From b81d11e580dcddfc4fb2e156346ce4efbf293846 Mon Sep 17 00:00:00 2001 From: rennes Date: Tue, 21 Feb 2017 23:21:49 -0600 Subject: gnu: grep: Fix for gnulib library. * gnu/packages/patches/grep-gnulib-lock.patch: New file. * gnu/packages/base.scm (grep)[source]: Use it. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9035753673..9528833551 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -618,6 +618,7 @@ dist_patch_DATA = \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ + %D%/packages/patches/grep-gnulib-lock.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ %D%/packages/patches/grub-CVE-2015-8370.patch \ %D%/packages/patches/grub-gets-undeclared.patch \ -- cgit 1.4.1 From 1cbd63f20527fd9c18d11e5e33c2817efe71c1ef Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sat, 8 Apr 2017 23:20:54 +0200 Subject: gnu: coreutils: Update to 8.27. * gnu/packages/base.scm (coreutils): Update to 8.27. [source](patches): Remove "coreutils-fix-cross-compilation.patch" and add "coreutils-cut-huge-range-test.patch". [native-inputs]: Remove "coreutils-cut-huge-range-test.patch". [arguments]: Remove 'patch-cut-test' phase. Remove #:parallel-tests?. * gnu/local.mk (dist_patch_DATA): Remove "coreutils-fix-cross-compilation.patch". * gnu/packages/patches/coreutils-fix-cross-compilation.patch: Remove. * gnu/packages/patches/coreutils-cut-huge-range-test.patch: Adjust. --- gnu/local.mk | 1 - gnu/packages/base.scm | 38 ++++------------------ .../patches/coreutils-cut-huge-range-test.patch | 29 ++++++++++++----- .../patches/coreutils-fix-cross-compilation.patch | 15 --------- 4 files changed, 27 insertions(+), 56 deletions(-) delete mode 100644 gnu/packages/patches/coreutils-fix-cross-compilation.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9528833551..d4ce243c7a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -525,7 +525,6 @@ dist_patch_DATA = \ %D%/packages/patches/cmake-fix-tests.patch \ %D%/packages/patches/coda-use-system-libs.patch \ %D%/packages/patches/coreutils-cut-huge-range-test.patch \ - %D%/packages/patches/coreutils-fix-cross-compilation.patch \ %D%/packages/patches/cpio-CVE-2016-2037.patch \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/cracklib-CVE-2016-6318.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 3fc76ad9e1..7bcfd7a2e2 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -286,15 +286,15 @@ used to apply commands with arbitrarily long arguments.") (define-public coreutils (package (name "coreutils") - (version "8.26") + (version "8.27") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/coreutils/coreutils-" version ".tar.xz")) (sha256 (base32 - "13lspazc7xkviy93qz7ks9jv4sldvgmwpq36ghrbrqpq93br8phm")) - (patches (search-patches "coreutils-fix-cross-compilation.patch")))) + "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8")) + (patches (search-patches "coreutils-cut-huge-range-test.patch")))) (build-system gnu-build-system) (inputs `(("acl" ,acl) ; TODO: add SELinux ("gmp" ,gmp) ;bignums in 'expr', yay! @@ -309,21 +309,12 @@ used to apply commands with arbitrarily long arguments.") ;; copy of help2man. However, don't pass it when cross-compiling since ;; that would lead it to try to run programs to get their '--help' output ;; for help2man. - `(,@(if (%current-target-system) - '() - `(("perl" ,perl))) - - ;; Apply this patch only on ARM to avoid a full rebuild. - ;; TODO: Move to 'patches' in the next update cycle. - ,@(if (string-prefix? "arm" (or (%current-target-system) - (%current-system))) - `(("cut-test.patch" - ,(search-patch "coreutils-cut-huge-range-test.patch"))) - '()))) + (if (%current-target-system) + '() + `(("perl" ,perl)))) (outputs '("out" "debug")) (arguments `(#:parallel-build? #f ; help2man may be called too early - #:parallel-tests? #f ; race condition fixed after 8.26 #:phases (alist-cons-before 'build 'patch-shell-references (lambda* (#:key inputs #:allow-other-keys) @@ -338,22 +329,7 @@ used to apply commands with arbitrarily long arguments.") (substitute* (find-files "tests" "\\.sh$") (("#!/bin/sh") (format #f "#!~a/bin/sh" bash))))) - - ,@(if (string-prefix? "arm" (or (%current-target-system) - (%current-system))) - '((alist-cons-before - 'build 'patch-cut-test - (lambda* (#:key inputs native-inputs - #:allow-other-keys) - (let ((patch (or (assoc-ref inputs - "cut-test.patch") - (assoc-ref native-inputs - "cut-test.patch")))) - (zero? - (system* "patch" "-p1" "--force" - "--input" patch)))) - %standard-phases)) - '(%standard-phases))))) + %standard-phases))) (synopsis "Core GNU utilities (file, text, shell)") (description "GNU Coreutils includes all of the basic command-line tools that are diff --git a/gnu/packages/patches/coreutils-cut-huge-range-test.patch b/gnu/packages/patches/coreutils-cut-huge-range-test.patch index 0be2cef2b8..e3a0ef28eb 100644 --- a/gnu/packages/patches/coreutils-cut-huge-range-test.patch +++ b/gnu/packages/patches/coreutils-cut-huge-range-test.patch @@ -1,22 +1,33 @@ This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our -the build environment chroot, as reported at . -It is a followup to this upstream patch: +the build environment chroot, as reported at , +and now on x86_64-linux-gnu as well. It is a variant of this upstream patch: - commit 28803c8a3144d5d4363cdbd148bbe067af1a67c2 - Author: Pádraig Brady - Date: Fri Mar 3 00:25:54 2017 -0800 + commit f5422009389678680dba9ff4ecb7d33632ee3383 + Author: Ludovic Courtès + Date: Mon Mar 27 20:34:39 2017 -0700 - tests: avoid a spurious failure on older debian + tests: avoid false ulimit failure on some systems + + * tests/misc/cut-huge-range.sh: On some systems returns_ may + use more memory, so incorporate that in the determination + of the ulimit value to use. Noticed on ARMv7 with bash-4.4.12, + and x86_64 with bash-4.2.37. + Fixes http://bugs.gnu.org/26253 ... which appeared to be insufficient. +diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh +index 6b3c5b6ed..55b7b640e 100755 --- a/tests/misc/cut-huge-range.sh +++ b/tests/misc/cut-huge-range.sh -@@ -22,6 +22,7 @@ getlimits_ +@@ -20,9 +20,9 @@ + print_ver_ cut + getlimits_ - vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \ +-vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \ ++vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \ || skip_ "this shell lacks ulimit support" -+vm=$(($vm + $(getconf PAGESIZE))) # avoid spurious failures + vm=$(($vm + 1000)) # avoid spurious failures # sed script to subtract one from the input. # Each input line should consist of a positive decimal number. diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch b/gnu/packages/patches/coreutils-fix-cross-compilation.patch deleted file mode 100644 index 3f0d35c33e..0000000000 --- a/gnu/packages/patches/coreutils-fix-cross-compilation.patch +++ /dev/null @@ -1,15 +0,0 @@ -Coreutils fails to cross compile for other platforms because cu_install_program -is not being evaluated properly. This patch fixes it. -See ---- a/Makefile.in -+++ b/Makefile.in -@@ -5023,7 +5023,7 @@ pr = progs-readme - @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall - - # Use the just-built 'ginstall', when not cross-compiling. --@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@ -+@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@ - info_TEXINFOS = doc/coreutils.texi - doc_coreutils_TEXINFOS = \ - doc/perm.texi \ - -- cgit 1.4.1 From dc4ebebd61896b1122fde97644325d06e3f46b47 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Mon, 6 Mar 2017 22:21:43 +0000 Subject: gnu: libffi: Fix builds on Alpha. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/patches/libffi-3.2.1-complex_alpha.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/libffi.scm (libffi)[source]: Use it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/libffi.scm | 3 ++- .../patches/libffi-3.2.1-complex-alpha.patch | 28 ++++++++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libffi-3.2.1-complex-alpha.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index d4ce243c7a..51f92f0882 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -697,6 +697,7 @@ dist_patch_DATA = \ %D%/packages/patches/libevent-2.1-skip-failing-test.patch \ %D%/packages/patches/libextractor-ffmpeg-3.patch \ %D%/packages/patches/libgit2-use-after-free.patch \ + %D%/packages/patches/libffi-3.2.1-complex-alpha.patch \ %D%/packages/patches/libjxr-fix-function-signature.patch \ %D%/packages/patches/libjxr-fix-typos.patch \ %D%/packages/patches/liboop-mips64-deplibs-fix.patch \ diff --git a/gnu/packages/libffi.scm b/gnu/packages/libffi.scm index 13938f7ee8..16475affe6 100644 --- a/gnu/packages/libffi.scm +++ b/gnu/packages/libffi.scm @@ -42,7 +42,8 @@ name "-" version ".tar.gz")) (sha256 (base32 - "0dya49bnhianl0r65m65xndz6ls2jn1xngyn72gd28ls3n7bnvnh")))) + "0dya49bnhianl0r65m65xndz6ls2jn1xngyn72gd28ls3n7bnvnh")) + (patches (search-patches "libffi-3.2.1-complex-alpha.patch")))) (build-system gnu-build-system) (arguments `(#:phases (alist-cons-after 'install 'post-install ,post-install-phase diff --git a/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch new file mode 100644 index 0000000000..ebbc0635a5 --- /dev/null +++ b/gnu/packages/patches/libffi-3.2.1-complex-alpha.patch @@ -0,0 +1,28 @@ +The patch fixes build failure of form: + ../src/alpha/osf.S:298:2: error: #error "osf.S out of sync with ffi.h" +Upstream fixed the bug in a more invasive way +but didn't have releases since 3.2.1. + +The patch is taken from Gentoo: +https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/libffi/files/libffi-3.2.1-complex_alpha.patch + +--- libffi-3.2.1/src/alpha/osf.S 2015-01-16 10:46:15.000000000 +0100 ++++ libffi-3.2.1/src/alpha/osf.S 2015-01-16 10:46:24.000000000 +0100 +@@ -279,6 +279,7 @@ + .gprel32 $load_64 # FFI_TYPE_SINT64 + .gprel32 $load_none # FFI_TYPE_STRUCT + .gprel32 $load_64 # FFI_TYPE_POINTER ++ .gprel32 $load_none # FFI_TYPE_COMPLEX + + /* Assert that the table above is in sync with ffi.h. */ + +@@ -294,7 +295,8 @@ + || FFI_TYPE_SINT64 != 12 \ + || FFI_TYPE_STRUCT != 13 \ + || FFI_TYPE_POINTER != 14 \ +- || FFI_TYPE_LAST != 14 ++ || FFI_TYPE_COMPLEX != 15 \ ++ || FFI_TYPE_LAST != 15 + #error "osf.S out of sync with ffi.h" + #endif + -- cgit 1.4.1 From 1ae93fc9839463885e08788d7dd35393a4d8a8be Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 17 Apr 2017 12:18:27 +0200 Subject: build: Add two missing patches to local.mk. gnu/local.mk (dist_patch): Add gettext-multi-core.patch and gettext-gnulib-multi-core.patch. Commit 480da86d0969a667e8d2a564de535cb73a6a2229 ommited them. Signed-off-by: Marius Bakke --- gnu/local.mk | 2 ++ 1 file changed, 2 insertions(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 51f92f0882..620fb07f32 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -593,6 +593,8 @@ dist_patch_DATA = \ %D%/packages/patches/gd-php-73968-Fix-109-XBM-reading.patch \ %D%/packages/patches/gegl-CVE-2012-4433.patch \ %D%/packages/patches/geoclue-config.patch \ + %D%/packages/patches/gettext-multi-core.patch \ + %D%/packages/patches/gettext-gnulib-multi-core.patch \ %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \ %D%/packages/patches/ghostscript-CVE-2013-5653.patch \ %D%/packages/patches/ghostscript-CVE-2015-3228.patch \ -- cgit 1.4.1 From da8e256a527a21ad88005c1d84514d910b964c19 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 17 Apr 2017 12:18:28 +0200 Subject: gnu: findutils: Fix make check issues on multi-core machines. * gnu/packages/patches/findutils-gnulib-multi-core.patch: New file. * gnu/local.mk (dist_patch): Add previous patch. * gnu/packages/base.scm (findutils)[patches]: Add a reference to the previous patch. Signed-off-by: Marius Bakke --- gnu/local.mk | 1 + gnu/packages/base.scm | 10 +- .../patches/findutils-gnulib-multi-core.patch | 294 +++++++++++++++++++++ 3 files changed, 303 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/findutils-gnulib-multi-core.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 620fb07f32..b1dbfec5e2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -562,6 +562,7 @@ dist_patch_DATA = \ %D%/packages/patches/fcgi-2.4.0-gcc44-fixes.patch \ %D%/packages/patches/fcgi-2.4.0-poll.patch \ %D%/packages/patches/findutils-localstatedir.patch \ + %D%/packages/patches/findutils-gnulib-multi-core.patch \ %D%/packages/patches/findutils-test-xargs.patch \ %D%/packages/patches/flint-ldconfig.patch \ %D%/packages/patches/fltk-shared-lib-defines.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index c568590214..004aacfa04 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Jan Nieuwenhuizen ;;; Copyright © 2017 Rene Saavedra +;;; Copyright © 2017 Mathieu Othacehe ;;; ;;; This file is part of GNU Guix. ;;; @@ -259,8 +260,13 @@ interactive means to merge two files.") (sha256 (base32 "178nn4dl7wbcw499czikirnkniwnx36argdnqgz4ik9i6zvwkm6y")) - (patches (search-patches "findutils-localstatedir.patch" - "findutils-test-xargs.patch")))) + (patches (search-patches + "findutils-localstatedir.patch" + "findutils-test-xargs.patch" + ;; test-lock has performance issues on multi-core + ;; machines, it hangs or takes a long time to complete. + ;; This is a commit from gnulib to fix this issue. + "findutils-gnulib-multi-core.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags (list diff --git a/gnu/packages/patches/findutils-gnulib-multi-core.patch b/gnu/packages/patches/findutils-gnulib-multi-core.patch new file mode 100644 index 0000000000..5a37f4f1f9 --- /dev/null +++ b/gnu/packages/patches/findutils-gnulib-multi-core.patch @@ -0,0 +1,294 @@ +This patch fixes performance problems on multi-core machines +as reported at . + +See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib +by Bruno Haible . + +diff --git a/tests/test-lock.c b/tests/test-lock.c +index a992f64..fb18dee 100644 +--- a/tests/test-lock.c ++++ b/tests/test-lock.c +@@ -1,5 +1,5 @@ + /* Test of locking in multithreaded situations. +- Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc. ++ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +@@ -50,6 +50,28 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a semaphore or a lock is used to protect ++ these variables. If set to 1, 'volatile' is used; this is theoretically ++ equivalent but can lead to much slower execution (e.g. 30x slower total ++ run time on a 40-core machine), because 'volatile' does not imply any ++ synchronization/communication between different CPUs. */ ++#define USE_VOLATILE 0 ++ ++#if USE_POSIX_THREADS && HAVE_SEMAPHORE_H ++/* Whether to use a semaphore to communicate information between threads. ++ If set to 0, a lock is used. If set to 1, a semaphore is used. ++ Uncomment this to reduce the dependencies of this test. */ ++# define USE_SEMAPHORE 1 ++/* Mac OS X provides only named semaphores (sem_open); its facility for ++ unnamed semaphores (sem_init) does not work. */ ++# if defined __APPLE__ && defined __MACH__ ++# define USE_NAMED_SEMAPHORE 1 ++# else ++# define USE_UNNAMED_SEMAPHORE 1 ++# endif ++#endif ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -90,6 +112,12 @@ + + #include "glthread/thread.h" + #include "glthread/yield.h" ++#if USE_SEMAPHORE ++# include ++# include ++# include ++# include ++#endif + + #if ENABLE_DEBUGGING + # define dbgprintf printf +@@ -103,6 +131,132 @@ + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#elif USE_SEMAPHORE ++/* This atomic_int implementation can only support the values 0 and 1. ++ It is initially 0 and can be set to 1 only once. */ ++# if USE_UNNAMED_SEMAPHORE ++struct atomic_int { ++ sem_t semaphore; ++}; ++#define atomic_int_semaphore(ai) (&(ai)->semaphore) ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ sem_init (&ai->semaphore, 0, 0); ++} ++# endif ++# if USE_NAMED_SEMAPHORE ++struct atomic_int { ++ sem_t *semaphore; ++}; ++#define atomic_int_semaphore(ai) ((ai)->semaphore) ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ sem_t *s; ++ unsigned int count; ++ for (count = 0; ; count++) ++ { ++ char name[80]; ++ /* Use getpid() in the name, so that different processes running at the ++ same time will not interfere. Use ai in the name, so that different ++ atomic_int in the same process will not interfere. Use a count in ++ the name, so that even in the (unlikely) case that a semaphore with ++ the specified name already exists, we can try a different name. */ ++ sprintf (name, "test-lock-%lu-%p-%u", ++ (unsigned long) getpid (), ai, count); ++ s = sem_open (name, O_CREAT | O_EXCL, 0600, 0); ++ if (s == SEM_FAILED) ++ { ++ if (errno == EEXIST) ++ /* Retry with a different name. */ ++ continue; ++ else ++ { ++ perror ("sem_open failed"); ++ abort (); ++ } ++ } ++ else ++ { ++ /* Try not to leave a semaphore hanging around on the file system ++ eternally, if we can avoid it. */ ++ sem_unlink (name); ++ break; ++ } ++ } ++ ai->semaphore = s; ++} ++# endif ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ if (sem_trywait (atomic_int_semaphore (ai)) == 0) ++ { ++ if (sem_post (atomic_int_semaphore (ai))) ++ abort (); ++ return 1; ++ } ++ else if (errno == EAGAIN) ++ return 0; ++ else ++ abort (); ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ if (new_value == 0) ++ /* It's already initialized with 0. */ ++ return; ++ /* To set the value 1: */ ++ if (sem_post (atomic_int_semaphore (ai))) ++ abort (); ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -170,12 +324,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -200,7 +354,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -210,7 +365,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -254,12 +409,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -284,7 +439,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -295,7 +451,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -356,12 +512,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -386,7 +542,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -396,7 +553,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } -- cgit 1.4.1 From b100e0e89ebd1a6e73d6be4e354dd684abb057a4 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Mon, 17 Apr 2017 12:18:29 +0200 Subject: gnu: libunistring: Fix make check issues on multi-core machines. * gnu/packages/patches/libunistring-gnulib-multi-core.patch: New file. * gnu/local.mk (dist_patch): Add previous patch. * gnu/packages/libunistring.scm (libunistring)[patches]: Add a reference to previous patch. Signed-off-by: Marius Bakke --- gnu/local.mk | 1 + gnu/packages/libunistring.scm | 8 +- .../patches/libunistring-gnulib-multi-core.patch | 178 +++++++++++++++++++++ 3 files changed, 186 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libunistring-gnulib-multi-core.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index b1dbfec5e2..a0d7cfd0ac 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -732,6 +732,7 @@ dist_patch_DATA = \ %D%/packages/patches/libtorrent-rasterbar-boost-compat.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libunwind-CVE-2015-3239.patch \ + %D%/packages/patches/libunistring-gnulib-multi-core.patch \ %D%/packages/patches/libvpx-CVE-2016-2818.patch \ %D%/packages/patches/libwmf-CAN-2004-0941.patch \ %D%/packages/patches/libwmf-CVE-2006-3376.patch \ diff --git a/gnu/packages/libunistring.scm b/gnu/packages/libunistring.scm index 212bec4b49..df02f68cea 100644 --- a/gnu/packages/libunistring.scm +++ b/gnu/packages/libunistring.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Jan Nieuwenhuizen +;;; Copyright © 2017 Mathieu Othacehe ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,6 +25,7 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix build-system gnu) + #:use-module (gnu packages) #:use-module (gnu packages base)) (define-public libunistring @@ -37,7 +39,11 @@ version ".tar.xz")) (sha256 (base32 - "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf")))) + "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf")) + ;; test-lock has performance issues on multi-core machines, + ;; it hangs or takes a long time to complete. + ;; This is a commit from gnulib to fix this issue. + (patches (search-patches "libunistring-gnulib-multi-core.patch")))) (propagated-inputs (libiconv-if-needed)) (build-system gnu-build-system) (arguments diff --git a/gnu/packages/patches/libunistring-gnulib-multi-core.patch b/gnu/packages/patches/libunistring-gnulib-multi-core.patch new file mode 100644 index 0000000000..709b20c6d2 --- /dev/null +++ b/gnu/packages/patches/libunistring-gnulib-multi-core.patch @@ -0,0 +1,178 @@ +This patch fixes performance problems on multi-core machines +as reported at . + +See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib +by Bruno Haible . + +diff --git a/tests/test-lock.c b/tests/test-lock.c +index cb734b4e6..aa6de2739 100644 +--- a/tests/test-lock.c ++++ b/tests/test-lock.c +@@ -50,6 +50,13 @@ + Uncomment this to see if the operating system has a fair scheduler. */ + #define EXPLICIT_YIELD 1 + ++/* Whether to use 'volatile' on some variables that communicate information ++ between threads. If set to 0, a lock is used to protect these variables. ++ If set to 1, 'volatile' is used; this is theoretically equivalent but can ++ lead to much slower execution (e.g. 30x slower total run time on a 40-core ++ machine. */ ++#define USE_VOLATILE 0 ++ + /* Whether to print debugging messages. */ + #define ENABLE_DEBUGGING 0 + +@@ -103,6 +110,51 @@ + # define yield() + #endif + ++#if USE_VOLATILE ++struct atomic_int { ++ volatile int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ return ai->value; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ ai->value = new_value; ++} ++#else ++struct atomic_int { ++ gl_lock_define (, lock) ++ int value; ++}; ++static void ++init_atomic_int (struct atomic_int *ai) ++{ ++ gl_lock_init (ai->lock); ++} ++static int ++get_atomic_int_value (struct atomic_int *ai) ++{ ++ gl_lock_lock (ai->lock); ++ int ret = ai->value; ++ gl_lock_unlock (ai->lock); ++ return ret; ++} ++static void ++set_atomic_int_value (struct atomic_int *ai, int new_value) ++{ ++ gl_lock_lock (ai->lock); ++ ai->value = new_value; ++ gl_lock_unlock (ai->lock); ++} ++#endif ++ + #define ACCOUNT_COUNT 4 + + static int account[ACCOUNT_COUNT]; +@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int lock_checker_done; ++static struct atomic_int lock_checker_done; + + static void * + lock_checker_thread (void *arg) + { +- while (!lock_checker_done) ++ while (get_atomic_int_value (&lock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_lock_lock (my_lock); +@@ -200,7 +252,8 @@ test_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- lock_checker_done = 0; ++ init_atomic_int (&lock_checker_done); ++ set_atomic_int_value (&lock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (lock_checker_thread, NULL); +@@ -210,7 +263,7 @@ test_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- lock_checker_done = 1; ++ set_atomic_int_value (&lock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } +@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int rwlock_checker_done; ++static struct atomic_int rwlock_checker_done; + + static void * + rwlock_checker_thread (void *arg) + { +- while (!rwlock_checker_done) ++ while (get_atomic_int_value (&rwlock_checker_done) == 0) + { + dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ()); + gl_rwlock_rdlock (my_rwlock); +@@ -284,7 +337,8 @@ test_rwlock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- rwlock_checker_done = 0; ++ init_atomic_int (&rwlock_checker_done); ++ set_atomic_int_value (&rwlock_checker_done, 0); + + /* Spawn the threads. */ + for (i = 0; i < THREAD_COUNT; i++) +@@ -295,7 +349,7 @@ test_rwlock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- rwlock_checker_done = 1; ++ set_atomic_int_value (&rwlock_checker_done, 1); + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (checkerthreads[i], NULL); + check_accounts (); +@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg) + return NULL; + } + +-static volatile int reclock_checker_done; ++static struct atomic_int reclock_checker_done; + + static void * + reclock_checker_thread (void *arg) + { +- while (!reclock_checker_done) ++ while (get_atomic_int_value (&reclock_checker_done) == 0) + { + dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ()); + gl_recursive_lock_lock (my_reclock); +@@ -386,7 +440,8 @@ test_recursive_lock (void) + /* Initialization. */ + for (i = 0; i < ACCOUNT_COUNT; i++) + account[i] = 1000; +- reclock_checker_done = 0; ++ init_atomic_int (&reclock_checker_done); ++ set_atomic_int_value (&reclock_checker_done, 0); + + /* Spawn the threads. */ + checkerthread = gl_thread_create (reclock_checker_thread, NULL); +@@ -396,7 +451,7 @@ test_recursive_lock (void) + /* Wait for the threads to terminate. */ + for (i = 0; i < THREAD_COUNT; i++) + gl_thread_join (threads[i], NULL); +- reclock_checker_done = 1; ++ set_atomic_int_value (&reclock_checker_done, 1); + gl_thread_join (checkerthread, NULL); + check_accounts (); + } -- cgit 1.4.1 From f0c6dda640d9e7f11de987fb0b01aee09fd4ec6d Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 28 May 2017 15:22:18 +0100 Subject: gnu: binutils: Update to 2.28. * gnu/packages/base.scm (binutils): Update to 2.28. [source]: Remove upstreamed patch. [arguments]<#:configure-flags>: Remove "--disable-werror" * gnu/packages/patches/binutils-mips-bash-bug.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/base.scm | 11 +++-------- gnu/packages/patches/binutils-mips-bash-bug.patch | 22 ---------------------- 3 files changed, 3 insertions(+), 31 deletions(-) delete mode 100644 gnu/packages/patches/binutils-mips-bash-bug.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 6bb230687f..621a1c1806 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -516,7 +516,6 @@ dist_patch_DATA = \ %D%/packages/patches/bigloo-gc-shebangs.patch \ %D%/packages/patches/binutils-ld-new-dtags.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ - %D%/packages/patches/binutils-mips-bash-bug.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/cairo-CVE-2016-9082.patch \ %D%/packages/patches/calibre-drop-unrar.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 5b13a0f1de..28e0325534 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -418,17 +418,16 @@ change. GNU make offers many powerful extensions over the standard utility.") (define-public binutils (package (name "binutils") - (version "2.27") + (version "2.28") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/binutils/binutils-" version ".tar.bz2")) (sha256 (base32 - "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn")) + "0wiasgns7i8km8nrxas265sh2dfpsw93b3qw195ipc90w4z475v2")) (patches (search-patches "binutils-ld-new-dtags.patch" - "binutils-loongson-workaround.patch" - "binutils-mips-bash-bug.patch")))) + "binutils-loongson-workaround.patch")))) (build-system gnu-build-system) ;; TODO: Add dependency on zlib + those for Gold. @@ -440,10 +439,6 @@ change. GNU make offers many powerful extensions over the standard utility.") ;; Don't search under /usr/lib & co. "--with-lib-path=/no-ld-lib-path" - ;; Glibc 2.17 has a "comparison of unsigned - ;; expression >= 0 is always true" in wchar.h. - "--disable-werror" - ;; Install BFD. It ends up in a hidden directory, ;; but it's here. "--enable-install-libbfd" diff --git a/gnu/packages/patches/binutils-mips-bash-bug.patch b/gnu/packages/patches/binutils-mips-bash-bug.patch deleted file mode 100644 index 08d3a79749..0000000000 --- a/gnu/packages/patches/binutils-mips-bash-bug.patch +++ /dev/null @@ -1,22 +0,0 @@ -Bash 4.2.0(1)-release, which we use during bootstrap, does not yield the -"x" case in: - - case x"$EMULATION_NAME" in x) ;; *) ;; esac - -when 'EMULATION_NAME' is undefined. Bash 4.3.30(1)-release doesn't have this -problem. Work around it. - -This Bash bug was fixed -in . - ---- a/ld/emulparams/elf32bmipn32-defs.sh -+++ b/ld/emulparams/elf32bmipn32-defs.sh -@@ -13,7 +13,7 @@ LITTLE_OUTPUT_FORMAT="elf32-littlemips" - TEMPLATE_NAME=elf32 - EXTRA_EM_FILE=mipself - --case x"$EMULATION_NAME" in -+case "x$EMULATION_NAME" in - xelf32*n32*) ELFSIZE=32 ;; - xelf64*) ELFSIZE=64 ;; - x) ;; -- cgit 1.4.1 From 4953c33316409945f30c4a3c33aa106ec3d84afd Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 28 May 2017 15:30:00 +0100 Subject: gnu: libtasn1: Remove obsolete patch. This is a followup to 6a09628cb1147481131e582c1711edeb0db81944. (picked from the wrong branch, sorry!) * gnu/packages/tls.scm (libtasn1)[source]: Remove upstreamed patch. * gnu/packages/patches/libtasn1-CVE-2017-6891.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/libtasn1-CVE-2017-6891.patch | 51 ----------------------- gnu/packages/tls.scm | 1 - 3 files changed, 53 deletions(-) delete mode 100644 gnu/packages/patches/libtasn1-CVE-2017-6891.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 621a1c1806..3d7ae598e1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -742,7 +742,6 @@ dist_patch_DATA = \ %D%/packages/patches/libsndfile-CVE-2017-8362.patch \ %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ - %D%/packages/patches/libtasn1-CVE-2017-6891.patch \ %D%/packages/patches/libtheora-config-guess.patch \ %D%/packages/patches/libtiff-CVE-2016-10092.patch \ %D%/packages/patches/libtiff-CVE-2016-10093.patch \ diff --git a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch b/gnu/packages/patches/libtasn1-CVE-2017-6891.patch deleted file mode 100644 index 1f847ed025..0000000000 --- a/gnu/packages/patches/libtasn1-CVE-2017-6891.patch +++ /dev/null @@ -1,51 +0,0 @@ -Fix CVE-2017-6891: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891 - -Patch copied from upstream source repository: - -https://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=5520704d075802df25ce4ffccc010ba1641bd484 - -From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Thu, 18 May 2017 18:03:34 +0200 -Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node() - -This prevents a stack overflow in asn1_find_node() which -is triggered by too long variable names in the definitions -files. That means that applications have to deliberately -pass a too long 'name' constant to asn1_write_value() -and friends. Reported by Jakub Jirasek. - -Signed-off-by: Nikos Mavrogiannopoulos ---- - lib/parser_aux.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/lib/parser_aux.c b/lib/parser_aux.c -index b4a7370..976ab38 100644 ---- a/lib/parser_aux.c -+++ b/lib/parser_aux.c -@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name) - if (n_end) - { - nsize = n_end - n_start; -+ if (nsize >= sizeof(n)) -+ return NULL; -+ - memcpy (n, n_start, nsize); - n[nsize] = 0; - n_start = n_end; -@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name) - if (n_end) - { - nsize = n_end - n_start; -+ if (nsize >= sizeof(n)) -+ return NULL; -+ - memcpy (n, n_start, nsize); - n[nsize] = 0; - n_start = n_end; --- -2.13.0 - diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 39cfd10f57..6a0b0637a2 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -58,7 +58,6 @@ (method url-fetch) (uri (string-append "mirror://gnu/libtasn1/libtasn1-" version ".tar.gz")) - (patches (search-patches "libtasn1-CVE-2017-6891.patch")) (sha256 (base32 "0h929bdq6w699y1mdkdajp5a6da8whgg3ba5p4j8x1wy36rlcjll")))) -- cgit 1.4.1 From 9491227dcbe52fff1b65ebb9b162d825152b7173 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Wed, 31 May 2017 21:08:26 +0100 Subject: gnu: python-file: Drop outdated patch. * gnu/local.mk: Remove python-file-double-encoding-bug.patch * gnu/packages/patches/python-file-double-encoding-bug.patch: Delete file. * gnu/packages/python.scm (python-file)[source]: Remove "python-file-double-encoding-bug.patch". Signed-off-by: Danny Milosavljevic --- gnu/local.mk | 1 - .../patches/python-file-double-encoding-bug.patch | 50 ---------------------- gnu/packages/python.scm | 4 -- 3 files changed, 55 deletions(-) delete mode 100644 gnu/packages/patches/python-file-double-encoding-bug.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3d7ae598e1..5090c04b9f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -927,7 +927,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-3.5-fix-tests.patch \ %D%/packages/patches/python-3.5-getentropy-on-old-kernels.patch \ %D%/packages/patches/python-dendropy-fix-tests.patch \ - %D%/packages/patches/python-file-double-encoding-bug.patch \ %D%/packages/patches/python-fix-tests.patch \ %D%/packages/patches/python-parse-too-many-fields.patch \ %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \ diff --git a/gnu/packages/patches/python-file-double-encoding-bug.patch b/gnu/packages/patches/python-file-double-encoding-bug.patch deleted file mode 100644 index bbe825c36a..0000000000 --- a/gnu/packages/patches/python-file-double-encoding-bug.patch +++ /dev/null @@ -1,50 +0,0 @@ -Fix bug that breaks file's Python bindings when using Python 3. This patch -should not be applied when using Python 2. - -Copied from upstream source repository: - -https://github.com/file/file/commit/73e043d2a986234b187a00ed0c8d1f7bf83df372 - -From 73e043d2a986234b187a00ed0c8d1f7bf83df372 Mon Sep 17 00:00:00 2001 -From: Christos Zoulas -Date: Tue, 28 Jun 2016 17:10:22 +0000 -Subject: [PATCH] PR/562: Reiner Herrmann: Avoid double encoding with python3 - ---- - python/magic.py | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/python/magic.py b/python/magic.py -index c48f7d5..b0f7a17 100644 ---- a/python/magic.py -+++ b/python/magic.py -@@ -134,7 +134,7 @@ class Magic(object): - if isinstance(r, str): - return r - else: -- return str(r).encode('utf-8') -+ return str(r, 'utf-8') - - def descriptor(self, fd): - """ -@@ -152,7 +152,7 @@ class Magic(object): - if isinstance(r, str): - return r - else: -- return str(r).encode('utf-8') -+ return str(r, 'utf-8') - - def error(self): - """ -@@ -163,7 +163,7 @@ class Magic(object): - if isinstance(e, str): - return e - else: -- return str(e).encode('utf-8') -+ return str(e, 'utf-8') - - def setflags(self, flags): - """ --- -2.10.1 - diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index b958199bdb..aaa69075ef 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -7578,10 +7578,6 @@ Python's @code{ctypes} foreign function interface (FFI).") (package (inherit file) (name "python-file") - (source (origin - (inherit (package-source file)) - ;; This patch should not be applied to python2-file. - (patches (search-patches "python-file-double-encoding-bug.patch")))) (build-system python-build-system) (arguments '(#:tests? #f ;no tests -- cgit 1.4.1 From d6158fe70dfef6c03357d75d36dc7cac813dea45 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 29 May 2017 13:47:39 -0400 Subject: gnu: ghostscript: Switch to Artifex Ghostcript and update to 9.21. * gnu/packages/ghostscript.scm (ghostscript): Update to 9.21. [source]: Fetch the source from Artifex. [native-inputs]: Remove pkg-config. [inputs]: Add jbig2dec and use libjpeg instead of libjpeg-8. [arguments]: Add #:configure-flags. [replacement]: Remove field. (ghostcript/fixed): Remove variable. * gnu/packages/patches/ghostscript-CVE-2017-8291.patch, gnu/packages/patches/ghostscript-runpath.patch: Adjust to new upstream source. * gnu/packages/patches/ghostscript-CVE-2013-5653.patch, gnu/packages/patches/ghostscript-CVE-2015-3228.patch, gnu/packages/patches/ghostscript-CVE-2016-7976.patch, gnu/packages/patches/ghostscript-CVE-2016-7978.patch, gnu/packages/patches/ghostscript-CVE-2016-7979.patch, gnu/packages/patches/ghostscript-CVE-2016-8602.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. --- gnu/local.mk | 6 - gnu/packages/ghostscript.scm | 161 +++++++++--------- .../patches/ghostscript-CVE-2013-5653.patch | 85 ---------- .../patches/ghostscript-CVE-2015-3228.patch | 32 ---- .../patches/ghostscript-CVE-2016-7976.patch | 185 --------------------- .../patches/ghostscript-CVE-2016-7978.patch | 25 --- .../patches/ghostscript-CVE-2016-7979.patch | 48 ------ .../patches/ghostscript-CVE-2016-8602.patch | 47 ------ .../patches/ghostscript-CVE-2017-8291.patch | 166 +++++++++++++++--- gnu/packages/patches/ghostscript-runpath.patch | 17 +- 10 files changed, 240 insertions(+), 532 deletions(-) delete mode 100644 gnu/packages/patches/ghostscript-CVE-2013-5653.patch delete mode 100644 gnu/packages/patches/ghostscript-CVE-2015-3228.patch delete mode 100644 gnu/packages/patches/ghostscript-CVE-2016-7976.patch delete mode 100644 gnu/packages/patches/ghostscript-CVE-2016-7978.patch delete mode 100644 gnu/packages/patches/ghostscript-CVE-2016-7979.patch delete mode 100644 gnu/packages/patches/ghostscript-CVE-2016-8602.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 5090c04b9f..95efe60ed6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -614,12 +614,6 @@ dist_patch_DATA = \ %D%/packages/patches/gettext-multi-core.patch \ %D%/packages/patches/gettext-gnulib-multi-core.patch \ %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \ - %D%/packages/patches/ghostscript-CVE-2013-5653.patch \ - %D%/packages/patches/ghostscript-CVE-2015-3228.patch \ - %D%/packages/patches/ghostscript-CVE-2016-7976.patch \ - %D%/packages/patches/ghostscript-CVE-2016-7978.patch \ - %D%/packages/patches/ghostscript-CVE-2016-7979.patch \ - %D%/packages/patches/ghostscript-CVE-2016-8602.patch \ %D%/packages/patches/ghostscript-CVE-2017-8291.patch \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 3a24580b77..ffe6e018bd 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -129,85 +129,98 @@ printing, and psresize, for adjusting page sizes.") (define-public ghostscript (package - (name "ghostscript") - (version "9.14.0") - ;; XXX Try removing the bundled copy of jbig2dec. - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-" - version ".tar.xz")) - (sha256 - (base32 - "0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1")) - (patches (search-patches "ghostscript-CVE-2013-5653.patch" - "ghostscript-CVE-2015-3228.patch" - "ghostscript-CVE-2016-7976.patch" - "ghostscript-CVE-2016-7978.patch" - "ghostscript-CVE-2016-7979.patch" - "ghostscript-CVE-2016-8602.patch" - "ghostscript-CVE-2017-8291.patch" - "ghostscript-runpath.patch")) - (modules '((guix build utils))) - (snippet - ;; Honor --docdir. - '(substitute* "Makefile.in" - (("^docdir=.*$") "docdir = @docdir@\n") - (("^exdir=.*$") "exdir = $(docdir)/examples\n"))))) - (build-system gnu-build-system) - (outputs '("out" "doc")) ;16 MiB of HTML/PS doc + examples - (inputs `(("freetype" ,freetype) - ("lcms" ,lcms) - ("libjpeg-8" ,libjpeg-8) - ("libpng" ,libpng) - ("libpaper" ,libpaper) - ("libtiff" ,libtiff) - ("zlib" ,zlib))) - (native-inputs - `(("perl" ,perl) - ("pkg-config" ,pkg-config) ; needed to find libtiff - ("python" ,python-wrapper) - ("tcl" ,tcl))) - (arguments - `(#:disallowed-references ("doc") - #:phases - (modify-phases %standard-phases - (add-after 'configure 'patch-config-files - (lambda _ - (substitute* "base/all-arch.mak" - (("/bin/sh") (which "sh"))) - (substitute* "base/unixhead.mak" - (("/bin/sh") (which "sh"))))) - (add-after 'configure 'remove-doc-reference - (lambda _ - ;; Don't retain a reference to the 'doc' output in 'gs'. - ;; The only use of this definition is in the output of - ;; 'gs --help', so this change is fine. - (substitute* "base/gscdef.c" - (("GS_DOCDIR") - "\"~/.guix-profile/share/doc/ghostscript\"")))) - (replace 'build + (name "ghostscript") + (version "9.21") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/ArtifexSoftware/" + "ghostpdl-downloads/releases/download/gs" + (string-delete #\. version) + "/ghostscript-" version ".tar.xz")) + (sha256 + (base32 + "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b")) + (patches (search-patches "ghostscript-runpath.patch" + "ghostscript-CVE-2017-8291.patch")) + (modules '((guix build utils))) + (snippet + ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so + ;; we leave it, at least for now. + ;; TODO Try unbundling ijs, which is developed alongside Ghostscript. + '(begin + (for-each delete-file-recursively '("freetype" "jbig2dec" "jpeg" + "lcms2" "libpng" + "tiff" "zlib")))))) + (build-system gnu-build-system) + (outputs '("out" "doc")) ;19 MiB of HTML/PS doc + examples + (arguments + `(#:disallowed-references ("doc") + #:configure-flags + (list "--with-system-libtiff" + "LIBS=-lz" + (string-append "ZLIBDIR=" + (assoc-ref %build-inputs "zlib") "/include") + "--enable-dynamic") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-doc-dir (lambda _ - ;; Build 'libgs.so', but don't build the statically-linked 'gs' - ;; binary (saves 18 MiB). - (zero? (system* "make" "so" "-j" - (number->string (parallel-job-count)))))) - (replace 'install + ;; Honor --docdir. + (substitute* "Makefile.in" + (("^docdir=.*$") "docdir = @docdir@\n") + (("^exdir=.*$") "exdir = $(docdir)/examples\n")) + #t)) + (add-after 'configure 'remove-doc-reference (lambda _ - (zero? (system* "make" "soinstall")))) - (add-after 'install 'create-gs-symlink - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - ;; some programs depend on having a 'gs' binary available - (symlink "gsc" (string-append out "/bin/gs")))))))) - (synopsis "PostScript and PDF interpreter") - (description - "Ghostscript is an interpreter for the PostScript language and the PDF + ;; Don't retain a reference to the 'doc' output in 'gs'. + ;; The only use of this definition is in the output of + ;; 'gs --help', so this change is fine. + (substitute* "base/gscdef.c" + (("GS_DOCDIR") + "\"~/.guix-profile/share/doc/ghostscript\"")) + #t)) + (add-after 'configure 'patch-config-files + (lambda _ + (substitute* "base/unixhead.mak" + (("/bin/sh") (which "sh"))) + #t)) + (replace 'build + (lambda _ + ;; Build 'libgs.so', but don't build the statically-linked 'gs' + ;; binary (saves 22 MiB). + (zero? (system* "make" "so" "-j" + (number->string (parallel-job-count)))))) + (replace 'install + (lambda _ + (zero? (system* "make" "soinstall")))) + (add-after 'install 'create-gs-symlink + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + ;; Some programs depend on having a 'gs' binary available. + (symlink "gsc" (string-append out "/bin/gs")) + #t)))))) + (native-inputs + `(("perl" ,perl) + ("python" ,python-wrapper) + ("tcl" ,tcl))) + (inputs + `(("freetype" ,freetype) + ("jbig2dec" ,jbig2dec) + ("lcms2" ,lcms) + ("libjpeg" ,libjpeg) + ("libpaper" ,libpaper) + ("libpng" ,libpng) + ("libtiff" ,libtiff) + ("zlib" ,zlib))) + (synopsis "PostScript and PDF interpreter") + (description + "Ghostscript is an interpreter for the PostScript language and the PDF file format. It also includes a C library that implements the graphics capabilities of the PostScript language. It supports a wide variety of output file formats and printers.") - (license license:agpl3+) - (home-page "https://www.gnu.org/software/ghostscript/") - (properties '((upstream-name . "gnu-ghostscript"))))) + (home-page "https://www.ghostscript.com/") + (license license:agpl3+))) (define-public ghostscript/x (package/inherit ghostscript diff --git a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch b/gnu/packages/patches/ghostscript-CVE-2013-5653.patch deleted file mode 100644 index 622266b176..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2013-5653.patch +++ /dev/null @@ -1,85 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 - -From ab109aaeb3ddba59518b036fb288402a65cf7ce8 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Sat, 5 Mar 2016 14:56:03 -0800 -Subject: [PATCH] Bug 694724: Have filenameforall and getenv honor SAFER - ---- - Resource/Init/gs_init.ps | 2 ++ - psi/zfile.c | 36 ++++++++++++++++++++---------------- - 2 files changed, 22 insertions(+), 16 deletions(-) - -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index fa33d88..99888ac 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2018,6 +2018,7 @@ readonly def - - /.locksafe { - .locksafe_userparams -+ systemdict /getenv {pop //false} put - % setpagedevice has the side effect of clearing the page, but - % we will just document that. Using setpagedevice keeps the device - % properties and pagedevice .LockSafetyParams in agreement even -@@ -2036,6 +2037,7 @@ readonly def - %% - /.locksafeglobal { - .locksafe_userparams -+ systemdict /getenv {pop //false} put - % setpagedevice has the side effect of clearing the page, but - % we will just document that. Using setpagedevice keeps the device - % properties and pagedevice .LockSafetyParams in agreement even -diff --git a/psi/zfile.c b/psi/zfile.c -index 320ecd5..0b9f299 100644 ---- a/psi/zfile.c -+++ b/psi/zfile.c -@@ -371,22 +371,26 @@ file_continue(i_ctx_t *i_ctx_p) - - if (len < devlen) - return_error(e_rangecheck); /* not even room for device len */ -- memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); -- code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, -- len - devlen); -- if (code == ~(uint) 0) { /* all done */ -- esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ -- return o_pop_estack; -- } else if (code > len) /* overran string */ -- return_error(e_rangecheck); -- else { -- push(1); -- ref_assign(op, pscratch); -- r_set_size(op, code + devlen); -- push_op_estack(file_continue); /* come again */ -- *++esp = pscratch[2]; /* proc */ -- return o_push_estack; -- } -+ -+ do { -+ memcpy((char *)pscratch->value.bytes, iodev->dname, devlen); -+ code = iodev->procs.enumerate_next(pfen, (char *)pscratch->value.bytes + devlen, -+ len - devlen); -+ if (code == ~(uint) 0) { /* all done */ -+ esp -= 5; /* pop proc, pfen, devlen, iodev , mark */ -+ return o_pop_estack; -+ } else if (code > len) /* overran string */ -+ return_error(e_rangecheck); -+ else if (iodev != iodev_default(imemory) -+ || (check_file_permissions_reduced(i_ctx_p, (char *)pscratch->value.bytes, code + devlen, "PermitFileReading")) == 0) { -+ push(1); -+ ref_assign(op, pscratch); -+ r_set_size(op, code + devlen); -+ push_op_estack(file_continue); /* come again */ -+ *++esp = pscratch[2]; /* proc */ -+ return o_push_estack; -+ } -+ } while(1); - } - /* Cleanup procedure for enumerating files */ - static int --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch b/gnu/packages/patches/ghostscript-CVE-2015-3228.patch deleted file mode 100644 index c19fdb1d43..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2015-3228.patch +++ /dev/null @@ -1,32 +0,0 @@ -The file names in the upstream patch below were modified to apply to GNU -ghostscript. - -From 0c0b0859ae1aba64861599f0e7f74f143f305932 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Tue, 7 Jul 2015 16:57:41 +0100 -Subject: [PATCH] Bug 696041: sanity check for memory allocation. - -In gs_heap_alloc_bytes(), add a sanity check to ensure we don't overflow the -variable holding the actual number of bytes we allocate. - -No cluster differences ---- - gs/base/gsmalloc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/base/gsmalloc.c b/base/gsmalloc.c -index 624552d..cad79c2 100644 ---- a/base/gsmalloc.c -+++ b/base/gsmalloc.c -@@ -178,7 +178,7 @@ gs_heap_alloc_bytes(gs_memory_t * mem, uint size, client_name_t cname) - } else { - uint added = size + sizeof(gs_malloc_block_t); - -- if (mmem->limit - added < mmem->used) -+ if (added <= size || mmem->limit - added < mmem->used) - set_msg("exceeded limit"); - else if ((ptr = (byte *) Memento_label(malloc(added), cname)) == 0) - set_msg("failed"); --- -2.4.6 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch b/gnu/packages/patches/ghostscript-CVE-2016-7976.patch deleted file mode 100644 index 0a09f89016..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7976.patch +++ /dev/null @@ -1,185 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d - -From 6d444c273da5499a4cd72f21cb6d4c9a5256807d Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Wed, 5 Oct 2016 09:55:55 +0100 -Subject: [PATCH] Bug 697178: Add a file permissions callback - -For the rare occasions when the graphics library directly opens a file -(currently for reading), this allows us to apply any restrictions on -file access normally applied in the interpteter. ---- - base/gsicc_manage.c | 10 ++++++---- - base/gslibctx.c | 12 +++++++++++- - base/gslibctx.h | 7 +++++++ - psi/imain.c | 2 ++ - psi/int.mak | 2 +- - psi/zfile.c | 19 +++++++++++++++++++ - psi/zfile.h | 7 +++++++ - 7 files changed, 53 insertions(+), 6 deletions(-) - -diff --git a/base/gsicc_manage.c b/base/gsicc_manage.c -index 931c2a6..e9c09c3 100644 ---- a/base/gsicc_manage.c -+++ b/base/gsicc_manage.c -@@ -1028,10 +1028,12 @@ gsicc_open_search(const char* pname, int namelen, gs_memory_t *mem_gc, - } - - /* First just try it like it is */ -- str = sfopen(pname, "rb", mem_gc); -- if (str != NULL) { -- *strp = str; -- return 0; -+ if (gs_check_file_permission(mem_gc, pname, namelen, "r") >= 0) { -+ str = sfopen(pname, "rb", mem_gc); -+ if (str != NULL) { -+ *strp = str; -+ return 0; -+ } - } - - /* If that fails, try %rom% */ /* FIXME: Not sure this is needed or correct */ -diff --git a/base/gslibctx.c b/base/gslibctx.c -index eaa0458..37ce1ca 100644 ---- a/base/gslibctx.c -+++ b/base/gslibctx.c -@@ -121,7 +121,7 @@ int gs_lib_ctx_init( gs_memory_t *mem ) - mem->gs_lib_ctx = NULL; - return -1; - } -- -+ pio->client_check_file_permission = NULL; - gp_get_realtime(pio->real_time_0); - - return 0; -@@ -262,3 +262,13 @@ void errflush(const gs_memory_t *mem) - fflush(mem->gs_lib_ctx->fstderr); - /* else nothing to flush */ - } -+ -+int -+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission) -+{ -+ int code = 0; -+ if (mem->gs_lib_ctx->client_check_file_permission != NULL) { -+ code = mem->gs_lib_ctx->client_check_file_permission(mem, fname, len, permission); -+ } -+ return code; -+} -diff --git a/base/gslibctx.h b/base/gslibctx.h -index 7a4e110..020e2d9 100644 ---- a/base/gslibctx.h -+++ b/base/gslibctx.h -@@ -32,6 +32,9 @@ typedef struct gs_fapi_server_s gs_fapi_server; - # define gs_font_dir_DEFINED - typedef struct gs_font_dir_s gs_font_dir; - #endif -+ -+typedef int (*client_check_file_permission_t) (gs_memory_t *mem, const char *fname, const int len, const char *permission); -+ - typedef struct gs_lib_ctx_s - { - gs_memory_t *memory; /* mem->gs_lib_ctx->memory == mem */ -@@ -59,6 +62,7 @@ typedef struct gs_lib_ctx_s - bool dict_auto_expand; /* ps dictionary: false level 1 true level 2 or 3 */ - /* A table of local copies of the IODevices */ - struct gx_io_device_s **io_device_table; -+ client_check_file_permission_t client_check_file_permission; - /* Define the default value of AccurateScreens that affects setscreen - and setcolorscreen. */ - bool screen_accurate_screens; -@@ -108,6 +112,9 @@ int - void gs_lib_ctx_set_icc_directory(const gs_memory_t *mem_gc, const char* pname, - int dir_namelen); - -+int -+gs_check_file_permission (gs_memory_t *mem, const char *fname, const int len, const char *permission); -+ - #define IS_LIBCTX_STDOUT(mem, f) (f == mem->gs_lib_ctx->fstdout) - #define IS_LIBCTX_STDERR(mem, f) (f == mem->gs_lib_ctx->fstderr) - -diff --git a/psi/imain.c b/psi/imain.c -index 9a9bb5d..6874128 100644 ---- a/psi/imain.c -+++ b/psi/imain.c -@@ -57,6 +57,7 @@ - #include "ivmspace.h" - #include "idisp.h" /* for setting display device callback */ - #include "iplugin.h" -+#include "zfile.h" - - #ifdef PACIFY_VALGRIND - #include "valgrind.h" -@@ -215,6 +216,7 @@ gs_main_init1(gs_main_instance * minst) - "the_gs_name_table"); - if (code < 0) - return code; -+ mem->gs_lib_ctx->client_check_file_permission = z_check_file_permissions; - } - code = obj_init(&minst->i_ctx_p, &idmem); /* requires name_init */ - if (code < 0) -diff --git a/psi/int.mak b/psi/int.mak -index 4654afc..bb30d51 100644 ---- a/psi/int.mak -+++ b/psi/int.mak -@@ -1868,7 +1868,7 @@ $(PSOBJ)imain.$(OBJ) : $(PSSRC)imain.c $(GH) $(memory__h) $(string__h)\ - $(ialloc_h) $(iconf_h) $(idebug_h) $(idict_h) $(idisp_h) $(iinit_h)\ - $(iname_h) $(interp_h) $(iplugin_h) $(isave_h) $(iscan_h) $(ivmspace_h)\ - $(iinit_h) $(main_h) $(oper_h) $(ostack_h)\ -- $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) -+ $(sfilter_h) $(store_h) $(stream_h) $(strimpl_h) $(zfile_h) - $(PSCC) $(PSO_)imain.$(OBJ) $(C_) $(PSSRC)imain.c - - #****** $(CCINT) interp.c -diff --git a/psi/zfile.c b/psi/zfile.c -index 2c6c958..2f27f82 100644 ---- a/psi/zfile.c -+++ b/psi/zfile.c -@@ -197,6 +197,25 @@ check_file_permissions(i_ctx_t *i_ctx_p, const char *fname, int len, - return check_file_permissions_reduced(i_ctx_p, fname_reduced, rlen, permitgroup); - } - -+/* z_check_file_permissions: see zfile.h for explanation -+ */ -+int -+z_check_file_permissions(gs_memory_t *mem, const char *fname, const int len, const char *permission) -+{ -+ i_ctx_t *i_ctx_p = get_minst_from_memory(mem)->i_ctx_p; -+ gs_parsed_file_name_t pname; -+ const char *permitgroup = permission[0] == 'r' ? "PermitFileReading" : "PermitFileWriting"; -+ int code = gs_parse_file_name(&pname, fname, len, imemory); -+ if (code < 0) -+ return code; -+ -+ if (pname.iodev && i_ctx_p->LockFilePermissions && strcmp(pname.iodev->dname, "%pipe%") == 0) -+ return e_invalidfileaccess; -+ -+ code = check_file_permissions(i_ctx_p, fname, len, permitgroup); -+ return code; -+} -+ - /* file */ - int /* exported for zsysvm.c */ - zfile(i_ctx_t *i_ctx_p) -diff --git a/psi/zfile.h b/psi/zfile.h -index fdf1373..a9399c7 100644 ---- a/psi/zfile.h -+++ b/psi/zfile.h -@@ -22,4 +22,11 @@ - int zopen_file(i_ctx_t *i_ctx_p, const gs_parsed_file_name_t *pfn, - const char *file_access, stream **ps, gs_memory_t *mem); - -+/* z_check_file_permissions: a callback (via mem->gs_lib_ctx->client_check_file_permission) -+ * to allow applying the above permissions checks when opening file(s) from -+ * the graphics library -+ */ -+int -+z_check_file_permissions(gs_memory_t *mem, const char *fname, -+ const int len, const char *permission); - #endif --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch b/gnu/packages/patches/ghostscript-CVE-2016-7978.patch deleted file mode 100644 index 81cb26e9ed..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7978.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 6f749c0c44e7b9e09737b9f29edf29925a34f0cf Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Wed, 5 Oct 2016 09:59:25 +0100 -Subject: [PATCH] Bug 697179: Reference count device icc profile - -when copying a device ---- - base/gsdevice.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/base/gsdevice.c b/base/gsdevice.c -index 778106f..aea986a 100644 ---- a/base/gsdevice.c -+++ b/base/gsdevice.c -@@ -614,6 +614,7 @@ gx_device_init(gx_device * dev, const gx_device * proto, gs_memory_t * mem, - dev->memory = mem; - dev->retained = !internal; - rc_init(dev, mem, (internal ? 0 : 1)); -+ rc_increment(dev->icc_struct); - } - - void --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch b/gnu/packages/patches/ghostscript-CVE-2016-7979.patch deleted file mode 100644 index a557adfdea..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-7979.patch +++ /dev/null @@ -1,48 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=875a0095f37626a721c7ff57d606a0f95af03913 - -From 875a0095f37626a721c7ff57d606a0f95af03913 Mon Sep 17 00:00:00 2001 -From: Ken Sharp -Date: Wed, 5 Oct 2016 10:10:58 +0100 -Subject: [PATCH] DSC parser - validate parameters - -Bug #697190 ".initialize_dsc_parser doesn't validate the parameter is a dict type before using it." - -Regardless of any security implications, its simply wrong for a PostScript -operator not to validate its parameter(s). - -No differences expected. ---- - psi/zdscpars.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/psi/zdscpars.c b/psi/zdscpars.c -index c05e154..9b4b605 100644 ---- a/psi/zdscpars.c -+++ b/psi/zdscpars.c -@@ -150,11 +150,16 @@ zinitialize_dsc_parser(i_ctx_t *i_ctx_p) - ref local_ref; - int code; - os_ptr const op = osp; -- dict * const pdict = op->value.pdict; -- gs_memory_t * const mem = (gs_memory_t *)dict_memory(pdict); -- dsc_data_t * const data = -- gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init"); -+ dict *pdict; -+ gs_memory_t *mem; -+ dsc_data_t *data; - -+ check_read_type(*op, t_dictionary); -+ -+ pdict = op->value.pdict; -+ mem = (gs_memory_t *)dict_memory(pdict); -+ -+ data = gs_alloc_struct(mem, dsc_data_t, &st_dsc_data_t, "DSC parser init"); - if (!data) - return_error(e_VMerror); - data->document_level = 0; --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch b/gnu/packages/patches/ghostscript-CVE-2016-8602.patch deleted file mode 100644 index aaf20b6c6c..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2016-8602.patch +++ /dev/null @@ -1,47 +0,0 @@ -The following patch was adapted for GNU Ghostscript -by Mark H Weaver based on: - -http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 - -From f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 Mon Sep 17 00:00:00 2001 -From: Chris Liddell -Date: Sat, 8 Oct 2016 16:10:27 +0100 -Subject: [PATCH] Bug 697203: check for sufficient params in .sethalftone5 - -and param types ---- - psi/zht2.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/psi/zht2.c b/psi/zht2.c -index fb4a264..dfa27a4 100644 ---- a/psi/zht2.c -+++ b/psi/zht2.c -@@ -82,14 +82,22 @@ zsethalftone5(i_ctx_t *i_ctx_p) - gs_memory_t *mem; - uint edepth = ref_stack_count(&e_stack); - int npop = 2; -- int dict_enum = dict_first(op); -+ int dict_enum; - ref rvalue[2]; - int cname, colorant_number; - byte * pname; - uint name_size; - int halftonetype, type = 0; - gs_state *pgs = igs; -- int space_index = r_space_index(op - 1); -+ int space_index; -+ -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(e_stackunderflow); -+ check_type(*op, t_dictionary); -+ check_type(*(op - 1), t_dictionary); -+ -+ dict_enum = dict_first(op); -+ space_index = r_space_index(op - 1); - - mem = (gs_memory_t *) idmemory->spaces_indexed[space_index]; - --- -2.9.1 - diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch index db80b6ddec..d38bd593c0 100644 --- a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch +++ b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch @@ -1,15 +1,60 @@ Fix CVE-2017-8291: -https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8291 +https://bugs.ghostscript.com/show_bug.cgi?id=697799 +https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate) +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291 -This patch is adapted from these two Artifex Ghostscript commits by Leo -Famulari : +Patches copied from upstream source repository: -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d;hp=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3;hp=5603e8fc3e59c435318877efe627967ee6baebb8 +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e +https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad + +From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Thu, 27 Apr 2017 13:03:33 +0100 +Subject: [PATCH] Bug 697799: have .eqproc check its parameters + +The Ghostscript custom operator .eqproc was not check the number or type of +the parameters it was given. +--- + psi/zmisc3.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 54b304246..37293ff4b 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top = stack; + ++ if (ref_stack_count(&o_stack) < 2) ++ return_error(gs_error_stackunderflow); ++ if (!r_is_array(op - 1) || !r_is_array(op)) { ++ return_error(gs_error_typecheck); ++ } ++ + make_array(&stack[0].proc1, 0, 1, op - 1); + make_array(&stack[0].proc2, 0, 1, op); + for (;;) { +-- +2.13.0 + +From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Thu, 27 Apr 2017 13:21:31 +0100 +Subject: [PATCH] Bug 697799: have .rsdparams check its parameters + +The Ghostscript internal operator .rsdparams wasn't checking the number or +type of the operands it was being passed. Do so. +--- + psi/zfrsd.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/psi/zfrsd.c b/psi/zfrsd.c -index fb4bce9..2629afa 100644 +index 191107d8a..950588d69 100644 --- a/psi/zfrsd.c +++ b/psi/zfrsd.c @@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p) @@ -24,9 +69,9 @@ index fb4bce9..2629afa 100644 + int code = 0; + + if (ref_stack_count(&o_stack) < 1) -+ return_error(e_stackunderflow); ++ return_error(gs_error_stackunderflow); + if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { -+ return_error(e_typecheck); ++ return_error(gs_error_typecheck); + } make_empty_array(&empty_array, a_readonly); @@ -35,15 +80,15 @@ index fb4bce9..2629afa 100644 + && dict_find_string(op, "Filter", &pFilter) > 0) { if (!r_is_array(pFilter)) { if (!r_has_type(pFilter, t_name)) - return_error(e_typecheck); + return_error(gs_error_typecheck); @@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p) - return_error(e_typecheck); + return_error(gs_error_typecheck); } } - code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); + if (r_has_type(op, t_dictionary)) + code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); - if (code < 0 && code != e_rangecheck) /* out-of-range int is ok, use 0 */ + if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */ return code; - if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0 - ) @@ -54,20 +99,97 @@ index fb4bce9..2629afa 100644 push(1); op[-1] = *pFilter; if (pDecodeParms) +-- +2.13.0 + +From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Wed, 3 May 2017 12:05:45 +0100 +Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc) + +When using the "DELAYBIND" feature, it turns out that .eqproc can be called with +parameters that are not both procedures. In this case, it turns out, the +expectation is for the operator to return 'false', rather than throw an error. +--- + psi/zmisc3.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 54b3042..0d357f1 100644 +index 37293ff4b..3f01d39a3 100644 --- a/psi/zmisc3.c +++ b/psi/zmisc3.c -@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) - ref2_t stack[MAX_DEPTH + 1]; - ref2_t *top = stack; +@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p) + return gs_cliprestore(igs); + } -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(e_stackunderflow); -+ if (!r_is_array(op - 1) || !r_is_array(op)) { -+ return_error(e_typecheck); -+ } ++static inline bool ++eqproc_check_type(ref *r) ++{ ++ return r_has_type(r, t_array) ++ || r_has_type(r, t_mixedarray) ++ || r_has_type(r, t_shortarray) ++ || r_has_type(r, t_oparray); ++} + + /* .eqproc */ + /* + * Test whether two procedures are equal to depth 10. +@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p) + + if (ref_stack_count(&o_stack) < 2) + return_error(gs_error_stackunderflow); +- if (!r_is_array(op - 1) || !r_is_array(op)) { +- return_error(gs_error_typecheck); ++ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { ++ make_false(op - 1); ++ pop(1); ++ return 0; + } + make_array(&stack[0].proc1, 0, 1, op - 1); - make_array(&stack[0].proc2, 0, 1, op); - for (;;) { +-- +2.13.0 + +From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Thu, 11 May 2017 14:07:48 +0100 +Subject: [PATCH] Bug 697892: fix check for op stack underflow. + +In the original fix, I used the wrong method to check for stack underflow, this +is using the correct method. +--- + psi/zfrsd.c | 3 +-- + psi/zmisc3.c | 3 +-- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/psi/zfrsd.c b/psi/zfrsd.c +index 950588d69..9c035b96d 100644 +--- a/psi/zfrsd.c ++++ b/psi/zfrsd.c +@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p) + uint i; + int code = 0; + +- if (ref_stack_count(&o_stack) < 1) +- return_error(gs_error_stackunderflow); ++ check_op(1); + if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { + return_error(gs_error_typecheck); + } +diff --git a/psi/zmisc3.c b/psi/zmisc3.c +index 3f01d39a3..43803b55b 100644 +--- a/psi/zmisc3.c ++++ b/psi/zmisc3.c +@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p) + ref2_t stack[MAX_DEPTH + 1]; + ref2_t *top = stack; + +- if (ref_stack_count(&o_stack) < 2) +- return_error(gs_error_stackunderflow); ++ check_op(2); + if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { + make_false(op - 1); + pop(1); +-- +2.13.0 + diff --git a/gnu/packages/patches/ghostscript-runpath.patch b/gnu/packages/patches/ghostscript-runpath.patch index c7dcfd4529..9f161e45b3 100644 --- a/gnu/packages/patches/ghostscript-runpath.patch +++ b/gnu/packages/patches/ghostscript-runpath.patch @@ -1,17 +1,18 @@ -This patch adds $(libdir) to the RUNPATH of 'gsc' and 'gsx'. - ---- gnu-ghostscript-9.14.0/base/unix-dll.mak 2015-04-05 15:12:45.386957927 +0200 -+++ gnu-ghostscript-9.14.0/base/unix-dll.mak 2015-04-05 15:12:49.222982359 +0200 -@@ -91,11 +91,11 @@ $(GS_SO_MAJOR): $(GS_SO_MAJOR_MINOR) +diff --git a/base/unix-dll.mak b/base/unix-dll.mak +index 9d57a99..36ef1ff 100644 +--- a/base/unix-dll.mak ++++ b/base/unix-dll.mak +@@ -171,11 +171,11 @@ gpdl-so-links-subtarget: $(GPDL_SO) $(UNIX_DLL_MAK) $(MAKEDIRS) # Build the small Ghostscript loaders, with Gtk+ and without - $(GSSOC_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER) + $(GSSOC_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS) $(GLCC) -g -o $(GSSOC_XE) $(PSSRC)dxmainc.c \ - -L$(BINDIR) -l$(GS_SO_BASE) + -L$(BINDIR) -l$(GS_SO_BASE) -Wl,-rpath=$(libdir) - $(GSSOX_XE): $(GS_SO) $(PSSRC)$(SOC_LOADER) + $(GSSOX_XE): gs-so-links-subtarget $(PSSRC)$(SOC_LOADER) $(UNIX_DLL_MAK) $(MAKEDIRS) $(GLCC) -g $(SOC_CFLAGS) -o $(GSSOX_XE) $(PSSRC)$(SOC_LOADER) \ - -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) + -L$(BINDIR) -l$(GS_SO_BASE) $(SOC_LIBS) -Wl,-rpath=$(libdir) - # ------------------------- Recursive make targets ------------------------- # + $(PCLSOC_XE): gpcl6-so-links-subtarget $(PLSRC)$(REALMAIN_SRC).c $(UNIX_DLL_MAK) $(MAKEDIRS) + $(GLCC) -g -o $(PCLSOC_XE) $(PLSRC)$(REALMAIN_SRC).c -L$(BINDIR) -l$(PCL_SO_BASE) -- cgit 1.4.1 From a8fc8c9ef071ccacbc2cfdf42a855b8870b07614 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 8 Jun 2017 00:26:10 +0200 Subject: gnu: gcc: Fix libsanitizer cross-compilation to powerpc-linux-gnu. * gnu/packages/patches/gcc-asan-powerpc-missing-include.patch: New file. * gnu/packages/gcc.scm (gcc-5)[source](patches): Add it. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/gcc.scm | 1 + .../patches/gcc-asan-powerpc-missing-include.patch | 20 ++++++++++++++++++++ 3 files changed, 22 insertions(+) create mode 100644 gnu/packages/patches/gcc-asan-powerpc-missing-include.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 74630eb9fa..2be36d353c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -600,6 +600,7 @@ dist_patch_DATA = \ %D%/packages/patches/gawk-shell.patch \ %D%/packages/patches/gcc-arm-bug-71399.patch \ %D%/packages/patches/gcc-arm-link-spec-fix.patch \ + %D%/packages/patches/gcc-asan-powerpc-missing-include.patch \ %D%/packages/patches/gcc-cross-environment-variables.patch \ %D%/packages/patches/gcc-libvtv-runpath.patch \ %D%/packages/patches/gcc-strmov-store-file-names.patch \ diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index 45b86fcc7e..088857c042 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -382,6 +382,7 @@ Go. It also includes runtime support libraries for these languages.") "0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0")) (patches (search-patches "gcc-arm-bug-71399.patch" "gcc-strmov-store-file-names.patch" + "gcc-asan-powerpc-missing-include.patch" "gcc-5.0-libvtv-runpath.patch" "gcc-5-source-date-epoch-1.patch" "gcc-5-source-date-epoch-2.patch")))))) diff --git a/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch new file mode 100644 index 0000000000..74b10c4a44 --- /dev/null +++ b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch @@ -0,0 +1,20 @@ +Add missing include that triggers a build failure on PowerPC: + + ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc: In function ‘bool __asan::AsanInterceptsSignal(int)’: + ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc:222:20: error: ‘SIGSEGV’ was not declared in this scope + return signum == SIGSEGV && common_flags()->handle_segv; + ^ +From . + +diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc +index c504168..59087b9 100644 +--- a/libsanitizer/asan/asan_linux.cc ++++ b/libsanitizer/asan/asan_linux.cc +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + #include + #include + #include -- cgit 1.4.1 From 202342fdda708d8e4554e0514a58849584eddbd0 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 9 Jun 2017 14:57:41 +0200 Subject: gnu: eudev: Update to 3.2.2. * gnu/packages/linux.scm (eudev): Update to 3.2.2. [source](patches): Remove "eudev-conflicting-declaration.patch". * gnu/packages/patches/eudev-conflicting-declaration.patch: Remove. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/linux.scm | 7 +++-- .../patches/eudev-conflicting-declaration.patch | 31 ---------------------- 3 files changed, 3 insertions(+), 36 deletions(-) delete mode 100644 gnu/packages/patches/eudev-conflicting-declaration.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2be36d353c..d99c4d215b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -570,7 +570,6 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch \ %D%/packages/patches/emacs-source-date-epoch.patch \ %D%/packages/patches/eudev-rules-directory.patch \ - %D%/packages/patches/eudev-conflicting-declaration.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \ %D%/packages/patches/fabric-tests.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index e345c576ee..1a4e25d12a 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -1831,7 +1831,7 @@ from the module-init-tools project.") ;; The post-systemd fork, maintained by Gentoo. (package (name "eudev") - (version "3.2.1") + (version "3.2.2") (source (origin (method url-fetch) (uri (string-append @@ -1839,9 +1839,8 @@ from the module-init-tools project.") version ".tar.gz")) (sha256 (base32 - "06gyyl90n85x8i7lfhns514y1kg1ians13l467admyzy3kjxkqsp")) - (patches (search-patches "eudev-rules-directory.patch" - "eudev-conflicting-declaration.patch")))) + "0qqgbgpm5wdllk0s04pf80nwc8pr93xazwri1bylm1f15zn5ck1y")) + (patches (search-patches "eudev-rules-directory.patch")))) (build-system gnu-build-system) (arguments '(#:phases (modify-phases %standard-phases diff --git a/gnu/packages/patches/eudev-conflicting-declaration.patch b/gnu/packages/patches/eudev-conflicting-declaration.patch deleted file mode 100644 index f5399e20d3..0000000000 --- a/gnu/packages/patches/eudev-conflicting-declaration.patch +++ /dev/null @@ -1,31 +0,0 @@ -Fix build failure due to conflicting declaration of -keyboard_lookup_key() in gperf-3.1: - -https://bugs.gentoo.org/show_bug.cgi?id=604864 - -Patch copied from upstream source repository: - -https://github.com/gentoo/eudev/commit/5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60 - -From 5bab4d8de0dcbb8e2e7d4d5125b4aea1652a0d60 Mon Sep 17 00:00:00 2001 -From: "Anthony G. Basile" -Date: Thu, 5 Jan 2017 16:21:17 -0500 -Subject: [PATCH] src/udev/udev-builtin-keyboard.c: fix build with gperf 3.1 - -Signed-off-by: Anthony G. Basile ---- - src/udev/udev-builtin-keyboard.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/udev/udev-builtin-keyboard.c b/src/udev/udev-builtin-keyboard.c -index 73171c3..fad3520 100644 ---- a/src/udev/udev-builtin-keyboard.c -+++ b/src/udev/udev-builtin-keyboard.c -@@ -28,7 +28,6 @@ - - #include "udev.h" - --static const struct key *keyboard_lookup_key(const char *str, unsigned len); - #include "keyboard-keys-from-name.h" - #include "keyboard-keys-to-name.h" - -- cgit 1.4.1 From 653569e878f39345b05110b998f10db3b520ccfe Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 10 Jun 2017 02:12:15 +0200 Subject: gnu: mesa: Update to 17.1.2. * gnu/packages/patches/mesa-skip-disk-cache-test.patch: Adjust. * gnu/packages/patches/mesa-fix-32bit-test-failures.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove deleted file. * gnu/packages/gl.scm (mesa): Update to 17.1.2. [source]: Remove obsolete patch. [inputs]: Add LIBELF. [native-inputs]: Add WHICH. [arguments]<#:configure-flags>: Adjust deprecated flag. --- gnu/local.mk | 1 - gnu/packages/gl.scm | 14 +++--- .../patches/mesa-fix-32bit-test-failures.patch | 58 ---------------------- .../patches/mesa-skip-disk-cache-test.patch | 7 ++- 4 files changed, 11 insertions(+), 69 deletions(-) delete mode 100644 gnu/packages/patches/mesa-fix-32bit-test-failures.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index ae64f244f0..29919e8b3d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -798,7 +798,6 @@ dist_patch_DATA = \ %D%/packages/patches/mcrypt-CVE-2012-4409.patch \ %D%/packages/patches/mcrypt-CVE-2012-4426.patch \ %D%/packages/patches/mcrypt-CVE-2012-4527.patch \ - %D%/packages/patches/mesa-fix-32bit-test-failures.patch \ %D%/packages/patches/mesa-skip-disk-cache-test.patch \ %D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch \ %D%/packages/patches/metabat-remove-compilation-date.patch \ diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm index 7457809300..edb26247a3 100644 --- a/gnu/packages/gl.scm +++ b/gnu/packages/gl.scm @@ -30,6 +30,7 @@ #:use-module (gnu packages bison) #:use-module (gnu packages compression) #:use-module (gnu packages documentation) + #:use-module (gnu packages elf) #:use-module (gnu packages flex) #:use-module (gnu packages fontutils) #:use-module (gnu packages freedesktop) @@ -217,7 +218,7 @@ also known as DXTn or DXTC) for Mesa.") (define-public mesa (package (name "mesa") - (version "17.0.6") + (version "17.1.2") (source (origin (method url-fetch) @@ -227,10 +228,9 @@ also known as DXTn or DXTC) for Mesa.") version "/mesa-" version ".tar.xz"))) (sha256 (base32 - "17d60jjzg4ddm95gk2cqx0xz6b9anmmz6ax4majwr3gis2yg7v49")) + "0fc2g6cqffr8mh705r60xv9v66saiff8y3alz6qkjqvl8d7q0dq9")) (patches - (search-patches "mesa-fix-32bit-test-failures.patch" - "mesa-wayland-egl-symbols-check-mips.patch" + (search-patches "mesa-wayland-egl-symbols-check-mips.patch" "mesa-skip-disk-cache-test.patch")))) (build-system gnu-build-system) (propagated-inputs @@ -247,6 +247,7 @@ also known as DXTn or DXTC) for Mesa.") `(("expat" ,expat) ("dri2proto" ,dri2proto) ("dri3proto" ,dri3proto) + ("libelf" ,libelf) ;required for r600 when using llvm ("libva" ,(force libva-without-mesa)) ("libxml2" ,libxml2) ;; TODO: Add 'libxml2-python' for OpenGL ES 1.1 and 2.0 support @@ -262,7 +263,8 @@ also known as DXTn or DXTC) for Mesa.") ("wayland" ,wayland))) (native-inputs `(("pkg-config" ,pkg-config) - ("python" ,python-2))) + ("python" ,python-2) + ("which" ,(@ (gnu packages base) which)))) (arguments `(#:configure-flags '(,@(match (%current-system) @@ -294,7 +296,7 @@ also known as DXTn or DXTC) for Mesa.") ,@(match (%current-system) ((or "x86_64-linux" "i686-linux") '("--with-dri-drivers=i915,i965,nouveau,r200,radeon,swrast" - "--enable-gallium-llvm")) ; default is x86/x86_64 only + "--enable-llvm")) ; default is x86/x86_64 only (_ '("--with-dri-drivers=nouveau,r200,radeon,swrast")))) #:phases diff --git a/gnu/packages/patches/mesa-fix-32bit-test-failures.patch b/gnu/packages/patches/mesa-fix-32bit-test-failures.patch deleted file mode 100644 index e21e87cef6..0000000000 --- a/gnu/packages/patches/mesa-fix-32bit-test-failures.patch +++ /dev/null @@ -1,58 +0,0 @@ -Fix a test failure when building for 32 bit architectures: - -http://lists.gnu.org/archive/html/guix-devel/2017-04/msg00381.html - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/mesa/mesa/commit/?id=61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8 - -From 61bbb25a080e48a8ca897ba7f6e73cc6a8e9b5b8 Mon Sep 17 00:00:00 2001 -From: Grazvydas Ignotas -Date: Thu, 9 Mar 2017 02:54:53 +0200 -Subject: [PATCH] util/disk_cache: fix size subtraction on 32bit - -Negating size_t on 32bit produces a 32bit result. This was effectively -adding values close to UINT_MAX to the cache size (the files are usually -small) instead of intended subtraction. -Fixes 'make check' disk_cache failures on 32bit. - -Signed-off-by: Grazvydas Ignotas -Reviewed-by: Timothy Arceri ---- - src/util/disk_cache.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/util/disk_cache.c b/src/util/disk_cache.c -index 5470688df3..facdcecf7c 100644 ---- a/src/util/disk_cache.c -+++ b/src/util/disk_cache.c -@@ -603,7 +603,7 @@ evict_random_item(struct disk_cache *cache) - free(dir_path); - - if (size) { -- p_atomic_add(cache->size, - size); -+ p_atomic_add(cache->size, - (uint64_t)size); - return; - } - -@@ -624,7 +624,7 @@ evict_random_item(struct disk_cache *cache) - free(dir_path); - - if (size) -- p_atomic_add(cache->size, - size); -+ p_atomic_add(cache->size, - (uint64_t)size); - } - - void -#@@ -646,7 +646,7 @@ disk_cache_remove(struct disk_cache *cache, const cache_key key) -# free(filename); -# -# if (sb.st_size) -#- p_atomic_add(cache->size, - sb.st_size); -#+ p_atomic_add(cache->size, - (uint64_t)sb.st_size); -# } -# -# /* From the zlib docs: --- -2.12.2 - diff --git a/gnu/packages/patches/mesa-skip-disk-cache-test.patch b/gnu/packages/patches/mesa-skip-disk-cache-test.patch index 4377110475..b3f9367fd5 100644 --- a/gnu/packages/patches/mesa-skip-disk-cache-test.patch +++ b/gnu/packages/patches/mesa-skip-disk-cache-test.patch @@ -5,16 +5,15 @@ for now. --- a/src/compiler/glsl/tests/cache_test.c +++ b/src/compiler/glsl/tests/cache_test.c -@@ -137,11 +137,6 @@ +@@ -170,11 +170,6 @@ unsetenv("MESA_GLSL_CACHE_DIR"); unsetenv("XDG_CACHE_HOME"); -- cache = disk_cache_create(); +- cache = disk_cache_create("test", "make_check"); - expect_non_null(cache, "disk_cache_create with no environment variables"); - - disk_cache_destroy(cache); - /* Test with XDG_CACHE_HOME set */ setenv("XDG_CACHE_HOME", CACHE_TEST_TMP "/xdg-cache-home", 1); - cache = disk_cache_create(); - + cache = disk_cache_create("test", "make_check"); -- cgit 1.4.1 From 70564e71bd499fe7711c95a7d88451efd92e9c8f Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 11 Jun 2017 19:02:11 +0200 Subject: gnu: fontconfig: Update to 2.12.3. * gnu/packages/fontutils.scm (fontconfig): Update to 2.12.3. [source]: Remove obsolete patches. [native-inputs]: Add GPERF. [arguments]<#:phases>: Remove obsolete 'fix-tests-for-freetype-2.7.1' phase. Add 'regenerate-fcobjshash'. * gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch, gnu/packages/patches/fontconfig-path-max.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 2 - gnu/packages/fontutils.scm | 18 +-- .../fontconfig-charwidth-symbol-conflict.patch | 82 -------------- gnu/packages/patches/fontconfig-path-max.patch | 124 --------------------- 4 files changed, 10 insertions(+), 216 deletions(-) delete mode 100644 gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch delete mode 100644 gnu/packages/patches/fontconfig-path-max.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index b15cb2cf5c..3957e5b3d1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -587,8 +587,6 @@ dist_patch_DATA = \ %D%/packages/patches/flint-ldconfig.patch \ %D%/packages/patches/fltk-shared-lib-defines.patch \ %D%/packages/patches/fltk-xfont-on-demand.patch \ - %D%/packages/patches/fontconfig-charwidth-symbol-conflict.patch \ - %D%/packages/patches/fontconfig-path-max.patch \ %D%/packages/patches/fontforge-svg-modtime.patch \ %D%/packages/patches/freeimage-CVE-2015-0852.patch \ %D%/packages/patches/freeimage-CVE-2016-5684.patch \ diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index c5a69232ca..bd74c4d6aa 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -34,6 +34,7 @@ #:use-module (gnu packages bison) #:use-module (gnu packages flex) #:use-module (gnu packages glib) + #:use-module (gnu packages gperf) #:use-module (gnu packages xorg) #:use-module (gnu packages gtk) #:use-module (gnu packages xml) @@ -225,22 +226,21 @@ fonts to/from the WOFF2 format.") (define-public fontconfig (package (name "fontconfig") - (version "2.12.1") + (version "2.12.3") (source (origin (method url-fetch) (uri (string-append "https://www.freedesktop.org/software/fontconfig/release/fontconfig-" version ".tar.bz2")) - (patches (search-patches "fontconfig-charwidth-symbol-conflict.patch" - "fontconfig-path-max.patch")) (sha256 (base32 - "1wy7svvp7df6bjpg1m5vizb3ngd7rhb20vpclv3x3qa71khs6jdl")))) + "1ggq6jmz3mlzk4xjs615aqw9h3hq33chjn82bhli26kk09kby95x")))) (build-system gnu-build-system) (propagated-inputs `(("expat" ,expat) ("freetype" ,freetype))) (inputs `(("gs-fonts" ,gs-fonts))) (native-inputs - `(("pkg-config" ,pkg-config))) + `(("gperf" ,gperf) ; Try dropping this for > 2.12.3. + ("pkg-config" ,pkg-config))) (arguments `(#:configure-flags (list "--with-cache-dir=/var/cache/fontconfig" @@ -258,10 +258,12 @@ fonts to/from the WOFF2 format.") "PYTHON=false") #:phases (modify-phases %standard-phases - (add-after 'unpack 'fix-tests-for-freetype-2.7.1 + (add-before 'configure 'regenerate-fcobjshash + ;; XXX The pre-generated gperf files are broken. + ;; See . (lambda _ - (substitute* "test/run-test.sh" - (("\\\| sort") "| cut -d' ' -f2 | sort")) + (delete-file "src/fcobjshash.h") + (delete-file "src/fcobjshash.gperf") #t)) (replace 'install (lambda _ diff --git a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch b/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch deleted file mode 100644 index 8ebe33bc6c..0000000000 --- a/gnu/packages/patches/fontconfig-charwidth-symbol-conflict.patch +++ /dev/null @@ -1,82 +0,0 @@ -The first patch is copied from the upstream source repository: - -https://cgit.freedesktop.org/fontconfig/commit/?id=1ab5258f7c2abfafcd63a760ca08bf93591912da - -The second patch is adapted from a message to from the OpenEmbedded mailing list: - -http://lists.openembedded.org/pipermail/openembedded-core/2016-December/130213.html - -From 1ab5258f7c2abfafcd63a760ca08bf93591912da Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Wed, 14 Dec 2016 16:11:05 -0800 -Subject: Avoid conflicts with integer width macros from TS 18661-1:2014 - -glibc 2.25+ has now defined these macros in -https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a - -Create an alias for FC_CHAR_WIDTH for ABI compatibility - -Signed-off-by: Khem Raj - -diff --git a/fontconfig/fontconfig.h b/fontconfig/fontconfig.h -index 5c72b22..070a557 100644 ---- a/fontconfig/fontconfig.h -+++ b/fontconfig/fontconfig.h -@@ -128,7 +128,8 @@ typedef int FcBool; - #define FC_USER_CACHE_FILE ".fonts.cache-" FC_CACHE_VERSION - - /* Adjust outline rasterizer */ --#define FC_CHAR_WIDTH "charwidth" /* Int */ -+#define FC_CHARWIDTH "charwidth" /* Int */ -+#define FC_CHAR_WIDTH FC_CHARWIDTH - #define FC_CHAR_HEIGHT "charheight"/* Int */ - #define FC_MATRIX "matrix" /* FcMatrix */ - -diff --git a/src/fcobjs.h b/src/fcobjs.h -index 1fc4f65..d27864b 100644 ---- a/src/fcobjs.h -+++ b/src/fcobjs.h -@@ -51,7 +51,7 @@ FC_OBJECT (DPI, FcTypeDouble, NULL) - FC_OBJECT (RGBA, FcTypeInteger, NULL) - FC_OBJECT (SCALE, FcTypeDouble, NULL) - FC_OBJECT (MINSPACE, FcTypeBool, NULL) --FC_OBJECT (CHAR_WIDTH, FcTypeInteger, NULL) -+FC_OBJECT (CHARWIDTH, FcTypeInteger, NULL) - FC_OBJECT (CHAR_HEIGHT, FcTypeInteger, NULL) - FC_OBJECT (MATRIX, FcTypeMatrix, NULL) - FC_OBJECT (CHARSET, FcTypeCharSet, FcCompareCharSet) --- -cgit v0.10.2 - -From 20cddc824c6501c2082cac41b162c34cd5fcc530 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Sun, 11 Dec 2016 14:32:00 -0800 -Subject: [PATCH] Avoid conflicts with integer width macros from TS - 18661-1:2014 - -glibc 2.25+ has now defined these macros in -https://sourceware.org/git/?p=glibc.git;a=commit;h=5b17fd0da62bf923cb61d1bb7b08cf2e1f1f9c1a - -Signed-off-by: Khem Raj ---- -Upstream-Status: Submitted - - fontconfig/fontconfig.h | 2 +- - src/fcobjs.h | 2 +- - src/fcobjshash.gperf | 2 +- - src/fcobjshash.h | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -Index: fontconfig-2.12.1/src/fcobjshash.h -=================================================================== ---- fontconfig-2.12.1.orig/src/fcobjshash.h -+++ fontconfig-2.12.1/src/fcobjshash.h -@@ -284,7 +284,7 @@ FcObjectTypeLookup (register const char - {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str43,FC_CHARSET_OBJECT}, - {-1}, - #line 47 "fcobjshash.gperf" -- {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHAR_WIDTH_OBJECT}, -+ {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str45,FC_CHARWIDTH_OBJECT}, - #line 48 "fcobjshash.gperf" - {(int)(long)&((struct FcObjectTypeNamePool_t *)0)->FcObjectTypeNamePool_str46,FC_CHAR_HEIGHT_OBJECT}, - #line 55 "fcobjshash.gperf" diff --git a/gnu/packages/patches/fontconfig-path-max.patch b/gnu/packages/patches/fontconfig-path-max.patch deleted file mode 100644 index e12f60ef00..0000000000 --- a/gnu/packages/patches/fontconfig-path-max.patch +++ /dev/null @@ -1,124 +0,0 @@ -This patch fix the build on GNU/Hurd, due to PATH_MAX isn't defined. - -The patch was adapted from upstream source repository: -'' -Commit: abdb6d658e1a16410dd1c964e365a3ebd5039e7c - ---- - src/fcdefault.c | 34 +++++++++++++++++++++++++++------- - src/fcint.h | 6 ++++++ - src/fcstat.c | 12 +++++++++++- - 3 files changed, 44 insertions(+), 8 deletions(-) - -diff --git a/src/fcdefault.c b/src/fcdefault.c -index 6647a8f..5afd7ec 100644 ---- a/src/fcdefault.c -+++ b/src/fcdefault.c -@@ -148,17 +148,34 @@ retry: - prgname = FcStrdup (""); - #else - # if defined (HAVE_GETEXECNAME) -- const char *p = getexecname (); -+ char *p = FcStrdup(getexecname ()); - # elif defined (HAVE_READLINK) -- char buf[PATH_MAX + 1]; -- int len; -+ size_t size = FC_PATH_MAX; - char *p = NULL; - -- len = readlink ("/proc/self/exe", buf, sizeof (buf) - 1); -- if (len != -1) -+ while (1) - { -- buf[len] = '\0'; -- p = buf; -+ char *buf = malloc (size); -+ ssize_t len; -+ -+ if (!buf) -+ break; -+ -+ len = readlink ("/proc/self/exe", buf, size - 1); -+ if (len < 0) -+ { -+ free (buf); -+ break; -+ } -+ if (len < size - 1) -+ { -+ buf[len] = 0; -+ p = buf; -+ break; -+ } -+ -+ free (buf); -+ size *= 2; - } - # else - char *p = NULL; -@@ -176,6 +193,9 @@ retry: - - if (!prgname) - prgname = FcStrdup (""); -+ -+ if (p) -+ free (p); - #endif - - if (!fc_atomic_ptr_cmpexch (&default_prgname, NULL, prgname)) { -diff --git a/src/fcint.h b/src/fcint.h -index ac911ad..dad34c5 100644 ---- a/src/fcint.h -+++ b/src/fcint.h -@@ -70,6 +70,12 @@ extern pfnSHGetFolderPathA pSHGetFolderPathA; - # define FC_DIR_SEPARATOR_S "/" - #endif - -+#ifdef PATH_MAX -+#define FC_PATH_MAX PATH_MAX -+#else -+#define FC_PATH_MAX 128 -+#endif -+ - #if __GNUC__ >= 4 - #define FC_UNUSED __attribute__((unused)) - #else -diff --git a/src/fcstat.c b/src/fcstat.c -index 1734fa4..f6e1aaa 100644 ---- a/src/fcstat.c -+++ b/src/fcstat.c -@@ -278,8 +278,13 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum) - { - #endif - struct stat statb; -- char f[PATH_MAX + 1]; -+ char *f = malloc (len + 1 + dlen + 1); - -+ if (!f) -+ { -+ ret = -1; -+ goto bail; -+ } - memcpy (f, dir, len); - f[len] = FC_DIR_SEPARATOR; - memcpy (&f[len + 1], files[n]->d_name, dlen); -@@ -287,11 +292,16 @@ FcDirChecksum (const FcChar8 *dir, time_t *checksum) - if (lstat (f, &statb) < 0) - { - ret = -1; -+ free (f); - goto bail; - } - if (S_ISDIR (statb.st_mode)) -+ { -+ free (f); - goto bail; -+ } - -+ free (f); - dtype = statb.st_mode; - #ifdef HAVE_STRUCT_DIRENT_D_TYPE - } --- -2.11.0 - -- cgit 1.4.1 From 76cb906083bf750de6bed513824609b74cdbc5c8 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 14 Jun 2017 10:31:55 -0400 Subject: gnu: perl-net-ssleay: Update to 1.81. * gnu/packages/tls.scm (perl-net-ssleay): Update to 1.81. [native-inputs]: Remove 'perl-net-ssleay-disable-ede-test.patch'. [arguments]: Remove 'apply-patch' phase. * gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/perl-net-ssleay-disable-ede-test.patch | 23 ---------------------- gnu/packages/tls.scm | 17 ++-------------- 3 files changed, 2 insertions(+), 39 deletions(-) delete mode 100644 gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3957e5b3d1..e30fa34efe 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -868,7 +868,6 @@ dist_patch_DATA = \ %D%/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \ %D%/packages/patches/perl-io-socket-ssl-openssl-1.0.2f-fix.patch \ %D%/packages/patches/perl-net-amazon-s3-moose-warning.patch \ - %D%/packages/patches/perl-net-ssleay-disable-ede-test.patch \ %D%/packages/patches/perl-net-dns-resolver-programmable-fix.patch \ %D%/packages/patches/perl-no-sys-dirs.patch \ %D%/packages/patches/perl-module-pluggable-search.patch \ diff --git a/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch b/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch deleted file mode 100644 index 16f136fb54..0000000000 --- a/gnu/packages/patches/perl-net-ssleay-disable-ede-test.patch +++ /dev/null @@ -1,23 +0,0 @@ -Disable a test that fails with openssl-1.0.2b. - ---- Net-SSLeay-1.68/t/local/33_x509_create_cert.t.orig 2014-06-07 02:01:39.000000000 -0400 -+++ Net-SSLeay-1.68/t/local/33_x509_create_cert.t 2015-06-12 03:38:57.620286888 -0400 -@@ -2,7 +2,7 @@ - - use strict; - use warnings; --use Test::More tests => 123; -+use Test::More tests => 122; - use Net::SSLeay qw/MBSTRING_ASC MBSTRING_UTF8 EVP_PK_RSA EVP_PKT_SIGN EVP_PKT_ENC/; - use File::Spec; - use utf8; -@@ -101,7 +101,8 @@ - like(my $key_pem3 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg1), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg"); - - ok(my $alg2 = Net::SSLeay::EVP_get_cipherbyname("DES-EDE3-OFB"), "EVP_get_cipherbyname"); -- like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg"); -+ # This test fails with openssl-1.0.2b -+ #like(my $key_pem4 = Net::SSLeay::PEM_get_string_PrivateKey($pk,"password",$alg2), qr/-----BEGIN (ENCRYPTED|RSA) PRIVATE KEY-----/, "PEM_get_string_PrivateKey+passwd+enc_alg"); - - is(Net::SSLeay::X509_NAME_print_ex($name), "O=Company Name,C=UK,CN=Common name text X509", "X509_NAME_print_ex"); - diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index e36a02a6cc..f3d7177102 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -587,32 +587,19 @@ certificates for free.") (define-public perl-net-ssleay (package (name "perl-net-ssleay") - (version "1.68") + (version "1.81") (source (origin (method url-fetch) (uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/" "Net-SSLeay-" version ".tar.gz")) (sha256 (base32 - "1m2wwzhjwsg0drlhp9w12fl6bsgj69v8gdz72jqrqll3qr7f408p")))) + "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0")))) (build-system perl-build-system) - (native-inputs - `(("patch" ,patch) - ("patch/disable-ede-test" - ,(search-patch "perl-net-ssleay-disable-ede-test.patch")))) (inputs `(("openssl" ,openssl))) (arguments `(#:phases (modify-phases %standard-phases - (add-after - 'unpack 'apply-patch - (lambda* (#:key inputs #:allow-other-keys) - ;; XXX We apply this patch here instead of in the 'origin' because - ;; this package's build system fails badly when the source file - ;; times are zeroed. - ;; XXX Try removing this patch for perl-net-ssleay > 1.68 - (zero? (system* "patch" "--force" "-p1" "-i" - (assoc-ref inputs "patch/disable-ede-test"))))) (add-before 'configure 'set-ssl-prefix (lambda* (#:key inputs #:allow-other-keys) -- cgit 1.4.1 From 14c7790f1ad845b7e1932d6a700a1fb25f110608 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 15 Jun 2017 11:35:17 -0400 Subject: gnu: libtiff: Fix several bugs related to improper codec usage [security fixes]. This commit applies the patch to the libtiff package, not the grafting replacement. * gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/image.scm (libtiff)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/image.scm | 1 + .../patches/libtiff-tiffgetfield-bugs.patch | 201 +++++++++++++++++++++ 3 files changed, 203 insertions(+) create mode 100644 gnu/packages/patches/libtiff-tiffgetfield-bugs.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index e30fa34efe..1d5c98094c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -743,6 +743,7 @@ dist_patch_DATA = \ %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtheora-config-guess.patch \ + %D%/packages/patches/libtiff-tiffgetfield-bugs.patch \ %D%/packages/patches/libtirpc-CVE-2017-8779.patch \ %D%/packages/patches/libtorrent-rasterbar-boost-compat.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index da05c64545..c35a6d3b39 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -341,6 +341,7 @@ extracting icontainer icon files.") (method url-fetch) (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-" version ".tar.gz")) + (patches (search-patches "libtiff-tiffgetfield-bugs.patch")) (sha256 (base32 "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr")))) diff --git a/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch b/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch new file mode 100644 index 0000000000..84566ca23e --- /dev/null +++ b/gnu/packages/patches/libtiff-tiffgetfield-bugs.patch @@ -0,0 +1,201 @@ +Fix several bugs in libtiff related to use of TIFFGetField(): + +http://bugzilla.maptools.org/show_bug.cgi?id=2580 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7554 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5318 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095 + +Patch copied from upstream CVS. 3rd-party Git reference: +https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06 + +2017-06-01 Even Rouault + +* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(), +and use it in TIFFReadDirectory() so as to ignore fields whose tag is a +codec-specified tag but this codec is not enabled. This avoids TIFFGetField() +to behave differently depending on whether the codec is enabled or not, and +thus can avoid stack based buffer overflows in a number of TIFF utilities +such as tiffsplit, tiffcmp, thumbnail, etc. +Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch +(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog. +Fixes: +http://bugzilla.maptools.org/show_bug.cgi?id=2580 +http://bugzilla.maptools.org/show_bug.cgi?id=2693 +http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) +http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) +http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) +http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) +http://bugzilla.maptools.org/show_bug.cgi?id=2441 +http://bugzilla.maptools.org/show_bug.cgi?id=2433 +Index: libtiff/libtiff/tif_dirread.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v +retrieving revision 1.208 +retrieving revision 1.209 +diff -u -r1.208 -r1.209 +--- libtiff/libtiff/tif_dirread.c 27 Apr 2017 15:46:22 -0000 1.208 ++++ libtiff/libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dirread.c,v 1.208 2017-04-27 15:46:22 erouault Exp $ */ ++/* $Id: tif_dirread.c,v 1.209 2017-06-01 12:44:04 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -3580,6 +3580,10 @@ + goto bad; + dp->tdir_tag=IGNORE; + break; ++ default: ++ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) ++ dp->tdir_tag=IGNORE; ++ break; + } + } + } +Index: libtiff/libtiff/tif_dirinfo.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v +retrieving revision 1.126 +retrieving revision 1.127 +diff -u -r1.126 -r1.127 +--- libtiff/libtiff/tif_dirinfo.c 18 Nov 2016 02:52:13 -0000 1.126 ++++ libtiff/libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dirinfo.c,v 1.126 2016-11-18 02:52:13 bfriesen Exp $ */ ++/* $Id: tif_dirinfo.c,v 1.127 2017-06-01 12:44:04 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -956,6 +956,109 @@ + return 0; + } + ++int ++_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag) ++{ ++ /* Filter out non-codec specific tags */ ++ switch (tag) { ++ /* Shared tags */ ++ case TIFFTAG_PREDICTOR: ++ /* JPEG tags */ ++ case TIFFTAG_JPEGTABLES: ++ /* OJPEG tags */ ++ case TIFFTAG_JPEGIFOFFSET: ++ case TIFFTAG_JPEGIFBYTECOUNT: ++ case TIFFTAG_JPEGQTABLES: ++ case TIFFTAG_JPEGDCTABLES: ++ case TIFFTAG_JPEGACTABLES: ++ case TIFFTAG_JPEGPROC: ++ case TIFFTAG_JPEGRESTARTINTERVAL: ++ /* CCITT* */ ++ case TIFFTAG_BADFAXLINES: ++ case TIFFTAG_CLEANFAXDATA: ++ case TIFFTAG_CONSECUTIVEBADFAXLINES: ++ case TIFFTAG_GROUP3OPTIONS: ++ case TIFFTAG_GROUP4OPTIONS: ++ break; ++ default: ++ return 1; ++ } ++ /* Check if codec specific tags are allowed for the current ++ * compression scheme (codec) */ ++ switch (tif->tif_dir.td_compression) { ++ case COMPRESSION_LZW: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_PACKBITS: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_THUNDERSCAN: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_NEXT: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_JPEG: ++ if (tag == TIFFTAG_JPEGTABLES) ++ return 1; ++ break; ++ case COMPRESSION_OJPEG: ++ switch (tag) { ++ case TIFFTAG_JPEGIFOFFSET: ++ case TIFFTAG_JPEGIFBYTECOUNT: ++ case TIFFTAG_JPEGQTABLES: ++ case TIFFTAG_JPEGDCTABLES: ++ case TIFFTAG_JPEGACTABLES: ++ case TIFFTAG_JPEGPROC: ++ case TIFFTAG_JPEGRESTARTINTERVAL: ++ return 1; ++ } ++ break; ++ case COMPRESSION_CCITTRLE: ++ case COMPRESSION_CCITTRLEW: ++ case COMPRESSION_CCITTFAX3: ++ case COMPRESSION_CCITTFAX4: ++ switch (tag) { ++ case TIFFTAG_BADFAXLINES: ++ case TIFFTAG_CLEANFAXDATA: ++ case TIFFTAG_CONSECUTIVEBADFAXLINES: ++ return 1; ++ case TIFFTAG_GROUP3OPTIONS: ++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3) ++ return 1; ++ break; ++ case TIFFTAG_GROUP4OPTIONS: ++ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4) ++ return 1; ++ break; ++ } ++ break; ++ case COMPRESSION_JBIG: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_DEFLATE: ++ case COMPRESSION_ADOBE_DEFLATE: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_PIXARLOG: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ case COMPRESSION_SGILOG: ++ case COMPRESSION_SGILOG24: ++ /* No codec-specific tags */ ++ break; ++ case COMPRESSION_LZMA: ++ if (tag == TIFFTAG_PREDICTOR) ++ return 1; ++ break; ++ ++ } ++ return 0; ++} ++ + /* vim: set ts=8 sts=8 sw=8 noet: */ + + /* +Index: libtiff/libtiff/tif_dir.h +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v +retrieving revision 1.54 +retrieving revision 1.55 +diff -u -r1.54 -r1.55 +--- libtiff/libtiff/tif_dir.h 18 Feb 2011 20:53:05 -0000 1.54 ++++ libtiff/libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55 +@@ -1,4 +1,4 @@ +-/* $Id: tif_dir.h,v 1.54 2011-02-18 20:53:05 fwarmerdam Exp $ */ ++/* $Id: tif_dir.h,v 1.55 2017-06-01 12:44:04 erouault Exp $ */ + + /* + * Copyright (c) 1988-1997 Sam Leffler +@@ -291,6 +291,7 @@ + extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32); + extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType); + extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType); ++extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); + + #if defined(__cplusplus) + } -- cgit 1.4.1 From 05e26d1ecd41bdac5ef531b9f6f5c0c6bfbf3a30 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 18 Jun 2017 02:38:43 -0400 Subject: gnu: expat: Eliminate graft. * gnu/packages/xml.scm (expat): Update to 2.2.1. [source]: Remove patch. [replacement]: Remove field. (expat-2.2.1): Remove variable. * gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../expat-CVE-2016-0718-fix-regression.patch | 35 ---------------------- gnu/packages/xml.scm | 20 ++----------- 3 files changed, 2 insertions(+), 54 deletions(-) delete mode 100644 gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 20351f3cd0..4acc699753 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -571,7 +571,6 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-source-date-epoch.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ - %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \ %D%/packages/patches/fabric-tests.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulSetup.patch \ diff --git a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch b/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch deleted file mode 100644 index b489401fea..0000000000 --- a/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch +++ /dev/null @@ -1,35 +0,0 @@ -Fix regression caused by fix for CVE-2016-0718 when building with -DXML_UNICODE. - -Discussion: - -https://sourceforge.net/p/expat/bugs/539/ - -Patch copied from upstream source repository: - -https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/ - -From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Sun, 17 Jul 2016 20:22:29 +0200 -Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE) - -Thanks to Andy Wang and Karl Waclawek! ---- - expat/lib/xmlparse.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c -index b308e67..0d5dd7b 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser, - &fromPtr, rawNameEnd, - (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1); - convLen = (int)(toPtr - (XML_Char *)tag->buf); -- if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { -+ if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { - tag->name.strLen = convLen; - break; - } --- -2.10.0 diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index a6bea3588f..4ed45508fd 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -55,17 +55,14 @@ (define-public expat (package (name "expat") - (version "2.2.0") - (replacement expat-2.2.1) + (version "2.2.1") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/expat/expat/" version "/expat-" version ".tar.bz2")) - (patches - (search-patches "expat-CVE-2016-0718-fix-regression.patch")) (sha256 (base32 - "1zq4lnwjlw8s9mmachwfvfjf2x3lk24jm41746ykhdcvs7r0zrfr")))) + "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q")))) (build-system gnu-build-system) (home-page "http://www.libexpat.org/") (synopsis "Stream-oriented XML parser library written in C") @@ -75,19 +72,6 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat))) -(define expat-2.2.1 ; Fixes CVE-2017-9233, CVE-2016-9063 and other issues. - (package - (inherit expat) - (version "2.2.1") - (replacement #f) - (source (origin - (method url-fetch) - (uri (string-append "mirror://sourceforge/expat/expat/" - version "/expat-" version ".tar.bz2")) - (sha256 - (base32 - "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q")))))) - (define-public libxml2 (package (name "libxml2") -- cgit 1.4.1 From 92cb946bd9d78cb8f6aa8418d505f52da6894ab4 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 14 Jun 2017 11:42:38 -0400 Subject: gnu: intltool: Fix a compatibility issue with Perl 5.26.0. * gnu/packages/patches/intltool-perl-compatibility.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/glib.scm (intltool)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/glib.scm | 1 + .../patches/intltool-perl-compatibility.patch | 76 ++++++++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 gnu/packages/patches/intltool-perl-compatibility.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 5328a80637..54c099b5e3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -682,6 +682,7 @@ dist_patch_DATA = \ %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ + %D%/packages/patches/intltool-perl-compatibility.patch \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ %D%/packages/patches/jbig2dec-ignore-testtest.patch \ %D%/packages/patches/jbig2dec-CVE-2016-9601.patch \ diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index fcd1daf5e8..926703e159 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -347,6 +347,7 @@ bindings to call into the C library.") (uri (string-append "https://launchpad.net/intltool/trunk/" version "/+download/intltool-" version ".tar.gz")) + (patches (search-patches "intltool-perl-compatibility.patch")) (sha256 (base32 "1karx4sb7bnm2j67q0q74hspkfn6lqprpy5r99vkn5bb36a4viv7")))) diff --git a/gnu/packages/patches/intltool-perl-compatibility.patch b/gnu/packages/patches/intltool-perl-compatibility.patch new file mode 100644 index 0000000000..b895ca7cb9 --- /dev/null +++ b/gnu/packages/patches/intltool-perl-compatibility.patch @@ -0,0 +1,76 @@ +This patch fixes a regex parsing compatibility issue with Perl 5.26.0. +It manifests during the configure phase of at-spi2-core like this: + +------ +Unescaped left brace in regex is illegal here in regex; marked by <-- HERE in m/^(.*)\${ <-- HERE ?([A-Z_]+)}?(.*)$/ at /gnu/store/...-intltool-0.51.0/bin/intltool-update line 1065. +------ + +Copied from Gentoo and MSYS2: + +https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-util/intltool/files/intltool-0.51.0-perl-5.26.patch?id=1105187fc65d8bf643e682fcef39620dcfd9326a +https://github.com/Alexpux/MSYS2-packages/blob/0d3f442553ae4fc8798e32cbf44c4252fa8f3c07/intltool/perl-5.22-compatibility.patch + +#diff -ruN intltool-0.51.0.orig/intltool-update.in intltool-0.51.0/intltool-update.in +#--- intltool-0.51.0.orig/intltool-update.in 2017-06-28 00:47:20.889269294 +0200 +#+++ intltool-0.51.0/intltool-update.in 2017-06-28 00:48:14.592271529 +0200 +#@@ -1068,7 +1068,7 @@ +# my $untouched = $1; +# my $sub = ""; +# # Ignore recursive definitions of variables +#- $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\${?$2}?/; +#+ $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\$\{?$2}?/; +# +# return SubstituteVariable ("$untouched$sub$rest"); +# } +--- intltool-0.51.0.orig/intltool-update.in 2015-03-09 02:39:54.000000000 +0100 ++++ intltool-0.51.0.orig/intltool-update.in 2015-06-19 01:52:07.171228154 +0200 +@@ -1062,7 +1062,7 @@ + } + } + +- if ($str =~ /^(.*)\${?([A-Z_]+)}?(.*)$/) ++ if ($str =~ /^(.*)\$\{?([A-Z_]+)}?(.*)$/) + { + my $rest = $3; + my $untouched = $1; +@@ -1068,7 +1068,7 @@ + my $untouched = $1; + my $sub = ""; + # Ignore recursive definitions of variables +- $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\${?$2}?/; ++ $sub = $varhash{$2} if defined $varhash{$2} and $varhash{$2} !~ /\$\{?$2}?/; + + return SubstituteVariable ("$untouched$sub$rest"); + } +@@ -1190,10 +1190,10 @@ + $name =~ s/\(+$//g; + $version =~ s/\(+$//g; + +- $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/); +- $varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/); +- $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/); +- $varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/); ++ $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/); ++ $varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/); ++ $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/); ++ $varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/); + } + + if ($conf_source =~ /^AC_INIT\(([^,\)]+),([^,\)]+)[,]?([^,\)]+)?/m) +@@ -1219,11 +1219,11 @@ + $version =~ s/\(+$//g; + $bugurl =~ s/\(+$//g if (defined $bugurl); + +- $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\${?AC_PACKAGE_NAME}?/); +- $varhash{"PACKAGE"} = $name if (not $name =~ /\${?PACKAGE}?/); +- $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\${?AC_PACKAGE_VERSION}?/); +- $varhash{"VERSION"} = $version if (not $name =~ /\${?VERSION}?/); +- $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\${?\w+}?/); ++ $varhash{"PACKAGE_NAME"} = $name if (not $name =~ /\$\{?AC_PACKAGE_NAME}?/); ++ $varhash{"PACKAGE"} = $name if (not $name =~ /\$\{?PACKAGE}?/); ++ $varhash{"PACKAGE_VERSION"} = $version if (not $name =~ /\$\{?AC_PACKAGE_VERSION}?/); ++ $varhash{"VERSION"} = $version if (not $name =~ /\$\{?VERSION}?/); ++ $varhash{"PACKAGE_BUGREPORT"} = $bugurl if (defined $bugurl and not $bugurl =~ /\$\{?\w+}?/); + } + + # \s makes this not work, why? -- cgit 1.4.1 From 1abc08a8f48f121cfa5a77394aa71a0441b4eb44 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 29 Jun 2017 04:11:18 -0400 Subject: gnu: shishi: Build with latest libgcrypt. * gnu/packages/patches/shishi-fix-libgcrypt-detection.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/kerberos.scm (shishi)[source]: Use it. [inputs]: Use libgcrypt instead of libgcrypt-1.5. [arguments]: Set 'ac_cv_libgcrypt=yes' in #:configure-flags. * gnu/packages/gnupg.scm (libgcrypt-1.5): Remove variable. --- gnu/local.mk | 1 + gnu/packages/gnupg.scm | 12 -------- gnu/packages/kerberos.scm | 19 +++++++------ .../patches/shishi-fix-libgcrypt-detection.patch | 32 ++++++++++++++++++++++ 4 files changed, 43 insertions(+), 21 deletions(-) create mode 100644 gnu/packages/patches/shishi-fix-libgcrypt-detection.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1d49c1a17f..900df572ad 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -961,6 +961,7 @@ dist_patch_DATA = \ %D%/packages/patches/scotch-test-threading.patch \ %D%/packages/patches/sdl-libx11-1.6.patch \ %D%/packages/patches/seq24-rename-mutex.patch \ + %D%/packages/patches/shishi-fix-libgcrypt-detection.patch \ %D%/packages/patches/slim-session.patch \ %D%/packages/patches/slim-config.patch \ %D%/packages/patches/slim-sigusr1.patch \ diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 8a1ea37b5a..566d6e1bd3 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -115,18 +115,6 @@ generation.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgcrypt"))))) -(define-public libgcrypt-1.5 - (package (inherit libgcrypt) - (version "1.5.6") - (source - (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" - version ".tar.bz2")) - (sha256 - (base32 - "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))) - (define-public libassuan (package (name "libassuan") diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index e40ddb2bb2..24583d82ea 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -24,8 +24,10 @@ (define-module (gnu packages kerberos) #:use-module (gnu packages) + #:use-module (gnu packages autotools) #:use-module (gnu packages bison) #:use-module (gnu packages perl) + #:use-module (gnu packages gettext) #:use-module (gnu packages gnupg) #:use-module (gnu packages libidn) #:use-module (gnu packages linux) @@ -33,6 +35,7 @@ #:use-module (gnu packages compression) #:use-module (gnu packages databases) #:use-module (gnu packages readline) + #:use-module (gnu packages texinfo) #:use-module (gnu packages tls) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) @@ -98,25 +101,23 @@ cryptography.") (method url-fetch) (uri (string-append "mirror://gnu/shishi/shishi-" version ".tar.gz")) + (patches (search-patches "shishi-fix-libgcrypt-detection.patch")) (sha256 (base32 "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d")))) (build-system gnu-build-system) + (arguments + '(;; This is required since we patch some of the build scripts. + ;; Remove for the next Shishi release after 1.0.2 or when + ;; removing 'shishi-fix-libgcrypt-detection.patch'. + #:configure-flags '("ac_cv_libgcrypt=yes"))) (native-inputs `(("pkg-config" ,pkg-config))) (inputs `(("gnutls" ,gnutls) ("libidn" ,libidn) ("linux-pam" ,linux-pam-1.2) ("zlib" ,zlib) - ;; libgcrypt 1.6 fails because of the following test: - ;; #include - ;; /* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c - ;; will fail on startup if we don't have 1.4.4 or later, so - ;; test for it early. */ - ;; #if !defined GCRY_MODULE_ID_USER - ;; error too old libgcrypt - ;; #endif - ("libgcrypt" ,libgcrypt-1.5) + ("libgcrypt" ,libgcrypt) ("libtasn1" ,libtasn1))) (home-page "https://www.gnu.org/software/shishi/") (synopsis "Implementation of the Kerberos 5 network security system") diff --git a/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch b/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch new file mode 100644 index 0000000000..3db42feac9 --- /dev/null +++ b/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch @@ -0,0 +1,32 @@ +Fix building of Shishi with libgcrypt 1.6 and later. + +Patch copied from Debian: + +https://anonscm.debian.org/cgit/collab-maint/shishi.git/tree/debian/patches/fix_gcrypt_detection.diff?id=948301ae648a542a408da250755aeed58a6e3542 + +Description: Fix autoconf gnutls detection to also accept gcrypt 1.6. +Author: Andreas Metzler +Bug-Debian: http://bugs.debian.org/753150 +Origin: vendor +Forwarded: no +Last-Update: 2014-07-18 + +--- shishi-1.0.2.orig/gl/m4/gc.m4 ++++ shishi-1.0.2/gl/m4/gc.m4 +@@ -12,10 +12,12 @@ AC_DEFUN([gl_GC], + if test "$libgcrypt" != no; then + AC_LIB_HAVE_LINKFLAGS([gcrypt], [gpg-error], [ + #include +-/* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c +- will fail on startup if we don't have 1.4.4 or later, so +- test for it early. */ +-#if !defined GCRY_MODULE_ID_USER ++/* gc-libgcrypt.c will fail on startup if we don't have libgcrypt 1.4.4 or ++ later, test for it early. by checking for either ++ - GCRY_MODULE_ID_USER which was added in 1.4.4 and dropped in 1.6 or ++ - GCRYPT_VERSION_NUMBER which was added in 1.6. ++ */ ++#if !defined GCRY_MODULE_ID_USER && !defined GCRYPT_VERSION_NUMBER + error too old libgcrypt + #endif + ]) -- cgit 1.4.1 From 7f0980839e4d9d3c7e06301bcbb2eb292bd7dbee Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 7 Jul 2017 16:34:10 +0200 Subject: gnu: wget: Fix compilation with Perl 5.26; skip faulty tests. * gnu/packages/wget.scm (wget)[arguments]: New field. [source](patches): Add "wget-perl-5.26.patch". * gnu/packages/patches/wget-perl-5.26.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/patches/wget-perl-5.26.patch | 96 +++++++++++++++++++++++++++++++ gnu/packages/wget.scm | 16 +++++- 3 files changed, 111 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/wget-perl-5.26.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 900df572ad..23b8f449a1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1028,6 +1028,7 @@ dist_patch_DATA = \ %D%/packages/patches/weechat-python.patch \ %D%/packages/patches/wget-CVE-2017-6508.patch \ %D%/packages/patches/wget-fix-504-test-timeout.patch \ + %D%/packages/patches/wget-perl-5.26.patch \ %D%/packages/patches/wicd-bitrate-none-fix.patch \ %D%/packages/patches/wicd-get-selected-profile-fix.patch \ %D%/packages/patches/wicd-urwid-1.3.patch \ diff --git a/gnu/packages/patches/wget-perl-5.26.patch b/gnu/packages/patches/wget-perl-5.26.patch new file mode 100644 index 0000000000..ee3a984daa --- /dev/null +++ b/gnu/packages/patches/wget-perl-5.26.patch @@ -0,0 +1,96 @@ +This upstream commit adjusts tests for Perl 5.26. + +commit 7ffe93cabb181f39ad5091c31ab9f61bd940a55f +Author: Anton Yuzhaninov +Date: Wed Apr 5 19:06:42 2017 +0300 + + Fix perl warnings in tests + + * tests/FTPServer.pm: Escape '{' in RE to fix warnings + * tests/FTPTest.pm: Likewise + * tests/HTTPServer.pm: Likewise + * tests/HTTPTest.pm: Likewise + * tests/Test-proxied-https-auth-keepalive.px: Likewise + * tests/Test-proxied-https-auth.px: Likewise + Escape '{' in RE to fix warnings: + Unescaped left brace in regex is deprecated, passed through in regex; + marked by <-- HERE in m/{{ <-- HERE port}}/ + +diff --git a/tests/FTPServer.pm b/tests/FTPServer.pm +index a5185d66..cac80942 100644 +--- a/tests/FTPServer.pm ++++ b/tests/FTPServer.pm +@@ -589,7 +589,7 @@ sub new + foreach my $file (keys %{$self->{_input}}) + { + my $ref = \$self->{_input}{$file}{content}; +- $$ref =~ s/{{port}}/$self->sockport/eg; ++ $$ref =~ s/\Q{{port}}/$self->sockport/eg; + } + + return $self; +diff --git a/tests/FTPTest.pm b/tests/FTPTest.pm +index 50385ad0..0a1c768c 100644 +--- a/tests/FTPTest.pm ++++ b/tests/FTPTest.pm +@@ -53,7 +53,7 @@ sub _substitute_port + { + my $self = shift; + my $ret = shift; +- $ret =~ s/{{port}}/$self->{_server}->sockport/eg; ++ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg; + return $ret; + } + +diff --git a/tests/HTTPServer.pm b/tests/HTTPServer.pm +index dd8ec043..78609f65 100644 +--- a/tests/HTTPServer.pm ++++ b/tests/HTTPServer.pm +@@ -310,7 +310,7 @@ sub _substitute_port + { + my $self = shift; + my $ret = shift; +- $ret =~ s/{{port}}/$self->sockport/eg; ++ $ret =~ s/\Q{{port}}/$self->sockport/eg; + return $ret; + } + +diff --git a/tests/HTTPTest.pm b/tests/HTTPTest.pm +index 00f079f8..6225c7f1 100644 +--- a/tests/HTTPTest.pm ++++ b/tests/HTTPTest.pm +@@ -47,7 +47,7 @@ sub _substitute_port + { + my $self = shift; + my $ret = shift; +- $ret =~ s/{{port}}/$self->{_server}->sockport/eg; ++ $ret =~ s/\Q{{port}}/$self->{_server}->sockport/eg; + return $ret; + } + +diff --git a/tests/Test-proxied-https-auth-keepalive.px b/tests/Test-proxied-https-auth-keepalive.px +index 049bebec..2a18ccfd 100755 +--- a/tests/Test-proxied-https-auth-keepalive.px ++++ b/tests/Test-proxied-https-auth-keepalive.px +@@ -153,7 +153,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee" + . " --password=Dodgson -e https_proxy=localhost:{{port}}" + . " --no-check-certificate" + . " https://no.such.domain/needs-auth.txt"; +-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e; ++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e; + + if (defined $srcdir) { + $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl'; +diff --git a/tests/Test-proxied-https-auth.px b/tests/Test-proxied-https-auth.px +index ce4e736c..878114e7 100755 +--- a/tests/Test-proxied-https-auth.px ++++ b/tests/Test-proxied-https-auth.px +@@ -152,7 +152,7 @@ my $cmdline = $WgetTest::WGETPATH . " --user=fiddle-dee-dee" + . " --password=Dodgson -e https_proxy=localhost:{{port}}" + . " --no-check-certificate" + . " https://no.such.domain/needs-auth.txt"; +-$cmdline =~ s/{{port}}/$SOCKET->sockport()/e; ++$cmdline =~ s/\Q{{port}}/$SOCKET->sockport()/e; + + if (defined $srcdir) { + $VALGRIND_SUPP_FILE = $srcdir . '/valgrind-suppressions-ssl'; diff --git a/gnu/packages/wget.scm b/gnu/packages/wget.scm index a73c68004d..58a1a4b885 100644 --- a/gnu/packages/wget.scm +++ b/gnu/packages/wget.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012 Nikita Karetnikov -;;; Copyright © 2014, 2015 Ludovic Courtès +;;; Copyright © 2014, 2015, 2017 Ludovic Courtès ;;; Copyright © 2016, 2017 Efraim Flashner ;;; ;;; This file is part of GNU Guix. @@ -41,11 +41,23 @@ (uri (string-append "mirror://gnu/wget/wget-" version ".tar.xz")) (patches (search-patches "wget-CVE-2017-6508.patch" - "wget-fix-504-test-timeout.patch")) + "wget-fix-504-test-timeout.patch" + "wget-perl-5.26.patch")) (sha256 (base32 "1ljcfhbkdsd0zjfm520rbl1ai62fc34i7c45sfj244l8f6b0p58c")))) (build-system gnu-build-system) + (arguments + '(#:phases (modify-phases %standard-phases + (add-before 'check 'disable-https-tests + (lambda _ + ;; XXX: Skip TLS tests, which fail with "The + ;; certificate's owner does not match hostname" for + ;; obscure reasons reported at: + ;; . + (substitute* "testenv/Makefile" + (("SSL_TESTS=1") "")) + #t))))) (inputs `(("gnutls" ,gnutls) ("libidn2" ,libidn2) -- cgit 1.4.1 From 9146543f8dce997c194aea93bf4c7a7a4144c8c9 Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Thu, 6 Jul 2017 03:47:08 +0200 Subject: gnu: groff: Remove timestamps. Fixes . * gnu/packages/patches/groff-source-date-epoch.patch: New file. * gnu/local.mk: Add it. * gnu/packages/groff.scm (groff)[source]: Add it. --- gnu/local.mk | 1 + gnu/packages/groff.scm | 3 +- gnu/packages/patches/groff-source-date-epoch.patch | 299 +++++++++++++++++++++ 3 files changed, 302 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/groff-source-date-epoch.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 23b8f449a1..0fe6cdc391 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -645,6 +645,7 @@ dist_patch_DATA = \ %D%/packages/patches/graphite2-ffloat-store.patch \ %D%/packages/patches/grep-gnulib-lock.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ + %D%/packages/patches/groff-source-date-epoch.patch \ %D%/packages/patches/gsl-test-i686.patch \ %D%/packages/patches/gspell-dash-test.patch \ %D%/packages/patches/guile-1.8-cpp-4.5.patch \ diff --git a/gnu/packages/groff.scm b/gnu/packages/groff.scm index d7f45d4fc7..67dd1dbfa6 100644 --- a/gnu/packages/groff.scm +++ b/gnu/packages/groff.scm @@ -40,7 +40,8 @@ (uri (string-append "mirror://gnu/groff/groff-" version ".tar.gz")) (sha256 (base32 - "1998v2kcs288d3y7kfxpvl369nqi06zbbvjzafyvyl3pr7bajj1s")))) + "1998v2kcs288d3y7kfxpvl369nqi06zbbvjzafyvyl3pr7bajj1s")) + (patches (search-patches "groff-source-date-epoch.patch")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;12MiB of PS, PDF, HTML, and examples diff --git a/gnu/packages/patches/groff-source-date-epoch.patch b/gnu/packages/patches/groff-source-date-epoch.patch new file mode 100644 index 0000000000..53c590b049 --- /dev/null +++ b/gnu/packages/patches/groff-source-date-epoch.patch @@ -0,0 +1,299 @@ +Adds support for the environment variable SOURCE_DATE_EPOCH. + +See: https://sources.debian.net/patches/groff/1.22.3-9/source-date-epoch.patch/ + +From abc23bc9245e18468817f2838361c3a08f7521e2 Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Thu, 5 Nov 2015 11:47:34 +0000 +Subject: Implement `SOURCE_DATE_EPOCH' for reproducible builds. + +Author: Colin Watson +Forwarded: yes +Last-Update: 2015-11-05 + +Patch-Name: source-date-epoch.patch +--- + doc/groff.texinfo | 6 +++++ + src/devices/grohtml/grohtml.man | 7 ++++++ + src/devices/grohtml/post-html.cpp | 5 ++-- + src/devices/gropdf/gropdf.man | 7 ++++++ + src/devices/gropdf/gropdf.pl | 3 ++- + src/devices/grops/grops.man | 7 ++++++ + src/devices/grops/ps.cpp | 3 ++- + src/include/curtime.h | 23 ++++++++++++++++++ + src/libs/libgroff/Makefile.sub | 2 ++ + src/libs/libgroff/curtime.cpp | 51 +++++++++++++++++++++++++++++++++++++++ + src/roff/troff/input.cpp | 3 ++- + 11 files changed, 112 insertions(+), 5 deletions(-) + create mode 100644 src/include/curtime.h + create mode 100644 src/libs/libgroff/curtime.cpp + +diff --git a/doc/groff.texinfo b/doc/groff.texinfo +index 066b5274..1d3c7a9f 100644 +--- a/doc/groff.texinfo ++++ b/doc/groff.texinfo +@@ -1453,6 +1453,12 @@ default directory (on Unix and GNU/Linux systems, this is usually + @item GROFF_TYPESETTER + @tindex GROFF_TYPESETTER@r{, environment variable} + The default output device. ++ ++@item SOURCE_DATE_EPOCH ++@tindex SOURCE_DATE_EPOCH@r{, environment variable} ++A timestamp (expressed as seconds since the Unix epoch) to use in place of ++the current time when initializing time-based built-in registers such as ++@code{\n[seconds]}. + @end table + + Note that MS-DOS and MS-Windows ports of @code{groff} use semi-colons, +diff --git a/src/devices/grohtml/grohtml.man b/src/devices/grohtml/grohtml.man +index 51eae224..4be4abbc 100644 +--- a/src/devices/grohtml/grohtml.man ++++ b/src/devices/grohtml/grohtml.man +@@ -419,6 +419,13 @@ and + for more details. + . + . ++.TP ++.SM ++.B SOURCE_DATE_EPOCH ++A timestamp (expressed as seconds since the Unix epoch) to use as the ++creation timestamp in place of the current time. ++. ++. + .\" -------------------------------------------------------------------- + .SH BUGS + .\" -------------------------------------------------------------------- +diff --git a/src/devices/grohtml/post-html.cpp b/src/devices/grohtml/post-html.cpp +index fefbf014..b5fc5167 100644 +--- a/src/devices/grohtml/post-html.cpp ++++ b/src/devices/grohtml/post-html.cpp +@@ -28,6 +28,7 @@ along with this program. If not, see . */ + #include "html.h" + #include "html-text.h" + #include "html-table.h" ++#include "curtime.h" + + #include + +@@ -5013,7 +5014,7 @@ void html_printer::do_file_components (void) + .put_string(Version_string) + .end_comment(); + +- t = time(0); ++ t = current_time(); + html.begin_comment("CreationDate: ") + .put_string(ctime(&t), strlen(ctime(&t))-1) + .end_comment(); +@@ -5126,7 +5127,7 @@ html_printer::~html_printer() + .put_string(Version_string) + .end_comment(); + +- t = time(0); ++ t = current_time(); + html.begin_comment("CreationDate: ") + .put_string(ctime(&t), strlen(ctime(&t))-1) + .end_comment(); +diff --git a/src/devices/gropdf/gropdf.man b/src/devices/gropdf/gropdf.man +index 3bbace6a..cc0c82f1 100644 +--- a/src/devices/gropdf/gropdf.man ++++ b/src/devices/gropdf/gropdf.man +@@ -1029,6 +1029,13 @@ and + for more details. + . + . ++.TP ++.SM ++.B SOURCE_DATE_EPOCH ++A timestamp (expressed as seconds since the Unix epoch) to use as the ++creation timestamp in place of the current time. ++. ++. + .\" -------------------------------------------------------------------- + .SH FILES + .\" -------------------------------------------------------------------- +diff --git a/src/devices/gropdf/gropdf.pl b/src/devices/gropdf/gropdf.pl +index 035d1238..c25c4c67 100644 +--- a/src/devices/gropdf/gropdf.pl ++++ b/src/devices/gropdf/gropdf.pl +@@ -239,13 +239,14 @@ elsif (exists($ppsz{$papersz})) + @defaultmb=@mediabox=(0,0,$ppsz{$papersz}->[0],$ppsz{$papersz}->[1]); + } + +-my (@dt)=localtime(time); ++my (@dt)=localtime($ENV{SOURCE_DATE_EPOCH} || time); + my $dt=PDFDate(\@dt); + + my %info=('Creator' => "(groff version $cfg{GROFF_VERSION})", + 'Producer' => "(gropdf version $cfg{GROFF_VERSION})", + 'ModDate' => "($dt)", + 'CreationDate' => "($dt)"); ++ + while (<>) + { + chomp; +diff --git a/src/devices/grops/grops.man b/src/devices/grops/grops.man +index 99fb7486..272c2d18 100644 +--- a/src/devices/grops/grops.man ++++ b/src/devices/grops/grops.man +@@ -1419,6 +1419,13 @@ and + for more details. + . + . ++.TP ++.SM ++.B SOURCE_DATE_EPOCH ++A timestamp (expressed as seconds since the Unix epoch) to use as the ++creation timestamp in place of the current time. ++. ++. + .\" -------------------------------------------------------------------- + .SH FILES + .\" -------------------------------------------------------------------- +diff --git a/src/devices/grops/ps.cpp b/src/devices/grops/ps.cpp +index 745a503b..03e65372 100644 +--- a/src/devices/grops/ps.cpp ++++ b/src/devices/grops/ps.cpp +@@ -28,6 +28,7 @@ along with this program. If not, see . */ + #include "cset.h" + #include "nonposix.h" + #include "paper.h" ++#include "curtime.h" + + #include "ps.h" + #include +@@ -1390,7 +1391,7 @@ ps_printer::~ps_printer() + #else + time_t + #endif +- t = time(0); ++ t = current_time(); + fputs(ctime(&t), out.get_file()); + } + for (font_pointer_list *f = font_list; f; f = f->next) { +diff --git a/src/include/curtime.h b/src/include/curtime.h +new file mode 100644 +index 00000000..a4105196 +--- /dev/null ++++ b/src/include/curtime.h +@@ -0,0 +1,23 @@ ++/* Copyright (C) 2015 Free Software Foundation, Inc. ++ ++This file is part of groff. ++ ++groff is free software; you can redistribute it and/or modify it under ++the terms of the GNU General Public License as published by the Free ++Software Foundation, either version 2 of the License, or ++(at your option) any later version. ++ ++groff is distributed in the hope that it will be useful, but WITHOUT ANY ++WARRANTY; without even the implied warranty of MERCHANTABILITY or ++FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++for more details. ++ ++The GNU General Public License version 2 (GPL2) is available in the ++internet at . */ ++ ++#ifdef LONG_FOR_TIME_T ++long ++#else ++time_t ++#endif ++current_time(); +diff --git a/src/libs/libgroff/Makefile.sub b/src/libs/libgroff/Makefile.sub +index 840d9934..4cb4937a 100644 +--- a/src/libs/libgroff/Makefile.sub ++++ b/src/libs/libgroff/Makefile.sub +@@ -32,6 +32,7 @@ OBJS=\ + cmap.$(OBJEXT) \ + color.$(OBJEXT) \ + cset.$(OBJEXT) \ ++ curtime.$(OBJEXT) \ + device.$(OBJEXT) \ + errarg.$(OBJEXT) \ + error.$(OBJEXT) \ +@@ -82,6 +83,7 @@ CCSRCS=\ + $(srcdir)/cmap.cpp \ + $(srcdir)/color.cpp \ + $(srcdir)/cset.cpp \ ++ $(srcdir)/curtime.cpp \ + $(srcdir)/device.cpp \ + $(srcdir)/errarg.cpp \ + $(srcdir)/error.cpp \ +diff --git a/src/libs/libgroff/curtime.cpp b/src/libs/libgroff/curtime.cpp +new file mode 100644 +index 00000000..00821b7f +--- /dev/null ++++ b/src/libs/libgroff/curtime.cpp +@@ -0,0 +1,51 @@ ++/* Copyright (C) 2015 Free Software Foundation, Inc. ++ ++This file is part of groff. ++ ++groff is free software; you can redistribute it and/or modify it under ++the terms of the GNU General Public License as published by the Free ++Software Foundation, either version 2 of the License, or ++(at your option) any later version. ++ ++groff is distributed in the hope that it will be useful, but WITHOUT ANY ++WARRANTY; without even the implied warranty of MERCHANTABILITY or ++FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++for more details. ++ ++The GNU General Public License version 2 (GPL2) is available in the ++internet at . */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++#include "errarg.h" ++#include "error.h" ++ ++#ifdef LONG_FOR_TIME_T ++long ++#else ++time_t ++#endif ++current_time() ++{ ++ char *source_date_epoch = getenv("SOURCE_DATE_EPOCH"); ++ ++ if (source_date_epoch) { ++ errno = 0; ++ char *endptr; ++ long epoch = strtol(source_date_epoch, &endptr, 10); ++ ++ if ((errno == ERANGE && (epoch == LONG_MAX || epoch == LONG_MIN)) || ++ (errno != 0 && epoch == 0)) ++ fatal("$SOURCE_DATE_EPOCH: strtol: %1", strerror(errno)); ++ if (endptr == source_date_epoch) ++ fatal("$SOURCE_DATE_EPOCH: no digits found: %1", endptr); ++ if (*endptr != '\0') ++ fatal("$SOURCE_DATE_EPOCH: trailing garbage: %1", endptr); ++ return epoch; ++ } else ++ return time(0); ++} +diff --git a/src/roff/troff/input.cpp b/src/roff/troff/input.cpp +index 9594f074..f7d2c18a 100644 +--- a/src/roff/troff/input.cpp ++++ b/src/roff/troff/input.cpp +@@ -36,6 +36,7 @@ along with this program. If not, see . */ + #include "input.h" + #include "defs.h" + #include "unicode.h" ++#include "curtime.h" + + // Needed for getpid() and isatty() + #include "posix.h" +@@ -8138,7 +8139,7 @@ static void init_registers() + #else /* not LONG_FOR_TIME_T */ + time_t + #endif /* not LONG_FOR_TIME_T */ +- t = time(0); ++ t = current_time(); + // Use struct here to work around misfeature in old versions of g++. + struct tm *tt = localtime(&t); + set_number_reg("seconds", int(tt->tm_sec)); -- cgit 1.4.1 From 5c549f2eacae292b2349726d2f8f1de2d676cbd1 Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Mon, 10 Jul 2017 00:05:21 +0200 Subject: gnu: ghostscript: Make "/ID" optional, depending on environment variable. * gnu/packages/patches/ghostscript-no-header-id.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it * gnu/packages/ghostscript.scm (ghostscript): Use it. --- gnu/local.mk | 1 + gnu/packages/ghostscript.scm | 9 +++- .../patches/ghostscript-no-header-id.patch | 57 ++++++++++++++++++++++ 3 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/ghostscript-no-header-id.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0fe6cdc391..8cbded44ee 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -619,6 +619,7 @@ dist_patch_DATA = \ %D%/packages/patches/gettext-gnulib-multi-core.patch \ %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \ %D%/packages/patches/ghostscript-CVE-2017-8291.patch \ + %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index b9ba1c081a..af565f3e3a 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -143,7 +143,8 @@ printing, and psresize, for adjusting page sizes.") (base32 "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b")) (patches (search-patches "ghostscript-runpath.patch" - "ghostscript-CVE-2017-8291.patch")) + "ghostscript-CVE-2017-8291.patch" + "ghostscript-no-header-id.patch")) (modules '((guix build utils))) (snippet ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so @@ -155,7 +156,11 @@ printing, and psresize, for adjusting page sizes.") "tiff" "zlib")) ;; Get rid of timestamps (remove /CreationDate and /ModDate). (substitute* "devices/vector/gdevpdf.c" - ((", but we do the same") "*/ if (0) /*")))))) + ((", but we do the same") + (string-append "*/ " + "if (!getenv(\"GS_GENERATE_UUIDS\") || " + "(strcmp(getenv(\"GS_GENERATE_UUIDS\"), \"0\") != 0 && " + "strcmp(getenv(\"GS_GENERATE_UUIDS\"), \"no\") != 0)) /*"))))))) (build-system gnu-build-system) (outputs '("out" "doc")) ;19 MiB of HTML/PS doc + examples (arguments diff --git a/gnu/packages/patches/ghostscript-no-header-id.patch b/gnu/packages/patches/ghostscript-no-header-id.patch new file mode 100644 index 0000000000..19b71aadb5 --- /dev/null +++ b/gnu/packages/patches/ghostscript-no-header-id.patch @@ -0,0 +1,57 @@ +This patch makes the "/ID" field optional. + +If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will +not write out the "/ID" field (if that's permissible). + +Upstream does not want to do this. + +See: https://bugs.ghostscript.com/show_bug.cgi?id=698208 +diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c +--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c 2017-07-09 23:30:28.960479189 +0200 ++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c 2017-07-09 23:34:34.306524488 +0200 +@@ -1580,8 +1580,11 @@ + * +1 for the linearisation dict and +1 for the primary hint stream. + */ + linear_params->FirsttrailerOffset = gp_ftell_64(linear_params->Lin_File.file); +- gs_sprintf(LDict, "\ntrailer\n<>\nstartxref\r\n0\n%%%%EOF\n \n", +- linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, 0); ++ gs_sprintf(LDict, "\ntrailer\n<LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */ ++ gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID); ++ gs_sprintf(LDict, "/Prev %d>>\nstartxref\r\n0\n%%%%EOF\n \n", 0); + fwrite(LDict, strlen(LDict), 1, linear_params->Lin_File.file); + + /* Write document catalog (Part 4) */ +@@ -2102,8 +2105,11 @@ + * in the missing values. + */ + code = gp_fseek_64(linear_params->sfile, linear_params->FirsttrailerOffset, SEEK_SET); +- gs_sprintf(LDict, "\ntrailer\n<>\nstartxref\r\n0\n%%%%EOF\n", +- linear_params->LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber, fileID, fileID, mainxref); ++ gs_sprintf(LDict, "\ntrailer\n<LastResource + 3, pdev->ResourceUsage[linear_params->Info_id].NewObjectNumber, pdev->ResourceUsage[linear_params->Catalog_id].NewObjectNumber); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) /* ID is mandatory when encrypting */ ++ gs_sprintf(LDict, "/ID[%s%s]", fileID, fileID); ++ gs_sprintf(LDict, "/Prev %"PRId64">>\nstartxref\r\n0\n%%%%EOF\n", mainxref); + fwrite(LDict, strlen(LDict), 1, linear_params->sfile); + + code = gp_fseek_64(linear_params->sfile, pdev->ResourceUsage[HintStreamObj].LinearisedOffset, SEEK_SET); +@@ -2674,10 +2680,12 @@ + stream_puts(s, "trailer\n"); + pprintld3(s, "<< /Size %ld /Root %ld 0 R /Info %ld 0 R\n", + pdev->next_id, Catalog_id, Info_id); +- stream_puts(s, "/ID ["); +- psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); +- psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); +- stream_puts(s, "]\n"); ++ if (pdev->OwnerPassword.size > 0 || !(!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0))) { /* ID is mandatory when encrypting */ ++ stream_puts(s, "/ID ["); ++ psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); ++ psdf_write_string(pdev->strm, pdev->fileID, sizeof(pdev->fileID), 0); ++ stream_puts(s, "]\n"); ++ } + if (pdev->OwnerPassword.size > 0) { + pprintld1(s, "/Encrypt %ld 0 R ", Encrypt_id); + } +Nur in gnu-ghostscript-9.14.0/devices/vector: gdevpdf.c.orig. -- cgit 1.4.1 From 63eb4a2a91af8d0a3801bb542f73fd21ecfc9a9e Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Mon, 10 Jul 2017 01:24:50 +0200 Subject: gnu: ghostscript: Make XMP UUID headers optional, depending on environment variable. * gnu/packages/patches/ghostscript-no-header-uuid.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ghostscript.scm (ghostscript): Use it. --- gnu/local.mk | 1 + gnu/packages/ghostscript.scm | 3 +- .../patches/ghostscript-no-header-uuid.patch | 50 ++++++++++++++++++++++ 3 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/ghostscript-no-header-uuid.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 8cbded44ee..9cf4648aa3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -620,6 +620,7 @@ dist_patch_DATA = \ %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \ %D%/packages/patches/ghostscript-CVE-2017-8291.patch \ %D%/packages/patches/ghostscript-no-header-id.patch \ + %D%/packages/patches/ghostscript-no-header-uuid.patch \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index af565f3e3a..3a84db3e44 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -144,7 +144,8 @@ printing, and psresize, for adjusting page sizes.") "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b")) (patches (search-patches "ghostscript-runpath.patch" "ghostscript-CVE-2017-8291.patch" - "ghostscript-no-header-id.patch")) + "ghostscript-no-header-id.patch" + "ghostscript-no-header-uuid.patch")) (modules '((guix build utils))) (snippet ;; Remove bundled libraries. The bundled OpenJPEG is a patched fork so diff --git a/gnu/packages/patches/ghostscript-no-header-uuid.patch b/gnu/packages/patches/ghostscript-no-header-uuid.patch new file mode 100644 index 0000000000..473531220c --- /dev/null +++ b/gnu/packages/patches/ghostscript-no-header-uuid.patch @@ -0,0 +1,50 @@ +This patch makes the UUIDs in the XMP header optional, depending on the +setting of the environment variable GS_GENERATE_UUIDS. + +If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will +not write out the Document UUID field and also will write the Instance ID +field value as "". + +Upstream does not want to do this. + +See: https://bugs.ghostscript.com/show_bug.cgi?id=698208 +diff -ur orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c aa/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c +--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c 2017-07-09 23:30:28.960479189 +0200 ++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdfe.c 2017-07-10 01:04:12.252478276 +0200 +@@ -617,7 +617,7 @@ + return code; + + /* PDF/A XMP reference recommends setting UUID to empty. If not empty must be a URI */ +- if (pdev->PDFA != 0) ++ if (pdev->PDFA != 0 || (getenv("GS_GENERATE_UUIDS") && (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") == 0 || strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") == 0))) + instance_uuid[0] = 0x00; + + cre_date_time_len = pdf_get_docinfo_item(pdev, "/CreationDate", cre_date_time, sizeof(cre_date_time)); +@@ -719,15 +719,18 @@ + pdf_xml_tag_close(s, "rdf:Description"); + pdf_xml_newline(s); + +- pdf_xml_tag_open_beg(s, "rdf:Description"); +- pdf_xml_attribute_name(s, "rdf:about"); +- pdf_xml_attribute_value(s, instance_uuid); +- pdf_xml_attribute_name(s, "xmlns:xapMM"); +- pdf_xml_attribute_value(s, "http://ns.adobe.com/xap/1.0/mm/"); +- pdf_xml_attribute_name(s, "xapMM:DocumentID"); +- pdf_xml_attribute_value(s, document_uuid); +- pdf_xml_tag_end_empty(s); +- pdf_xml_newline(s); ++ if (!getenv("GS_GENERATE_UUIDS") || (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0)) ++ { ++ pdf_xml_tag_open_beg(s, "rdf:Description"); ++ pdf_xml_attribute_name(s, "rdf:about"); ++ pdf_xml_attribute_value(s, instance_uuid); ++ pdf_xml_attribute_name(s, "xmlns:xapMM"); ++ pdf_xml_attribute_value(s, "http://ns.adobe.com/xap/1.0/mm/"); ++ pdf_xml_attribute_name(s, "xapMM:DocumentID"); ++ pdf_xml_attribute_value(s, document_uuid); ++ pdf_xml_tag_end_empty(s); ++ pdf_xml_newline(s); ++ } + + pdf_xml_tag_open_beg(s, "rdf:Description"); + pdf_xml_attribute_name(s, "rdf:about"); -- cgit 1.4.1 From ad22c7185395a52bd90ea5890a2ac79f44d00352 Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Mon, 10 Jul 2017 01:28:34 +0200 Subject: gnu: ghostscript: Make "/CreationDate", "/ModDate" optional, depending on environment variable. * gnu/packages/patches/ghostscript-no-header-creationdate.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ghostscript.scm (ghostscript): Use it. --- gnu/local.mk | 1 + gnu/packages/ghostscript.scm | 10 ++-------- .../ghostscript-no-header-creationdate.patch | 22 ++++++++++++++++++++++ 3 files changed, 25 insertions(+), 8 deletions(-) create mode 100644 gnu/packages/patches/ghostscript-no-header-creationdate.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9cf4648aa3..0880de0382 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -621,6 +621,7 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-CVE-2017-8291.patch \ %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-no-header-uuid.patch \ + %D%/packages/patches/ghostscript-no-header-creationdate.patch \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 3a84db3e44..b15b032a72 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -144,6 +144,7 @@ printing, and psresize, for adjusting page sizes.") "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b")) (patches (search-patches "ghostscript-runpath.patch" "ghostscript-CVE-2017-8291.patch" + "ghostscript-no-header-creationdate.patch" "ghostscript-no-header-id.patch" "ghostscript-no-header-uuid.patch")) (modules '((guix build utils))) @@ -154,14 +155,7 @@ printing, and psresize, for adjusting page sizes.") '(begin (for-each delete-file-recursively '("freetype" "jbig2dec" "jpeg" "lcms2" "libpng" - "tiff" "zlib")) - ;; Get rid of timestamps (remove /CreationDate and /ModDate). - (substitute* "devices/vector/gdevpdf.c" - ((", but we do the same") - (string-append "*/ " - "if (!getenv(\"GS_GENERATE_UUIDS\") || " - "(strcmp(getenv(\"GS_GENERATE_UUIDS\"), \"0\") != 0 && " - "strcmp(getenv(\"GS_GENERATE_UUIDS\"), \"no\") != 0)) /*"))))))) + "tiff" "zlib")))))) (build-system gnu-build-system) (outputs '("out" "doc")) ;19 MiB of HTML/PS doc + examples (arguments diff --git a/gnu/packages/patches/ghostscript-no-header-creationdate.patch b/gnu/packages/patches/ghostscript-no-header-creationdate.patch new file mode 100644 index 0000000000..92ddbdade0 --- /dev/null +++ b/gnu/packages/patches/ghostscript-no-header-creationdate.patch @@ -0,0 +1,22 @@ +This patch makes emission of /CreationDate and /ModDate headers optional. + +If the environment variable GS_GENERATE_UUIDS is set to "0" or "no", it will +not write out the "/ID" field (if that's permissible). + +Upstream does not want to do this. + +See: https://bugs.ghostscript.com/show_bug.cgi?id=698208 +diff --git a/orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c b/bb/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c +index 0fb067e..b342e2c 100644 +--- orig/gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c ++++ gnu-ghostscript-9.14.0/devices/vector/gdevpdf.c +@@ -305,6 +305,9 @@ pdf_initialize_ids(gx_device_pdf * pdev) + * date and time, rather than (for example) %%CreationDate from the + * PostScript file. We think this is wrong, but we do the same. + */ ++ if (!getenv("GS_GENERATE_UUIDS") || ++ (strcasecmp(getenv("GS_GENERATE_UUIDS"), "0") != 0 && ++ strcasecmp(getenv("GS_GENERATE_UUIDS"), "no") != 0)) + { + struct tm tms; + time_t t; -- cgit 1.4.1 From 8d858010b373485dcd999c30ec58bede53bd7ecd Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Sun, 11 Jun 2017 12:58:38 +0200 Subject: bootloader: Add u-boot. * gnu/bootloader/u-boot.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi: Document it. --- doc/guix.texi | 8 ++++---- gnu/bootloader/u-boot.scm | 47 +++++++++++++++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + 3 files changed, 52 insertions(+), 4 deletions(-) create mode 100644 gnu/bootloader/u-boot.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index dc764cc292..ecf9617725 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -15931,10 +15931,10 @@ The type of a bootloader configuration declaration. @cindex UEFI, bootloader @cindex BIOS, bootloader The bootloader to use, as a @code{bootloader} object. For now -@code{grub-bootloader}, @code{grub-efi-bootloader} and -@code{extlinux-bootloader} are supported. @code{grub-efi-bootloader}, -allows to boot on modern systems using the @dfn{Unified Extensible -Firmware Interface} (UEFI). +@code{grub-bootloader}, @code{grub-efi-bootloader}, +@code{extlinux-bootloader} and @code{u-boot-bootloader} are supported. +@code{grub-efi-bootloader} allows to boot on modern systems using the +@dfn{Unified Extensible Firmware Interface} (UEFI). Available bootloaders are described in @code{(gnu bootloader @dots{})} modules. diff --git a/gnu/bootloader/u-boot.scm b/gnu/bootloader/u-boot.scm new file mode 100644 index 0000000000..963b0d7597 --- /dev/null +++ b/gnu/bootloader/u-boot.scm @@ -0,0 +1,47 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 David Craven +;;; Copyright © 2017 Mathieu Othacehe +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu bootloader u-boot) + #:use-module (gnu bootloader extlinux) + #:use-module (gnu bootloader) + #:use-module (gnu system) + #:use-module (gnu packages bootloaders) + #:use-module (guix gexp) + #:use-module (guix monads) + #:use-module (guix records) + #:use-module (guix utils) + #:export (u-boot-bootloader)) + +(define install-u-boot + #~(lambda (bootloader device mount-point) + (if bootloader + (error "Failed to install U-Boot")))) + + + +;;; +;;; Bootloader definitions. +;;; + +(define u-boot-bootloader + (bootloader + (inherit extlinux-bootloader) + (name 'u-boot) + (package #f) + (installer install-u-boot))) diff --git a/gnu/local.mk b/gnu/local.mk index 1ced658911..b79bc1992c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -40,6 +40,7 @@ GNU_SYSTEM_MODULES = \ %D%/bootloader.scm \ %D%/bootloader/grub.scm \ %D%/bootloader/extlinux.scm \ + %D%/bootloader/u-boot.scm \ %D%/packages.scm \ %D%/packages/abduco.scm \ %D%/packages/abiword.scm \ -- cgit 1.4.1 From 59132b800093e486e4d81aed6b837e9ac76aa86c Mon Sep 17 00:00:00 2001 From: 宋文武 Date: Wed, 12 Jul 2017 20:35:57 +0800 Subject: gnu: Rename (gnu packages qemu) to (gnu packages virtualization). * gnu/packages/qemu.scm: Rename this ... * gnu/packages/virtualization.scm: ... to this. * gnu/local.mk (GNU_SYSTEM_MODULES), gnu/packages/bootloaders.scm, gnu/packages/debug.scm, gnu/packages/gnome.scm, gnu/system/vm.scm, gnu/tests/install.scm: Adjust accordingly. --- gnu/local.mk | 2 +- gnu/packages/bootloaders.scm | 2 +- gnu/packages/debug.scm | 2 +- gnu/packages/gnome.scm | 2 +- gnu/packages/qemu.scm | 507 ---------------------------------------- gnu/packages/virtualization.scm | 507 ++++++++++++++++++++++++++++++++++++++++ gnu/system/vm.scm | 2 +- gnu/tests/install.scm | 2 +- 8 files changed, 513 insertions(+), 513 deletions(-) delete mode 100644 gnu/packages/qemu.scm create mode 100644 gnu/packages/virtualization.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index b79bc1992c..50fac30404 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -328,7 +328,6 @@ GNU_SYSTEM_MODULES = \ %D%/packages/pv.scm \ %D%/packages/python.scm \ %D%/packages/tryton.scm \ - %D%/packages/qemu.scm \ %D%/packages/qt.scm \ %D%/packages/ragel.scm \ %D%/packages/rails.scm \ @@ -398,6 +397,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/version-control.scm \ %D%/packages/video.scm \ %D%/packages/vim.scm \ + %D%/packages/virtualization.scm \ %D%/packages/vpn.scm \ %D%/packages/w3m.scm \ %D%/packages/wdiff.scm \ diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index 9ae6175280..802e8ab8dc 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -40,8 +40,8 @@ #:use-module (gnu packages ncurses) #:use-module (gnu packages perl) #:use-module (gnu packages python) - #:use-module (gnu packages qemu) #:use-module (gnu packages texinfo) + #:use-module (gnu packages virtualization) #:use-module (guix build-system gnu) #:use-module (guix download) #:use-module (guix git-download) diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm index 27193c8bba..34c1061418 100644 --- a/gnu/packages/debug.scm +++ b/gnu/packages/debug.scm @@ -32,7 +32,7 @@ #:use-module (gnu packages llvm) #:use-module (gnu packages perl) #:use-module (gnu packages pretty-print) - #:use-module (gnu packages qemu) + #:use-module (gnu packages virtualization) #:use-module (ice-9 match) #:use-module (srfi srfi-1)) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 3125fa03ca..4221bbc76c 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -132,8 +132,8 @@ #:use-module (gnu packages samba) #:use-module (gnu packages readline) #:use-module (gnu packages fonts) - #:use-module (gnu packages qemu) #:use-module (gnu packages speech) + #:use-module (gnu packages virtualization) #:use-module (srfi srfi-1)) (define-public brasero diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm deleted file mode 100644 index 0bd314c660..0000000000 --- a/gnu/packages/qemu.scm +++ /dev/null @@ -1,507 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès -;;; Copyright © 2015, 2016, 2017 Mark H Weaver -;;; Copyright © 2016, 2017 Efraim Flashner -;;; Copyright © 2016 Ricardo Wurmus -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (gnu packages qemu) - #:use-module (gnu packages) - #:use-module (gnu packages admin) - #:use-module (gnu packages attr) - #:use-module (gnu packages autotools) - #:use-module (gnu packages check) - #:use-module (gnu packages compression) - #:use-module (gnu packages curl) - #:use-module (gnu packages cyrus-sasl) - #:use-module (gnu packages disk) - #:use-module (gnu packages dns) - #:use-module (gnu packages gl) - #:use-module (gnu packages glib) - #:use-module (gnu packages gnome) - #:use-module (gnu packages gtk) - #:use-module (gnu packages image) - #:use-module (gnu packages libusb) - #:use-module (gnu packages linux) - #:use-module (gnu packages ncurses) - #:use-module (gnu packages perl) - #:use-module (gnu packages pkg-config) - #:use-module (gnu packages polkit) - #:use-module (gnu packages python) - #:use-module (gnu packages sdl) - #:use-module (gnu packages spice) - #:use-module (gnu packages texinfo) - #:use-module (gnu packages tls) - #:use-module (gnu packages web) - #:use-module (gnu packages xdisorg) - #:use-module (gnu packages xml) - #:use-module (guix build-system gnu) - #:use-module (guix build-system python) - #:use-module (guix download) - #:use-module ((guix licenses) #:select (gpl2 gpl2+ lgpl2.1+)) - #:use-module (guix packages) - #:use-module (guix utils) - #:use-module (srfi srfi-1)) - -(define (qemu-patch commit file-name sha256) - "Return an origin for COMMIT." - (origin - (method url-fetch) - (uri (string-append - "http://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h=" - commit)) - (sha256 sha256) - (file-name file-name))) - -(define-public qemu - (package - (name "qemu") - (version "2.9.0") - (source (origin - (method url-fetch) - (uri (string-append "http://wiki.qemu-project.org/download/qemu-" - version ".tar.xz")) - (patches (search-patches "qemu-CVE-2017-7493.patch" - "qemu-CVE-2017-8112.patch" - "qemu-CVE-2017-8309.patch" - "qemu-CVE-2017-8379.patch" - "qemu-CVE-2017-8380.patch" - "qemu-CVE-2017-9524.patch")) - (sha256 - (base32 - "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h")))) - (build-system gnu-build-system) - (arguments - '(;; Running tests in parallel can occasionally lead to failures, like: - ;; boot_sector_test: assertion failed (signature == SIGNATURE): (0x00000000 == 0x0000dead) - #:parallel-tests? #f - - #:phases - (modify-phases %standard-phases - (replace 'configure - (lambda* (#:key inputs outputs (configure-flags '()) - #:allow-other-keys) - ;; The `configure' script doesn't understand some of the - ;; GNU options. Thus, add a new phase that's compatible. - (let ((out (assoc-ref outputs "out"))) - (setenv "SHELL" (which "bash")) - - ;; While we're at it, patch for tests. - (substitute* "tests/libqtest.c" - (("/bin/sh") (which "sh"))) - - ;; The binaries need to be linked against -lrt. - (setenv "LDFLAGS" "-lrt") - (zero? - (apply system* - `("./configure" - ,(string-append "--cc=" (which "gcc")) - ;; Some architectures insist on using HOST_CC - ,(string-append "--host-cc=" (which "gcc")) - "--disable-debug-info" ; save build space - "--enable-virtfs" ; just to be sure - ,(string-append "--prefix=" out) - ,@configure-flags)))))) - (add-after 'install 'install-info - (lambda* (#:key inputs outputs #:allow-other-keys) - ;; Install the Info manual, unless Texinfo is missing. - (or (not (assoc-ref inputs "texinfo")) - (let ((out (assoc-ref outputs "out"))) - (and (zero? (system* "make" "info")) - (let ((infodir (string-append out "/share/info"))) - (for-each (lambda (info) - (install-file info infodir)) - (find-files "." "\\.info")) - #t)))))) - (add-before 'check 'make-gtester-verbose - (lambda _ - ;; Make GTester verbose to facilitate investigation upon failure. - (setenv "V" "1") #t)) - (add-before 'check 'disable-test-qga - (lambda _ - (substitute* "tests/Makefile.include" - ;; Comment out the test-qga test, which needs /sys and - ;; fails within the build environment. - (("check-unit-.* tests/test-qga" all) - (string-append "# " all))) - #t))))) - (inputs ; TODO: Add optional inputs. - `(("alsa-lib" ,alsa-lib) - ("attr" ,attr) - ("glib" ,glib) - ;; ("libaio" ,libaio) - ("libattr" ,attr) - ("libcap" ,libcap) ; virtfs support requires libcap & libattr - ("libjpeg" ,libjpeg-8) - ("libpng" ,libpng) - ("libusb" ,libusb) ;USB pass-through support - ("mesa" ,mesa) - ("ncurses" ,ncurses) - ;; ("pciutils" ,pciutils) - ("pixman" ,pixman) - ("sdl" ,sdl) - ("spice" ,spice) - ("util-linux" ,util-linux) - ;; ("vde2" ,vde2) - ("virglrenderer" ,virglrenderer) - ("zlib" ,zlib))) - (native-inputs `(("glib:bin" ,glib "bin") ; gtester, etc. - ("perl" ,perl) - ("pkg-config" ,pkg-config) - ("python" ,python-2) ; incompatible with Python 3 according to error message - ("texinfo" ,texinfo))) - (home-page "http://www.qemu-project.org") - (synopsis "Machine emulator and virtualizer") - (description - "QEMU is a generic machine emulator and virtualizer. - -When used as a machine emulator, QEMU can run OSes and programs made for one -machine (e.g. an ARM board) on a different machine---e.g., your own PC. By -using dynamic translation, it achieves very good performance. - -When used as a virtualizer, QEMU achieves near native performances by -executing the guest code directly on the host CPU. QEMU supports -virtualization when executing under the Xen hypervisor or using -the KVM kernel module in Linux. When using KVM, QEMU can virtualize x86, -server and embedded PowerPC, and S390 guests.") - - ;; Many files are GPLv2+, but some are GPLv2-only---e.g., `memory.c'. - (license gpl2) - - ;; Several tests fail on MIPS; see . - (supported-systems (delete "mips64el-linux" %supported-systems)))) - -(define-public qemu-minimal - ;; QEMU without GUI support. - (package (inherit qemu) - (name "qemu-minimal") - (synopsis "Machine emulator and virtualizer (without GUI)") - (arguments - `(#:configure-flags - ;; Restrict to the targets supported by Guix. - '("--target-list=i386-softmmu,x86_64-softmmu,mips64el-softmmu,arm-softmmu,aarch64-softmmu") - ,@(package-arguments qemu))) - - ;; Remove dependencies on optional libraries, notably GUI libraries. - (inputs (fold alist-delete (package-inputs qemu) - '("libusb" "mesa" "sdl" "spice" "virglrenderer"))))) - -(define-public libosinfo - (package - (name "libosinfo") - (version "1.0.0") - (source - (origin - (method url-fetch) - (uri (string-append "https://releases.pagure.org/libosinfo/libosinfo-" - version ".tar.gz")) - (sha256 - (base32 - "0srrs2m6irqd4f867g8ls6jp2dq3ql0l9d0fh80d55sivvn2bd7p")))) - (build-system gnu-build-system) - (arguments - `(#:configure-flags - (list (string-append "--with-usb-ids-path=" - (assoc-ref %build-inputs "usb.ids")) - (string-append "--with-pci-ids-path=" - (assoc-ref %build-inputs "pci.ids"))) - #:phases - (modify-phases %standard-phases - ;; This odd test fails for unknown reasons. - (add-after 'unpack 'disable-broken-test - (lambda _ - (substitute* "test/Makefile.in" - (("test-isodetect\\$\\(EXEEXT\\)") "")) - #t))))) - (inputs - `(("libsoup" ,libsoup) - ("libxml2" ,libxml2) - ("libxslt" ,libxslt) - ("gobject-introspection" ,gobject-introspection))) - (native-inputs - `(("check" ,check) - ("glib" ,glib "bin") ; glib-mkenums, etc. - ("gtk-doc" ,gtk-doc) - ("vala" ,vala) - ("intltool" ,intltool) - ("pkg-config" ,pkg-config) - ("pci.ids" - ,(origin - (method url-fetch) - (uri "https://github.com/pciutils/pciids/raw/ad02084f0bc143e3c15e31a6152a3dfb1d7a3156/pci.ids") - (sha256 - (base32 - "0kfhpj5rnh24hz2714qhfmxk281vwc2w50sm73ggw5d15af7zfsw")))) - ("usb.ids" - ,(origin - (method url-fetch) - (uri "http://linux-usb.cvs.sourceforge.net/viewvc/linux-usb/htdocs/usb.ids?revision=1.551") - (file-name "usb.ids") - (sha256 - (base32 - "17rg5i0wbyk289gr8v4kgvnc9q5bidz7ldcvv9x58l083wn16hq3")))))) - (home-page "https://libosinfo.org/") - (synopsis "Operating system information database") - (description "libosinfo is a GObject based library API for managing -information about operating systems, hypervisors and the (virtual) hardware -devices they can support. It includes a database containing device metadata -and provides APIs to match/identify optimal devices for deploying an operating -system on a hypervisor. Via GObject Introspection, the API is available in -all common programming languages. Vala bindings are also provided.") - ;; The library files are released under LGPLv2.1 or later; the source - ;; files in the "tools" directory are released under GPLv2+. - (license (list lgpl2.1+ gpl2+)))) - -(define-public libvirt - (package - (name "libvirt") - (version "3.5.0") - (source (origin - (method url-fetch) - (uri (string-append "http://libvirt.org/sources/libvirt-" - version ".tar.xz")) - (sha256 - (base32 - "05mm4xdw6g960rwvc9189nhxpm1vrilnmpl4h4m1lha11pivlqr9")))) - (build-system gnu-build-system) - (arguments - `(;; FAIL: virshtest - ;; FAIL: virfirewalltest - ;; FAIL: virkmodtest - ;; FAIL: virnetsockettest - ;; FAIL: networkxml2firewalltest - ;; FAIL: nwfilterebiptablestest - ;; FAIL: nwfilterxml2firewalltest - ;; Times out after PASS: virsh-vcpupin - #:tests? #f - #:configure-flags - (list "--with-polkit" - "--sysconfdir=/etc" - "--localstatedir=/var") - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'fix-tests - (lambda _ - (substitute* '("tests/commandtest.c" - "gnulib/tests/test-posix_spawn1.c" - "gnulib/tests/test-posix_spawn2.c") - (("/bin/sh") (which "sh"))) - #t)) - (replace 'install - ;; Since the sysconfdir and localstatedir should be /etc and /var - ;; at runtime, we must prevent writing to them at installation - ;; time. - (lambda _ - (zero? (system* "make" "install" - "sysconfdir=/tmp/etc" - "localstatedir=/tmp/var"))))))) - (inputs - `(("libxml2" ,libxml2) - ("gnutls" ,gnutls) - ("dbus" ,dbus) - ("qemu" ,qemu) - ("polkit" ,polkit) - ("libpcap" ,libpcap) - ("libnl" ,libnl) - ("libuuid" ,util-linux) - ("lvm2" ,lvm2) ; for libdevmapper - ("curl" ,curl) - ("openssl" ,openssl) - ("cyrus-sasl" ,cyrus-sasl) - ("perl" ,perl) - ("python" ,python-2) - ("libyajl" ,libyajl) - ("audit" ,audit) - ("dmidecode" ,dmidecode) - ("dnsmasq" ,dnsmasq) - ("ebtables" ,ebtables) - ("iproute" ,iproute) - ("iptables" ,iptables))) - (native-inputs - `(("pkg-config" ,pkg-config))) - (home-page "http://libvirt.org") - (synopsis "Simple API for virtualization") - (description "Libvirt is a C toolkit to interact with the virtualization -capabilities of recent versions of Linux. The library aims at providing long -term stable C API initially for the Xen paravirtualization but should be able -to integrate other virtualization mechanisms if needed.") - (license lgpl2.1+))) - -(define-public libvirt-glib - (package - (name "libvirt-glib") - (version "1.0.0") - (source (origin - (method url-fetch) - (uri (string-append "ftp://libvirt.org/libvirt/glib/" - "libvirt-glib-" version ".tar.gz")) - (sha256 - (base32 - "0iwa5sdbii52pjpdm5j37f67sdmf0kpcky4liwhy1nf43k85i4fa")))) - (build-system gnu-build-system) - (arguments - `(#:phases - (modify-phases %standard-phases - (add-after 'unpack 'fix-tests - (lambda _ - (substitute* "tests/test-events.c" - (("/bin/true") (which "true"))) - #t))))) - (inputs - `(("libxml2" ,libxml2) - ("libvirt" ,libvirt) - ("gobject-introspection" ,gobject-introspection) - ("glib" ,glib) - ("openssl" ,openssl) - ("cyrus-sasl" ,cyrus-sasl) - ("lvm2" ,lvm2) ; for libdevmapper - ("libyajl" ,libyajl))) - (native-inputs - `(("pkg-config" ,pkg-config) - ("intltool" ,intltool) - ("glib" ,glib "bin") - ("vala" ,vala))) - (home-page "http://libvirt.org") - (synopsis "GLib wrapper around libvirt") - (description "libvirt-glib wraps the libvirt library to provide a -high-level object-oriented API better suited for glib-based applications, via -three libraries: - -@enumerate -@item libvirt-glib - GLib main loop integration & misc helper APIs -@item libvirt-gconfig - GObjects for manipulating libvirt XML documents -@item libvirt-gobject - GObjects for managing libvirt objects -@end enumerate -") - (license lgpl2.1+))) - -(define-public python-libvirt - (package - (name "python-libvirt") - (version "3.4.0") - (source (origin - (method url-fetch) - (uri (pypi-uri "libvirt-python" version)) - (sha256 - (base32 - "04dma3979171p9yf0cg7m03shk038hc9vyfm9lb8z60qyn0pg9xg")))) - (build-system python-build-system) - (arguments - `(#:phases - (modify-phases %standard-phases - (add-after 'unpack 'patch-nosetests-path - (lambda* (#:key inputs #:allow-other-keys) - (substitute* "setup.py" - (("\"/usr/bin/nosetests\"") - (string-append "\"" (which "nosetests") "\"")) - (("self\\.spawn\\(\\[sys\\.executable, nose\\]\\)") - (format #f "self.spawn([\"~a\", nose])" (which "bash")))) - #t))))) - (inputs - `(("libvirt" ,libvirt))) - (propagated-inputs - `(("python-lxml" ,python-lxml))) - (native-inputs - `(("pkg-config" ,pkg-config) - ("python-nose" ,python-nose))) - (home-page "http://libvirt.org") - (synopsis "Python bindings to libvirt") - (description "This package provides Python bindings to the libvirt -virtualization library.") - (license lgpl2.1+))) - -(define-public python2-libvirt - (package-with-python2 python-libvirt)) - -(define-public virt-manager - (package - (name "virt-manager") - (version "1.4.1") - (source (origin - (method url-fetch) - (uri (string-append "https://virt-manager.org/download/sources" - "/virt-manager/virt-manager-" - version ".tar.gz")) - (sha256 - (base32 - "0i1rkxz730vw1nqghrp189jhhp53pw81k0h71hhxmyqlkyclkig6")))) - (build-system python-build-system) - (arguments - `(#:python ,python-2 - #:use-setuptools? #f ; Uses custom distutils 'install' command. - ;; Some of the tests seem to require network access to install virtual - ;; machines. - #:tests? #f - #:modules ((ice-9 match) - (srfi srfi-26) - (guix build python-build-system) - (guix build utils)) - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'fix-setup - (lambda* (#:key outputs #:allow-other-keys) - (substitute* "virtcli/cliconfig.py" - (("/usr") (assoc-ref outputs "out"))) - #t)) - (add-before 'wrap 'wrap-with-GI_TYPELIB_PATH - (lambda* (#:key inputs outputs #:allow-other-keys) - (let* ((bin (string-append (assoc-ref outputs "out") "/bin")) - (bin-files (find-files bin ".*")) - (paths (map (match-lambda - ((output . directory) - (let* ((girepodir (string-append - directory - "/lib/girepository-1.0"))) - (if (file-exists? girepodir) - girepodir #f)))) - inputs))) - (for-each (lambda (file) - (format #t "wrapping ~a\n" file) - (wrap-program file - `("GI_TYPELIB_PATH" ":" prefix - ,(filter identity paths)))) - bin-files)) - #t))))) - (inputs - `(("gtk+" ,gtk+) - ("gtk-vnc" ,gtk-vnc) - ("libvirt" ,libvirt) - ("libvirt-glib" ,libvirt-glib) - ("libosinfo" ,libosinfo) - ("vte" ,vte) - ("gobject-introspection" ,gobject-introspection) - ("python2-libvirt" ,python2-libvirt) - ("python2-requests" ,python2-requests) - ("python2-ipaddr" ,python2-ipaddr) - ("python2-pygobject" ,python2-pygobject) - ("python2-libxml2" ,python2-libxml2))) - ;; virt-manager searches for qemu-img or kvm-img in the PATH. - (propagated-inputs - `(("qemu" ,qemu))) - (native-inputs - `(("glib" ,glib "bin") ; glib-compile-schemas. - ("gtk+" ,gtk+ "bin") ; gtk-update-icon-cache - ("perl" ,perl) ; pod2man - ("intltool" ,intltool))) - (home-page "https://virt-manager.org/") - (synopsis "Manage virtual machines") - (description - "The virt-manager application is a desktop user interface for managing -virtual machines through libvirt. It primarily targets KVM VMs, but also -manages Xen and LXC (Linux containers). It presents a summary view of running -domains, their live performance and resource utilization statistics.") - (license gpl2+))) diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm new file mode 100644 index 0000000000..79209c3006 --- /dev/null +++ b/gnu/packages/virtualization.scm @@ -0,0 +1,507 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès +;;; Copyright © 2015, 2016, 2017 Mark H Weaver +;;; Copyright © 2016, 2017 Efraim Flashner +;;; Copyright © 2016 Ricardo Wurmus +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages virtualization) + #:use-module (gnu packages) + #:use-module (gnu packages admin) + #:use-module (gnu packages attr) + #:use-module (gnu packages autotools) + #:use-module (gnu packages check) + #:use-module (gnu packages compression) + #:use-module (gnu packages curl) + #:use-module (gnu packages cyrus-sasl) + #:use-module (gnu packages disk) + #:use-module (gnu packages dns) + #:use-module (gnu packages gl) + #:use-module (gnu packages glib) + #:use-module (gnu packages gnome) + #:use-module (gnu packages gtk) + #:use-module (gnu packages image) + #:use-module (gnu packages libusb) + #:use-module (gnu packages linux) + #:use-module (gnu packages ncurses) + #:use-module (gnu packages perl) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages polkit) + #:use-module (gnu packages python) + #:use-module (gnu packages sdl) + #:use-module (gnu packages spice) + #:use-module (gnu packages texinfo) + #:use-module (gnu packages tls) + #:use-module (gnu packages web) + #:use-module (gnu packages xdisorg) + #:use-module (gnu packages xml) + #:use-module (guix build-system gnu) + #:use-module (guix build-system python) + #:use-module (guix download) + #:use-module ((guix licenses) #:select (gpl2 gpl2+ lgpl2.1+)) + #:use-module (guix packages) + #:use-module (guix utils) + #:use-module (srfi srfi-1)) + +(define (qemu-patch commit file-name sha256) + "Return an origin for COMMIT." + (origin + (method url-fetch) + (uri (string-append + "http://git.qemu.org/?p=qemu.git;a=commitdiff_plain;h=" + commit)) + (sha256 sha256) + (file-name file-name))) + +(define-public qemu + (package + (name "qemu") + (version "2.9.0") + (source (origin + (method url-fetch) + (uri (string-append "http://wiki.qemu-project.org/download/qemu-" + version ".tar.xz")) + (patches (search-patches "qemu-CVE-2017-7493.patch" + "qemu-CVE-2017-8112.patch" + "qemu-CVE-2017-8309.patch" + "qemu-CVE-2017-8379.patch" + "qemu-CVE-2017-8380.patch" + "qemu-CVE-2017-9524.patch")) + (sha256 + (base32 + "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h")))) + (build-system gnu-build-system) + (arguments + '(;; Running tests in parallel can occasionally lead to failures, like: + ;; boot_sector_test: assertion failed (signature == SIGNATURE): (0x00000000 == 0x0000dead) + #:parallel-tests? #f + + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key inputs outputs (configure-flags '()) + #:allow-other-keys) + ;; The `configure' script doesn't understand some of the + ;; GNU options. Thus, add a new phase that's compatible. + (let ((out (assoc-ref outputs "out"))) + (setenv "SHELL" (which "bash")) + + ;; While we're at it, patch for tests. + (substitute* "tests/libqtest.c" + (("/bin/sh") (which "sh"))) + + ;; The binaries need to be linked against -lrt. + (setenv "LDFLAGS" "-lrt") + (zero? + (apply system* + `("./configure" + ,(string-append "--cc=" (which "gcc")) + ;; Some architectures insist on using HOST_CC + ,(string-append "--host-cc=" (which "gcc")) + "--disable-debug-info" ; save build space + "--enable-virtfs" ; just to be sure + ,(string-append "--prefix=" out) + ,@configure-flags)))))) + (add-after 'install 'install-info + (lambda* (#:key inputs outputs #:allow-other-keys) + ;; Install the Info manual, unless Texinfo is missing. + (or (not (assoc-ref inputs "texinfo")) + (let ((out (assoc-ref outputs "out"))) + (and (zero? (system* "make" "info")) + (let ((infodir (string-append out "/share/info"))) + (for-each (lambda (info) + (install-file info infodir)) + (find-files "." "\\.info")) + #t)))))) + (add-before 'check 'make-gtester-verbose + (lambda _ + ;; Make GTester verbose to facilitate investigation upon failure. + (setenv "V" "1") #t)) + (add-before 'check 'disable-test-qga + (lambda _ + (substitute* "tests/Makefile.include" + ;; Comment out the test-qga test, which needs /sys and + ;; fails within the build environment. + (("check-unit-.* tests/test-qga" all) + (string-append "# " all))) + #t))))) + (inputs ; TODO: Add optional inputs. + `(("alsa-lib" ,alsa-lib) + ("attr" ,attr) + ("glib" ,glib) + ;; ("libaio" ,libaio) + ("libattr" ,attr) + ("libcap" ,libcap) ; virtfs support requires libcap & libattr + ("libjpeg" ,libjpeg-8) + ("libpng" ,libpng) + ("libusb" ,libusb) ;USB pass-through support + ("mesa" ,mesa) + ("ncurses" ,ncurses) + ;; ("pciutils" ,pciutils) + ("pixman" ,pixman) + ("sdl" ,sdl) + ("spice" ,spice) + ("util-linux" ,util-linux) + ;; ("vde2" ,vde2) + ("virglrenderer" ,virglrenderer) + ("zlib" ,zlib))) + (native-inputs `(("glib:bin" ,glib "bin") ; gtester, etc. + ("perl" ,perl) + ("pkg-config" ,pkg-config) + ("python" ,python-2) ; incompatible with Python 3 according to error message + ("texinfo" ,texinfo))) + (home-page "http://www.qemu-project.org") + (synopsis "Machine emulator and virtualizer") + (description + "QEMU is a generic machine emulator and virtualizer. + +When used as a machine emulator, QEMU can run OSes and programs made for one +machine (e.g. an ARM board) on a different machine---e.g., your own PC. By +using dynamic translation, it achieves very good performance. + +When used as a virtualizer, QEMU achieves near native performances by +executing the guest code directly on the host CPU. QEMU supports +virtualization when executing under the Xen hypervisor or using +the KVM kernel module in Linux. When using KVM, QEMU can virtualize x86, +server and embedded PowerPC, and S390 guests.") + + ;; Many files are GPLv2+, but some are GPLv2-only---e.g., `memory.c'. + (license gpl2) + + ;; Several tests fail on MIPS; see . + (supported-systems (delete "mips64el-linux" %supported-systems)))) + +(define-public qemu-minimal + ;; QEMU without GUI support. + (package (inherit qemu) + (name "qemu-minimal") + (synopsis "Machine emulator and virtualizer (without GUI)") + (arguments + `(#:configure-flags + ;; Restrict to the targets supported by Guix. + '("--target-list=i386-softmmu,x86_64-softmmu,mips64el-softmmu,arm-softmmu,aarch64-softmmu") + ,@(package-arguments qemu))) + + ;; Remove dependencies on optional libraries, notably GUI libraries. + (inputs (fold alist-delete (package-inputs qemu) + '("libusb" "mesa" "sdl" "spice" "virglrenderer"))))) + +(define-public libosinfo + (package + (name "libosinfo") + (version "1.0.0") + (source + (origin + (method url-fetch) + (uri (string-append "https://releases.pagure.org/libosinfo/libosinfo-" + version ".tar.gz")) + (sha256 + (base32 + "0srrs2m6irqd4f867g8ls6jp2dq3ql0l9d0fh80d55sivvn2bd7p")))) + (build-system gnu-build-system) + (arguments + `(#:configure-flags + (list (string-append "--with-usb-ids-path=" + (assoc-ref %build-inputs "usb.ids")) + (string-append "--with-pci-ids-path=" + (assoc-ref %build-inputs "pci.ids"))) + #:phases + (modify-phases %standard-phases + ;; This odd test fails for unknown reasons. + (add-after 'unpack 'disable-broken-test + (lambda _ + (substitute* "test/Makefile.in" + (("test-isodetect\\$\\(EXEEXT\\)") "")) + #t))))) + (inputs + `(("libsoup" ,libsoup) + ("libxml2" ,libxml2) + ("libxslt" ,libxslt) + ("gobject-introspection" ,gobject-introspection))) + (native-inputs + `(("check" ,check) + ("glib" ,glib "bin") ; glib-mkenums, etc. + ("gtk-doc" ,gtk-doc) + ("vala" ,vala) + ("intltool" ,intltool) + ("pkg-config" ,pkg-config) + ("pci.ids" + ,(origin + (method url-fetch) + (uri "https://github.com/pciutils/pciids/raw/ad02084f0bc143e3c15e31a6152a3dfb1d7a3156/pci.ids") + (sha256 + (base32 + "0kfhpj5rnh24hz2714qhfmxk281vwc2w50sm73ggw5d15af7zfsw")))) + ("usb.ids" + ,(origin + (method url-fetch) + (uri "http://linux-usb.cvs.sourceforge.net/viewvc/linux-usb/htdocs/usb.ids?revision=1.551") + (file-name "usb.ids") + (sha256 + (base32 + "17rg5i0wbyk289gr8v4kgvnc9q5bidz7ldcvv9x58l083wn16hq3")))))) + (home-page "https://libosinfo.org/") + (synopsis "Operating system information database") + (description "libosinfo is a GObject based library API for managing +information about operating systems, hypervisors and the (virtual) hardware +devices they can support. It includes a database containing device metadata +and provides APIs to match/identify optimal devices for deploying an operating +system on a hypervisor. Via GObject Introspection, the API is available in +all common programming languages. Vala bindings are also provided.") + ;; The library files are released under LGPLv2.1 or later; the source + ;; files in the "tools" directory are released under GPLv2+. + (license (list lgpl2.1+ gpl2+)))) + +(define-public libvirt + (package + (name "libvirt") + (version "3.5.0") + (source (origin + (method url-fetch) + (uri (string-append "http://libvirt.org/sources/libvirt-" + version ".tar.xz")) + (sha256 + (base32 + "05mm4xdw6g960rwvc9189nhxpm1vrilnmpl4h4m1lha11pivlqr9")))) + (build-system gnu-build-system) + (arguments + `(;; FAIL: virshtest + ;; FAIL: virfirewalltest + ;; FAIL: virkmodtest + ;; FAIL: virnetsockettest + ;; FAIL: networkxml2firewalltest + ;; FAIL: nwfilterebiptablestest + ;; FAIL: nwfilterxml2firewalltest + ;; Times out after PASS: virsh-vcpupin + #:tests? #f + #:configure-flags + (list "--with-polkit" + "--sysconfdir=/etc" + "--localstatedir=/var") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-tests + (lambda _ + (substitute* '("tests/commandtest.c" + "gnulib/tests/test-posix_spawn1.c" + "gnulib/tests/test-posix_spawn2.c") + (("/bin/sh") (which "sh"))) + #t)) + (replace 'install + ;; Since the sysconfdir and localstatedir should be /etc and /var + ;; at runtime, we must prevent writing to them at installation + ;; time. + (lambda _ + (zero? (system* "make" "install" + "sysconfdir=/tmp/etc" + "localstatedir=/tmp/var"))))))) + (inputs + `(("libxml2" ,libxml2) + ("gnutls" ,gnutls) + ("dbus" ,dbus) + ("qemu" ,qemu) + ("polkit" ,polkit) + ("libpcap" ,libpcap) + ("libnl" ,libnl) + ("libuuid" ,util-linux) + ("lvm2" ,lvm2) ; for libdevmapper + ("curl" ,curl) + ("openssl" ,openssl) + ("cyrus-sasl" ,cyrus-sasl) + ("perl" ,perl) + ("python" ,python-2) + ("libyajl" ,libyajl) + ("audit" ,audit) + ("dmidecode" ,dmidecode) + ("dnsmasq" ,dnsmasq) + ("ebtables" ,ebtables) + ("iproute" ,iproute) + ("iptables" ,iptables))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "http://libvirt.org") + (synopsis "Simple API for virtualization") + (description "Libvirt is a C toolkit to interact with the virtualization +capabilities of recent versions of Linux. The library aims at providing long +term stable C API initially for the Xen paravirtualization but should be able +to integrate other virtualization mechanisms if needed.") + (license lgpl2.1+))) + +(define-public libvirt-glib + (package + (name "libvirt-glib") + (version "1.0.0") + (source (origin + (method url-fetch) + (uri (string-append "ftp://libvirt.org/libvirt/glib/" + "libvirt-glib-" version ".tar.gz")) + (sha256 + (base32 + "0iwa5sdbii52pjpdm5j37f67sdmf0kpcky4liwhy1nf43k85i4fa")))) + (build-system gnu-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-tests + (lambda _ + (substitute* "tests/test-events.c" + (("/bin/true") (which "true"))) + #t))))) + (inputs + `(("libxml2" ,libxml2) + ("libvirt" ,libvirt) + ("gobject-introspection" ,gobject-introspection) + ("glib" ,glib) + ("openssl" ,openssl) + ("cyrus-sasl" ,cyrus-sasl) + ("lvm2" ,lvm2) ; for libdevmapper + ("libyajl" ,libyajl))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("intltool" ,intltool) + ("glib" ,glib "bin") + ("vala" ,vala))) + (home-page "http://libvirt.org") + (synopsis "GLib wrapper around libvirt") + (description "libvirt-glib wraps the libvirt library to provide a +high-level object-oriented API better suited for glib-based applications, via +three libraries: + +@enumerate +@item libvirt-glib - GLib main loop integration & misc helper APIs +@item libvirt-gconfig - GObjects for manipulating libvirt XML documents +@item libvirt-gobject - GObjects for managing libvirt objects +@end enumerate +") + (license lgpl2.1+))) + +(define-public python-libvirt + (package + (name "python-libvirt") + (version "3.4.0") + (source (origin + (method url-fetch) + (uri (pypi-uri "libvirt-python" version)) + (sha256 + (base32 + "04dma3979171p9yf0cg7m03shk038hc9vyfm9lb8z60qyn0pg9xg")))) + (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-nosetests-path + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "setup.py" + (("\"/usr/bin/nosetests\"") + (string-append "\"" (which "nosetests") "\"")) + (("self\\.spawn\\(\\[sys\\.executable, nose\\]\\)") + (format #f "self.spawn([\"~a\", nose])" (which "bash")))) + #t))))) + (inputs + `(("libvirt" ,libvirt))) + (propagated-inputs + `(("python-lxml" ,python-lxml))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("python-nose" ,python-nose))) + (home-page "http://libvirt.org") + (synopsis "Python bindings to libvirt") + (description "This package provides Python bindings to the libvirt +virtualization library.") + (license lgpl2.1+))) + +(define-public python2-libvirt + (package-with-python2 python-libvirt)) + +(define-public virt-manager + (package + (name "virt-manager") + (version "1.4.1") + (source (origin + (method url-fetch) + (uri (string-append "https://virt-manager.org/download/sources" + "/virt-manager/virt-manager-" + version ".tar.gz")) + (sha256 + (base32 + "0i1rkxz730vw1nqghrp189jhhp53pw81k0h71hhxmyqlkyclkig6")))) + (build-system python-build-system) + (arguments + `(#:python ,python-2 + #:use-setuptools? #f ; Uses custom distutils 'install' command. + ;; Some of the tests seem to require network access to install virtual + ;; machines. + #:tests? #f + #:modules ((ice-9 match) + (srfi srfi-26) + (guix build python-build-system) + (guix build utils)) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-setup + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "virtcli/cliconfig.py" + (("/usr") (assoc-ref outputs "out"))) + #t)) + (add-before 'wrap 'wrap-with-GI_TYPELIB_PATH + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((bin (string-append (assoc-ref outputs "out") "/bin")) + (bin-files (find-files bin ".*")) + (paths (map (match-lambda + ((output . directory) + (let* ((girepodir (string-append + directory + "/lib/girepository-1.0"))) + (if (file-exists? girepodir) + girepodir #f)))) + inputs))) + (for-each (lambda (file) + (format #t "wrapping ~a\n" file) + (wrap-program file + `("GI_TYPELIB_PATH" ":" prefix + ,(filter identity paths)))) + bin-files)) + #t))))) + (inputs + `(("gtk+" ,gtk+) + ("gtk-vnc" ,gtk-vnc) + ("libvirt" ,libvirt) + ("libvirt-glib" ,libvirt-glib) + ("libosinfo" ,libosinfo) + ("vte" ,vte) + ("gobject-introspection" ,gobject-introspection) + ("python2-libvirt" ,python2-libvirt) + ("python2-requests" ,python2-requests) + ("python2-ipaddr" ,python2-ipaddr) + ("python2-pygobject" ,python2-pygobject) + ("python2-libxml2" ,python2-libxml2))) + ;; virt-manager searches for qemu-img or kvm-img in the PATH. + (propagated-inputs + `(("qemu" ,qemu))) + (native-inputs + `(("glib" ,glib "bin") ; glib-compile-schemas. + ("gtk+" ,gtk+ "bin") ; gtk-update-icon-cache + ("perl" ,perl) ; pod2man + ("intltool" ,intltool))) + (home-page "https://virt-manager.org/") + (synopsis "Manage virtual machines") + (description + "The virt-manager application is a desktop user interface for managing +virtual machines through libvirt. It primarily targets KVM VMs, but also +manages Xen and LXC (Linux containers). It presents a summary view of running +domains, their live performance and resource utilization statistics.") + (license gpl2+))) diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index 66a2448ceb..dd9be2c6fa 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -39,7 +39,7 @@ #:use-module (gnu packages gawk) #:use-module (gnu packages bash) #:use-module (gnu packages less) - #:use-module (gnu packages qemu) + #:use-module (gnu packages virtualization) #:use-module (gnu packages disk) #:use-module (gnu packages zile) #:use-module (gnu packages linux) diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm index 7c5d48104e..22e4181ab1 100644 --- a/gnu/tests/install.scm +++ b/gnu/tests/install.scm @@ -27,8 +27,8 @@ #:use-module ((gnu build vm) #:select (qemu-command)) #:use-module (gnu packages bootloaders) #:use-module (gnu packages ocr) - #:use-module (gnu packages qemu) #:use-module (gnu packages package-management) + #:use-module (gnu packages virtualization) #:use-module (guix store) #:use-module (guix monads) #:use-module (guix packages) -- cgit 1.4.1 From 5beecc320ee3f4224e356508547416b4bd24ad4b Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Thu, 13 Jul 2017 09:38:59 +0200 Subject: gnu: Add sooperlooper. * gnu/packages/patches/sooperlooper-build-with-wx-30.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/music.scm (sooperlooper): New variable. --- gnu/local.mk | 1 + gnu/packages/music.scm | 72 +++++++++ .../patches/sooperlooper-build-with-wx-30.patch | 179 +++++++++++++++++++++ 3 files changed, 252 insertions(+) create mode 100644 gnu/packages/patches/sooperlooper-build-with-wx-30.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 50fac30404..96e4b2d254 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1005,6 +1005,7 @@ dist_patch_DATA = \ %D%/packages/patches/slim-reset.patch \ %D%/packages/patches/slim-login.patch \ %D%/packages/patches/slurm-configure-remove-nonfree-contribs.patch \ + %D%/packages/patches/sooperlooper-build-with-wx-30.patch \ %D%/packages/patches/spice-CVE-2016-9577.patch \ %D%/packages/patches/spice-CVE-2016-9578-1.patch \ %D%/packages/patches/spice-CVE-2016-9578-2.patch \ diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm index a3f3d4bacb..40996b11be 100644 --- a/gnu/packages/music.scm +++ b/gnu/packages/music.scm @@ -2345,6 +2345,78 @@ part. The player is based on a highly modified version of the ModPlug engine, with a number of bugfixes and changes to improve IT playback.") (license license:gpl2+))) +(define-public sooperlooper + (package + (name "sooperlooper") + (version "1.7.3") + (source (origin + (method url-fetch) + (uri (string-append "http://essej.net/sooperlooper/sooperlooper-" + version ".tar.gz")) + (sha256 + (base32 + "0n2gdxw1fx8nxxnpzf4sj0kp6k6zi1yq59cbz6qqzcnsnpnvszbs")) + (patches (search-patches "sooperlooper-build-with-wx-30.patch")))) + (build-system gnu-build-system) + (arguments + `(#:make-flags (list "CXXFLAGS=-std=gnu++11") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'add-sigc++-includes + (lambda* (#:key inputs #:allow-other-keys) + (let ((sig (assoc-ref inputs "libsigc++")) + (xml (assoc-ref inputs "libxml2")) + (cwd (getcwd))) + (setenv "CPATH" + (string-append sig "/include/sigc++-2.0:" + sig "/lib/sigc++-2.0/include:" + xml "/include/libxml2/:" + cwd "/libs/pbd:" + cwd "/libs/midi++"))) + (substitute* '("src/control_osc.hpp" + "src/gui/app_frame.hpp" + "src/gui/config_panel.hpp" + "src/gui/keys_panel.hpp" + "src/gui/latency_panel.hpp" + "src/gui/main_panel.hpp" + "src/gui/midi_bind_panel.hpp" + "src/gui/prefs_dialog.hpp") + (("sigc\\+\\+/object.h") + "sigc++/sigc++.h")) + (substitute* '("src/engine.cpp" + "src/gui/latency_panel.cpp" + "src/gui/looper_panel.cpp" + "src/gui/main_panel.cpp") + (("(\\(| )bind " _ pre) + (string-append pre "sigc::bind "))) + #t)) + (add-after 'unpack 'fix-xpm-warnings + (lambda _ + (substitute* (find-files "." "\\.xpm$") + (("static char") "static const char")) + #t))))) + (inputs + `(("jack" ,jack-1) + ("alsa-lib" ,alsa-lib) + ("wxwidgets" ,wxwidgets-gtk2) + ("libsndfile" ,libsndfile) + ("libsamplerate" ,libsamplerate) + ("liblo" ,liblo) + ("rubberband" ,rubberband) + ("libxml2" ,libxml2) + ("libsigc++" ,libsigc++) + ("ncurses" ,ncurses))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "http://essej.net/sooperlooper/") + (synopsis "Live looping sampler") + (description + "SooperLooper is a live looping sampler capable of immediate loop +recording, overdubbing, multiplying, reversing and more. It allows for +multiple simultaneous multi-channel loops limited only by your computer's +available memory.") + (license license:gpl2+))) + (define-public moc (package (name "moc") diff --git a/gnu/packages/patches/sooperlooper-build-with-wx-30.patch b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch new file mode 100644 index 0000000000..43f4b9be69 --- /dev/null +++ b/gnu/packages/patches/sooperlooper-build-with-wx-30.patch @@ -0,0 +1,179 @@ +Downloaded from https://anonscm.debian.org/cgit/pkg-multimedia/sooperlooper.git/plain/debian/patches/04-build_with_wx_30.patch -O gnu/packages/patches/sooperlooper-build-with-wx-30.patch + +Author: Jaromír Mikeš , Olly Betts +Description: build against wx 3.0. +Forwarded: yes + +Index: sooperlooper/src/gui/main_panel.cpp +=================================================================== +--- sooperlooper.orig/src/gui/main_panel.cpp ++++ sooperlooper/src/gui/main_panel.cpp +@@ -448,7 +448,7 @@ MainPanel::init_loopers (int count) + while (count < (int)_looper_panels.size()) { + looperpan = _looper_panels.back(); + _looper_panels.pop_back(); +- _main_sizer->Remove(looperpan); ++ _main_sizer->Detach(looperpan); + looperpan->Destroy(); + } + } +@@ -1277,7 +1277,7 @@ void MainPanel::misc_action (bool releas + } + + +- wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT); ++ wxString filename = do_file_selector (wxT("Choose file to save loop"), wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT); + + if ( !filename.empty() ) + { +@@ -1296,7 +1296,7 @@ void MainPanel::misc_action (bool releas + index = 0; + } + +- wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = do_file_selector (wxT("Choose file to open"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR); + + if ( !filename.empty() ) + { +@@ -1408,7 +1408,7 @@ void MainPanel::set_curr_loop (int index + + void MainPanel::do_load_session () + { +- wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = do_file_selector (wxT("Choose session to load"), wxT("*.slsess"), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR); + + if ( !filename.empty() ) + { +@@ -1419,7 +1419,7 @@ void MainPanel::do_load_session () + + void MainPanel::do_save_session (bool write_audio) + { +- wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT); ++ wxString filename = do_file_selector (wxT("Choose file to save session"), wxT("slsess"), wxT("*.slsess"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT); + + if ( !filename.empty() ) + { +Index: sooperlooper/src/gui/pix_button.cpp +=================================================================== +--- sooperlooper.orig/src/gui/pix_button.cpp ++++ sooperlooper/src/gui/pix_button.cpp +@@ -250,7 +250,7 @@ PixButton::OnMouseEvents (wxMouseEvent & + pt.x += bounds.x; + pt.y += bounds.y; + +- if (bounds.Inside(pt)) { ++ if (bounds.Contains(pt)) { + clicked (get_mouse_button(ev)); // emit + + if (ev.MiddleUp() && ev.ControlDown()) { +Index: sooperlooper/src/gui/looper_panel.cpp +=================================================================== +--- sooperlooper.orig/src/gui/looper_panel.cpp ++++ sooperlooper/src/gui/looper_panel.cpp +@@ -1428,7 +1428,7 @@ LooperPanel::clicked_events (int button, + if (cmd == wxT("save")) + { + wxString filename = _mainpanel->do_file_selector (wxT("Choose file to save loop"), +- wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT); ++ wxT("wav"), wxT("WAVE files (*.wav)|*.wav;*.WAV;*.Wav"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT); + + if ( !filename.empty() ) + { +@@ -1442,7 +1442,7 @@ LooperPanel::clicked_events (int button, + } + else if (cmd == wxT("load")) + { +- wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = _mainpanel->do_file_selector(wxT("Choose file to open"), wxT(""), wxT("Audio files (*.wav,*.aif)|*.wav;*.WAV;*.Wav;*.aif;*.aiff;*.AIF;*.AIFF|All files (*.*)|*.*"), wxFD_OPEN|wxFD_CHANGE_DIR); + + if ( !filename.empty() ) + { +Index: sooperlooper/src/gui/keyboard_target.cpp +=================================================================== +--- sooperlooper.orig/src/gui/keyboard_target.cpp ++++ sooperlooper/src/gui/keyboard_target.cpp +@@ -553,10 +553,10 @@ KeyboardTarget::keycode_from_name (const + keycode = WXK_RETURN; + } + else if ( keyname == wxT("PGUP") ) { +- keycode = WXK_PRIOR; ++ keycode = WXK_PAGEUP; + } + else if ( keyname == wxT("PGDN") ) { +- keycode = WXK_NEXT; ++ keycode = WXK_PAGEDOWN; + } + else if ( keyname == wxT("LEFT") ) { + keycode = WXK_LEFT; +@@ -630,10 +630,10 @@ wxString KeyboardTarget::name_from_keyco + case WXK_RETURN: + text += wxT("return"); + break; +- case WXK_PRIOR: ++ case WXK_PAGEUP: + text += wxT("pageup"); + break; +- case WXK_NEXT: ++ case WXK_PAGEDOWN: + text += wxT("pagedown"); + break; + case WXK_LEFT: +Index: sooperlooper/src/gui/check_box.cpp +=================================================================== +--- sooperlooper.orig/src/gui/check_box.cpp ++++ sooperlooper/src/gui/check_box.cpp +@@ -237,7 +237,7 @@ CheckBox::OnMouseEvents (wxMouseEvent &e + } + else if (ev.LeftUp()) + { +- if (bounds.Inside(ev.GetPosition())) { ++ if (bounds.Contains(ev.GetPosition())) { + // toggle value + _value = !_value; + +Index: sooperlooper/src/gui/midi_bind_panel.cpp +=================================================================== +--- sooperlooper.orig/src/gui/midi_bind_panel.cpp ++++ sooperlooper/src/gui/midi_bind_panel.cpp +@@ -880,7 +880,7 @@ void MidiBindPanel::on_button (wxCommand + } + else if (ev.GetId() == ID_LoadButton) + { +- wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to open"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR); + if ( !filename.empty() ) + { + _parent->get_loop_control().load_midi_bindings(filename, _append_check->GetValue()); +@@ -888,7 +888,7 @@ void MidiBindPanel::on_button (wxCommand + } + else if (ev.GetId() == ID_SaveButton) + { +- wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxSAVE|wxCHANGE_DIR|wxOVERWRITE_PROMPT); ++ wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to save"), wxT(""), wxT("*.slb"), wxFD_SAVE|wxFD_CHANGE_DIR|wxFD_OVERWRITE_PROMPT); + + if ( !filename.empty() ) + { +Index: sooperlooper/src/gui/config_panel.cpp +=================================================================== +--- sooperlooper.orig/src/gui/config_panel.cpp ++++ sooperlooper/src/gui/config_panel.cpp +@@ -378,7 +378,7 @@ void ConfigPanel::on_button (wxCommandEv + else if (ev.GetId() == ID_MidiBrowseButton) { + + _parent->get_keyboard().set_enabled(false); +- wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = _parent->do_file_selector(wxT("Choose midi binding file to use"), wxT(""), wxT("*.slb"), wxFD_OPEN|wxFD_CHANGE_DIR); + _parent->get_keyboard().set_enabled(true); + + if ( !filename.empty() ) +@@ -389,8 +389,8 @@ void ConfigPanel::on_button (wxCommandEv + else if (ev.GetId() == ID_SessionBrowseButton) { + + _parent->get_keyboard().set_enabled(false); +- wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR); +- //wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxOPEN|wxCHANGE_DIR); ++ wxString filename = _parent->do_file_selector(wxT("Choose session file to use"), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR); ++ //wxString filename = wxFileSelector(wxT("Choose session file to use"), wxT(""), wxT(""), wxT(""), wxT("*.slsess"), wxFD_OPEN|wxFD_CHANGE_DIR); + _parent->get_keyboard().set_enabled(true); + + if ( !filename.empty() ) -- cgit 1.4.1 From 7ad2a4f1d50e5a397010ec90dba79feaca296a81 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 17 Jul 2017 15:29:27 +0300 Subject: gnu: supertuxkart: Fix build on aarch64. * gnu/packages/games.scm (supertuxkart)[source]: Add patch. * gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/games.scm | 1 + .../patches/supertuxkart-angelscript-ftbfs.patch | 42 ++++++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 96e4b2d254..8e3a52d28c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1012,6 +1012,7 @@ dist_patch_DATA = \ %D%/packages/patches/spice-CVE-2017-7506.patch \ %D%/packages/patches/steghide-fixes.patch \ %D%/packages/patches/superlu-dist-scotchmetis.patch \ + %D%/packages/patches/supertuxkart-angelscript-ftbfs.patch \ %D%/packages/patches/swish-e-search.patch \ %D%/packages/patches/swish-e-format-security.patch \ %D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch \ diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index 2bef92b93b..2dec9a3951 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -1386,6 +1386,7 @@ This game is based on the GPL version of the famous game TuxRacer.") (sha256 (base32 "10l2ljmd7mv8f9ylarqmxxryicdnph2qkm3g5maxnsm2k2q0n20b")) + (patches (search-patches "supertuxkart-angelscript-ftbfs.patch")) (modules '((guix build utils))) (snippet ;; Delete bundled library sources diff --git a/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch new file mode 100644 index 0000000000..db3c56861b --- /dev/null +++ b/gnu/packages/patches/supertuxkart-angelscript-ftbfs.patch @@ -0,0 +1,42 @@ +https://github.com/supertuxkart/stk-code/commit/5e05f1178ce6bc5f3a653b55ab3dc6d016196341.patch + +From 5e05f1178ce6bc5f3a653b55ab3dc6d016196341 Mon Sep 17 00:00:00 2001 +From: Deve +Date: Mon, 3 Oct 2016 23:26:09 +0200 +Subject: [PATCH] Fixed compiler error on Linux with non-x86 64bit platforms, + e.g. arm64, mips, and s390x architectures + +This modification is already applied in upstream angelscript repository: +https://sourceforge.net/p/angelscript/code/2353/ + +Thanks to Adrian Bunk and Andreas Jonsson +--- + lib/angelscript/projects/cmake/CMakeLists.txt | 1 + + lib/angelscript/source/as_config.h | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/angelscript/projects/cmake/CMakeLists.txt b/lib/angelscript/projects/cmake/CMakeLists.txt +index e93971315e..755d8378c3 100644 +--- a/lib/angelscript/projects/cmake/CMakeLists.txt ++++ b/lib/angelscript/projects/cmake/CMakeLists.txt +@@ -67,6 +67,7 @@ set(ANGELSCRIPT_SOURCE + ../../source/as_builder.cpp + ../../source/as_bytecode.cpp + ../../source/as_callfunc.cpp ++ ../../source/as_callfunc_mips.cpp + ../../source/as_callfunc_x86.cpp + ../../source/as_callfunc_x64_gcc.cpp + ../../source/as_callfunc_x64_msvc.cpp +diff --git a/lib/angelscript/source/as_config.h b/lib/angelscript/source/as_config.h +index cb05bffbd5..5bb5b8e800 100644 +--- a/lib/angelscript/source/as_config.h ++++ b/lib/angelscript/source/as_config.h +@@ -844,7 +844,7 @@ + #define THISCALL_PASS_OBJECT_POINTER_ON_THE_STACK + #define AS_X86 + #undef AS_NO_THISCALL_FUNCTOR_METHOD +- #elif defined(__LP64__) && !defined(__arm64__) ++ #elif defined(__x86_64__) + #define AS_X64_GCC + #undef AS_NO_THISCALL_FUNCTOR_METHOD + #define HAS_128_BIT_PRIMITIVES -- cgit 1.4.1 From 9b7ee28d5700b47ae34bd47c32d250f042fbdbbd Mon Sep 17 00:00:00 2001 From: Andy Patterson Date: Sat, 15 Jul 2017 18:17:25 -0400 Subject: gnu: Add Poly/ML. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/sml.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/sml.scm | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 gnu/packages/sml.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 8e3a52d28c..54dd2f2380 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -363,6 +363,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/skribilo.scm \ %D%/packages/slang.scm \ %D%/packages/smalltalk.scm \ + %D%/packages/sml.scm \ %D%/packages/speech.scm \ %D%/packages/spice.scm \ %D%/packages/ssh.scm \ diff --git a/gnu/packages/sml.scm b/gnu/packages/sml.scm new file mode 100644 index 0000000000..6e57c4a4a0 --- /dev/null +++ b/gnu/packages/sml.scm @@ -0,0 +1,72 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Andy Patterson +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages sml) + #:use-module (gnu packages lesstif) + #:use-module (gnu packages libffi) + #:use-module (gnu packages multiprecision) + #:use-module (gnu packages xorg) + #:use-module (guix build-system gnu) + #:use-module (guix download) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages)) + +(define-public polyml + (package + (name "polyml") + (version "5.7") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/polyml/polyml/archive/v" + version ".tar.gz")) + (sha256 + (base32 "0ycjl746h0m22w9nsdssjl47d56jih12gpkdg3yw65gakj70sd0r")) + (file-name (string-append name "-" version ".tar.gz")))) + (build-system gnu-build-system) + (inputs + `(("gmp" ,gmp) + ("lesstif",lesstif) + ("libffi" ,libffi) + ("libx11" ,libx11) + ("libxt" ,libxt))) + (arguments + '(#:configure-flags + (list "--with-system-libffi=yes" + "--with-x=yes" + "--with-threads=yes" + "--with-gmp=yes") + #:phases + (modify-phases %standard-phases + (add-after 'build 'build-compiler + (lambda* (#:key make-flags parallel-build? #:allow-other-keys) + (define flags + (if parallel-build? + (cons (format #f "-j~d" (parallel-job-count)) + make-flags) + make-flags)) + (apply system* "make" (append flags (list "compiler")))))))) + (home-page "http://www.polyml.org/") + (synopsis "Standard ML implementation") + (description "Poly/ML is a Standard ML implementation. It is fully +compatible with the ML97 standard. It includes a thread library, a foreign +function interface, and a symbolic debugger.") + ;; Some source files specify 'or any later version'; some don't + (license + (list license:lgpl2.1 + license:lgpl2.1+)))) -- cgit 1.4.1 From 144c8db9bd91bf5470be7a2c747885f9325f96bc Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 17 Jul 2017 20:14:15 -0400 Subject: gnu: chicken: Fix CVE-2017-11343. * gnu/packages/patches/chicken-CVE-2017-11343.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/scheme.scm (chicken)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/chicken-CVE-2017-11343.patch | 57 +++++++++++++++++++++++ gnu/packages/scheme.scm | 3 +- 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/chicken-CVE-2017-11343.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 54dd2f2380..e7395292f8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -536,6 +536,7 @@ dist_patch_DATA = \ %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \ %D%/packages/patches/ceph-skip-unittest_blockdev.patch \ %D%/packages/patches/chicken-CVE-2017-6949.patch \ + %D%/packages/patches/chicken-CVE-2017-11343.patch \ %D%/packages/patches/chmlib-inttypes.patch \ %D%/packages/patches/clang-libc-search-path.patch \ %D%/packages/patches/clang-3.8-libc-search-path.patch \ diff --git a/gnu/packages/patches/chicken-CVE-2017-11343.patch b/gnu/packages/patches/chicken-CVE-2017-11343.patch new file mode 100644 index 0000000000..1d46ad50d9 --- /dev/null +++ b/gnu/packages/patches/chicken-CVE-2017-11343.patch @@ -0,0 +1,57 @@ +Fix CVE-2017-11343: + +https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343 + +Patch copied from upstream mailing list: + +http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt + +From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001 +From: Peter Bex +Date: Fri, 30 Jun 2017 15:39:45 +0200 +Subject: [PATCH 2/2] Initialize symbol table after setting up randomization + +Otherwise, the symbol table wouldn't be correctly randomized. +--- + NEWS | 3 +++ + runtime.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +#diff --git a/NEWS b/NEWS +#index f4b0e041..6588b30e 100644 +#--- a/NEWS +#+++ b/NEWS +#@@ -96,6 +96,9 @@ +# buffer overrun and/or segfault (thanks to Lemonboy). +# - CVE-2017-9334: `length' no longer crashes on improper lists (fixes +# #1375, thanks to "megane"). +#+ - The randomization factor of the symbol table was set before +#+ the random seed was set, causing it to have a fixed value on many +#+ platforms. +# +# - Core Libraries +# - Unit "posix": If file-lock, file-lock/blocking or file-unlock are +diff --git a/runtime.c b/runtime.c +index 81c54dd2..a4580abc 100644 +--- a/runtime.c ++++ b/runtime.c +@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) + C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD; + C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD; + memset(signal_mapping_table, 0, sizeof(int) * NSIG); +- initialize_symbol_table(); + C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable"; + error_location = C_SCHEME_FALSE; + C_pre_gc_hook = NULL; +@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) + callback_continuation_level = 0; + gc_ms = 0; + (void)C_randomize(C_fix(time(NULL))); ++ initialize_symbol_table(); + + if (profiling) { + #ifndef C_NONUNIX +-- +2.11.0 + diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 92c0170205..161138285e 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -345,7 +345,8 @@ mashups, office (web agendas, mail clients, ...), etc.") (base32 "12b9gaa9lqh39lj1v4wm48f6z8ww3jdkvc5bh9gqqvn6kd2wwnk0")) (patches - (search-patches "chicken-CVE-2017-6949.patch")))) + (search-patches "chicken-CVE-2017-6949.patch" + "chicken-CVE-2017-11343.patch")))) (build-system gnu-build-system) (arguments `(#:modules ((guix build gnu-build-system) -- cgit 1.4.1 From 4c4485f30491a03040bd3081e1e3d3dc9e9b7716 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 17 Jul 2017 22:14:29 -0400 Subject: gnu: qemu: Fix CVE-2017-11334. * gnu/packages/patches/qemu-CVE-2017-11334.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/virtualization.scm (qemu)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/qemu-CVE-2017-11334.patch | 52 ++++++++++++++++++++++++++ gnu/packages/virtualization.scm | 3 +- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/qemu-CVE-2017-11334.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index e7395292f8..7d9b2f8d76 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -975,6 +975,7 @@ dist_patch_DATA = \ %D%/packages/patches/qemu-CVE-2017-8379.patch \ %D%/packages/patches/qemu-CVE-2017-8380.patch \ %D%/packages/patches/qemu-CVE-2017-9524.patch \ + %D%/packages/patches/qemu-CVE-2017-11334.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2017-11334.patch b/gnu/packages/patches/qemu-CVE-2017-11334.patch new file mode 100644 index 0000000000..cb68c803aa --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-11334.patch @@ -0,0 +1,52 @@ +Fix CVE-2017-11334: + +https://bugzilla.redhat.com/show_bug.cgi?id=1471638 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334 + +Patch copied from upstream source repository: + +http://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0 + +From 04bf2526ce87f21b32c9acba1c5518708c243ad0 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit +Date: Wed, 12 Jul 2017 18:08:40 +0530 +Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram + +When accessing guest's ram block during DMA operation, use +'qemu_ram_ptr_length' to get ram block pointer. It ensures +that DMA operation of given length is possible; And avoids +any OOB memory access situations. + +Reported-by: Alex +Signed-off-by: Prasad J Pandit +Message-Id: <20170712123840.29328-1-ppandit@redhat.com> +Signed-off-by: Paolo Bonzini +--- + exec.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/exec.c b/exec.c +index a083ff89ad..ad103ce483 100644 +--- a/exec.c ++++ b/exec.c +@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr, + } + } else { + /* RAM case */ +- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); ++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); + memcpy(ptr, buf, l); + invalidate_and_set_dirty(mr, addr1, l); + } +@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr, + } + } else { + /* RAM case */ +- ptr = qemu_map_ram_ptr(mr->ram_block, addr1); ++ ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l); + memcpy(buf, ptr, l); + } + +-- +2.13.3 + diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index fd5cea5eb2..d999d16e37 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -81,7 +81,8 @@ "qemu-CVE-2017-8309.patch" "qemu-CVE-2017-8379.patch" "qemu-CVE-2017-8380.patch" - "qemu-CVE-2017-9524.patch")) + "qemu-CVE-2017-9524.patch" + "qemu-CVE-2017-11334.patch")) (sha256 (base32 "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h")))) -- cgit 1.4.1 From 8b5bf30804785fc34e9517a2941b5b1c4f4e339b Mon Sep 17 00:00:00 2001 From: ng0 Date: Mon, 17 Jul 2017 22:21:35 +0200 Subject: gnu: Rename (gnu packages gforth) to (gnu packages forth). * gnu/local.mk (GNU_SYSTEM_MODULES): Rename gforth.scm to forth.scm. * gnu/packages/gforth.scm: Rename file to forth.scm. * gnu/packages/forth.scm: Renamed from gforth.scm. --- gnu/local.mk | 2 +- gnu/packages/forth.scm | 60 +++++++++++++++++++++++++++++++++++++++++++++++++ gnu/packages/gforth.scm | 60 ------------------------------------------------- 3 files changed, 61 insertions(+), 61 deletions(-) create mode 100644 gnu/packages/forth.scm delete mode 100644 gnu/packages/gforth.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 7d9b2f8d76..92ad112cf4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -150,6 +150,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/fonts.scm \ %D%/packages/fontutils.scm \ %D%/packages/fpga.scm \ + %D%/packages/forth.scm \ %D%/packages/freedesktop.scm \ %D%/packages/freeipmi.scm \ %D%/packages/ftp.scm \ @@ -164,7 +165,6 @@ GNU_SYSTEM_MODULES = \ %D%/packages/gdb.scm \ %D%/packages/geo.scm \ %D%/packages/gettext.scm \ - %D%/packages/gforth.scm \ %D%/packages/ghostscript.scm \ %D%/packages/gimp.scm \ %D%/packages/gkrellm.scm \ diff --git a/gnu/packages/forth.scm b/gnu/packages/forth.scm new file mode 100644 index 0000000000..6d66faf5d6 --- /dev/null +++ b/gnu/packages/forth.scm @@ -0,0 +1,60 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016 ng0 +;;; Copyright © 2016 Sou Bunnbu +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages forth) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system gnu) + #:use-module (gnu packages m4)) + +(define-public gforth + (package + (name "gforth") + (version "0.7.3") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/gforth/gforth-" + version ".tar.gz")) + (sha256 + (base32 + "1c1bahc9ypmca8rv2dijiqbangm1d9av286904yw48ph7ciz4qig")))) + (build-system gnu-build-system) + (arguments + '(#:parallel-build? #f ; XXX: parallel build fails + #:phases + (modify-phases %standard-phases + (add-after 'install 'install-gforth.el + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (emacs-sitedir (string-append + out "/share/emacs/site-lisp"))) + ;; TODO: compile and autoload it. + (install-file "gforth.el" emacs-sitedir) + #t)))))) + (native-inputs + `(("m4" ,m4))) + (synopsis "Forth interpreter") + (description + "Gforth is a fast and portable implementation of the ANSI Forth language. +It includes an editing mode for Emacs and an interpreter featuring completion +and history. A generic virtual machine environment, vmgen, is also +included.") + (home-page "https://www.gnu.org/software/gforth/") + (license license:gpl3+))) diff --git a/gnu/packages/gforth.scm b/gnu/packages/gforth.scm deleted file mode 100644 index b2a67ce58c..0000000000 --- a/gnu/packages/gforth.scm +++ /dev/null @@ -1,60 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2016 ng0 -;;; Copyright © 2016 Sou Bunnbu -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (gnu packages gforth) - #:use-module ((guix licenses) #:prefix license:) - #:use-module (guix packages) - #:use-module (guix download) - #:use-module (guix build-system gnu) - #:use-module (gnu packages m4)) - -(define-public gforth - (package - (name "gforth") - (version "0.7.3") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/gforth/gforth-" - version ".tar.gz")) - (sha256 - (base32 - "1c1bahc9ypmca8rv2dijiqbangm1d9av286904yw48ph7ciz4qig")))) - (build-system gnu-build-system) - (arguments - '(#:parallel-build? #f ; XXX: parallel build fails - #:phases - (modify-phases %standard-phases - (add-after 'install 'install-gforth.el - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (emacs-sitedir (string-append - out "/share/emacs/site-lisp"))) - ;; TODO: compile and autoload it. - (install-file "gforth.el" emacs-sitedir) - #t)))))) - (native-inputs - `(("m4" ,m4))) - (synopsis "Forth interpreter") - (description - "Gforth is a fast and portable implementation of the ANSI Forth language. -It includes an editing mode for Emacs and an interpreter featuring completion -and history. A generic virtual machine environment, vmgen, is also -included.") - (home-page "https://www.gnu.org/software/gforth/") - (license license:gpl3+))) -- cgit 1.4.1 From 2acfe022a740f79b593348cc6362cc4ee8f33bb4 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 18 Jul 2017 14:08:31 +0200 Subject: gnu: guile-static-stripped: Update to 2.2. * gnu/packages/make-bootstrap.scm (%guile-static): Replace GUILE-2.0 with GUILE-2.2. Use "guile-2.2-default-utf8.patch" instead of "guile-default-utf8.patch". * gnu/packages/patches/guile-2.2-default-utf8.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/make-bootstrap.scm | 30 ++++----- gnu/packages/patches/guile-2.2-default-utf8.patch | 78 +++++++++++++++++++++++ 3 files changed, 94 insertions(+), 15 deletions(-) create mode 100644 gnu/packages/patches/guile-2.2-default-utf8.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9e1e14fdf9..8b3caac629 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -657,6 +657,7 @@ dist_patch_DATA = \ %D%/packages/patches/gsl-test-i686.patch \ %D%/packages/patches/gspell-dash-test.patch \ %D%/packages/patches/guile-1.8-cpp-4.5.patch \ + %D%/packages/patches/guile-2.2-default-utf8.patch \ %D%/packages/patches/guile-default-utf8.patch \ %D%/packages/patches/guile-linux-syscalls.patch \ %D%/packages/patches/guile-present-coding.patch \ diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm index 844b110eb1..492ccb8114 100644 --- a/gnu/packages/make-bootstrap.scm +++ b/gnu/packages/make-bootstrap.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès +;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès ;;; Copyright © 2017 Efraim Flashner ;;; ;;; This file is part of GNU Guix. @@ -502,23 +502,23 @@ for `sh' in $PATH, and without nscd, and with static NSS modules." ;; .scm and .go files relative to its installation directory, rather ;; than in hard-coded configure-time paths. (let* ((patches (cons* (search-patch "guile-relocatable.patch") - (search-patch "guile-default-utf8.patch") + (search-patch "guile-2.2-default-utf8.patch") (search-patch "guile-linux-syscalls.patch") - (origin-patches (package-source guile-2.0)))) - (source (origin (inherit (package-source guile-2.0)) + (origin-patches (package-source guile-2.2)))) + (source (origin (inherit (package-source guile-2.2)) (patches patches))) - (guile (package (inherit guile-2.0) - (name (string-append (package-name guile-2.0) "-static")) + (guile (package (inherit guile-2.2) + (name (string-append (package-name guile-2.2) "-static")) (source source) (synopsis "Statically-linked and relocatable Guile") ;; Remove the 'debug' output (see above for the reason.) - (outputs (delete "debug" (package-outputs guile-2.0))) + (outputs (delete "debug" (package-outputs guile-2.2))) (propagated-inputs `(("bdw-gc" ,libgc) ,@(alist-delete "bdw-gc" - (package-propagated-inputs guile-2.0)))) + (package-propagated-inputs guile-2.2)))) (arguments `(;; When `configure' checks for ltdl availability, it ;; doesn't try to link using libtool, and thus fails @@ -534,7 +534,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules." (("^guile_LDFLAGS =") "guile_LDFLAGS = -all-static") - ;; Add `-ldl' *after* libguile-2.0.la. + ;; Add `-ldl' *after* libguile-2.2.la. (("^guile_LDADD =(.*)$" _ ldadd) (string-append "guile_LDADD = " (string-trim-right ldadd) @@ -561,13 +561,13 @@ for `sh' in $PATH, and without nscd, and with static NSS modules." (out (assoc-ref %outputs "out")) (guile1 (string-append in "/bin/guile")) (guile2 (string-append out "/bin/guile"))) - (mkdir-p (string-append out "/share/guile/2.0")) - (copy-recursively (string-append in "/share/guile/2.0") - (string-append out "/share/guile/2.0")) + (mkdir-p (string-append out "/share/guile/2.2")) + (copy-recursively (string-append in "/share/guile/2.2") + (string-append out "/share/guile/2.2")) - (mkdir-p (string-append out "/lib/guile/2.0/ccache")) - (copy-recursively (string-append in "/lib/guile/2.0/ccache") - (string-append out "/lib/guile/2.0/ccache")) + (mkdir-p (string-append out "/lib/guile/2.2/ccache")) + (copy-recursively (string-append in "/lib/guile/2.2/ccache") + (string-append out "/lib/guile/2.2/ccache")) (mkdir (string-append out "/bin")) (copy-file guile1 guile2) diff --git a/gnu/packages/patches/guile-2.2-default-utf8.patch b/gnu/packages/patches/guile-2.2-default-utf8.patch new file mode 100644 index 0000000000..3233388874 --- /dev/null +++ b/gnu/packages/patches/guile-2.2-default-utf8.patch @@ -0,0 +1,78 @@ +This hack makes Guile default to UTF-8. This avoids calls to +`iconv_open'; `iconv_open' tries to open shared objects that aren't +available during bootstrap, so using UTF-8 avoids that (and UTF-8 has +built-in conversions in glibc, too.) + +diff --git a/libguile/bytevectors.c b/libguile/bytevectors.c +index 7cd753009..de92653a4 100644 +--- a/libguile/bytevectors.c ++++ b/libguile/bytevectors.c +@@ -1918,7 +1918,7 @@ utf_encoding_name (char *name, size_t utf_width, SCM endianness) + if (scm_i_is_narrow_string (str)) \ + { \ + err = mem_iconveh (scm_i_string_chars (str), c_strlen, \ +- "ISO-8859-1", c_utf_name, \ ++ "UTF-8", c_utf_name, \ + iconveh_question_mark, NULL, \ + &c_utf, &c_utf_len); \ + if (SCM_UNLIKELY (err)) \ +diff --git a/libguile/ports.c b/libguile/ports.c +index 2a25cd58e..bdaf921ca 100644 +--- a/libguile/ports.c ++++ b/libguile/ports.c +@@ -959,7 +959,9 @@ canonicalize_encoding (const char *enc) + char *ret; + int i; + +- if (!enc || encoding_matches (enc, sym_ISO_8859_1)) ++ if (enc == NULL) ++ return sym_UTF_8; ++ if (encoding_matches (enc, sym_ISO_8859_1)) + return sym_ISO_8859_1; + if (encoding_matches (enc, sym_UTF_8)) + return sym_UTF_8; +@@ -4182,7 +4184,7 @@ scm_init_ports (void) + scm_c_define ("%default-port-conversion-strategy", + scm_make_fluid_with_default (sym_substitute)); + /* Use the locale as the default port encoding. */ +- scm_i_set_default_port_encoding (locale_charset ()); ++ scm_i_set_default_port_encoding ("UTF-8"); + + scm_c_register_extension ("libguile-" SCM_EFFECTIVE_VERSION, + "scm_init_ice_9_ports", +diff --git a/libguile/strings.c b/libguile/strings.c +index 5c49e33d8..0131e6dc8 100644 +--- a/libguile/strings.c ++++ b/libguile/strings.c +@@ -1561,7 +1561,7 @@ scm_i_default_string_failed_conversion_handler (void) + SCM + scm_from_locale_stringn (const char *str, size_t len) + { +- return scm_from_stringn (str, len, locale_charset (), ++ return scm_from_stringn (str, len, "UTF-8", + scm_i_default_string_failed_conversion_handler ()); + } + +@@ -1885,7 +1885,7 @@ char * + scm_to_locale_stringn (SCM str, size_t *lenp) + { + return scm_to_stringn (str, lenp, +- locale_charset (), ++ "UTF-8", + scm_i_default_string_failed_conversion_handler ()); + } + +@@ -2216,11 +2216,11 @@ scm_to_stringn (SCM str, size_t *lenp, const char *encoding, + len = 0; + enc = encoding; + if (enc == NULL) +- enc = "ISO-8859-1"; ++ enc = "UTF-8"; + if (scm_i_is_narrow_string (str)) + { + ret = mem_iconveh (scm_i_string_chars (str), ilen, +- "ISO-8859-1", enc, ++ "UTF-8", enc, + (enum iconv_ilseq_handler) handler, NULL, + &buf, &len); + -- cgit 1.4.1 From ca8fb248de152a2f895d43cd1023b5a940215caa Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Mon, 17 Jul 2017 18:53:08 +1000 Subject: gnu: Add patches missing from dist_patch_DATA. Reported by Eric Bavier. * gnu/local.mk (dist_patch_DATA): Add gnu/packages/patches/hmmer-remove-cpu-specificity.patch, gnu/packages/patches/jacal-fix-texinfo.patch, gnu/packages/patches/python-pbr-fix-man-page-support.patch and gnu/packages/patches/vsearch-unbundle-cityhash.patch. --- gnu/local.mk | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 92ad112cf4..3e085b1184 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -691,6 +691,7 @@ dist_patch_DATA = \ %D%/packages/patches/hdf-eos5-remove-gctp.patch \ %D%/packages/patches/hdf-eos5-fix-szip.patch \ %D%/packages/patches/hdf-eos5-fortrantests.patch \ + %D%/packages/patches/hmmer-remove-cpu-specificity.patch \ %D%/packages/patches/higan-remove-march-native-flag.patch \ %D%/packages/patches/hubbub-sort-entities.patch \ %D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch \ @@ -701,6 +702,7 @@ dist_patch_DATA = \ %D%/packages/patches/id3lib-CVE-2007-4460.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ %D%/packages/patches/isl-0.11.1-aarch64-support.patch \ + %D%/packages/patches/jacal-fix-texinfo.patch \ %D%/packages/patches/jbig2dec-ignore-testtest.patch \ %D%/packages/patches/jbig2dec-CVE-2016-9601.patch \ %D%/packages/patches/jbig2dec-CVE-2017-7885.patch \ @@ -962,6 +964,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-pandas-skip-failing-tests.patch \ %D%/packages/patches/python-paste-remove-website-test.patch \ %D%/packages/patches/python-paste-remove-timing-test.patch \ + %D%/packages/patches/python-pbr-fix-man-page-support.patch \ %D%/packages/patches/python-pillow-freetype-2.7-test-failure.patch \ %D%/packages/patches/python-pygit2-disable-network-tests.patch \ %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch \ @@ -1066,6 +1069,7 @@ dist_patch_DATA = \ %D%/packages/patches/vorbis-tools-CVE-2014-9640.patch \ %D%/packages/patches/vorbis-tools-CVE-2015-6749.patch \ %D%/packages/patches/vpnc-script.patch \ + %D%/packages/patches/vsearch-unbundle-cityhash.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt1.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt2.patch \ %D%/packages/patches/weechat-python.patch \ -- cgit 1.4.1 From 05c88516955814ac61dc7578017e1976c43a1cd3 Mon Sep 17 00:00:00 2001 From: Jonathan Brielmaier Date: Fri, 14 Jul 2017 00:28:14 +0200 Subject: gnu: Add libusb@0.1. * gnu/packages/libusb.scm (libusb-0.1): New variable. * gnu/packages/patches/libusb-0.1-disable-tests.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Marius Bakke --- gnu/local.mk | 1 + gnu/packages/libusb.scm | 16 ++++++++++++++++ gnu/packages/patches/libusb-0.1-disable-tests.patch | 15 +++++++++++++++ 3 files changed, 32 insertions(+) create mode 100644 gnu/packages/patches/libusb-0.1-disable-tests.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3e085b1184..ee932006b7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -793,6 +793,7 @@ dist_patch_DATA = \ %D%/packages/patches/libtorrent-rasterbar-boost-compat.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libunwind-CVE-2015-3239.patch \ + %D%/packages/patches/libusb-0.1-disable-tests.patch \ %D%/packages/patches/libvpx-CVE-2016-2818.patch \ %D%/packages/patches/libxcb-python-3.5-compat.patch \ %D%/packages/patches/libxml2-CVE-2016-4658.patch \ diff --git a/gnu/packages/libusb.scm b/gnu/packages/libusb.scm index ffbe5b1a88..ed97ed9de7 100644 --- a/gnu/packages/libusb.scm +++ b/gnu/packages/libusb.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Theodoros Foradis +;;; Copyright © 2017 Jonathan Brielmaier ;;; ;;; This file is part of GNU Guix. ;;; @@ -95,6 +96,21 @@ devices on various operating systems.") version of libusb to run with newer libusb.") (license lgpl2.1+))) +;; required by 0xffff, which compiles with libusb-compat, but executes only +;; with libusb-0.1 +(define-public libusb-0.1 + (package (inherit libusb) + (version "0.1.12") + (source + (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/libusb/libusb-0.1 (LEGACY)/" + version "/libusb-" version ".tar.gz")) + (sha256 + (base32 + "0i4bacxkyr7xyqxbmb00ypkrv4swkgm0mghbzjsnw6blvvczgxip")) + (patches (search-patches "libusb-0.1-disable-tests.patch")))))) + (define-public libusb4java ;; There is no public release so we take the latest version from git. (let ((commit "396d642a57678a0d9663b062c980fe100cc0ea1e") diff --git a/gnu/packages/patches/libusb-0.1-disable-tests.patch b/gnu/packages/patches/libusb-0.1-disable-tests.patch new file mode 100644 index 0000000000..37dd8bd111 --- /dev/null +++ b/gnu/packages/patches/libusb-0.1-disable-tests.patch @@ -0,0 +1,15 @@ +Disable tests who fail because they have to run as root. + +--- libusb-0.1.12/tests/Makefile.in 2006-03-04 03:54:06.000000000 +0100 ++++ libusb-0.1.12/tests/Makefile.in 2017-07-13 16:17:45.201728019 +0200 +@@ -255,8 +255,8 @@ + hub_strings_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@ + driver_name_SOURCES = driver_name.cpp + driver_name_LDADD = $(top_builddir)/libusbpp.la @OSLIBS@ +-TESTS = testlibusb descriptor_test id_test find_hubs find_mice \ +- get_resolution hub_strings $(OS_SPECIFIC) ++TESTS = testlibusb descriptor_test id_test find_hubs find_mice ++ #get_resolution hub_strings $(OS_SPECIFIC) + + XFAIL_TESTS = get_resolution hub_strings $(OS_SPECIFIC_XFAIL) + all: all-am -- cgit 1.4.1 From 8582e03ae59ff51d2aacc24da611f769484dd4cb Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 20 Jul 2017 08:59:35 -0400 Subject: gnu: Remove a left-over patch. This is a followup to commit 426b0b898f70a58133d80779980f163a5761686e. * gnu/packages/patches/pcre-CVE-2017-7186.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/pcre-CVE-2017-7186.patch | 56 --------------------------- 2 files changed, 57 deletions(-) delete mode 100644 gnu/packages/patches/pcre-CVE-2017-7186.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index ee932006b7..bf9143ae23 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -893,7 +893,6 @@ dist_patch_DATA = \ %D%/packages/patches/patchelf-rework-for-arm.patch \ %D%/packages/patches/patchutils-xfail-gendiff-tests.patch \ %D%/packages/patches/patch-hurd-path-max.patch \ - %D%/packages/patches/pcre-CVE-2017-7186.patch \ %D%/packages/patches/pcre2-CVE-2017-7186.patch \ %D%/packages/patches/pcre2-CVE-2017-8786.patch \ %D%/packages/patches/perl-file-path-CVE-2017-6512.patch \ diff --git a/gnu/packages/patches/pcre-CVE-2017-7186.patch b/gnu/packages/patches/pcre-CVE-2017-7186.patch deleted file mode 100644 index d23aa10374..0000000000 --- a/gnu/packages/patches/pcre-CVE-2017-7186.patch +++ /dev/null @@ -1,56 +0,0 @@ -Patch for -from . - ---- trunk/pcre_internal.h 2016/05/21 13:34:44 1649 -+++ trunk/pcre_internal.h 2017/02/24 17:30:30 1688 -@@ -2772,6 +2772,9 @@ - extern const pcre_uint16 PRIV(ucd_stage2)[]; - extern const pcre_uint32 PRIV(ucp_gentype)[]; - extern const pcre_uint32 PRIV(ucp_gbtable)[]; -+#ifdef COMPILE_PCRE32 -+extern const ucd_record PRIV(dummy_ucd_record)[]; -+#endif - #ifdef SUPPORT_JIT - extern const int PRIV(ucp_typerange)[]; - #endif -@@ -2780,9 +2783,15 @@ - /* UCD access macros */ - - #define UCD_BLOCK_SIZE 128 --#define GET_UCD(ch) (PRIV(ucd_records) + \ -+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \ - PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \ - UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE]) -+ -+#ifdef COMPILE_PCRE32 -+#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch)) -+#else -+#define GET_UCD(ch) REAL_GET_UCD(ch) -+#endif - - #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype - #define UCD_SCRIPT(ch) GET_UCD(ch)->script - ---- trunk/pcre_ucd.c 2014/06/19 07:51:39 1490 -+++ trunk/pcre_ucd.c 2017/02/24 17:30:30 1688 -@@ -38,6 +38,20 @@ - const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0}; - #else - -+/* If the 32-bit library is run in non-32-bit mode, character values -+greater than 0x10ffff may be encountered. For these we set up a -+special record. */ -+ -+#ifdef COMPILE_PCRE32 -+const ucd_record PRIV(dummy_ucd_record)[] = {{ -+ ucp_Common, /* script */ -+ ucp_Cn, /* type unassigned */ -+ ucp_gbOther, /* grapheme break property */ -+ 0, /* case set */ -+ 0, /* other case */ -+ }}; -+#endif -+ - /* When recompiling tables with a new Unicode version, please check the - types in this structure definition from pcre_internal.h (the actual - field names will be different): -- cgit 1.4.1 From 81c35029d4ee4fa7cd517998844229a514b35531 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Thu, 20 Jul 2017 15:30:12 -0400 Subject: gnu: heimdal: Fix CVE-2017-{6594,11103}. * gnu/packages/patches/heimdal-CVE-2017-6594.patch, gnu/packages/patches/heimdal-CVE-2017-11103.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/kerberos.scm (heimdal)[source]: Use them. --- gnu/local.mk | 2 + gnu/packages/kerberos.scm | 2 + gnu/packages/patches/heimdal-CVE-2017-11103.patch | 45 ++++++++++++ gnu/packages/patches/heimdal-CVE-2017-6594.patch | 85 +++++++++++++++++++++++ 4 files changed, 134 insertions(+) create mode 100644 gnu/packages/patches/heimdal-CVE-2017-11103.patch create mode 100644 gnu/packages/patches/heimdal-CVE-2017-6594.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index bf9143ae23..6d9e570622 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -691,6 +691,8 @@ dist_patch_DATA = \ %D%/packages/patches/hdf-eos5-remove-gctp.patch \ %D%/packages/patches/hdf-eos5-fix-szip.patch \ %D%/packages/patches/hdf-eos5-fortrantests.patch \ + %D%/packages/patches/heimdal-CVE-2017-6594.patch \ + %D%/packages/patches/heimdal-CVE-2017-11103.patch \ %D%/packages/patches/hmmer-remove-cpu-specificity.patch \ %D%/packages/patches/higan-remove-march-native-flag.patch \ %D%/packages/patches/hubbub-sort-entities.patch \ diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index 58f6197700..59fd944c69 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -144,6 +144,8 @@ secure manner through client-server mutual authentication via tickets.") (sha256 (base32 "19gypf9vzfrs2bw231qljfl4cqc1riyg0ai0xmm1nd1wngnpphma")) + (patches (search-patches "heimdal-CVE-2017-6594.patch" + "heimdal-CVE-2017-11103.patch")) (modules '((guix build utils))) (snippet '(substitute* "configure" diff --git a/gnu/packages/patches/heimdal-CVE-2017-11103.patch b/gnu/packages/patches/heimdal-CVE-2017-11103.patch new file mode 100644 index 0000000000..d76f0df369 --- /dev/null +++ b/gnu/packages/patches/heimdal-CVE-2017-11103.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-11103: + +https://orpheus-lyre.info/ +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103 +https://security-tracker.debian.org/tracker/CVE-2017-11103 + +Patch lifted from upstream source repository: + +https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea + +From 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman +Date: Wed, 12 Apr 2017 15:40:42 -0400 +Subject: [PATCH] CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation + +In _krb5_extract_ticket() the KDC-REP service name must be obtained from +encrypted version stored in 'enc_part' instead of the unencrypted version +stored in 'ticket'. Use of the unecrypted version provides an +opportunity for successful server impersonation and other attacks. + +Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. + +Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c +--- + lib/krb5/ticket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c +index d95d96d1b..b8d81c6ad 100644 +--- a/lib/krb5/ticket.c ++++ b/lib/krb5/ticket.c +@@ -705,8 +705,8 @@ _krb5_extract_ticket(krb5_context context, + /* check server referral and save principal */ + ret = _krb5_principalname2krb5_principal (context, + &tmp_principal, +- rep->kdc_rep.ticket.sname, +- rep->kdc_rep.ticket.realm); ++ rep->enc_part.sname, ++ rep->enc_part.srealm); + if (ret) + goto out; + if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ +-- +2.13.3 + diff --git a/gnu/packages/patches/heimdal-CVE-2017-6594.patch b/gnu/packages/patches/heimdal-CVE-2017-6594.patch new file mode 100644 index 0000000000..714af60304 --- /dev/null +++ b/gnu/packages/patches/heimdal-CVE-2017-6594.patch @@ -0,0 +1,85 @@ +Fix CVE-2017-6594: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6594 +https://security-tracker.debian.org/tracker/CVE-2017-6594 + +Patch lifted from upstream source repository: + +https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837 + +To apply the patch to Heimdal 1.5.3 release tarball, the changes to 'NEWS' and +files in 'tests/' are removed, and hunk #4 of 'kdc/krb5tgs.c' is modified. + +From b1e699103f08d6a0ca46a122193c9da65f6cf837 Mon Sep 17 00:00:00 2001 +From: Viktor Dukhovni +Date: Wed, 10 Aug 2016 23:31:14 +0000 +Subject: [PATCH] Fix transit path validation CVE-2017-6594 + +Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm +to not be added to the transit path of issued tickets. This may, in +some cases, enable bypass of capath policy in Heimdal versions 1.5 +through 7.2. + +Note, this may break sites that rely on the bug. With the bug some +incomplete [capaths] worked, that should not have. These may now break +authentication in some cross-realm configurations. +--- + NEWS | 14 ++++++++++++++ + kdc/krb5tgs.c | 12 ++++++++++-- + tests/kdc/check-kdc.in | 17 +++++++++++++++++ + tests/kdc/krb5.conf.in | 4 ++++ + 4 files changed, 45 insertions(+), 2 deletions(-) + +diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c +index 6048b9c55..98503812f 100644 +--- a/kdc/krb5tgs.c ++++ b/kdc/krb5tgs.c +@@ -655,8 +655,12 @@ fix_transited_encoding(krb5_context context, + "Decoding transited encoding"); + return ret; + } ++ ++ /* ++ * If the realm of the presented tgt is neither the client nor the server ++ * realm, it is a transit realm and must be added to transited set. ++ */ + if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) { +- /* not us, so add the previous realm to transited set */ + if (num_realms + 1 > UINT_MAX/sizeof(*realms)) { + ret = ERANGE; + goto free_realms; +@@ -737,6 +741,7 @@ tgs_make_reply(krb5_context context, + const char *server_name, + hdb_entry_ex *client, + krb5_principal client_principal, ++ const char *tgt_realm, + hdb_entry_ex *krbtgt, + krb5_enctype krbtgt_etype, + krb5_principals spp, +@@ -798,7 +803,7 @@ tgs_make_reply(krb5_context context, + &tgt->transited, &et, + krb5_principal_get_realm(context, client_principal), + krb5_principal_get_realm(context, server->entry.principal), +- krb5_principal_get_realm(context, krbtgt->entry.principal)); ++ tgt_realm); + if(ret) + goto out; + +@@ -1519,4 +1524,6 @@ tgs_build_reply(krb5_context context, + krb5_keyblock sessionkey; + krb5_kvno kvno; + krb5_data rspac; ++ const char *tgt_realm = /* Realm of TGT issuer */ ++ krb5_principal_get_realm(context, krbtgt->entry.principal); + +@@ -2324,6 +2331,7 @@ server_lookup: + spn, + client, + cp, ++ tgt_realm, + krbtgt_out, + tkey_sign->key.keytype, + spp, +-- +2.13.3 + -- cgit 1.4.1 From 2580c2f07f2882552ecfee5206dccf9ada15c7e1 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 22 Jul 2017 14:19:43 +0200 Subject: gnu: python-pyopenssl: Update to 17.2.0. * gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/python.scm (python-pyopenssl, python2-pyopenssl): Update to 17.2.0. [native-inputs]: Add PYTHON-FLAKY. [source](patches): Remove. --- gnu/local.mk | 1 - .../python-pyopenssl-17.1.0-test-overflow.patch | 36 ---------------------- gnu/packages/python.scm | 9 +++--- 3 files changed, 4 insertions(+), 42 deletions(-) delete mode 100644 gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 6d9e570622..bc2d79c1a8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -972,7 +972,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ - %D%/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ %D%/packages/patches/qemu-CVE-2017-7493.patch \ %D%/packages/patches/qemu-CVE-2017-8112.patch \ diff --git a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch b/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch deleted file mode 100644 index 06b2f4fe03..0000000000 --- a/gnu/packages/patches/python-pyopenssl-17.1.0-test-overflow.patch +++ /dev/null @@ -1,36 +0,0 @@ -Resolves a test failure on 32-bit platforms. - -https://github.com/pyca/pyopenssl/issues/657 - -Patch copied from upstream source repository: - -https://github.com/pyca/pyopenssl/commit/ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95 - -From ecc0325479c0d5c5f2ca88b4550e87cdb59d6c95 Mon Sep 17 00:00:00 2001 -From: Alex Gaynor -Date: Thu, 6 Jul 2017 22:14:44 -0400 -Subject: [PATCH] Fixed #657 -- handle OverflowErrors on large allocation - requests - ---- - tests/test_rand.py | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tests/test_rand.py b/tests/test_rand.py -index bdd3af08..6adf72a1 100644 ---- a/tests/test_rand.py -+++ b/tests/test_rand.py -@@ -32,10 +32,10 @@ def test_bytes_wrong_args(self, args): - - def test_insufficient_memory(self): - """ -- `OpenSSL.rand.bytes` raises `MemoryError` if more bytes are requested -- than will fit in memory. -+ `OpenSSL.rand.bytes` raises `MemoryError` or `OverflowError` if more -+ bytes are requested than will fit in memory. - """ -- with pytest.raises(MemoryError): -+ with pytest.raises((MemoryError, OverflowError)): - rand.bytes(sys.maxsize) - - def test_bytes(self): diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 619dc07ee0..ce2864e1c6 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -7709,16 +7709,14 @@ message digests and key derivation functions.") (define-public python-pyopenssl (package (name "python-pyopenssl") - (version "17.1.0") + (version "17.2.0") (source (origin (method url-fetch) (uri (pypi-uri "pyOpenSSL" version)) - (patches - (search-patches "python-pyopenssl-17.1.0-test-overflow.patch")) (sha256 (base32 - "0qwmqhfsq84ydir9dz273ypmlcvs7v71m1jns0sd4k0h6lfsa82s")))) + "0d283g4zi0hr9papd24mjl70mi15gyzq6fx618rizi87dgipqqax")))) (build-system python-build-system) (arguments '(#:phases @@ -7742,7 +7740,8 @@ message digests and key derivation functions.") (inputs `(("openssl" ,openssl))) (native-inputs - `(("python-pretend" ,python-pretend) + `(("python-flaky" ,python-flaky) + ("python-pretend" ,python-pretend) ("python-pytest" ,python-pytest-3.0))) (home-page "https://github.com/pyca/pyopenssl") (synopsis "Python wrapper module around the OpenSSL library") -- cgit 1.4.1 From aa51da7eef28706317ffd7c717f0c881b1e45748 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 22 Jul 2017 15:07:45 +0200 Subject: gnu: Remove python-fake-factory leftovers. This is a followup to c799eb2eb8b1a820147af96988eddaa9f752994b. * gnu/packages/patches/python-fake-factory-fix-build-32bit.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../python-fake-factory-fix-build-32bit.patch | 36 ---------------------- 2 files changed, 37 deletions(-) delete mode 100644 gnu/packages/patches/python-fake-factory-fix-build-32bit.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index bc2d79c1a8..dd111e0299 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -961,7 +961,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-statsmodels-fix-tests.patch \ %D%/packages/patches/python-configobj-setuptools.patch \ %D%/packages/patches/python-cython-fix-tests-32bit.patch \ - %D%/packages/patches/python-fake-factory-fix-build-32bit.patch \ %D%/packages/patches/python-faker-fix-build-32bit.patch \ %D%/packages/patches/python-pandas-skip-failing-tests.patch \ %D%/packages/patches/python-paste-remove-website-test.patch \ diff --git a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch b/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch deleted file mode 100644 index cb60896fad..0000000000 --- a/gnu/packages/patches/python-fake-factory-fix-build-32bit.patch +++ /dev/null @@ -1,36 +0,0 @@ -These tests fail on 32-bit due to an overflow. - -Upstream bug URL: https://github.com/joke2k/faker/issues/408 - -diff --git a/faker/tests/__init__.py b/faker/tests/__init__.py -index 6026772..58b6b83 100644 ---- a/faker/tests/__init__.py -+++ b/faker/tests/__init__.py -@@ -384,7 +384,6 @@ class FactoryTestCase(unittest.TestCase): - provider = Provider - # test century - self.assertTrue(self._datetime_to_time(provider.date_time_this_century(after_now=False)) <= self._datetime_to_time(datetime.datetime.now())) -- self.assertTrue(self._datetime_to_time(provider.date_time_this_century(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now())) - # test decade - self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(after_now=False)) <= self._datetime_to_time(datetime.datetime.now())) - self.assertTrue(self._datetime_to_time(provider.date_time_this_decade(before_now=False, after_now=True)) >= self._datetime_to_time(datetime.datetime.now())) -@@ -413,8 +412,6 @@ class FactoryTestCase(unittest.TestCase): - - # ensure all methods provide timezone aware datetimes - with self.assertRaises(TypeError): -- provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now() -- with self.assertRaises(TypeError): - provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now() - with self.assertRaises(TypeError): - provider.date_time_this_year(after_now=False, tzinfo=utc) <= datetime.datetime.now() -@@ -423,7 +420,6 @@ class FactoryTestCase(unittest.TestCase): - - # test century - self.assertTrue(provider.date_time_this_century(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc)) -- self.assertTrue(provider.date_time_this_century(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc)) - # test decade - self.assertTrue(provider.date_time_this_decade(after_now=False, tzinfo=utc) <= datetime.datetime.now(utc)) - self.assertTrue(provider.date_time_this_decade(before_now=False, after_now=True, tzinfo=utc) >= datetime.datetime.now(utc)) --- -2.11.1 - -- cgit 1.4.1 From 056468dc5fe8edcce513b2f962156d8b56fc0b04 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Sat, 22 Jul 2017 23:45:53 +0200 Subject: gnu: Add cran module. * gnu/packages/cran.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * gnu/packages/statistics.scm (r-colorspace): Move to cran.scm. --- gnu/local.mk | 1 + gnu/packages/cran.scm | 44 ++++++++++++++++++++++++++++++++++++++++++++ gnu/packages/statistics.scm | 21 +-------------------- 3 files changed, 46 insertions(+), 20 deletions(-) create mode 100644 gnu/packages/cran.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index dd111e0299..d471c3b028 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -99,6 +99,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/cpio.scm \ %D%/packages/cpp.scm \ %D%/packages/cppi.scm \ + %D%/packages/cran.scm \ %D%/packages/cross-base.scm \ %D%/packages/crypto.scm \ %D%/packages/cryptsetup.scm \ diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm new file mode 100644 index 0000000000..9ebfbbed2d --- /dev/null +++ b/gnu/packages/cran.scm @@ -0,0 +1,44 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages cran) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix utils) + #:use-module (guix build-system r)) + +(define-public r-colorspace + (package + (name "r-colorspace") + (version "1.3-2") + (source + (origin + (method url-fetch) + (uri (cran-uri "colorspace" version)) + (sha256 + (base32 "0d1ya7hx4y58n5ivwmdmq2zgh0g2sbv7ykh13n85c1355csd57yx")))) + (build-system r-build-system) + (home-page "http://cran.r-project.org/web/packages/colorspace") + (synopsis "Color space manipulation") + (description + "This package carries out a mapping between assorted color spaces +including RGB, HSV, HLS, CIEXYZ, CIELUV, HCL (polar CIELUV), CIELAB and polar +CIELAB. Qualitative, sequential, and diverging color palettes based on HCL +colors are provided.") + (license license:bsd-3))) diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm index 41c0668151..604bdf9c5f 100644 --- a/gnu/packages/statistics.scm +++ b/gnu/packages/statistics.scm @@ -34,6 +34,7 @@ #:use-module (guix build-system trivial) #:use-module (gnu packages) #:use-module (gnu packages compression) + #:use-module (gnu packages cran) #:use-module (gnu packages curl) #:use-module (gnu packages gcc) #:use-module (gnu packages gtk) @@ -644,26 +645,6 @@ interactive data exploration and manipulation and optionally leverage caching.") (license license:gpl2))) -(define-public r-colorspace - (package - (name "r-colorspace") - (version "1.3-2") - (source - (origin - (method url-fetch) - (uri (cran-uri "colorspace" version)) - (sha256 - (base32 "0d1ya7hx4y58n5ivwmdmq2zgh0g2sbv7ykh13n85c1355csd57yx")))) - (build-system r-build-system) - (home-page "http://cran.r-project.org/web/packages/colorspace") - (synopsis "Color space manipulation") - (description - "This package carries out a mapping between assorted color spaces -including RGB, HSV, HLS, CIEXYZ, CIELUV, HCL (polar CIELUV), CIELAB and polar -CIELAB. Qualitative, sequential, and diverging color palettes based on HCL -colors are provided.") - (license license:bsd-3))) - (define-public r-dichromat (package (name "r-dichromat") -- cgit 1.4.1 From a68a83f0156d17dfdfb95557e5cf36a1a024dfc7 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Tue, 18 Jul 2017 16:39:12 +0200 Subject: gnu: Add openmolar. * gnu/packages/medical.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Co-authored-by: Quiliro --- gnu/local.mk | 1 + gnu/packages/medical.scm | 60 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 gnu/packages/medical.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index d471c3b028..12cd8865a1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -266,6 +266,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/maths.scm \ %D%/packages/mc.scm \ %D%/packages/mcrypt.scm \ + %D%/packages/medical.scm \ %D%/packages/mes.scm \ %D%/packages/messaging.scm \ %D%/packages/mingw.scm \ diff --git a/gnu/packages/medical.scm b/gnu/packages/medical.scm new file mode 100644 index 0000000000..c0d9d597b7 --- /dev/null +++ b/gnu/packages/medical.scm @@ -0,0 +1,60 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Ricardo Wurmus +;;; Copyright © 2017 Quiliro +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages medical) + #:use-module (guix build-system python) + #:use-module (guix download) + #:use-module (guix licenses) + #:use-module (guix packages) + #:use-module (gnu packages python) + #:use-module (gnu packages qt)) + +(define-public openmolar-1 + (package + (name "openmolar") + (version "1.0.15-gd81f9e5") + (source (origin + (method url-fetch) + (uri (string-append + "https://static.openmolar.com/om1/releases/openmolar-" + version ".tar.gz")) + (sha256 + (base32 + "1cfdzfbi6wslw7k0dc6ad6xrgs75iwsl91cg73w4myswaqqkfk3z")))) + (build-system python-build-system) + (arguments + `(#:use-setuptools? #f + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-/usr + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "setup.py" + (("/usr") (assoc-ref outputs "out"))) + #t))))) + (inputs + `(("python-pyqt+qscintilla" ,python-pyqt+qscintilla) + ("python-mysqlclient" ,python-mysqlclient) + ("qscintilla" ,qscintilla))) + (home-page "https://openmolar.com/om1") + (synopsis "Dental practice management software") + (description "Openmolar is a dental practice management suite. Its +functionality includes appointments, patient records, treatment planning, +billing etc. It is a full featured, reliable and thoroughly tested +application and has been translated into many languages.") + (license gpl3+))) -- cgit 1.4.1 From 36378bd57ec31ba2bbedbdbdbd77b5b0f82f3b8a Mon Sep 17 00:00:00 2001 From: Ryan Moe Date: Sat, 22 Jul 2017 07:18:42 -0700 Subject: gnu: quassel: Enable TLS. * gnu/packages/patches/quassel-fix-tls-check.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/irc.scm (quassel)[source]: Use it. Signed-off-by: Leo Famulari --- gnu/local.mk | 1 + gnu/packages/irc.scm | 1 + gnu/packages/patches/quassel-fix-tls-check.patch | 25 ++++++++++++++++++++++++ 3 files changed, 27 insertions(+) create mode 100644 gnu/packages/patches/quassel-fix-tls-check.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 12cd8865a1..8d3916e26d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -984,6 +984,7 @@ dist_patch_DATA = \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ + %D%/packages/patches/quassel-fix-tls-check.patch \ %D%/packages/patches/quickswitch-fix-dmenu-check.patch \ %D%/packages/patches/rapicorn-isnan.patch \ %D%/packages/patches/raptor2-heap-overflow.patch \ diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm index 011665d387..1d6ac82e5f 100644 --- a/gnu/packages/irc.scm +++ b/gnu/packages/irc.scm @@ -66,6 +66,7 @@ (method url-fetch) (uri (string-append "http://quassel-irc.org/pub/quassel-" version ".tar.bz2")) + (patches (search-patches "quassel-fix-tls-check.patch")) (sha256 (base32 "0ka456fb8ha3w7g74xlzfg6w4azxjjxgrhl4aqpbwg3lnd6fbr4k")))) diff --git a/gnu/packages/patches/quassel-fix-tls-check.patch b/gnu/packages/patches/quassel-fix-tls-check.patch new file mode 100644 index 0000000000..057bc02a14 --- /dev/null +++ b/gnu/packages/patches/quassel-fix-tls-check.patch @@ -0,0 +1,25 @@ +This allows quasselclient to connect to SSL-enabled quasselcore instances. + +The check in qglobal.h requires -fPIC (not -fPIE as it is now). When this check +fails SSL / TLS is disabled. + +This patch comes from the upstream source repository [0] and can be +removed when the next version is packaged. + +[0] https://github.com/quassel/quassel/commit/4768c9e99f99b581d4e32e797db91d0182391696 + +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -428,6 +428,11 @@ endif() + cmake_push_check_state(RESET) + set(CMAKE_REQUIRED_INCLUDES ${QT_INCLUDES} ${Qt5Core_INCLUDE_DIRS}) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${Qt5Core_EXECUTABLE_COMPILE_FLAGS}") ++ ++if (USE_QT5 AND Qt5_POSITION_INDEPENDENT_CODE) ++ set(CMAKE_REQUIRED_FLAGS "-fPIC -DQT_NO_VERSION_TAGGING") ++endif() ++ + check_cxx_source_compiles(" + #include \"qglobal.h\" + #if defined QT_NO_SSL + -- cgit 1.4.1 From 98593f9f51c8f6e3c2208d8443fdf08cf4d633bb Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Fri, 7 Apr 2017 19:21:28 +1000 Subject: gnu: bcftools: Update to 1.4.1. * gnu/packages/bioinformatics.scm (bcftools): Update to 1.4.1. [arguments]: Move Makefile modifications from here ... [source]: ... to added patch. Adjust patch for update to 1.4. * gnu/packages/patches/bcftools-fix-makefile.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/bioinformatics.scm | 20 +++++--------- gnu/packages/patches/bcftools-fix-makefile.patch | 33 ++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 13 deletions(-) create mode 100644 gnu/packages/patches/bcftools-fix-makefile.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 8d3916e26d..3397216e15 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -522,6 +522,7 @@ dist_patch_DATA = \ %D%/packages/patches/awesome-reproducible-png.patch \ %D%/packages/patches/azr3.patch \ %D%/packages/patches/bash-completion-directories.patch \ + %D%/packages/patches/bcftools-fix-makefile.patch \ %D%/packages/patches/binutils-ld-new-dtags.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/binutils-mips-bash-bug.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index f5122a1802..87da4aed15 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -300,7 +300,7 @@ BAM files.") (define-public bcftools (package (name "bcftools") - (version "1.3.1") + (version "1.4.1") (source (origin (method url-fetch) (uri (string-append @@ -308,11 +308,12 @@ BAM files.") version "/bcftools-" version ".tar.bz2")) (sha256 (base32 - "095ry68vmz9q5s1scjsa698dhgyvgw5aicz24c19iwfbai07mhqj")) + "024xv59bzv148b6w3das4jmldf7rywsf8y1fbqznap008qc8gl6p")) + (patches (search-patches "bcftools-fix-makefile.patch")) (modules '((guix build utils))) (snippet ;; Delete bundled htslib. - '(delete-file-recursively "htslib-1.3.1")))) + '(delete-file-recursively "htslib-1.4.1")))) (build-system gnu-build-system) (arguments `(#:test-target "test" @@ -321,19 +322,12 @@ BAM files.") "USE_GPL=1" (string-append "prefix=" (assoc-ref %outputs "out")) (string-append "HTSDIR=" (assoc-ref %build-inputs "htslib") "/include") - (string-append "HTSLIB=" (assoc-ref %build-inputs "htslib") "/lib/libhts.a") + (string-append "HTSLIB=" (assoc-ref %build-inputs "htslib") "/lib/libhts.so") (string-append "BGZIP=" (assoc-ref %build-inputs "htslib") "/bin/bgzip") - (string-append "TABIX=" (assoc-ref %build-inputs "htslib") "/bin/tabix")) + (string-append "TABIX=" (assoc-ref %build-inputs "htslib") "/bin/tabix") + (string-append "PACKAGE_VERSION=" ,version)) #:phases (modify-phases %standard-phases - (add-after 'unpack 'patch-Makefile - (lambda _ - (substitute* "Makefile" - ;; Do not attempt to build htslib. - (("^include \\$\\(HTSDIR\\)/htslib\\.mk") "") - ;; Link against GSL cblas. - (("-lcblas") "-lgslcblas")) - #t)) (delete 'configure) (add-before 'check 'patch-tests (lambda _ diff --git a/gnu/packages/patches/bcftools-fix-makefile.patch b/gnu/packages/patches/bcftools-fix-makefile.patch new file mode 100644 index 0000000000..614f5fd6bd --- /dev/null +++ b/gnu/packages/patches/bcftools-fix-makefile.patch @@ -0,0 +1,33 @@ +diff --git a/Makefile b/Makefile +index edd2c4a..73b25ea 100644 +--- a/Makefile ++++ b/Makefile +@@ -30,8 +30,8 @@ all: $(PROG) $(TEST_PROG) + + # Adjust $(HTSDIR) to point to your top-level htslib directory + HTSDIR = htslib-1.4.1 +-include $(HTSDIR)/htslib.mk +-include $(HTSDIR)/htslib_static.mk ++#include $(HTSDIR)/htslib.mk ++#include $(HTSDIR)/htslib_static.mk + HTSLIB = $(HTSDIR)/libhts.a + BGZIP = $(HTSDIR)/bgzip + TABIX = $(HTSDIR)/tabix +@@ -73,7 +73,7 @@ GSL_LIBS = + ifdef USE_GPL + EXTRA_CPPFLAGS += -DUSE_GPL + OBJS += polysomy.o peakfit.o +- GSL_LIBS = -lgsl -lcblas ++ GSL_LIBS = -lgsl -lgslcblas + endif + + prefix = /usr/local +@@ -217,7 +217,7 @@ test/test-regidx.o: test/test-regidx.c regidx.h + test/test-regidx: test/test-regidx.o regidx.o $(HTSLIB) + $(CC) $(ALL_LDFLAGS) -o $@ $^ $(HTSLIB) -lpthread $(HTSLIB_LIBS) $(ALL_LIBS) + +-bcftools: $(HTSLIB) $(OBJS) ++bcftools: $(OBJS) + $(CC) $(ALL_LDFLAGS) -o $@ $(OBJS) $(HTSLIB) -lpthread $(HTSLIB_LIBS) $(GSL_LIBS) $(ALL_LIBS) + + doc/bcftools.1: doc/bcftools.txt -- cgit 1.4.1 From 0620387a594be1e8069dea8cda83dfc4a0b7f2de Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sat, 22 Jul 2017 20:36:44 +1000 Subject: gnu: bcftools: Update to 1.5. * gnu/packages/bioinformatics.scm (bcftools): Update to 1.5. [origin]: Remove fix-makefile patch. [arguments]: Add configure flags, add LIBS make flag. Do not delete configure phase. * gnu/packages/patches/bcftools-fix-makefile.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/bioinformatics.scm | 10 +++---- gnu/packages/patches/bcftools-fix-makefile.patch | 33 ------------------------ 3 files changed, 5 insertions(+), 39 deletions(-) delete mode 100644 gnu/packages/patches/bcftools-fix-makefile.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3397216e15..8d3916e26d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -522,7 +522,6 @@ dist_patch_DATA = \ %D%/packages/patches/awesome-reproducible-png.patch \ %D%/packages/patches/azr3.patch \ %D%/packages/patches/bash-completion-directories.patch \ - %D%/packages/patches/bcftools-fix-makefile.patch \ %D%/packages/patches/binutils-ld-new-dtags.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/binutils-mips-bash-bug.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 3e3aaeb657..d9f7e2a5e1 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -300,7 +300,7 @@ BAM files.") (define-public bcftools (package (name "bcftools") - (version "1.4.1") + (version "1.5") (source (origin (method url-fetch) (uri (string-append @@ -308,18 +308,19 @@ BAM files.") version "/bcftools-" version ".tar.bz2")) (sha256 (base32 - "024xv59bzv148b6w3das4jmldf7rywsf8y1fbqznap008qc8gl6p")) - (patches (search-patches "bcftools-fix-makefile.patch")) + "0093hkkvxmbwfaa7905s6185jymynvg42kq6sxv7fili11l5mxwz")) (modules '((guix build utils))) (snippet ;; Delete bundled htslib. - '(delete-file-recursively "htslib-1.4.1")))) + '(delete-file-recursively "htslib-1.5")))) (build-system gnu-build-system) (arguments `(#:test-target "test" + #:configure-flags (list "--with-htslib=system") #:make-flags (list "USE_GPL=1" + "LIBS=-lgsl -lgslcblas" (string-append "prefix=" (assoc-ref %outputs "out")) (string-append "HTSDIR=" (assoc-ref %build-inputs "htslib") "/include") (string-append "HTSLIB=" (assoc-ref %build-inputs "htslib") "/lib/libhts.so") @@ -328,7 +329,6 @@ BAM files.") (string-append "PACKAGE_VERSION=" ,version)) #:phases (modify-phases %standard-phases - (delete 'configure) (add-before 'check 'patch-tests (lambda _ (substitute* "test/test.pl" diff --git a/gnu/packages/patches/bcftools-fix-makefile.patch b/gnu/packages/patches/bcftools-fix-makefile.patch deleted file mode 100644 index 614f5fd6bd..0000000000 --- a/gnu/packages/patches/bcftools-fix-makefile.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/Makefile b/Makefile -index edd2c4a..73b25ea 100644 ---- a/Makefile -+++ b/Makefile -@@ -30,8 +30,8 @@ all: $(PROG) $(TEST_PROG) - - # Adjust $(HTSDIR) to point to your top-level htslib directory - HTSDIR = htslib-1.4.1 --include $(HTSDIR)/htslib.mk --include $(HTSDIR)/htslib_static.mk -+#include $(HTSDIR)/htslib.mk -+#include $(HTSDIR)/htslib_static.mk - HTSLIB = $(HTSDIR)/libhts.a - BGZIP = $(HTSDIR)/bgzip - TABIX = $(HTSDIR)/tabix -@@ -73,7 +73,7 @@ GSL_LIBS = - ifdef USE_GPL - EXTRA_CPPFLAGS += -DUSE_GPL - OBJS += polysomy.o peakfit.o -- GSL_LIBS = -lgsl -lcblas -+ GSL_LIBS = -lgsl -lgslcblas - endif - - prefix = /usr/local -@@ -217,7 +217,7 @@ test/test-regidx.o: test/test-regidx.c regidx.h - test/test-regidx: test/test-regidx.o regidx.o $(HTSLIB) - $(CC) $(ALL_LDFLAGS) -o $@ $^ $(HTSLIB) -lpthread $(HTSLIB_LIBS) $(ALL_LIBS) - --bcftools: $(HTSLIB) $(OBJS) -+bcftools: $(OBJS) - $(CC) $(ALL_LDFLAGS) -o $@ $(OBJS) $(HTSLIB) -lpthread $(HTSLIB_LIBS) $(GSL_LIBS) $(ALL_LIBS) - - doc/bcftools.1: doc/bcftools.txt -- cgit 1.4.1 From f3f68a442c1c40438078c24c0869e22c08f30c48 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sat, 15 Jul 2017 16:31:40 +1000 Subject: gnu: metabat: Update to 2.11.1. * gnu/packages/bioinformatics.scm (metabat): Update to 2.11.1. [source]: Add patch to fix compilation. [arguments]: Adjust regular expressions modifying 'SConstruct'. * gnu/packages/patches/metabat-fix-compilation.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/bioinformatics.scm | 89 +++++++++++----------- gnu/packages/patches/metabat-fix-compilation.patch | 39 ++++++++++ 3 files changed, 83 insertions(+), 46 deletions(-) create mode 100644 gnu/packages/patches/metabat-fix-compilation.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 8d3916e26d..3eccc879b0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -840,6 +840,7 @@ dist_patch_DATA = \ %D%/packages/patches/mesa-skip-disk-cache-test.patch \ %D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch \ %D%/packages/patches/metabat-remove-compilation-date.patch \ + %D%/packages/patches/metabat-fix-compilation.patch \ %D%/packages/patches/mhash-keygen-test-segfault.patch \ %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch \ %D%/packages/patches/mpc123-initialize-ao.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index eab9d49e12..3b4cc359ee 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -3467,23 +3467,20 @@ form of assemblies or reads.") license:cpl1.0)))) ; Open Bloom Filter (define-public metabat - ;; We package from a git commit because compilation of the released version - ;; fails. - (let ((commit "cbdca756993e66ae57e50a27970595dda9cbde1b")) - (package - (name "metabat") - (version (string-append "0.32.4-1." (string-take commit 8))) - (source - (origin - (method git-fetch) - (uri (git-reference - (url "https://bitbucket.org/berkeleylab/metabat.git") - (commit commit))) - (file-name (string-append name "-" version)) - (sha256 - (base32 - "0byia8nsip6zvc4ha0qkxkxxyjf4x7jcvy48q2dvb0pzr989syzr")) - (patches (search-patches "metabat-remove-compilation-date.patch")))) + (package + (name "metabat") + (version "2.11.1") + (source + (origin + (method url-fetch) + (uri (string-append "https://bitbucket.org/berkeleylab/metabat/get/v" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0ll00l81aflscgggs5nfhj12cbvdiz3gg7f7n5f537a3xhx60vn9")) + (patches (search-patches "metabat-remove-compilation-date.patch" + "metabat-fix-compilation.patch")))) (build-system gnu-build-system) (arguments `(#:phases @@ -3500,35 +3497,35 @@ form of assemblies or reads.") "#include \"htslib/kseq.h\"")) #t)) (add-after 'unpack 'fix-scons - (lambda* (#:key inputs #:allow-other-keys) - (substitute* "SConstruct" - (("^htslib_dir = 'samtools'") - (string-append "hitslib_dir = '" - (assoc-ref inputs "htslib") - "'")) - (("^samtools_dir = 'samtools'") - (string-append "samtools_dir = '" - (assoc-ref inputs "htslib") - "'")) - (("^findStaticOrShared\\('bam', hts_lib") - (string-append "findStaticOrShared('bam', '" - (assoc-ref inputs "samtools") - "/lib'")) - ;; Do not distribute README. - (("^env\\.Install\\(idir_prefix, 'README\\.md'\\)") "")) - #t)) + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "SConstruct" + (("^htslib_dir += 'samtools'") + (string-append "htslib_dir = '" + (assoc-ref inputs "htslib") + "'")) + (("^samtools_dir = 'samtools'") + (string-append "samtools_dir = '" + (assoc-ref inputs "samtools") + "'")) + (("^findStaticOrShared\\('bam', hts_lib") + (string-append "findStaticOrShared('bam', '" + (assoc-ref inputs "samtools") + "/lib'")) + ;; Do not distribute README. + (("^env\\.Install\\(idir_prefix, 'README\\.md'\\)") "")) + #t)) (delete 'configure) (replace 'build - (lambda* (#:key inputs outputs #:allow-other-keys) - (mkdir (assoc-ref outputs "out")) - (zero? (system* "scons" - (string-append - "PREFIX=" - (assoc-ref outputs "out")) - (string-append - "BOOST_ROOT=" - (assoc-ref inputs "boost")) - "install")))) + (lambda* (#:key inputs outputs #:allow-other-keys) + (mkdir (assoc-ref outputs "out")) + (zero? (system* "scons" + (string-append + "PREFIX=" + (assoc-ref outputs "out")) + (string-append + "BOOST_ROOT=" + (assoc-ref inputs "boost")) + "install")))) ;; Check and install are carried out during build phase. (delete 'check) (delete 'install)))) @@ -3549,8 +3546,8 @@ sequences to deconvolute complex microbial communities, or metagenome binning, enables the study of individual organisms and their interactions. MetaBAT is an automated metagenome binning software, which integrates empirical probabilistic distances of genome abundance and tetranucleotide frequency.") - (license (license:non-copyleft "file://license.txt" - "See license.txt in the distribution."))))) + (license (license:non-copyleft "file://license.txt" + "See license.txt in the distribution.")))) (define-public minced (package diff --git a/gnu/packages/patches/metabat-fix-compilation.patch b/gnu/packages/patches/metabat-fix-compilation.patch new file mode 100644 index 0000000000..7086a96e86 --- /dev/null +++ b/gnu/packages/patches/metabat-fix-compilation.patch @@ -0,0 +1,39 @@ +This patch changes metabat so that (1) it is not build statically, (2) it uses +shared libraries rather than static libraries where possible. + +diff --git a/SConstruct b/SConstruct +index 69cdc0a..ac99bcb 100644 +--- a/SConstruct ++++ b/SConstruct +@@ -26,8 +26,6 @@ debug = ARGUMENTS.get('DEBUG', None) + build_flags = ['-Wall', '-g', '-std=c++11', '-fopenmp'] + link_flags = ['-lstdc++', '-lm', '-fopenmp'] + +-if platform.platform(True, True).find('Darwin') == -1: +- link_flags.extend(['-static', '-static-libgcc', '-static-libstdc++']) + + if debug is None: + build_flags.extend(['-O3', '-DNDEBUG', '-Wno-unknown-pragmas', '-Wno-deprecated-declarations', '-Wno-overflow', '-Wno-unused-variable']) +@@ -110,17 +108,17 @@ def findStaticOrShared( lib, testPaths, static_source_list, link_flag_list, stat + for path in testPaths: + if not os.path.isdir(path): + continue ++ for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)): ++ if os.path.isfile(testfile): ++ print "Found shared library %s as %s" % (lib, testfile) ++ link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] ) ++ return + for suffix in staticSuffixes: + testfile = '%s/lib%s%s' % (path, lib, suffix) + if os.path.isfile(testfile): + static_source_list.append(testfile) + print "Found static library %s as %s" % (lib, testfile) + return +- for testfile in ('%s/lib%s.so' % (path, lib), '%s/lib%s.dylib' % (path, lib)): +- if os.path.isfile(testfile): +- print "Found shared library %s as %s" % (lib, testfile) +- link_flag_list.extend( ["-L%s" % (path), "-l%s" % (lib) ] ) +- return + print "Could not find library for %s!!! Looked in %s" % (lib, testPaths) + return + -- cgit 1.4.1 From d3dce32216905a3beab6cdc6ba444d92f934ea29 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sun, 23 Jul 2017 22:35:52 +1000 Subject: gnu: metabat: Fix boost-related compilation issue. Reported by Leo Famulari. * gnu/packages/patches/metabat-fix-boost-issue.patch: New file. * gnu/packages/bioinformatics.scm (metabat): Use it. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/bioinformatics.scm | 3 ++- gnu/packages/patches/metabat-fix-boost-issue.patch | 27 ++++++++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/metabat-fix-boost-issue.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index f01ed62ff9..acfd2af36f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -822,6 +822,7 @@ dist_patch_DATA = \ %D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch \ %D%/packages/patches/metabat-remove-compilation-date.patch \ %D%/packages/patches/metabat-fix-compilation.patch \ + %D%/packages/patches/metabat-fix-boost-issue.patch \ %D%/packages/patches/mhash-keygen-test-segfault.patch \ %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch \ %D%/packages/patches/mpc123-initialize-ao.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 3b4cc359ee..60beed8fb3 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -3480,7 +3480,8 @@ form of assemblies or reads.") (base32 "0ll00l81aflscgggs5nfhj12cbvdiz3gg7f7n5f537a3xhx60vn9")) (patches (search-patches "metabat-remove-compilation-date.patch" - "metabat-fix-compilation.patch")))) + "metabat-fix-compilation.patch" + "metabat-fix-boost-issue.patch")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/metabat-fix-boost-issue.patch b/gnu/packages/patches/metabat-fix-boost-issue.patch new file mode 100644 index 0000000000..3382d84d66 --- /dev/null +++ b/gnu/packages/patches/metabat-fix-boost-issue.patch @@ -0,0 +1,27 @@ +This patch fixes the issue described at +https://bitbucket.org/berkeleylab/metabat/issues/28/compilation-fail-with-boost-164 + +diff --git a/src/metabat.h b/src/metabat.h +index 32ae94c..2292c04 100644 +--- a/src/metabat.h ++++ b/src/metabat.h +@@ -35,6 +35,7 @@ KSEQ_INIT(gzFile, gzread) + + #include + #include ++#include + #include + #include + #include +diff --git a/src/metabat2.h b/src/metabat2.h +index 60a9998..19fa815 100644 +--- a/src/metabat2.h ++++ b/src/metabat2.h +@@ -41,6 +41,7 @@ KSEQ_INIT(gzFile, gzread) + + #include + #include ++#include + #include + #include + #include -- cgit 1.4.1 From d61a894bfa3670c0742e72222af02ede820fd6cd Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sat, 20 May 2017 16:24:19 +0100 Subject: gnu: gnome: Add deja-dup. * gnu/packages/gnome.scm (deja-dup): New variable. * gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch file entry. --- gnu/local.mk | 1 + gnu/packages/gnome.scm | 78 ++++++++++++++++++++++ .../deja-dup-use-ref-keyword-for-iter.patch | 41 ++++++++++++ 3 files changed, 120 insertions(+) create mode 100644 gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3eccc879b0..60ad007a28 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -565,6 +565,7 @@ dist_patch_DATA = \ %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \ %D%/packages/patches/dblatex-remove-multirow.patch \ %D%/packages/patches/dbus-helper-search-path.patch \ + %D%/packages/patches/deja-dup-use-ref-keyword-for-iter.patch \ %D%/packages/patches/dfu-programmer-fix-libusb.patch \ %D%/packages/patches/diffutils-gets-undeclared.patch \ %D%/packages/patches/doc++-include-directives.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index be00fcff54..1ab59a6303 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -61,6 +61,7 @@ #:use-module (gnu packages bison) #:use-module (gnu packages calendar) #:use-module (gnu packages check) + #:use-module (gnu packages cmake) #:use-module (gnu packages cups) #:use-module (gnu packages curl) #:use-module (gnu packages cyrus-sasl) @@ -193,6 +194,83 @@ Desktop. It is designed to be as simple as possible and has some unique features to enable users to create their discs easily and quickly.") (license license:gpl2+))) +(define-public deja-dup + (package + (name "deja-dup") + (version "34.3") + (source (origin + (method url-fetch) + (uri "https://launchpadlibrarian.net/295170991/deja-dup-34.3.tar.xz") + (sha256 + (base32 + "1xqcr61hpbahbla7gdjn4ngjfz7w6f57y7f5pkb77yk05f60j2n9")) + (patches + (search-patches "deja-dup-use-ref-keyword-for-iter.patch")))) + (build-system glib-or-gtk-build-system) + (arguments + `(#:modules ((guix build gnu-build-system) + ((guix build cmake-build-system) #:prefix cmake:) + (guix build glib-or-gtk-build-system) + (guix build utils)) + #:imported-modules (,@%glib-or-gtk-build-system-modules + (guix build cmake-build-system)) + #:test-target "test" + #:configure-flags (list (string-append + "-DCMAKE_INSTALL_FULL_DATADIR=" %output) + (string-append + "-DCMAKE_INSTALL_LIBEXECDIR=" %output)) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-lockfile-deletion + (lambda rest + (substitute* "libdeja/tools/duplicity/DuplicityInstance.vala" + (("/bin/rm") + (which "rm"))))) + (replace 'configure + (assoc-ref cmake:%standard-phases 'configure)) + (delete 'check) ;; Fails due to issues with DBus + (add-after 'install 'wrap-deja-dup + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((python (assoc-ref inputs "python")) + (python-path (getenv "PYTHONPATH")) + (duplicity (assoc-ref inputs "duplicity")) + (out (assoc-ref outputs "out"))) + (for-each + (lambda (program) + (wrap-program program + `("PATH" ":" prefix (,(string-append python "/bin") + ,(string-append duplicity "/bin")))) + (wrap-program program + `("PYTHONPATH" ":" prefix (,python-path)))) + + (find-files (string-append out "/bin"))) + #t)))))) + (inputs + `(("gsettings-desktop-schemas" ,gsettings-desktop-schemas) + ("gobject-introspection" ,gobject-introspection) + ("duplicity" ,duplicity) + ("python" ,python2-minimal) + ("python-pygobject" ,python2-pygobject) + ("gtk+" ,gtk+) + ("libnotify" ,libnotify) + ("libpeas" ,libpeas) + ("libsecret" ,libsecret) + ("packagekit" ,packagekit))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("vala" ,vala) + ("gettext" ,gettext-minimal) + ("itstool" ,itstool) + ("intltool" ,intltool) + ("cmake", cmake))) + (home-page "https://launchpad.net/deja-dup") + (synopsis "Simple backup tool, for regular encrypted backups") + (description + "Déjà Dup is a simple backup tool, for regular encrypted backups. It +uses duplicity as the backend, which supports incremental backups and storage +either on a local, or remote machine via a number of methods.") + (license license:gpl3+))) + (define-public dia ;; This version from GNOME's repository includes fixes for compiling with ;; recent versions of the build tools. The latest activity on the diff --git a/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch b/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch new file mode 100644 index 0000000000..a03e0c5481 --- /dev/null +++ b/gnu/packages/patches/deja-dup-use-ref-keyword-for-iter.patch @@ -0,0 +1,41 @@ +From 5676766be5e845ccb6cdf46cfa8722497f151752 Mon Sep 17 00:00:00 2001 +From: Jeremy Bicha +Date: Fri, 16 Jun 2017 15:11:37 -0400 +Subject: Use 'ref' keyword for iter, requires vala 0.36 + + +diff --git a/deja-dup/widgets/ConfigList.vala b/deja-dup/widgets/ConfigList.vala +index 15de2d6..02cd81a 100644 +--- a/deja-dup/widgets/ConfigList.vala ++++ b/deja-dup/widgets/ConfigList.vala +@@ -333,7 +333,7 @@ public class ConfigList : ConfigWidget + + model.row_deleted.disconnect(write_to_config); + foreach (Gtk.TreeIter iter in iters) { +- (model as Gtk.ListStore).remove(iter); ++ (model as Gtk.ListStore).remove(ref iter); + } + model.row_deleted.connect(write_to_config); + +diff --git a/deja-dup/widgets/ConfigLocation.vala b/deja-dup/widgets/ConfigLocation.vala +index 869e2a8..d21c556 100644 +--- a/deja-dup/widgets/ConfigLocation.vala ++++ b/deja-dup/widgets/ConfigLocation.vala +@@ -397,12 +397,12 @@ public class ConfigLocation : ConfigWidget + if (uuid == saved_uuid) + return; + +- store.remove(iter); ++ store.remove(ref iter); + + if (--num_volumes == 0) { + Gtk.TreeIter sep_iter; + if (store.get_iter_from_string(out sep_iter, index_vol_sep.to_string())) { +- store.remove(sep_iter); ++ store.remove(ref sep_iter); + index_vol_sep = -2; + } + } +-- +cgit v0.10.2 + -- cgit 1.4.1 From 726ecfeb3ae9eb4baacf042e2dd34b1e377dccfa Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 25 Jul 2017 17:06:51 +0200 Subject: gnu: Add guile2.0-bytestructures. * gnu/packages/patches/guile-bytestructures-name-clash.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/guile.scm (guile-bytestructures)[source]: Use it. [arguments]: Unpack the source. [native-inputs]: New field. (guile2.0-bytestructures): New variable. --- gnu/local.mk | 1 + gnu/packages/guile.scm | 22 +++++++++++++-- .../patches/guile-bytestructures-name-clash.patch | 31 ++++++++++++++++++++++ 3 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/guile-bytestructures-name-clash.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 60ad007a28..1cc8f08d98 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -668,6 +668,7 @@ dist_patch_DATA = \ %D%/packages/patches/gsl-test-i686.patch \ %D%/packages/patches/gspell-dash-test.patch \ %D%/packages/patches/guile-1.8-cpp-4.5.patch \ + %D%/packages/patches/guile-bytestructures-name-clash.patch \ %D%/packages/patches/guile-default-utf8.patch \ %D%/packages/patches/guile-linux-syscalls.patch \ %D%/packages/patches/guile-present-coding.patch \ diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm index dd852cb3e6..21cc59ef04 100644 --- a/gnu/packages/guile.scm +++ b/gnu/packages/guile.scm @@ -1543,16 +1543,28 @@ is no support for parsing block and inline level HTML.") (file-name (string-append name "-" version "-checkout")) (sha256 (base32 - "04lgh0nk6ddnwgh20hnz4pyhczaik0xbd50kikjsxcwcl46shavb")))) + "04lgh0nk6ddnwgh20hnz4pyhczaik0xbd50kikjsxcwcl46shavb")) + (patches (search-patches "guile-bytestructures-name-clash.patch")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) #:builder (begin (use-modules (guix build utils) + (ice-9 ftw) (ice-9 match) (ice-9 popen) (ice-9 rdelim)) + ;; Unpack. + (setenv "PATH" + (string-join (list (assoc-ref %build-inputs "tar") + (assoc-ref %build-inputs "xz")) + "/bin:" 'suffix)) + (system* "tar" "xf" (assoc-ref %build-inputs "source")) + (match (scandir ".") + (("." ".." directory) + (chdir directory))) + (let* ((out (assoc-ref %outputs "out")) (guile (assoc-ref %build-inputs "guile")) (effective (read-line @@ -1561,7 +1573,7 @@ is no support for parsing block and inline level HTML.") "-c" "(display (effective-version))"))) (module-dir (string-append out "/share/guile/site/" effective)) - (source (assoc-ref %build-inputs "source")) + (source (getcwd)) (doc (string-append out "/share/doc/scheme-bytestructures")) (sld-files (with-directory-excursion source (find-files "bytestructures/r7" "\\.exports.sld$"))) @@ -1601,6 +1613,9 @@ is no support for parsing block and inline level HTML.") ;; Also copy over the README. (install-file "README.md" doc) #t)))) + (native-inputs + `(("tar" ,tar) + ("xz" ,xz))) (inputs `(("guile" ,guile-2.2))) (home-page "https://github.com/TaylanUB/scheme-bytestructures") @@ -1613,6 +1628,9 @@ an abstraction over raw memory. It's also more powerful than the C type system, elevating types to first-class status.") (license license:gpl3+))) +(define-public guile2.0-bytestructures + (package-for-guile-2.0 guile-bytestructures)) + (define-public guile-aspell (package (name "guile-aspell") diff --git a/gnu/packages/patches/guile-bytestructures-name-clash.patch b/gnu/packages/patches/guile-bytestructures-name-clash.patch new file mode 100644 index 0000000000..ac834dd504 --- /dev/null +++ b/gnu/packages/patches/guile-bytestructures-name-clash.patch @@ -0,0 +1,31 @@ +This patch works around a name clash between the 'cstring-pointer' module and +the 'cstring-module' variable that occurs in Guile 2.0: + + ice-9/boot-9.scm:109:20: re-exporting local variable: cstring-pointer + +--- guile-bytestructures-20170402.91d042e-checkout/bytestructures/guile.scm 2017-07-25 17:04:32.858289986 +0200 ++++ guile-bytestructures-20170402.91d042e-checkout/bytestructures/guile.scm 2017-07-25 17:04:41.130244725 +0200 +@@ -1,6 +1,6 @@ + (define-module (bytestructures guile)) + +-(import ++(use-modules + (bytestructures guile base) + (bytestructures guile vector) + (bytestructures guile struct) +@@ -8,7 +8,7 @@ + (bytestructures guile pointer) + (bytestructures guile numeric) + (bytestructures guile string) +- (bytestructures guile cstring-pointer)) ++ ((bytestructures guile cstring-pointer) #:prefix cstr:)) + (re-export + make-bytestructure-descriptor + bytestructure-descriptor? +@@ -75,5 +75,5 @@ + + bs:string + +- cstring-pointer ++ cstr:cstring-pointer + ) -- cgit 1.4.1 From c7db7b86cef0cca32c4f22deab4f0d6caf964729 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Mon, 24 Jul 2017 13:51:50 -0400 Subject: gnu: perl-dbd-mysql: Fix CVE-2017-10788. * gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/databases.scm (perl-dbd-mysql)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/databases.scm | 3 +- .../patches/perl-dbd-mysql-CVE-2017-10788.patch | 62 ++++++++++++++++++++++ 3 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1cc8f08d98..f5255feff6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -904,6 +904,7 @@ dist_patch_DATA = \ %D%/packages/patches/pcre2-CVE-2017-8786.patch \ %D%/packages/patches/perl-file-path-CVE-2017-6512.patch \ %D%/packages/patches/perl-autosplit-default-time.patch \ + %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch \ %D%/packages/patches/perl-deterministic-ordering.patch \ %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \ %D%/packages/patches/perl-gd-options-passthrough-and-fontconfig.patch \ diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index ee340505e6..7e62452ea6 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -1015,7 +1015,8 @@ columns, primary keys, unique constraints and relationships.") "DBD-mysql-" version ".tar.gz")) (sha256 (base32 - "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2")))) + "16bg7l28n65ngi1abjxvwk906a80i2vd5vzjn812dx8phdg8d7v2")) + (patches (search-patches "perl-dbd-mysql-CVE-2017-10788.patch")))) (build-system perl-build-system) ;; Tests require running MySQL server (arguments `(#:tests? #f)) diff --git a/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch new file mode 100644 index 0000000000..74613cb632 --- /dev/null +++ b/gnu/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch @@ -0,0 +1,62 @@ +Fix CVE-2017-10788: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10788 + +Patch written to match corrected documentation specifications: + +Old: http://web.archive.org/web/20161220021610/https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html +New: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html + +The patch itself is from https://github.com/perl5-dbi/DBD-mysql/issues/120#issuecomment-312420660. + +From 9ce10cfae7138c37c3a0cb2ba2a1d682482943d0 Mon Sep 17 00:00:00 2001 +From: Pali +Date: Sun, 25 Jun 2017 10:07:39 +0200 +Subject: [PATCH] Fix use-after-free after calling mysql_stmt_close() + +Ignore return value from mysql_stmt_close() and also its error message +because it points to freed memory after mysql_stmt_close() was called. +--- + dbdimp.c | 8 ++------ + mysql.xs | 7 ++----- + 2 files changed, 4 insertions(+), 11 deletions(-) + +diff --git a/dbdimp.c b/dbdimp.c +index c60a5f6..a6410e5 100644 +--- a/dbdimp.c ++++ b/dbdimp.c +@@ -4894,12 +4894,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) { + + if (imp_sth->stmt) + { +- if (mysql_stmt_close(imp_sth->stmt)) +- { +- do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt), +- mysql_stmt_error(imp_sth->stmt), +- mysql_stmt_sqlstate(imp_sth->stmt)); +- } ++ mysql_stmt_close(imp_sth->stmt); ++ imp_sth->stmt= NULL; + } + #endif + +diff --git a/mysql.xs b/mysql.xs +index 55376e1..affde59 100644 +--- a/mysql.xs ++++ b/mysql.xs +@@ -434,11 +434,8 @@ do(dbh, statement, attr=Nullsv, ...) + if (bind) + Safefree(bind); + +- if(mysql_stmt_close(stmt)) +- { +- fprintf(stderr, "\n failed while closing the statement"); +- fprintf(stderr, "\n %s", mysql_stmt_error(stmt)); +- } ++ mysql_stmt_close(stmt); ++ stmt= NULL; + + if (retval == -2) /* -2 means error */ + { +-- +1.7.9.5 -- cgit 1.4.1 From 8ad40a69d16d33cb307cd2a7762ac8ea807bfb92 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Tue, 25 Jul 2017 16:19:45 -0400 Subject: gnu: evince: Update to 3.24.1. * gnu/packages/gnome.scm (evince): Update to 3.24.1. [source]: Remove obsolete patch. * gnu/packages/patches/evince-CVE-2017-1000083.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/gnome.scm | 5 +- gnu/packages/patches/evince-CVE-2017-1000083.patch | 109 --------------------- 3 files changed, 2 insertions(+), 113 deletions(-) delete mode 100644 gnu/packages/patches/evince-CVE-2017-1000083.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index f5255feff6..9dfca9dbb7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -582,7 +582,6 @@ dist_patch_DATA = \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/eudev-conflicting-declaration.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ - %D%/packages/patches/evince-CVE-2017-1000083.patch \ %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \ %D%/packages/patches/exim-CVE-2017-1000369.patch \ %D%/packages/patches/fabric-tests.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 1ab59a6303..b670ef7a3e 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -687,16 +687,15 @@ forgotten when the session ends.") (define-public evince (package (name "evince") - (version "3.24.0") + (version "3.24.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" (version-major+minor version) "/" name "-" version ".tar.xz")) - (patches (search-patches "evince-CVE-2017-1000083.patch")) (sha256 (base32 - "13yw0i68dgqp9alyliy3zifszh7rikkpi1xbz5binvxxgfpraf04")))) + "0dqgzwxl0xfr341r5i8j8hn6j6rhv62lmc6xbzjppcq76hhwb84w")))) (build-system glib-or-gtk-build-system) (arguments `(#:configure-flags '("--disable-nautilus") diff --git a/gnu/packages/patches/evince-CVE-2017-1000083.patch b/gnu/packages/patches/evince-CVE-2017-1000083.patch deleted file mode 100644 index 2ca062f337..0000000000 --- a/gnu/packages/patches/evince-CVE-2017-1000083.patch +++ /dev/null @@ -1,109 +0,0 @@ -Fix CVE-2017-1000083. - -http://seclists.org/oss-sec/2017/q3/128 -https://bugzilla.gnome.org/show_bug.cgi?id=784630 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/evince/commit/?id=717df38fd8509bf883b70d680c9b1b3cf36732ee - -From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Thu, 6 Jul 2017 20:02:00 +0200 -Subject: comics: Remove support for tar and tar-like commands - -diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c -index 4c74731..641d785 100644 ---- a/backend/comics/comics-document.c -+++ b/backend/comics/comics-document.c -@@ -56,8 +56,7 @@ typedef enum - RARLABS, - GNAUNRAR, - UNZIP, -- P7ZIP, -- TAR -+ P7ZIP - } ComicBookDecompressType; - - typedef struct _ComicsDocumentClass ComicsDocumentClass; -@@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = { - - /* 7zip */ - {NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE, OFFSET_7Z}, -- -- /* tar */ -- {"%s -xOf" , "%s -tf %s" , NULL , FALSE, NO_OFFSET} - }; - - static GSList* get_supported_image_extensions (void); -@@ -364,13 +360,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = GNAUNRAR; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- - } else if (g_content_type_is_a (mime_type, "application/x-cbz") || - g_content_type_is_a (mime_type, "application/zip")) { - /* InfoZIP's unzip program */ -@@ -396,12 +385,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = P7ZIP; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } - - } else if (g_content_type_is_a (mime_type, "application/x-cb7") || - g_content_type_is_a (mime_type, "application/x-7z-compressed")) { -@@ -425,27 +408,6 @@ comics_check_decompress_command (gchar *mime_type, - comics_document->command_usage = P7ZIP; - return TRUE; - } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- } else if (g_content_type_is_a (mime_type, "application/x-cbt") || -- g_content_type_is_a (mime_type, "application/x-tar")) { -- /* tar utility (Tape ARchive) */ -- comics_document->selected_command = -- g_find_program_in_path ("tar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } -- comics_document->selected_command = -- g_find_program_in_path ("bsdtar"); -- if (comics_document->selected_command) { -- comics_document->command_usage = TAR; -- return TRUE; -- } - } else { - g_set_error (error, - EV_DOCUMENT_ERROR, -diff --git a/configure.ac b/configure.ac -index 9e9f831..7eb0f1f 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES) - AC_SUBST(APPDATA_TIFF_MIME_TYPES) - AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES) - if test "x$enable_comics" = "xyes"; then -- COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt" -+ COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;" - APPDATA_COMICS_MIME_TYPES=$(echo "$COMICS_MIME_TYPES" | sed -e 's/;/<\/mimetype>\n /g') - if test -z "$EVINCE_MIME_TYPES"; then - EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}" --- -cgit v0.12 - -- cgit 1.4.1 From bcd757fdb49753f41a7ee4f0181cdef582705a6a Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 26 Jul 2017 11:11:11 +0200 Subject: gnu: mg: Move to (gnu packages text-editors). * gnu/packages/mg.scm: Remove. * gnu/local.mk (GNU_SYSTEM_MODULES): Remove it. * gnu/packages/text-editors.scm (mg): New variable. --- gnu/local.mk | 1 - gnu/packages/mg.scm | 76 ------------------------------------------- gnu/packages/text-editors.scm | 51 +++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 77 deletions(-) delete mode 100644 gnu/packages/mg.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9dfca9dbb7..724c6b6758 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -270,7 +270,6 @@ GNU_SYSTEM_MODULES = \ %D%/packages/mes.scm \ %D%/packages/messaging.scm \ %D%/packages/mingw.scm \ - %D%/packages/mg.scm \ %D%/packages/microcom.scm \ %D%/packages/moe.scm \ %D%/packages/monitoring.scm \ diff --git a/gnu/packages/mg.scm b/gnu/packages/mg.scm deleted file mode 100644 index 5df6770009..0000000000 --- a/gnu/packages/mg.scm +++ /dev/null @@ -1,76 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2014 Taylan Ulrich Bayırlı/Kammer -;;; Copyright © 2017 Eric Bavier -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - -(define-module (gnu packages mg) - #:use-module (guix licenses) - #:use-module (guix download) - #:use-module (guix packages) - #:use-module (guix build-system gnu) - #:use-module (gnu packages libbsd) - #:use-module (gnu packages ncurses) - #:use-module (gnu packages pkg-config)) - -(define-public mg - (package - (name "mg") - (version "20161005") - (source (origin - (method url-fetch) - (uri (string-append "http://homepage.boetes.org/software/mg/mg-" - version ".tar.gz")) - (sha256 - (base32 - "0qaydk2cy765n9clghmi5gdnpwn15y2v0fj6r0jcm0v7d89vbz5p")) - (modules '((guix build utils))) - (snippet - '(begin - (substitute* "GNUmakefile" - (("/usr/bin/") "")))))) - (build-system gnu-build-system) - (native-inputs - `(("pkg-config" ,pkg-config))) - (inputs - `(("libbsd" ,libbsd) - ("ncurses" ,ncurses))) - (arguments - ;; No test suite available. - '(#:tests? #f - #:make-flags (list (string-append "prefix=" %output) - "CURSES_LIBS=-lncurses" - "CC=gcc") - #:phases (modify-phases %standard-phases - (delete 'configure) - (add-before 'install 'patch-tutorial-location - (lambda* (#:key outputs #:allow-other-keys) - (substitute* "mg.1" - (("/usr") (assoc-ref outputs "out"))) - #t)) - (add-after 'install 'install-tutorial - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (doc (string-append out "/share/doc/mg"))) - (install-file "tutorial" doc) - #t)))))) - (home-page "http://homepage.boetes.org/software/mg/") - (synopsis "Microscopic GNU Emacs clone") - (description - "Mg (mg) is a GNU Emacs style editor, with which it is \"broadly\" -compatible. This is a portable version of the mg maintained by the OpenBSD -team.") - (license public-domain))) diff --git a/gnu/packages/text-editors.scm b/gnu/packages/text-editors.scm index 56049eb510..756c2beab2 100644 --- a/gnu/packages/text-editors.scm +++ b/gnu/packages/text-editors.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2017 Eric Bavier ;;; Copyright © 2017 Feng Shu ;;; Copyright © 2017 ng0 +;;; Copyright © 2014 Taylan Ulrich Bayırlı/Kammer ;;; ;;; This file is part of GNU Guix. ;;; @@ -35,6 +36,7 @@ #:use-module (gnu packages gcc) #:use-module (gnu packages glib) #:use-module (gnu packages gtk) + #:use-module (gnu packages libbsd) #:use-module (gnu packages lua) #:use-module (gnu packages ncurses) #:use-module (gnu packages pkg-config) @@ -228,3 +230,52 @@ Wordstar-, EMACS-, Pico, Nedit or vi-like key bindings. e3 can be used on 16, 32, and 64-bit CPUs.") (supported-systems '("x86_64-linux" "i686-linux")) (license license:gpl2+))) + +(define-public mg + (package + (name "mg") + (version "20161005") + (source (origin + (method url-fetch) + (uri (string-append "http://homepage.boetes.org/software/mg/mg-" + version ".tar.gz")) + (sha256 + (base32 + "0qaydk2cy765n9clghmi5gdnpwn15y2v0fj6r0jcm0v7d89vbz5p")) + (modules '((guix build utils))) + (snippet + '(begin + (substitute* "GNUmakefile" + (("/usr/bin/") "")))))) + (build-system gnu-build-system) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("libbsd" ,libbsd) + ("ncurses" ,ncurses))) + (arguments + ;; No test suite available. + '(#:tests? #f + #:make-flags (list (string-append "prefix=" %output) + "CURSES_LIBS=-lncurses" + "CC=gcc") + #:phases (modify-phases %standard-phases + (delete 'configure) + (add-before 'install 'patch-tutorial-location + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "mg.1" + (("/usr") (assoc-ref outputs "out"))) + #t)) + (add-after 'install 'install-tutorial + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (doc (string-append out "/share/doc/mg"))) + (install-file "tutorial" doc) + #t)))))) + (home-page "http://homepage.boetes.org/software/mg/") + (synopsis "Microscopic GNU Emacs clone") + (description + "Mg (mg) is a GNU Emacs style editor, with which it is \"broadly\" +compatible. This is a portable version of the mg maintained by the OpenBSD +team.") + (license license:public-domain))) -- cgit 1.4.1 From 730ed6ec8b69a0f908a8aadbbe0555dd45de227c Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sat, 24 Jun 2017 14:19:46 +0100 Subject: gnu: services: admin: Add tailon. * gnu/services/admin.scm (, ): New record types. (tailon-configuration-files-string, tailon-shepherd-service): New procedures. (%tailon-accounts, tailon-service-type: New variables. * doc/guix.texi (Monitoring Services: Document the Tailon service. * gnu/local.mk (GNU_SYSTEM_MODULES): Add gnu/tests/admin.scm. * gnu/tests/admin.scm: New file. --- doc/guix.texi | 90 +++++++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/admin.scm | 151 ++++++++++++++++++++++++++++++++++++++++++++++++- gnu/tests/admin.scm | 128 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 369 insertions(+), 1 deletion(-) create mode 100644 gnu/tests/admin.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index e8c4e0eaf3..3452850316 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -219,6 +219,7 @@ Services * Database Services:: SQL databases. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. * DNS Services:: DNS daemons. @@ -9011,6 +9012,7 @@ declaration. * Database Services:: SQL databases. * Mail Services:: IMAP, POP3, SMTP, and all that. * Messaging Services:: Messaging services. +* Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. * DNS Services:: DNS daemons. @@ -13599,6 +13601,94 @@ string, you could instantiate a prosody service like this: (prosody.cfg.lua ""))) @end example +@node Monitoring Services +@subsubsection Monitoring Services + +@subsubheading Tailon Service + +@uref{https://tailon.readthedocs.io/, Tailon} is a web application for +viewing and searching log files. + +The following example will configure the service with default values. +By default, Tailon can be accessed on port 8080 (@code{http://localhost:8080}). + +@example +(service tailon-service-type) +@end example + +The following example customises more of the Tailon configuration, +adding @command{sed} to the list of allowed commands. + +@example +(service tailon-service-type + (tailon-configuration + (config-file + (tailon-configuration-file + (allowed-commands '("tail" "grep" "awk" "sed")))))) +@end example + + +@deftp {Data Type} tailon-configuration +Data type representing the configuration of Tailon. +This type has the following parameters: + +@table @asis +@item @code{config-file} (default: @code{(tailon-configuration-file)}) +The configuration file to use for Tailon. This can be set to a +@dfn{tailon-configuration-file} record value, or any gexp +(@pxref{G-Expressions}). + +For example, to instead use a local file, the @code{local-file} function +can be used: + +@example +(service tailon-service-type + (tailon-configuration + (config-file (local-file "./my-tailon.conf")))) +@end example + +@item @code{package} (default: @code{tailon}) +The tailon package to use. + +@end table +@end deftp + +@deftp {Data Type} tailon-configuration-file +Data type representing the configuration options for Tailon. +This type has the following parameters: + +@table @asis +@item @code{files} (default: @code{(list "/var/log")}) +List of files to display. The list can include strings for a single file +or directory, or a list, where the first item is the name of a +subsection, and the remaining items are the files or directories in that +subsection. + +@item @code{bind} (default: @code{"localhost:8080"}) +Address and port to which Tailon should bind on. + +@item @code{relative-root} (default: @code{#f}) +URL path to use for Tailon, set to @code{#f} to not use a path. + +@item @code{allow-transfers?} (default: @code{#t}) +Allow downloading the log files in the web interface. + +@item @code{follow-names?} (default: @code{#t}) +Allow tailing of not-yet existent files. + +@item @code{tail-lines} (default: @code{200}) +Number of lines to read initially from each file. + +@item @code{allowed-commands} (default: @code{(list "tail" "grep" "awk")}) +Commands to allow running. By default, @code{sed} is disabled. + +@item @code{debug?} (default: @code{#f}) +Set @code{debug?} to @code{#t} to show debug messages. + +@end table +@end deftp + + @node Kerberos Services @subsubsection Kerberos Services @cindex Kerberos diff --git a/gnu/local.mk b/gnu/local.mk index 724c6b6758..29dee73c46 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -478,6 +478,7 @@ GNU_SYSTEM_MODULES = \ %D%/build/vm.scm \ \ %D%/tests.scm \ + %D%/tests/admin.scm \ %D%/tests/base.scm \ %D%/tests/dict.scm \ %D%/tests/nfs.scm \ diff --git a/gnu/services/admin.scm b/gnu/services/admin.scm index b9e3fa70a4..1044833fef 100644 --- a/gnu/services/admin.scm +++ b/gnu/services/admin.scm @@ -20,14 +20,19 @@ (define-module (gnu services admin) #:use-module (gnu packages admin) #:use-module (gnu packages base) + #:use-module (gnu packages logging) #:use-module (gnu services) #:use-module (gnu services mcron) #:use-module (gnu services shepherd) + #:use-module (gnu services web) + #:use-module (gnu system shadow) #:use-module (guix gexp) + #:use-module (guix store) #:use-module (guix packages) #:use-module (guix records) #:use-module (srfi srfi-1) #:use-module (ice-9 vlist) + #:use-module (ice-9 match) #:export (%default-rotations %rotated-files @@ -41,7 +46,27 @@ rottlog-configuration rottlog-configuration? rottlog-service - rottlog-service-type)) + rottlog-service-type + + + tailon-configuration-file + tailon-configuration-file? + tailon-configuration-file-files + tailon-configuration-file-bind + tailon-configuration-file-relative-root + tailon-configuration-file-allow-transfers? + tailon-configuration-file-follow-names? + tailon-configuration-file-tail-lines + tailon-configuration-file-allowed-commands + tailon-configuration-file-debug? + + + tailon-configuration + tailon-configuration? + tailon-configuration-config-file + tailon-configuration-package + + tailon-service-type)) ;;; Commentary: ;;; @@ -172,4 +197,128 @@ for ROTATION." rotations))))) (default-value (rottlog-configuration)))) + +;;; +;;; Tailon +;;; + +(define-record-type* + tailon-configuration-file make-tailon-configuration-file + tailon-configuration-file? + (files tailon-configuration-file-files + (default '("/var/log"))) + (bind tailon-configuration-file-bind + (default "localhost:8080")) + (relative-root tailon-configuration-file-relative-root + (default #f)) + (allow-transfers? tailon-configuration-file-allow-transfers? + (default #t)) + (follow-names? tailon-configuration-file-follow-names? + (default #t)) + (tail-lines tailon-configuration-file-tail-lines + (default 200)) + (allowed-commands tailon-configuration-file-allowed-commands + (default '("tail" "grep" "awk"))) + (debug? tailon-configuration-file-debug? + (default #f))) + +(define (tailon-configuration-files-string files) + (string-append + "\n" + (string-join + (map + (lambda (x) + (string-append + " - " + (cond + ((string? x) + (simple-format #f "'~A'" x)) + ((list? x) + (string-join + (cons (simple-format #f "'~A':" (car x)) + (map + (lambda (x) (simple-format #f " - '~A'" x)) + (cdr x))) + "\n")) + (else (error x))))) + files) + "\n"))) + +(define-gexp-compiler (tailon-configuration-file-compiler + (file ) system target) + (match file + (($ files bind relative-root + allow-transfers? follow-names? + tail-lines allowed-commands debug?) + (text-file + "tailon-config.yaml" + (string-concatenate + (filter-map + (match-lambda + ((key . #f) #f) + ((key . value) (string-append key ": " value "\n"))) + + `(("files" . ,(tailon-configuration-files-string files)) + ("bind" . ,bind) + ("relative-root" . ,relative-root) + ("allow-transfers" . ,(if allow-transfers? "true" "false")) + ("follow-names" . ,(if follow-names? "true" "false")) + ("tail-lines" . ,(number->string tail-lines)) + ("commands" . ,(string-append "[" + (string-join allowed-commands ", ") + "]")) + ,@(if debug? '(("debug" . "true")) '())))))))) + +(define-record-type* + tailon-configuration make-tailon-configuration + tailon-configuration? + (config-file tailon-configuration-config-file + (default (tailon-configuration-file))) + (package tailon-configuration-package + (default tailon))) + +(define tailon-shepherd-service + (match-lambda + (($ config-file package) + (list (shepherd-service + (provision '(tailon)) + (documentation "Run the tailon daemon.") + (start #~(make-forkexec-constructor + `(,(string-append #$package "/bin/tailon") + "-c" ,#$config-file) + #:user "tailon" + #:group "tailon")) + (stop #~(make-kill-destructor))))))) + +(define %tailon-accounts + (list (user-group (name "tailon") (system? #t)) + (user-account + (name "tailon") + (group "tailon") + (system? #t) + (comment "tailon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define tailon-service-type + (service-type + (name 'tailon) + (extensions + (list (service-extension shepherd-root-service-type + tailon-shepherd-service) + (service-extension account-service-type + (const %tailon-accounts)))) + (compose concatenate) + (extend (lambda (parameter files) + (tailon-configuration + (inherit parameter) + (config-file + (let ((old-config-file + (tailon-configuration-config-file parameter))) + (tailon-configuration-file + (inherit old-config-file) + (files (append (tailon-configuration-file-files old-config-file) + files)))))))) + (default-value (tailon-configuration)))) + ;;; admin.scm ends here diff --git a/gnu/tests/admin.scm b/gnu/tests/admin.scm new file mode 100644 index 0000000000..3c7deb5426 --- /dev/null +++ b/gnu/tests/admin.scm @@ -0,0 +1,128 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Christopher Baines +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests admin) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system file-systems) + #:use-module (gnu system shadow) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services admin) + #:use-module (gnu services networking) + #:use-module (guix gexp) + #:use-module (guix store) + #:use-module (guix monads) + #:export (%test-tailon)) + +(define %tailon-os + ;; Operating system under test. + (simple-operating-system + (dhcp-client-service) + (service tailon-service-type + (tailon-configuration + (config-file + (tailon-configuration-file + (bind "0.0.0.0:8080"))))))) + +(define* (run-tailon-test #:optional (http-port 8081)) + "Run tests in %TAILON-OS, which has tailon running and listening on +HTTP-PORT." + (define os + (marionette-operating-system + %tailon-os + #:imported-modules '((gnu services herd) + (guix combinators)))) + + (define vm + (virtual-machine + (operating-system os) + (port-forwardings `((,http-port . 8080))))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (ice-9 match) + (gnu build marionette) + (web uri) + (web client) + (web response)) + + (define marionette + ;; Forward the guest's HTTP-PORT, where tailon is listening, to + ;; port 8080 in the host. + (make-marionette (list #$vm))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "tailon") + + (test-eq "service running" + 'running! + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'tailon) + 'running!) + marionette)) + + (define* (retry-on-error f #:key times delay) + (let loop ((attempt 1)) + (match (catch + #t + (lambda () + (cons #t + (f))) + (lambda args + (cons #f + args))) + ((#t . return-value) + return-value) + ((#f . error-args) + (if (>= attempt times) + error-args + (begin + (sleep delay) + (loop (+ 1 attempt)))))))) + + (test-equal "http-get" + 200 + (retry-on-error + (lambda () + (let-values (((response text) + (http-get #$(format + #f + "http://localhost:~A/" + http-port) + #:decode-body? #t))) + (response-code response))) + #:times 10 + #:delay 5)) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "tailon-test" test)) + +(define %test-tailon + (system-test + (name "tailon") + (description "Connect to a running Tailon server.") + (value (run-tailon-test)))) -- cgit 1.4.1 From a4078acf4ab7d694e86ffcaef2073d71e58508f1 Mon Sep 17 00:00:00 2001 From: Peter Mikkelsen Date: Sat, 29 Jul 2017 17:06:55 +0200 Subject: gnu: erlang: Fix man-pages search path of 'erl -man'. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/patches/erlang-man-path.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/erlang.scm (erlang)[source]: Use it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/erlang.scm | 4 +++- gnu/packages/patches/erlang-man-path.patch | 24 ++++++++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/erlang-man-path.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 29dee73c46..9f0915ff6b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -579,6 +579,7 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-fix-scheme-indent-function.patch \ %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch \ %D%/packages/patches/emacs-source-date-epoch.patch \ + %D%/packages/patches/erlang-man-path.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/eudev-conflicting-declaration.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ diff --git a/gnu/packages/erlang.scm b/gnu/packages/erlang.scm index 07f117e283..9658061f21 100644 --- a/gnu/packages/erlang.scm +++ b/gnu/packages/erlang.scm @@ -23,6 +23,7 @@ #:use-module (guix build-system gnu) #:use-module (guix download) #:use-module (guix packages) + #:use-module (gnu packages) #:use-module (gnu packages autotools) #:use-module (gnu packages fontutils) #:use-module (gnu packages gl) @@ -45,7 +46,8 @@ (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1b47jh549yywyp8fbs8a8j4ydr3zn982navzyqvlms6rg8vwb0pw")))) + "1b47jh549yywyp8fbs8a8j4ydr3zn982navzyqvlms6rg8vwb0pw")) + (patches (search-patches "erlang-man-path.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl) diff --git a/gnu/packages/patches/erlang-man-path.patch b/gnu/packages/patches/erlang-man-path.patch new file mode 100644 index 0000000000..68fc9f45b4 --- /dev/null +++ b/gnu/packages/patches/erlang-man-path.patch @@ -0,0 +1,24 @@ +Patch originally from https://sources.debian.net/patches/erlang/1:20.0.1%2Bdfsg-2/man.patch/ +by Francois-Denis Gonthier . + +Patch description rewritten for Guix. + +This patch allows access to the man page with the 'erl -man' command +(Erlang manual pages are placed to /gnu/store/..erlang../share/man/ hierarchy +as other man pages.) + +--- a/erts/etc/common/erlexec.c ++++ b/erts/etc/common/erlexec.c +@@ -709,8 +709,10 @@ + error("-man not supported on Windows"); + #else + argv[i] = "man"; +- erts_snprintf(tmpStr, sizeof(tmpStr), "%s/man", rootdir); +- set_env("MANPATH", tmpStr); ++ /* ++ * Conform to erlang-manpages content. ++ */ ++ putenv(strsave("MANSECT=1:3:5:7")); + execvp("man", argv+i); + error("Could not execute the 'man' command."); + #endif -- cgit 1.4.1 From 119fdd0d0e33492ef2b563295fe9564258d51401 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Thu, 27 Jul 2017 17:13:49 +0100 Subject: services: Add memcached. * gnu/services/databases.scm (memcached-service-type, %memcached-accounts): New variables. (): New record type. (memcached-service-type): New procedures. * gnu/tests/databases.scm: New file. * doc/guix.texi (Database Services): Document the new memcached service. * gnu/local.mk (GNU_SYSTEM_MODULES): Add entry for tests/databases.scm. --- doc/guix.texi | 32 ++++++++++++ gnu/local.mk | 1 + gnu/services/databases.scm | 73 +++++++++++++++++++++++++++ gnu/tests/databases.scm | 121 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 227 insertions(+) create mode 100644 gnu/tests/databases.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index 3452850316..2beeaf9779 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -11724,6 +11724,38 @@ TCP port on which the database server listens for incoming connections. @end table @end deftp +@defvr {Scheme Variable} memcached-service-type +This is the service type for the @uref{https://memcached.org/, +Memcached} service, which provides a distributed in memory cache. The +value for the service type is a @code{memcached-configuration} object. +@end defvr + +@example +(service memcached-service-type) +@end example + +@deftp {Data Type} memcached-configuration +Data type representing the configuration of memcached. + +@table @asis +@item @code{memcached} (default: @code{memcached}) +The Memcached package to use. + +@item @code{interfaces} (default: @code{'("0.0.0.0")}) +Network interfaces on which to listen. + +@item @code{tcp-port} (default: @code{11211}) +Port on which to accept connections on, + +@item @code{udp-port} (default: @code{11211}) +Port on which to accept UDP connections on, a value of 0 will disable +listening on a UDP socket. + +@item @code{additional-options} (default: @code{'()}) +Additional command line options to pass to @code{memcached}. +@end table +@end deftp + @defvr {Scheme Variable} redis-service-type This is the service type for the @uref{https://redis.io/, Redis} key/value store, whose value is a @code{redis-configuration} object. diff --git a/gnu/local.mk b/gnu/local.mk index 9f0915ff6b..ff47777650 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -480,6 +480,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests.scm \ %D%/tests/admin.scm \ %D%/tests/base.scm \ + %D%/tests/databases.scm \ %D%/tests/dict.scm \ %D%/tests/nfs.scm \ %D%/tests/install.scm \ diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 3ecc8aff78..3b64d0e075 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -25,6 +25,7 @@ #:use-module (gnu system shadow) #:use-module (gnu packages admin) #:use-module (gnu packages databases) + #:use-module (guix modules) #:use-module (guix records) #:use-module (guix gexp) #:use-module (ice-9 match) @@ -33,6 +34,16 @@ postgresql-service postgresql-service-type + memcached-service-type + + memcached-configuration + memcached-configuration? + memcached-configuration-memecached + memcached-configuration-interfaces + memcached-configuration-tcp-port + memcached-configuration-udp-port + memcached-configuration-additional-options + mysql-service mysql-service-type mysql-configuration @@ -176,6 +187,68 @@ and stores the database cluster in @var{data-directory}." (config-file config-file) (data-directory data-directory)))) + +;;; +;;; Memcached +;;; + +(define-record-type* + memcached-configuration make-memcached-configuration + memcached-configuration? + (memcached memcached-configuration-memcached ; + (default memcached)) + (interfaces memcached-configuration-interfaces + (default '("0.0.0.0"))) + (tcp-port memcached-configuration-tcp-port + (default 11211)) + (udp-port memcached-configuration-udp-port + (default 11211)) + (additional-options memcached-configuration-additional-options + (default '()))) + +(define %memcached-accounts + (list (user-group (name "memcached") (system? #t)) + (user-account + (name "memcached") + (group "memcached") + (system? #t) + (comment "Memcached server user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define memcached-shepherd-service + (match-lambda + (($ memcached interfaces tcp-port udp-port + additional-options) + (with-imported-modules (source-module-closure + '((gnu build shepherd))) + (list (shepherd-service + (provision '(memcached)) + (documentation "Run the Memcached daemon.") + (requirement '(user-processes loopback)) + (modules '((gnu build shepherd))) + (start #~(make-forkexec-constructor + `(#$(file-append memcached "/bin/memcached") + "-l" #$(string-join interfaces ",") + "-p" #$(number->string tcp-port) + "-U" #$(number->string udp-port) + "--daemon" + "-P" "/var/run/memcached.pid" + "-u" "memcached" + ,#$@additional-options) + #:log-file "/var/log/memcached" + #:pid-file "/var/run/memcached.pid")) + (stop #~(make-kill-destructor)))))))) + +(define memcached-service-type + (service-type (name 'memcached) + (extensions + (list (service-extension shepherd-root-service-type + memcached-shepherd-service) + (service-extension account-service-type + (const %memcached-accounts)))) + (default-value (memcached-configuration)))) + ;;; ;;; MySQL. diff --git a/gnu/tests/databases.scm b/gnu/tests/databases.scm new file mode 100644 index 0000000000..310210c368 --- /dev/null +++ b/gnu/tests/databases.scm @@ -0,0 +1,121 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Christopher Baines +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests databases) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system file-systems) + #:use-module (gnu system shadow) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services databases) + #:use-module (gnu services networking) + #:use-module (guix gexp) + #:use-module (guix store) + #:export (%test-memcached)) + +(define %memcached-os + (simple-operating-system + (dhcp-client-service) + (service memcached-service-type))) + +(define* (run-memcached-test #:optional (port 11211)) + "Run tests in %MEMCACHED-OS, forwarding PORT." + (define os + (marionette-operating-system + %memcached-os + #:imported-modules '((gnu services herd) + (guix combinators)))) + + (define vm + (virtual-machine + (operating-system os) + (port-forwardings `((11211 . ,port))))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (gnu build marionette) + (ice-9 rdelim)) + + (define marionette + (make-marionette (list #$vm))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "memcached") + + ;; Wait for memcached to be up and running. + (test-eq "service running" + 'running! + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'memcached) + 'running!) + marionette)) + + (let* ((ai (car (getaddrinfo "localhost" + #$(number->string port)))) + (s (socket (addrinfo:fam ai) + (addrinfo:socktype ai) + (addrinfo:protocol ai))) + (key "testkey") + (value "guix")) + (connect s (addrinfo:addr ai)) + + (test-equal "set" + "STORED\r" + (begin + (simple-format s "set ~A 0 60 ~A\r\n~A\r\n" + key + (string-length value) + value) + (read-line s))) + + (test-equal "get" + (simple-format #f "VALUE ~A 0 ~A\r~A\r" + key + (string-length value) + value) + (begin + (simple-format s "get ~A\r\n" key) + (string-append + (read-line s) + (read-line s)))) + + (close-port s)) + + ;; There should be a log file in here. + (test-assert "log file" + (marionette-eval + '(file-exists? "/var/log/memcached") + marionette)) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "memcached-test" test)) + +(define %test-memcached + (system-test + (name "memcached") + (description "Connect to a running MEMCACHED server.") + (value (run-memcached-test)))) -- cgit 1.4.1 From 58dce7bfb59d4f89b035c9bf181e73f4b667b57c Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 31 Jul 2017 11:13:49 +0200 Subject: gnu: libgit2: Update to 0.26.0. * gnu/packages/version-control.scm (libgit2): Update to 0.26.0. Remove "libgit2-use-after-free.patch". * gnu/packages/patches/libgit2-use-after-free.patch: Remove. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/libgit2-use-after-free.patch | 24 ----------------------- gnu/packages/version-control.scm | 7 +++---- 3 files changed, 3 insertions(+), 29 deletions(-) delete mode 100644 gnu/packages/patches/libgit2-use-after-free.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index ff47777650..3fb8f168de 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -756,7 +756,6 @@ dist_patch_DATA = \ %D%/packages/patches/libgit2-0.25.1-mtime-0.patch \ %D%/packages/patches/libgdata-fix-tests.patch \ %D%/packages/patches/libgdata-glib-duplicate-tests.patch \ - %D%/packages/patches/libgit2-use-after-free.patch \ %D%/packages/patches/libjxr-fix-function-signature.patch \ %D%/packages/patches/libjxr-fix-typos.patch \ %D%/packages/patches/liboop-mips64-deplibs-fix.patch \ diff --git a/gnu/packages/patches/libgit2-use-after-free.patch b/gnu/packages/patches/libgit2-use-after-free.patch deleted file mode 100644 index 580af8781a..0000000000 --- a/gnu/packages/patches/libgit2-use-after-free.patch +++ /dev/null @@ -1,24 +0,0 @@ -This patch is taken from ; -we need it to fix the use-after-free error in 'git_commit_extract_signature' -reported at . - -From ade0d9c658fdfc68d8046935f6908f033fe7a529 Mon Sep 17 00:00:00 2001 -From: Patrick Steinhardt -Date: Mon, 13 Feb 2017 13:46:17 +0100 -Subject: [PATCH 3/3] commit: avoid possible use-after-free - -diff --git a/src/commit.c b/src/commit.c -index 89a4db1..05b70a9 100644 ---- a/src/commit.c -+++ b/src/commit.c -@@ -766,8 +766,9 @@ int git_commit_extract_signature(git_buf *signature, git_buf *signed_data, git_r - if (git_buf_oom(signature)) - goto oom; - -+ error = git_buf_puts(signed_data, eol+1); - git_odb_object_free(obj); -- return git_buf_puts(signed_data, eol+1); -+ return error; - } - - giterr_set(GITERR_OBJECT, "this commit is not signed"); diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 2e17201a5f..fbaf8f2f29 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -334,7 +334,7 @@ everything from small to very large projects with speed and efficiency.") (define-public libgit2 (package (name "libgit2") - (version "0.25.1") + (version "0.26.0") (source (origin (method url-fetch) (uri (string-append "https://github.com/libgit2/libgit2/" @@ -342,9 +342,8 @@ everything from small to very large projects with speed and efficiency.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s")) - (patches (search-patches "libgit2-use-after-free.patch" - "libgit2-0.25.1-mtime-0.patch")))) + "1fdk9yhwvl1w1z71ykzcvgh4nsf8scxcbclz5anh98zpplmhmisa")) + (patches (search-patches "libgit2-0.25.1-mtime-0.patch")))) (build-system cmake-build-system) (arguments `(#:phases -- cgit 1.4.1 From 269504a797a3e950725e406edf550a03946900ad Mon Sep 17 00:00:00 2001 From: Muriithi Frederick Muriuki Date: Thu, 15 Jun 2017 18:39:05 +0300 Subject: gnu: python-pbr-minimal: Update to 3.0.1 * gnu/packages/python.scm (python-pbr-minimal): Update to 3.0.1 [source]: Update hash and remove patch. * gnu/packages/patches/python-pbr-fix-man-page-support.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. Signed-off-by: Efraim Flashner --- gnu/local.mk | 1 - .../patches/python-pbr-fix-man-page-support.patch | 28 ---------------------- gnu/packages/python.scm | 5 ++-- 3 files changed, 2 insertions(+), 32 deletions(-) delete mode 100644 gnu/packages/patches/python-pbr-fix-man-page-support.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3fb8f168de..4189703c92 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -971,7 +971,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-pandas-skip-failing-tests.patch \ %D%/packages/patches/python-paste-remove-website-test.patch \ %D%/packages/patches/python-paste-remove-timing-test.patch \ - %D%/packages/patches/python-pbr-fix-man-page-support.patch \ %D%/packages/patches/python-pillow-freetype-2.7-test-failure.patch \ %D%/packages/patches/python-pygit2-disable-network-tests.patch \ %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch \ diff --git a/gnu/packages/patches/python-pbr-fix-man-page-support.patch b/gnu/packages/patches/python-pbr-fix-man-page-support.patch deleted file mode 100644 index b9036f5b01..0000000000 --- a/gnu/packages/patches/python-pbr-fix-man-page-support.patch +++ /dev/null @@ -1,28 +0,0 @@ -See: https://bugs.launchpad.net/oslosphinx/+bug/1661861 -diff -ur orig/pbr-1.10.0/pbr/builddoc.py pbr-1.10.0/pbr/builddoc.py ---- orig/pbr-1.10.0/pbr/builddoc.py 2016-05-23 21:38:18.000000000 +0200 -+++ pbr-1.10.0/pbr/builddoc.py 2017-02-18 14:01:37.424434317 +0100 -@@ -138,7 +138,8 @@ - sphinx_config.init_values(warnings.warn) - else: - sphinx_config.init_values() -- if self.builder == 'man' and len(sphinx_config.man_pages) == 0: -+ if self.builder == 'man' and len( -+ getattr(sphinx_config, 'man_pages', '')) == 0: - return - app = application.Sphinx( - self.source_dir, self.config_dir, -diff -ur orig/pbr-1.10.0/pbr/util.py pbr-1.10.0/pbr/util.py ---- orig/pbr-1.10.0/pbr/util.py 2016-05-23 21:38:18.000000000 +0200 -+++ pbr-1.10.0/pbr/util.py 2017-02-18 15:36:32.951196795 +0100 -@@ -211,7 +211,9 @@ - parser.read(path) - config = {} - for section in parser.sections(): -- config[section] = dict(parser.items(section)) -+ config[section] = dict() -+ for k, value in parser.items(section): -+ config[section][k.replace('-', '_')] = value - - # Run setup_hooks, if configured - setup_hooks = has_get_option(config, 'global', 'setup_hooks') diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 2b38202218..21e32c343d 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -2276,15 +2276,14 @@ protocol.") (define python-pbr-minimal (package (name "python-pbr-minimal") - (version "1.10.0") + (version "3.0.1") (source (origin (method url-fetch) (uri (pypi-uri "pbr" version)) (sha256 (base32 - "177kd9kbv1hvf2ban7l3x9ymzbi1md4hkaymwbgnz7ihf312hr0q")) - (patches (search-patches "python-pbr-fix-man-page-support.patch")))) + "14fs5acnalnb3h62s7q7av239j541fk0n0z0lawh4h09b1s93s6p")))) (build-system python-build-system) (arguments `(#:tests? #f)) -- cgit 1.4.1 From 04b6d6f7f7a73e39dcff1e2bca3113ea567e2944 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 1 Aug 2017 15:19:38 +0200 Subject: gnu: guile-ssh: Update to 0.11.2. * gnu/packages/ssh.scm (guile-ssh): Update to 0.11.2. [source]: Remove 'patches', 'modules', and 'snippet'. * gnu/packages/patches/guile-ssh-channel-finalization.patch, gnu/packages/patches/guile-ssh-double-free.patch, gnu/packages/patches/guile-ssh-rexec-bug.patch: Remove. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 3 -- .../patches/guile-ssh-channel-finalization.patch | 28 ---------------- gnu/packages/patches/guile-ssh-double-free.patch | 37 ---------------------- gnu/packages/patches/guile-ssh-rexec-bug.patch | 16 ---------- gnu/packages/ssh.scm | 16 ++-------- 5 files changed, 2 insertions(+), 98 deletions(-) delete mode 100644 gnu/packages/patches/guile-ssh-channel-finalization.patch delete mode 100644 gnu/packages/patches/guile-ssh-double-free.patch delete mode 100644 gnu/packages/patches/guile-ssh-rexec-bug.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 4189703c92..db8be36fb4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -675,9 +675,6 @@ dist_patch_DATA = \ %D%/packages/patches/guile-present-coding.patch \ %D%/packages/patches/guile-relocatable.patch \ %D%/packages/patches/guile-rsvg-pkgconfig.patch \ - %D%/packages/patches/guile-ssh-channel-finalization.patch \ - %D%/packages/patches/guile-ssh-double-free.patch \ - %D%/packages/patches/guile-ssh-rexec-bug.patch \ %D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch \ %D%/packages/patches/gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch \ %D%/packages/patches/gtk2-theme-paths.patch \ diff --git a/gnu/packages/patches/guile-ssh-channel-finalization.patch b/gnu/packages/patches/guile-ssh-channel-finalization.patch deleted file mode 100644 index 54b5055a20..0000000000 --- a/gnu/packages/patches/guile-ssh-channel-finalization.patch +++ /dev/null @@ -1,28 +0,0 @@ -Avoid asynchronous channel finalization, which could lead to segfaults due to -libssh not being thread-safe: . - ---- guile-ssh-0.11.0/modules/ssh/dist/node.scm 2017-06-13 14:37:44.861671297 +0200 -+++ guile-ssh-0.11.0/modules/ssh/dist/node.scm 2017-06-13 14:38:02.841580565 +0200 -@@ -391,11 +391,18 @@ listens on an expected port, return #f o - "Evaluate QUOTED-EXP on the node and return the evaluated result." - (let ((repl-channel (node-open-rrepl node))) - (rrepl-skip-to-prompt repl-channel) -- (call-with-values (lambda () (rrepl-eval repl-channel quoted-exp)) -- (lambda vals -- (and (node-stop-repl-server? node) -+ (dynamic-wind -+ (const #t) -+ (lambda () -+ (rrepl-eval repl-channel quoted-exp)) -+ (lambda () -+ (when (node-stop-repl-server? node) - (node-stop-server node)) -- (apply values vals))))) -+ -+ ;; Close REPL-CHANNEL right away to prevent finalization from -+ ;; happening in another thread at the wrong time (see -+ ;; .) -+ (close-port repl-channel))))) - - (define (node-eval-1 node quoted-exp) - "Evaluate QUOTED-EXP on the node and return the evaluated result. The diff --git a/gnu/packages/patches/guile-ssh-double-free.patch b/gnu/packages/patches/guile-ssh-double-free.patch deleted file mode 100644 index 9692b81d39..0000000000 --- a/gnu/packages/patches/guile-ssh-double-free.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix a double-free or use-after-free issue with Guile-SSH used -with Guile 2.2. See . - -diff --git a/libguile-ssh/channel-type.c b/libguile-ssh/channel-type.c -index 3dd641f..0839854 100644 ---- a/libguile-ssh/channel-type.c -+++ b/libguile-ssh/channel-type.c -@@ -229,10 +229,11 @@ ptob_close (SCM channel) - ssh_channel_free (ch->ssh_channel); - } - -+ SCM_SETSTREAM (channel, NULL); -+ - #if USING_GUILE_BEFORE_2_2 - scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer"); - scm_gc_free (pt->read_buf, pt->read_buf_size, "port read buffer"); -- SCM_SETSTREAM (channel, NULL); - - return 0; - #endif -diff --git a/libguile-ssh/sftp-file-type.c b/libguile-ssh/sftp-file-type.c -index 8879924..f87cf03 100644 ---- a/libguile-ssh/sftp-file-type.c -+++ b/libguile-ssh/sftp-file-type.c -@@ -224,10 +224,11 @@ ptob_close (SCM sftp_file) - sftp_close (fd->file); - } - -+ SCM_SETSTREAM (sftp_file, NULL); -+ - #if USING_GUILE_BEFORE_2_2 - scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer"); - scm_gc_free (pt->read_buf, pt->read_buf_size, "port read buffer"); -- SCM_SETSTREAM (sftp_file, NULL); - - return 1; - #endif diff --git a/gnu/packages/patches/guile-ssh-rexec-bug.patch b/gnu/packages/patches/guile-ssh-rexec-bug.patch deleted file mode 100644 index 363fea38c9..0000000000 --- a/gnu/packages/patches/guile-ssh-rexec-bug.patch +++ /dev/null @@ -1,16 +0,0 @@ -Fix a bug whereby 'node-guile-version' would pass a node instead of -a session to 'rexec'. - -diff --git a/modules/ssh/dist/node.scm b/modules/ssh/dist/node.scm -index 9c065c7..29a3906 100644 ---- a/modules/ssh/dist/node.scm -+++ b/modules/ssh/dist/node.scm -@@ -411,7 +411,8 @@ procedure returns the 1st evaluated value if multiple values were returned." - "Get Guile version installed on a NODE, return the version string. Return - #f if Guile is not installed." - (receive (result rc) -- (rexec node "which guile > /dev/null && guile --version") -+ (rexec (node-session node) -+ "which guile > /dev/null && guile --version") - (and (zero? rc) - (car result)))) diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index 22737b7aec..55689a6c6d 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -215,7 +215,7 @@ Additionally, various channel-specific options can be negotiated.") (define-public guile-ssh (package (name "guile-ssh") - (version "0.11.0") + (version "0.11.2") (home-page "https://github.com/artyom-poptsov/guile-ssh") (source (origin ;; ftp://memory-heap.org/software/guile-ssh/guile-ssh-VERSION.tar.gz @@ -227,19 +227,7 @@ Additionally, various channel-specific options can be negotiated.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0r261i8kc3avbmbwgyzak2vnqwssjlgz37g2y2fwm80w9bmn2m7j")) - (patches (search-patches "guile-ssh-rexec-bug.patch" - "guile-ssh-double-free.patch" - "guile-ssh-channel-finalization.patch")) - (modules '((guix build utils))) - (snippet - ;; 'configure.ac' mistakenly tries to link files from examples/ - ;; that are not instantiated yet. Work around it. - '(substitute* "configure.ac" - (("AC_CONFIG_LINKS\\(\\[examples/([^:]+):.*" _ file) - (string-append "AC_CONFIG_FILES([examples/" file - "], [chmod +x examples/" - file "])\n")))))) + "1w0k5s09xj5xycb7lbp5b7rm0xncclms3jwl98lwj8fxwngi1s90")))) (build-system gnu-build-system) (outputs '("out" "debug")) (arguments -- cgit 1.4.1 From 575e5e4e51e01aed1044cd8ba9e00a9631eba794 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 2 Aug 2017 20:48:12 +0300 Subject: gnu: glibc@2.24: Fix CVE-2015-5180. * gnu/packages/base.scm (glibc@2.24)[source]: Add patch. * gnu/packages/patches/glibc-CVE-2015-5180.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/base.scm | 1 + gnu/packages/patches/glibc-CVE-2015-5180.patch | 311 +++++++++++++++++++++++++ 3 files changed, 313 insertions(+) create mode 100644 gnu/packages/patches/glibc-CVE-2015-5180.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index db8be36fb4..5cc8b64aa0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -644,6 +644,7 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ + %D%/packages/patches/glibc-CVE-2015-5180.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 2040f84bf1..f23db9a778 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -933,6 +933,7 @@ GLIBC/HURD for a Hurd host" "glibc-versioned-locpath.patch" "glibc-o-largefile.patch" "glibc-vectorized-strcspn-guards.patch" + "glibc-CVE-2015-5180.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))))) diff --git a/gnu/packages/patches/glibc-CVE-2015-5180.patch b/gnu/packages/patches/glibc-CVE-2015-5180.patch new file mode 100644 index 0000000000..92e3740fc1 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2015-5180.patch @@ -0,0 +1,311 @@ +From b3b37f1a5559a7620e31c8053ed1b44f798f2b6d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Sat, 31 Dec 2016 20:22:09 +0100 +Subject: [PATCH] CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ + #18784] + +Also rename T_UNSPEC because an upcoming public header file +update will use that name. + +(cherry picked from commit fc82b0a2dfe7dbd35671c10510a8da1043d746a5) +--- + ChangeLog | 14 ++++ + NEWS | 6 ++ + include/arpa/nameser_compat.h | 6 +- + resolv/Makefile | 5 ++ + resolv/nss_dns/dns-host.c | 2 +- + resolv/res_mkquery.c | 4 + + resolv/res_query.c | 6 +- + resolv/tst-resolv-qtypes.c | 185 ++++++++++++++++++++++++++++++++++++++++++ + 8 files changed, 221 insertions(+), 7 deletions(-) + create mode 100644 resolv/tst-resolv-qtypes.c + +diff --git a/include/arpa/nameser_compat.h b/include/arpa/nameser_compat.h +index 2e735ed..7c0deed 100644 +--- a/include/arpa/nameser_compat.h ++++ b/include/arpa/nameser_compat.h +@@ -1,8 +1,8 @@ + #ifndef _ARPA_NAMESER_COMPAT_ + #include + +-/* Picksome unused number to represent lookups of IPv4 and IPv6 (i.e., +- T_A and T_AAAA). */ +-#define T_UNSPEC 62321 ++/* The number is outside the 16-bit RR type range and is used ++ internally by the implementation. */ ++#define T_QUERY_A_AND_AAAA 439963904 + + #endif +diff --git a/resolv/Makefile b/resolv/Makefile +index 8be41d3..a4c86b9 100644 +--- a/resolv/Makefile ++++ b/resolv/Makefile +@@ -40,6 +40,9 @@ ifeq ($(have-thread-library),yes) + extra-libs += libanl + routines += gai_sigqueue + tests += tst-res_hconf_reorder ++ ++# This test sends millions of packets and is rather slow. ++xtests += tst-resolv-qtypes + endif + extra-libs-others = $(extra-libs) + libresolv-routines := gethnamaddr res_comp res_debug \ +@@ -117,3 +120,5 @@ tst-leaks2-ENV = MALLOC_TRACE=$(objpfx)tst-leaks2.mtrace + $(objpfx)mtrace-tst-leaks2.out: $(objpfx)tst-leaks2.out + $(common-objpfx)malloc/mtrace $(objpfx)tst-leaks2.mtrace > $@; \ + $(evaluate-test) ++ ++$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +index 5f9e357..d16fa4b 100644 +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -323,7 +323,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat, + + int olderr = errno; + enum nss_status status; +- int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC, ++ int n = __libc_res_nsearch (&_res, name, C_IN, T_QUERY_A_AND_AAAA, + host_buffer.buf->buf, 2048, &host_buffer.ptr, + &ans2p, &nans2p, &resplen2, &ans2p_malloced); + if (n >= 0) +diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c +index 12f9730..d80b531 100644 +--- a/resolv/res_mkquery.c ++++ b/resolv/res_mkquery.c +@@ -103,6 +103,10 @@ res_nmkquery(res_state statp, + int n; + u_char *dnptrs[20], **dpp, **lastdnptr; + ++ if (class < 0 || class > 65535 ++ || type < 0 || type > 65535) ++ return -1; ++ + #ifdef DEBUG + if (statp->options & RES_DEBUG) + printf(";; res_nmkquery(%s, %s, %s, %s)\n", +diff --git a/resolv/res_query.c b/resolv/res_query.c +index 944d1a9..07dc6f6 100644 +--- a/resolv/res_query.c ++++ b/resolv/res_query.c +@@ -122,7 +122,7 @@ __libc_res_nquery(res_state statp, + int n, use_malloc = 0; + u_int oflags = statp->_flags; + +- size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE; ++ size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE; + u_char *buf = alloca (bufsize); + u_char *query1 = buf; + int nquery1 = -1; +@@ -137,7 +137,7 @@ __libc_res_nquery(res_state statp, + printf(";; res_query(%s, %d, %d)\n", name, class, type); + #endif + +- if (type == T_UNSPEC) ++ if (type == T_QUERY_A_AND_AAAA) + { + n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL, + query1, bufsize); +@@ -190,7 +190,7 @@ __libc_res_nquery(res_state statp, + if (__builtin_expect (n <= 0, 0) && !use_malloc) { + /* Retry just in case res_nmkquery failed because of too + short buffer. Shouldn't happen. */ +- bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET; ++ bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET; + buf = malloc (bufsize); + if (buf != NULL) { + query1 = buf; +diff --git a/resolv/tst-resolv-qtypes.c b/resolv/tst-resolv-qtypes.c +new file mode 100644 +index 0000000..b3e60c6 +--- /dev/null ++++ b/resolv/tst-resolv-qtypes.c +@@ -0,0 +1,185 @@ ++/* Exercise low-level query functions with different QTYPEs. ++ Copyright (C) 2016 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/* If ture, the response function will send the actual response packet ++ over TCP instead of UDP. */ ++static volatile bool force_tcp; ++ ++/* Send back a fake resource record matching the QTYPE. */ ++static void ++response (const struct resolv_response_context *ctx, ++ struct resolv_response_builder *b, ++ const char *qname, uint16_t qclass, uint16_t qtype) ++{ ++ if (force_tcp && ctx->tcp) ++ { ++ resolv_response_init (b, (struct resolv_response_flags) { .tc = 1 }); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ return; ++ } ++ ++ resolv_response_init (b, (struct resolv_response_flags) { }); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ resolv_response_section (b, ns_s_an); ++ resolv_response_open_record (b, qname, qclass, qtype, 0); ++ resolv_response_add_data (b, &qtype, sizeof (qtype)); ++ resolv_response_close_record (b); ++} ++ ++static const const char *domain = "www.example.com"; ++ ++static int ++wrap_res_query (int type, unsigned char *answer, int answer_length) ++{ ++ return res_query (domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_search (int type, unsigned char *answer, int answer_length) ++{ ++ return res_query (domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_querydomain (int type, unsigned char *answer, int answer_length) ++{ ++ return res_querydomain ("www", "example.com", C_IN, type, ++ answer, answer_length); ++} ++ ++static int ++wrap_res_send (int type, unsigned char *answer, int answer_length) ++{ ++ unsigned char buf[512]; ++ int ret = res_mkquery (QUERY, domain, C_IN, type, ++ (const unsigned char *) "", 0, NULL, ++ buf, sizeof (buf)); ++ if (type < 0 || type >= 65536) ++ { ++ /* res_mkquery fails for out-of-range record types. */ ++ TEST_VERIFY_EXIT (ret == -1); ++ return -1; ++ } ++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */ ++ return res_send (buf, ret, answer, answer_length); ++} ++ ++static int ++wrap_res_nquery (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_nsearch (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_nquerydomain (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquerydomain (&_res, "www", "example.com", C_IN, type, ++ answer, answer_length); ++} ++ ++static int ++wrap_res_nsend (int type, unsigned char *answer, int answer_length) ++{ ++ unsigned char buf[512]; ++ int ret = res_nmkquery (&_res, QUERY, domain, C_IN, type, ++ (const unsigned char *) "", 0, NULL, ++ buf, sizeof (buf)); ++ if (type < 0 || type >= 65536) ++ { ++ /* res_mkquery fails for out-of-range record types. */ ++ TEST_VERIFY_EXIT (ret == -1); ++ return -1; ++ } ++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */ ++ return res_nsend (&_res, buf, ret, answer, answer_length); ++} ++ ++static void ++test_function (const char *fname, ++ int (*func) (int type, ++ unsigned char *answer, int answer_length)) ++{ ++ unsigned char buf[512]; ++ for (int tcp = 0; tcp < 2; ++tcp) ++ { ++ force_tcp = tcp; ++ for (unsigned int type = 1; type <= 65535; ++type) ++ { ++ if (test_verbose) ++ printf ("info: sending QTYPE %d with %s (tcp=%d)\n", ++ type, fname, tcp); ++ int ret = func (type, buf, sizeof (buf)); ++ if (ret != 47) ++ FAIL_EXIT1 ("%s tcp=%d qtype=%d return value %d", ++ fname,tcp, type, ret); ++ /* One question, one answer record. */ ++ TEST_VERIFY (memcmp (buf + 4, "\0\1\0\1\0\0\0\0", 8) == 0); ++ /* Question section. */ ++ static const char qname[] = "\3www\7example\3com"; ++ size_t qname_length = sizeof (qname); ++ TEST_VERIFY (memcmp (buf + 12, qname, qname_length) == 0); ++ /* RDATA part of answer. */ ++ uint16_t type16 = type; ++ TEST_VERIFY (memcmp (buf + ret - 2, &type16, sizeof (type16)) == 0); ++ } ++ } ++ ++ TEST_VERIFY (func (-1, buf, sizeof (buf) == -1)); ++ TEST_VERIFY (func (65536, buf, sizeof (buf) == -1)); ++} ++ ++static int ++do_test (void) ++{ ++ struct resolv_redirect_config config = ++ { ++ .response_callback = response, ++ }; ++ struct resolv_test *obj = resolv_test_start (config); ++ ++ test_function ("res_query", &wrap_res_query); ++ test_function ("res_search", &wrap_res_search); ++ test_function ("res_querydomain", &wrap_res_querydomain); ++ test_function ("res_send", &wrap_res_send); ++ ++ test_function ("res_nquery", &wrap_res_nquery); ++ test_function ("res_nsearch", &wrap_res_nsearch); ++ test_function ("res_nquerydomain", &wrap_res_nquerydomain); ++ test_function ("res_nsend", &wrap_res_nsend); ++ ++ resolv_test_end (obj); ++ return 0; ++} ++ ++#define TIMEOUT 300 ++#include +-- +2.9.3 + -- cgit 1.4.1 From a0ae64a334ce4dda269828bbb3c9182842e5cd50 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 2 Aug 2017 21:11:57 +0300 Subject: gnu: glibc@2.23: Fix CVE-2015-5180, CVE-2016-{3075,3706,4429}. * gnu/packages/base.scm (glibc@2.23)[source]: Add patches. * gnu/packages/patches/glibc-CVE-2016-3075.patch, gnu/packages/patches/glibc-CVE-2016-3706.patch, gnu/packages/patches/glibc-CVE-2016-4429.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 3 + gnu/packages/base.scm | 4 + gnu/packages/patches/glibc-CVE-2016-3075.patch | 43 ++++++ gnu/packages/patches/glibc-CVE-2016-3706.patch | 188 +++++++++++++++++++++++++ gnu/packages/patches/glibc-CVE-2016-4429.patch | 58 ++++++++ 5 files changed, 296 insertions(+) create mode 100644 gnu/packages/patches/glibc-CVE-2016-3075.patch create mode 100644 gnu/packages/patches/glibc-CVE-2016-3706.patch create mode 100644 gnu/packages/patches/glibc-CVE-2016-4429.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 5cc8b64aa0..67150aed67 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -645,6 +645,9 @@ dist_patch_DATA = \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ %D%/packages/patches/glibc-CVE-2015-5180.patch \ + %D%/packages/patches/glibc-CVE-2016-3075.patch \ + %D%/packages/patches/glibc-CVE-2016-3706.patch \ + %D%/packages/patches/glibc-CVE-2016-4429.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index f23db9a778..37e09eb8ce 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -953,6 +953,10 @@ GLIBC/HURD for a Hurd host" "glibc-versioned-locpath.patch" "glibc-o-largefile.patch" "glibc-vectorized-strcspn-guards.patch" + "glibc-CVE-2015-5180.patch" + "glibc-CVE-2016-3075.patch" + "glibc-CVE-2016-3706.patch" + "glibc-CVE-2016-4429.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))))) diff --git a/gnu/packages/patches/glibc-CVE-2016-3075.patch b/gnu/packages/patches/glibc-CVE-2016-3075.patch new file mode 100644 index 0000000000..d16722806e --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2016-3075.patch @@ -0,0 +1,43 @@ +From 146b58d11fddbef15b888906e3be4f33900c416f Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Tue, 29 Mar 2016 12:57:56 +0200 +Subject: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ + #19879] + +The defensive copy is not needed because the name may not alias the +output buffer. + +(cherry picked from commit 317b199b4aff8cfa27f2302ab404d2bb5032b9a4) +(cherry picked from commit 883dceebc8f11921a9890211a4e202e5be17562f) +--- + ChangeLog | 7 +++++++ + NEWS | 10 ++++++++-- + resolv/nss_dns/dns-network.c | 5 +---- + 3 files changed, 16 insertions(+), 6 deletions(-) + +diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c +index 2eb2f67..8f301a7 100644 +--- a/resolv/nss_dns/dns-network.c ++++ b/resolv/nss_dns/dns-network.c +@@ -118,17 +118,14 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result, + } net_buffer; + querybuf *orig_net_buffer; + int anslen; +- char *qbuf; + enum nss_status status; + + if (__res_maybe_init (&_res, 0) == -1) + return NSS_STATUS_UNAVAIL; + +- qbuf = strdupa (name); +- + net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024); + +- anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf, ++ anslen = __libc_res_nsearch (&_res, name, C_IN, T_PTR, net_buffer.buf->buf, + 1024, &net_buffer.ptr, NULL, NULL, NULL, NULL); + if (anslen < 0) + { +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2016-3706.patch b/gnu/packages/patches/glibc-CVE-2016-3706.patch new file mode 100644 index 0000000000..617242df24 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2016-3706.patch @@ -0,0 +1,188 @@ +From 1a8a7c12950a0026a3c406a7cb1608f96aa1460e Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Fri, 29 Apr 2016 10:35:34 +0200 +Subject: [PATCH] CVE-2016-3706: getaddrinfo: stack overflow in hostent + conversion [BZ #20010] + +When converting a struct hostent response to struct gaih_addrtuple, the +gethosts macro (which is called from gaih_inet) used alloca, without +malloc fallback for large responses. This commit changes this code to +use calloc unconditionally. + +This commit also consolidated a second hostent-to-gaih_addrtuple +conversion loop (in gaih_inet) to use the new conversion function. + +(cherry picked from commit 4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9) +--- + ChangeLog | 10 ++++ + sysdeps/posix/getaddrinfo.c | 130 +++++++++++++++++++++++--------------------- + 2 files changed, 79 insertions(+), 61 deletions(-) + +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 1ef3f20..fed2d3b 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -168,9 +168,58 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + return 0; + } + ++/* Convert struct hostent to a list of struct gaih_addrtuple objects. ++ h_name is not copied, and the struct hostent object must not be ++ deallocated prematurely. *RESULT must be NULL or a pointer to an ++ object allocated using malloc, which is freed. */ ++static bool ++convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, ++ int family, ++ struct hostent *h, ++ struct gaih_addrtuple **result) ++{ ++ free (*result); ++ *result = NULL; ++ ++ /* Count the number of addresses in h->h_addr_list. */ ++ size_t count = 0; ++ for (char **p = h->h_addr_list; *p != NULL; ++p) ++ ++count; ++ ++ /* Report no data if no addresses are available, or if the incoming ++ address size is larger than what we can store. */ ++ if (count == 0 || h->h_length > sizeof (((struct gaih_addrtuple) {}).addr)) ++ return true; ++ ++ struct gaih_addrtuple *array = calloc (count, sizeof (*array)); ++ if (array == NULL) ++ return false; ++ ++ for (size_t i = 0; i < count; ++i) ++ { ++ if (family == AF_INET && req->ai_family == AF_INET6) ++ { ++ /* Perform address mapping. */ ++ array[i].family = AF_INET6; ++ memcpy(array[i].addr + 3, h->h_addr_list[i], sizeof (uint32_t)); ++ array[i].addr[2] = htonl (0xffff); ++ } ++ else ++ { ++ array[i].family = family; ++ memcpy (array[i].addr, h->h_addr_list[i], h->h_length); ++ } ++ array[i].next = array + i + 1; ++ } ++ array[0].name = h->h_name; ++ array[count - 1].next = NULL; ++ ++ *result = array; ++ return true; ++} ++ + #define gethosts(_family, _type) \ + { \ +- int i; \ + int herrno; \ + struct hostent th; \ + struct hostent *h; \ +@@ -219,36 +268,23 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + } \ + else if (h != NULL) \ + { \ +- for (i = 0; h->h_addr_list[i]; i++) \ ++ /* Make sure that addrmem can be freed. */ \ ++ if (!malloc_addrmem) \ ++ addrmem = NULL; \ ++ if (!convert_hostent_to_gaih_addrtuple (req, _family,h, &addrmem)) \ + { \ +- if (*pat == NULL) \ +- { \ +- *pat = __alloca (sizeof (struct gaih_addrtuple)); \ +- (*pat)->scopeid = 0; \ +- } \ +- uint32_t *addr = (*pat)->addr; \ +- (*pat)->next = NULL; \ +- (*pat)->name = i == 0 ? strdupa (h->h_name) : NULL; \ +- if (_family == AF_INET && req->ai_family == AF_INET6) \ +- { \ +- (*pat)->family = AF_INET6; \ +- addr[3] = *(uint32_t *) h->h_addr_list[i]; \ +- addr[2] = htonl (0xffff); \ +- addr[1] = 0; \ +- addr[0] = 0; \ +- } \ +- else \ +- { \ +- (*pat)->family = _family; \ +- memcpy (addr, h->h_addr_list[i], sizeof(_type)); \ +- } \ +- pat = &((*pat)->next); \ ++ _res.options |= old_res_options & RES_USE_INET6; \ ++ result = -EAI_SYSTEM; \ ++ goto free_and_return; \ + } \ ++ *pat = addrmem; \ ++ /* The conversion uses malloc unconditionally. */ \ ++ malloc_addrmem = true; \ + \ + if (localcanon != NULL && canon == NULL) \ + canon = strdupa (localcanon); \ + \ +- if (_family == AF_INET6 && i > 0) \ ++ if (_family == AF_INET6 && *pat != NULL) \ + got_ipv6 = true; \ + } \ + } +@@ -612,44 +648,16 @@ gaih_inet (const char *name, const struct gaih_service *service, + { + if (h != NULL) + { +- int i; +- /* We found data, count the number of addresses. */ +- for (i = 0; h->h_addr_list[i]; ++i) +- ; +- if (i > 0 && *pat != NULL) +- --i; +- +- if (__libc_use_alloca (alloca_used +- + i * sizeof (struct gaih_addrtuple))) +- addrmem = alloca_account (i * sizeof (struct gaih_addrtuple), +- alloca_used); +- else +- { +- addrmem = malloc (i +- * sizeof (struct gaih_addrtuple)); +- if (addrmem == NULL) +- { +- result = -EAI_MEMORY; +- goto free_and_return; +- } +- malloc_addrmem = true; +- } +- +- /* Now convert it into the list. */ +- struct gaih_addrtuple *addrfree = addrmem; +- for (i = 0; h->h_addr_list[i]; ++i) ++ /* We found data, convert it. */ ++ if (!convert_hostent_to_gaih_addrtuple ++ (req, AF_INET, h, &addrmem)) + { +- if (*pat == NULL) +- { +- *pat = addrfree++; +- (*pat)->scopeid = 0; +- } +- (*pat)->next = NULL; +- (*pat)->family = AF_INET; +- memcpy ((*pat)->addr, h->h_addr_list[i], +- h->h_length); +- pat = &((*pat)->next); ++ result = -EAI_MEMORY; ++ goto free_and_return; + } ++ *pat = addrmem; ++ /* The conversion uses malloc unconditionally. */ ++ malloc_addrmem = true; + } + } + else +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2016-4429.patch b/gnu/packages/patches/glibc-CVE-2016-4429.patch new file mode 100644 index 0000000000..5eebd10543 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2016-4429.patch @@ -0,0 +1,58 @@ +From bdce95930e1d9a7d013d1ba78740243491262879 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 23 May 2016 20:18:34 +0200 +Subject: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ + #20112] + +The call is technically in a loop, and under certain circumstances +(which are quite difficult to reproduce in a test case), alloca +can be invoked repeatedly during a single call to clntudp_call. +As a result, the available stack space can be exhausted (even +though individual alloca sizes are bounded implicitly by what +can fit into a UDP packet, as a side effect of the earlier +successful send operation). + +(cherry picked from commit bc779a1a5b3035133024b21e2f339fe4219fb11c) +--- + ChangeLog | 7 +++++++ + NEWS | 4 ++++ + sunrpc/clnt_udp.c | 10 +++++++++- + 3 files changed, 20 insertions(+), 1 deletion(-) + +diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c +index a6cf5f1..4d9acb1 100644 +--- a/sunrpc/clnt_udp.c ++++ b/sunrpc/clnt_udp.c +@@ -388,9 +388,15 @@ send_again: + struct sock_extended_err *e; + struct sockaddr_in err_addr; + struct iovec iov; +- char *cbuf = (char *) alloca (outlen + 256); ++ char *cbuf = malloc (outlen + 256); + int ret; + ++ if (cbuf == NULL) ++ { ++ cu->cu_error.re_errno = errno; ++ return (cu->cu_error.re_status = RPC_CANTRECV); ++ } ++ + iov.iov_base = cbuf + 256; + iov.iov_len = outlen; + msg.msg_name = (void *) &err_addr; +@@ -415,10 +421,12 @@ send_again: + cmsg = CMSG_NXTHDR (&msg, cmsg)) + if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) + { ++ free (cbuf); + e = (struct sock_extended_err *) CMSG_DATA(cmsg); + cu->cu_error.re_errno = e->ee_errno; + return (cu->cu_error.re_status = RPC_CANTRECV); + } ++ free (cbuf); + } + #endif + do +-- +2.9.3 + -- cgit 1.4.1 From edd08fb7ac86afe1886f348001bbf088e48a8741 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 2 Aug 2017 21:45:37 +0300 Subject: gnu: glibc@2.22: Fix security issues. Fixes CVE-2015-{5180,7547}, CVE-2016-{3075,3706,4429}. * gnu/packages/base.scm (glibc@2.22)[source]: Add patches. * gnu/packages/patches/glibc-CVE-2015-7547.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/base.scm | 5 + gnu/packages/patches/glibc-CVE-2015-7547.patch | 590 +++++++++++++++++++++++++ 3 files changed, 596 insertions(+) create mode 100644 gnu/packages/patches/glibc-CVE-2015-7547.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 67150aed67..f4fef78f31 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -645,6 +645,7 @@ dist_patch_DATA = \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ %D%/packages/patches/glibc-CVE-2015-5180.patch \ + %D%/packages/patches/glibc-CVE-2015-7547.patch \ %D%/packages/patches/glibc-CVE-2016-3075.patch \ %D%/packages/patches/glibc-CVE-2016-3706.patch \ %D%/packages/patches/glibc-CVE-2016-4429.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 37e09eb8ce..da2c6dead6 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -974,6 +974,11 @@ GLIBC/HURD for a Hurd host" "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb")) (patches (search-patches "glibc-ldd-x86_64.patch" "glibc-vectorized-strcspn-guards.patch" + "glibc-CVE-2015-5180.patch" + "glibc-CVE-2015-7547.patch" + "glibc-CVE-2016-3075.patch" + "glibc-CVE-2016-3706.patch" + "glibc-CVE-2016-4429.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))) diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch new file mode 100644 index 0000000000..12abeb76d4 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2015-7547.patch @@ -0,0 +1,590 @@ +From b995d95a5943785be3ab862b2d3276f3b4a22481 Mon Sep 17 00:00:00 2001 +From: Carlos O'Donell +Date: Tue, 16 Feb 2016 21:26:37 -0500 +Subject: [PATCH] CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug + 18665). + +* A stack-based buffer overflow was found in libresolv when invoked from + libnss_dns, allowing specially crafted DNS responses to seize control + of execution flow in the DNS client. The buffer overflow occurs in + the functions send_dg (send datagram) and send_vc (send TCP) for the + NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC + family. The use of AF_UNSPEC triggers the low-level resolver code to + send out two parallel queries for A and AAAA. A mismanagement of the + buffers used for those queries could result in the response of a query + writing beyond the alloca allocated buffer created by + _nss_dns_gethostbyname4_r. Buffer management is simplified to remove + the overflow. Thanks to the Google Security Team and Red Hat for + reporting the security impact of this issue, and Robert Holiday of + Ciena for reporting the related bug 18665. (CVE-2015-7547) + +See also: +https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html +https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html + +(cherry picked from commit e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca) +--- + ChangeLog | 15 +++ + NEWS | 14 +++ + resolv/nss_dns/dns-host.c | 111 ++++++++++++++++++- + resolv/res_query.c | 3 + + resolv/res_send.c | 264 ++++++++++++++++++++++++++++++++++------------ + 5 files changed, 338 insertions(+), 69 deletions(-) + +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +index 357ac04..a0fe9a8 100644 +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, + int h_namelen = 0; + + if (ancount == 0) +- return NSS_STATUS_NOTFOUND; ++ { ++ *h_errnop = HOST_NOT_FOUND; ++ return NSS_STATUS_NOTFOUND; ++ } + + while (ancount-- > 0 && cp < end_of_message && had_error == 0) + { +@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, + /* Special case here: if the resolver sent a result but it only + contains a CNAME while we are looking for a T_A or T_AAAA record, + we fail with NOTFOUND instead of TRYAGAIN. */ +- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; ++ if (canon != NULL) ++ { ++ *h_errnop = HOST_NOT_FOUND; ++ return NSS_STATUS_NOTFOUND; ++ } ++ ++ *h_errnop = NETDB_INTERNAL; ++ return NSS_STATUS_TRYAGAIN; + } + + +@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, + + enum nss_status status = NSS_STATUS_NOTFOUND; + ++ /* Combining the NSS status of two distinct queries requires some ++ compromise and attention to symmetry (A or AAAA queries can be ++ returned in any order). What follows is a breakdown of how this ++ code is expected to work and why. We discuss only SUCCESS, ++ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns ++ that apply (though RETURN and MERGE exist). We make a distinction ++ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). ++ A recoverable TRYAGAIN is almost always due to buffer size issues ++ and returns ERANGE in errno and the caller is expected to retry ++ with a larger buffer. ++ ++ Lastly, you may be tempted to make significant changes to the ++ conditions in this code to bring about symmetry between responses. ++ Please don't change anything without due consideration for ++ expected application behaviour. Some of the synthesized responses ++ aren't very well thought out and sometimes appear to imply that ++ IPv4 responses are always answer 1, and IPv6 responses are always ++ answer 2, but that's not true (see the implementation of send_dg ++ and send_vc to see response can arrive in any order, particularly ++ for UDP). However, we expect it holds roughly enough of the time ++ that this code works, but certainly needs to be fixed to make this ++ a more robust implementation. ++ ++ ---------------------------------------------- ++ | Answer 1 Status / | Synthesized | Reason | ++ | Answer 2 Status | Status | | ++ |--------------------------------------------| ++ | SUCCESS/SUCCESS | SUCCESS | [1] | ++ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | ++ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | ++ | SUCCESS/NOTFOUND | SUCCESS | [1] | ++ | SUCCESS/UNAVAIL | SUCCESS | [1] | ++ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | ++ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | ++ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | ++ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | ++ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | ++ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | ++ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | ++ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | ++ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | ++ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | ++ | NOTFOUND/SUCCESS | SUCCESS | [3] | ++ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | ++ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | ++ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | ++ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | ++ | UNAVAIL/SUCCESS | UNAVAIL | [4] | ++ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | ++ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | ++ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | ++ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | ++ ---------------------------------------------- ++ ++ [1] If the first response is a success we return success. ++ This ignores the state of the second answer and in fact ++ incorrectly sets errno and h_errno to that of the second ++ answer. However because the response is a success we ignore ++ *errnop and *h_errnop (though that means you touched errno on ++ success). We are being conservative here and returning the ++ likely IPv4 response in the first answer as a success. ++ ++ [2] If the first response is a recoverable TRYAGAIN we return ++ that instead of looking at the second response. The ++ expectation here is that we have failed to get an IPv4 response ++ and should retry both queries. ++ ++ [3] If the first response was not a SUCCESS and the second ++ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, ++ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the ++ result from the second response, otherwise the first responses ++ status is used. Again we have some odd side-effects when the ++ second response is NOTFOUND because we overwrite *errnop and ++ *h_errnop that means that a first answer of NOTFOUND might see ++ its *errnop and *h_errnop values altered. Whether it matters ++ in practice that a first response NOTFOUND has the wrong ++ *errnop and *h_errnop is undecided. ++ ++ [4] If the first response is UNAVAIL we return that instead of ++ looking at the second response. The expectation here is that ++ it will have failed similarly e.g. configuration failure. ++ ++ [5] Testing this code is complicated by the fact that truncated ++ second response buffers might be returned as SUCCESS if the ++ first answer is a SUCCESS. To fix this we add symmetry to ++ TRYAGAIN with the second response. If the second response ++ is a recoverable error we now return TRYAGIN even if the first ++ response was SUCCESS. */ ++ + if (anslen1 > 0) + status = gaih_getanswer_slice(answer1, anslen1, qname, + &pat, &buffer, &buflen, + errnop, h_errnop, ttlp, + &first); ++ + if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND + || (status == NSS_STATUS_TRYAGAIN + /* We want to look at the second answer in case of an +@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, + &pat, &buffer, &buflen, + errnop, h_errnop, ttlp, + &first); ++ /* Use the second response status in some cases. */ + if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) + status = status2; ++ /* Do not return a truncated second response (unless it was ++ unavoidable e.g. unrecoverable TRYAGAIN). */ ++ if (status == NSS_STATUS_SUCCESS ++ && (status2 == NSS_STATUS_TRYAGAIN ++ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) ++ status = NSS_STATUS_TRYAGAIN; + } + + return status; +diff --git a/resolv/res_query.c b/resolv/res_query.c +index 4a9b3b3..95470a9 100644 +--- a/resolv/res_query.c ++++ b/resolv/res_query.c +@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + } +@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + +@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + if (saved_herrno != -1) +diff --git a/resolv/res_send.c b/resolv/res_send.c +index 5e53cc2..6511bb1 100644 +--- a/resolv/res_send.c ++++ b/resolv/res_send.c +@@ -1,3 +1,20 @@ ++/* Copyright (C) 2016 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ + /* + * Copyright (c) 1985, 1989, 1993 + * The Regents of the University of California. All rights reserved. +@@ -363,6 +380,8 @@ __libc_res_nsend(res_state statp, const u_char *buf, int buflen, + #ifdef USE_HOOKS + if (__glibc_unlikely (statp->qhook || statp->rhook)) { + if (anssiz < MAXPACKET && ansp) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *buf = malloc (MAXPACKET); + if (buf == NULL) + return (-1); +@@ -638,6 +657,77 @@ get_nsaddr (res_state statp, int n) + return (struct sockaddr *) (void *) &statp->nsaddr_list[n]; + } + ++/* The send_vc function is responsible for sending a DNS query over TCP ++ to the nameserver numbered NS from the res_state STATP i.e. ++ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and ++ IPv6 queries at the same serially on the same socket. ++ ++ Please note that for TCP there is no way to disable sending both ++ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP ++ and sends the queries serially and waits for the result after each ++ sent query. This implemetnation should be corrected to honour these ++ options. ++ ++ Please also note that for TCP we send both queries over the same ++ socket one after another. This technically violates best practice ++ since the server is allowed to read the first query, respond, and ++ then close the socket (to service another client). If the server ++ does this, then the remaining second query in the socket data buffer ++ will cause the server to send the client an RST which will arrive ++ asynchronously and the client's OS will likely tear down the socket ++ receive buffer resulting in a potentially short read and lost ++ response data. This will force the client to retry the query again, ++ and this process may repeat until all servers and connection resets ++ are exhausted and then the query will fail. It's not known if this ++ happens with any frequency in real DNS server implementations. This ++ implementation should be corrected to use two sockets by default for ++ parallel queries. ++ ++ The query stored in BUF of BUFLEN length is sent first followed by ++ the query stored in BUF2 of BUFLEN2 length. Queries are sent ++ serially on the same socket. ++ ++ Answers to the query are stored firstly in *ANSP up to a max of ++ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP ++ is non-NULL (to indicate that modifying the answer buffer is allowed) ++ then malloc is used to allocate a new response buffer and ANSCP and ++ ANSP will both point to the new buffer. If more than *ANSSIZP bytes ++ are needed but ANSCP is NULL, then as much of the response as ++ possible is read into the buffer, but the results will be truncated. ++ When truncation happens because of a small answer buffer the DNS ++ packets header field TC will bet set to 1, indicating a truncated ++ message and the rest of the socket data will be read and discarded. ++ ++ Answers to the query are stored secondly in *ANSP2 up to a max of ++ *ANSSIZP2 bytes, with the actual response length stored in ++ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 ++ is non-NULL (required for a second query) then malloc is used to ++ allocate a new response buffer, *ANSSIZP2 is set to the new buffer ++ size and *ANSP2_MALLOCED is set to 1. ++ ++ The ANSP2_MALLOCED argument will eventually be removed as the ++ change in buffer pointer can be used to detect the buffer has ++ changed and that the caller should use free on the new buffer. ++ ++ Note that the answers may arrive in any order from the server and ++ therefore the first and second answer buffers may not correspond to ++ the first and second queries. ++ ++ It is not supported to call this function with a non-NULL ANSP2 ++ but a NULL ANSCP. Put another way, you can call send_vc with a ++ single unmodifiable buffer or two modifiable buffers, but no other ++ combination is supported. ++ ++ It is the caller's responsibility to free the malloc allocated ++ buffers by detecting that the pointers have changed from their ++ original values i.e. *ANSCP or *ANSP2 has changed. ++ ++ If errors are encountered then *TERRNO is set to an appropriate ++ errno value and a zero result is returned for a recoverable error, ++ and a less-than zero result is returned for a non-recoverable error. ++ ++ If no errors are encountered then *TERRNO is left unmodified and ++ a the length of the first response in bytes is returned. */ + static int + send_vc(res_state statp, + const u_char *buf, int buflen, const u_char *buf2, int buflen2, +@@ -647,11 +737,7 @@ send_vc(res_state statp, + { + const HEADER *hp = (HEADER *) buf; + const HEADER *hp2 = (HEADER *) buf2; +- u_char *ans = *ansp; +- int orig_anssizp = *anssizp; +- // XXX REMOVE +- // int anssiz = *anssizp; +- HEADER *anhp = (HEADER *) ans; ++ HEADER *anhp = (HEADER *) *ansp; + struct sockaddr *nsap = get_nsaddr (statp, ns); + int truncating, connreset, n; + /* On some architectures compiler might emit a warning indicating +@@ -743,6 +829,8 @@ send_vc(res_state statp, + * Receive length & response + */ + int recvresp1 = 0; ++ /* Skip the second response if there is no second query. ++ To do that we mark the second response as received. */ + int recvresp2 = buf2 == NULL; + uint16_t rlen16; + read_len: +@@ -779,40 +867,14 @@ send_vc(res_state statp, + u_char **thisansp; + int *thisresplenp; + if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { ++ /* We have not received any responses ++ yet or we only have one response to ++ receive. */ + thisanssizp = anssizp; + thisansp = anscp ?: ansp; + assert (anscp != NULL || ansp2 == NULL); + thisresplenp = &resplen; + } else { +- if (*anssizp != MAXPACKET) { +- /* No buffer allocated for the first +- reply. We can try to use the rest +- of the user-provided buffer. */ +-#if __GNUC_PREREQ (4, 7) +- DIAG_PUSH_NEEDS_COMMENT; +- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); +-#endif +-#if _STRING_ARCH_unaligned +- *anssizp2 = orig_anssizp - resplen; +- *ansp2 = *ansp + resplen; +-#else +- int aligned_resplen +- = ((resplen + __alignof__ (HEADER) - 1) +- & ~(__alignof__ (HEADER) - 1)); +- *anssizp2 = orig_anssizp - aligned_resplen; +- *ansp2 = *ansp + aligned_resplen; +-#endif +-#if __GNUC_PREREQ (4, 7) +- DIAG_POP_NEEDS_COMMENT; +-#endif +- } else { +- /* The first reply did not fit into the +- user-provided buffer. Maybe the second +- answer will. */ +- *anssizp2 = orig_anssizp; +- *ansp2 = *ansp; +- } +- + thisanssizp = anssizp2; + thisansp = ansp2; + thisresplenp = resplen2; +@@ -820,10 +882,14 @@ send_vc(res_state statp, + anhp = (HEADER *) *thisansp; + + *thisresplenp = rlen; +- if (rlen > *thisanssizp) { +- /* Yes, we test ANSCP here. If we have two buffers +- both will be allocatable. */ +- if (__glibc_likely (anscp != NULL)) { ++ /* Is the answer buffer too small? */ ++ if (*thisanssizp < rlen) { ++ /* If the current buffer is not the the static ++ user-supplied buffer then we can reallocate ++ it. */ ++ if (thisansp != NULL && thisansp != ansp) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *newp = malloc (MAXPACKET); + if (newp == NULL) { + *terrno = ENOMEM; +@@ -835,6 +901,9 @@ send_vc(res_state statp, + if (thisansp == ansp2) + *ansp2_malloced = 1; + anhp = (HEADER *) newp; ++ /* A uint16_t can't be larger than MAXPACKET ++ thus it's safe to allocate MAXPACKET but ++ read RLEN bytes instead. */ + len = rlen; + } else { + Dprint(statp->options & RES_DEBUG, +@@ -997,6 +1066,66 @@ reopen (res_state statp, int *terrno, int ns) + return 1; + } + ++/* The send_dg function is responsible for sending a DNS query over UDP ++ to the nameserver numbered NS from the res_state STATP i.e. ++ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries ++ along with the ability to send the query in parallel for both stacks ++ (default) or serially (RES_SINGLKUP). It also supports serial lookup ++ with a close and reopen of the socket used to talk to the server ++ (RES_SNGLKUPREOP) to work around broken name servers. ++ ++ The query stored in BUF of BUFLEN length is sent first followed by ++ the query stored in BUF2 of BUFLEN2 length. Queries are sent ++ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). ++ ++ Answers to the query are stored firstly in *ANSP up to a max of ++ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP ++ is non-NULL (to indicate that modifying the answer buffer is allowed) ++ then malloc is used to allocate a new response buffer and ANSCP and ++ ANSP will both point to the new buffer. If more than *ANSSIZP bytes ++ are needed but ANSCP is NULL, then as much of the response as ++ possible is read into the buffer, but the results will be truncated. ++ When truncation happens because of a small answer buffer the DNS ++ packets header field TC will bet set to 1, indicating a truncated ++ message, while the rest of the UDP packet is discarded. ++ ++ Answers to the query are stored secondly in *ANSP2 up to a max of ++ *ANSSIZP2 bytes, with the actual response length stored in ++ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 ++ is non-NULL (required for a second query) then malloc is used to ++ allocate a new response buffer, *ANSSIZP2 is set to the new buffer ++ size and *ANSP2_MALLOCED is set to 1. ++ ++ The ANSP2_MALLOCED argument will eventually be removed as the ++ change in buffer pointer can be used to detect the buffer has ++ changed and that the caller should use free on the new buffer. ++ ++ Note that the answers may arrive in any order from the server and ++ therefore the first and second answer buffers may not correspond to ++ the first and second queries. ++ ++ It is not supported to call this function with a non-NULL ANSP2 ++ but a NULL ANSCP. Put another way, you can call send_vc with a ++ single unmodifiable buffer or two modifiable buffers, but no other ++ combination is supported. ++ ++ It is the caller's responsibility to free the malloc allocated ++ buffers by detecting that the pointers have changed from their ++ original values i.e. *ANSCP or *ANSP2 has changed. ++ ++ If an answer is truncated because of UDP datagram DNS limits then ++ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to ++ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 ++ if any progress was made reading a response from the nameserver and ++ is used by the caller to distinguish between ECONNREFUSED and ++ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). ++ ++ If errors are encountered then *TERRNO is set to an appropriate ++ errno value and a zero result is returned for a recoverable error, ++ and a less-than zero result is returned for a non-recoverable error. ++ ++ If no errors are encountered then *TERRNO is left unmodified and ++ a the length of the first response in bytes is returned. */ + static int + send_dg(res_state statp, + const u_char *buf, int buflen, const u_char *buf2, int buflen2, +@@ -1006,8 +1135,6 @@ send_dg(res_state statp, + { + const HEADER *hp = (HEADER *) buf; + const HEADER *hp2 = (HEADER *) buf2; +- u_char *ans = *ansp; +- int orig_anssizp = *anssizp; + struct timespec now, timeout, finish; + struct pollfd pfd[1]; + int ptimeout; +@@ -1040,6 +1167,8 @@ send_dg(res_state statp, + int need_recompute = 0; + int nwritten = 0; + int recvresp1 = 0; ++ /* Skip the second response if there is no second query. ++ To do that we mark the second response as received. */ + int recvresp2 = buf2 == NULL; + pfd[0].fd = EXT(statp).nssocks[ns]; + pfd[0].events = POLLOUT; +@@ -1203,55 +1332,56 @@ send_dg(res_state statp, + int *thisresplenp; + + if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { ++ /* We have not received any responses ++ yet or we only have one response to ++ receive. */ + thisanssizp = anssizp; + thisansp = anscp ?: ansp; + assert (anscp != NULL || ansp2 == NULL); + thisresplenp = &resplen; + } else { +- if (*anssizp != MAXPACKET) { +- /* No buffer allocated for the first +- reply. We can try to use the rest +- of the user-provided buffer. */ +-#if _STRING_ARCH_unaligned +- *anssizp2 = orig_anssizp - resplen; +- *ansp2 = *ansp + resplen; +-#else +- int aligned_resplen +- = ((resplen + __alignof__ (HEADER) - 1) +- & ~(__alignof__ (HEADER) - 1)); +- *anssizp2 = orig_anssizp - aligned_resplen; +- *ansp2 = *ansp + aligned_resplen; +-#endif +- } else { +- /* The first reply did not fit into the +- user-provided buffer. Maybe the second +- answer will. */ +- *anssizp2 = orig_anssizp; +- *ansp2 = *ansp; +- } +- + thisanssizp = anssizp2; + thisansp = ansp2; + thisresplenp = resplen2; + } + + if (*thisanssizp < MAXPACKET +- /* Yes, we test ANSCP here. If we have two buffers +- both will be allocatable. */ +- && anscp ++ /* If the current buffer is not the the static ++ user-supplied buffer then we can reallocate ++ it. */ ++ && (thisansp != NULL && thisansp != ansp) + #ifdef FIONREAD ++ /* Is the size too small? */ + && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 + || *thisanssizp < *thisresplenp) + #endif + ) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *newp = malloc (MAXPACKET); + if (newp != NULL) { +- *anssizp = MAXPACKET; +- *thisansp = ans = newp; ++ *thisanssizp = MAXPACKET; ++ *thisansp = newp; + if (thisansp == ansp2) + *ansp2_malloced = 1; + } + } ++ /* We could end up with truncation if anscp was NULL ++ (not allowed to change caller's buffer) and the ++ response buffer size is too small. This isn't a ++ reliable way to detect truncation because the ioctl ++ may be an inaccurate report of the UDP message size. ++ Therefore we use this only to issue debug output. ++ To do truncation accurately with UDP we need ++ MSG_TRUNC which is only available on Linux. We ++ can abstract out the Linux-specific feature in the ++ future to detect truncation. */ ++ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { ++ Dprint(statp->options & RES_DEBUG, ++ (stdout, ";; response may be truncated (UDP)\n") ++ ); ++ } ++ + HEADER *anhp = (HEADER *) *thisansp; + socklen_t fromlen = sizeof(struct sockaddr_in6); + assert (sizeof(from) <= fromlen); +-- +2.9.3 + -- cgit 1.4.1 From f58be417610e65f27b90452b78255f8d88ab1b4f Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 4 Aug 2017 03:46:49 +0200 Subject: gnu: fabric: Update to 1.13.2. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/admin.scm (fabric): Update to 1.13.2. Remove outdated comments. [source]: Remove ‘patches’. * gnu/packages/patches/fabric-tests.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/admin.scm | 18 ++++++------------ gnu/packages/patches/fabric-tests.patch | 15 --------------- 3 files changed, 6 insertions(+), 28 deletions(-) delete mode 100644 gnu/packages/patches/fabric-tests.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index f4fef78f31..0491de6584 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -586,7 +586,6 @@ dist_patch_DATA = \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ %D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \ %D%/packages/patches/exim-CVE-2017-1000369.patch \ - %D%/packages/patches/fabric-tests.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulSetup.patch \ %D%/packages/patches/fasthenry-spAllocate.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 45f743199a..c4aa108f89 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -2105,28 +2105,22 @@ Intel DRM Driver.") (define-public fabric (package (name "fabric") - (version "1.13.1") + (version "1.13.2") (source (origin (method url-fetch) (uri (pypi-uri "Fabric" version)) (sha256 (base32 - "1z17hw0yiqp1blq217zxkg2jzkv8qd79saqhscgsw14mwlcqpwd0")) - (patches (search-patches "fabric-tests.patch")))) + "0k944dxr41whw7ib6380q9x15wyskx7fqni656icdn8rzshn9bwq")))) (build-system python-build-system) (arguments - `(#:python ,python-2)) ;Python 2 only + `(#:python ,python-2)) ; Python 2 only (native-inputs - `(("python2-fudge" ,python2-fudge) ; Requires < 1.0 - ("python2-jinja2" ,python2-jinja2) ; Requires < 3.0 - ("python2-nose" ,python2-nose))) ; Requires < 2.0 + `(("python2-fudge" ,python2-fudge) + ("python2-jinja2" ,python2-jinja2) + ("python2-nose" ,python2-nose))) (propagated-inputs - ;; Required upgrading python-paramiko 1.17.4 to fix an incompatibility - ;; between python-paramiko and newer python-pycrypto. Without this, the - ;; `fab` command fails with "ValueError: CTR mode needs counter - ;; parameter, not IV". See: - ;; https://github.com/paramiko/paramiko/pull/714#issuecomment-281191548. `(("python2-paramiko" ,python2-paramiko))) (home-page "http://fabfile.org") (synopsis "Simple Pythonic remote execution and deployment tool") diff --git a/gnu/packages/patches/fabric-tests.patch b/gnu/packages/patches/fabric-tests.patch deleted file mode 100644 index 4a0ca9f8f1..0000000000 --- a/gnu/packages/patches/fabric-tests.patch +++ /dev/null @@ -1,15 +0,0 @@ -The `fab` excecutable doesn't exist during the test phase as it is created -dynamically during installation. Refer to the equivalent Python module -directly. - ---- a/tests/test_utils.py -+++ b/tests/test_utils.py -@@ -93,7 +93,7 @@ - # perform when they are allowed to bubble all the way to the top. So, we - # invoke a subprocess and look at its stderr instead. - with quiet(): -- result = local("fab -f tests/support/aborts.py kaboom", capture=True) -+ result = local("python -m fabric -f tests/support/aborts.py kaboom", capture=True) - # When error in #1318 is present, this has an extra "It burns!" at end of - # stderr string. - eq_(result.stderr, "Fatal error: It burns!\n\nAborting.") \ No newline at end of file -- cgit 1.4.1 From 1cec3462323717e063c98b6404e9c5c5ef037bdd Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Thu, 3 Aug 2017 20:14:56 +0200 Subject: gnu: php: Update to 7.1.8. * gnu/packages/patches/gd-CVE-2017-7890.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it * gnu/packages/php.scm (php): Update to 7.1.8. --- gnu/local.mk | 1 + gnu/packages/patches/gd-CVE-2017-7890.patch | 30 +++++++++++++++++++++++++++++ gnu/packages/php.scm | 17 +++++++++++++--- 3 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/gd-CVE-2017-7890.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0491de6584..1bece24418 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -625,6 +625,7 @@ dist_patch_DATA = \ %D%/packages/patches/gcr-disable-failing-tests.patch \ %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch \ %D%/packages/patches/gdk-pixbuf-list-dir.patch \ + %D%/packages/patches/gd-CVE-2017-7890.patch \ %D%/packages/patches/gd-fix-gd2-read-test.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-freetype-test-failure.patch \ diff --git a/gnu/packages/patches/gd-CVE-2017-7890.patch b/gnu/packages/patches/gd-CVE-2017-7890.patch new file mode 100644 index 0000000000..66034c5703 --- /dev/null +++ b/gnu/packages/patches/gd-CVE-2017-7890.patch @@ -0,0 +1,30 @@ +From 99ba5c353373ed198f54af66fe4e355ebb96e363 Mon Sep 17 00:00:00 2001 +From: LEPILLER Julien +Date: Thu, 3 Aug 2017 17:04:17 +0200 +Subject: [PATCH] Fix #399: Buffer over-read into uninitialized memory. + +The stack allocated color map buffers were not zeroed before usage, and +so undefined palette indexes could cause information leakage. + +This is CVE-2017-7890. +--- + src/gd_gif_in.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c +index 008d1ec..c195448 100644 +--- a/src/gd_gif_in.c ++++ b/src/gd_gif_in.c +@@ -216,6 +216,9 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) + + gdImagePtr im = 0; + ++ memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE); ++ memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE); ++ + if(!ReadOK(fd, buf, 6)) { + return 0; + } +-- +2.13.3 + diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm index 7d569eef3e..d0afab0931 100644 --- a/gnu/packages/php.scm +++ b/gnu/packages/php.scm @@ -49,10 +49,21 @@ #:use-module (guix build-system gnu) #:use-module ((guix licenses) #:prefix license:)) +(define gd-for-php + (package + (inherit gd) + (source (origin + (inherit (package-source gd)) + (patches + (append + (origin-patches (package-source gd)) + (search-patches "gd-CVE-2017-7890.patch"))))))) + + (define-public php (package (name "php") - (version "7.1.6") + (version "7.1.8") (home-page "https://secure.php.net/") (source (origin (method url-fetch) @@ -60,7 +71,7 @@ name "-" version ".tar.xz")) (sha256 (base32 - "0nr49gqhk4pv8kcdc60cl1mgwlinawpraq9ba15whzmb472lsn01")) + "1aramb6dm57pr2iz61id9vzfy7h5qkb6bf7dxhrwnjk0723qahw9")) (modules '((guix build utils))) (snippet '(with-directory-excursion "ext" @@ -282,7 +293,7 @@ ("curl" ,curl) ("cyrus-sasl" ,cyrus-sasl) ("freetype" ,freetype) - ("gd" ,gd) + ("gd" ,gd-for-php) ("gdbm" ,gdbm) ("glibc" ,glibc) ("gmp" ,gmp) -- cgit 1.4.1 From 01a61d7040b1794f36547b107abce6e967d59f21 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 25 Jul 2017 15:04:57 -0400 Subject: gnu: libtasn1: Fix CVE-2017-10790. * gnu/packages/patches/libtasn1-CVE-2017-10790.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/tls.scm (libtasn1/fixed)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/libtasn1-CVE-2017-10790.patch | 63 ++++++++++++++++++++++ gnu/packages/tls.scm | 3 +- 3 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libtasn1-CVE-2017-10790.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1bece24418..9482d4bb53 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -775,6 +775,7 @@ dist_patch_DATA = \ %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ %D%/packages/patches/libtasn1-CVE-2017-6891.patch \ + %D%/packages/patches/libtasn1-CVE-2017-10790.patch \ %D%/packages/patches/libtheora-config-guess.patch \ %D%/packages/patches/libtiff-CVE-2016-10092.patch \ %D%/packages/patches/libtiff-CVE-2016-10093.patch \ diff --git a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch new file mode 100644 index 0000000000..6cec0c8030 --- /dev/null +++ b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch @@ -0,0 +1,63 @@ +Fix CVE-2017-10790: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790 + +Patch copied from upstream source repository: + +https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39 + +From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Thu, 22 Jun 2017 16:31:37 +0200 +Subject: [PATCH] _asn1_check_identifier: safer access to values read + +Signed-off-by: Nikos Mavrogiannopoulos +--- + lib/parser_aux.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/lib/parser_aux.c b/lib/parser_aux.c +index 976ab38..786ea64 100644 +--- a/lib/parser_aux.c ++++ b/lib/parser_aux.c +@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) + if (p2 == NULL) + { + if (p->value) +- _asn1_strcpy (_asn1_identifierMissing, p->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); + else + _asn1_strcpy (_asn1_identifierMissing, "(null)"); + return ASN1_IDENTIFIER_NOT_FOUND; +@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) + if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) + { + _asn1_str_cpy (name2, sizeof (name2), node->name); +- _asn1_str_cat (name2, sizeof (name2), "."); +- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ if (p2->value) ++ { ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ } ++ else ++ _asn1_strcpy (_asn1_identifierMissing, "(null)"); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || + !(p2->type & CONST_ASSIGN)) +@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) + _asn1_str_cpy (name2, sizeof (name2), node->name); + _asn1_str_cat (name2, sizeof (name2), "."); + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) + || !(p2->type & CONST_ASSIGN)) +-- +2.13.3 + diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 6d71a9b809..58ec9ff5ec 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -81,7 +81,8 @@ specifications.") (origin (inherit (package-source libtasn1)) (patches - (search-patches "libtasn1-CVE-2017-6891.patch")))))) + (search-patches "libtasn1-CVE-2017-6891.patch" + "libtasn1-CVE-2017-10790.patch")))))) (define-public asn1c (package -- cgit 1.4.1 From e3df6938acc2ba2d2f7333d911b8bdc3697f0f75 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 6 Aug 2017 00:01:10 -0400 Subject: gnu: libtasn1: Add replacement to fix CVE-2017-10790. Based on commit 01a61d7040b1794f36547b107abce6e967d59f21 by Leo Famulari . * gnu/packages/patches/libtasn1-CVE-2017-10790.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/tls.scm (libtasn1)[replacement]: New field. (libtasn1/fixed): New variable. --- gnu/local.mk | 3 +- gnu/packages/patches/libtasn1-CVE-2017-10790.patch | 63 ++++++++++++++++++++++ gnu/packages/tls.scm | 10 +++- 3 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/libtasn1-CVE-2017-10790.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 37ee7f7307..3f27a5f973 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -2,7 +2,7 @@ # Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès # Copyright © 2013, 2014, 2015, 2016, 2017 Andreas Enge # Copyright © 2016 Mathieu Lirzin -# Copyright © 2013, 2014, 2015, 2016 Mark H Weaver +# Copyright © 2013, 2014, 2015, 2016, 2017 Mark H Weaver # Copyright © 2016 Chris Marusich # Copyright © 2016, 2017 Kei Kebreau # Copyright © 2016, 2017 Rene Saavedra @@ -767,6 +767,7 @@ dist_patch_DATA = \ %D%/packages/patches/libssh-hostname-parser-bug.patch \ %D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \ %D%/packages/patches/libtar-CVE-2013-4420.patch \ + %D%/packages/patches/libtasn1-CVE-2017-10790.patch \ %D%/packages/patches/libtheora-config-guess.patch \ %D%/packages/patches/libtiff-CVE-2016-10688.patch \ %D%/packages/patches/libtiff-CVE-2017-9936.patch \ diff --git a/gnu/packages/patches/libtasn1-CVE-2017-10790.patch b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch new file mode 100644 index 0000000000..6cec0c8030 --- /dev/null +++ b/gnu/packages/patches/libtasn1-CVE-2017-10790.patch @@ -0,0 +1,63 @@ +Fix CVE-2017-10790: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10790 + +Patch copied from upstream source repository: + +https://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=d8d805e1f2e6799bb2dff4871a8598dc83088a39 + +From d8d805e1f2e6799bb2dff4871a8598dc83088a39 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Thu, 22 Jun 2017 16:31:37 +0200 +Subject: [PATCH] _asn1_check_identifier: safer access to values read + +Signed-off-by: Nikos Mavrogiannopoulos +--- + lib/parser_aux.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/lib/parser_aux.c b/lib/parser_aux.c +index 976ab38..786ea64 100644 +--- a/lib/parser_aux.c ++++ b/lib/parser_aux.c +@@ -955,7 +955,7 @@ _asn1_check_identifier (asn1_node node) + if (p2 == NULL) + { + if (p->value) +- _asn1_strcpy (_asn1_identifierMissing, p->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); + else + _asn1_strcpy (_asn1_identifierMissing, "(null)"); + return ASN1_IDENTIFIER_NOT_FOUND; +@@ -968,9 +968,15 @@ _asn1_check_identifier (asn1_node node) + if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) + { + _asn1_str_cpy (name2, sizeof (name2), node->name); +- _asn1_str_cat (name2, sizeof (name2), "."); +- _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ if (p2->value) ++ { ++ _asn1_str_cat (name2, sizeof (name2), "."); ++ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ } ++ else ++ _asn1_strcpy (_asn1_identifierMissing, "(null)"); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || + !(p2->type & CONST_ASSIGN)) +@@ -990,7 +996,8 @@ _asn1_check_identifier (asn1_node node) + _asn1_str_cpy (name2, sizeof (name2), node->name); + _asn1_str_cat (name2, sizeof (name2), "."); + _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); +- _asn1_strcpy (_asn1_identifierMissing, p2->value); ++ _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); ++ + p2 = asn1_find_node (node, name2); + if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) + || !(p2->type & CONST_ASSIGN)) +-- +2.13.3 + diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 5a94ac6198..7ee341e99b 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès -;;; Copyright © 2014, 2015, 2016 Mark H Weaver +;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver ;;; Copyright © 2014 Ian Denhardt ;;; Copyright © 2013, 2015 Andreas Enge ;;; Copyright © 2015 David Thompson @@ -55,6 +55,7 @@ (package (name "libtasn1") (version "4.12") + (replacement libtasn1/fixed) (source (origin (method url-fetch) @@ -74,6 +75,13 @@ networking, allowing for formal validation of data according to some specifications.") (license license:lgpl2.0+))) +(define libtasn1/fixed + (package + (inherit libtasn1) + (source (origin + (inherit (package-source libtasn1)) + (patches (search-patches "libtasn1-CVE-2017-10790.patch")))))) + (define-public asn1c (package (name "asn1c") -- cgit 1.4.1 From 403097d26dba882fef43947435ecb97ff04586ed Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 31 Jul 2017 15:26:06 +0300 Subject: gnu: Add motti. * gnu/packages/motti.scm (motti): New variable. --- gnu/local.mk | 1 + gnu/packages/motti.scm | 45 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 gnu/packages/motti.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9482d4bb53..323866a582 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -272,6 +272,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/mingw.scm \ %D%/packages/microcom.scm \ %D%/packages/moe.scm \ + %D%/packages/motti.scm \ %D%/packages/monitoring.scm \ %D%/packages/mono.scm \ %D%/packages/moreutils.scm \ diff --git a/gnu/packages/motti.scm b/gnu/packages/motti.scm new file mode 100644 index 0000000000..59b195802b --- /dev/null +++ b/gnu/packages/motti.scm @@ -0,0 +1,45 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Efraim Flashner +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages motti) + #:use-module (gnu packages) + #:use-module (guix build-system gnu) + #:use-module (guix licenses) + #:use-module (guix packages) + #:use-module (guix download)) + +(define-public motti + (package + (name "motti") + (version "3.1.1") + (source + (origin + (method url-fetch) + (uri (string-append + "mirror://gnu/motti/motti-" version ".tar.gz")) + (sha256 + (base32 + "0ag4gpxy42l30660b4f2lrp52xi5sik9s6frr7jfxqxjsf29lbb3")))) + (build-system gnu-build-system) + (synopsis "Multiplayer strategy game") + (description + "GNU Motti is a simple multiplayer strategy game played in a terminal. +The objective of the game is to conquer enemy capitals by occupying and +encircling territory.") + (home-page "https://www.gnu.org/software/motti") + (license gpl3+))) -- cgit 1.4.1 From d8af4f6ddedb4db527c8c5137fe03684c468a82e Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Mon, 7 Aug 2017 00:21:11 +0200 Subject: gnu: ntfs-3g: Update to 2017.3.23. * gnu/packages/linux.scm (ntfs-3g): Update to 2017.3.23. [source]: Remove patch. * gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/linux.scm | 5 ++- gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch | 43 ------------------------ 3 files changed, 2 insertions(+), 47 deletions(-) delete mode 100644 gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 323866a582..8c00b00208 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -875,7 +875,6 @@ dist_patch_DATA = \ %D%/packages/patches/node-9077.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-pkgconfig.patch \ - %D%/packages/patches/ntfs-3g-CVE-2017-0358.patch \ %D%/packages/patches/nvi-assume-preserve-path.patch \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ %D%/packages/patches/nvi-db4.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 12a6887925..ed53b79ee9 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3262,16 +3262,15 @@ from userspace.") (define-public ntfs-3g (package (name "ntfs-3g") - (version "2016.2.22") + (version "2017.3.23") (source (origin (method url-fetch) (uri (string-append "https://tuxera.com/opensource/" "ntfs-3g_ntfsprogs-" version ".tgz")) (sha256 (base32 - "180y5y09h30ryf2vim8j30a2npwz1iv9ly5yjmh3wjdkwh2jrdyp")) + "1mb228p80hv97pgk3myyvgp975r9mxq56c6bdn1n24kngcfh4niy")) (modules '((guix build utils))) - (patches (search-patches "ntfs-3g-CVE-2017-0358.patch")) (snippet ;; Install under $prefix. '(substitute* '("src/Makefile.in" "ntfsprogs/Makefile.in") diff --git a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch b/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch deleted file mode 100644 index 83c9dbb3d4..0000000000 --- a/gnu/packages/patches/ntfs-3g-CVE-2017-0358.patch +++ /dev/null @@ -1,43 +0,0 @@ -Fix CVE-2017-0358: -http://seclists.org/oss-sec/2017/q1/259 -This patch was copied from the above URL. - -diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c -index 0bb38f9..c6d1dad 100644 ---- a/src/lowntfs-3g.c -+++ b/src/lowntfs-3g.c -@@ -3827,13 +3827,14 @@ static fuse_fstype load_fuse_module(void) - struct stat st; - pid_t pid; - const char *cmd = "/sbin/modprobe"; -+ char *env = (char*)NULL; - struct timespec req = { 0, 100000000 }; /* 100 msec */ - fuse_fstype fstype; - - if (!stat(cmd, &st) && !geteuid()) { - pid = fork(); - if (!pid) { -- execl(cmd, cmd, "fuse", NULL); -+ execle(cmd, cmd, "fuse", NULL, &env); - _exit(1); - } else if (pid != -1) - waitpid(pid, NULL, 0); -diff -ur ntfs-3g.old/src/ntfs-3g.c ntfs-3g/src/ntfs-3g.c ---- ntfs-3g.old/src/ntfs-3g.c 2017-02-09 15:01:04.074331542 -0500 -+++ ntfs-3g/src/ntfs-3g.c 2017-02-09 15:06:26.077252571 -0500 -@@ -3612,13 +3612,14 @@ - struct stat st; - pid_t pid; - const char *cmd = "/sbin/modprobe"; -+ char *env = (char*)NULL; - struct timespec req = { 0, 100000000 }; /* 100 msec */ - fuse_fstype fstype; - - if (!stat(cmd, &st) && !geteuid()) { - pid = fork(); - if (!pid) { -- execl(cmd, cmd, "fuse", NULL); -+ execle(cmd, cmd, "fuse", NULL, &env); - _exit(1); - } else if (pid != -1) - waitpid(pid, NULL, 0); -- cgit 1.4.1 From 149f66882125fbf656f194690f6178dfcc8104a1 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 5 Aug 2017 17:56:49 -0400 Subject: gnu: texlive: Update to 2017. * gnu/packages/tex.scm (texlive, texlive-texmf): Update to 2017. (texlive-texmf-src): Update to 20170524. Remove 'texlive-texmf-CVE-2016-10243.patch'. (texlive-bin, texlive-extra-src): Update to 20170524. * gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/texlive-texmf-CVE-2016-10243.patch | 18 ------------------ gnu/packages/tex.scm | 22 +++++++++++----------- 3 files changed, 11 insertions(+), 30 deletions(-) delete mode 100644 gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index acdadd6294..e7a870549e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1022,7 +1022,6 @@ dist_patch_DATA = \ %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \ %D%/packages/patches/teensy-loader-cli-help.patch \ %D%/packages/patches/teeworlds-use-latest-wavpack.patch \ - %D%/packages/patches/texlive-texmf-CVE-2016-10243.patch \ %D%/packages/patches/texi2html-document-encoding.patch \ %D%/packages/patches/texi2html-i18n.patch \ %D%/packages/patches/thefuck-test-environ.patch \ diff --git a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch b/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch deleted file mode 100644 index 3a9ae993f6..0000000000 --- a/gnu/packages/patches/texlive-texmf-CVE-2016-10243.patch +++ /dev/null @@ -1,18 +0,0 @@ -Fix CVE-2016-10243: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10243 - -Patch adapted from upstream commit: - -https://www.tug.org/svn/texlive?view=revision&revision=42605 - ---- trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:10:33 42604 -+++ trunk/Master/texmf-dist/web2c/texmf.cnf 2016/11/29 23:27:53 42605 -@@ -568,7 +568,6 @@ extractbb,\ - gregorio,\ - kpsewhich,\ - makeindex,\ --mpost,\ - repstopdf,\ - - % we'd like to allow: diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm index 729f9c01bf..60b4a837b3 100644 --- a/gnu/packages/tex.scm +++ b/gnu/packages/tex.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2016 Federico Beffa ;;; Copyright © 2016 Thomas Danckaert ;;; Copyright © 2016, 2017 Ricardo Wurmus +;;; Copyright © 2017 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -66,29 +67,28 @@ (define texlive-extra-src (origin (method url-fetch) - (uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523-extra.tar.xz") + (uri "ftp://tug.org/historic/systems/texlive/2017/texlive-20170524-extra.tar.xz") (sha256 (base32 - "0q4a92zmwhn4ry6xgrp4k8wq11ax2sg9rg9yrsrdkr719y0x887a")))) + "0zvd2zskk78ig114mfj24g15qys41hzqv59fmqpirdbgq9c9gr5g")))) (define texlive-texmf-src (origin (method url-fetch) - (uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523b-texmf.tar.xz") - (patches (search-patches "texlive-texmf-CVE-2016-10243.patch")) - (patch-flags '("-p2")) + (uri "ftp://tug.org/historic/systems/texlive/2017/texlive-20170524-texmf.tar.xz") (sha256 (base32 - "1dv8vgfzpczqw82hv9g7a8djhhyzywljmrarlcyy6g2qi5q51glr")))) + "1v69y3kgkbk24f7s4dfkknwd317mqmck5jgpyb35wqgqfy5p0qrz")))) (define-public texlive-bin (package (name "texlive-bin") - (version "2016") + (version "20170524") (source (origin (method url-fetch) - (uri "ftp://tug.org/historic/systems/texlive/2016/texlive-20160523b-source.tar.xz") + (uri (string-append "ftp://tug.org/historic/systems/texlive/2017/" + "texlive-" version "-source.tar.xz")) (sha256 (base32 - "1v91vahxlxkdra0qz3f132vvx5d9cx2jy84yl1hkch0agyj2rcx8")))) + "1amjrxyasplv4alfwcxwnw4nrx7dz2ydmddkq16k6hg90i9njq81")))) (build-system gnu-build-system) (inputs `(("texlive-extra-src" ,texlive-extra-src) @@ -3808,7 +3808,7 @@ directly generate PDF documents instead of DVI.") (define texlive-texmf (package (name "texlive-texmf") - (version "2016") + (version "2017") (source texlive-texmf-src) (build-system gnu-build-system) (inputs @@ -3880,7 +3880,7 @@ This package contains the complete tree of texmf-dist data.") (define-public texlive (package (name "texlive") - (version "2016") + (version "2017") (source #f) (build-system trivial-build-system) (inputs `(("bash" ,bash) ; for wrap-program -- cgit 1.4.1 From 63755fcd65bc76240cf447aa4f6b282cff76ff57 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Mon, 7 Aug 2017 18:39:44 +1000 Subject: gnu: ruby-puma: Update to 3.9.1. * gnu/packages/ruby.scm (ruby-puma): Update to 3.9.1. [source]: Remove patch. [arguments]: Disable tests. [native-inputs]: Remove field. * gnu/packages/patches/ruby-puma-ignore-broken-test.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/ruby-puma-ignore-broken-test.patch | 13 ------------ gnu/packages/ruby.scm | 23 ++++------------------ 3 files changed, 4 insertions(+), 33 deletions(-) delete mode 100644 gnu/packages/patches/ruby-puma-ignore-broken-test.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 8c00b00208..090ce77c76 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1006,7 +1006,6 @@ dist_patch_DATA = \ %D%/packages/patches/rsem-makefile.patch \ %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \ %D%/packages/patches/ruby-concurrent-test-arm.patch \ - %D%/packages/patches/ruby-puma-ignore-broken-test.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ %D%/packages/patches/rxvt-unicode-escape-sequences.patch \ diff --git a/gnu/packages/patches/ruby-puma-ignore-broken-test.patch b/gnu/packages/patches/ruby-puma-ignore-broken-test.patch deleted file mode 100644 index 8961ffa4ca..0000000000 --- a/gnu/packages/patches/ruby-puma-ignore-broken-test.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/test/test_cli.rb b/test/test_cli.rb -index 9c515c6..6bd439f 100644 ---- a/test/test_cli.rb -+++ b/test/test_cli.rb -@@ -88,7 +88,7 @@ class TestCLI < Test::Unit::TestCase - s << "GET /stats HTTP/1.0\r\n\r\n" - body = s.read - -- assert_match(/\{ "workers": 2, "phase": 0, "booted_workers": 0, "old_workers": 0, "worker_status": \[\{ "pid": \d+, "index": 0, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \},\{ "pid": \d+, "index": 1, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \}\] \}/, body.split("\r\n").last) -+ #assert_match(/\{ "workers": 2, "phase": 0, "booted_workers": 0, "old_workers": 0, "worker_status": \[\{ "pid": \d+, "index": 0, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \},\{ "pid": \d+, "index": 1, "phase": 0, "booted": false, "last_checkin": "[^"]+", "last_status": \{\} \}\] \}/, body.split("\r\n").last) - - # wait until the first status ping has come through - sleep 6 diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 29677dc025..7d9d51f490 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -4029,7 +4029,7 @@ part of the Prawn PDF generator.") (define-public ruby-puma (package (name "ruby-puma") - (version "3.6.0") + (version "3.9.1") (source (origin (method url-fetch) @@ -4039,32 +4039,17 @@ part of the Prawn PDF generator.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "08aws79n9slcr50d9lwm011cp1pxvr1409c2jmyjxywvrc0a30v1")) - ;; Ignore broken tests reported upstream. - ;; https://github.com/puma/puma/issues/995 - ;; https://github.com/puma/puma/issues/1044 - (patches (search-patches "ruby-puma-ignore-broken-test.patch")))) + "03pifga841h17brh4vgia8i2ybh3cmsyg0dbybzdf6dq51wzcxdx")))) (build-system ruby-build-system) (arguments - `(#:phases + `(#:tests? #f ; Tests require an out-dated version of minitest. + #:phases (modify-phases %standard-phases - (add-after 'unpack 'delete-integration-tests - (lambda _ - ;; One broken test in this file cannot be easily removed in - ;; isolation, it probably causes race conditions. So we delete - ;; the entire file. - (delete-file "test/test_integration.rb") - #t)) (add-before 'build 'fix-gemspec (lambda _ (substitute* "puma.gemspec" (("git ls-files") "find * |sort")) #t))))) - (native-inputs - `(("ruby-hoe" ,ruby-hoe) - ("ruby-rake-compiler" ,ruby-rake-compiler) - ("ruby-hoe-git" ,ruby-hoe-git) - ("ruby-rack" ,ruby-rack))) (synopsis "Simple, concurrent HTTP server for Ruby/Rack") (description "Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server -- cgit 1.4.1 From e57fffad90a87d8ac38e4ac44ac5b5eb2d7bd191 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Fri, 4 Aug 2017 15:32:53 +0200 Subject: gnu: Add igraph. * gnu/packages/graph.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/packages/graph.scm | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 gnu/packages/graph.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 090ce77c76..3d79d5d22d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -184,6 +184,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/gperf.scm \ %D%/packages/gprolog.scm \ %D%/packages/gps.scm \ + %D%/packages/graph.scm \ %D%/packages/graphics.scm \ %D%/packages/graphviz.scm \ %D%/packages/groff.scm \ diff --git a/gnu/packages/graph.scm b/gnu/packages/graph.scm new file mode 100644 index 0000000000..54b0962b68 --- /dev/null +++ b/gnu/packages/graph.scm @@ -0,0 +1,62 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Ricardo Wurmus +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages graph) + #:use-module (guix download) + #:use-module (guix packages) + #:use-module (guix build-system gnu) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (gnu packages) + #:use-module (gnu packages compression) + #:use-module (gnu packages maths) + #:use-module (gnu packages multiprecision) + #:use-module (gnu packages xml)) + +(define-public igraph + (package + (name "igraph") + (version "0.7.1") + (source + (origin + (method url-fetch) + (uri (string-append "http://igraph.org/nightly/get/c/igraph-" + version ".tar.gz")) + (sha256 + (base32 + "1pxh8sdlirgvbvsw8v65h6prn7hlm45bfsl1yfcgd6rn4w706y6r")))) + (build-system gnu-build-system) + (arguments + `(#:configure-flags + (list "--with-external-glpk" + "--with-external-blas" + "--with-external-lapack"))) + (inputs + `(("gmp" ,gmp) + ("glpk" ,glpk) + ("libxml2" ,libxml2) + ("lapack" ,lapack) + ("openblas" ,openblas) + ("zlib" ,zlib))) + (home-page "http://igraph.org") + (synopsis "Network analysis and visualization") + (description + "This package provides a library for the analysis of networks and graphs. +It can handle large graphs very well and provides functions for generating +random and regular graphs, graph visualization, centrality methods and much +more.") + (license license:gpl2+))) -- cgit 1.4.1 From c2f93e9c07c75e47078ab313ce9e0c90ff130eb1 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 10 Aug 2017 21:35:32 +0200 Subject: gnu: openjpeg: Update to 2.2.0 [security fixes]. In addition to the patches we already had (which are not mentioned in the ChangeLog, but verified by following their respective GitHub issues) this release also fixes CVE-2016-9112, CVE-2016-5139, CVE-2016-5152, CVE-2016-5158, CVE-2016-5159, CVE-2016-1626 and CVE-2016-1628. See for details. * gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch, gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/image.scm (openjpeg): Update to 2.2.0. [source](patches): Remove. * gnu/packages/gstreamer.scm (gst-plugins-bad)[arguments]: Add phase to patch hard-coded openjpeg-2.1 path. --- gnu/local.mk | 2 - gnu/packages/gstreamer.scm | 11 +- gnu/packages/image.scm | 6 +- .../openjpeg-CVE-2016-9572-CVE-2016-9573.patch | 233 -------------------- .../openjpeg-CVE-2016-9850-CVE-2016-9851.patch | 245 --------------------- 5 files changed, 12 insertions(+), 485 deletions(-) delete mode 100644 gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3d79d5d22d..b1ff72d6a6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -888,8 +888,6 @@ dist_patch_DATA = \ %D%/packages/patches/ola-readdir-r.patch \ %D%/packages/patches/openscenegraph-ffmpeg3.patch \ %D%/packages/patches/openexr-missing-samples.patch \ - %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch \ - %D%/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch \ %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm index 69b8ffabee..97fd52e160 100644 --- a/gnu/packages/gstreamer.scm +++ b/gnu/packages/gstreamer.scm @@ -275,7 +275,16 @@ developers consider to have good quality code and correct functionality.") #:configure-flags (list (string-append "--with-html-dir=" (assoc-ref %outputs "doc") - "/share/gtk-doc/html")))) + "/share/gtk-doc/html")) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-openjpeg-reference + (lambda _ + ;; Remove hard-coded openjpeg-2.1 path. 2.2 is API- and + ;; ABI-compatible. + (substitute* "ext/openjpeg/gstopenjpeg.h" + ((" -Date: Mon, 28 Nov 2016 21:57:20 +0100 -Subject: [PATCH] Changes for issues #863 and #862 - ---- - src/bin/jp2/convert.c | 59 +++++++++++++++++++++++++++++++++++++++----- - src/bin/jp2/convertbmp.c | 29 +++++++++++++++++++++- - src/bin/jp2/opj_decompress.c | 2 +- - src/lib/openjp2/j2k.c | 11 ++++++--- - 4 files changed, 90 insertions(+), 11 deletions(-) - -diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c -index deee4f6..6a3f65b 100644 ---- a/src/bin/jp2/convert.c -+++ b/src/bin/jp2/convert.c -@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) { - for (i = 0; i < image->numcomps-1; i++) { - if ((image->comps[0].dx != image->comps[i+1].dx) - ||(image->comps[0].dy != image->comps[i+1].dy) -- ||(image->comps[0].prec != image->comps[i+1].prec)) { -+ ||(image->comps[0].prec != image->comps[i+1].prec) -+ ||(image->comps[0].sgnd != image->comps[i+1].sgnd)) { - fclose(fdest); - fprintf(stderr, "Unable to create a tga file with such J2K image charateristics."); - return 1; -@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) - int *red, *green, *blue, *alpha; - int wr, hr, max; - int i; -- unsigned int compno, ncomp; -+ unsigned int compno, ncomp, ui; - int adjustR, adjustG, adjustB, adjustA; - int fails, two, want_gray, has_alpha, triple; - int prec, v; -@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split) - - if(want_gray) ncomp = 1; - -+ for (ui = 1; ui < ncomp; ++ui) { -+ if (image->comps[0].dx != image->comps[ui].dx) { -+ break; -+ } -+ if (image->comps[0].dy != image->comps[ui].dy) { -+ break; -+ } -+ if (image->comps[0].prec != image->comps[ui].prec) { -+ break; -+ } -+ if (image->comps[0].sgnd != image->comps[ui].sgnd) { -+ break; -+ } -+ } -+ if (ui != ncomp) { -+ fprintf(stderr,"imagetopnm: All components\n shall have " -+ "the same subsampling, same bit depth, same sign.\n" -+ " Aborting\n"); -+ return 1; -+ } -+ - if ((force_split == 0) && - (ncomp == 2 /* GRAYA */ - || (ncomp > 2 /* RGB, RGBA */ -@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL - { - FILE *rawFile = NULL; - size_t res; -- unsigned int compno; -+ unsigned int compno, numcomps; - int w, h, fails; - int line, row, curr, mask; - int *ptr; -@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL - return 1; - } - -+ numcomps = image->numcomps; -+ -+ if (numcomps > 4) { -+ numcomps = 4; -+ } -+ for (compno = 1; compno < numcomps; ++compno) { -+ if (image->comps[0].dx != image->comps[compno].dx) { -+ break; -+ } -+ if (image->comps[0].dy != image->comps[compno].dy) { -+ break; -+ } -+ if (image->comps[0].prec != image->comps[compno].prec) { -+ break; -+ } -+ if (image->comps[0].sgnd != image->comps[compno].sgnd) { -+ break; -+ } -+ } -+ if (compno != numcomps) { -+ fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n"); -+ fprintf(stderr,"\tAborting\n"); -+ return 1; -+ } -+ - rawFile = fopen(outfile, "wb"); - if (!rawFile) { - fprintf(stderr, "Failed to open %s for writing !!\n", outfile); -@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL - } - - fails = 1; -- fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps); -+ fprintf(stdout,"Raw image characteristics: %d components\n", numcomps); - -- for(compno = 0; compno < image->numcomps; compno++) -+ for(compno = 0; compno < numcomps; compno++) - { - fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w, - image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned"); -@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL - } - else if (image->comps[compno].prec <= 32) - { -- fprintf(stderr,"More than 16 bits per component no handled yet\n"); -+ fprintf(stderr,"More than 16 bits per component not handled yet\n"); - goto fin; - } - else -diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c -index ae83077..8017ba8 100644 ---- a/src/bin/jp2/convertbmp.c -+++ b/src/bin/jp2/convertbmp.c -@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) { - FILE *fdest = NULL; - int adjustR, adjustG, adjustB; - -+ { -+ unsigned int ui, ncomp = image->numcomps; -+ -+ if (ncomp > 4) { /* RGBA in bmpmask32toimage */ -+ ncomp = 4; -+ } -+ for (ui = 1; ui < ncomp; ++ui) { -+ if (image->comps[0].dx != image->comps[ui].dx) { -+ break; -+ } -+ if (image->comps[0].dy != image->comps[ui].dy) { -+ break; -+ } -+ if (image->comps[0].prec != image->comps[ui].prec) { -+ break; -+ } -+ if (image->comps[0].sgnd != image->comps[ui].sgnd) { -+ break; -+ } -+ } -+ if (ui != ncomp) { -+ fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n"); -+ fprintf(stderr,"\tAborting\n"); -+ return 1; -+ } -+ -+ } - if (image->comps[0].prec < 8) { -- fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec); -+ fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec); - return 1; - } - if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx -diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c -index 83160c3..c30079b 100644 ---- a/src/bin/jp2/opj_decompress.c -+++ b/src/bin/jp2/opj_decompress.c -@@ -1607,7 +1607,7 @@ int main(int argc, char **argv) - if(dirptr->filename_buf) free(dirptr->filename_buf); - free(dirptr); - } -- if (numDecompressedImages) { -+ if (numDecompressedImages && !failed) { - fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages)); - } - return failed ? EXIT_FAILURE : EXIT_SUCCESS; -diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c -index 66802bb..b6daa32 100644 ---- a/src/lib/openjp2/j2k.c -+++ b/src/lib/openjp2/j2k.c -@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, - i, l_img_comp->dx, l_img_comp->dy); - return OPJ_FALSE; - } -- if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ -+ if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ - opj_event_msg(p_manager, EVT_ERROR, - "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", - i, l_img_comp->prec); -@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, - /* Move data and copy one information from codec to output image*/ - for (compno = 0; compno < p_image->numcomps; compno++) { - p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded; -- p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; -+ p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; -+ -+ if(p_image->comps[compno].data == NULL) return OPJ_FALSE; -+ -+ p_j2k->m_output_image->comps[compno].data = NULL; - #if 0 - char fn[256]; - sprintf( fn, "/tmp/%d.raw", compno ); -@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, - fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug ); - fclose( debug ); - #endif -- p_j2k->m_output_image->comps[compno].data = NULL; - } - - return OPJ_TRUE; -@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile( opj_j2k_t *p_j2k, - - p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; - -+ if (p_image->comps[compno].data == NULL) return OPJ_FALSE; -+ - p_j2k->m_output_image->comps[compno].data = NULL; - } - diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch deleted file mode 100644 index 3f637fa88b..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch +++ /dev/null @@ -1,245 +0,0 @@ -From cadff5fb6e73398de26a92e96d3d7cac893af255 Mon Sep 17 00:00:00 2001 -From: szukw000 -Date: Fri, 9 Dec 2016 08:29:55 +0100 -Subject: [PATCH] These changes repair bugs of #871 and #872 - -email from http://openwall.com/lists/oss-security/2016/12/09/4 -patch is against openjpeg-2.1.2, applies cleanly to 2.1.1. - ---- - src/bin/jp2/converttif.c | 107 +++++++++++++++++++++++++++++++---------------- - 1 file changed, 70 insertions(+), 37 deletions(-) - -diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c -index 143d3be..c690f8b 100644 ---- a/src/bin/jp2/converttif.c -+++ b/src/bin/jp2/converttif.c -@@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len - - int imagetotif(opj_image_t * image, const char *outfile) - { -- int width, height; -- int bps,adjust, sgnd; -- int tiPhoto; -+ uint32 width, height, bps, tiPhoto; -+ int adjust, sgnd; - TIFF *tif; - tdata_t buf; -- tsize_t strip_size; -+ tmsize_t strip_size, rowStride; - OPJ_UINT32 i, numcomps; -- OPJ_SIZE_T rowStride; - OPJ_INT32* buffer32s = NULL; - OPJ_INT32 const* planes[4]; - convert_32s_PXCX cvtPxToCx = NULL; - convert_32sXXx_C1R cvt32sToTif = NULL; - -- bps = (int)image->comps[0].prec; -+ bps = (uint32)image->comps[0].prec; - planes[0] = image->comps[0].data; - - numcomps = image->numcomps; -@@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile) - break; - } - sgnd = (int)image->comps[0].sgnd; -- adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0; -- width = (int)image->comps[0].w; -- height = (int)image->comps[0].h; -+ adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0; -+ width = (uint32)image->comps[0].w; -+ height = (uint32)image->comps[0].h; - - TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width); - TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height); -- TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps); -+ TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps); - TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps); - TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT); - TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); -@@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile) - TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1); - - strip_size = TIFFStripSize(tif); -- rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U; -- if (rowStride != (OPJ_SIZE_T)strip_size) { -+ rowStride = (width * numcomps * bps + 7U) / 8U; -+ if (rowStride != strip_size) { - fprintf(stderr, "Invalid TIFF strip size\n"); - TIFFClose(tif); - return 1; -@@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile) - TIFFClose(tif); - return 1; - } -- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32)); -+ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32))); - if (buffer32s == NULL) { - _TIFFfree(buf); - TIFFClose(tif); -@@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - TIFF *tif; - tdata_t buf; - tstrip_t strip; -- tsize_t strip_size; -+ tmsize_t strip_size; - int j, currentPlane, numcomps = 0, w, h; - OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN; - opj_image_cmptparm_t cmptparm[4]; /* RGBA */ - opj_image_t *image = NULL; - int has_alpha = 0; -- unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC; -- unsigned int tiWidth, tiHeight; -+ uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight; - OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz); - convert_XXx32s_C1R cvtTifTo32s = NULL; - convert_32s_CXPX cvtCxToPx = NULL; - OPJ_INT32* buffer32s = NULL; - OPJ_INT32* planes[4]; -- OPJ_SIZE_T rowStride; -+ tmsize_t rowStride; - - tif = TIFFOpen(filename, "r"); - -@@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp); - TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto); - TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC); -- w= (int)tiWidth; -- h= (int)tiHeight; -- -- if(tiBps > 16U) { -- fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps); -- fprintf(stderr,"\tAborting\n"); -+ -+ if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */ -+ fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n" -+ "\tAborting.\n", tiSpp); -+ TIFFClose(tif); -+ return NULL; -+ } -+ if(tiBps > 16U || tiBps == 0) { -+ fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n" -+ "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps); - TIFFClose(tif); - return NULL; - } - if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) { -- fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); -+ fprintf(stderr,"tiftoimage: Bad color format %d.\n" -+ "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); - fprintf(stderr,"\tAborting\n"); - TIFFClose(tif); - return NULL; - } -- -+ if(tiWidth == 0 || tiHeight == 0) { -+ fprintf(stderr,"tiftoimage: Bad values for width(%u) " -+ "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight); -+ TIFFClose(tif); -+ return NULL; -+ } -+ w= (int)tiWidth; -+ h= (int)tiHeight; -+ - switch (tiBps) { - case 1: - case 2: -@@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - - TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES, - &extrasamples, &sampleinfo); -- -+ - if(extrasamples >= 1) - { - switch(sampleinfo[0]) -@@ -1333,7 +1343,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - else /* extrasamples == 0 */ - if(tiSpp == 4 || tiSpp == 2) has_alpha = 1; - } -- -+ - /* initialize image components */ - memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t)); - -@@ -1346,7 +1356,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - } else { - is_cinema = 0U; - } -- -+ - if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */ - { - numcomps = 3 + has_alpha; -@@ -1384,10 +1394,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - image->x0 = (OPJ_UINT32)parameters->image_offset_x0; - image->y0 = (OPJ_UINT32)parameters->image_offset_y0; - image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 : -- image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; -+ image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; -+ if(image->x1 <= image->x0) { -+ fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. " -+ "image->x0(%d)\n\tAborting.\n",image->x1,image->x0); -+ TIFFClose(tif); -+ opj_image_destroy(image); -+ return NULL; -+ } - image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 : -- image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; -- -+ image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; -+ if(image->y1 <= image->y0) { -+ fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. " -+ "image->y0(%d)\n\tAborting.\n",image->y1,image->y0); -+ TIFFClose(tif); -+ opj_image_destroy(image); -+ return NULL; -+ } -+ - for(j = 0; j < numcomps; j++) - { - planes[j] = image->comps[j].data; -@@ -1395,15 +1419,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1)); - - strip_size = TIFFStripSize(tif); -- -+ - buf = _TIFFmalloc(strip_size); - if (buf == NULL) { - TIFFClose(tif); - opj_image_destroy(image); - return NULL; - } -- rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U; -- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32)); -+ rowStride = (w * tiSpp * tiBps + 7U) / 8U; -+ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32))); - if (buffer32s == NULL) { - _TIFFfree(buf); - TIFFClose(tif); -@@ -1421,11 +1445,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++) - { - const OPJ_UINT8 *dat8; -- OPJ_SIZE_T ssize; -+ tmsize_t ssize; - -- ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size); -+ ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size); -+ if(ssize < 1 || ssize > strip_size) { -+ fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) " -+ "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size); -+ _TIFFfree(buf); -+ _TIFFfree(buffer32s); -+ TIFFClose(tif); -+ opj_image_destroy(image); -+ return NULL; -+ } - dat8 = (const OPJ_UINT8*)buf; -- -+ - while (ssize >= rowStride) { - cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp); - cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w); -- cgit 1.4.1 From bfcdf88760e6732d43c0cd1eeb0a95c5d8681950 Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Thu, 10 Aug 2017 21:02:14 +0800 Subject: gnu: catdoc: Fix CVE-2017-11110. * gnu/packages/patches/catdoc-CVE-2017-11110.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/textutils.scm (catdoc)[source]: Use it. Signed-off-by: Marius Bakke --- gnu/local.mk | 1 + gnu/packages/patches/catdoc-CVE-2017-11110.patch | 45 ++++++++++++++++++++++++ gnu/packages/textutils.scm | 2 ++ 3 files changed, 48 insertions(+) create mode 100644 gnu/packages/patches/catdoc-CVE-2017-11110.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index b1ff72d6a6..cffb18d3a6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -534,6 +534,7 @@ dist_patch_DATA = \ %D%/packages/patches/calibre-drop-unrar.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/calibre-use-packaged-feedparser.patch \ + %D%/packages/patches/catdoc-CVE-2017-11110.patch \ %D%/packages/patches/cdparanoia-fpic.patch \ %D%/packages/patches/cdrtools-3.01-mkisofs-isoinfo.patch \ %D%/packages/patches/ceph-disable-cpu-optimizations.patch \ diff --git a/gnu/packages/patches/catdoc-CVE-2017-11110.patch b/gnu/packages/patches/catdoc-CVE-2017-11110.patch new file mode 100644 index 0000000000..71c44f60fb --- /dev/null +++ b/gnu/packages/patches/catdoc-CVE-2017-11110.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-11110: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11110 +https://bugzilla.redhat.com/show_bug.cgi?id=1468471 +https://security-tracker.debian.org/tracker/CVE-2017-11110 + +Patch copied from openSUSE: + +https://build.opensuse.org/package/view_file/openSUSE:Maintenance:6985/catdoc.openSUSE_Leap_42.2_Update/CVE-2017-11110.patch?expand=1 + +From: Andreas Stieger +Date: Mon, 10 Jul 2017 15:37:58 +0000 +References: CVE-2017-11110 http://bugzilla.suse.com/show_bug.cgi?id=1047877 + +All .doc I found had sectorSize 0x09 at offset 0x1e. Guarding it against <4. + +--- + src/ole.c | 5 +++++ + 1 file changed, 5 insertions(+) + +Index: catdoc-0.95/src/ole.c +=================================================================== +--- catdoc-0.95.orig/src/ole.c 2016-05-25 06:37:12.000000000 +0200 ++++ catdoc-0.95/src/ole.c 2017-07-10 17:42:33.578308107 +0200 +@@ -106,6 +106,11 @@ FILE* ole_init(FILE *f, void *buffer, si + return NULL; + } + sectorSize = 1<= 4 for CVE-2017-11110 */ + 1, sectorSize, newfile) != sectorSize) { + fprintf(stderr, "Error read MSAT!\n"); + ole_finish(); diff --git a/gnu/packages/textutils.scm b/gnu/packages/textutils.scm index e8ae30cd6d..537d013345 100644 --- a/gnu/packages/textutils.scm +++ b/gnu/packages/textutils.scm @@ -12,6 +12,7 @@ ;;; Copyright © 2017 Rene Saavedra ;;; Copyright © 2017 Hartmut Goebel ;;; Copyright © 2017 Kei Kebreau +;;; Copyright © 2017 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -409,6 +410,7 @@ runs Word\".") (method url-fetch) (uri (string-append "http://ftp.wagner.pp.ru/pub/catdoc/" "catdoc-" version ".tar.gz")) + (patches (search-patches "catdoc-CVE-2017-11110.patch")) (sha256 (base32 "15h7v3bmwfk4z8r78xs5ih6vd0pskn0rj90xghvbzdjj0cc88jji")))) -- cgit 1.4.1 From 06465d2ba4291eb2046c90c3977a295a9b7c434b Mon Sep 17 00:00:00 2001 From: Peter Mikkelsen Date: Sun, 13 Aug 2017 00:04:04 +0200 Subject: gnu: Add mpd service. * doc/guix.texi: Add documentation. * gnu/services/audio.scm (): New record type. (mpd-service-type): New service type. * gnu/tests/audio.scm: New file. * gnu/local.mk: Add new files. Signed-off-by: Christopher Baines --- doc/guix.texi | 54 +++++++++++++++++++++++++++++++ gnu/local.mk | 2 ++ gnu/services/audio.scm | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++ gnu/tests/audio.scm | 78 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 220 insertions(+) create mode 100644 gnu/services/audio.scm create mode 100644 gnu/tests/audio.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index 02933c82ca..94277ba396 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -227,6 +227,7 @@ Services * Network File System:: NFS related services. * Continuous Integration:: The Cuirass service. * Power management Services:: The TLP tool. +* Audio Services:: The MPD. * Miscellaneous Services:: Other services. Defining Services @@ -9035,6 +9036,7 @@ declaration. * Network File System:: NFS related services. * Continuous Integration:: The Cuirass service. * Power management Services:: The TLP tool. +* Audio Services:: The MPD. * Miscellaneous Services:: Other services. @end menu @@ -15635,6 +15637,58 @@ Package object of thermald. @end table @end deftp +@node Audio Services +@subsubsection Audio Services + +The @code{(gnu services audio)} module provides a service to start MPD +(the Music Player Daemon). + +@cindex mpd +@subsubheading Music Player Daemon + +The Music Player Daemon (MPD) is a service that can play music while +being controlled from the local machine or over the network by a variety +of clients. + +The following example shows how one might run @code{mpd} as user +@code{"bob"} on port @code{6666}. It uses pulseaudio for output. + +@example +(service mpd-service-type + (mpd-configuration + (user "bob") + (port "6666"))) +@end example + +@defvr {Scheme Variable} mpd-service-type +The service type for @command{mpd} +@end defvr + +@deftp {Data Type} mpd-configuration +Data type representing the configuration of @command{mpd}. + +@table @asis +@item @code{user} (default: @code{"mpd"}) +The user to run mpd as. + +@item @code{music-dir} (default: @code{"~/Music"}) +The directory to scan for music files. + +@item @code{playlist-dir} (default: @code{"~/.mpd/playlists"}) +The directory to store playlists. + +@item @code{pid-file} (default: @code{"/var/run/mpd.pid"}) +The file mpd wil store its PID. This must be an absolute path. + +@item @code{port} (default: @code{"6600"}) +The port to run mpd on. + +@item @code{address} (default: @code{"any"}) +The address that mpd will bind to. To use a Unix domain socket, +an absolute path can be specified here. + +@end table +@end deftp @node Miscellaneous Services @subsubsection Miscellaneous Services diff --git a/gnu/local.mk b/gnu/local.mk index cffb18d3a6..c12fd85594 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -426,6 +426,7 @@ GNU_SYSTEM_MODULES = \ \ %D%/services.scm \ %D%/services/admin.scm \ + %D%/services/audio.scm \ %D%/services/avahi.scm \ %D%/services/base.scm \ %D%/services/configuration.scm \ @@ -481,6 +482,7 @@ GNU_SYSTEM_MODULES = \ \ %D%/tests.scm \ %D%/tests/admin.scm \ + %D%/tests/audio.scm \ %D%/tests/base.scm \ %D%/tests/databases.scm \ %D%/tests/dict.scm \ diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm new file mode 100644 index 0000000000..22814a6c09 --- /dev/null +++ b/gnu/services/audio.scm @@ -0,0 +1,86 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Peter Mikkelsen +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services audio) + #:use-module (guix gexp) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu packages mpd) + #:use-module (guix records) + #:use-module (ice-9 match) + #:export (mpd-configuration + mpd-configuration? + mpd-service-type)) + +;;; Commentary: +;;; +;;; Audio related services +;;; +;;; Code: + +(define-record-type* + mpd-configuration make-mpd-configuration + mpd-configuration? + (user mpd-configuration-user + (default "mpd")) + (music-dir mpd-configuration-music-dir + (default "~/Music")) + (playlist-dir mpd-configuration-playlist-dir + (default "~/.mpd/playlists")) + (port mpd-configuration-port + (default "6600")) + (address mpd-configuration-address + (default "any")) + (pid-file mpd-configuration-pid-file + (default "/var/run/mpd.pid"))) + +(define (mpd-config->file config) + (apply + mixed-text-file "mpd.conf" + "audio_output {\n" + " type \"pulse\"\n" + " name \"MPD\"\n" + "}\n" + (map (match-lambda + ((config-name config-val) + (string-append config-name " \"" (config-val config) "\"\n"))) + `(("user" ,mpd-configuration-user) + ("music_directory" ,mpd-configuration-music-dir) + ("playlist_directory" ,mpd-configuration-playlist-dir) + ("port" ,mpd-configuration-port) + ("bind_to_address" ,mpd-configuration-address) + ("pid_file" ,mpd-configuration-pid-file))))) + +(define (mpd-service config) + (shepherd-service + (documentation "Run the MPD (Music Player Daemon)") + (provision '(mpd)) + (start #~(make-forkexec-constructor + (list #$(file-append mpd "/bin/mpd") + "--no-daemon" + #$(mpd-config->file config)) + #:pid-file #$(mpd-configuration-pid-file config))) + (stop #~(make-kill-destructor)))) + +(define mpd-service-type + (service-type + (name 'mpd) + (extensions + (list (service-extension shepherd-root-service-type + (compose list mpd-service)))) + (default-value (mpd-configuration)))) diff --git a/gnu/tests/audio.scm b/gnu/tests/audio.scm new file mode 100644 index 0000000000..8eadaf02e1 --- /dev/null +++ b/gnu/tests/audio.scm @@ -0,0 +1,78 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Peter Mikkelsen +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests audio) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services audio) + #:use-module (gnu packages mpd) + #:use-module (guix gexp) + #:export (%test-mpd)) + +(define %mpd-os + (simple-operating-system + (service mpd-service-type + (mpd-configuration + (user "root"))))) + +(define (run-mpd-test) + "Run tests in %mpd-os, which has mpd running." + (define os + (marionette-operating-system + %mpd-os + #:imported-modules '((gnu services herd)))) + + (define vm + (virtual-machine os)) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (gnu build marionette)) + (define marionette + (make-marionette (list #$vm))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "mpd") + + (test-assert "service is running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'mpd)) + marionette)) + + (test-assert "mpc connect" + (marionette-eval + '(zero? (system #$(file-append mpd-mpc "/bin/mpc"))) + marionette)) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + (gexp->derivation "mpd-test" test)) + +(define %test-mpd + (system-test + (name "mpd") + (description "Test that the mpd can run and be connected to.") + (value (run-mpd-test)))) -- cgit 1.4.1 From d5daf6fbe06ad7a5e0bfc8100584f1ac33a9f2a9 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 13 Aug 2017 16:46:41 +0200 Subject: gnu: curl: Fix i686 test failure. * gnu/packages/patches/curl-bounds-check.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/curl.scm (curl-7.55.0)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/curl.scm | 1 + gnu/packages/patches/curl-bounds-check.patch | 19 +++++++++++++++++++ 3 files changed, 21 insertions(+) create mode 100644 gnu/packages/patches/curl-bounds-check.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index c12fd85594..1e750ab44a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -567,6 +567,7 @@ dist_patch_DATA = \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/csound-header-ordering.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ + %D%/packages/patches/curl-bounds-check.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \ %D%/packages/patches/dblatex-remove-multirow.patch \ diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index d6e32e4389..3f6335ae87 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -132,6 +132,7 @@ tunneling, and so on.") (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.xz")) + (patches (search-patches "curl-bounds-check.patch")) (sha256 (base32 "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd")))) diff --git a/gnu/packages/patches/curl-bounds-check.patch b/gnu/packages/patches/curl-bounds-check.patch new file mode 100644 index 0000000000..4b8ff65304 --- /dev/null +++ b/gnu/packages/patches/curl-bounds-check.patch @@ -0,0 +1,19 @@ +Fix test failure on some 32-bit platforms. + +Patch copied from upstream source repository: + +https://github.com/curl/curl/commit/45a560390c4356bcb81d933bbbb229c8ea2acb63 + +diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c +index b9dedc989e..85c5e79a7e 100644 +--- a/src/tool_paramhlp.c ++++ b/src/tool_paramhlp.c +@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) + num = strtod(str, &endptr); + if(errno == ERANGE) + return PARAM_NUMBER_TOO_LARGE; +- if((long)num > max) { ++ if(num > max) { + /* too large */ + return PARAM_NUMBER_TOO_LARGE; + } -- cgit 1.4.1 From f152208b0da26ab9d3f85baaf74e1356699f8aea Mon Sep 17 00:00:00 2001 From: Alex Vong Date: Sun, 13 Aug 2017 19:42:59 +0800 Subject: gnu: qemu: Fix CVE-2017-{10664,10806,10911,11434}. * gnu/packages/patches/qemu-CVE-2017-10664.patch, gnu/packages/patches/qemu-CVE-2017-10806.patch, gnu/packages/patches/qemu-CVE-2017-10911.patch, gnu/packages/patches/qemu-CVE-2017-11434.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/virtualization.scm (qemu)[source]: Use them. Signed-off-by: Marius Bakke --- gnu/local.mk | 4 + gnu/packages/patches/qemu-CVE-2017-10664.patch | 27 +++++++ gnu/packages/patches/qemu-CVE-2017-10806.patch | 38 +++++++++ gnu/packages/patches/qemu-CVE-2017-10911.patch | 106 +++++++++++++++++++++++++ gnu/packages/patches/qemu-CVE-2017-11434.patch | 25 ++++++ gnu/packages/virtualization.scm | 7 +- 6 files changed, 206 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/qemu-CVE-2017-10664.patch create mode 100644 gnu/packages/patches/qemu-CVE-2017-10806.patch create mode 100644 gnu/packages/patches/qemu-CVE-2017-10911.patch create mode 100644 gnu/packages/patches/qemu-CVE-2017-11434.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1e750ab44a..ec37f81b0f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -989,7 +989,11 @@ dist_patch_DATA = \ %D%/packages/patches/qemu-CVE-2017-8379.patch \ %D%/packages/patches/qemu-CVE-2017-8380.patch \ %D%/packages/patches/qemu-CVE-2017-9524.patch \ + %D%/packages/patches/qemu-CVE-2017-10664.patch \ + %D%/packages/patches/qemu-CVE-2017-10806.patch \ + %D%/packages/patches/qemu-CVE-2017-10911.patch \ %D%/packages/patches/qemu-CVE-2017-11334.patch \ + %D%/packages/patches/qemu-CVE-2017-11434.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2017-10664.patch b/gnu/packages/patches/qemu-CVE-2017-10664.patch new file mode 100644 index 0000000000..2b60de3dca --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-10664.patch @@ -0,0 +1,27 @@ +Fix CVE-2017-10664: + +https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html +https://bugzilla.redhat.com/show_bug.cgi?id=1466190 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10664 +https://security-tracker.debian.org/tracker/CVE-2017-10664 + +Patch copied from upstream source repository: + +https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1 + +diff --git a/qemu-nbd.c b/qemu-nbd.c +index 9464a0461c..4dd3fd4732 100644 +--- a/qemu-nbd.c ++++ b/qemu-nbd.c +@@ -581,6 +581,10 @@ int main(int argc, char **argv) + sa_sigterm.sa_handler = termsig_handler; + sigaction(SIGTERM, &sa_sigterm, NULL); + ++#ifdef CONFIG_POSIX ++ signal(SIGPIPE, SIG_IGN); ++#endif ++ + module_call_init(MODULE_INIT_TRACE); + qcrypto_init(&error_fatal); + + diff --git a/gnu/packages/patches/qemu-CVE-2017-10806.patch b/gnu/packages/patches/qemu-CVE-2017-10806.patch new file mode 100644 index 0000000000..ebf782fe7b --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-10806.patch @@ -0,0 +1,38 @@ +Fix CVE-2017-10806: + +https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html +https://bugzilla.redhat.com/show_bug.cgi?id=1468496 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806 +https://security-tracker.debian.org/tracker/CVE-2017-10806 + +Patch copied from upstream source repository: + +https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bd4a683505b27adc1ac809f71e918e58573d851d + +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c +index b001a27f05..ad5ef783a6 100644 +--- a/hw/usb/redirect.c ++++ b/hw/usb/redirect.c +@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg) + static void usbredir_log_data(USBRedirDevice *dev, const char *desc, + const uint8_t *data, int len) + { +- int i, j, n; +- + if (dev->debug < usbredirparser_debug_data) { + return; + } +- +- for (i = 0; i < len; i += j) { +- char buf[128]; +- +- n = sprintf(buf, "%s", desc); +- for (j = 0; j < 8 && i + j < len; j++) { +- n += sprintf(buf + n, " %02X", data[i + j]); +- } +- error_report("%s", buf); +- } ++ qemu_hexdump((char *)data, stderr, desc, len); + } + + /* diff --git a/gnu/packages/patches/qemu-CVE-2017-10911.patch b/gnu/packages/patches/qemu-CVE-2017-10911.patch new file mode 100644 index 0000000000..1dcb860a2d --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-10911.patch @@ -0,0 +1,106 @@ +Fix CVE-2017-10911: + +https://xenbits.xen.org/xsa/advisory-216.html +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911 +https://security-tracker.debian.org/tracker/CVE-2017-10911 + +Patch copied from Xen Security Advisory: + +https://xenbits.xen.org/xsa/xsa216-qemuu.patch + +--- a/hw/block/xen_blkif.h ++++ b/hw/block/xen_blkif.h +@@ -14,9 +14,6 @@ + struct blkif_common_request { + char dummy; + }; +-struct blkif_common_response { +- char dummy; +-}; + + /* i386 protocol version */ + #pragma pack(push, 4) +@@ -36,13 +33,7 @@ struct blkif_x86_32_request_discard { + blkif_sector_t sector_number; /* start sector idx on disk (r/w only) */ + uint64_t nr_sectors; /* # of contiguous sectors to discard */ + }; +-struct blkif_x86_32_response { +- uint64_t id; /* copied from request */ +- uint8_t operation; /* copied from request */ +- int16_t status; /* BLKIF_RSP_??? */ +-}; + typedef struct blkif_x86_32_request blkif_x86_32_request_t; +-typedef struct blkif_x86_32_response blkif_x86_32_response_t; + #pragma pack(pop) + + /* x86_64 protocol version */ +@@ -62,20 +53,14 @@ struct blkif_x86_64_request_discard { + blkif_sector_t sector_number; /* start sector idx on disk (r/w only) */ + uint64_t nr_sectors; /* # of contiguous sectors to discard */ + }; +-struct blkif_x86_64_response { +- uint64_t __attribute__((__aligned__(8))) id; +- uint8_t operation; /* copied from request */ +- int16_t status; /* BLKIF_RSP_??? */ +-}; + typedef struct blkif_x86_64_request blkif_x86_64_request_t; +-typedef struct blkif_x86_64_response blkif_x86_64_response_t; + + DEFINE_RING_TYPES(blkif_common, struct blkif_common_request, +- struct blkif_common_response); ++ struct blkif_response); + DEFINE_RING_TYPES(blkif_x86_32, struct blkif_x86_32_request, +- struct blkif_x86_32_response); ++ struct blkif_response QEMU_PACKED); + DEFINE_RING_TYPES(blkif_x86_64, struct blkif_x86_64_request, +- struct blkif_x86_64_response); ++ struct blkif_response); + + union blkif_back_rings { + blkif_back_ring_t native; +--- a/hw/block/xen_disk.c ++++ b/hw/block/xen_disk.c +@@ -769,31 +769,30 @@ static int blk_send_response_one(struct + struct XenBlkDev *blkdev = ioreq->blkdev; + int send_notify = 0; + int have_requests = 0; +- blkif_response_t resp; +- void *dst; +- +- resp.id = ioreq->req.id; +- resp.operation = ioreq->req.operation; +- resp.status = ioreq->status; ++ blkif_response_t *resp; + + /* Place on the response ring for the relevant domain. */ + switch (blkdev->protocol) { + case BLKIF_PROTOCOL_NATIVE: +- dst = RING_GET_RESPONSE(&blkdev->rings.native, blkdev->rings.native.rsp_prod_pvt); ++ resp = RING_GET_RESPONSE(&blkdev->rings.native, ++ blkdev->rings.native.rsp_prod_pvt); + break; + case BLKIF_PROTOCOL_X86_32: +- dst = RING_GET_RESPONSE(&blkdev->rings.x86_32_part, +- blkdev->rings.x86_32_part.rsp_prod_pvt); ++ resp = RING_GET_RESPONSE(&blkdev->rings.x86_32_part, ++ blkdev->rings.x86_32_part.rsp_prod_pvt); + break; + case BLKIF_PROTOCOL_X86_64: +- dst = RING_GET_RESPONSE(&blkdev->rings.x86_64_part, +- blkdev->rings.x86_64_part.rsp_prod_pvt); ++ resp = RING_GET_RESPONSE(&blkdev->rings.x86_64_part, ++ blkdev->rings.x86_64_part.rsp_prod_pvt); + break; + default: +- dst = NULL; + return 0; + } +- memcpy(dst, &resp, sizeof(resp)); ++ ++ resp->id = ioreq->req.id; ++ resp->operation = ioreq->req.operation; ++ resp->status = ioreq->status; ++ + blkdev->rings.common.rsp_prod_pvt++; + + RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blkdev->rings.common, send_notify); diff --git a/gnu/packages/patches/qemu-CVE-2017-11434.patch b/gnu/packages/patches/qemu-CVE-2017-11434.patch new file mode 100644 index 0000000000..4da701a73d --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-11434.patch @@ -0,0 +1,25 @@ +Fix CVE-2017-11434: + +https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html +https://bugzilla.redhat.com/show_bug.cgi?id=1472611 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434 +https://security-tracker.debian.org/tracker/CVE-2017-11434 + +Patch copied from upstream source repository: + +https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=413d463f43fbc4dd3a601e80a5724aa384a265a0 + +diff --git a/slirp/bootp.c b/slirp/bootp.c +index 5a4646c182..5dd1a415b5 100644 +--- a/slirp/bootp.c ++++ b/slirp/bootp.c +@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type, + if (p >= p_end) + break; + len = *p++; ++ if (p + len > p_end) { ++ break; ++ } + DPRINTF("dhcp: tag=%d len=%d\n", tag, len); + + switch(tag) { diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 49998120d2..ab364cd1fb 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2015, 2016, 2017 Mark H Weaver ;;; Copyright © 2016, 2017 Efraim Flashner ;;; Copyright © 2016 Ricardo Wurmus +;;; Copyright © 2017 Alex Vong ;;; ;;; This file is part of GNU Guix. ;;; @@ -82,7 +83,11 @@ "qemu-CVE-2017-8379.patch" "qemu-CVE-2017-8380.patch" "qemu-CVE-2017-9524.patch" - "qemu-CVE-2017-11334.patch")) + "qemu-CVE-2017-10664.patch" + "qemu-CVE-2017-10806.patch" + "qemu-CVE-2017-10911.patch" + "qemu-CVE-2017-11334.patch" + "qemu-CVE-2017-11434.patch")) (sha256 (base32 "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h")))) -- cgit 1.4.1 From 15428168eaf06ce54aa3f8ed8eec819d6bbdefec Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 14 Aug 2017 12:27:01 -0400 Subject: gnu: cvs: Fix CVE-2017-12836. * gnu/packages/patches/cvs-2017-12836.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/version-control.scm (cvs)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/cvs-2017-12836.patch | 45 +++++++++++++++++++++++++++++++ gnu/packages/version-control.scm | 1 + 3 files changed, 47 insertions(+) create mode 100644 gnu/packages/patches/cvs-2017-12836.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index ec37f81b0f..97e876a507 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -569,6 +569,7 @@ dist_patch_DATA = \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/curl-bounds-check.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ + %D%/packages/patches/cvs-2017-12836.patch \ %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \ %D%/packages/patches/dblatex-remove-multirow.patch \ %D%/packages/patches/dbus-helper-search-path.patch \ diff --git a/gnu/packages/patches/cvs-2017-12836.patch b/gnu/packages/patches/cvs-2017-12836.patch new file mode 100644 index 0000000000..507ab0f7d0 --- /dev/null +++ b/gnu/packages/patches/cvs-2017-12836.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-12836: + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836 +https://security-tracker.debian.org/tracker/CVE-2017-12836 + +Patch adpated from Debian (comments and changelog annotations removed): + +https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094 + +From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001 +From: mirabilos +Date: Sat, 12 Aug 2017 03:17:18 +0200 +Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch + +--- + debian/changelog | 6 ++++++ + src/rsh-client.c | 10 ++++++++-- + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/src/rsh-client.c b/src/rsh-client.c +index fe0cfc4..1fc860d 100644 +--- a/src/rsh-client.c ++++ b/src/rsh-client.c +@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, + rsh_argv[i++] = argvport; + } + ++ /* Only non-option arguments from here. (CVE-2017-12836) */ ++ rsh_argv[i++] = "--"; ++ + rsh_argv[i++] = root->hostname; + rsh_argv[i++] = cvs_server; + if (readonlyfs) +@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, + *p++ = argvport; + } + ++ *p++ = "--"; ++ + *p++ = root->hostname; + *p++ = command; + *p++ = NULL; +-- +cgit v0.12 + diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 151cf0cf10..7c1f02d5ad 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -924,6 +924,7 @@ machine.") (uri (string-append "https://ftp.gnu.org/non-gnu/cvs/source/feature/" version "/cvs-" version ".tar.bz2")) + (patches (search-patches "cvs-2017-12836.patch")) (sha256 (base32 "0pjir8cwn0087mxszzbsi1gyfc6373vif96cw4q3m1x6p49kd1bq")))) -- cgit 1.4.1 From f28fea1ca729de793ad5e08deb7e6e2c7a663b0d Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 15 Aug 2017 01:08:01 +0200 Subject: gnu: e2fsprogs: Update to 1.43.5. * gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/linux.scm (e2fsprogs): Update to 1.43.5. [source]: Use patch. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 5 ++- .../patches/e2fsprogs-32bit-quota-warnings.patch | 46 ++++++++++++++++++++++ 3 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 97e876a507..b15a16b6bc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -580,6 +580,7 @@ dist_patch_DATA = \ %D%/packages/patches/doc++-segfault-fix.patch \ %D%/packages/patches/doxygen-test.patch \ %D%/packages/patches/dvd+rw-tools-add-include.patch \ + %D%/packages/patches/e2fsprogs-32bit-quota-warnings.patch \ %D%/packages/patches/elfutils-tests-ptrace.patch \ %D%/packages/patches/elixir-disable-failing-tests.patch \ %D%/packages/patches/einstein-build.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 63027d658f..212eb12775 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -680,16 +680,17 @@ slabtop, and skill.") (define-public e2fsprogs (package (name "e2fsprogs") - (version "1.43.4") + (version "1.43.5") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/linux/kernel/people/tytso/" name "/v" version "/" name "-" version ".tar.xz")) + (patches (search-patches "e2fsprogs-32bit-quota-warnings.patch")) (sha256 (base32 - "092absr4vrlqrkdf9nwh4ykj40ab6hhwrkdr6sjsccd54c8z5csl")))) + "05ssjpmy0fpv2ik6ibm1f47wr6794nf0q50r581vygrqvsd3s7r6")))) (build-system gnu-build-system) (inputs `(("util-linux" ,util-linux))) (native-inputs `(("pkg-config" ,pkg-config) diff --git a/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch b/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch new file mode 100644 index 0000000000..e7a96a2ac0 --- /dev/null +++ b/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch @@ -0,0 +1,46 @@ +Fix a test failure on 32-bit platforms. + +Patch copied from upstream source repository: + +https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=9e31a5696c4b699bf000a07b86601c1fb91c0493 + +diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c +index 00f3a40..931a839 100644 +--- a/lib/support/mkquota.c ++++ b/lib/support/mkquota.c +@@ -50,11 +50,13 @@ static void print_dquot(const char *desc, struct dquot *dq) + { + if (desc) + fprintf(stderr, "%s: ", desc); +- fprintf(stderr, "%u %ld:%ld:%ld %ld:%ld:%ld\n", +- dq->dq_id, dq->dq_dqb.dqb_curspace, +- dq->dq_dqb.dqb_bsoftlimit, dq->dq_dqb.dqb_bhardlimit, +- dq->dq_dqb.dqb_curinodes, +- dq->dq_dqb.dqb_isoftlimit, dq->dq_dqb.dqb_ihardlimit); ++ fprintf(stderr, "%u %lld:%lld:%lld %lld:%lld:%lld\n", ++ dq->dq_id, (long long) dq->dq_dqb.dqb_curspace, ++ (long long) dq->dq_dqb.dqb_bsoftlimit, ++ (long long) dq->dq_dqb.dqb_bhardlimit, ++ (long long) dq->dq_dqb.dqb_curinodes, ++ (long long) dq->dq_dqb.dqb_isoftlimit, ++ (long long) dq->dq_dqb.dqb_ihardlimit); + } + #else + static void print_dquot(const char *desc EXT2FS_ATTR((unused)), +@@ -524,11 +526,11 @@ static int scan_dquots_callback(struct dquot *dquot, void *cb_data) + dq->dq_dqb.dqb_curinodes != dquot->dq_dqb.dqb_curinodes) { + scan_data->usage_is_inconsistent = 1; + fprintf(stderr, "[QUOTA WARNING] Usage inconsistent for ID %u:" +- "actual (%ld, %ld) != expected (%ld, %ld)\n", +- dq->dq_id, dq->dq_dqb.dqb_curspace, +- dq->dq_dqb.dqb_curinodes, +- dquot->dq_dqb.dqb_curspace, +- dquot->dq_dqb.dqb_curinodes); ++ "actual (%lld, %lld) != expected (%lld, %lld)\n", ++ dq->dq_id, (long long) dq->dq_dqb.dqb_curspace, ++ (long long) dq->dq_dqb.dqb_curinodes, ++ (long long) dquot->dq_dqb.dqb_curspace, ++ (long long) dquot->dq_dqb.dqb_curinodes); + } + + if (scan_data->update_limits) { -- cgit 1.4.1 From 3837108e403d385cd0b616fb601b9942c8bb213f Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 15 Aug 2017 10:30:33 +0300 Subject: gnu: bcftools: Fix building on aarch64. * gnu/packages/patches/bcftools-regidx-unsigned-char.patch: New file. * gnu/packages/bioinformatics.scm (bcftools)[source]: Use it. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/bioinformatics.scm | 1 + gnu/packages/patches/bcftools-regidx-unsigned-char.patch | 16 ++++++++++++++++ 3 files changed, 18 insertions(+) create mode 100644 gnu/packages/patches/bcftools-regidx-unsigned-char.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index b15a16b6bc..2ab6901d8a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -527,6 +527,7 @@ dist_patch_DATA = \ %D%/packages/patches/awesome-reproducible-png.patch \ %D%/packages/patches/azr3.patch \ %D%/packages/patches/bash-completion-directories.patch \ + %D%/packages/patches/bcftools-regidx-unsigned-char.patch \ %D%/packages/patches/binutils-ld-new-dtags.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/binutils-mips-bash-bug.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 9d64294e48..17cd214a33 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -311,6 +311,7 @@ BAM files.") (sha256 (base32 "0093hkkvxmbwfaa7905s6185jymynvg42kq6sxv7fili11l5mxwz")) + (patches (search-patches "bcftools-regidx-unsigned-char.patch")) (modules '((guix build utils))) (snippet ;; Delete bundled htslib. diff --git a/gnu/packages/patches/bcftools-regidx-unsigned-char.patch b/gnu/packages/patches/bcftools-regidx-unsigned-char.patch new file mode 100644 index 0000000000..af5bc160f5 --- /dev/null +++ b/gnu/packages/patches/bcftools-regidx-unsigned-char.patch @@ -0,0 +1,16 @@ +Description: Fix test-regidx argument parsing on archs with unsigned char + On architectures where char is unsigned "c >= 0" was always true. +Author: Adrian Bunk +Bug-Debian: https://bugs.debian.org/865060 + +--- a/test/test-regidx.c ++++ b/test/test-regidx.c +@@ -336,7 +336,7 @@ + {"seed",1,0,'s'}, + {0,0,0,0} + }; +- char c; ++ int c; + int seed = (int)time(NULL); + while ((c = getopt_long(argc, argv, "hvs:",loptions,NULL)) >= 0) + { -- cgit 1.4.1 From e3b861ce3845d63e6751f3b35f289ddb9624f8e8 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 17 Aug 2017 06:45:05 +0300 Subject: gnu: python-cython: Update to 0.26. * gnu/packages/python.scm (python-cython, python2-cython): Update to 0.26. [source]: Remove patch. * gnu/packages/patches/python-cython-fix-tests-32bit.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - .../patches/python-cython-fix-tests-32bit.patch | 27 ---------------------- gnu/packages/python.scm | 7 +++--- 3 files changed, 3 insertions(+), 32 deletions(-) delete mode 100644 gnu/packages/patches/python-cython-fix-tests-32bit.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2ab6901d8a..63300e35bd 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -975,7 +975,6 @@ dist_patch_DATA = \ %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \ %D%/packages/patches/python-statsmodels-fix-tests.patch \ %D%/packages/patches/python-configobj-setuptools.patch \ - %D%/packages/patches/python-cython-fix-tests-32bit.patch \ %D%/packages/patches/python-faker-fix-build-32bit.patch \ %D%/packages/patches/python-pandas-skip-failing-tests.patch \ %D%/packages/patches/python-paste-remove-website-test.patch \ diff --git a/gnu/packages/patches/python-cython-fix-tests-32bit.patch b/gnu/packages/patches/python-cython-fix-tests-32bit.patch deleted file mode 100644 index 7ccc11dd4c..0000000000 --- a/gnu/packages/patches/python-cython-fix-tests-32bit.patch +++ /dev/null @@ -1,27 +0,0 @@ -This fixes a test failure on 32-bit platforms. - -Upstream bug URL: https://github.com/cython/cython/issues/1548 - -Patch copied from upstream source repository: - -https://github.com/cython/cython/commit/d92a718a26c9354fbf35f31a17de5c069865a447 - -From d92a718a26c9354fbf35f31a17de5c069865a447 Mon Sep 17 00:00:00 2001 -From: Robert Bradshaw -Date: Tue, 24 Jan 2017 16:57:00 -0800 -Subject: [PATCH] Normalize possible L suffix. - ---- - tests/run/cpdef_enums.pyx | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/run/cpdef_enums.pyx b/tests/run/cpdef_enums.pyx -index 167c762..c264ec5 100644 ---- a/tests/run/cpdef_enums.pyx -+++ b/tests/run/cpdef_enums.pyx -@@ -93,4 +93,4 @@ def verify_resolution_GH1533(): - 3 - """ - THREE = 100 -- return PyxEnum.THREE -+ return int(PyxEnum.THREE) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 3f5b5b980d..29bb4936bc 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -3607,15 +3607,14 @@ is designed to have a low barrier to entry.") (define-public python-cython (package (name "python-cython") - (version "0.25.2") + (version "0.26") (source (origin (method url-fetch) (uri (pypi-uri "Cython" version)) - (patches (search-patches "python-cython-fix-tests-32bit.patch")) (sha256 (base32 - "01h3lrf6d98j07iakifi81qjszh6faa37ibx7ylva1vsqbwx2hgi")))) + "0riciynnr0r68cvg6r3gbhi9x7h44pdwb7926m6n5vfs5p1f492c")))) (build-system python-build-system) ;; we need the full python package and not just the python-wrapper ;; because we need libpython3.3m.so @@ -3626,7 +3625,7 @@ is designed to have a low barrier to entry.") (modify-phases %standard-phases (add-before 'check 'set-HOME ;; some tests require access to "$HOME/.cython" - (lambda _ (setenv "HOME" "/tmp"))) + (lambda _ (setenv "HOME" "/tmp") #t)) (replace 'check (lambda _ (zero? (system* "python" "runtests.py" "-vv"))))))) (home-page "http://cython.org/") -- cgit 1.4.1 From 623cc34cd203c2299a33fb788551f9136f5e8325 Mon Sep 17 00:00:00 2001 From: Eric Bavier Date: Thu, 17 Aug 2017 21:34:37 -0500 Subject: gnu: rpm: Update to 4.13.0.1. * gnu/packages/package-management.scm (rpm): Update to 4.13.0.1 [source]: Remove patch. Use 'version-major+minor' for url. * gnu/packages/patches/rpm-CVE-2014-8118.patch: Delete patch. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/package-management.scm | 8 ++++---- gnu/packages/patches/rpm-CVE-2014-8118.patch | 25 ------------------------- 3 files changed, 4 insertions(+), 30 deletions(-) delete mode 100644 gnu/packages/patches/rpm-CVE-2014-8118.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 63300e35bd..b4acd0ca36 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1011,7 +1011,6 @@ dist_patch_DATA = \ %D%/packages/patches/reptyr-fix-gcc-7.patch \ %D%/packages/patches/ripperx-missing-file.patch \ %D%/packages/patches/rpcbind-CVE-2017-8779.patch \ - %D%/packages/patches/rpm-CVE-2014-8118.patch \ %D%/packages/patches/rsem-makefile.patch \ %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \ %D%/packages/patches/ruby-concurrent-test-arm.patch \ diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 1f65e21323..4fd13783d5 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -411,15 +411,15 @@ symlinks to the files in a common directory such as /usr/local.") (define-public rpm (package (name "rpm") - (version "4.12.0.1") + (version "4.13.0.1") (source (origin (method url-fetch) - (uri (string-append "http://rpm.org/releases/rpm-4.12.x/rpm-" + (uri (string-append "http://ftp.rpm.org/releases/rpm-" + (version-major+minor version) ".x/rpm-" version ".tar.bz2")) (sha256 (base32 - "0a82ym8phx7g0f3k6smvxnvzh7yv857l42xafk49689kzhld5pbp")) - (patches (search-patches "rpm-CVE-2014-8118.patch")))) + "03cvbwbfrhm0fa02j7828k1qp05hf2m0fradwcf2nqhrsjkppz17")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--with-external-db" ;use the system's bdb diff --git a/gnu/packages/patches/rpm-CVE-2014-8118.patch b/gnu/packages/patches/rpm-CVE-2014-8118.patch deleted file mode 100644 index 5fdb0f0eb2..0000000000 --- a/gnu/packages/patches/rpm-CVE-2014-8118.patch +++ /dev/null @@ -1,25 +0,0 @@ -Fix CVE-2014-8118 (integer overflow allowing arbitrary remote code -execution via crafted CPIO header). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118 - -Source: -https://bugzilla.redhat.com/attachment.cgi?id=962159&action=diff - -Adopted by Debian: -http://anonscm.debian.org/cgit/collab-maint/rpm.git/plain/debian/patches/CVE-2014-8118.patch - -diff --git a/lib/cpio.c b/lib/cpio.c -index 253ff0f..600633a 100644 ---- a/lib/cpio.c -+++ b/lib/cpio.c -@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int * fx) - - GET_NUM_FIELD(hdr.filesize, fsize); - GET_NUM_FIELD(hdr.namesize, nameSize); -+ if (nameSize <= 0 || nameSize > 4096) { -+ return RPMERR_BAD_HEADER; -+ } - - char name[nameSize + 1]; - read = Fread(name, nameSize, 1, cpio->fd); -- cgit 1.4.1 From c5361b7c3da564624e650d62140cb508afcb082e Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Wed, 12 Jul 2017 23:03:32 +0530 Subject: gnu: Add rtl-sdr. * gnu/packages/ham-radio.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * gnu/packages/ham-radio.scm (rtl-sdr): New variable. --- gnu/local.mk | 1 + gnu/packages/ham-radio.scm | 52 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 gnu/packages/ham-radio.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index b4acd0ca36..1abdeca830 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -196,6 +196,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/gv.scm \ %D%/packages/gxmessage.scm \ %D%/packages/haskell.scm \ + %D%/packages/ham-radio.scm \ %D%/packages/hexedit.scm \ %D%/packages/hugs.scm \ %D%/packages/hurd.scm \ diff --git a/gnu/packages/ham-radio.scm b/gnu/packages/ham-radio.scm new file mode 100644 index 0000000000..0f96553c65 --- /dev/null +++ b/gnu/packages/ham-radio.scm @@ -0,0 +1,52 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Arun Isaac +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages ham-radio) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (gnu packages libusb) + #:use-module (gnu packages pkg-config) + #:use-module (guix build-system cmake)) + +(define-public rtl-sdr + (package + (name "rtl-sdr") + (version "0.5.3") + (source + (origin + (method url-fetch) + (uri (string-append "https://cgit.osmocom.org/rtl-sdr/snapshot/rtl-sdr-" + version ".tar.xz")) + (sha256 + (base32 + "08awca3v28sa4lxym4r81pzf0la0j86wbmpyhv3xd53an9gkpjy9")))) + (build-system cmake-build-system) + (inputs + `(("libusb" ,libusb))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (arguments + `(#:configure-flags '("-DDETACH_KERNEL_DRIVER=ON") + #:tests? #f)) ; No tests + (home-page "https://osmocom.org/projects/sdr/wiki/rtl-sdr") + (synopsis "Software defined radio driver for Realtek RTL2832U") + (description "DVB-T dongles based on the Realtek RTL2832U can be used as a +cheap software defined radio, since the chip allows transferring the raw I/Q +samples to the host. @code{rtl-sdr} provides drivers for this purpose.") + (license license:gpl2+))) -- cgit 1.4.1 From c5a856d5516673c7a40c916aeb7572c4eadbede6 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Fri, 18 Aug 2017 15:49:24 +0300 Subject: gnu: xf86-video-siliconmotion: Fix building on aarch64. * gnu/packages/xorg.scm (xf86-video-siliconmotion)[source]: Add patch. * gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + .../xf86-video-siliconmotion-fix-ftbfs.patch | 171 +++++++++++++++++++++ gnu/packages/xorg.scm | 3 +- 3 files changed, 174 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1abdeca830..5e4ef72503 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1111,6 +1111,7 @@ dist_patch_DATA = \ %D%/packages/patches/xf86-video-geode-glibc-2.20.patch \ %D%/packages/patches/xf86-video-i128-remove-mibstore.patch \ %D%/packages/patches/xf86-video-mach64-glibc-2.20.patch \ + %D%/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch \ %D%/packages/patches/xf86-video-tga-remove-mibstore.patch \ %D%/packages/patches/xfce4-panel-plugins.patch \ %D%/packages/patches/xfce4-session-fix-xflock4.patch \ diff --git a/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch b/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch new file mode 100644 index 0000000000..8aeec455d7 --- /dev/null +++ b/gnu/packages/patches/xf86-video-siliconmotion-fix-ftbfs.patch @@ -0,0 +1,171 @@ +From eee8fd4c489a693344da0bba14cfa54c54610b89 Mon Sep 17 00:00:00 2001 +From: Maarten Lankhorst +Date: Thu, 9 Mar 2017 13:31:34 +0200 +Subject: [PATCH] Fix build against xorg server 1.17 on certain architectures + +Fixes at least arm64, likely also hppa, m68k, sh4. + +Signed-off-by: Maarten Lankhorst +--- + src/regsmi.h | 18 ++++++++++++++++++ + src/smi.h | 2 ++ + src/smi_driver.c | 19 +++++++++---------- + src/smilynx_crtc.c | 6 +++--- + src/smilynx_hw.c | 5 ++--- + 5 files changed, 34 insertions(+), 16 deletions(-) + +diff --git a/src/regsmi.h b/src/regsmi.h +index 5dd0320..69205ba 100644 +--- a/src/regsmi.h ++++ b/src/regsmi.h +@@ -64,8 +64,13 @@ VGAIN8_INDEX(SMIPtr pSmi, int indexPort, int dataPort, CARD8 index) + MMIO_OUT8(pSmi->IOBase, indexPort, index); + return(MMIO_IN8(pSmi->IOBase, dataPort)); + } else { ++#ifdef XSERVER_LIBPCIACCESS ++ pci_io_write8(pSmi->io, indexPort, index); ++ return pci_io_read8(pSmi->io, dataPort); ++#else + outb(pSmi->PIOBase + indexPort, index); + return(inb(pSmi->PIOBase + dataPort)); ++#endif + } + } + +@@ -76,8 +81,13 @@ VGAOUT8_INDEX(SMIPtr pSmi, int indexPort, int dataPort, CARD8 index, CARD8 data) + MMIO_OUT8(pSmi->IOBase, indexPort, index); + MMIO_OUT8(pSmi->IOBase, dataPort, data); + } else { ++#ifdef XSERVER_LIBPCIACCESS ++ pci_io_write8(pSmi->io, indexPort, index); ++ pci_io_write8(pSmi->io, dataPort, data); ++#else + outb(pSmi->PIOBase + indexPort, index); + outb(pSmi->PIOBase + dataPort, data); ++#endif + } + } + +@@ -87,7 +97,11 @@ VGAIN8(SMIPtr pSmi, int port) + if (pSmi->IOBase) { + return(MMIO_IN8(pSmi->IOBase, port)); + } else { ++#ifdef XSERVER_LIBPCIACCESS ++ return pci_io_read8(pSmi->io, port); ++#else + return(inb(pSmi->PIOBase + port)); ++#endif + } + } + +@@ -97,7 +111,11 @@ VGAOUT8(SMIPtr pSmi, int port, CARD8 data) + if (pSmi->IOBase) { + MMIO_OUT8(pSmi->IOBase, port, data); + } else { ++#ifdef XSERVER_LIBPCIACCESS ++ pci_io_write8(pSmi->io, port, data); ++#else + outb(pSmi->PIOBase + port, data); ++#endif + } + } + +diff --git a/src/smi.h b/src/smi.h +index 2742c8d..1f20a2d 100644 +--- a/src/smi.h ++++ b/src/smi.h +@@ -171,6 +171,8 @@ typedef struct + pciVideoPtr PciInfo; /* PCI info vars */ + #ifndef XSERVER_LIBPCIACCESS + PCITAG PciTag; ++#else ++ struct pci_io_handle *io; + #endif + int Chipset; /* Chip info, set using PCI + above */ +diff --git a/src/smi_driver.c b/src/smi_driver.c +index 8949cae..6bdf64d 100644 +--- a/src/smi_driver.c ++++ b/src/smi_driver.c +@@ -446,6 +446,9 @@ SMI_PreInit(ScrnInfoPtr pScrn, int flags) + pSmi->PIOBase = hwp->PIOOffset; + #else + pSmi->PIOBase = 0; ++#ifdef XSERVER_LIBPCIACCESS ++ pSmi->io = hwp->io; ++#endif + #endif + + xf86ErrorFVerb(VERBLEV, "\tSMI_PreInit vgaCRIndex=%x, vgaIOBase=%x, " +@@ -2022,16 +2025,14 @@ SMI_EnableMmio(ScrnInfoPtr pScrn) + vgaHWSetStdFuncs(hwp); + + /* Enable linear mode */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18); +- tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA); ++ tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18); + pSmi->SR18Value = tmp; /* PDR#521 */ +- outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x11); ++ VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, tmp | 0x11); + + /* Enable 2D/3D Engine and Video Processor */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x21); +- tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA); ++ tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21); + pSmi->SR21Value = tmp; /* PDR#521 */ +- outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp & ~0x03); ++ VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21, tmp & ~0x03); + } + + LEAVE(); +@@ -2050,12 +2051,10 @@ SMI_DisableMmio(ScrnInfoPtr pScrn) + vgaHWSetStdFuncs(hwp); + + /* Disable 2D/3D Engine and Video Processor */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x21); +- outb(pSmi->PIOBase + VGA_SEQ_DATA, pSmi->SR21Value); /* PDR#521 */ ++ VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21, pSmi->SR21Value); /* PDR#521 */ + + /* Disable linear mode */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18); +- outb(pSmi->PIOBase + VGA_SEQ_DATA, pSmi->SR18Value); /* PDR#521 */ ++ VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, pSmi->SR18Value); /* PDR#521 */ + } + + LEAVE(); +diff --git a/src/smilynx_crtc.c b/src/smilynx_crtc.c +index fb7183c..f4d8b4e 100644 +--- a/src/smilynx_crtc.c ++++ b/src/smilynx_crtc.c +@@ -619,9 +619,9 @@ SMILynx_CrtcModeSet_bios(xf86CrtcPtr crtc, + xf86ExecX86int10(pSmi->pInt10); + + /* Enable linear mode. */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18); +- tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA); +- outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x01); ++ VGAOUT8(pSmi, VGA_SEQ_INDEX, 0x18); ++ tmp = VGAIN8(pSmi, VGA_SEQ_DATA); ++ VGAOUT8(pSmi, VGA_SEQ_DATA, tmp | 0x01); + + /* Enable DPR/VPR registers. */ + tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21); +diff --git a/src/smilynx_hw.c b/src/smilynx_hw.c +index b2ee8a5..40aa5a4 100644 +--- a/src/smilynx_hw.c ++++ b/src/smilynx_hw.c +@@ -365,9 +365,8 @@ SMILynx_WriteMode(ScrnInfoPtr pScrn, vgaRegPtr vgaSavePtr, SMIRegPtr restore) + xf86ExecX86int10(pSmi->pInt10); + + /* Enable linear mode. */ +- outb(pSmi->PIOBase + VGA_SEQ_INDEX, 0x18); +- tmp = inb(pSmi->PIOBase + VGA_SEQ_DATA); +- outb(pSmi->PIOBase + VGA_SEQ_DATA, tmp | 0x01); ++ tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18); ++ VGAOUT8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x18, tmp | 0x01); + + /* Enable DPR/VPR registers. */ + tmp = VGAIN8_INDEX(pSmi, VGA_SEQ_INDEX, VGA_SEQ_DATA, 0x21); +-- +2.7.4 + diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index b50807702b..b6652b4e43 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -3198,7 +3198,8 @@ This driver is intended for ATI Rage 128 based cards.") ".tar.bz2")) (sha256 (base32 - "1g2r6gxqrmjdff95d42msxdw6vmkg2zn5sqv0rxd420iwy8wdwyh")))) + "1g2r6gxqrmjdff95d42msxdw6vmkg2zn5sqv0rxd420iwy8wdwyh")) + (patches (search-patches "xf86-video-siliconmotion-fix-ftbfs.patch")))) (build-system gnu-build-system) (inputs `(("xorg-server" ,xorg-server))) (native-inputs `(("pkg-config" ,pkg-config))) -- cgit 1.4.1 From cc81f1c3495e81cc738b486e1ef2b4a1dbe99e28 Mon Sep 17 00:00:00 2001 From: Thomas Danckaert Date: Wed, 16 Aug 2017 21:49:17 +0200 Subject: gnu: freerdp: Revert to version 1.1. * gnu/packages/rdesktop.scm (freerdp) [version, source]: Revert to upstream branch 1.1. [inputs]: Use ffmpeg-2.8. * gnu/packages/gnome.scm (vinagre): Add patches required to build against freerdp branch 1.1. * gnu/packages/patches/vinagre-revert-1.patch, gnu/packages/patches/vinagre-revert-2.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/local.mk | 2 + gnu/packages/gnome.scm | 3 + gnu/packages/patches/vinagre-revert-1.patch | 56 ++++ gnu/packages/patches/vinagre-revert-2.patch | 448 ++++++++++++++++++++++++++++ gnu/packages/rdesktop.scm | 95 +++--- 5 files changed, 558 insertions(+), 46 deletions(-) create mode 100644 gnu/packages/patches/vinagre-revert-1.patch create mode 100644 gnu/packages/patches/vinagre-revert-2.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 5e4ef72503..c37d4b2206 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1081,6 +1081,8 @@ dist_patch_DATA = \ %D%/packages/patches/util-linux-tests.patch \ %D%/packages/patches/upower-builddir.patch \ %D%/packages/patches/valgrind-enable-arm.patch \ + %D%/packages/patches/vinagre-revert-1.patch \ + %D%/packages/patches/vinagre-revert-2.patch \ %D%/packages/patches/virglrenderer-CVE-2017-6386.patch \ %D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch \ %D%/packages/patches/vorbis-tools-CVE-2014-9640.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index b362ba5e2d..dab450acb4 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -2123,6 +2123,9 @@ selection and URL hints."))) (uri (string-append "mirror://gnome/sources/" name "/" (version-major+minor version) "/" name "-" version ".tar.xz")) + (patches ; We have to revert 2 commits to build against freerdp 1.1. + (search-patches "vinagre-revert-1.patch" + "vinagre-revert-2.patch")) (sha256 (base32 "10jya3jyrm18nbw3v410gbkc7677bqamax44pzgd3j15randn76d")))) diff --git a/gnu/packages/patches/vinagre-revert-1.patch b/gnu/packages/patches/vinagre-revert-1.patch new file mode 100644 index 0000000000..5a983770b7 --- /dev/null +++ b/gnu/packages/patches/vinagre-revert-1.patch @@ -0,0 +1,56 @@ +Patch taken from Debian: revert changes that prevent building against freerdp +version 1.1 branch. + +From 8ebc0685b85e0d1f70eb00171f2e7712de3d44bd Mon Sep 17 00:00:00 2001 +From: Michael Biebl +Date: Thu, 22 Sep 2016 01:15:55 +0200 +Subject: [PATCH 1/2] Revert "Improve FreeRDP authentication failure handling" + +This reverts commit d7b4f88943e8615d252d27e1efc58cb64a9e1821. +--- + plugins/rdp/vinagre-rdp-tab.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/plugins/rdp/vinagre-rdp-tab.c b/plugins/rdp/vinagre-rdp-tab.c +index b731f9b..8572bc3 100644 +--- a/plugins/rdp/vinagre-rdp-tab.c ++++ b/plugins/rdp/vinagre-rdp-tab.c +@@ -1195,8 +1195,8 @@ open_freerdp (VinagreRdpTab *rdp_tab) + VinagreTab *tab = VINAGRE_TAB (rdp_tab); + GtkWindow *window = GTK_WINDOW (vinagre_tab_get_window (tab)); + gboolean success = TRUE; ++ gboolean authentication_error = FALSE; + gboolean cancelled = FALSE; +- guint authentication_errors = 0; + + priv->events = g_queue_new (); + +@@ -1205,12 +1205,14 @@ open_freerdp (VinagreRdpTab *rdp_tab) + + do + { ++ authentication_error = FALSE; ++ + /* Run FreeRDP session */ + success = freerdp_connect (priv->freerdp_session); + if (!success) + { +- authentication_errors += freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 || +- freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c; ++ authentication_error = freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 || ++ freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c; + + cancelled = freerdp_get_last_error (priv->freerdp_session->context) == 0x2000b; + +@@ -1218,7 +1220,7 @@ open_freerdp (VinagreRdpTab *rdp_tab) + init_freerdp (rdp_tab); + } + } +- while (!success && authentication_errors < 3); ++ while (!success && authentication_error); + + if (!success) + { +-- +2.9.3 + diff --git a/gnu/packages/patches/vinagre-revert-2.patch b/gnu/packages/patches/vinagre-revert-2.patch new file mode 100644 index 0000000000..686ee203e4 --- /dev/null +++ b/gnu/packages/patches/vinagre-revert-2.patch @@ -0,0 +1,448 @@ +Patch taken from Debian: revert changes that prevent building against freerdp +version 1.1 branch. + +From bb1828b6b7eb29bb037bcc687cf10f916ddc7561 Mon Sep 17 00:00:00 2001 +From: Michael Biebl +Date: Thu, 22 Sep 2016 01:18:16 +0200 +Subject: [PATCH 2/2] Revert "Store credentials for RDP" + +This reverts commit 60dea279a24c7f0e398b89a0a60d45e80087ed1d. +--- + plugins/rdp/vinagre-rdp-connection.c | 22 +--- + plugins/rdp/vinagre-rdp-plugin.c | 29 +---- + plugins/rdp/vinagre-rdp-tab.c | 231 +++++++++++++++++------------------ + 3 files changed, 123 insertions(+), 159 deletions(-) + +diff --git a/plugins/rdp/vinagre-rdp-connection.c b/plugins/rdp/vinagre-rdp-connection.c +index f0ff02b..c5f6ed1 100644 +--- a/plugins/rdp/vinagre-rdp-connection.c ++++ b/plugins/rdp/vinagre-rdp-connection.c +@@ -127,25 +127,9 @@ rdp_parse_item (VinagreConnection *conn, xmlNode *root) + static void + rdp_parse_options_widget (VinagreConnection *conn, GtkWidget *widget) + { +- const gchar *text; +- GtkWidget *u_entry, *d_entry, *spin_button, *scaling_button; +- gboolean scaling; +- guint width, height; +- +- d_entry = g_object_get_data (G_OBJECT (widget), "domain_entry"); +- if (!d_entry) +- { +- g_warning ("Wrong widget passed to rdp_parse_options_widget()"); +- return; +- } +- +- text = gtk_entry_get_text (GTK_ENTRY (d_entry)); +- vinagre_cache_prefs_set_string ("rdp-connection", "domain", text); +- +- g_object_set (conn, +- "domain", text != NULL && *text != '\0' ? text : NULL, +- NULL); +- ++ GtkWidget *u_entry, *spin_button, *scaling_button; ++ gboolean scaling; ++ guint width, height; + + u_entry = g_object_get_data (G_OBJECT (widget), "username_entry"); + if (!u_entry) +diff --git a/plugins/rdp/vinagre-rdp-plugin.c b/plugins/rdp/vinagre-rdp-plugin.c +index 4751102..f41da37 100644 +--- a/plugins/rdp/vinagre-rdp-plugin.c ++++ b/plugins/rdp/vinagre-rdp-plugin.c +@@ -100,7 +100,7 @@ vinagre_rdp_plugin_init (VinagreRdpPlugin *plugin) + static GtkWidget * + impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn) + { +- GtkWidget *grid, *label, *u_entry, *d_entry, *spin_button, *check; ++ GtkWidget *grid, *label, *u_entry, *spin_button, *check; + gchar *str; + gint width, height; + +@@ -146,29 +146,10 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn) + g_free (str); + + +- label = gtk_label_new_with_mnemonic (_("_Domain:")); +- gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5); +- gtk_grid_attach (GTK_GRID (grid), label, 0, 3, 1, 1); +- gtk_widget_set_margin_left (label, 12); +- +- d_entry = gtk_entry_new (); +- /* Translators: This is the tooltip for the domain field in a RDP connection */ +- gtk_widget_set_tooltip_text (d_entry, _("Optional.")); +- g_object_set_data (G_OBJECT (grid), "domain_entry", d_entry); +- gtk_grid_attach (GTK_GRID (grid), d_entry, 1, 3, 1, 1); +- gtk_label_set_mnemonic_widget (GTK_LABEL (label), d_entry); +- str = g_strdup (VINAGRE_IS_CONNECTION (conn) ? +- vinagre_connection_get_domain (conn) : +- vinagre_cache_prefs_get_string ("rdp-connection", "domain", "")); +- gtk_entry_set_text (GTK_ENTRY (d_entry), str); +- gtk_entry_set_activates_default (GTK_ENTRY (d_entry), TRUE); +- g_free (str); +- +- + /* Host width */ + label = gtk_label_new_with_mnemonic (_("_Width:")); + gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5); +- gtk_grid_attach (GTK_GRID (grid), label, 0, 4, 1, 1); ++ gtk_grid_attach (GTK_GRID (grid), label, 0, 3, 1, 1); + gtk_widget_set_margin_left (label, 12); + + spin_button = gtk_spin_button_new_with_range (MIN_SIZE, MAX_SIZE, 1); +@@ -176,7 +157,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn) + gtk_widget_set_tooltip_text (spin_button, _("Set width of the remote desktop")); + gtk_spin_button_set_value (GTK_SPIN_BUTTON (spin_button), DEFAULT_WIDTH); + g_object_set_data (G_OBJECT (grid), "width_spin_button", spin_button); +- gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 4, 1, 1); ++ gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 3, 1, 1); + gtk_label_set_mnemonic_widget (GTK_LABEL (label), spin_button); + width = VINAGRE_IS_CONNECTION (conn) ? + vinagre_connection_get_width (conn) : +@@ -188,7 +169,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn) + /* Host height */ + label = gtk_label_new_with_mnemonic (_("_Height:")); + gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5); +- gtk_grid_attach (GTK_GRID (grid), label, 0, 5, 1, 1); ++ gtk_grid_attach (GTK_GRID (grid), label, 0, 4, 1, 1); + gtk_widget_set_margin_left (label, 12); + + spin_button = gtk_spin_button_new_with_range (MIN_SIZE, MAX_SIZE, 1); +@@ -196,7 +177,7 @@ impl_get_connect_widget (VinagreProtocol *plugin, VinagreConnection *conn) + gtk_widget_set_tooltip_text (spin_button, _("Set height of the remote desktop")); + gtk_spin_button_set_value (GTK_SPIN_BUTTON (spin_button), DEFAULT_HEIGHT); + g_object_set_data (G_OBJECT (grid), "height_spin_button", spin_button); +- gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 5, 1, 1); ++ gtk_grid_attach (GTK_GRID (grid), spin_button, 1, 4, 1, 1); + gtk_label_set_mnemonic_widget (GTK_LABEL (label), spin_button); + height = VINAGRE_IS_CONNECTION (conn) ? + vinagre_connection_get_height (conn) : +diff --git a/plugins/rdp/vinagre-rdp-tab.c b/plugins/rdp/vinagre-rdp-tab.c +index 8572bc3..f3d9c08 100644 +--- a/plugins/rdp/vinagre-rdp-tab.c ++++ b/plugins/rdp/vinagre-rdp-tab.c +@@ -70,8 +70,6 @@ struct _VinagreRdpTabPrivate + gboolean scaling; + double scale; + double offset_x, offset_y; +- +- guint authentication_attempts; + }; + + G_DEFINE_TYPE (VinagreRdpTab, vinagre_rdp_tab, VINAGRE_TYPE_TAB) +@@ -611,7 +609,6 @@ frdp_post_connect (freerdp *instance) + 0, 0, + gdi->width, gdi->height); + +- vinagre_tab_save_credentials_in_keyring (VINAGRE_TAB (rdp_tab)); + vinagre_tab_add_recent_used (VINAGRE_TAB (rdp_tab)); + vinagre_tab_set_state (VINAGRE_TAB (rdp_tab), VINAGRE_TAB_STATE_CONNECTED); + +@@ -862,76 +859,114 @@ frdp_mouse_moved (GtkWidget *widget, + return TRUE; + } + ++static void ++entry_text_changed_cb (GtkEntry *entry, ++ GtkBuilder *builder) ++{ ++ const gchar *text; ++ GtkWidget *widget; ++ gsize username_length; ++ gsize password_length; ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "username_entry")); ++ text = gtk_entry_get_text (GTK_ENTRY (widget)); ++ username_length = strlen (text); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "password_entry")); ++ text = gtk_entry_get_text (GTK_ENTRY (widget)); ++ password_length = strlen (text); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "ok_button")); ++ gtk_widget_set_sensitive (widget, password_length > 0 && username_length > 0); ++} ++ + static gboolean + frdp_authenticate (freerdp *instance, + char **username, + char **password, + char **domain) + { +- VinagreTab *tab = VINAGRE_TAB (((frdpContext *) instance->context)->rdp_tab); +- VinagreRdpTab *rdp_tab = VINAGRE_RDP_TAB (tab); +- VinagreRdpTabPrivate *priv = rdp_tab->priv; +- VinagreConnection *conn = vinagre_tab_get_conn (tab); +- GtkWindow *window = GTK_WINDOW (vinagre_tab_get_window (tab)); +- gboolean save_in_keyring = FALSE; +- gchar *keyring_domain = NULL; +- gchar *keyring_username = NULL; +- gchar *keyring_password = NULL; ++ VinagreTab *tab = VINAGRE_TAB (((frdpContext *) instance->context)->rdp_tab); ++ VinagreConnection *conn = vinagre_tab_get_conn (tab); ++ const gchar *user_name; ++ const gchar *domain_name; ++ GtkBuilder *builder; ++ GtkWidget *dialog; ++ GtkWidget *widget; ++ GtkWidget *username_entry; ++ GtkWidget *password_entry; ++ GtkWidget *domain_entry; ++ gboolean save_credential_check_visible; ++ gboolean domain_label_visible; ++ gboolean domain_entry_visible; ++ gint response; + +- priv->authentication_attempts++; ++ builder = vinagre_utils_get_builder (); + +- if (priv->authentication_attempts == 1) +- { +- vinagre_tab_find_credentials_in_keyring (tab, &keyring_domain, &keyring_username, &keyring_password); +- if (keyring_password != NULL && keyring_username != NULL) +- { +- *domain = keyring_domain; +- *username = keyring_username; +- *password = keyring_password; ++ dialog = GTK_WIDGET (gtk_builder_get_object (builder, "auth_required_dialog")); ++ gtk_window_set_modal ((GtkWindow *) dialog, TRUE); ++ gtk_window_set_transient_for ((GtkWindow *) dialog, GTK_WINDOW (vinagre_tab_get_window (tab))); + +- return TRUE; +- } +- else +- { +- g_free (keyring_domain); +- g_free (keyring_username); +- g_free (keyring_password); +- } ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "host_label")); ++ gtk_label_set_text (GTK_LABEL (widget), vinagre_connection_get_host (conn)); ++ ++ username_entry = GTK_WIDGET (gtk_builder_get_object (builder, "username_entry")); ++ password_entry = GTK_WIDGET (gtk_builder_get_object (builder, "password_entry")); ++ domain_entry = GTK_WIDGET (gtk_builder_get_object (builder, "domain_entry")); ++ ++ if (*username != NULL && *username[0] != '\0') ++ { ++ gtk_entry_set_text (GTK_ENTRY (username_entry), *username); ++ gtk_widget_grab_focus (password_entry); + } + +- if (vinagre_utils_request_credential (window, +- "RDP", +- vinagre_connection_get_host (conn), +- vinagre_connection_get_domain (conn), +- vinagre_connection_get_username (conn), +- TRUE, +- TRUE, +- TRUE, +- 20, +- domain, +- username, +- password, +- &save_in_keyring)) ++ g_signal_connect (username_entry, "changed", G_CALLBACK (entry_text_changed_cb), builder); ++ g_signal_connect (password_entry, "changed", G_CALLBACK (entry_text_changed_cb), builder); ++ ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "save_credential_check")); ++ save_credential_check_visible = gtk_widget_get_visible (widget); ++ gtk_widget_set_visible (widget, FALSE); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "domain_label")); ++ domain_label_visible = gtk_widget_get_visible (widget); ++ gtk_widget_set_visible (widget, TRUE); ++ ++ domain_entry_visible = gtk_widget_get_visible (domain_entry); ++ gtk_widget_set_visible (domain_entry, TRUE); ++ ++ ++ response = gtk_dialog_run (GTK_DIALOG (dialog)); ++ gtk_widget_hide (dialog); ++ ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "save_credential_check")); ++ gtk_widget_set_visible (widget, save_credential_check_visible); ++ ++ widget = GTK_WIDGET (gtk_builder_get_object (builder, "domain_label")); ++ gtk_widget_set_visible (widget, domain_label_visible); ++ ++ gtk_widget_set_visible (domain_entry, domain_entry_visible); ++ ++ ++ if (response == GTK_RESPONSE_OK) + { +- if (*domain && **domain != '\0') +- vinagre_connection_set_domain (conn, *domain); ++ domain_name = gtk_entry_get_text (GTK_ENTRY (domain_entry)); ++ if (g_strcmp0 (*domain, domain_name) != 0) ++ *domain = g_strdup (domain_name); + +- if (*username && **username != '\0') +- vinagre_connection_set_username (conn, *username); ++ user_name = gtk_entry_get_text (GTK_ENTRY (username_entry)); ++ if (g_strcmp0 (*username, user_name) != 0) ++ *username = g_strdup (user_name); + +- if (*password && **password != '\0') +- vinagre_connection_set_password (conn, *password); ++ *password = g_strdup (gtk_entry_get_text (GTK_ENTRY (password_entry))); + +- vinagre_tab_set_save_credentials (tab, save_in_keyring); ++ return TRUE; + } + else + { +- vinagre_tab_remove_from_notebook (tab); +- + return FALSE; + } +- +- return TRUE; + } + + static BOOL +@@ -1028,25 +1063,30 @@ frdp_changed_certificate_verify (freerdp *instance, + #endif + + static void +-init_freerdp (VinagreRdpTab *rdp_tab) ++open_freerdp (VinagreRdpTab *rdp_tab) + { + VinagreRdpTabPrivate *priv = rdp_tab->priv; +- rdpSettings *settings; + VinagreTab *tab = VINAGRE_TAB (rdp_tab); + VinagreConnection *conn = vinagre_tab_get_conn (tab); +- gboolean scaling; +- gchar *hostname; +- gint width, height; +- gint port; ++ rdpSettings *settings; ++ GtkWindow *window = GTK_WINDOW (vinagre_tab_get_window (tab)); ++ gboolean success = TRUE; ++ gboolean fullscreen, scaling; ++ gchar *hostname, *username; ++ gint port, width, height; + + g_object_get (conn, + "port", &port, + "host", &hostname, + "width", &width, + "height", &height, ++ "fullscreen", &fullscreen, + "scaling", &scaling, ++ "username", &username, + NULL); + ++ priv->events = g_queue_new (); ++ + /* Setup FreeRDP session */ + priv->freerdp_session = freerdp_new (); + priv->freerdp_session->PreConnect = frdp_pre_connect; +@@ -1111,6 +1151,17 @@ init_freerdp (VinagreRdpTab *rdp_tab) + settings->port = port; + #endif + ++ /* Set username */ ++ username = g_strstrip (username); ++ if (username != NULL && username[0] != '\0') ++ { ++#if HAVE_FREERDP_1_1 ++ settings->Username = g_strdup (username); ++#else ++ settings->username = g_strdup (username); ++#endif ++ } ++ + /* Set keyboard layout */ + #if HAVE_FREERDP_1_1 + freerdp_keyboard_init (KBD_US); +@@ -1120,24 +1171,6 @@ init_freerdp (VinagreRdpTab *rdp_tab) + + /* Allow font smoothing by default */ + settings->AllowFontSmoothing = TRUE; +-} +- +-static void +-init_display (VinagreRdpTab *rdp_tab) +-{ +- VinagreRdpTabPrivate *priv = rdp_tab->priv; +- VinagreTab *tab = VINAGRE_TAB (rdp_tab); +- VinagreConnection *conn = vinagre_tab_get_conn (tab); +- GtkWindow *window = GTK_WINDOW (vinagre_tab_get_window (tab)); +- gboolean fullscreen, scaling; +- gint width, height; +- +- g_object_get (conn, +- "width", &width, +- "height", &height, +- "fullscreen", &fullscreen, +- "scaling", &scaling, +- NULL); + + /* Setup display for FreeRDP session */ + priv->display = gtk_drawing_area_new (); +@@ -1186,54 +1219,20 @@ init_display (VinagreRdpTab *rdp_tab) + priv->key_release_handler_id = g_signal_connect (GTK_WIDGET (tab), "key-release-event", + G_CALLBACK (frdp_key_pressed), + rdp_tab); +-} +- +-static void +-open_freerdp (VinagreRdpTab *rdp_tab) +-{ +- VinagreRdpTabPrivate *priv = rdp_tab->priv; +- VinagreTab *tab = VINAGRE_TAB (rdp_tab); +- GtkWindow *window = GTK_WINDOW (vinagre_tab_get_window (tab)); +- gboolean success = TRUE; +- gboolean authentication_error = FALSE; +- gboolean cancelled = FALSE; +- +- priv->events = g_queue_new (); +- +- init_freerdp (rdp_tab); +- init_display (rdp_tab); +- +- do +- { +- authentication_error = FALSE; + +- /* Run FreeRDP session */ +- success = freerdp_connect (priv->freerdp_session); +- if (!success) +- { +- authentication_error = freerdp_get_last_error (priv->freerdp_session->context) == 0x20009 || +- freerdp_get_last_error (priv->freerdp_session->context) == 0x2000c; +- +- cancelled = freerdp_get_last_error (priv->freerdp_session->context) == 0x2000b; +- +- freerdp_free (priv->freerdp_session); +- init_freerdp (rdp_tab); +- } +- } +- while (!success && authentication_error); ++ /* Run FreeRDP session */ ++ success = freerdp_connect (priv->freerdp_session); + + if (!success) + { + gtk_window_unfullscreen (window); +- if (!cancelled) +- vinagre_utils_show_error_dialog (_("Error connecting to host."), +- NULL, +- window); ++ vinagre_utils_show_error_dialog (_("Error connecting to host."), ++ NULL, ++ window); + g_idle_add ((GSourceFunc) idle_close, rdp_tab); + } + else + { +- priv->authentication_attempts = 0; + priv->update_id = g_idle_add ((GSourceFunc) update, rdp_tab); + } + } +-- +2.9.3 + diff --git a/gnu/packages/rdesktop.scm b/gnu/packages/rdesktop.scm index 7946cde790..7c2b8911b7 100644 --- a/gnu/packages/rdesktop.scm +++ b/gnu/packages/rdesktop.scm @@ -70,51 +70,54 @@ to remotely control a user's Windows desktop.") (license license:gpl3+))) (define-public freerdp - (package - (name "freerdp") - (version "2.0.0-rc0") - (source (origin - (method url-fetch) - (uri (string-append "https://github.com/FreeRDP/FreeRDP/archive/" - version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) - (sha256 - (base32 "0r36zwhl7fhmdng5pvl2a106gqbcqq184g2i2klz6ilna8pxjcml")))) - (build-system cmake-build-system) - (native-inputs - `(("pkg-config" ,pkg-config) - ("xmlto" ,xmlto))) - (inputs - `(("libx11" ,libx11) - ("libxkbfile" ,libxkbfile) - ("libxcursor" ,libxcursor) - ("libxext" ,libxext) - ("libxi" ,libxi) - ("libxv" ,libxv) - ("libxrandr" ,libxrandr) - ("libxrender" ,libxrender) - ("libxinerama" ,libxinerama) - ("libxshmfence" ,libxshmfence) - ("libxml2" ,libxml2) - ("libxslt" ,libxslt) - ("cups" ,cups) - ("ffmpeg" ,ffmpeg) - ("pulseaudio" ,pulseaudio) - ("alsa-lib" ,alsa-lib) - ("gstreamer" ,gstreamer) - ("gst-plugins-base" ,gst-plugins-base) - ("zlib" ,zlib) - ("openssl" ,openssl))) - (arguments - `(#:configure-flags - '("-DCMAKE_INSTALL_LIBDIR=lib" - "-DWITH_PULSE=ON" - "-DWITH_CUPS=ON") - #:tests? #f)) ; no 'test' target - (home-page "https://www.freerdp.com") - (synopsis "Remote Desktop Protocol implementation") - (description "FreeRDP implements Microsoft's Remote Desktop Protocol. It -consists of the @code{xfreerdp} client, libraries for client and server + (let ((commit "03ab68318966c3a22935a02838daaea7b7fbe96c")) + (package + (name "freerdp") + (version (git-version "1.1" "1" commit)) + (source (origin + (method git-fetch) + (uri (git-reference + ;; We need the 1.1 branch for RDP support in vinagre. + (url "git://github.com/FreeRDP/FreeRDP.git") + (commit commit))) + (file-name (git-file-name name version)) + (sha256 + (base32 "07ish8rmvbk2zd99k91qybmmh5h4afly75l5kbvslhq1r6k8pbmp")))) + (build-system cmake-build-system) + (native-inputs + `(("pkg-config" ,pkg-config) + ("xmlto" ,xmlto))) + (inputs + `(("libx11" ,libx11) + ("libxkbfile" ,libxkbfile) + ("libxcursor" ,libxcursor) + ("libxext" ,libxext) + ("libxi" ,libxi) + ("libxv" ,libxv) + ("libxrandr" ,libxrandr) + ("libxrender" ,libxrender) + ("libxinerama" ,libxinerama) + ("libxshmfence" ,libxshmfence) + ("libxml2" ,libxml2) + ("libxslt" ,libxslt) + ("cups" ,cups) + ("ffmpeg" ,ffmpeg-2.8) + ("pulseaudio" ,pulseaudio) + ("alsa-lib" ,alsa-lib) + ("gstreamer" ,gstreamer) + ("gst-plugins-base" ,gst-plugins-base) + ("zlib" ,zlib) + ("openssl" ,openssl))) + (arguments + `(#:configure-flags + '("-DCMAKE_INSTALL_LIBDIR=lib" + "-DWITH_PULSE=ON" + "-DWITH_CUPS=ON") + #:tests? #f)) ; no 'test' target + (home-page "https://www.freerdp.com") + (synopsis "Remote Desktop Protocol implementation") + (description "FreeRDP implements Microsoft's Remote Desktop Protocol. +It consists of the @code{xfreerdp} client, libraries for client and server functionality, and Windows Portable Runtime (WinPR), a portable implementation of parts of the Windows API.") - (license license:asl2.0))) + (license license:asl2.0)))) -- cgit 1.4.1 From d9f15d7e48bc7c361b8a88849542d9f5d7442126 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 18 Aug 2017 16:33:04 -0400 Subject: gnu: newsbeuter: Fix CVE-2017-12904. * gnu/packages/patches/newsbeuter-CVE-2017-12904.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/syndication.scm (newsbeuter)[source]: Use it. --- gnu/local.mk | 1 + .../patches/newsbeuter-CVE-2017-12904.patch | 34 ++++++++++++++++++++++ gnu/packages/syndication.scm | 2 ++ 3 files changed, 37 insertions(+) create mode 100644 gnu/packages/patches/newsbeuter-CVE-2017-12904.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index c37d4b2206..8e4e29bdde 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -879,6 +879,7 @@ dist_patch_DATA = \ %D%/packages/patches/netsurf-system-utf8proc.patch \ %D%/packages/patches/netsurf-y2038-tests.patch \ %D%/packages/patches/netsurf-longer-test-timeout.patch \ + %D%/packages/patches/newsbeuter-CVE-2017-12904.patch \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/ninja-zero-mtime.patch \ %D%/packages/patches/node-9077.patch \ diff --git a/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch b/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch new file mode 100644 index 0000000000..8e90502469 --- /dev/null +++ b/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch @@ -0,0 +1,34 @@ +Fix CVE-2017-12904: + +https://github.com/akrennmair/newsbeuter/issues/591 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12904 + +Patch copied from the Debian package of newsbeuter, version 2.9-5+deb9u1. + +Adapted from upstream source repository: + +https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 + +Description: Fix a RCE vulnerability in the bookmark command + Newsbeuter didn't properly escape the title and description fields before + passing them to the bookmarking program which could lead to remote code + execution using the shells command substitution functionality (e.g. "$()", ``, + etc) + +Origin: upstream, https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 +Last-Update: 2017-08-18 + +--- newsbeuter-2.9.orig/src/controller.cpp ++++ newsbeuter-2.9/src/controller.cpp +@@ -1274,9 +1274,10 @@ std::string controller::bookmark(const s + std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd"); + bool is_interactive = cfg.get_configvalue_as_bool("bookmark-interactive"); + if (bookmark_cmd.length() > 0) { +- std::string cmdline = utils::strprintf("%s '%s' %s %s", ++ std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'", + bookmark_cmd.c_str(), utils::replace_all(url,"'", "%27").c_str(), +- stfl::quote(title).c_str(), stfl::quote(description).c_str()); ++ utils::replace_all(title,"'", "%27").c_str(), ++ utils::replace_all(description,"'", "%27").c_str()); + + LOG(LOG_DEBUG, "controller::bookmark: cmd = %s", cmdline.c_str()); diff --git a/gnu/packages/syndication.scm b/gnu/packages/syndication.scm index f434006656..80c45c396c 100644 --- a/gnu/packages/syndication.scm +++ b/gnu/packages/syndication.scm @@ -18,6 +18,7 @@ #:use-module (guix download) #:use-module (guix packages) #:use-module (guix build-system gnu) + #:use-module (gnu packages) #:use-module (gnu packages curl) #:use-module (gnu packages databases) #:use-module (gnu packages gettext) @@ -37,6 +38,7 @@ (method url-fetch) (uri (string-append "https://newsbeuter.org/downloads/newsbeuter-" version ".tar.gz")) + (patches (search-patches "newsbeuter-CVE-2017-12904.patch")) (sha256 (base32 "1j1x0hgwxz11dckk81ncalgylj5y5fgw5bcmp9qb5hq9kc0vza3l")))) -- cgit 1.4.1 From b7585ca3b92c16986fcf84f1cb3f00e29c4b090d Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sat, 19 Aug 2017 00:09:31 +0200 Subject: gnu: lz4: Update to 1.8.0. * gnu/packages/compression.scm (lz4): Update to 1.8.0. Fix typo in comment. [source]: Remove patch. * gnu/packages/patches/lz4-fix-test-failures.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/compression.scm | 7 +- gnu/packages/patches/lz4-fix-test-failures.patch | 136 ----------------------- 3 files changed, 3 insertions(+), 141 deletions(-) delete mode 100644 gnu/packages/patches/lz4-fix-test-failures.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 8e4e29bdde..2d49b1e974 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -842,7 +842,6 @@ dist_patch_DATA = \ %D%/packages/patches/lvm2-static-link.patch \ %D%/packages/patches/lxsession-use-gapplication.patch \ %D%/packages/patches/lxterminal-CVE-2016-10369.patch \ - %D%/packages/patches/lz4-fix-test-failures.patch \ %D%/packages/patches/make-impure-dirs.patch \ %D%/packages/patches/mars-install.patch \ %D%/packages/patches/mars-sfml-2.3.patch \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 30838e04a5..0a2cda84fb 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -708,16 +708,15 @@ writing of compressed data created with the zlib and bzip2 libraries.") (define-public lz4 (package (name "lz4") - (version "1.7.5") + (version "1.8.0") (source (origin (method url-fetch) (uri (string-append "https://github.com/lz4/lz4/archive/" "v" version ".tar.gz")) - (patches (search-patches "lz4-fix-test-failures.patch")) (sha256 (base32 - "0zkykqqjfa1q3ji0qmb1ml3l9063qqfh99agyj3cnb02cg6wm401")) + "1xnckwwah74gl98gylf1b00vk4km1d8sgd8865h07ccvgbm8591c")) (file-name (string-append name "-" version ".tar.gz")))) (build-system gnu-build-system) (native-inputs `(("valgrind" ,valgrind))) ; for tests @@ -735,7 +734,7 @@ compression speed at 400 MB/s per core (0.16 Bytes/cycle). It also features an extremely fast decoder, with speed in multiple GB/s per core (0.71 Bytes/cycle). A high compression derivative, called LZ4_HC, is also provided. It trades CPU time for compression ratio.") - ;; The libraries (lz4, lz4hc, and xxhash are BSD licenced. The command + ;; The libraries (lz4, lz4hc, and xxhash) are BSD licenced. The command ;; line interface programs (lz4, fullbench, fuzzer, datagen) are GPL2+. (license (list license:bsd-2 license:gpl2+)))) diff --git a/gnu/packages/patches/lz4-fix-test-failures.patch b/gnu/packages/patches/lz4-fix-test-failures.patch deleted file mode 100644 index d38357d402..0000000000 --- a/gnu/packages/patches/lz4-fix-test-failures.patch +++ /dev/null @@ -1,136 +0,0 @@ -These two patches fix some bugs in lz4's test suite: - -https://github.com/lz4/lz4/issues/308 - -Patches copied from upstream source repository: - -https://github.com/lz4/lz4/commit/b89cac7b2e92b792af98bb0a12e4d14684d07629 -https://github.com/lz4/lz4/commit/0dfb0b9dad2a8cb7cc347d2139bf9b84de7e1481 - -From b89cac7b2e92b792af98bb0a12e4d14684d07629 Mon Sep 17 00:00:00 2001 -From: Eric Siegerman -Date: Tue, 14 Feb 2017 14:17:06 -0500 -Subject: [PATCH] Don't use "foo && false || true" - -Replace it with either: - test ! -f $FILE_THAT_SHOULD_NOT_EXIST -or: - ! $COMMAND_THAT_SHOULD_FAIL - -as appropriate. ---- - tests/Makefile | 38 +++++++++++++++++++------------------- - 1 file changed, 19 insertions(+), 19 deletions(-) - -diff --git a/tests/Makefile b/tests/Makefile -index 77e6ae7..ebab278 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -236,17 +236,17 @@ test-lz4-basic: lz4 datagen unlz4 lz4cat - ./datagen -g256MB | $(LZ4) -vqB4D | $(LZ4) -t - @echo "hello world" > tmp - $(LZ4) --rm -f tmp -- ls -ls tmp && false || true # must fail (--rm) -- ls -ls tmp.lz4 -- $(PRGDIR)/lz4cat tmp.lz4 # must display hello world -- ls -ls tmp.lz4 -+ test ! -f tmp # must fail (--rm) -+ test -f tmp.lz4 -+ $(PRGDIR)/lz4cat tmp.lz4 # must display hello world -+ test -f tmp.lz4 - $(PRGDIR)/unlz4 --rm tmp.lz4 -- ls -ls tmp -- ls -ls tmp.lz4 && false || true # must fail (--rm) -- ls -ls tmp.lz4.lz4 && false || true # must fail (unlz4) -- $(PRGDIR)/lz4cat tmp # pass-through mode -- ls -ls tmp -- ls -ls tmp.lz4 && false || true # must fail (lz4cat) -+ test -f tmp -+ test ! -f tmp.lz4 # must fail (--rm) -+ test ! -f tmp.lz4.lz4 # must fail (unlz4) -+ $(PRGDIR)/lz4cat tmp # pass-through mode -+ test -f tmp -+ test ! -f tmp.lz4 # must fail (lz4cat) - $(LZ4) tmp # creates tmp.lz4 - $(PRGDIR)/lz4cat < tmp.lz4 > tmp3 # checks lz4cat works with stdin (#285) - $(DIFF) -q tmp tmp3 -@@ -262,22 +262,22 @@ test-lz4-hugefile: lz4 datagen - - test-lz4-testmode: lz4 datagen - @echo "\n ---- bench mode ----" -- $(LZ4) -bi1 -+ $(LZ4) -bi1 - @echo "\n ---- test mode ----" -- ./datagen | $(LZ4) -t && false || true -- ./datagen | $(LZ4) -tf && false || true -+ ! ./datagen | $(LZ4) -t -+ ! ./datagen | $(LZ4) -tf - @echo "\n ---- pass-through mode ----" -- ./datagen | $(LZ4) -d > $(VOID) && false || true -- ./datagen | $(LZ4) -df > $(VOID) -+ ! ./datagen | $(LZ4) -d > $(VOID) -+ ./datagen | $(LZ4) -df > $(VOID) - @echo "Hello World !" > tmp1 - $(LZ4) -dcf tmp1 - @echo "from underground..." > tmp2 - $(LZ4) -dcfm tmp1 tmp2 - @echo "\n ---- test cli ----" -- $(LZ4) file-does-not-exist && false || true -- $(LZ4) -f file-does-not-exist && false || true -- $(LZ4) -fm file1-dne file2-dne && false || true -- $(LZ4) -fm file1-dne file2-dne && false || true -+ ! $(LZ4) file-does-not-exist -+ ! $(LZ4) -f file-does-not-exist -+ ! $(LZ4) -fm file1-dne file2-dne -+ ! $(LZ4) -fm file1-dne file2-dne - - test-lz4-opt-parser: lz4 datagen - @echo "\n ---- test opt-parser ----" --- -2.12.2 - -From 0dfb0b9dad2a8cb7cc347d2139bf9b84de7e1481 Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" -Date: Sun, 5 Mar 2017 23:20:10 +0000 -Subject: [PATCH] Fix test-lz4-basic - -When no output filename is specified and stdout is not a terminal, -lz4 doesn't attempt to guess an output filename and uses stdout for -output. - -This change fixes test-lz4-basic when run without a terminal -by specifying output filenames. ---- - tests/Makefile | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tests/Makefile b/tests/Makefile -index ebab278..d68c700 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -235,19 +235,19 @@ test-lz4-basic: lz4 datagen unlz4 lz4cat - ./datagen -g33M | $(LZ4) --no-frame-crc | $(LZ4) -t - ./datagen -g256MB | $(LZ4) -vqB4D | $(LZ4) -t - @echo "hello world" > tmp -- $(LZ4) --rm -f tmp -+ $(LZ4) --rm -f tmp tmp.lz4 - test ! -f tmp # must fail (--rm) - test -f tmp.lz4 - $(PRGDIR)/lz4cat tmp.lz4 # must display hello world - test -f tmp.lz4 -- $(PRGDIR)/unlz4 --rm tmp.lz4 -+ $(PRGDIR)/unlz4 --rm tmp.lz4 tmp - test -f tmp - test ! -f tmp.lz4 # must fail (--rm) - test ! -f tmp.lz4.lz4 # must fail (unlz4) - $(PRGDIR)/lz4cat tmp # pass-through mode - test -f tmp - test ! -f tmp.lz4 # must fail (lz4cat) -- $(LZ4) tmp # creates tmp.lz4 -+ $(LZ4) tmp tmp.lz4 # creates tmp.lz4 - $(PRGDIR)/lz4cat < tmp.lz4 > tmp3 # checks lz4cat works with stdin (#285) - $(DIFF) -q tmp tmp3 - $(PRGDIR)/lz4cat < tmp > tmp2 # checks lz4cat works with stdin (#285) --- -2.12.2 - -- cgit 1.4.1 From 6d7d9d9507484773eff697a01f422ea984936373 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sat, 19 Aug 2017 11:39:33 -0400 Subject: gnu: graphicsmagick: Fix CVE-2017-{12935,12936,12937}. * gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch, gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch, gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Use them. --- gnu/local.mk | 3 +++ gnu/packages/imagemagick.scm | 6 ++++- .../patches/graphicsmagick-CVE-2017-12935.patch | 28 ++++++++++++++++++++++ .../patches/graphicsmagick-CVE-2017-12936.patch | 16 +++++++++++++ .../patches/graphicsmagick-CVE-2017-12937.patch | 28 ++++++++++++++++++++++ 5 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2d49b1e974..1c6158cbfc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -679,6 +679,9 @@ dist_patch_DATA = \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-12935.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-12936.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ %D%/packages/patches/gsl-test-i686.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 8e17307543..3bd705fa2f 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -175,7 +175,11 @@ script.") "/GraphicsMagick-" version ".tar.xz"))) (sha256 (base32 - "122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v")))) + "122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v")) + (patches + (search-patches "graphicsmagick-CVE-2017-12935.patch" + "graphicsmagick-CVE-2017-12936.patch" + "graphicsmagick-CVE-2017-12937.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch new file mode 100644 index 0000000000..2cb3d46f62 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch @@ -0,0 +1,28 @@ +This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188. + +diff -ur a/coders/png.c b/coders/png.c +--- a/coders/png.c 2017-07-04 17:32:08.000000000 -0400 ++++ b/coders/png.c 2017-08-19 11:16:20.933969362 -0400 +@@ -4101,11 +4101,17 @@ + mng_info->image=image; + } + +- if ((mng_info->mng_width > 65535L) || (mng_info->mng_height +- > 65535L)) +- (void) ThrowException(&image->exception,ImageError, +- WidthOrHeightExceedsLimit, +- image->filename); ++ if ((mng_info->mng_width > 65535L) || ++ (mng_info->mng_height > 65535L)) ++ { ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " MNG width or height is too large: %lu, %lu", ++ mng_info->mng_width,mng_info->mng_height); ++ MagickFreeMemory(chunk); ++ ThrowReaderException(CorruptImageError, ++ ImproperImageHeader,image); ++ } ++ + FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width, + mng_info->mng_height); + mng_info->frame.left=0; diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch new file mode 100644 index 0000000000..7036f37438 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch @@ -0,0 +1,16 @@ +This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd. + +diff -ur a/coders/wmf.c b/coders/wmf.c +--- a/coders/wmf.c 2016-09-05 15:20:23.000000000 -0400 ++++ b/coders/wmf.c 2017-08-19 10:38:08.984187264 -0400 +@@ -2719,8 +2719,8 @@ + if(image->exception.severity != UndefinedException) + ThrowException2(exception, + CoderWarning, +- ddata->image->exception.reason, +- ddata->image->exception.description); ++ image->exception.reason, ++ image->exception.description); + + if(logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(),"leave ReadWMFImage()"); diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch new file mode 100644 index 0000000000..71af9ffe59 --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch @@ -0,0 +1,28 @@ +This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978. + +diff -ur a/coders/sun.c b/coders/sun.c +--- a/coders/sun.c 2016-05-30 13:19:54.000000000 -0400 ++++ b/coders/sun.c 2017-08-18 18:00:00.191023610 -0400 +@@ -1,5 +1,5 @@ + /* +-% Copyright (C) 2003-2015 GraphicsMagick Group ++% Copyright (C) 2003-2017 GraphicsMagick Group + % Copyright (C) 2002 ImageMagick Studio + % Copyright 1991-1999 E. I. du Pont de Nemours and Company + % +@@ -577,6 +577,7 @@ + for (bit=7; bit >= 0; bit--) + { + index=((*p) & (0x01 << bit) ? 0x01 : 0x00); ++ VerifyColormapIndex(image,index); + indexes[x+7-bit]=index; + q[x+7-bit]=image->colormap[index]; + } +@@ -587,6 +588,7 @@ + for (bit=7; bit >= (long) (8-(image->columns % 8)); bit--) + { + index=((*p) & (0x01 << bit) ? 0x01 : 0x00); ++ VerifyColormapIndex(image,index); + indexes[x+7-bit]=index; + q[x+7-bit]=image->colormap[index]; + } -- cgit 1.4.1 From e6051057ab926daa19a00a2d8dbd678ecb9be95c Mon Sep 17 00:00:00 2001 From: Ryan Moe Date: Fri, 28 Jul 2017 16:50:37 -0700 Subject: services: Add libvirt services * gnu/services/virtualization.scm: New file. * doc/guix.texi (Virtualization Services): Document it. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Signed-off-by: Christopher Baines --- doc/guix.texi | 709 ++++++++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/virtualization.scm | 492 ++++++++++++++++++++++++++++ 3 files changed, 1202 insertions(+) create mode 100644 gnu/services/virtualization.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index ff306a4575..77435d897b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -228,6 +228,7 @@ Services * Continuous Integration:: The Cuirass service. * Power management Services:: The TLP tool. * Audio Services:: The MPD. +* Virtualization Services:: Virtualization services. * Miscellaneous Services:: Other services. Defining Services @@ -9104,6 +9105,7 @@ declaration. * Continuous Integration:: The Cuirass service. * Power management Services:: The TLP tool. * Audio Services:: The MPD. +* Virtualization Services:: Virtualization services. * Miscellaneous Services:: Other services. @end menu @@ -15838,6 +15840,713 @@ an absolute path can be specified here. @end table @end deftp +@node Virtualization Services +@subsubsection Virtualization services +The @code{(gnu services virtualization)} module provides services for +the libvirt and virtlog daemons. + +@subsubheading Libvirt daemon +@code{libvirtd} is the server side daemon component of the libvirt +virtualization management system. This daemon runs on host servers +and performs required management tasks for virtualized guests. + +@deffn {Scheme Variable} libvirt-service-type +This is the type of the @uref{https://libvirt.org, libvirt daemon}. +Its value must be a @code{libvirt-configuration}. + +@example +(service libvirt-service-type + (libvirt-configuration + (unix-sock-group "libvirt") + (tls-port "16555"))) +@end example +@end deffn + +@c Auto-generated with (generate-libvirt-documentation) +Available @code{libvirt-configuration} fields are: + +@deftypevr {@code{libvirt-configuration} parameter} package libvirt +Libvirt package. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean listen-tls? +Flag listening for secure TLS connections on the public TCP/IP port. +must set @code{listen} for this to have any effect. + +It is necessary to setup a CA and issue server certificates before using +this capability. + +Defaults to @samp{#t}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean listen-tcp? +Listen for unencrypted TCP connections on the public TCP/IP port. must +set @code{listen} for this to have any effect. + +Using the TCP socket requires SASL authentication by default. Only SASL +mechanisms which support data encryption are allowed. This is +DIGEST_MD5 and GSSAPI (Kerberos5) + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string tls-port +Port for accepting secure TLS connections This can be a port number, or +service name + +Defaults to @samp{"16514"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string tcp-port +Port for accepting insecure TCP connections This can be a port number, +or service name + +Defaults to @samp{"16509"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string listen-addr +IP address or hostname used for client connections. + +Defaults to @samp{"0.0.0.0"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean mdns-adv? +Flag toggling mDNS advertisement of the libvirt service. + +Alternatively can disable for all services on a host by stopping the +Avahi daemon. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string mdns-name +Default mDNS advertisement name. This must be unique on the immediate +broadcast network. + +Defaults to @samp{"Virtualization Host "}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-group +UNIX domain socket group ownership. This can be used to allow a +'trusted' set of users access to management capabilities without +becoming root. + +Defaults to @samp{"root"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-ro-perms +UNIX socket permissions for the R/O socket. This is used for monitoring +VM status only. + +Defaults to @samp{"0777"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-rw-perms +UNIX socket permissions for the R/W socket. Default allows only root. +If PolicyKit is enabled on the socket, the default will change to allow +everyone (eg, 0777) + +Defaults to @samp{"0770"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-admin-perms +UNIX socket permissions for the admin socket. Default allows only owner +(root), do not change it unless you are sure to whom you are exposing +the access to. + +Defaults to @samp{"0777"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-dir +The directory in which sockets will be found/created. + +Defaults to @samp{"/var/run/libvirt"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-unix-ro +Authentication scheme for UNIX read-only sockets. By default socket +permissions allow anyone to connect + +Defaults to @samp{"polkit"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-unix-rw +Authentication scheme for UNIX read-write sockets. By default socket +permissions only allow root. If PolicyKit support was compiled into +libvirt, the default will be to use 'polkit' auth. + +Defaults to @samp{"polkit"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-tcp +Authentication scheme for TCP sockets. If you don't enable SASL, then +all TCP traffic is cleartext. Don't do this outside of a dev/test +scenario. + +Defaults to @samp{"sasl"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-tls +Authentication scheme for TLS sockets. TLS sockets already have +encryption provided by the TLS layer, and limited authentication is done +by certificates. + +It is possible to make use of any SASL authentication mechanism as well, +by using 'sasl' for this option + +Defaults to @samp{"none"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-list access-drivers +API access control scheme. + +By default an authenticated user is allowed access to all APIs. Access +drivers can place restrictions on this. + +Defaults to @samp{()}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string key-file +Server key file path. If set to an empty string, then no private key is +loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string cert-file +Server key file path. If set to an empty string, then no certificate is +loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string ca-file +Server key file path. If set to an empty string, then no CA certificate +is loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string crl-file +Certificate revocation list path. If set to an empty string, then no +CRL is loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean tls-no-sanity-cert +Disable verification of our own server certificates. + +When libvirtd starts it performs some sanity checks against its own +certificates. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean tls-no-verify-cert +Disable verification of client certificates. + +Client certificate verification is the primary authentication mechanism. +Any client which does not present a certificate signed by the CA will be +rejected. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-list tls-allowed-dn-list +Whitelist of allowed x509 Distinguished Name. + +Defaults to @samp{()}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-list sasl-allowed-usernames +Whitelist of allowed SASL usernames. The format for username depends on +the SASL authentication mechanism. + +Defaults to @samp{()}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string tls-priority +Override the compile time default TLS priority string. The default is +usually "NORMAL" unless overridden at build time. Only set this is it +is desired for libvirt to deviate from the global default settings. + +Defaults to @samp{"NORMAL"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-clients +Maximum number of concurrent client connections to allow over all +sockets combined. + +Defaults to @samp{5000}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-queued-clients +Maximum length of queue of connections waiting to be accepted by the +daemon. Note, that some protocols supporting retransmission may obey +this so that a later reattempt at connection succeeds. + +Defaults to @samp{1000}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-anonymous-clients +Maximum length of queue of accepted but not yet authenticated clients. +Set this to zero to turn this feature off + +Defaults to @samp{20}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer min-workers +Number of workers to start up initially. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-workers +Maximum number of worker threads. + +If the number of active clients exceeds @code{min-workers}, then more +threads are spawned, up to max_workers limit. Typically you'd want +max_workers to equal maximum number of clients allowed. + +Defaults to @samp{20}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer prio-workers +Number of priority workers. If all workers from above pool are stuck, +some calls marked as high priority (notably domainDestroy) can be +executed in this pool. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-requests +Total global limit on concurrent RPC calls. + +Defaults to @samp{20}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-client-requests +Limit on concurrent requests from a single client connection. To avoid +one client monopolizing the server this should be a small fraction of +the global max_requests and max_workers parameter. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-min-workers +Same as @code{min-workers} but for the admin interface. + +Defaults to @samp{1}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-workers +Same as @code{max-workers} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-clients +Same as @code{max-clients} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-queued-clients +Same as @code{max-queued-clients} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-client-requests +Same as @code{max-client-requests} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer log-level +Logging level. 4 errors, 3 warnings, 2 information, 1 debug. + +Defaults to @samp{3}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string log-filters +Logging filters. + +A filter allows to select a different logging level for a given category +of logs The format for a filter is one of: + +@itemize @bullet +@item +x:name + +@item +x:+name + +@end itemize + +where @code{name} is a string which is matched against the category +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source +file, e.g., "remote", "qemu", or "util.json" (the name in the filter can +be a substring of the full category name, in order to match multiple +similar categories), the optional "+" prefix tells libvirt to log stack +trace for each message matching name, and @code{x} is the minimal level +where matching messages should be logged: + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple filters can be defined in a single filters statement, they just +need to be separated by spaces. + +Defaults to @samp{"3:remote 4:event"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string log-outputs +Logging outputs. + +An output is one of the places to save logging information The format +for an output can be: + +@table @code +@item x:stderr +output goes to stderr + +@item x:syslog:name +use syslog for the output and use the given name as the ident + +@item x:file:file_path +output to a file, with the given filepath + +@item x:journald +output to journald logging system + +@end table + +In all case the x prefix is the minimal level, acting as a filter + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple outputs can be defined, they just need to be separated by +spaces. + +Defaults to @samp{"3:stderr"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer audit-level +Allows usage of the auditing subsystem to be altered + +@itemize @bullet +@item +0: disable all auditing + +@item +1: enable auditing, only if enabled on host + +@item +2: enable auditing, and exit if disabled on host. + +@end itemize + +Defaults to @samp{1}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean audit-logging +Send audit messages via libvirt logging infrastructure. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-string host-uuid +Host UUID. UUID must not have all digits be the same. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string host-uuid-source +Source to read host UUID. + +@itemize @bullet +@item +@code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid} + +@item +@code{machine-id}: fetch the UUID from @code{/etc/machine-id} + +@end itemize + +If @code{dmidecode} does not provide a valid UUID a temporary UUID will +be generated. + +Defaults to @samp{"smbios"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer keepalive-interval +A keepalive message is sent to a client after @code{keepalive_interval} +seconds of inactivity to check if the client is still responding. If +set to -1, libvirtd will never send keepalive requests; however clients +can still send them and the daemon will send responses. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer keepalive-count +Maximum number of keepalive messages that are allowed to be sent to the +client without getting any response before the connection is considered +broken. + +In other words, the connection is automatically closed approximately +after @code{keepalive_interval * (keepalive_count + 1)} seconds since +the last message received from the client. When @code{keepalive-count} +is set to 0, connections will be automatically closed after +@code{keepalive-interval} seconds of inactivity without sending any +keepalive messages. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-keepalive-interval +Same as above but for admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-keepalive-count +Same as above but for admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer ovs-timeout +Timeout for Open vSwitch calls. + +The @code{ovs-vsctl} utility is used for the configuration and its +timeout option is set by default to 5 seconds to avoid potential +infinite waits blocking libvirt. + +Defaults to @samp{5}. + +@end deftypevr + +@c %end of autogenerated docs + +@subsubheading Virtlog daemon +The virtlogd service is a server side daemon component of libvirt that is +used to manage logs from virtual machine consoles. + +This daemon is not used directly by libvirt client applications, rather it +is called on their behalf by @code{libvirtd}. By maintaining the logs in a +standalone daemon, the main @code{libvirtd} daemon can be restarted without +risk of losing logs. The @code{virtlogd} daemon has the ability to re-exec() +itself upon receiving @code{SIGUSR1}, to allow live upgrades without downtime. + +@deffn {Scheme Variable} virtlog-service-type +This is the type of the virtlog daemon. +Its value must be a @code{virtlog-configuration}. + +@example +(service virtlog-service-type + (virtlog-configuration + (max-clients 1000))) +@end example +@end deffn + +@deftypevr {@code{virtlog-configuration} parameter} integer log-level +Logging level. 4 errors, 3 warnings, 2 information, 1 debug. + +Defaults to @samp{3}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} string log-filters +Logging filters. + +A filter allows to select a different logging level for a given category +of logs The format for a filter is one of: + +@itemize @bullet +@item +x:name + +@item +x:+name + +@end itemize + +where @code{name} is a string which is matched against the category +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source +file, e.g., "remote", "qemu", or "util.json" (the name in the filter can +be a substring of the full category name, in order to match multiple +similar categories), the optional "+" prefix tells libvirt to log stack +trace for each message matching name, and @code{x} is the minimal level +where matching messages should be logged: + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple filters can be defined in a single filters statement, they just +need to be separated by spaces. + +Defaults to @samp{"3:remote 4:event"}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} string log-outputs +Logging outputs. + +An output is one of the places to save logging information The format +for an output can be: + +@table @code +@item x:stderr +output goes to stderr + +@item x:syslog:name +use syslog for the output and use the given name as the ident + +@item x:file:file_path +output to a file, with the given filepath + +@item x:journald +output to journald logging system + +@end table + +In all case the x prefix is the minimal level, acting as a filter + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple outputs can be defined, they just need to be separated by +spaces. + +Defaults to @samp{"3:stderr"}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} integer max-clients +Maximum number of concurrent client connections to allow over all +sockets combined. + +Defaults to @samp{1024}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} integer max-size +Maximum file size before rolling over. + +Defaults to @samp{2MB} + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} integer max-backups +Maximum number of backup files to keep. + +Defaults to @samp{3} + +@end deftypevr + + @node Miscellaneous Services @subsubsection Miscellaneous Services diff --git a/gnu/local.mk b/gnu/local.mk index 1c6158cbfc..1bec2227ec 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -440,6 +440,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/dns.scm \ %D%/services/kerberos.scm \ %D%/services/lirc.scm \ + %D%/services/virtualization.scm \ %D%/services/mail.scm \ %D%/services/mcron.scm \ %D%/services/messaging.scm \ diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm new file mode 100644 index 0000000000..845cdb07ba --- /dev/null +++ b/gnu/services/virtualization.scm @@ -0,0 +1,492 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Ryan Moe +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services virtualization) + #:use-module (gnu services) + #:use-module (gnu services configuration) + #:use-module (gnu services base) + #:use-module (gnu services dbus) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (gnu packages virtualization) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (guix packages) + #:use-module (ice-9 match) + + #:export (libvirt-configuration + libvirt-service-type + virtlog-service-type)) + +(define (uglify-field-name field-name) + (let ((str (symbol->string field-name))) + (string-join + (string-split (string-delete #\? str) #\-) + "_"))) + +(define (quote-val val) + (string-append "\"" val "\"")) + +(define (serialize-field field-name val) + (format #t "~a = ~a\n" (uglify-field-name field-name) val)) + +(define (serialize-string field-name val) + (serialize-field field-name (quote-val val))) + +(define (serialize-boolean field-name val) + (serialize-field field-name (if val 1 0))) + +(define (serialize-integer field-name val) + (serialize-field field-name val)) + +(define (build-opt-list val) + (string-append + "[" + (string-join (map quote-val val) ",") + "]")) + +(define optional-list? list?) +(define optional-string? string?) + +(define (serialize-list field-name val) + (serialize-field field-name (build-opt-list val))) + +(define (serialize-optional-list field-name val) + (if (null? val) + (format #t "# ~a = []\n" (uglify-field-name field-name)) + (serialize-list field-name val))) + +(define (serialize-optional-string field-name val) + (if (string-null? val) + (format #t "# ~a = \"\"\n" (uglify-field-name field-name)) + (serialize-string field-name val))) + +(define-configuration libvirt-configuration + (libvirt + (package libvirt) + "Libvirt package.") + (listen-tls? + (boolean #t) + "Flag listening for secure TLS connections on the public TCP/IP port. +must set @code{listen} for this to have any effect. + +It is necessary to setup a CA and issue server certificates before +using this capability.") + (listen-tcp? + (boolean #f) + "Listen for unencrypted TCP connections on the public TCP/IP port. +must set @code{listen} for this to have any effect. + +Using the TCP socket requires SASL authentication by default. Only +SASL mechanisms which support data encryption are allowed. This is +DIGEST_MD5 and GSSAPI (Kerberos5)") + (tls-port + (string "16514") + "Port for accepting secure TLS connections This can be a port number, +or service name") + (tcp-port + (string "16509") + "Port for accepting insecure TCP connections This can be a port number, +or service name") + (listen-addr + (string "0.0.0.0") + "IP address or hostname used for client connections.") + (mdns-adv? + (boolean #f) + "Flag toggling mDNS advertisement of the libvirt service. + +Alternatively can disable for all services on a host by +stopping the Avahi daemon.") + (mdns-name + (string (string-append "Virtualization Host " (gethostname))) + "Default mDNS advertisement name. This must be unique on the +immediate broadcast network.") + (unix-sock-group + (string "root") + "UNIX domain socket group ownership. This can be used to +allow a 'trusted' set of users access to management capabilities +without becoming root.") + (unix-sock-ro-perms + (string "0777") + "UNIX socket permissions for the R/O socket. This is used +for monitoring VM status only.") + (unix-sock-rw-perms + (string "0770") + "UNIX socket permissions for the R/W socket. Default allows +only root. If PolicyKit is enabled on the socket, the default +will change to allow everyone (eg, 0777)") + (unix-sock-admin-perms + (string "0777") + "UNIX socket permissions for the admin socket. Default allows +only owner (root), do not change it unless you are sure to whom +you are exposing the access to.") + (unix-sock-dir + (string "/var/run/libvirt") + "The directory in which sockets will be found/created.") + (auth-unix-ro + (string "polkit") + "Authentication scheme for UNIX read-only sockets. By default +socket permissions allow anyone to connect") + (auth-unix-rw + (string "polkit") + "Authentication scheme for UNIX read-write sockets. By default +socket permissions only allow root. If PolicyKit support was compiled +into libvirt, the default will be to use 'polkit' auth.") + (auth-tcp + (string "sasl") + "Authentication scheme for TCP sockets. If you don't enable SASL, +then all TCP traffic is cleartext. Don't do this outside of a dev/test +scenario.") + (auth-tls + (string "none") + "Authentication scheme for TLS sockets. TLS sockets already have +encryption provided by the TLS layer, and limited authentication is +done by certificates. + +It is possible to make use of any SASL authentication mechanism as +well, by using 'sasl' for this option") + (access-drivers + (optional-list '()) + "API access control scheme. + +By default an authenticated user is allowed access to all APIs. Access +drivers can place restrictions on this.") + (key-file + (string "") + "Server key file path. If set to an empty string, then no private key +is loaded.") + (cert-file + (string "") + "Server key file path. If set to an empty string, then no certificate +is loaded.") + (ca-file + (string "") + "Server key file path. If set to an empty string, then no CA certificate +is loaded.") + (crl-file + (string "") + "Certificate revocation list path. If set to an empty string, then no +CRL is loaded.") + (tls-no-sanity-cert + (boolean #f) + "Disable verification of our own server certificates. + +When libvirtd starts it performs some sanity checks against its own +certificates.") + (tls-no-verify-cert + (boolean #f) + "Disable verification of client certificates. + +Client certificate verification is the primary authentication mechanism. +Any client which does not present a certificate signed by the CA +will be rejected.") + (tls-allowed-dn-list + (optional-list '()) + "Whitelist of allowed x509 Distinguished Name.") + (sasl-allowed-usernames + (optional-list '()) + "Whitelist of allowed SASL usernames. The format for username +depends on the SASL authentication mechanism.") + (tls-priority + (string "NORMAL") + "Override the compile time default TLS priority string. The +default is usually \"NORMAL\" unless overridden at build time. +Only set this is it is desired for libvirt to deviate from +the global default settings.") + (max-clients + (integer 5000) + "Maximum number of concurrent client connections to allow +over all sockets combined.") + (max-queued-clients + (integer 1000) + "Maximum length of queue of connections waiting to be +accepted by the daemon. Note, that some protocols supporting +retransmission may obey this so that a later reattempt at +connection succeeds.") + (max-anonymous-clients + (integer 20) + "Maximum length of queue of accepted but not yet authenticated +clients. Set this to zero to turn this feature off") + (min-workers + (integer 5) + "Number of workers to start up initially.") + (max-workers + (integer 20) + "Maximum number of worker threads. + +If the number of active clients exceeds @code{min-workers}, +then more threads are spawned, up to max_workers limit. +Typically you'd want max_workers to equal maximum number +of clients allowed.") + (prio-workers + (integer 5) + "Number of priority workers. If all workers from above +pool are stuck, some calls marked as high priority +(notably domainDestroy) can be executed in this pool.") + (max-requests + (integer 20) + "Total global limit on concurrent RPC calls.") + (max-client-requests + (integer 5) + "Limit on concurrent requests from a single client +connection. To avoid one client monopolizing the server +this should be a small fraction of the global max_requests +and max_workers parameter.") + (admin-min-workers + (integer 1) + "Same as @code{min-workers} but for the admin interface.") + (admin-max-workers + (integer 5) + "Same as @code{max-workers} but for the admin interface.") + (admin-max-clients + (integer 5) + "Same as @code{max-clients} but for the admin interface.") + (admin-max-queued-clients + (integer 5) + "Same as @code{max-queued-clients} but for the admin interface.") + (admin-max-client-requests + (integer 5) + "Same as @code{max-client-requests} but for the admin interface.") + (log-level + (integer 3) + "Logging level. 4 errors, 3 warnings, 2 information, 1 debug.") + (log-filters + (string "3:remote 4:event") + "Logging filters. + +A filter allows to select a different logging level for a given category +of logs +The format for a filter is one of: +@itemize +@item x:name + +@item x:+name +@end itemize + +where @code{name} is a string which is matched against the category +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source +file, e.g., \"remote\", \"qemu\", or \"util.json\" (the name in the +filter can be a substring of the full category name, in order +to match multiple similar categories), the optional \"+\" prefix +tells libvirt to log stack trace for each message matching +name, and @code{x} is the minimal level where matching messages should +be logged: + +@itemize +@item 1: DEBUG +@item 2: INFO +@item 3: WARNING +@item 4: ERROR +@end itemize + +Multiple filters can be defined in a single filters statement, they just +need to be separated by spaces.") + (log-outputs + (string "3:stderr") + "Logging outputs. + +An output is one of the places to save logging information +The format for an output can be: + +@table @code +@item x:stderr +output goes to stderr + +@item x:syslog:name +use syslog for the output and use the given name as the ident + +@item x:file:file_path +output to a file, with the given filepath + +@item x:journald +output to journald logging system +@end table + +In all case the x prefix is the minimal level, acting as a filter + +@itemize +@item 1: DEBUG +@item 2: INFO +@item 3: WARNING +@item 4: ERROR +@end itemize + +Multiple outputs can be defined, they just need to be separated by spaces.") + (audit-level + (integer 1) + "Allows usage of the auditing subsystem to be altered + +@itemize +@item 0: disable all auditing +@item 1: enable auditing, only if enabled on host +@item 2: enable auditing, and exit if disabled on host. +@end itemize +") + (audit-logging + (boolean #f) + "Send audit messages via libvirt logging infrastructure.") + (host-uuid + (optional-string "") + "Host UUID. UUID must not have all digits be the same.") + (host-uuid-source + (string "smbios") + "Source to read host UUID. + +@itemize + +@item @code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid} + +@item @code{machine-id}: fetch the UUID from @code{/etc/machine-id} + +@end itemize + +If @code{dmidecode} does not provide a valid UUID a temporary UUID +will be generated.") + (keepalive-interval + (integer 5) + "A keepalive message is sent to a client after +@code{keepalive_interval} seconds of inactivity to check if +the client is still responding. If set to -1, libvirtd will +never send keepalive requests; however clients can still send +them and the daemon will send responses.") + (keepalive-count + (integer 5) + "Maximum number of keepalive messages that are allowed to be sent +to the client without getting any response before the connection is +considered broken. + +In other words, the connection is automatically +closed approximately after +@code{keepalive_interval * (keepalive_count + 1)} seconds since the last +message received from the client. When @code{keepalive-count} is +set to 0, connections will be automatically closed after +@code{keepalive-interval} seconds of inactivity without sending any +keepalive messages.") + (admin-keepalive-interval + (integer 5) + "Same as above but for admin interface.") + (admin-keepalive-count + (integer 5) + "Same as above but for admin interface.") + (ovs-timeout + (integer 5) + "Timeout for Open vSwitch calls. + +The @code{ovs-vsctl} utility is used for the configuration and +its timeout option is set by default to 5 seconds to avoid +potential infinite waits blocking libvirt.")) + +(define* (libvirt-conf-file config) + "Return a libvirtd config file." + (plain-file "libvirtd.conf" + (with-output-to-string + (lambda () + (serialize-configuration config libvirt-configuration-fields))))) + +(define %libvirt-accounts + (list (user-group (name "libvirt") (system? #t)))) + +(define (%libvirt-activation config) + (let ((sock-dir (libvirt-configuration-unix-sock-dir config))) + #~(begin + (use-modules (guix build utils)) + (mkdir-p #$sock-dir)))) + + +(define (libvirt-shepherd-service config) + (let* ((config-file (libvirt-conf-file config)) + (libvirt (libvirt-configuration-libvirt config))) + (list (shepherd-service + (documentation "Run the libvirt daemon.") + (provision '(libvirtd)) + (start #~(make-forkexec-constructor + (list (string-append #$libvirt "/sbin/libvirtd") + "-f" #$config-file))) + (stop #~(make-kill-destructor)))))) + +(define libvirt-service-type + (service-type (name 'libvirt) + (extensions + (list + (service-extension polkit-service-type + (compose list libvirt-configuration-libvirt)) + (service-extension profile-service-type + (compose list + libvirt-configuration-libvirt)) + (service-extension activation-service-type + %libvirt-activation) + (service-extension shepherd-root-service-type + libvirt-shepherd-service) + (service-extension account-service-type + (const %libvirt-accounts)))) + (default-value (libvirt-configuration)))) + + +(define-record-type* + virtlog-configuration make-virtlog-configuration + virtlog-configuration? + (libvirt virtlog-configuration-libvirt + (default libvirt)) + (log-level virtlog-configuration-log-level + (default 3)) + (log-filters virtlog-configuration-log-filters + (default "3:remote 4:event")) + (log-outputs virtlog-configuration-log-outputs + (default "3:syslog:virtlogd")) + (max-clients virtlog-configuration-max-clients + (default 1024)) + (max-size virtlog-configuration-max-size + (default 2097152)) ;; 2MB + (max-backups virtlog-configuration-max-backups + (default 3))) + +(define* (virtlogd-conf-file config) + "Return a virtlogd config file." + (plain-file "virtlogd.conf" + (string-append + "log_level = " (number->string (virtlog-configuration-log-level config)) "\n" + "log_filters = \"" (virtlog-configuration-log-filters config) "\"\n" + "log_outputs = \"" (virtlog-configuration-log-outputs config) "\"\n" + "max_clients = " (number->string (virtlog-configuration-max-clients config)) "\n" + "max_size = " (number->string (virtlog-configuration-max-size config)) "\n" + "max_backups = " (number->string (virtlog-configuration-max-backups config)) "\n"))) + +(define (virtlogd-shepherd-service config) + (let* ((config-file (virtlogd-conf-file config)) + (libvirt (virtlog-configuration-libvirt config))) + (list (shepherd-service + (documentation "Run the virtlog daemon.") + (provision '(virtlogd)) + (start #~(make-forkexec-constructor + (list (string-append #$libvirt "/sbin/virtlogd") + "-f" #$config-file))) + (stop #~(make-kill-destructor)))))) + +(define virtlog-service-type + (service-type (name 'virtlogd) + (extensions + (list + (service-extension shepherd-root-service-type + virtlogd-shepherd-service))) + (default-value (virtlog-configuration)))) + +(define (generate-libvirt-documentation) + (generate-documentation + `((libvirt-configuration ,libvirt-configuration-fields)) + 'libvirt-configuration)) -- cgit 1.4.1 From c075c8fd0c79293a1461f78c7f7b141af23fa7bf Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sat, 19 Aug 2017 12:56:07 +0100 Subject: tests: Add 'libvirt-service-type' test. * gnu/tests/virtualization.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/tests/virtualization.scm | 95 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+) create mode 100644 gnu/tests/virtualization.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 1bec2227ec..253e0c8db6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -494,6 +494,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/messaging.scm \ %D%/tests/networking.scm \ %D%/tests/ssh.scm \ + %D%/tests/virtualization.scm \ %D%/tests/web.scm # Modules that do not need to be compiled. diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm new file mode 100644 index 0000000000..c2939355b2 --- /dev/null +++ b/gnu/tests/virtualization.scm @@ -0,0 +1,95 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Christopher Baines +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests virtualization) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system file-systems) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services dbus) + #:use-module (gnu services networking) + #:use-module (gnu services virtualization) + #:use-module (gnu packages virtualization) + #:use-module (guix gexp) + #:use-module (guix store) + #:export (%test-libvirt)) + +(define %libvirt-os + (simple-operating-system + (dhcp-client-service) + (dbus-service) + (polkit-service) + (service libvirt-service-type))) + +(define (run-libvirt-test) + "Run tests in %LIBVIRT-OS." + (define os + (marionette-operating-system + %libvirt-os + #:imported-modules '((gnu services herd) + (guix combinators)))) + + (define vm + (virtual-machine + (operating-system os) + (port-forwardings '()))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (gnu build marionette)) + + (define marionette + (make-marionette (list #$vm))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "libvirt") + + (test-assert "service running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'libvirtd) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (test-eq "fetch version" + 0 + (marionette-eval + `(begin + (system* ,(string-append #$libvirt "/bin/virsh") + "-c" "qemu:///system" "version")) + marionette)) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "libvirt-test" test)) + +(define %test-libvirt + (system-test + (name "libvirt") + (description "Connect to the running LIBVIRT service.") + (value (run-libvirt-test)))) -- cgit 1.4.1 From f00e328fd37eda2ed0f706ca03a021e72a6b2350 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 23 Aug 2017 21:07:07 +0300 Subject: gnu: openjpeg: Fix CVE-2017-12982. * gnu/packages/image.scm (openjepg)[source]: Add patch. * gnu/packages/patches/openjpeg-CVE-2017-12982.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/image.scm | 3 ++- gnu/packages/patches/openjpeg-CVE-2017-12982.patch | 28 ++++++++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/openjpeg-CVE-2017-12982.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 253e0c8db6..f72bb52011 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -901,6 +901,7 @@ dist_patch_DATA = \ %D%/packages/patches/ola-readdir-r.patch \ %D%/packages/patches/openscenegraph-ffmpeg3.patch \ %D%/packages/patches/openexr-missing-samples.patch \ + %D%/packages/patches/openjpeg-CVE-2017-12982.patch \ %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 3f8b520aec..b629d3b206 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -549,7 +549,8 @@ work.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg")))) + "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg")) + (patches (search-patches "openjpeg-CVE-2017-12982.patch")))) (build-system cmake-build-system) (arguments ;; Trying to run `$ make check' results in a no rule fault. diff --git a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch new file mode 100644 index 0000000000..3929a73570 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch @@ -0,0 +1,28 @@ +http://openwall.com/lists/oss-security/2017/08/21/1 +https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch + +From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Mon, 14 Aug 2017 17:26:58 +0200 +Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0 + (#983) + +--- + src/bin/jp2/convertbmp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index b49e7a080..2715fdf24 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header) + + header->biBitCount = (OPJ_UINT16)getc(IN); + header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8); ++ if (header->biBitCount == 0) { ++ fprintf(stderr, "Error, invalid biBitCount %d\n", 0); ++ return OPJ_FALSE; ++ } + + if (header->biSize >= 40U) { + header->biCompression = (OPJ_UINT32)getc(IN); -- cgit 1.4.1 From f81039058cb2c7b0b4986109fca584a87112a9b9 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 23 Aug 2017 21:56:34 +0300 Subject: gnu: qemu: Fix CVE-2017-12809. * gnu/packages/virtualization.scm (qemu)[source]: Add patch. * gnu/packages/patches/qemu-CVE-2017-12809.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/patches/qemu-CVE-2017-12809.patch | 38 ++++++++++++++++++++++++++ gnu/packages/virtualization.scm | 3 +- 3 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/qemu-CVE-2017-12809.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index f72bb52011..71f1cb2441 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1003,6 +1003,7 @@ dist_patch_DATA = \ %D%/packages/patches/qemu-CVE-2017-10911.patch \ %D%/packages/patches/qemu-CVE-2017-11334.patch \ %D%/packages/patches/qemu-CVE-2017-11434.patch \ + %D%/packages/patches/qemu-CVE-2017-12809.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2017-12809.patch b/gnu/packages/patches/qemu-CVE-2017-12809.patch new file mode 100644 index 0000000000..e40a14b4e0 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-12809.patch @@ -0,0 +1,38 @@ +http://openwall.com/lists/oss-security/2017/08/21/2 +https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html + +The block backend changed in a way that flushing empty CDROM drives now +crashes. Amend IDE to avoid doing so until the root problem can be +addressed for 2.11. + +Original patch by John Snow . + +Reported-by: Kieron Shorrock +Signed-off-by: Stefan Hajnoczi +--- + hw/ide/core.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/hw/ide/core.c b/hw/ide/core.c +index 0b48b64d3a..bea39536b0 100644 +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s) + s->status |= BUSY_STAT; + ide_set_retry(s); + block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH); +- s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); ++ ++ if (blk_bs(s->blk)) { ++ s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); ++ } else { ++ /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this ++ * temporary workaround when blk_aio_*() functions handle NULL blk_bs. ++ */ ++ ide_flush_cb(s, 0); ++ } + } + + static void ide_cfata_metadata_inquiry(IDEState *s) +-- +2.13.3 diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index d76a6dfd85..d06c55bd57 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -87,7 +87,8 @@ "qemu-CVE-2017-10806.patch" "qemu-CVE-2017-10911.patch" "qemu-CVE-2017-11334.patch" - "qemu-CVE-2017-11434.patch")) + "qemu-CVE-2017-11434.patch" + "qemu-CVE-2017-12809.patch")) (sha256 (base32 "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h")))) -- cgit 1.4.1