diff --git a/Makefile.am b/Makefile.am index 8bae85e144..d18e330797 100644 --- a/Makefile.am +++ b/Makefile.am @@ -102,7 +102,6 @@ MODULES = \ guix/build/rpath.scm \ guix/build/cvs.scm \ guix/build/svn.scm \ - guix/build/syscalls.scm \ guix/build/gremlin.scm \ guix/build/emacs-utils.scm \ guix/build/graft.scm \ @@ -159,6 +158,13 @@ MODULES += \ endif +if BUILD_SYSCALLS_MODULE + +MODULES += \ + guix/build/syscalls.scm + +endif + if BUILD_DAEMON_OFFLOAD MODULES += \ @@ -379,6 +385,13 @@ EXTRA_DIST += \ endif !BUILD_DAEMON_OFFLOAD +if !BUILD_SYSCALLS_MODULE + +EXTRA_DIST += \ + guix/build/syscalls.scm + +endif !BUILD_SYSCALLS_MODULE + CLEANFILES = \ $(GOBJECTS) \ @@ -389,13 +402,11 @@ CLEANFILES = \ # there that are newer than the local .scm files (for instance because the # user ran 'make install' recently). When that happens, we end up loading # those previously-installed .go files, which may be stale, thereby breaking -# the whole thing. Likewise, set 'XDG_CACHE_HOME' to avoid loading possibly -# stale files from ~/.cache/guile/ccache. +# the whole thing. %.go: make-go ; @: make-go: $(MODULES) guix/config.scm guix/tests.scm $(AM_V_at)echo "Compiling Scheme modules..." ; \ unset GUILE_LOAD_COMPILED_PATH ; \ - XDG_CACHE_HOME=/nowhere \ host=$(host) srcdir="$(top_srcdir)" \ $(top_builddir)/pre-inst-env \ $(GUILE) -L "$(top_builddir)" -L "$(top_srcdir)" \ diff --git a/NEWS b/NEWS index 3f5efef2e7..267c197c4a 100644 --- a/NEWS +++ b/NEWS @@ -14,94 +14,8 @@ Please send Guix bug reports to bug-guix@gnu.org. ** Package management -*** Substitute display adjusts to client locale and terminal width -*** New ‘--free-space’ option for ‘guix gc’ -*** ‘guix gc’ shows the amount of disk space freed -*** Source code downloads fall back to content-addressed mirrors -*** ‘guix graph’ can now be passed a store file name -*** Building the profile is faster, noticeably so on slow file systems -*** Profiles now include XDG desktop and MIME databases -*** ‘guix size’ can be passed more than one package -*** ‘--check’ and ‘--rounds’ save the differing build output upon failure *** New Emacs interface for package locations: M-x guix-locations -See “Package Source Locations” in the manual. -*** Emacs modes show the full profile name in buffer names -*** Emacs “Package Info” buffer now have a “Build Log” button -*** ‘guix environment’ sets $GUIX_ENVIRONMENT to the environment’s profile -*** New ‘--ttl’ option for ‘guix publish’ -*** New ‘--compression’ option for ‘guix publish’ -*** ‘guix publish’ serves source files over content-address “/file” URLs -*** New ‘hackage’ updater for ‘guix refresh’ -*** ‘guix lint -c cve’ uses a faster caching method -*** ‘guix lint -c cve’ now reports up to 3-year-old vulnerabilities -*** ‘guix lint -c source,home-page’ reports suspiciously small HTTP replies -*** ‘guix lint -c inputs-should-be-native’ makes more suggestions - -** Distribution - -*** New services - -urandom-seed-service, dicod-service, gc-root-service-type, mcron-service, -rngd-service, dropbear-service, pam-limits-service (See “Services” in the -manual for details.) - -*** ‘mapped-device’ can refer to partitions using a LUKS UUID -*** New ‘raid-device-type’, for RAID devices using mdadm -*** ‘console-keymap-service’ can be given several file names -*** Java package names are now prefixed with “java-” -*** New modular Qt packages, to replace the monolithic ‘qt’ package -*** The ‘gnupg’ 2.0/2.1 packages provide the ‘gpg’ command instead of ‘gpg2’ -*** More packages are bit-reproducible: vlc, libxslt, nasm -*** XXX new packages -*** XXX package updates - -** Programming interfaces - -*** New ‘with-imported-modules’ form provided by (guix gexp) - -It supersedes the #:modules parameter of ‘gexp->derivation’, ‘compute-file’, -‘gexp->script’, ‘program-file’, etc, as well as the ‘imported-modules’ fields -of and . See “G-Expressions” in the manual. - -*** New (gnu tests) and (gnu build marionette) modules for system tests - -See for background. - -*** New (guix zlib) module -*** New (guix hg-download) module, for Mercurial checkouts -*** (guix download) supports HTTP basic authentication -*** (guix svn-download) supports authentication -*** The ‘source’ of packages can be a ‘local-file’ or any lowerable object -*** Part of (guix utils) moved to the new (guix combinators) -*** GNU updater honors the ‘ftp-server’ and ‘ftp-directory’ package properties -*** CVE linter honors the ‘cpe-name’ and ‘cpe-version’ package properties -*** ‘add-to-store’ and ‘local-file’ have a new #:select? parameter - -** Noteworthy bug fixes - -*** Perl no longer references GCC () -*** Grafting now fails upon I/O errors () -*** GuixSD random source is now properly seeded () -*** ‘call-with-container’ gracefully reports mount errors - () -*** ‘herd start cow-store’ now bind-mounts the target /tmp -*** ‘guix environment’ now honors ‘--system’ () -*** ‘guix publish’ properly encodes archive URIs () -*** ‘NIX_CONF_DIR’ is now ignored () -*** The shell of user ‘nobody’ is ‘nologin’ () -*** Source code location is more precise in error messages involving records - () -*** ‘guix --version’ is correct in the presence of ‘guix pull’ - () -*** Git commits are now signed, for eventual authentication by ‘guix pull’ - (in preparation of a fix for ) - -** Native language support - -*** New translation: zh_CN (Simplified Chinese) -*** Updated translations: fr - * Changes in 0.10.0 (since 0.9.0) ** Community diff --git a/configure.ac b/configure.ac index 13a9b6e19f..17d5c4b28b 100644 --- a/configure.ac +++ b/configure.ac @@ -86,6 +86,11 @@ dnl Check whether (srfi srfi-37) works, and provide our own if it doesn't. GUIX_CHECK_SRFI_37 AM_CONDITIONAL([INSTALL_SRFI_37], [test "x$ac_cv_guix_srfi_37_broken" = xyes]) +dnl Check whether (guix build syscalls) can be built. +GUIX_CHECK_LIBC_MOUNT +AM_CONDITIONAL([BUILD_SYSCALLS_MODULE], + [test "x$guix_cv_libc_has_mount" = "xyes"]) + dnl Decompressors, for use by the substituter and other modules. AC_PATH_PROG([GZIP], [gzip]) AC_PATH_PROG([BZIP2], [bzip2]) diff --git a/doc/guix.texi b/doc/guix.texi index df8b5a9241..3725f6c242 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6401,9 +6401,8 @@ builds to @file{/gnu/store} which, initially, is an in-memory file system. Next, you have to edit a file and provide the declaration of the operating system to be installed. To -that end, the installation system comes with three text editors: GNU nano -(@pxref{Top,,, nano, GNU nano Manual}), GNU Zile (an Emacs clone), and -nvi (a clone of the original BSD @command{vi} editor). +that end, the installation system comes with two text editors: GNU nano +(@pxref{Top,,, nano, GNU nano Manual}), and GNU Zile, an Emacs clone. We strongly recommend storing that file on the target root file system, say, as @file{/mnt/etc/config.scm}. Failing to do that, you will have lost your configuration file once you have rebooted into the newly-installed system. @@ -7797,6 +7796,7 @@ maximum address space that can be locked in memory. These settings are commonly used for real-time audio systems. @end deffn + @node Scheduled Job Execution @subsubsection Scheduled Job Execution diff --git a/gnu/local.mk b/gnu/local.mk index 4a19e33414..6060e55fa3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -440,7 +440,6 @@ dist_patch_DATA = \ %D%/packages/patches/audacity-fix-ffmpeg-binding.patch \ %D%/packages/patches/automake-skip-amhello-tests.patch \ %D%/packages/patches/automake-regexp-syntax.patch \ - %D%/packages/patches/automake-test-gzip-warning.patch \ %D%/packages/patches/avahi-localstatedir.patch \ %D%/packages/patches/avidemux-install-to-lib.patch \ %D%/packages/patches/awesome-reproducible-png.patch \ @@ -468,9 +467,9 @@ dist_patch_DATA = \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/dbus-helper-search-path.patch \ + %D%/packages/patches/dealii-p4est-interface.patch \ %D%/packages/patches/devil-CVE-2009-3994.patch \ %D%/packages/patches/devil-fix-libpng.patch \ - %D%/packages/patches/dico-idxgcide-bug.patch \ %D%/packages/patches/dico-libtool-deterministic.patch \ %D%/packages/patches/diffutils-gets-undeclared.patch \ %D%/packages/patches/dfu-programmer-fix-libusb.patch \ @@ -489,6 +488,7 @@ dist_patch_DATA = \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ %D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \ + %D%/packages/patches/expat-CVE-2015-1283.patch \ %D%/packages/patches/expat-CVE-2015-1283-refix.patch \ %D%/packages/patches/expat-CVE-2016-0718.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ @@ -522,9 +522,12 @@ dist_patch_DATA = \ %D%/packages/patches/gimp-CVE-2016-4994.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ + %D%/packages/patches/glibc-CVE-2015-7547.patch \ %D%/packages/patches/glibc-bootstrap-system.patch \ + %D%/packages/patches/glibc-hurd-extern-inline.patch \ %D%/packages/patches/glibc-ldd-x86_64.patch \ %D%/packages/patches/glibc-locales.patch \ + %D%/packages/patches/glibc-locale-incompatibility.patch \ %D%/packages/patches/glibc-o-largefile.patch \ %D%/packages/patches/glibc-versioned-locpath.patch \ %D%/packages/patches/gmp-arm-asm-nothumb.patch \ @@ -603,6 +606,11 @@ dist_patch_DATA = \ %D%/packages/patches/liba52-link-with-libm.patch \ %D%/packages/patches/liba52-set-soname.patch \ %D%/packages/patches/liba52-use-mtune-not-mcpu.patch \ + %D%/packages/patches/libarchive-bsdtar-test.patch \ + %D%/packages/patches/libarchive-CVE-2013-0211.patch \ + %D%/packages/patches/libarchive-CVE-2016-1541.patch \ + %D%/packages/patches/libarchive-fix-lzo-test-case.patch \ + %D%/packages/patches/libarchive-mtree-filename-length-fix.patch \ %D%/packages/patches/libbonobo-activation-test-race.patch \ %D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \ %D%/packages/patches/libcmis-fix-test-onedrive.patch \ @@ -637,8 +645,9 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ - %D%/packages/patches/libxslt-generated-ids.patch \ + %D%/packages/patches/libxslt-CVE-2015-7995.patch \ %D%/packages/patches/lirc-localstatedir.patch \ + %D%/packages/patches/libpthread-glibc-preparation.patch \ %D%/packages/patches/lm-sensors-hwmon-attrs.patch \ %D%/packages/patches/lua-CVE-2014-5461.patch \ %D%/packages/patches/lua-pkgconfig.patch \ @@ -658,6 +667,10 @@ dist_patch_DATA = \ %D%/packages/patches/mcrypt-CVE-2012-4426.patch \ %D%/packages/patches/mcrypt-CVE-2012-4527.patch \ %D%/packages/patches/mhash-keygen-test-segfault.patch \ + %D%/packages/patches/mit-krb5-CVE-2015-8629.patch \ + %D%/packages/patches/mit-krb5-CVE-2015-8630.patch \ + %D%/packages/patches/mit-krb5-CVE-2015-8631.patch \ + %D%/packages/patches/mit-krb5-init-context-null-spnego.patch \ %D%/packages/patches/mpc123-initialize-ao.patch \ %D%/packages/patches/mplayer2-theora-fix.patch \ %D%/packages/patches/module-init-tools-moduledir.patch \ @@ -746,7 +759,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-paste-remove-timing-test.patch \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/qt4-ldflags.patch \ - %D%/packages/patches/rapicorn-isnan.patch \ %D%/packages/patches/ratpoison-shell.patch \ %D%/packages/patches/readline-link-ncurses.patch \ %D%/packages/patches/ripperx-missing-file.patch \ @@ -773,6 +785,7 @@ dist_patch_DATA = \ %D%/packages/patches/t1lib-CVE-2010-2642.patch \ %D%/packages/patches/t1lib-CVE-2011-0764.patch \ %D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \ + %D%/packages/patches/tar-d_ino_in_dirent-fix.patch \ %D%/packages/patches/tar-skip-unreliable-tests.patch \ %D%/packages/patches/tcl-mkindex-deterministic.patch \ %D%/packages/patches/tclxml-3.2-install.patch \ diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm index 21ed0e6179..de7f1f6d15 100644 --- a/gnu/packages/autotools.scm +++ b/gnu/packages/autotools.scm @@ -218,8 +218,7 @@ (define-public automake "0dl6vfi2lzz8alnklwxzfz624b95hb1ipjvd3mk177flmddcf24r")) (patches (search-patches "automake-regexp-syntax.patch" - "automake-skip-amhello-tests.patch" - "automake-test-gzip-warning.patch")))) + "automake-skip-amhello-tests.patch")))) (build-system gnu-build-system) (native-inputs `(("autoconf" ,(autoconf-wrapper)) diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index 0a2e9b1b90..257dabfe2c 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -135,7 +135,8 @@ (define-public hdup (define-public libarchive (package (name "libarchive") - (version "3.2.1") + (replacement libarchive/fixed) + (version "3.1.2") (source (origin (method url-fetch) @@ -143,7 +144,12 @@ (define-public libarchive version ".tar.gz")) (sha256 (base32 - "1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj")))) + "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb")) + (patches + (search-patches "libarchive-mtree-filename-length-fix.patch" + "libarchive-fix-lzo-test-case.patch" + "libarchive-CVE-2013-0211.patch" + "libarchive-bsdtar-test.patch")))) (build-system gnu-build-system) ;; TODO: Add -L/path/to/nettle in libarchive.pc. (inputs @@ -174,10 +180,7 @@ (define-public libarchive (zero? (system* "./libarchive_test" "^test_*_disk*")) (zero? (system* "./bsdcpio_test" "^test_owner_parse")) (zero? (system* "./bsdtar_test")))) - %standard-phases)) - ;; libarchive/test/test_write_format_gnutar_filenames.c needs to be - ;; compiled with C99 or C11 or a gnu variant. - #:configure-flags '("CFLAGS=-O2 -g -std=c99"))) + %standard-phases)))) (home-page "http://libarchive.org/") (synopsis "Multi-format archive and compression library") (description @@ -190,6 +193,14 @@ (define-public libarchive random access nor for in-place modification.") (license license:bsd-2))) +(define libarchive/fixed + (package + (inherit libarchive) + (source (origin + (inherit (package-source libarchive)) + (patches (cons (search-patch "libarchive-CVE-2016-1541.patch") + (origin-patches (package-source libarchive)))))))) + (define-public rdup (package (name "rdup") diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index a476837102..7b33a1d517 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -44,9 +44,7 @@ (define-module (gnu packages base) #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix build-system gnu) - #:use-module (guix build-system trivial) - #:use-module (ice-9 match) - #:export (glibc)) + #:use-module (guix build-system trivial)) ;;; Commentary: ;;; @@ -77,14 +75,14 @@ (define-public hello (define-public grep (package (name "grep") - (version "2.25") + (version "2.22") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/grep/grep-" version ".tar.xz")) (sha256 (base32 - "0c38b67cnwchwzv4wq2gpz6smkhdxrac2hhssv8f0l04qnx867p2")) + "1srn321x7whlhs5ks36zlcrrmj4iahll8fxwsh1vbz3v04px54fa")) (patches (search-patches "grep-timing-sensitive-test.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) ;some of the tests require it @@ -139,34 +137,17 @@ (define-public sed (define-public tar (package (name "tar") - (version "1.29") + (version "1.28") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/tar/tar-" version ".tar.xz")) (sha256 (base32 - "097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0")) - (patches (search-patches "tar-skip-unreliable-tests.patch")))) + "1wi2zwm4c9r3h3b8y4w0nm0qq897kn8kyj9k22ba0iqvxj48vvk4")) + (patches (search-patches "tar-d_ino_in_dirent-fix.patch" + "tar-skip-unreliable-tests.patch")))) (build-system gnu-build-system) - ;; Note: test suite requires ~1GiB of disk space. - (arguments - '(#:phases (modify-phases %standard-phases - (add-before 'build 'set-shell-file-name - (lambda* (#:key inputs #:allow-other-keys) - ;; Do not use "/bin/sh" to run programs. - (let ((bash (assoc-ref inputs "bash"))) - (substitute* "src/system.c" - (("/bin/sh") - (string-append bash "/bin/sh"))) - #t)))))) - - ;; When cross-compiling, the 'set-shell-file-name' phase needs to be able - ;; to refer to the target Bash. - (inputs (if (%current-target-system) - `(("bash" ,bash)) - '())) - (synopsis "Managing tar archives") (description "Tar provides the ability to create tar archives, as well as the @@ -262,14 +243,23 @@ (define-public findutils (define-public coreutils (package (name "coreutils") - (version "8.25") + (version "8.24") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/coreutils/coreutils-" version ".tar.xz")) (sha256 (base32 - "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii")))) + "0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2")) + (patches + (list (origin + (method url-fetch) + (uri "http://git.savannah.gnu.org/cgit/coreutils.git/\ +patch/?id=3ba68f9e64fa2eb8af22d510437a0c6441feb5e0") + (sha256 + (base32 + "1dnlszhc8lihhg801i9sz896mlrgfsjfcz62636prb27k5hmixqz")) + (file-name "coreutils-tail-inotify-race.patch")))))) (build-system gnu-build-system) (inputs `(("acl" ,acl) ; TODO: add SELinux ("gmp" ,gmp) ;bignums in 'expr', yay! @@ -325,14 +315,14 @@ (define-public coreutils-minimal (define-public gnu-make (package (name "make") - (version "4.2") + (version "4.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/make/make-" version ".tar.bz2")) (sha256 (base32 - "0pv5rvz5pp4njxiz3syf786d2xp4j7gzddwjvgw5zmz55yvf6p2f")) + "19gwwhik3wdwn0r42b7xcihkbxvjl9r2bdal8nifc3k5i4rn3iqb")) (patches (search-patches "make-impure-dirs.patch")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) ; to detect Guile @@ -473,17 +463,17 @@ (define* (make-ld-wrapper name #:key binutils (export make-ld-wrapper) -(define-public glibc/linux +(define-public glibc (package (name "glibc") - (version "2.23") + (version "2.22") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl")) + "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb")) (snippet ;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is ;; required on LFS distros to avoid loading the distro's libc.so @@ -492,14 +482,17 @@ (define-public glibc/linux (("use_ldconfig=yes") "use_ldconfig=no"))) (modules '((guix build utils))) - (patches (search-patches "glibc-ldd-x86_64.patch" - "glibc-versioned-locpath.patch" - "glibc-o-largefile.patch")))) + (patches + (search-patches "glibc-ldd-x86_64.patch" + "glibc-locale-incompatibility.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch" + "glibc-CVE-2015-7547.patch")))) (build-system gnu-build-system) ;; Glibc's refers to , for instance, so glibc ;; users should automatically pull Linux headers as well. - (propagated-inputs `(("kernel-headers" ,linux-libre-headers))) + (propagated-inputs `(("linux-headers" ,linux-libre-headers))) (outputs '("out" "debug")) @@ -511,7 +504,7 @@ (define-public glibc/linux #:parallel-build? #f ;; The libraries have an empty RUNPATH, but some, such as the versioned - ;; libraries (libdl-2.23.so, etc.) have ld.so marked as NEEDED. Since + ;; libraries (libdl-2.22.so, etc.) have ld.so marked as NEEDED. Since ;; these libraries are always going to be found anyway, just skip ;; RUNPATH checks. #:validate-runpath? #f @@ -543,7 +536,7 @@ (define-public glibc/linux (assoc-ref ,(if (%current-target-system) '%build-target-inputs '%build-inputs) - "kernel-headers") + "linux-headers") "/include") ;; This is the default for most architectures as of GNU libc 2.21, @@ -557,7 +550,7 @@ (define-public glibc/linux "/bin/bash") ;; XXX: Work around "undefined reference to `__stack_chk_guard'". - "libc_cv_ssp=no" "libc_cv_ssp_strong=no") + "libc_cv_ssp=no") #:tests? #f ; XXX #:phases (modify-phases %standard-phases @@ -571,6 +564,10 @@ (define-public glibc/linux ;; but cross-base uses it as a native input. (bash (or (assoc-ref inputs "static-bash") (assoc-ref native-inputs "static-bash")))) + ;; Use `pwd', not `/bin/pwd'. + (substitute* "configure" + (("/bin/pwd") "pwd")) + ;; Install the rpc data base file under `$out/etc/rpc'. ;; FIXME: Use installFlags = [ "sysconfdir=$(out)/etc" ]; (substitute* "sunrpc/Makefile" @@ -651,104 +648,11 @@ (define-public glibc/linux (license lgpl2.0+) (home-page "http://www.gnu.org/software/libc/"))) -(define-public glibc/hurd - ;; The Hurd's libc variant. - (package (inherit glibc/linux) - (name "glibc-hurd") - (version "2.19") - (source (origin - (method url-fetch) - (uri (string-append "http://alpha.gnu.org/gnu/hurd/glibc-" - version "-hurd+libpthread-20160518" ".tar.gz")) - (sha256 - (base32 - "12zmdjviybpsdb2kq4cg98rds7909f0cc96fzdahdfrzlxx1q0px")))) - - ;; Libc provides , which includes a bunch of Hurd and Mach headers, - ;; so both should be propagated. - (propagated-inputs `(("hurd-core-headers" ,hurd-core-headers))) - (native-inputs - `(,@(package-native-inputs glibc/linux) - ("mig" ,mig) - ("perl" ,perl))) - - (arguments - (substitute-keyword-arguments (package-arguments glibc/linux) - ((#:phases original-phases) - ;; Add libmachuser.so and libhurduser.so to libc.so's search path. - ;; See . - `(alist-cons-after - 'install 'augment-libc.so - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out"))) - (substitute* (string-append out "/lib/libc.so") - (("/[^ ]+/lib/libc.so.0.3") - (string-append out "/lib/libc.so.0.3" " libmachuser.so" " libhurduser.so")))) - #t) - (alist-cons-after - 'pre-configure 'pre-configure-set-pwd - (lambda _ - ;; Use the right 'pwd'. - (substitute* "configure" - (("/bin/pwd") "pwd"))) - ,original-phases))) - ((#:configure-flags original-configure-flags) - `(append (list "--host=i586-pc-gnu" - - ;; We need this to get a working openpty() function. - "--enable-pt_chown" - - ;; nscd fails to build for GNU/Hurd: - ;; . - ;; Disable it. - "--disable-nscd") - (filter (lambda (flag) - (not (string-prefix? "--enable-kernel=" flag))) - ,original-configure-flags))))) - (synopsis "The GNU C Library (GNU Hurd variant)") - (supported-systems %hurd-systems))) - -(define* (glibc-for-target #:optional - (target (or (%current-target-system) - (%current-system)))) - "Return the glibc for TARGET, GLIBC/LINUX for a Linux host or -GLIBC/HURD for a Hurd host" - (match target - ((or "i586-pc-gnu" "i586-gnu") glibc/hurd) - (_ glibc/linux))) - -(define-syntax glibc - (identifier-syntax (glibc-for-target))) - -(define-public glibc-2.22 - ;; The old libc, which we use mostly to build locale data in the old format - ;; (which the new libc can cope with.) - (package - (inherit glibc) - (version "2.22") - (source (origin - (inherit (package-source glibc)) - (uri (string-append "mirror://gnu/glibc/glibc-" - version ".tar.xz")) - (sha256 - (base32 - "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb")) - (patches (search-patches "glibc-ldd-x86_64.patch")))) - (arguments - (substitute-keyword-arguments (package-arguments glibc) - ((#:phases phases) - `(modify-phases ,phases - (add-before 'configure 'fix-pwd - (lambda _ - ;; Use `pwd' instead of `/bin/pwd' for glibc-2.21 - (substitute* "configure" - (("/bin/pwd") "pwd")))))))))) - (define-public glibc-2.21 ;; The old libc, which we use mostly to build locale data in the old format ;; (which the new libc can cope with.) (package - (inherit glibc-2.22) + (inherit glibc) (version "2.21") (source (origin (inherit (package-source glibc)) @@ -787,7 +691,7 @@ (define-public glibc-locales ((#:configure-flags flags) `(append ,flags ;; Use $(libdir)/locale/X.Y as is the case by default. - (list (string-append "libc_cv_complocaledir=" + (list (string-append "libc_cv_localedir=" (assoc-ref %outputs "out") "/lib/locale/" ,(package-version glibc)))))))))) @@ -863,6 +767,73 @@ (define-public which command.") (license gpl3+))) ; some files are under GPLv2+ +(define-public glibc/hurd + ;; The Hurd's libc variant. + (package (inherit glibc) + (name "glibc-hurd") + (version "2.18") + (source (origin + (method git-fetch) + (uri (git-reference + (url "git://git.sv.gnu.org/hurd/glibc") + (commit "cc94b3cfe65523f980359e5f0e93a26196bda1d3"))) + (sha256 + (base32 + "17gsh0kaz0zyvghjmx861mi2p65m9901lngi179x61zm6v2v3xc4")) + (file-name (string-append name "-" version)) + (patches (search-patches "glibc-hurd-extern-inline.patch")))) + + ;; Libc provides , which includes a bunch of Hurd and Mach headers, + ;; so both should be propagated. + (propagated-inputs `(("gnumach-headers" ,gnumach-headers) + ("hurd-headers" ,hurd-headers) + ("hurd-minimal" ,hurd-minimal))) + (native-inputs + `(,@(package-native-inputs glibc) + ("patch/libpthread-patch" ,(search-patch "libpthread-glibc-preparation.patch")) + ("mig" ,mig) + ("perl" ,perl) + ("libpthread" ,(origin + (method git-fetch) + (uri (git-reference + (url "git://git.sv.gnu.org/hurd/libpthread") + (commit "0ef7b75c4ba91b6660f0d3d8b51d14d25e3d5bfb"))) + (sha256 + (base32 + "031py18fls15z0wprni33mf762kg6fx8xqijppimhp83yp6ky3l3")) + (file-name "libpthread"))))) + + (arguments + (substitute-keyword-arguments (package-arguments glibc) + ((#:configure-flags original-configure-flags) + `(append (list "--host=i686-pc-gnu" + + ;; nscd fails to build for GNU/Hurd: + ;; . + ;; Disable it. + "--disable-nscd") + (filter (lambda (flag) + (not (or (string-prefix? "--with-headers=" flag) + (string-prefix? "--enable-kernel=" flag)))) + ;; Evaluate 'original-configure-flags' in a + ;; lexical environment that has a dummy + ;; "linux-headers" input, to prevent errors. + (let ((%build-inputs `(("linux-headers" . "@DUMMY@") + ,@%build-inputs))) + ,original-configure-flags)))) + ((#:phases phases) + `(alist-cons-after + 'unpack 'prepare-libpthread + (lambda* (#:key inputs #:allow-other-keys) + (copy-recursively (assoc-ref inputs "libpthread") "libpthread") + + (system* "patch" "--force" "-p1" "-i" + (assoc-ref inputs "patch/libpthread-patch")) + #t) + ,phases)))) + (synopsis "The GNU C Library (GNU Hurd variant)") + (supported-systems %hurd-systems))) + (define-public glibc/hurd-headers (package (inherit glibc/hurd) (name "glibc-hurd-headers") @@ -874,7 +845,7 @@ (define-public glibc/hurd-headers ;; We just pass the flags really needed to build the headers. ((#:configure-flags _) `(list "--enable-add-ons" - "--host=i586-pc-gnu" + "--host=i686-pc-gnu" "--enable-obsolete-rpc")) ((#:phases _) '(alist-replace diff --git a/gnu/packages/boost.scm b/gnu/packages/boost.scm index 8fe8c8e899..daa3dafcca 100644 --- a/gnu/packages/boost.scm +++ b/gnu/packages/boost.scm @@ -51,50 +51,50 @@ (define-public boost ("python" ,python-2) ("tcsh" ,tcsh))) (arguments - `(#:tests? #f - #:make-flags - (list "threading=multi" "link=shared" + (let ((build-flags + `("threading=multi" "link=shared" - ;; Set the RUNPATH to $libdir so that the libs find each other. - (string-append "linkflags=-Wl,-rpath=" - (assoc-ref %outputs "out") "/lib") + ;; Set the RUNPATH to $libdir so that the libs find each other. + (string-append "linkflags=-Wl,-rpath=" + (assoc-ref outputs "out") "/lib") - ;; Boost's 'context' library is not yet supported on mips64, so - ;; we disable it. The 'coroutine' library depends on 'context', - ;; so we disable that too. - ,@(if (string-prefix? "mips64" (or (%current-target-system) - (%current-system))) - '("--without-context" - "--without-coroutine" "--without-coroutine2") - '())) - #:phases - (modify-phases %standard-phases - (replace - 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (substitute* '("libs/config/configure" - "libs/spirit/classic/phoenix/test/runtest.sh" - "tools/build/doc/bjam.qbk" - "tools/build/src/engine/execunix.c" - "tools/build/src/engine/Jambase" - "tools/build/src/engine/jambase.c") - (("/bin/sh") (which "sh"))) + ;; Boost's 'context' library is not yet supported on mips64, so + ;; we disable it. The 'coroutine' library depends on 'context', + ;; so we disable that too. + ,@(if (string-prefix? "mips64" (or (%current-target-system) + (%current-system))) + '("--without-context" + "--without-coroutine" "--without-coroutine2") + '())))) + `(#:tests? #f + #:phases + (modify-phases %standard-phases + (replace + 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (substitute* '("libs/config/configure" + "libs/spirit/classic/phoenix/test/runtest.sh" + "tools/build/doc/bjam.qbk" + "tools/build/src/engine/execunix.c" + "tools/build/src/engine/Jambase" + "tools/build/src/engine/jambase.c") + (("/bin/sh") (which "sh"))) - (setenv "SHELL" (which "sh")) - (setenv "CONFIG_SHELL" (which "sh")) + (setenv "SHELL" (which "sh")) + (setenv "CONFIG_SHELL" (which "sh")) - (zero? (system* "./bootstrap.sh" - (string-append "--prefix=" out) - "--with-toolset=gcc"))))) - (replace - 'build - (lambda* (#:key outputs make-flags #:allow-other-keys) - (zero? (apply system* "./b2" make-flags)))) - (replace - 'install - (lambda* (#:key outputs make-flags #:allow-other-keys) - (zero? (apply system* "./b2" "install" make-flags))))))) + (zero? (system* "./bootstrap.sh" + (string-append "--prefix=" out) + "--with-toolset=gcc"))))) + (replace + 'build + (lambda* (#:key outputs #:allow-other-keys) + (zero? (system* "./b2" ,@build-flags)))) + (replace + 'install + (lambda* (#:key outputs #:allow-other-keys) + (zero? (system* "./b2" "install" ,@build-flags)))))))) (home-page "http://boost.org") (synopsis "Peer-reviewed portable C++ source libraries") diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm index f47a343ca6..6a4eba99ef 100644 --- a/gnu/packages/bootstrap.scm +++ b/gnu/packages/bootstrap.scm @@ -62,7 +62,7 @@ (define (bootstrap-origin source) (define (boot fetch) (lambda* (url hash-algo hash #:optional name #:key system) - (fetch url hash-algo hash name + (fetch url hash-algo hash #:guile %bootstrap-guile #:system system))) diff --git a/gnu/packages/c.scm b/gnu/packages/c.scm index 6e16d1365b..e8d1236eb1 100644 --- a/gnu/packages/c.scm +++ b/gnu/packages/c.scm @@ -52,7 +52,7 @@ (define-public tcc (assoc-ref %build-inputs "libc") "/include:" (assoc-ref %build-inputs - "kernel-headers") + "linux-headers") "/include:{B}/include") (string-append "--libpaths=" (assoc-ref %build-inputs "libc") diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm index 95c80438e9..cecc026479 100644 --- a/gnu/packages/check.scm +++ b/gnu/packages/check.scm @@ -37,15 +37,15 @@ (define-module (gnu packages check) (define-public check (package (name "check") - (version "0.10.0") + (version "0.9.14") (source (origin (method url-fetch) - (uri (string-append "https://github.com/libcheck/check/files/71408/" - "/check-" version ".tar.gz")) + (uri (string-append "mirror://sourceforge/check/check/" + version "/check-" version ".tar.gz")) (sha256 (base32 - "0lhhywf5nxl3dd0hdakra3aasl590756c9kmvyifb3vgm9k0gxgm")))) + "02l4g79d81s07hzywcv1knwj5dyrwjiq2pgxaz7kidxi8m364wn2")))) (build-system gnu-build-system) (home-page "https://libcheck.github.io/check/") (synopsis "Unit test framework for C") diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm index ac88e59ec1..1cb1e06993 100644 --- a/gnu/packages/cmake.scm +++ b/gnu/packages/cmake.scm @@ -4,7 +4,6 @@ ;;; Copyright © 2014 Eric Bavier ;;; Copyright © 2014 Ian Denhardt ;;; Copyright © 2015 Sou Bunnbu -;;; Copyright © 2016 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -37,7 +36,7 @@ (define-module (gnu packages cmake) (define-public cmake (package (name "cmake") - (version "3.5.2") + (version "3.3.2") (source (origin (method url-fetch) (uri (string-append "https://www.cmake.org/files/v" @@ -45,67 +44,62 @@ (define-public cmake "/cmake-" version ".tar.gz")) (sha256 (base32 - "0ap6nlmv6nda942db43k9k9mhnm5dm3fsapzvy0vh6wq7l6l3n4j")) + "08pwy9ip9cgwgynhn5vrjw8drw29gijy1rmziq22n65zds6ifnp7")) (patches (search-patches "cmake-fix-tests.patch")))) (build-system gnu-build-system) (arguments `(#:test-target "test" - #:phases - (modify-phases %standard-phases - (add-before 'configure 'patch-bin-sh - (lambda _ - ;; Replace "/bin/sh" by the right path in... a lot of - ;; files. - (substitute* - '("Modules/CompilerId/Xcode-3.pbxproj.in" - "Modules/CompilerId/Xcode-1.pbxproj.in" - "Modules/CompilerId/Xcode-2.pbxproj.in" - "Modules/CPack.RuntimeScript.in" - "Source/cmakexbuild.cxx" - "Source/cmGlobalXCodeGenerator.cxx" - "Source/CTest/cmCTestBatchTestHandler.cxx" - "Source/cmLocalUnixMakefileGenerator3.cxx" - "Source/cmExecProgramCommand.cxx" - "Utilities/cmbzip2/Makefile-libbz2_so" - "Utilities/Release/release_cmake.cmake" - "Utilities/cmlibarchive/libarchive/archive_write_set_format_shar.c" - "Tests/CMakeLists.txt" - "Tests/RunCMake/File_Generate/RunCMakeTest.cmake") - (("/bin/sh") (which "sh"))))) - (add-before 'configure 'set-paths - (lambda _ - ;; Help cmake's bootstrap process to find system libraries - (begin - (setenv "CMAKE_LIBRARY_PATH" (getenv "LIBRARY_PATH")) - (setenv "CMAKE_INCLUDE_PATH" (getenv "C_INCLUDE_PATH")) - ;; Get verbose output from failed tests - (setenv "CTEST_OUTPUT_ON_FAILURE" "TRUE")))) - (replace 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (zero? (system* - "./configure" - (string-append "--prefix=" out) - "--system-libs" - "--no-system-jsoncpp" ; not packaged yet - ;; By default, the man pages and other docs land - ;; in PREFIX/man and PREFIX/doc, but we want them - ;; in share/{man,doc}. Note that unlike - ;; autoconf-generated configure scripts, cmake's - ;; configure prepends "PREFIX/" to what we pass - ;; to --mandir and --docdir. - "--mandir=share/man" - ,(string-append - "--docdir=share/doc/cmake-" - (version-major+minor version))))))) - (add-after 'unpack 'remove-libarchive-version-test - ; This test check has been failing consistantly over libarchive 3.2.x - ; and cmake 3.4.x and 3.5.x so we disable it for now - (lambda _ - (substitute* - "Tests/CMakeOnly/AllFindModules/CMakeLists.txt" - (("LibArchive") "")) - #t))))) + #:phases (alist-cons-before + 'configure 'patch-bin-sh + (lambda _ + ;; Replace "/bin/sh" by the right path in... a lot of + ;; files. + (substitute* + '("Modules/CompilerId/Xcode-3.pbxproj.in" + "Modules/CompilerId/Xcode-1.pbxproj.in" + "Modules/CompilerId/Xcode-2.pbxproj.in" + "Modules/CPack.RuntimeScript.in" + "Source/cmakexbuild.cxx" + "Source/cmGlobalXCodeGenerator.cxx" + "Source/CTest/cmCTestBatchTestHandler.cxx" + "Source/cmLocalUnixMakefileGenerator3.cxx" + "Source/cmExecProgramCommand.cxx" + "Utilities/cmbzip2/Makefile-libbz2_so" + "Utilities/Release/release_cmake.cmake" + "Utilities/cmlibarchive/libarchive/\ +archive_write_set_format_shar.c" + "Tests/CMakeLists.txt" + "Tests/RunCMake/File_Generate/RunCMakeTest.cmake") + (("/bin/sh") (which "sh")))) + (alist-cons-before + 'configure 'set-paths + (lambda _ + ;; Help cmake's bootstrap process to find system libraries + (begin + (setenv "CMAKE_LIBRARY_PATH" (getenv "LIBRARY_PATH")) + (setenv "CMAKE_INCLUDE_PATH" (getenv "C_INCLUDE_PATH")) + ;; Get verbose output from failed tests + (setenv "CTEST_OUTPUT_ON_FAILURE" "TRUE"))) + (alist-replace + 'configure + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (zero? (system* + "./configure" + (string-append "--prefix=" out) + "--system-libs" + "--no-system-jsoncpp" ; not packaged yet + ;; By default, the man pages and other docs land + ;; in PREFIX/man and PREFIX/doc, but we want them + ;; in share/{man,doc}. Note that unlike + ;; autoconf-generated configure scripts, cmake's + ;; configure prepends "PREFIX/" to what we pass + ;; to --mandir and --docdir. + "--mandir=share/man" + ,(string-append + "--docdir=share/doc/cmake-" + (version-major+minor version)))))) + %standard-phases))))) (inputs `(("file" ,file) ("curl" ,curl) diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index cce831bfb6..54b524aec7 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -270,24 +270,21 @@ (define perl-boot0 (name "perl-boot0") (replacement #f) (arguments - ;; At the very least, this must not depend on GCC & co. - (let ((args `(#:disallowed-references - ,(list %bootstrap-binutils)))) - (substitute-keyword-arguments (package-arguments perl) - ((#:phases phases) - `(modify-phases ,phases - ;; Pthread support is missing in the bootstrap compiler - ;; (broken spec file), so disable it. - (add-before 'configure 'disable-pthreads - (lambda _ - (substitute* "Configure" - (("^libswanted=(.*)pthread" _ before) - (string-append "libswanted=" before))))))))))))) - (package-with-bootstrap-guile - (package-with-explicit-inputs perl - %boot0-inputs - (current-source-location) - #:guile %bootstrap-guile)))) + (substitute-keyword-arguments (package-arguments perl) + ((#:phases phases) + `(modify-phases ,phases + ;; Pthread support is missing in the bootstrap compiler + ;; (broken spec file), so disable it. + (add-before 'configure 'disable-pthreads + (lambda _ + (substitute* "Configure" + (("^libswanted=(.*)pthread" _ before) + (string-append "libswanted=" before)))))))))))) + (package-with-bootstrap-guile + (package-with-explicit-inputs perl + %boot0-inputs + (current-source-location) + #:guile %bootstrap-guile)))) (define (linux-libre-headers-boot0) "Return Linux-Libre header files for the bootstrap environment." @@ -309,12 +306,7 @@ (define texinfo-boot0 ;; Also, use %BOOT0-INPUTS to avoid building Perl once more. (let ((texinfo (package (inherit texinfo) (native-inputs '()) - (inputs `(("perl" ,perl-boot0))) - - ;; Some of Texinfo 6.1's tests would fail with "Couldn't - ;; set UTF-8 character type in locale" but we don't have a - ;; UTF-8 locale at this stage, so skip them. - (arguments '(#:tests? #f))))) + (inputs `(("perl" ,perl-boot0)))))) (package-with-bootstrap-guile (package-with-explicit-inputs texinfo %boot0-inputs (current-source-location) @@ -363,7 +355,7 @@ (define glibc-final-with-bootstrap-bash "export CPATH\n" all "\n")))) ,phases))))) - (propagated-inputs `(("kernel-headers" ,(linux-libre-headers-boot0)))) + (propagated-inputs `(("linux-headers" ,(linux-libre-headers-boot0)))) (native-inputs `(("texinfo" ,texinfo-boot0) ("perl" ,perl-boot0))) diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index e63c1af048..c11afea020 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -150,14 +150,14 @@ (define-public libtar (define-public gzip (package (name "gzip") - (version "1.8") + (version "1.6") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gzip/gzip-" - version ".tar.xz")) + version ".tar.gz")) (sha256 (base32 - "1lxv3p4iyx7833mlihkn5wfwmz4cys5nybwpz3dfawag8kn6f5zz")))) + "0zlgdm4v3dndrbiz7b67mbbj25dpwqbmbzjiycssvrfrcfvq7swp")))) (build-system gnu-build-system) (synopsis "General file (de)compression (using lzw)") (arguments diff --git a/gnu/packages/conky.scm b/gnu/packages/conky.scm index 206546b53a..150d182032 100644 --- a/gnu/packages/conky.scm +++ b/gnu/packages/conky.scm @@ -32,7 +32,7 @@ (define-module (gnu packages conky) (define-public conky (package (name "conky") - (version "1.10.3") + (version "1.10.0") (source (origin (method url-fetch) @@ -40,15 +40,10 @@ (define-public conky version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 "1m9byrmpc2sprzk44v447yaqjzsvw230a0mlw7y1ngz3m3y44qs5")))) + (base32 "1szq4ckfkvyabv5llf9nkdxipn7429sralsxyr7z0dyc3zwz74pk")))) (build-system cmake-build-system) (arguments `(#:tests? #f ; there are no tests - #:configure-flags - '("-DRELEASE=true" - ;; XXX: it checks ncurses with pkg-config. - ;; TODO: add 'ncurses.pc' to the ncurses package. - "-DBUILD_NCURSES=false") #:phases (alist-cons-after 'unpack 'add-freetype-to-search-path @@ -72,7 +67,6 @@ (define-public conky ("libx11" ,libx11) ("libxdamage" ,libxdamage) ("libxft" ,libxft) - ("libxinerama" ,libxinerama) ("lua" ,lua))) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm index 3bd30fd78c..a9c337e6ed 100644 --- a/gnu/packages/cross-base.scm +++ b/gnu/packages/cross-base.scm @@ -121,14 +121,6 @@ (define (cross-gcc-arguments target libc) "--disable-libquadmath" "--disable-decimal-float" ;would need libc "--disable-libcilkrts" - - ;; When target is any OS other than 'none' these - ;; libraries will fail if there is no libc - ;; present. See - ;; - "--disable-libitm" - "--disable-libvtv" - "--disable-libsanitizer" ))) ,(if libc @@ -175,25 +167,24 @@ (define (cross-gcc-arguments target libc) `(alist-cons-before 'configure 'set-cross-path (lambda* (#:key inputs #:allow-other-keys) - ;; Add the cross kernel headers to CROSS_CPATH, and remove them - ;; from CPATH. + ;; Add the cross Linux headers to CROSS_C_*_INCLUDE_PATH, + ;; and remove them from C_*INCLUDE_PATH. (let ((libc (assoc-ref inputs "libc")) - (kernel (assoc-ref inputs "xkernel-headers"))) + (linux (assoc-ref inputs "xlinux-headers"))) (define (cross? x) ;; Return #t if X is a cross-libc or cross Linux. (or (string-prefix? libc x) - (string-prefix? kernel x))) + (string-prefix? linux x))) (let ((cpath (string-append libc "/include" - ":" kernel "/include"))) + ":" linux "/include"))) (for-each (cut setenv <> cpath) '("CROSS_C_INCLUDE_PATH" "CROSS_CPLUS_INCLUDE_PATH" "CROSS_OBJC_INCLUDE_PATH" "CROSS_OBJCPLUS_INCLUDE_PATH"))) (setenv "CROSS_LIBRARY_PATH" - (string-append libc "/lib:" - kernel "/lib")) ;for Hurd's libihash + (string-append libc "/lib")) (for-each (lambda (var) (and=> (getenv var) @@ -264,9 +255,9 @@ (define* (cross-gcc target (alist-delete "libc" %final-inputs)))) (if libc `(("libc" ,libc) - ("xkernel-headers" ;the target headers + ("xlinux-headers" ;the target headers ,@(assoc-ref (package-propagated-inputs libc) - "kernel-headers")) + "linux-headers")) ,@inputs) inputs)))) @@ -343,10 +334,10 @@ (define xlinux-headers ,flags)) ((#:phases phases) `(alist-cons-before - 'configure 'set-cross-kernel-headers-path + 'configure 'set-cross-linux-headers-path (lambda* (#:key inputs #:allow-other-keys) - (let* ((kernel (assoc-ref inputs "kernel-headers")) - (cpath (string-append kernel "/include"))) + (let* ((linux (assoc-ref inputs "linux-headers")) + (cpath (string-append linux "/include"))) (for-each (cut setenv <> cpath) '("CROSS_C_INCLUDE_PATH" "CROSS_CPLUS_INCLUDE_PATH" @@ -355,9 +346,9 @@ (define xlinux-headers #t)) ,phases)))) - ;; Shadow the native "kernel-headers" because glibc's recipe expects the - ;; "kernel-headers" input to point to the right thing. - (propagated-inputs `(("kernel-headers" ,xlinux-headers))) + ;; Shadow the native "linux-headers" because glibc's recipe expects the + ;; "linux-headers" input to point to the right thing. + (propagated-inputs `(("linux-headers" ,xlinux-headers))) ;; FIXME: 'static-bash' should really be an input, not a native input, but ;; to do that will require building an intermediate cross libc. diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index 09b804f39a..51c7fd1052 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -135,17 +135,20 @@ (define-public cups-minimal ;; cups-filters package. #:tests? #f #:phases - (modify-phases %standard-phases - (add-before 'configure 'patch-makedefs - (lambda _ - (substitute* "Makedefs.in" - (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@") - (("/bin/sh") (which "sh"))))) - (add-before 'build 'patch-tests - (lambda _ - (substitute* "test/ippserver.c" - (("# else /\\* HAVE_AVAHI \\*/") - "#elif defined(HAVE_AVAHI)"))))))) + (alist-cons-before + 'configure + 'patch-makedefs + (lambda _ + (substitute* "Makedefs.in" + (("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@") + (("/bin/sh") (which "sh")))) + (alist-cons-before + 'build + 'patch-tests + (lambda _ + (substitute* "test/ippserver.c" + (("# else /\\* HAVE_AVAHI \\*/") "#elif defined(HAVE_AVAHI)"))) + %standard-phases)))) (native-inputs `(("pkg-config" ,pkg-config))) (inputs diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 895045d952..e05232dccd 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -86,7 +86,6 @@ (define-public 4store ("automake" ,automake) ("gettext" ,gnu-gettext) ("libtool" ,libtool) - ("pcre" ,pcre "bin") ;for 'pcre-config' ("pkg-config" ,pkg-config))) (inputs `(("glib" ,glib) @@ -95,6 +94,7 @@ (define-public 4store ("raptor2" ,raptor2) ("readline" ,readline) ("avahi" ,avahi) + ("pcre" ,pcre) ("cyrus-sasl" ,cyrus-sasl) ("openssl" ,openssl) ("util-linux" ,util-linux))) @@ -114,14 +114,14 @@ (define-public 4store (define-public gdbm (package (name "gdbm") - (version "1.12") + (version "1.11") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gdbm/gdbm-" version ".tar.gz")) (sha256 (base32 - "1smwz4x5qa4js0zf1w3asq6z7mh20zlgwbh2bk5dczw6xrk22yyr")))) + "1hz3jgh3pd4qzp6jy0l8pd8x01g9abw7csnrlnj1a2sxy122z4cd")))) (arguments `(#:configure-flags '("--enable-libgdbm-compat"))) (build-system gnu-build-system) (home-page "http://www.gnu.org/software/gdbm/") @@ -136,20 +136,18 @@ (define-public gdbm (define-public bdb (package (name "bdb") - (version "6.2.23") + (version "5.3.21") (source (origin (method url-fetch) - (uri (string-append "http://download.oracle.com/berkeley-db/db-" - version ".tar.gz")) - (sha256 - (base32 - "1isxx4jfmnh913jzhp8hhfngbk6dsg46f4kjpvvc56maj64jqqa7")))) + (uri (string-append "http://download.oracle.com/berkeley-db/db-" version + ".tar.gz")) + (sha256 (base32 + "1f2g2612lf8djbwbwhxsvmffmf9d7693kh2l20195pqp0f9jmnfx")))) (build-system gnu-build-system) (outputs '("out" ; programs, libraries, headers "doc")) ; 94 MiB of HTML docs (arguments '(#:tests? #f ; no check target available - #:disallowed-references ("doc") #:phases (alist-replace 'configure @@ -167,9 +165,6 @@ (define-public bdb (string-append "CONFIG_SHELL=" (which "bash")) (string-append "SHELL=" (which "bash")) - ;; Remove 7 MiB of .a files. - "--disable-static" - ;; The compatibility mode is needed by some packages, ;; notably iproute2. "--enable-compat185" @@ -188,18 +183,6 @@ (define-public bdb (home-page "http://www.oracle.com/us/products/database/berkeley-db/overview/index.html"))) -(define-public bdb-5.3 - (package (inherit bdb) - (name "bdb") - (version "5.3.28") - (source (origin - (method url-fetch) - (uri (string-append "http://download.oracle.com/berkeley-db/db-" - version ".tar.gz")) - (sha256 - (base32 - "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0")))))) - (define-public mysql (package (name "mysql") @@ -482,7 +465,7 @@ (define-public sparql-query (define-public sqlite (package (name "sqlite") - (version "3.12.2") + (version "3.10.0") (source (origin (method url-fetch) ;; TODO: Download from sqlite.org once this bug : @@ -513,7 +496,7 @@ (define-public sqlite )) (sha256 (base32 - "1fwss0i2lixv39b27gkqiibdd2syym90wh3qbiaxnfgxk867f07x")))) + "0hhhv6si0pyf5i8bv7a71953m0b4gk6s3j2h09caf7vif0njkk23")))) (build-system gnu-build-system) (inputs `(("readline" ,readline))) (arguments diff --git a/gnu/packages/dico.scm b/gnu/packages/dico.scm index 87062f94dc..780d8efcc7 100644 --- a/gnu/packages/dico.scm +++ b/gnu/packages/dico.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015, 2016 Ludovic Courtès +;;; Copyright © 2015 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -44,8 +44,7 @@ (define-public dico (base32 "04pjks075x20d19l623mj50bw64g8i41s63z4kzzqcbg9qg96x64")) (patches (search-patches "cpio-gets-undeclared.patch" - "dico-libtool-deterministic.patch" - "dico-idxgcide-bug.patch")))) + "dico-libtool-deterministic.patch")))) (build-system gnu-build-system) (arguments '(#:configure-flags (list (string-append "--with-guile-site-dir=" %output diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm index 3668aac19a..7cd1fcd71d 100644 --- a/gnu/packages/ed.scm +++ b/gnu/packages/ed.scm @@ -1,7 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012 Nikita Karetnikov ;;; Copyright © 2013, 2014 Ludovic Courtès -;;; Copyright © 2016 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -28,24 +27,23 @@ (define-module (gnu packages ed) (define-public ed (package (name "ed") - (version "1.13") + (version "1.12") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/ed/ed-" version ".tar.lz")) (sha256 (base32 - "1ly7i1iw02vbcd0zrx084z577ngxnarffmkm45dg6vndad5carnd")))) + "0bw0187a311rci58vznvncsj6pfp8bhs5phrlrqn03sa2i1mfrfj")))) (build-system gnu-build-system) (native-inputs `(("lzip" ,lzip))) (arguments '(#:configure-flags '("CC=gcc") - #:phases - (modify-phases %standard-phases - (add-before 'patch-source-shebangs 'patch-test-suite - (lambda _ - (substitute* "testsuite/check.sh" - (("/bin/sh") (which "sh")))))))) + #:phases (alist-cons-before 'patch-source-shebangs 'patch-test-suite + (lambda _ + (substitute* "testsuite/check.sh" + (("/bin/sh") (which "sh")))) + %standard-phases))) (home-page "http://www.gnu.org/software/ed/") (synopsis "Line-oriented text editor") (description diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index 825a355d63..7bc4288c5c 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -110,6 +110,14 @@ (define-public emacs (substitute* (find-files "." "^Makefile\\.in$") (("/bin/pwd") "pwd")))) + (add-after 'install 'remove-info.info + (lambda* (#:key outputs #:allow-other-keys) + ;; Remove 'info.info', which is provided by Texinfo <= 6.0. + ;; TODO: Remove this phase when we switch to Texinfo 6.1. + (let ((out (assoc-ref outputs "out"))) + (delete-file + (string-append out "/share/info/info.info.gz")) + #t))) (add-after 'install 'install-site-start ;; Copy guix-emacs.el from Guix and add it to site-start.el. This ;; way, Emacs packages provided by Guix and installed in diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm index f6c3d5fba6..b3e4431138 100644 --- a/gnu/packages/engineering.scm +++ b/gnu/packages/engineering.scm @@ -233,8 +233,7 @@ (define-public fastcap (build-system gnu-build-system) (native-inputs `(("texlive" ,texlive) - ("ghostscript" ,ghostscript) - ("ghostscript" ,ghostscript-gs))) + ("ghostscript" ,ghostscript))) (arguments `(#:make-flags '("CC=gcc" "RM=rm" "SHELL=sh" "all") #:parallel-build? #f diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm index 179e32507c..4d6c7392fb 100644 --- a/gnu/packages/finance.scm +++ b/gnu/packages/finance.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015, 2016 Andreas Enge +;;; Copyright © 2015 Andreas Enge ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Alex Griffin ;;; @@ -61,7 +61,7 @@ (define-public bitcoin-core ("python" ,python-2) ; for the tests ("util-linux" ,util-linux))) ; provides the hexdump command for tests (inputs - `(("bdb" ,bdb-5.3) ; with 6.2.23, there is an error: ambiguous overload + `(("bdb" ,bdb) ("boost" ,boost) ("libevent" ,libevent) ("miniupnpc" ,miniupnpc) diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm index 9b2281ad20..4bc4134640 100644 --- a/gnu/packages/fonts.scm +++ b/gnu/packages/fonts.scm @@ -126,7 +126,7 @@ (define-public font-ubuntu (define-public font-dejavu (package (name "font-dejavu") - (version "2.35") + (version "2.34") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/dejavu/dejavu/" @@ -134,7 +134,7 @@ (define-public font-dejavu version ".tar.bz2")) (sha256 (base32 - "122d35y93r820zhi6d7m9xhakdib10z51v63lnlg67qhhrardmzn")))) + "0pgb0a3ngamidacmrvasg51ck3gp8gn93w6sf1s8snwzx4x2r9yh")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 9ddbaec2f2..845e8b36c5 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -245,10 +245,10 @@ (define-public fontconfig (assoc-ref %build-inputs "gs-fonts") "/share/fonts") - ;; Register fonts from user and system profiles. - (string-append "--with-add-fonts=" - "~/.guix-profile/share/fonts," - "/run/current-system/profile/share/fonts") + ;; register fonts from user profile + ;; TODO: Add /run/current-system/profile/share/fonts and remove + ;; the skeleton that works around it from 'default-skeletons'. + "--with-add-fonts=~/.guix-profile/share/fonts" ;; python is not actually needed "PYTHON=false") diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index e467dbe04c..e79ab481bb 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -1,6 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 John Darrington -;;; Copyright © 2013 Nikita Karetnikov ;;; Copyright © 2014, 2015, 2016 David Thompson ;;; Copyright © 2014, 2015, 2016 Eric Bavier ;;; Copyright © 2014 Cyrill Schenkel @@ -21,7 +20,7 @@ ;;; Copyright © 2016 Albin Söderqvist ;;; Copyright © 2016 Kei Kebreau ;;; Copyright © 2016 Alex Griffin -;;; Copyright © 2016 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -2371,9 +2370,9 @@ (define-public grue-hunter (perl (string-append (assoc-ref %build-inputs "perl") "/bin")) - (gzip (string-append (assoc-ref %build-inputs + (gunzip (string-append (assoc-ref %build-inputs "gzip") - "/bin/gzip")) + "/bin/gunzip")) (tar (string-append (assoc-ref %build-inputs "tar") "/bin/tar")) @@ -2383,7 +2382,7 @@ (define-public grue-hunter (begin (mkdir out) (copy-file tarball "grue-hunter.tar.gz") - (zero? (system* gzip "-d" "grue-hunter.tar.gz")) + (zero? (system* gunzip "grue-hunter.tar.gz")) (zero? (system* tar "xvf" "grue-hunter.tar")) (mkdir-p bin) diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index 1ca8ca0d59..233a20bc86 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -153,7 +153,7 @@ (define-public gcc-4.7 ("libelf" ,libelf) ("zlib" ,zlib))) - ;; GCC < 5 is one of the few packages that doesn't ship .info files. + ;; GCC is one of the few packages that doesn't ship .info files. (native-inputs `(("texinfo" ,texinfo))) (arguments @@ -352,9 +352,7 @@ (define-public gcc-5 (sha256 (base32 "1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq")) - (patches (search-patches "gcc-5.0-libvtv-runpath.patch")))) - ;; GCC 5 ships with .info files, so no need for Texinfo. - (native-inputs '()))) + (patches (search-patches "gcc-5.0-libvtv-runpath.patch")))))) (define-public gcc-6 (package diff --git a/gnu/packages/gettext.scm b/gnu/packages/gettext.scm index bf38543178..34338f936b 100644 --- a/gnu/packages/gettext.scm +++ b/gnu/packages/gettext.scm @@ -41,14 +41,14 @@ (define-module (gnu packages gettext) (define-public gnu-gettext (package (name "gettext") - (version "0.19.8") + (version "0.19.7") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gettext/gettext-" version ".tar.gz")) (sha256 (base32 - "13ylc6n3hsk919c7xl0yyibc3pfddzb53avdykn4hmk8g6yzd91x")))) + "0gy2b2aydj8r0sapadnjw8cmb8j2rynj28d5qs1mfa800njd51jk")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;8 MiB of HTML diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index f013a734e5..ff5a6a04f4 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2013 Andreas Enge ;;; Copyright © 2014, 2015 Mark H Weaver ;;; Copyright © 2015 Ricardo Wurmus -;;; Copyright © 2013, 2015, 2016 Ludovic Courtès +;;; Copyright © 2013, 2015 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -33,8 +33,7 @@ (define-module (gnu packages ghostscript) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) - #:use-module (guix build-system gnu) - #:use-module (guix build-system trivial)) + #:use-module (guix build-system gnu)) (define-public lcms (package @@ -157,8 +156,7 @@ (define-public ghostscript ("python" ,python-wrapper) ("tcl" ,tcl))) (arguments - `(#:disallowed-references ("doc") - #:phases + `(#:phases (modify-phases %standard-phases (add-after 'configure 'patch-config-files (lambda _ @@ -174,15 +172,12 @@ (define-public ghostscript (substitute* "base/gscdef.c" (("GS_DOCDIR") "\"~/.guix-profile/share/doc/ghostscript\"")))) - (replace 'build - (lambda _ - ;; Build 'libgs.so', but don't build the statically-linked 'gs' - ;; binary (saves 18 MiB). - (zero? (system* "make" "so" "-j" - (number->string (parallel-job-count)))))) - (replace 'install - (lambda _ - (zero? (system* "make" "soinstall"))))))) + (add-after 'build 'build-so + (lambda _ + (zero? (system* "make" "so")))) + (add-after 'install 'install-so + (lambda _ + (zero? (system* "make" "install-so"))))))) (synopsis "PostScript and PDF interpreter") (description "Ghostscript is an interpreter for the PostScript language and the PDF @@ -199,40 +194,6 @@ (define-public ghostscript/x ("libxt" ,libxt) ,@(package-inputs ghostscript))))) -(define (ghostscript-wrapper name ghostscript) - ;; Return a GHOSTSCRIPT wrapper that provides the 'gs' command. - ;; See . - (package - (name name) - (version (package-version ghostscript)) - (source #f) - (build-system trivial-build-system) - (inputs `(("ghostscript" ,ghostscript))) - (arguments - `(#:modules ((guix build utils)) - #:builder (begin - (use-modules (guix build utils)) - - (let* ((out (assoc-ref %outputs "out")) - (bin (string-append out "/bin")) - (gs (assoc-ref %build-inputs "ghostscript"))) - (mkdir-p bin) - (with-directory-excursion bin - (symlink (string-append gs "/bin/gsc") "gs") - #t))))) - (synopsis "Wrapper providing Ghostscript's 'gs' command") - (description - "This package provides the @command{gs} command, which used to be -provided by Ghostscript itself and no longer is.") - (license (package-license ghostscript)) - (home-page (package-home-page ghostscript)))) - -(define-public ghostscript-gs - (ghostscript-wrapper "ghostscript-gs" ghostscript)) - -(define-public ghostscript-gs/x - (ghostscript-wrapper "ghostscript-gs-with-x" ghostscript/x)) - (define-public ijs (package (name "ijs") diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm index a4bffe479f..f36d15a9b9 100644 --- a/gnu/packages/gl.scm +++ b/gnu/packages/gl.scm @@ -443,7 +443,7 @@ (define (dynamic-link-substitute file lib input) (define-public libepoxy (package (name "libepoxy") - (version "1.3.1") + (version "1.2") (source (origin (method url-fetch) (uri (string-append @@ -453,7 +453,7 @@ (define-public libepoxy (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037")))) + "1xp8g6b7xlbym2rj4vkbl6xpb7ijq7glpv656mc7k9b01x22ihs2")))) (arguments `(#:phases (alist-cons-after diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 9bc7b65108..d18a8de22c 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -6,7 +6,6 @@ ;;; Copyright © 2015 Paul van der Walt ;;; Copyright © 2015, 2016 Efraim Flashner ;;; Copyright © 2016 Christopher Allan Webber -;;; Copyright © 2016 Nils Gillmann ;;; ;;; This file is part of GNU Guix. ;;; @@ -50,7 +49,7 @@ (define-module (gnu packages gnupg) (define-public libgpg-error (package (name "libgpg-error") - (version "1.22") + (version "1.21") (source (origin (method url-fetch) @@ -58,7 +57,7 @@ (define-public libgpg-error version ".tar.bz2")) (sha256 (base32 - "0ywxwswizmkyciy480kzczxn6nhbgzf3z8my4nk43nvv67k4x87j")))) + "0kdq2cbnk84fr4jqcv689rlxpbyl6bda2cn6y3ll19v3mlydpnxp")))) (build-system gnu-build-system) (home-page "https://gnupg.org") (synopsis "Library of error values for GnuPG components") @@ -74,14 +73,14 @@ (define-public libgpg-error (define-public libgcrypt (package (name "libgcrypt") - (version "1.7.0") + (version "1.6.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" version ".tar.bz2")) (sha256 (base32 - "14pspxwrqcgfklw3dgmywbxqwdzcym7fznfrqh9rk4vl8jkpxrmh")))) + "0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl")))) (build-system gnu-build-system) (propagated-inputs `(("libgpg-error-host" ,libgpg-error))) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 27c8ede8e9..8e5ff4569b 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -77,10 +77,7 @@ (define-public mozjs `(("perl" ,perl) ("python" ,python-2))) (arguments - `(;; XXX: parallel build fails, lacking: - ;; mkdir -p "system_wrapper_js/" - #:parallel-build? #f - #:phases + `(#:phases (alist-cons-before 'configure 'chdir (lambda _ @@ -120,10 +117,7 @@ (define-public mozjs-24 '(substitute* '("js/src/config/milestone.pl") (("defined\\(@TEMPLATE_FILE)") "@TEMPLATE_FILE"))))) (arguments - '(;; XXX: parallel build fails, lacking: - ;; mkdir -p "system_wrapper_js/" - #:parallel-build? #f - #:phases + '(#:phases (modify-phases %standard-phases (replace 'configure diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm index d0df83072e..f6298ce394 100644 --- a/gnu/packages/graphics.scm +++ b/gnu/packages/graphics.scm @@ -4,7 +4,6 @@ ;;; Copyright © 2016 Leo Famulari ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2016 Efraim Flashner -;;; Copyright © 2016 Andreas Enge ;;; ;;; This file is part of GNU Guix. ;;; @@ -301,8 +300,7 @@ (define-public rapicorn "rapicorn-" version ".tar.xz")) (sha256 (base32 - "1y51yjrpsihas1jy905m9p3r8iiyhq6bwi2690c564i5dnix1f9d")) - (patches (search-patches "rapicorn-isnan.patch")))) + "1y51yjrpsihas1jy905m9p3r8iiyhq6bwi2690c564i5dnix1f9d")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm index f50605a7fb..acae23ecea 100644 --- a/gnu/packages/guile.scm +++ b/gnu/packages/guile.scm @@ -166,8 +166,7 @@ (define-public guile-2.0 (outputs '("out" "debug")) (arguments - `(#:configure-flags '("--disable-static") ;saves 3MiB - #:phases (alist-cons-before + `(#:phases (alist-cons-before 'configure 'pre-configure (lambda* (#:key inputs #:allow-other-keys) ;; Tell (ice-9 popen) the file name of Bash. diff --git a/gnu/packages/gv.scm b/gnu/packages/gv.scm index 240e3fc96c..5f8532144b 100644 --- a/gnu/packages/gv.scm +++ b/gnu/packages/gv.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge -;;; Copyright © 2013, 2016 Ludovic Courtès +;;; Copyright © 2013 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -39,7 +39,7 @@ (define-public gv (sha256 (base32 "0q8s43z14vxm41pfa8s5h9kyyzk1fkwjhkiwbf2x70alm6rv6qi1")))) (build-system gnu-build-system) - (propagated-inputs `(("ghostscript" ,ghostscript-gs/x))) + (propagated-inputs `(("ghostscript" ,ghostscript/x))) (inputs `(("libx11" ,libx11) ("libxaw3d" ,libxaw3d) ("libxinerama" ,libxinerama) diff --git a/gnu/packages/hurd.scm b/gnu/packages/hurd.scm index a4c0296b04..2b2e162107 100644 --- a/gnu/packages/hurd.scm +++ b/gnu/packages/hurd.scm @@ -21,12 +21,12 @@ (define-module (gnu packages hurd) #:use-module (guix download) #:use-module (guix packages) #:use-module (gnu packages) - #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) #:use-module (gnu packages flex) #:use-module (gnu packages bison) #:use-module (gnu packages perl) + #:use-module (gnu packages autotools) #:use-module (gnu packages base) #:use-module (guix git-download)) @@ -55,11 +55,7 @@ (define-public gnumach-headers ;; GNU Mach supports only IA32 currently, so cheat so that we can at ;; least install its headers. - ,@(if (%current-target-system) - '() - ;; See - ;; - '(#:configure-flags '("--build=i586-pc-gnu"))) + #:configure-flags '("--build=i686-pc-gnu") #:tests? #f)) (home-page "https://www.gnu.org/software/hurd/microkernel/mach/gnumach.html") @@ -112,7 +108,11 @@ (define-public hurd-headers "1pbc4aqgzxvkgivw80ghp3w755cl0fwxmg357vq7chimj64jk78d")))) (build-system gnu-build-system) (native-inputs - `(("mig" ,mig))) + `(;; Autoconf shouldn't be necessary but there seems to be a bug in the + ;; build system triggering its use. + ("autoconf" ,autoconf) + + ("mig" ,mig))) (arguments `(#:phases (alist-replace 'install @@ -122,19 +122,10 @@ (define-public hurd-headers #:configure-flags '(;; Pretend we're on GNU/Hurd; 'configure' wants ;; that. - ,@(if (%current-target-system) - '() - '("--host=i586-pc-gnu")) + "--build=i686-pc-gnu" ;; Reduce set of dependencies. - "--without-parted" - "--disable-ncursesw" - "--disable-test" - "--without-libbz2" - "--without-libz" - ;; Skip the clnt_create check because it expects - ;; a working glibc causing a circular dependency. - "ac_cv_search_clnt_create=no") + "--without-parted") #:tests? #f)) (home-page "http://www.gnu.org/software/hurd/hurd.html") @@ -149,28 +140,46 @@ (define-public hurd-minimal (name "hurd-minimal") (inputs `(("glibc-hurd-headers" ,glibc/hurd-headers))) (native-inputs - `(("mig" ,mig))) + `(("autoconf" ,(autoconf-wrapper)) + ("mig" ,mig))) + (arguments - (substitute-keyword-arguments (package-arguments hurd-headers) - ((#:phases _) - '(alist-replace - 'install - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - ;; We need to copy libihash.a to the output directory manually, - ;; since there is no target for that in the makefile. - (mkdir-p (string-append out "/include")) - (copy-file "libihash/ihash.h" - (string-append out "/include/ihash.h")) - (mkdir-p (string-append out "/lib")) - (copy-file "libihash/libihash.a" - (string-append out "/lib/libihash.a")) - #t)) - (alist-replace - 'build - (lambda _ - (zero? (system* "make" "-Clibihash" "libihash.a"))) - %standard-phases))))) + `(#:phases (alist-replace + 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + ;; We need to copy libihash.a to the output directory manually, + ;; since there is no target for that in the makefile. + (mkdir-p (string-append out "/include")) + (copy-file "libihash/ihash.h" + (string-append out "/include/ihash.h")) + (mkdir-p (string-append out "/lib")) + (copy-file "libihash/libihash.a" + (string-append out "/lib/libihash.a")) + #t)) + (alist-replace + 'build + (lambda _ + (zero? (system* "make" "-Clibihash" "libihash.a"))) + (alist-cons-before + 'configure 'bootstrap + (lambda _ + (zero? (system* "autoreconf" "-vfi"))) + %standard-phases))) + #:configure-flags '(;; Pretend we're on GNU/Hurd; 'configure' wants + ;; that. + "--host=i686-pc-gnu" + + ;; Reduce set of dependencies. + "--disable-ncursesw" + "--disable-test" + "--without-libbz2" + "--without-libz" + "--without-parted" + ;; Skip the clnt_create check because it expects + ;; a working glibc causing a circular dependency. + "ac_cv_search_clnt_create=no") + #:tests? #f)) (home-page "http://www.gnu.org/software/hurd/hurd.html") (synopsis "GNU Hurd libraries") (description diff --git a/gnu/packages/ld-wrapper.in b/gnu/packages/ld-wrapper.in index ebfd8332c4..c92ed1dcc7 100644 --- a/gnu/packages/ld-wrapper.in +++ b/gnu/packages/ld-wrapper.in @@ -6,16 +6,12 @@ # the shebang line in Linux. # Use `load-compiled' because `load' (and `-l') doesn't otherwise load our # .go file (see ). -# Unset 'GUILE_LOAD_COMPILED_PATH' to make sure we do not stumble upon -# incompatible .go files. See -# . -unset GUILE_LOAD_COMPILED_PATH main="(@ (gnu build-support ld-wrapper) ld-wrapper)" exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)))" "$@" !# ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès +;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index f6352da486..abddd74fb5 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -106,7 +106,7 @@ (define (linux-libre-urls version) version "-gnu.tar.xz"))) (define-public linux-libre-headers - (let* ((version "4.1.18") + (let* ((version "3.14.37") (build-phase (lambda (arch) `(lambda _ @@ -144,7 +144,7 @@ (define-public linux-libre-headers (uri (linux-libre-urls version)) (sha256 (base32 - "1bddh2rg645lavhjkk9z75vflba5y0g73z2fjwgbfrj5jb44x9i7")))) + "1blxr2bsvfqi9khj4cpspv434bmx252zak2wsbi2mgl60zh77gza")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (arguments @@ -469,11 +469,12 @@ (define-public util-linux (("build_kill=yes") "build_kill=no")) #t)))) (build-system gnu-build-system) - (outputs '("out" - "static")) ; >2 MiB of static .a libraries (arguments `(#:configure-flags (list "--disable-use-tty-group" + ;; Do not build .a files to save 2 MiB. + "--disable-static" + ;; Install completions where our ;; bash-completion package expects them. (string-append "--with-bashcompletiondir=" @@ -498,19 +499,6 @@ (define-public util-linux (substitute* "tests/ts/misc/mcookie" (("/etc/services") (string-append net "/etc/services"))) - #t))) - (add-after - 'install 'move-static-libraries - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out")) - (static (assoc-ref outputs "static"))) - (mkdir-p (string-append static "/lib")) - (with-directory-excursion out - (for-each (lambda (file) - (rename-file file - (string-append static "/" - file))) - (find-files "lib" "\\.a$"))) #t)))))) (inputs `(("zlib" ,zlib) ("ncurses" ,ncurses))) @@ -539,9 +527,7 @@ (define-public procps "procps-ng-" version ".tar.xz")) (sha256 (base32 - "1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9")) - (patches - (list (search-patch "procps-non-linux.patch"))))) + "1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9")))) (build-system gnu-build-system) (arguments '(#:modules ((guix build utils) @@ -1576,7 +1562,7 @@ (define-public inotify-tools (define-public kmod (package (name "kmod") - (version "22") + (version "17") (source (origin (method url-fetch) (uri @@ -1584,7 +1570,7 @@ (define-public kmod "kmod-" version ".tar.xz")) (sha256 (base32 - "10lzfkmnpq6a43a3gkx7x633njh216w0bjwz31rv8a1jlgg1sfxs")) + "1yid3a9b64a60ybj66fk2ysrq5klnl0ijl4g624cl16y8404g9rv")) (patches (search-patches "kmod-module-directory.patch")))) (build-system gnu-build-system) (native-inputs @@ -2608,26 +2594,12 @@ (define-public btrfs-progs (base32 "06c9l6m3w29dndk17jrlpgr01wykl10h34zva8zc2c571z6mrlaf")))) (build-system gnu-build-system) - (outputs '("out" - "static")) ; static versions of binaries in "out" (~16MiB!) (arguments - '(#:phases (modify-phases %standard-phases - (add-after 'build 'build-static - (lambda _ (zero? (system* "make" "static")))) - (add-after 'install 'install-static - (let ((staticbin (string-append (assoc-ref %outputs "static") - "/bin"))) - (lambda _ - (zero? (system* "make" - (string-append "bindir=" staticbin) - "install-static")))))) - #:test-target "test" + '(#:test-target "test" #:parallel-tests? #f)) ; tests fail when run in parallel (inputs `(("e2fsprogs" ,e2fsprogs) ("libblkid" ,util-linux) - ("libblkid:static" ,util-linux "static") ("libuuid" ,util-linux) - ("libuuid:static" ,util-linux "static") ("zlib" ,zlib) ("lzo" ,lzo))) (native-inputs `(("pkg-config" ,pkg-config) diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm index 8ee249d397..bfbd53f148 100644 --- a/gnu/packages/lisp.scm +++ b/gnu/packages/lisp.scm @@ -148,7 +148,7 @@ (define-public ecl `("CPATH" suffix ,(map (lambda (lib) (input-path lib "/include")) - `("kernel-headers" ,@libraries))) + `("linux-headers" ,@libraries))) `("LIBRARY_PATH" suffix ,library-directories) `("LD_LIBRARY_PATH" suffix ,library-directories))))) (add-after 'wrap 'check (assoc-ref %standard-phases 'check))))) diff --git a/gnu/packages/lout.scm b/gnu/packages/lout.scm index 1355e0387a..f6715c88d6 100644 --- a/gnu/packages/lout.scm +++ b/gnu/packages/lout.scm @@ -87,9 +87,8 @@ (define out "1gb8vb1wl7ikn269dd1c7ihqhkyrwk19jwx5kd0rdvbk6g7g25ix")))) (build-system gnu-build-system) ; actually, just a makefile (outputs '("out" "doc")) - (native-inputs - `(("ghostscript" ,ghostscript) - ("ghostscript-gs" ,ghostscript-gs))) + (inputs + `(("ghostscript" ,ghostscript))) (arguments `(#:modules ((guix build utils) (guix build gnu-build-system) (srfi srfi-1)) ; we need SRFI-1 diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index 28978a8ba5..534fa2af08 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015 Ludovic Courtès ;;; Copyright © 2014, 2015 Mark H Weaver ;;; Copyright © 2014 Ian Denhardt ;;; Copyright © 2014 Sou Bunnbu @@ -743,12 +743,12 @@ (define-public exim ("gzip" ,gzip) ("bzip2" ,bzip2) ("xz" ,xz) + ("pcre" ,pcre) ("perl" ,perl) ("libxt" ,libxt) ("libxaw" ,libxaw))) (native-inputs - `(("pcre" ,pcre "bin") - ("perl" ,perl))) + `(("perl" ,perl))) (arguments '(#:phases (alist-replace @@ -1206,7 +1206,8 @@ (define-public procmail ;; filesystem are performed during 'make install'. However, these ;; are performed before the actual build process. (build-system gnu-build-system) - (inputs `(("exim" ,exim))) + (inputs `(("glibc" ,glibc) + ("exim" ,exim))) (home-page "http://www.procmail.org/") (synopsis "Versatile mail delivery agent (MDA)") (description "Procmail is a mail delivery agent (MDA) featuring support diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm index def9c23b17..85dfaa6b6f 100644 --- a/gnu/packages/make-bootstrap.scm +++ b/gnu/packages/make-bootstrap.scm @@ -344,7 +344,7 @@ (define %glibc-stripped (libdir (string-append out "/lib")) (incdir (string-append out "/include")) (libc (assoc-ref %build-inputs "libc")) - (linux (assoc-ref %build-inputs "kernel-headers"))) + (linux (assoc-ref %build-inputs "linux-headers"))) (mkdir-p libdir) (for-each (lambda (file) (let ((target (string-append libdir "/" @@ -379,7 +379,7 @@ (define %glibc-stripped (parameterize ((%current-target-system #f)) (cross-libc target))) glibc))) - ("kernel-headers" ,linux-libre-headers))) + ("linux-headers" ,linux-libre-headers))) ;; Only one output. (outputs '("out"))))) diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index fcea0bca0e..e81b197061 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -2192,14 +2192,7 @@ (define-public lpsolve ;; Pretend to be on a 64 bit platform to obtain a common directory ;; name for the build results on all architectures; nothing else ;; seems to depend on it. - (("^PLATFORM=.*$") "PLATFORM=ux64\n") - - ;; The check for 'isnan' as it is written fails with - ;; "non-floating-point argument in call to function - ;; ‘__builtin_isnan’", which leads to the 'NOISNAN' cpp macro - ;; definition, which in turn leads to bad things. Fix the feature - ;; test. - (("isnan\\(0\\)") "isnan(0.)"))))) + (("^PLATFORM=.*$") "PLATFORM=ux64\n"))))) (build-system gnu-build-system) (arguments `(#:tests? #f ; no check target @@ -2208,10 +2201,11 @@ (define-public lpsolve (delete 'configure) (replace 'build (lambda _ - (and (with-directory-excursion "lpsolve55" - (zero? (system* "bash" "ccc"))) - (with-directory-excursion "lp_solve" - (zero? (system* "bash" "ccc")))))) + (with-directory-excursion "lpsolve55" + (system* "bash" "ccc")) + (with-directory-excursion "lp_solve" + (system* "bash" "ccc")) + #t)) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) @@ -2247,7 +2241,7 @@ (define-public lpsolve (define-public dealii (package (name "dealii") - (version "8.4.1") + (version "8.2.1") (source (origin (method url-fetch) @@ -2255,7 +2249,8 @@ (define-public dealii "download/v" version "/dealii-" version ".tar.gz")) (sha256 (base32 - "1bdksvvyp1rj37df1ndh8j3x9nzpc3sazw8nd0hzvnlw0qnyk800")) + "185jych0gdnpkjwxni7pd0dda149492zwq2457xdjg76bzj78mnp")) + (patches (search-patches "dealii-p4est-interface.patch")) (modules '((guix build utils))) (snippet ;; Remove bundled sources: UMFPACK, TBB, muParser, and boost diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm index 2b8839c7e9..565163732e 100644 --- a/gnu/packages/mit-krb5.scm +++ b/gnu/packages/mit-krb5.scm @@ -30,7 +30,7 @@ (define-module (gnu packages mit-krb5) (define-public mit-krb5 (package (name "mit-krb5") - (version "1.14.2") + (version "1.13.3") (source (origin (method url-fetch) (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/" @@ -38,24 +38,18 @@ (define-public mit-krb5 "/krb5-" version ".tar.gz")) (sha256 (base32 - "09wbv969ak4fqlqr1ip5bi62fny1zlp1vwjarvj6a6cdfzkdgjkb")))) + "1gpscn78lv48dxccxq9ncyj53w9l2a15xmngjfa1wylvmn7g0jjx")) + (patches + (search-patches "mit-krb5-init-context-null-spnego.patch" + "mit-krb5-CVE-2015-8629.patch" + "mit-krb5-CVE-2015-8630.patch" + "mit-krb5-CVE-2015-8631.patch")))) (build-system gnu-build-system) (native-inputs `(("bison" ,bison) ("perl" ,perl))) (arguments - `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h', - ;; needed by 'authgss_prot.so'." - #:parallel-build? #f - - ;; Likewise with tests. - #:parallel-tests? #f - - ;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call - ;; while running the tests in 'src/tests'. - #:tests? ,(string=? (%current-system) "x86_64-linux") - - #:phases + `(#:phases (modify-phases %standard-phases (add-after 'unpack 'enter-source-directory (lambda _ diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm index 46540be5c4..99243235ad 100644 --- a/gnu/packages/multiprecision.scm +++ b/gnu/packages/multiprecision.scm @@ -80,13 +80,13 @@ (define-public gmp-6.0 (define-public mpfr (package (name "mpfr") - (version "3.1.4") + (version "3.1.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/mpfr/mpfr-" version ".tar.xz")) (sha256 (base32 - "1x8pcnpn1vxfzfsr0js07rwhwyq27fmdzcfjpzi5773ldnqi653n")))) + "05jaa5z78lvrayld09nyr0v27c1m5dm9l7kr85v2bj4jv65s0db8")))) (build-system gnu-build-system) (outputs '("out" "debug")) (propagated-inputs `(("gmp" ,gmp))) ; refers to diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm index 8dbdf2ca29..9bde1d7ac2 100644 --- a/gnu/packages/music.scm +++ b/gnu/packages/music.scm @@ -405,7 +405,7 @@ (define-public lilypond ("font-tex-gyre" ,font-tex-gyre) ("fontconfig" ,fontconfig) ("freetype" ,freetype) - ("ghostscript" ,ghostscript-gs) + ("ghostscript" ,ghostscript) ("pango" ,pango) ("python" ,python-2))) (native-inputs diff --git a/gnu/packages/netpbm.scm b/gnu/packages/netpbm.scm index cd0c3d950d..475635e7e1 100644 --- a/gnu/packages/netpbm.scm +++ b/gnu/packages/netpbm.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2015 Andreas Enge -;;; Copyright © 2015, 2016 Ludovic Courtès +;;; Copyright © 2015 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -27,7 +27,6 @@ (define-module (gnu packages netpbm) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) #:use-module (gnu packages xml) - #:use-module (gnu packages xorg) #:use-module (guix build-system gnu) #:use-module ((guix licenses) #:select (gpl2)) #:use-module (guix packages) @@ -55,8 +54,9 @@ (define-public netpbm (file-name (string-append name "-" version "-checkout")) (modules '((guix build utils))) (snippet + ;; Remove non-FSDG-compliant code. '(begin - ;; Remove non-FSDG-compliant code. + (use-modules (guix build utils)) (define-syntax drop (syntax-rules (in) @@ -84,22 +84,13 @@ (define-syntax drop (drop "pbmto4425" "pbmtoln03" "pbmtolps" "pbmtopk" "pktopbm" in "converter/pbm") (drop "spottopgm" in "converter/pgm") - (drop "ppmtopjxl" in "converter/ppm") - - ;; Remove timestamps from the generated code. - (substitute* "buildtools/stamp-date" - (("^DATE=.*") - "DATE=\"Thu Jan 01 00:00:00+0000 1970\"\n") - (("^USER=.*") - "USER=Guix\n")))))) - + (drop "ppmtopjxl" in "converter/ppm"))))) (build-system gnu-build-system) (inputs `(("ghostscript" ,ghostscript) ("libjpeg" ,libjpeg) ("libpng" ,libpng) ("libtiff" ,libtiff) ("libxml2" ,libxml2) - ("xorg-rgb" ,xorg-rgb) ("zlib" ,zlib))) (native-inputs `(("flex" ,flex) @@ -108,62 +99,50 @@ (define-syntax drop ("python" ,python-wrapper))) (arguments `(#:phases - (modify-phases %standard-phases - (replace 'configure - (lambda* (#:key inputs outputs #:allow-other-keys) - (copy-file "config.mk.in" "config.mk") - (chmod "config.mk" #o664) - (let ((f (open-file "config.mk" "a"))) - (display "CC=gcc\n" f) - (display "CFLAGS_SHLIB += -fPIC\n" f) - (display "TIFFLIB = libtiff.so\n" f) - (display "JPEGLIB = libjpeg.so\n" f) - (display "ZLIB = libz.so\n" f) - (display (string-append "LDFLAGS += -Wl,-rpath=" %output "/lib") f) - (close-port f)) - - (let ((rgb (string-append (assoc-ref inputs "xorg-rgb") - "/share/X11/rgb.txt"))) - (substitute* "pm_config.in.h" - (("/usr/share/X11/rgb.txt") rgb)) - - ;; Our Ghostscript no longer provides the 'gs' command, only - ;; 'gsc', so look for that instead. - (substitute* "converter/other/pstopnm.c" - (("\"%s/gs\"") - "\"%s/gsc\""))) - #t)) - (add-before 'check 'setup-check - (lambda _ - ;; install temporarily into /tmp/netpbm - (system* "make" "package") - ;; remove test requiring X - (substitute* "test/all-in-place.test" (("pamx") "")) - ;; do not worry about non-existing file - (substitute* "test/all-in-place.test" (("^rm ") "rm -f ")) - ;; remove four tests that fail for unknown reasons - (substitute* "test/Test-Order" - (("all-in-place.test") "") - (("pnmpsnr.test") "") - (("pnmremap1.test") "") - (("gif-roundtrip.test") "")) - #t)) - (replace 'install - (lambda* (#:key outputs make-flags #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (apply system* "make" "package" - (string-append "pkgdir=" out) make-flags) - ;; copy static library - (copy-file (string-append out "/link/libnetpbm.a") - (string-append out "/lib/libnetpbm.a")) - ;; remove superfluous folders and files - (system* "rm" "-r" (string-append out "/link")) - (system* "rm" "-r" (string-append out "/misc")) - (with-directory-excursion out - (for-each delete-file - '("config_template" "pkginfo" "README" - "VERSION"))) - #t)))))) + (alist-replace + 'configure + (lambda _ + (copy-file "config.mk.in" "config.mk") + (chmod "config.mk" #o664) + (let ((f (open-file "config.mk" "a"))) + (display "CC=gcc\n" f) + (display "CFLAGS_SHLIB += -fPIC\n" f) + (display "TIFFLIB = libtiff.so\n" f) + (display "JPEGLIB = libjpeg.so\n" f) + (display "ZLIB = libz.so\n" f) + (display (string-append "LDFLAGS += -Wl,-rpath=" %output "/lib") f) + (close-port f))) + (alist-cons-before + 'check 'setup-check + (lambda _ + ;; install temporarily into /tmp/netpbm + (system* "make" "package") + ;; remove test requiring X + (substitute* "test/all-in-place.test" (("pamx") "")) + ;; do not worry about non-existing file + (substitute* "test/all-in-place.test" (("^rm ") "rm -f ")) + ;; remove four tests that fail for unknown reasons + (substitute* "test/Test-Order" + (("all-in-place.test") "") + (("pnmpsnr.test") "") + (("pnmremap1.test") "") + (("gif-roundtrip.test") ""))) + (alist-replace + 'install + (lambda* (#:key outputs make-flags #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (apply system* "make" "package" + (string-append "pkgdir=" out) make-flags) + ;; copy static library + (copy-file (string-append out "/link/libnetpbm.a") + (string-append out "/lib/libnetpbm.a")) + ;; remove superfluous folders and files + (system* "rm" "-r" (string-append out "/link")) + (system* "rm" "-r" (string-append out "/misc")) + (with-directory-excursion out + (for-each delete-file + '("config_template" "pkginfo" "README" "VERSION"))))) + %standard-phases))))) (synopsis "Toolkit for manipulation of images") (description "Netpbm is a toolkit for the manipulation of graphic images, including diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index c14d83c016..bd913f6ecd 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -569,7 +569,6 @@ (define-public unison (native-inputs `(("ocaml" ,ocaml) ;; For documentation - ("ghostscript-gs" ,ghostscript-gs) ("ghostscript" ,ghostscript) ("texlive" ,texlive) ("hevea" ,hevea) diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm index 4bbc6a6bf8..429078fc92 100644 --- a/gnu/packages/openldap.scm +++ b/gnu/packages/openldap.scm @@ -34,8 +34,9 @@ (define-module (gnu packages openldap) (define-public openldap (package + (replacement openldap-2.4.44) (name "openldap") - (version "2.4.44") + (version "2.4.42") (source (origin (method url-fetch) @@ -52,9 +53,9 @@ (define-public openldap "openldap-release/openldap-" version ".tgz"))) (sha256 (base32 - "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp")))) + "0qwfpb5ipp2l76v11arghq5mr0sjc6xhjfg8a0kgsaw5qpib1dzf")))) (build-system gnu-build-system) - (inputs `(("bdb" ,bdb-5.3) + (inputs `(("bdb" ,bdb) ("openssl" ,openssl) ("cyrus-sasl" ,cyrus-sasl) ("groff" ,groff) @@ -77,3 +78,24 @@ (define-public openldap "OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.") (license openldap2.8) (home-page "http://www.openldap.org/"))) + +(define openldap-2.4.44 + (package + (inherit openldap) + (replacement #f) + (source + (let ((version "2.4.44")) + (origin + (method url-fetch) + (uri (list (string-append + "ftp://mirror.switch.ch/mirror/OpenLDAP/" + "openldap-release/openldap-" version ".tgz") + (string-append + "ftp://ftp.OpenLDAP.org/pub/OpenLDAP/" + "openldap-release/openldap-" version ".tgz") + (string-append + "ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/" + "openldap-release/openldap-" version ".tgz"))) + (sha256 + (base32 + "0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))))) diff --git a/gnu/packages/patches/automake-test-gzip-warning.patch b/gnu/packages/patches/automake-test-gzip-warning.patch deleted file mode 100644 index bcc9c207ae..0000000000 --- a/gnu/packages/patches/automake-test-gzip-warning.patch +++ /dev/null @@ -1,17 +0,0 @@ -Adjust test to ignore gzip 1.8+ warnings. - ---- automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:36:26.554218552 +0200 -+++ automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:37:52.903157770 +0200 -@@ -49,7 +49,11 @@ grep "cannot find sources.* in foobar" s - - ./configure - run_make -E -O distcheck --test ! -s stderr -+ -+# Gzip 1.8+ emits warnings like "gzip: warning: GZIP environment -+# variable is deprecated"; filter them out. -+test `grep -v '^gzip: warning' stderr | wc -l` -eq 0 -+ - # Sanity check: the flags have been actually seen. - $PERL -e 'undef $/; $_ = <>; s/ \\\n/ /g; print;' t - grep '/configure .* --srcdir am-src' t || exit 99 diff --git a/gnu/packages/patches/dealii-p4est-interface.patch b/gnu/packages/patches/dealii-p4est-interface.patch new file mode 100644 index 0000000000..4c4125d16c --- /dev/null +++ b/gnu/packages/patches/dealii-p4est-interface.patch @@ -0,0 +1,62 @@ +From upstream commit f764598c. + +The p4est_connectivity_load function used to take an unsigned long as argument, +but this has been changed to size_t in p4est 1.0. This makes no difference on +64 bit systems, but leads to compiler errors on 32 bit systems. Fix this. + +--- a/source/distributed/tria.cc ++++ b/source/distributed/tria.cc +@@ -204,7 +204,11 @@ namespace internal + static + int (&connectivity_is_valid) (types<2>::connectivity *connectivity); + +-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3) ++#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0) ++ static ++ types<2>::connectivity *(&connectivity_load) (const char *filename, ++ size_t *length); ++#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3) + static + types<2>::connectivity *(&connectivity_load) (const char *filename, + long unsigned *length); +@@ -384,7 +388,12 @@ namespace internal + *connectivity) + = p4est_connectivity_is_valid; + +-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3) ++#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0) ++ types<2>::connectivity * ++ (&functions<2>::connectivity_load) (const char *filename, ++ size_t *length) ++ = p4est_connectivity_load; ++#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3) + types<2>::connectivity * + (&functions<2>::connectivity_load) (const char *filename, + long unsigned *length) +@@ -564,7 +573,11 @@ namespace internal + static + int (&connectivity_is_valid) (types<3>::connectivity *connectivity); + +-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3) ++#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0) ++ static ++ types<3>::connectivity *(&connectivity_load) (const char *filename, ++ size_t *length); ++#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3) + static + types<3>::connectivity *(&connectivity_load) (const char *filename, + long unsigned *length); +@@ -747,7 +760,12 @@ namespace internal + *connectivity) + = p8est_connectivity_is_valid; + +-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3) ++#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0) ++ types<3>::connectivity * ++ (&functions<3>::connectivity_load) (const char *filename, ++ size_t *length) ++ = p8est_connectivity_load; ++#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3) + types<3>::connectivity * + (&functions<3>::connectivity_load) (const char *filename, + long unsigned *length) diff --git a/gnu/packages/patches/dico-idxgcide-bug.patch b/gnu/packages/patches/dico-idxgcide-bug.patch deleted file mode 100644 index 28cc8a6a08..0000000000 --- a/gnu/packages/patches/dico-idxgcide-bug.patch +++ /dev/null @@ -1,21 +0,0 @@ -Reported at . -Patch the .c file to avoid depending on Flex. - -commit 4599abbda3b5979367138ea098e435c919fe93fc -Author: Sergey Poznyakoff -Date: Thu Jul 28 14:09:58 2016 +0300 - - Bugfix - - * modules/gcide/idxgcide.l (main): Initialize ipg_header. - ---- dico-2.2/modules/gcide/idxgcide.c 2016-07-28 14:15:07.823587004 +0200 -+++ dico-2.2/modules/gcide/idxgcide.c 2016-07-28 14:15:09.435600549 +0200 -@@ -2497,6 +2497,7 @@ main(int argc, char **argv) - dico_log(L_ERR, 0, _("not enough memory")); - exit(EX_UNAVAILABLE); - } -+ idx_page->ipg_header.hdr.phdr_numentries = 0; - idx_page->ipg_header.hdr.phdr_text_offset = idx_header.ihdr_pagesize / 2; - - idx_header.ihdr_maxpageref = idx_header.ihdr_pagesize / 2 / diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch index fc8d6291f5..af5e3bcc3e 100644 --- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch +++ b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch @@ -1,39 +1,42 @@ -Follow-up upstream fix for CVE-2015-1283 to not rely on undefined -behavior. +Update previous fix for CVE-2015-1283 to not rely on undefined behavior. -Adapted from a patch from Debian (found in Debian package version -2.1.0-6+deb8u2) to apply to upstream code: +Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2. https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/ +From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001 +From: Pascal Cuoq +Date: Sun, 15 May 2016 09:05:46 +0200 +Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. + --- - lib/xmlparse.c | 6 ++++-- + expat/lib/xmlparse.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 0f6f4cd..5c70c17 100644 +index 13e080d..cdb12ef 100644 --- a/lib/xmlparse.c +++ b/lib/xmlparse.c -@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len) +@@ -1695,7 +1695,8 @@ XML_GetBuffer(XML_Parser parser, int len } if (len > bufferLim - bufferEnd) { - int neededSize = len + (int)(bufferEnd - bufferPtr); + /* Do not invoke signed arithmetic overflow: */ + int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr)); + /* BEGIN MOZILLA CHANGE (sanity check neededSize) */ if (neededSize < 0) { errorCode = XML_ERROR_NO_MEMORY; - return NULL; -@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len) +@@ -1729,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len if (bufferSize == 0) bufferSize = INIT_BUFFER_SIZE; do { - bufferSize *= 2; + /* Do not invoke signed arithmetic overflow: */ + bufferSize = (int) (2U * (unsigned) bufferSize); + /* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ } while (bufferSize < neededSize && bufferSize > 0); - if (bufferSize <= 0) { - errorCode = XML_ERROR_NO_MEMORY; + /* END MOZILLA CHANGE */ -- -2.8.3 +2.8.2 diff --git a/gnu/packages/patches/expat-CVE-2015-1283.patch b/gnu/packages/patches/expat-CVE-2015-1283.patch new file mode 100644 index 0000000000..f9065bea16 --- /dev/null +++ b/gnu/packages/patches/expat-CVE-2015-1283.patch @@ -0,0 +1,89 @@ +Copied from Debian. + +Description: fix multiple integer overflows in the XML_GetBuffer function + Multiple integer overflows in the XML_GetBuffer function in Expat through + 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, + allow remote attackers to cause a denial of service (heap-based buffer + overflow) or possibly have unspecified other impact via crafted XML data, + a related issue to CVE-2015-2716. +Origin: Mozilla, https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c +Author: Eric Rahm +Forwarded: not-needed +Last-Update: 2015-07-24 + +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -1673,29 +1673,40 @@ XML_ParseBuffer(XML_Parser parser, int l + XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position); + positionPtr = bufferPtr; + return result; + } + + void * XMLCALL + XML_GetBuffer(XML_Parser parser, int len) + { ++/* BEGIN MOZILLA CHANGE (sanity check len) */ ++ if (len < 0) { ++ errorCode = XML_ERROR_NO_MEMORY; ++ return NULL; ++ } ++/* END MOZILLA CHANGE */ + switch (ps_parsing) { + case XML_SUSPENDED: + errorCode = XML_ERROR_SUSPENDED; + return NULL; + case XML_FINISHED: + errorCode = XML_ERROR_FINISHED; + return NULL; + default: ; + } + + if (len > bufferLim - bufferEnd) { +- /* FIXME avoid integer overflow */ + int neededSize = len + (int)(bufferEnd - bufferPtr); ++/* BEGIN MOZILLA CHANGE (sanity check neededSize) */ ++ if (neededSize < 0) { ++ errorCode = XML_ERROR_NO_MEMORY; ++ return NULL; ++ } ++/* END MOZILLA CHANGE */ + #ifdef XML_CONTEXT_BYTES + int keep = (int)(bufferPtr - buffer); + + if (keep > XML_CONTEXT_BYTES) + keep = XML_CONTEXT_BYTES; + neededSize += keep; + #endif /* defined XML_CONTEXT_BYTES */ + if (neededSize <= bufferLim - buffer) { +@@ -1714,17 +1725,25 @@ XML_GetBuffer(XML_Parser parser, int len + } + else { + char *newBuf; + int bufferSize = (int)(bufferLim - bufferPtr); + if (bufferSize == 0) + bufferSize = INIT_BUFFER_SIZE; + do { + bufferSize *= 2; +- } while (bufferSize < neededSize); ++/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ ++ } while (bufferSize < neededSize && bufferSize > 0); ++/* END MOZILLA CHANGE */ ++/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */ ++ if (bufferSize <= 0) { ++ errorCode = XML_ERROR_NO_MEMORY; ++ return NULL; ++ } ++/* END MOZILLA CHANGE */ + newBuf = (char *)MALLOC(bufferSize); + if (newBuf == 0) { + errorCode = XML_ERROR_NO_MEMORY; + return NULL; + } + bufferLim = newBuf + bufferSize; + #ifdef XML_CONTEXT_BYTES + if (bufferPtr) { + + + + diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch new file mode 100644 index 0000000000..9a0909af74 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2015-7547.patch @@ -0,0 +1,559 @@ +Copied from Fedora: +http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584 + +Adapted to apply cleanly to glibc-2.22. + +Index: b/resolv/nss_dns/dns-host.c +=================================================================== +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an + int h_namelen = 0; + + if (ancount == 0) +- return NSS_STATUS_NOTFOUND; ++ { ++ *h_errnop = HOST_NOT_FOUND; ++ return NSS_STATUS_NOTFOUND; ++ } + + while (ancount-- > 0 && cp < end_of_message && had_error == 0) + { +@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an + /* Special case here: if the resolver sent a result but it only + contains a CNAME while we are looking for a T_A or T_AAAA record, + we fail with NOTFOUND instead of TRYAGAIN. */ +- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; ++ if (canon != NULL) ++ { ++ *h_errnop = HOST_NOT_FOUND; ++ return NSS_STATUS_NOTFOUND; ++ } ++ ++ *h_errnop = NETDB_INTERNAL; ++ return NSS_STATUS_TRYAGAIN; + } + + +@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, + + enum nss_status status = NSS_STATUS_NOTFOUND; + ++ /* Combining the NSS status of two distinct queries requires some ++ compromise and attention to symmetry (A or AAAA queries can be ++ returned in any order). What follows is a breakdown of how this ++ code is expected to work and why. We discuss only SUCCESS, ++ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns ++ that apply (though RETURN and MERGE exist). We make a distinction ++ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). ++ A recoverable TRYAGAIN is almost always due to buffer size issues ++ and returns ERANGE in errno and the caller is expected to retry ++ with a larger buffer. ++ ++ Lastly, you may be tempted to make significant changes to the ++ conditions in this code to bring about symmetry between responses. ++ Please don't change anything without due consideration for ++ expected application behaviour. Some of the synthesized responses ++ aren't very well thought out and sometimes appear to imply that ++ IPv4 responses are always answer 1, and IPv6 responses are always ++ answer 2, but that's not true (see the implemetnation of send_dg ++ and send_vc to see response can arrive in any order, particlarly ++ for UDP). However, we expect it holds roughly enough of the time ++ that this code works, but certainly needs to be fixed to make this ++ a more robust implementation. ++ ++ ---------------------------------------------- ++ | Answer 1 Status / | Synthesized | Reason | ++ | Answer 2 Status | Status | | ++ |--------------------------------------------| ++ | SUCCESS/SUCCESS | SUCCESS | [1] | ++ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | ++ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | ++ | SUCCESS/NOTFOUND | SUCCESS | [1] | ++ | SUCCESS/UNAVAIL | SUCCESS | [1] | ++ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | ++ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | ++ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | ++ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | ++ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | ++ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | ++ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | ++ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | ++ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | ++ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | ++ | NOTFOUND/SUCCESS | SUCCESS | [3] | ++ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | ++ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | ++ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | ++ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | ++ | UNAVAIL/SUCCESS | UNAVAIL | [4] | ++ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | ++ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | ++ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | ++ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | ++ ---------------------------------------------- ++ ++ [1] If the first response is a success we return success. ++ This ignores the state of the second answer and in fact ++ incorrectly sets errno and h_errno to that of the second ++ answer. However because the response is a success we ignore ++ *errnop and *h_errnop (though that means you touched errno on ++ success). We are being conservative here and returning the ++ likely IPv4 response in the first answer as a success. ++ ++ [2] If the first response is a recoverable TRYAGAIN we return ++ that instead of looking at the second response. The ++ expectation here is that we have failed to get an IPv4 response ++ and should retry both queries. ++ ++ [3] If the first response was not a SUCCESS and the second ++ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, ++ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the ++ result from the second response, otherwise the first responses ++ status is used. Again we have some odd side-effects when the ++ second response is NOTFOUND because we overwrite *errnop and ++ *h_errnop that means that a first answer of NOTFOUND might see ++ its *errnop and *h_errnop values altered. Whether it matters ++ in practice that a first response NOTFOUND has the wrong ++ *errnop and *h_errnop is undecided. ++ ++ [4] If the first response is UNAVAIL we return that instead of ++ looking at the second response. The expectation here is that ++ it will have failed similarly e.g. configuration failure. ++ ++ [5] Testing this code is complicated by the fact that truncated ++ second response buffers might be returned as SUCCESS if the ++ first answer is a SUCCESS. To fix this we add symmetry to ++ TRYAGAIN with the second response. If the second response ++ is a recoverable error we now return TRYAGIN even if the first ++ response was SUCCESS. */ ++ + if (anslen1 > 0) + status = gaih_getanswer_slice(answer1, anslen1, qname, + &pat, &buffer, &buflen, + errnop, h_errnop, ttlp, + &first); ++ + if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND + || (status == NSS_STATUS_TRYAGAIN + /* We want to look at the second answer in case of an +@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, + &pat, &buffer, &buflen, + errnop, h_errnop, ttlp, + &first); ++ /* Use the second response status in some cases. */ + if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) + status = status2; ++ /* Do not return a truncated second response (unless it was ++ unavoidable e.g. unrecoverable TRYAGAIN). */ ++ if (status == NSS_STATUS_SUCCESS ++ && (status2 == NSS_STATUS_TRYAGAIN ++ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) ++ status = NSS_STATUS_TRYAGAIN; + } + + return status; +Index: b/resolv/res_query.c +=================================================================== +--- a/resolv/res_query.c ++++ b/resolv/res_query.c +@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + } +@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + +@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + if (saved_herrno != -1) +Index: b/resolv/res_send.c +=================================================================== +--- a/resolv/res_send.c ++++ b/resolv/res_send.c +@@ -1,3 +1,20 @@ ++/* Copyright (C) 2016 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ + /* + * Copyright (c) 1985, 1989, 1993 + * The Regents of the University of California. All rights reserved. +@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const + #ifdef USE_HOOKS + if (__glibc_unlikely (statp->qhook || statp->rhook)) { + if (anssiz < MAXPACKET && ansp) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *buf = malloc (MAXPACKET); + if (buf == NULL) + return (-1); +@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend) + + /* Private */ + ++/* The send_vc function is responsible for sending a DNS query over TCP ++ to the nameserver numbered NS from the res_state STATP i.e. ++ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and ++ IPv6 queries at the same serially on the same socket. ++ ++ Please note that for TCP there is no way to disable sending both ++ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP ++ and sends the queries serially and waits for the result after each ++ sent query. This implemetnation should be corrected to honour these ++ options. ++ ++ Please also note that for TCP we send both queries over the same ++ socket one after another. This technically violates best practice ++ since the server is allowed to read the first query, respond, and ++ then close the socket (to service another client). If the server ++ does this, then the remaining second query in the socket data buffer ++ will cause the server to send the client an RST which will arrive ++ asynchronously and the client's OS will likely tear down the socket ++ receive buffer resulting in a potentially short read and lost ++ response data. This will force the client to retry the query again, ++ and this process may repeat until all servers and connection resets ++ are exhausted and then the query will fail. It's not known if this ++ happens with any frequency in real DNS server implementations. This ++ implementation should be corrected to use two sockets by default for ++ parallel queries. ++ ++ The query stored in BUF of BUFLEN length is sent first followed by ++ the query stored in BUF2 of BUFLEN2 length. Queries are sent ++ serially on the same socket. ++ ++ Answers to the query are stored firstly in *ANSP up to a max of ++ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP ++ is non-NULL (to indicate that modifying the answer buffer is allowed) ++ then malloc is used to allocate a new response buffer and ANSCP and ++ ANSP will both point to the new buffer. If more than *ANSSIZP bytes ++ are needed but ANSCP is NULL, then as much of the response as ++ possible is read into the buffer, but the results will be truncated. ++ When truncation happens because of a small answer buffer the DNS ++ packets header feild TC will bet set to 1, indicating a truncated ++ message and the rest of the socket data will be read and discarded. ++ ++ Answers to the query are stored secondly in *ANSP2 up to a max of ++ *ANSSIZP2 bytes, with the actual response length stored in ++ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 ++ is non-NULL (required for a second query) then malloc is used to ++ allocate a new response buffer, *ANSSIZP2 is set to the new buffer ++ size and *ANSP2_MALLOCED is set to 1. ++ ++ The ANSP2_MALLOCED argument will eventually be removed as the ++ change in buffer pointer can be used to detect the buffer has ++ changed and that the caller should use free on the new buffer. ++ ++ Note that the answers may arrive in any order from the server and ++ therefore the first and second answer buffers may not correspond to ++ the first and second queries. ++ ++ It is not supported to call this function with a non-NULL ANSP2 ++ but a NULL ANSCP. Put another way, you can call send_vc with a ++ single unmodifiable buffer or two modifiable buffers, but no other ++ combination is supported. ++ ++ It is the caller's responsibility to free the malloc allocated ++ buffers by detecting that the pointers have changed from their ++ original values i.e. *ANSCP or *ANSP2 has changed. ++ ++ If errors are encountered then *TERRNO is set to an appropriate ++ errno value and a zero result is returned for a recoverable error, ++ and a less-than zero result is returned for a non-recoverable error. ++ ++ If no errors are encountered then *TERRNO is left unmodified and ++ a the length of the first response in bytes is returned. */ + static int + send_vc(res_state statp, + const u_char *buf, int buflen, const u_char *buf2, int buflen2, +@@ -669,11 +759,7 @@ send_vc(res_state statp, + { + const HEADER *hp = (HEADER *) buf; + const HEADER *hp2 = (HEADER *) buf2; +- u_char *ans = *ansp; +- int orig_anssizp = *anssizp; +- // XXX REMOVE +- // int anssiz = *anssizp; +- HEADER *anhp = (HEADER *) ans; ++ HEADER *anhp = (HEADER *) *ansp; + struct sockaddr *nsap = get_nsaddr (statp, ns); + int truncating, connreset, n; + /* On some architectures compiler might emit a warning indicating +@@ -766,6 +852,8 @@ send_vc(res_state statp, + * Receive length & response + */ + int recvresp1 = 0; ++ /* Skip the second response if there is no second query. ++ To do that we mark the second response as received. */ + int recvresp2 = buf2 == NULL; + uint16_t rlen16; + read_len: +@@ -802,40 +890,14 @@ send_vc(res_state statp, + u_char **thisansp; + int *thisresplenp; + if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { ++ /* We have not received any responses ++ yet or we only have one response to ++ receive. */ + thisanssizp = anssizp; + thisansp = anscp ?: ansp; + assert (anscp != NULL || ansp2 == NULL); + thisresplenp = &resplen; + } else { +- if (*anssizp != MAXPACKET) { +- /* No buffer allocated for the first +- reply. We can try to use the rest +- of the user-provided buffer. */ +-#if __GNUC_PREREQ (4, 7) +- DIAG_PUSH_NEEDS_COMMENT; +- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); +-#endif +-#if _STRING_ARCH_unaligned +- *anssizp2 = orig_anssizp - resplen; +- *ansp2 = *ansp + resplen; +-#else +- int aligned_resplen +- = ((resplen + __alignof__ (HEADER) - 1) +- & ~(__alignof__ (HEADER) - 1)); +- *anssizp2 = orig_anssizp - aligned_resplen; +- *ansp2 = *ansp + aligned_resplen; +-#endif +-#if __GNUC_PREREQ (4, 7) +- DIAG_POP_NEEDS_COMMENT; +-#endif +- } else { +- /* The first reply did not fit into the +- user-provided buffer. Maybe the second +- answer will. */ +- *anssizp2 = orig_anssizp; +- *ansp2 = *ansp; +- } +- + thisanssizp = anssizp2; + thisansp = ansp2; + thisresplenp = resplen2; +@@ -843,10 +905,14 @@ send_vc(res_state statp, + anhp = (HEADER *) *thisansp; + + *thisresplenp = rlen; +- if (rlen > *thisanssizp) { +- /* Yes, we test ANSCP here. If we have two buffers +- both will be allocatable. */ +- if (__glibc_likely (anscp != NULL)) { ++ /* Is the answer buffer too small? */ ++ if (*thisanssizp < rlen) { ++ /* If the current buffer is non-NULL and it's not ++ pointing at the static user-supplied buffer then ++ we can reallocate it. */ ++ if (thisansp != NULL && thisansp != ansp) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *newp = malloc (MAXPACKET); + if (newp == NULL) { + *terrno = ENOMEM; +@@ -858,6 +924,9 @@ send_vc(res_state statp, + if (thisansp == ansp2) + *ansp2_malloced = 1; + anhp = (HEADER *) newp; ++ /* A uint16_t can't be larger than MAXPACKET ++ thus it's safe to allocate MAXPACKET but ++ read RLEN bytes instead. */ + len = rlen; + } else { + Dprint(statp->options & RES_DEBUG, +@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in + return 1; + } + ++/* The send_dg function is responsible for sending a DNS query over UDP ++ to the nameserver numbered NS from the res_state STATP i.e. ++ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries ++ along with the ability to send the query in parallel for both stacks ++ (default) or serially (RES_SINGLKUP). It also supports serial lookup ++ with a close and reopen of the socket used to talk to the server ++ (RES_SNGLKUPREOP) to work around broken name servers. ++ ++ The query stored in BUF of BUFLEN length is sent first followed by ++ the query stored in BUF2 of BUFLEN2 length. Queries are sent ++ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). ++ ++ Answers to the query are stored firstly in *ANSP up to a max of ++ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP ++ is non-NULL (to indicate that modifying the answer buffer is allowed) ++ then malloc is used to allocate a new response buffer and ANSCP and ++ ANSP will both point to the new buffer. If more than *ANSSIZP bytes ++ are needed but ANSCP is NULL, then as much of the response as ++ possible is read into the buffer, but the results will be truncated. ++ When truncation happens because of a small answer buffer the DNS ++ packets header feild TC will bet set to 1, indicating a truncated ++ message, while the rest of the UDP packet is discarded. ++ ++ Answers to the query are stored secondly in *ANSP2 up to a max of ++ *ANSSIZP2 bytes, with the actual response length stored in ++ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 ++ is non-NULL (required for a second query) then malloc is used to ++ allocate a new response buffer, *ANSSIZP2 is set to the new buffer ++ size and *ANSP2_MALLOCED is set to 1. ++ ++ The ANSP2_MALLOCED argument will eventually be removed as the ++ change in buffer pointer can be used to detect the buffer has ++ changed and that the caller should use free on the new buffer. ++ ++ Note that the answers may arrive in any order from the server and ++ therefore the first and second answer buffers may not correspond to ++ the first and second queries. ++ ++ It is not supported to call this function with a non-NULL ANSP2 ++ but a NULL ANSCP. Put another way, you can call send_vc with a ++ single unmodifiable buffer or two modifiable buffers, but no other ++ combination is supported. ++ ++ It is the caller's responsibility to free the malloc allocated ++ buffers by detecting that the pointers have changed from their ++ original values i.e. *ANSCP or *ANSP2 has changed. ++ ++ If an answer is truncated because of UDP datagram DNS limits then ++ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to ++ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 ++ if any progress was made reading a response from the nameserver and ++ is used by the caller to distinguish between ECONNREFUSED and ++ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). ++ ++ If errors are encountered then *TERRNO is set to an appropriate ++ errno value and a zero result is returned for a recoverable error, ++ and a less-than zero result is returned for a non-recoverable error. ++ ++ If no errors are encountered then *TERRNO is left unmodified and ++ a the length of the first response in bytes is returned. */ + static int + send_dg(res_state statp, + const u_char *buf, int buflen, const u_char *buf2, int buflen2, +@@ -1030,8 +1159,6 @@ send_dg(res_state statp, + { + const HEADER *hp = (HEADER *) buf; + const HEADER *hp2 = (HEADER *) buf2; +- u_char *ans = *ansp; +- int orig_anssizp = *anssizp; + struct timespec now, timeout, finish; + struct pollfd pfd[1]; + int ptimeout; +@@ -1064,6 +1191,8 @@ send_dg(res_state statp, + int need_recompute = 0; + int nwritten = 0; + int recvresp1 = 0; ++ /* Skip the second response if there is no second query. ++ To do that we mark the second response as received. */ + int recvresp2 = buf2 == NULL; + pfd[0].fd = EXT(statp).nssocks[ns]; + pfd[0].events = POLLOUT; +@@ -1227,55 +1356,56 @@ send_dg(res_state statp, + int *thisresplenp; + + if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { ++ /* We have not received any responses ++ yet or we only have one response to ++ receive. */ + thisanssizp = anssizp; + thisansp = anscp ?: ansp; + assert (anscp != NULL || ansp2 == NULL); + thisresplenp = &resplen; + } else { +- if (*anssizp != MAXPACKET) { +- /* No buffer allocated for the first +- reply. We can try to use the rest +- of the user-provided buffer. */ +-#if _STRING_ARCH_unaligned +- *anssizp2 = orig_anssizp - resplen; +- *ansp2 = *ansp + resplen; +-#else +- int aligned_resplen +- = ((resplen + __alignof__ (HEADER) - 1) +- & ~(__alignof__ (HEADER) - 1)); +- *anssizp2 = orig_anssizp - aligned_resplen; +- *ansp2 = *ansp + aligned_resplen; +-#endif +- } else { +- /* The first reply did not fit into the +- user-provided buffer. Maybe the second +- answer will. */ +- *anssizp2 = orig_anssizp; +- *ansp2 = *ansp; +- } +- + thisanssizp = anssizp2; + thisansp = ansp2; + thisresplenp = resplen2; + } + + if (*thisanssizp < MAXPACKET +- /* Yes, we test ANSCP here. If we have two buffers +- both will be allocatable. */ +- && anscp ++ /* If the current buffer is non-NULL and it's not ++ pointing at the static user-supplied buffer then ++ we can reallocate it. */ ++ && (thisansp != NULL && thisansp != ansp) + #ifdef FIONREAD ++ /* Is the size too small? */ + && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 + || *thisanssizp < *thisresplenp) + #endif + ) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *newp = malloc (MAXPACKET); + if (newp != NULL) { +- *anssizp = MAXPACKET; +- *thisansp = ans = newp; ++ *thisanssizp = MAXPACKET; ++ *thisansp = newp; + if (thisansp == ansp2) + *ansp2_malloced = 1; + } + } ++ /* We could end up with truncation if anscp was NULL ++ (not allowed to change caller's buffer) and the ++ response buffer size is too small. This isn't a ++ reliable way to detect truncation because the ioctl ++ may be an inaccurate report of the UDP message size. ++ Therefore we use this only to issue debug output. ++ To do truncation accurately with UDP we need ++ MSG_TRUNC which is only available on Linux. We ++ can abstract out the Linux-specific feature in the ++ future to detect truncation. */ ++ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { ++ Dprint(statp->options & RES_DEBUG, ++ (stdout, ";; response may be truncated (UDP)\n") ++ ); ++ } ++ + HEADER *anhp = (HEADER *) *thisansp; + socklen_t fromlen = sizeof(struct sockaddr_in6); + assert (sizeof(from) <= fromlen); diff --git a/gnu/packages/patches/glibc-hurd-extern-inline.patch b/gnu/packages/patches/glibc-hurd-extern-inline.patch new file mode 100644 index 0000000000..a609b1f54a --- /dev/null +++ b/gnu/packages/patches/glibc-hurd-extern-inline.patch @@ -0,0 +1,35 @@ +This changes the way _EXTERN_INLINE is defined so we can +avoid external definition errors. +https://lists.gnu.org/archive/html/bug-hurd/2014-04/msg00002.html + +diff --git a/signal/sigsetops.c b/signal/sigsetops.c +index 0317662..b92c296 100644 +--- a/signal/sigsetops.c ++++ b/signal/sigsetops.c +@@ -3,7 +3,9 @@ + + #include + +-#define _EXTERN_INLINE ++#ifndef _EXTERN_INLINE ++#define _EXTERN_INLINE __extern_inline ++#endif + #ifndef __USE_EXTERN_INLINES + # define __USE_EXTERN_INLINES 1 + #endif + +Link libmachuser and libhurduser automatically with libc, since they are +considered a standard part of the API in GNU-land. + +--- a/Makerules ++++ b/Makerules +@@ -978,6 +978,9 @@ + '$(libdir)/$(patsubst %,$(libtype.oS),$(libprefix)$(libc-name))'\ + ' AS_NEEDED (' $(rtlddir)/$(rtld-installed-name) ') )' \ + ) > $@.new ++ifeq ($(patsubst gnu%,,$(config-os)),) ++ echo 'INPUT ( AS_NEEDED ( -lmachuser -lhurduser ) )' >> $@.new ++endif + mv -f $@.new $@ + + endif \ No newline at end of file diff --git a/gnu/packages/patches/glibc-locale-incompatibility.patch b/gnu/packages/patches/glibc-locale-incompatibility.patch new file mode 100644 index 0000000000..baf30a79a7 --- /dev/null +++ b/gnu/packages/patches/glibc-locale-incompatibility.patch @@ -0,0 +1,23 @@ +This patch avoids an assertion failure when incompatible locale data +is encountered: + + https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html + +--- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200 ++++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200 +@@ -120,10 +120,11 @@ + _nl_value_type_LC_XYZ array. There are all pointers. */ + switch (category) + { +-#define CATTEST(cat) \ +- case LC_##cat: \ +- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \ +- / sizeof (_nl_value_type_LC_##cat[0]))); \ ++#define CATTEST(cat) \ ++ case LC_##cat: \ ++ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \ ++ / sizeof (_nl_value_type_LC_##cat[0]))) \ ++ goto puntdata; \ + break + CATTEST (NUMERIC); + CATTEST (TIME); diff --git a/gnu/packages/patches/glibc-locales.patch b/gnu/packages/patches/glibc-locales.patch index 3a125e845e..1bcf12bf6f 100644 --- a/gnu/packages/patches/glibc-locales.patch +++ b/gnu/packages/patches/glibc-locales.patch @@ -5,8 +5,8 @@ in a package separate from glibc. 2. Use '--no-archive' to avoid building the big locale archive, and because the already-built 'localedef' would want to write it to '/run/current-system/locale', which is not possible. - 3. Pass $(inst_complocaledir)/$$locale to install files in the right - place, and because otherwise, 'localedef' fails with: + 3. Pass $(localedir)/$$locale to install files in the right place, and + because otherwise, 'localedef' fails with: "cannot write output files to `(null)'". --- glibc-2.22/localedata/Makefile 1970-01-01 01:00:00.000000000 +0100 @@ -25,7 +25,7 @@ in a package separate from glibc. $(LOCALEDEF) --alias-file=../intl/locale.alias \ -i locales/$$input -c -f charmaps/$$charset \ - $(addprefix --prefix=,$(install_root)) $$locale \ -+ $(addprefix --prefix=,$(install_root)) $(inst_complocaledir)/$$locale \ ++ $(addprefix --prefix=,$(install_root)) $(localedir)/$$locale \ && echo ' done'; \ tst-setlocale-ENV = LC_ALL=ja_JP.EUC-JP diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch new file mode 100644 index 0000000000..b024a7d4a8 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2013-0211.patch @@ -0,0 +1,21 @@ +Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems +Origin: upstream +Bug-Debian: http://bugs.debian.org/703957 +Forwarded: not-needed + +--- libarchive-3.0.4.orig/libarchive/archive_write.c ++++ libarchive-3.0.4/libarchive/archive_write.c +@@ -665,8 +665,13 @@ static ssize_t + _archive_write_data(struct archive *_a, const void *buff, size_t s) + { + struct archive_write *a = (struct archive_write *)_a; ++ const size_t max_write = INT_MAX; ++ + archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, + ARCHIVE_STATE_DATA, "archive_write_data"); ++ /* In particular, this catches attempts to pass negative values. */ ++ if (s > max_write) ++ s = max_write; + archive_clear_error(&a->archive); + return ((a->format_write_data)(a, buff, s)); + } diff --git a/gnu/packages/patches/libarchive-CVE-2016-1541.patch b/gnu/packages/patches/libarchive-CVE-2016-1541.patch new file mode 100644 index 0000000000..6ac8773244 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2016-1541.patch @@ -0,0 +1,67 @@ +Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata) + +Taken from upstream source repository: +https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 + +When reading OS X metadata entries in Zip archives that were stored +without compression, libarchive would use the uncompressed entry size +to allocate a buffer but would use the compressed entry size to limit +the amount of data copied into that buffer. Since the compressed +and uncompressed sizes are provided by data in the archive itself, +an attacker could manipulate these values to write data beyond +the end of the allocated buffer. + +This fix provides three new checks to guard against such +manipulation and to make libarchive generally more robust when +handling this type of entry: + 1. If an OS X metadata entry is stored without compression, + abort the entire archive if the compressed and uncompressed + data sizes do not match. + 2. When sanity-checking the size of an OS X metadata entry, + abort this entry if either the compressed or uncompressed + size is larger than 4MB. + 3. When copying data into the allocated buffer, check the copy + size against both the compressed entry size and uncompressed + entry size. +--- + libarchive/archive_read_support_format_zip.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c +index 0f8262c..0a0be96 100644 +--- a/libarchive/archive_read_support_format_zip.c ++++ b/libarchive/archive_read_support_format_zip.c +@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, + + switch(rsrc->compression) { + case 0: /* No compression. */ ++ if (rsrc->uncompressed_size != rsrc->compressed_size) { ++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ++ "Malformed OS X metadata entry: inconsistent size"); ++ return (ARCHIVE_FATAL); ++ } + #ifdef HAVE_ZLIB_H + case 8: /* Deflate compression. */ + #endif +@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, + (intmax_t)rsrc->uncompressed_size); + return (ARCHIVE_WARN); + } ++ if (rsrc->compressed_size > (4 * 1024 * 1024)) { ++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ++ "Mac metadata is too large: %jd > 4M bytes", ++ (intmax_t)rsrc->compressed_size); ++ return (ARCHIVE_WARN); ++ } + + metadata = malloc((size_t)rsrc->uncompressed_size); + if (metadata == NULL) { +@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, + bytes_avail = remaining_bytes; + switch(rsrc->compression) { + case 0: /* No compression. */ ++ if ((size_t)bytes_avail > metadata_bytes) ++ bytes_avail = metadata_bytes; + memcpy(mp, p, bytes_avail); + bytes_used = (size_t)bytes_avail; + metadata_bytes -= bytes_used; diff --git a/gnu/packages/patches/libarchive-bsdtar-test.patch b/gnu/packages/patches/libarchive-bsdtar-test.patch new file mode 100644 index 0000000000..6a533a9a07 --- /dev/null +++ b/gnu/packages/patches/libarchive-bsdtar-test.patch @@ -0,0 +1,74 @@ +commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d +Author: Pavel Raiskup +Date: Thu Jun 27 16:01:30 2013 +0200 + + Use ustar format in the test_option_b test + + .. because the ustar archive does not store SELinux context. As the default + format for bsdtar is "restricted pax" (trying to store xattrs and other + things by default), the test failed on Fedora because our files have by + default SELinux context set. This results in additional data in tested + archive ~> and the test failed because the archive was unexpectedly big: + + tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048 + + Reviewed by Konrad Kleine + +diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c +index be2ae65..6fea474 100644 +--- a/tar/test/test_option_b.c ++++ b/tar/test/test_option_b.c +@@ -25,8 +25,14 @@ + #include "test.h" + __FBSDID("$FreeBSD$"); + ++#define USTAR_OPT " --format=ustar" ++ + DEFINE_TEST(test_option_b) + { ++ char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1); ++ strcpy(testprog_ustar, testprog); ++ strcat(testprog_ustar, USTAR_OPT); ++ + assertMakeFile("file1", 0644, "file1"); + if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) { + skipping("Platform doesn't have cat"); +@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b) + /* + * Bsdtar does not pad if the output is going directly to a disk file. + */ +- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog)); ++ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar)); + failure("bsdtar does not pad archives written directly to regular files"); + assertFileSize("archive1.tar", 2048); + assertEmptyFile("test1.out"); +@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b) + * Bsdtar does pad to the block size if the output is going to a socket. + */ + /* Default is -b 20 */ +- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar)); + failure("bsdtar does pad archives written to pipes"); + assertFileSize("archive2.tar", 10240); + assertEmptyFile("test2.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar)); + assertFileSize("archive3.tar", 10240); + assertEmptyFile("test3.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar)); + assertFileSize("archive4.tar", 5120); + assertEmptyFile("test4.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar)); + assertFileSize("archive5.tar", 2048); + assertEmptyFile("test5.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar)); + assertFileSize("archive6.tar", 4194304); + assertEmptyFile("test6.err"); + diff --git a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch new file mode 100644 index 0000000000..ffdc0db922 --- /dev/null +++ b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch @@ -0,0 +1,83 @@ +Description: This patch fixes test cases for LZO write support in various + architectures, such as armhf. Writing a certain amount of files would + cause the LZO compressor level 9 to produce a bigger archive than the + default compressor level. +Author: Andres Mejia + +--- a/libarchive/test/test_write_filter_lzop.c ++++ b/libarchive/test/test_write_filter_lzop.c +@@ -39,7 +39,7 @@ + size_t buffsize, datasize; + char path[16]; + size_t used1, used2; +- int i, r, use_prog = 0; ++ int i, r, use_prog = 0, filecount; + + assert((a = archive_write_new()) != NULL); + r = archive_write_add_filter_lzop(a); +@@ -58,9 +58,10 @@ + + datasize = 10000; + assert(NULL != (data = (char *)calloc(1, datasize))); ++ filecount = 10; + + /* +- * Write a 100 files and read them all back. ++ * Write a filecount files and read them all back. + */ + assert((a = archive_write_new()) != NULL); + assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a)); +@@ -77,7 +78,7 @@ + assert((ae = archive_entry_new()) != NULL); + archive_entry_set_filetype(ae, AE_IFREG); + archive_entry_set_size(ae, datasize); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + archive_entry_copy_pathname(ae, path); + assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); +@@ -97,7 +98,7 @@ + } else { + assertEqualIntA(a, ARCHIVE_OK, + archive_read_open_memory(a, buff, used1)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + if (!assertEqualInt(ARCHIVE_OK, + archive_read_next_header(a, &ae))) +@@ -133,7 +134,7 @@ + archive_write_set_options(a, "lzop:compression-level=9")); + assertEqualIntA(a, ARCHIVE_OK, + archive_write_open_memory(a, buff, buffsize, &used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, path); +@@ -161,7 +162,7 @@ + archive_read_support_filter_all(a)); + assertEqualIntA(a, ARCHIVE_OK, + archive_read_open_memory(a, buff, used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + if (!assertEqualInt(ARCHIVE_OK, + archive_read_next_header(a, &ae))) +@@ -186,7 +187,7 @@ + archive_write_set_filter_option(a, NULL, "compression-level", "1")); + assertEqualIntA(a, ARCHIVE_OK, + archive_write_open_memory(a, buff, buffsize, &used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, path); +@@ -216,7 +217,7 @@ + } else { + assertEqualIntA(a, ARCHIVE_OK, + archive_read_open_memory(a, buff, used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + if (!assertEqualInt(ARCHIVE_OK, + archive_read_next_header(a, &ae))) diff --git a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch new file mode 100644 index 0000000000..ad94592c05 --- /dev/null +++ b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch @@ -0,0 +1,18 @@ +Description: Patch to fix filename length calculation when writing mtree archives. +Author: Dave Reisner +Origin: upstream + +--- a/libarchive/archive_write_set_format_mtree.c ++++ b/libarchive/archive_write_set_format_mtree.c +@@ -1855,9 +1855,9 @@ + return (ret); + } + +- /* Make a basename from dirname and slash */ ++ /* Make a basename from file->parentdir.s and slash */ + *slash = '\0'; +- file->parentdir.length = slash - dirname; ++ file->parentdir.length = slash - file->parentdir.s; + archive_strcpy(&(file->basename), slash + 1); + return (ret); + } diff --git a/gnu/packages/patches/libpthread-glibc-preparation.patch b/gnu/packages/patches/libpthread-glibc-preparation.patch new file mode 100644 index 0000000000..a43245436c --- /dev/null +++ b/gnu/packages/patches/libpthread-glibc-preparation.patch @@ -0,0 +1,146 @@ +This patch helps to integrate the Hurd's libpthread as a libc add-on. + +It writes the configure file, removes an rpc call not yet +implemented on the version of gnumach we use and defines +a missing macro. + +diff --git a/libpthread/configure b/libpthread/configure +new file mode 100644 +index 0000000..2cdbc71 +--- /dev/null ++++ b/libpthread/configure +@@ -0,0 +1,2 @@ ++libc_add_on_canonical=libpthread ++libc_add_on_subdirs=. +-- +1.9.0 + +We are using a version of GNU Mach that lacks 'thread_terminate_release' +(not introduced yet). The 'thread_terminate' RPC call will be enough for +our needs. +See . + +diff --git a/libpthread/sysdeps/mach/pt-thread-terminate.c b/libpthread/sysdeps/mach/pt-thread-terminate.c +index 6672065..129a611 100644 +--- a/libpthread/sysdeps/mach/pt-thread-terminate.c ++++ b/libpthread/sysdeps/mach/pt-thread-terminate.c +@@ -70,9 +70,9 @@ __pthread_thread_terminate (struct __pthread *thread) + __mach_port_destroy (__mach_task_self (), wakeup_port); + + /* Terminate and release all that's left. */ +- err = __thread_terminate_release (kernel_thread, mach_task_self (), +- kernel_thread, reply_port, +- stackaddr, stacksize); ++ /* err = __thread_terminate_release (kernel_thread, mach_task_self (), */ ++ /* kernel_thread, reply_port, */ ++ /* stackaddr, stacksize); */ + + /* The kernel does not support it yet. Leak but at least terminate + correctly. */ +-- +1.9.2 + +The __PTHREAD_SPIN_LOCK_INITIALIZER definition is missing, so we +define it to __SPIN_LOCK_INITIALIZER which already exists. +See . + +diff --git a/libpthread/sysdeps/mach/bits/spin-lock.h b/libpthread/sysdeps/mach/bits/spin-lock.h +index 537dac9..fca0e5a 100644 +--- a/libpthread/sysdeps/mach/bits/spin-lock.h ++++ b/libpthread/sysdeps/mach/bits/spin-lock.h +@@ -30,7 +30,7 @@ typedef __spin_lock_t __pthread_spinlock_t; + + /* Initializer for a spin lock object. */ + #ifndef __PTHREAD_SPIN_LOCK_INITIALIZER +-#error __PTHREAD_SPIN_LOCK_INITIALIZER undefined: should be defined by . ++#define __PTHREAD_SPIN_LOCK_INITIALIZER __SPIN_LOCK_INITIALIZER + #endif + + __END_DECLS + +The version of the glibc we use doesn't include the shm-directory.c file and does +not yet support IS_IN. +See + +diff --git a/libpthread/Makefile b/libpthread/Makefile +index 2906788..b8dee58 100644 +--- a/libpthread/Makefile ++++ b/libpthread/Makefile +@@ -149,8 +149,6 @@ libpthread-routines := pt-attr pt-attr-destroy pt-attr-getdetachstate \ + sem-post sem-timedwait sem-trywait sem-unlink \ + sem-wait \ + \ +- shm-directory \ +- \ + cthreads-compat \ + $(SYSDEPS) + +-- +2.3.6 + +diff --git a/libpthread/pthread/pt-create.c b/libpthread/pthread/pt-create.c +index d88afae..84044dc 100644 +--- a/libpthread/pthread/pt-create.c ++++ b/libpthread/pthread/pt-create.c +@@ -28,7 +28,7 @@ + + #include + +-#if IS_IN (libpthread) ++#ifdef IS_IN_libpthread + # include + #endif + #ifdef HAVE_USELOCALE +@@ -50,7 +50,7 @@ entry_point (struct __pthread *self, void *(*start_routine)(void *), void *arg) + __resp = &self->res_state; + #endif + +-#if IS_IN (libpthread) ++#ifdef IS_IN_libpthread + /* Initialize pointers to locale data. */ + __ctype_init (); + #endif +diff --git a/libpthread/pthread/pt-initialize.c b/libpthread/pthread/pt-initialize.c +index 9e5404b..b9cacbd 100644 +--- a/libpthread/pthread/pt-initialize.c ++++ b/libpthread/pthread/pt-initialize.c +@@ -28,7 +28,7 @@ + + DEFINE_HOOK (__pthread_init, (void)); + +-#if IS_IN (libpthread) ++#ifdef IS_IN_libpthread + static const struct pthread_functions pthread_functions = + { + .ptr_pthread_attr_destroy = __pthread_attr_destroy, +@@ -81,7 +81,7 @@ static const struct pthread_functions pthread_functions = + void + ___pthread_init (void) + { +-#if IS_IN (libpthread) ++#ifdef IS_IN_libpthread + __libc_pthread_init(&pthread_functions); + #endif + RUN_HOOK (__pthread_init, ()); +diff --git a/libpthread/pthread/pt-internal.h b/libpthread/pthread/pt-internal.h +index 18b5b4c..8cdcfce 100644 +--- a/libpthread/pthread/pt-internal.h ++++ b/libpthread/pthread/pt-internal.h +@@ -35,7 +35,7 @@ + #include + #include + +-#if IS_IN (libpthread) ++#ifdef IS_IN_libpthread + # include + #endif + +@@ -60,7 +60,7 @@ enum pthread_state + # define PTHREAD_SYSDEP_MEMBERS + #endif + +-#if !(IS_IN (libpthread)) ++#ifndef IS_IN_libpthread + #ifdef ENABLE_TLS + /* Type of the TCB. */ + typedef struct diff --git a/gnu/packages/patches/libxslt-CVE-2015-7995.patch b/gnu/packages/patches/libxslt-CVE-2015-7995.patch new file mode 100644 index 0000000000..f291d5b387 --- /dev/null +++ b/gnu/packages/patches/libxslt-CVE-2015-7995.patch @@ -0,0 +1,29 @@ +From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard +Date: Thu, 29 Oct 2015 19:33:23 +0800 +Subject: [PATCH] Fix for type confusion in preprocessing attributes + +CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10 +We need to check that the parent node is an element before dereferencing +its namespace +--- + libxslt/preproc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libxslt/preproc.c b/libxslt/preproc.c +index 0eb80a0..7f69325 100644 +--- a/libxslt/preproc.c ++++ b/libxslt/preproc.c +@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) { + } else if (IS_XSLT_NAME(inst, "attribute")) { + xmlNodePtr parent = inst->parent; + +- if ((parent == NULL) || (parent->ns == NULL) || ++ if ((parent == NULL) || ++ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) || + ((parent->ns != inst->ns) && + (!xmlStrEqual(parent->ns->href, inst->ns->href))) || + (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) { +-- +2.6.3 + diff --git a/gnu/packages/patches/libxslt-generated-ids.patch b/gnu/packages/patches/libxslt-generated-ids.patch deleted file mode 100644 index 4273875c7c..0000000000 --- a/gnu/packages/patches/libxslt-generated-ids.patch +++ /dev/null @@ -1,173 +0,0 @@ -This makes generated IDs deterministic. - -Written by Daniel Veillard. - -This should be fixed in next release (2.29). -See https://bugzilla.gnome.org/show_bug.cgi?id=751621. - -diff --git a/libxslt/functions.c b/libxslt/functions.c -index 6448bde..5b00a6d 100644 ---- a/libxslt/functions.c -+++ b/libxslt/functions.c -@@ -651,6 +651,63 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs) - } - - /** -+ * xsltCleanupIds: -+ * @ctxt: the transformation context -+ * @root: the root of the resulting document -+ * -+ * This clean up ids which may have been saved in Element contents -+ * by xsltGenerateIdFunction() to provide stable IDs on elements. -+ * -+ * Returns the number of items cleaned or -1 in case of error -+ */ -+int -+xsltCleanupIds(xsltTransformContextPtr ctxt, xmlNodePtr root) { -+ xmlNodePtr cur; -+ int count = 0; -+ -+ if ((ctxt == NULL) || (root == NULL)) -+ return(-1); -+ if (root->type != XML_ELEMENT_NODE) -+ return(-1); -+ -+ cur = root; -+ while (cur != NULL) { -+ if (cur->type == XML_ELEMENT_NODE) { -+ if (cur->content != NULL) { -+ cur->content = NULL; -+ count++; -+ } -+ if (cur->children != NULL) { -+ cur = cur->children; -+ continue; -+ } -+ } -+ if (cur->next != NULL) { -+ cur = cur->next; -+ continue; -+ } -+ do { -+ cur = cur->parent; -+ if (cur == NULL) -+ break; -+ if (cur == (xmlNodePtr) root) { -+ cur = NULL; -+ break; -+ } -+ if (cur->next != NULL) { -+ cur = cur->next; -+ break; -+ } -+ } while (cur != NULL); -+ } -+ -+fprintf(stderr, "Attributed %d IDs for element, cleaned up %d\n", -+ ctxt->nextid, count); -+ -+ return(count); -+} -+ -+/** - * xsltGenerateIdFunction: - * @ctxt: the XPath Parser context - * @nargs: the number of arguments -@@ -701,7 +758,39 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){ - if (obj) - xmlXPathFreeObject(obj); - -- val = (long)((char *)cur - (char *)&base_address); -+ /* -+ * Try to provide stable ID for generated document: -+ * - usually ID are computed to be placed on elements via attributes -+ * so using the element as the node for the ID -+ * - the cur->content should be a correct placeholder for this, we use -+ * it to hold element node numbers in xmlXPathOrderDocElems to -+ * speed up XPath too -+ * - xsltCleanupIds() clean them up before handing the XSLT output -+ * to the API client. -+ * - other nodes types use the node address method but that should -+ * not end up in resulting document ID -+ * - we can enable this by default without risk of performance issues -+ * only the one pass xsltCleanupIds() is added -+ */ -+ if (cur->type == XML_ELEMENT_NODE) { -+ if (cur->content == NULL) { -+ xsltTransformContextPtr tctxt; -+ -+ tctxt = xsltXPathGetTransformContext(ctxt); -+ if (tctxt == NULL) { -+ val = (long)((char *)cur - (char *)&base_address); -+ } else { -+ tctxt->nextid++; -+ val = tctxt->nextid; -+ cur->content = (void *) (val); -+ } -+ } else { -+ val = (long) cur->content; -+ } -+ } else { -+ val = (long)((char *)cur - (char *)&base_address); -+ } -+ - if (val >= 0) { - sprintf((char *)str, "idp%ld", val); - } else { -diff --git a/libxslt/functions.h b/libxslt/functions.h -index e0e0bf9..4a1e163 100644 ---- a/libxslt/functions.h -+++ b/libxslt/functions.h -@@ -64,6 +64,13 @@ XSLTPUBFUN void XSLTCALL - int nargs); - - /* -+ * Cleanup for ID generation -+ */ -+XSLTPUBFUN int XSLTCALL -+ xsltCleanupIds (xsltTransformContextPtr ctxt, -+ xmlNodePtr root); -+ -+/* - * And the registration - */ - -diff --git a/libxslt/transform.c b/libxslt/transform.c -index 24f9eb2..2bdf6bf 100644 ---- a/libxslt/transform.c -+++ b/libxslt/transform.c -@@ -700,6 +700,7 @@ xsltNewTransformContext(xsltStylesheetPtr style, xmlDocPtr doc) { - cur->traceCode = (unsigned long*) &xsltDefaultTrace; - cur->xinclude = xsltGetXIncludeDefault(); - cur->keyInitLevel = 0; -+ cur->nextid = 0; - - return(cur); - -@@ -6092,6 +6093,13 @@ xsltApplyStylesheetInternal(xsltStylesheetPtr style, xmlDocPtr doc, - if (root != NULL) { - const xmlChar *doctype = NULL; - -+ /* -+ * cleanup ids which may have been saved in Elements content ptrs -+ */ -+ if (ctxt->nextid != 0) { -+ xsltCleanupIds(ctxt, root); -+ } -+ - if ((root->ns != NULL) && (root->ns->prefix != NULL)) - doctype = xmlDictQLookup(ctxt->dict, root->ns->prefix, root->name); - if (doctype == NULL) -diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h -index 95e8fe6..8eedae4 100644 ---- a/libxslt/xsltInternals.h -+++ b/libxslt/xsltInternals.h -@@ -1786,6 +1786,8 @@ struct _xsltTransformContext { - int funcLevel; /* Needed to catch recursive functions issues */ - int maxTemplateDepth; - int maxTemplateVars; -+ -+ unsigned long nextid;/* for generating stable ids */ - }; - - /** diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch new file mode 100644 index 0000000000..a296d8cb1b --- /dev/null +++ b/gnu/packages/patches/mit-krb5-CVE-2015-8629.patch @@ -0,0 +1,51 @@ +Copied from Fedora. +http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8629.patch?h=f22 + +From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Fri, 8 Jan 2016 12:45:25 -0500 +Subject: [PATCH 1/3] Verify decoded kadmin C strings [CVE-2015-8629] + +In xdr_nullstring(), check that the decoded string is terminated with +a zero byte and does not contain any internal zero bytes. + +CVE-2015-8629: + +In all versions of MIT krb5, an authenticated attacker can cause +kadmind to read beyond the end of allocated memory by sending a string +without a terminating zero byte. Information leakage may be possible +for an attacker with permission to modify the database. + + CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C + +ticket: 8341 (new) +target_version: 1.14-next +target_version: 1.13-next +tags: pullup +--- + src/lib/kadm5/kadm_rpc_xdr.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c +index 2bef858..ba67084 100644 +--- a/src/lib/kadm5/kadm_rpc_xdr.c ++++ b/src/lib/kadm5/kadm_rpc_xdr.c +@@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp) + return FALSE; + } + } +- return (xdr_opaque(xdrs, *objp, size)); ++ if (!xdr_opaque(xdrs, *objp, size)) ++ return FALSE; ++ /* Check that the unmarshalled bytes are a C string. */ ++ if ((*objp)[size - 1] != '\0') ++ return FALSE; ++ if (memchr(*objp, '\0', size - 1) != NULL) ++ return FALSE; ++ return TRUE; + + case XDR_ENCODE: + if (size != 0) +-- +2.7.0.rc3 + diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch new file mode 100644 index 0000000000..c21d84b1e7 --- /dev/null +++ b/gnu/packages/patches/mit-krb5-CVE-2015-8630.patch @@ -0,0 +1,81 @@ +Copied from Fedora. +http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8630.patch?h=f22 + +From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Fri, 8 Jan 2016 12:52:28 -0500 +Subject: [PATCH 2/3] Check for null kadm5 policy name [CVE-2015-8630] + +In kadm5_create_principal_3() and kadm5_modify_principal(), check for +entry->policy being null when KADM5_POLICY is included in the mask. + +CVE-2015-8630: + +In MIT krb5 1.12 and later, an authenticated attacker with permission +to modify a principal entry can cause kadmind to dereference a null +pointer by supplying a null policy value but including KADM5_POLICY in +the mask. + + CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C + +ticket: 8342 (new) +target_version: 1.14-next +target_version: 1.13-next +tags: pullup +--- + src/lib/kadm5/srv/svr_principal.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c +index 5b95fa3..1d4365c 100644 +--- a/src/lib/kadm5/srv/svr_principal.c ++++ b/src/lib/kadm5/srv/svr_principal.c +@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle, + /* + * Argument sanity checking, and opening up the DB + */ ++ if (entry == NULL) ++ return EINVAL; + if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) || + (mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) || + (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || +@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle, + return KADM5_BAD_MASK; + if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0) + return KADM5_BAD_MASK; ++ if((mask & KADM5_POLICY) && entry->policy == NULL) ++ return KADM5_BAD_MASK; + if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) + return KADM5_BAD_MASK; + if((mask & ~ALL_PRINC_MASK)) + return KADM5_BAD_MASK; +- if (entry == NULL) +- return EINVAL; + + /* + * Check to see if the principal exists +@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle, + + krb5_clear_error_message(handle->context); + ++ if(entry == NULL) ++ return EINVAL; + if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) || + (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) || + (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || +@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle, + return KADM5_BAD_MASK; + if((mask & ~ALL_PRINC_MASK)) + return KADM5_BAD_MASK; ++ if((mask & KADM5_POLICY) && entry->policy == NULL) ++ return KADM5_BAD_MASK; + if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR)) + return KADM5_BAD_MASK; +- if(entry == (kadm5_principal_ent_t) NULL) +- return EINVAL; + if (mask & KADM5_TL_DATA) { + tl_data_orig = entry->tl_data; + while (tl_data_orig) { +-- +2.7.0.rc3 + diff --git a/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch b/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch new file mode 100644 index 0000000000..dd1eb2945c --- /dev/null +++ b/gnu/packages/patches/mit-krb5-CVE-2015-8631.patch @@ -0,0 +1,576 @@ +Copied from Fedora. +http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8631.patch?h=f22 + +From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Fri, 8 Jan 2016 13:16:54 -0500 +Subject: [PATCH 3/3] Fix leaks in kadmin server stubs [CVE-2015-8631] + +In each kadmind server stub, initialize the client_name and +server_name variables, and release them in the cleanup handler. Many +of the stubs will otherwise leak the client and server name if +krb5_unparse_name() fails. Also make sure to free the prime_arg +variables in rename_principal_2_svc(), or we can leak the first one if +unparsing the second one fails. Discovered by Simo Sorce. + +CVE-2015-8631: + +In all versions of MIT krb5, an authenticated attacker can cause +kadmind to leak memory by supplying a null principal name in a request +which uses one. Repeating these requests will eventually cause +kadmind to exhaust all available memory. + + CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C + +ticket: 8343 (new) +target_version: 1.14-next +target_version: 1.13-next +tags: pullup +--- + src/kadmin/server/server_stubs.c | 151 ++++++++++++++++++++------------------- + 1 file changed, 77 insertions(+), 74 deletions(-) + +diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c +index 1879dc6..6ac797e 100644 +--- a/src/kadmin/server/server_stubs.c ++++ b/src/kadmin/server/server_stubs.c +@@ -334,7 +334,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + restriction_t *rp; +@@ -382,10 +383,10 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) + krb5_free_error_message(handle->context, errmsg); + } + free(prime_arg); +- gss_release_buffer(&minor_stat, &client_name); +- gss_release_buffer(&minor_stat, &service_name); + + exit_func: ++ gss_release_buffer(&minor_stat, &client_name); ++ gss_release_buffer(&minor_stat, &service_name); + free_server_handle(handle); + return &ret; + } +@@ -395,7 +396,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + restriction_t *rp; +@@ -444,10 +446,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) + krb5_free_error_message(handle->context, errmsg); + } + free(prime_arg); +- gss_release_buffer(&minor_stat, &client_name); +- gss_release_buffer(&minor_stat, &service_name); + + exit_func: ++ gss_release_buffer(&minor_stat, &client_name); ++ gss_release_buffer(&minor_stat, &service_name); + free_server_handle(handle); + return &ret; + } +@@ -457,8 +459,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -501,10 +503,10 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) + + } + free(prime_arg); +- gss_release_buffer(&minor_stat, &client_name); +- gss_release_buffer(&minor_stat, &service_name); + + exit_func: ++ gss_release_buffer(&minor_stat, &client_name); ++ gss_release_buffer(&minor_stat, &service_name); + free_server_handle(handle); + return &ret; + } +@@ -514,8 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + restriction_t *rp; +@@ -559,9 +561,9 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) + krb5_free_error_message(handle->context, errmsg); + } + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -570,10 +572,9 @@ generic_ret * + rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; +- char *prime_arg1, +- *prime_arg2; +- gss_buffer_desc client_name, +- service_name; ++ char *prime_arg1 = NULL, *prime_arg2 = NULL; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + restriction_t *rp; +@@ -655,11 +656,11 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) + krb5_free_error_message(handle->context, errmsg); + + } ++exit_func: + free(prime_arg1); + free(prime_arg2); + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -669,8 +670,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) + { + static gprinc_ret ret; + char *prime_arg, *funcname; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -719,9 +720,9 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) + krb5_free_error_message(handle->context, errmsg); + } + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -731,8 +732,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) + { + static gprincs_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -777,9 +778,9 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) + krb5_free_error_message(handle->context, errmsg); + + } ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -789,8 +790,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -840,9 +841,9 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) + } + + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -852,8 +853,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -909,9 +910,9 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) + } + + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -921,8 +922,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -969,9 +970,9 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) + } + + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -981,8 +982,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -1029,9 +1030,9 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) + } + + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1041,8 +1042,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -1092,9 +1093,9 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) + } + + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1106,8 +1107,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) + krb5_keyblock *k; + int nkeys; + char *prime_arg, *funcname; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -1164,9 +1165,9 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) + krb5_free_error_message(handle->context, errmsg); + } + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1178,8 +1179,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) + krb5_keyblock *k; + int nkeys; + char *prime_arg, *funcname; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -1241,9 +1242,9 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) + krb5_free_error_message(handle->context, errmsg); + } + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1253,8 +1254,8 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -1295,9 +1296,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); + } ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1307,8 +1308,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -1347,9 +1348,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); + } ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1359,8 +1360,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -1400,9 +1401,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); + } ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1413,8 +1414,8 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) + static gpol_ret ret; + kadm5_ret_t ret2; + char *prime_arg, *funcname; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_principal_ent_rec caller_ent; + kadm5_server_handle_t handle; +@@ -1475,9 +1476,9 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) + log_unauth(funcname, prime_arg, + &client_name, &service_name, rqstp); + } ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + +@@ -1488,8 +1489,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) + { + static gpols_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -1531,9 +1532,9 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); + } ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1541,7 +1542,8 @@ exit_func: + getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) + { + static getprivs_ret ret; +- gss_buffer_desc client_name, service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -1571,9 +1573,9 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); + ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1583,7 +1585,8 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg, *funcname; +- gss_buffer_desc client_name, service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + +@@ -1629,9 +1632,9 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp) + krb5_free_error_message(handle->context, errmsg); + } + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1641,8 +1644,8 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp) + { + static gstrings_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -1688,9 +1691,9 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp) + krb5_free_error_message(handle->context, errmsg); + } + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1700,8 +1703,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) + { + static generic_ret ret; + char *prime_arg; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + OM_uint32 minor_stat; + kadm5_server_handle_t handle; + const char *errmsg = NULL; +@@ -1744,9 +1747,9 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp) + krb5_free_error_message(handle->context, errmsg); + } + free(prime_arg); ++exit_func: + gss_release_buffer(&minor_stat, &client_name); + gss_release_buffer(&minor_stat, &service_name); +-exit_func: + free_server_handle(handle); + return &ret; + } +@@ -1754,8 +1757,8 @@ exit_func: + generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) + { + static generic_ret ret; +- gss_buffer_desc client_name, +- service_name; ++ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER; ++ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER; + kadm5_server_handle_t handle; + OM_uint32 minor_stat; + const char *errmsg = NULL; +@@ -1797,10 +1800,10 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) + rqstp->rq_cred.oa_flavor); + if (errmsg != NULL) + krb5_free_error_message(NULL, errmsg); +- gss_release_buffer(&minor_stat, &client_name); +- gss_release_buffer(&minor_stat, &service_name); + + exit_func: ++ gss_release_buffer(&minor_stat, &client_name); ++ gss_release_buffer(&minor_stat, &service_name); + return(&ret); + } + +-- +2.7.0.rc3 + diff --git a/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch b/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch new file mode 100644 index 0000000000..195db38d08 --- /dev/null +++ b/gnu/packages/patches/mit-krb5-init-context-null-spnego.patch @@ -0,0 +1,49 @@ +Copied from Fedora. +http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-init_context_null_spnego.patch?h=f22 + +From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Tue, 5 Jan 2016 12:11:59 -0500 +Subject: [PATCH] Check internal context on init context errors + +If the mechanism deletes the internal context handle on error, the +mechglue must do the same with the union context, to avoid crashes if +the application calls other functions with this invalid union context. + +[ghudson@mit.edu: edit commit message and code comment] + +ticket: 8337 (new) +target_version: 1.14-next +target_version: 1.13-next +tags: pullup +--- + src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c +index aaae767..9f154b8 100644 +--- a/src/lib/gssapi/mechglue/g_init_sec_context.c ++++ b/src/lib/gssapi/mechglue/g_init_sec_context.c +@@ -224,12 +224,15 @@ OM_uint32 * time_rec; + + if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) { + /* +- * the spec says (the preferred) method is to delete all +- * context info on the first call to init, and on all +- * subsequent calls make the caller responsible for +- * calling gss_delete_sec_context ++ * The spec says the preferred method is to delete all context info on ++ * the first call to init, and on all subsequent calls make the caller ++ * responsible for calling gss_delete_sec_context. However, if the ++ * mechanism decided to delete the internal context, we should also ++ * delete the union context. + */ + map_error(minor_status, mech); ++ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) ++ *context_handle = GSS_C_NO_CONTEXT; + if (*context_handle == GSS_C_NO_CONTEXT) { + free(union_ctx_id->mech_type->elements); + free(union_ctx_id->mech_type); +-- +2.6.4 + diff --git a/gnu/packages/patches/procps-non-linux.patch b/gnu/packages/patches/procps-non-linux.patch deleted file mode 100644 index 9d369aeb2c..0000000000 --- a/gnu/packages/patches/procps-non-linux.patch +++ /dev/null @@ -1,40 +0,0 @@ -From aa9bd38d0a6fe53aff7f78fb2d9f61e55677c7b5 Mon Sep 17 00:00:00 2001 -From: Craig Small -Date: Sun, 17 Apr 2016 09:09:41 +1000 -Subject: [PATCH] tests: Conditionally add prctl to test process - -prctl was already bypassed on Cygwin systems. This extends to -non-Linux systems such as kFreeBSD and Hurd. - ---- - lib/test_process.c | 4 ++-- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/lib/test_process.c b/lib/test_process.c -index 6e652ed..6a4776c 100644 ---- a/lib/test_process.c -+++ b/lib/test_process.c -@@ -21,7 +21,9 @@ - #include - #include - #include -+#ifdef __linux__ - #include -+#endif - #include "c.h" - - #define DEFAULT_SLEEPTIME 300 -@@ -78,8 +80,10 @@ - sigaction(SIGUSR1, &signal_action, NULL); - sigaction(SIGUSR2, &signal_action, NULL); - -+#ifdef __linux__ - /* set process name */ - prctl(PR_SET_NAME, MY_NAME, NULL, NULL, NULL); -+#endif - - while (sleep_time > 0) { - sleep_time = sleep(sleep_time); --- -2.8.2 - diff --git a/gnu/packages/patches/rapicorn-isnan.patch b/gnu/packages/patches/rapicorn-isnan.patch deleted file mode 100644 index b0e7819e64..0000000000 --- a/gnu/packages/patches/rapicorn-isnan.patch +++ /dev/null @@ -1,87 +0,0 @@ -From e0c8341b3e4e13778bcde00d477e461ea8e94306 Mon Sep 17 00:00:00 2001 -From: Stefan Westerfeld -Date: Fri, 22 Apr 2016 18:03:37 +0200 -Subject: [PATCH 031/176] RCORE: compile fixes for KUbuntu 16.04/gcc - 5.3.1-14ubuntu2 - -Rapicorn uses isnan(...) and isinf(...) from cmath.h, however on KUbuntu 16.04 -it should use std::isnan(...) and std::isinf(...) instead. Patch below. - -Acked-by: Tim Janik ---- - rcore/strings.cc | 10 +++++----- - rcore/tests/benchrcore.cc | 4 ++-- - rcore/tests/strings.cc | 4 ++-- - 3 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/rcore/strings.cc b/rcore/strings.cc -index d5b0216..8b3bc3f 100644 ---- a/rcore/strings.cc -+++ b/rcore/strings.cc -@@ -437,7 +437,7 @@ static long double - libc_strtold (const char *nptr, char **endptr) - { - const long double result = strtold (nptr, endptr); -- if (isnan (result) && std::signbit (result) == 0) -+ if (std::isnan (result) && std::signbit (result) == 0) - { - const char *p = nptr; - while (isspace (*p)) -@@ -500,9 +500,9 @@ string_to_double (const char *dblstring, const char **endptr) - String - string_from_float (float value) - { -- if (isnan (value)) -+ if (std::isnan (value)) - return std::signbit (value) ? "-NaN" : "+NaN"; -- if (isinf (value)) -+ if (std::isinf (value)) - return std::signbit (value) ? "-Infinity" : "+Infinity"; - return string_format ("%.7g", value); - } -@@ -511,9 +511,9 @@ string_from_float (float value) - String - string_from_double (double value) - { -- if (isnan (value)) -+ if (std::isnan (value)) - return std::signbit (value) ? "-NaN" : "+NaN"; -- if (isinf (value)) -+ if (std::isinf (value)) - return std::signbit (value) ? "-Infinity" : "+Infinity"; - return string_format ("%.17g", value); - } -diff --git a/rcore/tests/benchrcore.cc b/rcore/tests/benchrcore.cc -index 3899a08..12fde16 100644 ---- a/rcore/tests/benchrcore.cc -+++ b/rcore/tests/benchrcore.cc -@@ -188,8 +188,8 @@ test_random_numbers() - const double rf = random_frange (989617512, 9876547656); - TASSERT (rf >= 989617512 && rf < 9876547656); - } -- TASSERT (isnan (random_frange (NAN, 1))); -- TASSERT (isnan (random_frange (0, NAN))); -+ TASSERT (std::isnan (random_frange (NAN, 1))); -+ TASSERT (std::isnan (random_frange (0, NAN))); - #if 0 // example penalty paid in random_int64() - size_t i, j = 0; - for (i = 0; i < 100; i++) -diff --git a/rcore/tests/strings.cc b/rcore/tests/strings.cc -index 468a6e6..dae3e3d 100644 ---- a/rcore/tests/strings.cc -+++ b/rcore/tests/strings.cc -@@ -311,9 +311,9 @@ string_conversions (void) - TCMP (string_to_double ("-0.5"), ==, -0.5); - double tfloat; - tfloat = string_to_double ("+NAN"); -- assert (isnan (tfloat) && std::signbit (tfloat) == 0); -+ assert (std::isnan (tfloat) && std::signbit (tfloat) == 0); - tfloat = string_to_double ("-NAN"); -- assert (isnan (tfloat) && std::signbit (tfloat) == 1); -+ assert (std::isnan (tfloat) && std::signbit (tfloat) == 1); - TCMP (string_capitalize ("fOO bar"), ==, "Foo Bar"); - TCMP (string_capitalize ("foo BAR BAZ", 2), ==, "Foo Bar BAZ"); - } --- -2.9.1 - diff --git a/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch b/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch new file mode 100644 index 0000000000..39d8e2b20a --- /dev/null +++ b/gnu/packages/patches/tar-d_ino_in_dirent-fix.patch @@ -0,0 +1,33 @@ +commit e9ddc08da0982f36581ae5a8c7763453ff41cfe8 +Author: Sergey Poznyakoff +Date: Thu Sep 25 00:22:16 2014 +0300 + + Bugfixes. + + * doc/tar.1: Fix typo in font spec. + * src/tar.c (sort_mode_arg, sort_mode_flag): Protect "inode" + (SAVEDIR_SORT_INODE) with D_INO_IN_DIRENT + +diff --git a/src/tar.c b/src/tar.c +index 225c624..f8102e0 100644 +--- a/src/tar.c ++++ b/src/tar.c +@@ -1341,14 +1341,18 @@ static char filename_terminator; + static char const *const sort_mode_arg[] = { + "none", + "name", ++#if D_INO_IN_DIRENT + "inode", ++#endif + NULL + }; + + static int sort_mode_flag[] = { + SAVEDIR_SORT_NONE, + SAVEDIR_SORT_NAME, ++#if D_INO_IN_DIRENT + SAVEDIR_SORT_INODE ++#endif + }; + + ARGMATCH_VERIFY (sort_mode_arg, sort_mode_flag); \ No newline at end of file diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm index fe9157af12..e954492554 100644 --- a/gnu/packages/pcre.scm +++ b/gnu/packages/pcre.scm @@ -32,6 +32,7 @@ (define-public pcre (package (name "pcre") (version "8.38") + (replacement pcre-fixed) (source (origin (method url-fetch) (uri (list @@ -42,18 +43,15 @@ (define-public pcre version "/pcre-" version ".tar.bz2"))) (sha256 (base32 - "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r")) - (patches (list (search-patch "pcre-CVE-2016-3191.patch"))))) + "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r")))) (build-system gnu-build-system) - (outputs '("out" ;library & headers - "bin" ;depends on Readline (adds 20MiB to the closure) - "doc")) ;1.8 MiB of HTML + (outputs '("out" + "doc")) ;1.8 MiB of HTML (inputs `(("bzip2" ,bzip2) ("readline" ,readline) ("zlib" ,zlib))) (arguments - '(#:disallowed-references ("doc") - #:configure-flags '("--enable-utf" + `(#:configure-flags '("--enable-utf" "--enable-pcregrep-libz" "--enable-pcregrep-libbz2" "--enable-pcretest-libreadline" @@ -70,6 +68,13 @@ (define-public pcre (license license:bsd-3) (home-page "http://www.pcre.org/"))) +(define pcre-fixed ;for CVE-2016-3191 + (package + (inherit pcre) + (source (origin + (inherit (package-source pcre)) + (patches (search-patches "pcre-CVE-2016-3191.patch")))))) + (define-public pcre2 (package (name "pcre2") diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index dd7a0b0af5..c5cbe9862f 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -88,10 +88,7 @@ (define-public poppler `(#:tests? #f ; no test data provided with the tarball #:configure-flags '("--enable-xpdf-headers" ; to install header files - "--enable-zlib" - - ;; Saves 8 MiB of .a files. - "--disable-static") + "--enable-zlib") #:phases (alist-cons-before 'configure 'setenv @@ -512,38 +509,27 @@ (define-public qpdf (uri (string-append "mirror://sourceforge/qpdf/qpdf/" version "/qpdf-" version ".tar.gz")) (sha256 (base32 - "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm")) - (modules '((guix build utils))) - (snippet - ;; Replace shebang with the bi-lingual shell/Perl trick to remove - ;; dependency on Perl. - '(substitute* "qpdf/fix-qdf" - (("#!/usr/bin/env perl") - "\ -eval '(exit $?0)' && eval 'exec perl -wS \"$0\" ${1+\"$@\"}' - & eval 'exec perl -wS \"$0\" $argv:q' - if 0;\n"))))) + "1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm")))) (build-system gnu-build-system) (arguments - `(#:disallowed-references (,perl) - #:phases (alist-cons-before - 'configure 'patch-paths - (lambda _ - (substitute* "make/libtool.mk" - (("SHELL=/bin/bash") - (string-append "SHELL=" (which "bash")))) - (substitute* (append - '("qtest/bin/qtest-driver") - (find-files "." "\\.test")) - (("/usr/bin/env") (which "env")))) - %standard-phases))) + '(#:phases (alist-cons-before + 'configure 'patch-paths + (lambda _ + (substitute* "make/libtool.mk" + (("SHELL=/bin/bash") + (string-append "SHELL=" (which "bash")))) + (substitute* (append + '("qtest/bin/qtest-driver") + (find-files "." "\\.test")) + (("/usr/bin/env") (which "env")))) + %standard-phases))) (native-inputs - `(("pkg-config" ,pkg-config) - ("perl" ,perl))) + `(("pkg-config" ,pkg-config))) (propagated-inputs `(("pcre" ,pcre))) (inputs - `(("zlib" ,zlib))) + `(("zlib" ,zlib) + ("perl" ,perl))) (synopsis "Command-line tools and library for transforming PDF files") (description "QPDF is a command-line program that does structural, content-preserving diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 4423c77bbd..08a16ad2af 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -90,7 +90,15 @@ (define-public perl "-Dinstallstyle=lib/perl5" "-Duseshrplib" (string-append "-Dlocincpth=" libc "/include") - (string-append "-Dloclibpth=" libc "/lib")))))) + (string-append "-Dloclibpth=" libc "/lib") + + ;; Force the library search path to contain only libc + ;; because it is recorded in Config.pm and + ;; Config_heavy.pl; we don't want to keep a reference + ;; to everything that's in $LIBRARY_PATH at build + ;; time (Binutils, bzip2, file, etc.) + (string-append "-Dlibpth=" libc "/lib") + (string-append "-Dplibpth=" libc "/lib")))))) (add-before 'strip 'make-shared-objects-writable @@ -101,34 +109,7 @@ (define-public perl (lib (string-append out "/lib"))) (for-each (lambda (dso) (chmod dso #o755)) - (find-files lib "\\.so$"))))) - - (add-after 'install 'remove-extra-references - (lambda* (#:key inputs outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (libc (assoc-ref inputs "libc")) - (config1 (car (find-files (string-append out "/lib/perl5") - "^Config_heavy\\.pl$"))) - (config2 (find-files (string-append out "/lib/perl5") - "^Config\\.pm$"))) - ;; Force the library search path to contain only libc because - ;; it is recorded in Config.pm and Config_heavy.pl; we don't - ;; want to keep a reference to everything that's in - ;; $LIBRARY_PATH at build time (GCC, Binutils, bzip2, file, - ;; etc.) - (substitute* config1 - (("^incpth=.*$") - (string-append "incpth='" libc "/include'\n")) - (("^(libpth|plibpth|libspath)=.*$" _ variable) - (string-append variable "='" libc "/lib'\n"))) - - (for-each (lambda (file) - (substitute* config2 - (("libpth => .*$") - (string-append "libpth => '" libc - "/lib',\n")))) - config2) - #t)))))) + (find-files lib "\\.so$")))))))) (native-search-paths (list (search-path-specification (variable "PERL5LIB") (files '("lib/perl5/site_perl"))))) diff --git a/gnu/packages/plotutils.scm b/gnu/packages/plotutils.scm index c913955975..74d209192f 100644 --- a/gnu/packages/plotutils.scm +++ b/gnu/packages/plotutils.scm @@ -186,8 +186,7 @@ (define-public asymptote ;; "help" command in interactive mode, so adding a "doc" output is not ;; currently useful. (native-inputs - `(("gs" ,ghostscript-gs) ;For tests - ("gs-2" ,ghostscript) ;For dvipdfm + `(("gs" ,ghostscript) ;For tests ("texinfo" ,texinfo) ;For generating documentation ("texlive" ,texlive) ;For tests and documentation ("emacs" ,emacs-minimal) diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index 1a7f2c5e8e..5d36dbefc9 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -2,7 +2,6 @@ ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès ;;; Copyright © 2014, 2015, 2016 Mark H Weaver ;;; Copyright © 2016 Efraim Flashner -;;; Copyright © 2016 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. ;;; @@ -136,7 +135,6 @@ (define-public pulseaudio (arguments `(#:configure-flags (list "--localstatedir=/var" ;"--sysconfdir=/etc" "--disable-oss-output" - "--enable-bluez5" (string-append "--with-udev-rules-dir=" (assoc-ref %outputs "out") "/lib/udev/rules.d")) @@ -152,9 +150,8 @@ (define-public pulseaudio %standard-phases))) (inputs ;; TODO: Add optional inputs (GTK+?). - `(("alsa-lib" ,alsa-lib) - ("bluez" ,bluez) - ("sbc" ,sbc) + `(;; ("sbc" ,sbc) + ("alsa-lib" ,alsa-lib) ("json-c" ,json-c) ("speex" ,speex) ("libsndfile" ,libsndfile) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 470bad84ff..51b57e3fe9 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -101,7 +101,7 @@ (define-module (gnu packages python) (define-public python-2.7 (package (name "python") - (version "2.7.11") + (version "2.7.10") (source (origin (method url-fetch) @@ -109,44 +109,56 @@ (define-public python-2.7 version "/Python-" version ".tar.xz")) (sha256 (base32 - "0iiz844riiznsyhhyy962710pz228gmhv8qi3yk4w4jhmx2lqawn")) - (patches (search-patches "python-2.7-search-paths.patch" - "python-2-deterministic-build-info.patch" - "python-2.7-source-date-epoch.patch")) - (modules '((guix build utils))) - ;; suboptimal to delete failing tests here, but if we delete them in the - ;; arguments then we need to make sure to strip out that phase when it - ;; gets inherited by python and python-minimal. - (snippet - '(begin - (for-each delete-file - '("Lib/test/test_compileall.py" - "Lib/test/test_distutils.py" - "Lib/test/test_import.py" - "Lib/test/test_shutil.py" - "Lib/test/test_socket.py" - "Lib/test/test_subprocess.py")) - #t)))) + "1h7zbrf9pkj29hlm18b10548ch9757f75m64l47sy75rh43p7lqw")) + (patches (search-patches + "python-2.7-search-paths.patch" + "python-2-deterministic-build-info.patch" + "python-2.7-source-date-epoch.patch")))) (outputs '("out" "tk")) ;tkinter; adds 50 MiB to the closure (build-system gnu-build-system) (arguments - `(;; 356 tests OK. - ;; 6 tests failed: - ;; test_compileall test_distutils test_import test_shutil test_socket - ;; test_subprocess - ;; 39 tests skipped: + `(#:tests? #f + ;; 268 tests OK. + ;; 103 tests failed: + ;; test_distutils test_shutil test_signal test_site test_slice + ;; test_smtplib test_smtpnet test_socket test_socketserver + ;; test_softspace test_sort test_spwd test_sqlite test_ssl + ;; test_startfile test_stat test_str test_strftime test_string + ;; test_stringprep test_strop test_strptime test_strtod test_struct + ;; test_structmembers test_structseq test_subprocess test_sunau + ;; test_sunaudiodev test_sundry test_symtable test_syntax test_sys + ;; test_sys_setprofile test_sys_settrace test_sysconfig test_tarfile + ;; test_tcl test_telnetlib test_tempfile test_textwrap test_thread + ;; test_threaded_import test_threadedtempfile test_threading + ;; test_threading_local test_threadsignals test_time test_timeit + ;; test_timeout test_tk test_tokenize test_tools test_trace + ;; test_traceback test_transformer test_ttk_guionly test_ttk_textonly + ;; test_tuple test_typechecks test_ucn test_unary + ;; test_undocumented_details test_unicode test_unicode_file + ;; test_unicodedata test_univnewlines test_univnewlines2k test_unpack + ;; test_urllib test_urllib2 test_urllib2_localnet test_urllib2net + ;; test_urllibnet test_urlparse test_userdict test_userlist + ;; test_userstring test_uu test_uuid test_wait3 test_wait4 + ;; test_warnings test_wave test_weakref test_weakset test_whichdb + ;; test_winreg test_winsound test_with test_wsgiref test_xdrlib + ;; test_xml_etree test_xml_etree_c test_xmllib test_xmlrpc + ;; test_xpickle test_xrange test_zipfile test_zipfile64 + ;; test_zipimport test_zipimport_support test_zlib + ;; 30 tests skipped: ;; test_aepack test_al test_applesingle test_bsddb test_bsddb185 ;; test_bsddb3 test_cd test_cl test_codecmaps_cn test_codecmaps_hk - ;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_curses - ;; test_dl test_gdb test_gl test_imageop test_imgfile test_ioctl - ;; test_kqueue test_linuxaudiodev test_macos test_macostools - ;; test_msilib test_ossaudiodev test_scriptpackages test_smtpnet - ;; test_socketserver test_startfile test_sunaudiodev test_timeout - ;; test_tk test_ttk_guionly test_urllib2net test_urllibnet - ;; test_winreg test_winsound test_zipfile64 - ;; 4 skips unexpected on linux2: - ;; test_bsddb test_bsddb3 test_gdb test_ioctl + ;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_crypt + ;; test_curses test_dl test_gdb test_gl test_idle test_imageop + ;; test_imgfile test_ioctl test_kqueue test_linuxaudiodev test_macos + ;; test_macostools test_msilib test_nis test_ossaudiodev + ;; test_scriptpackages + ;; 6 skips unexpected on linux2: + ;; test_bsddb test_bsddb3 test_crypt test_gdb test_idle test_ioctl + ;; One of the typical errors: + ;; test_unicode + ;; test test_unicode crashed -- : [Errno 2] No + ;; such file or directory #:test-target "test" #:configure-flags (list "--enable-shared" ;allow embedding @@ -196,13 +208,6 @@ (define-public python-2.7 (lambda _ ;; 'Lib/test/test_site.py' needs a valid $HOME (setenv "HOME" (getcwd)) - ,@(if (string-prefix? "mips64el" (%current-system)) - - ;; XXX: The following test fails on mips64el. - '((false-if-exception - (delete-file "Lib/test/test_ctypes.py"))) - - '()) #t)) (add-after 'unpack 'set-source-file-times-to-1980 @@ -216,37 +221,6 @@ (define-public python-2.7 (utime file circa-1980 circa-1980) #t)) #t))) - (add-after 'install 'remove-tests - ;; Remove 25 MiB of unneeded unit tests. Keep test_support.* - ;; because these files are used by some libraries out there. - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (match (scandir (string-append out "/lib") - (lambda (name) - (string-prefix? "python" name))) - ((pythonX.Y) - (let ((testdir (string-append out "/lib/" pythonX.Y - "/test"))) - (with-directory-excursion testdir - (for-each delete-file-recursively - (scandir testdir - (match-lambda - ((or "." "..") #f) - (file - (not - (string-prefix? "test_support." - file)))))) - (call-with-output-file "__init__.py" (const #t)) - #t))))))) - (add-before 'strip 'make-libraries-writable - (lambda* (#:key outputs #:allow-other-keys) - ;; Make .so files writable so they can be stripped. - (let ((out (assoc-ref outputs "out"))) - (for-each (lambda (file) - (chmod file #o755)) - (find-files (string-append out "/lib") - "\\.so")) - #t))) (add-after 'install 'move-tk-inter (lambda* (#:key outputs #:allow-other-keys) ;; When Tkinter support is built move it to a separate output so @@ -379,8 +353,8 @@ (define* (wrap-python3 python (lambda (old new) (symlink (string-append python old) (string-append bin "/" new))) - '("python3" "pydoc3" "idle3") - '("python" "pydoc" "idle")))))) + `("python3" ,"pydoc3" ,"idle3") + `("python" ,"pydoc" ,"idle")))))) (synopsis "Wrapper for the Python 3 commands") (description "This package provides wrappers for the commands of Python@tie{}3.x such @@ -3672,14 +3646,14 @@ (define-public python2-sqlalchemy (define-public python-alembic (package (name "python-alembic") - (version "0.8.7") + (version "0.8.4") (source (origin (method url-fetch) (uri (pypi-uri "alembic" version)) (sha256 (base32 - "0ias6fdzwr2s220fnjspkdgm9510bd0cnap0hx5y4zy4srba9f3z")))) + "0jk23a852l3ybv7gfz81xzslyrnqnpjds5x15zd234y9rh9gq1w5")))) (build-system python-build-system) (native-inputs `(("python-mock" ,python-mock) diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 797cd153d2..e4cd72a7b6 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer -;;; Copyright © 2015, 2016 Federico Beffa +;;; Copyright © 2015 Federico Beffa ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Jan Nieuwenhuizen @@ -23,23 +23,17 @@ (define-module (gnu packages scheme) #:use-module (gnu packages) - #:use-module ((guix licenses) - #:select (gpl2+ lgpl2.0+ lgpl2.1+ asl2.0 bsd-3 - cc-by-sa4.0)) + #:use-module ((guix licenses) #:hide (openssl)) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) - #:use-module (gnu packages compression) #:use-module (gnu packages m4) #:use-module (gnu packages multiprecision) - #:use-module (gnu packages ncurses) #:use-module (gnu packages databases) #:use-module (gnu packages emacs) - #:use-module (gnu packages ghostscript) - #:use-module (gnu packages netpbm) #:use-module (gnu packages texinfo) #:use-module (gnu packages tex) #:use-module (gnu packages base) @@ -593,160 +587,6 @@ (define-public chibi-scheme threads.") (license bsd-3))) -(define nanopass - (let ((version "1.9")) - (origin - (method url-fetch) - (uri (string-append - "https://github.com/nanopass/nanopass-framework-scheme/archive" - "/v" version ".tar.gz")) - (sha256 (base32 "11pwyy4jiwhcl2am3a4ciczacjbjkyvdizqzdglb3l1hj2gj6nv2")) - (file-name (string-append "nanopass-" version ".tar.gz"))))) - -(define stex - (let ((version "1.2.1")) - (origin - (method url-fetch) - (uri (string-append - "https://github.com/dybvig/stex/archive" - "/v" version ".tar.gz")) - (sha256 (base32 "03pl3f668h24dn51vccr1sj5lsba9zq3j37bnxjvdadcdaj4qy5z")) - (file-name (string-append "stex-" version ".tar.gz"))))) - -(define-public chez-scheme - (package - (name "chez-scheme") - (version "9.4") - (source - (origin - (method url-fetch) - (uri (string-append "https://github.com/cisco/ChezScheme/archive/" - "v" version ".tar.gz")) - (sha256 - (base32 "0lprmpsjg2plc6ykgkz482zyvhkzv6gd0vnar71ph21h6zknyklz")) - (file-name (string-append "chez-scheme-" version ".tar.gz")))) - (build-system gnu-build-system) - (inputs - `(("ncurses" ,ncurses) - ("libx11" ,libx11) - ("xorg-rgb" ,xorg-rgb) - ("nanopass" ,nanopass) - ("zlib" ,zlib) - ("stex" ,stex))) - (native-inputs - `(("texlive" ,texlive) - ("ghostscript" ,ghostscript-gs) - ("netpbm" ,netpbm))) - (outputs '("out" "doc")) - (arguments - `(#:modules ((guix build gnu-build-system) - (guix build utils) - (ice-9 match)) - #:test-target "test" - #:phases - (modify-phases %standard-phases - ;; Adapt the custom 'configure' script. - (replace 'configure - (lambda* (#:key inputs outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out")) - (nanopass (assoc-ref inputs "nanopass")) - (stex (assoc-ref inputs "stex")) - (zlib (assoc-ref inputs "zlib")) - (unpack (assoc-ref %standard-phases 'unpack)) - (patch-source-shebangs - (assoc-ref %standard-phases 'patch-source-shebangs))) - (map (match-lambda - ((src orig-name new-name) - (with-directory-excursion "." - (apply unpack (list #:source src)) - (apply patch-source-shebangs (list #:source src))) - (delete-file-recursively new-name) - (system* "mv" orig-name new-name))) - `((,nanopass "nanopass-framework-scheme-1.9" "nanopass") - (,stex "stex-1.2.1" "stex"))) - ;; The Makefile wants to download and compile "zlib". We patch - ;; it to use the one from our 'zlib' package. - (substitute* "configure" - (("rmdir zlib .*$") "echo \"using system zlib\"\n")) - (substitute* (find-files "./c" "Mf-[a-zA-Z0-9.]+") - (("\\$\\{Kernel\\}: \\$\\{kernelobj\\} \\.\\./zlib/libz\\.a") - "${Kernel}: ${kernelobj}") - (("ld -melf_x86_64 -r -X -o \\$\\{Kernel\\} \\$\\{kernelobj\\} \\.\\./zlib/libz\\.a") - (string-append "ld -melf_x86_64 -r -X -o ${Kernel} ${kernelobj} " - zlib "/lib/libz.a")) - (("\\(cd \\.\\./zlib; CFLAGS=-m64 \\./configure --64)") - (which "true")) - (("(cd \\.\\./zlib; make)") - (which "true"))) - (substitute* (find-files "mats" "Mf-.*") - (("^[[:space:]]+(cc ) *") "\tgcc ")) - (substitute* - (find-files "." (string-append - "(" - "Mf-[a-zA-Z0-9.]+" - "|Makefile[a-zA-Z0-9.]*" - "|checkin" - "|stex\\.stex" - "|newrelease" - "|workarea" - ;;"|[a-zA-Z0-9.]+\\.ms" ; guile can't read - ")")) - (("/bin/rm") (which "rm")) - (("/bin/ln") (which "ln")) - (("/bin/cp") (which "cp"))) - (substitute* "makefiles/installsh" - (("/bin/true") (which "true"))) - (substitute* "stex/Makefile" - (("PREFIX=/usr") (string-append "PREFIX=" out))) - (zero? (system* "./configure" "--threads" - (string-append "--installprefix=" out)))))) - ;; Installation of the documentation requires a running "chez". - (add-after 'install 'install-doc - (lambda* (#:key inputs outputs #:allow-other-keys) - (let ((bin (string-append (assoc-ref outputs "out") "/bin")) - (doc (string-append (assoc-ref outputs "doc") - "/share/doc/" ,name "-" ,version))) - (setenv "HOME" (getcwd)) - (setenv "PATH" (string-append (getenv "PATH") ":" bin)) - (with-directory-excursion "stex" - (system* "make" (string-append "BIN=" bin))) - (system* "make" "docs") - (with-directory-excursion "csug" - (substitute* "Makefile" - (("/tmp/csug9") doc) - (("^m = a6le") - "m := $(shell echo '(machine-type)' | scheme -q)")) - (system* "make" "install") - (install-file "csug.pdf" doc)) - (with-directory-excursion "release_notes" - (install-file "release_notes.pdf" doc)) - #t))) - ;; The binary file name is called "scheme" as the one from MIT/GNU - ;; Scheme. We add a symlink to use in case both are installed. - (add-after 'install 'install-symlink - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (bin (string-append out "/bin")) - (lib (string-append out "/lib")) - (name "chez-scheme")) - (symlink (string-append bin "/scheme") - (string-append bin "/" name)) - (map (lambda (file) - (symlink file (string-append (dirname file) - "/" name ".boot"))) - (find-files lib "scheme.boot")) - #t)))))) - ;; According to the documentation MIPS is not supported. - (supported-systems (delete "mips64el-linux" %supported-systems)) - (home-page "http://www.scheme.com") - (synopsis "R6RS Scheme compiler and run-time") - (description - "Chez Scheme is a compiler and run-time system for the language of the -Revised^6 Report on Scheme (R6RS), with numerous extensions. The compiler -generates native code for each target processor, with support for x86, x86_64, -and 32-bit PowerPC architectures.") - (license asl2.0))) - (define-public scmutils (let () (define (system-suffix) diff --git a/gnu/packages/skribilo.scm b/gnu/packages/skribilo.scm index 40bf659297..52ed1c34e3 100644 --- a/gnu/packages/skribilo.scm +++ b/gnu/packages/skribilo.scm @@ -63,8 +63,7 @@ (define-public skribilo #:parallel-build? #f)) - (native-inputs `(("pkg-config" ,pkg-config) - ("ghostscript-gs" , ghostscript-gs))) + (native-inputs `(("pkg-config" ,pkg-config))) (inputs `(("guile" ,guile-2.0) ("imagemagick" ,imagemagick) diff --git a/gnu/packages/swig.scm b/gnu/packages/swig.scm index a615796745..096cfd5f88 100644 --- a/gnu/packages/swig.scm +++ b/gnu/packages/swig.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2015, 2016 Ludovic Courtès +;;; Copyright © 2013, 2015 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; ;;; This file is part of GNU Guix. @@ -41,9 +41,10 @@ (define-public swig (base32 "0g1a69vrqxgsnr1wkx851ljn73a2x3jqzxa66s2l3w0kyblbjk4z")))) (build-system gnu-build-system) - (native-inputs `(("boost" ,boost) - ("pcre" ,pcre "bin"))) ;for 'pcre-config' - (inputs `(;; Provide these to run the corresponding tests. + (native-inputs `(("boost" ,boost))) + (inputs `(("pcre" ,pcre) + + ;; Provide these to run the corresponding tests. ("guile" ,guile-2.0) ("perl" ,perl))) ;; FIXME: reactivate input python as soon as the test failures diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm index 9dde8a9eab..4350fefa2e 100644 --- a/gnu/packages/tex.scm +++ b/gnu/packages/tex.scm @@ -4,7 +4,6 @@ ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016 Roel Janssen ;;; Copyright © 2016 Efraim Flashner -;;; Copyright © 2016 Federico Beffa ;;; ;;; This file is part of GNU Guix. ;;; @@ -187,11 +186,6 @@ (define texlive-texmf `(#:modules ((guix build gnu-build-system) (guix build utils) (srfi srfi-26)) - - ;; This package takes 4 GiB, which we can't afford to distribute from - ;; our servers. - #:substitutable? #f - #:phases (modify-phases (map (cut assq <> %standard-phases) '(set-paths unpack patch-source-shebangs)) @@ -212,10 +206,7 @@ (define texlive-texmf ;; Register SHARE as TEXMFROOT in texmf.cnf. (substitute* texmfcnf (("TEXMFROOT = \\$SELFAUTOPARENT") - (string-append "TEXMFROOT = " share)) - (("TEXMFLOCAL = \\$SELFAUTOGRANDPARENT/texmf-local") - "TEXMFLOCAL = $SELFAUTODIR/share/texmf-local") - (("!!\\$TEXMFLOCAL") "$TEXMFLOCAL")) + (string-append "TEXMFROOT = " share))) ;; Register paths in texmfcnf.lua, needed for context. (substitute* (string-append texmfroot "/texmfcnf.lua") (("selfautodir:") out) @@ -251,10 +242,6 @@ (define-public texlive (inputs `(("bash" ,bash) ; for wrap-program ("texlive-bin" ,texlive-bin) ("texlive-texmf" ,texlive-texmf))) - (native-search-paths - (list (search-path-specification - (variable "TEXMFLOCAL") - (files '("share/texmf-local"))))) (arguments `(#:modules ((guix build utils)) #:builder @@ -306,8 +293,7 @@ (define-public texlive ;; texlive-texmf-minimal is a pruned, small version of the texlive tree, -;; in particular dropping documentation and fonts. It weighs in at 470 MiB -;; instead of 4 GiB. +;; in particular dropping documentation and fonts. (define texlive-texmf-minimal (package (inherit texlive-texmf) (name "texlive-texmf-minimal") @@ -367,10 +353,6 @@ (define-public texlive-minimal (inputs `(("texlive-texmf" ,texlive-texmf-minimal) ,@(alist-delete "texlive-texmf" (package-inputs texlive)))) - (native-search-paths - (list (search-path-specification - (variable "TEXMFLOCAL") - (files '("share/texmf-local"))))) (description "TeX Live provides a comprehensive TeX document production system. It includes all the major TeX-related programs, macro packages, and fonts diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm index d645ef4bc1..4921b10124 100644 --- a/gnu/packages/texinfo.scm +++ b/gnu/packages/texinfo.scm @@ -32,14 +32,14 @@ (define-module (gnu packages texinfo) (define-public texinfo (package (name "texinfo") - (version "6.1") + (version "6.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/texinfo/texinfo-" version ".tar.xz")) (sha256 (base32 - "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c")))) + "1r3i6jyynn6ab45fxw5bms8mflk9ry4qpj6gqyry72vfd5c47fhi")))) (build-system gnu-build-system) (native-inputs `(("procps" ,procps))) ;one of the tests needs pgrep (inputs `(("ncurses" ,ncurses) @@ -62,6 +62,18 @@ (define-public texinfo is on expressing the content semantically, avoiding physical markup commands.") (license gpl3+))) +(define-public texinfo-6.1 + (package + (inherit texinfo) + (version "6.1") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/texinfo/texinfo-" + version ".tar.xz")) + (sha256 + (base32 + "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c")))))) + (define-public texinfo-5 (package (inherit texinfo) (version "5.2") @@ -93,10 +105,10 @@ (define-public info-reader ;; The idea of this package is to have the standalone Info reader without ;; the dependency on Perl that 'makeinfo' drags. (package - (inherit texinfo) + (inherit texinfo-6.1) (name "info-reader") (arguments - `(#:disallowed-references ,(assoc-ref (package-inputs texinfo) + `(#:disallowed-references ,(assoc-ref (package-inputs texinfo-6.1) "perl") #:modules ((ice-9 ftw) (srfi srfi-1) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 92564ba24d..73c1e42db1 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -36,7 +36,6 @@ (define-module (gnu packages tls) #:use-module (gnu packages guile) #:use-module (gnu packages libffi) #:use-module (gnu packages libidn) - #:use-module (gnu packages linux) #:use-module (gnu packages ncurses) #:use-module (gnu packages nettle) #:use-module (gnu packages perl) @@ -48,7 +47,7 @@ (define-module (gnu packages tls) (define-public libtasn1 (package (name "libtasn1") - (version "4.8") + (version "4.7") (source (origin (method url-fetch) @@ -56,7 +55,7 @@ (define-public libtasn1 version ".tar.gz")) (sha256 (base32 - "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s")))) + "1j8iixynchziw1y39lnibyl5h81m4p78w3i4f28q2vgwjgf801x4")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "http://www.gnu.org/software/libtasn1/") @@ -66,8 +65,22 @@ (define-public libtasn1 for transmitting machine-neutral encodings of data objects in computer networking, allowing for formal validation of data according to some specifications.") + (replacement libtasn1/fixed) (license license:lgpl2.0+))) +(define libtasn1/fixed ;for CVE-2016-4008 + (package + (inherit libtasn1) + (source + (let ((version "4.8")) + (origin + (method url-fetch) + (uri (string-append "mirror://gnu/libtasn1/libtasn1-" + version ".tar.gz")) + (sha256 + (base32 + "04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))))) + (define-public p11-kit (package (name "p11-kit") @@ -109,7 +122,7 @@ (define-public p11-kit (define-public gnutls (package (name "gnutls") - (version "3.5.2") + (version "3.4.7") (source (origin (method url-fetch) (uri @@ -120,7 +133,7 @@ (define-public gnutls "/gnutls-" version ".tar.xz")) (sha256 (base32 - "10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b")))) + "0nifi3mr5jhz608pidkp8cjs4vwfj1m2qczsjrgpnp99615rxgn1")))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -159,8 +172,7 @@ (define-public gnutls "debug" "doc")) ;4.1 MiB of man pages (native-inputs - `(("net-tools" ,net-tools) - ("pkg-config" ,pkg-config) + `(("pkg-config" ,pkg-config) ("which" ,which))) (inputs `(("guile" ,guile-2.0) @@ -171,7 +183,7 @@ (define-public gnutls ("libidn" ,libidn) ("nettle" ,nettle) ("zlib" ,zlib))) - (home-page "https://www.gnu.org/software/gnutls/") + (home-page "http://www.gnu.org/software/gnutls/") (synopsis "Transport layer security library") (description "GnuTLS is a secure communications library implementing the SSL, TLS @@ -185,7 +197,8 @@ (define-public gnutls (define-public openssl (package (name "openssl") - (version "1.0.2h") + (version "1.0.2g") + (replacement openssl/fixed) (source (origin (method url-fetch) (uri (list (string-append "ftp://ftp.openssl.org/source/" @@ -195,25 +208,15 @@ (define-public openssl "/" name "-" version ".tar.gz"))) (sha256 (base32 - "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) + "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p")) (patches (search-patches "openssl-runpath.patch" - "openssl-c-rehash-in.patch" - "openssl-CVE-2016-2177.patch" - "openssl-CVE-2016-2178.patch")))) + "openssl-c-rehash-in.patch")))) (build-system gnu-build-system) - (outputs '("out" - "doc" ;1.5MiB of man3 pages - "static")) ;6MiB of .a files (native-inputs `(("perl" ,perl))) (arguments - `(#:disallowed-references (,perl) - #:parallel-build? #f + `(#:parallel-build? #f #:parallel-tests? #f #:test-target "test" - - ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure, - ;; so we explicitly disallow it here. - #:disallowed-references ,(list (canonical-package perl)) #:phases (modify-phases %standard-phases (add-before @@ -260,33 +263,6 @@ (define-public openssl (find-files (string-append out "/lib") "\\.so")) #t))) - (add-after 'install 'move-static-libraries - (lambda* (#:key outputs #:allow-other-keys) - ;; Move static libraries to the "static" output. - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (static (assoc-ref outputs "static")) - (slib (string-append static "/lib"))) - (mkdir-p slib) - (for-each (lambda (file) - (install-file file slib) - (delete-file file)) - (find-files lib "\\.a$")) - #t))) - (add-after 'install 'move-man3-pages - (lambda* (#:key outputs #:allow-other-keys) - ;; Move section 3 man pages to "doc". - (let* ((out (assoc-ref outputs "out")) - (man3 (string-append out "/share/man/man3")) - (doc (assoc-ref outputs "doc")) - (target (string-append doc "/share/man/man3"))) - (mkdir-p target) - (for-each (lambda (file) - (rename-file file - (string-append target "/" - (basename file)))) - (find-files man3)) - #t))) (add-before 'patch-source-shebangs 'patch-tests (lambda* (#:key inputs native-inputs #:allow-other-keys) @@ -323,6 +299,27 @@ (define-public openssl (license license:openssl) (home-page "http://www.openssl.org/"))) +(define openssl/fixed + (package + (inherit openssl) + (source + (let ((name "openssl") + (version "1.0.2h")) + (origin + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x")) + (patches (search-patches "openssl-runpath.patch" + "openssl-c-rehash-in.patch" + "openssl-CVE-2016-2177.patch" + "openssl-CVE-2016-2178.patch"))))))) + (define-public libressl (package (name "libressl") diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 767715d1b1..dfd13cf581 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -174,12 +174,7 @@ (define-public git (("/bin/sh") (which "sh")) (("/usr/bin/perl") (which "perl")) (("/usr/bin/python") (which "python"))))) - (add-after 'configure 'add-PM.stamp - (lambda _ - ;; Add the "PM.stamp" to avoid "no rule to make target". - (call-with-output-file "perl/PM.stamp" (const #t)) - #t)) - (add-after 'install 'install-shell-completion + (add-after 'install 'install-shell-completion (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (completions (string-append out "/etc/bash_completion.d"))) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index e3da8f1b46..7089c99665 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -330,7 +330,7 @@ (define-public libdv (define-public libva (package (name "libva") - (version "1.7.0") + (version "1.6.1") (source (origin (method url-fetch) @@ -338,7 +338,7 @@ (define-public libva "https://www.freedesktop.org/software/vaapi/releases/libva/libva-" version".tar.bz2")) (sha256 - (base32 "0py9igf4kicj7ji22bjawkpd6my013qpg0s4ir2np9l1rk5vr2d6")))) + (base32 "0bjfb5s8dk3lql843l91ffxzlq47isqks5sj19cxh7j3nhzw58kz")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -369,7 +369,7 @@ (define-public libva #:make-flags (list (string-append "dummy_drv_video_ladir=" (assoc-ref %outputs "out") "/lib/dri")))) - (home-page "https://www.freedesktop.org/wiki/Software/vaapi/") + (home-page "http://www.freedesktop.org/wiki/Software/vaapi/") (synopsis "Video acceleration library") (description "The main motivation for VA-API (Video Acceleration API) is to enable hardware accelerated video decode/encode at various @@ -625,12 +625,6 @@ (define-public vlc (arguments `(#:configure-flags `("--disable-a52" ; FIXME: reenable once available - - ;; Gross workaround for . - ;; In our case, this led to a test failure: - ;; test_libvlc_equalizer: libvlc/equalizer.c:122: test_equalizer: Assertion `isnan(libvlc_audio_equalizer_get_amp_at_index (equalizer, u_bands))' failed. - "ac_cv_c_fast_math=no" - ,(string-append "LDFLAGS=-Wl,-rpath -Wl," (assoc-ref %build-inputs "ffmpeg") "/lib")) ;needed for the tests diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index fa791ffbe1..c17bcc8f47 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -85,10 +85,10 @@ (define-public httpd (base32 "0n2yx3gjlpr4kgqx845fj6amnmg25r2l6a7rzab5hxnpmar985hc")))) (build-system gnu-build-system) - (native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config' (inputs `(("apr" ,apr) ("apr-util" ,apr-util) ("openssl" ,openssl) + ("pcre" ,pcre) ("perl" ,perl))) ; needed to run bin/apxs (arguments `(#:test-target "test" diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm index 03a896b8e1..54cb65503c 100644 --- a/gnu/packages/wine.scm +++ b/gnu/packages/wine.scm @@ -52,7 +52,7 @@ (define-module (gnu packages wine) (define-public wine (package (name "wine") - (version "1.9.15") + (version "1.9.4") (source (origin (method url-fetch) (uri (string-append "https://dl.winehq.org/wine/source/" @@ -60,7 +60,7 @@ (define-public wine "/wine-" version ".tar.bz2")) (sha256 (base32 - "1nmd65knzyh8b0yhxlqqvzai5rpnmhhm0c46n789zr5hj74jm6fg")))) + "1f5v1gns0xs512a6ym785cn29j8dxdbnxnvkg8v0p1w0p6vfmhbm")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config) ("gettext" ,gnu-gettext) diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 226e5c1ca1..485bbc491a 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -264,7 +264,7 @@ (define-public pixman (define-public libdrm (package (name "libdrm") - (version "2.4.67") + (version "2.4.65") (source (origin (method url-fetch) @@ -274,7 +274,7 @@ (define-public libdrm ".tar.bz2")) (sha256 (base32 - "1gnf206zs8dwszvkv4z2hbvh23045z0q29kms127bqrv27hp2nzf")) + "1i4n7mz49l0j4kr0dg9n1j3hlc786ncqgj0v5fci1mz7pp40m5ki")) (patches (search-patches "libdrm-symbol-check.patch")))) (build-system gnu-build-system) (inputs diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index e97a0b01ea..af597b801a 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -7,7 +7,6 @@ ;;; Copyright © 2015, 2016 Mark H Weaver ;;; Copyright © 2015, 2016 Efraim Flashner ;;; Copyright © 2015 Raimon Grau -;;; Copyright © 2016 Mathieu Lirzin ;;; Copyright © 2016 Leo Famulari ;;; ;;; This file is part of GNU Guix. @@ -47,17 +46,16 @@ (define-module (gnu packages xml) (define-public expat (package (name "expat") - (version "2.1.1") + (replacement expat/fixed) + (version "2.1.0") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/expat/expat/" - version "/expat-" version ".tar.bz2")) - (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch" - "expat-CVE-2015-1283-refix.patch" - "expat-CVE-2016-0718.patch")) + version "/expat-" version ".tar.gz")) (sha256 (base32 - "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg")))) + "11pblz61zyxh68s5pdcbhc30ha1b2vfjd83aiwfg4vc15x3hadw2")) + (patches (search-patches "expat-CVE-2015-1283.patch")))) (build-system gnu-build-system) (home-page "http://www.libexpat.org/") (synopsis "Stream-oriented XML parser library written in C") @@ -67,17 +65,28 @@ (define-public expat things the parser might find in the XML document (like start tags).") (license license:expat))) +(define expat/fixed + (package + (inherit expat) + (source (origin + (inherit (package-source expat)) + (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch" + "expat-CVE-2015-1283.patch" + "expat-CVE-2015-1283-refix.patch" + "expat-CVE-2016-0718.patch")))))) + (define-public libxml2 (package (name "libxml2") - (version "2.9.4") + (version "2.9.3") + (replacement libxml2/fixed) ;multiple CVEs (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-" version ".tar.gz")) (sha256 (base32 - "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz")))) + "0bd17g6znn2r98gzpjppsqjg33iraky4px923j3k8kdl8qgy7sad")))) (build-system gnu-build-system) (home-page "http://www.xmlsoft.org/") (synopsis "C parser for XML") @@ -97,6 +106,20 @@ (define-public libxml2 project (but it is usable outside of the Gnome platform).") (license license:x11))) +(define libxml2/fixed + (package + (inherit libxml2) + (source + (let ((name "libxml2") + (version "2.9.4")) + (origin + (method url-fetch) + (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-" + version ".tar.gz")) + (sha256 + (base32 + "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz"))))))) + (define-public python-libxml2 (package (inherit libxml2) (name "python-libxml2") @@ -130,15 +153,16 @@ (define-public python2-libxml2 (define-public libxslt (package (name "libxslt") - (version "1.1.29") + (version "1.1.28") + (replacement libxslt/fixed) ; CVE-2016-1683 and CVE-2016-1684 (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" version ".tar.gz")) (sha256 (base32 - "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")) - (patches (search-patches "libxslt-generated-ids.patch")))) + "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz")) + (patches (search-patches "libxslt-CVE-2015-7995.patch")))) (build-system gnu-build-system) (home-page "http://xmlsoft.org/XSLT/index.html") (synopsis "C library for applying XSLT stylesheets to XML documents") @@ -151,6 +175,19 @@ (define-public libxslt based on libxml for XML parsing, tree manipulation and XPath support.") (license license:x11))) +(define-public libxslt/fixed + (package + (inherit libxslt) + (source + (let ((version "1.1.29")) + (origin + (method url-fetch) + (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" + version ".tar.gz")) + (sha256 + (base32 + "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))))))) + (define-public perl-xml-parser (package (name "perl-xml-parser") @@ -207,7 +244,7 @@ (define-public perl-libxml (define-public perl-xml-libxml (package (name "perl-xml-libxml") - (version "2.0128") + (version "2.0125") (source (origin (method url-fetch) @@ -215,7 +252,7 @@ (define-public perl-xml-libxml "XML-LibXML-" version ".tar.gz")) (sha256 (base32 - "0awgd2gjzy7kn38bqblsigikzl81xsi561phkz9f9b9v3x2vmrr6")))) + "1mvbv1pwpdqni9ia9b6brg8brnnvfxr8j5x872qsngc92gipyh01")))) (build-system perl-build-system) (propagated-inputs `(("perl-xml-namespacesupport" ,perl-xml-namespacesupport) diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 0b91f2d203..b0a6fd61a1 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -4404,30 +4404,7 @@ (define-public xwud formatted dump file, such as produced by xwd.") (license license:x11))) -(define-public xorg-rgb - (package - (name "xorg-rgb") - (version "1.0.6") - (source - (origin - (method url-fetch) - (uri (string-append - "mirror://xorg/individual/app/rgb-" - version - ".tar.bz2")) - (sha256 - (base32 - "1c76zcjs39ljil6f6jpx1x17c8fnvwazz7zvl3vbjfcrlmm7rjmv")))) - (build-system gnu-build-system) - (inputs - `(("xproto" ,xproto))) - (native-inputs - `(("pkg-config" ,pkg-config))) - (home-page "http://www.x.org/wiki/") - (synopsis "X color name database") - (description - "This package provides the X color name database.") - (license license:x11))) + ;; packages of height 1 in the propagated-inputs tree diff --git a/gnu/packages/zsh.scm b/gnu/packages/zsh.scm index 64dd635755..fba7bb19b8 100644 --- a/gnu/packages/zsh.scm +++ b/gnu/packages/zsh.scm @@ -29,7 +29,7 @@ (define-module (gnu packages zsh) (define-public zsh (package (name "zsh") - (version "5.2") + (version "5.1.1") (source (origin (method url-fetch) (uri (list (string-append @@ -40,7 +40,7 @@ (define-public zsh ".tar.gz"))) (sha256 (base32 - "0dsr450v8nydvpk8ry276fvbznlrjgddgp7zvhcw4cv69i9lr4ps")))) + "11shllzhq53fg8ngy3bgbmpf09fn2czifg7hsb41nxi3410mpvcl")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--with-tcsetpgrp" "--enable-pcre") #:phases (alist-cons-before diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 5acfa2c65b..734a361c37 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -35,7 +35,6 @@ (define-module (gnu system install) #:use-module (gnu packages grub) #:use-module (gnu packages texinfo) #:use-module (gnu packages compression) - #:use-module (gnu packages nvi) #:use-module (ice-9 match) #:use-module (srfi srfi-26) #:export (self-contained-tarball @@ -402,7 +401,6 @@ (define installation-os ;; space; furthermore util-linux's fdisk is already ;; available here, so we keep that. bash-completion - nvi ;:wq! %base-packages)))) ;; Return it here so 'guix system' can consume it directly. diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm index c3948900eb..593117ef36 100644 --- a/gnu/system/shadow.scm +++ b/gnu/system/shadow.scm @@ -133,6 +133,12 @@ (define %base-user-accounts (define (default-skeletons) "Return the default skeleton files for /etc/skel. These files are copied by 'useradd' in the home directory of newly created user accounts." + (define fonts.conf-content + ;; SXML for ~/.config/fontconfig/fonts.conf. This works around the fact + ;; that Fontconfig currently does not such this directory by default, + ;; thereby ignoring fonts installed system-wide (FIXME). + `(fontconfig (dir "/run/current-system/profile/share/fonts"))) + (define copy-guile-wm (with-imported-modules '((guix build utils)) #~(begin @@ -176,6 +182,22 @@ (define copy-guile-wm (xdefaults (plain-file "Xdefaults" "\ XTerm*utf8: always XTerm*metaSendsEscape: true\n")) + (fonts.conf (computed-file + "fonts.conf" + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils) + (sxml simple)) + + (define dir + (string-append #$output + "/fontconfig")) + + (mkdir-p dir) + (call-with-output-file (string-append dir + "/fonts.conf") + (lambda (port) + (sxml->xml '#$fonts.conf-content port))))))) (gdbinit (plain-file "gdbinit" "\ # Tell GDB where to look for separate debugging files. set debug-file-directory ~/.guix-profile/lib/debug\n"))) @@ -184,6 +206,7 @@ (define copy-guile-wm (".zlogin" ,zlogin) (".Xdefaults" ,xdefaults) (".guile-wm" ,guile-wm) + (".config" ,fonts.conf) (".gdbinit" ,gdbinit)))) (define (skeleton-directory skeletons) diff --git a/guix/build/download.scm b/guix/build/download.scm index 4259f52b7a..307258be92 100644 --- a/guix/build/download.scm +++ b/guix/build/download.scm @@ -737,8 +737,7 @@ (define content-addressed-uris (append-map (lambda (make-url) (filter-map (match-lambda ((hash-algo . hash) - (let ((file (strip-store-file-name file))) - (string->uri (make-url file hash-algo hash))))) + (string->uri (make-url file hash-algo hash)))) hashes)) content-addressed-mirrors)) diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm index 34edff7f40..2abaa6efdc 100644 --- a/guix/build/gnu-build-system.scm +++ b/guix/build/gnu-build-system.scm @@ -303,7 +303,7 @@ (define* (patch-shebangs #:key inputs outputs (patch-shebangs? #t) (define (list-of-files dir) (map (cut string-append dir "/" <>) (or (scandir dir (lambda (f) - (let ((s (lstat (string-append dir "/" f)))) + (let ((s (stat (string-append dir "/" f)))) (eq? 'regular (stat:type s))))) '()))) diff --git a/guix/download.scm b/guix/download.scm index f1422bebc0..8484c31189 100644 --- a/guix/download.scm +++ b/guix/download.scm @@ -282,15 +282,8 @@ (define %content-addressed-mirrors ;; List of content-addressed mirrors. Each mirror is represented as a ;; procedure that takes a file name, an algorithm (symbol) and a hash ;; (bytevector), and returns a URL or #f. - ;; Note: Avoid 'https' to mitigate . ;; TODO: Add more. '(list (lambda (file algo hash) - ;; Files served by 'guix publish' are accessible under a single - ;; hash algorithm. - (string-append "http://mirror.hydra.gnu.org/file/" - file "/" (symbol->string algo) "/" - (bytevector->nix-base32-string hash))) - (lambda (file algo hash) ;; 'tarballs.nixos.org' supports several algorithms. (string-append "http://tarballs.nixos.org/" (symbol->string algo) "/" diff --git a/m4/guix.m4 b/m4/guix.m4 index 949ae4ca7c..a4f83f029a 100644 --- a/m4/guix.m4 +++ b/m4/guix.m4 @@ -280,6 +280,19 @@ AC_DEFUN([GUIX_ASSERT_CXX11], [ fi ]) +dnl GUIX_CHECK_LIBC_MOUNT +dnl +dnl Check whether libc provides 'mount'. On GNU/Hurd it doesn't (yet). +AC_DEFUN([GUIX_CHECK_LIBC_MOUNT], [ + AC_CACHE_CHECK([whether libc provides 'mount'], [guix_cv_libc_has_mount], + [GUILE_CHECK([retval], [(dynamic-func \"mount\" (dynamic-link))]) + if test "$retval" = 0; then + guix_cv_libc_has_mount="yes" + else + guix_cv_libc_has_mount="no" + fi]) +]) + dnl GUIX_LIBGCRYPT_LIBDIR VAR dnl dnl Attempt to determine libgcrypt's LIBDIR; store the result in VAR. diff --git a/tests/guix-environment-container.sh b/tests/guix-environment-container.sh index 12da950eba..5ea6c49263 100644 --- a/tests/guix-environment-container.sh +++ b/tests/guix-environment-container.sh @@ -65,15 +65,10 @@ mount_test_code=" (match (string-split line #\space) ;; Empty line. ((\"\") #f) - ;; Ignore the root file system. - ((_ \"/\" _ _ _ _) + ;; Ignore these types of file systems. + ((_ _ (or \"tmpfs\" \"proc\" \"sysfs\" \"devtmpfs\" + \"devpts\" \"cgroup\" \"mqueue\") _ _ _) #f) - ;; Ignore these types of file systems, except if they - ;; correspond to a parent file system. - ((_ mount (or \"tmpfs\" \"proc\" \"sysfs\" \"devtmpfs\" - \"devpts\" \"cgroup\" \"mqueue\") _ _ _) - (and (string-prefix? mount (getcwd)) - mount)) ((_ mount _ _ _ _) mount))) (string-split (call-with-input-file \"/proc/mounts\" read-string)