From e48f80cba03a0a428bbffb7388a49fd765a92318 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Fri, 28 Jun 2019 13:15:03 +0530 Subject: gnu: Add qlogo. * gnu/packages/logo.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Register it. * gnu/packages/logo.scm (qlogo): New variable. --- gnu/local.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 6e90d88689..8d7760cf46 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -299,6 +299,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/llvm.scm \ %D%/packages/lout.scm \ %D%/packages/logging.scm \ + %D%/packages/logo.scm \ %D%/packages/lolcode.scm \ %D%/packages/lsof.scm \ %D%/packages/lua.scm \ -- cgit 1.4.1 From fa9edf09e992db7510c7471486dffc93e1e707e5 Mon Sep 17 00:00:00 2001 From: "Jakob L. Kreuze" Date: Fri, 5 Jul 2019 14:55:21 -0400 Subject: gnu: Add machine type for deployment specifications. * gnu/machine.scm: New file. * gnu/machine/ssh.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- Makefile.am | 3 +- gnu/local.mk | 5 +- gnu/machine.scm | 107 +++++++++++++++ gnu/machine/ssh.scm | 369 ++++++++++++++++++++++++++++++++++++++++++++++++++++ po/guix/POTFILES.in | 1 + 5 files changed, 483 insertions(+), 2 deletions(-) create mode 100644 gnu/machine.scm create mode 100644 gnu/machine/ssh.scm (limited to 'gnu/local.mk') diff --git a/Makefile.am b/Makefile.am index 31430545cb..beb60097a4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -425,7 +425,8 @@ SCM_TESTS = \ tests/import-utils.scm \ tests/store-database.scm \ tests/store-deduplication.scm \ - tests/store-roots.scm + tests/store-roots.scm \ + tests/machine.scm SH_TESTS = \ tests/guix-build.sh \ diff --git a/gnu/local.mk b/gnu/local.mk index 8d7760cf46..68a43330c4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -565,6 +565,9 @@ GNU_SYSTEM_MODULES = \ %D%/system/uuid.scm \ %D%/system/vm.scm \ \ + %D%/machine.scm \ + %D%/machine/ssh.scm \ + \ %D%/build/accounts.scm \ %D%/build/activation.scm \ %D%/build/bootloader.scm \ @@ -630,7 +633,7 @@ INSTALLER_MODULES = \ %D%/installer/newt/user.scm \ %D%/installer/newt/utils.scm \ %D%/installer/newt/welcome.scm \ - %D%/installer/newt/wifi.scm + %D%/installer/newt/wifi.scm # Always ship the installer modules but compile them only when # ENABLE_INSTALLER is true. diff --git a/gnu/machine.scm b/gnu/machine.scm new file mode 100644 index 0000000000..0b79402b0a --- /dev/null +++ b/gnu/machine.scm @@ -0,0 +1,107 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2019 David Thompson +;;; Copyright © 2019 Jakob L. Kreuze +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu machine) + #:use-module (gnu system) + #:use-module (guix derivations) + #:use-module (guix monads) + #:use-module (guix records) + #:use-module (guix store) + #:use-module ((guix utils) #:select (source-properties->location)) + #:export (environment-type + environment-type? + environment-type-name + environment-type-description + environment-type-location + + machine + machine? + this-machine + + machine-system + machine-environment + machine-configuration + machine-display-name + + deploy-machine + machine-remote-eval)) + +;;; Commentary: +;;; +;;; This module provides the types used to declare individual machines in a +;;; heterogeneous Guix deployment. The interface allows users of specify system +;;; configurations and the means by which resources should be provisioned on a +;;; per-host basis. +;;; +;;; Code: + + +;;; +;;; Declarations for resources that can be provisioned. +;;; + +(define-record-type* environment-type + make-environment-type + environment-type? + + ;; Interface to the environment type's deployment code. Each procedure + ;; should take the same arguments as the top-level procedure of this file + ;; that shares the same name. For example, 'machine-remote-eval' should be + ;; of the form '(machine-remote-eval machine exp)'. + (machine-remote-eval environment-type-machine-remote-eval) ; procedure + (deploy-machine environment-type-deploy-machine) ; procedure + + ;; Metadata. + (name environment-type-name) ; symbol + (description environment-type-description ; string + (default #f)) + (location environment-type-location ; + (default (and=> (current-source-location) + source-properties->location)) + (innate))) + + +;;; +;;; Declarations for machines in a deployment. +;;; + +(define-record-type* machine + make-machine + machine? + this-machine + (system machine-system) ; + (environment machine-environment) ; symbol + (configuration machine-configuration ; configuration object + (default #f))) ; specific to environment + +(define (machine-display-name machine) + "Return the host-name identifying MACHINE." + (operating-system-host-name (machine-system machine))) + +(define (machine-remote-eval machine exp) + "Evaluate EXP, a gexp, on MACHINE. Ensure that all the elements EXP refers to +are built and deployed to MACHINE beforehand." + (let ((environment (machine-environment machine))) + ((environment-type-machine-remote-eval environment) machine exp))) + +(define (deploy-machine machine) + "Monadic procedure transferring the new system's OS closure to the remote +MACHINE, activating it on MACHINE and switching MACHINE to the new generation." + (let ((environment (machine-environment machine))) + ((environment-type-deploy-machine environment) machine))) diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm new file mode 100644 index 0000000000..a7d1a967ae --- /dev/null +++ b/gnu/machine/ssh.scm @@ -0,0 +1,369 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2019 Jakob L. Kreuze +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu machine ssh) + #:use-module (gnu bootloader) + #:use-module (gnu machine) + #:autoload (gnu packages gnupg) (guile-gcrypt) + #:use-module (gnu services) + #:use-module (gnu services shepherd) + #:use-module (gnu system) + #:use-module (guix derivations) + #:use-module (guix gexp) + #:use-module (guix i18n) + #:use-module (guix modules) + #:use-module (guix monads) + #:use-module (guix records) + #:use-module (guix remote) + #:use-module (guix ssh) + #:use-module (guix store) + #:use-module (ice-9 match) + #:use-module (srfi srfi-19) + #:use-module (srfi srfi-35) + #:export (managed-host-environment-type + + machine-ssh-configuration + machine-ssh-configuration? + machine-ssh-configuration + + machine-ssh-configuration-host-name + machine-ssh-configuration-port + machine-ssh-configuration-user + machine-ssh-configuration-session)) + +;;; Commentary: +;;; +;;; This module implements remote evaluation and system deployment for +;;; machines that are accessable over SSH and have a known host-name. In the +;;; sense of the broader "machine" interface, we describe the environment for +;;; such machines as 'managed-host. +;;; +;;; Code: + + +;;; +;;; Parameters for the SSH client. +;;; + +(define-record-type* machine-ssh-configuration + make-machine-ssh-configuration + machine-ssh-configuration? + this-machine-ssh-configuration + (host-name machine-ssh-configuration-host-name) ; string + (port machine-ssh-configuration-port ; integer + (default 22)) + (user machine-ssh-configuration-user ; string + (default "root")) + (identity machine-ssh-configuration-identity ; path to a private key + (default #f)) + (session machine-ssh-configuration-session ; session + (default #f))) + +(define (machine-ssh-session machine) + "Return the SSH session that was given in MACHINE's configuration, or create +one from the configuration's parameters if one was not provided." + (maybe-raise-unsupported-configuration-error machine) + (let ((config (machine-configuration machine))) + (or (machine-ssh-configuration-session config) + (let ((host-name (machine-ssh-configuration-host-name config)) + (user (machine-ssh-configuration-user config)) + (port (machine-ssh-configuration-port config)) + (identity (machine-ssh-configuration-identity config))) + (open-ssh-session host-name + #:user user + #:port port + #:identity identity))))) + + +;;; +;;; Remote evaluation. +;;; + +(define (managed-host-remote-eval machine exp) + "Internal implementation of 'machine-remote-eval' for MACHINE instances with +an environment type of 'managed-host." + (maybe-raise-unsupported-configuration-error machine) + (remote-eval exp (machine-ssh-session machine))) + + +;;; +;;; System deployment. +;;; + +(define (switch-to-system machine) + "Monadic procedure creating a new generation on MACHINE and execute the +activation script for the new system configuration." + (define (remote-exp drv script) + (with-extensions (list guile-gcrypt) + (with-imported-modules (source-module-closure '((guix config) + (guix profiles) + (guix utils))) + #~(begin + (use-modules (guix config) + (guix profiles) + (guix utils)) + + (define %system-profile + (string-append %state-directory "/profiles/system")) + + (let* ((system #$drv) + (number (1+ (generation-number %system-profile))) + (generation (generation-file-name %system-profile number))) + (switch-symlinks generation system) + (switch-symlinks %system-profile generation) + ;; The implementation of 'guix system reconfigure' saves the + ;; load path and environment here. This is unnecessary here + ;; because each invocation of 'remote-eval' runs in a distinct + ;; Guile REPL. + (setenv "GUIX_NEW_SYSTEM" system) + ;; The activation script may write to stdout, which confuses + ;; 'remote-eval' when it attempts to read a result from the + ;; remote REPL. We work around this by forcing the output to a + ;; string. + (with-output-to-string + (lambda () + (primitive-load #$script)))))))) + + (let* ((os (machine-system machine)) + (script (operating-system-activation-script os))) + (mlet* %store-monad ((drv (operating-system-derivation os))) + (machine-remote-eval machine (remote-exp drv script))))) + +;; XXX: Currently, this does NOT attempt to restart running services. This is +;; also the case with 'guix system reconfigure'. +;; +;; See . +(define (upgrade-shepherd-services machine) + "Monadic procedure unloading and starting services on the remote as needed +to realize the MACHINE's system configuration." + (define target-services + ;; Monadic expression evaluating to a list of (name output-path) pairs for + ;; all of MACHINE's services. + (mapm %store-monad + (lambda (service) + (mlet %store-monad ((file ((compose lower-object + shepherd-service-file) + service))) + (return (list (shepherd-service-canonical-name service) + (derivation->output-path file))))) + (service-value + (fold-services (operating-system-services (machine-system machine)) + #:target-type shepherd-root-service-type)))) + + (define (remote-exp target-services) + (with-imported-modules '((gnu services herd)) + #~(begin + (use-modules (gnu services herd) + (srfi srfi-1)) + + (define running + (filter live-service-running (current-services))) + + (define (essential? service) + ;; Return #t if SERVICE is essential and should not be unloaded + ;; under any circumstance. + (memq (first (live-service-provision service)) + '(root shepherd))) + + (define (obsolete? service) + ;; Return #t if SERVICE can be safely unloaded. + (and (not (essential? service)) + (every (lambda (requirements) + (not (memq (first (live-service-provision service)) + requirements))) + (map live-service-requirement running)))) + + (define to-unload + (filter obsolete? + (remove (lambda (service) + (memq (first (live-service-provision service)) + (map first '#$target-services))) + running))) + + (define to-start + (remove (lambda (service-pair) + (memq (first service-pair) + (map (compose first live-service-provision) + running))) + '#$target-services)) + + ;; Unload obsolete services. + (for-each (lambda (service) + (false-if-exception + (unload-service service))) + to-unload) + + ;; Load the service files for any new services and start them. + (load-services/safe (map second to-start)) + (for-each start-service (map first to-start)) + + #t))) + + (mlet %store-monad ((target-services target-services)) + (machine-remote-eval machine (remote-exp target-services)))) + +(define (machine-boot-parameters machine) + "Monadic procedure returning a list of 'boot-parameters' for the generations +of MACHINE's system profile, ordered from most recent to oldest." + (define bootable-kernel-arguments + (@@ (gnu system) bootable-kernel-arguments)) + + (define remote-exp + (with-extensions (list guile-gcrypt) + (with-imported-modules (source-module-closure '((guix config) + (guix profiles))) + #~(begin + (use-modules (guix config) + (guix profiles) + (ice-9 textual-ports)) + + (define %system-profile + (string-append %state-directory "/profiles/system")) + + (define (read-file path) + (call-with-input-file path + (lambda (port) + (get-string-all port)))) + + (map (lambda (generation) + (let* ((system-path (generation-file-name %system-profile + generation)) + (boot-parameters-path (string-append system-path + "/parameters")) + (time (stat:mtime (lstat system-path)))) + (list generation + system-path + time + (read-file boot-parameters-path)))) + (reverse (generation-numbers %system-profile))))))) + + (mlet* %store-monad ((generations (machine-remote-eval machine remote-exp))) + (return + (map (lambda (generation) + (match generation + ((generation system-path time serialized-params) + (let* ((params (call-with-input-string serialized-params + read-boot-parameters)) + (root (boot-parameters-root-device params)) + (label (boot-parameters-label params))) + (boot-parameters + (inherit params) + (label + (string-append label " (#" + (number->string generation) ", " + (let ((time (make-time time-utc 0 time))) + (date->string (time-utc->date time) + "~Y-~m-~d ~H:~M")) + ")")) + (kernel-arguments + (append (bootable-kernel-arguments system-path root) + (boot-parameters-kernel-arguments params)))))))) + generations)))) + +(define (install-bootloader machine) + "Create a bootloader entry for the new system generation on MACHINE, and +configure the bootloader to boot that generation by default." + (define bootloader-installer-script + (@@ (guix scripts system) bootloader-installer-script)) + + (define (remote-exp installer bootcfg bootcfg-file) + (with-extensions (list guile-gcrypt) + (with-imported-modules (source-module-closure '((gnu build install) + (guix store) + (guix utils))) + #~(begin + (use-modules (gnu build install) + (guix store) + (guix utils)) + (let* ((gc-root (string-append "/" %gc-roots-directory "/bootcfg")) + (temp-gc-root (string-append gc-root ".new"))) + + (switch-symlinks temp-gc-root gc-root) + + (unless (false-if-exception + (begin + ;; The implementation of 'guix system reconfigure' + ;; saves the load path here. This is unnecessary here + ;; because each invocation of 'remote-eval' runs in a + ;; distinct Guile REPL. + (install-boot-config #$bootcfg #$bootcfg-file "/") + ;; The installation script may write to stdout, which + ;; confuses 'remote-eval' when it attempts to read a + ;; result from the remote REPL. We work around this + ;; by forcing the output to a string. + (with-output-to-string + (lambda () + (primitive-load #$installer))))) + (delete-file temp-gc-root) + (error "failed to install bootloader")) + + (rename-file temp-gc-root gc-root) + #t))))) + + (mlet* %store-monad ((boot-parameters (machine-boot-parameters machine))) + (let* ((os (machine-system machine)) + (bootloader ((compose bootloader-configuration-bootloader + operating-system-bootloader) + os)) + (bootloader-target (bootloader-configuration-target + (operating-system-bootloader os))) + (installer (bootloader-installer-script + (bootloader-installer bootloader) + (bootloader-package bootloader) + bootloader-target + "/")) + (menu-entries (map boot-parameters->menu-entry boot-parameters)) + (bootcfg (operating-system-bootcfg os menu-entries)) + (bootcfg-file (bootloader-configuration-file bootloader))) + (machine-remote-eval machine (remote-exp installer bootcfg bootcfg-file))))) + +(define (deploy-managed-host machine) + "Internal implementation of 'deploy-machine' for MACHINE instances with an +environment type of 'managed-host." + (maybe-raise-unsupported-configuration-error machine) + (mbegin %store-monad + (switch-to-system machine) + (upgrade-shepherd-services machine) + (install-bootloader machine))) + + +;;; +;;; Environment type. +;;; + +(define managed-host-environment-type + (environment-type + (machine-remote-eval managed-host-remote-eval) + (deploy-machine deploy-managed-host) + (name 'managed-host-environment-type) + (description "Provisioning for machines that are accessable over SSH +and have a known host-name. This entails little more than maintaining an SSH +connection to the host."))) + +(define (maybe-raise-unsupported-configuration-error machine) + "Raise an error if MACHINE's configuration is not an instance of +." + (let ((config (machine-configuration machine)) + (environment (environment-type-name (machine-environment machine)))) + (unless (and config (machine-ssh-configuration? config)) + (raise (condition + (&message + (message (format #f (G_ "unsupported machine configuration '~a' +for environment of type '~a'") + config + environment)))))))) diff --git a/po/guix/POTFILES.in b/po/guix/POTFILES.in index ceee589b2e..bcd6f76371 100644 --- a/po/guix/POTFILES.in +++ b/po/guix/POTFILES.in @@ -36,6 +36,7 @@ gnu/installer/steps.scm gnu/installer/timezone.scm gnu/installer/user.scm gnu/installer/utils.scm +gnu/machine/ssh.scm guix/scripts.scm guix/scripts/build.scm guix/discovery.scm -- cgit 1.4.1 From 6543bc80b41c488a069b39d8b26e6d61cbb8252d Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Wed, 12 Jun 2019 21:15:27 +0100 Subject: gnu: Add python-slugify. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/python-web.scm (python-slugify): New variable. * gnu/packages/patches/python-slugify-depend-on-unidecode.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + .../python-slugify-depend-on-unidecode.patch | 22 +++++++++++++++ gnu/packages/python-web.scm | 31 ++++++++++++++++++++++ 3 files changed, 54 insertions(+) create mode 100644 gnu/packages/patches/python-slugify-depend-on-unidecode.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 68a43330c4..f6392ccd23 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1231,6 +1231,7 @@ dist_patch_DATA = \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ %D%/packages/patches/python-robotframework-honor-source-date-epoch.patch \ + %D%/packages/patches/python-slugify-depend-on-unidecode.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ %D%/packages/patches/python-unittest2-python3-compat.patch \ %D%/packages/patches/python-unittest2-remove-argparse.patch \ diff --git a/gnu/packages/patches/python-slugify-depend-on-unidecode.patch b/gnu/packages/patches/python-slugify-depend-on-unidecode.patch new file mode 100644 index 0000000000..6038f432f1 --- /dev/null +++ b/gnu/packages/patches/python-slugify-depend-on-unidecode.patch @@ -0,0 +1,22 @@ +diff --git a/setup.py b/setup.py +index 4800173..6bdd77f 100755 +--- a/setup.py ++++ b/setup.py +@@ -14,8 +14,7 @@ url = 'https://github.com/un33k/python-slugify' + author = 'Val Neekman' + author_email = 'info@neekware.com' + license = 'MIT' +-install_requires = ['text-unidecode==1.2'] +-extras_require = {'unidecode': ['Unidecode==1.0.23']} ++install_requires = ['Unidecode'] + + classifiers = [ + 'Development Status :: 5 - Production/Stable', +@@ -67,7 +66,6 @@ setup( + author_email=author_email, + packages=find_packages(exclude=EXCLUDE_FROM_PACKAGES), + install_requires=install_requires, +- extras_require=extras_require, + classifiers=classifiers, + entry_points={'console_scripts': ['slugify=slugify.slugify:main']}, + ) diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm index cbcbe6c867..e441cbaa81 100644 --- a/gnu/packages/python-web.scm +++ b/gnu/packages/python-web.scm @@ -29,6 +29,7 @@ ;;; Copyright © 2018 Maxim Cournoyer ;;; Copyright © 2019 Vagrant Cascadian ;;; Copyright © 2019 Brendan Tildesley +;;; Copyright © 2019 Pierre Langlois ;;; ;;; This file is part of GNU Guix. ;;; @@ -3165,3 +3166,33 @@ Python.") (propagated-inputs `(("python-gevent" ,python2-gevent) ("python-tornado" ,python2-tornado))))) + +(define-public python-slugify + (package + (name "python-slugify") + (version "3.0.2") + (source + (origin + (method url-fetch) + (uri (pypi-uri "python-slugify" version)) + (sha256 + (base32 + "0n6pfmsq899c54plpvzi46l7zrpa3zfpm8im6h32czjw6kxky5jp")) + (patches + (search-patches "python-slugify-depend-on-unidecode.patch")))) + (native-inputs + `(("python-wheel" ,python-wheel))) + (propagated-inputs + `(("python-unidecode" ,python-unidecode))) + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'check + (lambda _ + (invoke "python" "test.py")))))) + (build-system python-build-system) + (home-page "https://github.com/un33k/python-slugify") + (synopsis "Python Slugify application that handles Unicode") + (description "This package provides a @command{slufigy} command and +library to create slugs from unicode strings while keeping it DRY.") + (license license:expat))) -- cgit 1.4.1 From 451742bcf658b0bc185e925d01d5b96355bda412 Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Thu, 13 Jun 2019 16:06:23 +0100 Subject: gnu: Add python-leather. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/wireservice.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/wireservice.scm | 91 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 92 insertions(+) create mode 100644 gnu/packages/wireservice.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index f6392ccd23..0f4c1ce5c8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -490,6 +490,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/wget.scm \ %D%/packages/wicd.scm \ %D%/packages/wine.scm \ + %D%/packages/wireservice.scm \ %D%/packages/wm.scm \ %D%/packages/wordnet.scm \ %D%/packages/wv.scm \ diff --git a/gnu/packages/wireservice.scm b/gnu/packages/wireservice.scm new file mode 100644 index 0000000000..290b027e7b --- /dev/null +++ b/gnu/packages/wireservice.scm @@ -0,0 +1,91 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2019 Pierre Langlois +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages wireservice) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix build-system python) + #:use-module (guix git-download) + #:use-module (guix packages) + #:use-module (gnu packages) + #:use-module (gnu packages check) + #:use-module (gnu packages python-web) + #:use-module (gnu packages python-xyz) + #:use-module (gnu packages sphinx)) + +;; Base package definition for packages from https://github.com/wireservice. +;; This is done so we can share how to run tests and build documentation. +(define base-package + (package + (name #f) + (version #f) + (source #f) + (home-page #f) + (synopsis #f) + (description #f) + (build-system python-build-system) + (native-inputs + `(("python-nose" ,python-nose) + ("python-sphinx" ,python-sphinx) + ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme))) + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'check + (lambda _ + (invoke "nosetests" "tests"))) + (add-after 'install 'install-docs + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (doc (string-append out "/share/doc/" + ,(package-name this-package) + "-" + ,(package-version this-package)))) + (with-directory-excursion "docs" + (for-each + (lambda (target) + (invoke "make" target) + (copy-recursively (string-append "_build/" target) + (string-append doc "/" target))) + '("html" "dirhtml" "singlehtml" "text"))) + #t)))))) + (license license:expat))) + +(define-public python-leather + (package + (inherit base-package) + (name "python-leather") + (version "0.3.3") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/wireservice/leather.git") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1ck3dplni99sv4s117cbm07ydwwjsrxkhdy19rnk0iglia1d4s5i")))) + (native-inputs + `(("python-cssselect" ,python-cssselect) + ("python-lxml" ,python-lxml) + ,@(package-native-inputs base-package))) + (propagated-inputs + `(("python-six" ,python-six))) + (home-page "https://leather.rtfd.org") + (synopsis "Python charting for 80% of humans") + (description "Leather is a Python charting library for those who need +charts now and don't care if they're perfect."))) -- cgit 1.4.1 From bf187d92e39e93e8e08719de8b08c57db530eed9 Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Thu, 13 Jun 2019 16:07:21 +0100 Subject: gnu: Add csvkit. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/wireservice.scm (csvkit): New variable. * gnu/packages/patches/csvkit-fix-tests.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/patches/csvkit-fix-tests.patch | 45 ++++++++++++++++++ gnu/packages/wireservice.scm | 73 +++++++++++++++++++++++++++++ 3 files changed, 119 insertions(+) create mode 100644 gnu/packages/patches/csvkit-fix-tests.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0f4c1ce5c8..734676f45a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -742,6 +742,7 @@ dist_patch_DATA = \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/crawl-upgrade-saves.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ + %D%/packages/patches/csvkit-fix-tests.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ diff --git a/gnu/packages/patches/csvkit-fix-tests.patch b/gnu/packages/patches/csvkit-fix-tests.patch new file mode 100644 index 0000000000..cb9ec39cb0 --- /dev/null +++ b/gnu/packages/patches/csvkit-fix-tests.patch @@ -0,0 +1,45 @@ +diff --git a/tests/test_utilities/test_csvsql.py b/tests/test_utilities/test_csvsql.py +index e6ec4af..4f47980 100644 +--- a/tests/test_utilities/test_csvsql.py ++++ b/tests/test_utilities/test_csvsql.py +@@ -197,7 +197,7 @@ class TestCSVSQL(CSVKitTestCase, EmptyFileTests): + utility.run() + output = output_file.getvalue() + output_file.close() +- self.assertEqual(output, 'a,b,c\n1,2,3\n0,5,6\n') ++ self.assertEqual(output, 'a,b,c\n1,2.0,3.0\n0,5.0,6.0\n') + + def test_no_prefix_unique_constraint(self): + self.get_output(['--db', 'sqlite:///' + self.db_file, '--insert', 'examples/dummy.csv', '--unique-constraint', 'a']) +diff --git a/tests/test_utilities/test_sql2csv.py b/tests/test_utilities/test_sql2csv.py +index a0c3d3e..babcfd6 100644 +--- a/tests/test_utilities/test_sql2csv.py ++++ b/tests/test_utilities/test_sql2csv.py +@@ -121,23 +121,23 @@ class TestSQL2CSV(CSVKitTestCase, EmptyFileTests): + input_file.close() + + def test_unicode(self): +- expected = self.csvsql('examples/test_utf8.csv') ++ self.csvsql('examples/test_utf8.csv') + csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--query', 'select * from foo']) +- self.assertEqual(csv.strip(), expected) ++ self.assertEqual(csv.strip(), 'foo,bar,baz\n1.0,2.0,3\n4.0,5.0,ʤ') + + def test_no_header_row(self): + self.csvsql('examples/dummy.csv') + csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--no-header-row', '--query', 'select * from foo']) + + self.assertTrue('a,b,c' not in csv) +- self.assertTrue('1,2,3' in csv) ++ self.assertTrue('1,2.0,3.0' in csv) + + def test_linenumbers(self): + self.csvsql('examples/dummy.csv') + csv = self.get_output(['--db', 'sqlite:///' + self.db_file, '--linenumbers', '--query', 'select * from foo']) + + self.assertTrue('line_number,a,b,c' in csv) +- self.assertTrue('1,1,2,3' in csv) ++ self.assertTrue('1,1,2.0,3.0' in csv) + + def test_wildcard_on_sqlite(self): + self.csvsql('examples/iris.csv') diff --git a/gnu/packages/wireservice.scm b/gnu/packages/wireservice.scm index 78c2a4264d..ab86f21f2f 100644 --- a/gnu/packages/wireservice.scm +++ b/gnu/packages/wireservice.scm @@ -19,6 +19,7 @@ (define-module (gnu packages wireservice) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix build-system python) + #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix packages) #:use-module (gnu packages) @@ -191,3 +192,75 @@ for dbf files support to all @code{agate.Table} instances."))) (synopsis "Add read support for Excel files (xls and xlsx) to agate") (description "@code{agateexcel} uses a monkey patching pattern to add read for xls and xlsx files support to all @code{agate.Table} instances."))) + +(define-public csvkit + (package + (name "csvkit") + (version "1.0.4") + (source (origin + (method url-fetch) + (uri (pypi-uri "csvkit" version)) + (sha256 + (base32 + "1830lb95rh1iyi3drlwxzb6y3pqkii0qiyzd40c1kvhvaf1s6lqk")) + (patches (search-patches "csvkit-fix-tests.patch")))) + (build-system python-build-system) + (native-inputs + `(("python-psycopg2" ,python-psycopg2) ;; Used to test PostgreSQL support. + ("python-sphinx" ,python-sphinx) + ("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme))) + (inputs + `(("python-agate-dbf" ,python-agate-dbf) + ("python-agate-excel" ,python-agate-excel) + ("python-agate-sql" ,python-agate-sql) + ("python-six" ,python-six))) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'install 'install-docs + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (man1 (string-append out "/share/man/man1"))) + (with-directory-excursion "docs" + (invoke "make" "man") + (copy-recursively "_build/man" man1)) + #t)))))) + (home-page "https://csvkit.rtfd.org") + (synopsis "Command-line tools for working with CSV") + (description "csvkit is a suite of command-line tools for converting to +and working with CSV. It provides the following commands: +@itemize +@item Input: + @itemize + @item @command{in2csv}: Convert various formats to CSV. + @item @command{sql2csv}: Execute SQL commands on a database and return the +data as CSV. + @end itemize +@item Processing: + @itemize + @item @command{csvclean}: Remove common syntax errors. + @item @command{csvcut}: Filter and truncate CSV files. + @item @command{csvgrep}: Filter tabular data to only those rows where +certain columns contain a given value or match a regular expression. + @item @command{csvjoin}: Merges two or more CSV tables together using a +method analogous to SQL JOIN operation. + @item @command{csvsort}: Sort CSV files. + @item @command{csvstack}: Stack up the rows from multiple CSV files, +optionally adding a grouping value to each row. + @end itemize +@item Output and analysis: + @itemize + @item @command{csvformat}: Convert a CSV file to a custom output format. + @item @command{csvjson}: Converts a CSV file into JSON or GeoJSON. + @item @command{csvlook}: Renders a CSV to the command line in a +Markdown-compatible, fixed-width format. + @item @command{csvpy}: Loads a CSV file into a @code{agate.csv.Reader} +object and then drops into a Python shell so the user can inspect the data +however they see fit. + @item @command{csvsql}: Generate SQL statements for a CSV file or execute +those statements directly on a database. + @item @command{csvstat}: Prints descriptive statistics for all columns in a +CSV file. + @end itemize +@end itemize") + (license license:expat))) -- cgit 1.4.1 From 069ab3bbfde704760acaca20dff8a29d167c6be5 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 9 Jul 2019 01:24:17 +0200 Subject: gnu: grub: Update to 2.04. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/bootloaders.scm (grub): Update to 2.04. [source]: Remove upstreamed patches. [arguments]: Don't require Python. Add a ‘disable-pixel-perfect-test’ phase to skip tests that fail with with our newer Unifont. * gnu/packages/patches/grub-efi-fat-serial-number.patch: Adjust context. * gnu/packages/patches/grub-binutils-compat.patch, gnu/packages/patches/grub-check-error-efibootmgr.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 2 - gnu/packages/bootloaders.scm | 23 ++- gnu/packages/patches/grub-binutils-compat.patch | 53 ------ .../patches/grub-check-error-efibootmgr.patch | 197 --------------------- .../patches/grub-efi-fat-serial-number.patch | 17 +- 5 files changed, 26 insertions(+), 266 deletions(-) delete mode 100644 gnu/packages/patches/grub-binutils-compat.patch delete mode 100644 gnu/packages/patches/grub-check-error-efibootmgr.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 734676f45a..7dcac4f2bc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -893,8 +893,6 @@ dist_patch_DATA = \ %D%/packages/patches/grep-timing-sensitive-test.patch \ %D%/packages/patches/groff-source-date-epoch.patch \ %D%/packages/patches/groovy-add-exceptionutilsgenerator.patch \ - %D%/packages/patches/grub-binutils-compat.patch \ - %D%/packages/patches/grub-check-error-efibootmgr.patch \ %D%/packages/patches/grub-efi-fat-serial-number.patch \ %D%/packages/patches/gsl-test-i686.patch \ %D%/packages/patches/gspell-dash-test.patch \ diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index 6e6e69ff3b..d6b936b64a 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -82,19 +82,22 @@ (define-public grub (package (name "grub") - (version "2.02") + (version "2.04") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/grub/grub-" version ".tar.xz")) (sha256 (base32 - "03vvdfhdmf16121v7xs8is2krwnv15wpkhkf16a4yf8nsfc3f2w1")) - (patches (search-patches "grub-check-error-efibootmgr.patch" - "grub-binutils-compat.patch" - "grub-efi-fat-serial-number.patch")))) + "0zgp5m3hmc9jh8wpjx6czzkh5id2y8n1k823x2mjvm2sk6b28ag5")) + (patches (search-patches "grub-efi-fat-serial-number.patch")))) (build-system gnu-build-system) (arguments - `(#:phases (modify-phases %standard-phases + `(#:configure-flags + ;; Counterintuitively, this *disables* a spurious Python dependency by + ;; calling the ‘true’ binary instead. Python is only needed during + ;; bootstrapping (for genptl.py), not when building from a release. + (list "PYTHON=true") + #:phases (modify-phases %standard-phases (add-after 'unpack 'patch-stuff (lambda* (#:key inputs #:allow-other-keys) (substitute* "grub-core/Makefile.in" @@ -127,6 +130,14 @@ (substitute* "Makefile.in" (("grub_cmd_date grub_cmd_set_date grub_cmd_sleep") "grub_cmd_date grub_cmd_sleep")) + #t)) + (add-before 'check 'disable-pixel-perfect-test + (lambda _ + ;; This test compares many screenshots rendered with an + ;; older Unifont (9.0.06) than that packaged in Guix. + (substitute* "Makefile.in" + (("test_unset grub_func_test") + "test_unset")) #t))) ;; Disable tests on ARM and AARCH64 platforms. #:tests? ,(not (any (cute string-prefix? <> (or (%current-target-system) diff --git a/gnu/packages/patches/grub-binutils-compat.patch b/gnu/packages/patches/grub-binutils-compat.patch deleted file mode 100644 index 2107869314..0000000000 --- a/gnu/packages/patches/grub-binutils-compat.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix a relocation issue that shows up with recent binutils. - -Patch taken from upstream: -https://git.sv.gnu.org/cgit/grub.git/commit/?id=842c390469e2c2e10b5aa36700324cd3bde25875 - -diff --git a/grub-core/efiemu/i386/loadcore64.c b/grub-core/efiemu/i386/loadcore64.c -index e49d0b6..18facf4 100644 ---- a/grub-core/efiemu/i386/loadcore64.c -+++ b/grub-core/efiemu/i386/loadcore64.c -@@ -98,6 +98,7 @@ grub_arch_efiemu_relocate_symbols64 (grub_efiemu_segment_t segs, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - err = grub_efiemu_write_value (addr, - *addr32 + rel->r_addend - + sym.off -diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c -index 4406906..3a73e6e 100644 ---- a/grub-core/kern/x86_64/dl.c -+++ b/grub-core/kern/x86_64/dl.c -@@ -70,6 +70,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - { - grub_int64_t value; - value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value - -diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index a2bb054..39d7efb 100644 ---- a/util/grub-mkimagexx.c -+++ b/util/grub-mkimagexx.c -@@ -841,6 +841,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - { - grub_uint32_t *t32 = (grub_uint32_t *) target; - *t32 = grub_host_to_target64 (grub_target_to_host32 (*t32) -diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c -index 9179285..a79271f 100644 ---- a/util/grub-module-verifier.c -+++ b/util/grub-module-verifier.c -@@ -19,6 +19,7 @@ struct grub_module_verifier_arch archs[] = { - -1 - }, (int[]){ - R_X86_64_PC32, -+ R_X86_64_PLT32, - -1 - } - }, diff --git a/gnu/packages/patches/grub-check-error-efibootmgr.patch b/gnu/packages/patches/grub-check-error-efibootmgr.patch deleted file mode 100644 index efeb20f213..0000000000 --- a/gnu/packages/patches/grub-check-error-efibootmgr.patch +++ /dev/null @@ -1,197 +0,0 @@ -Without this patch, GRUB may proceed to wipe all firmware boot entries -and report a successful installation, even if efibootmgr hit an error. - -Origin URL: -https://git.sv.gnu.org/cgit/grub.git/commit/?id=6400613ad0b463abc93362086a491cd2a5e99b0d - -From 6400613ad0b463abc93362086a491cd2a5e99b0d Mon Sep 17 00:00:00 2001 -From: Steve McIntyre -Date: Wed, 31 Jan 2018 21:49:36 +0000 -Subject: Make grub-install check for errors from efibootmgr - -Code is currently ignoring errors from efibootmgr, giving users -clearly bogus output like: - - Setting up grub-efi-amd64 (2.02~beta3-4) ... - Installing for x86_64-efi platform. - Could not delete variable: No space left on device - Could not prepare Boot variable: No space left on device - Installation finished. No error reported. - -and then potentially unbootable systems. If efibootmgr fails, grub-install -should know that and report it! - -We've been using similar patch in Debian now for some time, with no ill effects. - -diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index a3fcfca..ca448bc 100644 ---- a/grub-core/osdep/unix/platform.c -+++ b/grub-core/osdep/unix/platform.c -@@ -78,19 +78,20 @@ get_ofpathname (const char *dev) - dev); - } - --static void -+static int - grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) - { - int fd; - pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd); - char *line = NULL; - size_t len = 0; -+ int rc; - - if (!pid) - { - grub_util_warn (_("Unable to open stream from %s: %s"), - "efibootmgr", strerror (errno)); -- return; -+ return errno; - } - - FILE *fp = fdopen (fd, "r"); -@@ -98,7 +99,7 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) - { - grub_util_warn (_("Unable to open stream from %s: %s"), - "efibootmgr", strerror (errno)); -- return; -+ return errno; - } - - line = xmalloc (80); -@@ -119,23 +120,25 @@ grub_install_remove_efi_entries_by_distributor (const char *efi_distributor) - bootnum = line + sizeof ("Boot") - 1; - bootnum[4] = '\0'; - if (!verbosity) -- grub_util_exec ((const char * []){ "efibootmgr", "-q", -+ rc = grub_util_exec ((const char * []){ "efibootmgr", "-q", - "-b", bootnum, "-B", NULL }); - else -- grub_util_exec ((const char * []){ "efibootmgr", -+ rc = grub_util_exec ((const char * []){ "efibootmgr", - "-b", bootnum, "-B", NULL }); - } - - free (line); -+ return rc; - } - --void -+int - grub_install_register_efi (grub_device_t efidir_grub_dev, - const char *efifile_path, - const char *efi_distributor) - { - const char * efidir_disk; - int efidir_part; -+ int ret; - efidir_disk = grub_util_biosdisk_get_osdev (efidir_grub_dev->disk); - efidir_part = efidir_grub_dev->disk->partition ? efidir_grub_dev->disk->partition->number + 1 : 1; - -@@ -151,23 +154,26 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, - grub_util_exec ((const char * []){ "modprobe", "-q", "efivars", NULL }); - #endif - /* Delete old entries from the same distributor. */ -- grub_install_remove_efi_entries_by_distributor (efi_distributor); -+ ret = grub_install_remove_efi_entries_by_distributor (efi_distributor); -+ if (ret) -+ return ret; - - char *efidir_part_str = xasprintf ("%d", efidir_part); - - if (!verbosity) -- grub_util_exec ((const char * []){ "efibootmgr", "-q", -+ ret = grub_util_exec ((const char * []){ "efibootmgr", "-q", - "-c", "-d", efidir_disk, - "-p", efidir_part_str, "-w", - "-L", efi_distributor, "-l", - efifile_path, NULL }); - else -- grub_util_exec ((const char * []){ "efibootmgr", -+ ret = grub_util_exec ((const char * []){ "efibootmgr", - "-c", "-d", efidir_disk, - "-p", efidir_part_str, "-w", - "-L", efi_distributor, "-l", - efifile_path, NULL }); - free (efidir_part_str); -+ return ret; - } - - void -diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 5910b0c..0dba8b6 100644 ---- a/include/grub/util/install.h -+++ b/include/grub/util/install.h -@@ -210,7 +210,7 @@ grub_install_create_envblk_file (const char *name); - const char * - grub_install_get_default_x86_platform (void); - --void -+int - grub_install_register_efi (grub_device_t efidir_grub_dev, - const char *efifile_path, - const char *efi_distributor); -diff --git a/util/grub-install.c b/util/grub-install.c -index 5e4cdfd..690f180 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -1848,9 +1848,13 @@ main (int argc, char *argv[]) - if (!removable && update_nvram) - { - /* Try to make this image bootable using the EFI Boot Manager, if available. */ -- grub_install_register_efi (efidir_grub_dev, -- "\\System\\Library\\CoreServices", -- efi_distributor); -+ int ret; -+ ret = grub_install_register_efi (efidir_grub_dev, -+ "\\System\\Library\\CoreServices", -+ efi_distributor); -+ if (ret) -+ grub_util_error (_("efibootmgr failed to register the boot entry: %s"), -+ strerror (ret)); - } - - grub_device_close (ins_dev); -@@ -1871,6 +1875,7 @@ main (int argc, char *argv[]) - { - char * efifile_path; - char * part; -+ int ret; - - /* Try to make this image bootable using the EFI Boot Manager, if available. */ - if (!efi_distributor || efi_distributor[0] == '\0') -@@ -1887,7 +1892,10 @@ main (int argc, char *argv[]) - efidir_grub_dev->disk->name, - (part ? ",": ""), (part ? : "")); - grub_free (part); -- grub_install_register_efi (efidir_grub_dev, -- efifile_path, efi_distributor); -+ ret = grub_install_register_efi (efidir_grub_dev, -+ efifile_path, efi_distributor); -+ if (ret) -+ grub_util_error (_("efibootmgr failed to register the boot entry: %s"), -+ strerror (ret)); - } - break; - - -Below is a followup to the patch above: the uninitialized variable could lead -‘grub-install’ to error out when it shouldn’t (seen on an AArch64 box where -‘grub_install_remove_efi_entries_by_distributor’ didn't have any entry to -remove): - - grub-install: error: efibootmgr failed to register the boot entry: Unknown error 65535. - -See . - ---- grub-2.02/grub-core/osdep/unix/platform.c 2018-10-17 22:21:53.015284846 +0200 -+++ grub-2.02/grub-core/osdep/unix/platform.c 2018-10-17 22:21:55.595271222 +0200 -@@ -85,7 +85,7 @@ grub_install_remove_efi_entries_by_distr - pid_t pid = grub_util_exec_pipe ((const char * []){ "efibootmgr", NULL }, &fd); - char *line = NULL; - size_t len = 0; -- int rc; -+ int rc = 0; - - if (!pid) - { diff --git a/gnu/packages/patches/grub-efi-fat-serial-number.patch b/gnu/packages/patches/grub-efi-fat-serial-number.patch index ad92f9bc9e..aec37d68e2 100644 --- a/gnu/packages/patches/grub-efi-fat-serial-number.patch +++ b/gnu/packages/patches/grub-efi-fat-serial-number.patch @@ -4,22 +4,23 @@ serial number (instead of the randomly chosen one) to create EFI images (the 'efi.img' file) that are reproducible bit-for-bit. Patch by Ludovic Courtès . +Mangled (for GRUB 2.04) by Tobias Geerinckx-Rice . ---- grub-2.02/util/grub-mkrescue.c 2019-04-20 19:15:26.180242812 +0200 -+++ grub-2.02/util/grub-mkrescue.c 2019-04-20 21:56:34.672370849 +0200 -@@ -788,8 +788,15 @@ main (int argc, char *argv[]) +--- grub-2.04/util/grub-mkrescue.c 2019-05-20 13:01:11.000000000 +0200 ++++ grub-2.04/util/grub-mkrescue.c 2019-07-08 23:57:36.912104652 +0200 +@@ -809,8 +809,15 @@ + free (efidir_efi_boot); efiimgfat = grub_util_path_concat (2, iso9660_dir, "efi.img"); - int rv; - rv = grub_util_exec ((const char * []) { "mformat", "-C", "-f", "2880", "-L", "16", "-i", - efiimgfat, "::", NULL }); + + const char *fat_serial_number = getenv ("GRUB_FAT_SERIAL_NUMBER"); + const char *mformat_args[] = -+ { "mformat", "-C", "-f", "2880", "-L", "16", -+ fat_serial_number != NULL ? "-N" : "-C", -+ fat_serial_number != NULL ? fat_serial_number : "-C", -+ "-i", efiimgfat, "::", NULL }; ++ { "mformat", "-C", "-f", "2880", "-L", "16", ++ fat_serial_number != NULL ? "-N" : "-C", ++ fat_serial_number != NULL ? fat_serial_number : "-C", ++ "-i", efiimgfat, "::", NULL }; + + rv = grub_util_exec (mformat_args); if (rv != 0) -- cgit 1.4.1 From 05f386f103bbd0145ac2fcf8b920bb27f1b518a4 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 10 Jul 2019 11:58:47 +0300 Subject: gnu: plib: Fix CVE-2011-4620, CVE-2012-4552. * gnu/packages/game-development.scm (plib)[patches]: Add patches. * gnu/packages/patches/plib-CVE-2011-4620.patch, gnu/packages/patches/plib-CVE-2012-4552.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/local.mk | 2 + gnu/packages/game-development.scm | 4 +- gnu/packages/patches/plib-CVE-2011-4620.patch | 13 ++++++ gnu/packages/patches/plib-CVE-2012-4552.patch | 57 +++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/plib-CVE-2011-4620.patch create mode 100644 gnu/packages/patches/plib-CVE-2012-4552.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 7dcac4f2bc..01c3ce011f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1182,6 +1182,8 @@ dist_patch_DATA = \ %D%/packages/patches/pixman-CVE-2016-5296.patch \ %D%/packages/patches/plink-1.07-unclobber-i.patch \ %D%/packages/patches/plink-endian-detection.patch \ + %D%/packages/patches/plib-CVE-2011-4620.patch \ + %D%/packages/patches/plib-CVE-2012-4552.patch \ %D%/packages/patches/plotutils-libpng-jmpbuf.patch \ %D%/packages/patches/podofo-cmake-3.12.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm index 05a68b717a..7eac935a69 100644 --- a/gnu/packages/game-development.scm +++ b/gnu/packages/game-development.scm @@ -1434,7 +1434,9 @@ joystick support."))) "plib-" version ".tar.gz")) (sha256 (base32 - "0cha71mflpa10vh2l7ipyqk67dq2y0k5xbafwdks03fwdyzj4ns8")))) + "0cha71mflpa10vh2l7ipyqk67dq2y0k5xbafwdks03fwdyzj4ns8")) + (patches (search-patches "plib-CVE-2011-4620.patch" + "plib-CVE-2012-4552.patch")))) (build-system gnu-build-system) (inputs `(("mesa" ,mesa) diff --git a/gnu/packages/patches/plib-CVE-2011-4620.patch b/gnu/packages/patches/plib-CVE-2011-4620.patch new file mode 100644 index 0000000000..c5a03bd0ca --- /dev/null +++ b/gnu/packages/patches/plib-CVE-2011-4620.patch @@ -0,0 +1,13 @@ +https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/04_CVE-2011-4620.diff + +--- a/src/util/ulError.cxx ++++ b/src/util/ulError.cxx +@@ -39,7 +39,7 @@ + { + va_list argp; + va_start ( argp, fmt ) ; +- vsprintf ( _ulErrorBuffer, fmt, argp ) ; ++ vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ; + va_end ( argp ) ; + + if ( _ulErrorCB ) diff --git a/gnu/packages/patches/plib-CVE-2012-4552.patch b/gnu/packages/patches/plib-CVE-2012-4552.patch new file mode 100644 index 0000000000..7b697855d6 --- /dev/null +++ b/gnu/packages/patches/plib-CVE-2012-4552.patch @@ -0,0 +1,57 @@ +https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/05_CVE-2012-4552.diff + +diff -up plib-1.8.5/src/ssg/ssgParser.cxx~ plib-1.8.5/src/ssg/ssgParser.cxx +--- plib-1.8.5/src/ssg/ssgParser.cxx~ 2008-03-11 03:06:23.000000000 +0100 ++++ plib-1.8.5/src/ssg/ssgParser.cxx 2012-11-01 15:33:12.424483374 +0100 +@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form + char msgbuff[ 255 ]; + va_list argp; + +- char* msgptr = msgbuff; +- if (linenum) +- { +- msgptr += sprintf ( msgptr,"%s, line %d: ", +- path, linenum ); +- } +- + va_start( argp, format ); +- vsprintf( msgptr, format, argp ); ++ vsnprintf( msgbuff, sizeof(msgbuff), format, argp ); + va_end( argp ); + +- ulSetError ( UL_WARNING, "%s", msgbuff ) ; ++ if (linenum) ++ { ++ ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ; ++ } else { ++ ulSetError ( UL_WARNING, "%s", msgbuff ) ; ++ } + } + + +@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo + char msgbuff[ 255 ]; + va_list argp; + +- char* msgptr = msgbuff; +- if (linenum) +- { +- msgptr += sprintf ( msgptr,"%s, line %d: ", +- path, linenum ); +- } +- + va_start( argp, format ); +- vsprintf( msgptr, format, argp ); ++ vsnprintf( msgbuff, sizeof(msgbuff), format, argp ); + va_end( argp ); + +- ulSetError ( UL_DEBUG, "%s", msgbuff ) ; ++ if (linenum) ++ { ++ ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ; ++ } else { ++ ulSetError ( UL_DEBUG, "%s", msgbuff ) ; ++ } + } + + // Opens the file and does a few internal calculations based on the spec. -- cgit 1.4.1 From 841bddb4b45fd6e47a8991f74380ba20dacbe1be Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 10 Jul 2019 12:45:08 +0300 Subject: gnu: a2ps: Fix CVE-2015-8107. * gnu/packages/pretty-print.scm (a2ps)[source]: Add patch. * gnu/packages/patches/a2ps-CVE-2015-8107.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/patches/a2ps-CVE-2015-8107.patch | 80 +++++++++++++++++++++++++++ gnu/packages/pretty-print.scm | 5 +- 3 files changed, 84 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/a2ps-CVE-2015-8107.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 01c3ce011f..2821cdcca9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -660,6 +660,7 @@ dist_patch_DATA = \ %D%/packages/patches/4store-unset-preprocessor-directive.patch \ %D%/packages/patches/a2ps-CVE-2001-1593.patch \ %D%/packages/patches/a2ps-CVE-2014-0466.patch \ + %D%/packages/patches/a2ps-CVE-2015-8107.patch \ %D%/packages/patches/abiword-explictly-cast-bools.patch \ %D%/packages/patches/abiword-black-drawing-with-gtk322.patch \ %D%/packages/patches/acl-fix-perl-regex.patch \ diff --git a/gnu/packages/patches/a2ps-CVE-2015-8107.patch b/gnu/packages/patches/a2ps-CVE-2015-8107.patch new file mode 100644 index 0000000000..5ea35d45da --- /dev/null +++ b/gnu/packages/patches/a2ps-CVE-2015-8107.patch @@ -0,0 +1,80 @@ +https://sources.debian.org/data/main/a/a2ps/1:4.14-2/debian/patches/fix-format-security.diff + +Index: b/lib/psgen.c +=================================================================== +--- a/lib/psgen.c ++++ b/lib/psgen.c +@@ -232,7 +232,7 @@ + default: + *buf = '\0'; + ps_escape_char (job, cp[i], buf); +- output (jdiv, (char *) buf); ++ output (jdiv, "%s", (char *) buf); + break; + } + } +Index: b/lib/output.c +=================================================================== +--- a/lib/output.c ++++ b/lib/output.c +@@ -525,7 +525,7 @@ + expand_user_string (job, FIRST_FILE (job), + (const uchar *) "Expand: requirement", + (const uchar *) token)); +- output (dest, expansion); ++ output (dest, "%s", expansion); + continue; + } + +Index: b/lib/parseppd.y +=================================================================== +--- a/lib/parseppd.y ++++ b/lib/parseppd.y +@@ -154,7 +154,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, ppdfilename, ppdlineno, msg); ++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg); + } + + /* +Index: b/src/parsessh.y +=================================================================== +--- a/src/parsessh.y ++++ b/src/parsessh.y +@@ -740,7 +740,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, sshfilename, sshlineno, msg); ++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg); + } + + /* +Index: b/lib/parseppd.c +=================================================================== +--- a/lib/parseppd.c ++++ b/lib/parseppd.c +@@ -1707,7 +1707,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, ppdfilename, ppdlineno, msg); ++ error_at_line (1, 0, ppdfilename, ppdlineno, "%s", msg); + } + + /* +Index: b/src/parsessh.c +=================================================================== +--- a/src/parsessh.c ++++ b/src/parsessh.c +@@ -2639,7 +2639,7 @@ + void + yyerror (const char *msg) + { +- error_at_line (1, 0, sshfilename, sshlineno, msg); ++ error_at_line (1, 0, sshfilename, sshlineno, "%s", msg); + } + + /* diff --git a/gnu/packages/pretty-print.scm b/gnu/packages/pretty-print.scm index 405ad08ba4..7a5b98c698 100644 --- a/gnu/packages/pretty-print.scm +++ b/gnu/packages/pretty-print.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2016, 2019 Efraim Flashner ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2017 Marius Bakke ;;; Copyright © 2017 Ludovic Courtès @@ -63,7 +63,8 @@ #t)) (patches (search-patches "a2ps-CVE-2001-1593.patch" - "a2ps-CVE-2014-0466.patch")))) + "a2ps-CVE-2014-0466.patch" + "a2ps-CVE-2015-8107.patch")))) (build-system gnu-build-system) (inputs `(("psutils" ,psutils) -- cgit 1.4.1 From 5a4e5c26cc3fb24e0e7f6a2d95f03396f3d0b014 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 10 Jul 2019 14:27:51 +0300 Subject: gnu: libexif: Fix CVE-2018-20030. * gnu/packages/photo.scm (libexif)[source]: Add patch. * gnu/packages/patches/libexif-CVE-2018-20030.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/patches/libexif-CVE-2018-20030.patch | 120 ++++++++++++++++++++++ gnu/packages/photo.scm | 5 +- 3 files changed, 124 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/libexif-CVE-2018-20030.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2821cdcca9..66f904291b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1006,6 +1006,7 @@ dist_patch_DATA = \ %D%/packages/patches/libdrm-symbol-check.patch \ %D%/packages/patches/libexif-CVE-2016-6328.patch \ %D%/packages/patches/libexif-CVE-2017-7544.patch \ + %D%/packages/patches/libexif-CVE-2018-20030.patch \ %D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch \ %D%/packages/patches/libgit2-avoid-python.patch \ %D%/packages/patches/libgit2-mtime-0.patch \ diff --git a/gnu/packages/patches/libexif-CVE-2018-20030.patch b/gnu/packages/patches/libexif-CVE-2018-20030.patch new file mode 100644 index 0000000000..57e4746b58 --- /dev/null +++ b/gnu/packages/patches/libexif-CVE-2018-20030.patch @@ -0,0 +1,120 @@ +https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89.patch + +NEWS section was removed +'12' -> '30' on line 79 + +From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001 +From: Dan Fandrich +Date: Fri, 12 Oct 2018 16:01:45 +0200 +Subject: [PATCH] Improve deep recursion detection in + exif_data_load_data_content. + +The existing detection was still vulnerable to pathological cases +causing DoS by wasting CPU. The new algorithm takes the number of tags +into account to make it harder to abuse by cases using shallow recursion +but with a very large number of tags. This improves on commit 5d28011c +which wasn't sufficient to counter this kind of case. + +The limitation in the previous fix was discovered by Laurent Delosieres, +Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned +the identifier CVE-2018-20030. +--- + NEWS | 1 + + libexif/exif-data.c | 45 +++++++++++++++++++++++++++++++++++++-------- + 2 files changed, 38 insertions(+), 8 deletions(-) + +diff --git a/libexif/exif-data.c b/libexif/exif-data.c +index e35403d..a6f9c94 100644 +--- a/libexif/exif-data.c ++++ b/libexif/exif-data.c +@@ -35,6 +35,7 @@ + #include + #include + ++#include + #include + #include + #include +@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) { \ + break; \ + } + ++/*! Calculate the recursion cost added by one level of IFD loading. ++ * ++ * The work performed is related to the cost in the exponential relation ++ * work=1.1**cost ++ */ ++static unsigned int ++level_cost(unsigned int n) ++{ ++ static const double log_1_1 = 0.09531017980432493; ++ ++ /* Adding 0.1 protects against the case where n==1 */ ++ return ceil(log(n + 0.1)/log_1_1); ++} ++ + /*! Load data for an IFD. + * + * \param[in,out] data #ExifData +@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) { \ + * \param[in] d pointer to buffer containing raw IFD data + * \param[in] ds size of raw data in buffer at \c d + * \param[in] offset offset into buffer at \c d at which IFD starts +- * \param[in] recursion_depth number of times this function has been +- * recursively called without returning ++ * \param[in] recursion_cost factor indicating how expensive this recursive ++ * call could be + */ + static void + exif_data_load_data_content (ExifData *data, ExifIfd ifd, + const unsigned char *d, +- unsigned int ds, unsigned int offset, unsigned int recursion_depth) ++ unsigned int ds, unsigned int offset, unsigned int recursion_cost) + { + ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; + ExifShort n; +@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT)) + return; + +- if (recursion_depth > 30) { ++ if (recursion_cost > 170) { ++ /* ++ * recursion_cost is a logarithmic-scale indicator of how expensive this ++ * recursive call might end up being. It is an indicator of the depth of ++ * recursion as well as the potential for worst-case future recursive ++ * calls. Since it's difficult to tell ahead of time how often recursion ++ * will occur, this assumes the worst by assuming every tag could end up ++ * causing recursion. ++ * The value of 170 was chosen to limit typical EXIF structures to a ++ * recursive depth of about 6, but pathological ones (those with very ++ * many tags) to only 2. ++ */ + exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", +- "Deep recursion detected!"); ++ "Deep/expensive recursion detected!"); + return; + } + +@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + switch (tag) { + case EXIF_TAG_EXIF_IFD_POINTER: + CHECK_REC (EXIF_IFD_EXIF); +- exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_GPS_INFO_IFD_POINTER: + CHECK_REC (EXIF_IFD_GPS); +- exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: + CHECK_REC (EXIF_IFD_INTEROPERABILITY); +- exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: + thumbnail_offset = o; diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm index cf7da80642..cbfc2debd8 100644 --- a/gnu/packages/photo.scm +++ b/gnu/packages/photo.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2014, 2015, 2017, 2019 Ludovic Courtès ;;; Copyright © 2015 Ricardo Wurmus ;;; Copyright © 2015, 2017 Andreas Enge -;;; Copyright © 2016, 2017, 2018 Efraim Flashner +;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner ;;; Copyright © 2017 Roel Janssen ;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2018 Leo Famulari @@ -117,7 +117,8 @@ cameras (CRW/CR2, NEF, RAF, DNG, and others).") (uri (string-append "mirror://sourceforge/libexif/libexif/" version "/libexif-" version ".tar.bz2")) (patches (search-patches "libexif-CVE-2016-6328.patch" - "libexif-CVE-2017-7544.patch")) + "libexif-CVE-2017-7544.patch" + "libexif-CVE-2018-20030.patch")) (sha256 (base32 "06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n")))) -- cgit 1.4.1 From bba3c489701693c59315efed001b37d6fa014a6c Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 10 Jul 2019 14:53:04 +0300 Subject: gnu: cvs: Rename patch file. * gnu/packages/version-control.scm (cvs)[source]: Rename patch. * gnu/packages/patches/cvs-2017-12836.patch: Rename to ... * gnu/packages/patches/cvs-CVE-2018-12836.patch: ... this. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 2 +- gnu/packages/patches/cvs-2017-12836.patch | 45 --------------------------- gnu/packages/patches/cvs-CVE-2017-12836.patch | 45 +++++++++++++++++++++++++++ gnu/packages/version-control.scm | 2 +- 4 files changed, 47 insertions(+), 47 deletions(-) delete mode 100644 gnu/packages/patches/cvs-2017-12836.patch create mode 100644 gnu/packages/patches/cvs-CVE-2017-12836.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 66f904291b..9a70d73759 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -747,7 +747,7 @@ dist_patch_DATA = \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ - %D%/packages/patches/cvs-2017-12836.patch \ + %D%/packages/patches/cvs-CVE-2017-12836.patch \ %D%/packages/patches/dbus-helper-search-path.patch \ %D%/packages/patches/dbus-CVE-2019-12749.patch \ %D%/packages/patches/dealii-mpi-deprecations.patch \ diff --git a/gnu/packages/patches/cvs-2017-12836.patch b/gnu/packages/patches/cvs-2017-12836.patch deleted file mode 100644 index 507ab0f7d0..0000000000 --- a/gnu/packages/patches/cvs-2017-12836.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2017-12836: - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836 -https://security-tracker.debian.org/tracker/CVE-2017-12836 - -Patch adpated from Debian (comments and changelog annotations removed): - -https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094 - -From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001 -From: mirabilos -Date: Sat, 12 Aug 2017 03:17:18 +0200 -Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch - ---- - debian/changelog | 6 ++++++ - src/rsh-client.c | 10 ++++++++-- - 2 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/src/rsh-client.c b/src/rsh-client.c -index fe0cfc4..1fc860d 100644 ---- a/src/rsh-client.c -+++ b/src/rsh-client.c -@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, - rsh_argv[i++] = argvport; - } - -+ /* Only non-option arguments from here. (CVE-2017-12836) */ -+ rsh_argv[i++] = "--"; -+ - rsh_argv[i++] = root->hostname; - rsh_argv[i++] = cvs_server; - if (readonlyfs) -@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, - *p++ = argvport; - } - -+ *p++ = "--"; -+ - *p++ = root->hostname; - *p++ = command; - *p++ = NULL; --- -cgit v0.12 - diff --git a/gnu/packages/patches/cvs-CVE-2017-12836.patch b/gnu/packages/patches/cvs-CVE-2017-12836.patch new file mode 100644 index 0000000000..507ab0f7d0 --- /dev/null +++ b/gnu/packages/patches/cvs-CVE-2017-12836.patch @@ -0,0 +1,45 @@ +Fix CVE-2017-12836: + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836 +https://security-tracker.debian.org/tracker/CVE-2017-12836 + +Patch adpated from Debian (comments and changelog annotations removed): + +https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094 + +From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001 +From: mirabilos +Date: Sat, 12 Aug 2017 03:17:18 +0200 +Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch + +--- + debian/changelog | 6 ++++++ + src/rsh-client.c | 10 ++++++++-- + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/src/rsh-client.c b/src/rsh-client.c +index fe0cfc4..1fc860d 100644 +--- a/src/rsh-client.c ++++ b/src/rsh-client.c +@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, + rsh_argv[i++] = argvport; + } + ++ /* Only non-option arguments from here. (CVE-2017-12836) */ ++ rsh_argv[i++] = "--"; ++ + rsh_argv[i++] = root->hostname; + rsh_argv[i++] = cvs_server; + if (readonlyfs) +@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p, + *p++ = argvport; + } + ++ *p++ = "--"; ++ + *p++ = root->hostname; + *p++ = command; + *p++ = NULL; +-- +cgit v0.12 + diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 8effe1d502..b1fd0195ce 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -1409,7 +1409,7 @@ machine.") (uri (string-append "https://ftp.gnu.org/non-gnu/cvs/source/feature/" version "/cvs-" version ".tar.bz2")) - (patches (search-patches "cvs-2017-12836.patch")) + (patches (search-patches "cvs-CVE-2017-12836.patch")) (sha256 (base32 "0pjir8cwn0087mxszzbsi1gyfc6373vif96cw4q3m1x6p49kd1bq")))) -- cgit 1.4.1 From c894b80324d82f2f807578efa1de792ed1331eb3 Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Sat, 6 Jul 2019 20:49:40 +0100 Subject: gnu: sbcl-clx: Update to 0.7.5. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/lisp.scm (sbcl-clx): Update to 0.7.5. [origin]: Drop "clx-remove-demo.patch" and the snippet that removes demo code. * gnu/packages/patches/clx-remove-demo.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 - gnu/packages/lisp.scm | 56 ++++++++++++------------------ gnu/packages/patches/clx-remove-demo.patch | 27 -------------- 3 files changed, 22 insertions(+), 62 deletions(-) delete mode 100644 gnu/packages/patches/clx-remove-demo.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9a70d73759..ae5477c428 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -735,7 +735,6 @@ dist_patch_DATA = \ %D%/packages/patches/clementine-use-openssl.patch \ %D%/packages/patches/clisp-remove-failing-test.patch \ %D%/packages/patches/clucene-pkgconfig.patch \ - %D%/packages/patches/clx-remove-demo.patch \ %D%/packages/patches/coda-use-system-libs.patch \ %D%/packages/patches/combinatorial-blas-awpm.patch \ %D%/packages/patches/combinatorial-blas-io-fix.patch \ diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm index 3aa2429595..884d00d935 100644 --- a/gnu/packages/lisp.scm +++ b/gnu/packages/lisp.scm @@ -11,7 +11,7 @@ ;;; Copyright © 2018 Benjamin Slade ;;; Copyright © 2018 Alex Vong ;;; Copyright © 2018 Pierre Neidhardt -;;; Copyright © 2018 Pierre Langlois +;;; Copyright © 2018, 2019 Pierre Langlois ;;; Copyright © 2019 Katherine Cox-Buday ;;; Copyright © 2019 Jesse Gildersleve ;;; Copyright © 2019 Guillaume Le Vaillant @@ -930,42 +930,30 @@ ANSI-compliant Common Lisp implementations.") (sbcl-package->cl-source-package sbcl-cl-unicode)) (define-public sbcl-clx - (let ((revision "1") - (commit "1c62774b03c1cf3fe6e5cb532df8b14b44c96b95")) - (package - (name "sbcl-clx") - (version (string-append "0.0.0-" revision "." (string-take commit 7))) - (source - (origin - (method git-fetch) - (uri - (git-reference - (url "https://github.com/sharplispers/clx.git") - (commit commit))) - (sha256 - (base32 "0qffag03ns52kwq9xjns2qg1yr0bf3ba507iwq5cmx5xz0b0rmjm")) - (file-name (string-append "clx-" version "-checkout")) - (patches - (list - (search-patch "clx-remove-demo.patch"))) - (modules '((guix build utils))) - (snippet - '(begin - ;; These removed files cause the compiled system to crash when - ;; loading. - (delete-file-recursively "demo") - (delete-file "test/trapezoid.lisp") - (substitute* "clx.asd" - (("\\(:file \"trapezoid\"\\)") "")) - #t)))) - (build-system asdf-build-system/sbcl) - (home-page "http://www.cliki.net/portable-clx") - (synopsis "X11 client library for Common Lisp") - (description "CLX is an X11 client library for Common Lisp. The code was + (package + (name "sbcl-clx") + (version "0.7.5") + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "https://github.com/sharplispers/clx.git") + (commit version))) + (sha256 + (base32 + "1vi67z9hpj5rr4xcmfbfwzmlcc0ah7hzhrmfid6lqdkva238v2wf")) + (file-name (string-append "clx-" version)))) + (build-system asdf-build-system/sbcl) + (native-inputs + `(("fiasco" ,sbcl-fiasco))) + (home-page "http://www.cliki.net/portable-clx") + (synopsis "X11 client library for Common Lisp") + (description "CLX is an X11 client library for Common Lisp. The code was originally taken from a CMUCL distribution, was modified somewhat in order to make it compile and run under SBCL, then a selection of patches were added from other CLXes around the net.") - (license license:x11)))) + (license license:x11))) (define-public cl-clx (sbcl-package->cl-source-package sbcl-clx)) diff --git a/gnu/packages/patches/clx-remove-demo.patch b/gnu/packages/patches/clx-remove-demo.patch deleted file mode 100644 index c5fffea0d0..0000000000 --- a/gnu/packages/patches/clx-remove-demo.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- a/clx.asd 2016-02-16 00:06:48.161596976 -0500 -+++ b/clx.asd 2016-02-16 00:06:54.793774658 -0500 -@@ -79,24 +79,6 @@ - (:file "xtest") - (:file "screensaver") - (:file "xinerama"))) -- (:module demo -- :default-component-class example-source-file -- :components -- ((:file "bezier") -- ;; KLUDGE: this requires "bezier" for proper operation, -- ;; but we don't declare that dependency here, because -- ;; asdf doesn't load example files anyway. -- (:file "beziertest") -- (:file "clclock") -- (:file "clipboard") -- (:file "clx-demos") -- (:file "gl-test") -- ;; FIXME: compiling this generates 30-odd spurious code -- ;; deletion notes. Find out why, and either fix or -- ;; workaround the problem. -- (:file "mandel") -- (:file "menu") -- (:file "zoid"))) - (:module test - :default-component-class example-source-file - :components -- cgit 1.4.1 From 5a836ce38c9c29e9c2bd306007347486b90c5064 Mon Sep 17 00:00:00 2001 From: Jack Hill Date: Wed, 10 Jul 2019 16:23:03 -0400 Subject: gnu: expat: fix CVE-2018-20843 * gnu/packages/xml.scm (expat)[replacement]: New field. (expat/fixed): New variable. * gnu/packages/patches/expat-CVE-2018-20843.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch file. Signed-off-by: Marius Bakke --- gnu/local.mk | 1 + gnu/packages/patches/expat-CVE-2018-20843.patch | 21 +++++++++++++++++++++ gnu/packages/xml.scm | 9 +++++++++ 3 files changed, 31 insertions(+) create mode 100644 gnu/packages/patches/expat-CVE-2018-20843.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index ae5477c428..67d9eb703a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -784,6 +784,7 @@ dist_patch_DATA = \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ %D%/packages/patches/exiv2-CVE-2017-14860.patch \ %D%/packages/patches/exiv2-CVE-2017-14859-14862-14864.patch \ + %D%/packages/patches/expat-CVE-2018-20843.patch \ %D%/packages/patches/extundelete-e2fsprogs-1.44.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulSetup.patch \ diff --git a/gnu/packages/patches/expat-CVE-2018-20843.patch b/gnu/packages/patches/expat-CVE-2018-20843.patch new file mode 100644 index 0000000000..216fbe9667 --- /dev/null +++ b/gnu/packages/patches/expat-CVE-2018-20843.patch @@ -0,0 +1,21 @@ +Fix extraction of namespace prefix from XML name. +Fixes CVE-2018-20843 + +This patch comes from upstream commit 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 +https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 + +CVE is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843 + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index 30d55c5..737d7cd 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType) + else + poolDiscard(&dtd->pool); + elementType->prefix = prefix; +- ++ break; + } + } + return 1; diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index e3260be103..0cd9319c95 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -66,6 +66,7 @@ (define-public expat (package (name "expat") + (replacement expat/fixed) (version "2.2.6") (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) (origin @@ -88,6 +89,14 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat))) +(define expat/fixed + (package + (inherit expat) + (source + (origin + (inherit (package-source expat)) + (patches (search-patches "expat-CVE-2018-20843.patch")))))) + (define-public libebml (package (name "libebml") -- cgit 1.4.1