From 02cfea6627e385f6a0e566d810f3593c74bbc029 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 23 Oct 2016 18:07:30 -0400 Subject: gnu: musl: Fix CVE-2016-8859. * gnu/packages/patches/musl-CVE-2016-8859.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/musl.scm (musl)[source]: Use it. --- gnu/local.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index df9f8fc4a2..0d400e93e4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -712,6 +712,7 @@ dist_patch_DATA = \ %D%/packages/patches/mupdf-CVE-2016-6265.patch \ %D%/packages/patches/mupdf-CVE-2016-6525.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ + %D%/packages/patches/musl-CVE-2016-8859.patch \ %D%/packages/patches/mutt-store-references.patch \ %D%/packages/patches/nasm-no-ps-pdf.patch \ %D%/packages/patches/net-tools-bitrot.patch \ -- cgit 1.4.1 From d3c4f3bb00b9e04b7bdb2847f21e33292b103c21 Mon Sep 17 00:00:00 2001 From: Thomas Danckaert Date: Fri, 30 Sep 2016 09:59:08 +0200 Subject: gnu: Add hdf-eos2. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/maths.scm (hdf-eos2): New variable. * gnu/packages/patches/hdf-eos2-build-shared.patch: New file. * gnu/packages/patches/hdf-eos2-remove-gctp.patch: New file. * gnu/packages/patches/hdf-eos2-fortrantests.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patches. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 3 + gnu/packages/maths.scm | 35 +++ gnu/packages/patches/hdf-eos2-build-shared.patch | 25 ++ gnu/packages/patches/hdf-eos2-fortrantests.patch | 329 +++++++++++++++++++++++ gnu/packages/patches/hdf-eos2-remove-gctp.patch | 55 ++++ 5 files changed, 447 insertions(+) create mode 100644 gnu/packages/patches/hdf-eos2-build-shared.patch create mode 100644 gnu/packages/patches/hdf-eos2-fortrantests.patch create mode 100644 gnu/packages/patches/hdf-eos2-remove-gctp.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0d400e93e4..3e900b14fb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -590,6 +590,9 @@ dist_patch_DATA = \ %D%/packages/patches/hdf4-reproducibility.patch \ %D%/packages/patches/hdf4-shared-fortran.patch \ %D%/packages/patches/hdf5-config-date.patch \ + %D%/packages/patches/hdf-eos2-build-shared.patch \ + %D%/packages/patches/hdf-eos2-remove-gctp.patch \ + %D%/packages/patches/hdf-eos2-fortrantests.patch \ %D%/packages/patches/hdf-eos5-build-shared.patch \ %D%/packages/patches/hdf-eos5-remove-gctp.patch \ %D%/packages/patches/hdf-eos5-fix-szip.patch \ diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index d41a3f11bf..0cdf4f74b5 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -544,6 +544,41 @@ extremely large and complex data collections.") (license (license:x11-style "http://www.hdfgroup.org/ftp/HDF5/current/src/unpacked/COPYING")))) +(define-public hdf-eos2 + (package + (name "hdf-eos2") + (version "19.1.0") + (source + (origin + (method url-fetch) + (uri "ftp://edhs1.gsfc.nasa.gov\ +/edhs/hdfeos/latest_release/HDF-EOS2.19v1.00.tar.Z") + (sha256 + (base32 "0c9fcz25s292ldap12wxmlrvnyz99z24p63d8fwx51bf8s0s1zrz")) + (patches (search-patches "hdf-eos2-remove-gctp.patch" + "hdf-eos2-build-shared.patch" + "hdf-eos2-fortrantests.patch")))) + (build-system gnu-build-system) + (native-inputs + `(("gfortran" ,gfortran))) + (inputs + `(("hdf4" ,hdf4-alt) ; assume most HDF-EOS2 users won't use the HDF4 netCDF API + ("zlib" ,zlib) + ("libjpeg" ,libjpeg) + ("gctp" ,gctp))) + (arguments + `( #:configure-flags '("--enable-install-include" "--enable-shared" + "CC=h4cc -Df2cFortran" "LIBS=-lgctp") + #:parallel-tests? #f)) + (home-page "http://hdfeos.org/software/library.php#HDF-EOS2") + (synopsis "HDF4-based data format for NASA's Earth Observing System") + (description "HDF-EOS2 is a software library built on HDF4 which supports +the construction of data structures used in NASA's Earth Observing +System (Grid, Point and Swath).") + + ;; Source files carry a permissive license header. + (license (license:non-copyleft home-page)))) + (define-public hdf-eos5 (package (name "hdf-eos5") diff --git a/gnu/packages/patches/hdf-eos2-build-shared.patch b/gnu/packages/patches/hdf-eos2-build-shared.patch new file mode 100644 index 0000000000..71112e38c2 --- /dev/null +++ b/gnu/packages/patches/hdf-eos2-build-shared.patch @@ -0,0 +1,25 @@ +Changes necessary for shared library linking to succeed. + +diff --git a/src/Makefile.in b/src/Makefile.in +index 9534473..12411bf 100644 +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -73,7 +73,7 @@ LTCOMPILE = $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) + CCLD = $(CC) +-LINK = $(LIBTOOL) --mode=link --tag=CC $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++LINK = HDF4_USE_SHLIB=yes $(LIBTOOL) --mode=link --tag=CC $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ + SOURCES = $(libhdfeos_la_SOURCES) + DIST_SOURCES = $(libhdfeos_la_SOURCES) +@@ -125,8 +125,6 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ + INSTALL_SCRIPT = @INSTALL_SCRIPT@ + INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ + +-# Set LDFLAGS to alow the HDF-EOS library to use extern variables from HDF4 +-LDFLAGS = -Wl,-single_module + LIBOBJS = @LIBOBJS@ + LIBS = @LIBS@ + LIBTOOL = @LIBTOOL@ + diff --git a/gnu/packages/patches/hdf-eos2-fortrantests.patch b/gnu/packages/patches/hdf-eos2-fortrantests.patch new file mode 100644 index 0000000000..adecc184cb --- /dev/null +++ b/gnu/packages/patches/hdf-eos2-fortrantests.patch @@ -0,0 +1,329 @@ +Fix multi-line string formatting in fortran test programs (reported upstream). + +diff --git a/samples/appendfield.f b/samples/appendfield.f +index 42c4b6b..58257f7 100644 +--- a/samples/appendfield.f ++++ b/samples/appendfield.f +@@ -22,8 +22,8 @@ c + inarray(i) = i + enddo + +- swfid = swopen("SwathFile_created_with_hadeos_sample_file_writer_o +- 1f_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ swfid = swopen("SwathFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + swid = swattach(swfid, "Swath1") + + +diff --git a/samples/definefields.f b/samples/definefields.f +index 89859e4..f3b3497 100644 +--- a/samples/definefields.f ++++ b/samples/definefields.f +@@ -24,8 +24,8 @@ c DFACC_RDWR accesscode in the open statement. The SWopen + c routine returns the swath fileid, swfid, which is used to + c identify the file in subsequent routines. + +- swfid = swopen("SwathFile_created_with_hadeos_sample_file_writer +- 1_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ swfid = swopen("SwathFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + + + c +diff --git a/samples/definegdflds.f b/samples/definegdflds.f +index 177422e..1b7fcf6 100644 +--- a/samples/definegdflds.f ++++ b/samples/definegdflds.f +@@ -21,8 +21,8 @@ + fillval1=-7.0 + fillval2=-9999.0 + +- gdfid = gdopen("GridFile_created_with_hadeos_sample_file_writer_ +- 1of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ gdfid = gdopen("GridFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + + + gdid1 = gdattach(gdfid, "UTMGrid") +diff --git a/samples/definelevels.f b/samples/definelevels.f +index 2496d5f..64b2842 100644 +--- a/samples/definelevels.f ++++ b/samples/definelevels.f +@@ -32,8 +32,8 @@ c DFACC_RDWR access code in the open statement. The ptopen + c routine returns the point fileid, ptfid, which is used to + c identify the file in subsequent routines. + +- ptfid = ptopen("PointFile_created_with_hadeos_sample_file_writer +- 1_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ ptfid = ptopen("PointFile_created_with_hadeos_sample_file_write"// ++ 1 "r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + + + c +diff --git a/samples/inquiregrid.f b/samples/inquiregrid.f +index 8110461..8ce71e4 100644 +--- a/samples/inquiregrid.f ++++ b/samples/inquiregrid.f +@@ -18,8 +18,8 @@ + + + +- gdfid = gdopen('GridFile_created_with_hadeos_sample_file_writer_ +- 1of_HDFEOS2_version_219_or_higher_release.hdf', DFACC_READ) ++ gdfid = gdopen("GridFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) + + + if (gdfid .ne. -1) then +diff --git a/samples/inquireswath.f b/samples/inquireswath.f +index 899ee59..78c292b 100644 +--- a/samples/inquireswath.f ++++ b/samples/inquireswath.f +@@ -24,8 +24,8 @@ c + c Open the Swath File for read only access + c + +- swfid = swopen("SwathFile_created_with_hadeos_sample_file_writer +- 1_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) ++ swfid = swopen("SwathFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) + + + if (swfid .NE. -1) then +diff --git a/samples/readdimscalegrid.f b/samples/readdimscalegrid.f +index fed5540..a0bb48a 100644 +--- a/samples/readdimscalegrid.f ++++ b/samples/readdimscalegrid.f +@@ -34,8 +34,8 @@ + ! * id, gdfid, which is used to identify the file in subsequent routines. + ! */ + +- gdfid = gdopen("GridFile_created_with_hadeos_sample_file_writer_ +- 1of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ gdfid = gdopen("GridFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + + ! /* + ! * If the grid file cannot be found, gdopen will return -1 for the file +diff --git a/samples/readdimscaleswath.f b/samples/readdimscaleswath.f +index 97b6264..1b61624 100644 +--- a/samples/readdimscaleswath.f ++++ b/samples/readdimscaleswath.f +@@ -33,8 +33,8 @@ + ! * id, swfid, which is used to identify the file in subsequent routines. + ! */ + +- swfid = swopen("SwathFile_created_with_hadeos_sample_file_writer +- 1_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ swfid = swopen("SwathFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + + ! /* + ! * If the swath file cannot be found, swopen will return -1 for the file +diff --git a/samples/readfields.f b/samples/readfields.f +index 873b30a..29d42f0 100644 +--- a/samples/readfields.f ++++ b/samples/readfields.f +@@ -21,8 +21,8 @@ c + c Open the HDF swath file, "SwathFile.hdf" + c + +- swfid = swopen("SwathFile_created_with_hadeos_sample_file_writer +- 1_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) ++ swfid = swopen("SwathFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) + + + if (swfid .NE. -1) then +diff --git a/samples/readgdflds.f b/samples/readgdflds.f +index e5fe85f..ff2bd86 100644 +--- a/samples/readgdflds.f ++++ b/samples/readgdflds.f +@@ -9,8 +9,8 @@ + integer DFNT_FLOAT32 + parameter (DFNT_FLOAT32=5) + +- gdfid = gdopen("GridFile_created_with_hadeos_sample_file_writer_ +- 1of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ gdfid = gdopen("GridFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + + if (gdfid .ne. -1) then + +diff --git a/samples/readlevels.f b/samples/readlevels.f +index a7fd033..f349398 100644 +--- a/samples/readlevels.f ++++ b/samples/readlevels.f +@@ -36,8 +36,8 @@ c + c Open the HDF swath file, "PointFile.hdf". + c + +- ptfid = ptopen("PointFile_created_with_hadeos_sample_file_writer +- 1_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) ++ ptfid = ptopen("PointFile_created_with_hadeos_sample_file_write"// ++ + "r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) + + c + c Read Simple Point +@@ -47,6 +47,8 @@ c + status = ptlevinfo(ptid, 0, fldlist, fldtype, fldorder) + n = ptnrecs(ptid, 0) + ++ write(*,*) n ++ + do 5 i=1,n + recs(i) = i - 1 + 5 continue +diff --git a/samples/setupgrid.f b/samples/setupgrid.f +index be5408c..cf4bd04 100644 +--- a/samples/setupgrid.f ++++ b/samples/setupgrid.f +@@ -34,8 +34,8 @@ c code in the open statement. The GDopen routine returns the grid + c file id, gdfid, which is used to identify the file in subsequent + c routines in the library. + c +- gdfid = gdopen('GridFile_created_with_hadeos_sample_file_writer_of +- 1_HDFEOS2_version_219_or_higher_release.hdf',DFACC_CREATE) ++ gdfid = gdopen('GridFile_created_with_hadeos_sample_file_writer_"// ++ 1"of_HDFEOS2_version_219_or_higher_release.hdf',DFACC_CREATE) + + c + c Create UTM Grid +diff --git a/samples/setupswath.f b/samples/setupswath.f +index d0289d6..fbaa0bb 100644 +--- a/samples/setupswath.f ++++ b/samples/setupswath.f +@@ -22,8 +22,8 @@ c code in the open statement. The SWopen routine returns the swath + c file id, swfid, which is used to identify the file in subsequent + c routines in the library. + c +- swfid = swopen('SwathFile_created_with_hadeos_sample_file_writer_o +- 1f_HDFEOS2_version_219_or_higher_release.hdf',DFACC_CREATE) ++ swfid = swopen("SwathFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf",DFACC_CREATE) + + c + c The first of these, SWcreate, creates the swath, "Swath1", within the +diff --git a/samples/subsetgrid.f b/samples/subsetgrid.f +index c57e541..087e5b1 100644 +--- a/samples/subsetgrid.f ++++ b/samples/subsetgrid.f +@@ -22,8 +22,8 @@ c + c Open the HDF grid file, "GridFile.hdf" + c + +- gdfid = gdopen("GridFile_created_with_hadeos_sample_file_writer_ +- 1of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) ++ gdfid = gdopen("GridFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) + + if (gdfid .NE. -1) then + +diff --git a/samples/subsetpoint.f b/samples/subsetpoint.f +index 9e72c5f..2e76d7d 100644 +--- a/samples/subsetpoint.f ++++ b/samples/subsetpoint.f +@@ -21,8 +21,8 @@ c + c Open the HDF point file, "PointFile.hdf" + c + +- ptfid = ptopen("PointFile_created_with_hadeos_sample_file_writer +- 1_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) ++ ptfid = ptopen("PointFile_created_with_hadeos_sample_file_write"// ++ 1 "r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) + + if (ptfid .NE. -1) then + +diff --git a/samples/subsetswath.f b/samples/subsetswath.f +index dcee609..9af8a46 100644 +--- a/samples/subsetswath.f ++++ b/samples/subsetswath.f +@@ -28,8 +28,8 @@ c + c Open the HDF swath file, "SwathFile.hdf" + c + +- swfid = swopen("SwathFile_created_with_hadeos_sample_file_writer +- 1_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) ++ swfid = swopen("SwathFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_READ) + + if (swfid .NE. -1) then + +diff --git a/samples/writedimscalegrid.f b/samples/writedimscalegrid.f +index 09688d8..42013fe 100644 +--- a/samples/writedimscalegrid.f ++++ b/samples/writedimscalegrid.f +@@ -29,8 +29,8 @@ + ! * id, gdfid, which is used to identify the file in subsequent routines. + ! */ + +- gdfid = gdopen("GridFile_created_with_hadeos_sample_file_writer_ +- 1of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ gdfid = gdopen("GridFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + + ! /* + ! * If the grid file cannot be found, gdopen will return -1 for the file +diff --git a/samples/writedimscaleswath.f b/samples/writedimscaleswath.f +index 1151671..1a911a6 100644 +--- a/samples/writedimscaleswath.f ++++ b/samples/writedimscaleswath.f +@@ -31,8 +31,8 @@ + ! * id, swfid, which is used to identify the file in subsequent routines. + ! */ + +- swfid = swopen("SwathFile_created_with_hadeos_sample_file_write +- 1r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ swfid = swopen("SwathFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + + ! /* + ! * If the swath file cannot be found, swopen will return -1 for the file +diff --git a/samples/writefields.f b/samples/writefields.f +index a743661..862b96c 100644 +--- a/samples/writefields.f ++++ b/samples/writefields.f +@@ -31,8 +31,8 @@ c + c Open the HDF swath file, "SwathFile.hdf" + c + +- swfid = swopen("SwathFile_created_with_hadeos_sample_file_writer +- 1_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ swfid = swopen("SwathFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + + + if (swfid .NE. -1) then +diff --git a/samples/writegdflds.f b/samples/writegdflds.f +index d1540b3..81aef75 100644 +--- a/samples/writegdflds.f ++++ b/samples/writegdflds.f +@@ -23,8 +23,8 @@ + enddo + + +- gdfid = gdopen("GridFile_created_with_hadeos_sample_file_writer_ +- 1of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ gdfid = gdopen("GridFile_created_with_hadeos_sample_file_write"// ++ 1"r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + + if (gdfid .ne. -1) then + +diff --git a/samples/writelevels.f b/samples/writelevels.f +index 88e7780..cb40c9e 100644 +--- a/samples/writelevels.f ++++ b/samples/writelevels.f +@@ -32,8 +32,8 @@ c + c Open the HDF point file, "PointFile.hdf". + c + +- ptfid = ptopen("PointFile_created_with_hadeos_sample_file_writer +- 1_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) ++ ptfid = ptopen("PointFile_created_with_hadeos_sample_file_write"// ++ + "r_of_HDFEOS2_version_219_or_higher_release.hdf", DFACC_RDWR) + + + c +-- +2.10.0 + diff --git a/gnu/packages/patches/hdf-eos2-remove-gctp.patch b/gnu/packages/patches/hdf-eos2-remove-gctp.patch new file mode 100644 index 0000000000..0776c0685e --- /dev/null +++ b/gnu/packages/patches/hdf-eos2-remove-gctp.patch @@ -0,0 +1,55 @@ +Don't build the GCTP bundled with the source and link with the +system's -lgctp instead. We also remove references to the +"testdrivers" directory, which is not distributed together with the +source, causing autoreconf to fail. + +diff --git a/Makefile.in b/Makefile.in +index d468af2..90428a7 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -206,7 +206,7 @@ LIBGCTP = $(top_builddir)/gctp/src/libGctp.la + @TESTDRIVERS_CONDITIONAL_TRUE@TESTDRIVERS = testdrivers + @INSTALL_INCLUDE_CONDITIONAL_FALSE@INCLUDE = + @INSTALL_INCLUDE_CONDITIONAL_TRUE@INCLUDE = include +-SUBDIRS = gctp src $(INCLUDE) samples $(TESTDRIVERS) ++SUBDIRS = src $(INCLUDE) samples $(TESTDRIVERS) + all: all-recursive + + .SUFFIXES: +diff --git a/include/Makefile.in b/include/Makefile.in +index 9938b23..afb7f40 100644 +--- a/include/Makefile.in ++++ b/include/Makefile.in +@@ -190,7 +190,7 @@ LIBGCTP = $(top_builddir)/gctp/src/libGctp.la + # Boilerplate include + + # Headers to install +-include_HEADERS = HE2_config.h HdfEosDef.h HDFEOSVersion.h cfortHdf.h ease.h ++include_HEADERS = HdfEosDef.h HDFEOSVersion.h cfortHdf.h ease.h + all: HE2_config.h + $(MAKE) $(AM_MAKEFLAGS) all-am + +diff --git a/samples/Makefile.in b/samples/Makefile.in +index 9da6e28..6a6186c 100644 +--- a/samples/Makefile.in ++++ b/samples/Makefile.in +@@ -108,7 +108,6 @@ AppendField_SOURCES = AppendField.c + AppendField_OBJECTS = AppendField.$(OBJEXT) + AppendField_LDADD = $(LDADD) + am__DEPENDENCIES_1 = $(top_builddir)/src/libhdfeos.la +-am__DEPENDENCIES_2 = $(top_builddir)/gctp/src/libGctp.la + AppendField_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) + DefineFields_SOURCES = DefineFields.c + DefineFields_OBJECTS = DefineFields.$(OBJEXT) +@@ -481,7 +480,7 @@ sharedstatedir = @sharedstatedir@ + sysconfdir = @sysconfdir@ + target_alias = @target_alias@ + LIBHDFEOS2 = $(top_builddir)/src/libhdfeos.la +-LIBGCTP = $(top_builddir)/gctp/src/libGctp.la ++LIBGCTP = + + # Boilerplate definitions file + +-- +2.10.0 + -- cgit 1.4.1 From ffde82c9ecf99524220e463055f4f18c8c9e7a81 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 25 Oct 2016 00:58:26 +0200 Subject: system: grub: Use Guile-{RSVG,Cairo} instead of Inkscape + ImageMagick. Based on a suggestion by Andy Wingo at . * gnu/build/svg.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * gnu/system/grub.scm (svg->png): Add #:width and #:height. Rewrite to use (gnu build svg). (resize-image): Remove. (grub-background-image): Adjust accordingly. --- gnu/build/svg.scm | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/system/grub.scm | 41 +++++++++++++++---------------- 3 files changed, 89 insertions(+), 22 deletions(-) create mode 100644 gnu/build/svg.scm (limited to 'gnu/local.mk') diff --git a/gnu/build/svg.scm b/gnu/build/svg.scm new file mode 100644 index 0000000000..d9b909cd73 --- /dev/null +++ b/gnu/build/svg.scm @@ -0,0 +1,69 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016 Ludovic Courtès +;;; Copyright © 2015 Andy Wingo +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu build svg) + #:use-module (srfi srfi-11) + #:export (svg->png)) + +;; We need Guile-RSVG and Guile-Cairo. Load them lazily, at run time, to +;; allow compilation to proceed. +(module-use! (current-module) (resolve-interface '(rsvg))) +(module-use! (current-module) (resolve-interface '(cairo))) + +(define* (downscaled-surface surface + #:key + source-width source-height + width height) + "Return a new rendering context where SURFACE is scaled to WIDTH x HEIGHT." + (let ((cr (cairo-create (cairo-image-surface-create 'argb32 + width height)))) + (cairo-scale cr (/ width source-width) (/ height source-height)) + (cairo-set-source-surface cr surface 0 0) + (cairo-pattern-set-filter (cairo-get-source cr) 'best) + (cairo-rectangle cr 0 0 source-width source-height) + (cairo-fill cr) + cr)) + +(define* (svg->png in-svg out-png + #:key width height) + "Render the file at IN-SVG as a PNG file in OUT-PNG. When WIDTH and HEIGHT +are provided, use them as the dimensions of OUT-PNG; otherwise preserve the +dimensions of IN-SVG." + (define svg + (rsvg-handle-new-from-file in-svg)) + + (let-values (((origin-width origin-height) + (rsvg-handle-get-dimensions svg))) + (let* ((surf (cairo-image-surface-create 'argb32 + origin-width origin-height)) + (cr (cairo-create surf))) + (rsvg-handle-render-cairo svg cr) + (cairo-surface-flush surf) + (let ((cr (if (and width height + (not (= width origin-width)) + (not (= height origin-height))) + (downscaled-surface surf + #:source-width origin-width + #:source-height origin-height + #:width width + #:height height) + cr))) + (cairo-surface-write-to-png (cairo-get-target cr) out-png))))) + +;;; svg.scm ends here diff --git a/gnu/local.mk b/gnu/local.mk index 3e900b14fb..1cf81c1648 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -431,6 +431,7 @@ GNU_SYSTEM_MODULES = \ %D%/build/linux-initrd.scm \ %D%/build/linux-modules.scm \ %D%/build/marionette.scm \ + %D%/build/svg.scm \ %D%/build/vm.scm \ \ %D%/tests.scm \ diff --git a/gnu/system/grub.scm b/gnu/system/grub.scm index ead48f0e32..249b415ab4 100644 --- a/gnu/system/grub.scm +++ b/gnu/system/grub.scm @@ -27,9 +27,8 @@ #:use-module (gnu artwork) #:use-module (gnu system file-systems) #:autoload (gnu packages grub) (grub) - #:autoload (gnu packages inkscape) (inkscape) - #:autoload (gnu packages imagemagick) (imagemagick) #:autoload (gnu packages compression) (gzip) + #:autoload (gnu packages gtk) (guile-cairo guile-rsvg) #:use-module (ice-9 match) #:use-module (ice-9 regex) #:use-module (srfi srfi-1) @@ -132,25 +131,23 @@ object denoting a file name." ;;; Background image & themes. ;;; -(define (svg->png svg) - "Build a PNG from SVG." - ;; Don't use #:local-build? so that it's substitutable. +(define* (svg->png svg #:key width height) + "Build a PNG of HEIGHT x WIDTH from SVG." (gexp->derivation "grub-image.png" - #~(zero? - (system* (string-append #$inkscape "/bin/inkscape") - "--without-gui" - (string-append "--export-png=" #$output) - #$svg)))) - -(define (resize-image image width height) - "Resize IMAGE to WIDTHxHEIGHT." - ;; Don't use #:local-build? so that it's substitutable. - (let ((size (string-append (number->string width) - "x" (number->string height)))) - (gexp->derivation "grub-image.resized.png" - #~(zero? - (system* (string-append #$imagemagick "/bin/convert") - "-resize" #$size #$image #$output))))) + (with-imported-modules '((gnu build svg)) + #~(begin + ;; We need these two libraries. + (add-to-load-path (string-append #$guile-rsvg + "/share/guile/site/" + (effective-version))) + (add-to-load-path (string-append #$guile-cairo + "/share/guile/site/" + (effective-version))) + + (use-modules (gnu build svg)) + (svg->png #$svg #$output + #:width #$width + #:height #$height))))) (define* (grub-background-image config #:key (width 1024) (height 768)) "Return the GRUB background image defined in CONFIG with a ratio of @@ -160,8 +157,8 @@ WIDTH/HEIGHT, or #f if none was found." (= (grub-image-aspect-ratio image) ratio)) (grub-theme-images (grub-configuration-theme config))))) (if image - (mlet %store-monad ((png (svg->png (grub-image-file image)))) - (resize-image png width height)) + (svg->png (grub-image-file image) + #:width width #:height height) (with-monad %store-monad (return #f))))) -- cgit 1.4.1 From e9a19bde40a3c8488b30cc3dbc74ea84879decc0 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Mon, 24 Oct 2016 22:53:18 -0400 Subject: gnu: linux-libre@4.1: Update to 4.1.35. * gnu/packages/linux.scm (linux-libre-4.1): Update to 4.1.35. Remove patch. * gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/linux.scm | 9 +- .../patches/linux-libre-4.1-CVE-2016-5195.patch | 99 ---------------------- 3 files changed, 3 insertions(+), 106 deletions(-) delete mode 100644 gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1cf81c1648..51849f42c7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -684,7 +684,6 @@ dist_patch_DATA = \ %D%/packages/patches/libxv-CVE-2016-5407.patch \ %D%/packages/patches/libxvmc-CVE-2016-7953.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ - %D%/packages/patches/linux-libre-4.1-CVE-2016-5195.patch \ %D%/packages/patches/lirc-localstatedir.patch \ %D%/packages/patches/llvm-for-extempore.patch \ %D%/packages/patches/lm-sensors-hwmon-attrs.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 616423aef7..c3c84f4a86 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -336,13 +336,10 @@ It has been modified to remove all non-free binary blobs.") #:configuration-file kernel-config)) (define-public linux-libre-4.1 - (make-linux-libre "4.1.34" - "0dajsb363p9lgga22ml8gp9k9lxd8mvrzxk9y3h9c6hpzfcmqdqr" + (make-linux-libre "4.1.35" + "05zvrld1digqwf9kqf5pxx0mxqmwpr5kamhnks6y4yfy7x7jynyk" %intel-compatible-systems - #:configuration-file kernel-config - #:patches (list %boot-logo-patch - (search-patch - "linux-libre-4.1-CVE-2016-5195.patch")))) + #:configuration-file kernel-config)) ;; Avoid rebuilding kernel variants when there is a minor version bump. (define %linux-libre-version "4.8.4") diff --git a/gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch b/gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch deleted file mode 100644 index 37a41f61e4..0000000000 --- a/gnu/packages/patches/linux-libre-4.1-CVE-2016-5195.patch +++ /dev/null @@ -1,99 +0,0 @@ -Fix CVE-2016-5195, a.k.a. Dirty COW. -Backported to linux-libre-4.1.x by Mark H Weaver . - -From 18652320ea99913c95e7130d654be7f1da6b694f Mon Sep 17 00:00:00 2001 -From: Linus Torvalds -Date: Thu, 13 Oct 2016 13:07:36 -0700 -Subject: [PATCH] mm: remove gup_flags FOLL_WRITE games from __get_user_pages() - -commit 19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 upstream. - -This is an ancient bug that was actually attempted to be fixed once -(badly) by me eleven years ago in commit 4ceb5db9757a ("Fix -get_user_pages() race for write access") but that was then undone due to -problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug"). - -In the meantime, the s390 situation has long been fixed, and we can now -fix it by checking the pte_dirty() bit properly (and do it better). The -s390 dirty bit was implemented in abf09bed3cce ("s390/mm: implement -software dirty bits") which made it into v3.9. Earlier kernels will -have to look at the page state itself. - -Also, the VM has become more scalable, and what used a purely -theoretical race back then has become easier to trigger. - -To fix it, we introduce a new internal FOLL_COW flag to mark the "yes, -we already did a COW" rather than play racy games with FOLL_WRITE that -is very fundamental, and then use the pte dirty flag to validate that -the FOLL_COW flag is still valid. - -Reported-and-tested-by: Phil "not Paul" Oester -Acked-by: Hugh Dickins -Reviewed-by: Michal Hocko -Cc: Andy Lutomirski -Cc: Kees Cook -Cc: Oleg Nesterov -Cc: Willy Tarreau -Cc: Nick Piggin -Cc: Greg Thelen -Signed-off-by: Linus Torvalds -Signed-off-by: Greg Kroah-Hartman ---- - include/linux/mm.h | 1 + - mm/gup.c | 14 ++++++++++++-- - 2 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/include/linux/mm.h b/include/linux/mm.h -index 6b85ec6..7cadf0a 100644 ---- a/include/linux/mm.h -+++ b/include/linux/mm.h -@@ -2064,6 +2064,7 @@ static inline struct page *follow_page(struct vm_area_struct *vma, - #define FOLL_NUMA 0x200 /* force NUMA hinting page fault */ - #define FOLL_MIGRATION 0x400 /* wait for page to replace migration entry */ - #define FOLL_TRIED 0x800 /* a retry, previous pass started an IO */ -+#define FOLL_COW 0x4000 /* internal GUP flag */ - - typedef int (*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr, - void *data); -diff --git a/mm/gup.c b/mm/gup.c -index 6297f6b..e6de9e7 100644 ---- a/mm/gup.c -+++ b/mm/gup.c -@@ -32,6 +32,16 @@ static struct page *no_page_table(struct vm_area_struct *vma, - return NULL; - } - -+/* -+ * FOLL_FORCE can write to even unwritable pte's, but only -+ * after we've gone through a COW cycle and they are dirty. -+ */ -+static inline bool can_follow_write_pte(pte_t pte, unsigned int flags) -+{ -+ return pte_write(pte) || -+ ((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte)); -+} -+ - static struct page *follow_page_pte(struct vm_area_struct *vma, - unsigned long address, pmd_t *pmd, unsigned int flags) - { -@@ -66,7 +76,7 @@ retry: - } - if ((flags & FOLL_NUMA) && pte_protnone(pte)) - goto no_page; -- if ((flags & FOLL_WRITE) && !pte_write(pte)) { -+ if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags)) { - pte_unmap_unlock(ptep, ptl); - return NULL; - } -@@ -315,7 +325,7 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma, - * reCOWed by userspace write). - */ - if ((ret & VM_FAULT_WRITE) && !(vma->vm_flags & VM_WRITE)) -- *flags &= ~FOLL_WRITE; -+ *flags |= FOLL_COW; - return 0; - } - --- -2.10.1 - -- cgit 1.4.1 From 4b12fe5caba259bbf32865001c94a1de14965c66 Mon Sep 17 00:00:00 2001 From: Thomas Danckaert Date: Tue, 25 Oct 2016 10:56:46 +0200 Subject: gnu: coda: Remove bundled libraries. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/maths.scm (coda): Remove bundled libraries. [source]: Add patch and snippet to remove bundled zlib, pcre and expat. [inputs]: Add system zlib, pcre and expat. * gnu/packages/patches/coda-use-system-libs.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/maths.scm | 14 ++++++-- gnu/packages/patches/coda-use-system-libs.patch | 46 +++++++++++++++++++++++++ 3 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/coda-use-system-libs.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 51849f42c7..4ffd37af91 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -484,6 +484,7 @@ dist_patch_DATA = \ %D%/packages/patches/clucene-pkgconfig.patch \ %D%/packages/patches/clx-remove-demo.patch \ %D%/packages/patches/cmake-fix-tests.patch \ + %D%/packages/patches/coda-use-system-libs.patch \ %D%/packages/patches/cpio-CVE-2016-2037.patch \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/cracklib-CVE-2016-6318.patch \ diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 2928cb63a3..1b43bdabc7 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -123,18 +123,28 @@ interactive dialogs to guide them.") (uri (string-append "https://github.com/stcorp/coda/releases/download/" version "/coda-" version ".tar.gz")) (sha256 - (base32 "04b9l3wzcix0mnfq77mwnil6cbr8h2mki8myvy0lzn236qcwaq1h")))) + (base32 "04b9l3wzcix0mnfq77mwnil6cbr8h2mki8myvy0lzn236qcwaq1h")) + (patches (search-patches "coda-use-system-libs.patch")) + (modules '((guix build utils))) + (snippet + ;; Make sure we don't use the bundled software. + '(for-each (lambda (d) + (delete-file-recursively (string-append "libcoda/" d))) + '("zlib" "pcre" "expat"))))) (native-inputs `(("fortran" ,gfortran) ("python" ,python) ("python-numpy" ,python-numpy))) (inputs `(("zlib" ,zlib) + ("pcre" ,pcre) + ("expat" ,expat) ("hdf4" ,hdf4-alt) ("hdf5" ,hdf5))) (build-system gnu-build-system) (arguments - '(#:configure-flags '("--with-hdf4" "--with-hdf5" "--enable-python"))) + '(#:configure-flags '("--with-hdf4" "--with-hdf5" "--enable-python" + "LIBS= -lz -lpcre -lexpat"))) (synopsis "A common interface to various earth observation data formats") (description "The Common Data Access toolbox (CODA) provides a set of interfaces for diff --git a/gnu/packages/patches/coda-use-system-libs.patch b/gnu/packages/patches/coda-use-system-libs.patch new file mode 100644 index 0000000000..fbf8441958 --- /dev/null +++ b/gnu/packages/patches/coda-use-system-libs.patch @@ -0,0 +1,46 @@ +Remove dependencies on bundled zlib, pcre and expat. + +diff --git a/Makefile.in b/Makefile.in +index 4360a26..80f9f59 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -210,8 +210,7 @@ coda_matlab_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + @BUILD_MATLAB_TRUE@@SUBPACKAGE_MODE_FALSE@ -rpath \ + @BUILD_MATLAB_TRUE@@SUBPACKAGE_MODE_FALSE@ $(matlabmexexecdir) + am__DEPENDENCIES_1 = +-libcoda_la_DEPENDENCIES = @LTLIBOBJS@ libexpat_internal.la \ +- libpcre_internal.la libz_internal.la $(am__DEPENDENCIES_1) \ ++libcoda_la_DEPENDENCIES = @LTLIBOBJS@ $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) + am__libcoda_la_SOURCES_DIST = libcoda/coda-ascbin-cursor.c \ + libcoda/coda-ascbin.h libcoda/coda-ascii-cursor.c \ +@@ -306,8 +305,7 @@ libcoda_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libcoda_la_LDFLAGS) $(LDFLAGS) -o $@ + @SUBPACKAGE_MODE_FALSE@am_libcoda_la_rpath = -rpath $(libdir) +-am__DEPENDENCIES_2 = @LTLIBOBJS@ libexpat_internal.la \ +- libpcre_internal.la libz_internal.la $(am__DEPENDENCIES_1) \ ++am__DEPENDENCIES_2 = @LTLIBOBJS@ $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) + libcoda_internal_la_DEPENDENCIES = $(am__DEPENDENCIES_2) + am__libcoda_internal_la_SOURCES_DIST = libcoda/coda-ascbin-cursor.c \ +@@ -898,8 +896,8 @@ INSTALL_DATA_HOOK_TARGETS = $(am__append_1) + UNINSTALL_HOOK_TARGETS = + CLEAN_LOCAL_TARGETS = $(am__append_11) + ALL_LOCAL_TARGETS = +-@SUBPACKAGE_MODE_FALSE@noinst_LTLIBRARIES = libcoda_internal.la libexpat_internal.la libpcre_internal.la libz_internal.la +-@SUBPACKAGE_MODE_TRUE@noinst_LTLIBRARIES = libcoda_internal.la libexpat_internal.la libpcre_internal.la libz_internal.la ++@SUBPACKAGE_MODE_FALSE@noinst_LTLIBRARIES = libcoda_internal.la ++@SUBPACKAGE_MODE_TRUE@noinst_LTLIBRARIES = libcoda_internal.la + + # libraries (+ related files) + @SUBPACKAGE_MODE_FALSE@lib_LTLIBRARIES = libcoda.la +@@ -1048,7 +1046,7 @@ libcoda_hdf5_files = \ + + libcoda_la_CPPFLAGS = -Ilibcoda/expat -I$(srcdir)/libcoda/expat -Ilibcoda/pcre -I$(srcdir)/libcoda/pcre -Ilibcoda/zlib -I$(srcdir)/libcoda/zlib $(AM_CPPFLAGS) + libcoda_la_LDFLAGS = -no-undefined -version-info $(LIBCODA_CURRENT):$(LIBCODA_REVISION):$(LIBCODA_AGE) +-libcoda_la_LIBADD = @LTLIBOBJS@ libexpat_internal.la libpcre_internal.la libz_internal.la $(HDF4LIBS) $(HDF5LIBS) ++libcoda_la_LIBADD = @LTLIBOBJS@ $(HDF4LIBS) $(HDF5LIBS) + libcoda_internal_la_SOURCES = libcoda/coda-ascbin-cursor.c \ + libcoda/coda-ascbin.h libcoda/coda-ascii-cursor.c \ + libcoda/coda-ascii-internal.h libcoda/coda-ascii.c \ -- cgit 1.4.1 From 47a04fca999b91309d196afc9ebf4d8ac6f2083f Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Tue, 25 Oct 2016 12:49:52 -0400 Subject: gnu: mupdf: Fix CVE-2016-8674. * gnu/packages/patches/mupdf-CVE-2016-8674.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/pdf.scm (mupdf): Use it. --- gnu/local.mk | 1 + gnu/packages/patches/mupdf-CVE-2016-8674.patch | 166 +++++++++++++++++++++++++ gnu/packages/pdf.scm | 3 +- 3 files changed, 169 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/mupdf-CVE-2016-8674.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 4ffd37af91..ff2d9767ab 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -715,6 +715,7 @@ dist_patch_DATA = \ %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \ %D%/packages/patches/mupdf-CVE-2016-6265.patch \ %D%/packages/patches/mupdf-CVE-2016-6525.patch \ + %D%/packages/patches/mupdf-CVE-2016-8674.patch \ %D%/packages/patches/mupen64plus-ui-console-notice.patch \ %D%/packages/patches/musl-CVE-2016-8859.patch \ %D%/packages/patches/mutt-store-references.patch \ diff --git a/gnu/packages/patches/mupdf-CVE-2016-8674.patch b/gnu/packages/patches/mupdf-CVE-2016-8674.patch new file mode 100644 index 0000000000..62e4a0237a --- /dev/null +++ b/gnu/packages/patches/mupdf-CVE-2016-8674.patch @@ -0,0 +1,166 @@ +Fix CVE-2016-8674 (use-after-free in pdf_to_num()). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8674 +https://security-tracker.debian.org/tracker/CVE-2016-8674 + +Patch copied from upstream source repository: +http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec + +diff --git a/include/mupdf/pdf/document.h b/include/mupdf/pdf/document.h +index aabf05f..0078c4a 100644 +--- a/include/mupdf/pdf/document.h ++++ b/include/mupdf/pdf/document.h +@@ -269,6 +269,10 @@ struct pdf_document_s + fz_hash_table *images; + fz_hash_table *fonts; + } resources; ++ ++ int orphans_max; ++ int orphans_count; ++ pdf_obj **orphans; + }; + + /* +diff --git a/include/mupdf/pdf/object.h b/include/mupdf/pdf/object.h +index 5bc3dca..bf57455 100644 +--- a/include/mupdf/pdf/object.h ++++ b/include/mupdf/pdf/object.h +@@ -110,6 +110,7 @@ pdf_obj *pdf_dict_gets(fz_context *ctx, pdf_obj *dict, const char *key); + pdf_obj *pdf_dict_getsa(fz_context *ctx, pdf_obj *dict, const char *key, const char *abbrev); + void pdf_dict_put(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val); + void pdf_dict_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val); ++void pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *dict, pdf_obj *key, pdf_obj *val, pdf_obj **old_val); + void pdf_dict_puts(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val); + void pdf_dict_puts_drop(fz_context *ctx, pdf_obj *dict, const char *key, pdf_obj *val); + void pdf_dict_putp(fz_context *ctx, pdf_obj *dict, const char *path, pdf_obj *val); +diff --git a/source/pdf/pdf-object.c b/source/pdf/pdf-object.c +index b4e33f3..1c19ba4 100644 +--- a/source/pdf/pdf-object.c ++++ b/source/pdf/pdf-object.c +@@ -1265,11 +1265,14 @@ pdf_dict_geta(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *abbrev) + return pdf_dict_get(ctx, obj, abbrev); + } + +-void +-pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) ++static void ++pdf_dict_get_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val) + { + int i; + ++ if (old_val) ++ *old_val = NULL; ++ + RESOLVE(obj); + if (!OBJ_IS_DICT(obj)) + fz_throw(ctx, FZ_ERROR_GENERIC, "not a dict (%s)", pdf_objkindstr(obj)); +@@ -1295,7 +1298,10 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) + { + pdf_obj *d = DICT(obj)->items[i].v; + DICT(obj)->items[i].v = pdf_keep_obj(ctx, val); +- pdf_drop_obj(ctx, d); ++ if (old_val) ++ *old_val = d; ++ else ++ pdf_drop_obj(ctx, d); + } + } + else +@@ -1316,10 +1322,27 @@ pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) + } + + void ++pdf_dict_put(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) ++{ ++ pdf_dict_get_put(ctx, obj, key, val, NULL); ++} ++ ++void + pdf_dict_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val) + { + fz_try(ctx) +- pdf_dict_put(ctx, obj, key, val); ++ pdf_dict_get_put(ctx, obj, key, val, NULL); ++ fz_always(ctx) ++ pdf_drop_obj(ctx, val); ++ fz_catch(ctx) ++ fz_rethrow(ctx); ++} ++ ++void ++pdf_dict_get_put_drop(fz_context *ctx, pdf_obj *obj, pdf_obj *key, pdf_obj *val, pdf_obj **old_val) ++{ ++ fz_try(ctx) ++ pdf_dict_get_put(ctx, obj, key, val, old_val); + fz_always(ctx) + pdf_drop_obj(ctx, val); + fz_catch(ctx) +diff --git a/source/pdf/pdf-repair.c b/source/pdf/pdf-repair.c +index 690bf15..167f609 100644 +--- a/source/pdf/pdf-repair.c ++++ b/source/pdf/pdf-repair.c +@@ -260,6 +260,27 @@ pdf_repair_obj_stm(fz_context *ctx, pdf_document *doc, int stm_num) + } + } + ++static void ++orphan_object(fz_context *ctx, pdf_document *doc, pdf_obj *obj) ++{ ++ if (doc->orphans_count == doc->orphans_max) ++ { ++ int new_max = (doc->orphans_max ? doc->orphans_max*2 : 32); ++ ++ fz_try(ctx) ++ { ++ doc->orphans = fz_resize_array(ctx, doc->orphans, new_max, sizeof(*doc->orphans)); ++ doc->orphans_max = new_max; ++ } ++ fz_catch(ctx) ++ { ++ pdf_drop_obj(ctx, obj); ++ fz_rethrow(ctx); ++ } ++ } ++ doc->orphans[doc->orphans_count++] = obj; ++} ++ + void + pdf_repair_xref(fz_context *ctx, pdf_document *doc) + { +@@ -528,12 +549,13 @@ pdf_repair_xref(fz_context *ctx, pdf_document *doc) + /* correct stream length for unencrypted documents */ + if (!encrypt && list[i].stm_len >= 0) + { ++ pdf_obj *old_obj = NULL; + dict = pdf_load_object(ctx, doc, list[i].num); + + length = pdf_new_int(ctx, doc, list[i].stm_len); +- pdf_dict_put(ctx, dict, PDF_NAME_Length, length); +- pdf_drop_obj(ctx, length); +- ++ pdf_dict_get_put_drop(ctx, dict, PDF_NAME_Length, length, &old_obj); ++ if (old_obj) ++ orphan_object(ctx, doc, old_obj); + pdf_drop_obj(ctx, dict); + } + } +diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c +index 7d21775..0cf20d4 100644 +--- a/source/pdf/pdf-xref.c ++++ b/source/pdf/pdf-xref.c +@@ -1620,6 +1620,12 @@ pdf_drop_document_imp(fz_context *ctx, pdf_document *doc) + + pdf_drop_resource_tables(ctx, doc); + ++ for (i = 0; i < doc->orphans_count; i++) ++ { ++ pdf_drop_obj(ctx, doc->orphans[i]); ++ } ++ fz_free(ctx, doc->orphans); ++ + fz_free(ctx, doc); + } + fz_always(ctx) +-- +2.9.1 + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 461472abe9..42547dff9b 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -489,7 +489,8 @@ extracting content or merging files.") "1k64pdapyj8a336jw3j61fhn0rp4q6az7d0dqp9r5n3d9rgwa5c0")) (patches (search-patches "mupdf-build-with-openjpeg-2.1.patch" "mupdf-CVE-2016-6265.patch" - "mupdf-CVE-2016-6525.patch")) + "mupdf-CVE-2016-6525.patch" + "mupdf-CVE-2016-8674.patch")) (modules '((guix build utils))) (snippet ;; Delete all the bundled libraries except for mujs, which is -- cgit 1.4.1 From d2a9b531fbb60c75ff5d3267e108383350c4da72 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 25 Oct 2016 20:10:35 +0100 Subject: gnu: notmuch: Update to 0.23.1. * gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/mail.scm (notmuch): Update to 0.23.1. Remove patch. --- gnu/local.mk | 1 - gnu/packages/mail.scm | 8 +--- .../notmuch-emacs-25-compatibility-fix.patch | 46 ---------------------- 3 files changed, 2 insertions(+), 53 deletions(-) delete mode 100644 gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index ff2d9767ab..87fb76de01 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -728,7 +728,6 @@ dist_patch_DATA = \ %D%/packages/patches/ninja-tests.patch \ %D%/packages/patches/ninja-zero-mtime.patch \ %D%/packages/patches/node-9077.patch \ - %D%/packages/patches/notmuch-emacs-25-compatibility-fix.patch \ %D%/packages/patches/nss-pkgconfig.patch \ %D%/packages/patches/nvi-assume-preserve-path.patch \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index 62a3678604..e73364f86a 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -501,18 +501,14 @@ invoking @command{notifymuch} from the post-new hook.") (define-public notmuch (package (name "notmuch") - (version "0.23") + (version "0.23.1") (source (origin (method url-fetch) (uri (string-append "https://notmuchmail.org/releases/notmuch-" version ".tar.gz")) (sha256 (base32 - "1f51l34rdhjf8lvafrwybkxdsdwx8k9397m7qxd8rdg2irjmpry5")) - (patches - ;; Remove this for the next release. See this thread for context: - ;; https://notmuchmail.org/pipermail/notmuch/2016/023227.html - (search-patches "notmuch-emacs-25-compatibility-fix.patch")))) + "106ijsnilqf8760z4cq99rqzjsvyaw86d0lgnzz7v95gm4d2l0g8")))) (build-system gnu-build-system) (arguments '(#:make-flags (list "V=1") ; Verbose test output. diff --git a/gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch b/gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch deleted file mode 100644 index 9ddfd4fe10..0000000000 --- a/gnu/packages/patches/notmuch-emacs-25-compatibility-fix.patch +++ /dev/null @@ -1,46 +0,0 @@ -This fixes a test failure with emacs-25. Picked from -https://git.notmuchmail.org/git?p=notmuch;a=commit;h=f575a346df09c82691bb9e7c462836d982fe31f7 - -From f575a346df09c82691bb9e7c462836d982fe31f7 Mon Sep 17 00:00:00 2001 -From: David Bremner -Date: Sun, 9 Oct 2016 19:30:44 -0300 -Subject: [PATCH] emacs/show: force notmuch-show-buttonise-links to act on - lines - -This seems to fix a problem with emacs 25 creating partial buttons by -calling n-s-b-l with a region that does not include the whole button. -I'm not 100% sure it's legit to act outside the region passed by -jit-lock, but goto-address-fontify-region (where I borrowed the code -from) already does this, so this patch to not make things worse. ---- - emacs/notmuch-show.el | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el -index 641398d..e7d16f8 100644 ---- a/emacs/notmuch-show.el -+++ b/emacs/notmuch-show.el -@@ -1174,13 +1174,15 @@ This also turns id:\"\"-parts and mid: links into - buttons for a corresponding notmuch search." - (goto-address-fontify-region start end) - (save-excursion -- (let (links) -- (goto-char start) -- (while (re-search-forward notmuch-id-regexp end t) -+ (let (links -+ (beg-line (progn (goto-char start) (line-beginning-position))) -+ (end-line (progn (goto-char end) (line-end-position)))) -+ (goto-char beg-line) -+ (while (re-search-forward notmuch-id-regexp end-line t) - (push (list (match-beginning 0) (match-end 0) - (match-string-no-properties 0)) links)) -- (goto-char start) -- (while (re-search-forward notmuch-mid-regexp end t) -+ (goto-char beg-line) -+ (while (re-search-forward notmuch-mid-regexp end-line t) - (let* ((mid-cid (match-string-no-properties 1)) - (mid (save-match-data - (string-match "^[^/]*" mid-cid) --- -2.10.1 - -- cgit 1.4.1 From f9c339603d751783e40ce99c9f09639f168ba731 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 26 Oct 2016 07:33:24 +0100 Subject: gnu: yubico.scm: Rename to security-token.scm. * gnu/packages/yubico.scm: Delete file. * gnu/packages/security-token.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly. --- gnu/local.mk | 2 +- gnu/packages/security-token.scm | 77 +++++++++++++++++++++++++++++++++++++++++ gnu/packages/yubico.scm | 77 ----------------------------------------- 3 files changed, 78 insertions(+), 78 deletions(-) create mode 100644 gnu/packages/security-token.scm delete mode 100644 gnu/packages/yubico.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 87fb76de01..cf1b542b8a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -326,6 +326,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/sdcc.scm \ %D%/packages/sdl.scm \ %D%/packages/search.scm \ + %D%/packages/security-token.scm \ %D%/packages/serialization.scm \ %D%/packages/serveez.scm \ %D%/packages/shells.scm \ @@ -385,7 +386,6 @@ GNU_SYSTEM_MODULES = \ %D%/packages/xdisorg.scm \ %D%/packages/xorg.scm \ %D%/packages/xfce.scm \ - %D%/packages/yubico.scm \ %D%/packages/zile.scm \ %D%/packages/zip.scm \ \ diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm new file mode 100644 index 0000000000..48a9346573 --- /dev/null +++ b/gnu/packages/security-token.scm @@ -0,0 +1,77 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2014 Ludovic Courtès +;;; Copyright © 2016 Efraim Flashner +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages security-token) + #:use-module (gnu packages) + #:use-module (guix licenses) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system gnu) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages man) + #:use-module (gnu packages curl)) + +(define-public libyubikey + (package + (name "libyubikey") + (version "1.13") + (source (origin + (method url-fetch) + (uri (string-append + "https://developers.yubico.com/yubico-c/Releases/" + name "-" version ".tar.gz")) + (sha256 + (base32 + "009l3k2zyn06dbrlja2d4p2vfnzjhlcqxi88v02mlrnb17mx1v84")))) + (build-system gnu-build-system) + (synopsis "Development kit for the YubiKey authentication device") + (description + "This package contains a C library and command-line tools that make up +the low-level development kit for the Yubico YubiKey authentication device.") + (home-page "https://developers.yubico.com/yubico-c/") + (license bsd-2))) + +(define-public ykclient + (package + (name "ykclient") + (version "2.15") + (source (origin + (method url-fetch) + (uri (string-append + "https://developers.yubico.com/yubico-c-client/Releases/" + name "-" version ".tar.gz")) + (sha256 + (base32 + "05jhx9waj3pl120ddnwap1v3bjrnbfhvf3lxs2xmhpcmwzpwsqgl")))) + (build-system gnu-build-system) + + ;; There's just one test, and it requires network access to access + ;; yubico.com, so skip it. + (arguments '(#:tests? #f)) + + (native-inputs `(("pkg-config" ,pkg-config) + ("help2man" ,help2man))) + (inputs `(("curl" ,curl))) + (synopsis "C library to validate one-time-password YubiKeys") + (description + "YubiKey C Client Library (libykclient) is a C library used to validate a +one-time-password (OTP) YubiKey against Yubico’s servers. See the Yubico +website for more information about Yubico and the YubiKey.") + (home-page "https://developers.yubico.com/yubico-c-client/") + (license bsd-2))) diff --git a/gnu/packages/yubico.scm b/gnu/packages/yubico.scm deleted file mode 100644 index 469d93d0dc..0000000000 --- a/gnu/packages/yubico.scm +++ /dev/null @@ -1,77 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2014 Ludovic Courtès -;;; Copyright © 2016 Efraim Flashner -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (gnu packages yubico) - #:use-module (gnu packages) - #:use-module (guix licenses) - #:use-module (guix packages) - #:use-module (guix download) - #:use-module (guix build-system gnu) - #:use-module (gnu packages pkg-config) - #:use-module (gnu packages man) - #:use-module (gnu packages curl)) - -(define-public libyubikey - (package - (name "libyubikey") - (version "1.13") - (source (origin - (method url-fetch) - (uri (string-append - "https://developers.yubico.com/yubico-c/Releases/" - name "-" version ".tar.gz")) - (sha256 - (base32 - "009l3k2zyn06dbrlja2d4p2vfnzjhlcqxi88v02mlrnb17mx1v84")))) - (build-system gnu-build-system) - (synopsis "Development kit for the YubiKey authentication device") - (description - "This package contains a C library and command-line tools that make up -the low-level development kit for the Yubico YubiKey authentication device.") - (home-page "https://developers.yubico.com/yubico-c/") - (license bsd-2))) - -(define-public ykclient - (package - (name "ykclient") - (version "2.15") - (source (origin - (method url-fetch) - (uri (string-append - "https://developers.yubico.com/yubico-c-client/Releases/" - name "-" version ".tar.gz")) - (sha256 - (base32 - "05jhx9waj3pl120ddnwap1v3bjrnbfhvf3lxs2xmhpcmwzpwsqgl")))) - (build-system gnu-build-system) - - ;; There's just one test, and it requires network access to access - ;; yubico.com, so skip it. - (arguments '(#:tests? #f)) - - (native-inputs `(("pkg-config" ,pkg-config) - ("help2man" ,help2man))) - (inputs `(("curl" ,curl))) - (synopsis "C library to validate one-time-password YubiKeys") - (description - "YubiKey C Client Library (libykclient) is a C library used to validate a -one-time-password (OTP) YubiKey against Yubico’s servers. See the Yubico -website for more information about Yubico and the YubiKey.") - (home-page "https://developers.yubico.com/yubico-c-client/") - (license bsd-2))) -- cgit 1.4.1 From 5d73e3000030006b00e7e6644f3ced5d6176376e Mon Sep 17 00:00:00 2001 From: ng0 Date: Sat, 15 Oct 2016 21:01:00 +0000 Subject: gnu: Add lci. * gnu/packages/lolcode.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Signed-off-by: Efraim Flashner --- gnu/local.mk | 1 + gnu/packages/lolcode.scm | 58 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 gnu/packages/lolcode.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index cf1b542b8a..f306180694 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -228,6 +228,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/llvm.scm \ %D%/packages/lout.scm \ %D%/packages/logging.scm \ + %D%/packages/lolcode.scm \ %D%/packages/lsof.scm \ %D%/packages/lua.scm \ %D%/packages/lxde.scm \ diff --git a/gnu/packages/lolcode.scm b/gnu/packages/lolcode.scm new file mode 100644 index 0000000000..4c7d18217d --- /dev/null +++ b/gnu/packages/lolcode.scm @@ -0,0 +1,58 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016 ng0 +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages lolcode) + #:use-module (gnu packages) + #:use-module (gnu packages python) + #:use-module (gnu packages readline) + #:use-module (guix build-system cmake) + #:use-module (guix download) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages)) + +(define-public lci + (package + (name "lci") + (version "0.11.2") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/justinmeza/lci/archive/v" + version ".tar.gz")) + (sha256 + (base32 + "1li7ikcrs7wqah7gqkirg0k61n6pm12w7pydin966x1sdn9na46b")) + (file-name (string-append name "-" version ".tar.gz")))) + (build-system cmake-build-system) + (inputs + `(("readline" ,readline))) + (native-inputs + `(("python-2" ,python-2))) ; for the tests + (synopsis "LOLCODE interpreter written in C") + (description + "@code{lci} is a LOLCODE interpreter written in C and is designed to be +correct, portable, fast, and precisely documented. +@enumerate +@item correct: Every effort has been made to test lci's conformance to the +LOLCODE language specification. Unit tests come packaged with the lci source code. +@item portable: lci follows the widely ported ANSI C specification allowing it +to compile on a broad range of systems. +@item fast: Much effort has gone into producing simple and efficient code +whenever possible to the extent that the above points are not compromized. +@end enumerate") + (home-page "http://lolcode.org/") + (license license:gpl3+))) -- cgit 1.4.1