diff options
Diffstat (limited to 'gnu/packages')
81 files changed, 1524 insertions, 2495 deletions
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm index a3016fe7b3..a6960ae79b 100644 --- a/gnu/packages/algebra.scm +++ b/gnu/packages/algebra.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2016, 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr> ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; @@ -479,7 +480,6 @@ binary.") (base32 "0amh9ik44jfg66csyvf4zz1l878c4755kjndq9j0270akflgrbb2")))) (build-system gnu-build-system) - (inputs `(("readline" ,readline))) (native-inputs `(("ed" ,ed) ("flex" ,flex) diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index 035ef8c32c..b62438e4f1 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -179,8 +179,7 @@ backups (called chunks) to allow easy burning to CD/DVD.") (define-public libarchive (package (name "libarchive") - (replacement libarchive-3.3.1) - (version "3.2.2") + (version "3.3.1") (source (origin (method url-fetch) @@ -188,7 +187,7 @@ backups (called chunks) to allow easy burning to CD/DVD.") version ".tar.gz")) (sha256 (base32 - "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739")))) + "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9")))) (build-system gnu-build-system) ;; TODO: Add -L/path/to/nettle in libarchive.pc. (inputs diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index d135a18bf8..b9364f81f5 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -5,8 +5,10 @@ ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014 Alex Kost <alezost@gmail.com> ;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis <manolis837@gmail.com> -;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> +;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org> +;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; ;;; This file is part of GNU Guix. @@ -87,7 +89,8 @@ command-line arguments, multiple languages, and so on.") (sha256 (base32 "1dcasjp3a578nrvzrcn38mpizb8w1q6mvfzhjmcqqgkf0nsivj72")) - (patches (search-patches "grep-timing-sensitive-test.patch")))) + (patches (search-patches "grep-timing-sensitive-test.patch" + "grep-gnulib-lock.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) ;some of the tests require it (arguments @@ -228,14 +231,14 @@ differences.") (define-public diffutils (package (name "diffutils") - (version "3.5") + (version "3.6") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/diffutils/diffutils-" version ".tar.xz")) (sha256 (base32 - "0csmqfz8ks23kdjsq0v2ll1acqiz8lva06dj19mwmymrsp69ilys")))) + "1mivg0fy3a6fcn535ln8nkgfj6vxh5hsxxs5h6692wxmsjyyh8fn")))) (build-system gnu-build-system) (synopsis "Comparing and merging files") (description @@ -258,8 +261,13 @@ interactive means to merge two files.") (sha256 (base32 "178nn4dl7wbcw499czikirnkniwnx36argdnqgz4ik9i6zvwkm6y")) - (patches (search-patches "findutils-localstatedir.patch" - "findutils-test-xargs.patch")))) + (patches (search-patches + "findutils-localstatedir.patch" + "findutils-test-xargs.patch" + ;; test-lock has performance issues on multi-core + ;; machines, it hangs or takes a long time to complete. + ;; This is a commit from gnulib to fix this issue. + "findutils-gnulib-multi-core.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags (list @@ -285,15 +293,15 @@ used to apply commands with arbitrarily long arguments.") (define-public coreutils (package (name "coreutils") - (version "8.26") + (version "8.27") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/coreutils/coreutils-" version ".tar.xz")) (sha256 (base32 - "13lspazc7xkviy93qz7ks9jv4sldvgmwpq36ghrbrqpq93br8phm")) - (patches (search-patches "coreutils-fix-cross-compilation.patch")))) + "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8")) + (patches (search-patches "coreutils-cut-huge-range-test.patch")))) (build-system gnu-build-system) (inputs `(("acl" ,acl) ; TODO: add SELinux ("gmp" ,gmp) ;bignums in 'expr', yay! @@ -308,21 +316,12 @@ used to apply commands with arbitrarily long arguments.") ;; copy of help2man. However, don't pass it when cross-compiling since ;; that would lead it to try to run programs to get their '--help' output ;; for help2man. - `(,@(if (%current-target-system) - '() - `(("perl" ,perl))) - - ;; Apply this patch only on ARM to avoid a full rebuild. - ;; TODO: Move to 'patches' in the next update cycle. - ,@(if (string-prefix? "arm" (or (%current-target-system) - (%current-system))) - `(("cut-test.patch" - ,(search-patch "coreutils-cut-huge-range-test.patch"))) - '()))) + (if (%current-target-system) + '() + `(("perl" ,perl)))) (outputs '("out" "debug")) (arguments `(#:parallel-build? #f ; help2man may be called too early - #:parallel-tests? #f ; race condition fixed after 8.26 #:phases (alist-cons-before 'build 'patch-shell-references (lambda* (#:key inputs #:allow-other-keys) @@ -337,22 +336,7 @@ used to apply commands with arbitrarily long arguments.") (substitute* (find-files "tests" "\\.sh$") (("#!/bin/sh") (format #f "#!~a/bin/sh" bash))))) - - ,@(if (string-prefix? "arm" (or (%current-target-system) - (%current-system))) - '((alist-cons-before - 'build 'patch-cut-test - (lambda* (#:key inputs native-inputs - #:allow-other-keys) - (let ((patch (or (assoc-ref inputs - "cut-test.patch") - (assoc-ref native-inputs - "cut-test.patch")))) - (zero? - (system* "patch" "-p1" "--force" - "--input" patch)))) - %standard-phases)) - '(%standard-phases))))) + %standard-phases))) (synopsis "Core GNU utilities (file, text, shell)") (description "GNU Coreutils includes all of the basic command-line tools that are @@ -362,29 +346,6 @@ functionality beyond that which is outlined in the POSIX standard.") (license gpl3+) (home-page "https://www.gnu.org/software/coreutils/"))) -;; We add version 8.27 here for use in (gnu system) due to a time -;; zone bug in `date' versions 8.25 - 8.26. -;; https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23035 -;; https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26238 -(define-public coreutils-8.27 - (package - (inherit coreutils) - (version "8.27") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/coreutils/coreutils-" - version ".tar.xz")) - (sha256 - (base32 - "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8")))) - (arguments - (if (string-prefix? "arm" (or (%current-target-system) - (%current-system))) - (substitute-keyword-arguments (package-arguments coreutils) - ((#:phases phases) - `(alist-delete 'patch-cut-test ,phases))) - (package-arguments coreutils))))) - (define-public coreutils-minimal ;; Coreutils without its optional dependencies. (package @@ -434,17 +395,16 @@ change. GNU make offers many powerful extensions over the standard utility.") (define-public binutils (package (name "binutils") - (version "2.27") + (version "2.28") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/binutils/binutils-" version ".tar.bz2")) (sha256 (base32 - "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn")) + "0wiasgns7i8km8nrxas265sh2dfpsw93b3qw195ipc90w4z475v2")) (patches (search-patches "binutils-ld-new-dtags.patch" - "binutils-loongson-workaround.patch" - "binutils-mips-bash-bug.patch")))) + "binutils-loongson-workaround.patch")))) (build-system gnu-build-system) ;; TODO: Add dependency on zlib + those for Gold. @@ -456,10 +416,6 @@ change. GNU make offers many powerful extensions over the standard utility.") ;; Don't search under /usr/lib & co. "--with-lib-path=/no-ld-lib-path" - ;; Glibc 2.17 has a "comparison of unsigned - ;; expression >= 0 is always true" in wchar.h. - "--disable-werror" - ;; Install BFD. It ends up in a hidden directory, ;; but it's here. "--enable-install-libbfd" @@ -482,7 +438,7 @@ included.") (define* (make-ld-wrapper name #:key (target (const #f)) binutils - (guile (canonical-package guile-2.0)) + (guile (canonical-package guile-2.2)) (bash (canonical-package bash)) (guile-for-build guile)) "Return a package called NAME that contains a wrapper for the 'ld' program @@ -575,7 +531,8 @@ store.") (modules '((guix build utils))) (patches (search-patches "glibc-ldd-x86_64.patch" "glibc-versioned-locpath.patch" - "glibc-o-largefile.patch")))) + "glibc-o-largefile.patch" + "glibc-memchr-overflow-i686.patch")))) (build-system gnu-build-system) ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc @@ -587,10 +544,6 @@ store.") (arguments `(#:out-of-source? #t - ;; In version 2.21, there a race in the 'elf' directory, see - ;; <http://lists.gnu.org/archive/html/guix-devel/2015-02/msg00709.html>. - #:parallel-build? #f - ;; The libraries have an empty RUNPATH, but some, such as the versioned ;; libraries (libdl-2.24.so, etc.) have ld.so marked as NEEDED. Since ;; these libraries are always going to be found anyway, just skip @@ -666,19 +619,6 @@ store.") ;; 4.7.1. ((" -lgcc_s") "")) - ;; Apply patch only on i686. - ;; TODO: Move the patch to 'patches' in the next update cycle. - ,@(if (string-prefix? "i686" (or (%current-target-system) - (%current-system))) - `((unless (zero? (system* "patch" "-p1" "--force" - "--input" - (or (assoc-ref native-inputs - "glibc-memchr-overflow-i686.patch") - (assoc-ref inputs - "glibc-memchr-overflow-i686.patch")))) - (error "patch failed for glibc-memchr-overflow-i686.patch"))) - '()) - ;; Have `system' use that Bash. (substitute* "sysdeps/posix/system.c" (("#define[[:blank:]]+SHELL_PATH.*$") @@ -722,15 +662,7 @@ store.") ;; install the message catalogs, with 'msgfmt'. (native-inputs `(("texinfo" ,texinfo) ("perl" ,perl) - ("gettext" ,gettext-minimal) - - ;; Apply this patch only on i686 to avoid a full rebuild. - ;; TODO: Move to 'patches' in the next update cycle. - ,@(if (string-prefix? "i686" (or (%current-target-system) - (%current-system))) - `(("glibc-memchr-overflow-i686.patch" - ,(search-patch "glibc-memchr-overflow-i686.patch"))) - '()))) + ("gettext" ,gettext-minimal))) (native-search-paths ;; Search path for packages that provide locale data. This is useful @@ -779,71 +711,6 @@ with the Linux kernel.") ;; Add libmachuser.so and libhurduser.so to libc.so's search path. ;; See <http://lists.gnu.org/archive/html/bug-hurd/2015-07/msg00051.html>. `(modify-phases ,original-phases - ;; TODO: This is almost an exact copy of the phase of the same name - ;; in glibc/linux. The only difference is that the i686 patch is - ;; not applied here. In the next update cycle the patch moves to - ;; the patches field and this overwritten phase won't be needed any - ;; more. - (replace 'pre-configure - (lambda* (#:key inputs native-inputs outputs - #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (bin (string-append out "/bin")) - ;; FIXME: Normally we would look it up only in INPUTS - ;; but cross-base uses it as a native input. - (bash (or (assoc-ref inputs "static-bash") - (assoc-ref native-inputs "static-bash")))) - ;; Install the rpc data base file under `$out/etc/rpc'. - ;; FIXME: Use installFlags = [ "sysconfdir=$(out)/etc" ]; - (substitute* "sunrpc/Makefile" - (("^\\$\\(inst_sysconfdir\\)/rpc(.*)$" _ suffix) - (string-append out "/etc/rpc" suffix "\n")) - (("^install-others =.*$") - (string-append "install-others = " out "/etc/rpc\n"))) - - (substitute* "Makeconfig" - ;; According to - ;; <http://www.linuxfromscratch.org/lfs/view/stable/chapter05/glibc.html>, - ;; linking against libgcc_s is not needed with GCC - ;; 4.7.1. - ((" -lgcc_s") "")) - - ;; Have `system' use that Bash. - (substitute* "sysdeps/posix/system.c" - (("#define[[:blank:]]+SHELL_PATH.*$") - (format #f "#define SHELL_PATH \"~a/bin/bash\"\n" - bash))) - - ;; Same for `popen'. - (substitute* "libio/iopopen.c" - (("/bin/sh") - (string-append bash "/bin/sh"))) - - ;; Same for the shell used by the 'exec' functions for - ;; scripts that lack a shebang. - (substitute* (find-files "." "^paths\\.h$") - (("#define[[:blank:]]+_PATH_BSHELL[[:blank:]].*$") - (string-append "#define _PATH_BSHELL \"" - bash "/bin/sh\"\n"))) - - ;; Nscd uses __DATE__ and __TIME__ to create a string to - ;; make sure the client and server come from the same - ;; libc. Use something deterministic instead. - (substitute* "nscd/nscd_stat.c" - (("static const char compilation\\[21\\] =.*$") - (string-append - "static const char compilation[21] = \"" - (string-take (basename out) 20) "\";\n"))) - - ;; Make sure we don't retain a reference to the - ;; bootstrap Perl. - (substitute* "malloc/mtrace.pl" - (("^#!.*") - ;; The shebang can be omitted, because there's the - ;; "bilingual" eval/exec magic at the top of the file. - "") - (("exec @PERL@") - "exec perl"))))) (add-after 'install 'augment-libc.so (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out"))) diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm index ef22728a92..b1966e5675 100644 --- a/gnu/packages/bash.scm +++ b/gnu/packages/bash.scm @@ -211,33 +211,33 @@ without modification.") (outputs (delete "include" (package-outputs bash))) (arguments - (let ((args `(#:modules ((guix build gnu-build-system) - (guix build utils) - (srfi srfi-1) - (srfi srfi-26)) - ,@(package-arguments bash)))) - (substitute-keyword-arguments args - ((#:configure-flags flags) - `(list "--without-bash-malloc" - "--disable-readline" - "--disable-history" - "--disable-help-builtin" - "--disable-progcomp" - "--disable-net-redirections" - "--disable-nls" + (substitute-keyword-arguments (package-arguments bash) + ((#:modules _ '()) + '((guix build gnu-build-system) + (guix build utils) + (srfi srfi-1) + (srfi srfi-26))) + ((#:configure-flags flags '()) + `(list "--without-bash-malloc" + "--disable-readline" + "--disable-history" + "--disable-help-builtin" + "--disable-progcomp" + "--disable-net-redirections" + "--disable-nls" - ;; Pretend 'dlopen' is missing so we don't build loadable - ;; modules and related code. - "ac_cv_func_dlopen=no" + ;; Pretend 'dlopen' is missing so we don't build loadable + ;; modules and related code. + "ac_cv_func_dlopen=no" - ,@(if (%current-target-system) - '("bash_cv_job_control_missing=no" - "bash_cv_getcwd_malloc=yes") - '()))) - ((#:phases phases) - `(modify-phases ,phases - ;; No loadable modules. - (delete 'move-development-files)))))))) + ,@(if (%current-target-system) + '("bash_cv_job_control_missing=no" + "bash_cv_getcwd_malloc=yes") + '()))) + ((#:phases phases) + `(modify-phases ,phases + ;; No loadable modules. + (delete 'move-development-files))))))) (define-public static-bash ;; Statically-linked Bash that contains nothing but the 'bash' binary and diff --git a/gnu/packages/bdw-gc.scm b/gnu/packages/bdw-gc.scm index b9732374d7..790a238579 100644 --- a/gnu/packages/bdw-gc.scm +++ b/gnu/packages/bdw-gc.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016 Leo Famulari <leo@famulari.name> +;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -23,7 +24,8 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix build-system gnu) - #:use-module (gnu packages pkg-config)) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages hurd)) (define-public libgc (package @@ -38,8 +40,20 @@ "143x7g0d0k6250ai6m2x3l4y352mzizi4wbgrmahxscv2aqjhjm1")))) (build-system gnu-build-system) (arguments - '(#:configure-flags '(;; Install gc_cpp.h et al. - "--enable-cplusplus"))) + `(#:configure-flags + (list + ;; Install gc_cpp.h et al. + "--enable-cplusplus" + ;; In GNU/Hurd systems during the 'Check' phase, + ;; there is a deadlock caused by the 'gctest' test. + ;; To disable the error set "--disable-gcj-support" + ;; to configure script. See bug report and discussion: + ;; <https://lists.opendylan.org/pipermail/bdwgc/2017-April/006275.html> + ;; <https://lists.gnu.org/archive/html/bug-hurd/2017-01/msg00008.html> + ,@(if (hurd-triplet? (or (%current-system) + (%current-target-system))) + '("--disable-gcj-support") + '())))) (native-inputs `(("pkg-config" ,pkg-config))) (inputs `(("libatomic-ops" ,libatomic-ops))) (outputs '("out" "debug")) diff --git a/gnu/packages/boost.scm b/gnu/packages/boost.scm index dfaa853533..5d2056fc7d 100644 --- a/gnu/packages/boost.scm +++ b/gnu/packages/boost.scm @@ -35,7 +35,7 @@ (define-public boost (package (name "boost") - (version "1.63.0") + (version "1.64.0") (source (origin (method url-fetch) (uri (string-append @@ -44,7 +44,7 @@ ".tar.bz2")) (sha256 (base32 - "1c5kzhcqahnic55dxcnw7r80qvwx5sfa2sa97yzv7xjrywljbbmy")))) + "0cikd35xfkpg9nnl76yqqnqxnf3hyfjjww8xjd4akflprsm5rk3v")))) (build-system gnu-build-system) (inputs `(("zlib" ,zlib))) (native-inputs diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index dec462b0cb..c4be211f1a 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -114,10 +114,7 @@ (native-inputs `(("unifont" ,unifont) ("bison" ,bison) - ;; Due to a bug in flex >= 2.6.2, GRUB must be built with an older flex: - ;; <http://lists.gnu.org/archive/html/grub-devel/2017-02/msg00133.html> - ;; TODO Try building with flex > 2.6.3. - ("flex" ,flex-2.6.1) + ("flex" ,flex) ("texinfo" ,texinfo) ("help2man" ,help2man) @@ -240,7 +237,7 @@ menu to select one of the installed operating systems.") (build-system gnu-build-system) (native-inputs `(("bison" ,bison) - ("flex" ,flex-2.6.1))) ; A bug in flex prevents building with flex-2.6.3. + ("flex" ,flex))) (arguments `(#:make-flags (list "CC=gcc" diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 1b41feac1f..f672ef45eb 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -510,14 +510,7 @@ the bootstrap environment." (propagated-inputs `(("kernel-headers" ,(kernel-headers-boot0)))) (native-inputs `(("texinfo" ,texinfo-boot0) - ("perl" ,perl-boot0) - ;; Apply this patch only on i686 to avoid a full rebuild. - ;; TODO: Remove in the next update cycle. - ,@(if (string-prefix? "i686" (or (%current-target-system) - (%current-system))) - `(("glibc-memchr-overflow-i686.patch" - ,(search-patch "glibc-memchr-overflow-i686.patch"))) - '()))) + ("perl" ,perl-boot0))) (inputs `(;; The boot inputs. That includes the bootstrap libc. We don't want ;; it in $CPATH, hence the 'pre-configure' phase above. @@ -807,13 +800,14 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" (define bash-final ;; Link with `-static-libgcc' to make sure we don't retain a reference - ;; to the bootstrap GCC. + ;; to the bootstrap GCC. Use "bash-minimal" to avoid an extra dependency + ;; on Readline and ncurses. (let ((bash (package - (inherit bash) + (inherit bash-minimal) (arguments `(#:disallowed-references ,(assoc-ref %boot3-inputs "coreutils&co") - ,@(package-arguments bash)))))) + ,@(package-arguments bash-minimal)))))) (package-with-bootstrap-guile (package-with-explicit-inputs (static-libgcc-package bash) %boot3-inputs @@ -829,7 +823,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" ;; This package must be public because other modules refer to it. However, ;; mark it as hidden so that 'fold-packages' ignores it. (package-with-bootstrap-guile - (package-with-explicit-inputs (hidden-package guile-2.0/fixed) + (package-with-explicit-inputs (hidden-package guile-2.2/fixed) %boot4-inputs (current-source-location) #:guile %bootstrap-guile))) @@ -850,12 +844,10 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" (define-public ld-wrapper ;; The final 'ld' wrapper, which uses the final Guile and Binutils. - (package (inherit ld-wrapper-boot3) - (name "ld-wrapper") - (inputs `(("guile" ,guile-final) - ("bash" ,bash-final) - ,@(fold alist-delete (package-inputs ld-wrapper-boot3) - '("guile" "bash")))))) + (make-ld-wrapper "ld-wrapper" + #:binutils binutils-final + #:guile guile-final + #:bash bash-final)) (define %boot5-inputs ;; Now with UTF-8 locales. Remember that the bootstrap binaries were built @@ -948,7 +940,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" the implicit inputs of 'gnu-build-system', return that one, otherwise return PACKAGE. -The goal is to avoid duplication in cases like GUILE-FINAL vs. GUILE-2.0, +The goal is to avoid duplication in cases like GUILE-FINAL vs. GUILE-2.2, COREUTILS-FINAL vs. COREUTILS, etc." ;; XXX: This doesn't handle dependencies of the final inputs, such as ;; libunistring, GMP, etc. diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 11db2a66f7..2b576743d6 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -207,84 +207,78 @@ file; as a result, it is often used in conjunction with \"tar\", resulting in (home-page "https://www.gnu.org/software/gzip/"))) (define-public bzip2 - (let ((build-shared-lib - ;; Build a shared library. - '(lambda* (#:key inputs #:allow-other-keys) - (patch-makefile-SHELL "Makefile-libbz2_so") - (zero? (system* "make" "-f" "Makefile-libbz2_so")))) - (install-shared-lib - '(lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (libdir (string-append out "/lib"))) - (for-each (lambda (file) - (let ((base (basename file))) - (format #t "installing `~a' to `~a'~%" - base libdir) - (copy-file file - (string-append libdir "/" base)))) - (find-files "." "^libbz2\\.so"))))) - (set-cross-environment - '(lambda* (#:key target #:allow-other-keys) - (substitute* (find-files "." "Makefile") - (("CC=.*$") - (string-append "CC = " target "-gcc\n")) - (("AR=.*$") - (string-append "AR = " target "-ar\n")) - (("RANLIB=.*$") - (string-append "RANLIB = " target "-ranlib\n")) - (("^all:(.*)test" _ prerequisites) - ;; Remove 'all' -> 'test' dependency. - (string-append "all:" prerequisites "\n")))))) - (package - (name "bzip2") - (version "1.0.6") - (source (origin - (method url-fetch) - (uri (string-append "http://www.bzip.org/" version "/bzip2-" - version ".tar.gz")) - (sha256 - (base32 - "1kfrc7f0ja9fdn6j1y6yir6li818npy6217hvr3wzmnmzhs8z152")))) - (build-system gnu-build-system) - (arguments - `(#:modules ((guix build gnu-build-system) - (guix build utils) - (srfi srfi-1)) - #:phases - ,(if (%current-target-system) - - ;; Cross-compilation: use the cross tools. - `(alist-cons-before - 'build 'build-shared-lib ,build-shared-lib - (alist-cons-after - 'install 'install-shared-lib ,install-shared-lib - (alist-replace 'configure ,set-cross-environment - %standard-phases))) - - ;; Native compilation: build the shared library. - `(alist-cons-before - 'build 'build-shared-lib ,build-shared-lib - (alist-cons-after - 'install 'install-shared-lib ,install-shared-lib - (alist-delete 'configure %standard-phases)))) + (package + (name "bzip2") + (version "1.0.6") + (source (origin + (method url-fetch) + (uri (string-append "http://www.bzip.org/" version "/bzip2-" + version ".tar.gz")) + (sha256 + (base32 + "1kfrc7f0ja9fdn6j1y6yir6li818npy6217hvr3wzmnmzhs8z152")))) + (build-system gnu-build-system) + (arguments + `(#:modules ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-1)) + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key target #:allow-other-keys) + (if ,(%current-target-system) + ;; Cross-compilation: use the cross tools. + (substitute* (find-files "." "Makefile") + (("CC=.*$") + (string-append "CC = " target "-gcc\n")) + (("AR=.*$") + (string-append "AR = " target "-ar\n")) + (("RANLIB=.*$") + (string-append "RANLIB = " target "-ranlib\n")) + (("^all:(.*)test" _ prerequisites) + ;; Remove 'all' -> 'test' dependency. + (string-append "all:" prerequisites "\n"))) + #t))) + (add-before 'build 'build-shared-lib + (lambda* (#:key inputs #:allow-other-keys) + (patch-makefile-SHELL "Makefile-libbz2_so") + (zero? (system* "make" "-f" "Makefile-libbz2_so")))) + (add-after 'install 'install-shared-lib + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (libdir (string-append out "/lib"))) + (for-each (lambda (file) + (let ((base (basename file))) + (format #t "installing `~a' to `~a'~%" + base libdir) + (copy-file file + (string-append libdir "/" base)))) + (find-files "." "^libbz2\\.so"))) + #t)) + (add-after 'install-shared-lib 'patch-scripts + (lambda* (#:key outputs inputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out"))) + (substitute* (string-append out "/bin/bzdiff") + (("/bin/rm") "rm"))) + #t))) - #:make-flags (list (string-append "PREFIX=" - (assoc-ref %outputs "out"))) + #:make-flags (list (string-append "PREFIX=" + (assoc-ref %outputs "out"))) - ;; Don't attempt to run the tests when cross-compiling. - ,@(if (%current-target-system) - '(#:tests? #f) - '()))) - (synopsis "High-quality data compression program") - (description - "bzip2 is a freely available, patent free (see below), high-quality data + ;; Don't attempt to run the tests when cross-compiling. + ,@(if (%current-target-system) + '(#:tests? #f) + '()))) + (synopsis "High-quality data compression program") + (description + "bzip2 is a freely available, patent free (see below), high-quality data compressor. It typically compresses files to within 10% to 15% of the best available techniques (the PPM family of statistical compressors), whilst being around twice as fast at compression and six times faster at decompression.") - (license (license:non-copyleft "file://LICENSE" - "See LICENSE in the distribution.")) - (home-page "http://www.bzip.org/")))) + (license (license:non-copyleft "file://LICENSE" + "See LICENSE in the distribution.")) + (home-page "http://www.bzip.org/"))) (define-public lbzip2 (package @@ -457,14 +451,14 @@ some compression ratio).") (define-public lzip (package (name "lzip") - (version "1.16") + (version "1.18") (source (origin (method url-fetch) (uri (string-append "mirror://savannah/lzip/lzip-" version ".tar.gz")) (sha256 (base32 - "0l9724rw1l3hg2ldr3n7ihqich4m9nc6y7l302bvdj4jmxdw530j")))) + "1p8lvc22sv3damld9ng8y6i8z2dvvpsbi9v7yhr5bc2a20m8iya7")))) (build-system gnu-build-system) (home-page "http://www.nongnu.org/lzip/lzip.html") (synopsis "Lossless data compressor based on the LZMA algorithm") diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 73d402ce18..420b9bacc1 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -40,15 +40,14 @@ (define-public curl (package (name "curl") - (replacement curl-7.54.0) - (version "7.53.0") + (version "7.54.0") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.lzma")) (sha256 (base32 - "1k0i31xygb804c61llhin5wbpcscg4gfqmbxcfkpdr1alwh7igrq")))) + "02h7qhl8ynp75g1vcaw18ks0gp7nahvvkqck19pb1q0kkw1scsnd")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.2 MiB of man3 pages @@ -120,16 +119,3 @@ tunneling, and so on.") (license (license:non-copyleft "file://COPYING" "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) - -(define curl-7.54.0 - (package - (inherit curl) - (version "7.54.0") - (source - (origin - (method url-fetch) - (uri (string-append "https://curl.haxx.se/download/curl-" - version ".tar.lzma")) - (sha256 - (base32 - "02h7qhl8ynp75g1vcaw18ks0gp7nahvvkqck19pb1q0kkw1scsnd")))))) diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index c46e917b89..cd5f53daa3 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -125,14 +125,14 @@ either single machines or networked clusters.") (define-public gdbm (package (name "gdbm") - (version "1.12") + (version "1.13") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gdbm/gdbm-" version ".tar.gz")) (sha256 (base32 - "1smwz4x5qa4js0zf1w3asq6z7mh20zlgwbh2bk5dczw6xrk22yyr")))) + "0lx201q20dvc70f8a3c9s7s18z15inlxvbffph97ngvrgnyjq9cx")))) (arguments `(#:configure-flags '("--enable-libgdbm-compat"))) (build-system gnu-build-system) (home-page "http://www.gnu.org.ua/software/gdbm") @@ -721,7 +721,7 @@ for example from a shell script.") (define-public sqlite (package (name "sqlite") - (version "3.17.0") + (version "3.19.2") (source (origin (method url-fetch) (uri (let ((numeric-version @@ -737,7 +737,7 @@ for example from a shell script.") numeric-version ".tar.gz"))) (sha256 (base32 - "0k472gq0p706jq4529p60znvw02hdf172qxgbdv59q0n7anqbr54")))) + "1z1gmiyx68g1yxc3avc9jnan53irnsq2rsyldwyxcfnc07xn2lya")))) (build-system gnu-build-system) (inputs `(("readline" ,readline))) (arguments diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm index 5014229952..d30d7bcfa8 100644 --- a/gnu/packages/ed.scm +++ b/gnu/packages/ed.scm @@ -28,14 +28,14 @@ (define-public ed (package (name "ed") - (version "1.14.1") + (version "1.14.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/ed/ed-" version ".tar.lz")) (sha256 (base32 - "0ajm69pma7gigddlrq2qi4dsllz9vhm8gqwpkcdagdd2yaw7xfgz")))) + "1nqhk3n1s1p77g2bjnj55acicsrlyb2yasqxqwpx0w0djfx64ygm")))) (build-system gnu-build-system) (native-inputs `(("lzip" ,lzip))) (arguments diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm index 70541540e5..b9b8e84685 100644 --- a/gnu/packages/embedded.scm +++ b/gnu/packages/embedded.scm @@ -447,7 +447,7 @@ with a layered architecture of JTAG interface and TAP support.") ,@(package-arguments xbinutils))) (native-inputs `(("bison" ,bison) - ("flex" ,flex-2.6.1) ; needed because of yywrap error + ("flex" ,flex) ("texinfo" ,texinfo) ("dejagnu" ,dejagnu) ,@(package-native-inputs xbinutils)))))) @@ -799,7 +799,7 @@ simulator.") (base32 "14b3h2ji740s8zq5vwm4qdcxs4aa4wxi6wb9di3bv1h39x14nyr9")))) ("texinfo" ,texinfo) - ("flex" ,flex-2.6.1) ; A bug in flex prevents building with flex-2.6.3. + ("flex" ,flex) ("bison" ,bison) ("guile-1.8" ,guile-1.8) ("which" ,base:which))) diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index a6239877a0..050e6715b1 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -28,14 +28,14 @@ (define-public file (package (name "file") - (version "5.28") + (version "5.30") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.astron.com/pub/file/file-" version ".tar.gz")) (sha256 (base32 - "04p0w9ggqq6cqvwhyni0flji1z0rwrz896hmhkxd2mc6dca5xjqf")))) + "057jpcyy8ws7q4s4sm8r1rxb8xycdbng2z4y9i98f094wlr28k39")))) (build-system gnu-build-system) ;; When cross-compiling, this package depends upon a native install of diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm index 1470b967da..fdda5f365d 100644 --- a/gnu/packages/flex.scm +++ b/gnu/packages/flex.scm @@ -32,7 +32,7 @@ (define-public flex (package (name "flex") - (version "2.6.3") + (version "2.6.4") (source (origin (method url-fetch) (uri (string-append @@ -41,7 +41,7 @@ "flex-" version ".tar.gz")) (sha256 (base32 - "1an2cn2z85mkpgqcinh1fhhcd7993qm2lil1yxic8iz76ci79ck8")))) + "15g9bv236nzi665p9ggqjlfn4dwck5835vf0bbw2cz7h5c1swyp8")))) (build-system gnu-build-system) (inputs (let ((bison-for-tests @@ -85,20 +85,3 @@ regular expressions for each rule. Whenever it finds a match, it executes the corresponding C code.") (license (non-copyleft "file://COPYING" "See COPYING in the distribution.")))) - -;;; Many packages fail to build with flex > 2.6.1, due to this bug in flex: -;;; <https://github.com/westes/flex/issues/162> -;;; We must not use a flex before 2.6.1, due to CVE-2016-6354. -;;; TODO Try using flex > 2.6.3. -(define-public flex-2.6.1 - (package - (inherit flex) - (version "2.6.1") - (source (origin - (method url-fetch) - (uri (string-append "https://github.com/westes/flex" - "/releases/download/v" version "/" - "flex-" version ".tar.xz")) - (sha256 - (base32 - "0gqhk4vkwy4gl9xbpgkljph8c0a5kpijz6wd0p5r9q202qn42yic")))))) diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index efea81dc11..c5a69232ca 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -48,14 +48,13 @@ (define-public freetype (package (name "freetype") - (replacement freetype/fixed) - (version "2.7.1") + (version "2.8") (source (origin (method url-fetch) (uri (string-append "mirror://savannah/freetype/freetype-" version ".tar.bz2")) (sha256 (base32 - "121gm15ayfg3rglby8ifh8384mcjb9dhmx9j40zl7yszw72b4frs")))) + "02xlj611alpvl3h33hvfw1jyxc1vp9mzwcckkiglkhn3hknh7im3")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -74,15 +73,6 @@ anti-aliased glyph bitmap generation with 256 gray levels.") (license license:freetype) ; some files have other licenses (home-page "https://www.freetype.org/"))) -(define freetype/fixed - (package - (inherit freetype) - (source - (origin - (inherit (package-source freetype)) - (patches (search-patches "freetype-CVE-2017-8105.patch" - "freetype-CVE-2017-8287.patch")))))) - (define-public ttfautohint (package (name "ttfautohint") @@ -385,8 +375,7 @@ applications should be.") (define-public graphite2 (package (name "graphite2") - (version "1.3.9") - (replacement graphite2/fixed) + (version "1.3.10") (source (origin (method url-fetch) @@ -395,7 +384,7 @@ applications should be.") (patches (search-patches "graphite2-ffloat-store.patch")) (sha256 (base32 - "0rs5h7m340z75kygx8d72cps0q6yvvqa9i788vym7585cfv8a0gc")))) + "1bm1rl2ww0m8rvmknh8fpajyz9xqv43qs9qrzf7xd5gaz6rf7zch")))) (build-system cmake-build-system) (native-inputs `(("python" ,python-2) ; because of "import imap" in tests @@ -411,22 +400,6 @@ and returns a sequence of positioned glyphids from the font.") (license license:lgpl2.1+) (home-page "https://github.com/silnrsi/graphite"))) -(define graphite2/fixed - (package - (inherit graphite2) - (name "graphite2") - (replacement #f) - (source - (origin - (method url-fetch) - (uri (let ((version "1.3.10")) - (string-append "https://github.com/silnrsi/graphite/releases/" - "download/" version "/" name "-" version ".tgz"))) - (patches (search-patches "graphite2-ffloat-store.patch")) - (sha256 - (base32 - "1bm1rl2ww0m8rvmknh8fpajyz9xqv43qs9qrzf7xd5gaz6rf7zch")))))) - (define-public potrace (package (name "potrace") diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index 866f8478ff..45b86fcc7e 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -213,7 +213,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC ;; Fix the dynamic linker's file name. (substitute* (find-files "gcc/config" "^(linux|gnu|sysv4)(64|-elf|-eabi)?\\.h$") - (("#define (GLIBC|GNU_USER)_DYNAMIC_LINKER([^ ]*).*$" + (("#define (GLIBC|GNU_USER)_DYNAMIC_LINKER([^ \t]*).*$" _ gnu-user suffix) (format #f "#define ~a_DYNAMIC_LINKER~a \"~a\"~%" gnu-user suffix diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm index f583d1c2c2..2a749e3a6d 100644 --- a/gnu/packages/gettext.scm +++ b/gnu/packages/gettext.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Alex Kost <alezost@gmail.com> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -45,7 +46,13 @@ version ".tar.gz")) (sha256 (base32 - "0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z")))) + "0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z")) + ;; test-lock has performance issues on multi-core machines, + ;; it hangs or takes a long time to complete. + ;; There is one commit in gettext and one commit + ;; in gettext's embedded gnulib to fix this issue. + (patches (search-patches "gettext-multi-core.patch" + "gettext-gnulib-multi-core.patch")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;8 MiB of HTML diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 1cb651c96b..e0ae9bab6f 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com> ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; ;;; This file is part of GNU Guix. ;;; @@ -129,85 +130,98 @@ printing, and psresize, for adjusting page sizes.") (define-public ghostscript (package - (name "ghostscript") - (replacement ghostscript/fixed) - (version "9.14.0") - ;; XXX Try removing the bundled copy of jbig2dec. - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-" - version ".tar.xz")) - (sha256 - (base32 - "0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1")) - (patches (search-patches "ghostscript-CVE-2013-5653.patch" - "ghostscript-CVE-2015-3228.patch" - "ghostscript-CVE-2016-7976.patch" - "ghostscript-CVE-2016-7978.patch" - "ghostscript-CVE-2016-7979.patch" - "ghostscript-CVE-2016-8602.patch" - "ghostscript-runpath.patch")) - (modules '((guix build utils))) - (snippet - ;; Honor --docdir. - '(substitute* "Makefile.in" - (("^docdir=.*$") "docdir = @docdir@\n") - (("^exdir=.*$") "exdir = $(docdir)/examples\n"))))) - (build-system gnu-build-system) - (outputs '("out" "doc")) ;16 MiB of HTML/PS doc + examples - (inputs `(("freetype" ,freetype) - ("lcms" ,lcms) - ("libjpeg-8" ,libjpeg-8) - ("libpng" ,libpng) - ("libpaper" ,libpaper) - ("libtiff" ,libtiff) - ("zlib" ,zlib))) - (native-inputs - `(("perl" ,perl) - ("pkg-config" ,pkg-config) ; needed to find libtiff - ("python" ,python-wrapper) - ("tcl" ,tcl))) - (arguments - `(#:disallowed-references ("doc") - #:phases - (modify-phases %standard-phases - (add-after 'configure 'patch-config-files - (lambda _ - (substitute* "base/all-arch.mak" - (("/bin/sh") (which "sh"))) - (substitute* "base/unixhead.mak" - (("/bin/sh") (which "sh"))))) - (add-after 'configure 'remove-doc-reference - (lambda _ - ;; Don't retain a reference to the 'doc' output in 'gs'. - ;; The only use of this definition is in the output of - ;; 'gs --help', so this change is fine. - (substitute* "base/gscdef.c" - (("GS_DOCDIR") - "\"~/.guix-profile/share/doc/ghostscript\"")))) - (replace 'build + (name "ghostscript") + (version "9.21") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/ArtifexSoftware/" + "ghostpdl-downloads/releases/download/gs" + (string-delete #\. version) + "/ghostscript-" version ".tar.xz")) + (sha256 + (base32 + "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b")) + (patches (search-patches "ghostscript-runpath.patch" + "ghostscript-CVE-2017-8291.patch")) + (modules '((guix build utils))) + (snippet + ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so + ;; we leave it, at least for now. + ;; TODO Try unbundling ijs, which is developed alongside Ghostscript. + '(begin + (for-each delete-file-recursively '("freetype" "jbig2dec" "jpeg" + "lcms2" "libpng" + "tiff" "zlib")))))) + (build-system gnu-build-system) + (outputs '("out" "doc")) ;19 MiB of HTML/PS doc + examples + (arguments + `(#:disallowed-references ("doc") + #:configure-flags + (list "--with-system-libtiff" + "LIBS=-lz" + (string-append "ZLIBDIR=" + (assoc-ref %build-inputs "zlib") "/include") + "--enable-dynamic") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-doc-dir (lambda _ - ;; Build 'libgs.so', but don't build the statically-linked 'gs' - ;; binary (saves 18 MiB). - (zero? (system* "make" "so" "-j" - (number->string (parallel-job-count)))))) - (replace 'install + ;; Honor --docdir. + (substitute* "Makefile.in" + (("^docdir=.*$") "docdir = @docdir@\n") + (("^exdir=.*$") "exdir = $(docdir)/examples\n")) + #t)) + (add-after 'configure 'remove-doc-reference (lambda _ - (zero? (system* "make" "soinstall")))) - (add-after 'install 'create-gs-symlink - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - ;; some programs depend on having a 'gs' binary available - (symlink "gsc" (string-append out "/bin/gs")))))))) - (synopsis "PostScript and PDF interpreter") - (description - "Ghostscript is an interpreter for the PostScript language and the PDF + ;; Don't retain a reference to the 'doc' output in 'gs'. + ;; The only use of this definition is in the output of + ;; 'gs --help', so this change is fine. + (substitute* "base/gscdef.c" + (("GS_DOCDIR") + "\"~/.guix-profile/share/doc/ghostscript\"")) + #t)) + (add-after 'configure 'patch-config-files + (lambda _ + (substitute* "base/unixhead.mak" + (("/bin/sh") (which "sh"))) + #t)) + (replace 'build + (lambda _ + ;; Build 'libgs.so', but don't build the statically-linked 'gs' + ;; binary (saves 22 MiB). + (zero? (system* "make" "so" "-j" + (number->string (parallel-job-count)))))) + (replace 'install + (lambda _ + (zero? (system* "make" "soinstall")))) + (add-after 'install 'create-gs-symlink + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + ;; Some programs depend on having a 'gs' binary available. + (symlink "gsc" (string-append out "/bin/gs")) + #t)))))) + (native-inputs + `(("perl" ,perl) + ("python" ,python-wrapper) + ("tcl" ,tcl))) + (inputs + `(("freetype" ,freetype) + ("jbig2dec" ,jbig2dec) + ("lcms2" ,lcms) + ("libjpeg" ,libjpeg) + ("libpaper" ,libpaper) + ("libpng" ,libpng) + ("libtiff" ,libtiff) + ("zlib" ,zlib))) + (synopsis "PostScript and PDF interpreter") + (description + "Ghostscript is an interpreter for the PostScript language and the PDF file format. It also includes a C library that implements the graphics capabilities of the PostScript language. It supports a wide variety of output file formats and printers.") - (license license:agpl3+) - (home-page "https://www.gnu.org/software/ghostscript/") - (properties '((upstream-name . "gnu-ghostscript"))))) + (home-page "https://www.ghostscript.com/") + (license license:agpl3+))) (define-public ghostscript/x (package/inherit ghostscript @@ -216,28 +230,11 @@ output file formats and printers.") ("libxt" ,libxt) ,@(package-inputs ghostscript))))) -(define ghostscript/fixed - (package - (inherit ghostscript) - (replacement #f) - (source - (origin - (inherit (package-source ghostscript)) - (patches - (append - (origin-patches (package-source ghostscript)) - (search-patches "ghostscript-CVE-2017-8291.patch"))))))) - (define-public ijs (package (name "ijs") - (version "9.14.0") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-" - version ".tar.xz")) - (sha256 (base32 - "0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1")))) + (version (package-version ghostscript)) + (source (package-source ghostscript)) (build-system gnu-build-system) (native-inputs `(("libtool" ,libtool) @@ -245,31 +242,29 @@ output file formats and printers.") ("autoconf" ,autoconf))) (arguments `(#:phases - (alist-cons-after - 'unpack 'autogen - (lambda _ - ;; need to regenerate macros - (system* "autoreconf" "-if") - ;; do not run configure - (substitute* "autogen.sh" - (("^.*\\$srcdir/configure.*") "")) - (system* "bash" "autogen.sh") - - ;; create configure script in ./ijs/ - (chdir "ijs") - ;; do not run configure - (substitute* "autogen.sh" - (("^.*\\$srcdir/configure.*") "") - (("^ + && echo Now type.*$") "")) - (zero? (system* "bash" "autogen.sh"))) - %standard-phases))) + (modify-phases %standard-phases + (add-after 'unpack 'autogen + (lambda _ + ;; need to regenerate macros + (system* "autoreconf" "-if") + ;; do not run configure + (substitute* "autogen.sh" + (("^.*\\$srcdir/configure.*") "")) + (system* "bash" "autogen.sh") + ;; create configure script in ./ijs/ + (chdir "ijs") + ;; do not run configure + (substitute* "autogen.sh" + (("^.*\\$srcdir/configure.*") "") + (("^ + && echo Now type.*$") "")) + (zero? (system* "bash" "autogen.sh"))))))) (synopsis "IJS driver framework for inkjet and other raster devices") (description "IJS is a protocol for transmission of raster page images. This package provides the reference implementation of the raster printer driver architecture.") (license license:expat) - (home-page "https://www.gnu.org/software/ghostscript/"))) + (home-page (package-home-page ghostscript)))) (define-public gs-fonts (package @@ -287,6 +282,10 @@ architecture.") (build-system gnu-build-system) (arguments `(#:tests? #f ; nothing to check, just files to copy + + #:modules ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-1)) #:phases (modify-phases %standard-phases (delete 'configure) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index c1c73f0f74..7f7880429a 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -954,7 +954,6 @@ the GNOME desktop environment.") (define-public libcroco (package (name "libcroco") - (replacement libcroco/fixed) (version "0.6.11") (source (origin (method url-fetch) @@ -963,7 +962,9 @@ the GNOME desktop environment.") name "-" version ".tar.xz")) (sha256 (base32 - "0mm0wldbi40am5qn0nv7psisbg01k42rwzjxl3gv11l5jj554aqk")))) + "0mm0wldbi40am5qn0nv7psisbg01k42rwzjxl3gv11l5jj554aqk")) + (patches (search-patches "libcroco-CVE-2017-7960.patch" + "libcroco-CVE-2017-7961.patch")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -982,19 +983,6 @@ XML/CSS rendering engine.") ;; LGPLv2.1-only. (license license:lgpl2.1))) -(define libcroco/fixed - (package - (inherit libcroco) - (replacement #f) - (source - (origin - (inherit (package-source libcroco)) - (patches - (append - (origin-patches (package-source libcroco)) - (search-patches "libcroco-CVE-2017-7960.patch" - "libcroco-CVE-2017-7961.patch"))))))) - (define-public libgsf (package (name "libgsf") @@ -1031,7 +1019,7 @@ dealing with different structured file formats.") (define-public librsvg (package (name "librsvg") - (version "2.40.16") + (version "2.40.17") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -1039,7 +1027,7 @@ dealing with different structured file formats.") name "-" version ".tar.xz")) (sha256 (base32 - "0bpz6gsq8xi1pb5k9ax6vinph460v14znch3y5yz167s0dmwz2yl")))) + "1k39gyf7f5m9x0jvpcxvfcqswdb04xhm1lbwbjabn1f4xk5wbxp6")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index c2b02789bf..5c04745ff5 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org> -;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org> ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is> @@ -58,7 +58,7 @@ (define-public libgpg-error (package (name "libgpg-error") - (version "1.26") + (version "1.27") (source (origin (method url-fetch) @@ -66,7 +66,7 @@ version ".tar.bz2")) (sha256 (base32 - "0sgfia0syq78k1c9h10rkhc1nfv5v097icrprlx2x4qn074wnjsc")))) + "1li95ni122fzinzlmxbln63nmgij63irxfvi52ws4zfbzv3am4sg")))) (build-system gnu-build-system) (home-page "https://gnupg.org") (synopsis "Library of error values for GnuPG components") @@ -82,14 +82,14 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package (name "libgcrypt") - (version "1.7.6") + (version "1.7.7") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" version ".tar.bz2")) (sha256 (base32 - "1g05prhgqw4ryd0w433q8nhds0h93kf47hfjagi2r7dghkpaysk2")))) + "16ndaj93asw122mwjz172x2ilpm03w1yp5mqcrp3xslk0yx5xf5r")))) (build-system gnu-build-system) (propagated-inputs `(("libgpg-error-host" ,libgpg-error))) diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index dffa2baf30..d250caff4a 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -208,7 +208,7 @@ affine transformation (scale, rotation, shear, etc.).") (define-public pango (package (name "pango") - (version "1.40.3") + (version "1.40.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/pango/" @@ -216,7 +216,7 @@ affine transformation (scale, rotation, shear, etc.).") name "-" version ".tar.xz")) (sha256 (base32 - "1lqi4yncw5q0v7g5makzxyp18g5cksqyld8m1wx0qli8wxf8pfmb")))) + "1j81kmdq2kndayahfck60myd05hj5qd7mixj0w5kchkc8m082x14")))) (build-system gnu-build-system) (propagated-inputs `(("cairo" ,cairo) diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm index 5b85a61c12..bcfbe65aec 100644 --- a/gnu/packages/guile.scm +++ b/gnu/packages/guile.scm @@ -153,7 +153,11 @@ without requiring the source code to be rewritten.") (inputs `(("libffi" ,libffi) ("readline" ,readline) ,@(libiconv-if-needed) - ,@(if (target-mingw?) '() `(("bash" ,bash))))) + + ;; We need Bash when cross-compiling because some of the scripts + ;; in bin/ refer to it. Use 'bash-minimal' because we don't need + ;; an interactive Bash with Readline and all. + ,@(if (target-mingw?) '() `(("bash" ,bash-minimal))))) (propagated-inputs `( ;; These ones aren't normally needed here, but since `libguile-2.0.la' ;; reads `-lltdl -lunistring', adding them here will add the needed @@ -212,14 +216,6 @@ without requiring the source code to be rewritten.") (home-page "https://www.gnu.org/software/guile/") (license license:lgpl3+))) -(define-public guile-2.0/fixed - ;; A package of Guile 2.0 that's rarely changed. It is the one used - ;; in the `base' module, and thus changing it entails a full rebuild. - (package - (inherit guile-2.0) - (properties '((hidden? . #t))) ;people should install 'guile-2.0' - (replacement #f))) - (define-public guile-2.2 (package (inherit guile-2.0) (name "guile") @@ -227,11 +223,14 @@ without requiring the source code to be rewritten.") (replacement #f) (source (origin (method url-fetch) + + ;; Note: we are limited to one of the compression formats + ;; supported by the bootstrap binaries, so no lzip here. (uri (string-append "mirror://gnu/guile/guile-" version - ".tar.lz")) + ".tar.xz")) (sha256 (base32 - "1dnh75h4rkx1zflpsngznkwcd6afn6zrc5x3xq7n946pm5bnx5bq")) + "1azm25zcmxif0skxfrp11d2wc89nrzpjaann9yxdw6pvjxhs948w")) (modules '((guix build utils))) ;; Remove the pre-built object files. Instead, build everything @@ -250,6 +249,14 @@ without requiring the source code to be rewritten.") (files '("lib/guile/2.2/site-ccache" "share/guile/site/2.2"))))))) +(define-public guile-2.2/fixed + ;; A package of Guile 2.2 that's rarely changed. It is the one used + ;; in the `base' module, and thus changing it entails a full rebuild. + (package + (inherit guile-2.2) + (properties '((hidden? . #t))) ;people should install 'guile-2.2' + (replacement #f))) + (define-public guile-next (deprecated-package "guile-next" guile-2.2)) diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index 3e96520054..3461285850 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -33,7 +33,6 @@ (package (name "icu4c") (version "58.2") - (replacement icu4c/fixed) (source (origin (method url-fetch) (uri (string-append @@ -42,6 +41,9 @@ "/icu4c-" (string-map (lambda (x) (if (char=? x #\.) #\_ x)) version) "-src.tgz")) + (patches + (search-patches "icu4c-CVE-2017-7867-CVE-2017-7868.patch" + "icu4c-reset-keyword-list-iterator.patch")) (sha256 (base32 "036shcb3f8bm1lynhlsb4kpjm9s9c2vdiir01vg216rs2l8482ib")))) (build-system gnu-build-system) @@ -68,16 +70,6 @@ C/C++ part.") (license x11) (home-page "http://site.icu-project.org/"))) -(define icu4c/fixed - (package - (inherit icu4c) - (replacement #f) - (source (origin - (inherit (package-source icu4c)) - (patches - (search-patches "icu4c-CVE-2017-7867-CVE-2017-7868.patch" - "icu4c-reset-keyword-list-iterator.patch")))))) - (define-public java-icu4j (package (name "java-icu4j") diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index f6337e0fc2..da05c64545 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -67,7 +67,7 @@ (define-public libpng (package (name "libpng") - (version "1.6.28") + (version "1.6.29") (source (origin (method url-fetch) (uri (list (string-append "mirror://sourceforge/libpng/libpng16/" @@ -79,7 +79,8 @@ "ftp://ftp.simplesystems.org/pub/libpng/png/src/history" "/libpng16/libpng-" version ".tar.xz"))) (sha256 - (base32 "0ylgyx93hnk38haqrh8prd3ax5ngzwvjqw5cxw7p9nxmwsfyrlyq")))) + (base32 + "0fgjqp7x6jynacmqh6dj72cn6nnf6yxjfqqqfsxrx0pyx22bcia2")))) (build-system gnu-build-system) ;; libpng.la says "-lz", so propagate it. @@ -335,31 +336,14 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") - (replacement libtiff-4.0.8) - (version "4.0.7") + (version "4.0.8") (source (origin (method url-fetch) (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" version ".tar.gz")) - (patches (search-patches "libtiff-heap-overflow-tiffcp.patch" - "libtiff-null-dereference.patch" - "libtiff-heap-overflow-tif-dirread.patch" - "libtiff-heap-overflow-pixarlog-luv.patch" - "libtiff-divide-by-zero.patch" - "libtiff-divide-by-zero-ojpeg.patch" - "libtiff-tiffcp-underflow.patch" - "libtiff-invalid-read.patch" - "libtiff-CVE-2016-10092.patch" - "libtiff-heap-overflow-tiffcrop.patch" - "libtiff-divide-by-zero-tiffcrop.patch" - "libtiff-CVE-2016-10093.patch" - "libtiff-divide-by-zero-tiffcp.patch" - "libtiff-assertion-failure.patch" - "libtiff-CVE-2016-10094.patch" - "libtiff-CVE-2017-5225.patch")) (sha256 (base32 - "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz")))) + "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.3 MiB of HTML documentation @@ -384,19 +368,6 @@ collection of tools for doing simple manipulations of TIFF images.") "See COPYRIGHT in the distribution.")) (home-page "http://www.simplesystems.org/libtiff/"))) -(define libtiff-4.0.8 - (package - (inherit libtiff) - (version "4.0.8") - (source - (origin - (method url-fetch) - (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" - version ".tar.gz")) - (sha256 - (base32 - "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr")))))) - (define-public libwmf (package (name "libwmf") diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index 6be7c82bc0..e40ddb2bb2 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org> ;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -42,7 +43,7 @@ (define-public mit-krb5 (package (name "mit-krb5") - (version "1.14.4") + (version "1.15.1") (source (origin (method url-fetch) (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/" @@ -50,20 +51,13 @@ "/krb5-" version ".tar.gz")) (sha256 (base32 - "158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3")))) + "0igbi5d095c2hgpn2cixpc4q2ij8vgg2bx7yjfly5zfmvlqqhz23")))) (build-system gnu-build-system) (native-inputs `(("bison" ,bison) ("perl" ,perl))) (arguments - `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h', - ;; needed by 'authgss_prot.so'." - #:parallel-build? #f - - ;; Likewise with tests. - #:parallel-tests? #f - - ;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call + `(;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call ;; while running the tests in 'src/tests'. #:tests? ,(string=? (%current-system) "x86_64-linux") diff --git a/gnu/packages/ld-wrapper.in b/gnu/packages/ld-wrapper.in index ebfd8332c4..82bd2196cf 100644 --- a/gnu/packages/ld-wrapper.in +++ b/gnu/packages/ld-wrapper.in @@ -15,7 +15,7 @@ main="(@ (gnu build-support ld-wrapper) ld-wrapper)" exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)))" "$@" !# ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -35,6 +35,7 @@ exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)) (define-module (gnu build-support ld-wrapper) #:use-module (srfi srfi-1) #:use-module (ice-9 match) + #:autoload (ice-9 rdelim) (read-string) #:export (ld-wrapper)) ;;; Commentary: @@ -222,9 +223,44 @@ impure library ~s~%" '() library-files)) +(define (expand-arguments args) + ;; Expand ARGS such that "response file" arguments, such as "@args.txt", are + ;; expanded (info "(gcc) Overall Options"). + (define (response-file-arguments file) + (when %debug? + (format (current-error-port) + "ld-wrapper: attempting to read arguments from '~a'~%" file)) + + ;; FIXME: Options can contain whitespace if they are protected by single + ;; or double quotes; this is not implemented here. + (string-tokenize (call-with-input-file file read-string))) + + (define result + (fold-right (lambda (arg result) + (if (string-prefix? "@" arg) + (let ((file (string-drop arg 1))) + (append (catch 'system-error + (lambda () + (response-file-arguments file)) + (lambda args + ;; FILE doesn't exist or cannot be read so + ;; leave ARG as is. + (list arg))) + result)) + (cons arg result))) + '() + args)) + + ;; If there are "@" arguments in RESULT *and* we can expand them (they don't + ;; refer to nonexistent files), then recurse. + (if (equal? result args) + result + (expand-arguments result))) + (define (ld-wrapper . args) ;; Invoke the real `ld' with ARGS, augmented with `-rpath' switches. - (let* ((path (library-search-path args)) + (let* ((args (expand-arguments args)) + (path (library-search-path args)) (libs (library-files-linked args path)) (args (append args (rpath-arguments libs)))) (when %debug? diff --git a/gnu/packages/libffi.scm b/gnu/packages/libffi.scm index 13938f7ee8..16475affe6 100644 --- a/gnu/packages/libffi.scm +++ b/gnu/packages/libffi.scm @@ -42,7 +42,8 @@ name "-" version ".tar.gz")) (sha256 (base32 - "0dya49bnhianl0r65m65xndz6ls2jn1xngyn72gd28ls3n7bnvnh")))) + "0dya49bnhianl0r65m65xndz6ls2jn1xngyn72gd28ls3n7bnvnh")) + (patches (search-patches "libffi-3.2.1-complex-alpha.patch")))) (build-system gnu-build-system) (arguments `(#:phases (alist-cons-after 'install 'post-install ,post-install-phase diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm index da6c7efb6f..fc91fe263e 100644 --- a/gnu/packages/libidn.scm +++ b/gnu/packages/libidn.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012 Andreas Enge <andreas@enge.fr> -;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; ;;; This file is part of GNU Guix. @@ -20,6 +20,7 @@ (define-module (gnu packages libidn) #:use-module (gnu packages) + #:use-module (gnu packages compression) #:use-module (gnu packages libunistring) #:use-module (guix licenses) #:use-module (guix packages) @@ -53,42 +54,19 @@ Java libraries.") (define-public libidn2 (package (name "libidn2") - (version "0.16") + (version "2.0.2") (source (origin (method url-fetch) - (uri (string-append "ftp://alpha.gnu.org/gnu/libidn/libidn2-" - version ".tar.gz")) + (uri (string-append "mirror://gnu/libidn/" name "-" version + ".tar.lz")) (sha256 (base32 - "13v8kh4d5nfkymai88zlw3h7k4x9khrpdpv97waf4ah8ykzrxb9g")))) - ;; XXX: Make sure to remove the 'create-pkg-config' phase - ;; below when this package is updated to >= 0.17. + "0pqaj8d01aj4i110669fincqs10kgynyqcrmq2q7pss8v9dcd1jq")))) + (native-inputs + `(("lzip" ,lzip))) (inputs `(("libunistring" ,libunistring))) (build-system gnu-build-system) - (arguments - `(#:phases - (modify-phases %standard-phases - (add-after 'install 'create-pkgconfig-file - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (pkgconfig (string-append out "/lib/pkgconfig"))) - (mkdir-p pkgconfig) - (call-with-output-file (string-append pkgconfig "/libidn2.pc") - (lambda (port) - (format port "prefix=~a -exec_prefix=${prefix} -libdir=${exec_prefix}/lib -includedir=${prefix}/include - -Name: Libidn2 -Description: Library implementing IDNA2008 and TR46 -Version: ~a -Libs: -L${libdir} -lidn2 -Cflags: -I${includedir} -" - out ,version))) - #t)))))) (synopsis "Internationalized domain name library for IDNA2008") (description "Libidn2 is an internationalized domain library implementing the IDNA2008 specifications. Libidn2 is believed to be a complete IDNA2008 diff --git a/gnu/packages/libsigsegv.scm b/gnu/packages/libsigsegv.scm index 41e7345351..2a44819820 100644 --- a/gnu/packages/libsigsegv.scm +++ b/gnu/packages/libsigsegv.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -25,14 +26,14 @@ (define-public libsigsegv (package (name "libsigsegv") - (version "2.10") + (version "2.11") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/libsigsegv/libsigsegv-" version ".tar.gz")) (sha256 - (base32 "16hrs8k3nmc7a8jam5j1fpspd6sdpkamskvsdpcw6m29vnis8q44")))) + (base32 "063swdvq7mbmc1clv0rnh20grwln1zfc2qnm0sa1hivcxyr2wz6x")))) (build-system gnu-build-system) (home-page "https://www.gnu.org/software/libsigsegv/") (synopsis "Library for handling page faults") @@ -44,12 +45,12 @@ ;; linux-libre-headers-cross-mips64el-linux-gnu-3.3.8/include/asm/sigcontext.h:57:8: error: redefinition of 'struct sigcontext' (if (string-contains (or (%current-target-system) (%current-system)) "mips64el") - `(#:phases (alist-cons-before - 'configure 'patch-mips-old-h - (lambda _ - (substitute* "src/fault-linux-mips-old.h" - (("#include <asm/sigcontext\\.h>") ""))) - %standard-phases)) + `(#:phases (modify-phases %standard-phases + (add-before 'configure 'patch-mips-old-h + (lambda _ + (substitute* "src/fault-linux-mips-old.h" + (("#include <asm/sigcontext\\.h>") "")) + #t)))) '())) (description "GNU libsigsegv is a library to handle page faults, which occur when a diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm index 212bec4b49..df02f68cea 100644 --- a/gnu/packages/libunistring.scm +++ b/gnu/packages/libunistring.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> +;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,6 +25,7 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix build-system gnu) + #:use-module (gnu packages) #:use-module (gnu packages base)) (define-public libunistring @@ -37,7 +39,11 @@ version ".tar.xz")) (sha256 (base32 - "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf")))) + "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf")) + ;; test-lock has performance issues on multi-core machines, + ;; it hangs or takes a long time to complete. + ;; This is a commit from gnulib to fix this issue. + (patches (search-patches "libunistring-gnulib-multi-core.patch")))) (propagated-inputs (libiconv-if-needed)) (build-system gnu-build-system) (arguments diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index d085e8f6f7..5a3490fdf1 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -494,7 +494,7 @@ providing the system administrator with some help in common tasks.") (define-public util-linux (package (name "util-linux") - (version "2.29.2") + (version "2.30") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/linux/utils/" @@ -502,7 +502,7 @@ providing the system administrator with some help in common tasks.") name "-" version ".tar.xz")) (sha256 (base32 - "1qz81w8vzrmy8xn9yx7ls4amkbgwx6vr62pl6kv9g7r0g3ba9kmc")) + "13d0ax8bcapga8phj2nclx86w57ddqxbr98ajibpzjq6d7zs8262")) (patches (search-patches "util-linux-tests.patch")) (modules '((guix build utils))) (snippet diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 88a46f8e9b..16896502ea 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -1835,7 +1835,7 @@ implemented in ANSI C, and MPI for communications.") (build-system gnu-build-system) (inputs `(("zlib" ,zlib) - ("flex" ,flex-2.6.1) ; A bug in flex prevents building with flex-2.6.3. + ("flex" ,flex) ("bison" ,bison))) (arguments `(#:phases diff --git a/gnu/packages/netpbm.scm b/gnu/packages/netpbm.scm index cd0c3d950d..c7be4b13e0 100644 --- a/gnu/packages/netpbm.scm +++ b/gnu/packages/netpbm.scm @@ -36,7 +36,7 @@ (define-public netpbm (package (name "netpbm") - (version "10.61.01") + (version "10.78.3") (source (origin (method svn-fetch) ;; At the time of first packaging, the "super-stable" and @@ -48,10 +48,10 @@ ;; To determine the correct release: "svn log version.mk". (uri (svn-reference (url "http://svn.code.sf.net/p/netpbm/code/advanced") - (revision 1832))) + (revision 2965))) (sha256 (base32 - "1mj1pqq18yj0yb6l24zfjls7axhqmiv0pvcaabl5xvc4a0dm543j")) + "1k7as9qi1942wyjxpvbf02wg0h4braw44m3m3vvi8sm9y5z1m967")) (file-name (string-append name "-" version "-checkout")) (modules '((guix build utils))) (snippet @@ -124,8 +124,8 @@ (let ((rgb (string-append (assoc-ref inputs "xorg-rgb") "/share/X11/rgb.txt"))) - (substitute* "pm_config.in.h" - (("/usr/share/X11/rgb.txt") rgb)) + (substitute* "config.mk" + (("/usr/share/netpbm/rgb.txt") rgb)) ;; Our Ghostscript no longer provides the 'gs' command, only ;; 'gsc', so look for that instead. @@ -146,7 +146,15 @@ (("all-in-place.test") "") (("pnmpsnr.test") "") (("pnmremap1.test") "") - (("gif-roundtrip.test") "")) + (("gif-roundtrip.test") "") + + ;; These two tests started failing in netpbm-10.78.3. + (("jpeg-roundtrip.test") "") + (("pbmtext.test") "") + + ;; Skip tests that use nonfree programs that we don't build. + (("ps-alt-roundtrip.test") "" ) + (("pbm-misc-converters.test") "")) #t)) (replace 'install (lambda* (#:key outputs make-flags #:allow-other-keys) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 12e1f9e6c0..eb3a15e080 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -248,7 +248,7 @@ (base32 "1giy2aprjmn5fp9c4s9r125fljw4wv6ixy5739i5bffw4jgr0f9r")))))) (propagated-inputs - `(("gnutls" ,gnutls/guile-2.2) ;for 'guix download' & co. + `(("gnutls" ,gnutls) ("guile-json" ,guile-json) ("guile-ssh" ,guile-ssh))) @@ -274,7 +274,7 @@ the Nix package manager.") `(("guile" ,guile-2.0) ,@(alist-delete "guile" (package-inputs guix)))) (propagated-inputs - `(("gnutls" ,gnutls) + `(("gnutls" ,gnutls/guile-2.0) ("guile-json" ,guile2.0-json) ("guile-ssh" ,guile2.0-ssh))))) diff --git a/gnu/packages/patches/binutils-mips-bash-bug.patch b/gnu/packages/patches/binutils-mips-bash-bug.patch deleted file mode 100644 index 08d3a79749..0000000000 --- a/gnu/packages/patches/binutils-mips-bash-bug.patch +++ /dev/null @@ -1,22 +0,0 @@ -Bash 4.2.0(1)-release, which we use during bootstrap, does not yield the -"x" case in: - - case x"$EMULATION_NAME" in x) ;; *) ;; esac - -when 'EMULATION_NAME' is undefined. Bash 4.3.30(1)-release doesn't have this -problem. Work around it. - -This Bash bug was fixed -in <http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-007>. - ---- a/ld/emulparams/elf32bmipn32-defs.sh -+++ b/ld/emulparams/elf32bmipn32-defs.sh -@@ -13,7 +13,7 @@ LITTLE_OUTPUT_FORMAT="elf32-littlemips" - TEMPLATE_NAME=elf32 - EXTRA_EM_FILE=mipself - --case x"$EMULATION_NAME" in -+case "x$EMULATION_NAME" in - xelf32*n32*) ELFSIZE=32 ;; - xelf64*) ELFSIZE=64 ;; - x) ;; diff --git a/gnu/packages/patches/coreutils-cut-huge-range-test.patch b/gnu/packages/patches/coreutils-cut-huge-range-test.patch index 0be2cef2b8..e3a0ef28eb 100644 --- a/gnu/packages/patches/coreutils-cut-huge-range-test.patch +++ b/gnu/packages/patches/coreutils-cut-huge-range-test.patch @@ -1,22 +1,33 @@ This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our -the build environment chroot, as reported at <https://bugs.gnu.org/26253>. -It is a followup to this upstream patch: +the build environment chroot, as reported at <https://bugs.gnu.org/26253>, +and now on x86_64-linux-gnu as well. It is a variant of this upstream patch: - commit 28803c8a3144d5d4363cdbd148bbe067af1a67c2 - Author: Pádraig Brady <P@draigBrady.com> - Date: Fri Mar 3 00:25:54 2017 -0800 + commit f5422009389678680dba9ff4ecb7d33632ee3383 + Author: Ludovic Courtès <ludo@gnu.org> + Date: Mon Mar 27 20:34:39 2017 -0700 - tests: avoid a spurious failure on older debian + tests: avoid false ulimit failure on some systems + + * tests/misc/cut-huge-range.sh: On some systems returns_ may + use more memory, so incorporate that in the determination + of the ulimit value to use. Noticed on ARMv7 with bash-4.4.12, + and x86_64 with bash-4.2.37. + Fixes http://bugs.gnu.org/26253 ... which appeared to be insufficient. +diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh +index 6b3c5b6ed..55b7b640e 100755 --- a/tests/misc/cut-huge-range.sh +++ b/tests/misc/cut-huge-range.sh -@@ -22,6 +22,7 @@ getlimits_ +@@ -20,9 +20,9 @@ + print_ver_ cut + getlimits_ - vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \ +-vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \ ++vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \ || skip_ "this shell lacks ulimit support" -+vm=$(($vm + $(getconf PAGESIZE))) # avoid spurious failures + vm=$(($vm + 1000)) # avoid spurious failures # sed script to subtract one from the input. # Each input line should consist of a positive decimal number. diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch deleted file mode 100644 index 3f0d35c33e..0000000000 --- a/gnu/packages/patches/coreutils-fix-cross-compilation.patch +++ /dev/null @@ -1,15 +0,0 @@ -Coreutils fails to cross compile for other platforms because cu_install_program -is not being evaluated properly. This patch fixes it. -See <https://lists.gnu.org/archive/html/coreutils/2017-01/msg00039.html> ---- a/Makefile.in -+++ b/Makefile.in -@@ -5023,7 +5023,7 @@ pr = progs-readme - @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall - - # Use the just-built 'ginstall', when not cross-compiling. --@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@ -+@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@ - info_TEXINFOS = doc/coreutils.texi - doc_coreutils_TEXINFOS = \ - doc/perm.texi \ - diff --git a/gnu/packages/patches/findutils-gnulib-multi-core.patch b/gnu/packages/patches/findutils-gnulib-multi-core.patch new file mode 100644 index 0000000000..5a37f4f1f9 --- /dev/null +++ b/gnu/packages/patches/findutils-gnulib-multi-core.patch @@ -0,0 +1,294 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib +by Bruno Haible <bruno@clisp.org>. + +diff --git a/tests/test-lock.c b/tests/test-lock.c +index a992f64..fb18dee 100644 +--- a/tests/test-lock.c ++++ b/tests/test-lock.c +@@ -1,5 +1,5 @@ + /* Test of locking in multithreaded situations. +- Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc. ++ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -50,6 +50,28 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a semaphore or a lock is used to protect ++ these variables. If set to 1, 'volatile' is used; this is theoretically ++ equivalent but can lead to much slower execution (e.g. 30x slower total ++ run time on a 40-core machine), because 'volatile' does not imply any ++ synchronization/communication between different CPUs. */ ++#define USE_VOLATILE 0 ++ ++#if USE_POSIX_THREADS && HAVE_SEMAPHORE_H ++/* Whether to use a semaphore to communicate information between threads. ++ If set to 0, a lock is used. If set to 1, a semaphore is used. ++ Uncomment this to reduce the dependencies of this test. */ ++# define USE_SEMAPHORE 1 ++/* Mac OS X provides only named semaphores (sem_open); its facility for ++ unnamed semaphores (sem_init) does not work. */ ++# if defined __APPLE__ && defined __MACH__ ++# define USE_NAMED_SEMAPHORE 1 ++# else ++# define USE_UNNAMED_SEMAPHORE 1 ++# endif ++#endif ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -90,6 +112,12 @@ + + #include "glthread/thread.h" + #include "glthread/yield.h" ++#if USE_SEMAPHORE ++# include <errno.h> ++# include <fcntl.h> ++# include <semaphore.h> ++# include <unistd.h> ++#endif + + #if ENABLE_DEBUGGING + # define dbgprintf printf +@@ -103,6 +131,132 @@ + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#elif USE_SEMAPHORE ++/* This atomic_int implementation can only support the values 0 and 1. ++ It is initially 0 and can be set to 1 only once. */ ++# if USE_UNNAMED_SEMAPHORE ++struct atomic_int { ++ sem_t semaphore; ++}; ++#define atomic_int_semaphore(ai) (&(ai)->semaphore) ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ sem_init (&ai->semaphore, 0, 0); ++} ++# endif ++# if USE_NAMED_SEMAPHORE ++struct atomic_int { ++ sem_t *semaphore; ++}; ++#define atomic_int_semaphore(ai) ((ai)->semaphore) ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ sem_t *s; ++ unsigned int count; ++ for (count = 0; ; count++) ++ { ++ char name[80]; ++ /* Use getpid() in the name, so that different processes running at the ++ same time will not interfere. Use ai in the name, so that different ++ atomic_int in the same process will not interfere. Use a count in ++ the name, so that even in the (unlikely) case that a semaphore with ++ the specified name already exists, we can try a different name. */ ++ sprintf (name, "test-lock-%lu-%p-%u", ++ (unsigned long) getpid (), ai, count); ++ s = sem_open (name, O_CREAT | O_EXCL, 0600, 0); ++ if (s == SEM_FAILED) ++ { ++ if (errno == EEXIST) ++ /* Retry with a different name. */ ++ continue; ++ else ++ { ++ perror ("sem_open failed"); ++ abort (); ++ } ++ } ++ else ++ { ++ /* Try not to leave a semaphore hanging around on the file system ++ eternally, if we can avoid it. */ ++ sem_unlink (name); ++ break; ++ } ++ } ++ ai->semaphore = s; ++} ++# endif ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ if (sem_trywait (atomic_int_semaphore (ai)) == 0) ++ { ++ if (sem_post (atomic_int_semaphore (ai))) ++ abort (); ++ return 1; ++ } ++ else if (errno == EAGAIN) ++ return 0; ++ else ++ abort (); ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ if (new_value == 0) ++ /* It's already initialized with 0. */ ++ return; ++ /* To set the value 1: */ ++ if (sem_post (atomic_int_semaphore (ai))) ++ abort (); ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -170,12 +324,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -200,7 +354,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -210,7 +365,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -254,12 +409,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -284,7 +439,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -295,7 +451,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -356,12 +512,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -386,7 +542,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -396,7 +553,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/freetype-CVE-2017-8105.patch b/gnu/packages/patches/freetype-CVE-2017-8105.patch deleted file mode 100644 index 1891c4ab5f..0000000000 --- a/gnu/packages/patches/freetype-CVE-2017-8105.patch +++ /dev/null @@ -1,56 +0,0 @@ -Fix CVE-2017-8105: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105 -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 - -Patch copied from upstream source repository: - -https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 - -From f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <wl@gnu.org> -Date: Fri, 24 Mar 2017 09:15:10 +0100 -Subject: [PATCH] [psaux] Better protect `flex' handling. - -Reported as - - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 - -* src/psaux/t1decode.c (t1_decoder_parse_charstrings) -<callothersubr>: Since there is not a single flex operator but a -series of subroutine calls, malformed fonts can call arbitrary other -operators after the start of a flex, possibly adding points. For -this reason we have to check the available number of points before -inserting a point. ---- - ChangeLog | 15 +++++++++++++++ - src/psaux/t1decode.c | 9 +++++++++ - 2 files changed, 24 insertions(+) - -diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c -index af7b465e..7dd45135 100644 ---- a/src/psaux/t1decode.c -+++ b/src/psaux/t1decode.c -@@ -780,10 +780,19 @@ - /* point without adding any point to the outline */ - idx = decoder->num_flex_vectors++; - if ( idx > 0 && idx < 7 ) -+ { -+ /* in malformed fonts it is possible to have other */ -+ /* opcodes in the middle of a flex (which don't */ -+ /* increase `num_flex_vectors'); we thus have to */ -+ /* check whether we can add a point */ -+ if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) ) -+ goto Syntax_Error; -+ - t1_builder_add_point( builder, - x, - y, - (FT_Byte)( idx == 3 || idx == 6 ) ); -+ } - } - break; - --- -2.12.2 - diff --git a/gnu/packages/patches/freetype-CVE-2017-8287.patch b/gnu/packages/patches/freetype-CVE-2017-8287.patch deleted file mode 100644 index d1145a87ee..0000000000 --- a/gnu/packages/patches/freetype-CVE-2017-8287.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fix CVE-2017-8287: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287 -https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941 - -Patch copied from upstream source repository: -https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0 - -From 3774fc08b502c3e685afca098b6e8a195aded6a0 Mon Sep 17 00:00:00 2001 -From: Werner Lemberg <wl@gnu.org> -Date: Sun, 26 Mar 2017 08:32:09 +0200 -Subject: [PATCH] * src/psaux/psobjs.c (t1_builder_close_contour): Add safety - guard. - -Reported as - - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941 ---- - ChangeLog | 8 ++++++++ - src/psaux/psobjs.c | 8 ++++++++ - 2 files changed, 16 insertions(+) - -diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c -index d18e821a..0baf8368 100644 ---- a/src/psaux/psobjs.c -+++ b/src/psaux/psobjs.c -@@ -1718,6 +1718,14 @@ - first = outline->n_contours <= 1 - ? 0 : outline->contours[outline->n_contours - 2] + 1; - -+ /* in malformed fonts it can happen that a contour was started */ -+ /* but no points were added */ -+ if ( outline->n_contours && first == outline->n_points ) -+ { -+ outline->n_contours--; -+ return; -+ } -+ - /* We must not include the last point in the path if it */ - /* is located on the first point. */ - if ( outline->n_points > 1 ) --- -2.12.2 - diff --git a/gnu/packages/patches/gettext-gnulib-multi-core.patch b/gnu/packages/patches/gettext-gnulib-multi-core.patch new file mode 100644 index 0000000000..5ccdbe4ca1 --- /dev/null +++ b/gnu/packages/patches/gettext-gnulib-multi-core.patch @@ -0,0 +1,178 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib +by Bruno Haible <bruno@clisp.org>. + +diff --git a/gettext-tools/gnulib-tests/test-lock.c b/gettext-tools/gnulib-tests/test-lock.c +index cb734b4e6..aa6de2739 100644 +--- a/gettext-tools/gnulib-tests/test-lock.c ++++ b/gettext-tools/gnulib-tests/test-lock.c +@@ -50,6 +50,13 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a lock is used to protect these variables. ++ If set to 1, 'volatile' is used; this is theoretically equivalent but can ++ lead to much slower execution (e.g. 30x slower total run time on a 40-core ++ machine. */ ++#define USE_VOLATILE 0 ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -103,6 +110,51 @@ + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -200,7 +252,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -210,7 +263,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -284,7 +337,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -295,7 +349,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -386,7 +440,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -396,7 +451,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/gettext-multi-core.patch b/gnu/packages/patches/gettext-multi-core.patch new file mode 100644 index 0000000000..31a378cfd0 --- /dev/null +++ b/gnu/packages/patches/gettext-multi-core.patch @@ -0,0 +1,185 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 1afbcb06fded2a427b761dd1615b1e48e1e853cc in Gettext +by Bruno Haible <bruno@clisp.org>. + +diff --git a/gettext-runtime/tests/test-lock.c b/gettext-runtime/tests/test-lock.c +index d279d1d60..51cec3d6b 100644 +--- a/gettext-runtime/tests/test-lock.c ++++ b/gettext-runtime/tests/test-lock.c +@@ -1,5 +1,5 @@ + /* Test of locking in multithreaded situations. +- Copyright (C) 2005, 2008-2016 Free Software Foundation, Inc. ++ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by +@@ -50,6 +50,13 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a lock is used to protect these variables. ++ If set to 1, 'volatile' is used; this is theoretically equivalent but can ++ lead to much slower execution (e.g. 30x slower total run time on a 40-core ++ machine. */ ++#define USE_VOLATILE 0 ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -214,6 +221,51 @@ static inline void * gl_thread_self_pointer (void) + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -281,12 +333,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -311,7 +363,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -321,7 +374,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -365,12 +418,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -395,7 +448,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -406,7 +460,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -467,12 +521,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -497,7 +551,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -507,7 +562,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch b/gnu/packages/patches/ghostscript-CVE-2013-5653.patch deleted file mode 100644 index 622266b176..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch +++ /dev/null @@ -1,85 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 - -From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Sat, 5 Mar 2016 14:56:03 -0800 -Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER - ---- - Resource/Init/gs_init.ps | 2 ++ - psi/zfile.c | 36 ++++++++++++++++++++---------------- - 2 files changed, 22 insertions(+), 16 deletions(-) - -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index fa33d88..99888ac 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2018,6 +2018,7 @@ readonly def - - /.locksafe { - .locksafe_userparams -+ systemdict /getenv {pop //false} put - % setpagedevice has the side effect of clearing the page, but - % we will just document that. Using setpagedevice keeps the device - % properties and pagedevice .LockSafetyParams in agreement even -@@ -2036,6 +2037,7 @@ readonly def - %% - /.locksafeglobal { - .locksafe_userparams -+ systemdict /getenv {pop //false} put - % setpagedevice has the side effect of clearing the page, but - % we will just document that. Using setpagedevice keeps the device - % properties and pagedevice .LockSafetyParams in agreement even -diff --git a/psi/zfile.c b/psi/zfile.c -index 320ecd5..0b9f299 100644 ---- a/psi/zfile.c -+++ b/psi/zfile.c -@@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p) - - if (len < devlen) - return_error(e_rangecheck); /* not even room for device len */ -- memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); -- code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, -- len - devlen); -- if (code == ~(uint) 0) { /* all done */ -- esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ -- return o_pop_estack; -- } else if (code > len) /* overran string */ -- return_error(e_rangecheck); -- else { -- push(1); -- ref_assign(op, pscratch); -- r_set_size(op, code + devlen); -- push_op_estack(file_continue); /* come again */ -- *++esp = pscratch[2]; /* proc */ -- return o_push_estack; -- } -+ -+ do { -+ memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); -+ code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, -+ len - devlen); -+ if (code == ~(uint) 0) { /* all done */ -+ esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ -+ return o_pop_estack; -+ } else if (code > len) /* overran string */ -+ return_error(e_rangecheck); -+ else if (iodev != iodev_default(imemory) -+ || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) { -+ push(1); -+ ref_assign(op, pscratch); -+ r_set_size(op, code + devlen); -+ push_op_estack(file_continue); /* come again */ -+ *++esp = pscratch[2]; /* proc */ -+ return o_push_estack; -+ } -+ } while(1); - } - /* Cleanup procedure for enumerating files */ - static int --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch b/gnu/packages/patches/ghostscript-CVE-2015-3228.patch deleted file mode 100644 index c19fdb1d43..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch +++ /dev/null @@ -1,32 +0,0 @@ -The file names in the upstream patch below were modified to apply to GNU -ghostscript. - -From 0c0b0859ae1aba64861599f0e7f74f143f305932 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Tue, 7 Jul 2015 16:57:41 +0100 -Subject: [PATCH] Bug 696041: sanity check for memory allocation. - -In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the -variable holding the actual number of bytes we allocate. - -No cluster differences ---- - gs/base/gsmalloc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/base/gsmalloc.c b/base/gsmalloc.c -index 624552d..cad79c2 100644 ---- a/base/gsmalloc.c -+++ b/base/gsmalloc.c -@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname) - } else { - uint added = size + sizeof(gs_malloc_block_t); - -- if (mmem->limit - added < mmem->used) -+ if (added <= size || mmem->limit - added < mmem->used) - set_msg("exceeded limit"); - else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0) - set_msg("failed"); --- -2.4.6 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch b/gnu/packages/patches/ghostscript-CVE-2016-7976.patch deleted file mode 100644 index 0a09f89016..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch +++ /dev/null @@ -1,185 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d - -From 6d444c273da5499a4cd72f21cb6d4c9a5256807d Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 5 Oct 2016 09:55:55 +0100 -Subject: [PATCH] Bug 697178: Add a file permissions callback - -For the rare occasions when the graphics library directly opens a file -(currently for reading), this allows us to apply any restrictions on -file access normally applied in the interpteter. ---- - base/gsicc_manage.c | 10 ++++++---- - base/gslibctx.c | 12 +++++++++++- - base/gslibctx.h | 7 +++++++ - psi/imain.c | 2 ++ - psi/int.mak | 2 +- - psi/zfile.c | 19 +++++++++++++++++++ - psi/zfile.h | 7 +++++++ - 7 files changed, 53 insertions(+), 6 deletions(-) - -diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c -index 931c2a6..e9c09c3 100644 ---- a/base/gsicc_manage.c -+++ b/base/gsicc_manage.c -@@ -1028,10 +1028,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc, - } - - /* First just try it like it is */ -- str = sfopen(pname, "rb", mem_gc); -- if (str != NULL) { -- *strp = str; -- return 0; -+ if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) { -+ str = sfopen(pname, "rb", mem_gc); -+ if (str != NULL) { -+ *strp = str; -+ return 0; -+ } - } - - /* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */ -diff --git a/base/gslibctx.c b/base/gslibctx.c -index eaa0458..37ce1ca 100644 ---- a/base/gslibctx.c -+++ b/base/gslibctx.c -@@ -121,7 +121,7 @@ int gs_lib_ctx_init( gs_memory_t *mem ) - mem->gs_lib_ctx = NULL; - return -1; - } -- -+ pio->client_check_file_permission = NULL; - gp_get_realtime(pio->real_time_0); - - return 0; -@@ -262,3 +262,13 @@ void errflush(const gs_memory_t *mem) - fflush(mem->gs_lib_ctx->fstderr); - /* else nothing to flush */ - } -+ -+int -+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission) -+{ -+ int code = 0; -+ if (mem->gs_lib_ctx->client_check_file_permission != NULL) { -+ code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission); -+ } -+ return code; -+} -diff --git a/base/gslibctx.h b/base/gslibctx.h -index 7a4e110..020e2d9 100644 ---- a/base/gslibctx.h -+++ b/base/gslibctx.h -@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server; - # define gs_font_dir_DEFINED - typedef struct gs_font_dir_s gs_font_dir; - #endif -+ -+typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission); -+ - typedef struct gs_lib_ctx_s - { - gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */ -@@ -59,6 +62,7 @@ typedef struct gs_lib_ctx_s - bool dict_auto_expand; /* ps dictionary: false level 1 true level 2 or 3 */ - /* A table of local copies of the IODevices */ - struct gx_io_device_s **io_device_table; -+ client_check_file_permission_t client_check_file_permission; - /* Define the default value of AccurateScreens that affects setscreen - and setcolorscreen. */ - bool screen_accurate_screens; -@@ -108,6 +112,9 @@ int - void gs_lib_ctx_set_icc_directory(const gs_memory_t *mem_gc, const char* pname, - int dir_namelen); - -+int -+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission); -+ - #define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout) - #define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr) - -diff --git a/psi/imain.c b/psi/imain.c -index 9a9bb5d..6874128 100644 ---- a/psi/imain.c -+++ b/psi/imain.c -@@ -57,6 +57,7 @@ - #include "ivmspace.h" - #include "idisp.h" /* for setting display device callback */ - #include "iplugin.h" -+#include "zfile.h" - - #ifdef PACIFY_VALGRIND - #include "valgrind.h" -@@ -215,6 +216,7 @@ gs_main_init1(gs_main_instance * minst) - "the_gs_name_table"); - if (code < 0) - return code; -+ mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions; - } - code = obj_init(&minst->i_ctx_p, &idmem); /* requires name_init */ - if (code < 0) -diff --git a/psi/int.mak b/psi/int.mak -index 4654afc..bb30d51 100644 ---- a/psi/int.mak -+++ b/psi/int.mak -@@ -1868,7 +1868,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\ - $(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\ - $(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\ - $(iinit_h) $(main_h) $(oper_h) $(ostack_h)\ -- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) -+ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h) - $(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c - - #****** $(CCINT) interp.c -diff --git a/psi/zfile.c b/psi/zfile.c -index 2c6c958..2f27f82 100644 ---- a/psi/zfile.c -+++ b/psi/zfile.c -@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len, - return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup); - } - -+/* z_check_file_permissions: see zfile.h for explanation -+ */ -+int -+z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission) -+{ -+ i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p; -+ gs_parsed_file_name_t pname; -+ const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting"; -+ int code = gs_parse_file_name(&pname, fname, len, imemory); -+ if (code < 0) -+ return code; -+ -+ if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0) -+ return e_invalidfileaccess; -+ -+ code = check_file_permissions(i_ctx_p, fname, len, permitgroup); -+ return code; -+} -+ - /* <name_string> <access_string> file <file> */ - int /* exported for zsysvm.c */ - zfile(i_ctx_t *i_ctx_p) -diff --git a/psi/zfile.h b/psi/zfile.h -index fdf1373..a9399c7 100644 ---- a/psi/zfile.h -+++ b/psi/zfile.h -@@ -22,4 +22,11 @@ - int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn, - const char *file_access, stream **ps, gs_memory_t *mem); - -+/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission) -+ * to allow applying the above permissions checks when opening file(s) from -+ * the graphics library -+ */ -+int -+z_check_file_permissions(gs_memory_t *mem, const char *fname, -+ const int len, const char *permission); - #endif --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch b/gnu/packages/patches/ghostscript-CVE-2016-7978.patch deleted file mode 100644 index 81cb26e9ed..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 6f749c0c44e7b9e09737b9f29edf29925a34f0cf Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 5 Oct 2016 09:59:25 +0100 -Subject: [PATCH] Bug 697179: Reference count device icc profile - -when copying a device ---- - base/gsdevice.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/base/gsdevice.c b/base/gsdevice.c -index 778106f..aea986a 100644 ---- a/base/gsdevice.c -+++ b/base/gsdevice.c -@@ -614,6 +614,7 @@ gx_device_init(gx_device * dev, const gx_device * proto, gs_memory_t * mem, - dev->memory = mem; - dev->retained = !internal; - rc_init(dev, mem, (internal ? 0 : 1)); -+ rc_increment(dev->icc_struct); - } - - void --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch b/gnu/packages/patches/ghostscript-CVE-2016-7979.patch deleted file mode 100644 index a557adfdea..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch +++ /dev/null @@ -1,48 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=875a0095f37626a721c7ff57d606a0f95af03913 - -From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001 -From: Ken Sharp <ken.sharp@artifex.com> -Date: Wed, 5 Oct 2016 10:10:58 +0100 -Subject: [PATCH] DSC parser - validate parameters - -Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it." - -Regardless of any security implications, its simply wrong for a PostScript -operator not to validate its parameter(s). - -No differences expected. ---- - psi/zdscpars.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/psi/zdscpars.c b/psi/zdscpars.c -index c05e154..9b4b605 100644 ---- a/psi/zdscpars.c -+++ b/psi/zdscpars.c -@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p) - ref local_ref; - int code; - os_ptr const op = osp; -- dict * const pdict = op->value.pdict; -- gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict); -- dsc_data_t * const data = -- gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init"); -+ dict *pdict; -+ gs_memory_t *mem; -+ dsc_data_t *data; - -+ check_read_type(*op, t_dictionary); -+ -+ pdict = op->value.pdict; -+ mem = (gs_memory_t *)dict_memory(pdict); -+ -+ data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init"); - if (!data) - return_error(e_VMerror); - data->document_level = 0; --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch b/gnu/packages/patches/ghostscript-CVE-2016-8602.patch deleted file mode 100644 index aaf20b6c6c..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch +++ /dev/null @@ -1,47 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver <mhw@netris.org> based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 - -From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Sat, 8 Oct 2016 16:10:27 +0100 -Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5 - -and param types ---- - psi/zht2.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/psi/zht2.c b/psi/zht2.c -index fb4a264..dfa27a4 100644 ---- a/psi/zht2.c -+++ b/psi/zht2.c -@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p) - gs_memory_t *mem; - uint edepth = ref_stack_count(&e_stack); - int npop = 2; -- int dict_enum = dict_first(op); -+ int dict_enum; - ref rvalue[2]; - int cname, colorant_number; - byte * pname; - uint name_size; - int halftonetype, type = 0; - gs_state *pgs = igs; -- int space_index = r_space_index(op - 1); -+ int space_index; -+ -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(e_stackunderflow); -+ check_type(*op, t_dictionary); -+ check_type(*(op - 1), t_dictionary); -+ -+ dict_enum = dict_first(op); -+ space_index = r_space_index(op - 1); - - mem = (gs_memory_t *) idmemory->spaces_indexed[space_index]; - --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch index db80b6ddec..d38bd593c0 100644 --- a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch +++ b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch @@ -1,15 +1,60 @@ Fix CVE-2017-8291: -https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291 +https://bugs.ghostscript.com/show_bug.cgi?id=697799 +https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate) +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291 -This patch is adapted from these two Artifex Ghostscript commits by Leo -Famulari <leo@famulari.name>: +Patches copied from upstream source repository: -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8 +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad + +From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 27 Apr 2017 13:03:33 +0100 +Subject: [PATCH] Bug 697799: have .eqproc check its parameters + +The Ghostscript custom operator .eqproc was not check the number or type of +the parameters it was given. +--- + psi/zmisc3.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 54b304246..37293ff4b 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top = stack; + ++ if (ref_stack_count(&o_stack) < 2) ++ return_error(gs_error_stackunderflow); ++ if (!r_is_array(op - 1) || !r_is_array(op)) { ++ return_error(gs_error_typecheck); ++ } ++ + make_array(&stack[0].proc1, 0, 1, op - 1); + make_array(&stack[0].proc2, 0, 1, op); + for (;;) { +-- +2.13.0 + +From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 27 Apr 2017 13:21:31 +0100 +Subject: [PATCH] Bug 697799: have .rsdparams check its parameters + +The Ghostscript internal operator .rsdparams wasn't checking the number or +type of the operands it was being passed. Do so. +--- + psi/zfrsd.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/psi/zfrsd.c b/psi/zfrsd.c -index fb4bce9..2629afa 100644 +index 191107d8a..950588d69 100644 --- a/psi/zfrsd.c +++ b/psi/zfrsd.c @@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p) @@ -24,9 +69,9 @@ index fb4bce9..2629afa 100644 + int code = 0; + + if (ref_stack_count(&o_stack) < 1) -+ return_error(e_stackunderflow); ++ return_error(gs_error_stackunderflow); + if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { -+ return_error(e_typecheck); ++ return_error(gs_error_typecheck); + } make_empty_array(&empty_array, a_readonly); @@ -35,15 +80,15 @@ index fb4bce9..2629afa 100644 + && dict_find_string(op, "Filter", &pFilter) > 0) { if (!r_is_array(pFilter)) { if (!r_has_type(pFilter, t_name)) - return_error(e_typecheck); + return_error(gs_error_typecheck); @@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p) - return_error(e_typecheck); + return_error(gs_error_typecheck); } } - code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); + if (r_has_type(op, t_dictionary)) + code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); - if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */ + if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */ return code; - if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0 - ) @@ -54,20 +99,97 @@ index fb4bce9..2629afa 100644 push(1); op[-1] = *pFilter; if (pDecodeParms) +-- +2.13.0 + +From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Wed, 3 May 2017 12:05:45 +0100 +Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc) + +When using the "DELAYBIND" feature, it turns out that .eqproc can be called with +parameters that are not both procedures. In this case, it turns out, the +expectation is for the operator to return 'false', rather than throw an error. +--- + psi/zmisc3.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 54b3042..0d357f1 100644 +index 37293ff4b..3f01d39a3 100644 --- a/psi/zmisc3.c +++ b/psi/zmisc3.c -@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) - ref2_t stack[MAX_DEPTH + 1]; - ref2_t *top = stack; +@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p) + return gs_cliprestore(igs); + } -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(e_stackunderflow); -+ if (!r_is_array(op - 1) || !r_is_array(op)) { -+ return_error(e_typecheck); -+ } ++static inline bool ++eqproc_check_type(ref *r) ++{ ++ return r_has_type(r, t_array) ++ || r_has_type(r, t_mixedarray) ++ || r_has_type(r, t_shortarray) ++ || r_has_type(r, t_oparray); ++} + + /* <proc1> <proc2> .eqproc <bool> */ + /* + * Test whether two procedures are equal to depth 10. +@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p) + + if (ref_stack_count(&o_stack) < 2) + return_error(gs_error_stackunderflow); +- if (!r_is_array(op - 1) || !r_is_array(op)) { +- return_error(gs_error_typecheck); ++ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { ++ make_false(op - 1); ++ pop(1); ++ return 0; + } + make_array(&stack[0].proc1, 0, 1, op - 1); - make_array(&stack[0].proc2, 0, 1, op); - for (;;) { +-- +2.13.0 + +From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001 +From: Chris Liddell <chris.liddell@artifex.com> +Date: Thu, 11 May 2017 14:07:48 +0100 +Subject: [PATCH] Bug 697892: fix check for op stack underflow. + +In the original fix, I used the wrong method to check for stack underflow, this +is using the correct method. +--- + psi/zfrsd.c | 3 +-- + psi/zmisc3.c | 3 +-- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/psi/zfrsd.c b/psi/zfrsd.c +index 950588d69..9c035b96d 100644 +--- a/psi/zfrsd.c ++++ b/psi/zfrsd.c +@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p) + uint i; + int code = 0; + +- if (ref_stack_count(&o_stack) < 1) +- return_error(gs_error_stackunderflow); ++ check_op(1); + if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { + return_error(gs_error_typecheck); + } +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 3f01d39a3..43803b55b 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top = stack; + +- if (ref_stack_count(&o_stack) < 2) +- return_error(gs_error_stackunderflow); ++ check_op(2); + if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { + make_false(op - 1); + pop(1); +-- +2.13.0 + diff --git a/gnu/packages/patches/ghostscript-runpath.patch b/gnu/packages/patches/ghostscript-runpath.patch index c7dcfd4529..9f161e45b3 100644 --- a/gnu/packages/patches/ghostscript-runpath.patch +++ b/gnu/packages/patches/ghostscript-runpath.patch @@ -1,17 +1,18 @@ -This patch adds $(libdir) to the RUNPATH of 'gsc' and 'gsx'. - ---- gnu-ghostscript-9.14.0/base/unix-dll.mak 2015-04-05 15:12:45.386957927 +0200 -+++ gnu-ghostscript-9.14.0/base/unix-dll.mak 2015-04-05 15:12:49.222982359 +0200 -@@ -91,11 +91,11 @@ $(GS_SO_MAJOR): $(GS_SO_MAJOR_MINOR) +diff --git a/base/unix-dll.mak b/base/unix-dll.mak +index 9d57a99..36ef1ff 100644 +--- a/base/unix-dll.mak ++++ b/base/unix-dll.mak +@@ -171,11 +171,11 @@ gpdl-so-links-subtarget: $(GPDL_SO) $(UNIX_DLL_MAK) $(MAKEDIRS) # Build the small Ghostscript loaders, with Gtk+ and without - $(GSSOC_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER) + $(GSSOC_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS) $(GLCC) -g -o $(GSSOC_XE) $(PSSRC)dxmainc.c \ - -L$(BINDIR) -l$(GS_SO_BASE) + -L$(BINDIR) -l$(GS_SO_BASE) -Wl,-rpath=$(libdir) - $(GSSOX_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER) + $(GSSOX_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS) $(GLCC) -g $(SOC_CFLAGS) -o $(GSSOX_XE) $(PSSRC)$(SOC_LOADER) \ - -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) + -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) -Wl,-rpath=$(libdir) - # ------------------------- Recursive make targets ------------------------- # + $(PCLSOC_XE): gpcl6-so-links-subtarget $(PLSRC)$(REALMAIN_SRC).c $(UNIX_DLL_MAK) $(MAKEDIRS) + $(GLCC) -g -o $(PCLSOC_XE) $(PLSRC)$(REALMAIN_SRC).c -L$(BINDIR) -l$(PCL_SO_BASE) diff --git a/gnu/packages/patches/grep-gnulib-lock.patch b/gnu/packages/patches/grep-gnulib-lock.patch new file mode 100644 index 0000000000..68c33f1031 --- /dev/null +++ b/gnu/packages/patches/grep-gnulib-lock.patch @@ -0,0 +1,32 @@ +This patch fix error on 'gnulib' library required to build +'grep' package on GNU/Hurd. +The patch was adapted from upstream source repository: +'<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=4084b3a1094372b960ce4a97634e08f4538c8bdd>' + +Commit: 4084b3a1094372b960ce4a97634e08f4538c8bdd + +diff --git a/lib/glthread/lock.c b/lib/glthread/lock.c +index 061562b..afc86f4 100644 +--- a/lib/glthread/lock.c ++++ b/lib/glthread/lock.c +@@ -30,7 +30,7 @@ + + /* ------------------------- gl_rwlock_t datatype ------------------------- */ + +-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) ++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) + + # ifdef PTHREAD_RWLOCK_INITIALIZER + +diff --git a/lib/glthread/lock.h b/lib/glthread/lock.h +index ec16d39..67932aa 100644 +--- a/lib/glthread/lock.h ++++ b/lib/glthread/lock.h +@@ -179,7 +179,7 @@ typedef pthread_mutex_t gl_lock_t; + + /* ------------------------- gl_rwlock_t datatype ------------------------- */ + +-# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) ++# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) + + # ifdef PTHREAD_RWLOCK_INITIALIZER diff --git a/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch new file mode 100644 index 0000000000..ebbc0635a5 --- /dev/null +++ b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch @@ -0,0 +1,28 @@ +The patch fixes build failure of form: + ../src/alpha/osf.S:298:2: error: #error "osf.S out of sync with ffi.h" +Upstream fixed the bug in a more invasive way +but didn't have releases since 3.2.1. + +The patch is taken from Gentoo: +https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/libffi/files/libffi-3.2.1-complex_alpha.patch + +--- libffi-3.2.1/src/alpha/osf.S 2015-01-16 10:46:15.000000000 +0100 ++++ libffi-3.2.1/src/alpha/osf.S 2015-01-16 10:46:24.000000000 +0100 +@@ -279,6 +279,7 @@ + .gprel32 $load_64 # FFI_TYPE_SINT64 + .gprel32 $load_none # FFI_TYPE_STRUCT + .gprel32 $load_64 # FFI_TYPE_POINTER ++ .gprel32 $load_none # FFI_TYPE_COMPLEX + + /* Assert that the table above is in sync with ffi.h. */ + +@@ -294,7 +295,8 @@ + || FFI_TYPE_SINT64 != 12 \ + || FFI_TYPE_STRUCT != 13 \ + || FFI_TYPE_POINTER != 14 \ +- || FFI_TYPE_LAST != 14 ++ || FFI_TYPE_COMPLEX != 15 \ ++ || FFI_TYPE_LAST != 15 + #error "osf.S out of sync with ffi.h" + #endif + diff --git a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch b/gnu/packages/patches/libtasn1-CVE-2017-6891.patch deleted file mode 100644 index 1f847ed025..0000000000 --- a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch +++ /dev/null @@ -1,51 +0,0 @@ -Fix CVE-2017-6891: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891 - -Patch copied from upstream source repository: - -https://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=5520704d075802df25ce4ffccc010ba1641bd484 - -From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos <nmav@redhat.com> -Date: Thu, 18 May 2017 18:03:34 +0200 -Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node() - -This prevents a stack overflow in asn1_find_node() which -is triggered by too long variable names in the definitions -files. That means that applications have to deliberately -pass a too long 'name' constant to asn1_write_value() -and friends. Reported by Jakub Jirasek. - -Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> ---- - lib/parser_aux.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/lib/parser_aux.c b/lib/parser_aux.c -index b4a7370..976ab38 100644 ---- a/lib/parser_aux.c -+++ b/lib/parser_aux.c -@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name) - if (n_end) - { - nsize = n_end - n_start; -+ if (nsize >= sizeof(n)) -+ return NULL; -+ - memcpy (n, n_start, nsize); - n[nsize] = 0; - n_start = n_end; -@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name) - if (n_end) - { - nsize = n_end - n_start; -+ if (nsize >= sizeof(n)) -+ return NULL; -+ - memcpy (n, n_start, nsize); - n[nsize] = 0; - n_start = n_end; --- -2.13.0 - diff --git a/gnu/packages/patches/libtiff-CVE-2016-10092.patch b/gnu/packages/patches/libtiff-CVE-2016-10092.patch deleted file mode 100644 index d5fd796169..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-10092.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix CVE-2016-10092: - -http://bugzilla.maptools.org/show_bug.cgi?id=2620 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10092 -https://security-tracker.debian.org/tracker/CVE-2016-10092 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore) - mode so that the output buffer is correctly incremented to avoid write - outside bounds. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1178; previous revision: 1.1177 -/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c -new revision: 1.47; previous revision: 1.46 - -Index: libtiff/tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.46 -retrieving revision 1.47 -diff -u -r1.46 -r1.47 ---- libtiff/tools/tiffcrop.c 18 Nov 2016 14:58:46 -0000 1.46 -+++ libtiff/tools/tiffcrop.c 3 Dec 2016 11:35:56 -0000 1.47 -@@ -1,4 +1,4 @@ --/* $Id: tiffcrop.c,v 1.46 2016-11-18 14:58:46 erouault Exp $ */ -+/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */ - - /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of - * the image data through additional options listed below -@@ -3698,7 +3698,7 @@ - (unsigned long) strip, (unsigned long)rows); - return 0; - } -- bufp += bytes_read; -+ bufp += stripsize; - } - - return 1; diff --git a/gnu/packages/patches/libtiff-CVE-2016-10093.patch b/gnu/packages/patches/libtiff-CVE-2016-10093.patch deleted file mode 100644 index 5897ec1029..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-10093.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix CVE-2016-10093: - -http://bugzilla.maptools.org/show_bug.cgi?id=2610 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10093 -https://security-tracker.debian.org/tracker/CVE-2016-10093 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: fix uint32 underflow/overflow that can cause - heap-based buffer overflow. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1187; previous revision: 1.1186 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.59; previous revision: 1.58 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.58 -retrieving revision 1.59 -diff -u -r1.58 -r1.59 ---- libtiff/tools/tiffcp.c 3 Dec 2016 15:44:15 -0000 1.58 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 16:40:01 -0000 1.59 -@@ -1163,7 +1163,7 @@ - - static void - cpStripToTile(uint8* out, uint8* in, -- uint32 rows, uint32 cols, int outskew, int inskew) -+ uint32 rows, uint32 cols, int outskew, int64 inskew) - { - while (rows-- > 0) { - uint32 j = cols; -@@ -1320,7 +1320,7 @@ - tdata_t tilebuf; - uint32 imagew = TIFFScanlineSize(in); - uint32 tilew = TIFFTileRowSize(in); -- int iskew = imagew - tilew; -+ int64 iskew = (int64)imagew - (int64)tilew; - uint8* bufp = (uint8*) buf; - uint32 tw, tl; - uint32 row; -@@ -1348,7 +1348,7 @@ - status = 0; - goto done; - } -- if (colb + tilew > imagew) { -+ if (colb > iskew) { - uint32 width = imagew - colb; - uint32 oskew = tilew - width; - cpStripToTile(bufp + colb, diff --git a/gnu/packages/patches/libtiff-CVE-2016-10094.patch b/gnu/packages/patches/libtiff-CVE-2016-10094.patch deleted file mode 100644 index 9018773565..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2016-10094.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2016-10094: - -http://bugzilla.maptools.org/show_bug.cgi?id=2640 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094 -https://security-tracker.debian.org/tracker/CVE-2016-10094 - -2016-12-20 Even Rouault <even.rouault at spatialys.com> - - * tools/tiff2pdf.c: avoid potential heap-based overflow in - t2p_readwrite_pdf_image_tile(). - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1199; previous revision: 1.1198 -/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v <-- tools/tiff2pdf.c -new revision: 1.101; previous revision: 1.100 - -Index: libtiff/tools/tiff2pdf.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v -retrieving revision 1.100 -retrieving revision 1.101 -diff -u -r1.100 -r1.101 ---- libtiff/tools/tiff2pdf.c 20 Dec 2016 17:24:35 -0000 1.100 -+++ libtiff/tools/tiff2pdf.c 20 Dec 2016 17:28:17 -0000 1.101 -@@ -2895,7 +2895,7 @@ - return(0); - } - if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { -- if (count >= 4) { -+ if (count > 4) { - int retTIFFReadRawTile; - /* Ignore EOI marker of JpegTables */ - _TIFFmemcpy(buffer, jpt, count - 2); diff --git a/gnu/packages/patches/libtiff-CVE-2017-5225.patch b/gnu/packages/patches/libtiff-CVE-2017-5225.patch deleted file mode 100644 index 3158b49360..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2017-5225.patch +++ /dev/null @@ -1,86 +0,0 @@ -Fix CVE-2017-5225 (Heap based buffer overflow in tools/tiffcp): - -http://bugzilla.maptools.org/show_bug.cgi?id=2656 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225 -https://security-tracker.debian.org/tracker/CVE-2017-5225 - -2017-01-11 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and - cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based -overflow. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and - http://bugzilla.maptools.org/show_bug.cgi?id=2657 - - -less C/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1210; previous revision: 1.1209 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.61; previous revision: 1.60 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.60 -retrieving revision 1.61 -diff -u -r1.60 -r1.61 ---- libtiff/tools/tiffcp.c 3 Dec 2016 16:50:02 -0000 1.60 -+++ libtiff/tools/tiffcp.c 11 Jan 2017 19:26:14 -0000 1.61 -#@@ -1,4 +1,4 @@ -#-/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */ -#+/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */ -# -# /* -# * Copyright (c) 1988-1997 Sam Leffler -@@ -591,7 +591,7 @@ - static int - tiffcp(TIFF* in, TIFF* out) - { -- uint16 bitspersample, samplesperpixel = 1; -+ uint16 bitspersample = 1, samplesperpixel = 1; - uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; - copyFunc cf; - uint32 width, length; -@@ -1067,6 +1067,16 @@ - register uint32 n; - uint32 row; - tsample_t s; -+ uint16 bps = 0; -+ -+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps != 8 ) -+ { -+ TIFFError(TIFFFileName(in), -+ "Error, can only handle BitsPerSample=8 in %s", -+ "cpContig2SeparateByRow"); -+ return 0; -+ } - - inbuf = _TIFFmalloc(scanlinesizein); - outbuf = _TIFFmalloc(scanlinesizeout); -@@ -1120,6 +1130,16 @@ - register uint32 n; - uint32 row; - tsample_t s; -+ uint16 bps = 0; -+ -+ (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps != 8 ) -+ { -+ TIFFError(TIFFFileName(in), -+ "Error, can only handle BitsPerSample=8 in %s", -+ "cpSeparate2ContigByRow"); -+ return 0; -+ } - - inbuf = _TIFFmalloc(scanlinesizein); - outbuf = _TIFFmalloc(scanlinesizeout); -@@ -1784,7 +1804,7 @@ - uint32 w, l, tw, tl; - int bychunk; - -- (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv); -+ (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv); - if (shortv != config && bitspersample != 8 && samplesperpixel > 1) { - fprintf(stderr, - "%s: Cannot handle different planar configuration w/ bits/sample != 8\n", diff --git a/gnu/packages/patches/libtiff-assertion-failure.patch b/gnu/packages/patches/libtiff-assertion-failure.patch deleted file mode 100644 index ef747fbdd7..0000000000 --- a/gnu/packages/patches/libtiff-assertion-failure.patch +++ /dev/null @@ -1,60 +0,0 @@ -Fix assertion failure in readSeparateTilesIntoBuffer(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2605 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert -check. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1188; previous revision: 1.1187 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.60; previous revision: 1.59 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.59 -retrieving revision 1.60 -diff -u -r1.59 -r1.60 ---- libtiff/tools/tiffcp.c 3 Dec 2016 16:40:01 -0000 1.59 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 16:50:02 -0000 1.60 -@@ -45,7 +45,6 @@ - #include <string.h> - - #include <ctype.h> --#include <assert.h> - - #ifdef HAVE_UNISTD_H - # include <unistd.h> -@@ -1393,7 +1392,12 @@ - status = 0; - goto done; - } -- assert( bps % 8 == 0 ); -+ if( (bps % 8) != 0 ) -+ { -+ TIFFError(TIFFFileName(in), "Error, cannot handle BitsPerSample that is not a multiple of 8"); -+ status = 0; -+ goto done; -+ } - bytes_per_sample = bps/8; - - for (row = 0; row < imagelength; row += tl) { -@@ -1584,7 +1588,12 @@ - _TIFFfree(obuf); - return 0; - } -- assert( bps % 8 == 0 ); -+ if( (bps % 8) != 0 ) -+ { -+ TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8"); -+ _TIFFfree(obuf); -+ return 0; -+ } - bytes_per_sample = bps/8; - - for (row = 0; row < imagelength; row += tl) { diff --git a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch deleted file mode 100644 index 2a96b68521..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch +++ /dev/null @@ -1,63 +0,0 @@ -Fix divide-by-zero in OJPEGDecodeRaw(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2611 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure -in - OJPEGPreDecode(). This will avoid a divide by zero, and potential other -issues. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1177; previous revision: 1.1176 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v <-- libtiff/tif_ojpeg.c -new revision: 1.66; previous revision: 1.65 - -Index: libtiff/libtiff/tif_ojpeg.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v -retrieving revision 1.65 -retrieving revision 1.66 -diff -u -r1.65 -r1.66 ---- libtiff/libtiff/tif_ojpeg.c 4 Sep 2016 21:32:56 -0000 1.65 -+++ libtiff/libtiff/tif_ojpeg.c 3 Dec 2016 11:15:18 -0000 1.66 -@@ -1,4 +1,4 @@ --/* $Id: tif_ojpeg.c,v 1.65 2016-09-04 21:32:56 erouault Exp $ */ -+/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */ - - /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0 - specification is now totally obsolete and deprecated for new applications and -@@ -244,6 +244,7 @@ - - typedef struct { - TIFF* tif; -+ int decoder_ok; - #ifndef LIBJPEG_ENCAP_EXTERNAL - JMP_BUF exit_jmpbuf; - #endif -@@ -722,6 +723,7 @@ - } - sp->write_curstrile++; - } -+ sp->decoder_ok = 1; - return(1); - } - -@@ -784,8 +786,14 @@ - static int - OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s) - { -+ static const char module[]="OJPEGDecode"; - OJPEGState* sp=(OJPEGState*)tif->tif_data; - (void)s; -+ if( !sp->decoder_ok ) -+ { -+ TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized"); -+ return 0; -+ } - if (sp->libjpeg_jpeg_query_style==0) - { - if (OJPEGDecodeRaw(tif,buf,cc)==0) diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch deleted file mode 100644 index d3f1c2b60e..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch +++ /dev/null @@ -1,104 +0,0 @@ -Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2597 -http://bugzilla.maptools.org/show_bug.cgi?id=2607 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples -tag is - missing. - Reported by Agostino sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1183; previous revision: 1.1182 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.57; previous revision: 1.56 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.56 -retrieving revision 1.57 -diff -u -r1.56 -r1.57 ---- libtiff/tools/tiffcp.c 2 Dec 2016 22:13:32 -0000 1.56 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57 -@@ -1,4 +1,4 @@ --/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */ -+/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -1378,7 +1378,7 @@ - uint8* bufp = (uint8*) buf; - uint32 tw, tl; - uint32 row; -- uint16 bps, bytes_per_sample; -+ uint16 bps = 0, bytes_per_sample; - - tilebuf = _TIFFmalloc(tilesize); - if (tilebuf == 0) -@@ -1387,6 +1387,12 @@ - (void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw); - (void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl); - (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps == 0 ) -+ { -+ TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample"); -+ status = 0; -+ goto done; -+ } - assert( bps % 8 == 0 ); - bytes_per_sample = bps/8; - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples -tag is - missing. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1186; previous revision: 1.1185 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.58; previous revision: 1.57 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.57 -retrieving revision 1.58 -diff -u -r1.57 -r1.58 ---- libtiff/tools/tiffcp.c 3 Dec 2016 14:42:40 -0000 1.57 -+++ libtiff/tools/tiffcp.c 3 Dec 2016 15:44:15 -0000 1.58 -@@ -1,4 +1,4 @@ --/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */ -+/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -1569,7 +1569,7 @@ - uint8* bufp = (uint8*) buf; - uint32 tl, tw; - uint32 row; -- uint16 bps, bytes_per_sample; -+ uint16 bps = 0, bytes_per_sample; - - obuf = _TIFFmalloc(TIFFTileSize(out)); - if (obuf == NULL) -@@ -1578,6 +1578,12 @@ - (void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl); - (void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw); - (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps == 0 ) -+ { -+ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample"); -+ _TIFFfree(obuf); -+ return 0; -+ } - assert( bps % 8 == 0 ); - bytes_per_sample = bps/8; - diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch deleted file mode 100644 index 823293f1cf..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch +++ /dev/null @@ -1,57 +0,0 @@ -Fix divide-by-zero in readSeparateStripsIntoBuffer(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2619 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcrop.c: fix integer division by zero when BitsPerSample is -missing. - Reported by Agostina Sarubo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1180; previous revision: 1.1179 -/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c -new revision: 1.49; previous revision: 1.48 - -Index: libtiff/tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.48 -retrieving revision 1.49 -diff -u -r1.48 -r1.49 ---- libtiff/tools/tiffcrop.c 3 Dec 2016 12:19:32 -0000 1.48 -+++ libtiff/tools/tiffcrop.c 3 Dec 2016 13:00:04 -0000 1.49 -@@ -1,4 +1,4 @@ --/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */ -+/* $Id: tiffcrop.c,v 1.49 2016-12-03 13:00:04 erouault Exp $ */ - - /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of - * the image data through additional options listed below -@@ -1164,7 +1164,7 @@ - tdata_t obuf; - - (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); -- (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); -+ (void) TIFFGetFieldDefaulted(out, TIFFTAG_BITSPERSAMPLE, &bps); - bytes_per_sample = (bps + 7) / 8; - if( width == 0 || - (uint32)bps * (uint32)spp > TIFF_UINT32_MAX / width || -@@ -4760,7 +4760,7 @@ - int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1; - uint32 j; - int32 bytes_read = 0; -- uint16 bps, planar; -+ uint16 bps = 0, planar; - uint32 nstrips; - uint32 strips_per_sample; - uint32 src_rowsize, dst_rowsize, rows_processed, rps; -@@ -4780,7 +4780,7 @@ - } - - memset (srcbuffs, '\0', sizeof(srcbuffs)); -- TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); -+ TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps); - TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar); - TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps); - if (rps > length) diff --git a/gnu/packages/patches/libtiff-divide-by-zero.patch b/gnu/packages/patches/libtiff-divide-by-zero.patch deleted file mode 100644 index 6dbd4666cd..0000000000 --- a/gnu/packages/patches/libtiff-divide-by-zero.patch +++ /dev/null @@ -1,67 +0,0 @@ -Fix an integer overflow in TIFFReadEncodedStrip() that led to division-by-zero: - -http://bugzilla.maptools.org/show_bug.cgi?id=2596 - -2016-12-02 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in - TIFFReadEncodedStrip() that caused an integer division by zero. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1173; previous revision: 1.1172 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c -new revision: 1.50; previous revision: 1.49 -/cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v <-- libtiff/tiffiop.h -new revision: 1.90; previous revision: 1.89 - -Index: libtiff/libtiff/tif_read.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v -retrieving revision 1.49 -retrieving revision 1.50 -diff -u -r1.49 -r1.50 ---- libtiff/libtiff/tif_read.c 10 Jul 2016 18:00:21 -0000 1.49 -+++ libtiff/libtiff/tif_read.c 2 Dec 2016 21:56:56 -0000 1.50 -@@ -1,4 +1,4 @@ --/* $Id: tif_read.c,v 1.49 2016-07-10 18:00:21 erouault Exp $ */ -+/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -346,7 +346,7 @@ - rowsperstrip=td->td_rowsperstrip; - if (rowsperstrip>td->td_imagelength) - rowsperstrip=td->td_imagelength; -- stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip); -+ stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip); - stripinplane=(strip%stripsperplane); - plane=(uint16)(strip/stripsperplane); - rows=td->td_imagelength-stripinplane*rowsperstrip; -Index: libtiff/libtiff/tiffiop.h -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v -retrieving revision 1.89 -retrieving revision 1.90 -diff -u -r1.89 -r1.90 ---- libtiff/libtiff/tiffiop.h 23 Jan 2016 21:20:34 -0000 1.89 -+++ libtiff/libtiff/tiffiop.h 2 Dec 2016 21:56:56 -0000 1.90 -@@ -1,4 +1,4 @@ --/* $Id: tiffiop.h,v 1.89 2016-01-23 21:20:34 erouault Exp $ */ -+/* $Id: tiffiop.h,v 1.90 2016-12-02 21:56:56 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -250,6 +250,10 @@ - #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \ - ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \ - 0U) -+/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */ -+/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */ -+#define TIFFhowmany_32_maxuint_compat(x, y) \ -+ (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0)) - #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3) - #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y)) - #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y))) diff --git a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch b/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch deleted file mode 100644 index 2d5e23586d..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch +++ /dev/null @@ -1,131 +0,0 @@ -Fix heap-based buffer overflow in _TIFFmemcpy(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2604 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer - overflow on generation of PixarLog / LUV compressed files, with - ColorMap, TransferFunction attached and nasty plays with bitspersample. - The fix for LUV has not been tested, but suffers from the same kind - of issue of PixarLog. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1175; previous revision: 1.1174 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v <-- libtiff/tif_luv.c -new revision: 1.44; previous revision: 1.43 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v <-- -libtiff/tif_pixarlog.c -new revision: 1.49; previous revision: 1.48 - -Index: libtiff/libtiff/tif_luv.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v -retrieving revision 1.43 -retrieving revision 1.44 -diff -u -r1.43 -r1.44 ---- libtiff/libtiff/tif_luv.c 4 Sep 2016 21:32:56 -0000 1.43 -+++ libtiff/libtiff/tif_luv.c 2 Dec 2016 23:05:51 -0000 1.44 -@@ -1,4 +1,4 @@ --/* $Id: tif_luv.c,v 1.43 2016-09-04 21:32:56 erouault Exp $ */ -+/* $Id: tif_luv.c,v 1.44 2016-12-02 23:05:51 erouault Exp $ */ - - /* - * Copyright (c) 1997 Greg Ward Larson -@@ -158,6 +158,7 @@ - typedef struct logLuvState LogLuvState; - - struct logLuvState { -+ int encoder_state; /* 1 if encoder correctly initialized */ - int user_datafmt; /* user data format */ - int encode_meth; /* encoding method */ - int pixel_size; /* bytes per pixel */ -@@ -1552,6 +1553,7 @@ - td->td_photometric, "must be either LogLUV or LogL"); - break; - } -+ sp->encoder_state = 1; - return (1); - notsupported: - TIFFErrorExt(tif->tif_clientdata, module, -@@ -1563,19 +1565,27 @@ - static void - LogLuvClose(TIFF* tif) - { -+ LogLuvState* sp = (LogLuvState*) tif->tif_data; - TIFFDirectory *td = &tif->tif_dir; - -+ assert(sp != 0); - /* - * For consistency, we always want to write out the same - * bitspersample and sampleformat for our TIFF file, - * regardless of the data format being used by the application. - * Since this routine is called after tags have been set but - * before they have been recorded in the file, we reset them here. -+ * Note: this is really a nasty approach. See PixarLogClose - */ -- td->td_samplesperpixel = -- (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3; -- td->td_bitspersample = 16; -- td->td_sampleformat = SAMPLEFORMAT_INT; -+ if( sp->encoder_state ) -+ { -+ /* See PixarLogClose. Might avoid issues with tags whose size depends -+ * on those below, but not completely sure this is enough. */ -+ td->td_samplesperpixel = -+ (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3; -+ td->td_bitspersample = 16; -+ td->td_sampleformat = SAMPLEFORMAT_INT; -+ } - } - - static void -Index: libtiff/libtiff/tif_pixarlog.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v -retrieving revision 1.48 -retrieving revision 1.49 -diff -u -r1.48 -r1.49 ---- libtiff/libtiff/tif_pixarlog.c 23 Sep 2016 22:12:18 -0000 1.48 -+++ libtiff/libtiff/tif_pixarlog.c 2 Dec 2016 23:05:51 -0000 1.49 -@@ -1,4 +1,4 @@ --/* $Id: tif_pixarlog.c,v 1.48 2016-09-23 22:12:18 erouault Exp $ */ -+/* $Id: tif_pixarlog.c,v 1.49 2016-12-02 23:05:51 erouault Exp $ */ - - /* - * Copyright (c) 1996-1997 Sam Leffler -@@ -1233,8 +1233,10 @@ - static void - PixarLogClose(TIFF* tif) - { -+ PixarLogState* sp = (PixarLogState*) tif->tif_data; - TIFFDirectory *td = &tif->tif_dir; - -+ assert(sp != 0); - /* In a really sneaky (and really incorrect, and untruthful, and - * troublesome, and error-prone) maneuver that completely goes against - * the spirit of TIFF, and breaks TIFF, on close, we covertly -@@ -1243,8 +1245,19 @@ - * readers that don't know about PixarLog, or how to set - * the PIXARLOGDATFMT pseudo-tag. - */ -- td->td_bitspersample = 8; -- td->td_sampleformat = SAMPLEFORMAT_UINT; -+ -+ if (sp->state&PLSTATE_INIT) { -+ /* We test the state to avoid an issue such as in -+ * http://bugzilla.maptools.org/show_bug.cgi?id=2604 -+ * What appends in that case is that the bitspersample is 1 and -+ * a TransferFunction is set. The size of the TransferFunction -+ * depends on 1<<bitspersample. So if we increase it, an access -+ * out of the buffer will happen at directory flushing. -+ * Another option would be to clear those targs. -+ */ -+ td->td_bitspersample = 8; -+ td->td_sampleformat = SAMPLEFORMAT_UINT; -+ } - } - - static void diff --git a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch b/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch deleted file mode 100644 index 68889b121b..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch +++ /dev/null @@ -1,132 +0,0 @@ -Fix heap-based buffer overflow in TIFFFillStrip(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2608 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() to - instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, -rowsperstrip), - instead of a logic based on the total size of data. Which is faulty is - the total size of data is not sufficient to fill the whole image, and -thus - results in reading outside of the StripByCounts/StripOffsets arrays -when - using TIFFReadScanline(). - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608. - - * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done - for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 -since - the above change is a better fix that makes it unnecessary. - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1176; previous revision: 1.1175 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- -libtiff/tif_dirread.c -new revision: 1.205; previous revision: 1.204 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v <-- libtiff/tif_strip.c -new revision: 1.38; previous revision: 1.37 - -Index: libtiff/libtiff/tif_dirread.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v -retrieving revision 1.204 -retrieving revision 1.205 -diff -u -r1.204 -r1.205 ---- libtiff/libtiff/tif_dirread.c 16 Nov 2016 15:14:15 -0000 1.204 -+++ libtiff/libtiff/tif_dirread.c 3 Dec 2016 11:02:15 -0000 1.205 -@@ -1,4 +1,4 @@ --/* $Id: tif_dirread.c,v 1.204 2016-11-16 15:14:15 erouault Exp $ */ -+/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -5502,8 +5502,7 @@ - uint64 rowblockbytes; - uint64 stripbytes; - uint32 strip; -- uint64 nstrips64; -- uint32 nstrips32; -+ uint32 nstrips; - uint32 rowsperstrip; - uint64* newcounts; - uint64* newoffsets; -@@ -5534,18 +5533,17 @@ - return; - - /* -- * never increase the number of strips in an image -+ * never increase the number of rows per strip - */ - if (rowsperstrip >= td->td_rowsperstrip) - return; -- nstrips64 = TIFFhowmany_64(bytecount, stripbytes); -- if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */ -- return; -- nstrips32 = (uint32)nstrips64; -+ nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip); -+ if( nstrips == 0 ) -+ return; - -- newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64), -+ newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), - "for chopped \"StripByteCounts\" array"); -- newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64), -+ newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), - "for chopped \"StripOffsets\" array"); - if (newcounts == NULL || newoffsets == NULL) { - /* -@@ -5562,18 +5560,18 @@ - * Fill the strip information arrays with new bytecounts and offsets - * that reflect the broken-up format. - */ -- for (strip = 0; strip < nstrips32; strip++) { -+ for (strip = 0; strip < nstrips; strip++) { - if (stripbytes > bytecount) - stripbytes = bytecount; - newcounts[strip] = stripbytes; -- newoffsets[strip] = offset; -+ newoffsets[strip] = stripbytes ? offset : 0; - offset += stripbytes; - bytecount -= stripbytes; - } - /* - * Replace old single strip info with multi-strip info. - */ -- td->td_stripsperimage = td->td_nstrips = nstrips32; -+ td->td_stripsperimage = td->td_nstrips = nstrips; - TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip); - - _TIFFfree(td->td_stripbytecount); -Index: libtiff/libtiff/tif_strip.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v -retrieving revision 1.37 -retrieving revision 1.38 -diff -u -r1.37 -r1.38 ---- libtiff/libtiff/tif_strip.c 9 Nov 2016 23:00:49 -0000 1.37 -+++ libtiff/libtiff/tif_strip.c 3 Dec 2016 11:02:15 -0000 1.38 -@@ -1,4 +1,4 @@ --/* $Id: tif_strip.c,v 1.37 2016-11-09 23:00:49 erouault Exp $ */ -+/* $Id: tif_strip.c,v 1.38 2016-12-03 11:02:15 erouault Exp $ */ - - /* - * Copyright (c) 1991-1997 Sam Leffler -@@ -63,15 +63,6 @@ - TIFFDirectory *td = &tif->tif_dir; - uint32 nstrips; - -- /* If the value was already computed and store in td_nstrips, then return it, -- since ChopUpSingleUncompressedStrip might have altered and resized the -- since the td_stripbytecount and td_stripoffset arrays to the new value -- after the initial affectation of td_nstrips = TIFFNumberOfStrips() in -- tif_dirread.c ~line 3612. -- See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */ -- if( td->td_nstrips ) -- return td->td_nstrips; -- - nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 : - TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip)); - if (td->td_planarconfig == PLANARCONFIG_SEPARATE) diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch deleted file mode 100644 index f0fef08bf3..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch +++ /dev/null @@ -1,67 +0,0 @@ -Fix heap buffer overflow in tiffcp when parsing number of inks: - -http://bugzilla.maptools.org/show_bug.cgi?id=2599 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is -called, - limit the return number of inks to SamplesPerPixel, so that code that -parses - ink names doesn't go past the end of the buffer. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1184; previous revision: 1.1183 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v <-- libtiff/tif_dir.c -new revision: 1.128; previous revision: 1.127 - -Index: libtiff/libtiff/tif_dir.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v -retrieving revision 1.127 -retrieving revision 1.128 -diff -u -r1.127 -r1.128 ---- libtiff/libtiff/tif_dir.c 25 Oct 2016 21:35:15 -0000 1.127 -+++ libtiff/libtiff/tif_dir.c 3 Dec 2016 15:30:31 -0000 1.128 -@@ -1,4 +1,4 @@ --/* $Id: tif_dir.c,v 1.127 2016-10-25 21:35:15 erouault Exp $ */ -+/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -854,6 +854,32 @@ - if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */ - return 0; - -+ if( tag == TIFFTAG_NUMBEROFINKS ) -+ { -+ int i; -+ for (i = 0; i < td->td_customValueCount; i++) { -+ uint16 val; -+ TIFFTagValue *tv = td->td_customValues + i; -+ if (tv->info->field_tag != tag) -+ continue; -+ val = *(uint16 *)tv->value; -+ /* Truncate to SamplesPerPixel, since the */ -+ /* setting code for INKNAMES assume that there are SamplesPerPixel */ -+ /* inknames. */ -+ /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */ -+ if( val > td->td_samplesperpixel ) -+ { -+ TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField", -+ "Truncating NumberOfInks from %u to %u", -+ val, td->td_samplesperpixel); -+ val = td->td_samplesperpixel; -+ } -+ *va_arg(ap, uint16*) = val; -+ return 1; -+ } -+ return 0; -+ } -+ - /* - * We want to force the custom code to be used for custom - * fields even if the tag happens to match a well known diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch deleted file mode 100644 index 8166c55758..0000000000 --- a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch +++ /dev/null @@ -1,60 +0,0 @@ -Fix heap-based buffer overflow in combineSeparateSamples16bits(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2621 - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in - readSeparateStripsIntoBuffer() to avoid read outside of heap allocated -buffer. - Reported by Agostina Sarubo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2621 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1179; previous revision: 1.1178 -/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c -new revision: 1.48; previous revision: 1.47 - -Index: libtiff/tools/tiffcrop.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v -retrieving revision 1.47 -retrieving revision 1.48 -diff -u -r1.47 -r1.48 ---- libtiff/tools/tiffcrop.c 3 Dec 2016 11:35:56 -0000 1.47 -+++ libtiff/tools/tiffcrop.c 3 Dec 2016 12:19:32 -0000 1.48 -@@ -1,4 +1,4 @@ --/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */ -+/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */ - - /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of - * the image data through additional options listed below -@@ -4815,10 +4815,17 @@ - nstrips = TIFFNumberOfStrips(in); - strips_per_sample = nstrips /spp; - -+ /* Add 3 padding bytes for combineSeparateSamples32bits */ -+ if( (size_t) stripsize > 0xFFFFFFFFU - 3U ) -+ { -+ TIFFError("readSeparateStripsIntoBuffer", "Integer overflow when calculating buffer size."); -+ exit(-1); -+ } -+ - for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++) - { - srcbuffs[s] = NULL; -- buff = _TIFFmalloc(stripsize); -+ buff = _TIFFmalloc(stripsize + 3); - if (!buff) - { - TIFFError ("readSeparateStripsIntoBuffer", -@@ -4827,6 +4834,9 @@ - _TIFFfree (srcbuffs[i]); - return 0; - } -+ buff[stripsize] = 0; -+ buff[stripsize+1] = 0; -+ buff[stripsize+2] = 0; - srcbuffs[s] = buff; - } - diff --git a/gnu/packages/patches/libtiff-invalid-read.patch b/gnu/packages/patches/libtiff-invalid-read.patch deleted file mode 100644 index 92742d8757..0000000000 --- a/gnu/packages/patches/libtiff-invalid-read.patch +++ /dev/null @@ -1,64 +0,0 @@ -Fix invalid read in t2p_writeproc(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2639 - -2016-12-20 Even Rouault <even.rouault at spatialys.com> - - * tools/tiff2pdf.c: avoid potential invalid memory read in - t2p_writeproc. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1198; previous revision: 1.1197 -/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v <-- tools/tiff2pdf.c -new revision: 1.100; previous revision: 1.99 - -Index: libtiff/tools/tiff2pdf.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v -retrieving revision 1.99 -retrieving revision 1.100 -diff -u -r1.99 -r1.100 ---- libtiff/tools/tiff2pdf.c 20 Dec 2016 17:13:26 -0000 1.99 -+++ libtiff/tools/tiff2pdf.c 20 Dec 2016 17:24:35 -0000 1.100 -@@ -2896,6 +2896,7 @@ - } - if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { - if (count >= 4) { -+ int retTIFFReadRawTile; - /* Ignore EOI marker of JpegTables */ - _TIFFmemcpy(buffer, jpt, count - 2); - bufferoffset += count - 2; -@@ -2903,22 +2904,23 @@ - table_end[0] = buffer[bufferoffset-2]; - table_end[1] = buffer[bufferoffset-1]; - xuint32 = bufferoffset; -- bufferoffset -= 2; -- bufferoffset += TIFFReadRawTile( -+ bufferoffset -= 2; -+ retTIFFReadRawTile= TIFFReadRawTile( - input, - tile, - (tdata_t) &(((unsigned char*)buffer)[bufferoffset]), - -1); -+ if( retTIFFReadRawTile < 0 ) -+ { -+ _TIFFfree(buffer); -+ t2p->t2p_error = T2P_ERR_ERROR; -+ return(0); -+ } -+ bufferoffset += retTIFFReadRawTile; - /* Overwrite SOI marker of image scan with previously */ - /* saved end of JpegTables */ - buffer[xuint32-2]=table_end[0]; - buffer[xuint32-1]=table_end[1]; -- } else { -- bufferoffset += TIFFReadRawTile( -- input, -- tile, -- (tdata_t) &(((unsigned char*)buffer)[bufferoffset]), -- -1); - } - } - t2pWriteFile(output, (tdata_t) buffer, bufferoffset); diff --git a/gnu/packages/patches/libtiff-null-dereference.patch b/gnu/packages/patches/libtiff-null-dereference.patch deleted file mode 100644 index 8c6345b804..0000000000 --- a/gnu/packages/patches/libtiff-null-dereference.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix NULL pointer dereference in TIFFReadRawData(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2594 - - -2016-12-03 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffinfo.c: fix null pointer dereference in -r mode when - * the -image has - no StripByteCount tag. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1182; previous revision: 1.1181 -/cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v <-- tools/tiffinfo.c -new revision: 1.26; previous revision: 1.25 - -Index: libtiff/tools/tiffinfo.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v -retrieving revision 1.25 -retrieving revision 1.26 -diff -u -r1.25 -r1.26 ---- libtiff/tools/tiffinfo.c 12 Nov 2016 20:06:05 -0000 1.25 -+++ libtiff/tools/tiffinfo.c 3 Dec 2016 14:18:49 -0000 1.26 -@@ -1,4 +1,4 @@ --/* $Id: tiffinfo.c,v 1.25 2016-11-12 20:06:05 bfriesen Exp $ */ -+/* $Id: tiffinfo.c,v 1.26 2016-12-03 14:18:49 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -417,7 +417,7 @@ - uint64* stripbc=NULL; - - TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &stripbc); -- if (nstrips > 0) { -+ if (stripbc != NULL && nstrips > 0) { - uint32 bufsize = (uint32) stripbc[0]; - tdata_t buf = _TIFFmalloc(bufsize); - tstrip_t s; diff --git a/gnu/packages/patches/libtiff-tiffcp-underflow.patch b/gnu/packages/patches/libtiff-tiffcp-underflow.patch deleted file mode 100644 index 5615cbb3e1..0000000000 --- a/gnu/packages/patches/libtiff-tiffcp-underflow.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix a integer underflow in tiffcp that led to heap overflows in -TIFFReverseBits(): - -http://bugzilla.maptools.org/show_bug.cgi?id=2598 - -2016-12-02 Even Rouault <even.rouault at spatialys.com> - - * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that - can cause various issues, such as buffer overflows in the library. - Reported by Agostino Sarubbo. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1174; previous revision: 1.1173 -/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c -new revision: 1.56; previous revision: 1.55 - -Index: libtiff/tools/tiffcp.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v -retrieving revision 1.55 -retrieving revision 1.56 -diff -u -r1.55 -r1.56 ---- libtiff/tools/tiffcp.c 8 Oct 2016 15:54:57 -0000 1.55 -+++ libtiff/tools/tiffcp.c 2 Dec 2016 22:13:32 -0000 1.56 -@@ -1,4 +1,4 @@ --/* $Id: tiffcp.c,v 1.55 2016-10-08 15:54:57 erouault Exp $ */ -+/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -985,7 +985,7 @@ - tstrip_t s, ns = TIFFNumberOfStrips(in); - uint32 row = 0; - _TIFFmemset(buf, 0, stripsize); -- for (s = 0; s < ns; s++) { -+ for (s = 0; s < ns && row < imagelength; s++) { - tsize_t cc = (row + rowsperstrip > imagelength) ? - TIFFVStripSize(in, imagelength - row) : stripsize; - if (TIFFReadEncodedStrip(in, s, buf, cc) < 0 diff --git a/gnu/packages/patches/libunistring-gnulib-multi-core.patch b/gnu/packages/patches/libunistring-gnulib-multi-core.patch new file mode 100644 index 0000000000..709b20c6d2 --- /dev/null +++ b/gnu/packages/patches/libunistring-gnulib-multi-core.patch @@ -0,0 +1,178 @@ +This patch fixes performance problems on multi-core machines +as reported at <https://bugs.gnu.org/26441>. + +See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib +by Bruno Haible <bruno@clisp.org>. + +diff --git a/tests/test-lock.c b/tests/test-lock.c +index cb734b4e6..aa6de2739 100644 +--- a/tests/test-lock.c ++++ b/tests/test-lock.c +@@ -50,6 +50,13 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a lock is used to protect these variables. ++ If set to 1, 'volatile' is used; this is theoretically equivalent but can ++ lead to much slower execution (e.g. 30x slower total run time on a 40-core ++ machine. */ ++#define USE_VOLATILE 0 ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -103,6 +110,51 @@ + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -200,7 +252,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -210,7 +263,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -284,7 +337,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -295,7 +349,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -386,7 +440,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -396,7 +451,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } diff --git a/gnu/packages/patches/python-file-double-encoding-bug.patch b/gnu/packages/patches/python-file-double-encoding-bug.patch deleted file mode 100644 index bbe825c36a..0000000000 --- a/gnu/packages/patches/python-file-double-encoding-bug.patch +++ /dev/null @@ -1,50 +0,0 @@ -Fix bug that breaks file's Python bindings when using Python 3. This patch -should not be applied when using Python 2. - -Copied from upstream source repository: - -https://github.com/file/file/commit/73e043d2a986234b187a00ed0c8d1f7bf83df372 - -From 73e043d2a986234b187a00ed0c8d1f7bf83df372 Mon Sep 17 00:00:00 2001 -From: Christos Zoulas <christos@zoulas.com> -Date: Tue, 28 Jun 2016 17:10:22 +0000 -Subject: [PATCH] PR/562: Reiner Herrmann: Avoid double encoding with python3 - ---- - python/magic.py | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/python/magic.py b/python/magic.py -index c48f7d5..b0f7a17 100644 ---- a/python/magic.py -+++ b/python/magic.py -@@ -134,7 +134,7 @@ class Magic(object): - if isinstance(r, str): - return r - else: -- return str(r).encode('utf-8') -+ return str(r, 'utf-8') - - def descriptor(self, fd): - """ -@@ -152,7 +152,7 @@ class Magic(object): - if isinstance(r, str): - return r - else: -- return str(r).encode('utf-8') -+ return str(r, 'utf-8') - - def error(self): - """ -@@ -163,7 +163,7 @@ class Magic(object): - if isinstance(e, str): - return e - else: -- return str(e).encode('utf-8') -+ return str(e, 'utf-8') - - def setflags(self, flags): - """ --- -2.10.1 - diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm index 58beab0a96..61aaf7c153 100644 --- a/gnu/packages/pcre.scm +++ b/gnu/packages/pcre.scm @@ -34,7 +34,6 @@ (package (name "pcre") (version "8.40") - (replacement pcre/fixed) (source (origin (method url-fetch) (uri (list @@ -43,6 +42,7 @@ "pcre-" version ".tar.bz2") (string-append "mirror://sourceforge/pcre/pcre/" version "/pcre-" version ".tar.bz2"))) + (patches (search-patches "pcre-CVE-2017-7186.patch")) (sha256 (base32 "1x7lpjn7jhk0n3sdvggxrlrhab8kkfjwl7qix0ypw9nlx8lpmqh0")))) @@ -72,14 +72,6 @@ POSIX regular expression API.") (license license:bsd-3) (home-page "http://www.pcre.org/"))) -(define pcre/fixed - (package - (inherit pcre) - (replacement #f) - (source (origin - (inherit (package-source pcre)) - (patches (search-patches "pcre-CVE-2017-7186.patch")))))) - (define-public pcre2 (package (name "pcre2") diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 812d7548cf..db76160062 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -51,14 +51,14 @@ ;; Yeah, Perl... It is required early in the bootstrap process by Linux. (package (name "perl") - (version "5.24.0") + (version "5.24.1") (source (origin (method url-fetch) (uri (string-append "mirror://cpan/src/5.0/perl-" version ".tar.gz")) (sha256 (base32 - "00jj8zr8fnihrxxhl8h936ssczv5x86qb618yz1ig40d1rp0qhvy")) + "1bqqb5ghfj4486nqr77kgsd8aff6a289jy7n2cdkznwvn34qbhg6")) (patches (search-patches "perl-no-sys-dirs.patch" "perl-autosplit-default-time.patch" diff --git a/gnu/packages/pkg-config.scm b/gnu/packages/pkg-config.scm index 01069d27a5..12f17f1e3c 100644 --- a/gnu/packages/pkg-config.scm +++ b/gnu/packages/pkg-config.scm @@ -30,7 +30,7 @@ (define-public %pkg-config (package (name "pkg-config") - (version "0.29.1") + (version "0.29.2") (source (origin (method url-fetch) (uri (list @@ -46,7 +46,7 @@ version ".tar.gz"))) (sha256 (base32 - "00dh1jn8rbppmgbhhgqhmbh3c58b0gccy39rsjdlcma50sg3rd5y")))) + "14fmwzki1rlz8bs2p810lk6jqdxsk966d8drgsjmi54cd00rrikg")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--with-internal-glib"))) (native-search-paths diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index 92ebe6f3eb..846c174fa7 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -45,13 +45,14 @@ (define-public libsndfile (package (name "libsndfile") - (replacement libsndfile/fixed) (version "1.0.28") (source (origin (method url-fetch) (uri (string-append "http://www.mega-nerd.com/libsndfile/files/libsndfile-" version ".tar.gz")) - (patches (search-patches "libsndfile-armhf-type-checks.patch")) + (patches (search-patches "libsndfile-armhf-type-checks.patch" + "libsndfile-CVE-2017-8361-8363-8365.patch" + "libsndfile-CVE-2017-8362.patch")) (sha256 (base32 "1afzm7jx34jhqn32clc5xghyjglccam2728yxlx37yj2y0lkkwqz")))) @@ -77,18 +78,6 @@ SPARC. Hopefully the design of the library will also make it easy to extend for reading and writing new sound file formats.") (license l:gpl2+))) -(define libsndfile/fixed - (package - (inherit libsndfile) - (source - (origin - (inherit (package-source libsndfile)) - (patches - (append - (origin-patches (package-source libsndfile)) - (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch" - "libsndfile-CVE-2017-8362.patch"))))))) - (define-public libsamplerate (package (name "libsamplerate") ; aka. Secret Rabbit Code (SRC) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 7617490bd4..1017c31dad 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -7578,10 +7578,6 @@ Python's @code{ctypes} foreign function interface (FFI).") (package (inherit file) (name "python-file") - (source (origin - (inherit (package-source file)) - ;; This patch should not be applied to python2-file. - (patches (search-patches "python-file-double-encoding-bug.patch")))) (build-system python-build-system) (arguments '(#:tests? #f ;no tests diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 7f62b37690..23b04bad29 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> +;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -52,8 +53,7 @@ (define-public libtasn1 (package (name "libtasn1") - (replacement libtasn1/fixed) - (version "4.10") + (version "4.12") (source (origin (method url-fetch) @@ -61,7 +61,7 @@ version ".tar.gz")) (sha256 (base32 - "00jsix5hny0g768zv4hk78dib7w0qmk5fbizf4jj37r51nd4s6k8")))) + "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "https://www.gnu.org/software/libtasn1/") @@ -73,15 +73,6 @@ networking, allowing for formal validation of data according to some specifications.") (license license:lgpl2.0+))) -(define libtasn1/fixed - (package - (inherit libtasn1) - (source - (origin - (inherit (package-source libtasn1)) - (patches - (search-patches "libtasn1-CVE-2017-6891.patch")))))) - (define-public asn1c (package (name "asn1c") @@ -150,7 +141,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.5.9") + (version "3.5.10") (source (origin (method url-fetch) (uri @@ -161,13 +152,11 @@ living in the same process.") "/gnutls-" version ".tar.xz")) (sha256 (base32 - "0l9971841jsfdcvcyhas17sk5rsby6x5vvwcmmj4x3zi9q60zcc2")))) + "17apwvdkkazh5w8z8mbanpj2yj8s2002qwy46wz4v3akpa33wi5g")))) (build-system gnu-build-system) (arguments '(#:configure-flags - (list (string-append "--with-guile-site-dir=" - (assoc-ref %outputs "out") - "/share/guile/site/2.0") + (list ;; GnuTLS doesn't consult any environment variables to specify ;; the location of the system-wide trust store. Instead it has a ;; configure-time option. Unless specified, its configure script @@ -204,7 +193,7 @@ living in the same process.") ("pkg-config" ,pkg-config) ("which" ,which))) (inputs - `(("guile" ,guile-2.0))) + `(("guile" ,guile-2.2))) (propagated-inputs ;; These are all in the 'Requires.private' field of gnutls.pc. `(("libtasn1" ,libtasn1) @@ -223,22 +212,20 @@ required structures.") (ftp-directory . "/gcrypt/gnutls"))))) (define-public gnutls/guile-2.2 - ;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5. + (deprecated-package "guile2.2-gnutls" gnutls)) + +(define-public gnutls/guile-2.0 + ;; GnuTLS for Guile 2.0. (package (inherit gnutls) - (name "guile2.2-gnutls") - (arguments - ;; Remove '--with-guile-site-dir=…/2.0'. - (substitute-keyword-arguments (package-arguments gnutls) - ((#:configure-flags flags) - `(cdr ,flags)))) - (inputs `(("guile" ,guile-2.2) + (name "guile2.0-gnutls") + (inputs `(("guile" ,guile-2.0) ,@(alist-delete "guile" (package-inputs gnutls)))))) (define-public openssl (package (name "openssl") - (version "1.0.2k") + (version "1.0.2l") (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -248,7 +235,14 @@ required structures.") "/" name "-" version ".tar.gz"))) (sha256 (base32 - "1h6qi35w6hv6rd73p4cdgdzg732pdrfgpp37cgwz1v9a3z37ffbb")) + "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf")) + (snippet + '(begin + ;; Remove ELF files. 'substitute*' can't read them. + (delete-file "test/ssltest_old") + (delete-file "test/v3ext") + (delete-file "test/x509aux") + #t)) (patches (search-patches "openssl-runpath.patch" "openssl-c-rehash-in.patch")))) (build-system gnu-build-system) diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm index 9c82e01d67..a74cbcf2b4 100644 --- a/gnu/packages/wine.scm +++ b/gnu/packages/wine.scm @@ -65,8 +65,7 @@ (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config) ("gettext" ,gettext-minimal) - ; A bug in flex prevents building with flex-2.6.3. - ("flex" ,flex-2.6.1) + ("flex" ,flex) ("bison" ,bison) ("perl" ,perl))) (inputs diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 5007320c9c..d9cee8a257 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -277,7 +277,7 @@ rasterisation.") (define-public libdrm (package (name "libdrm") - (version "2.4.80") + (version "2.4.81") (source (origin (method url-fetch) @@ -287,7 +287,7 @@ rasterisation.") ".tar.bz2")) (sha256 (base32 - "1wa9cnzf60xwx67zq9ay48xr3j3sn1z80q77jpbzmkg906b52am8")) + "1bhimr6za2ddisrvrv1qqd7c2a59s7jc954sjycq2w68b8cmrh4c")) (patches (search-patches "libdrm-symbol-check.patch")))) (build-system gnu-build-system) (inputs diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 990e27d5d4..7d981712da 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -1120,7 +1120,7 @@ themselves.") (define-public libpthread-stubs (package (name "libpthread-stubs") - (version "0.3") + (version "0.4") (source (origin (method url-fetch) @@ -1130,7 +1130,7 @@ themselves.") ".tar.bz2")) (sha256 (base32 - "16bjv3in19l84hbri41iayvvg4ls9gv1ma0x0qlbmwy67i7dbdim")))) + "0cz7s9w8lqgzinicd4g36rjg08zhsbyngh0w68c3np8nlc8mkl74")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) (home-page "https://www.x.org/wiki/") @@ -3737,7 +3737,7 @@ extension to the X11 protocol. It includes: (define-public xkeyboard-config (package (name "xkeyboard-config") - (version "2.20") + (version "2.21") (source (origin (method url-fetch) @@ -3747,7 +3747,7 @@ extension to the X11 protocol. It includes: ".tar.bz2")) (sha256 (base32 - "0d619g4r0w1f6q5qmaqjnsc0956gi02fqgpisqffzqy4acjwggyi")))) + "1iffxpchy6dfgbby23nfsqqk17h9lfddlmjnhwagqag1z94p1h9h")))) (build-system gnu-build-system) (inputs `(("gettext" ,gettext-minimal) |