diff options
Diffstat (limited to 'gnu/packages')
28 files changed, 252 insertions, 855 deletions
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 1c4ebbf64f..fce193ceec 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -74,14 +74,14 @@ command-line arguments, multiple languages, and so on.") (define-public grep (package (name "grep") - (version "2.22") + (version "2.25") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/grep/grep-" version ".tar.xz")) (sha256 (base32 - "1srn321x7whlhs5ks36zlcrrmj4iahll8fxwsh1vbz3v04px54fa")) + "0c38b67cnwchwzv4wq2gpz6smkhdxrac2hhssv8f0l04qnx867p2")) (patches (search-patches "grep-timing-sensitive-test.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) ;some of the tests require it @@ -242,23 +242,14 @@ used to apply commands with arbitrarily long arguments.") (define-public coreutils (package (name "coreutils") - (version "8.24") + (version "8.25") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/coreutils/coreutils-" version ".tar.xz")) (sha256 (base32 - "0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2")) - (patches - (list (origin - (method url-fetch) - (uri "http://git.savannah.gnu.org/cgit/coreutils.git/\ -patch/?id=3ba68f9e64fa2eb8af22d510437a0c6441feb5e0") - (sha256 - (base32 - "1dnlszhc8lihhg801i9sz896mlrgfsjfcz62636prb27k5hmixqz")) - (file-name "coreutils-tail-inotify-race.patch")))))) + "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii")))) (build-system gnu-build-system) (inputs `(("acl" ,acl) ; TODO: add SELinux ("gmp" ,gmp) ;bignums in 'expr', yay! @@ -465,14 +456,14 @@ store.") (define-public glibc (package (name "glibc") - (version "2.22") + (version "2.23") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb")) + "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl")) (snippet ;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is ;; required on LFS distros to avoid loading the distro's libc.so @@ -481,12 +472,9 @@ store.") (("use_ldconfig=yes") "use_ldconfig=no"))) (modules '((guix build utils))) - (patches - (search-patches "glibc-ldd-x86_64.patch" - "glibc-locale-incompatibility.patch" - "glibc-versioned-locpath.patch" - "glibc-o-largefile.patch" - "glibc-CVE-2015-7547.patch")))) + (patches (search-patches "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch")))) (build-system gnu-build-system) ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc @@ -503,7 +491,7 @@ store.") #:parallel-build? #f ;; The libraries have an empty RUNPATH, but some, such as the versioned - ;; libraries (libdl-2.22.so, etc.) have ld.so marked as NEEDED. Since + ;; libraries (libdl-2.23.so, etc.) have ld.so marked as NEEDED. Since ;; these libraries are always going to be found anyway, just skip ;; RUNPATH checks. #:validate-runpath? #f @@ -545,7 +533,7 @@ store.") "/bin/bash") ;; XXX: Work around "undefined reference to `__stack_chk_guard'". - "libc_cv_ssp=no") + "libc_cv_ssp=no" "libc_cv_ssp_strong=no") #:tests? #f ; XXX #:phases (modify-phases %standard-phases @@ -559,10 +547,6 @@ store.") ;; but cross-base uses it as a native input. (bash (or (assoc-ref inputs "static-bash") (assoc-ref native-inputs "static-bash")))) - ;; Use `pwd', not `/bin/pwd'. - (substitute* "configure" - (("/bin/pwd") "pwd")) - ;; Install the rpc data base file under `$out/etc/rpc'. ;; FIXME: Use installFlags = [ "sysconfdir=$(out)/etc" ]; (substitute* "sunrpc/Makefile" diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm index a3cd18519c..2aa4711ba8 100644 --- a/gnu/packages/bootstrap.scm +++ b/gnu/packages/bootstrap.scm @@ -61,7 +61,7 @@ (define (boot fetch) (lambda* (url hash-algo hash #:optional name #:key system) - (fetch url hash-algo hash + (fetch url hash-algo hash name #:guile %bootstrap-guile #:system system))) diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm index 9eef7a9a71..2b2dce9e9e 100644 --- a/gnu/packages/check.scm +++ b/gnu/packages/check.scm @@ -35,15 +35,15 @@ (define-public check (package (name "check") - (version "0.9.14") + (version "0.10.0") (source (origin (method url-fetch) - (uri (string-append "mirror://sourceforge/check/check/" - version "/check-" version ".tar.gz")) + (uri (string-append "https://github.com/libcheck/check/files/71408/" + "/check-" version ".tar.gz")) (sha256 (base32 - "02l4g79d81s07hzywcv1knwj5dyrwjiq2pgxaz7kidxi8m364wn2")))) + "0lhhywf5nxl3dd0hdakra3aasl590756c9kmvyifb3vgm9k0gxgm")))) (build-system gnu-build-system) (home-page "https://libcheck.github.io/check/") (synopsis "Unit test framework for C") diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm index 1cb1e06993..cac059ec37 100644 --- a/gnu/packages/cmake.scm +++ b/gnu/packages/cmake.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -36,7 +37,7 @@ (define-public cmake (package (name "cmake") - (version "3.3.2") + (version "3.5.0") (source (origin (method url-fetch) (uri (string-append "https://www.cmake.org/files/v" @@ -44,7 +45,7 @@ "/cmake-" version ".tar.gz")) (sha256 (base32 - "08pwy9ip9cgwgynhn5vrjw8drw29gijy1rmziq22n65zds6ifnp7")) + "1yly38mpk2s08b4rglp9xcw5pxalk0whp9hrcg7j8qpxlkc3mj4j")) (patches (search-patches "cmake-fix-tests.patch")))) (build-system gnu-build-system) (arguments diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 6dfe5c9cb7..463f42537c 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -170,6 +170,26 @@ ,cf))))) (inputs %boot0-inputs)))) +(define libstdc++-boot0 + ;; GCC's libcc1 is always built as a shared library (the top-level + ;; 'Makefile.def' forcefully adds --enable-shared) and thus needs to refer + ;; to libstdc++.so. We cannot build libstdc++-5.3 because it relies on + ;; C++14 features missing in our bootstrap compiler. + (let ((lib (package-with-bootstrap-guile (make-libstdc++ gcc-4.9)))) + (package + (inherit lib) + (name "libstdc++-boot0") + (arguments + `(#:guile ,%bootstrap-guile + #:implicit-inputs? #f + + ;; XXX: libstdc++.so NEEDs ld.so for some reason. + #:validate-runpath? #f + + ,@(package-arguments lib))) + (inputs %boot0-inputs) + (native-inputs '())))) + (define gcc-boot0 (package-with-bootstrap-guile (package (inherit gcc) @@ -255,14 +275,13 @@ ("mpc-source" ,(package-source mpc)) ("binutils-cross" ,binutils-boot0) + ;; The libstdc++ that libcc1 links against. + ("libstdc++" ,libstdc++-boot0) + ;; Call it differently so that the builder can check whether ;; the "libc" input is #f. ("libc-native" ,@(assoc-ref %boot0-inputs "libc")) - ,@(alist-delete "libc" %boot0-inputs))) - - ;; No need for Texinfo at this stage. - (native-inputs (alist-delete "texinfo" - (package-native-inputs gcc)))))) + ,@(alist-delete "libc" %boot0-inputs)))))) (define perl-boot0 (let ((perl (package @@ -270,21 +289,24 @@ (name "perl-boot0") (replacement #f) (arguments - (substitute-keyword-arguments (package-arguments perl) - ((#:phases phases) - `(modify-phases ,phases - ;; Pthread support is missing in the bootstrap compiler - ;; (broken spec file), so disable it. - (add-before 'configure 'disable-pthreads - (lambda _ - (substitute* "Configure" - (("^libswanted=(.*)pthread" _ before) - (string-append "libswanted=" before)))))))))))) - (package-with-bootstrap-guile - (package-with-explicit-inputs perl - %boot0-inputs - (current-source-location) - #:guile %bootstrap-guile)))) + ;; At the very least, this must not depend on GCC & co. + (let ((args `(#:disallowed-references + ,(list %bootstrap-binutils)))) + (substitute-keyword-arguments (package-arguments perl) + ((#:phases phases) + `(modify-phases ,phases + ;; Pthread support is missing in the bootstrap compiler + ;; (broken spec file), so disable it. + (add-before 'configure 'disable-pthreads + (lambda _ + (substitute* "Configure" + (("^libswanted=(.*)pthread" _ before) + (string-append "libswanted=" before))))))))))))) + (package-with-bootstrap-guile + (package-with-explicit-inputs perl + %boot0-inputs + (current-source-location) + #:guile %bootstrap-guile)))) (define (linux-libre-headers-boot0) "Return Linux-Libre header files for the bootstrap environment." @@ -306,7 +328,12 @@ ;; Also, use %BOOT0-INPUTS to avoid building Perl once more. (let ((texinfo (package (inherit texinfo) (native-inputs '()) - (inputs `(("perl" ,perl-boot0)))))) + (inputs `(("perl" ,perl-boot0))) + + ;; Some of Texinfo 6.1's tests would fail with "Couldn't + ;; set UTF-8 character type in locale" but we don't have a + ;; UTF-8 locale at this stage, so skip them. + (arguments '(#:tests? #f))))) (package-with-bootstrap-guile (package-with-explicit-inputs texinfo %boot0-inputs (current-source-location) @@ -874,9 +901,9 @@ and binaries, plus debugging symbols in the 'debug' output), and Binutils.") (gcc-toolchain gcc-4.8)) (define-public gcc-toolchain-4.9 - (gcc-toolchain gcc-final)) + (gcc-toolchain gcc-4.9)) (define-public gcc-toolchain-5 - (gcc-toolchain gcc-5)) + (gcc-toolchain gcc-final)) ;;; commencement.scm ends here diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 8043422f8b..e5cacf5ca7 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -131,14 +131,14 @@ adding and extracting files to/from a tar archive.") (define-public gzip (package (name "gzip") - (version "1.6") + (version "1.8") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gzip/gzip-" - version ".tar.gz")) + version ".tar.xz")) (sha256 (base32 - "0zlgdm4v3dndrbiz7b67mbbj25dpwqbmbzjiycssvrfrcfvq7swp")))) + "1lxv3p4iyx7833mlihkn5wfwmz4cys5nybwpz3dfawag8kn6f5zz")))) (build-system gnu-build-system) (synopsis "General file (de)compression (using lzw)") (arguments diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 9aee7b796a..88a784d293 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -350,7 +350,7 @@ types are supported, as is encryption.") (define-public sqlite (package (name "sqlite") - (version "3.10.0") + (version "3.11.1") (source (origin (method url-fetch) ;; TODO: Download from sqlite.org once this bug : @@ -381,7 +381,7 @@ types are supported, as is encryption.") )) (sha256 (base32 - "0hhhv6si0pyf5i8bv7a71953m0b4gk6s3j2h09caf7vif0njkk23")))) + "0xs3gl3kbxqfx2ahrymgcf2n8c8sy37724jr05pncbhw4z8g2gsk")))) (build-system gnu-build-system) (inputs `(("readline" ,readline))) (arguments diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm index 7cd1fcd71d..3668aac19a 100644 --- a/gnu/packages/ed.scm +++ b/gnu/packages/ed.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org> ;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,23 +28,24 @@ (define-public ed (package (name "ed") - (version "1.12") + (version "1.13") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/ed/ed-" version ".tar.lz")) (sha256 (base32 - "0bw0187a311rci58vznvncsj6pfp8bhs5phrlrqn03sa2i1mfrfj")))) + "1ly7i1iw02vbcd0zrx084z577ngxnarffmkm45dg6vndad5carnd")))) (build-system gnu-build-system) (native-inputs `(("lzip" ,lzip))) (arguments '(#:configure-flags '("CC=gcc") - #:phases (alist-cons-before 'patch-source-shebangs 'patch-test-suite - (lambda _ - (substitute* "testsuite/check.sh" - (("/bin/sh") (which "sh")))) - %standard-phases))) + #:phases + (modify-phases %standard-phases + (add-before 'patch-source-shebangs 'patch-test-suite + (lambda _ + (substitute* "testsuite/check.sh" + (("/bin/sh") (which "sh")))))))) (home-page "http://www.gnu.org/software/ed/") (synopsis "Line-oriented text editor") (description diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index 11010b2a47..4ffc3c1b7f 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -89,14 +89,6 @@ (substitute* (find-files "." "^Makefile\\.in$") (("/bin/pwd") "pwd")))) - (add-after 'install 'remove-info.info - (lambda* (#:key outputs #:allow-other-keys) - ;; Remove 'info.info', which is provided by Texinfo <= 6.0. - ;; TODO: Remove this phase when we switch to Texinfo 6.1. - (let ((out (assoc-ref outputs "out"))) - (delete-file - (string-append out "/share/info/info.info.gz")) - #t))) (add-after 'install 'install-site-start ;; Copy guix-emacs.el from Guix and add it to site-start.el. This ;; way, Emacs packages provided by Guix and installed in diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm index 893db56ee5..deb11841da 100644 --- a/gnu/packages/fonts.scm +++ b/gnu/packages/fonts.scm @@ -124,7 +124,7 @@ TrueType (TTF) files.") (define-public font-dejavu (package (name "font-dejavu") - (version "2.34") + (version "2.35") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/dejavu/" @@ -132,7 +132,7 @@ TrueType (TTF) files.") version ".tar.bz2")) (sha256 (base32 - "0pgb0a3ngamidacmrvasg51ck3gp8gn93w6sf1s8snwzx4x2r9yh")))) + "122d35y93r820zhi6d7m9xhakdib10z51v63lnlg67qhhrardmzn")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 5f6ff15935..0ce7e6039d 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -247,10 +247,10 @@ fonts to/from the WOFF2 format.") (assoc-ref %build-inputs "gs-fonts") "/share/fonts") - ;; register fonts from user profile - ;; TODO: Add /run/current-system/profile/share/fonts and remove - ;; the skeleton that works around it from 'default-skeletons'. - "--with-add-fonts=~/.guix-profile/share/fonts" + ;; Register fonts from user and system profiles. + (string-append "--with-add-fonts=" + "~/.guix-profile/share/fonts," + "/run/current-system/profile/share/fonts") ;; python is not actually needed "PYTHON=false") diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index a2b8126872..04d3f93369 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr> @@ -153,7 +153,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC ("libelf" ,libelf) ("zlib" ,zlib))) - ;; GCC is one of the few packages that doesn't ship .info files. + ;; GCC < 5 is one of the few packages that doesn't ship .info files. (native-inputs `(("texinfo" ,texinfo))) (arguments @@ -352,11 +352,14 @@ Go. It also includes runtime support libraries for these languages.") (sha256 (base32 "1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq")) - (patches (search-patches "gcc-5.0-libvtv-runpath.patch")))))) + (patches (search-patches "gcc-5.0-libvtv-runpath.patch" + "gcc-libiberty-printf-decl.patch")))) + ;; GCC 5 ships with .info files, so no need for Texinfo. + (native-inputs '()))) ;; Note: When changing the default gcc version, update ;; the gcc-toolchain-* definitions accordingly. -(define-public gcc gcc-4.9) +(define-public gcc gcc-5) (define-public (make-libstdc++ gcc) "Return a libstdc++ package based on GCC. The primary use case is when diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index d447007260..3f3964e74b 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org> ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org> +;;; Copyright © 2016 Nils Gillmann <ng0@libertad.pw> ;;; ;;; This file is part of GNU Guix. ;;; @@ -72,14 +73,14 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package (name "libgcrypt") - (version "1.6.5") + (version "1.7.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" version ".tar.bz2")) (sha256 (base32 - "0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl")))) + "14pspxwrqcgfklw3dgmywbxqwdzcym7fznfrqh9rk4vl8jkpxrmh")))) (build-system gnu-build-system) (propagated-inputs `(("libgpg-error-host" ,libgpg-error))) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index db64ea0c9b..669ad5b938 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -392,14 +392,14 @@ error-resilience, a Java-viewer for j2k-images, ...") (define-public giflib (package (name "giflib") - (version "5.1.1") + (version "5.1.2") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/giflib/giflib-" (first (string-split version #\.)) ".x/giflib-" version ".tar.bz2")) (sha256 - (base32 "1z1gzq16sdya8xnl5qjc07634kkwj5m0n3bvvj4v9j11xfn1841r")))) + (base32 "0z1adsza46q84chkxwr6x8ph11k117k8nywkzwar6bxhqf2a1h3n")))) (build-system gnu-build-system) (outputs '("bin" ; utility programs "out")) ; library diff --git a/gnu/packages/ld-wrapper.in b/gnu/packages/ld-wrapper.in index c92ed1dcc7..ebfd8332c4 100644 --- a/gnu/packages/ld-wrapper.in +++ b/gnu/packages/ld-wrapper.in @@ -6,12 +6,16 @@ # the shebang line in Linux. # Use `load-compiled' because `load' (and `-l') doesn't otherwise load our # .go file (see <http://bugs.gnu.org/12519>). +# Unset 'GUILE_LOAD_COMPILED_PATH' to make sure we do not stumble upon +# incompatible .go files. See +# <https://lists.gnu.org/archive/html/guile-devel/2016-03/msg00000.html>. +unset GUILE_LOAD_COMPILED_PATH main="(@ (gnu build-support ld-wrapper) ld-wrapper)" exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)))" "$@" !# ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index a26e641342..5f4b041694 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -102,7 +102,7 @@ version "-gnu.tar.xz"))) (define-public linux-libre-headers - (let* ((version "3.14.37") + (let* ((version "4.1.18") (build-phase (lambda (arch) `(lambda _ @@ -140,7 +140,7 @@ (uri (linux-libre-urls version)) (sha256 (base32 - "1blxr2bsvfqi9khj4cpspv434bmx252zak2wsbi2mgl60zh77gza")))) + "1bddh2rg645lavhjkk9z75vflba5y0g73z2fjwgbfrj5jb44x9i7")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (arguments @@ -465,12 +465,11 @@ providing the system administrator with some help in common tasks.") (("build_kill=yes") "build_kill=no")) #t)))) (build-system gnu-build-system) + (outputs '("out" + "static")) ; >2 MiB of static .a libraries (arguments `(#:configure-flags (list "--disable-use-tty-group" - ;; Do not build .a files to save 2 MiB. - "--disable-static" - ;; Install completions where our ;; bash-completion package expects them. (string-append "--with-bashcompletiondir=" @@ -495,6 +494,19 @@ providing the system administrator with some help in common tasks.") (substitute* "tests/ts/misc/mcookie" (("/etc/services") (string-append net "/etc/services"))) + #t))) + (add-after + 'install 'move-static-libraries + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (static (assoc-ref outputs "static"))) + (mkdir-p (string-append static "/lib")) + (with-directory-excursion out + (for-each (lambda (file) + (rename-file file + (string-append static "/" + file))) + (find-files "lib" "\\.a$"))) #t)))))) (inputs `(("zlib" ,zlib) ("ncurses" ,ncurses))) @@ -2516,12 +2528,26 @@ and copy/paste text in the console and in xterm.") (base32 "1znf2zhb56zbmdjk3lq107678xwsqwc5gczspypmc5i31qnppy7f")))) (build-system gnu-build-system) + (outputs '("out" + "static")) ; static versions of binaries in "out" (~16MiB!) (arguments - '(#:test-target "test" + '(#:phases (modify-phases %standard-phases + (add-after 'build 'build-static + (lambda _ (zero? (system* "make" "static")))) + (add-after 'install 'install-static + (let ((staticbin (string-append (assoc-ref %outputs "static") + "/bin"))) + (lambda _ + (zero? (system* "make" + (string-append "bindir=" staticbin) + "install-static")))))) + #:test-target "test" #:parallel-tests? #f)) ; tests fail when run in parallel (inputs `(("e2fsprogs" ,e2fsprogs) ("libblkid" ,util-linux) + ("libblkid:static" ,util-linux "static") ("libuuid" ,util-linux) + ("libuuid:static" ,util-linux "static") ("zlib" ,zlib) ("lzo" ,lzo))) (native-inputs `(("pkg-config" ,pkg-config) diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm index 99243235ad..46540be5c4 100644 --- a/gnu/packages/multiprecision.scm +++ b/gnu/packages/multiprecision.scm @@ -80,13 +80,13 @@ cryptography and computational algebra.") (define-public mpfr (package (name "mpfr") - (version "3.1.3") + (version "3.1.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/mpfr/mpfr-" version ".tar.xz")) (sha256 (base32 - "05jaa5z78lvrayld09nyr0v27c1m5dm9l7kr85v2bj4jv65s0db8")))) + "1x8pcnpn1vxfzfsr0js07rwhwyq27fmdzcfjpzi5773ldnqi653n")))) (build-system gnu-build-system) (outputs '("out" "debug")) (propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h> diff --git a/gnu/packages/patches/expat-CVE-2015-1283.patch b/gnu/packages/patches/expat-CVE-2015-1283.patch deleted file mode 100644 index f9065bea16..0000000000 --- a/gnu/packages/patches/expat-CVE-2015-1283.patch +++ /dev/null @@ -1,89 +0,0 @@ -Copied from Debian. - -Description: fix multiple integer overflows in the XML_GetBuffer function - Multiple integer overflows in the XML_GetBuffer function in Expat through - 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, - allow remote attackers to cause a denial of service (heap-based buffer - overflow) or possibly have unspecified other impact via crafted XML data, - a related issue to CVE-2015-2716. -Origin: Mozilla, https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c -Author: Eric Rahm <erahm@mozilla.com> -Forwarded: not-needed -Last-Update: 2015-07-24 - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -1673,29 +1673,40 @@ XML_ParseBuffer(XML_Parser parser, int l - XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position); - positionPtr = bufferPtr; - return result; - } - - void * XMLCALL - XML_GetBuffer(XML_Parser parser, int len) - { -+/* BEGIN MOZILLA CHANGE (sanity check len) */ -+ if (len < 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - switch (ps_parsing) { - case XML_SUSPENDED: - errorCode = XML_ERROR_SUSPENDED; - return NULL; - case XML_FINISHED: - errorCode = XML_ERROR_FINISHED; - return NULL; - default: ; - } - - if (len > bufferLim - bufferEnd) { -- /* FIXME avoid integer overflow */ - int neededSize = len + (int)(bufferEnd - bufferPtr); -+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */ -+ if (neededSize < 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - #ifdef XML_CONTEXT_BYTES - int keep = (int)(bufferPtr - buffer); - - if (keep > XML_CONTEXT_BYTES) - keep = XML_CONTEXT_BYTES; - neededSize += keep; - #endif /* defined XML_CONTEXT_BYTES */ - if (neededSize <= bufferLim - buffer) { -@@ -1714,17 +1725,25 @@ XML_GetBuffer(XML_Parser parser, int len - } - else { - char *newBuf; - int bufferSize = (int)(bufferLim - bufferPtr); - if (bufferSize == 0) - bufferSize = INIT_BUFFER_SIZE; - do { - bufferSize *= 2; -- } while (bufferSize < neededSize); -+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ -+ } while (bufferSize < neededSize && bufferSize > 0); -+/* END MOZILLA CHANGE */ -+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */ -+ if (bufferSize <= 0) { -+ errorCode = XML_ERROR_NO_MEMORY; -+ return NULL; -+ } -+/* END MOZILLA CHANGE */ - newBuf = (char *)MALLOC(bufferSize); - if (newBuf == 0) { - errorCode = XML_ERROR_NO_MEMORY; - return NULL; - } - bufferLim = newBuf + bufferSize; - #ifdef XML_CONTEXT_BYTES - if (bufferPtr) { - - - - diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch new file mode 100644 index 0000000000..a612c9e00e --- /dev/null +++ b/gnu/packages/patches/gcc-libiberty-printf-decl.patch @@ -0,0 +1,28 @@ +This patch makes the exeception specifier of libiberty's 'asprintf' +and 'vasprintf' declarations match those of glibc to work around the +problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>. + +The problem in part stems from the fact that libiberty is configured +without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1 +is configured and built with _GNU_SOURCE, hence the conflicting declarations. + +--- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200 ++++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200 +@@ -625,7 +625,7 @@ extern int pwait (int, int *, int); + /* Like sprintf but provides a pointer to malloc'd storage, which must + be freed by the caller. */ + +-extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2; ++extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2; + #endif + + /* Like asprintf but allocates memory without fail. This works like +@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, .. + /* Like vsprintf but provides a pointer to malloc'd storage, which + must be freed by the caller. */ + +-extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0); ++extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0); + #endif + + /* Like vasprintf but allocates memory without fail. This works like diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch deleted file mode 100644 index 9a0909af74..0000000000 --- a/gnu/packages/patches/glibc-CVE-2015-7547.patch +++ /dev/null @@ -1,559 +0,0 @@ -Copied from Fedora: -http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584 - -Adapted to apply cleanly to glibc-2.22. - -Index: b/resolv/nss_dns/dns-host.c -=================================================================== ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an - int h_namelen = 0; - - if (ancount == 0) -- return NSS_STATUS_NOTFOUND; -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } - - while (ancount-- > 0 && cp < end_of_message && had_error == 0) - { -@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an - /* Special case here: if the resolver sent a result but it only - contains a CNAME while we are looking for a T_A or T_AAAA record, - we fail with NOTFOUND instead of TRYAGAIN. */ -- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; -+ if (canon != NULL) -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } -+ -+ *h_errnop = NETDB_INTERNAL; -+ return NSS_STATUS_TRYAGAIN; - } - - -@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, - - enum nss_status status = NSS_STATUS_NOTFOUND; - -+ /* Combining the NSS status of two distinct queries requires some -+ compromise and attention to symmetry (A or AAAA queries can be -+ returned in any order). What follows is a breakdown of how this -+ code is expected to work and why. We discuss only SUCCESS, -+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns -+ that apply (though RETURN and MERGE exist). We make a distinction -+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). -+ A recoverable TRYAGAIN is almost always due to buffer size issues -+ and returns ERANGE in errno and the caller is expected to retry -+ with a larger buffer. -+ -+ Lastly, you may be tempted to make significant changes to the -+ conditions in this code to bring about symmetry between responses. -+ Please don't change anything without due consideration for -+ expected application behaviour. Some of the synthesized responses -+ aren't very well thought out and sometimes appear to imply that -+ IPv4 responses are always answer 1, and IPv6 responses are always -+ answer 2, but that's not true (see the implemetnation of send_dg -+ and send_vc to see response can arrive in any order, particlarly -+ for UDP). However, we expect it holds roughly enough of the time -+ that this code works, but certainly needs to be fixed to make this -+ a more robust implementation. -+ -+ ---------------------------------------------- -+ | Answer 1 Status / | Synthesized | Reason | -+ | Answer 2 Status | Status | | -+ |--------------------------------------------| -+ | SUCCESS/SUCCESS | SUCCESS | [1] | -+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | -+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | -+ | SUCCESS/NOTFOUND | SUCCESS | [1] | -+ | SUCCESS/UNAVAIL | SUCCESS | [1] | -+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | -+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | -+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | -+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | -+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | -+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | -+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | -+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | -+ | NOTFOUND/SUCCESS | SUCCESS | [3] | -+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | -+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | -+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | -+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | -+ | UNAVAIL/SUCCESS | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | -+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | -+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | -+ ---------------------------------------------- -+ -+ [1] If the first response is a success we return success. -+ This ignores the state of the second answer and in fact -+ incorrectly sets errno and h_errno to that of the second -+ answer. However because the response is a success we ignore -+ *errnop and *h_errnop (though that means you touched errno on -+ success). We are being conservative here and returning the -+ likely IPv4 response in the first answer as a success. -+ -+ [2] If the first response is a recoverable TRYAGAIN we return -+ that instead of looking at the second response. The -+ expectation here is that we have failed to get an IPv4 response -+ and should retry both queries. -+ -+ [3] If the first response was not a SUCCESS and the second -+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, -+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the -+ result from the second response, otherwise the first responses -+ status is used. Again we have some odd side-effects when the -+ second response is NOTFOUND because we overwrite *errnop and -+ *h_errnop that means that a first answer of NOTFOUND might see -+ its *errnop and *h_errnop values altered. Whether it matters -+ in practice that a first response NOTFOUND has the wrong -+ *errnop and *h_errnop is undecided. -+ -+ [4] If the first response is UNAVAIL we return that instead of -+ looking at the second response. The expectation here is that -+ it will have failed similarly e.g. configuration failure. -+ -+ [5] Testing this code is complicated by the fact that truncated -+ second response buffers might be returned as SUCCESS if the -+ first answer is a SUCCESS. To fix this we add symmetry to -+ TRYAGAIN with the second response. If the second response -+ is a recoverable error we now return TRYAGIN even if the first -+ response was SUCCESS. */ -+ - if (anslen1 > 0) - status = gaih_getanswer_slice(answer1, anslen1, qname, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ - if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND - || (status == NSS_STATUS_TRYAGAIN - /* We want to look at the second answer in case of an -@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ /* Use the second response status in some cases. */ - if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) - status = status2; -+ /* Do not return a truncated second response (unless it was -+ unavoidable e.g. unrecoverable TRYAGAIN). */ -+ if (status == NSS_STATUS_SUCCESS -+ && (status2 == NSS_STATUS_TRYAGAIN -+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) -+ status = NSS_STATUS_TRYAGAIN; - } - - return status; -Index: b/resolv/res_query.c -=================================================================== ---- a/resolv/res_query.c -+++ b/resolv/res_query.c -@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - } -@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - -@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - if (saved_herrno != -1) -Index: b/resolv/res_send.c -=================================================================== ---- a/resolv/res_send.c -+++ b/resolv/res_send.c -@@ -1,3 +1,20 @@ -+/* Copyright (C) 2016 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ <http://www.gnu.org/licenses/>. */ -+ - /* - * Copyright (c) 1985, 1989, 1993 - * The Regents of the University of California. All rights reserved. -@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const - #ifdef USE_HOOKS - if (__glibc_unlikely (statp->qhook || statp->rhook)) { - if (anssiz < MAXPACKET && ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *buf = malloc (MAXPACKET); - if (buf == NULL) - return (-1); -@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend) - - /* Private */ - -+/* The send_vc function is responsible for sending a DNS query over TCP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and -+ IPv6 queries at the same serially on the same socket. -+ -+ Please note that for TCP there is no way to disable sending both -+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP -+ and sends the queries serially and waits for the result after each -+ sent query. This implemetnation should be corrected to honour these -+ options. -+ -+ Please also note that for TCP we send both queries over the same -+ socket one after another. This technically violates best practice -+ since the server is allowed to read the first query, respond, and -+ then close the socket (to service another client). If the server -+ does this, then the remaining second query in the socket data buffer -+ will cause the server to send the client an RST which will arrive -+ asynchronously and the client's OS will likely tear down the socket -+ receive buffer resulting in a potentially short read and lost -+ response data. This will force the client to retry the query again, -+ and this process may repeat until all servers and connection resets -+ are exhausted and then the query will fail. It's not known if this -+ happens with any frequency in real DNS server implementations. This -+ implementation should be corrected to use two sockets by default for -+ parallel queries. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ serially on the same socket. -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message and the rest of the socket data will be read and discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_vc(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -669,11 +759,7 @@ send_vc(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; -- // XXX REMOVE -- // int anssiz = *anssizp; -- HEADER *anhp = (HEADER *) ans; -+ HEADER *anhp = (HEADER *) *ansp; - struct sockaddr *nsap = get_nsaddr (statp, ns); - int truncating, connreset, n; - /* On some architectures compiler might emit a warning indicating -@@ -766,6 +852,8 @@ send_vc(res_state statp, - * Receive length & response - */ - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - uint16_t rlen16; - read_len: -@@ -802,40 +890,14 @@ send_vc(res_state statp, - u_char **thisansp; - int *thisresplenp; - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if __GNUC_PREREQ (4, 7) -- DIAG_PUSH_NEEDS_COMMENT; -- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); --#endif --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif --#if __GNUC_PREREQ (4, 7) -- DIAG_POP_NEEDS_COMMENT; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; -@@ -843,10 +905,14 @@ send_vc(res_state statp, - anhp = (HEADER *) *thisansp; - - *thisresplenp = rlen; -- if (rlen > *thisanssizp) { -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- if (__glibc_likely (anscp != NULL)) { -+ /* Is the answer buffer too small? */ -+ if (*thisanssizp < rlen) { -+ /* If the current buffer is non-NULL and it's not -+ pointing at the static user-supplied buffer then -+ we can reallocate it. */ -+ if (thisansp != NULL && thisansp != ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp == NULL) { - *terrno = ENOMEM; -@@ -858,6 +924,9 @@ send_vc(res_state statp, - if (thisansp == ansp2) - *ansp2_malloced = 1; - anhp = (HEADER *) newp; -+ /* A uint16_t can't be larger than MAXPACKET -+ thus it's safe to allocate MAXPACKET but -+ read RLEN bytes instead. */ - len = rlen; - } else { - Dprint(statp->options & RES_DEBUG, -@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in - return 1; - } - -+/* The send_dg function is responsible for sending a DNS query over UDP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries -+ along with the ability to send the query in parallel for both stacks -+ (default) or serially (RES_SINGLKUP). It also supports serial lookup -+ with a close and reopen of the socket used to talk to the server -+ (RES_SNGLKUPREOP) to work around broken name servers. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message, while the rest of the UDP packet is discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If an answer is truncated because of UDP datagram DNS limits then -+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to -+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 -+ if any progress was made reading a response from the nameserver and -+ is used by the caller to distinguish between ECONNREFUSED and -+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_dg(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -1030,8 +1159,6 @@ send_dg(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; - struct timespec now, timeout, finish; - struct pollfd pfd[1]; - int ptimeout; -@@ -1064,6 +1191,8 @@ send_dg(res_state statp, - int need_recompute = 0; - int nwritten = 0; - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - pfd[0].fd = EXT(statp).nssocks[ns]; - pfd[0].events = POLLOUT; -@@ -1227,55 +1356,56 @@ send_dg(res_state statp, - int *thisresplenp; - - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; - } - - if (*thisanssizp < MAXPACKET -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- && anscp -+ /* If the current buffer is non-NULL and it's not -+ pointing at the static user-supplied buffer then -+ we can reallocate it. */ -+ && (thisansp != NULL && thisansp != ansp) - #ifdef FIONREAD -+ /* Is the size too small? */ - && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 - || *thisanssizp < *thisresplenp) - #endif - ) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp != NULL) { -- *anssizp = MAXPACKET; -- *thisansp = ans = newp; -+ *thisanssizp = MAXPACKET; -+ *thisansp = newp; - if (thisansp == ansp2) - *ansp2_malloced = 1; - } - } -+ /* We could end up with truncation if anscp was NULL -+ (not allowed to change caller's buffer) and the -+ response buffer size is too small. This isn't a -+ reliable way to detect truncation because the ioctl -+ may be an inaccurate report of the UDP message size. -+ Therefore we use this only to issue debug output. -+ To do truncation accurately with UDP we need -+ MSG_TRUNC which is only available on Linux. We -+ can abstract out the Linux-specific feature in the -+ future to detect truncation. */ -+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { -+ Dprint(statp->options & RES_DEBUG, -+ (stdout, ";; response may be truncated (UDP)\n") -+ ); -+ } -+ - HEADER *anhp = (HEADER *) *thisansp; - socklen_t fromlen = sizeof(struct sockaddr_in6); - assert (sizeof(from) <= fromlen); diff --git a/gnu/packages/patches/glibc-locale-incompatibility.patch b/gnu/packages/patches/glibc-locale-incompatibility.patch deleted file mode 100644 index baf30a79a7..0000000000 --- a/gnu/packages/patches/glibc-locale-incompatibility.patch +++ /dev/null @@ -1,23 +0,0 @@ -This patch avoids an assertion failure when incompatible locale data -is encountered: - - https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html - ---- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200 -+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200 -@@ -120,10 +120,11 @@ - _nl_value_type_LC_XYZ array. There are all pointers. */ - switch (category) - { --#define CATTEST(cat) \ -- case LC_##cat: \ -- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \ -- / sizeof (_nl_value_type_LC_##cat[0]))); \ -+#define CATTEST(cat) \ -+ case LC_##cat: \ -+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \ -+ / sizeof (_nl_value_type_LC_##cat[0]))) \ -+ goto puntdata; \ - break - CATTEST (NUMERIC); - CATTEST (TIME); diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm index 24ecf905e0..248242af4d 100644 --- a/gnu/packages/pcre.scm +++ b/gnu/packages/pcre.scm @@ -42,7 +42,8 @@ version "/pcre-" version ".tar.bz2"))) (sha256 (base32 - "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r")))) + "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r")) + (patches (list (search-patch "pcre-CVE-2016-3191.patch"))))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.8 MiB of HTML @@ -50,7 +51,8 @@ ("readline" ,readline) ("zlib" ,zlib))) (arguments - `(#:configure-flags '("--enable-utf" + '(#:disallowed-references ("doc") + #:configure-flags '("--enable-utf" "--enable-pcregrep-libz" "--enable-pcregrep-libbz2" "--enable-pcretest-libreadline" diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index a517581e7d..1b5ca134fe 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -86,15 +86,7 @@ "-Dinstallstyle=lib/perl5" "-Duseshrplib" (string-append "-Dlocincpth=" libc "/include") - (string-append "-Dloclibpth=" libc "/lib") - - ;; Force the library search path to contain only libc - ;; because it is recorded in Config.pm and - ;; Config_heavy.pl; we don't want to keep a reference - ;; to everything that's in $LIBRARY_PATH at build - ;; time (Binutils, bzip2, file, etc.) - (string-append "-Dlibpth=" libc "/lib") - (string-append "-Dplibpth=" libc "/lib")))))) + (string-append "-Dloclibpth=" libc "/lib")))))) (add-before 'strip 'make-shared-objects-writable @@ -105,7 +97,34 @@ (lib (string-append out "/lib"))) (for-each (lambda (dso) (chmod dso #o755)) - (find-files lib "\\.so$")))))))) + (find-files lib "\\.so$"))))) + + (add-after 'install 'remove-extra-references + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (libc (assoc-ref inputs "libc")) + (config1 (car (find-files (string-append out "/lib/perl5") + "^Config_heavy\\.pl$"))) + (config2 (find-files (string-append out "/lib/perl5") + "^Config\\.pm$"))) + ;; Force the library search path to contain only libc because + ;; it is recorded in Config.pm and Config_heavy.pl; we don't + ;; want to keep a reference to everything that's in + ;; $LIBRARY_PATH at build time (GCC, Binutils, bzip2, file, + ;; etc.) + (substitute* config1 + (("^incpth=.*$") + (string-append "incpth='" libc "/include'\n")) + (("^(libpth|plibpth|libspath)=.*$" _ variable) + (string-append variable "='" libc "/lib'\n"))) + + (for-each (lambda (file) + (substitute* config2 + (("libpth => .*$") + (string-append "libpth => '" libc + "/lib',\n")))) + config2) + #t)))))) (native-search-paths (list (search-path-specification (variable "PERL5LIB") (files '("lib/perl5/site_perl"))))) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 7593fc71ac..ef06c89298 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -93,7 +93,7 @@ (define-public python-2 (package (name "python") - (version "2.7.10") + (version "2.7.11") (source (origin (method url-fetch) @@ -101,56 +101,44 @@ version "/Python-" version ".tar.xz")) (sha256 (base32 - "1h7zbrf9pkj29hlm18b10548ch9757f75m64l47sy75rh43p7lqw")) - (patches (search-patches - "python-2.7-search-paths.patch" - "python-2-deterministic-build-info.patch" - "python-2.7-source-date-epoch.patch")))) + "0iiz844riiznsyhhyy962710pz228gmhv8qi3yk4w4jhmx2lqawn")) + (patches (search-patches "python-2.7-search-paths.patch" + "python-2-deterministic-build-info.patch" + "python-2.7-source-date-epoch.patch")) + (modules '((guix build utils))) + ;; suboptimal to delete failing tests here, but if we delete them in the + ;; arguments then we need to make sure to strip out that phase when it + ;; gets inherited by python and python-minimal. + (snippet + '(begin + (for-each delete-file + '("Lib/test/test_compileall.py" + "Lib/test/test_distutils.py" + "Lib/test/test_import.py" + "Lib/test/test_shutil.py" + "Lib/test/test_socket.py" + "Lib/test/test_subprocess.py")) + #t)))) (outputs '("out" "tk")) ;tkinter; adds 50 MiB to the closure (build-system gnu-build-system) (arguments - `(#:tests? #f - ;; 268 tests OK. - ;; 103 tests failed: - ;; test_distutils test_shutil test_signal test_site test_slice - ;; test_smtplib test_smtpnet test_socket test_socketserver - ;; test_softspace test_sort test_spwd test_sqlite test_ssl - ;; test_startfile test_stat test_str test_strftime test_string - ;; test_stringprep test_strop test_strptime test_strtod test_struct - ;; test_structmembers test_structseq test_subprocess test_sunau - ;; test_sunaudiodev test_sundry test_symtable test_syntax test_sys - ;; test_sys_setprofile test_sys_settrace test_sysconfig test_tarfile - ;; test_tcl test_telnetlib test_tempfile test_textwrap test_thread - ;; test_threaded_import test_threadedtempfile test_threading - ;; test_threading_local test_threadsignals test_time test_timeit - ;; test_timeout test_tk test_tokenize test_tools test_trace - ;; test_traceback test_transformer test_ttk_guionly test_ttk_textonly - ;; test_tuple test_typechecks test_ucn test_unary - ;; test_undocumented_details test_unicode test_unicode_file - ;; test_unicodedata test_univnewlines test_univnewlines2k test_unpack - ;; test_urllib test_urllib2 test_urllib2_localnet test_urllib2net - ;; test_urllibnet test_urlparse test_userdict test_userlist - ;; test_userstring test_uu test_uuid test_wait3 test_wait4 - ;; test_warnings test_wave test_weakref test_weakset test_whichdb - ;; test_winreg test_winsound test_with test_wsgiref test_xdrlib - ;; test_xml_etree test_xml_etree_c test_xmllib test_xmlrpc - ;; test_xpickle test_xrange test_zipfile test_zipfile64 - ;; test_zipimport test_zipimport_support test_zlib - ;; 30 tests skipped: + `(;; 356 tests OK. + ;; 6 tests failed: + ;; test_compileall test_distutils test_import test_shutil test_socket + ;; test_subprocess + ;; 39 tests skipped: ;; test_aepack test_al test_applesingle test_bsddb test_bsddb185 ;; test_bsddb3 test_cd test_cl test_codecmaps_cn test_codecmaps_hk - ;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_crypt - ;; test_curses test_dl test_gdb test_gl test_idle test_imageop - ;; test_imgfile test_ioctl test_kqueue test_linuxaudiodev test_macos - ;; test_macostools test_msilib test_nis test_ossaudiodev - ;; test_scriptpackages - ;; 6 skips unexpected on linux2: - ;; test_bsddb test_bsddb3 test_crypt test_gdb test_idle test_ioctl - ;; One of the typical errors: - ;; test_unicode - ;; test test_unicode crashed -- <type 'exceptions.OSError'>: [Errno 2] No - ;; such file or directory + ;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_curses + ;; test_dl test_gdb test_gl test_imageop test_imgfile test_ioctl + ;; test_kqueue test_linuxaudiodev test_macos test_macostools + ;; test_msilib test_ossaudiodev test_scriptpackages test_smtpnet + ;; test_socketserver test_startfile test_sunaudiodev test_timeout + ;; test_tk test_ttk_guionly test_urllib2net test_urllibnet + ;; test_winreg test_winsound test_zipfile64 + ;; 4 skips unexpected on linux2: + ;; test_bsddb test_bsddb3 test_gdb test_ioctl #:test-target "test" #:configure-flags (list "--enable-shared" ;allow embedding @@ -336,8 +324,8 @@ data types.") (lambda (old new) (symlink (string-append python old) (string-append bin "/" new))) - `("python3" ,"pydoc3" ,"idle3") - `("python" ,"pydoc" ,"idle")))))) + '("python3" "pydoc3" "idle3") + '("python" "pydoc" "idle")))))) (synopsis "Wrapper for the Python 3 commands") (description "This package provides wrappers for the commands of Python@tie{}3.x such diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm index 4921b10124..d645ef4bc1 100644 --- a/gnu/packages/texinfo.scm +++ b/gnu/packages/texinfo.scm @@ -32,14 +32,14 @@ (define-public texinfo (package (name "texinfo") - (version "6.0") + (version "6.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/texinfo/texinfo-" version ".tar.xz")) (sha256 (base32 - "1r3i6jyynn6ab45fxw5bms8mflk9ry4qpj6gqyry72vfd5c47fhi")))) + "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c")))) (build-system gnu-build-system) (native-inputs `(("procps" ,procps))) ;one of the tests needs pgrep (inputs `(("ncurses" ,ncurses) @@ -62,18 +62,6 @@ their source and the command-line Info reader. The emphasis of the language is on expressing the content semantically, avoiding physical markup commands.") (license gpl3+))) -(define-public texinfo-6.1 - (package - (inherit texinfo) - (version "6.1") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/texinfo/texinfo-" - version ".tar.xz")) - (sha256 - (base32 - "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c")))))) - (define-public texinfo-5 (package (inherit texinfo) (version "5.2") @@ -105,10 +93,10 @@ is on expressing the content semantically, avoiding physical markup commands.") ;; The idea of this package is to have the standalone Info reader without ;; the dependency on Perl that 'makeinfo' drags. (package - (inherit texinfo-6.1) + (inherit texinfo) (name "info-reader") (arguments - `(#:disallowed-references ,(assoc-ref (package-inputs texinfo-6.1) + `(#:disallowed-references ,(assoc-ref (package-inputs texinfo) "perl") #:modules ((ice-9 ftw) (srfi srfi-1) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 0f4441d70c..4ec0ed7d34 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -122,7 +122,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.4.7") + (version "3.4.9") (source (origin (method url-fetch) (uri @@ -133,7 +133,7 @@ living in the same process.") "/gnutls-" version ".tar.xz")) (sha256 (base32 - "0nifi3mr5jhz608pidkp8cjs4vwfj1m2qczsjrgpnp99615rxgn1")))) + "0gvwyl0kdp1qpzbzp46wqfdzzrmwy9n54sgcjvvm1m1kpanlyna8")))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -216,6 +216,10 @@ required structures.") `(#:parallel-build? #f #:parallel-tests? #f #:test-target "test" + + ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure, + ;; so we explicitly disallow it here. + #:disallowed-references ,(list (canonical-package perl)) #:phases (modify-phases %standard-phases (add-before diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 126e997673..67bca6d894 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -222,7 +222,7 @@ rasterisation.") (define-public libdrm (package (name "libdrm") - (version "2.4.65") + (version "2.4.67") (source (origin (method url-fetch) @@ -232,7 +232,7 @@ rasterisation.") ".tar.bz2")) (sha256 (base32 - "1i4n7mz49l0j4kr0dg9n1j3hlc786ncqgj0v5fci1mz7pp40m5ki")) + "1gnf206zs8dwszvkv4z2hbvh23045z0q29kms127bqrv27hp2nzf")) (patches (search-patches "libdrm-symbol-check.patch")))) (build-system gnu-build-system) (inputs diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index e1f111e329..838ce34364 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com> ;;; @@ -44,15 +44,14 @@ (define-public expat (package (name "expat") - (version "2.1.0") + (version "2.1.1") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/expat/expat/" - version "/expat-" version ".tar.gz")) + version "/expat-" version ".tar.bz2")) (sha256 (base32 - "11pblz61zyxh68s5pdcbhc30ha1b2vfjd83aiwfg4vc15x3hadw2")) - (patches (search-patches "expat-CVE-2015-1283.patch")))) + "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg")))) (build-system gnu-build-system) (home-page "http://www.libexpat.org/") (synopsis "Stream-oriented XML parser library written in C") |