diff options
Diffstat (limited to 'gnu')
26 files changed, 1407 insertions, 64 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 6f93386687..aba73d49d9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -403,6 +403,7 @@ GNU_SYSTEM_MODULES = \ patchdir = $(guilemoduledir)/gnu/packages/patches dist_patch_DATA = \ + gnu/packages/patches/4store-fix-buildsystem.patch \ gnu/packages/patches/abiword-explictly-cast-bools.patch \ gnu/packages/patches/abiword-wmf-version-lookup-fix.patch \ gnu/packages/patches/acl-hurd-path-max.patch \ @@ -640,6 +641,7 @@ dist_patch_DATA = \ gnu/packages/patches/nvi-assume-preserve-path.patch \ gnu/packages/patches/nvi-dbpagesize-binpower.patch \ gnu/packages/patches/nvi-db4.patch \ + gnu/packages/patches/ocaml-CVE-2015-8869.patch \ gnu/packages/patches/ocaml-findlib-make-install.patch \ gnu/packages/patches/openexr-missing-samples.patch \ gnu/packages/patches/openimageio-boost-1.60.patch \ @@ -678,7 +680,9 @@ dist_patch_DATA = \ gnu/packages/patches/plink-1.07-unclobber-i.patch \ gnu/packages/patches/plotutils-libpng-jmpbuf.patch \ gnu/packages/patches/polkit-drop-test.patch \ + gnu/packages/patches/poppler-CVE-2015-8868.patch \ gnu/packages/patches/portaudio-audacity-compat.patch \ + gnu/packages/patches/portmidi-modular-build.patch \ gnu/packages/patches/procmail-ambiguous-getline-debian.patch \ gnu/packages/patches/pt-scotch-build-parallelism.patch \ gnu/packages/patches/pulseaudio-fix-mult-test.patch \ @@ -788,6 +792,11 @@ dist_patch_DATA = \ gnu/packages/patches/wpa-supplicant-CVE-2015-5314.patch \ gnu/packages/patches/wpa-supplicant-CVE-2015-5315.patch \ gnu/packages/patches/wpa-supplicant-CVE-2015-5316.patch \ + gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch \ + gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch \ + gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch \ + gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch \ + gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch \ gnu/packages/patches/xdotool-fix-makefile.patch \ gnu/packages/patches/xf86-video-ark-remove-mibstore.patch \ gnu/packages/patches/xf86-video-ast-remove-mibstore.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 11a2d1622b..d815dfb8b5 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -874,7 +874,12 @@ commands and their arguments.") (search-patches "wpa-supplicant-CVE-2015-5310.patch" "wpa-supplicant-CVE-2015-5314.patch" "wpa-supplicant-CVE-2015-5315.patch" - "wpa-supplicant-CVE-2015-5316.patch")))) + "wpa-supplicant-CVE-2015-5316.patch" + "wpa-supplicant-CVE-2016-4476.patch" + "wpa-supplicant-CVE-2016-4477-pt1.patch" + "wpa-supplicant-CVE-2016-4477-pt2.patch" + "wpa-supplicant-CVE-2016-4477-pt3.patch" + "wpa-supplicant-CVE-2016-4477-pt4.patch")))) (build-system gnu-build-system) (arguments '(#:phases (alist-replace diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 079fd467cc..5c1ad57a80 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -1535,14 +1535,14 @@ data and settings.") (define-public edirect (package (name "edirect") - (version "3.50") + (version "4.10") (source (origin (method url-fetch) - ;; Note: older versions are not retained. - (uri "ftp://ftp.ncbi.nlm.nih.gov/entrez/entrezdirect/edirect.tar.gz") + (uri (string-append "ftp://ftp.ncbi.nlm.nih.gov/entrez/entrezdirect/" + "versions/2016-05-03/edirect.tar.gz")) (sha256 (base32 - "1cr3gzcs3flmgnnbj5iz93vh9w0fca1ilzi2q82cl63ln3mwvpz0")))) + "15zsprak5yh8c1yrz4r1knmb5s8qcmdid4xdhkh3lqcv64l60hli")))) (build-system perl-build-system) (arguments `(#:tests? #f ;no "check" target diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 6dfe5c9cb7..c52b6e8389 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -879,4 +879,7 @@ and binaries, plus debugging symbols in the 'debug' output), and Binutils.") (define-public gcc-toolchain-5 (gcc-toolchain gcc-5)) +(define-public gcc-toolchain-6 + (gcc-toolchain gcc-6)) + ;;; commencement.scm ends here diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm index aa67d21c19..73ac76a48a 100644 --- a/gnu/packages/cross-base.scm +++ b/gnu/packages/cross-base.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -166,34 +167,38 @@ may be either a libc package or #f.)" `(alist-cons-before 'configure 'set-cross-path (lambda* (#:key inputs #:allow-other-keys) - ;; Add the cross Linux headers to CROSS_CPATH, and remove them - ;; from CPATH. + ;; Add the cross Linux headers to CROSS_C_*_INCLUDE_PATH, + ;; and remove them from C_*INCLUDE_PATH. (let ((libc (assoc-ref inputs "libc")) (linux (assoc-ref inputs "xlinux-headers"))) (define (cross? x) ;; Return #t if X is a cross-libc or cross Linux. (or (string-prefix? libc x) (string-prefix? linux x))) - - (setenv "CROSS_CPATH" - (string-append libc "/include:" - linux "/include")) + (let ((cpath (string-append + libc "/include" + ":" linux "/include"))) + (for-each (cut setenv <> cpath) + '("CROSS_C_INCLUDE_PATH" + "CROSS_CPLUS_INCLUDE_PATH" + "CROSS_OBJC_INCLUDE_PATH" + "CROSS_OBJCPLUS_INCLUDE_PATH"))) (setenv "CROSS_LIBRARY_PATH" (string-append libc "/lib")) - - (let ((cpath (search-path-as-string->list - (getenv "C_INCLUDE_PATH"))) - (libpath (search-path-as-string->list - (getenv "LIBRARY_PATH")))) - (setenv "CPATH" - (list->search-path-as-string - (remove cross? cpath) ":")) - (for-each unsetenv - '("C_INCLUDE_PATH" "CPLUS_INCLUDE_PATH")) - (setenv "LIBRARY_PATH" - (list->search-path-as-string - (remove cross? libpath) ":")) - #t))) + (for-each + (lambda (var) + (and=> (getenv var) + (lambda (value) + (let* ((path (search-path-as-string->list value)) + (native-path (list->search-path-as-string + (remove cross? path) ":"))) + (setenv var native-path))))) + '("C_INCLUDE_PATH" + "CPLUS_INCLUDE_PATH" + "OBJC_INCLUDE_PATH" + "OBJCPLUS_INCLUDE_PATH" + "LIBRARY_PATH")) + #t)) ,phases) phases))))))) @@ -259,9 +264,19 @@ GCC that does not target a libc; otherwise, target that libc." (inputs '()) ;; Only search target inputs, not host inputs. + ;; Note: See <http://bugs.gnu.org/22186> for why not 'CPATH'. (search-paths (list (search-path-specification - (variable "CROSS_CPATH") + (variable "CROSS_C_INCLUDE_PATH") + (files '("include"))) + (search-path-specification + (variable "CROSS_CPLUS_INCLUDE_PATH") + (files '("include"))) + (search-path-specification + (variable "CROSS_OBJC_INCLUDE_PATH") + (files '("include"))) + (search-path-specification + (variable "CROSS_OBJCPLUS_INCLUDE_PATH") (files '("include"))) (search-path-specification (variable "CROSS_LIBRARY_PATH") @@ -316,9 +331,13 @@ XBINUTILS and the cross tool chain." `(alist-cons-before 'configure 'set-cross-linux-headers-path (lambda* (#:key inputs #:allow-other-keys) - (let ((linux (assoc-ref inputs "linux-headers"))) - (setenv "CROSS_CPATH" - (string-append linux "/include")) + (let* ((linux (assoc-ref inputs "linux-headers")) + (cpath (string-append linux "/include"))) + (for-each (cut setenv <> cpath) + '("CROSS_C_INCLUDE_PATH" + "CROSS_CPLUS_INCLUDE_PATH" + "CROSS_OBJC_INCLUDE_PATH" + "CROSS_OBJCPLUS_INCLUDE_PATH")) #t)) ,phases)))) diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 9aee7b796a..63ca754688 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -9,6 +9,7 @@ ;;; Copyright © 2015 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Nils Gillmann <niasterisk@grrlz.net> +;;; Copyright © 2016 Roel Janssen <roel@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,8 +28,12 @@ (define-module (gnu packages databases) #:use-module (gnu packages) + #:use-module (gnu packages autotools) + #:use-module (gnu packages avahi) #:use-module (gnu packages bash) #:use-module (gnu packages boost) + #:use-module (gnu packages gettext) + #:use-module (gnu packages glib) #:use-module (gnu packages perl) #:use-module (gnu packages language) #:use-module (gnu packages linux) @@ -40,9 +45,12 @@ #:use-module (gnu packages check) #:use-module (gnu packages algebra) #:use-module (gnu packages curl) + #:use-module (gnu packages cyrus-sasl) #:use-module (gnu packages gnupg) #:use-module (gnu packages python) #:use-module (gnu packages pcre) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages rdf) #:use-module (gnu packages xml) #:use-module (gnu packages bison) #:use-module (gnu packages jemalloc) @@ -58,6 +66,51 @@ #:use-module (srfi srfi-26) #:use-module (ice-9 match)) +(define-public 4store + (package + (name "4store") + (version "1.1.6") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/garlik/4store/archive/v" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 "004fmcf1w75zhc1x3zc6kc97j4jqn2v5nhk6yb3z3cpfrhzi9j50")) + (patches (list (search-patch "4store-fix-buildsystem.patch"))))) + (build-system gnu-build-system) + (native-inputs + `(("perl" ,perl) + ("python" ,python-2) + ("autoconf" ,autoconf) + ("automake" ,automake) + ("gettext" ,gnu-gettext) + ("libtool" ,libtool) + ("pkg-config" ,pkg-config))) + (inputs + `(("glib" ,glib) + ("rasqal" ,rasqal) + ("libxml2" ,libxml2) + ("raptor2" ,raptor2) + ("readline" ,readline) + ("avahi" ,avahi) + ("pcre" ,pcre) + ("cyrus-sasl" ,cyrus-sasl) + ("openssl" ,openssl) + ("util-linux" ,util-linux))) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'configure 'generate-configure + (lambda _ + (zero? (system* "./autogen.sh"))))))) + ;; http://www.4store.org has been down for a while now. + (home-page "https://github.com/garlik/4store") + (synopsis "Clustered RDF storage and query engine") + (description "4store is a RDF/SPARQL store written in C, supporting +either single machines or networked clusters.") + (license gpl3+))) + (define-public gdbm (package (name "gdbm") diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index 34998cea28..55bffe9539 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -2097,7 +2097,7 @@ the chat server psyced with the specific config located at http://lavachat.symlynx.com/unix/") (license license:gpl2+))) -(define-public redeclipse +(define-public red-eclipse (let ((data-sources '(("acerspyro" "0gxxr6nbac918b49x1cp72nw951hqm5m4iyi2shb1612ly384w8q") ("actors" "1jq9q82m6nx07nwpb5cnpdcwa33jrcgg0j2yir8zk6zpnxdmp0il") @@ -2133,7 +2133,7 @@ http://lavachat.symlynx.com/unix/") ("weapons" "1ghn6nfcnd5lyl8dnj22csldvf9hrb32wjzpab4sjjz3iyv0zmr3") ("wicked" "0q9badvg6ix5rhl05s83kw2v6a49jpnbkqk4ls89qahaddfagi8g")))) (package - (name "redeclipse") + (name "red-eclipse") (version "1.5.3") (source (origin (method url-fetch) diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index a2b8126872..c390a6659b 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr> @@ -354,6 +354,19 @@ Go. It also includes runtime support libraries for these languages.") "1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq")) (patches (search-patches "gcc-5.0-libvtv-runpath.patch")))))) +(define-public gcc-6 + (package + (inherit gcc-5) + (version "6.1.0") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/gcc/gcc-" + version "/gcc-" version ".tar.bz2")) + (sha256 + (base32 + "0ld3y4rgimyqgx1nwvzqyl5gr4wzc0ch4akkvsqp3fgbmdfcii09")) + (patches (search-patches "gcc-5.0-libvtv-runpath.patch")))))) + ;; Note: When changing the default gcc version, update ;; the gcc-toolchain-* definitions accordingly. (define-public gcc gcc-4.9) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index d447007260..b7c661257c 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -31,6 +31,7 @@ #:use-module (gnu packages perl) #:use-module (gnu packages pth) #:use-module (gnu packages python) + #:use-module (gnu packages qt) #:use-module (gnu packages readline) #:use-module (gnu packages compression) #:use-module (gnu packages databases) @@ -568,9 +569,9 @@ including tools for signing keys, keyring analysis, and party preparation. (license license:gpl2) (home-page "http://pgp-tools.alioth.debian.org/"))) -(define-public pinentry +(define-public pinentry-tty (package - (name "pinentry") + (name "pinentry-tty") (version "0.9.7") (source (origin (method url-fetch) @@ -580,21 +581,48 @@ including tools for signing keys, keyring analysis, and party preparation. (base32 "1cp7wjqr6nx31mdclr61s2h84ijqjl0ph99kgj4vyawpjj1j1633")))) (build-system gnu-build-system) + (arguments + `(#:configure-flags '("--enable-pinentry-tty"))) (inputs `(("ncurses" ,ncurses) ("libassuan" ,libassuan) - ("libsecret" ,libsecret "out") - ("gtk+" ,gtk+-2) - ("glib" ,glib))) + ("libsecret" ,libsecret "out"))) (native-inputs `(("pkg-config" ,pkg-config))) (home-page "https://gnupg.org/aegypten2/") (synopsis "GnuPG's interface to passphrase input") (description - "Pinentry provides a console and a GTK+ GUI that allows users to -enter a passphrase when `gpg' or `gpg2' is run and needs it.") + "Pinentry provides a console that allows users to enter a passphrase when +@code{gpg} or @code{gpg2} is run and needs it.") (license license:gpl2+))) +(define-public pinentry-gtk2 + (package + (inherit pinentry-tty) + (name "pinentry-gtk2") + (inputs + `(("gtk+" ,gtk+-2) + ("glib" ,glib) + ,@(package-inputs pinentry-tty))) + (description + "Pinentry provides a console and a GTK+ GUI that allows users to enter a +passphrase when @code{gpg} or @code{gpg2} is run and needs it."))) + +(define-public pinentry-qt + (package + (inherit pinentry-tty) + (name "pinentry-qt") + (inputs + `(("qt" ,qt) + ,@(package-inputs pinentry-tty))) + (description + "Pinentry provides a console and a Qt GUI that allows users to enter a +passphrase when @code{gpg} or @code{gpg2} is run and needs it."))) + +(define-public pinentry + (package (inherit pinentry-gtk2) + (name "pinentry"))) + (define-public paperkey (package (name "paperkey") diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index c94f2e4b28..fbee1a3fb3 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -859,3 +859,193 @@ build process and its dependencies, whereas Make uses Makefile format.") compression in pure Java. Single-threaded streamed compression and decompression and random access decompression have been fully implemented.") (license license:public-domain))) + +;; java-hamcrest-core uses qdox version 1.12. We package this version instead +;; of the latest release. +(define-public java-qdox-1.12 + (package + (name "java-qdox") + (version "1.12.1") + (source (origin + (method url-fetch) + (uri (string-append "http://central.maven.org/maven2/" + "com/thoughtworks/qdox/qdox/" version + "/qdox-" version "-sources.jar")) + (sha256 + (base32 + "0hlfbqq2avf5s26wxkksqmkdyk6zp9ggqn37c468m96mjv0n9xfl")))) + (build-system ant-build-system) + (arguments + `(;; Tests require junit + #:tests? #f + #:jar-name "qdox.jar" + #:phases + (modify-phases %standard-phases + (replace 'unpack + (lambda* (#:key source #:allow-other-keys) + (mkdir "src") + (with-directory-excursion "src" + (zero? (system* "jar" "-xf" source))))) + ;; At this point we don't have junit, so we must remove the API + ;; tests. + (add-after 'unpack 'delete-tests + (lambda _ + (delete-file-recursively "src/com/thoughtworks/qdox/junit") + #t))))) + (home-page "http://qdox.codehaus.org/") + (synopsis "Parse definitions from Java source files") + (description + "QDox is a high speed, small footprint parser for extracting +class/interface/method definitions from source files complete with JavaDoc +@code{@tags}. It is designed to be used by active code generators or +documentation tools.") + (license license:asl2.0))) + +(define-public java-jarjar + (package + (name "java-jarjar") + (version "1.4") + (source (origin + (method url-fetch) + (uri (string-append + "https://storage.googleapis.com/google-code-archive-downloads/v2/" + "code.google.com/jarjar/jarjar-src-" version ".zip")) + (sha256 + (base32 + "1v8irhni9cndcw1l1wxqgry013s2kpj0qqn57lj2ji28xjq8ndjl")))) + (build-system ant-build-system) + (arguments + `(;; Tests require junit, which ultimately depends on this package. + #:tests? #f + #:build-target "jar" + #:phases + (modify-phases %standard-phases + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((target (string-append (assoc-ref outputs "out") + "/share/java"))) + (install-file (string-append "dist/jarjar-" ,version ".jar") + target)) + #t))))) + (native-inputs + `(("unzip" ,unzip))) + (home-page "https://code.google.com/archive/p/jarjar/") + (synopsis "Repackage Java libraries") + (description + "Jar Jar Links is a utility that makes it easy to repackage Java +libraries and embed them into your own distribution. Jar Jar Links includes +an Ant task that extends the built-in @code{jar} task.") + (license license:asl2.0))) + +(define-public java-hamcrest-core + (package + (name "java-hamcrest-core") + (version "1.3") + (source (origin + (method url-fetch) + (uri (string-append "https://hamcrest.googlecode.com/files/" + "hamcrest-" version ".tgz")) + (sha256 + (base32 + "1hi0jv0zrgsf4l25aizxrgvxpsrmdklsmvw0jzwz7zv9s108whn6")) + (modules '((guix build utils))) + (snippet + '(begin + ;; Delete bundled jar archives. + (for-each delete-file (find-files "." "\\.jar$")) + #t)))) + (build-system ant-build-system) + (arguments + `(#:tests? #f ; Tests require junit + #:make-flags (list (string-append "-Dversion=" ,version)) + #:build-target "core" + #:phases + (modify-phases %standard-phases + ;; Disable unit tests, because they require junit, which requires + ;; hamcrest-core. We also give a fixed value to the "Built-Date" + ;; attribute from the manifest for reproducibility. + (add-before 'configure 'patch-build.xml + (lambda _ + (substitute* "build.xml" + (("unit-test, ") "") + (("\\$\\{build.timestamp\\}") "guix")) + #t)) + ;; Java's "getMethods()" returns methods in an unpredictable order. + ;; To make the output of the generated code deterministic we must + ;; sort the array of methods. + (add-after 'unpack 'make-method-order-deterministic + (lambda _ + (substitute* "hamcrest-generator/src/main/java/org/hamcrest/generator/ReflectiveFactoryReader.java" + (("import java\\.util\\.Iterator;" line) + (string-append line "\n" + "import java.util.Arrays; import java.util.Comparator;")) + (("allMethods = cls\\.getMethods\\(\\);" line) + (string-append "_" line + " +private Method[] getSortedMethods() { + Arrays.sort(_allMethods, new Comparator<Method>() { + @Override + public int compare(Method a, Method b) { + return a.toString().compareTo(b.toString()); + } + }); + return _allMethods; +} + +private Method[] allMethods = getSortedMethods();"))))) + (add-before 'build 'do-not-use-bundled-qdox + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "build.xml" + (("lib/generator/qdox-1.12.jar") + (string-append (assoc-ref inputs "java-qdox-1.12") + "/share/java/qdox.jar"))) + #t)) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (install-file (string-append "build/hamcrest-core-" + ,version ".jar") + (string-append (assoc-ref outputs "out") + "/share/java"))))))) + (native-inputs + `(("java-qdox-1.12" ,java-qdox-1.12) + ("java-jarjar" ,java-jarjar))) + (home-page "http://hamcrest.org/") + (synopsis "Library of matchers for building test expressions") + (description + "This package provides a library of matcher objects (also known as +constraints or predicates) allowing @code{match} rules to be defined +declaratively, to be used in other frameworks. Typical scenarios include +testing frameworks, mocking libraries and UI validation rules.") + (license license:bsd-2))) + +(define-public java-junit + (package + (name "java-junit") + (version "4.12") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/junit-team/junit/" + "archive/r" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "090dn5v1vs0b3acyaqc0gjf6p8lmd2h24wfzsbq7sly6b214anws")) + (modules '((guix build utils))) + (snippet + '(begin + ;; Delete bundled jar archives. + (delete-file-recursively "lib") + #t)))) + (build-system ant-build-system) + (arguments + `(#:tests? #f ; no tests + #:jar-name "junit.jar")) + (inputs + `(("java-hamcrest-core" ,java-hamcrest-core))) + (home-page "http://junit.org/") + (synopsis "Test framework for Java") + (description + "JUnit is a simple framework to write repeatable tests for Java projects. +JUnit provides assertions for testing expected results, test fixtures for +sharing common test data, and test runners for running tests.") + (license license:epl1.0))) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index a26e641342..aa778beefb 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -1203,11 +1203,31 @@ devices. It replaces 'iwconfig', which is deprecated.") (base32 "0nlwazxbnn0k6q5f5b09wdhw0f194lpzkp3l7vxansqhfczmcyx8")))) (build-system gnu-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + ;; TODO: Patch some hardcoded "wlan0" in calibrate/calibrate.cpp to + ;; allow calibrating the network interface in GuixSD. + (add-after 'unpack 'patch-absolute-file-names + (lambda* (#:key inputs #:allow-other-keys) + (let ((kmod (assoc-ref inputs "kmod"))) + (substitute* (find-files "src" "\\.cpp$") + ;; Give the right 'modprobe' file name so that essential + ;; modules such as msr.ko can be loaded. + (("/sbin/modprobe") (string-append kmod "/bin/modprobe")) + ;; These programs are only needed to calibrate, so using + ;; relative file names avoids adding extra inputs. When they + ;; are missing powertop gracefully handles it. + (("/usr/bin/hcitool") "hcitool") + (("/usr/bin/xset") "xset") + (("/usr/sbin/hciconfig") "hciconfig")) + #t)))))) (inputs - `(("zlib" ,zlib) - ("pciutils" ,pciutils) + `(("kmod" ,kmod) + ("libnl" ,libnl) ("ncurses" ,ncurses) - ("libnl" ,libnl))) + ("pciutils" ,pciutils) + ("zlib" ,zlib))) (native-inputs `(("pkg-config" ,pkg-config))) (home-page "https://01.org/powertop/") diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index d37897da20..9ba7138f88 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -59,6 +59,7 @@ #:use-module (gnu packages less) #:use-module (gnu packages lisp) #:use-module (gnu packages gnome) + #:use-module (gnu packages guile) #:use-module (gnu packages xorg) #:use-module (gnu packages gl) #:use-module (gnu packages m4) @@ -430,6 +431,44 @@ extremely large and complex data collections.") (license (license:x11-style "http://www.hdfgroup.org/ftp/HDF5/current/src/unpacked/COPYING")))) +(define-public nlopt + (package + (name "nlopt") + (version "2.4.2") + (source (origin + (method url-fetch) + (uri (string-append "http://ab-initio.mit.edu/nlopt/nlopt-" + version ".tar.gz")) + (sha256 + (base32 "12cfkkhcdf4zmb6h7y6qvvdvqjs2xf9sjpa3rl3bq76px4yn76c0")))) + (build-system gnu-build-system) + (arguments + `(;; Shared libraries are not built by default. They are required to + ;; build the Guile, Octave, and Python bindings. + #:configure-flags '("--enable-shared") + + #:phases + (modify-phases %standard-phases + (add-before 'configure 'set-libnlopt-file-name + (lambda* (#:key outputs #:allow-other-keys) + ;; Make sure the Scheme module refers to the library by its + ;; absolute file name (we cannot do that from a snippet + ;; because the expansion of @libdir@ contains + ;; ${exec_prefix}.) + (let ((out (assoc-ref outputs "out"))) + (substitute* "swig/nlopt.scm.in" + (("libnlopt") + (string-append out "/lib/libnlopt"))) + #t)))))) + (inputs `(("guile" ,guile-2.0))) + (native-inputs `(("pkg-config" ,pkg-config))) + (home-page "http://ab-initio.mit.edu/wiki/") + (synopsis "Library for nonlinear optimization") + (description "NLopt is a library for nonlinear optimization, providing a +common interface for a number of different free optimization routines available +online as well as original implementations of various other algorithms.") + (license license:lgpl2.1+))) + ;; For a fully featured Octave, users are strongly recommended also to install ;; the following packages: texinfo, less, ghostscript, gnuplot. diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm index fbe84f58b2..a79efc3366 100644 --- a/gnu/packages/messaging.scm +++ b/gnu/packages/messaging.scm @@ -91,16 +91,37 @@ keys, no previous conversation is compromised.") (home-page "https://otr.cypherpunks.ca/") (license (list lgpl2.1 gpl2)))) +;; These patches together fix https://github.com/bitlbee/bitlbee/pull/55, are +;; already upstream, and should be unnecessary when the next bitlbee comes +;; out. +(define %bitlbee-buddy-nick-change-patch + (origin + (method url-fetch) + (uri "https://github.com/bitlbee/bitlbee/commit/a42fda42.patch") + (sha256 + (base32 + "1mzjhcdn0rxir5mzgqz9kv142ai38p1iq2lajqx89wb7x0bp51zx")))) +(define %bitlbee-always-use-nicks-patch + (origin + (method url-fetch) + (uri "https://github.com/bitlbee/bitlbee/commit/3320d6d9.patch") + (sha256 + (base32 + "14d9kb5zdzh5hzakdvrbviz83rix0j2lq9rzb58b2fn92fp8yixd")))) + (define-public bitlbee (package (name "bitlbee") - (version "3.4.1") + (version "3.4.2") (source (origin (method url-fetch) (uri (string-append "https://get.bitlbee.org/src/bitlbee-" version ".tar.gz")) (sha256 - (base32 "1qf0ypa9ba5jvsnpg9slmaran16hcc5fnfzbb1sdch1hjhchn2jh")))) + (base32 "0mza8lnfwibmklz8hdzg4f7p83hblf4h6fbf7d732kzpvra5bj39")) + (patches + (list %bitlbee-buddy-nick-change-patch + %bitlbee-always-use-nicks-patch)))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config) ("check" ,check))) diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm index 346fefccdb..935e6e444c 100644 --- a/gnu/packages/music.scm +++ b/gnu/packages/music.scm @@ -825,6 +825,13 @@ mixing, FFT scopes, MIDI automation and full scriptability in Scheme.") (string-prefix? "i686" system))) (substitute* "bristol/Makefile.in" (("-msse -mfpmath=sse") ""))) + #t)) + ;; We know that Bristol has been linked with JACK and we don't have + ;; ldd, so we can just skip this check. + (add-after 'unpack 'do-not-grep-for-jack + (lambda _ + (substitute* "bin/startBristol.in" + (("ldd `which bristol` | grep jack") "echo guix")) #t))))) (inputs `(("alsa-lib" ,alsa-lib) @@ -952,6 +959,70 @@ programming methods as well as for realizing complex systems for large-scale projects.") (license license:bsd-3))) +(define-public portmidi + (package + (name "portmidi") + (version "217") + (source (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/portmedia/portmidi/" + version "/portmidi-src-" version ".zip")) + (sha256 + (base32 + "03rfsk7z6rdahq2ihy5k13qjzgx757f75yqka88v3gc0pn9ais88")) + (patches (list (search-patch "portmidi-modular-build.patch"))))) + (build-system cmake-build-system) + (arguments + `(#:tests? #f ; tests cannot be linked + #:configure-flags + (list "-DPORTMIDI_ENABLE_JAVA=Off" + "-DCMAKE_BUILD_TYPE=Release" ; needed to have PMALSA set + "-DPORTMIDI_ENABLE_TEST=Off"))) ; tests fail linking + (inputs + `(("alsa-lib" ,alsa-lib))) + (native-inputs + `(("unzip" ,unzip))) + (home-page "http://portmedia.sourceforge.net/portmidi/") + (synopsis "Library for MIDI I/O") + (description + "PortMidi is a library supporting real-time input and output of MIDI data +using a system-independent interface.") + (license license:expat))) + +(define-public python-pyportmidi + (package + (name "python-pyportmidi") + (version (package-version portmidi)) + (source (package-source portmidi)) + (build-system python-build-system) + (arguments + `(#:tests? #f ; no tests included + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'enter-dir + (lambda _ (chdir "pm_python") #t)) + (add-after 'enter-dir 'fix-setup.py + (lambda _ + (substitute* "setup.py" + ;; Use Python 3 syntax + (("print (\".*\")" _ text) + (string-append "print(" text ")\n")) + ;; TODO.txt and CHANGES.txt don't exist + (("CHANGES =.*") "CHANGES = \"\"\n") + (("TODO =.*") "TODO = \"\"\n")) + #t))))) + (inputs + `(("portmidi" ,portmidi) + ("alsa-lib" ,alsa-lib) + ("python-cython" ,python-cython))) + (native-inputs + `(("unzip" ,unzip))) + (home-page "http://portmedia.sourceforge.net/portmidi/") + (synopsis "Python bindings to PortMidi") + (description + "This package provides Python bindings to the PortMidi library.") + (license license:expat))) + (define-public frescobaldi (package (name "frescobaldi") @@ -967,8 +1038,10 @@ projects.") (build-system python-build-system) (inputs `(("lilypond" ,lilypond) + ("portmidi" ,portmidi) ("python-pyqt-4" ,python-pyqt-4) ("python-ly" ,python-ly) + ("python-pyportmidi" ,python-pyportmidi) ("poppler" ,poppler) ("python-poppler-qt4" ,python-poppler-qt4) ("python-sip" ,python-sip))) diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index 5d489532f7..434fb132bb 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -60,7 +60,8 @@ "/ocaml-" version ".tar.xz")) (sha256 (base32 - "1qwwvy8nzd87hk8rd9sm667nppakiapnx4ypdwcrlnav2dz6kil3")))) + "1qwwvy8nzd87hk8rd9sm667nppakiapnx4ypdwcrlnav2dz6kil3")) + (patches (search-patches "ocaml-CVE-2015-8869.patch")))) (build-system gnu-build-system) (native-search-paths (list (search-path-specification diff --git a/gnu/packages/patches/4store-fix-buildsystem.patch b/gnu/packages/patches/4store-fix-buildsystem.patch new file mode 100644 index 0000000000..383baa9461 --- /dev/null +++ b/gnu/packages/patches/4store-fix-buildsystem.patch @@ -0,0 +1,56 @@ +This patch sets a fixed version to avoid needing Git and the .git/ folder. +It also removes the creation of "/var/lib/4store", which is not available +during the install phase in GNU Guix. + +Patch by Roel Janssen <roel@gnu.org> +*** a/configure.ac Wed Feb 4 19:05:24 2015 +--- b/configure.ac Wed Mar 23 11:20:38 2016 +*************** +*** 2,13 **** + # Process this file with autoconf to produce a configure script. + + AC_PREREQ([2.50]) +! AC_INIT([4store], m4_esyscmd([./version.sh .version]), [http://4store.org/support/], [4store]) + AC_CONFIG_SRCDIR([src/backend/backend-intl.h]) +! AM_INIT_AUTOMAKE([1.7 std-options -Wall]) + AC_CONFIG_HEADERS(4store-config.h) + + # Checks for programs. + AC_PROG_LIBTOOL + AC_PROG_AWK + AC_PROG_CC +--- 2,14 ---- + # Process this file with autoconf to produce a configure script. + + AC_PREREQ([2.50]) +! AC_INIT([4store], [1.1.6], [http://4store.org/support/], [4store]) + AC_CONFIG_SRCDIR([src/backend/backend-intl.h]) +! AM_INIT_AUTOMAKE([1.7 std-options foreign -Wall]) + AC_CONFIG_HEADERS(4store-config.h) + + # Checks for programs. ++ AM_PROG_AR + AC_PROG_LIBTOOL + AC_PROG_AWK + AC_PROG_CC + +*** a/src/utilities/Makefile.am Wed Feb 4 19:05:24 2015 +--- b/src/utilities/Makefile.am Wed Mar 23 14:05:56 2016 +*************** +*** 13,20 **** + noinst_PROGRAMS = lex-file-verify 4s-rid + + install-data-local: +! mkdir -p $(DESTDIR)@FS_STORE_ROOT@ +! chmod 1777 $(DESTDIR)@FS_STORE_ROOT@ + + 4s_backend_destroy_SOURCES = backend-destroy.c + 4s_backend_destroy_LDADD = ../common/lib4sintl.a +--- 13,19 ---- + noinst_PROGRAMS = lex-file-verify 4s-rid + + install-data-local: +! echo "Please create the following directory: " $(DESTDIR)@FS_STORE_ROOT@ + + 4s_backend_destroy_SOURCES = backend-destroy.c + 4s_backend_destroy_LDADD = ../common/lib4sintl.a diff --git a/gnu/packages/patches/gcc-cross-environment-variables.patch b/gnu/packages/patches/gcc-cross-environment-variables.patch index 0bd0be5984..ec4378e2d2 100644 --- a/gnu/packages/patches/gcc-cross-environment-variables.patch +++ b/gnu/packages/patches/gcc-cross-environment-variables.patch @@ -1,9 +1,23 @@ Search path environment variables for cross-compilers. See the discussion at <http://gcc.gnu.org/ml/gcc/2013-02/msg00124.html>. ---- gcc-4.7.2/gcc/incpath.c 2012-01-27 00:34:58.000000000 +0100 -+++ gcc-4.7.2/gcc/incpath.c 2013-02-12 10:11:27.000000000 +0100 -@@ -452,7 +452,7 @@ register_include_chains (cpp_reader *pfi +Note: Touch 'C_INCLUDE_PATH' et al. rather than 'CPATH', as discussed +at <http://bugs.gnu.org/22186>. + +--- a/gcc/incpath.c ++++ b/gcc/incpath.c +@@ -461,8 +461,8 @@ register_include_chains (cpp_reader *pfile, const char *sysroot, + int stdinc, int cxx_stdinc, int verbose) + { + static const char *const lang_env_vars[] = +- { "C_INCLUDE_PATH", "CPLUS_INCLUDE_PATH", +- "OBJC_INCLUDE_PATH", "OBJCPLUS_INCLUDE_PATH" }; ++ { "CROSS_C_INCLUDE_PATH", "CROSS_CPLUS_INCLUDE_PATH", ++ "CROSS_OBJC_INCLUDE_PATH", "CROSS_OBJCPLUS_INCLUDE_PATH" }; + cpp_options *cpp_opts = cpp_get_options (pfile); + size_t idx = (cpp_opts->objc ? 2: 0); + +@@ -473,7 +473,7 @@ register_include_chains (cpp_reader *pfile, const char *sysroot, /* CPATH and language-dependent environment variables may add to the include chain. */ @@ -12,20 +26,22 @@ at <http://gcc.gnu.org/ml/gcc/2013-02/msg00124.html>. add_env_var_paths (lang_env_vars[idx], SYSTEM); target_c_incpath.extra_pre_includes (sysroot, iprefix, stdinc); - ---- gcc-4.7.2/gcc/system.h 2012-02-17 00:16:28.000000000 +0100 -+++ gcc-4.7.2/gcc/system.h 2013-02-12 10:22:17.000000000 +0100 -@@ -1023,4 +1023,6 @@ helper_const_non_const_cast (const char - #define DEBUG_VARIABLE - #endif +diff --git a/gcc/system.h b/gcc/system.h +index 42bc509..af3b9ad 100644 +--- a/gcc/system.h ++++ b/gcc/system.h +@@ -1063,4 +1063,6 @@ helper_const_non_const_cast (const char *p) + /* Get definitions of HOST_WIDE_INT and HOST_WIDEST_INT. */ + #include "hwint.h" +#define LIBRARY_PATH_ENV "CROSS_LIBRARY_PATH" + #endif /* ! GCC_SYSTEM_H */ - ---- gcc-4.7.2/gcc/tlink.c 2012-02-11 09:50:23.000000000 +0100 -+++ gcc-4.7.2/gcc/tlink.c 2013-05-23 22:06:19.000000000 +0200 -@@ -461,7 +461,7 @@ recompile_files (void) +diff --git a/gcc/tlink.c b/gcc/tlink.c +index bc358b8..ad6242f 100644 +--- a/gcc/tlink.c ++++ b/gcc/tlink.c +@@ -458,7 +458,7 @@ recompile_files (void) file *f; putenv (xstrdup ("COMPILER_PATH=")); @@ -34,10 +50,11 @@ at <http://gcc.gnu.org/ml/gcc/2013-02/msg00124.html>. while ((f = file_pop ()) != NULL) { - ---- gcc-4.7.3/gcc/gcc.c 2013-03-08 08:25:09.000000000 +0100 -+++ gcc-4.7.3/gcc/gcc.c 2013-05-24 08:58:16.000000000 +0200 -@@ -3726,7 +3726,7 @@ process_command (unsigned int decoded_op +diff --git a/gcc/gcc.c b/gcc/gcc.c +index adbf0c4..70448c6 100644 +--- a/gcc/gcc.c ++++ b/gcc/gcc.c +@@ -3853,7 +3853,7 @@ process_command (unsigned int decoded_options_count, } temp = getenv (LIBRARY_PATH_ENV); diff --git a/gnu/packages/patches/ocaml-CVE-2015-8869.patch b/gnu/packages/patches/ocaml-CVE-2015-8869.patch new file mode 100644 index 0000000000..0a4cb34d25 --- /dev/null +++ b/gnu/packages/patches/ocaml-CVE-2015-8869.patch @@ -0,0 +1,72 @@ +Adapted from upstream commit 659615c7b100a89eafe6253e7a5b9d84d0e8df74, +this patch omits the upstream changes to 'Changes' and 'VERSION'. + +http://seclists.org/oss-sec/2016/q2/170 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869 +https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74 +--- + byterun/alloc.c | 4 ++-- + byterun/intern.c | 2 +- + byterun/str.c | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/byterun/alloc.c b/byterun/alloc.c +index 96a21bf..0db9947 100644 +--- a/byterun/alloc.c ++++ b/byterun/alloc.c +@@ -153,7 +153,7 @@ CAMLexport int caml_convert_flag_list(value list, int *flags) + /* [size] is a [value] representing number of words (fields) */ + CAMLprim value caml_alloc_dummy(value size) + { +- mlsize_t wosize = Int_val(size); ++ mlsize_t wosize = Long_val(size); + + if (wosize == 0) return Atom(0); + return caml_alloc (wosize, 0); +@@ -169,7 +169,7 @@ CAMLprim value caml_alloc_dummy_function(value size,value arity) + /* [size] is a [value] representing number of floats. */ + CAMLprim value caml_alloc_dummy_float (value size) + { +- mlsize_t wosize = Int_val(size) * Double_wosize; ++ mlsize_t wosize = Long_val(size) * Double_wosize; + + if (wosize == 0) return Atom(0); + return caml_alloc (wosize, 0); +diff --git a/byterun/intern.c b/byterun/intern.c +index 89d13d1..7b8d049 100644 +--- a/byterun/intern.c ++++ b/byterun/intern.c +@@ -291,7 +291,7 @@ static void intern_rec(value *dest) + case OFreshOID: + /* Refresh the object ID */ + /* but do not do it for predefined exception slots */ +- if (Int_val(Field((value)dest, 1)) >= 0) ++ if (Long_val(Field((value)dest, 1)) >= 0) + caml_set_oo_id((value)dest); + /* Pop item and iterate */ + sp--; +diff --git a/byterun/str.c b/byterun/str.c +index 5ad4e29..885772f 100644 +--- a/byterun/str.c ++++ b/byterun/str.c +@@ -266,7 +266,7 @@ CAMLprim value caml_string_greaterequal(value s1, value s2) + CAMLprim value caml_blit_string(value s1, value ofs1, value s2, value ofs2, + value n) + { +- memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Int_val(n)); ++ memmove(&Byte(s2, Long_val(ofs2)), &Byte(s1, Long_val(ofs1)), Long_val(n)); + return Val_unit; + } + +@@ -278,7 +278,7 @@ CAMLprim value caml_fill_string(value s, value offset, value len, value init) + + CAMLprim value caml_bitvect_test(value bv, value n) + { +- int pos = Int_val(n); ++ intnat pos = Long_val(n); + return Val_int(Byte_u(bv, pos >> 3) & (1 << (pos & 7))); + } + +-- +2.7.4 + diff --git a/gnu/packages/patches/portmidi-modular-build.patch b/gnu/packages/patches/portmidi-modular-build.patch new file mode 100644 index 0000000000..25e64ae317 --- /dev/null +++ b/gnu/packages/patches/portmidi-modular-build.patch @@ -0,0 +1,325 @@ +We took this patch from Gentoo to break apart the portmidi build, so that we +can disable the Java parts and cleanly disable the tests which fail to link +(possibly because they are linked before “-lportmidi” is available). The +patch was downloaded from here: + +https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/portmidi/files/portmidi-217-cmake.patch?id=56bd759df1d0c750a065b8c845e93d5dfa6b549d + +--- portmidi/CMakeLists.txt ++++ portmidi/CMakeLists.txt +@@ -9,12 +9,11 @@ + set(CMAKE_BUILD_TYPE Release CACHE STRING + "Semicolon-separate list of supported configuration types") + # set default directories but don't override cached values... +- set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE} ++ set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + CACHE STRING "libraries go here") +- set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE} ++ set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + CACHE STRING "libraries go here") +- set(CMAKE_RUNTIME_OUTPUT_DIRECTORY +- ${CMAKE_CACHEFILE_DIR}/${CMAKE_BUILD_TYPE} ++ set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + CACHE STRING "executables go here") + + else(UNIX) +@@ -68,10 +67,20 @@ + include_directories(pm_common porttime) + add_subdirectory(pm_common) + +-add_subdirectory(pm_test) ++option(PORTMIDI_ENABLE_JAVA "Enable Java bindings support" ON) ++option(PORTMIDI_ENABLE_STATIC "Build and install static libraries" OFF) ++option(PORTMIDI_ENABLE_TEST "Build test programs" ON) ++ ++if(PORTMIDI_ENABLE_TEST) ++ add_subdirectory(pm_test) ++endif(PORTMIDI_ENABLE_TEST) + + add_subdirectory(pm_dylib) + + # Cannot figure out how to make an xcode Java application with CMake +-add_subdirectory(pm_java) ++if(PORTMIDI_ENABLE_JAVA) ++ set(JAR_INSTALL_DIR share/java ++ CACHE STRING "Define directory name for jar installation") ++ add_subdirectory(pm_java) ++endif(PORTMIDI_ENABLE_JAVA) + +--- portmidi/pm_common/CMakeLists.txt ++++ portmidi/pm_common/CMakeLists.txt +@@ -44,9 +44,6 @@ + + # first include the appropriate system-dependent file: + if(UNIX) +- # add the -g switch for Linux and Mac OS X (not used in Win32) +- set (CMAKE_C_FLAGS_DEBUG "-g ${CMAKE_C_FLAGS_DEBUG}" +- CACHE STRING "enable extra checks for debugging" FORCE) + if(APPLE) + set(MACSRC pmmacosxcm pmmac readbinaryplist finddefault) + prepend_path(LIBSRC ../pm_mac/ ${MACSRC}) +@@ -62,19 +59,23 @@ + ${COREMIDI_LIB} ${CORESERVICES_LIB} + CACHE INTERNAL "") + +- set(JAVAVM_LIB "${FRAMEWORK_PATH}/JavaVM.framework") +- set(JAVA_INCLUDE_PATHS ${JAVAVM_LIB}/Headers) ++ if(PORTMIDI_ENABLE_JAVA) ++ set(JAVAVM_LIB "${FRAMEWORK_PATH}/JavaVM.framework") ++ set(JAVA_INCLUDE_PATHS ${JAVAVM_LIB}/Headers) ++ endif(PORTMIDI_ENABLE_JAVA) + message(STATUS "SYSROOT: " ${CMAKE_OSX_SYSROOT}) + else(APPLE) + # LINUX settings... +- include(FindJNI) +- message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH}) +- message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH}) +- message(STATUS "JAVA_INCLUDE_PATH2 is " ${JAVA_INCLUDE_PATH2}) +- message(STATUS "JAVA_JVM_LIBRARY is " ${JAVA_JVM_LIBRARY}) +- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) +- # libjvm.so is found relative to JAVA_INCLUDE_PATH: +- set(JAVAVM_LIB ${JAVA_JVM_LIBRARY}/libjvm.so) ++ if(PORTMIDI_ENABLE_JAVA) ++ include(FindJNI) ++ message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH}) ++ message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH}) ++ message(STATUS "JAVA_INCLUDE_PATH2 is " ${JAVA_INCLUDE_PATH2}) ++ message(STATUS "JAVA_JVM_LIBRARY is " ${JAVA_JVM_LIBRARY}) ++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) ++ # libjvm.so is found relative to JAVA_INCLUDE_PATH: ++ set(JAVAVM_LIB ${JAVA_JVM_LIBRARY}/libjvm.so) ++ endif(PORTMIDI_ENABLE_JAVA) + + set(LINUXSRC pmlinuxalsa pmlinux finddefault) + prepend_path(LIBSRC ../pm_linux/ ${LINUXSRC}) +@@ -88,10 +89,12 @@ + # /MD is multithread DLL, /MT is multithread. Change to static: + include(../pm_win/static.cmake) + +- include(FindJNI) ++ if(PORTMIDI_ENABLE_JAVA) ++ include(FindJNI) + +- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) +- # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS}) ++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) ++ # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS}) ++ endif(PORTMIDI_ENABLE_JAVA) + + set(WINSRC pmwin pmwinmm) + prepend_path(LIBSRC ../pm_win/ ${WINSRC}) +@@ -99,29 +102,43 @@ + set(PM_NEEDED_LIBS winmm.lib) + endif(WIN32) + endif(UNIX) +-set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVA_JVM_LIBRARY}) ++ ++if(PORTMIDI_ENABLE_JAVA) ++ set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVA_JVM_LIBRARY}) ++endif(PORTMIDI_ENABLE_JAVA) + + # this completes the list of library sources by adding shared code + list(APPEND LIBSRC pmutil portmidi) + + # now add the shared files to make the complete list of library sources +-add_library(portmidi-static ${LIBSRC}) +-set_target_properties(portmidi-static PROPERTIES OUTPUT_NAME "portmidi_s") +-target_link_libraries(portmidi-static ${PM_NEEDED_LIBS}) +- +-# define the jni library +-include_directories(${JAVA_INCLUDE_PATHS}) +- +-set(JNISRC ${LIBSRC} ../pm_java/pmjni/pmjni.c) +-add_library(pmjni SHARED ${JNISRC}) +-target_link_libraries(pmjni ${JNI_EXTRA_LIBS}) +-set_target_properties(pmjni PROPERTIES EXECUTABLE_EXTENSION "jnilib") ++if(PORTMIDI_ENABLE_STATIC) ++ add_library(portmidi-static ${LIBSRC}) ++ set_target_properties(portmidi-static PROPERTIES OUTPUT_NAME "portmidi") ++ target_link_libraries(portmidi-static ${PM_NEEDED_LIBS}) ++endif(PORTMIDI_ENABLE_STATIC) ++ ++if(PORTMIDI_ENABLE_JAVA) ++ # define the jni library ++ include_directories(${JAVA_INCLUDE_PATHS}) ++ ++ set(JNISRC ${LIBSRC} ../pm_java/pmjni/pmjni.c) ++ add_library(pmjni SHARED ${JNISRC}) ++ target_link_libraries(pmjni ${JNI_EXTRA_LIBS}) ++ set_target_properties(pmjni PROPERTIES EXECUTABLE_EXTENSION "jnilib") ++endif(PORTMIDI_ENABLE_JAVA) + + # install the libraries (Linux and Mac OS X command line) + if(UNIX) +- INSTALL(TARGETS portmidi-static pmjni +- LIBRARY DESTINATION /usr/local/lib +- ARCHIVE DESTINATION /usr/local/lib) ++ if(PORTMIDI_ENABLE_STATIC) ++ INSTALL(TARGETS portmidi-static ++ LIBRARY DESTINATION lib${LIB_SUFFIX} ++ ARCHIVE DESTINATION lib${LIB_SUFFIX}) ++ endif(PORTMIDI_ENABLE_STATIC) ++ if(PORTMIDI_ENABLE_JAVA) ++ INSTALL(TARGETS pmjni ++ LIBRARY DESTINATION lib${LIB_SUFFIX} ++ ARCHIVE DESTINATION lib${LIB_SUFFIX}) ++ endif(PORTMIDI_ENABLE_JAVA) + # .h files installed by pm_dylib/CMakeLists.txt, so don't need them here + # INSTALL(FILES portmidi.h ../porttime/porttime.h + # DESTINATION /usr/local/include) +--- portmidi/pm_dylib/CMakeLists.txt ++++ portmidi/pm_dylib/CMakeLists.txt +@@ -39,9 +39,6 @@ + + # first include the appropriate system-dependent file: + if(UNIX) +- # add the -g switch for Linux and Mac OS X (not used in Win32) +- set (CMAKE_C_FLAGS_DEBUG "-g ${CMAKE_C_FLAGS_DEBUG}" +- CACHE STRING "enable extra checks for debugging" FORCE) + if(APPLE) + set(MACSRC pmmacosxcm pmmac readbinaryplist finddefault) + prepend_path(LIBSRC ../pm_mac/ ${MACSRC}) +@@ -63,7 +60,8 @@ + message(STATUS "SYSROOT: " ${CMAKE_OSX_SYSROOT}) + else(APPLE) + # LINUX settings... +- include(FindJNI) ++ if(PORTMIDI_ENABLE_JAVA) ++ include(FindJNI) + # message(STATUS "JAVA_JVM_LIB_PATH is " ${JAVA_JVM_LIB_PATH}) + # message(STATUS "JAVA_INCLUDE_PATH is " ${JAVA_INCLUDE_PATH}) + # note: should use JAVA_JVM_LIB_PATH, but it is not set properly +@@ -75,11 +73,8 @@ + # JAVA_INCLUDE_PATH2; if no, then we need to make both JAVA_INCLUDE_PATH + # and JAVA_INCLUDE_PATH2 set by user (will need clear documentation + # because JAVA_INCLUDE_PATH2 is pretty obscure) +- set(JAVA_INCLUDE_PATH ${JAVA_INCLUDE_PATH-UNKNOWN} +- CACHE STRING "where to find Java SDK include directory") +- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH}/linux) +- # libjvm.so is found relative to JAVA_INCLUDE_PATH: +- set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../jre/lib/i386/client/libjvm.so) ++ set(JAVAVM_LIB ${JAVA_JVM_LIBRARY}) ++ endif(PORTMIDI_ENABLE_JAVA) + + set(LINUXSRC pmlinuxalsa pmlinux finddefault) + prepend_path(LIBSRC ../pm_linux/ ${LINUXSRC}) +@@ -91,13 +86,15 @@ + if(WIN32) + # /MDd is multithread debug DLL, /MTd is multithread debug + # /MD is multithread DLL, /MT is multithread +- +- include(FindJNI) +- # note: should use JAVA_JVM_LIB_PATH, but it is not set properly +- set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../lib/jvm.lib) + +- set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) +- # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS}) ++ if(PORTMIDI_ENABLE_JAVA) ++ include(FindJNI) ++ # note: should use JAVA_JVM_LIB_PATH, but it is not set properly ++ set(JAVAVM_LIB ${JAVA_INCLUDE_PATH}/../lib/jvm.lib) ++ ++ set(JAVA_INCLUDE_PATHS ${JAVA_INCLUDE_PATH} ${JAVA_INCLUDE_PATH2}) ++ # message(STATUS "JAVA_INCLUDE_PATHS: " ${JAVA_INCLUDE_PATHS}) ++ endif(PORTMIDI_ENABLE_JAVA) + + set(WINSRC pmwin pmwinmm) + prepend_path(LIBSRC ../pm_win/ ${WINSRC}) +@@ -106,7 +103,10 @@ + # message(STATUS "JAVAVM_LIB: " ${JAVAVM_LIB}) + endif(WIN32) + endif(UNIX) ++ ++if(PORTMIDI_ENABLE_JAVA) + set(JNI_EXTRA_LIBS ${PM_NEEDED_LIBS} ${JAVAVM_LIB}) ++endif(PORTMIDI_ENABLE_JAVA) + + # this completes the list of library sources by adding shared code + set(SHARED_FILES pmutil portmidi) +@@ -120,8 +120,8 @@ + # install the libraries (Linux and Mac OS X command line) + if(UNIX) + INSTALL(TARGETS portmidi-dynamic +- LIBRARY DESTINATION /usr/local/lib +- ARCHIVE DESTINATION /usr/local/lib) ++ LIBRARY DESTINATION lib${LIB_SUFFIX} ++ ARCHIVE DESTINATION lib${LIB_SUFFIX}) + INSTALL(FILES ../pm_common/portmidi.h ../porttime/porttime.h +- DESTINATION /usr/local/include) ++ DESTINATION include) + endif(UNIX) +--- portmidi/pm_java/CMakeLists.txt ++++ portmidi/pm_java/CMakeLists.txt +@@ -5,43 +5,24 @@ + # java not dealt with in CMake -- see pm_mac/pm_mac.xcodeproj + else(APPLE) + # linux +- set(JPORTMIDICLASS JPortMidi.class JPortMidiException.class +- JPortMidiApi.class) +- set(PMDEFAULTSCLASS PmDefaultsFrame.class PmDefaults.class) +- prepend_path(JPORTMIDICLASS2 jportmidi/ ${JPORTMIDICLASS}) +- prepend_path(PMDEFAULTSCLASS2 pmdefaults/ ${PMDEFAULTSCLASS}) +- set(PMDEFAULTS_ALL_CLASSES ${JPORTMIDICLASS2} ${PMDEFAULTSCLASS2}) +- # message(STATUS "PMDEFAULTS_ALL_CLASSES is " ${PMDEFAULTS_ALL_CLASSES}) +- add_custom_command(OUTPUT pmdefaults/PmDefaultsFrame.class +- COMMAND javac -classpath . pmdefaults/PmDefaultsFrame.java +- MAIN_DEPENDENCY pmdefaults/PmDefaultsFrame.java +- DEPENDS pmdefaults/PmDefaults.java +- WORKING_DIRECTORY pm_java) +- add_custom_command(OUTPUT pmdefaults/PmDefaults.class +- COMMAND javac -classpath . pmdefaults/PmDefaults.java +- MAIN_DEPENDENCY pmdefaults/PmDefaults.java +- DEPENDS pmdefaults/PmDefaultsFrame.java +- WORKING_DIRECTORY pm_java) +- add_custom_command(OUTPUT ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar +- COMMAND cp pmdefaults/portmusic_logo.png . +- COMMAND jar cmf pmdefaults/manifest.txt pmdefaults.jar +- pmdefaults/*.class portmusic_logo.png jportmidi/*.class +- COMMAND chmod +x pmdefaults/pmdefaults +- COMMAND cp pmdefaults/pmdefaults ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} +- COMMAND mv pmdefaults.jar ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} +- COMMAND rm portmusic_logo.png +- MAIN_DEPENDENCY pmdefaults/PmDefaults.class +- DEPENDS ${PMDEFAULTS_ALL_CLASSES} +- WORKING_DIRECTORY pm_java) +- add_custom_target(pmdefaults_target ALL +- DEPENDS ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar) +- # message(STATUS "add_custom_target: pmdefaults.jar") ++ set(JAVA_CLASSES jportmidi pmdefaults) ++ add_custom_command(OUTPUT ${JAVA_CLASSES} ++ COMMAND javac -d ${CMAKE_CURRENT_BINARY_DIR} jportmidi/*.java pmdefaults/*.java ++ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) ++ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar ++ DEPENDS ${JAVA_CLASSES} ++ COMMAND jar cmf pmdefaults/manifest.txt ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar ++ -C pmdefaults portmusic_logo.png -C ${CMAKE_CURRENT_BINARY_DIR} jportmidi ++ -C ${CMAKE_CURRENT_BINARY_DIR} pmdefaults ++ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) ++ add_custom_target(pmdefaults.jar ALL ++ DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar) + + # install the libraries (Linux only) +- INSTALL(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults.jar +- DESTINATION /usr/share/java) +- INSTALL(PROGRAMS ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pmdefaults +- DESTINATION /usr/local/bin) ++ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/pmdefaults.jar ++ DESTINATION ${JAR_INSTALL_DIR}) ++ INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/pmdefaults/pmdefaults ++ DESTINATION bin) + endif(APPLE) + endif(UNIX) + # In windows, use pm_java/make.bat +--- portmidi/pm_test/CMakeLists.txt ++++ portmidi/pm_test/CMakeLists.txt +@@ -12,8 +12,8 @@ + + macro(make_a_test name) + add_executable(${name} ${name}.c) +- target_link_libraries(${name} portmidi-static ${PM_NEEDED_LIBS}) +- add_dependencies(${name} portmidi-static) ++ target_link_libraries(${name} portmidi ${PM_NEEDED_LIBS}) ++ add_dependencies(${name} portmidi) + endmacro(make_a_test) + + make_a_test(test) diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch new file mode 100644 index 0000000000..acad6be0a4 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch @@ -0,0 +1,82 @@ +From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@qca.qualcomm.com> +Date: Fri, 4 Mar 2016 17:20:18 +0200 +Subject: [PATCH 1/5] WPS: Reject a Credential with invalid passphrase + +WPA/WPA2-Personal passphrase is not allowed to include control +characters. Reject a Credential received from a WPS Registrar both as +STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or +WPA2PSK authentication type and includes an invalid passphrase. + +This fixes an issue where hostapd or wpa_supplicant could have updated +the configuration file PSK/passphrase parameter with arbitrary data from +an external device (Registrar) that may not be fully trusted. Should +such data include a newline character, the resulting configuration file +could become invalid and fail to be parsed. + +Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> +--- + src/utils/common.c | 12 ++++++++++++ + src/utils/common.h | 1 + + src/wps/wps_attr_process.c | 10 ++++++++++ + 3 files changed, 23 insertions(+) + +diff --git a/src/utils/common.c b/src/utils/common.c +index 450e2c6..27b7c02 100644 +--- a/src/utils/common.c ++++ b/src/utils/common.c +@@ -697,6 +697,18 @@ int is_hex(const u8 *data, size_t len) + } + + ++int has_ctrl_char(const u8 *data, size_t len) ++{ ++ size_t i; ++ ++ for (i = 0; i < len; i++) { ++ if (data[i] < 32 || data[i] == 127) ++ return 1; ++ } ++ return 0; ++} ++ ++ + size_t merge_byte_arrays(u8 *res, size_t res_len, + const u8 *src1, size_t src1_len, + const u8 *src2, size_t src2_len) +diff --git a/src/utils/common.h b/src/utils/common.h +index 701dbb2..a972240 100644 +--- a/src/utils/common.h ++++ b/src/utils/common.h +@@ -488,6 +488,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len); + + char * wpa_config_parse_string(const char *value, size_t *len); + int is_hex(const u8 *data, size_t len); ++int has_ctrl_char(const u8 *data, size_t len); + size_t merge_byte_arrays(u8 *res, size_t res_len, + const u8 *src1, size_t src1_len, + const u8 *src2, size_t src2_len); +diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c +index eadb22f..e8c4579 100644 +--- a/src/wps/wps_attr_process.c ++++ b/src/wps/wps_attr_process.c +@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred) + cred->key_len--; + #endif /* CONFIG_WPS_STRICT */ + } ++ ++ ++ if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) && ++ (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) { ++ wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase"); ++ wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key", ++ cred->key, cred->key_len); ++ return -1; ++ } ++ + return 0; + } + +-- +1.9.1 + diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch new file mode 100644 index 0000000000..507a96e47c --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch @@ -0,0 +1,51 @@ +From 73e4abb24a936014727924d8b0b2965edfc117dd Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@qca.qualcomm.com> +Date: Fri, 4 Mar 2016 18:46:41 +0200 +Subject: [PATCH 2/5] Reject psk parameter set with invalid passphrase + character + +WPA/WPA2-Personal passphrase is not allowed to include control +characters. Reject a passphrase configuration attempt if that passphrase +includes an invalid passphrase. + +This fixes an issue where wpa_supplicant could have updated the +configuration file psk parameter with arbitrary data from the control +interface or D-Bus interface. While those interfaces are supposed to be +accessible only for trusted users/applications, it may be possible that +an untrusted user has access to a management software component that +does not validate the passphrase value before passing it to +wpa_supplicant. + +This could allow such an untrusted user to inject up to 63 characters of +almost arbitrary data into the configuration file. Such configuration +file could result in wpa_supplicant trying to load a library (e.g., +opensc_engine_path, pkcs11_engine_path, pkcs11_module_path, +load_dynamic_eap) from user controlled location when starting again. +This would allow code from that library to be executed under the +wpa_supplicant process privileges. + +Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> +--- + wpa_supplicant/config.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c +index b1c7870..fdd9643 100644 +--- a/wpa_supplicant/config.c ++++ b/wpa_supplicant/config.c +@@ -478,6 +478,12 @@ static int wpa_config_parse_psk(const struct parse_data *data, + } + wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)", + (u8 *) value, len); ++ if (has_ctrl_char((u8 *) value, len)) { ++ wpa_printf(MSG_ERROR, ++ "Line %d: Invalid passphrase character", ++ line); ++ return -1; ++ } + if (ssid->passphrase && os_strlen(ssid->passphrase) == len && + os_memcmp(ssid->passphrase, value, len) == 0) { + /* No change to the previously configured value */ +-- +1.9.1 + diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch new file mode 100644 index 0000000000..684d25de96 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch @@ -0,0 +1,82 @@ +From 0fe5a234240a108b294a87174ad197f6b5cb38e9 Mon Sep 17 00:00:00 2001 +From: Paul Stewart <pstew@google.com> +Date: Thu, 3 Mar 2016 15:40:19 -0800 +Subject: [PATCH 3/5] Remove newlines from wpa_supplicant config network + output + +Spurious newlines output while writing the config file can corrupt the +wpa_supplicant configuration. Avoid writing these for the network block +parameters. This is a generic filter that cover cases that may not have +been explicitly addressed with a more specific commit to avoid control +characters in the psk parameter. + +Signed-off-by: Paul Stewart <pstew@google.com> +--- + src/utils/common.c | 11 +++++++++++ + src/utils/common.h | 1 + + wpa_supplicant/config.c | 15 +++++++++++++-- + 3 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/utils/common.c b/src/utils/common.c +index 27b7c02..9856463 100644 +--- a/src/utils/common.c ++++ b/src/utils/common.c +@@ -709,6 +709,17 @@ int has_ctrl_char(const u8 *data, size_t len) + } + + ++int has_newline(const char *str) ++{ ++ while (*str) { ++ if (*str == '\n' || *str == '\r') ++ return 1; ++ str++; ++ } ++ return 0; ++} ++ ++ + size_t merge_byte_arrays(u8 *res, size_t res_len, + const u8 *src1, size_t src1_len, + const u8 *src2, size_t src2_len) +diff --git a/src/utils/common.h b/src/utils/common.h +index a972240..d19927b 100644 +--- a/src/utils/common.h ++++ b/src/utils/common.h +@@ -489,6 +489,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len); + char * wpa_config_parse_string(const char *value, size_t *len); + int is_hex(const u8 *data, size_t len); + int has_ctrl_char(const u8 *data, size_t len); ++int has_newline(const char *str); + size_t merge_byte_arrays(u8 *res, size_t res_len, + const u8 *src1, size_t src1_len, + const u8 *src2, size_t src2_len); +diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c +index fdd9643..eb97cd5 100644 +--- a/wpa_supplicant/config.c ++++ b/wpa_supplicant/config.c +@@ -2699,8 +2699,19 @@ char * wpa_config_get(struct wpa_ssid *ssid, const char *var) + + for (i = 0; i < NUM_SSID_FIELDS; i++) { + const struct parse_data *field = &ssid_fields[i]; +- if (os_strcmp(var, field->name) == 0) +- return field->writer(field, ssid); ++ if (os_strcmp(var, field->name) == 0) { ++ char *ret = field->writer(field, ssid); ++ ++ if (ret && has_newline(ret)) { ++ wpa_printf(MSG_ERROR, ++ "Found newline in value for %s; not returning it", ++ var); ++ os_free(ret); ++ ret = NULL; ++ } ++ ++ return ret; ++ } + } + + return NULL; +-- +1.9.1 + diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch new file mode 100644 index 0000000000..2dd38fee31 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch @@ -0,0 +1,62 @@ +From b166cd84a77a6717be9600bf95378a0055d6f5a5 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@qca.qualcomm.com> +Date: Tue, 5 Apr 2016 23:33:10 +0300 +Subject: [PATCH 4/5] Reject SET_CRED commands with newline characters in the + string values + +Most of the cred block parameters are written as strings without +filtering and if there is an embedded newline character in the value, +unexpected configuration file data might be written. + +This fixes an issue where wpa_supplicant could have updated the +configuration file cred parameter with arbitrary data from the control +interface or D-Bus interface. While those interfaces are supposed to be +accessible only for trusted users/applications, it may be possible that +an untrusted user has access to a management software component that +does not validate the credential value before passing it to +wpa_supplicant. + +This could allow such an untrusted user to inject almost arbitrary data +into the configuration file. Such configuration file could result in +wpa_supplicant trying to load a library (e.g., opensc_engine_path, +pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user +controlled location when starting again. This would allow code from that +library to be executed under the wpa_supplicant process privileges. + +Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> +--- + wpa_supplicant/config.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c +index eb97cd5..69152ef 100644 +--- a/wpa_supplicant/config.c ++++ b/wpa_supplicant/config.c +@@ -2896,6 +2896,8 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var, + + if (os_strcmp(var, "password") == 0 && + os_strncmp(value, "ext:", 4) == 0) { ++ if (has_newline(value)) ++ return -1; + str_clear_free(cred->password); + cred->password = os_strdup(value); + cred->ext_password = 1; +@@ -2946,9 +2948,14 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var, + } + + val = wpa_config_parse_string(value, &len); +- if (val == NULL) { ++ if (val == NULL || ++ (os_strcmp(var, "excluded_ssid") != 0 && ++ os_strcmp(var, "roaming_consortium") != 0 && ++ os_strcmp(var, "required_roaming_consortium") != 0 && ++ has_newline(val))) { + wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string " + "value '%s'.", line, var, value); ++ os_free(val); + return -1; + } + +-- +1.9.1 + diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch new file mode 100644 index 0000000000..5f42aa9219 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch @@ -0,0 +1,50 @@ +From 2a3f56502b52375c3bf113cf92adfa99bad6b488 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@qca.qualcomm.com> +Date: Tue, 5 Apr 2016 23:55:48 +0300 +Subject: [PATCH 5/5] Reject SET commands with newline characters in the + string values + +Many of the global configuration parameters are written as strings +without filtering and if there is an embedded newline character in the +value, unexpected configuration file data might be written. + +This fixes an issue where wpa_supplicant could have updated the +configuration file global parameter with arbitrary data from the control +interface or D-Bus interface. While those interfaces are supposed to be +accessible only for trusted users/applications, it may be possible that +an untrusted user has access to a management software component that +does not validate the value of a parameter before passing it to +wpa_supplicant. + +This could allow such an untrusted user to inject almost arbitrary data +into the configuration file. Such configuration file could result in +wpa_supplicant trying to load a library (e.g., opensc_engine_path, +pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user +controlled location when starting again. This would allow code from that +library to be executed under the wpa_supplicant process privileges. + +Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> +--- + wpa_supplicant/config.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c +index 69152ef..d9a1603 100644 +--- a/wpa_supplicant/config.c ++++ b/wpa_supplicant/config.c +@@ -3764,6 +3764,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data, + return -1; + } + ++ if (has_newline(pos)) { ++ wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline", ++ line, data->name); ++ return -1; ++ } ++ + tmp = os_strdup(pos); + if (tmp == NULL) + return -1; +-- +1.9.1 + diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 0f4441d70c..6685ee0349 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -198,6 +198,7 @@ required structures.") (package (name "openssl") (version "1.0.2g") + (replacement openssl/fixed) (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -298,6 +299,25 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) +(define openssl/fixed + (package + (inherit openssl) + (source + (let ((name "openssl") + (version "1.0.2h")) + (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) + (patches (search-patches "openssl-runpath.patch" + "openssl-c-rehash-in.patch"))))))) + (define-public libressl (package (name "libressl") diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 94339012f5..fb85d933f9 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -3,7 +3,7 @@ ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com> ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr> -;;; Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org> +;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org> ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> @@ -27,7 +27,7 @@ (define-module (gnu packages version-control) #:use-module ((guix licenses) - #:select (asl2.0 bsd-2 + #:select (asl2.0 bsd-2 bsd-3 gpl1+ gpl2 gpl2+ gpl3+ lgpl2.1 public-domain x11-style)) #:use-module (guix utils) @@ -1012,6 +1012,58 @@ as possible. Resolution of contention for source files, a major headache for any project with more than one developer, is one of Aegis's major functions.") (license gpl3+))) +(define-public reposurgeon + (package + (name "reposurgeon") + (version "3.37") + (source (origin + (method url-fetch) + (uri (string-append "http://www.catb.org/~esr/" name "/" + name "-" version ".tar.xz")) + (sha256 + (base32 + "14asjg4xy3mhh5z0r3k7c1wv9y803j2zfq32g5q5m95sf7yzygan")))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ;no test suite distributed + #:make-flags + (list (string-append "target=" (assoc-ref %outputs "out"))) + #:phases + (modify-phases %standard-phases + (delete 'configure) + (add-before 'build 'fix-docbook + (lambda* (#:key inputs #:allow-other-keys) + (substitute* (find-files "." "\\.xml$") + (("docbook/docbookx.dtd") + (string-append (assoc-ref inputs "docbook-xml") + "/xml/dtd/docbook/docbookx.dtd"))) + #t)) + (add-after 'install 'install-emacs-data + (lambda* (#:key outputs #:allow-other-keys) + (install-file "reposurgeon-mode.el" + (string-append (assoc-ref outputs "out") + "/share/emacs/site-lisp"))))))) + (inputs + `(("python" ,python-wrapper))) + (native-inputs + `(("asciidoc" ,asciidoc) + ("docbook-xml" ,docbook-xml-4.1.2) + ("docbook-xsl" ,docbook-xsl) + ("libxml2" ,libxml2) + ("xmlto" ,xmlto))) + (home-page "http://www.catb.org/~esr/reposurgeon/") + (synopsis "Edit version-control repository history") + (description "Reposurgeon enables risky operations that version-control +systems don't want to let you do, such as editing past comments and metadata +and removing commits. It works with any version control system that can +export and import Git fast-import streams, including Git, Mercurial, Fossil, +Bazaar, CVS, RCS, and Src. It can also read Subversion dump files directly +and can thus be used to script production of very high-quality conversions +from Subversion to any supported Distributed Version Control System (DVCS).") + ;; Most files are distributed under bsd-2, except 'repocutter' which is + ;; under bsd-3. + (license (list bsd-2 bsd-3)))) + (define-public tig (package (name "tig") |