diff --git a/HACKING b/HACKING index d5828f6836..28948b3e23 100644 --- a/HACKING +++ b/HACKING @@ -2,7 +2,7 @@ #+TITLE: Hacking GNU Guix and Its Incredible Distro -Copyright © 2012, 2013, 2014 Ludovic Courtès +Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès Copyright © 2015 Mathieu Lirzin Copying and distribution of this file, with or without modification, @@ -35,9 +35,13 @@ upgrading GnuTLS or GLib.) We have a mailing list for commit notifications (guix-commits@gnu.org), so people can notice. Before pushing your changes, make sure to run ‘git pull --rebase’. -All commits that are pushed to the central repository on Savannah should be -signed with a PGP key, and the public key should be uploaded to your user -account on Savannah. +All commits that are pushed to the central repository on Savannah must be +signed with an OpenPGP key, and the public key should be uploaded to your user +account on Savannah and to public key servers, such as ‘pgp.mit.edu’. To +configure Git to automatically sign commits, run: + + git config commit.gpgsign true + git config user.signingkey CABBA6EA1DC0FF33 For anything else, please post to guix-devel@gnu.org and leave time for a review, without committing anything. If you didn’t receive any reply diff --git a/doc/contributing.texi b/doc/contributing.texi index dc554d2c76..c0755bb895 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -15,6 +15,10 @@ our project uses a ``Contributor Covenant'', which was adapted from @url{http://contributor-covenant.org/}. You can find a local version in the @file{CODE-OF-CONDUCT} file in the source tree. +Contributors are not required to use their legal name in patches and +on-line communication; they can use any name or pseudonym of their +choice. + @menu * Building from Git:: The latest and greatest. * Running Guix Before It Is Installed:: Hacker tricks. @@ -333,4 +337,7 @@ referring to people, such as When posting a patch to the mailing list, use @samp{[PATCH] @dots{}} as a subject. You may use your email client or the @command{git -send-email} command. +send-email} command. We prefer to get patches in plain text messages, +either inline or as MIME attachments. You are advised to pay attention if +your email client changes anything like line breaks or indentation which +could could potentially break the patches. diff --git a/doc/guix.texi b/doc/guix.texi index 0d6739adc3..dd2004dd63 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13,6 +13,7 @@ Copyright @copyright{} 2012, 2013, 2014, 2015, 2016 Ludovic Courtès@* Copyright @copyright{} 2013, 2014, 2016 Andreas Enge@* Copyright @copyright{} 2013 Nikita Karetnikov@* +Copyright @copyright{} 2014, 2015, 2016 Alex Kost@* Copyright @copyright{} 2015, 2016 Mathieu Lirzin@* Copyright @copyright{} 2014 Pierre-Antoine Rault@* Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@* @@ -1208,6 +1209,24 @@ for Chinese languages: guix package -i font-adobe-source-han-sans:cn @end example +Older programs such as @command{xterm} do not use Fontconfig and instead +rely on server-side font rendering. Such programs require to specify a +full name of a font using XLFD (X Logical Font Description), like this: + +@example +-*-dejavu sans-medium-r-normal-*-*-100-*-*-*-*-*-1 +@end example + +To be able to use such full names for the TrueType fonts installed in +your Guix profile, you need to extend the font path of the X server: + +@example +xset +fp ~/.guix-profile/share/fonts/truetype +@end example + +After that, you can run @code{xlsfonts} (from @code{xlsfonts} package) +to make sure your TrueType fonts are listed there. + @subsection X.509 Certificates The @code{nss-certs} package provides X.509 certificates, which allow @@ -4517,8 +4536,9 @@ You can freely access a huge library of build logs! @cindex package definition, editing So many packages, so many source files! The @command{guix edit} command -facilitates the life of packagers by pointing their editor at the source -file containing the definition of the specified packages. For instance: +facilitates the life of users and packagers by pointing their editor at +the source file containing the definition of the specified packages. +For instance: @example guix edit gcc@@4.9 vim @@ -4526,9 +4546,15 @@ guix edit gcc@@4.9 vim @noindent launches the program specified in the @code{VISUAL} or in the -@code{EDITOR} environment variable to edit the recipe of GCC@tie{}4.9.3 +@code{EDITOR} environment variable to view the recipe of GCC@tie{}4.9.3 and that of Vim. +If you are using a Guix Git checkout (@pxref{Building from Git}), or +have created your own packages on @code{GUIX_PACKAGE_PATH} +(@pxref{Defining Packages}), you will be able to edit the package +recipes. Otherwise, you will be able to examine the read-only recipes +for packages currently in the store. + If you are using Emacs, note that the Emacs user interface provides the @kbd{M-x guix-edit} command and a similar functionality in the ``package info'' and ``package list'' buffers created by the @kbd{M-x diff --git a/gnu/local.mk b/gnu/local.mk index 65834897dc..911b89f14b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -683,6 +683,9 @@ dist_patch_DATA = \ %D%/packages/patches/openjpeg-CVE-2015-6581.patch \ %D%/packages/patches/openjpeg-use-after-free-fix.patch \ %D%/packages/patches/openssh-CVE-2015-8325.patch \ + %D%/packages/patches/openssh-CVE-2016-6210-1.patch \ + %D%/packages/patches/openssh-CVE-2016-6210-2.patch \ + %D%/packages/patches/openssh-CVE-2016-6210-3.patch \ %D%/packages/patches/openssl-runpath.patch \ %D%/packages/patches/openssl-c-rehash-in.patch \ %D%/packages/patches/openssl-CVE-2016-2177.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index 956ead4d5a..0a2e9b1b90 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -106,8 +106,7 @@ (define-public hdup (source (origin (method url-fetch) - ;; Source tarballs are not versioned - (uri "http://archive.miek.nl/projects/hdup2/hdup.tar.bz2") + (uri "https://fossies.org/linux/privat/old/hdup-2.0.14.tar.bz2") (sha256 (base32 "02bnczg01cyhajmm4rhbnc0ja0dd9ikv9fwv28asxh1rlx9yr0b7")))) diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 01b32a2ac3..e63c1af048 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -36,6 +36,7 @@ (define-module (gnu packages compression) #:use-module (guix build-system gnu) #:use-module (guix build-system perl) #:use-module (gnu packages) + #:use-module (gnu packages assembly) #:use-module (gnu packages autotools) #:use-module (gnu packages backup) #:use-module (gnu packages base) @@ -834,3 +835,39 @@ (define-public xdelta @command{patch}, but is not limited to plain text and does not generate human-readable output.") (license license:asl2.0))) + +(define-public lrzip + (package + (name "lrzip") + (version "0.630") + (source + (origin + (method url-fetch) + (uri (string-append + "http://ck.kolivas.org/apps/lrzip/lrzip-" version ".tar.bz2")) + (sha256 + (base32 + "01ykxliqw4cavx9f2gawxfa9wf52cjy1qx28cnkrh6i3lfzzcq94")))) + (build-system gnu-build-system) + (native-inputs + `(;; nasm is only required when building for 32-bit x86 platforms + ,@(if (string-prefix? "i686" (or (%current-target-system) + (%current-system))) + `(("nasm" ,nasm)) + '()) + ("perl" ,perl))) + (inputs + `(("bzip2" ,bzip2) + ("lzo" ,lzo) + ("zlib" ,zlib))) + (home-page "http://ck.kolivas.org/apps/lrzip/") + (synopsis "Large file compressor with a very high compression ratio") + (description "lrzip is a compression utility that uses long-range +redundancy reduction to improve the subsequent compression ratio of +larger files. It can then further compress the result with the ZPAQ or +LZMA algorithms for maximum compression, or LZO for maximum speed. This +choice between size or speed allows for either better compression than +even LZMA can provide, or a higher speed than gzip while compressing as +well as bzip2.") + (license (list license:gpl3+ + license:public-domain)))) ; most files in lzma/ diff --git a/gnu/packages/cook.scm b/gnu/packages/cook.scm index d0dd80dc40..e149968f24 100644 --- a/gnu/packages/cook.scm +++ b/gnu/packages/cook.scm @@ -33,9 +33,7 @@ (define-public cook (source (origin (method url-fetch) - (uri (string-append - "http://miller.emu.id.au/pmiller/software/cook/cook-" version - ".tar.gz")) + (uri "http://fossies.org/linux/misc/old/cook-2.34.tar.gz") (sha256 (base32 "104saqnqql1l7zr2pm3f718fdky3ds8j07c6xvwrs1rfkhrw58yw")))) diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index 2865ff1494..09b804f39a 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 Ricardo Wurmus ;;; Copyright © 2015, 2016 Ludovic Courtès -;;; Copyright © 2015 Efraim Flashner +;;; Copyright © 2015, 2016 Efraim Flashner ;;; Copyright © 2016 Danny Milosavljevic ;;; ;;; This file is part of GNU Guix. @@ -303,14 +303,14 @@ (define-public cups (define-public hplip (package (name "hplip") - (version "3.16.3") + (version "3.16.7") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/hplip/hplip/" version "/hplip-" version ".tar.gz")) (sha256 (base32 - "1501qdnkjp1ybgagy5188fmf6cgmj5555ygjl3543nlbwcp31lj2")))) + "1hpzyf9ifs0vilsbwxcgpv8g9557p1x8w5qwgz5l0avgcd10dzlx")))) (build-system gnu-build-system) (home-page "http://hplipopensource.com/") (synopsis "HP Printer Drivers") diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index 926db42a46..5a718fa341 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -117,9 +117,7 @@ (define-public emacs (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((guix-src (assoc-ref inputs "guix-src")) (out (assoc-ref outputs "out")) - (lisp-dir (string-append out "/share/emacs/" - ,(version-major+minor version) - "/site-lisp")) + (lisp-dir (string-append out "/share/emacs/site-lisp")) (unpack (assoc-ref %standard-phases 'unpack))) (mkdir "guix") (with-directory-excursion "guix" @@ -2079,9 +2077,7 @@ (define-public emacs-solarized-theme "1ha3slc6d9wi9ilkhmwrzkvf308n6ph7b0k69pk369s9304awxzx")))) (build-system emacs-build-system) (propagated-inputs - `(("emacs-dash" ,emacs-dash) - ("emacs-f" ,emacs-f) - ("emacs-s" ,emacs-s))) + `(("emacs-dash" ,emacs-dash))) (home-page "http://github.com/bbatsov/solarized-emacs") (synopsis "Port of the Solarized theme for Emacs") (description diff --git a/gnu/packages/fish.scm b/gnu/packages/fish.scm index 7abaaf0ecd..a8b88e7c10 100644 --- a/gnu/packages/fish.scm +++ b/gnu/packages/fish.scm @@ -29,14 +29,14 @@ (define-module (gnu packages fish) (define-public fish (package (name "fish") - (version "2.3.0") + (version "2.3.1") (source (origin (method url-fetch) - (uri (string-append "http://fishshell.com/files/" + (uri (string-append "https://fishshell.com/files/" version "/fish-" version ".tar.gz")) (sha256 (base32 - "1ralmp7lavdl0plc09ppm232aqsn0crxx6m3hgaa06ibam3sqawi")) + "0r46p64lg6da3v6chsa4gisvl04kd3rpy60yih8r870kbp9wm2ij")) (modules '((guix build utils))) ;; Don't try to install /etc/fish/config.fish. (snippet @@ -61,5 +61,5 @@ (define-public fish all the fish documentation in your web browser. Other features include smart terminal handling based on terminfo, an easy to search history, and syntax highlighting.") - (home-page "http://fishshell.com/") + (home-page "https://fishshell.com/") (license gpl2))) diff --git a/gnu/packages/geeqie.scm b/gnu/packages/geeqie.scm index 110fb68ea0..509819e780 100644 --- a/gnu/packages/geeqie.scm +++ b/gnu/packages/geeqie.scm @@ -37,8 +37,10 @@ (define-public exiv2 ; XXX: move elsewhere? (version "0.25") (source (origin (method url-fetch) - (uri (string-append "http://www.exiv2.org/exiv2-" - version ".tar.gz")) + (uri (list (string-append "http://www.exiv2.org/exiv2-" + version ".tar.gz") + (string-append "https://fossies.org/linux/misc/exiv2-" + version ".tar.gz"))) (sha256 (base32 "197g6vgcpyf9p2cwn5p5hb1r714xsk1v4p96f5pv1z8mi9vzq2y8")))) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 2b4ce71866..9bc7b65108 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -235,13 +235,14 @@ (define-public gnupg ("sqlite" ,sqlite) ("zlib" ,zlib))) (arguments - `(#:phases - (alist-cons-before - 'configure 'patch-config-files - (lambda _ - (substitute* "tests/openpgp/defs.inc" - (("/bin/pwd") (which "pwd")))) - %standard-phases))) + `(#:configure-flags '("--enable-gpg2-is-gpg") + #:phases + (modify-phases %standard-phases + (add-before 'configure 'patch-config-files + (lambda _ + (substitute* "tests/openpgp/defs.inc" + (("/bin/pwd") (which "pwd"))) + #t))))) (home-page "https://gnupg.org/") (synopsis "GNU Privacy Guard") (description @@ -280,12 +281,25 @@ (define-public gnupg-2.0 ("readline" ,readline))) (arguments `(#:phases - (alist-cons-before - 'configure 'patch-config-files - (lambda _ - (substitute* "tests/openpgp/Makefile.in" - (("/bin/sh") (which "bash")))) - %standard-phases))))) + (modify-phases %standard-phases + (add-before 'configure 'patch-config-files + (lambda _ + (substitute* "tests/openpgp/Makefile.in" + (("/bin/sh") (which "bash"))) + #t)) + (add-after 'install 'rename-v2-commands + (lambda* (#:key outputs #:allow-other-keys) + ;; Upstream suggests removing the trailing '2' from command names: + ;; . + (let ((out (assoc-ref outputs "out"))) + (with-directory-excursion (string-append out "/bin") + (rename-file "gpgv2" "gpgv") + (rename-file "gpg2" "gpg") + + ;; Keep the old name around to ease transition. + (symlink "gpgv" "gpgv2") + (symlink "gpg" "gpg2") + #t))))))))) (define-public gnupg-1 (package (inherit gnupg) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 506ab98e91..34b4040458 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -293,16 +293,16 @@ (define-public nss (define-public icecat (package (name "icecat") - (version "38.8.0-gnu1") + (version "38.8.0-gnu2") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gnuzilla/" - (first (string-split version #\-)) "/" + version "/" name "-" version ".tar.bz2")) (sha256 (base32 - "0v4k47ziqsyfksv9sn4v1xvk4q414rc883hb1qzld63grj2nxxwp")) + "1yb7a1zsqpra9cgq8hrzrbm5v31drb9367cwvwiksz0ngqy342hb")) (patches (search-patches "icecat-avoid-bundled-includes.patch" "icecat-CVE-2016-2818-pt1.patch" @@ -405,7 +405,7 @@ (define-public icecat (arguments `(#:tests? #f ; no check target #:out-of-source? #t ; must be built outside of the source directory - + #:parallel-build? #f ;; XXX: There are RUNPATH issues such as ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so, diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm index 4bea9aad76..f50605a7fb 100644 --- a/gnu/packages/guile.scm +++ b/gnu/packages/guile.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2016 Erik Edrosa ;;; Copyright © 2016 Eraim Flashner +;;; Copyright © 2016 Alex Kost ;;; ;;; This file is part of GNU Guix. ;;; @@ -50,6 +51,8 @@ (define-module (gnu packages guile) #:use-module (gnu packages sdl) #:use-module (gnu packages maths) #:use-module (gnu packages image) + #:use-module (gnu packages xdisorg) + #:use-module (gnu packages xorg) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix git-download) @@ -1123,4 +1126,58 @@ (define-public guile-dbd-sqlite3 SQL databases. This package implements the interface for SQLite.") (license gpl2+))) +(define-public guile-xosd + (package + (name "guile-xosd") + (version "0.2") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/alezost/" name + "/releases/download/v" version + "/" name "-" version ".tar.gz")) + (sha256 + (base32 + "1j0b07kycccfslp5n6q0hz7adwc7k41fpzds2dvrly67gavjqljv")))) + (build-system gnu-build-system) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("guile" ,guile-2.0) + ("libx11" ,libx11) + ("libxext" ,libxext) + ("libxinerama" ,libxinerama) + ("xosd" ,xosd))) + (home-page "https://github.com/alezost/guile-xosd") + (synopsis "XOSD bindings for Guile") + (description + "Guile-XOSD provides Guile bindings for @code{libxosd}, +@uref{http://sourceforge.net/projects/libxosd/, the X On Screen Display +library}.") + (license gpl3+))) + +(define-public guile-daemon + (package + (name "guile-daemon") + (version "0.1") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/alezost/" name + "/releases/download/v" version + "/" name "-" version ".tar.gz")) + (sha256 + (base32 + "1s90h8qhblhhz4ahn3p5d573a24px6cdjq2w311ibpgwnsni4qvq")))) + (build-system gnu-build-system) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("guile" ,guile-2.0))) + (home-page "https://github.com/alezost/guile-daemon") + (synopsis "Evaluate code in a running Guile process") + (description + "Guile-Daemon is a small Guile program that loads your initial +configuration file, and then reads and evaluates Guile expressions that +you send to a FIFO file.") + (license gpl3+))) + ;;; guile.scm ends here diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm index ba8f48d677..f41157332d 100644 --- a/gnu/packages/haskell.scm +++ b/gnu/packages/haskell.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2015 Eric Bavier ;;; Copyright © 2016 Ludovic Courtès ;;; Copyright © 2016 ng0 +;;; Copyright © 2016 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -6008,14 +6009,14 @@ (define-public ghc-cryptonite (define-public ghc-memory (package (name "ghc-memory") - (version "0.10") + (version "0.13") (source (origin (method url-fetch) (uri (string-append "https://hackage.haskell.org/package/" "memory/memory-" version ".tar.gz")) (sha256 (base32 - "1xqs9zmjbjihb7gfbk25f2q00m2lsi4kc3jv672175ac8a36pgag")))) + "02l742qxjqy3jw1a347gb7sn7pn7a5qha1vzi2qqbvgafcjn0wyw")))) (build-system haskell-build-system) (native-inputs `(("ghc-tasty" ,ghc-tasty) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 2d50ad84fa..83ffba4f4c 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -535,17 +535,38 @@ (define-public icedtea-6 "/etc/ssl/certs")) (keytool (string-append (assoc-ref outputs "jdk") "/bin/keytool"))) + (define (extract-cert file target) + (call-with-input-file file + (lambda (in) + (call-with-output-file target + (lambda (out) + (let loop ((line (read-line in 'concat)) + (copying? #f)) + (cond + ((eof-object? line) #t) + ((string-prefix? "-----BEGIN" line) + (display line out) + (loop (read-line in 'concat) #t)) + ((string-prefix? "-----END" line) + (display line out) + #t) + (else + (when copying? (display line out)) + (loop (read-line in 'concat) copying?))))))))) (define (import-cert cert) (format #t "Importing certificate ~a\n" (basename cert)) - (let* ((port (open-pipe* OPEN_WRITE keytool - "-import" - "-alias" (basename cert) - "-keystore" keystore - "-storepass" "changeit" - "-file" cert))) - (display "yes\n" port) - (when (not (zero? (status:exit-val (close-pipe port)))) - (error "failed to import" cert)))) + (let ((temp "tmpcert")) + (extract-cert cert temp) + (let ((port (open-pipe* OPEN_WRITE keytool + "-import" + "-alias" (basename cert) + "-keystore" keystore + "-storepass" "changeit" + "-file" temp))) + (display "yes\n" port) + (when (not (zero? (status:exit-val (close-pipe port)))) + (error "failed to import" cert))) + (delete-file temp))) ;; This is necessary because the certificate directory contains ;; files with non-ASCII characters in their names. diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm index 22f542ccc5..5c0df4e1ff 100644 --- a/gnu/packages/lisp.scm +++ b/gnu/packages/lisp.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016 Federico Beffa ;;; Copyright © 2016 ng0 +;;; Copyright © 2016 Andy Patterson ;;; ;;; This file is part of GNU Guix. ;;; @@ -102,15 +103,15 @@ (define-public gcl (define-public ecl (package (name "ecl") - (version "15.2.21") + (version "16.1.2") (source (origin (method url-fetch) - (uri (string-append "mirror://sourceforge/ecls/ecls/" - (version-major+minor version) - "/ecl-" version ".tgz")) + (uri (string-append + "https://common-lisp.net/project/ecl/static/files/release/" + name "-" version ".tgz")) (sha256 - (base32 "05di23v977byf67rq5bdshw8lqbby1ycbscdcl1vca0z6r1s204j")))) + (base32 "16ab8qs3awvdxy8xs8jy82v8r04x4wr70l9l2j45vgag18d2nj1d")))) (build-system gnu-build-system) ;; src/configure uses 'which' to confirm the existence of 'gzip'. (native-inputs `(("which" ,which))) @@ -119,30 +120,38 @@ (define-public ecl ("libgc" ,libgc) ("libffi" ,libffi))) (arguments - '(;; During 'make check', ECL fails to initialize with "protocol not - ;; supported", presumably because /etc/protocols is missing in the - ;; build environment. See . - ;; - ;; Should the test suite be re-enabled, it might be necessary to add - ;; '#:parallel-tests #f'. See the same bug report as above. - ;; - ;; The following might also be necessary, due to 'make check' assuming - ;; ECL is installed. See . - ;; - ;; #:phases - ;; (let* ((check-phase (assq-ref %standard-phases 'check)) - ;; (rearranged-phases - ;; (alist-cons-after 'install 'check check-phase - ;; (alist-delete 'check %standard-phases)))) - ;; (alist-cons-before - ;; 'check 'pre-check - ;; (lambda* (#:key outputs #:allow-other-keys) - ;; (substitute* '("build/tests/Makefile") - ;; (("ECL=ecl") - ;; (string-append - ;; "ECL=" (assoc-ref outputs "out") "/bin/ecl")))) - ;; rearranged-phases)) - #:tests? #f)) + '(#:tests? #t + #:make-flags `(,(string-append "ECL=" + (assoc-ref %outputs "out") + "/bin/ecl")) + #:parallel-tests? #f + #:phases + (modify-phases %standard-phases + (delete 'check) + (add-after 'install 'wrap + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((ecl (assoc-ref outputs "out")) + (input-path (lambda (lib path) + (string-append + (assoc-ref inputs lib) path))) + (libraries '("gmp" "libatomic-ops" "libgc" "libffi" "libc")) + (binaries '("gcc" "ld-wrapper" "binutils")) + (library-directories + (map (lambda (lib) (input-path lib "/lib")) + libraries))) + + (wrap-program (string-append ecl "/bin/ecl") + `("PATH" prefix + ,(map (lambda (binary) + (input-path binary "/bin")) + binaries)) + `("CPATH" suffix + ,(map (lambda (lib) + (input-path lib "/include")) + `("linux-headers" ,@libraries))) + `("LIBRARY_PATH" suffix ,library-directories) + `("LD_LIBRARY_PATH" suffix ,library-directories))))) + (add-after 'wrap 'check (assoc-ref %standard-phases 'check))))) (home-page "http://ecls.sourceforge.net/") (synopsis "Embeddable Common Lisp") (description "ECL is an implementation of the Common Lisp language as @@ -209,14 +218,14 @@ (define-public clisp (define-public sbcl (package (name "sbcl") - (version "1.2.8") + (version "1.3.7") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/sbcl/sbcl/" version "/sbcl-" version "-source.tar.bz2")) (sha256 - (base32 "0ab9lw056yf6y0rjmx3iirn5n59pmssqxf00fbmpyl6qsnpaja1d")))) + (base32 "0fjdqnb2rsm2vi9794ywp27jr239ddvzc4xfr0dk49jd4v7p2kc5")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;; Bootstrap with CLISP. @@ -243,7 +252,11 @@ (define (quoted-path input path) ;; occurs in some .sh files too (which contain Lisp code). Use ;; ISO-8859-1 because some of the files are ISO-8859-1 encoded. (with-fluids ((%default-port-encoding #f)) - (substitute* (find-files "." "\\.(lisp|sh)$") + ;; The removed file is utf-16-be encoded, which gives substitute* + ;; trouble. It does not contain references to the listed programs. + (substitute* (delete + "./tests/data/compile-file-pos-utf16be.lisp" + (find-files "." "\\.(lisp|sh)$")) (("\"/bin/sh\"") (quoted-path bash "/bin/sh")) (("\"/usr/bin/env\"") (quoted-path coreutils "/usr/bin/env")) (("\"/bin/cat\"") (quoted-path coreutils "/bin/cat")) diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index f99c16b405..aed7db0dae 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -293,7 +293,7 @@ (define-public bogofilter (define-public offlineimap (package (name "offlineimap") - (version "6.7.0.1") + (version "7.0.0") (source (origin (method url-fetch) (uri (string-append "https://github.com/OfflineIMAP/offlineimap/" @@ -301,10 +301,10 @@ (define-public offlineimap (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1ys26v2w3vws08acjs7w5irjgahdxyad00pmj7fhcx91hbvizs80")))) + "0hnyfby6ib7i7yblg7qpabdyl35n9l3n0a6agk47w1crpn2lsric")))) (build-system python-build-system) - (native-inputs `(("python" ,python-2))) - (inputs `(("python2-pysqlite" ,python2-pysqlite))) + (inputs `(("python2-pysqlite" ,python2-pysqlite) + ("python2-six" ,python2-six))) (arguments ;; The setup.py script expects python-2. `(#:python ,python-2 diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm index 766167d6e9..12f0028a34 100644 --- a/gnu/packages/parallel.scm +++ b/gnu/packages/parallel.scm @@ -44,7 +44,7 @@ (define-module (gnu packages parallel) (define-public parallel (package (name "parallel") - (version "20160622") + (version "20160722") (source (origin (method url-fetch) @@ -52,7 +52,7 @@ (define-public parallel version ".tar.bz2")) (sha256 (base32 - "1axng9bwapmb0vrrv67pp787gv7r5g02zyrfwnrhpxhi8zmm1jmg")))) + "08gm0i9vj2nz8qgqi98z00myypgb3dni0s5yf3l17fp8h78fp4g3")))) (build-system gnu-build-system) (inputs `(("perl" ,perl))) (home-page "http://www.gnu.org/software/parallel/") diff --git a/gnu/packages/patches/openssh-CVE-2016-6210-1.patch b/gnu/packages/patches/openssh-CVE-2016-6210-1.patch new file mode 100644 index 0000000000..9b46ec12a9 --- /dev/null +++ b/gnu/packages/patches/openssh-CVE-2016-6210-1.patch @@ -0,0 +1,114 @@ +From e5ef9d3942cebda819a6fd81647b51c8d87d23df Mon Sep 17 00:00:00 2001 +From: Darren Tucker +Date: Fri, 15 Jul 2016 13:32:45 +1000 +Subject: Determine appropriate salt for invalid users. + +When sshd is processing a non-PAM login for a non-existent user it uses +the string from the fakepw structure as the salt for crypt(3)ing the +password supplied by the client. That string has a Blowfish prefix, so on +systems that don't understand that crypt will fail fast due to an invalid +salt, and even on those that do it may have significantly different timing +from the hash methods used for real accounts (eg sha512). This allows +user enumeration by, eg, sending large password strings. This was noted +by EddieEzra.Harari at verint.com (CVE-2016-6210). + +To mitigate, use the same hash algorithm that root uses for hashing +passwords for users that do not exist on the system. ok djm@ + +Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc +Bug-Debian: https://bugs.debian.org/831902 +Last-Update: 2016-07-22 + +Patch-Name: CVE-2016-6210-1.patch +--- + auth-passwd.c | 12 ++++++++---- + openbsd-compat/xcrypt.c | 34 ++++++++++++++++++++++++++++++++++ + 2 files changed, 42 insertions(+), 4 deletions(-) + +diff --git a/auth-passwd.c b/auth-passwd.c +index 63ccf3c..530b5d4 100644 +--- a/auth-passwd.c ++++ b/auth-passwd.c +@@ -193,7 +193,7 @@ int + sys_auth_passwd(Authctxt *authctxt, const char *password) + { + struct passwd *pw = authctxt->pw; +- char *encrypted_password; ++ char *encrypted_password, *salt = NULL; + + /* Just use the supplied fake password if authctxt is invalid */ + char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; +@@ -202,9 +202,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) + if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) + return (1); + +- /* Encrypt the candidate password using the proper salt. */ +- encrypted_password = xcrypt(password, +- (pw_password[0] && pw_password[1]) ? pw_password : "xx"); ++ /* ++ * Encrypt the candidate password using the proper salt, or pass a ++ * NULL and let xcrypt pick one. ++ */ ++ if (authctxt->valid && pw_password[0] && pw_password[1]) ++ salt = pw_password; ++ encrypted_password = xcrypt(password, salt); + + /* + * Authentication is accepted if the encrypted passwords +diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c +index 8577cbd..8913bb8 100644 +--- a/openbsd-compat/xcrypt.c ++++ b/openbsd-compat/xcrypt.c +@@ -25,6 +25,7 @@ + #include "includes.h" + + #include ++#include + #include + #include + +@@ -62,11 +63,44 @@ + # define crypt DES_crypt + # endif + ++/* ++ * Pick an appropriate password encryption type and salt for the running ++ * system. ++ */ ++static const char * ++pick_salt(void) ++{ ++ struct passwd *pw; ++ char *passwd, *p; ++ size_t typelen; ++ static char salt[32]; ++ ++ if (salt[0] != '\0') ++ return salt; ++ strlcpy(salt, "xx", sizeof(salt)); ++ if ((pw = getpwuid(0)) == NULL) ++ return salt; ++ passwd = shadow_pw(pw); ++ if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL) ++ return salt; /* no $, DES */ ++ typelen = p - passwd + 1; ++ strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); ++ explicit_bzero(passwd, strlen(passwd)); ++ return salt; ++} ++ + char * + xcrypt(const char *password, const char *salt) + { + char *crypted; + ++ /* ++ * If we don't have a salt we are encrypting a fake password for ++ * for timing purposes. Pick an appropriate salt. ++ */ ++ if (salt == NULL) ++ salt = pick_salt(); ++ + # ifdef HAVE_MD5_PASSWORDS + if (is_md5_salt(salt)) + crypted = md5_crypt(password, salt); diff --git a/gnu/packages/patches/openssh-CVE-2016-6210-2.patch b/gnu/packages/patches/openssh-CVE-2016-6210-2.patch new file mode 100644 index 0000000000..1c580f90b9 --- /dev/null +++ b/gnu/packages/patches/openssh-CVE-2016-6210-2.patch @@ -0,0 +1,111 @@ +From dde63f7f998ac3812a26bbb2c1b2947f24fcd060 Mon Sep 17 00:00:00 2001 +From: Darren Tucker +Date: Fri, 15 Jul 2016 13:49:44 +1000 +Subject: Mitigate timing of disallowed users PAM logins. + +When sshd decides to not allow a login (eg PermitRootLogin=no) and +it's using PAM, it sends a fake password to PAM so that the timing for +the failure is not noticeably different whether or not the password +is correct. This behaviour can be detected by sending a very long +password string which is slower to hash than the fake password. + +Mitigate by constructing an invalid password that is the same length +as the one from the client and thus takes the same time to hash. +Diff from djm@ + +Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946 +Bug-Debian: https://bugs.debian.org/831902 +Last-Update: 2016-07-22 + +Patch-Name: CVE-2016-6210-2.patch +--- + auth-pam.c | 35 +++++++++++++++++++++++++++++++---- + 1 file changed, 31 insertions(+), 4 deletions(-) + +diff --git a/auth-pam.c b/auth-pam.c +index 8425af1..abd6a5e 100644 +--- a/auth-pam.c ++++ b/auth-pam.c +@@ -232,7 +232,6 @@ static int sshpam_account_status = -1; + static char **sshpam_env = NULL; + static Authctxt *sshpam_authctxt = NULL; + static const char *sshpam_password = NULL; +-static char badpw[] = "\b\n\r\177INCORRECT"; + + /* Some PAM implementations don't implement this */ + #ifndef HAVE_PAM_GETENVLIST +@@ -810,12 +809,35 @@ sshpam_query(void *ctx, char **name, char **info, + return (-1); + } + ++/* ++ * Returns a junk password of identical length to that the user supplied. ++ * Used to mitigate timing attacks against crypt(3)/PAM stacks that ++ * vary processing time in proportion to password length. ++ */ ++static char * ++fake_password(const char *wire_password) ++{ ++ const char junk[] = "\b\n\r\177INCORRECT"; ++ char *ret = NULL; ++ size_t i, l = wire_password != NULL ? strlen(wire_password) : 0; ++ ++ if (l >= INT_MAX) ++ fatal("%s: password length too long: %zu", __func__, l); ++ ++ ret = malloc(l + 1); ++ for (i = 0; i < l; i++) ++ ret[i] = junk[i % (sizeof(junk) - 1)]; ++ ret[i] = '\0'; ++ return ret; ++} ++ + /* XXX - see also comment in auth-chall.c:verify_response */ + static int + sshpam_respond(void *ctx, u_int num, char **resp) + { + Buffer buffer; + struct pam_ctxt *ctxt = ctx; ++ char *fake; + + debug2("PAM: %s entering, %u responses", __func__, num); + switch (ctxt->pam_done) { +@@ -836,8 +858,11 @@ sshpam_respond(void *ctx, u_int num, char **resp) + (sshpam_authctxt->pw->pw_uid != 0 || + options.permit_root_login == PERMIT_YES)) + buffer_put_cstring(&buffer, *resp); +- else +- buffer_put_cstring(&buffer, badpw); ++ else { ++ fake = fake_password(*resp); ++ buffer_put_cstring(&buffer, fake); ++ free(fake); ++ } + if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { + buffer_free(&buffer); + return (-1); +@@ -1181,6 +1206,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) + { + int flags = (options.permit_empty_passwd == 0 ? + PAM_DISALLOW_NULL_AUTHTOK : 0); ++ char *fake = NULL; + + if (!options.use_pam || sshpam_handle == NULL) + fatal("PAM: %s called when PAM disabled or failed to " +@@ -1196,7 +1222,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) + */ + if (!authctxt->valid || (authctxt->pw->pw_uid == 0 && + options.permit_root_login != PERMIT_YES)) +- sshpam_password = badpw; ++ sshpam_password = fake = fake_password(password); + + sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, + (const void *)&passwd_conv); +@@ -1206,6 +1232,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) + + sshpam_err = pam_authenticate(sshpam_handle, flags); + sshpam_password = NULL; ++ free(fake); + if (sshpam_err == PAM_SUCCESS && authctxt->valid) { + debug("PAM: password authentication accepted for %.100s", + authctxt->user); diff --git a/gnu/packages/patches/openssh-CVE-2016-6210-3.patch b/gnu/packages/patches/openssh-CVE-2016-6210-3.patch new file mode 100644 index 0000000000..303c34ee1b --- /dev/null +++ b/gnu/packages/patches/openssh-CVE-2016-6210-3.patch @@ -0,0 +1,60 @@ +From abde8dda29c2db2405d6fbca2fe022430e2c1177 Mon Sep 17 00:00:00 2001 +From: Darren Tucker +Date: Thu, 21 Jul 2016 14:17:31 +1000 +Subject: Search users for one with a valid salt. + +If the root account is locked (eg password "!!" or "*LK*") keep looking +until we find a user with a valid salt to use for crypting passwords of +invalid users. ok djm@ + +Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc +Bug-Debian: https://bugs.debian.org/831902 +Last-Update: 2016-07-22 + +Patch-Name: CVE-2016-6210-3.patch +--- + openbsd-compat/xcrypt.c | 24 +++++++++++++++--------- + 1 file changed, 15 insertions(+), 9 deletions(-) + +diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c +index 8913bb8..cf6a9b9 100644 +--- a/openbsd-compat/xcrypt.c ++++ b/openbsd-compat/xcrypt.c +@@ -65,7 +65,9 @@ + + /* + * Pick an appropriate password encryption type and salt for the running +- * system. ++ * system by searching through accounts until we find one that has a valid ++ * salt. Usually this will be root unless the root account is locked out. ++ * If we don't find one we return a traditional DES-based salt. + */ + static const char * + pick_salt(void) +@@ -78,14 +80,18 @@ pick_salt(void) + if (salt[0] != '\0') + return salt; + strlcpy(salt, "xx", sizeof(salt)); +- if ((pw = getpwuid(0)) == NULL) +- return salt; +- passwd = shadow_pw(pw); +- if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL) +- return salt; /* no $, DES */ +- typelen = p - passwd + 1; +- strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); +- explicit_bzero(passwd, strlen(passwd)); ++ setpwent(); ++ while ((pw = getpwent()) != NULL) { ++ passwd = shadow_pw(pw); ++ if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { ++ typelen = p - passwd + 1; ++ strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); ++ explicit_bzero(passwd, strlen(passwd)); ++ goto out; ++ } ++ } ++ out: ++ endpwent(); + return salt; + } + diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 00f7803897..a5260f2bff 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -5028,14 +5028,14 @@ (define-public python2-backports-abc (define-public python-waf (package (name "python-waf") - (version "1.8.8") + (version "1.9.1") (source (origin (method url-fetch) (uri (string-append "https://waf.io/" "waf-" version ".tar.bz2")) (sha256 (base32 - "0b5q307fgn6a5d8yjia2d1l4bk1q3ilvc0w8k4isfrrx2gbcw8wn")))) + "1nc4qaqx2vsanlpp9mcwvf91xjqpkvcc6fcxd5sb4fwvaxamw5v6")))) (build-system python-build-system) (arguments '(#:phases @@ -5627,17 +5627,14 @@ (define-public python2-wrapt (define-public python-iso8601 (package (name "python-iso8601") - (version "0.1.10") + (version "0.1.11") (source (origin (method url-fetch) - (uri (string-append - "https://pypi.python.org/packages/source/i/iso8601/iso8601-" - version - ".tar.gz")) + (uri (pypi-uri "iso8601" version)) (sha256 - (base32 - "1qf01afxh7j4gja71vxv345if8avg6nnm0ry0zsk6j3030xgy4p7")))) + (base32 + "0c7gh3lsdjds262h0v1sqc66l7hqgfwbakn96qrhdbl0i3vm5yz8")))) (build-system python-build-system) (inputs `(("python-setuptools" ,python-setuptools))) diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm index 9f0b57c739..d089167312 100644 --- a/gnu/packages/samba.scm +++ b/gnu/packages/samba.scm @@ -39,55 +39,54 @@ (define-module (gnu packages samba) (define-public iniparser (package (name "iniparser") - (version "3.1") + (version "4.0") (source (origin (method url-fetch) - (uri (string-append "http://ndevilla.free.fr/iniparser/iniparser-" + (uri (string-append "https://github.com/ndevilla/iniparser/archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1igmxzcy0s25zcy9vmcw0kd13lh60r0b4qg8lnp1jic33f427pxf")))) + "1flj7srvh2hp9ls96qz922bklyhw7f27mmn23b16839zpdjddfz0")))) (build-system gnu-build-system) (arguments - '(#:phases (alist-replace - 'configure - (lambda* (#:key outputs #:allow-other-keys) - (substitute* "Makefile" - (("/usr/lib") - (string-append (assoc-ref outputs "out") "/lib")))) - (alist-replace - 'build - (lambda _ - (and (zero? (system* "make" "libiniparser.so")) - (symlink "libiniparser.so.0" "libiniparser.so"))) - (alist-replace - 'install - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (lib (string-append out "/lib")) - (inc (string-append out "/include")) - (doc (string-append out "/share/doc")) - (html (string-append doc "/html"))) - (define (copy dir) - (lambda (file) - (copy-file file - (string-append dir "/" - (basename file))))) - (mkdir-p lib) - (for-each (copy lib) - (find-files "." "^lib.*\\.(so\\.|a)")) - (with-directory-excursion lib - (symlink "libiniparser.so.0" "libiniparser.so")) - (mkdir-p inc) - (for-each (copy inc) - (find-files "src" "\\.h$")) - (mkdir-p html) - (for-each (copy html) - (find-files "html" ".*")) - (for-each (copy doc) - '("AUTHORS" "INSTALL" "LICENSE" - "README")))) - %standard-phases))))) + '(#:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (substitute* '("Makefile" "test/Makefile") + (("/usr/lib") + (string-append (assoc-ref outputs "out") "/lib")) + (("\\?= gcc") "= gcc")))) + (replace 'build + (lambda _ + (and (zero? (system* "make" "libiniparser.so")) + (symlink "libiniparser.so.0" "libiniparser.so")))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (inc (string-append out "/include")) + (doc (string-append out "/share/doc")) + (html (string-append doc "/html"))) + (define (copy dir) + (lambda (file) + (copy-file file + (string-append dir "/" + (basename file))))) + (mkdir-p lib) + (for-each (copy lib) + (find-files "." "^lib.*\\.(so\\.|a)")) + (with-directory-excursion lib + (symlink "libiniparser.so.0" "libiniparser.so")) + (mkdir-p inc) + (for-each (copy inc) + (find-files "src" "\\.h$")) + (mkdir-p html) + (for-each (copy html) + (find-files "html" ".*")) + (for-each (copy doc) + '("AUTHORS" "INSTALL" "LICENSE" "README.md")))))))) (home-page "http://ndevilla.free.fr/iniparser") (synopsis "Standalone ini file parsing library") (description diff --git a/gnu/packages/shellutils.scm b/gnu/packages/shellutils.scm index 8108b0465d..27f45bab9b 100644 --- a/gnu/packages/shellutils.scm +++ b/gnu/packages/shellutils.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 Matthew Jordan +;;; Copyright © 2016 Alex Griffin ;;; ;;; This file is part of GNU Guix. ;;; @@ -17,11 +18,14 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu packages shellutils) + #:use-module (gnu packages base) + #:use-module (gnu packages python) #:use-module (guix licenses) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix utils) - #:use-module (guix build-system gnu)) + #:use-module (guix build-system gnu) + #:use-module (guix build-system python)) (define-public envstore (package @@ -48,3 +52,39 @@ (define-public envstore between various shells or commands.") (license (non-copyleft "http://www.wtfpl.net/txt/copying/")))) + +(define-public trash-cli + (package + (name "trash-cli") + (version "0.12.9.14") + (source + (origin + (method url-fetch) + (uri (pypi-uri "trash-cli" version)) + (sha256 + (base32 + "1p4v2qx0sy47d9c9axszq04wns63s4b7rrhmsavg948sklqdaf54")))) + (build-system python-build-system) + (arguments + `(#:python ,python-2 + #:tests? #f ; no tests + #:phases + (modify-phases %standard-phases + (add-before 'build 'patch-path-constants + (lambda* (#:key inputs #:allow-other-keys) + (let ((libc (assoc-ref inputs "libc")) + (coreutils (assoc-ref inputs "coreutils"))) + (substitute* "trashcli/list_mount_points.py" + (("\"/lib/libc.so.6\".*") + (string-append "\"" libc "/lib/libc.so.6\"\n")) + (("\"df\"") + (string-append "\"" coreutils "/bin/df\""))))))))) + (inputs `(("coreutils" ,coreutils))) + (home-page "https://github.com/andreafrancia/trash-cli") + (synopsis "Trash can management tool") + (description + "trash-cli is a command line utility for interacting with the +FreeDesktop.org trash can used by GNOME, KDE, XFCE, and other common desktop +environments. It can move files to the trash, and remove or list files that +are already there.") + (license gpl2+))) diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index 71310ecf94..61a6a5b9d9 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -135,7 +135,10 @@ (define-public openssh tail)))) (sha256 (base32 "132lh9aanb0wkisji1d6cmsxi520m8nh7c7i9wi6m1s3l38q29x7")) - (patches (search-patches "openssh-CVE-2015-8325.patch")))) + (patches (search-patches "openssh-CVE-2015-8325.patch" + "openssh-CVE-2016-6210-1.patch" + "openssh-CVE-2016-6210-2.patch" + "openssh-CVE-2016-6210-3.patch")))) (build-system gnu-build-system) (inputs `(("groff" ,groff) ("openssl" ,openssl) diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm index 45e50b651c..2365149fad 100644 --- a/gnu/packages/statistics.scm +++ b/gnu/packages/statistics.scm @@ -62,7 +62,7 @@ (define-module (gnu packages statistics) (define-public pspp (package (name "pspp") - (version "0.10.1") + (version "0.10.2") (source (origin (method url-fetch) @@ -70,7 +70,7 @@ (define-public pspp version ".tar.gz")) (sha256 (base32 - "0xw61kq0hxh7f6a4yjhnqbhc0fj9r3wb3qnpq05qhdp79n30ik24")))) + "1afsq0a3iij64qacczvwhk81qg0q5rfqm055y5h9ls28d6paqz7p")))) (build-system gnu-build-system) (inputs `(("cairo" ,cairo) diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 705275242b..767715d1b1 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -113,14 +113,14 @@ (define-public git ;; Keep in sync with 'git-manpages'! (package (name "git") - (version "2.9.1") + (version "2.9.2") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/software/scm/git/git-" version ".tar.xz")) (sha256 (base32 - "18l2jb4bkp9ljz6p2aviwzxqyzza9z3v6h1pnkz7kjf1fay61zp8")))) + "1d9dmhgzcnwc2jbib4q23ypjbnw1gh1w8gif63qldwkpixj4dxgq")))) (build-system gnu-build-system) (native-inputs `(("native-perl" ,perl) @@ -295,7 +295,7 @@ (define-public git-manpages version ".tar.xz")) (sha256 (base32 - "1v9icsf85vvrrg7fakm91d11q23rvnh6dq4b4c4ya8v95z00mg8p")))) + "08y38w6yfvrpgj10dl3vghp05xjpl8jj37kkfna2nhf0wip52p2c")))) (build-system trivial-build-system) (arguments '(#:modules ((guix build utils)) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 948ab5ac8a..d5880c45e2 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -805,14 +805,7 @@ (define-public mpv ("pulseaudio" ,pulseaudio) ("rsound" ,rsound) ("vapoursynth" ,vapoursynth) - ("waf" ,(origin - (method url-fetch) - ;; Keep this in sync with the version in the bootstrap.py - ;; script of the source tarball. - (uri "http://www.freehackers.org/~tnagy/release/waf-1.8.12") - (sha256 - (base32 - "12y9c352zwliw0zk9jm2lhynsjcf5jy0k1qch1c1av8hnbm2pgq1")))) + ("waf" ,python-waf) ("youtube-dl" ,youtube-dl) ("zlib" ,zlib))) (arguments @@ -902,7 +895,7 @@ (define-public libvpx (define-public youtube-dl (package (name "youtube-dl") - (version "2016.06.14") + (version "2016.07.22") (source (origin (method url-fetch) (uri (string-append "https://youtube-dl.org/downloads/" @@ -910,7 +903,7 @@ (define-public youtube-dl version ".tar.gz")) (sha256 (base32 - "0fmvpqipc1xwagvk7ih4slmv1xz1rb6s8wpndhypwvrq4pnnm9ns")))) + "02wcxpcbpvsbvyxcnhhf94ma0x5dcg4fygnxxca2h31dp47dkak9")))) (build-system python-build-system) (home-page "https://youtube-dl.org") (arguments diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index bbe33db32b..91186cdb19 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -2390,18 +2390,21 @@ (define-public perl-io-socket-ip (define-public perl-io-socket-ssl (package (name "perl-io-socket-ssl") - (version "2.002") + (version "2.033") (source (origin (method url-fetch) (uri (string-append "mirror://cpan/authors/id/S/SU/SULLR/" "IO-Socket-SSL-" version ".tar.gz")) (sha256 (base32 - "1mph52lw6x5v44wf8mw00llzi8pp6k5c4jnrnrvlacrlfv260jb8")) + "01qggwmc97kpzx49fp4fxysrjyq8mpnx54nrb087ridj0ch3cf46")) (patches (search-patches "perl-io-socket-ssl-openssl-1.0.2f-fix.patch")))) (build-system perl-build-system) - (propagated-inputs `(("perl-net-ssleay" ,perl-net-ssleay))) + (propagated-inputs + `(("perl-net-ssleay" ,perl-net-ssleay) + ;; for IDN support + ("perl-uri" ,perl-uri))) (synopsis "Nearly transparent SSL encapsulation for IO::Socket::INET") (description "IO::Socket::SSL makes using SSL/TLS much easier by wrapping the diff --git a/gnu/packages/wxwidgets.scm b/gnu/packages/wxwidgets.scm index c9eb1780d6..31da2a9eed 100644 --- a/gnu/packages/wxwidgets.scm +++ b/gnu/packages/wxwidgets.scm @@ -42,7 +42,8 @@ (define-public wxwidgets (source (origin (method url-fetch) - (uri (string-append "mirror://sourceforge/wxwindows/" version + (uri (string-append "https://github.com/wxWidgets/wxWidgets/" + "releases/download/v" version "/wxWidgets-" version ".tar.bz2")) (sha256 (base32 "0paq27brw4lv8kspxh9iklpa415mxi8zc117vbbbhfjgapf7js1l")))) @@ -88,8 +89,9 @@ (define-public wxwidgets-2 (source (origin (method url-fetch) - (uri (string-append "mirror://sourceforge/wxwindows/" version - "/wxWidgets-" version ".tar.bz2")) + (uri (string-append "https://github.com/wxWidgets/wxWidgets/" + "releases/download/v" version + "/wxGTK-" version ".tar.gz")) (sha256 (base32 "1gjs9vfga60mk4j4ngiwsk9h6c7j22pw26m3asxr1jwvqbr8kkqk")))) (inputs diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index f611518e86..226e5c1ca1 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -13,6 +13,7 @@ ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Leo Famulari +;;; Copyright © 2016 Alex Kost ;;; ;;; This file is part of GNU Guix. ;;; @@ -913,6 +914,28 @@ (define-public xscreensaver "http://metadata.ftp-master.debian.org/changelogs/" "/main/x/xscreensaver/xscreensaver_5.34-2_copyright"))))) +(define-public xdpyprobe + (package + (name "xdpyprobe") + (version "0.1") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/alezost/" name + "/releases/download/v" version + "/" name "-" version ".tar.gz")) + (sha256 + (base32 + "1h09wd2qcg08rj5hcakvdh9q01hkrj8vxly94ax3ch2x06lm0zq8")))) + (build-system gnu-build-system) + (inputs + `(("libx11" ,libx11))) + (home-page "https://github.com/alezost/xdpyprobe") + (synopsis "Probe X server for connectivity") + (description + "Xdpyprobe is a tiny C program whose only purpose is to probe a +connectivity of the X server running on a particular @code{DISPLAY}.") + (license license:gpl3+))) + (define-public rofi (package (name "rofi") diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 61479bef47..59c8d1c871 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2015 Cyrill Schenkel ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 ng0 +;;; Copyright © 2016 Alex Kost ;;; ;;; This file is part of GNU Guix. ;;; @@ -3870,6 +3871,97 @@ (define-public xlsfonts protocol.") (license license:x11))) +(define-public xfontsel + (package + (name "xfontsel") + (version "1.0.5") + (source (origin + (method url-fetch) + (uri (string-append + "mirror://xorg/individual/app/xfontsel-" + version ".tar.bz2")) + (sha256 + (base32 + "1grir464hy52a71r3mpm9mzvkf7nwr3vk0b1vc27pd3gp588a38p")))) + (build-system gnu-build-system) + (arguments + ;; By default, it tries to install XFontSel file in + ;; "/gnu/store//share/X11/app-defaults": it defines this + ;; directory from 'libxt' (using 'pkg-config'). To put this file + ;; inside output dir and to use it properly, we need to configure + ;; --with-appdefaultdir and to wrap 'xfontsel' binary. + (let ((app-defaults-dir "/share/X11/app-defaults")) + `(#:configure-flags + (list (string-append "--with-appdefaultdir=" + %output ,app-defaults-dir)) + #:phases + (modify-phases %standard-phases + (add-after 'install 'wrap-xfontsel + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (wrap-program (string-append out "/bin/xfontsel") + `("XAPPLRESDIR" = + (,(string-append out ,app-defaults-dir))))))))))) + (inputs + `(("libx11" ,libx11) + ("libxaw" ,libxaw) + ("libxmu" ,libxmu) + ("libxt" ,libxt))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "https://www.x.org/wiki/") + (synopsis "Browse and select X font names") + (description + "XFontSel provides a simple way to display the X11 core protocol fonts +known to your X server, examine samples of each, and retrieve the X Logical +Font Description (XLFD) full name for a font.") + (license license:x11))) + +(define-public xfd + (package + (name "xfd") + (version "1.1.2") + (source (origin + (method url-fetch) + (uri (string-append + "mirror://xorg/individual/app/xfd-" + version ".tar.bz2")) + (sha256 + (base32 + "0n97iqqap9wyxjan2n520vh4rrf5bc0apsw2k9py94dqzci258y1")))) + (build-system gnu-build-system) + (arguments + ;; The same 'app-defaults' problem as with 'xfontsel' package. + (let ((app-defaults-dir "/share/X11/app-defaults")) + `(#:configure-flags + (list (string-append "--with-appdefaultdir=" + %output ,app-defaults-dir)) + #:phases + (modify-phases %standard-phases + (add-after 'install 'wrap-xfd + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (wrap-program (string-append out "/bin/xfd") + `("XAPPLRESDIR" = + (,(string-append out ,app-defaults-dir))))))))))) + (inputs + `(("fontconfig" ,fontconfig) + ("libx11" ,libx11) + ("libxaw" ,libxaw) + ("libxft" ,libxft) + ("libxmu" ,libxmu) + ("libxrender" ,libxrender))) + (native-inputs + `(("gettext" ,gnu-gettext) + ("pkg-config" ,pkg-config))) + (home-page "https://www.x.org/wiki/") + (synopsis "Display all the characters in an X font") + (description + "XFD (X Font Display) package provides an utility that displays a +window containing the name of the font being displayed, a row of command +buttons, several lines of text for displaying character metrics, and a grid +containing one glyph per cell.") + (license license:x11))) (define-public xmodmap (package @@ -4562,7 +4654,17 @@ (define-public mkfontdir (base32 "0c3563kw9fg15dpgx4dwvl12qz6sdqdns1pxa574hc7i5m42mman")))) (build-system gnu-build-system) - (propagated-inputs + (arguments + '(#:phases + (modify-phases %standard-phases + (add-after 'install 'wrap-mkfontdir + (lambda* (#:key inputs outputs #:allow-other-keys) + (wrap-program (string-append (assoc-ref outputs "out") + "/bin/mkfontdir") + `("PATH" ":" prefix + (,(string-append (assoc-ref inputs "mkfontscale") + "/bin"))))))))) + (inputs `(("mkfontscale" ,mkfontscale))) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/guix/download.scm b/guix/download.scm index 8f38a4f552..73c0e897b4 100644 --- a/guix/download.scm +++ b/guix/download.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès ;;; Copyright © 2013, 2014, 2015 Andreas Enge ;;; Copyright © 2015 Federico Beffa +;;; Copyright © 2016 Alex Griffin ;;; ;;; This file is part of GNU Guix. ;;; @@ -99,6 +100,7 @@ (define %mirrors "http://www.centervenus.com/mirrors/nongnu/" "http://download.savannah.gnu.org/releases-noredirect/") (sourceforge ; https://sourceforge.net/p/forge/documentation/Mirrors/ + "http://downloads.sourceforge.net/project/" "http://ufpr.dl.sourceforge.net/project/" "http://heanet.dl.sourceforge.net/project/" "http://freefr.dl.sourceforge.net/project/" diff --git a/guix/profiles.scm b/guix/profiles.scm index 77df6ad185..1adb143c16 100644 --- a/guix/profiles.scm +++ b/guix/profiles.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès ;;; Copyright © 2013 Nikita Karetnikov -;;; Copyright © 2014 Alex Kost +;;; Copyright © 2014, 2016 Alex Kost ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2015 Sou Bunnbu ;;; @@ -756,10 +756,51 @@ (define build #:substitutable? #f) (return #f)))) +(define (fonts-dir-file manifest) + "Return a derivation that builds the @file{fonts.dir} and @file{fonts.scale} +files for the truetype fonts of the @var{manifest} entries." + (define mkfontscale + (module-ref (resolve-interface '(gnu packages xorg)) 'mkfontscale)) + + (define mkfontdir + (module-ref (resolve-interface '(gnu packages xorg)) 'mkfontdir)) + + (define build + #~(begin + (use-modules (srfi srfi-26) + (guix build utils) + (guix build union)) + (let ((ttf-dirs (filter file-exists? + (map (cut string-append <> + "/share/fonts/truetype") + '#$(manifest-inputs manifest))))) + (mkdir #$output) + (if (null? ttf-dirs) + (exit #t) + (let* ((fonts-dir (string-append #$output "/share/fonts")) + (ttf-dir (string-append fonts-dir "/truetype")) + (mkfontscale (string-append #+mkfontscale + "/bin/mkfontscale")) + (mkfontdir (string-append #+mkfontdir + "/bin/mkfontdir"))) + (mkdir-p fonts-dir) + (union-build ttf-dir ttf-dirs + #:log-port (%make-void-port "w")) + (with-directory-excursion ttf-dir + (exit (and (zero? (system* mkfontscale)) + (zero? (system* mkfontdir)))))))))) + + (gexp->derivation "fonts-dir" build + #:modules '((guix build utils) + (guix build union)) + #:local-build? #t + #:substitutable? #f)) + (define %default-profile-hooks ;; This is the list of derivation-returning procedures that are called by ;; default when making a non-empty profile. (list info-dir-file + fonts-dir-file ghc-package-cache-file ca-certificate-bundle gtk-icon-themes diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm index d5e9197cc9..8aab1febb2 100644 --- a/guix/scripts/lint.scm +++ b/guix/scripts/lint.scm @@ -203,14 +203,25 @@ (define (check-end-of-sentence-space description) (define (check-inputs-should-be-native package) ;; Emit a warning if some inputs of PACKAGE are likely to belong to its ;; native inputs. - (let ((inputs (package-inputs package))) + (let ((linted package) + (inputs (package-inputs package)) + (native-inputs '("pkg-config" "glib:bin" "intltool" "itstool"))) (match inputs - (((labels packages . _) ...) - (when (member "pkg-config" - (map package-name (filter package? packages))) - (emit-warning package - (_ "pkg-config should probably be a native input") - 'inputs)))))) + (((labels packages . outputs) ...) + (for-each (lambda (package output) + (when (package? package) + (let ((input (string-append + (package-name package) + (if (> (length output) 0) + (string-append ":" (car output)) + "")))) + (when (member input native-inputs) + (emit-warning linted + (format #f (_ "'~a' should probably \ +be a native input") + input) + 'inputs))))) + packages outputs))))) (define (package-name-regexp package) "Return a regexp that matches PACKAGE's name as a word at the beginning of a diff --git a/tests/lint.scm b/tests/lint.scm index ce751c42c9..770f43e57f 100644 --- a/tests/lint.scm +++ b/tests/lint.scm @@ -31,6 +31,7 @@ (define-module (test-lint) #:use-module (guix scripts lint) #:use-module (guix ui) #:use-module (gnu packages) + #:use-module (gnu packages glib) #:use-module (gnu packages pkg-config) #:use-module (web server) #:use-module (web server http) @@ -319,7 +320,16 @@ (define-syntax-rule (with-warnings body ...) (let ((pkg (dummy-package "x" (inputs `(("pkg-config" ,pkg-config)))))) (check-inputs-should-be-native pkg))) - "pkg-config should probably be a native input"))) + "'pkg-config' should probably be a native input"))) + +(test-assert "inputs: glib:bin is probably a native input" + (->bool + (string-contains + (with-warnings + (let ((pkg (dummy-package "x" + (inputs `(("glib" ,glib "bin")))))) + (check-inputs-should-be-native pkg))) + "'glib:bin' should probably be a native input"))) (test-assert "patches: file names" (->bool