Additional test fixes which affect Python 3.5 (and presumably later) but not -prior revisions of Python. - ---- Lib/test/test_pathlib.py 2014-03-01 03:02:36.088311000 +0100 -+++ Lib/test/test_pathlib.py 2014-03-01 04:56:37.768311000 +0100 -@@ -1986,8 +1986,9 @@ - expect = set() if not support.fs_is_case_insensitive(BASE) else given - self.assertEqual(given, expect) - self.assertEqual(set(p.rglob("FILEd*")), set()) - -+ @unittest.skipIf(True, "Guix builder home is '/' which causes trouble for these tests") - def test_expanduser(self): - P = self.cls - support.import_module('pwd') - import pwd ---- Lib/test/test_tarfile.py 2016-02-24 19:22:52.597208055 +0000 -+++ Lib/test/test_tarfile.py 2016-02-24 20:50:48.941950135 +0000 -@@ -2305,11 +2305,14 @@ - try: - import pwd, grp - except ImportError: - return False -- if pwd.getpwuid(0)[0] != 'root': -- return False -- if grp.getgrgid(0)[0] != 'root': -+ try: -+ if pwd.getpwuid(0)[0] != 'root': -+ return False -+ if grp.getgrgid(0)[0] != 'root': -+ return False -+ except KeyError: - return False - return True - - ---- Lib/test/test_asyncio/test_base_events.py -+++ Lib/test/test_asyncio/test_base_events.py -@@ -1216,6 +1216,8 @@ - self._test_create_connection_ip_addr(m_socket, False) - - @patch_socket -+ @unittest.skipUnless(support.is_resource_enabled('network'), -+ 'network is not enabled') - def test_create_connection_service_name(self, m_socket): - m_socket.getaddrinfo = socket.getaddrinfo - sock = m_socket.socket.return_value - ---- Lib/test/test_pdb.py.org 2017-03-12 03:09:01.991856701 +0100 -+++ Lib/test/test_pdb.py 2017-03-12 03:26:17.742572869 +0100 - -For some reason, KeyboardInterrupts do not work in the build -environment (lack of controlling TTY?). Just change the expected -outcome. Unfortunately, this will make it fail for users running -`python -m test test_pdb test_pdb` interactively. - -@@ -928,11 +928,11 @@ - > <doctest test.test_pdb.test_pdb_issue_20766[0]>(6)test_function() - -> print('pdb %d: %s' % (i, sess._previous_sigint_handler)) - (Pdb) continue -- pdb 1: <built-in function default_int_handler> -+ pdb 1: Handlers.SIG_IGN - > <doctest test.test_pdb.test_pdb_issue_20766[0]>(5)test_function() - -> sess.set_trace(sys._getframe()) - (Pdb) continue -- pdb 2: <built-in function default_int_handler> -+ pdb 2: Handlers.SIG_IGN - """ - - class PdbTestCase(unittest.TestCase): diff --git a/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch b/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch deleted file mode 100644 index 8a12b5b448..0000000000 --- a/gnu/packages/patches/python-3.5-getentropy-on-old-kernels.patch +++ /dev/null @@ -1,720 +0,0 @@ -This patch resolves a compatibility issue when compiled against glibc 2.25 -and run runder kernels < 3.17: - -https://bugzilla.redhat.com/show_bug.cgi?id=1410175 - -Upstream bug URL: https://bugs.python.org/issue29157 - -Patch copied from upstream source repository: - -https://hg.python.org/cpython/rev/8125d9a8152b - -# HG changeset patch -# User Victor Stinner <victor.stinner@gmail.com> -# Date 1483957133 -3600 -# Node ID 8125d9a8152b79e712cb09c7094b9129b9bcea86 -# Parent 337461574c90281630751b6095c4e1baf380cf7d -Issue #29157: Prefer getrandom() over getentropy() - -Copy and then adapt Python/random.c from default branch. Difference between 3.5 -and default branches: - -* Python 3.5 only uses getrandom() in non-blocking mode: flags=GRND_NONBLOCK -* If getrandom() fails with EAGAIN: py_getrandom() immediately fails and - remembers that getrandom() doesn't work. -* Python 3.5 has no _PyOS_URandomNonblock() function: _PyOS_URandom() - works in non-blocking mode on Python 3.5 - -diff --git a/Python/random.c b/Python/random.c ---- Python/random.c -+++ Python/random.c -@@ -1,6 +1,9 @@ - #include "Python.h" - #ifdef MS_WINDOWS - # include <windows.h> -+/* All sample MSDN wincrypt programs include the header below. It is at least -+ * required with Min GW. */ -+# include <wincrypt.h> - #else - # include <fcntl.h> - # ifdef HAVE_SYS_STAT_H -@@ -37,10 +40,9 @@ win32_urandom_init(int raise) - return 0; - - error: -- if (raise) -+ if (raise) { - PyErr_SetFromWindowsErr(0); -- else -- Py_FatalError("Failed to initialize Windows random API (CryptoGen)"); -+ } - return -1; - } - -@@ -53,8 +55,9 @@ win32_urandom(unsigned char *buffer, Py_ - - if (hCryptProv == 0) - { -- if (win32_urandom_init(raise) == -1) -+ if (win32_urandom_init(raise) == -1) { - return -1; -+ } - } - - while (size > 0) -@@ -63,11 +66,9 @@ win32_urandom(unsigned char *buffer, Py_ - if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer)) - { - /* CryptGenRandom() failed */ -- if (raise) -+ if (raise) { - PyErr_SetFromWindowsErr(0); -- else -- Py_FatalError("Failed to initialized the randomized hash " -- "secret using CryptoGen)"); -+ } - return -1; - } - buffer += chunk; -@@ -76,58 +77,23 @@ win32_urandom(unsigned char *buffer, Py_ - return 0; - } - --/* Issue #25003: Don't use getentropy() on Solaris (available since -- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ --#elif defined(HAVE_GETENTROPY) && !defined(sun) --#define PY_GETENTROPY 1 -- --/* Fill buffer with size pseudo-random bytes generated by getentropy(). -- Return 0 on success, or raise an exception and return -1 on error. -- -- If fatal is nonzero, call Py_FatalError() instead of raising an exception -- on error. */ --static int --py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal) --{ -- while (size > 0) { -- Py_ssize_t len = Py_MIN(size, 256); -- int res; -- -- if (!fatal) { -- Py_BEGIN_ALLOW_THREADS -- res = getentropy(buffer, len); -- Py_END_ALLOW_THREADS -- -- if (res < 0) { -- PyErr_SetFromErrno(PyExc_OSError); -- return -1; -- } -- } -- else { -- res = getentropy(buffer, len); -- if (res < 0) -- Py_FatalError("getentropy() failed"); -- } -- -- buffer += len; -- size -= len; -- } -- return 0; --} -- --#else -+#else /* !MS_WINDOWS */ - - #if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL) - #define PY_GETRANDOM 1 - --/* Call getrandom() -+/* Call getrandom() to get random bytes: -+ - - Return 1 on success -- - Return 0 if getrandom() syscall is not available (failed with ENOSYS or -- EPERM) or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom -- not initialized yet) and raise=0. -+ - Return 0 if getrandom() is not available (failed with ENOSYS or EPERM), -+ or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom not -+ initialized yet). - - Raise an exception (if raise is non-zero) and return -1 on error: -- getrandom() failed with EINTR and the Python signal handler raised an -- exception, or getrandom() failed with a different error. */ -+ if getrandom() failed with EINTR, raise is non-zero and the Python signal -+ handler raised an exception, or if getrandom() failed with a different -+ error. -+ -+ getrandom() is retried if it failed with EINTR: interrupted by a signal. */ - static int - py_getrandom(void *buffer, Py_ssize_t size, int raise) - { -@@ -142,16 +108,19 @@ py_getrandom(void *buffer, Py_ssize_t si - * see https://bugs.python.org/issue26839. To avoid this, use the - * GRND_NONBLOCK flag. */ - const int flags = GRND_NONBLOCK; -+ char *dest; - long n; - - if (!getrandom_works) { - return 0; - } - -+ dest = buffer; - while (0 < size) { - #ifdef sun - /* Issue #26735: On Solaris, getrandom() is limited to returning up -- to 1024 bytes */ -+ to 1024 bytes. Call it multiple times if more bytes are -+ requested. */ - n = Py_MIN(size, 1024); - #else - n = Py_MIN(size, LONG_MAX); -@@ -161,34 +130,35 @@ py_getrandom(void *buffer, Py_ssize_t si - #ifdef HAVE_GETRANDOM - if (raise) { - Py_BEGIN_ALLOW_THREADS -- n = getrandom(buffer, n, flags); -+ n = getrandom(dest, n, flags); - Py_END_ALLOW_THREADS - } - else { -- n = getrandom(buffer, n, flags); -+ n = getrandom(dest, n, flags); - } - #else - /* On Linux, use the syscall() function because the GNU libc doesn't -- * expose the Linux getrandom() syscall yet. See: -- * https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */ -+ expose the Linux getrandom() syscall yet. See: -+ https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */ - if (raise) { - Py_BEGIN_ALLOW_THREADS -- n = syscall(SYS_getrandom, buffer, n, flags); -+ n = syscall(SYS_getrandom, dest, n, flags); - Py_END_ALLOW_THREADS - } - else { -- n = syscall(SYS_getrandom, buffer, n, flags); -+ n = syscall(SYS_getrandom, dest, n, flags); - } - #endif - - if (n < 0) { -- /* ENOSYS: getrandom() syscall not supported by the kernel (but -- * maybe supported by the host which built Python). EPERM: -- * getrandom() syscall blocked by SECCOMP or something else. */ -+ /* ENOSYS: the syscall is not supported by the kernel. -+ EPERM: the syscall is blocked by a security policy (ex: SECCOMP) -+ or something else. */ - if (errno == ENOSYS || errno == EPERM) { - getrandom_works = 0; - return 0; - } -+ - if (errno == EAGAIN) { - /* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system - urandom is not initialiazed yet. In this case, fall back on -@@ -202,32 +172,101 @@ py_getrandom(void *buffer, Py_ssize_t si - } - - if (errno == EINTR) { -- if (PyErr_CheckSignals()) { -- if (!raise) { -- Py_FatalError("getrandom() interrupted by a signal"); -+ if (raise) { -+ if (PyErr_CheckSignals()) { -+ return -1; - } -- return -1; - } - -- /* retry getrandom() */ -+ /* retry getrandom() if it was interrupted by a signal */ - continue; - } - - if (raise) { - PyErr_SetFromErrno(PyExc_OSError); - } -- else { -- Py_FatalError("getrandom() failed"); -+ return -1; -+ } -+ -+ dest += n; -+ size -= n; -+ } -+ return 1; -+} -+ -+#elif defined(HAVE_GETENTROPY) -+#define PY_GETENTROPY 1 -+ -+/* Fill buffer with size pseudo-random bytes generated by getentropy(): -+ -+ - Return 1 on success -+ - Return 0 if getentropy() syscall is not available (failed with ENOSYS or -+ EPERM). -+ - Raise an exception (if raise is non-zero) and return -1 on error: -+ if getentropy() failed with EINTR, raise is non-zero and the Python signal -+ handler raised an exception, or if getentropy() failed with a different -+ error. -+ -+ getentropy() is retried if it failed with EINTR: interrupted by a signal. */ -+static int -+py_getentropy(char *buffer, Py_ssize_t size, int raise) -+{ -+ /* Is getentropy() supported by the running kernel? Set to 0 if -+ getentropy() failed with ENOSYS or EPERM. */ -+ static int getentropy_works = 1; -+ -+ if (!getentropy_works) { -+ return 0; -+ } -+ -+ while (size > 0) { -+ /* getentropy() is limited to returning up to 256 bytes. Call it -+ multiple times if more bytes are requested. */ -+ Py_ssize_t len = Py_MIN(size, 256); -+ int res; -+ -+ if (raise) { -+ Py_BEGIN_ALLOW_THREADS -+ res = getentropy(buffer, len); -+ Py_END_ALLOW_THREADS -+ } -+ else { -+ res = getentropy(buffer, len); -+ } -+ -+ if (res < 0) { -+ /* ENOSYS: the syscall is not supported by the running kernel. -+ EPERM: the syscall is blocked by a security policy (ex: SECCOMP) -+ or something else. */ -+ if (errno == ENOSYS || errno == EPERM) { -+ getentropy_works = 0; -+ return 0; -+ } -+ -+ if (errno == EINTR) { -+ if (raise) { -+ if (PyErr_CheckSignals()) { -+ return -1; -+ } -+ } -+ -+ /* retry getentropy() if it was interrupted by a signal */ -+ continue; -+ } -+ -+ if (raise) { -+ PyErr_SetFromErrno(PyExc_OSError); - } - return -1; - } - -- buffer += n; -- size -= n; -+ buffer += len; -+ size -= len; - } - return 1; - } --#endif -+#endif /* defined(HAVE_GETENTROPY) && !defined(sun) */ -+ - - static struct { - int fd; -@@ -235,136 +274,123 @@ static struct { - ino_t st_ino; - } urandom_cache = { -1 }; - -+/* Read random bytes from the /dev/urandom device: - --/* Read 'size' random bytes from py_getrandom(). Fall back on reading from -- /dev/urandom if getrandom() is not available. -+ - Return 0 on success -+ - Raise an exception (if raise is non-zero) and return -1 on error - -- Call Py_FatalError() on error. */ --static void --dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size) -+ Possible causes of errors: -+ -+ - open() failed with ENOENT, ENXIO, ENODEV, EACCES: the /dev/urandom device -+ was not found. For example, it was removed manually or not exposed in a -+ chroot or container. -+ - open() failed with a different error -+ - fstat() failed -+ - read() failed or returned 0 -+ -+ read() is retried if it failed with EINTR: interrupted by a signal. -+ -+ The file descriptor of the device is kept open between calls to avoid using -+ many file descriptors when run in parallel from multiple threads: -+ see the issue #18756. -+ -+ st_dev and st_ino fields of the file descriptor (from fstat()) are cached to -+ check if the file descriptor was replaced by a different file (which is -+ likely a bug in the application): see the issue #21207. -+ -+ If the file descriptor was closed or replaced, open a new file descriptor -+ but don't close the old file descriptor: it probably points to something -+ important for some third-party code. */ -+static int -+dev_urandom(char *buffer, Py_ssize_t size, int raise) - { - int fd; - Py_ssize_t n; - -- assert (0 < size); -+ if (raise) { -+ struct _Py_stat_struct st; - --#ifdef PY_GETRANDOM -- if (py_getrandom(buffer, size, 0) == 1) { -- return; -+ if (urandom_cache.fd >= 0) { -+ /* Does the fd point to the same thing as before? (issue #21207) */ -+ if (_Py_fstat_noraise(urandom_cache.fd, &st) -+ || st.st_dev != urandom_cache.st_dev -+ || st.st_ino != urandom_cache.st_ino) { -+ /* Something changed: forget the cached fd (but don't close it, -+ since it probably points to something important for some -+ third-party code). */ -+ urandom_cache.fd = -1; -+ } -+ } -+ if (urandom_cache.fd >= 0) -+ fd = urandom_cache.fd; -+ else { -+ fd = _Py_open("/dev/urandom", O_RDONLY); -+ if (fd < 0) { -+ if (errno == ENOENT || errno == ENXIO || -+ errno == ENODEV || errno == EACCES) { -+ PyErr_SetString(PyExc_NotImplementedError, -+ "/dev/urandom (or equivalent) not found"); -+ } -+ /* otherwise, keep the OSError exception raised by _Py_open() */ -+ return -1; -+ } -+ if (urandom_cache.fd >= 0) { -+ /* urandom_fd was initialized by another thread while we were -+ not holding the GIL, keep it. */ -+ close(fd); -+ fd = urandom_cache.fd; -+ } -+ else { -+ if (_Py_fstat(fd, &st)) { -+ close(fd); -+ return -1; -+ } -+ else { -+ urandom_cache.fd = fd; -+ urandom_cache.st_dev = st.st_dev; -+ urandom_cache.st_ino = st.st_ino; -+ } -+ } -+ } -+ -+ do { -+ n = _Py_read(fd, buffer, (size_t)size); -+ if (n == -1) -+ return -1; -+ if (n == 0) { -+ PyErr_Format(PyExc_RuntimeError, -+ "Failed to read %zi bytes from /dev/urandom", -+ size); -+ return -1; -+ } -+ -+ buffer += n; -+ size -= n; -+ } while (0 < size); - } -- /* getrandom() failed with ENOSYS or EPERM, -- fall back on reading /dev/urandom */ --#endif -- -- fd = _Py_open_noraise("/dev/urandom", O_RDONLY); -- if (fd < 0) { -- Py_FatalError("Failed to open /dev/urandom"); -- } -- -- while (0 < size) -- { -- do { -- n = read(fd, buffer, (size_t)size); -- } while (n < 0 && errno == EINTR); -- -- if (n <= 0) { -- /* read() failed or returned 0 bytes */ -- Py_FatalError("Failed to read bytes from /dev/urandom"); -- break; -- } -- buffer += n; -- size -= n; -- } -- close(fd); --} -- --/* Read 'size' random bytes from py_getrandom(). Fall back on reading from -- /dev/urandom if getrandom() is not available. -- -- Return 0 on success. Raise an exception and return -1 on error. */ --static int --dev_urandom_python(char *buffer, Py_ssize_t size) --{ -- int fd; -- Py_ssize_t n; -- struct _Py_stat_struct st; --#ifdef PY_GETRANDOM -- int res; --#endif -- -- if (size <= 0) -- return 0; -- --#ifdef PY_GETRANDOM -- res = py_getrandom(buffer, size, 1); -- if (res < 0) { -- return -1; -- } -- if (res == 1) { -- return 0; -- } -- /* getrandom() failed with ENOSYS or EPERM, -- fall back on reading /dev/urandom */ --#endif -- -- if (urandom_cache.fd >= 0) { -- /* Does the fd point to the same thing as before? (issue #21207) */ -- if (_Py_fstat_noraise(urandom_cache.fd, &st) -- || st.st_dev != urandom_cache.st_dev -- || st.st_ino != urandom_cache.st_ino) { -- /* Something changed: forget the cached fd (but don't close it, -- since it probably points to something important for some -- third-party code). */ -- urandom_cache.fd = -1; -- } -- } -- if (urandom_cache.fd >= 0) -- fd = urandom_cache.fd; - else { -- fd = _Py_open("/dev/urandom", O_RDONLY); -+ fd = _Py_open_noraise("/dev/urandom", O_RDONLY); - if (fd < 0) { -- if (errno == ENOENT || errno == ENXIO || -- errno == ENODEV || errno == EACCES) -- PyErr_SetString(PyExc_NotImplementedError, -- "/dev/urandom (or equivalent) not found"); -- /* otherwise, keep the OSError exception raised by _Py_open() */ - return -1; - } -- if (urandom_cache.fd >= 0) { -- /* urandom_fd was initialized by another thread while we were -- not holding the GIL, keep it. */ -- close(fd); -- fd = urandom_cache.fd; -- } -- else { -- if (_Py_fstat(fd, &st)) { -+ -+ while (0 < size) -+ { -+ do { -+ n = read(fd, buffer, (size_t)size); -+ } while (n < 0 && errno == EINTR); -+ -+ if (n <= 0) { -+ /* stop on error or if read(size) returned 0 */ - close(fd); - return -1; - } -- else { -- urandom_cache.fd = fd; -- urandom_cache.st_dev = st.st_dev; -- urandom_cache.st_ino = st.st_ino; -- } -+ -+ buffer += n; -+ size -= n; - } -+ close(fd); - } -- -- do { -- n = _Py_read(fd, buffer, (size_t)size); -- if (n == -1) { -- return -1; -- } -- if (n == 0) { -- PyErr_Format(PyExc_RuntimeError, -- "Failed to read %zi bytes from /dev/urandom", -- size); -- return -1; -- } -- -- buffer += n; -- size -= n; -- } while (0 < size); -- - return 0; - } - -@@ -376,8 +402,8 @@ dev_urandom_close(void) - urandom_cache.fd = -1; - } - } -+#endif /* !MS_WINDOWS */ - --#endif - - /* Fill buffer with pseudo-random bytes generated by a linear congruent - generator (LCG): -@@ -400,29 +426,98 @@ lcg_urandom(unsigned int x0, unsigned ch - } - } - -+/* Read random bytes: -+ -+ - Return 0 on success -+ - Raise an exception (if raise is non-zero) and return -1 on error -+ -+ Used sources of entropy ordered by preference, preferred source first: -+ -+ - CryptGenRandom() on Windows -+ - getrandom() function (ex: Linux and Solaris): call py_getrandom() -+ - getentropy() function (ex: OpenBSD): call py_getentropy() -+ - /dev/urandom device -+ -+ Read from the /dev/urandom device if getrandom() or getentropy() function -+ is not available or does not work. -+ -+ Prefer getrandom() over getentropy() because getrandom() supports blocking -+ and non-blocking mode and Python requires non-blocking RNG at startup to -+ initialize its hash secret: see the PEP 524. -+ -+ Prefer getrandom() and getentropy() over reading directly /dev/urandom -+ because these functions don't need file descriptors and so avoid ENFILE or -+ EMFILE errors (too many open files): see the issue #18756. -+ -+ Only use RNG running in the kernel. They are more secure because it is -+ harder to get the internal state of a RNG running in the kernel land than a -+ RNG running in the user land. The kernel has a direct access to the hardware -+ and has access to hardware RNG, they are used as entropy sources. -+ -+ Note: the OpenSSL RAND_pseudo_bytes() function does not automatically reseed -+ its RNG on fork(), two child processes (with the same pid) generate the same -+ random numbers: see issue #18747. Kernel RNGs don't have this issue, -+ they have access to good quality entropy sources. -+ -+ If raise is zero: -+ -+ - Don't raise an exception on error -+ - Don't call the Python signal handler (don't call PyErr_CheckSignals()) if -+ a function fails with EINTR: retry directly the interrupted function -+ - Don't release the GIL to call functions. -+*/ -+static int -+pyurandom(void *buffer, Py_ssize_t size, int raise) -+{ -+#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY) -+ int res; -+#endif -+ -+ if (size < 0) { -+ if (raise) { -+ PyErr_Format(PyExc_ValueError, -+ "negative argument not allowed"); -+ } -+ return -1; -+ } -+ -+ if (size == 0) { -+ return 0; -+ } -+ -+#ifdef MS_WINDOWS -+ return win32_urandom((unsigned char *)buffer, size, raise); -+#else -+ -+#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY) -+#ifdef PY_GETRANDOM -+ res = py_getrandom(buffer, size, raise); -+#else -+ res = py_getentropy(buffer, size, raise); -+#endif -+ if (res < 0) { -+ return -1; -+ } -+ if (res == 1) { -+ return 0; -+ } -+ /* getrandom() or getentropy() function is not available: failed with -+ ENOSYS, EPERM or EAGAIN. Fall back on reading from /dev/urandom. */ -+#endif -+ -+ return dev_urandom(buffer, size, raise); -+#endif -+} -+ - /* Fill buffer with size pseudo-random bytes from the operating system random - number generator (RNG). It is suitable for most cryptographic purposes - except long living private keys for asymmetric encryption. - -- Return 0 on success, raise an exception and return -1 on error. */ -+ Return 0 on success. Raise an exception and return -1 on error. */ - int - _PyOS_URandom(void *buffer, Py_ssize_t size) - { -- if (size < 0) { -- PyErr_Format(PyExc_ValueError, -- "negative argument not allowed"); -- return -1; -- } -- if (size == 0) -- return 0; -- --#ifdef MS_WINDOWS -- return win32_urandom((unsigned char *)buffer, size, 1); --#elif defined(PY_GETENTROPY) -- return py_getentropy(buffer, size, 0); --#else -- return dev_urandom_python((char*)buffer, size); --#endif -+ return pyurandom(buffer, size, 1); - } - - void -@@ -463,13 +558,14 @@ void - } - } - else { --#ifdef MS_WINDOWS -- (void)win32_urandom(secret, secret_size, 0); --#elif defined(PY_GETENTROPY) -- (void)py_getentropy(secret, secret_size, 1); --#else -- dev_urandom_noraise(secret, secret_size); --#endif -+ int res; -+ -+ /* _PyRandom_Init() is called very early in the Python initialization -+ and so exceptions cannot be used (use raise=0). */ -+ res = pyurandom(secret, secret_size, 0); -+ if (res < 0) { -+ Py_FatalError("failed to get random numbers to initialize Python"); -+ } - } - } - -@@ -481,8 +577,6 @@ void - CryptReleaseContext(hCryptProv, 0); - hCryptProv = 0; - } --#elif defined(PY_GETENTROPY) -- /* nothing to clean */ - #else - dev_urandom_close(); - #endif - diff --git a/gnu/packages/patches/python-unittest2-python3-compat.patch b/gnu/packages/patches/python-unittest2-python3-compat.patch new file mode 100644 index 0000000000..fe0afe559a --- /dev/null +++ b/gnu/packages/patches/python-unittest2-python3-compat.patch @@ -0,0 +1,34 @@ +Skip tests that fail with newer versions of Python. + +Patch copied from Gentoo: + +https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-python/unittest2/files/unittest2-1.1.0-python3.5-test.patch + +diff --git a/unittest2/test/test_loader.py b/unittest2/test/test_loader.py +index 683f662..347eea5 100644 +--- a/unittest2/test/test_loader.py ++++ b/unittest2/test/test_loader.py +@@ -509,6 +509,7 @@ class Test_TestLoader(unittest2.TestCase): + # + # What happens when an impossible name is given, relative to the provided + # `module`? ++ @unittest.skipIf(sys.version_info[:2] >= (3, 5), "python 3.5 has problems here") + def test_loadTestsFromName__relative_malformed_name(self): + loader = unittest.TestLoader() + +@@ -811,6 +812,7 @@ class Test_TestLoader(unittest2.TestCase): + # TestCase or TestSuite instance." + # + # What happens when presented with an impossible module name? ++ @unittest.skipIf(sys.version_info[:2] >= (3, 5), "python 3.5 has problems here") + def test_loadTestsFromNames__malformed_name(self): + loader = unittest2.TestLoader() + +@@ -918,6 +920,7 @@ class Test_TestLoader(unittest2.TestCase): + # "The method optionally resolves name relative to the given module" + # + # What happens when presented with an impossible attribute name? ++ @unittest.skipIf(sys.version_info[:2] >= (3, 5), "python 3.5 has problems here") + def test_loadTestsFromNames__relative_malformed_name(self): + loader = unittest.TestLoader() + diff --git a/gnu/packages/patches/python2-unittest2-remove-argparse.patch b/gnu/packages/patches/python-unittest2-remove-argparse.patch index c96738757e..c96738757e 100644 --- a/gnu/packages/patches/python2-unittest2-remove-argparse.patch +++ b/gnu/packages/patches/python-unittest2-remove-argparse.patch diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm index 574ae4a6ba..c84f07cc7e 100644 --- a/gnu/packages/pcre.scm +++ b/gnu/packages/pcre.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -33,8 +34,7 @@ (define-public pcre (package (name "pcre") - (version "8.40") - (replacement pcre-8.41) + (version "8.41") (source (origin (method url-fetch) (uri (list @@ -43,10 +43,9 @@ "pcre-" version ".tar.bz2") (string-append "mirror://sourceforge/pcre/pcre/" version "/pcre-" version ".tar.bz2"))) - (patches (search-patches "pcre-CVE-2017-7186.patch")) (sha256 (base32 - "1x7lpjn7jhk0n3sdvggxrlrhab8kkfjwl7qix0ypw9nlx8lpmqh0")))) + "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76")))) (build-system gnu-build-system) (outputs '("out" ;library & headers "bin" ;depends on Readline (adds 20MiB to the closure) @@ -73,21 +72,6 @@ POSIX regular expression API.") (license license:bsd-3) (home-page "http://www.pcre.org/"))) -(define pcre-8.41 - (package - (inherit pcre) - (version "8.41") - (source (origin - (method url-fetch) - (uri (list (string-append "mirror://sourceforge/pcre/pcre/" - version "/pcre-" version ".tar.bz2") - (string-append "ftp://ftp.csx.cam.ac.uk" - "/pub/software/programming/pcre/" - "pcre-" version ".tar.bz2"))) - (sha256 - (base32 - "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76")))))) - (define-public pcre2 (package (name "pcre2") diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 73bab96a26..14dab3a65c 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -55,14 +55,14 @@ ;; Yeah, Perl... It is required early in the bootstrap process by Linux. (package (name "perl") - (version "5.26.0") + (version "5.26.1") (source (origin (method url-fetch) (uri (string-append "mirror://cpan/src/5.0/perl-" version ".tar.gz")) (sha256 (base32 - "0zxn9hd7mqgq06ikyi6k70ngbvjf01z1paw0jd25byyl0rlwdrzb")) + "1p81wwvr5jb81m41d07kfywk5gvbk0axdrnvhc2aghcdbr4alqz7")) (patches (search-patches "perl-file-path-CVE-2017-6512.patch" "perl-no-sys-dirs.patch" @@ -8708,7 +8708,8 @@ interface to File::Find::Object.") (base32 "1lgfr87j4qwqnln0hyyzgik5ixqslzdaksn9m8y824gqbcihc6ic")))) (build-system perl-build-system) (arguments - `(#:phases + `(#:disallowed-references (,tzdata-for-tests) + #:phases (modify-phases %standard-phases ;; This is needed for tests (add-after 'unpack 'set-TZDIR @@ -8718,7 +8719,7 @@ interface to File::Find::Object.") #t))))) (native-inputs `(("perl-module-build" ,perl-module-build) - ("tzdata" ,tzdata-2017a))) + ("tzdata" ,tzdata-for-tests))) (home-page "https://metacpan.org/release/Time-ParseDate") (synopsis "Collection of Perl modules for time/date manipulation") (description "Provides several perl modules for date/time manipulation: diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm index 77409d86d2..98a869d055 100644 --- a/gnu/packages/python-crypto.scm +++ b/gnu/packages/python-crypto.scm @@ -325,7 +325,7 @@ is used by the Requests library to verify HTTPS requests.") ("python-hypothesis" ,python-hypothesis) ("python-pretend" ,python-pretend) ("python-pytz" ,python-pytz) - ("python-pytest" ,python-pytest-3.0))) + ("python-pytest" ,python-pytest))) (home-page "https://github.com/pyca/cryptography") (synopsis "Cryptographic recipes and primitives for Python") (description @@ -385,7 +385,7 @@ message digests and key derivation functions.") (native-inputs `(("python-flaky" ,python-flaky) ("python-pretend" ,python-pretend) - ("python-pytest" ,python-pytest-3.0))) + ("python-pytest" ,python-pytest))) (home-page "https://github.com/pyca/pyopenssl") (synopsis "Python wrapper module around the OpenSSL library") (description diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 01b4e2cd29..abc39318a8 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -135,7 +135,7 @@ (define-public python-2.7 (package (name "python") - (version "2.7.13") + (version "2.7.14") (source (origin (method url-fetch) @@ -143,12 +143,12 @@ version "/Python-" version ".tar.xz")) (sha256 (base32 - "0cgpk3zk0fgpji59pb4zy9nzljr70qzgv1vpz5hq5xw2d2c47m9m")) + "0rka541ys16jwzcnnvjp2v12m4cwgd2jp6wj4kj511p715pb5zvi")) (patches (search-patches "python-2.7-search-paths.patch" "python-2-deterministic-build-info.patch" "python-2.7-site-prefixes.patch" "python-2.7-source-date-epoch.patch" - "python-2.7-getentropy-on-old-kernels.patch")) + "python-2.7-adjust-tests.patch")) (modules '((guix build utils))) ;; suboptimal to delete failing tests here, but if we delete them in the ;; arguments then we need to make sure to strip out that phase when it @@ -206,6 +206,7 @@ '("Lib/subprocess.py" "Lib/popen2.py" "Lib/distutils/tests/test_spawn.py" + "Lib/test/support/__init__.py" "Lib/test/test_subprocess.py")) (("/bin/sh") (which "sh"))) @@ -331,28 +332,28 @@ data types.") ;; Current 2.x version. (define-public python-2 python-2.7) -(define-public python-3.5 +(define-public python-3.6 (package (inherit python-2) - (version "3.5.3") + (version "3.6.3") (source (origin (method url-fetch) (uri (string-append "https://www.python.org/ftp/python/" version "/Python-" version ".tar.xz")) (patches (search-patches "python-fix-tests.patch" - "python-3.5-fix-tests.patch" - "python-3.5-getentropy-on-old-kernels.patch" + "python-3-fix-tests.patch" "python-3-deterministic-build-info.patch" "python-3-search-paths.patch")) (patch-flags '("-p0")) (sha256 (base32 - "1c6v1n9nz4mlx9mw1125fxpmbrgniqdbbx9hnqx44maqazb2mzpf")) + "1nl1raaagr4car787a2hmjv2dw6gqny53xfd6wisbgx4r5kxk9yd")) (snippet '(begin (for-each delete-file - '("Lib/ctypes/test/test_win32.py" ; fails on aarch64 - "Lib/test/test_fcntl.py")) + '("Lib/ctypes/test/test_structures.py" ; fails on aarch64 + "Lib/ctypes/test/test_win32.py" ; fails on aarch64 + "Lib/test/test_fcntl.py")) ; fails on aarch64 #t)))) (arguments (substitute-keyword-arguments (package-arguments python-2) ((#:tests? _) #t))) @@ -364,7 +365,7 @@ data types.") "/site-packages")))))))) ;; Current 3.x version. -(define-public python-3 python-3.5) +(define-public python-3 python-3.6) ;; Current major version. (define-public python python-3) @@ -955,18 +956,24 @@ from the Python interpreter, or as a small part of a larger application.") (define-public python-six (package (name "python-six") - (version "1.10.0") + (version "1.11.0") (source (origin (method url-fetch) (uri (pypi-uri "six" version)) (sha256 (base32 - "0snmb8xffb3vsma0z67i0h0w2g2dy0p3gsgh9gi4i0kgc5l8spqh")))) + "1scqzwc51c875z23phj48gircqjgnn3af8zy2izjwmnlxrxsgs3h")))) (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'check + (lambda _ + (zero? (system* "py.test" "-v"))))))) (native-inputs `(("python-py" ,python-py) - ("python-pytest" ,python-pytest))) + ("python-pytest" ,python-pytest-bootstrap))) (home-page "http://pypi.python.org/pypi/six/") (synopsis "Python 2 and 3 compatibility utilities") (description @@ -1244,6 +1251,28 @@ bug tracker.") (home-page "http://www.liquidx.net/pybugz/") (license license:gpl2))) +(define-public python2-enum + (package + (name "python2-enum") + (version "0.4.6") + (source (origin + (method url-fetch) + (uri (pypi-uri "enum" version)) + (sha256 + (base32 + "13lk3yrwj42vl30kw3c194f739nrfrdg64s6i0v2p636n4k8brsl")))) + (build-system python-build-system) + (arguments + `(#:python ,python-2)) + (home-page "http://pypi.python.org/pypi/enum/") + (synopsis "Robust enumerated type support in Python") + (description + "This provides a module for robust enumerations in Python. It has +been superseded by the Python standard library and is provided only for +compatibility.") + ;; Choice of either license. + (license (list license:gpl3+ license:psfl)))) + (define-public python-enum34 (package (name "python-enum34") @@ -1469,17 +1498,62 @@ matching them against a list of media-ranges.") "@code{pafy} is a python library to retrieve YouTube content and metadata.") (license license:lgpl3+))) +(define-public python2-funcsigs + (package + (name "python2-funcsigs") + (version "1.0.2") + (source (origin + (method url-fetch) + (uri (pypi-uri "funcsigs" version)) + (sha256 + (base32 + "0l4g5818ffyfmfs1a924811azhjj8ax9xd1cffr1mzd3ycn0zfx7")))) + (build-system python-build-system) + (arguments + `(#:python ,python-2)) + (native-inputs + `(("python2-unittest2" ,python2-unittest2))) + (home-page "http://funcsigs.readthedocs.org") + (synopsis "Python function signatures from PEP362") + (description + "Backport of @code{funcsigs} which was introduced in Python 3.3.") + (license license:asl2.0))) + +(define-public python-pafy + (package + (name "python-pafy") + (version "0.5.3.1") + (source + (origin + (method url-fetch) + (uri (pypi-uri "pafy" version)) + (sha256 + (base32 + "1a7dxi95m1043rxx1r5x3ngb66nwlq6aqcasyqqjzmmmjps4zrim")))) + (build-system python-build-system) + (arguments + `(#:tests? #f)) ; Currently pafy can not find itself in the tests + (propagated-inputs + ;; Youtube-dl is a python package which is imported in the file + ;; "backend_youtube_dl.py", therefore it needs to be propagated. + `(("youtube-dl" ,youtube-dl))) + (home-page "https://np1.github.io/pafy/") + (synopsis "Retrieve YouTube content and metadata") + (description + "@code{pafy} is a python library to retrieve YouTube content and metadata.") + (license license:lgpl3+))) + (define-public python-py (package (name "python-py") - (version "1.4.32") + (version "1.4.34") (source (origin (method url-fetch) (uri (pypi-uri "py" version)) (sha256 (base32 - "19s1pql9pq85h1qzsdwgyb8a3k1qgkvh33b02m8kfqhizz8rzf64")))) + "1qyd5z0hv8ymxy84v5vig3vps2fvhcf4bdlksb3r03h549fmhb8g")))) (build-system python-build-system) (arguments ;; FIXME: "ImportError: 'test' module incorrectly imported from @@ -1849,7 +1923,7 @@ somewhat intelligible.") #t)))) (build-system python-build-system) (native-inputs - `(("python-pytest" ,python-pytest-3.0) + `(("python-pytest" ,python-pytest) ("python-pytest-cov" ,python-pytest-cov) ("python-pytest-runner" ,python-pytest-runner))) (home-page "https://github.com/progrium/pyjwt") @@ -2011,18 +2085,6 @@ for Python.") (base32 "1zzrkywhziqffrzks14kzixz7nd4yh2vc0fb04a68vfd2ai03anx")))) (build-system python-build-system) - (arguments - `(#:phases - (modify-phases %standard-phases - ;; These files cannot be built with Python < 3.6. See - ;; https://github.com/pallets/jinja/issues/655 - ;; FIXME: Remove this when the "python" package is upgraded. - (add-after 'unpack 'delete-incompatible-files - (lambda _ - (for-each delete-file - '("jinja2/asyncsupport.py" - "jinja2/asyncfilters.py")) - #t))))) (propagated-inputs `(("python-markupsafe" ,python-markupsafe))) (home-page "http://jinja.pocoo.org/") @@ -2273,7 +2335,7 @@ sources.") `(("python-sphinxcontrib-websupport" ,python-sphinxcontrib-websupport) ,@(package-propagated-inputs python-sphinx))) (native-inputs - `(("python-pytest" ,python-pytest-3.0) + `(("python-pytest" ,python-pytest) ("imagemagick" ,imagemagick) ; for "convert" ,@(package-native-inputs python-sphinx))) (properties '()))) @@ -2291,7 +2353,7 @@ sources.") (base32 "0kw1axswbvaavr8ggyf4qr6hnisnrzlbkkcdada69vk1x9xjassg")))) (native-inputs - `(("python-pytest" ,python-pytest-3.0) + `(("python-pytest" ,python-pytest) ,@(package-native-inputs python-sphinx))))) (define-public python2-sphinx @@ -3913,7 +3975,7 @@ Python language binding specification.") (arguments '(#:tests? #f)) ; Test file 'grako.ebnf' is missing from archive. (native-inputs `(("unzip" ,unzip) - ("python-pytest" ,python-pytest-3.0) + ("python-pytest" ,python-pytest) ("python-pytest-runner" ,python-pytest-runner))) (home-page "https://bitbucket.org/neogeny/grako") (synopsis "EBNF parser generator") @@ -3971,7 +4033,7 @@ cluster without needing to write any wrapper code yourself.") (base32 "0zizn61n5z5hq421hkypk9pw8s6fpxw30f4hsg7k4ivwzy3gjw9j")))) (build-system python-build-system) (native-inputs - `(("python-pytest" ,python-pytest-3.0) + `(("python-pytest" ,python-pytest) ("python-mock" ,python-mock) ("python-tox" ,python-tox) ("which" ,which))) ;for tests @@ -4034,7 +4096,7 @@ displayed.") (replace 'check (lambda _ (zero? (system* "nosetests" "-v"))))))) (native-inputs `(("python-nose" ,python-nose) - ("python-pytest" ,python-pytest-3.0) + ("python-pytest" ,python-pytest) ("man-db" ,man-db) ("which" ,which) ("bash-full" ,bash))) ;full Bash for 'test_replwrap.py' @@ -4055,13 +4117,13 @@ child application and control it as if a human were typing commands.") (define-public python-setuptools-scm (package (name "python-setuptools-scm") - (version "1.15.0") + (version "1.15.6") (source (origin (method url-fetch) (uri (pypi-uri "setuptools_scm" version)) (sha256 (base32 - "0bwyc5markib0i7i2qlyhdzxhiywzxbkfiapldma8m91m82jvwfs")))) + "0pzvfmx8s20yrgkgwfbxaspz2x1g38qv61jpm0ns91lrb22ldas9")))) (build-system python-build-system) (home-page "https://github.com/pypa/setuptools_scm/") (synopsis "Manage Python package versions in SCM metadata") @@ -5114,14 +5176,14 @@ PEP 8.") (define-public python-pyflakes (package (name "python-pyflakes") - (version "1.0.0") + (version "1.5.0") (source (origin (method url-fetch) (uri (pypi-uri "pyflakes" version)) (sha256 (base32 - "0qs2sgqszq7wcplis8509wk2ygqcrwzbs1ghfj3svvivq2j377pk")))) + "1x1pcca4a24k4pw8x1c77sgi58cg1wl2k38mp8a25k608pzls3da")))) (build-system python-build-system) (home-page "https://github.com/pyflakes/pyflakes") @@ -5136,17 +5198,17 @@ PEP 8.") (define-public python-mccabe (package (name "python-mccabe") - (version "0.4.0") + (version "0.6.1") (source (origin (method url-fetch) (uri (pypi-uri "mccabe" version)) (sha256 (base32 - "0yr08a36h8lqlif10l4xcikbbig7q8f41gqywir7rrvnv3mi4aws")))) + "07w3p1qm44hgxf3vvwz84kswpsx6s7kvaibzrsx5dzm0hli1i3fx")))) (build-system python-build-system) (native-inputs - `(("python-pytest" ,python-pytest) + `(("python-pytest" ,python-pytest-bootstrap) ("python-pytest-runner" ,python-pytest-runner))) (home-page "https://github.com/flintwork/mccabe") (synopsis "McCabe checker, plugin for flake8") @@ -5219,39 +5281,48 @@ complexity of Python source code.") (define-public python-flake8 (package (name "python-flake8") - (version "2.5.4") + (version "3.4.1") (source (origin (method url-fetch) (uri (pypi-uri "flake8" version)) (sha256 (base32 - "0bs9cz4fr99r2rwig1b8jwaadl1nan7kgpdzqwj0bwbckwbmh7nc")) - (modules '((guix build utils))) - (snippet - '(begin - ;; Remove pre-compiled .pyc files from source. - (for-each delete-file-recursively - (find-files "." "__pycache__" #:directories? #t)) - (for-each delete-file (find-files "." "\\.pyc$")) - #t)))) - (build-system python-build-system) - (propagated-inputs - `(("python-pep8" ,python-pep8) + "1n0i38592vy3q0x2a9bf8z6rhhn04i30wsn5i5zzcj7qkxvl8062")))) + (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (delete 'check) + (add-after 'install 'check + (lambda* (#:key inputs outputs #:allow-other-keys) + (add-installed-pythonpath inputs outputs) + (zero? (system* "pytest" "-v"))))))) + (propagated-inputs + `(("python-pycodestyle" ,python-pycodestyle) ("python-pyflakes" ,python-pyflakes) + ;; flake8 depends on a newer setuptools than provided by python. + ("python-setuptools" ,python-setuptools) ("python-mccabe" ,python-mccabe))) (native-inputs `(("python-mock" ,python-mock) ; TODO: only required for < 3.3 - ("python-nose" ,python-nose))) + ("python-pytest" ,python-pytest-bootstrap) + ("python-pytest-runner" ,python-pytest-runner))) (home-page "https://gitlab.com/pycqa/flake8") (synopsis "The modular source code checker: pep8, pyflakes and co") (description "Flake8 is a wrapper around PyFlakes, pep8 and python-mccabe.") + (properties `((python2-variant . ,(delay python2-flake8)))) (license license:expat))) (define-public python2-flake8 - (package-with-python2 python-flake8)) + (let ((base (package-with-python2 (strip-python2-variant python-flake8)))) + (package (inherit base) + (propagated-inputs + `(("python2-configparser" ,python2-configparser) + ("python2-enum" ,python2-enum) + ,@(package-propagated-inputs base)))))) (define-public python-flake8-polyfill (package @@ -11281,7 +11352,7 @@ address is valid and really exists.") `(("python-dateutil" ,python-dateutil) ("python-simplejson" ,python-simplejson))) (native-inputs - `(("python-pytest-3.0" ,python-pytest-3.0) + `(("python-pytest" ,python-pytest) ("python-pytz" ,python-pytz))) (home-page "https://github.com/marshmallow-code/marshmallow") (synopsis "Convert complex datatypes to and from native @@ -11308,7 +11379,7 @@ complex datatypes to and from native Python datatypes.") (propagated-inputs `(("python-pyyaml" ,python-pyyaml))) (native-inputs - `(("python-pytest-3.0" ,python-pytest-3.0) + `(("python-pytest" ,python-pytest) ("python-flask" ,python-flask) ("python-marshmallow" ,python-marshmallow) ("python-tornado" ,python-tornado) @@ -11361,7 +11432,7 @@ Swagger 2.0).") ("python-flake8" ,python-flake8) ("python-flask-restful" ,python-flask-restful) ("python-flex" ,python-flex) - ("python-pytest-3.0" ,python-pytest-3.0) + ("python-pytest" ,python-pytest) ("python-pytest-cov" ,python-pytest-cov) ("python-marshmallow" ,python-marshmallow) ("python-apispec" ,python-apispec))) @@ -11743,7 +11814,7 @@ their files and supports any packaging format (including wheels).") `(;; The tests depend on unittest2, and our version is a bit too old. #:tests? #f)) (native-inputs - `(("python-pbr" ,python-pbr))) + `(("python-pbr" ,python-pbr-minimal))) (home-page "https://github.com/testing-cabal/linecache2") (synopsis "Backports of the linecache module") @@ -11772,7 +11843,7 @@ lines are read from a single file.") `(;; python-traceback2 and python-unittest2 depend on one another. #:tests? #f)) (native-inputs - `(("python-pbr" ,python-pbr))) + `(("python-pbr" ,python-pbr-minimal))) (propagated-inputs `(("python-linecache2" ,python-linecache2))) (home-page diff --git a/gnu/packages/readline.scm b/gnu/packages/readline.scm index f6ebbcc267..73fa5316ff 100644 --- a/gnu/packages/readline.scm +++ b/gnu/packages/readline.scm @@ -26,68 +26,77 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix build-system gnu) - #:use-module (guix utils)) + #:use-module (guix utils) + #:use-module (ice-9 format)) + +(define (patch-url seqno) + (format #f "mirror://gnu/readline/readline-7.0-patches/readline70-~3,'0d" seqno)) + +(define (readline-patch seqno sha256) + "Return the origin of Readline patch SEQNO, with expected hash SHA256" + (origin + (method url-fetch) + (uri (patch-url seqno)) + (sha256 sha256))) + +(define-syntax-rule (patch-series (seqno hash) ...) + (list (readline-patch seqno (base32 hash)) + ...)) + +(define %patch-series-7.0 + (patch-series + (1 "0xm3sxvwmss7ddyfb11n6pgcqd1aglnpy15g143vzcf75snb7hcs") + (2 "0n1dxmqsbjgrfxb1hgk5c6lsraw4ncbnzxlsx7m35nym6lncjiw7") + (3 "1027kmymniizcy0zbdlrczxfx3clxcdln5yq05q9yzlc6y9slhwy"))) (define-public readline - (let ((post-install-phase - '(lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib"))) - ;; Make libraries writable so that `strip' can work. - ;; Failing to do that, it bails out with "Permission - ;; denied". - (for-each (lambda (f) (chmod f #o755)) - (find-files lib "\\.so")) - (for-each (lambda (f) (chmod f #o644)) - (find-files lib "\\.a")))))) - (package - (name "readline") - (version "7.0") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/readline/readline-" - version ".tar.gz")) - (sha256 - (base32 - "0d13sg9ksf982rrrmv5mb6a2p4ys9rvg9r71d6il0vr8hmql63bm")) - (patches (search-patches "readline-link-ncurses.patch")) - (patch-flags '("-p0")))) - (build-system gnu-build-system) - (propagated-inputs `(("ncurses" ,ncurses))) - (arguments `(#:configure-flags - (list (string-append "LDFLAGS=-Wl,-rpath -Wl," - (assoc-ref %build-inputs "ncurses") - "/lib") + (package + (name "readline") + (version (string-append "7.0." + (number->string (length %patch-series-7.0)))) + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/readline/readline-" + (version-major+minor version) ".tar.gz")) + (sha256 + (base32 + "0d13sg9ksf982rrrmv5mb6a2p4ys9rvg9r71d6il0vr8hmql63bm")) + (patches (append + %patch-series-7.0 + (search-patches "readline-link-ncurses.patch"))) + (patch-flags '("-p0")))) + (build-system gnu-build-system) + (propagated-inputs `(("ncurses" ,ncurses))) + (arguments `(#:configure-flags + (list (string-append "LDFLAGS=-Wl,-rpath -Wl," + (assoc-ref %build-inputs "ncurses") + "/lib") - ;; This test does an 'AC_TRY_RUN', which aborts when - ;; cross-compiling, so provide the correct answer. - ,@(if (%current-target-system) - '("bash_cv_wcwidth_broken=no") - '()) - ;; MinGW: ncurses provides the termcap api. - ,@(if (target-mingw?) - '("bash_cv_termcap_lib=ncurses") - '())) + ;; This test does an 'AC_TRY_RUN', which aborts when + ;; cross-compiling, so provide the correct answer. + ,@(if (%current-target-system) + '("bash_cv_wcwidth_broken=no") + '()) + ;; MinGW: ncurses provides the termcap api. + ,@(if (target-mingw?) + '("bash_cv_termcap_lib=ncurses") + '())) - ,@(if (target-mingw?) - ;; MinGW: termcap in ncurses - ;; some SIG_* #defined in _POSIX - '(#:make-flags '("TERMCAP_LIB=-lncurses" - "CPPFLAGS=-D_POSIX -D'chown(f,o,g)=0'")) - '()) - #:phases (alist-cons-after - 'install 'post-install - ,post-install-phase - %standard-phases))) - (synopsis "Edit command lines while typing, with history support") - (description - "The GNU readline library allows users to edit command lines as they + ,@(if (target-mingw?) + ;; MinGW: termcap in ncurses + ;; some SIG_* #defined in _POSIX + '(#:make-flags '("TERMCAP_LIB=-lncurses" + "CPPFLAGS=-D_POSIX -D'chown(f,o,g)=0'")) + '()))) + (synopsis "Edit command lines while typing, with history support") + (description + "The GNU readline library allows users to edit command lines as they are typed in. It can maintain a searchable history of previously entered commands, letting you easily recall, edit and re-enter past commands. It features both Emacs-like and vi-like keybindings, making its usage comfortable for anyone.") - (license gpl3+) - (home-page "https://savannah.gnu.org/projects/readline/")))) + (license gpl3+) + (home-page "https://savannah.gnu.org/projects/readline/"))) (define-public readline-6.2 (package (inherit readline) diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index caab8fac4b..5a7548df68 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2015, 2016, 2017 Ben Woodcroft <donttrustben@gmail.com> ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm index fc18719f32..bfa7e05f9d 100644 --- a/gnu/packages/statistics.scm +++ b/gnu/packages/statistics.scm @@ -121,7 +121,7 @@ be output in text, PostScript, PDF or HTML.") "09pl0w01fr09bsrwd7nz2r5psysj0z93w4chz3hm2havvqqvhg3s")))) (build-system gnu-build-system) (arguments - `(#:disallowed-references (,tzdata-2017a) + `(#:disallowed-references (,tzdata-for-tests) #:make-flags (list (string-append "LDFLAGS=-Wl,-rpath=" (assoc-ref %outputs "out") @@ -246,7 +246,7 @@ be output in text, PostScript, PDF or HTML.") ("perl" ,perl) ("pkg-config" ,pkg-config) ("texinfo" ,texinfo) ; for building HTML manuals - ("tzdata" ,tzdata-2017a) + ("tzdata" ,tzdata-for-tests) ("xz" ,xz))) (inputs `(;; We need not only cairo here, but pango to ensure that tests for the diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm index 8c33023bd0..c7f2f4840f 100644 --- a/gnu/packages/texinfo.scm +++ b/gnu/packages/texinfo.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2012, 2013, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -30,19 +31,17 @@ #:use-module (gnu packages ncurses)) (define-public texinfo - ;; TODO: Merge with 'texinfo-latest' on the next core-updates. (package (name "texinfo") - (version "6.3") + (version "6.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/texinfo/texinfo-" version ".tar.xz")) (sha256 (base32 - "0fpr9kdjjl6nj2pc50k2zr7134hvqz8bi8pfqa7131a9lpzz6v14")))) + "0qjzvbvnv9003xdrcpi3jp7y68j4hq2ciw9frh2hghh698zlnxvp")))) (build-system gnu-build-system) - (native-inputs `(("procps" ,procps))) ;one of the tests needs pgrep (inputs `(("ncurses" ,ncurses) ("perl" ,perl))) @@ -63,19 +62,6 @@ their source and the command-line Info reader. The emphasis of the language is on expressing the content semantically, avoiding physical markup commands.") (license gpl3+))) -(define-public texinfo-latest - ;; TODO: Turn this into 'texinfo' on the next core-updates cycle. - (package (inherit texinfo) - (version "6.5") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/texinfo/texinfo-" - version ".tar.xz")) - (sha256 - (base32 - "0qjzvbvnv9003xdrcpi3jp7y68j4hq2ciw9frh2hghh698zlnxvp")))) - (native-inputs '()))) - (define-public texinfo-5 (package (inherit texinfo) (version "5.2") diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index d8cc1ccbc2..2aa082cfb5 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -10,6 +10,7 @@ ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com> ;;; ;;; This file is part of GNU Guix. @@ -65,7 +66,6 @@ (package (name "libtasn1") (version "4.12") - (replacement libtasn1/fixed) (source (origin (method url-fetch) @@ -73,7 +73,8 @@ version ".tar.gz")) (sha256 (base32 - "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7")))) + "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7")) + (patches (search-patches "libtasn1-CVE-2017-10790.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "https://www.gnu.org/software/libtasn1/") @@ -85,13 +86,6 @@ networking, allowing for formal validation of data according to some specifications.") (license license:lgpl2.0+))) -(define libtasn1/fixed - (package - (inherit libtasn1) - (source (origin - (inherit (package-source libtasn1)) - (patches (search-patches "libtasn1-CVE-2017-10790.patch")))))) - (define-public asn1c (package (name "asn1c") @@ -149,9 +143,6 @@ coordinating the use of PKCS#11 by different components or libraries living in the same process.") (license license:bsd-3))) - -;; TODO Add net-tools-for-tests to #:disallowed-references when we can afford -;; rebuild GnuTLS (i.e. core-updates). (define-public gnutls (package (name "gnutls") @@ -172,7 +163,9 @@ living in the same process.") "15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr")))) (build-system gnu-build-system) (arguments - '(#:configure-flags + `(; Ensure we don't keep a reference to this buggy software. + #:disallowed-references (,net-tools) + #:configure-flags (list ;; GnuTLS doesn't consult any environment variables to specify ;; the location of the system-wide trust store. Instead it has a @@ -206,7 +199,7 @@ living in the same process.") "debug" "doc")) ;4.1 MiB of man pages (native-inputs - `(("net-tools" ,net-tools-for-tests) + `(("net-tools" ,net-tools) ("pkg-config" ,pkg-config) ("which" ,which))) (inputs @@ -253,18 +246,19 @@ required structures.") (define-public openssl (package (name "openssl") - (version "1.0.2l") - (replacement openssl-1.0.2m) + (version "1.0.2m") (source (origin (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" + (uri (list (string-append "https://www.openssl.org/source/openssl-" + version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/" name "-" version ".tar.gz") (string-append "ftp://ftp.openssl.org/source/old/" (string-trim-right version char-set:letter) "/" name "-" version ".tar.gz"))) (sha256 (base32 - "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf")) + "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc")) (snippet '(begin ;; Remove ELF files. 'substitute*' can't read them. @@ -381,15 +375,14 @@ required structures.") ,version "/misc")) #t)))))) (native-search-paths - ;; FIXME: These two variables must designate a single file or directory - ;; and are not actually "search paths." In practice it works OK in user - ;; profiles because there's always just one item that matches the - ;; specification. (list (search-path-specification (variable "SSL_CERT_DIR") + (separator #f) ;single entry (files '("etc/ssl/certs"))) (search-path-specification (variable "SSL_CERT_FILE") + (file-type 'regular) + (separator #f) ;single entry (files '("etc/ssl/certs/ca-certificates.crt"))))) (synopsis "SSL/TLS implementation") (description @@ -397,25 +390,6 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) -;; Fixes CVE-2017-3735 and CVE-2017-3736. -;; See <https://www.openssl.org/news/cl102.txt>. -(define-public openssl-1.0.2m - (package - (inherit openssl) - (version "1.0.2m") - (source (origin - (inherit (package-source openssl)) - (uri (list (string-append "https://www.openssl.org/source/openssl-" - version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/openssl-" - version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/openssl-" version ".tar.gz"))) - (sha256 - (base32 - "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc")))))) - (define-public openssl-next (package (inherit openssl) @@ -553,7 +527,7 @@ netcat implementation that supports TLS.") #t)))))) ;; TODO: Add optional inputs for testing. (native-inputs - `(("python-mock" ,python-mock-2) + `(("python-mock" ,python-mock) ;; For documentation ("python-sphinx" ,python-sphinx) ("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput) @@ -602,7 +576,7 @@ netcat implementation that supports TLS.") ;; TODO: Add optional inputs for testing. (native-inputs `(("python-nose" ,python-nose) - ("python-mock" ,python-mock-2) + ("python-mock" ,python-mock) ;; For documentation ("python-sphinx" ,python-sphinx) ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme) @@ -638,14 +612,14 @@ certificates for free.") (define-public perl-net-ssleay (package (name "perl-net-ssleay") - (version "1.81") + (version "1.82") (source (origin (method url-fetch) (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/" "Net-SSLeay-" version ".tar.gz")) (sha256 (base32 - "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0")))) + "1rf78z1macgmp6mwd7c2xq4yfw6wpf28hfwfz1d5wslqr4cwb5aq")))) (build-system perl-build-system) (inputs `(("openssl" ,openssl))) (arguments diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 2c25eb8780..2ad0565db3 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -535,7 +535,7 @@ libebml is a C++ library to read and write EBML files.") (define-public libva (package (name "libva") - (version "1.8.3") + (version "2.0.0") (source (origin (method url-fetch) @@ -547,7 +547,7 @@ libebml is a C++ library to read and write EBML files.") (string-append "https://www.freedesktop.org/software/vaapi/releases/" "libva/libva-" version "/libva-" version ".tar.bz2"))) (sha256 - (base32 "16xbk0awl7wp0vy0nyjvxk11spbw25mp8kwd9bmhd6x9xffi5vjn")))) + (base32 "0cz5i62jnibmnx0i80i9yipq39v16qr6fw461f6hvrh9lbwh21mv")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index eb0436cb35..fff4b767ca 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -5178,7 +5178,7 @@ command-line arguments or read from stdin.") ("python-schema" ,python-schema-0.5) ("python-backports-csv" ,python-backports-csv))) (native-inputs - `(("python-pytest-3.0" ,python-pytest-3.0) + `(("python-pytest" ,python-pytest) ("python-pytest-capturelog" ,python-pytest-capturelog) ("python-responses" ,python-responses))) (home-page "https://github.com/jjjake/internetarchive") diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 2e1ed2ee9e..acc2618e21 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -292,7 +292,7 @@ rasterisation.") (define-public libdrm (package (name "libdrm") - (version "2.4.83") + (version "2.4.88") (source (origin (method url-fetch) @@ -302,7 +302,7 @@ rasterisation.") ".tar.bz2")) (sha256 (base32 - "1minzvsyz5hgm6ixpj8ysa6jsv7vm8qc8nx390jxdsk0v9ljd983")) + "1dbjap12zzlrgvvv9nkkpximhfdpx19qanwzccp78khjqax5vrdm")) (patches (search-patches "libdrm-symbol-check.patch")))) (build-system gnu-build-system) (arguments @@ -1098,7 +1098,7 @@ connectivity of the X server running on a particular @code{DISPLAY}.") ("xcb-util-wm" ,xcb-util-wm))) (native-inputs `(("bison" ,bison) - ("check" ,check-0.11.0) + ("check" ,check) ("flex" ,flex) ("pkg-config" ,pkg-config))) (arguments diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 4f75de344c..ca5e996d6a 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org> -;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com> ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org> ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> @@ -58,17 +58,16 @@ (define-public expat (package (name "expat") - (version "2.2.1") - (replacement expat-2.2.4) + (version "2.2.5") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/expat/expat/" version "/expat-" version ".tar.bz2")) (sha256 (base32 - "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q")))) + "1xpd78sp7m34jqrw5x13bz7kgz0n6aj15wn4zj4gfx3ypbpk5p6r")))) (build-system gnu-build-system) - (home-page "http://www.libexpat.org/") + (home-page "https://libexpat.github.io/") (synopsis "Stream-oriented XML parser library written in C") (description "Expat is an XML parser library written in C. It is a @@ -76,18 +75,6 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat))) -(define expat-2.2.4 ; Fix CVE-{2016-9063,2017-9233,2017-11742} & other issues. - (package - (inherit expat) - (version "2.2.4") - (source (origin - (method url-fetch) - (uri (string-append "mirror://sourceforge/expat/expat/" - version "/expat-" version ".tar.bz2")) - (sha256 - (base32 - "17h1fb9zvqvf0sr78j211bngc6jpql5wzar8fg9b52jzjvdqbb83")))))) - (define-public libebml (package (name "libebml") @@ -112,17 +99,14 @@ hierarchical form with variable field lengths.") (define-public libxml2 (package (name "libxml2") - (version "2.9.4") - (replacement libxml2/fixed) + (version "2.9.7") (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-" version ".tar.gz")) - (patches (search-patches "libxml2-CVE-2016-4658.patch" - "libxml2-CVE-2016-5131.patch")) (sha256 (base32 - "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz")))) + "034hylzspvkm0p4bczqbf8q05a7r2disr8dz725x4bin61ymwg7n")))) (build-system gnu-build-system) (home-page "http://www.xmlsoft.org/") (synopsis "C parser for XML") @@ -142,20 +126,6 @@ hierarchical form with variable field lengths.") project (but it is usable outside of the Gnome platform).") (license license:x11))) -(define libxml2/fixed - (package - (inherit libxml2) - (source - (origin - (inherit (package-source libxml2)) - (patches - (append (origin-patches (package-source libxml2)) - (search-patches "libxml2-CVE-2017-0663.patch" - "libxml2-CVE-2017-7375.patch" - "libxml2-CVE-2017-7376.patch" - "libxml2-CVE-2017-9047+CVE-2017-9048.patch" - "libxml2-CVE-2017-9049+CVE-2017-9050.patch"))))))) - (define-public python-libxml2 (package (inherit libxml2) (name "python-libxml2") @@ -188,15 +158,14 @@ project (but it is usable outside of the Gnome platform).") (define-public libxslt (package (name "libxslt") - (version "1.1.29") + (version "1.1.32") (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" version ".tar.gz")) - (patches (search-patches "libxslt-CVE-2016-4738.patch")) (sha256 (base32 - "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")) + "0q2l6m56iv3ysxgm2walhg4c9wp7q183jb328687i9zlp85csvjj")) (patches (search-patches "libxslt-generated-ids.patch")))) (build-system gnu-build-system) (home-page "http://xmlsoft.org/XSLT/index.html") diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index d70226930f..4ea0fcd5e2 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -1108,7 +1108,7 @@ themselves.") (define-public libpciaccess (package (name "libpciaccess") - (version "0.13.5") + (version "0.14") (source (origin (method url-fetch) @@ -1118,7 +1118,7 @@ themselves.") ".tar.bz2")) (sha256 (base32 - "16dr80rdw5bzdyhahvilfjrflj7scs2yl2mmghsb84f3nglm8b3m")))) + "197jbcpvp4z4x6j705mq2y4fsnnypy6f85y8xalgwhgx5bhl7x9x")))) (build-system gnu-build-system) (arguments '(;; Make sure libpciaccess can read compressed 'pci.ids' files as @@ -3820,7 +3820,7 @@ extension to the X11 protocol. It includes: (define-public xkeyboard-config (package (name "xkeyboard-config") - (version "2.21") + (version "2.22") (source (origin (method url-fetch) @@ -3830,7 +3830,7 @@ extension to the X11 protocol. It includes: ".tar.bz2")) (sha256 (base32 - "1iffxpchy6dfgbby23nfsqqk17h9lfddlmjnhwagqag1z94p1h9h")))) + "1garmbyfjp0han04l2l90zzwlfbdgdxl6r1qnic36i5wkycckbny")))) (build-system gnu-build-system) (inputs `(("gettext" ,gettext-minimal) @@ -4891,7 +4891,7 @@ new API's in libXft, or the legacy API's in libX11.") (define-public libxfont2 (package (inherit libxfont) - (version "2.0.1") + (version "2.0.2") (replacement libxfont2-2.0.3) (source (origin (method url-fetch) @@ -4899,7 +4899,7 @@ new API's in libXft, or the legacy API's in libX11.") version ".tar.bz2")) (sha256 (base32 - "0znvwk36nhmyqpmhbm9mzisgixp1mp5qkfald8x1n5yxbm3vpyz9")))))) + "04f1lswh1ridkycgaivf1hrr77l5ap8smbfr2rqjrm7phwxqs24l")))))) ;; Fixes the following security vulnerabilities: ;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13720 |