nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into core-updates

This commit is contained in:
Mark H Weaver 2016-02-27 08:52:23 -05:00
parent fe5f687284 b35461748b
commit 048ec1a8b0
181 changed files with 17896 additions and 4229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile.am
View File

@ -49,6 +49,7 @@ MODULES = \
guix/serialization.scm \
guix/nar.scm \
guix/derivations.scm \
guix/grafts.scm \
guix/gnu-maintenance.scm \
guix/upstream.scm \
guix/licenses.scm \
@ -108,6 +109,7 @@ MODULES = \
guix/import/cran.scm \
guix/import/hackage.scm \
guix/import/elpa.scm \
guix/import/github.scm \
guix/scripts.scm \
guix/scripts/download.scm \
guix/scripts/build.scm \
@ -220,6 +222,7 @@ SCM_TESTS = \
tests/substitute.scm \
tests/builders.scm \
tests/derivations.scm \
tests/grafts.scm \
tests/ui.scm \
tests/records.scm \
tests/utils.scm \

1
doc.am
View File

@ -35,6 +35,7 @@ DOT_VECTOR_GRAPHICS = \
$(DOT_FILES:%.dot=%.pdf)
EXTRA_DIST += \
doc/htmlxref.cnf \
doc/contributing.texi \
doc/emacs.texi \
doc/fdl-1.3.texi \

6
doc/contributing.texi
View File

@ -315,6 +315,6 @@ extensions---or to the operating system kernel---e.g., reliance on
@end enumerate
When posting a patch to the mailing list, use @samp{[PATCH] @dots{}} as a
subject. You may use your email client or the @command{git send-mail}
command.
When posting a patch to the mailing list, use @samp{[PATCH] @dots{}} as
a subject. You may use your email client or the @command{git
send-email} command.

11
doc/emacs.texi
View File

@ -150,7 +150,13 @@ Commands for displaying packages:
Display all/newest available packages.
@item M-x guix-installed-packages
Display all installed packages.
@itemx M-x guix-installed-user-packages
@itemx M-x guix-installed-system-packages
Display installed packages. As described above, @kbd{M-x
guix-installed-packages} uses an arbitrary profile that you can specify,
while the other commands display packages installed in 2 special
profiles: @file{~/.guix-profile} and @file{/run/current-system/profile}
(only on GuixSD).
@item M-x guix-obsolete-packages
Display obsolete packages (the packages that are installed in a profile
@ -240,6 +246,9 @@ this:
@kbd{M-x guix-edit guix} opens
@file{~/src/guix/gnu/packages/package-management.scm} file.
Also you can use @kbd{C-u} prefix argument to specify a directory just
for the current @kbd{M-x guix-edit} command.
@node Emacs General info
@subsection General information

911
doc/guix.texi
View File

File diff suppressed because it is too large Load Diff

652
doc/htmlxref.cnf Normal file
View File

@ -0,0 +1,652 @@
# htmlxref.cnf - reference file for free Texinfo manuals on the web.
# Modified by Ludovic Courtès <ludo@gnu.org> for the GNU Guix manual.
htmlxrefversion=2016-02-21.21; # UTC
# Copyright 2010, 2011, 2012, 2013, 2014, 2015 Free Software Foundation, Inc.
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved.
#
# The latest version of this file is available at
# http://ftpmirror.gnu.org/texinfo/htmlxref.cnf.
# Email corrections or additions to bug-texinfo@gnu.org.
# The primary goal is to list all relevant GNU manuals;
# other free manuals are also welcome.
#
# To be included in this list, a manual must:
#
# - have a generic url, e.g., no version numbers;
# - have a unique file name (e.g., manual identifier), i.e., be related to the
# package name. Things like "refman" or "tutorial" don't work.
# - follow the naming convention for nodes described at
# http://www.gnu.org/software/texinfo/manual/texinfo/html_node/HTML-Xref.html
# This is what makeinfo and texi2html implement.
#
# Unless the above criteria are met, it's not possible to generate
# reliable cross-manual references.
#
# For information on automatically generating all the useful formats for
# a manual to put on the web, see
# http://www.gnu.org/prep/maintain/html_node/Manuals-on-Web-Pages.html.
# For people editing this file: when a manual named foo is related to a
# package named bar, the url should contain a variable reference ${BAR}.
# Otherwise, the gnumaint scripts have no way of knowing they are
# associated, and thus gnu.org/manual can't include them.
# shorten references to manuals on www.gnu.org.
G = http://www.gnu.org
GS = ${G}/software
3dldf mono ${GS}/3dldf/manual/user_ref/3DLDF.html
3dldf node ${GS}/3dldf/manual/user_ref/
alive mono ${GS}/alive/manual/alive.html
alive node ${GS}/alive/manual/html_node/
anubis chapter ${GS}/anubis/manual/html_chapter/
anubis section ${GS}/anubis/manual/html_section/
anubis node ${GS}/anubis/manual/html_node/
artanis mono ${GS}/artanis/manual/artanis.html
artanis node ${GS}/artanis/manual/html_node/
aspell section http://aspell.net/man-html/index.html
auctex mono ${GS}/auctex/manual/auctex.html
auctex node ${GS}/auctex/manual/auctex/
autoconf mono ${GS}/autoconf/manual/autoconf.html
autoconf node ${GS}/autoconf/manual/html_node/
autogen mono ${GS}/autogen/manual/html_mono/autogen.html
autogen chapter ${GS}/autogen/manual/html_chapter/
autogen node ${GS}/autoconf/manual/html_node/
automake mono ${GS}/automake/manual/automake.html
automake node ${GS}/automake/manual/html_node/
avl node http://www.stanford.edu/~blp/avl/libavl.html/
bash mono ${GS}/bash/manual/bash.html
bash node ${GS}/bash/manual/html_node/
BINUTILS = http://sourceware.org/binutils/docs
binutils node ${BINUTILS}/binutils/
as node ${BINUTILS}/as/
bfd node ${BINUTILS}/bfd/
gprof node ${BINUTILS}/gprof/
ld node ${BINUTILS}/ld/
bison mono ${GS}/bison/manual/bison.html
bison node ${GS}/bison/manual/html_node/
bpel2owfn mono ${GS}/bpel2owfn/manual/2.0.x/bpel2owfn.html
ccd2cue mono ${GS}/ccd2cue/manual/ccd2cue.html
ccd2cue node ${GS}/ccd2cue/manual/html_node/
cflow mono ${GS}/cflow/manual/cflow.html
cflow node ${GS}/cflow/manual/html_node/
chess mono ${GS}/chess/manual/gnuchess.html
chess node ${GS}/chess/manual/html_node/
combine mono ${GS}/combine/manual/combine.html
combine chapter ${GS}/combine/manual/html_chapter/
combine section ${GS}/combine/manual/html_section/
combine node ${GS}/combine/manual/html_node/
complexity mono ${GS}/complexity/manual/complexity.html
complexity node ${GS}/complexity/manual/html_node/
coreutils mono ${GS}/coreutils/manual/coreutils
coreutils node ${GS}/coreutils/manual/html_node/
cpio mono ${GS}/cpio/manual/cpio
cpio node ${GS}/cpio/manual/html_node/
cssc node ${GS}/cssc/manual/
#cvs cannot be handled here; see http://ximbiot.com/cvs/manual.
ddd mono ${GS}/ddd/manual/html_mono/ddd.html
ddrescue mono ${GS}/ddrescue/manual/ddrescue_manual.html
DICO = http://puszcza.gnu.org.ua/software/dico/manual
dico mono ${DICO}/dico.html
dico chapter ${DICO}/html_chapter/
dico section ${DICO}/html_section/
dico node ${DICO}/html_node/
diffutils mono ${GS}/diffutils/manual/diffutils
diffutils node ${GS}/diffutils/manual/html_node/
ed mono ${GS}/ed/manual/ed_manual.html
EMACS = ${GS}/emacs/manual
emacs mono ${EMACS}/html_mono/emacs.html
emacs node ${EMACS}/html_node/emacs/
#
ada-mode mono ${EMACS}/html_mono/ada-mode.html
ada-mode node ${EMACS}/html_node/ada-mode/
#
autotype mono ${EMACS}/html_mono/autotype.html
autotype node ${EMACS}/html_node/autotype/
#
ccmode mono ${EMACS}/html_mono/ccmode.html
ccmode node ${EMACS}/html_node/ccmode/
#
cl mono ${EMACS}/html_mono/cl.html
cl node ${EMACS}/html_node/cl/
#
ebrowse mono ${EMACS}/html_mono/ebrowse.html
ebrowse node ${EMACS}/html_node/ebrowse/
#
ediff mono ${EMACS}/html_mono/ediff.html
ediff node ${EMACS}/html_node/ediff/
#
eieio mono ${EMACS}/html_mono/eieio.html
eieio node ${EMACS}/html_node/eieio/
#
elisp mono ${EMACS}/html_mono/elisp.html
elisp node ${EMACS}/html_node/elisp/
#
epa mono ${EMACS}/html_mono/epa.html
epa node ${EMACS}/html_node/epa/
#
erc mono ${EMACS}/html_mono/erc.html
erc node ${EMACS}/html_node/erc/
#
dired-x mono ${EMACS}/html_mono/dired-x.html
dired-x node ${EMACS}/html_node/dired-x/
#
eshell mono ${EMACS}/html_mono/eshell.html
eshell node ${EMACS}/html_node/eshell/
#
flymake mono ${EMACS}/html_mono/flymake.html
flymake node ${EMACS}/html_node/flymake/
#
gnus mono ${EMACS}/html_mono/gnus.html
gnus node ${EMACS}/html_node/gnus/
#
idlwave mono ${EMACS}/html_mono/idlwave.html
idlwave node ${EMACS}/html_node/idlwave/
#
message mono ${EMACS}/html_mono/message.html
message node ${EMACS}/html_node/message/
#
mh-e mono ${EMACS}/html_mono/mh-e.html
mh-e node ${EMACS}/html_node/mh-e/
#
nxml-mode mono ${EMACS}/html_mono/nxml-mode.html
nxml-mode node ${EMACS}/html_node/nxml-mode/
#
org mono ${EMACS}/html_mono/org.html
org node ${EMACS}/html_node/org/
#
pcl-cvs mono ${EMACS}/html_mono/pcl-cvs.html
pcl-cvs node ${EMACS}/html_node/pcl-cvs/
#
rcirc mono ${EMACS}/html_mono/rcirc.html
rcirc node ${EMACS}/html_node/rcirc/
#
semantic mono ${EMACS}/html_mono/semantic.html
semantic node ${EMACS}/html_node/semantic/
#
smtp mono ${EMACS}/html_mono/smtpmail.html
smtp node ${EMACS}/html_node/smtpmail/
#
speedbar mono ${EMACS}/html_mono/speedbar.html
speedbar node ${EMACS}/html_node/speedbar/
#
tramp mono ${EMACS}/html_mono/tramp.html
tramp node ${EMACS}/html_node/tramp/
#
vip mono ${EMACS}/html_mono/vip.html
vip node ${EMACS}/html_node/vip/
#
viper mono ${EMACS}/html_mono/viper.html
viper node ${EMACS}/html_node/viper/
#
woman mono ${EMACS}/html_mono/woman.html
woman node ${EMACS}/html_node/woman/
# (end emacs manuals)
easejs mono ${GS}/easejs/manual/easejs.html
easejs node ${GS}/easejs/manual/
emacs-muse node ${GS}/emacs-muse/manual/muse.html
emacs-muse node ${GS}/emacs-muse/manual/html_node/
emms node ${GS}/emms/manual/
findutils mono ${GS}/findutils/manual/html_mono/find.html
findutils node ${GS}/findutils/manual/html_node/find_html
FLEX = http://flex.sourceforge.net
flex node ${FLEX}/manual/
gama mono ${GS}/gama/manual/gama.html
gama node ${GS}/gama/manual/html_node/
GAWK = ${GS}/gawk/manual
gawk mono ${GAWK}/gawk.html
gawk node ${GAWK}/html_node/
gawkinet mono ${GAWK}/gawkinet/gawkinet.html
gawkinet node ${GAWK}/gawkinet/html_node/
gcal mono ${GS}/gcal/manual/gcal.html
gcal node ${GS}/gcal/manual/html_node/
GCC = http://gcc.gnu.org/onlinedocs
gcc node ${GCC}/gcc/
cpp node ${GCC}/cpp/
gcj node ${GCC}/gcj/
gfortran node ${GCC}/gfortran/
gnat_rm node ${GCC}/gnat_rm/
gnat_ugn_unw node ${GCC}/gnat_ugn_unw/
libgomp node ${GCC}/libgomp/
libstdc++ node ${GCC}/libstdc++/
#
gccint node ${GCC}/gccint/
cppinternals node ${GCC}/cppinternals/
gfc-internals node ${GCC}/gfc-internals/
gnat-style node ${GCC}/gnat-style/
libiberty node ${GCC}/libiberty/
GDB = http://sourceware.org/gdb/current/onlinedocs
gdb node ${GDB}/gdb/
stabs node ${GDB}/stabs/
GDBM = http://www.gnu.org.ua/software/gdbm/manual
gdbm mono ${GDBM}/gdbm.html
gdbm chapter ${GDBM}/html_chapter/
gdbm section ${GDBM}/html_section/
gdbm node ${GDBM}/html_node/
gettext mono ${GS}/gettext/manual/gettext.html
gettext node ${GS}/gettext/manual/html_node/
gforth node http://www.complang.tuwien.ac.at/forth/gforth/Docs-html/
global mono ${GS}/global/manual/global.html
gmediaserver node ${GS}/gmediaserver/manual/
gmp node http://www.gmplib.org/manual/
gnu-arch node ${GS}/gnu-arch/tutorial/
gnu-c-manual mono ${GS}/gnu-c-manual/gnu-c-manual.html
gnu-crypto node ${GS}/gnu-crypto/manual/
gnubg mono ${GS}/gnubg/manual/gnubg.html
gnubg node ${GS}/gnubg/manual/html_node/
gnubik mono ${GS}/gnubik/manual/gnubik.html
gnubik node ${GS}/gnubik/manual/html_node/
gnulib mono ${GS}/gnulib/manual/gnulib.html
gnulib node ${GS}/gnulib/manual/html_node/
GNUN = ${GS}/trans-coord/manual
gnun mono ${GNUN}/gnun/gnun.html
gnun node ${GNUN}/gnun/html_node/
web-trans mono ${GNUN}/web-trans/web-trans.html
web-trans node ${GNUN}/web-trans/html_node/
GNUPG = http://www.gnupg.org/documentation/manuals
gnupg node ${GNUPG}/gnupg/
dirmngr node ${GNUPG}/dirmngr/
gcrypt node ${GNUPG}/gcrypt/
libgcrypt node ${GNUPG}/gcrypt/
ksba node ${GNUPG}/ksba/
assuan node ${GNUPG}/assuan/
gpgme node ${GNUPG}/gpgme/
gnuprologjava node ${GS}/gnuprologjava/manual/
gnuschool mono ${GS}/gnuschool/gnuschool.html
GNUSTANDARDS = ${G}/prep
maintain mono ${GNUSTANDARDS}/maintain/maintain.html
maintain node ${GNUSTANDARDS}/maintain/html_node/
#
standards mono ${GNUSTANDARDS}/standards/standards.html
standards node ${GNUSTANDARDS}/standards/html_node/
gnutls mono http://gnutls.org/manual/gnutls.html
gnutls node http://gnutls.org/manual/html_node/
gnutls-guile mono http://gnutls.org/manual/gnutls-guile.html
gnutls-guile node http://gnutls.org/manual/gnutls-guile/index.html
gperf mono ${GS}/gperf/manual/gperf.html
gperf node ${GS}/gperf/manual/html_node/
grep mono ${GS}/grep/manual/grep.html
grep node ${GS}/grep/manual/html_node/
groff node ${GS}/groff/manual/html_node/
GRUB = ${GS}/grub/manual
grub mono ${GRUB}/grub.html
grub node ${GRUB}/html_node/
#
multiboot mono ${GRUB}/multiboot/multiboot.html
multiboot node ${GRUB}/multiboot/html_node/
gsasl mono ${GS}/gsasl/manual/gsasl.html
gsasl node ${GS}/gsasl/manual/html_node/
gsl node ${GS}/gsl/manual/html_node/
gsrc mono ${GS}/gsrc/manual/gsrc.html
gsrc node ${GS}/gsrc/manual/html_node/
gss mono ${GS}/gss/manual/gss.html
gss node ${GS}/gss/manual/html_node/
gtypist mono ${GS}/gtypist/doc/
guile mono ${GS}/guile/manual/guile.html
guile node ${GS}/guile/manual/html_node/
guile-avahi mono http://nongnu.org/guile-avahi/doc/guile-avahi.html
GUILE_GNOME = ${GS}/guile-gnome/docs
gobject node ${GUILE_GNOME}/gobject/html/
glib node ${GUILE_GNOME}/glib/html/
atk node ${GUILE_GNOME}/atk/html/
pango node ${GUILE_GNOME}/pango/html/
pangocairo node ${GUILE_GNOME}/pangocairo/html/
gdk node ${GUILE_GNOME}/gdk/html/
gtk node ${GUILE_GNOME}/gtk/html/
libglade node ${GUILE_GNOME}/libglade/html/
gnome-vfs node ${GUILE_GNOME}/gnome-vfs/html/
libgnomecanvas node ${GUILE_GNOME}/libgnomecanvas/html/
gconf node ${GUILE_GNOME}/gconf/html/
libgnome node ${GUILE_GNOME}/libgnome/html/
libgnomeui node ${GUILE_GNOME}/libgnomeui/html/
corba node ${GUILE_GNOME}/corba/html/
clutter node ${GUILE_GNOME}/clutter/html/
clutter-glx node ${GUILE_GNOME}/clutter-glx/html/
guile-gtk node ${GS}/guile-gtk/docs/guile-gtk/
guile-rpc mono ${GS}/guile-rpc/manual/guile-rpc.html
guile-rpc node ${GS}/guile-rpc/manual/html_node/
guix mono ${GS}/guix/manual/guix.html
guix node ${GS}/guix/manual/html_node/
gv mono ${GS}/gv/manual/gv.html
gv node ${GS}/gv/manual/html_node/
gzip mono ${GS}/gzip/manual/gzip.html
gzip node ${GS}/gzip/manual/html_node/
hello mono ${GS}/hello/manual/hello.html
hello node ${GS}/hello/manual/html_node/
help2man mono ${GS}/help2man/help2man.html
idutils mono ${GS}/idutils/manual/idutils.html
idutils node ${GS}/idutils/manual/html_node/
inetutils mono ${GS}/inetutils/manual/inetutils.html
inetutils node ${GS}/inetutils/manual/html_node/
jwhois mono ${GS}/jwhois/manual/jwhois.html
jwhois node ${GS}/jwhois/manual/html_node/
libc mono ${GS}/libc/manual/html_mono/libc.html
libc node ${GS}/libc/manual/html_node/
LIBCDIO = ${GS}/libcdio
libcdio mono ${LIBCDIO}/libcdio.html
cd-text mono ${LIBCDIO}/cd-text-format.html
libextractor mono ${GS}/libextractor/manual/libextractor.html
libextractor node ${GS}/libextractor/manual/html_node/
libidn mono ${GS}/libidn/manual/libidn.html
libidn node ${GS}/libidn/manual/html_node/
librejs mono ${GS}/librejs/manual/librejs.html
librejs node ${GS}/librejs/manual/html_node/
libmatheval mono ${GS}/libmatheval/manual/libmatheval.html
LIBMICROHTTPD = ${GS}/libmicrohttpd
libmicrohttpd mono ${LIBMICROHTTPD}/manual/libmicrohttpd.html
libmicrohttpd node ${LIBMICROHTTPD}/manual/html_node/
microhttpd-tutorial mono ${LIBMICROHTTPD}/tutorial.html
libtasn1 mono ${GS}/libtasn1/manual/libtasn1.html
libtasn1 node ${GS}/libtasn1/manual/html_node/
libtool mono ${GS}/libtool/manual/libtool.html
libtool node ${GS}/libtool/manual/html_node/
lightning mono ${GS}/lightning/manual/lightning.html
lightning node ${GS}/lightning/manual/html_node/
# The stable/ url redirects immediately, but that's ok.
# The .html extension is omitted on their web site, but it works if given.
LILYPOND = http://lilypond.org/doc/stable/Documentation
lilypond-internals node ${LILYPOND}/internals/
lilypond-learning node ${LILYPOND}/learning/
lilypond-notation node ${LILYPOND}/notation/
lilypond-snippets node ${LILYPOND}/snippets/
lilypond-usage node ${LILYPOND}/usage/
lilypond-web node ${LILYPOND}/web/
music-glossary node ${LILYPOND}/music-glossary/
liquidwar6 mono ${GS}/liquidwar6/manual/liquidwar6.html
liquidwar6 node ${GS}/liquidwar6/manual/html_node/
lispintro mono ${GS}/emacs/emacs-lisp-intro/html_mono/emacs-lisp-intro.html
lispintro node ${GS}/emacs/emacs-lisp-intro/html_node/index.html
LSH = http://www.lysator.liu.se/~nisse/lsh
lsh mono ${LSH}/lsh.html
m4 mono ${GS}/m4/manual/m4.html
m4 node ${GS}/m4/manual/html_node/
mailutils mono ${GS}/mailutils/manual/mailutils.html
mailutils chapter ${GS}/mailutils/manual/html_chapter/
mailutils section ${GS}/mailutils/manual/html_section/
mailutils node ${GS}/mailutils/manual/html_node/
make mono ${GS}/make/manual/make.html
make node ${GS}/make/manual/html_node/
mdk mono ${GS}/mdk/manual/mdk.html
mdk node ${GS}/mdk/manual/html_node/
METAEXCHANGE = http://ftp.gwdg.de/pub/gnu2/iwfmdh/doc/texinfo
iwf_mh node ${METAEXCHANGE}/iwf_mh.html
scantest node ${METAEXCHANGE}/scantest.html
MIT_SCHEME = ${GS}/mit-scheme/documentation
mit-scheme-ref node ${MIT_SCHEME}/mit-scheme-ref/
mit-scheme-user node ${MIT_SCHEME}/mit-scheme-user/
sos node ${MIT_SCHEME}/mit-scheme-sos/
mit-scheme-imail node ${MIT_SCHEME}/mit-scheme-imail/
moe mono ${GS}/moe/manual/moe_manual.html
motti node ${GS}/motti/manual/
mpc node http://www.multiprecision.org/index.php?prog=mpc&page=html
mpfr mono http://www.mpfr.org/mpfr-current/mpfr.html
mtools mono ${GS}/mtools/manual/mtools.html
myserver node http://www.myserverproject.net/documentation/
nano mono http://www.nano-editor.org/dist/latest/nano.html
nettle chapter http://www.lysator.liu.se/~nisse/nettle/nettle.html
ocrad mono ${GS}/ocrad/manual/ocrad_manual.html
parted mono ${GS}/parted/manual/parted.html
parted node ${GS}/parted/manual/html_node/
pascal mono http://www.gnu-pascal.de/gpc/
# can't use pcb since url's contain dates --30nov10
perl mono ${GS}/perl/manual/perldoc-all.html
PIES = http://www.gnu.org.ua/software/pies/manual
pies mono ${PIES}/pies.html
pies chapter ${PIES}/html_chapter/
pies section ${PIES}/html_section/
pies node ${PIES}/html_node/
plotutils mono ${GS}/plotutils/manual/en/plotutils.html
plotutils node ${GS}/plotutils/manual/en/html_node/
proxyknife mono ${GS}/proxyknife/manual/proxyknife.html
proxyknife node ${GS}/proxyknife/manual/html_node/
pspp mono ${GS}/pspp/manual/pspp.html
pspp node ${GS}/pspp/manual/html_node/
pyconfigure mono ${GS}/pyconfigure/manual/pyconfigure.html
pyconfigure node ${GS}/pyconfigure/manual/html_node/
R = http://cran.r-project.org/doc/manuals
R-intro mono ${R}/R-intro.html
R-lang mono ${R}/R-lang.html
R-exts mono ${R}/R-exts.html
R-data mono ${R}/R-data.html
R-admin mono ${R}/R-admin.html
R-ints mono ${R}/R-ints.html
rcs mono ${GS}/rcs/manual/rcs.html
rcs node ${GS}/rcs/manual/html_node/
READLINE = http://cnswww.cns.cwru.edu/php/chet/readline
readline mono ${READLINE}/readline.html
rluserman mono ${READLINE}/rluserman.html
history mono ${READLINE}/history.html
recode mono http://recode.progiciels-bpi.ca/manual/index.html
recutils mono ${GS}/recutils/manual/recutils.html
recutils node ${GS}/recutils/manual/html_node/
reftex mono ${GS}/auctex/manual/reftex.html
reftex node ${GS}/auctex/manual/reftex/
remotecontrol mono ${GS}/remotecontrol/manual/remotecontrol.html
remotecontrol node ${GS}/remotecontrol/manual/html_node/
rottlog mono ${GS}/rottlog/manual/rottlog.html
rottlog node ${GS}/rottlog/manual/html_node/
RUSH = http://www.gnu.org.ua/software/rush/manual
rush mono ${RUSH}/rush.html
rush chapter ${RUSH}/html_chapter/
rush section ${RUSH}/html_section/
rush node ${RUSH}/html_node/
screen mono ${GS}/screen/manual/screen.html
screen node ${GS}/screen/manual/html_node/
sed mono ${GS}/sed/manual/sed.html
sed node ${GS}/sed/manual/html_node/
sharutils mono ${GS}/sharutils/manual/html_mono/sharutils.html
sharutils chapter ${GS}/sharutils/manual/html_chapter/
sharutils node ${GS}/sharutils/manual/html_node/
shepherd mono ${GS}/shepherd/manual/shepherd.html
shepherd node ${GS}/shepherd/manual/html_node/
# can't use mono files since they have generic names
SMALLTALK = ${GS}/smalltalk
smalltalk node ${SMALLTALK}/manual/html_node/
smalltalk-base node ${SMALLTALK}/manual-base/html_node/
smalltalk-libs node ${SMALLTALK}/manual-libs/html_node/
sourceinstall mono ${GS}/sourceinstall/manual/sourceinstall.html
sourceinstall node ${GS}/sourceinstall/manual/html_node/
sqltutor mono ${GS}/sqltutor/manual/sqltutor.html
sqltutor node ${GS}/sqltutor/manual/html_node/
src-highlite mono ${GS}/src-highlite/source-highlight.html
swbis mono ${GS}/swbis/manual.html
tar mono ${GS}/tar/manual/tar.html
tar chapter ${GS}/tar/manual/html_chapter/
tar section ${GS}/tar/manual/html_section/
tar node ${GS}/autoconf/manual/html_node/
teseq mono ${GS}/teseq/teseq.html
teseq node ${GS}/teseq/html_node/
TEXINFO = ${GS}/texinfo/manual
texinfo mono ${TEXINFO}/texinfo/texinfo.html
texinfo node ${TEXINFO}/texinfo/html_node/
#
info mono ${TEXINFO}/info/info.html
info node ${TEXINFO}/info/html_node/
#
info-stnd mono ${TEXINFO}/info-stnd/info-stnd.html
info-stnd node ${TEXINFO}/info-stnd/html_node/
thales node ${GS}/thales/manual/
units mono ${GS}/units/manual/units.html
units node ${GS}/units/manual/html_node/
vc-dwim mono ${GS}/vc-dwim/manual/vc-dwim.html
vc-dwim node ${GS}/vc-dwim/manual/html_node/
wdiff mono ${GS}/wdiff/manual/wdiff.html
wdiff node ${GS}/wdiff/manual/html_node/
websocket4j mono ${GS}/websocket4j/manual/websocket4j.html
websocket4j node ${GS}/websocket4j/manual/html_node/
wget mono ${GS}/wget/manual/wget.html
wget node ${GS}/wget/manual/html_node/
xboard mono ${GS}/xboard/manual/xboard.html
xboard node ${GS}/xboard/manual/html_node/
# emacs-page
# Free TeX-related Texinfo manuals on tug.org.
T = http://tug.org/texinfohtml
dvipng mono ${T}/dvipng.html
dvips mono ${T}/dvips.html
eplain mono ${T}/eplain.html
kpathsea mono ${T}/kpathsea.html
latex2e mono ${T}/latex2e.html
tlbuild mono ${T}/tlbuild.html
web2c mono ${T}/web2c.html
# Local Variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "htmlxrefversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

27
emacs/guix-base.el
View File

@ -55,6 +55,14 @@
If it is not set by a user, it is set after starting Guile REPL.
This directory is used to define location of the packages.")
(defun guix-read-directory ()
"Return `guix-directory' or prompt for it.
This function is intended for using in `interactive' forms."
(if current-prefix-arg
(read-directory-name "Directory with Guix modules: "
guix-directory)
guix-directory))
(defun guix-set-directory ()
"Set `guix-directory' if needed."
(or guix-directory
@ -63,17 +71,17 @@ This directory is used to define location of the packages.")
(add-hook 'guix-after-start-repl-hook 'guix-set-directory)
(defun guix-find-location (location)
(defun guix-find-location (location &optional directory)
"Go to LOCATION of a package.
LOCATION is a string of the form:
\"PATH:LINE:COLUMN\"
If PATH is relative, it is considered to be relative to
`guix-directory'."
DIRECTORY (`guix-directory' by default)."
(cl-multiple-value-bind (path line col)
(split-string location ":")
(let ((file (expand-file-name path guix-directory))
(let ((file (expand-file-name path (or directory guix-directory)))
(line (string-to-number line))
(col (string-to-number col)))
(find-file file)
@ -113,12 +121,17 @@ See `guix-packages-profile'."
(guix-packages-profile profile generation system?)))
;;;###autoload
(defun guix-edit (id-or-name)
"Edit (go to location of) package with ID-OR-NAME."
(interactive (list (guix-read-package-name)))
(defun guix-edit (id-or-name &optional directory)
"Edit (go to location of) package with ID-OR-NAME.
See `guix-find-location' for the meaning of package location and
DIRECTORY.
Interactively, with prefix argument, prompt for DIRECTORY."
(interactive
(list (guix-read-package-name)
(guix-read-directory)))
(let ((loc (guix-package-location id-or-name)))
(if loc
(guix-find-location loc)
(guix-find-location loc directory)
(message "Couldn't find package location."))))

4
emacs/guix-buffer.el
View File

@ -241,8 +241,10 @@ HISTORY should be one of the following:
`replace' - replace the current history item."
(guix-buffer-with-item buffer-item
(when %entries
(guix-buffer-show-entries %entries %buffer-type %entry-type)
;; Set buffer item before showing entries, so that its value can
;; be used by the code for displaying entries.
(setq guix-buffer-item buffer-item)
(guix-buffer-show-entries %entries %buffer-type %entry-type)
(when history
(funcall (cl-ecase history
(add #'guix-history-add)

3
emacs/guix-build-log.el
View File

@ -366,6 +366,9 @@ programmatically using hooks:
(guix-find-file-or-url file-or-url)
(guix-build-log-mode))
;;;###autoload
(add-hook 'shell-mode-hook 'guix-build-log-minor-mode-activate-maybe)
;;;###autoload
(add-to-list 'auto-mode-alist
;; Regexp for log files (usually placed in /var/log/guix/...)

3
emacs/guix-devel.el
View File

@ -364,6 +364,9 @@ bindings:
(when guix-devel-activate-mode
(guix-devel-mode)))
;;;###autoload
(add-hook 'scheme-mode-hook 'guix-devel-activate-mode-maybe)
(defvar guix-devel-emacs-font-lock-keywords
(eval-when-compile

3
emacs/guix-init.el
View File

@ -1,7 +1,4 @@
(require 'guix-autoloads)
(require 'guix-emacs)
(add-hook 'scheme-mode-hook 'guix-devel-activate-mode-maybe)
(add-hook 'shell-mode-hook 'guix-build-log-minor-mode-activate-maybe)
(provide 'guix-init)

4
emacs/guix-main.scm
View File

@ -856,9 +856,7 @@ parameter/value pairs."
(define* (package->manifest-entry* package #:optional output)
(and package
(begin
(check-package-freshness package)
(package->manifest-entry package output))))
(package->manifest-entry package output)))
(define* (make-install-manifest-entries id #:optional output)
(package->manifest-entry* (package-by-id id) output))

8
emacs/guix-profiles.el
View File

@ -40,6 +40,14 @@
(defvar guix-current-profile guix-default-profile
"Current profile.")
(defvar guix-system-profile-regexp
(concat "\\`" (regexp-quote guix-system-profile))
"Regexp matching system profiles.")
(defun guix-system-profile? (profile)
"Return non-nil, if PROFILE is a system one."
(string-match-p guix-system-profile-regexp profile))
(defun guix-profile-prompt (&optional default)
"Prompt for profile and return it.
Use DEFAULT as a start directory. If it is nil, use

59
emacs/guix-ui-package.el
View File

@ -454,17 +454,22 @@ current OUTPUT is installed (if there is such output in
(string= (guix-entry-value entry 'output)
output))
installed))
(action-type (if installed-entry 'delete 'install)))
(action-type (if installed-entry 'delete 'install))
(profile (guix-ui-current-profile)))
(guix-info-insert-indent)
(guix-format-insert output
(if installed-entry
'guix-package-info-installed-outputs
'guix-package-info-uninstalled-outputs)
guix-package-info-output-format)
(guix-package-info-insert-action-button action-type entry output)
(when obsolete
(guix-info-insert-indent)
(guix-package-info-insert-action-button 'upgrade entry output))
;; Do not allow a user to install/delete anything to/from a system
;; profile, so add action buttons only for non-system profiles.
(when (and profile
(not (guix-system-profile? profile)))
(guix-package-info-insert-action-button action-type entry output)
(when obsolete
(guix-info-insert-indent)
(guix-package-info-insert-action-button 'upgrade entry output)))
(insert "\n")
(when installed-entry
(guix-info-insert-entry installed-entry 'installed-output 2))))
@ -723,10 +728,22 @@ take an entry as argument."
'upgrade nil
(guix-package-installed-outputs entry)))))
(defun guix-package-assert-non-system-profile ()
"Verify that the current profile is not a system one.
The current profile is the one used by the current buffer."
(let ((profile (guix-ui-current-profile)))
(and profile
(guix-system-profile? profile)
(user-error "Packages cannot be installed or removed to/from \
profile '%s'.
Use 'guix system reconfigure' shell command to modify a system profile."
profile))))
(defun guix-package-execute-actions (fun)
"Perform actions on the marked packages.
Use FUN to define actions suitable for `guix-process-package-actions'.
FUN should take action-type as argument."
(guix-package-assert-non-system-profile)
(let ((actions (delq nil
(mapcar fun '(install delete upgrade)))))
(if actions
@ -746,10 +763,11 @@ The specification is suitable for `guix-process-package-actions'."
(let ((specs (guix-list-get-marked-args action-type)))
(and specs (cons action-type specs))))
(defun guix-package-list-edit ()
"Go to the location of the current package."
(interactive)
(guix-edit (guix-list-current-id)))
(defun guix-package-list-edit (&optional directory)
"Go to the location of the current package.
See `guix-find-location' for the meaning of DIRECTORY."
(interactive (list (guix-read-directory)))
(guix-edit (guix-list-current-id) directory))
(defun guix-package-list-latest-builds (number &rest args)
"Display latest NUMBER of Hydra builds of the current package.
@ -906,11 +924,13 @@ See `guix-package-info-type'."
'id (cl-remove-duplicates pids))
'add))))
(defun guix-output-list-edit ()
"Go to the location of the current package."
(interactive)
(defun guix-output-list-edit (&optional directory)
"Go to the location of the current package.
See `guix-find-location' for the meaning of DIRECTORY."
(interactive (list (guix-read-directory)))
(guix-edit (guix-entry-value (guix-list-current-entry)
'package-id)))
'package-id)
directory))
;;; Interactive commands
@ -978,6 +998,19 @@ Interactively with prefix, prompt for PROFILE."
(interactive (list (guix-ui-read-profile)))
(guix-package-get-display profile 'installed))
;;;###autoload
(defun guix-installed-user-packages ()
"Display information about Guix packages installed in a user profile."
(interactive)
(guix-installed-packages guix-user-profile))
;;;###autoload
(defun guix-installed-system-packages ()
"Display information about Guix packages installed in a system profile."
(interactive)
(guix-installed-packages
(guix-packages-profile guix-system-profile nil t)))
;;;###autoload
(defun guix-obsolete-packages (&optional profile)
"Display information about obsolete Guix packages.

38
gnu-system.am
View File

@ -42,6 +42,7 @@ GNU_SYSTEM_MODULES = \
gnu/packages/attr.scm \
gnu/packages/audacity.scm \
gnu/packages/audio.scm \
gnu/packages/augeas.scm \
gnu/packages/autogen.scm \
gnu/packages/autotools.scm \
gnu/packages/avahi.scm \
@ -171,7 +172,6 @@ GNU_SYSTEM_MODULES = \
gnu/packages/jemalloc.scm \
gnu/packages/jrnl.scm \
gnu/packages/julia.scm \
gnu/packages/kde.scm \
gnu/packages/kde-frameworks.scm \
gnu/packages/key-mon.scm \
gnu/packages/kodi.scm \
@ -215,6 +215,7 @@ GNU_SYSTEM_MODULES = \
gnu/packages/mail.scm \
gnu/packages/make-bootstrap.scm \
gnu/packages/markdown.scm \
gnu/packages/mate.scm \
gnu/packages/maths.scm \
gnu/packages/mc.scm \
gnu/packages/mcrypt.scm \
@ -435,6 +436,7 @@ dist_patch_DATA = \
gnu/packages/patches/clucene-pkgconfig.patch \
gnu/packages/patches/cmake-fix-tests.patch \
gnu/packages/patches/cpio-gets-undeclared.patch \
gnu/packages/patches/cpio-CVE-2016-2037.patch \
gnu/packages/patches/cpufrequtils-fix-aclocal.patch \
gnu/packages/patches/crda-optional-gcrypt.patch \
gnu/packages/patches/crossmap-allow-system-pysam.patch \
@ -489,6 +491,7 @@ dist_patch_DATA = \
gnu/packages/patches/glib-tests-prlimit.patch \
gnu/packages/patches/glib-tests-timer.patch \
gnu/packages/patches/glib-tests-gapplication.patch \
gnu/packages/patches/glibc-CVE-2015-7547.patch \
gnu/packages/patches/glibc-bootstrap-system.patch \
gnu/packages/patches/glibc-hurd-extern-inline.patch \
gnu/packages/patches/glibc-ldd-x86_64.patch \
@ -499,6 +502,7 @@ dist_patch_DATA = \
gnu/packages/patches/gmp-arm-asm-nothumb.patch \
gnu/packages/patches/gmp-faulty-test.patch \
gnu/packages/patches/gnucash-price-quotes-perl.patch \
gnu/packages/patches/gnupg-simple-query-ignore-status-messages.patch \
gnu/packages/patches/gobject-introspection-absolute-shlib-path.patch \
gnu/packages/patches/gobject-introspection-cc.patch \
gnu/packages/patches/gobject-introspection-girepository.patch \
@ -521,6 +525,7 @@ dist_patch_DATA = \
gnu/packages/patches/hydra-automake-1.15.patch \
gnu/packages/patches/hydra-disable-darcs-test.patch \
gnu/packages/patches/icecat-avoid-bundled-includes.patch \
gnu/packages/patches/icecat-update-graphite2.patch \
gnu/packages/patches/icecat-re-enable-DHE-cipher-suites.patch \
gnu/packages/patches/icu4c-CVE-2014-6585.patch \
gnu/packages/patches/icu4c-CVE-2015-1270.patch \
@ -561,14 +566,12 @@ dist_patch_DATA = \
gnu/packages/patches/libmad-armv7-thumb-pt2.patch \
gnu/packages/patches/libmad-frame-length.patch \
gnu/packages/patches/libmad-mips-newgcc.patch \
gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch \
gnu/packages/patches/libtheora-config-guess.patch \
gnu/packages/patches/libtiff-CVE-2015-8665+CVE-2015-8683.patch \
gnu/packages/patches/libtiff-oob-accesses-in-decode.patch \
gnu/packages/patches/libtiff-oob-write-in-nextdecode.patch \
gnu/packages/patches/libtool-skip-tests2.patch \
gnu/packages/patches/libsndfile-CVE-2014-9496.patch \
gnu/packages/patches/libsndfile-CVE-2015-7805.patch \
gnu/packages/patches/libssh-CVE-2014-0017.patch \
gnu/packages/patches/libunwind-CVE-2015-3239.patch \
gnu/packages/patches/libwmf-CAN-2004-0941.patch \
gnu/packages/patches/libwmf-CVE-2006-3376.patch \
@ -602,12 +605,10 @@ dist_patch_DATA = \
gnu/packages/patches/mcron-install.patch \
gnu/packages/patches/mdadm-gcc-4.9-fix.patch \
gnu/packages/patches/mhash-keygen-test-segfault.patch \
gnu/packages/patches/mit-krb5-CVE-2015-2695-pt1.patch \
gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch \
gnu/packages/patches/mit-krb5-CVE-2015-2696.patch \
gnu/packages/patches/mit-krb5-CVE-2015-2697.patch \
gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch \
gnu/packages/patches/mit-krb5-CVE-2015-2698-pt2.patch \
gnu/packages/patches/mit-krb5-CVE-2015-8629.patch \
gnu/packages/patches/mit-krb5-CVE-2015-8630.patch \
gnu/packages/patches/mit-krb5-CVE-2015-8631.patch \
gnu/packages/patches/mit-krb5-init-context-null-spnego.patch \
gnu/packages/patches/mpc123-initialize-ao.patch \
gnu/packages/patches/mplayer2-theora-fix.patch \
gnu/packages/patches/module-init-tools-moduledir.patch \
@ -624,6 +625,7 @@ dist_patch_DATA = \
gnu/packages/patches/nvi-assume-preserve-path.patch \
gnu/packages/patches/nvi-dbpagesize-binpower.patch \
gnu/packages/patches/nvi-db4.patch \
gnu/packages/patches/ocaml-findlib-make-install.patch \
gnu/packages/patches/openexr-missing-samples.patch \
gnu/packages/patches/openimageio-boost-1.60.patch \
gnu/packages/patches/openjpeg-CVE-2015-6581.patch \
@ -677,14 +679,20 @@ dist_patch_DATA = \
gnu/packages/patches/python-ipython-inputhook-ctype.patch \
gnu/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \
gnu/packages/patches/python-configobj-setuptools.patch \
gnu/packages/patches/python-paste-remove-website-test.patch \
gnu/packages/patches/python-paste-remove-timing-test.patch \
gnu/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
gnu/packages/patches/qemu-CVE-2015-8558.patch \
gnu/packages/patches/qemu-CVE-2015-8567.patch \
gnu/packages/patches/qemu-CVE-2015-8613.patch \
gnu/packages/patches/qemu-CVE-2015-8619.patch \
gnu/packages/patches/qemu-CVE-2015-8701.patch \
gnu/packages/patches/qemu-CVE-2015-8743.patch \
gnu/packages/patches/qemu-CVE-2016-1568.patch \
gnu/packages/patches/qemu-CVE-2016-1922.patch \
gnu/packages/patches/qemu-CVE-2016-1981.patch \
gnu/packages/patches/qemu-CVE-2016-2197.patch \
gnu/packages/patches/qemu-usb-ehci-oob-read.patch \
gnu/packages/patches/qemu-virtio-9p-use-accessor-to-get-thread-pool.patch \
gnu/packages/patches/qt4-ldflags.patch \
gnu/packages/patches/ratpoison-shell.patch \
@ -701,6 +709,7 @@ dist_patch_DATA = \
gnu/packages/patches/slim-session.patch \
gnu/packages/patches/slim-config.patch \
gnu/packages/patches/slim-sigusr1.patch \
gnu/packages/patches/slurm-configure-remove-nonfree-contribs.patch \
gnu/packages/patches/soprano-find-clucene.patch \
gnu/packages/patches/sudo-CVE-2015-5602.patch \
gnu/packages/patches/superlu-dist-scotchmetis.patch \
@ -708,6 +717,7 @@ dist_patch_DATA = \
gnu/packages/patches/tar-d_ino_in_dirent-fix.patch \
gnu/packages/patches/tar-skip-unreliable-tests.patch \
gnu/packages/patches/tcl-mkindex-deterministic.patch \
gnu/packages/patches/tclxml-3.2-install.patch \
gnu/packages/patches/tcsh-fix-autotest.patch \
gnu/packages/patches/texi2html-document-encoding.patch \
gnu/packages/patches/texi2html-i18n.patch \
@ -763,17 +773,9 @@ dist_patch_DATA = \
gnu/packages/patches/xf86-video-intel-compat-api.patch \
gnu/packages/patches/xf86-video-intel-glibc-2.20.patch \
gnu/packages/patches/xf86-video-mach64-glibc-2.20.patch \
gnu/packages/patches/xf86-video-mga-glibc-2.20.patch \
gnu/packages/patches/xf86-video-nv-remove-mibstore.patch \
gnu/packages/patches/xf86-video-openchrome-glibc-2.20.patch \
gnu/packages/patches/xf86-video-r128-glibc-2.20.patch \
gnu/packages/patches/xf86-video-siliconmotion-remove-mibstore.patch \
gnu/packages/patches/xf86-video-sis-fix-exa-crash.patch \
gnu/packages/patches/xf86-video-sis-update-api.patch \
gnu/packages/patches/xf86-video-tdfx-remove-mibstore.patch \
gnu/packages/patches/xf86-video-tga-remove-mibstore.patch \
gnu/packages/patches/xf86-video-trident-remove-mibstore.patch \
gnu/packages/patches/xf86-video-vmware-glibc-2.20.patch \
gnu/packages/patches/xfce4-panel-plugins.patch \
gnu/packages/patches/xfce4-session-fix-xflock4.patch \
gnu/packages/patches/xfce4-settings-defaults.patch \

20
gnu/build/linux-modules.scm
View File

@ -96,10 +96,20 @@ contains module names, not actual file names."
name
(dot-ko name)))
(define (normalize-module-name module)
"Return the \"canonical\" name for MODULE, replacing hyphens with
underscores."
;; See 'modname_normalize' in libkmod.
(string-map (lambda (chr)
(case chr
((#\-) #\_)
(else chr)))
module))
(define (file-name->module-name file)
"Return the module name corresponding to FILE, stripping the trailing '.ko',
etc."
(basename file ".ko"))
"Return the module name corresponding to FILE, stripping the trailing '.ko'
and normalizing it."
(normalize-module-name (basename file ".ko")))
(define* (recursive-module-dependencies files
#:key (lookup-module dot-ko))
@ -138,7 +148,9 @@ LOOKUP-MODULE to the module name."
(define (module-black-list)
"Return the black list of modules that must not be loaded. This black list
is specified using 'modprobe.blacklist=MODULE1,MODULE2,...' on the kernel
command line; it is honored by libkmod."
command line; it is honored by libkmod for users that pass
'KMOD_PROBE_APPLY_BLACKLIST', which includes 'modprobe --use-blacklist' and
udev."
(define parameter
"modprobe.blacklist=")

19
gnu/build/vm.scm
View File

@ -1,5 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@ -97,7 +99,7 @@ the #:references-graphs parameter of 'derivation'."
(_ #f))
(unless (zero?
(apply system* qemu "-enable-kvm" "-nographic" "-no-reboot"
(apply system* qemu "-nographic" "-no-reboot"
"-m" (number->string memory-size)
"-net" "nic,model=virtio"
"-virtfs"
@ -111,10 +113,17 @@ the #:references-graphs parameter of 'derivation'."
"-initrd" initrd
"-append" (string-append "console=ttyS0 --load="
builder)
(if make-disk-image?
`("-drive" ,(string-append "file=" image-file
",if=virtio"))
'())))
(append
(if make-disk-image?
`("-drive" ,(string-append "file=" image-file
",if=virtio"))
'())
;; Only enable kvm if we see /dev/kvm exists.
;; This allows users without hardware virtualization to still
;; use these commands.
(if (file-exists? "/dev/kvm")
'("-enable-kvm")
'()))))
(error "qemu failed" qemu))
(if make-disk-image?

69
gnu/packages.scm
View File

@ -2,6 +2,7 @@
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -22,9 +23,6 @@
#:use-module (guix packages)
#:use-module (guix ui)
#:use-module (guix utils)
#:use-module ((guix ftp-client) #:select (ftp-open))
#:use-module (guix gnu-maintenance)
#:use-module (guix upstream)
#:use-module (ice-9 ftw)
#:use-module (ice-9 vlist)
#:use-module (ice-9 match)
@ -46,8 +44,6 @@
find-best-packages-by-name
find-newest-available-packages
check-package-freshness
specification->package
specification->package+output))
@ -280,69 +276,6 @@ return its return value."
(lambda (k signum)
(handler signum))))
(define-syntax-rule (waiting exp fmt rest ...)
"Display the given message while EXP is being evaluated."
(let* ((message (format #f fmt rest ...))
(blank (make-string (string-length message) #\space)))
(display message (current-error-port))
(force-output (current-error-port))
(call-with-sigint-handler
(lambda ()
(dynamic-wind
(const #f)
(lambda () exp)
(lambda ()
;; Clear the line.
(display #\cr (current-error-port))
(display blank (current-error-port))
(display #\cr (current-error-port))
(force-output (current-error-port)))))
(lambda (signum)
(format (current-error-port) " interrupted by signal ~a~%" SIGINT)
#f))))
(define ftp-open*
;; Memoizing version of `ftp-open'. The goal is to avoid initiating a new
;; FTP connection for each package, esp. since most of them are to the same
;; server. This has a noticeable impact when doing "guix upgrade -u".
(memoize ftp-open))
(define (check-package-freshness package)
"Check whether PACKAGE has a newer version available upstream, and report
it."
;; TODO: Automatically inject the upstream version when desired.
(catch #t
(lambda ()
(when (false-if-exception (gnu-package? package))
(let ((name (package-name package))
(full-name (package-full-name package)))
;; XXX: This could work with non-GNU packages as well. However,
;; GNU's FTP-based updater would be too slow if it weren't memoized,
;; and the generic interface in (guix upstream) doesn't support
;; that.
(match (waiting (latest-release name
#:ftp-open ftp-open*
#:ftp-close (const #f))
(_ "looking for the latest release of GNU ~a...") name)
((? upstream-source? source)
(let ((latest-version
(string-append (upstream-source-package source) "-"
(upstream-source-version source))))
(when (version>? latest-version full-name)
(format (current-error-port)
(_ "~a: note: using ~a \
but ~a is available upstream~%")
(location->string (package-location package))
full-name latest-version))))
(_ #t)))))
(lambda (key . args)
;; Silently ignore networking errors rather than preventing
;; installation.
(case key
((getaddrinfo-error ftp-error) #f)
(else (apply throw key args))))))
(define (specification->package spec)
"Return a package matching SPEC. SPEC may be a package name, or a package
name followed by a hyphen and a version number. If the version number is not

7
gnu/packages/abduco.scm
View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@ -25,14 +25,15 @@
(define-public abduco
(package
(name "abduco")
(version "0.4")
(version "0.5")
(source (origin
(method url-fetch)
(uri (string-append
"http://www.brain-dump.org/projects/abduco/abduco-"
version ".tar.gz"))
(sha256
(base32 "1fxwg2s5w183p0rwzsxizy9jdnilv5qqs647l3wl3khny6fp58xx"))))
(base32
"11phry5wnvwm9ckij5gxbrjfgdz3x38vpnm505q5ldc88im248mz"))))
(build-system gnu-build-system)
(arguments
`(#:make-flags (list "CC=gcc"

79
gnu/packages/admin.scm
View File

@ -7,6 +7,8 @@
;;; Copyright © 2015 Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Pjotr Prins <pjotr.guix@thebird.nl>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -35,6 +37,7 @@
#:use-module (guix build-system trivial)
#:use-module (gnu packages)
#:use-module (gnu packages base)
#:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages readline)
#:use-module (gnu packages linux)
@ -48,6 +51,7 @@
#:use-module (gnu packages bison)
#:use-module (gnu packages flex)
#:use-module (gnu packages glib)
#:use-module (gnu packages openldap)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages popt)
#:use-module (gnu packages texinfo)
@ -81,8 +85,8 @@
;; is used by a bunch of services.
(method url-fetch)
(uri (string-append
"http://git.savannah.gnu.org/cgit/dmd.git/patch/"
"?id=d1d0ff30b3ed2b86b0a3c9bc048d2a855f8e31e6"))
"http://git.savannah.gnu.org/cgit/shepherd.git/"
"patch?id=d1d0ff30b3ed2b86b0a3c9bc048d2a855f8e31e6"))
(sha256
(base32
"1lqymypixfiyb72d6bn24m06ry2q1ljnnv0qrc89pbb4z9azaa4d"))
@ -152,14 +156,14 @@ graphs and can export its output to different formats.")
(define-public htop
(package
(name "htop")
(version "1.0.3")
(version "2.0.0")
(source (origin
(method url-fetch)
(uri (string-append "http://hisham.hm/htop/releases/"
version "/htop-" version ".tar.gz"))
(sha256
(base32
"0a8qbpsifzjwc4f45xfwm48jhm59g6q5hlib4bf7z13mgy95fp05"))))
"1d944hn0ldxvxfrz9acr26lpmzlwj91m0s7x2xnivnfnmfha4p6i"))))
(build-system gnu-build-system)
(inputs
`(("ncurses" ,ncurses)))
@ -1426,4 +1430,69 @@ frequently used directories by typing only a small pattern.")
for CPU usage. It listens to network traffic on a named interface and
displays a table of current bandwidth usage by pairs of hosts.")
(home-page "http://www.ex-parrot.com/~pdw/iftop/")
(license license:gpl3)))
(license license:gpl2+)))
(define-public munge
(package
(name "munge")
(version "0.5.11")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/dun/munge/archive/munge-"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"0njplyalwwqh7xr7xc7klc6x06mq0ak8w2pxh85w8n4hxkmqqnf5"))))
(inputs
`(("openssl" ,openssl)
("libgcrypt" ,libgcrypt)))
(build-system gnu-build-system)
(home-page "http://dun.github.io/munge/")
(synopsis "Cluster computing authentication service")
(description
"Munge is an authentication service for creating and validating
credentials. It allows a process to authenticate the UID and GID of another
local or remote process within a group of hosts having common users and
groups. These hosts form a security realm that is defined by a shared
cryptographic key. Clients within this security realm can create and validate
credentials without the use of root privileges, reserved ports, or
platform-specific methods.")
(license license:gpl3+)))
(define-public audit
(package
(name "audit")
(version "2.4.5")
(source (origin
(method url-fetch)
(uri (string-append "http://people.redhat.com/sgrubb/audit/"
"audit-" version ".tar.gz"))
(sha256
(base32
"1q1q51dvxscbi4kbakmd4bn0xrvwwaiwvaya79925cbrqwzxsg77"))))
(build-system gnu-build-system)
(home-page "http://people.redhat.com/sgrubb/audit/")
(arguments
`(#:configure-flags (list "--with-python=no")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'fix-tests
(lambda _
;; In the build environmnte /etc/passwd does not contain an entry
;; for root/0, so we have to patch the expected value.
(substitute* "auparse/test/auparse_test.ref"
(("=0 \\(root\\)") "=0 (unknown(0))"))
#t)))))
(inputs
`(("openldap" ,openldap)
("openssl" ,openssl)
("sasl" ,cyrus-sasl)))
(synopsis "User-space component to the Linux auditing system")
(description
"auditd is the user-space component to the Linux auditing system, which
allows logging of system calls made by user-land processes. It's responsible
for writing audit records to the disk. Viewing the logs is done with the
@code{ausearch} or @code{aureport} utilities. Configuring the audit rules is
done with the @code{auditctl} utility.")
(license license:gpl2+)))

6
gnu/packages/adns.scm
View File

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -59,7 +59,7 @@ scripts.")
(define-public c-ares
(package
(name "c-ares")
(version "1.10.0")
(version "1.11.0")
(source (origin
(method url-fetch)
(uri (string-append
@ -67,7 +67,7 @@ scripts.")
".tar.gz"))
(sha256
(base32
"1nyka87yf2jfd0y6sspll0yxwb8zi7kyvajrdbjmh4axc5s1cw1x"))))
"1z9y1f835dpi1ka2a2vzjygm3djdvr01036ml4l2js6r2xk2wqdk"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))

14
gnu/packages/aidc.scm
View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 John Darringon <jmd@gnu.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -49,14 +50,15 @@ formats.")
(define-public qrencode
(package
(name "qrencode")
(version "3.4.3")
(version "3.4.4")
(source (origin
(method url-fetch)
(uri (string-append
"http://fukuchi.org/works/qrencode/qrencode-" version
".tar.bz2"))
(sha256 (base32
"163sb580p570p27imc6jhkfdw15kzp8vy1jq92nip1rwa63i9myz"))))
"https://fukuchi.org/works/qrencode/qrencode-" version
".tar.gz"))
(sha256
(base32
"0wiagx7i8p9zal53smf5abrnh9lr31mv0p36wg017401jrmf5577"))))
(build-system gnu-build-system)
(inputs `(("libpng" ,libpng)))
(native-inputs `(("pkg-config" ,pkg-config)))
@ -66,4 +68,4 @@ symbol, a kind of 2D symbology that can be scanned by handy terminals such as
a mobile phone with CCD. The capacity of QR Code is up to 7000 digits or 4000
characters, and is highly robust.")
(license license:lgpl2.1+)
(home-page "http://fukuchi.org/works/qrencode")))
(home-page "https://fukuchi.org/works/qrencode")))

4
gnu/packages/algebra.scm
View File

@ -26,6 +26,7 @@
#:use-module (gnu packages perl)
#:use-module (gnu packages readline)
#:use-module (gnu packages flex)
#:use-module (gnu packages texlive)
#:use-module (gnu packages xorg)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
@ -125,12 +126,13 @@ solve the shortest vector problem.")
(base32
"0c8l83a0gjq73r9hndsrzkypwxvnnm4pxkkzbg6jm95m80nzwh11"))))
(build-system gnu-build-system)
(native-inputs `(("texlive" ,texlive-minimal)))
(inputs `(("gmp" ,gmp)
("libx11" ,libx11)
("perl" ,perl)
("readline" ,readline)))
(arguments
'(#:make-flags '("gp")
'(#:make-flags '("all")
;; FIXME: building the documentation requires tex; once this is
;; available, replace "gp" by "all"
#:test-target "dobench"

46
gnu/packages/audio.scm
View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
@ -30,6 +30,7 @@
#:use-module (guix build-system waf)
#:use-module (guix build-system trivial)
#:use-module (guix build-system cmake)
#:use-module (guix build-system python)
#:use-module (gnu packages)
#:use-module (gnu packages algebra)
#:use-module (gnu packages autotools)
@ -158,24 +159,24 @@ streams from live audio.")
(define-public ardour
(package
(name "ardour")
(version "4.4")
(version "4.7")
(source (origin
(method git-fetch)
(uri (git-reference
(url "git://git.ardour.org/ardour/ardour.git")
(commit version)))
(snippet
;; Ardour expects this file to exist at build time. It can be
;; created from a git checkout with:
;; ./waf create_stored_revision
;; Ardour expects this file to exist at build time. The revision
;; is the output of
;; git describe HEAD | sed 's/^[A-Za-z]*+//'
'(call-with-output-file
"libs/ardour/revision.cc"
(lambda (port)
(format port "#include \"ardour/revision.h\"
namespace ARDOUR { const char* revision = \"4.4-210-ga4daf93\" ; }"))))
namespace ARDOUR { const char* revision = \"4.7-219-g0e36f8e\" ; }"))))
(sha256
(base32
"1gnrcnq2ksnh7fsa301v1c4p5dqrbqpjylf02rg3za3ab58wxi7l"))
"149gswphz77m3pkzsn2nqbm6yvcfa3fva560bcvjzlgb73f64q5l"))
(file-name (string-append name "-" version))))
(build-system waf-build-system)
(arguments
@ -946,6 +947,34 @@ essential distortions.")
implementation of the Open Sound Control (OSC) protocol.")
(license license:lgpl2.1+)))
(define-public python-pyliblo
(package
(name "python-pyliblo")
(version "0.10.0")
(source (origin
(method url-fetch)
(uri (string-append "http://das.nasophon.de/download/pyliblo-"
version ".tar.gz"))
(sha256
(base32
"13vry6xhxm7adnbyj28w1kpwrh0kf7nw83cz1yq74wl21faz2rzw"))))
(build-system python-build-system)
(arguments `(#:tests? #f)) ;no tests
(inputs
`(("python-cython" ,python-cython)
("liblo" ,liblo)))
(home-page "http://das.nasophon.de/pyliblo/")
(synopsis "Python bindings for liblo")
(description
"Pyliblo is a Python wrapper for the liblo Open Sound Control (OSC)
library. It supports almost the complete functionality of liblo, allowing you
to send and receive OSC messages using a nice and simple Python API. Also
included are the command line utilities @code{send_osc} and @code{dump_osc}.")
(license license:lgpl2.1+)))
(define-public python2-pyliblo
(package-with-python2 python-pyliblo))
(define-public lilv
(package
(name "lilv")
@ -2032,4 +2061,5 @@ utility. File formats are abstracted from its core, so it can process any file
that contains WAVE data, compressed or not---provided there exists a format
module to handle that particular file type.")
(home-page "http://etree.org/shnutils/shntool/")
(license license:gpl3+)))
;; 'install-sh' bears the x11 license
(license (list license:gpl2+ license:x11))))

59
gnu/packages/augeas.scm Normal file
View File

@ -0,0 +1,59 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages augeas)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages readline)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages xml))
(define-public augeas
(package
(name "augeas")
(version "1.4.0")
(source (origin
(method url-fetch)
(uri (string-append "http://download.augeas.net/augeas-"
version ".tar.gz"))
(sha256
(base32
"0c2vncn0afmgwggnqa5s5z7m3zbcc66bi8v9m1h9w0i9q9xax7v5"))))
(build-system gnu-build-system)
;; Marked as "required" in augeas.pc
(propagated-inputs
`(("libxml2" ,libxml2)))
(inputs
`(("readline" ,readline)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "http://augeas.net/")
(synopsis "Edit configuration files programmatically")
(description
"Augeas is a library and command line tool for programmatically editing
configuration files in a controlled manner. Augeas exposes a tree of all
configuration settings and a simple local API for manipulating the tree.
Augeas then modifies underlying configuration files according to the changes
that have been made to the tree; it does as little modeling of configurations
as possible, and focuses exclusivley on transforming the tree-oriented syntax
of its public API to the myriad syntaxes of individual configuration files.")
(license license:lgpl2.1+)))

9
gnu/packages/base.scm
View File

@ -2,7 +2,7 @@
;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Alex Kost <alezost@gmail.com>
;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
@ -173,7 +173,7 @@ standard utility.")
"16d2r9kpivaak948mxzc0bai45mqfw73m113wrkmbffnalv1b5gx"))
(patches (list (search-patch "patch-hurd-path-max.patch")))))
(build-system gnu-build-system)
(native-inputs `(("ed", ed)))
(native-inputs `(("ed" ,ed)))
(synopsis "Apply differences to originals, with optional backups")
(description
"Patch is a program that applies changes to files based on differences
@ -318,7 +318,7 @@ functionality beyond that which is outlined in the POSIX standard.")
"19gwwhik3wdwn0r42b7xcihkbxvjl9r2bdal8nifc3k5i4rn3iqb"))
(patches (list (search-patch "make-impure-dirs.patch")))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config", pkg-config))) ; to detect Guile
(native-inputs `(("pkg-config" ,pkg-config))) ; to detect Guile
(inputs `(("guile" ,guile-2.0)))
(outputs '("out" "debug"))
(arguments
@ -479,7 +479,8 @@ store.")
'("glibc-ldd-x86_64.patch"
"glibc-locale-incompatibility.patch"
"glibc-versioned-locpath.patch"
"glibc-o-largefile.patch")))))
"glibc-o-largefile.patch"
"glibc-CVE-2015-7547.patch")))))
(build-system gnu-build-system)
;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc

274
gnu/packages/bioinformatics.scm
View File

@ -1,3 +1,4 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015, 2016 Ben Woodcroft <donttrustben@gmail.com>
@ -39,6 +40,8 @@
#:use-module (gnu packages boost)
#:use-module (gnu packages compression)
#:use-module (gnu packages cpio)
#:use-module (gnu packages curl)
#:use-module (gnu packages doxygen)
#:use-module (gnu packages file)
#:use-module (gnu packages gawk)
#:use-module (gnu packages gcc)
@ -1080,6 +1083,52 @@ preparation protocols.")
other types of unwanted sequence from high-throughput sequencing reads.")
(license license:expat)))
(define-public libbigwig
(package
(name "libbigwig")
(version "0.1.4")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/dpryan79/libBigWig/"
"archive/" version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"098rjh35pi4a9q83n8wiwvyzykjqj6l8q189p1xgfw4ghywdlvw1"))))
(build-system gnu-build-system)
(arguments
`(#:test-target "test"
#:make-flags
(list "CC=gcc"
(string-append "prefix=" (assoc-ref %outputs "out")))
#:phases
(modify-phases %standard-phases
(delete 'configure)
(add-before 'check 'disable-curl-test
(lambda _
(substitute* "Makefile"
(("./test/testRemote.*") ""))
#t))
;; This has been fixed with the upstream commit 4ff6959cd8a0, but
;; there has not yet been a release containing this change.
(add-before 'install 'create-target-dirs
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(mkdir-p (string-append out "/lib"))
(mkdir-p (string-append out "/include"))
#t))))))
(inputs
`(("zlib" ,zlib)
("curl" ,curl)))
(native-inputs
`(("doxygen" ,doxygen)))
(home-page "https://github.com/dpryan79/libBigWig")
(synopsis "C library for handling bigWig files")
(description
"This package provides a C library for parsing local and remote BigWig
files.")
(license license:expat)))
(define-public deeptools
(package
(name "deeptools")
@ -1741,7 +1790,7 @@ particular, reads spanning multiple exons.")
(base32
"0djmgc0pfli0jilfx8hql1axhwhqxqb8rxg2r5rg07aw73sfs5nx"))))
(build-system gnu-build-system)
(native-inputs `(("perl", perl)))
(native-inputs `(("perl" ,perl)))
(home-page "http://hmmer.janelia.org")
(synopsis "Biosequence analysis using profile hidden Markov models")
(description
@ -1773,6 +1822,8 @@ HMMs).")
;; Numpy needs to be propagated when htseq is used as a Python library.
(propagated-inputs
`(("python-numpy" ,python2-numpy)))
(inputs
`(("python-pysam" ,python2-pysam)))
(native-inputs
`(("python-setuptools" ,python2-setuptools)))
(home-page "http://www-huber.embl.de/users/anders/HTSeq/")
@ -1964,15 +2015,13 @@ command, or queried for specific k-mers with @code{jellyfish query}.")
(define-public macs
(package
(name "macs")
(version "2.1.0.20140616")
(version "2.1.0.20151222")
(source (origin
(method url-fetch)
(uri (string-append
"https://pypi.python.org/packages/source/M/MACS2/MACS2-"
version ".tar.gz"))
(uri (pypi-uri "MACS2" version))
(sha256
(base32
"11lmiw6avqhwn75sn59g4lfkrr2kk20r3rgfbx9xfqb8rg9mi2n6"))))
"1r2hcz6irhcq7lwbafjks98jbn34hv05avgbdjnp6w6mlfjkf8x5"))))
(build-system python-build-system)
(arguments
`(#:python ,python-2 ; only compatible with Python 2.7
@ -2359,7 +2408,7 @@ generated using the PacBio Iso-Seq protocol.")
(define-public prodigal
(package
(name "prodigal")
(version "2.6.2")
(version "2.6.3")
(source (origin
(method url-fetch)
(uri (string-append
@ -2368,7 +2417,7 @@ generated using the PacBio Iso-Seq protocol.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"0m8sb0fg6lmxrlpzna0am6svbnlmd3dckrhgzxxgb3gxr5fyj284"))))
"17srxkqd3jc77xk15pfbgg1a9xahqg7337w95mrsia7mpza4l2c9"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ;no check target
@ -3311,6 +3360,61 @@ features; exactSNP: a SNP caller that discovers SNPs by testing signals
against local background noises.")
(license license:gpl3+)))
(define-public stringtie
(package
(name "stringtie")
(version "1.2.1")
(source (origin
(method url-fetch)
(uri (string-append "http://ccb.jhu.edu/software/stringtie/dl/"
"stringtie-" version ".tar.gz"))
(sha256
(base32
"1cqllsc1maq4kh92isi8yadgzbmnf042hlnalpk3y59aph1z3bfz"))
(modules '((guix build utils)))
(snippet
'(begin
(delete-file-recursively "samtools-0.1.18")
#t))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ;no test suite
#:phases
(modify-phases %standard-phases
;; no configure script
(delete 'configure)
(add-before 'build 'use-system-samtools
(lambda _
(substitute* "Makefile"
(("stringtie: \\$\\{BAM\\}/libbam\\.a")
"stringtie: "))
(substitute* '("gclib/GBam.h"
"gclib/GBam.cpp")
(("#include \"(bam|sam|kstring).h\"" _ header)
(string-append "#include <samtools/" header ".h>")))
#t))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((bin (string-append (assoc-ref outputs "out") "/bin/")))
(install-file "stringtie" bin)
#t))))))
(inputs
`(("samtools" ,samtools-0.1)
("zlib" ,zlib)))
(home-page "http://ccb.jhu.edu/software/stringtie/")
(synopsis "Transcript assembly and quantification for RNA-Seq data")
(description
"StringTie is a fast and efficient assembler of RNA-Seq sequence
alignments into potential transcripts. It uses a novel network flow algorithm
as well as an optional de novo assembly step to assemble and quantitate
full-length transcripts representing multiple splice variants for each gene
locus. Its input can include not only the alignments of raw reads used by
other transcript assemblers, but also alignments of longer sequences that have
been assembled from those reads. To identify differentially expressed genes
between experiments, StringTie's output can be processed either by the
Cuffdiff or Ballgown programs.")
(license license:artistic2.0)))
(define-public vcftools
(package
(name "vcftools")
@ -3355,7 +3459,7 @@ data in the form of VCF files.")
(define-public vsearch
(package
(name "vsearch")
(version "1.4.1")
(version "1.10.0")
(source
(origin
(method url-fetch)
@ -3365,7 +3469,7 @@ data in the form of VCF files.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"0b1359wbzgb2cm04h7dq05v80vik88hnsv298xxd1q1f2q4ydni7"))
"1i3bad7gnn2y3a1yfixzshd99xdkjc8w5bxzgifpysc6jiljwvb5"))
(modules '((guix build utils)))
(snippet
'(begin
@ -3375,14 +3479,24 @@ data in the form of VCF files.")
-O3 -mtune=native -Wall -Wsign-compare")
(string-append "AM_CXXFLAGS=-lcityhash"
" -O3 -Wall -Wsign-compare"))
(("^__top_builddir__bin_vsearch_SOURCES = cityhash/city.h \\\\")
(("^__top_builddir__bin_vsearch_SOURCES = city.h \\\\")
"__top_builddir__bin_vsearch_SOURCES = \\")
(("^cityhash/config.h \\\\") "\\")
(("^cityhash/city.cc \\\\") "\\"))
(("^city.h \\\\") "\\")
(("^citycrc.h \\\\") "\\")
(("^libcityhash_a.*") "")
(("noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a \
libcityhash.a")
"noinst_LIBRARIES = libcpu_sse2.a libcpu_ssse3.a")
(("__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a \
libcpu_sse2.a libcityhash.a")
"__top_builddir__bin_vsearch_LDADD = libcpu_ssse3.a \
libcpu_sse2.a -lcityhash"))
(substitute* "src/vsearch.h"
(("^\\#include \"cityhash/city.h\"")
"#include <city.h>"))
(delete-file-recursively "src/cityhash")
(("^\\#include \"city.h\"") "#include <city.h>")
(("^\\#include \"citycrc.h\"") "#include <citycrc.h>"))
(delete-file "src/city.h")
(delete-file "src/citycrc.h")
(delete-file "src/city.cc")
#t))))
(build-system gnu-build-system)
(arguments
@ -3725,13 +3839,13 @@ on Bioconductor or which replace R functions.")
(define-public r-annotationdbi
(package
(name "r-annotationdbi")
(version "1.32.2")
(version "1.32.3")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "AnnotationDbi" version))
(sha256
(base32
"08ncdjvq0l44kqyiv32kn9wnbw1xgfb6qjfzfbjpqrcfp1jygz9j"))))
"1v6x62hgys5827yg2xayjrd9xawbayzm6wy0q4vxh1s6yxc9bklj"))))
(properties
`((upstream-name . "AnnotationDbi")))
(build-system r-build-system)
@ -4043,6 +4157,25 @@ extracting the desired features in a convenient format.")
information about the latest version of the Gene Ontologies.")
(license license:artistic2.0)))
(define-public r-graph
(package
(name "r-graph")
(version "1.48.0")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "graph" version))
(sha256
(base32
"16w75rji3kv24gfv44w66y1a2y75ax26rl470y3ypna0ndc3rrcd"))))
(build-system r-build-system)
(propagated-inputs
`(("r-biocgenerics" ,r-biocgenerics)))
(home-page "http://bioconductor.org/packages/graph")
(synopsis "Handle graph data structures in R")
(description
"This package implements some simple graph handling capabilities for R.")
(license license:artistic2.0)))
(define-public r-topgo
(package
(name "r-topgo")
@ -4061,6 +4194,7 @@ information about the latest version of the Gene Ontologies.")
("r-biobase" ,r-biobase)
("r-biocgenerics" ,r-biocgenerics)
("r-go-db" ,r-go-db)
("r-graph" ,r-graph)
("r-sparsem" ,r-sparsem)))
(home-page "http://bioconductor.org/packages/topGO")
(synopsis "Enrichment analysis for gene ontology")
@ -4191,6 +4325,110 @@ genomic feature data as long as it has minimal information on the locations of
genomic intervals. In addition, it can use BAM or BigWig files as input.")
(license license:artistic2.0)))
(define-public r-org-hs-eg-db
(package
(name "r-org-hs-eg-db")
(version "3.2.3")
(source (origin
(method url-fetch)
;; We cannot use bioconductor-uri here because this tarball is
;; located under "data/annotation/" instead of "bioc/".
(uri (string-append "http://www.bioconductor.org/packages/"
"release/data/annotation/src/contrib/"
"org.Hs.eg.db_" version ".tar.gz"))
(sha256
(base32
"0xicgkbh6xkvs74s1piafqac63dyz2ycdyil4pj4ghhxx2sabm6p"))))
(properties
`((upstream-name . "org.Hs.eg.db")))
(build-system r-build-system)
(propagated-inputs
`(("r-annotationdbi" ,r-annotationdbi)))
(home-page "http://www.bioconductor.org/packages/org.Hs.eg.db/")
(synopsis "Genome wide annotation for Human")
(description
"This package provides mappings from Entrez gene identifiers to various
annotations for the human genome.")
(license license:artistic2.0)))
(define-public r-org-ce-eg-db
(package
(name "r-org-ce-eg-db")
(version "3.2.3")
(source (origin
(method url-fetch)
;; We cannot use bioconductor-uri here because this tarball is
;; located under "data/annotation/" instead of "bioc/".
(uri (string-append "http://www.bioconductor.org/packages/"
"release/data/annotation/src/contrib/"
"org.Ce.eg.db_" version ".tar.gz"))
(sha256
(base32
"1d0lx00ybq34yqs6mziaa0lrh77xm0ggsmi76g6k95f77gi7m1sw"))))
(properties
`((upstream-name . "org.Ce.eg.db")))
(build-system r-build-system)
(propagated-inputs
`(("r-annotationdbi" ,r-annotationdbi)))
(home-page "http://www.bioconductor.org/packages/org.Ce.eg.db/")
(synopsis "Genome wide annotation for Worm")
(description
"This package provides mappings from Entrez gene identifiers to various
annotations for the genome of the model worm Caenorhabditis elegans.")
(license license:artistic2.0)))
(define-public r-org-dm-eg-db
(package
(name "r-org-dm-eg-db")
(version "3.2.3")
(source (origin
(method url-fetch)
;; We cannot use bioconductor-uri here because this tarball is
;; located under "data/annotation/" instead of "bioc/".
(uri (string-append "http://www.bioconductor.org/packages/"
"release/data/annotation/src/contrib/"
"org.Dm.eg.db_" version ".tar.gz"))
(sha256
(base32
"0mib46c7nr00l7mh290n383za9hyl91a1dc6jhjbk884jmxaxyz6"))))
(properties
`((upstream-name . "org.Dm.eg.db")))
(build-system r-build-system)
(propagated-inputs
`(("r-annotationdbi" ,r-annotationdbi)))
(home-page "http://www.bioconductor.org/packages/org.Dm.eg.db/")
(synopsis "Genome wide annotation for Fly")
(description
"This package provides mappings from Entrez gene identifiers to various
annotations for the genome of the model fruit fly Drosophila melanogaster.")
(license license:artistic2.0)))
(define-public r-org-mm-eg-db
(package
(name "r-org-mm-eg-db")
(version "3.2.3")
(source (origin
(method url-fetch)
;; We cannot use bioconductor-uri here because this tarball is
;; located under "data/annotation/" instead of "bioc/".
(uri (string-append "http://www.bioconductor.org/packages/"
"release/data/annotation/src/contrib/"
"org.Mm.eg.db_" version ".tar.gz"))
(sha256
(base32
"0wh1pm3npdg7070875kfgiid3bqkz3q7rq6snhk6bxfvph00298y"))))
(properties
`((upstream-name . "org.Mm.eg.db")))
(build-system r-build-system)
(propagated-inputs
`(("r-annotationdbi" ,r-annotationdbi)))
(home-page "http://www.bioconductor.org/packages/org.Mm.eg.db/")
(synopsis "Genome wide annotation for Mouse")
(description
"This package provides mappings from Entrez gene identifiers to various
annotations for the genome of the model mouse Mus musculus.")
(license license:artistic2.0)))
(define-public r-qtl
(package
(name "r-qtl")

6
gnu/packages/bittorrent.scm
View File

@ -202,7 +202,7 @@ interface, for the Transmission BitTorrent daemon.")
(define-public aria2
(package
(name "aria2")
(version "1.19.3")
(version "1.20.0")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/tatsuhiro-t/aria2/"
@ -210,7 +210,7 @@ interface, for the Transmission BitTorrent daemon.")
name "-" version ".tar.xz"))
(sha256
(base32
"1qwr4al6wlh5f558r0mr1hvdnf7d8ss6qwqn2361k99phk1cdg3a"))))
"1l4gzz3yr0cl6a9xdy7843c5sb7afyq0i80wi2hasfpfdx5k95mz"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--enable-libaria2")
@ -225,7 +225,7 @@ interface, for the Transmission BitTorrent daemon.")
(("CPPUNIT_TEST_SUITE_REGISTRATION\\(LpdMessageReceiverTest\\);" text)
(string-append "// " text))))))))
(native-inputs
`(("pkg-config", pkg-config)))
`(("pkg-config" ,pkg-config)))
(inputs
`(("c-ares" ,c-ares)
("cppunit" ,cppunit) ; for the tests

2
gnu/packages/compression.scm
View File

@ -244,7 +244,7 @@ decompression.")
"1vk6065dv3a47p86vmp8hv3n1ygd9hraz0gq89gvzlx7lmcb6fsp"))))
(build-system gnu-build-system)
(inputs
`(("bzip2", bzip2)))
`(("bzip2" ,bzip2)))
(arguments
`(#:tests? #f ; no tests
#:phases (modify-phases %standard-phases

3
gnu/packages/cpio.scm
View File

@ -35,7 +35,8 @@
version ".tar.bz2"))
(sha256
(base32
"0vi9q475h1rki53100zml75vxsykzyhrn70hidy41s5c2rc8r6bh"))))
"0vi9q475h1rki53100zml75vxsykzyhrn70hidy41s5c2rc8r6bh"))
(patches (list (search-patch "cpio-CVE-2016-2037.patch")))))
(build-system gnu-build-system)
(home-page "https://www.gnu.org/software/cpio/")
(synopsis "Manage cpio and tar file archives")

11
gnu/packages/curl.scm
View File

@ -54,7 +54,16 @@
(inputs `(("gnutls" ,gnutls)
("gss" ,gss)
("libidn" ,libidn)
("libssh2" ,libssh2)
;; XXX libssh2-1.4 is a temporary package for use only by curl,
;; to allow most users of libssh2 to get the security update for
;; CVE-2016-7087 while postponing the large number of rebuilds
;; entailed by updating curl. Soon, curl should be updated to
;; use the latest libssh2 and libssh2-1.4 should be removed.
;; XXX libssh2-1.4 is vulnerable to CVE-2016-0787.
("libssh2" ,libssh2-1.4)
("openldap" ,openldap)
("zlib" ,zlib)))
(native-inputs

34
gnu/packages/databases.scm
View File

@ -8,6 +8,7 @@
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Nils Gillmann <niasterisk@grrlz.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -273,14 +274,14 @@ as a drop-in replacement of MySQL.")
(define-public postgresql
(package
(name "postgresql")
(version "9.3.8")
(version "9.3.11")
(source (origin
(method url-fetch)
(uri (string-append "http://ftp.postgresql.org/pub/source/v"
version "/postgresql-" version ".tar.bz2"))
(sha256
(base32
"1ymd98szvx12gyjdb9gr2hlkrb5bjx7mcshqq3xzdifzapkkqp5w"))))
"08ba951nfiy516flaw352shj1zslxg4ryx3w5k0adls1r682l8ix"))))
(build-system gnu-build-system)
(inputs
`(("readline" ,readline)
@ -320,7 +321,7 @@ pictures, sounds, or video.")
(native-inputs `(("emacs" ,emacs-no-x)
("bc" ,bc)
("bash:include" ,bash "include")
("libuuid", util-linux)))
("libuuid" ,util-linux)))
;; TODO: Add more optional inputs.
(inputs `(("curl" ,curl)
@ -822,3 +823,30 @@ supports many data structures including strings, hashes, lists, sets, sorted
sets, bitmaps and hyperloglogs.")
(home-page "http://redis.io/")
(license bsd-3)))
(define-public kyotocabinet
(package
(name "kyotocabinet")
(version "1.2.76")
(source (origin
(method url-fetch)
(uri (string-append "http://fallabs.com/kyotocabinet/pkg/"
name "-" version ".tar.gz"))
(sha256
(base32
"0g6js20x7vnpq4p8ghbw3mh9wpqksya9vwhzdx6dnlf354zjsal1"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list
(string-append "LDFLAGS=-Wl,-rpath="
(assoc-ref %outputs "out") "/lib"))))
(inputs `(("zlib" ,zlib)))
(home-page "http://fallabs.com/kyotocabinet/")
(synopsis
"Kyoto Cabinet is a modern implementation of the DBM database")
(description
"Kyoto Cabinet is a standalone file-based database that supports Hash
and B+ Tree data storage models. It is a fast key-value lightweight
database and supports many programming languages. It is a NoSQL database.")
(license gpl3+)))

4
gnu/packages/dav.scm
View File

@ -52,13 +52,13 @@ clients.")
(define-public vdirsyncer
(package
(name "vdirsyncer")
(version "0.8.1")
(version "0.9.0")
(source (origin
(method url-fetch)
(uri (pypi-uri "vdirsyncer" version))
(sha256
(base32
"1abflqw6x30xd2dlj58cr5n62x98kc0ia9f9vr8l64k2z1fjlq78"))))
"0s9awjr9v60rr80xcpwmdhkf4v1yqnydahjmxwvxmh64565is465"))))
(build-system python-build-system)
(arguments
`(#:phases (modify-phases %standard-phases

5
gnu/packages/dictionaries.scm
View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -28,14 +29,14 @@
(define-public vera
(package
(name "vera")
(version "1.22")
(version "1.23")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/vera/vera-" version
".tar.gz"))
(sha256
(base32
"1anx6ikwlkg7bn3c5a8xxrp33bvhfgxmncvnqbn2fp1hnbhqh5i7"))))
"1az0v563jja8xb4896jyr8yv7jd9zacqyfkjd7psb73v7clg1mzz"))))
(build-system trivial-build-system)
(arguments
`(#:builder (begin

1
gnu/packages/docker.scm
View File

@ -90,7 +90,6 @@ client.")
`(("python-docker-py" ,python-docker-py)
("python-dockerpty" ,python-dockerpty)
("python-docopt" ,python-docopt)
("python-enum34" ,python-enum34)
("python-jsonschema" ,python-jsonschema)
("python-pyyaml" ,python-pyyaml)
("python-requests" ,python-requests-2.7)

7
gnu/packages/dvtm.scm
View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@ -26,13 +26,14 @@
(define-public dvtm
(package
(name "dvtm")
(version "0.14")
(version "0.15")
(source (origin
(method url-fetch)
(uri (string-append "http://www.brain-dump.org/projects/dvtm/dvtm-"
version ".tar.gz"))
(sha256
(base32 "0ykl8dz7ivjgdzhmhlgidnp2ffh5gxq9lbg276w7iid4z10v76wa"))))
(base32
"0475w514b7i3gxk6khy8pfj2gx9l7lv2pwacmq92zn1abv01a84g"))))
(build-system gnu-build-system)
(arguments
`(#:make-flags (list "CC=gcc"

4
gnu/packages/ebook.scm
View File

@ -60,7 +60,7 @@
(define-public calibre
(package
(name "calibre")
(version "2.49.0")
(version "2.51.0")
(source
(origin
(method url-fetch)
@ -69,7 +69,7 @@
version ".tar.xz"))
(sha256
(base32
"0jc476pg07c0nwccprhwgjdlvvb2fdzza9xrjqzc0c42c5v7qzxa"))
"1rhpcxic4g2zyr5s3xn8dayyb45l9r8zyniaig8j7pl5kmsfjijn"))
;; Remove non-free or doubtful code, see
;; https://lists.gnu.org/archive/html/guix-devel/2015-02/msg00478.html
(modules '((guix build utils)))

120
gnu/packages/emacs.scm
View File

@ -4,7 +4,8 @@
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2015, 2016 Alex Kost <alezost@gmail.com>
;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Nils Gillmann <niasterisk@grrlz.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -349,10 +350,35 @@ when typing parentheses directly or commenting out code line by line.")
configuration files, such as .gitattributes, .gitignore, and .git/config.")
(license license:gpl3+)))
(define-public emacs-with-editor
(package
(name "emacs-with-editor")
(version "2.5.0")
(source (origin
(method url-fetch)
(uri (string-append
"https://github.com/magit/with-editor/archive/v"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"19gb381z61l2icg5v5pymgi1a11g3zdp5aysl2j5fh7fxxg4d4c0"))))
(build-system emacs-build-system)
(propagated-inputs
`(("emacs-dash" ,emacs-dash)))
(home-page "https://github.com/magit/with-editor")
(synopsis "Emacs library for using Emacsclient as EDITOR")
(description
"This package provides an Emacs library to use the Emacsclient as
@code{$EDITOR} of child processes, making sure they know how to call home.
For remote processes a substitute is provided, which communicates with Emacs
on stdout instead of using a socket as the Emacsclient does.")
(license license:gpl3+)))
(define-public magit
(package
(name "magit")
(version "2.4.0")
(version "2.5.0")
(source (origin
(method url-fetch)
(uri (string-append
@ -360,12 +386,14 @@ configuration files, such as .gitattributes, .gitignore, and .git/config.")
version "/" name "-" version ".tar.gz"))
(sha256
(base32
"1wbam4l36061mj79qlgzrv4xbzhk2dk6gnv45610zwfnf24ikdsp"))))
"0i6qpx5szzc4kyfcdhaic8gif0sqdqcya1niyj93lpvw66jcxsxa"))))
(build-system gnu-build-system)
(native-inputs `(("texinfo" ,texinfo)
("emacs" ,emacs-no-x)))
(inputs `(("git" ,git)))
(propagated-inputs `(("dash" ,emacs-dash)))
(propagated-inputs
`(("dash" ,emacs-dash)
("with-editor" ,emacs-with-editor)))
(arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
@ -383,7 +411,11 @@ configuration files, such as .gitattributes, .gitignore, and .git/config.")
(string-append "DASH_DIR="
(assoc-ref %build-inputs "dash")
"/share/emacs/site-lisp/guix.d/dash-"
,(package-version emacs-dash)))
,(package-version emacs-dash))
(string-append "WITH_EDITOR_DIR="
(assoc-ref %build-inputs "with-editor")
"/share/emacs/site-lisp/guix.d/with-editor-"
,(package-version emacs-with-editor)))
#:phases
(modify-phases %standard-phases
@ -890,6 +922,27 @@ like. It can be linked with various Emacs mail clients (Message and Mail
mode, Rmail, Gnus, MH-E, and VM). BBDB is fully customizable.")
(license license:gpl3+)))
(define-public emacs-async
(package
(name "emacs-async")
(version "1.6")
(source (origin
(method url-fetch)
(uri (string-append "http://elpa.gnu.org/packages/async-"
version ".tar"))
(sha256
(base32
"17psvz75n42x33my967wkgi7r0blx46n3jdv510j0z5jswv66039"))))
(build-system emacs-build-system)
(home-page "http://elpa.gnu.org/packages/async.html")
(synopsis "Asynchronous processing in Emacs")
(description
"This package provides the ability to call asynchronous functions and
processes. For example, it can be used to run dired commands (for copying,
moving, etc.) asynchronously using @code{dired-async-mode}. Also it is used
as a library for other Emacs packages.")
(license license:gpl3+)))
(define-public emacs-auctex
(package
(name "emacs-auctex")
@ -1136,15 +1189,17 @@ source code using IPython.")
(define-public emacs-debbugs
(package
(name "emacs-debbugs")
(version "0.7")
(version "0.9")
(source (origin
(method url-fetch)
(uri (string-append "http://elpa.gnu.org/packages/debbugs-"
version ".tar"))
(sha256
(base32
"0pbglx3paa8icazgxlg4jf40wl8war63y9j2jmbb7gbd1xp95v72"))))
"1wc6kw7hihqqdx8qyl01akygycnan44x400hwrcf54m3hb4isa0k"))))
(build-system emacs-build-system)
(propagated-inputs
`(("emacs-async" ,emacs-async)))
(home-page "http://elpa.gnu.org/packages/debbugs.html")
(synopsis "Access the Debbugs bug tracker in Emacs")
(description
@ -1398,3 +1453,54 @@ supports editing Lisp source files, @{slime-mode} adds support for
interacting with a running Common Lisp process for compilation,
debugging, documentation lookup, and so on.")
(license license:gpl2+)))
(define-public emacs-popup
(package
(name "emacs-popup")
(version "0.5.3")
(source (origin
(method url-fetch)
(uri (string-append
"https://github.com/auto-complete/popup-el/archive/v"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1yrgfj8y69xmcb6kwgplhq68ndm9410qwh7sd2knnd1gchpphdc0"))))
(build-system emacs-build-system)
(native-inputs
`(("emacs" ,emacs-no-x)))
(home-page "https://github.com/auto-complete/popup-el")
(synopsis "Visual Popup User Interface for Emacs")
(description
"Popup.el is a visual popup user interface library for Emacs.
This provides a basic API and common UI widgets such as popup tooltips
and popup menus.")
(license license:gpl3+)))
(define-public emacs-god-mode
(let ((commit "6cf0807b6555eb6fcf8387a4e3b667071ef38964")
(revision "1"))
(package
(name "emacs-god-mode")
(version (string-append "20151005.925."
revision "-" (string-take commit 9)))
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/chrisdone/god-mode.git")
(commit commit)))
(file-name (string-append name "-" version "-checkout"))
(sha256
(base32
"1am415k4xxcva6y3vbvyvknzc6bma49pq3p85zmpjsdmsp18qdix"))))
(build-system emacs-build-system)
(home-page "https://github.com/chrisdone/god-mode")
(synopsis "Minor mode for entering commands without modifier keys")
(description
"This package provides a global minor mode for entering Emacs commands
without modifier keys. It's similar to Vim's separation of commands and
insertion mode. When enabled all keys are implicitly prefixed with
@samp{C-} (among other helpful shortcuts).")
(license license:gpl3+))))

68
gnu/packages/engineering.scm
View File

@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -55,47 +56,43 @@
(define-public librecad
(package
(name "librecad")
(version "2.0.6-rc")
(version "2.0.9")
(source (origin
(method url-fetch)
(uri (string-append
"https://github.com/LibreCAD/LibreCAD/archive/"
version ".tar.gz"))
(file-name (string-append name "-" version))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1n1mh8asj6yrl5hi438dvizmrbqk1kni5xkizhi3pdmkg7z3hksm"))))
"0xyn4ps9ia94h0vg53rsww8xfd1bgp4200phl8ihyhv7w5v4d8d0"))))
(build-system gnu-build-system)
(arguments
'(#:phases
(alist-cons-after
'unpack
'patch-paths
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(substitute* "librecad/src/lib/engine/rs_system.cpp"
(("/usr/share") (string-append out "/share")))))
(alist-replace
'configure
(modify-phases %standard-phases
(add-after 'unpack 'patch-paths
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(substitute* "librecad/src/lib/engine/rs_system.cpp"
(("/usr/share") (string-append out "/share"))))))
(replace 'configure
(lambda* (#:key inputs #:allow-other-keys)
(system* "qmake" (string-append "BOOST_DIR="
(assoc-ref inputs "boost"))))
(alist-replace
'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(mkdir-p (string-append out "/bin"))
(mkdir-p (string-append out "/share/librecad"))
(copy-file "unix/librecad"
(string-append out "/bin/librecad"))
(copy-recursively "unix/resources"
(string-append out "/share/librecad"))))
%standard-phases)))))
(assoc-ref inputs "boost")))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(mkdir-p (string-append out "/bin"))
(mkdir-p (string-append out "/share/librecad"))
(copy-file "unix/librecad"
(string-append out "/bin/librecad"))
(copy-recursively "unix/resources"
(string-append out "/share/librecad"))))))))
(inputs
`(("boost" ,boost)
("muparser" ,muparser)
("freetype" ,freetype)
("qt" ,qt-4)))
("qt" ,qt)))
(native-inputs
`(("pkg-config" ,pkg-config)
("which" ,which)))
@ -206,31 +203,12 @@ and design rule checking. It also includes an autorouter and a trace
optimizer; and it can produce photorealistic and design review images.")
(license license:gpl2+)))
(define* (broken-tarball-fetch url hash-algo hash
#:optional name
#:key (system (%current-system))
(guile (default-guile)))
(mlet %store-monad ((drv (url-fetch url hash-algo hash
(string-append "tarbomb-" name)
#:system system
#:guile guile)))
;; Take the tar bomb, and simply unpack it as a directory.
(gexp->derivation name
#~(begin
(mkdir #$output)
(setenv "PATH"
(string-append #$gzip "/bin"))
(chdir #$output)
(zero? (system* (string-append #$tar "/bin/tar")
"xf" #$drv))))))
(define-public fastcap
(package
(name "fastcap")
(version "2.0-18Sep92")
(source (origin
(method broken-tarball-fetch)
(method url-fetch/tarbomb)
(file-name (string-append name "-" version ".tar.gz"))
(uri (string-append "http://www.rle.mit.edu/cpg/codes/"
name "-" version ".tgz"))

5
gnu/packages/feh.scm
View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -29,7 +30,7 @@
(define-public feh
(package
(name "feh")
(version "2.14")
(version "2.14.1")
(home-page "https://feh.finalrewind.org/")
(source (origin
(method url-fetch)
@ -37,7 +38,7 @@
name "-" version ".tar.bz2"))
(sha256
(base32
"0j5wxpqccnd0hl74z2vwv25n7qnik1n2mcm2jn0c0z7cjn4wsa9q"))))
"1hlzgr0masgbm1vdn085vz81s9kpnah8kjkb1w1xfsxr1b99x8f0"))))
(build-system gnu-build-system)
(arguments
'(#:phases (alist-delete 'configure %standard-phases)

7
gnu/packages/finance.scm
View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -35,7 +36,7 @@
(define-public bitcoin-core
(package
(name "bitcoin-core")
(version "0.11.0")
(version "0.11.2")
(source (origin
(method url-fetch)
(uri
@ -44,11 +45,11 @@
version ".tar.gz"))
(sha256
(base32
"17yh6lq13xzzi5v2i48qaxiqm40x3hrj4gwyamkib9yzmmb1gfji"))))
"1lwh0vhw1gf3h6zrhynvad9y9qbpmhc8cw1zvj11yzsz5rjbvlm4"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
("python" ,python-wrapper) ; for the tests
("python" ,python-2) ; for the tests
("util-linux" ,util-linux))) ; provides the hexdump command for tests
(inputs
`(("bdb" ,bdb)

9
gnu/packages/fonts.scm
View File

@ -6,6 +6,7 @@
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Nils Gillmann <niasterisk@grrlz.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -354,7 +355,7 @@ The Liberation Fonts are sponsored by Red Hat.")
(define-public font-terminus
(package
(name "font-terminus")
(version "4.39")
(version "4.40")
(source
(origin
(method url-fetch)
@ -365,14 +366,14 @@ The Liberation Fonts are sponsored by Red Hat.")
version
".tar.gz"))
(sha256
(base32
"1gzmn7zakvy6yrvmswyjfklnsvqrjm0imhq8rjws8rdkhqwkh21i"))))
(base32
"0487cyx5h1f0crbny5sg73a22gmym5vk1i7646gy7hgiscj2rxb4"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
("perl" ,perl)
("bdftopcf" ,bdftopcf)
("font-util", font-util)
("font-util" ,font-util)
("mkfontdir" ,mkfontdir)))
(arguments
`(#:configure-flags (list

37
gnu/packages/fontutils.scm
View File

@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -75,7 +76,7 @@ anti-aliased glyph bitmap generation with 256 gray levels.")
(source (origin
(method url-fetch)
(uri (string-append
"http://www.freedesktop.org/software/fontconfig/release/fontconfig-"
"https://www.freedesktop.org/software/fontconfig/release/fontconfig-"
version ".tar.bz2"))
(sha256 (base32
"1psrl4b4gi4wmbvwwh43lk491wsl8lgvqj146prlcha3vwjc0qyp"))))
@ -203,16 +204,16 @@ applications should be.")
(define-public graphite2
(package
(name "graphite2")
(version "1.3.3")
(version "1.3.5")
(source
(origin
(method url-fetch)
(uri (string-append
"mirror://sourceforge/silgraphite/graphite2/graphite2-"
version ".tgz"))
(uri (string-append "https://github.com/silnrsi/graphite/archive/"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1n22vvi4jl83m4sqhvd7v31bhyhyd8j6c3yjgh4zjfyrvid16jrg"))))
"0jrjb56zim57xg2pckfdyrw46c624mqz9zywgwza0g1bxg26940w"))))
(build-system cmake-build-system)
(native-inputs
`(("python" ,python-2) ; because of "import imap" in tests
@ -226,7 +227,7 @@ engine. Graphite is a smart font technology designed to facilitate the
process known as shaping. This process takes an input Unicode text string
and returns a sequence of positioned glyphids from the font.")
(license license:lgpl2.1+)
(home-page "http://projects.palaso.org/projects/graphitedev")))
(home-page "https://github.com/silnrsi/graphite")))
(define-public potrace
(package
@ -258,6 +259,28 @@ resolution.")
(license license:gpl2+)
(home-page "http://potrace.sourceforge.net/")))
(define-public libotf
(package
(name "libotf")
(version "0.9.13")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://savannah/releases/m17n/libotf-"
version ".tar.gz"))
(sha256
(base32 "0239zvfan56w7vrppriwy77fzb10ag9llaz15nsraps2a2x6di3v"))))
(build-system gnu-build-system)
(propagated-inputs
`(("freetype" ,freetype)))
(home-page "http://www.nongnu.org/m17n/")
(synopsis "Library for handling OpenType Font")
(description "This library can read Open Type Layout Tables from an OTF
file. Currently these tables are supported; head, name, cmap, GDEF, GSUB, and
GPOS. It can convert a Unicode character sequence to a glyph code sequence by
using the above tables.")
(license license:lgpl2.0+)))
(define-public libspiro
(package
(name "libspiro")

31
gnu/packages/freedesktop.scm
View File

@ -61,12 +61,15 @@
(origin
(method url-fetch)
(uri (string-append
"http://portland.freedesktop.org/download/xdg-utils-"
"https://portland.freedesktop.org/download/xdg-utils-"
version ".tgz"))
(sha256
(base32
"1b019d3r1379b60p33d6z44kx589xjgga62ijz9vha95dg8vgbi1"))))
(build-system gnu-build-system)
(propagated-inputs
`(("xprop" ,xprop) ; for Xfce detecting
("xset" ,xset))) ; for xdg-screensaver
(arguments
`(#:tests? #f)) ; no check target
(home-page "http://portland.freedesktop.org/")
@ -79,14 +82,14 @@ freedesktop.org project.")
(define-public libinput
(package
(name "libinput")
(version "0.21.0")
(version "1.1.902")
(source (origin
(method url-fetch)
(uri (string-append "http://freedesktop.org/software/libinput/"
(uri (string-append "https://freedesktop.org/software/libinput/"
name "-" version ".tar.xz"))
(sha256
(base32
"0l7mhdr50g11hxg2pz8ihsgzbm0810syj05d3555rzhda6g7mkkw"))))
"19wa5yizc3nfq3gibyqb3ygdvcs7v7bz1m5ifv0f4va3igxc3nk3"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@ -94,7 +97,8 @@ freedesktop.org project.")
`(("libudev" ,eudev))) ; required by libinput.pc
(inputs
`(("libevdev" ,libevdev)
("mtdev" ,mtdev)))
("mtdev" ,mtdev)
("libwacom" ,libwacom)))
(home-page "http://www.freedesktop.org/wiki/Software/libinput/")
(synopsis "Input devices handling library")
(description
@ -174,7 +178,7 @@ the freedesktop.org XDG Base Directory specification.")
("xsltproc" ,libxslt)
("m4" ,m4)
("libxml2" ,libxml2) ;for XML_CATALOG_FILES
("pkg-config", pkg-config)
("pkg-config" ,pkg-config)
("gperf" ,gperf)))
(inputs
`(("linux-pam" ,linux-pam)
@ -246,7 +250,7 @@ Python.")
(version "1.9.0")
(source (origin
(method url-fetch)
(uri (string-append "http://wayland.freedesktop.org/releases/"
(uri (string-append "https://wayland.freedesktop.org/releases/"
name "-" version ".tar.xz"))
(sha256
(base32
@ -281,7 +285,7 @@ applications, X servers (rootless or fullscreen) or other display servers.")
(source (origin
(method url-fetch)
(uri (string-append
"http://libopenraw.freedesktop.org/download/"
"https://libopenraw.freedesktop.org/download/"
name "-" version ".tar.bz2"))
(sha256
(base32
@ -330,7 +334,7 @@ Analysis and Reporting Technology) functionality.")
(version "2.1.6")
(source (origin
(method url-fetch)
(uri (string-append "http://udisks.freedesktop.org/releases/"
(uri (string-append "https://udisks.freedesktop.org/releases/"
name "-" version ".tar.bz2"))
(sha256
(base32
@ -500,7 +504,7 @@ which speak the Qualcomm MSM Interface (QMI) protocol.")
(source (origin
(method url-fetch)
(uri (string-append
"http://www.freedesktop.org/software/ModemManager/"
"https://www.freedesktop.org/software/ModemManager/"
"ModemManager-" version ".tar.xz"))
(sha256
(base32
@ -540,14 +544,15 @@ modems and setup connections with them.")
(version "0.8.2")
(source (origin
(method url-fetch)
(uri (string-append "http://telepathy.freedesktop.org/releases/"
(uri (string-append "https://telepathy.freedesktop.org/releases/"
name "/" name "-" version ".tar.bz2"))
(sha256
(base32
"1bjx85k7jyfi5pvl765fzc7q2iz9va51anrc2djv7caksqsdbjlg"))))
(build-system gnu-build-system)
(arguments
'(#:phases
'(#:parallel-tests? #f
#:phases
(modify-phases %standard-phases
(add-before 'check 'pre-check
(lambda _
@ -579,7 +584,7 @@ different sorts of messages in different formats.")
(version "0.1.26")
(source (origin
(method url-fetch)
(uri (string-append "http://www.freedesktop.org/software/colord"
(uri (string-append "https://www.freedesktop.org/software/colord"
"/releases/" name "-" version ".tar.xz"))
(sha256
(base32

5
gnu/packages/fribidi.scm
View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Marek Benc <merkur32@gmail.com>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -25,7 +26,7 @@
(define-public fribidi
(package
(name "fribidi")
(version "0.19.6")
(version "0.19.7")
(source
(origin
(method url-fetch)
@ -33,7 +34,7 @@
(string-append "http://fribidi.org/download/" name "-" version
".tar.bz2"))
(sha256
(base32 "0zg1hpaml34ny74fif97j7ngrshlkl3wk3nja3gmlzl17i1bga6b"))))
(base32 "13jsb5qadlhsaxkbrb49nqslmbh904vvzhsm5mm2ghmv29i2l8h8"))))
(build-system gnu-build-system)
(synopsis "Implementation of the Unicode bidirectional algorithm")

32
gnu/packages/games.scm
View File

@ -14,6 +14,7 @@
;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
;;; Copyright © 2016 Rodger Fox <thylakoid@openmailbox.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -44,6 +45,7 @@
#:use-module (gnu packages base)
#:use-module (gnu packages admin)
#:use-module (gnu packages audio)
#:use-module (gnu packages avahi)
#:use-module (gnu packages boost)
#:use-module (gnu packages fribidi)
#:use-module (gnu packages game-development)
@ -845,7 +847,7 @@ either by Infocom or created using the Inform compiler.")
(define-public retroarch
(package
(name "retroarch")
(version "1.2.2")
(version "1.3.1")
(source
(origin
(method url-fetch)
@ -853,7 +855,7 @@ either by Infocom or created using the Inform compiler.")
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32 "1bxr8yhk3ad4df544qljsfjfhxa8zy1grq7rn1s02yfvdmgzf4qi"))))
(base32 "1wydzvligyby05x8c4lpg6xcnw9qkmvkskyhzc28xq10vm3q57fv"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f ; no tests
@ -995,7 +997,7 @@ This game is based on the GPL version of the famous game TuxRacer.")
(lambda _ (setenv "LIBS" "-lm"))))))
(inputs
`(("glu" ,glu)
("mesa", mesa)
("mesa" ,mesa)
("sdl" ,sdl)
("sdl-image" ,sdl-image)
("sdl-mixer" ,sdl-mixer)))
@ -1891,3 +1893,27 @@ and a game metadata scraper.")
(description "The Emilia Pinball Project is a pinball simulator. There
are only two levels to play with, but they are very addictive.")
(license license:gpl2)))
(define-public pioneers
(package
(name "pioneers")
(version "15.3")
(source (origin
(method url-fetch)
(uri (string-append "http://downloads.sourceforge.net/pio/"
"pioneers-" version ".tar.gz"))
(sha256
(base32
"128s718nnraiznbg2rajjqb7cfkdg24hy6spdd9narb4f4dsbbv9"))))
(build-system gnu-build-system)
(inputs `(("gtk+" ,gtk+)
("librsvg" ,librsvg)
("avahi" ,avahi)))
(native-inputs `(("intltool" ,intltool)
("pkg-config" ,pkg-config)))
(synopsis "Board game inspired by The Settlers of Catan")
(description "Pioneers is an emulation of the board game The Settlers of
Catan. It can be played on a local network, on the internet, and with AI
players.")
(home-page "http://pio.sourceforge.net/")
(license license:gpl2+)))

4
gnu/packages/gcc.scm
View File

@ -470,8 +470,8 @@ as the 'native-search-paths' field."
(custom-gcc gcc-5 "gfortran" '("fortran")
%generic-search-paths))
(define-public gccgo-4.8
(custom-gcc gcc-4.8 "gccgo" '("go")
(define-public gccgo-4.9
(custom-gcc gcc-4.9 "gccgo" '("go")
%generic-search-paths
;; Suppress the separate "lib" output, because otherwise the
;; "lib" and "out" outputs would refer to each other, creating

6
gnu/packages/gdb.scm
View File

@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -37,14 +37,14 @@
(define-public gdb
(package
(name "gdb")
(version "7.10.1")
(version "7.11")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gdb/gdb-"
version ".tar.xz"))
(sha256
(base32
"1mfnjcwnwm5cg4rc9pncs9v356a0bz6ymjyac56mbj6784yjzir5"))))
"1hg5kwwdvi9b9nxzxfjnx8fx3gip75fqyvkp82xpf3b3rcb42hvs"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; FIXME "make check" fails on single-processor systems.

2
gnu/packages/ghostscript.scm
View File

@ -282,7 +282,7 @@ Ghostscript. It currently includes the 35 standard PostScript fonts.")
(version "0.2.7")
(source (origin
(method url-fetch)
(uri (string-append "http://libspectre.freedesktop.org/releases/libspectre-"
(uri (string-append "https://libspectre.freedesktop.org/releases/libspectre-"
version ".tar.gz"))
(sha256 (base32
"1v63lqc6bhhxwkpa43qmz8phqs8ci4dhzizyy16d3vkb20m846z8"))))

4
gnu/packages/gl.scm
View File

@ -192,7 +192,7 @@ also known as DXTn or DXTC) for Mesa.")
(define-public mesa
(package
(name "mesa")
(version "11.0.3")
(version "11.0.9")
(source
(origin
(method url-fetch)
@ -200,7 +200,7 @@ also known as DXTn or DXTC) for Mesa.")
version "/mesa-" version ".tar.xz"))
(sha256
(base32
"1mikw0biw0wxq0fn3cp18bm6kjrkd66fy84774yc5b91rvp94adb"))))
"009b3nq8ly5nzy9cxi9cxf4qasrhggjz0v0q87rwq5kaqvqjy9m1"))))
(build-system gnu-build-system)
(propagated-inputs
`(("glproto" ,glproto)

4
gnu/packages/glib.scm
View File

@ -384,7 +384,7 @@ translated.")
(source (origin
(method url-fetch)
(uri
(string-append "http://dbus.freedesktop.org/releases/dbus-glib/dbus-glib-"
(string-append "https://dbus.freedesktop.org/releases/dbus-glib/dbus-glib-"
version ".tar.gz"))
(sha256
(base32
@ -574,7 +574,7 @@ useful for C++.")
(method url-fetch)
(uri
(string-append
"http://telepathy.freedesktop.org/releases/telepathy-glib/"
"https://telepathy.freedesktop.org/releases/telepathy-glib/"
"telepathy-glib-" version ".tar.gz"))
(sha256
(base32

185
gnu/packages/gnome.scm
View File

@ -13,6 +13,7 @@
;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
;;; Copyright © 2016 Jochem Raat <jchmrt@riseup.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -36,6 +37,7 @@
#:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (guix build-system glib-or-gtk)
#:use-module (guix build-system trivial)
#:use-module (gnu packages)
#:use-module (gnu packages admin)
#:use-module (gnu packages autotools)
@ -500,7 +502,7 @@ for settings shared by various components of the GNOME desktop.")
(source
(origin
(method url-fetch)
(uri (string-append "http://tango.freedesktop.org/releases/icon-naming-utils-"
(uri (string-append "https://tango.freedesktop.org/releases/icon-naming-utils-"
version ".tar.bz2"))
(sha256
(base32
@ -536,7 +538,7 @@ GNOME and KDE desktops to the icon names proposed in the specification.")
(version "0.22")
(source (origin
(method url-fetch)
(uri (string-append "http://www.freedesktop.org/software/" name
(uri (string-append "https://www.freedesktop.org/software/" name
"/releases/" name "-" version ".tar.xz"))
(sha256
(base32
@ -608,7 +610,7 @@ update-desktop-database: updates the database containing a cache of MIME types
(version "1.2")
(source (origin
(method url-fetch)
(uri (string-append "http://freedesktop.org/~hadess/"
(uri (string-append "https://freedesktop.org/~hadess/"
"shared-mime-info-" version ".tar.xz"))
(sha256
(base32
@ -640,7 +642,7 @@ database is translated at Transifex.")
(source
(origin
(method url-fetch)
(uri (string-append "http://icon-theme.freedesktop.org/releases/"
(uri (string-append "https://icon-theme.freedesktop.org/releases/"
"hicolor-icon-theme-" version ".tar.gz"))
(sha256
(base32
@ -939,7 +941,7 @@ library.")
(inputs `(("glib" ,glib)))
(native-inputs
`(("pkg-config" ,pkg-config)
("flex", flex)
("flex" ,flex)
("bison" ,bison)))
(home-page "http://freecode.com/projects/libidl")
(synopsis "Create trees of CORBA Interface Definition Language files")
@ -1583,7 +1585,7 @@ Hints specification (EWMH).")
("libxml2" ,libxml2)
("libxslt" ,libxslt)
("python" ,python-2)
("python2-pygobject", python2-pygobject-2)
("python2-pygobject" ,python2-pygobject-2)
("zlib" ,zlib)))
(native-inputs
`(("intltool" ,intltool)
@ -2259,7 +2261,7 @@ keyboard shortcuts.")
(source
(origin
(method url-fetch)
(uri (string-append "http://www.freedesktop.org/software/colord/releases/"
(uri (string-append "https://www.freedesktop.org/software/colord/releases/"
name "-" version ".tar.xz"))
(sha256
(base32
@ -2323,7 +2325,7 @@ output devices.")
(source
(origin
(method url-fetch)
(uri (string-append "http://www.freedesktop.org/software/" name
(uri (string-append "https://www.freedesktop.org/software/" name
"/releases/" (version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
@ -2403,7 +2405,7 @@ faster results and to avoid unnecessary server load.")
(version "0.99.3")
(source (origin
(method url-fetch)
(uri (string-append "http://upower.freedesktop.org/releases/"
(uri (string-append "https://upower.freedesktop.org/releases/"
name "-" version ".tar.xz"))
(sha256
(base32
@ -3228,7 +3230,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.")
`(("dconf" ,dconf)))
(native-inputs
`(("intltool" ,intltool)
("itstool", itstool)
("itstool" ,itstool)
("glib" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
("pkg-config" ,pkg-config)
@ -3879,7 +3881,7 @@ javascript engine and the GObject introspection framework.")
`(("dconf" ,dconf)))
(native-inputs
`(("intltool" ,intltool)
("itstool", itstool)
("itstool" ,itstool)
("gobject-introspection" ,gobject-introspection)
("pkg-config" ,pkg-config)))
(inputs
@ -4648,3 +4650,164 @@ as SASL, TLS and VeNCrypt. Additionally it supports encoding extensions.")
design and behaviour, giving the user a simple way to navigate and manage its
files.")
(license license:gpl2+)))
(define-public baobab
(package
(name "baobab")
(version "3.18.1")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32
"1da4bdkw5bnxansl1xr4lb03d6f4h0a0qaba8i3p3rwhcd191b62"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("intltool" ,intltool)
("pkg-config" ,pkg-config)
("itstool" ,itstool)
("xmllint" ,libxml2)
("glib" ,glib "bin")
("vala" ,vala)))
(inputs
`(("gtk+" ,gtk+)))
(synopsis "Disk usage analyzer for GNOME")
(description
"Baobab (Disk Usage Analyzer) is a graphical application to analyse disk
usage in the GNOME desktop environment. It can easily scan device volumes or
a specific user-requested directory branch (local or remote). Once the scan
is complete it provides a graphical representation of each selected folder.")
(home-page "https://wiki.gnome.org/Apps/Baobab")
(license license:gpl2+)))
(define-public gnome-backgrounds
(package
(name "gnome-backgrounds")
(version "3.18.0")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32
"1fd7y8dh3iy88ayb8irgsihvssli6bzjzb5a6vfhi8qjbw70ymma"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("intltool" ,intltool)))
(home-page "https://git.gnome.org/browse/gnome-backgrounds")
(synopsis "Background images for the GNOME desktop")
(description
"GNOME backgrounds package contains a collection of graphics files which
can be used as backgrounds in the GNOME Desktop environment. Additionally,
the package creates the proper framework and directory structure so that you
can add your own files to the collection.")
(license (list license:gpl2+
license:cc-by2.0
license:cc-by-sa2.0
license:cc-by-sa3.0))))
(define-public gnome-screenshot
(package
(name "gnome-screenshot")
(version "3.18.0")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32
"0hc8m435q7yzvrw7jpi53kaxpmrd9w59sm7c5wibh2ng9azlv9pb"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
("intltool" ,intltool)
("pkg-config" ,pkg-config)))
(inputs
`(("gtk+" ,gtk+)
("libcanberra" ,libcanberra)
("libx11" ,libx11)
("libxext" ,libxext)))
(home-page "https://git.gnome.org/browse/gnome-screenshot")
(synopsis "Take pictures of your screen")
(description
"GNOME Screenshot is a utility used for taking screenshots of the entire
screen, a window or a user defined area of the screen, with optional
beautifying border effects.")
(license license:gpl2+)))
(define-public dconf-editor
(package
(name "dconf-editor")
(version "3.18.2")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32
"0xdwi7g1xdmgrc9m8ii62fp2zj114gsfpmgazlnhrcmmfi97z5d7"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-compile-schemas, gio-2.0.
("intltool" ,intltool)
("pkg-config" ,pkg-config)))
(inputs
`(("dconf" ,dconf)
("gtk+" ,gtk+)
("libxml2" ,libxml2)))
(home-page "https://git.gnome.org/browse/dconf-editor")
(synopsis "Graphical editor for GNOME's dconf configuration system")
(description
"Dconf-editor is a graphical tool for browsing and editing the dconf
configuration system for GNOME. It allows users to configure desktop
software that do not provide their own configuration interface.")
(license license:lgpl2.1+)))
(define-public gnome
(package
(name "gnome")
(version (package-version gnome-shell))
(source #f)
(build-system trivial-build-system)
(arguments '(#:builder (mkdir %output)))
(propagated-inputs
;; TODO: Add more packages according to:
;; <https://packages.debian.org/jessie/gnome-core>.
`(("adwaita-icon-theme" ,adwaita-icon-theme)
("at-spi2-core" ,at-spi2-core)
("dbus" ,dbus)
("dconf" ,dconf)
("eog" ,eog)
("epiphany" ,epiphany)
("evince" ,evince)
("gedit" ,gedit)
("glib-networking" ,glib-networking)
("gnome-control-center" ,gnome-control-center)
("gnome-keyring" ,gnome-keyring)
("gnome-session" ,gnome-session)
("gnome-settings-daemon" ,gnome-settings-daemon)
("gnome-shell" ,gnome-shell)
("gnome-terminal" ,gnome-terminal)
("gnome-themes-standard" ,gnome-themes-standard)
("hicolor-icon-theme" ,hicolor-icon-theme)
("nautilus" ,nautilus)
("pulseaudio" ,pulseaudio)
("shared-mime-info" ,shared-mime-info)
("totem" ,totem)
("yelp" ,yelp)
("zenity" ,zenity)))
(synopsis "Desktop environment (meta-package)")
(home-page "https://www.gnome.org/")
(description
"GNOME is an intutive and attractive desktop environment. It aims to be
an easy and elegant way to use your computer.")
(license license:gpl2+)))

43
gnu/packages/gnunet.scm
View File

@ -3,6 +3,8 @@
;;; Copyright © 2014 Sree Harsha Totakura <sreeharsha@totakura.in>
;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Ni* Gillmann <ng@niasterisk.space>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -22,14 +24,17 @@
(define-module (gnu packages gnunet)
#:use-module (gnu packages)
#:use-module (gnu packages file)
#:use-module (gnu packages aidc)
#:use-module (gnu packages autotools)
#:use-module (gnu packages compression)
#:use-module (gnu packages curl)
#:use-module (gnu packages geeqie)
#:use-module (gnu packages gettext)
#:use-module (gnu packages glib)
#:use-module (gnu packages gnome)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages groff)
#:use-module (gnu packages gtk)
#:use-module (gnu packages guile)
#:use-module (gnu packages gstreamer)
#:use-module (gnu packages libidn)
@ -208,6 +213,8 @@ supports HTTPS, HTTPS and GnuTLS.")
(inputs
`(("glpk" ,glpk)
("gnurl" ,gnurl)
("gstreamer" ,gstreamer)
("gst-plugins-base" ,gst-plugins-base)
("gnutls" ,gnutls)
("libextractor" ,libextractor)
("libgcrypt" ,libgcrypt)
@ -217,14 +224,16 @@ supports HTTPS, HTTPS and GnuTLS.")
("libunistring" ,libunistring)
("openssl" ,openssl)
("opus" ,opus)
("pulseaudio", pulseaudio)
("pulseaudio" ,pulseaudio)
("sqlite" ,sqlite)
("zlib" ,zlib)))
(native-inputs
`(("pkg-config" ,pkg-config)
("python" ,python-2)))
(arguments
'(#:parallel-tests? #f
'(#:configure-flags
(list (string-append "--with-nssdir=" %output "/lib"))
#:parallel-tests? #f
;; test_gnunet_service_arm fails; reported upstream
#:tests? #f
#:phases
@ -286,3 +295,33 @@ GNUnet services, including the @dfn{identity} and @dfn{file sharing}
services.")
(home-page "http://gnu.org/software/guix")
(license license:gpl3+))))
;; FIXME: "gnunet-setup" segfaults under certain conditions and "gnunet-gtk"
;; does not seem to be fully functional. This has been reported upstream:
;; http://lists.gnu.org/archive/html/gnunet-developers/2016-02/msg00004.html
(define-public gnunet-gtk
(package (inherit gnunet)
(name "gnunet-gtk")
(version (package-version gnunet))
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gnunet/gnunet-gtk-"
version ".tar.gz"))
(sha256
(base32
"1p38k1s6a2fmcfc9a7cf1zrdycm9h06kqdyand4s3k500nj6mb4g"))))
(arguments
`(#:configure-flags
(list "--without-libunique"
"--with-qrencode")))
(inputs
`(("gnunet" ,gnunet)
("libgcrypt" ,libgcrypt)
("gtk+" ,gtk+)
("libextractor" ,libextractor)
("glade3" ,glade3)
("qrencode" ,qrencode)))
(native-inputs
`(("pkg-config" ,pkg-config)
("libglade" ,libglade)))
(synopsis "Graphical front-end tools for GNUnet")))

11
gnu/packages/gnupg.scm
View File

@ -2,7 +2,7 @@
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
@ -70,14 +70,14 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
(version "1.6.4")
(version "1.6.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
"09k06gs27gxfha07sa9rpf4xh6mvphj9sky7n09ymx75w9zjrg69"))))
"0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error-host" ,libgpg-error)))
@ -206,7 +206,10 @@ compatible to GNU Pth.")
".tar.bz2"))
(sha256
(base32
"06mn2viiwsyq991arh5i5fhr9jyxq2bi0jkdj7ndfisxihngpc5p"))))
"06mn2viiwsyq991arh5i5fhr9jyxq2bi0jkdj7ndfisxihngpc5p"))
(patches
(list (search-patch
"gnupg-simple-query-ignore-status-messages.patch")))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))

9
gnu/packages/gnuzilla.scm
View File

@ -72,7 +72,7 @@
(("defined\\(@TEMPLATE_FILE)") "@TEMPLATE_FILE")))))
(build-system gnu-build-system)
(native-inputs
`(("perl", perl)
`(("perl" ,perl)
("python" ,python-2)))
(arguments
`(#:phases
@ -154,7 +154,7 @@ in C/C++.")
"01ria9wk6329hxqsy75p9dkxiqkq4nkz0jjzll7hslih3jbi8dil"))))
(build-system gnu-build-system)
(native-inputs
`(("perl", perl)))
`(("perl" ,perl)))
(arguments
`(#:tests? #f ; no check target
#:configure-flags (list "--enable-64bit"
@ -289,7 +289,8 @@ standards.")
"0bd4k5cwr8ynscaxffvj2x3kgky3dmjq0qhpcb931l98bh0103lx"))
(patches (map search-patch
'("icecat-avoid-bundled-includes.patch"
"icecat-re-enable-DHE-cipher-suites.patch")))
"icecat-re-enable-DHE-cipher-suites.patch"
"icecat-update-graphite2.patch")))
(modules '((guix build utils)))
(snippet
'(begin
@ -318,6 +319,8 @@ standards.")
;; TODO: Use system harfbuzz. Waiting for:
;; <https://bugzilla.mozilla.org/show_bug.cgi?id=847568>
;;
;; TODO: Use system graphite2.
;;
"modules/freetype2"
"modules/zlib"
"modules/libbz2"

19
gnu/packages/gps.scm
View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -34,7 +35,7 @@
(define-public gpsbabel
(package
(name "gpsbabel")
(version "1.5.0")
(version "1.5.2")
(source (origin
(method url-fetch)
;; XXX: Downloads from gpsbabel.org are hidden behind a POST, so
@ -44,16 +45,16 @@
version ".orig.tar.gz"))
(sha256
(base32
"1pd01kra9l5ihy1by87qia0mpbpcif7g5yg7r9z2bnw7711jm3yb"))))
"0xf7wmy2m29g2lm8lqc74yf8rf7sxfl3cfwbk7dpf0yf42pb0b6w"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--with-zlib=system")
#:phases (alist-cons-before
'configure 'pre-configure
(lambda _
(chdir "gpsbabel"))
;; TODO: "make doc" requires Docbook & co.
%standard-phases)
#:phases
(modify-phases %standard-phases
(add-before 'configure 'pre-configure
(lambda _
(chdir "gpsbabel"))))
;; TODO: "make doc" requires Docbook & co.
;; On i686, 'raymarine.test' fails because of a rounding error:
;; <http://hydra.gnu.org/build/133040>. As a workaround, disable tests
@ -62,7 +63,7 @@
(inputs
`(("expat" ,expat)
("zlib" ,zlib)
("qt4" ,qt-4)))
("qt" ,qt)))
(native-inputs
`(("which" ,which)
("libxml2" ,libxml2))) ;'xmllint' needed for the KML tests

134
gnu/packages/gstreamer.scm
View File

@ -28,21 +28,33 @@
#:use-module (gnu packages audio)
#:use-module (gnu packages bison)
#:use-module (gnu packages cdrom)
#:use-module (gnu packages curl)
#:use-module (gnu packages compression)
#:use-module (gnu packages flex)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages gl)
#:use-module (gnu packages glib)
#:use-module (gnu packages gnome)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages graphics)
#:use-module (gnu packages gtk)
#:use-module (gnu packages image)
#:use-module (gnu packages libusb)
#:use-module (gnu packages linux)
#:use-module (gnu packages mp3)
#:use-module (gnu packages perl)
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages qt)
#:use-module (gnu packages rdf)
#:use-module (gnu packages video)
#:use-module (gnu packages xorg)
#:use-module (gnu packages xiph)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages ssh)
#:use-module (gnu packages telephony)
#:use-module (gnu packages tls)
#:use-module (gnu packages version-control)
#:use-module (gnu packages yasm)
#:use-module (gnu packages xml))
@ -52,7 +64,7 @@
(version "0.4.24")
(source (origin
(method url-fetch)
(uri (string-append "http://gstreamer.freedesktop.org/data/src/"
(uri (string-append "https://gstreamer.freedesktop.org/data/src/"
"orc/orc-" version ".tar.xz"))
(sha256
(base32
@ -83,16 +95,16 @@ arrays of data.")
(define-public gstreamer
(package
(name "gstreamer")
(version "1.6.1")
(version "1.6.3")
(source
(origin
(method url-fetch)
(uri (string-append
"http://gstreamer.freedesktop.org/src/gstreamer/gstreamer-"
"https://gstreamer.freedesktop.org/src/gstreamer/gstreamer-"
version ".tar.xz"))
(sha256
(base32
"172w1bpnkn6mm1wi37n03apdbb6cdkykhzjf1vfxchcd7hhkyflp"))))
"093zldafh7xh3lrlwzm7j0vvjz6k9ca83wqil40gfz5qcy6mdy92"))))
(build-system gnu-build-system)
(outputs '("out" "doc"))
(arguments
@ -113,7 +125,7 @@ arrays of data.")
(list (search-path-specification
(variable "GST_PLUGIN_SYSTEM_PATH")
(files '("lib/gstreamer-1.0")))))
(home-page "http://gstreamer.freedesktop.org/")
(home-page "https://gstreamer.freedesktop.org/")
(synopsis "Multimedia library")
(description
"GStreamer is a library for constructing graphs of media-handling
@ -131,15 +143,15 @@ This package provides the core library and elements.")
(define-public gst-plugins-base
(package
(name "gst-plugins-base")
(version "1.6.1")
(version "1.6.3")
(source
(origin
(method url-fetch)
(uri (string-append "http://gstreamer.freedesktop.org/src/" name "/"
(uri (string-append "https://gstreamer.freedesktop.org/src/" name "/"
name "-" version ".tar.xz"))
(sha256
(base32
"18sbyjcp281zb3bsqji3pglsdsxi0s6ai7rx90sx8cpflkxdqcwm"))))
"0xbskifk95rw7jd85sqjrmqh2kys1bpi0inrxyapx1x4vf7ly5dn"))))
(build-system gnu-build-system)
(outputs '("out" "doc"))
(propagated-inputs
@ -168,12 +180,11 @@ This package provides the core library and elements.")
(assoc-ref %outputs "doc")
"/share/gtk-doc/html"))
#:phases
(alist-cons-before
'configure 'patch
(lambda _
(substitute* "tests/check/libs/pbutils.c"
(("/bin/sh") (which "sh"))))
%standard-phases)))
(modify-phases %standard-phases
(add-before 'configure 'patch
(lambda _
(substitute* "tests/check/libs/pbutils.c"
(("/bin/sh") (which "sh"))))))))
(home-page "http://gstreamer.freedesktop.org/")
(synopsis
"Plugins for the GStreamer multimedia library")
@ -185,16 +196,16 @@ for the GStreamer multimedia library.")
(define-public gst-plugins-good
(package
(name "gst-plugins-good")
(version "1.6.1")
(version "1.6.3")
(source
(origin
(method url-fetch)
(uri (string-append
"http://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-good-"
version ".tar.xz"))
"https://gstreamer.freedesktop.org/src/" name "/"
name "-" version ".tar.xz"))
(sha256
(base32
"0darc3058kbnql3mnlpizl0sq0hhli7vkm0rpqb7nywz14abim46"))))
"0xx16h0q63gs3pxlzdflnpyssba3vcrh1qnzplg4d0ra1fvrvc94"))))
(build-system gnu-build-system)
(inputs
`(("aalib" ,aalib)
@ -228,7 +239,7 @@ for the GStreamer multimedia library.")
'unpack 'disable-failing-rtprtx-tests
(lambda _
;; Disable rtprtx tests that frequently fail.
;; XXX FIXME: Try removing this for version > 1.6.1.
;; XXX FIXME: Try removing this for version > 1.6.3.
(substitute* "tests/check/elements/rtprtx.c"
(("tcase_add_test \\(tc_chain,\
(test_rtxsender_max_size_packets|test_rtxreceive_data_reconstruction)\\);" all)
@ -242,18 +253,91 @@ GStreamer multimedia library. This set contains those plug-ins which the
developers consider to have good quality code and correct functionality.")
(license lgpl2.0+)))
(define-public gst-plugins-bad
(package
(name "gst-plugins-bad")
(version "1.6.3")
(source (origin
(method url-fetch)
(uri (string-append "https://gstreamer.freedesktop.org/src/"
name "/" name "-" version ".tar.xz"))
(sha256
(base32
"0q9s5da54819gwncmdi95l5qzx97l9vxk6adx4zmx73a3l82j6wp"))))
(outputs '("out" "doc"))
(build-system gnu-build-system)
(arguments
'(#:tests? #f ; XXX: 11 of 54 tests fail
#:configure-flags
(list (string-append "--with-html-dir="
(assoc-ref %outputs "doc")
"/share/gtk-doc/html"))))
(propagated-inputs
`(("gst-plugins-base" ,gst-plugins-base)))
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-mkenums, etc.
("gobject-introspection" ,gobject-introspection)
("pkg-config" ,pkg-config)
("python" ,python)))
(inputs
;; XXX: The following dependencies are missing:
;; vo-amrwbenc, vo-aacenc, bs2b, chromaprint, directfb, daala, libdts,
;; faac, flite, libgsm, libde265, libmms, libmimic, mjpegtools,
;; mpeg2enc, libofa, opencv, openh264, openni2, libtimemmgr, wildmidi,
;; openspc, gme, sbc, schroedinger, zbar, librtmp, spandsp, x265
`(("bluez" ,bluez)
("curl" ,curl)
("faad2" ,faad2)
("fluidsynth" ,fluidsynth)
("gtk+" ,gtk+)
("ladspa" ,ladspa)
("libass" ,libass)
("libdvdnav" ,libdvdnav)
("libdvdread" ,libdvdread)
("libgcrypt" ,libgcrypt)
("libgudev" ,libgudev)
("libkate" ,libkate)
("libmodplug" ,libmodplug)
("librsvg" ,librsvg)
("libsndfile" ,libsndfile)
("libsrtp" ,libsrtp)
("libssh2" ,libssh2)
("libusb" ,libusb)
("libvdpau" ,libvdpau)
("libwebp" ,libwebp)
("libxml2" ,libxml2)
("lrdf" ,lrdf)
("mesa" ,mesa)
("mpg123" ,mpg123)
("neon" ,neon)
("openal" ,openal)
("openexr" ,openexr)
("openjpeg" ,openjpeg)
("openssl" ,openssl)
("opus" ,opus)
("orc" ,orc)
("qt" ,qt)
("soundtouch" ,soundtouch)
("wayland" ,wayland)))
(home-page "http://gstreamer.freedesktop.org/")
(synopsis "Plugins for the GStreamer multimedia library")
(description
"GStreamer Bad Plug-ins is a set of plug-ins whose quality aren't up to
par compared to the rest.")
(license lgpl2.0+)))
(define-public gst-plugins-ugly
(package
(name "gst-plugins-ugly")
(version "1.6.1")
(version "1.6.3")
(source
(origin
(method url-fetch)
(uri (string-append "http://gstreamer.freedesktop.org/src/"
(uri (string-append "https://gstreamer.freedesktop.org/src/"
name "/" name "-" version ".tar.xz"))
(sha256
(base32
"0mvasl1pwq70w2kmrkcrg77kggl5q7jqybi7fkvy3vr28c7gkhqc"))))
"0r6h3ys5n90jv3c06crxzcac561z07s4h04hy5i8ybw8qyvzgv1g"))))
(build-system gnu-build-system)
(inputs
`(("gst-plugins-base" ,gst-plugins-base)
@ -283,15 +367,15 @@ distribution problems in some jurisdictions, e.g. due to patent threats.")
(define-public gst-libav
(package
(name "gst-libav")
(version "1.6.1")
(version "1.6.3")
(source (origin
(method url-fetch)
(uri (string-append
"http://gstreamer.freedesktop.org/src/" name "/"
"https://gstreamer.freedesktop.org/src/" name "/"
name "-" version ".tar.xz"))
(sha256
(base32
"1a9pc7zp5rg0cvpx8gqkr21w73i6p9xa505a34day9f8p3lfim94"))))
"1aylbg1xnm68c3wc49mzx813qhsjfg23hqnjqqwdwdq31839qyw5"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--with-system-libav")

27
gnu/packages/gtk.scm
View File

@ -150,7 +150,7 @@ affine transformation (scale, rotation, shear, etc.).")
(version "1.0.6")
(source (origin
(method url-fetch)
(uri (string-append "http://www.freedesktop.org/software/"
(uri (string-append "https://www.freedesktop.org/software/"
"harfbuzz/release/harfbuzz-"
version ".tar.bz2"))
(sha256
@ -365,7 +365,7 @@ printing and other features typical of a source code editor.")
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-genmarshal, etc.
("intltool" ,intltool)
("itstool", itstool)
("itstool" ,itstool)
("gobject-introspection" ,gobject-introspection)
("pkg-config" ,pkg-config)
("vala" ,vala)
@ -425,7 +425,7 @@ highlighting and other features typical of a source code editor.")
(native-inputs
`(("pkg-config" ,pkg-config)
("glib" ,glib "bin") ; glib-mkenums, etc.
("gobject-introspection", gobject-introspection))) ; g-ir-compiler, etc.
("gobject-introspection" ,gobject-introspection))) ; g-ir-compiler, etc.
(synopsis "GNOME image loading and manipulation library")
(description
"GdkPixbuf is a library for image loading and manipulation developed
@ -1013,6 +1013,7 @@ extensive documentation, including API reference and a tutorial.")
`(("pkg-config" ,pkg-config)))
(inputs
`(("python" ,python-2)
("libglade" ,libglade)
("glib" ,glib)))
(propagated-inputs
`(("python-pycairo" ,python2-pycairo) ;loaded at runtime
@ -1107,7 +1108,25 @@ information.")
"12xmmcnq4138dlbhmqa45wqza8dky4lf856sp80h6xjwl2g7a85l"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
`(#:phases
(modify-phases %standard-phases
(add-before
'configure 'fix-docbook
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "configure"
;; The configure check is overzealous about making sure that
;; things are in place -- it uses the xmlcatalog tool to make
;; sure that docbook-xsl is available, but this tool can only
;; look in one catalog file, unlike the $XML_CATALOG_FILES
;; variable that Guix defines. Fool the test by using the
;; docbook-xsl catalog explicitly and get on with life.
(("\"\\$XML_CATALOG_FILE\" \
\"http://docbook.sourceforge.net/release/xsl/")
(string-append (car (find-files (assoc-ref inputs "docbook-xsl")
"^catalog.xml$"))
" \"http://docbook.sourceforge.net/release/xsl/")))
#t)))
#:configure-flags
(list (string-append "--with-xml-catalog="
(assoc-ref %build-inputs "docbook-xml")
"/xml/dtd/docbook/catalog.xml"))))

64
gnu/packages/guile.scm
View File

@ -2,6 +2,7 @@
;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Christopher Allan Webber <cwebber@dustycloud.org>
;;; Copyright © 2016 Alex Sassmannshausen <alex@pompo.co>
;;;
;;; This file is part of GNU Guix.
;;;
@ -210,7 +211,15 @@ without requiring the source code to be rewritten.")
;; times (almost 3 hours on a 4-core Intel i5).
(snippet '(for-each delete-file
(find-files "prebuilt" "\\.go$")))))
(synopsis "Snapshot of what will become version 2.2 of GNU Guile")))
(synopsis "Snapshot of what will become version 2.2 of GNU Guile")
(native-search-paths
(list (search-path-specification
(variable "GUILE_LOAD_PATH")
(files '("share/guile/site/2.2")))
(search-path-specification
(variable "GUILE_LOAD_COMPILED_PATH")
(files '("lib/guile/2.2/ccache"
"share/guile/site/2.2")))))))
(define-public guile-for-guile-emacs
(package (inherit guile-next)
@ -440,14 +449,14 @@ for Guile\".")
(define-public guile-json
(package
(name "guile-json")
(version "0.4.0")
(version "0.5.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://savannah/guile-json/guile-json-"
version ".tar.gz"))
(sha256
(base32
"0v06272rw4ycwzssjf3fzpk2vhpslvl55hz94q80vc6f74j0d5h6"))
"0l8a34l92nrdszy7ykycfvr8y0n0yi5qb3ccliycvpvf9mzk5n8d"))
(modules '((guix build utils)))
(snippet
;; Make sure everything goes under .../site/2.0, like Guile's
@ -700,6 +709,28 @@ Guile's foreign function interface.")
(base32
"15q1qwjnay7k90ppqrzqsmikvwyj61mjvf1zahyd9gm4vi2fgb3x"))))
(build-system gnu-build-system)
(arguments
`(#:modules ((ice-9 match) (ice-9 ftw)
,@%gnu-build-system-modules)
#:phases (modify-phases %standard-phases
(add-after 'install 'wrap-haunt
(lambda* (#:key outputs #:allow-other-keys)
;; Wrap the 'haunt' command to refer to the right
;; modules.
(let* ((out (assoc-ref outputs "out"))
(bin (string-append out "/bin"))
(site (string-append
out "/share/guile/site")))
(match (scandir site)
(("." ".." version)
(let ((modules (string-append site "/" version)))
(wrap-program (string-append bin "/haunt")
`("GUILE_LOAD_PATH" ":" prefix
(,modules))
`("GUILE_LOAD_COMPILED_PATH" ":" prefix
(,modules)))
#t)))))))))
(inputs
`(("guile" ,guile-2.0)))
(synopsis "Functional static site generator")
@ -709,6 +740,33 @@ interface for reading articles in any format.")
(home-page "http://haunt.dthompson.us")
(license gpl3+)))
(define-public guile-config
(package
(name "guile-config")
(version "0.1.1")
(source (origin
(method url-fetch)
(uri (string-append
"http://alex.pompo.co/software/" name "-" version
".tar.gz"))
(sha256
(base32
"1b719bn192f9wg24rr0zx8jpmygsvyhfi35iy778pb5p392snrn8"))))
(build-system gnu-build-system)
(inputs
`(("guile" ,guile-2.0)))
(synopsis "Guile application configuration parsing library")
(description
"Guile Config is a library providing a declarative approach to
application configuration specification. The library provides clean
configuration declaration forms, and processors that take care of:
configuration file creation; configuration file parsing; command-line
parameter parsing using getopt-long; basic GNU command-line parameter
generation (--help, --usage, --version); automatic output generation for the
above command-line parameters.")
(home-page "https://github.com/a-sassmannshausen/guile-config")
(license agpl3+)))
(define-public guile-redis
(package
(name "guile-redis")

11
gnu/packages/icu4c.scm
View File

@ -31,11 +31,12 @@
(version "55.1")
(source (origin
(method url-fetch)
(uri (string-append "http://download.icu-project.org/files/icu4c/"
version
"/icu4c-"
(string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
"-src.tgz"))
(uri (string-append
"mirror://sourceforge/icu/ICU4C/"
version
"/icu4c-"
(string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
"-src.tgz"))
(sha256
(base32 "0ys5f5spizg45qlaa31j2lhgry0jka2gfha527n4ndfxxz5j4sz1"))
(patches (map search-patch '("icu4c-CVE-2014-6585.patch"

23
gnu/packages/kde-frameworks.scm
View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -26,7 +27,7 @@
#:use-module (gnu packages qt)
#:use-module (gnu packages xorg))
(define kde-frameworks-version "5.12.0")
(define kde-frameworks-version "5.19.0")
(define-public extra-cmake-modules
(package
@ -39,7 +40,8 @@
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32 "14n77sn493m8kzr42wv13mdgxpnbx7x64bvw37ircrx8wmf4002i"))))
(base32
"1dl3hhbara7iswb5wsc5dp17ar3ljw5f0nrncl8vry9smaz2zl63"))))
;; The package looks for Qt5LinguistTools provided by Qt, but apparently
;; compiles without it; it might be needed for building the
;; documentation, which requires the additional Sphinx package.
@ -63,18 +65,19 @@ common build settings used in software produced by the KDE community.")
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32 "0fjxhf07r186cmp0mjvinrwxg4z90zlyvycqhy0n18fdp67szckl"))))
(base32
"115xs34r74j9zcsw69glnh8w59iyh764n3gniawwrk23c6yb8fch"))))
(build-system cmake-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
("xorg-server" ,xorg-server))) ; for the tests
`(("pkg-config" ,pkg-config)
("xorg-server" ,xorg-server))) ; for the tests
(inputs
`(("extra-cmake-modules" ,extra-cmake-modules)
("libxrender" ,libxrender)
("qt" ,qt)
("xcb-utils-keysyms" ,xcb-util-keysyms)))
`(("extra-cmake-modules" ,extra-cmake-modules)
("libxrender" ,libxrender)
("qt" ,qt)
("xcb-utils-keysyms" ,xcb-util-keysyms)))
(arguments
`(#:tests? #f)) ; FIXME: The first seven tests fail with "Exception".
`(#:tests? #f)) ; FIXME: The first seven tests fail with "Exception".
(home-page "https://community.kde.org/Frameworks")
(synopsis "KDE access to the windowing system")
(description "KWindowSystem provides information about and allows

229
gnu/packages/kde.scm
View File

@ -1,229 +0,0 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages kde)
#:use-module ((guix licenses) #:select (bsd-2 lgpl2.0+ lgpl2.1 lgpl2.1+ lgpl3+))
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system cmake)
#:use-module (gnu packages compression)
#:use-module (gnu packages doxygen)
#:use-module (gnu packages geeqie)
#:use-module (gnu packages glib)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
#:use-module (gnu packages qt)
#:use-module (gnu packages rdf)
#:use-module (gnu packages ruby)
#:use-module (gnu packages video)
#:use-module (gnu packages xml)
#:use-module (gnu packages xorg))
(define-public automoc4
(package
(name "automoc4")
(version "0.9.88")
(source (origin
(method url-fetch)
(uri (string-append "http://download.kde.org/stable/" name
"/" version "/" name "-"
version ".tar.bz2"))
(sha256
(base32
"0jackvg0bdjg797qlbbyf9syylm0qjs55mllhn11vqjsq3s1ch93"))))
(build-system cmake-build-system)
(inputs
`(("qt" ,qt-4)))
(arguments
`(#:tests? #f)) ; no check target
(home-page "http://techbase.kde.org/Development/Tools/Automoc4")
(synopsis "Build tool for KDE")
(description "AutoMoc4 automatically generates moc-files for KDE.")
(license bsd-2)))
(define-public phonon
(package
(name "phonon")
(version "4.8.3")
(source (origin
(method url-fetch)
(uri (string-append "http://download.kde.org/stable/" name
"/" version "/src/"
name "-" version ".tar.xz"))
(sha256
(base32
"05nshngk03ln90vsjz44dx8al576f4vd5fvhs1l0jmx13jb9q551"))))
(build-system cmake-build-system)
;; FIXME: Add optional input libqzeitgeist once available.
(native-inputs
`(("automoc4" ,automoc4)
("pkg-config" ,pkg-config)))
(inputs
`(("glib" ,glib)
("libx11" ,libx11)
("pulseaudio" ,pulseaudio)))
(propagated-inputs
`(("qt" ,qt-4))) ; according to phonon.pc
(arguments
`(#:tests? #f)) ; no test target
(home-page "http://phonon.kde.org/")
(synopsis "Qt 4 multimedia API")
(description "KDE desktop environment")
(license lgpl2.1+)))
(define-public qjson
(package
(name "qjson")
(version "0.8.1")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/flavio/qjson/archive/"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"163fspi0xc705irv79qw861fmh68pjyla9vx3kqiq6xrdhb9834j"))))
(build-system cmake-build-system)
(inputs
`(("qt" ,qt-4)))
(arguments
`(#:tests? #f)) ; no test target
(home-page "http://qjson.sourceforge.net/")
(synopsis "Qt-based library for handling JSON")
(description "QJson is a Qt-based library that maps JSON data to QVariant
objects and vice versa. JSON arrays are mapped to QVariantList instances,
while JSON objects are mapped to QVariantMap.")
(license lgpl2.1+)))
(define-public libdbusmenu-qt
(package
(name "libdbusmenu-qt")
(version "0.9.2")
(source (origin
(method url-fetch)
(uri (string-append "https://launchpad.net/" name "/trunk/"
version "/+download/"
name "-" version ".tar.bz2"))
(sha256
(base32
"1v0ri5g9xw2z64ik0kx0ra01v8rpjn2kxprrxppkls1wvav1qv5f"))))
(build-system cmake-build-system)
(native-inputs
`(("doxygen" ,doxygen) ; used for static documentation
("pkg-config" ,pkg-config)
("qjson", qjson))) ; used for the tests
(inputs
`(("qt" ,qt-4)))
(arguments
`(#:tests? #f)) ; no check target
(home-page "https://launchpad.net/libdbusmenu-qt/")
(synopsis "Qt implementation of the DBusMenu protocol")
(description "The library provides a Qt implementation of the DBusMenu
protocol. The DBusMenu protocol makes it possible for applications to export
and import their menus over DBus.")
(license lgpl2.0+)))
(define-public attica
(package
(name "attica")
(version "0.4.2")
(source (origin
(method url-fetch)
(uri (string-append "http://download.kde.org/stable/"
name "/"
name "-" version ".tar.bz2"))
(sha256
(base32
"1y74gsyzi70dfr9d1f1b08k130rm3jaibsppg8dv5h3211vm771v"))))
(build-system cmake-build-system)
(inputs
`(("qt" ,qt-4)))
(home-page "https://projects.kde.org/projects/frameworks/attica")
(synopsis "Qt library for the Open Collaboration Services API")
(description "Attica is a Qt library that implements the Open
Collaboration Services API version 1.6. It grants easy access to the
services such as querying information about persons and contents. The
library is used in KNewStuff3 as content provider. In order to integrate
with KDE's Plasma Desktop, a platform plugin exists in kdebase.")
(license lgpl2.1+)))
(define-public strigi
(package
(name "strigi")
(version "0.7.8")
(source (origin
(method url-fetch)
(uri (string-append "http://www.vandenoever.info/software/"
name "/"
name "-" version ".tar.bz2"))
(sha256
(base32
"12grxzqwnvbyqw7q1gnz42lypadxmq89vk2qpxczmpmc4nk63r23"))))
(build-system cmake-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
;; FIXME: Add optional inputs XAttr, FAM, Log4cxx
(inputs
`(("clucene" ,clucene)
("dbus" ,dbus)
("exiv2" ,exiv2)
("ffmpeg" ,ffmpeg)
("libxml2" ,libxml2)
("perl" ,perl)
("python" ,python-wrapper)
("qt" ,qt-4)
("zlib" ,zlib)))
(arguments
`(#:tests? #f)) ; FIXME: Test 23/25 ProcessInputStreamTest fails.
(home-page "http://www.vandenoever.info/software/strigi/")
(synopsis "Desktop search daemon")
(description "Strigi is a desktop search daemon with the following
main features:
very fast crawling;
very small memory footprint;
no hammering of the system;
pluggable backend, currently clucene and hyperestraier, sqlite3 and xapian
are in the works;
communication between daemon and search program over an abstract interface,
currently a simple socket;
simple interface for implementing plugins for extracting information;
calculation of sha1 for every file crawled
(allows fast finding of duplicates).")
(license lgpl2.0+)))
(define-public oxygen-icons
(package
(name "oxygen-icons")
(version "4.14.2")
(source (origin
(method url-fetch)
(uri (string-append "http://download.kde.org/stable/" version
"/src/" name "-"
version ".tar.xz"))
(sha256
(base32
"1mz73f54qh2vd8ibp60f6fjflrprz0lvqfkgh805l7wfhrv4ckbz"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f)) ; no test target
(home-page "http://www.kde.org/")
(synopsis "Oxygen icon theme for the KDE desktop")
(description "KDE desktop environment")
(license lgpl3+)))

45
gnu/packages/ldc.scm
View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Roel Janssen <roel@gnu.org>
;;; Copyright © 2015, 2016 Roel Janssen <roel@gnu.org>
;;; Copyright © 2015 Pjotr Prins <pjotr.guix@thebird.nl>
;;;
;;; This file is part of GNU Guix.
@ -21,6 +21,8 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
#:use-module (guix build-system cmake)
#:use-module (gnu packages)
#:use-module (gnu packages base)
@ -29,6 +31,47 @@
#:use-module (gnu packages textutils)
#:use-module (gnu packages zip))
(define-public rdmd
(let ((commit "da0a2e0a379b08294015eec9d531f1e5dd4226f0"))
(package
(name "rdmd")
(version (string-append "v2.070.0-1." (string-take commit 7)))
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/D-Programming-Language/tools.git")
(commit commit)))
(file-name (string-append name "-" version "-checkout"))
(sha256
(base32
"1pcx5lyqzrip86f4vv60x292rpvnwsq2hvl1znm9x9rn68f34m45"))))
(build-system gnu-build-system)
(arguments
'(#:phases
(modify-phases %standard-phases
(delete 'configure)
(delete 'check) ; There is no Makefile, so there's no 'make check'.
(replace
'build
(lambda _
(zero? (system* "ldc2" "rdmd.d"))))
(replace
'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((bin (string-append (assoc-ref outputs "out") "/bin")))
(install-file "rdmd" bin)))))))
(native-inputs
`(("ldc" ,ldc)))
(home-page "https://github.com/D-Programming-Language/tools/")
(synopsis "Specialized equivalent to 'make' for the D language")
(description
"rdmd is a companion to the dmd compiler that simplifies the typical
edit-compile-link-run or edit-make-run cycle to a rapid edit-run cycle. Like
make and other tools, rdmd uses the relative dates of the files involved to
minimize the amount of work necessary. Unlike make, rdmd tracks dependencies
and freshness without requiring additional information from the user.")
(license license:boost1.0))))
(define-public ldc
(package
(name "ldc")

2
gnu/packages/libcanberra.scm
View File

@ -110,7 +110,7 @@ null) and is designed to be portable.")
(version "0.8")
(source (origin
(method url-fetch)
(uri (string-append "http://people.freedesktop.org/~mccann/dist/"
(uri (string-append "https://people.freedesktop.org/~mccann/dist/"
name "-" version ".tar.bz2"))
(sha256
(base32

84
gnu/packages/linux.scm
View File

@ -7,6 +7,8 @@
;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
;;; Copyright © 2016 Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>
;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -218,7 +220,7 @@ for SYSTEM and optionally VARIANT, or #f if there is no such configuration."
(search-path %load-path file)))
(define-public linux-libre
(let* ((version "4.4.1")
(let* ((version "4.4.3")
(build-phase
'(lambda* (#:key system inputs #:allow-other-keys #:rest args)
;; Apply the neat patch.
@ -292,7 +294,7 @@ for SYSTEM and optionally VARIANT, or #f if there is no such configuration."
(uri (linux-libre-urls version))
(sha256
(base32
"1d6wzhbpz0g79iwlkv10qmig518risz9bi3qw8wdn7j2xs7ij1j2"))))
"06wl6gvhds6j6aaryzpz4jngdf3v70spvp1xb7k2c03kvm9v5f4v"))))
(build-system gnu-build-system)
(supported-systems '("x86_64-linux" "i686-linux"))
(native-inputs `(("perl" ,perl)
@ -327,13 +329,13 @@ It has been modified to remove all non-free binary blobs.")
(define-public linux-libre-4.1
(package
(inherit linux-libre)
(version "4.1.17")
(version "4.1.18")
(source (origin
(method url-fetch)
(uri (linux-libre-urls version))
(sha256
(base32
"0mkvj5sab8l2k0mgfca3y4n5g9cxs3px0ysvdwa2zwl52n7dsfk4"))))
"1bddh2rg645lavhjkk9z75vflba5y0g73z2fjwgbfrj5jb44x9i7"))))
(native-inputs
(let ((conf (kernel-config (or (%current-target-system)
(%current-system))
@ -794,14 +796,14 @@ MIDI functionality to the Linux-based operating system.")
(define-public alsa-utils
(package
(name "alsa-utils")
(version "1.0.27.2")
(version "1.1.0")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.alsa-project.org/pub/utils/alsa-utils-"
version ".tar.bz2"))
(uri (string-append "ftp://ftp.alsa-project.org/pub/utils/"
name "-" version ".tar.bz2"))
(sha256
(base32
"1sjjngnq50jv5ilwsb4zys6smifni3bd6fn28gbnhfrg14wsrgq2"))))
"1wa88wvqcfhak9x3y65wzzwxmmyxb5bv2gyj7lnm653fnwsk271v"))))
(build-system gnu-build-system)
(arguments
;; XXX: Disable man page creation until we have DocBook.
@ -867,15 +869,15 @@ packet filter.")
(define-public iproute
(package
(name "iproute2")
(version "3.12.0")
(version "4.4.0")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://kernel.org/linux/utils/net/iproute2/iproute2-"
version ".tar.xz"))
(sha256
(base32
"04gi11gh087bg2nlxhj0lxrk8l9qxkpr88nsiil23917bm3h1xj4"))))
(method url-fetch)
(uri (string-append
"mirror://kernel.org/linux/utils/net/iproute2/iproute2-"
version ".tar.xz"))
(sha256
(base32
"05351m4m0whsivlblvs3m0nz5q9v6r06ik80z27gf6ca51kw74dw"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; no test suite
@ -887,13 +889,12 @@ packet filter.")
(string-append "DOCDIR=" out "/share/doc/"
,name "-" ,version)
(string-append "MANDIR=" out "/share/man")))
#:phases (alist-cons-before
'install 'pre-install
(lambda _
;; Don't attempt to create /var/lib/arpd.
(substitute* "Makefile"
(("^.*ARPDDIR.*$") "")))
%standard-phases)))
#:phases (modify-phases %standard-phases
(add-before 'install 'pre-install
(lambda _
;; Don't attempt to create /var/lib/arpd.
(substitute* "Makefile"
(("^.*ARPDDIR.*$") "")))))))
(inputs
`(("iptables" ,iptables)
("db4" ,bdb)))
@ -2467,3 +2468,40 @@ write access to exFAT devices.")
applications running on the Linux console. It allows users to select items
and copy/paste text in the console and in xterm.")
(license license:gpl2+)))
(define-public btrfs-progs
(package
(name "btrfs-progs")
(version "4.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/kernel/"
"people/kdave/btrfs-progs/"
"btrfs-progs-v" version ".tar.xz"))
(sha256
(base32
"0jssv1ys4nw2jf7mkp58c19yspaa8ybf48fxsrhhp0683mzpr73p"))))
(build-system gnu-build-system)
(arguments
'(#:test-target "test"
#:parallel-tests? #f)) ; tests fail when run in parallel
(inputs `(("e2fsprogs" ,e2fsprogs)
("libblkid" ,util-linux)
("libuuid" ,util-linux)
("zlib" ,zlib)
("lzo" ,lzo)))
(native-inputs `(("pkg-config" ,pkg-config)
("asciidoc" ,asciidoc)
("xmlto" ,xmlto)
;; For building documentation
("libxml2" ,libxml2)
("docbook-xml" ,docbook-xml)
("docbook-xsl" ,docbook-xsl)))
(home-page "https://btrfs.wiki.kernel.org/")
(synopsis "Create and manage btrfs copy-on-write file systems")
(description "Btrfs is a copy-on-write (CoW) filesystem for Linux aimed at
implementing advanced features while focusing on fault tolerance, repair and
easy administration.")
;; GPL2+: crc32.c, radix-tree.c, raid6.c, rbtree.c.
;; GPL2: Everything else.
(license (list license:gpl2 license:gpl2+))))

57
gnu/packages/lsh.scm
View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -29,7 +29,8 @@
#:use-module (gnu packages multiprecision)
#:use-module (gnu packages readline)
#:use-module (gnu packages gperf)
#:use-module (gnu packages guile))
#:use-module (gnu packages guile)
#:use-module (gnu packages xorg))
(define-public liboop
(package
@ -100,7 +101,11 @@ basis for almost any application.")
("liboop" ,liboop)
("zlib" ,guix:zlib)
("gmp" ,gmp)))
("gmp" ,gmp)
;; The server (lshd) invokes xauth when X11 forwarding is requested.
;; This adds 24 MiB (or 27%) to the closure of lsh.
("xauth" ,xauth)))
(arguments
'(;; Skip the `configure' test that checks whether /dev/ptmx &
;; co. work as expected, because it relies on impurities (for
@ -113,26 +118,36 @@ basis for almost any application.")
#:tests? #f
#:phases
(alist-cons-before
'configure 'pre-configure
(lambda* (#:key inputs #:allow-other-keys)
(let* ((nettle (assoc-ref inputs "nettle"))
(sexp-conv (string-append nettle "/bin/sexp-conv")))
;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place
;; by default.
(substitute* "src/environ.h.in"
(("^#define PATH_SEXP_CONV.*")
(string-append "#define PATH_SEXP_CONV \""
sexp-conv "\"\n")))
(modify-phases %standard-phases
(add-before 'configure 'pre-configure
(lambda* (#:key inputs #:allow-other-keys)
(let* ((nettle (assoc-ref inputs "nettle"))
(sexp-conv (string-append nettle "/bin/sexp-conv")))
;; Make sure 'lsh' and 'lshd' pick 'sexp-conv' in the right place
;; by default.
(substitute* "src/environ.h.in"
(("^#define PATH_SEXP_CONV.*")
(string-append "#define PATH_SEXP_CONV \""
sexp-conv "\"\n")))
;; Same for the 'lsh-authorize' script.
(substitute* "src/lsh-authorize"
(("=sexp-conv")
(string-append "=" sexp-conv))))
;; Same for the 'lsh-authorize' script.
(substitute* "src/lsh-authorize"
(("=sexp-conv")
(string-append "=" sexp-conv)))
;; Tests rely on $USER being set.
(setenv "USER" "guix"))
%standard-phases)))
;; Tell lshd where 'xauth' lives. Another option would be to
;; hardcode "/run/current-system/profile/bin/xauth", thereby
;; reducing the closure size, but that wouldn't work on foreign
;; distros.
(with-fluids ((%default-port-encoding "ISO-8859-1"))
(substitute* "src/server_x11.c"
(("define XAUTH_PROGRAM.*")
(string-append "define XAUTH_PROGRAM \""
(assoc-ref inputs "xauth")
"/bin/xauth\"\n")))))
;; Tests rely on $USER being set.
(setenv "USER" "guix"))))))
(home-page "http://www.lysator.liu.se/~nisse/lsh/")
(synopsis "GNU implementation of the Secure Shell (ssh) protocols")
(description

2
gnu/packages/lua.scm
View File

@ -40,7 +40,7 @@
(patches (list (search-patch "lua-pkgconfig.patch")
(search-patch "lua52-liblua-so.patch")))))
(build-system gnu-build-system)
(inputs `(("readline", readline)))
(inputs `(("readline" ,readline)))
(arguments
'(#:modules ((guix build gnu-build-system)
(guix build utils)

9
gnu/packages/lxqt.scm
View File

@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -36,7 +37,7 @@
(origin
(method url-fetch)
(uri
(string-append "http://downloads.lxqt.org/libqtxdg/" version "/"
(string-append "https://downloads.lxqt.org/libqtxdg/" version "/"
name "-" version ".tar.xz"))
(sha256
(base32
@ -63,7 +64,7 @@ in Qt.")
(origin
(method url-fetch)
(uri
(string-append "http://downloads.lxqt.org/lxqt/" version "/"
(string-append "https://downloads.lxqt.org/lxqt/" version "/"
name "-" version ".tar.xz"))
(sha256
(base32
@ -91,7 +92,7 @@ components of the LXQt desktop environment.")
(origin
(method url-fetch)
(uri
(string-append "http://downloads.lxqt.org/lxqt/" version "/"
(string-append "https://downloads.lxqt.org/lxqt/" version "/"
name "-" version ".tar.xz"))
(sha256
(base32
@ -142,7 +143,7 @@ desktop environment.")
(origin
(method url-fetch)
(uri
(string-append "http://downloads.lxqt.org/lxqt/" version "/"
(string-append "https://downloads.lxqt.org/lxqt/" version "/"
name "-" version ".tar.xz"))
(sha256
(base32

42
gnu/packages/mail.scm
View File

@ -10,6 +10,7 @@
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
;;; Copyright © 2016 Al McElrath <hello@yrns.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -414,6 +415,47 @@ attachments, create new maildirs, and so on.")
ing, and tagging large collections of email messages.")
(license gpl3+)))
(define-public notmuch-addrlookup-c
(package
(name "notmuch-addrlookup-c")
(version "7")
(source (origin
(method url-fetch)
(uri (string-append
"https://github.com/aperezdc/" name "/archive/v"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"0rslg2ifgyhl6asv3yr1f62m9xjfcinv7i6qb07h2k217jqlmrri"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f ; no tests
#:make-flags (list "CC=gcc"
(string-append "PREFIX="
(assoc-ref %outputs "out")))
#:phases (modify-phases %standard-phases
(delete 'configure)
;; Remove vim code completion config, it's not needed to
;; build (or be patched).
(add-before 'patch-source-shebangs 'delete-ycm-file
(lambda _ (delete-file ".ycm_extra_conf.py")))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((bin (string-append
(assoc-ref outputs "out") "/bin")))
(install-file "notmuch-addrlookup" bin)))))))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
`(("glib" ,glib)
("notmuch" ,notmuch)))
(home-page "https://github.com/aperezdc/notmuch-addrlookup-c")
(synopsis "Address lookup tool for Notmuch")
(description "This is an address lookup tool using a Notmuch database,
useful for email address completion.")
(license license:expat)))
(define-public python2-notmuch
(package
(name "python2-notmuch")

211
gnu/packages/mate.scm Normal file
View File

@ -0,0 +1,211 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016 Fabian Harfert <fhmgufs@web.de>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages mate)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages glib)
#:use-module (gnu packages gtk)
#:use-module (gnu packages gnome)
#:use-module (gnu packages xorg)
#:use-module (gnu packages xdisorg)
#:use-module (gnu packages base)
#:use-module (gnu packages xml)
#:use-module (gnu packages python))
(define-public mate-icon-theme
(package
(name "mate-icon-theme")
(version "1.12.0")
(source (origin
(method url-fetch)
(uri (string-append "http://pub.mate-desktop.org/releases/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32
"0d91rvl9rw3xl8hmdcbb6xvi880kfmh2ra5chhrjimrjqgl57qkp"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)
("gtk+" ,gtk+)
("icon-naming-utils" ,icon-naming-utils)))
(home-page "http://mate-desktop.org/")
(synopsis "The MATE desktop environment icon theme")
(description
"This package contains the default icon theme used by the MATE desktop.")
(license license:lgpl3+)))
(define-public mate-themes
(package
(name "mate-themes")
(version "1.12.2")
(source (origin
(method url-fetch)
(uri (string-append "http://pub.mate-desktop.org/releases/"
(version-major+minor version) "/"
name "-gtk"
(version-major+minor (package-version gtk+))
"-" version ".tar.xz"))
(sha256
(base32
"0kyrlgs5azzj60gnxx2n9qszcligxn959wr42wr0iqnrpiygk5nf"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)))
(inputs
`(("gtk+" ,gtk+-2)
("gdk-pixbuf" ,gdk-pixbuf)
("gtk-engines" ,gtk-engines)
("murrine" ,murrine)))
(home-page "http://mate-desktop.org/")
(synopsis
"Official themes for the MATE desktop")
(description
"This package includes the standard themes for the MATE desktop, for
example Menta, TraditionalOk, GreenLaguna or BlackMate.")
(license (list license:lgpl2.1+ license:cc-by-sa3.0 license:gpl3+
license:gpl2+))))
(define-public mate-desktop
(package
(name "mate-desktop")
(version "1.12.1")
(source (origin
(method url-fetch)
(uri (string-append "http://pub.mate-desktop.org/releases/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32
"00ssrzm07xyrjra075jhir1f8iy382lla7923fhic29lap26mffr"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)
("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
("yelp-tools" ,yelp-tools)))
;;("gtk-doc" ,gtk-doc))) ; add back in when gtk-doc builds
(inputs
`(("libxrandr" ,libxrandr)))
(propagated-inputs
`(("dconf" ,dconf)
("gtk+" ,gtk+-2)
("startup-notification" ,startup-notification)))
(home-page "http://mate-desktop.org/")
(synopsis "Library with common API for various MATE modules")
(description
"This package contains a public API shared by several applications on the
desktop and the mate-about program.")
(license (list license:gpl2+ license:lgpl2.0+ license:fdl1.1+))))
(define-public libmateweather
(package
(name "libmateweather")
(version "1.12.1")
(source (origin
(method url-fetch)
(uri (string-append "http://pub.mate-desktop.org/releases/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32
"0qrq6z6knybixnxmsvkw58hm033m91inf523mbvzgv2r822fpakl"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
`(,(string-append "--with-zoneinfo-dir="
(assoc-ref %build-inputs "tzdata")
"/share/zoneinfo"))
#:phases
(modify-phases %standard-phases
(add-before
'check 'pre-check
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "data/check-timezones.sh"
(("/usr/share/zoneinfo/zone.tab")
(string-append (assoc-ref inputs "tzdata")
"/share/zoneinfo/zone.tab")))
#t)))))
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)
("glib:bin" ,glib "bin")))
(inputs
`(("dconf" ,dconf)
("tzdata" ,tzdata)))
(propagated-inputs
`(("gtk+" ,gtk+-2)
("gdk-pixbuf" ,gdk-pixbuf)
("libxml2" ,libxml2)
("libsoup" ,libsoup)))
(home-page "http://mate-desktop.org/")
(synopsis "MATE library for weather information from the Internet")
(description
"This library provides acess to weather information from the internet for
the MATE desktop environment.")
(license license:lgpl2.1+)))
(define-public mate-menus
(package
(name "mate-menus")
(version "1.12.0")
(source (origin
(method url-fetch)
(uri (string-append "http://pub.mate-desktop.org/releases/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32
"1i4m3fj0vd85zyhqhm8x9yr0h5i08aa4l99zqvbk59ncj6z3bdxh"))))
(build-system gnu-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after
'unpack 'fix-introspection-install-dir
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(substitute* '("configure")
(("`\\$PKG_CONFIG --variable=girdir gobject-introspection-1.0`")
(string-append "\"" out "/share/gir-1.0/\""))
(("\\$\\(\\$PKG_CONFIG --variable=typelibdir gobject-introspection-1.0\\)")
(string-append out "/lib/girepository-1.0/")))))))))
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)
("gobject-introspection" ,gobject-introspection)))
(inputs
`(("python" ,python-2)))
(propagated-inputs
`(("glib" ,glib)))
(home-page "http://mate-desktop.org/")
(synopsis "Freedesktop menu specification implementation for MATE")
(description
"The package contains an implementation of the freedesktop menu
specification, the MATE menu layout configuration files, .directory files and
assorted menu related utility programs.")
(license (list license:gpl2+ license:lgpl2.0+))))

10
gnu/packages/maths.scm
View File

@ -8,7 +8,7 @@
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015 Fabian Harfert <fhmgufs@web.de>
;;;
;;; This file is part of GNU Guix.
@ -177,7 +177,7 @@ numbers.")
(define-public glpk
(package
(name "glpk")
(version "4.57")
(version "4.58")
(source
(origin
(method url-fetch)
@ -185,7 +185,7 @@ numbers.")
version ".tar.gz"))
(sha256
(base32
"0p17jj1ixd2m9lnsvx8nywmfmnplfk5gvw25r1gy84qzrjkv48vk"))))
"1jmrya04hgwnrxrqqs40i6m9cqka3q601cx3nh9ijyvlg90zlq24"))))
(build-system gnu-build-system)
(inputs
`(("gmp" ,gmp)))
@ -339,7 +339,7 @@ singular value problems.")
(define-public gnuplot
(package
(name "gnuplot")
(version "5.0.1")
(version "5.0.2")
(source
(origin
(method url-fetch)
@ -347,7 +347,7 @@ singular value problems.")
version "/gnuplot-" version ".tar.gz"))
(sha256
(base32
"0irwig94w3f8bn4a444hrjnp7w55vqwv8gqj42jiwn6zf5z5bg3w"))))
"146qn414z96c7cc42a1kb9a4kpjc2q2hfdwk44kjjvgmfp9k2ass"))))
(build-system gnu-build-system)
(inputs `(("readline" ,readline)
("cairo" ,cairo)

70
gnu/packages/mit-krb5.scm
View File

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -21,7 +21,6 @@
#:use-module (gnu packages)
#:use-module (gnu packages bison)
#:use-module (gnu packages perl)
#:use-module (gnu packages gcc)
#:use-module (guix licenses)
#:use-module (guix packages)
#:use-module (guix download)
@ -31,70 +30,31 @@
(define-public mit-krb5
(package
(name "mit-krb5")
(version "1.13.2")
(version "1.13.3")
(source (origin
(method url-fetch)
(uri (string-append "http://web.mit.edu/kerberos/www/dist/krb5/"
(uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
(version-major+minor version)
"/krb5-" version "-signed.tar"))
(sha256 (base32
"1qbdzyrws7d0q4filsibh28z54pd5l987jr0ygv43iq9085w6a75"))))
"/krb5-" version ".tar.gz"))
(sha256
(base32
"1gpscn78lv48dxccxq9ncyj53w9l2a15xmngjfa1wylvmn7g0jjx"))
(patches
(map search-patch '("mit-krb5-init-context-null-spnego.patch"
"mit-krb5-CVE-2015-8629.patch"
"mit-krb5-CVE-2015-8630.patch"
"mit-krb5-CVE-2015-8631.patch")))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
("perl" ,perl)
;; Include the patches as native-inputs.
,@(map (lambda (label)
(let ((input-name (string-append "patch/" label))
(file-name (string-append name "-" label ".patch")))
`(,input-name ,(search-patch file-name))))
'("CVE-2015-2695-pt1"
"CVE-2015-2695-pt2"
"CVE-2015-2696"
"CVE-2015-2697"
"CVE-2015-2698-pt1"
"CVE-2015-2698-pt2"))))
("perl" ,perl)))
(arguments
`(#:modules ((ice-9 ftw)
(ice-9 match)
(srfi srfi-1)
,@%gnu-build-system-modules)
#:phases
`(#:phases
(modify-phases %standard-phases
(replace 'unpack
(lambda* (#:key source #:allow-other-keys)
(define (sub-directory? name)
(and (not (member name '("." "..")))
(equal? (stat:type (stat name))
'directory)))
(and (zero? (system* "tar" "xvf" source))
(match (find-files "." "\\.tar\\.gz$")
((inner-tar-file)
(zero? (system* "tar" "xvf" inner-tar-file))))
(match (scandir "." sub-directory?)
((directory)
(chdir directory)
#t)))))
(add-after 'unpack 'apply-patches
(lambda* (#:key inputs native-inputs #:allow-other-keys)
(let ((patches (filter (match-lambda
((name . file)
(string-prefix? "patch/" name)))
(or native-inputs inputs))))
(every (match-lambda
((name . file)
(format (current-error-port)
"applying '~a'...~%" name)
(zero? (system* "patch" "-p1" "--force" "-i" file))))
patches))))
(add-after 'apply-patches 'enter-source-directory
(add-after 'unpack 'enter-source-directory
(lambda _
(chdir "src")
#t))
(add-before 'check 'pre-check
(lambda* (#:key inputs #:allow-other-keys)
(let ((perl (assoc-ref inputs "perl")))

5
gnu/packages/moe.scm
View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -27,7 +28,7 @@
(define-public moe
(package
(name "moe")
(version "1.7")
(version "1.8")
(source
(origin
(method url-fetch)
@ -35,7 +36,7 @@
version ".tar.lz"))
(sha256
(base32
"1fzimk1qpmsm7wzfnjzzrp4dvdn7ipdb5j7969910g1m93wndfik"))))
"0mv4pg38p0dq88xmxxv08rykn7vv4x7gskmdk7nfp3vx37r4xzvy"))))
(build-system gnu-build-system)
(native-inputs `(("lzip" ,lzip)))
(inputs `(("ncurses" ,ncurses)))

23
gnu/packages/mpd.scm
View File

@ -4,6 +4,7 @@
;;; Copyright © 2014 Cyrill Schenkel <cyrill.schenkel@gmail.com>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@ -69,7 +70,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
(define-public mpd
(package
(name "mpd")
(version "0.19.10")
(version "0.19.12")
(source (origin
(method url-fetch)
(uri
@ -78,7 +79,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
"/mpd-" version ".tar.xz"))
(sha256
(base32
"0laqn68iggqf0h06hg282cvpd9wsjqpjfg5fnn9wk3gr48yyp1n3"))))
"0xg8w5vn6xd0yfw55qj6wnav7v14nmr00s3d4w5gixbjrv3ycvvv"))))
(build-system gnu-build-system)
(inputs `(("ao" ,ao)
("alsa-lib" ,alsa-lib)
@ -178,7 +179,7 @@ terminal using ncurses.")
(define-public ncmpcpp
(package
(name "ncmpcpp")
(version "0.6.7")
(version "0.7.3")
(source (origin
(method url-fetch)
(uri
@ -186,13 +187,14 @@ terminal using ncurses.")
version ".tar.bz2"))
(sha256
(base32
"0yr1ib14qkgbsv839anpzkfbwkm6gg8wv4bf98ar7q5l2p2pv008"))))
"04mj6r0whikliblxfbz92pibwcd7a3ywkryf01a89zd4bi1jk2rc"))))
(build-system gnu-build-system)
(inputs `(("libmpdclient" ,libmpdclient)
("boost" ,boost)
("readline" ,readline)
("ncurses" ,ncurses)
("taglib" ,taglib)))
("taglib" ,taglib)
("icu4c" ,icu4c)))
(native-inputs
`(("pkg-config" ,pkg-config)
("automake" ,automake)
@ -202,12 +204,11 @@ terminal using ncurses.")
'(#:configure-flags
'("BOOST_LIB_SUFFIX=" "--with-taglib")
#:phases
(alist-cons-after
'unpack 'autogen
(lambda _
(setenv "NOCONFIGURE" "true")
(zero? (system* "sh" "autogen.sh")))
%standard-phases)))
(modify-phases %standard-phases
(add-after 'unpack 'autogen
(lambda _
(setenv "NOCONFIGURE" "true")
(zero? (system* "sh" "autogen.sh")))))))
(synopsis "Featureful ncurses based MPD client inspired by ncmpc")
(description "Ncmpcpp is an mpd client with a UI very similar to ncmpc,
but it provides new useful features such as support for regular expressions

156
gnu/packages/music.scm
View File

@ -2,6 +2,8 @@
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
;;; Copyright © 2016 Al McElrath <hello@yrns.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -32,13 +34,15 @@
#:use-module (gnu packages algebra)
#:use-module (gnu packages audio)
#:use-module (gnu packages autotools)
#:use-module (gnu packages backup)
#:use-module (gnu packages base) ;libbdf
#:use-module (gnu packages boost)
#:use-module (gnu packages bison)
#:use-module (gnu packages boost)
#:use-module (gnu packages cdrom)
#:use-module (gnu packages code)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
#:use-module (gnu packages curl)
#:use-module (gnu packages docbook)
#:use-module (gnu packages doxygen)
#:use-module (gnu packages flex)
@ -46,6 +50,7 @@
#:use-module (gnu packages fonts)
#:use-module (gnu packages fontutils)
#:use-module (gnu packages gcc)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages gettext)
#:use-module (gnu packages ghostscript)
#:use-module (gnu packages gl)
@ -145,64 +150,32 @@ many input formats and provides a customisable Vi-style user interface.")
(define-public hydrogen
(package
(name "hydrogen")
(version "0.9.5.1")
(version "0.9.6.1")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://sourceforge/hydrogen/Hydrogen/"
(version-prefix version 3) "%20Sources/"
"hydrogen-" version ".tar.gz"))
"https://github.com/hydrogen-music/hydrogen/archive/"
version ".tar.gz"))
(sha256
(base32
"1fvyp6gfzcqcc90dmaqbm11p272zczz5pfz1z4lj33nfr7z0bqgb"))))
(build-system gnu-build-system)
"0vxnaqfmcv7hhk0cj67imdcqngspnck7f0wfmvhfgfqa7x1xznll"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ;no "check" target
#:phases
;; TODO: Add scons-build-system and use it here.
(modify-phases %standard-phases
(delete 'configure)
(add-after 'unpack 'scons-propagate-environment
(lambda _
;; By design, SCons does not, by default, propagate
;; environment variables to subprocesses. See:
;; <http://comments.gmane.org/gmane.linux.distributions.nixos/4969>
;; Here, we modify the Sconstruct file to arrange for
;; environment variables to be propagated.
(substitute* "Sconstruct"
(("^env = Environment\\(")
"env = Environment(ENV=os.environ, "))))
(replace 'build
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(zero? (system* "scons"
(string-append "prefix=" out)
"lrdf=0" ; cannot be found
"lash=1")))))
(add-before
'install
'fix-img-install
(lambda _
;; The whole ./data/img directory is copied to the target first.
;; Scons complains about existing files when we try to install all
;; images a second time.
(substitute* "Sconstruct"
(("os.path.walk\\(\"./data/img/\",install_images,env\\)") ""))
#t))
(replace 'install (lambda _ (zero? (system* "scons" "install")))))))
`(#:test-target "tests"))
(native-inputs
`(("scons" ,scons)
("python" ,python-2)
`(("cppunit" ,cppunit)
("pkg-config" ,pkg-config)))
(inputs
`(("zlib" ,zlib)
("libtar" ,libtar)
("alsa-lib" ,alsa-lib)
`(("alsa-lib" ,alsa-lib)
("jack" ,jack-1)
;; ("ladspa" ,ladspa) ; cannot find during configure
("lash" ,lash)
;;("lrdf" ,lrdf) ;FIXME: cannot be found by scons
("libarchive" ,libarchive)
("libsndfile" ,libsndfile)
("libtar" ,libtar)
("lrdf" ,lrdf)
("qt" ,qt-4)
("libsndfile" ,libsndfile)))
("zlib" ,zlib)))
(home-page "http://www.hydrogen-music.org")
(synopsis "Drum machine")
(description
@ -252,6 +225,54 @@ enable professional yet simple and intuitive pattern-based drum programming.")
you to define complex tempo maps for entire songs or performances.")
(license license:gpl2+)))
(define-public gtklick
(package
(name "gtklick")
(version "0.6.4")
(source (origin
(method url-fetch)
(uri (string-append "http://das.nasophon.de/download/gtklick-"
version ".tar.gz"))
(sha256
(base32
"0dq1km6njnzsqdqyf6wzir9g733z0mc9vmxfg2383k3c2a2di6bp"))))
(build-system python-build-system)
(arguments
`(#:tests? #f ; no tests
#:python ,python-2
#:phases
(modify-phases %standard-phases
(add-before 'build 'add-sitedirs
;; .pth files are not automatically interpreted unless the
;; directories containing them are added as "sites". The directories
;; are then added to those in the PYTHONPATH. This is required for
;; the operation of pygtk.
(lambda _
(substitute* "gtklick/gtklick.py"
(("import pygtk")
"import pygtk, site, sys
for path in [path for path in sys.path if 'site-packages' in path]: site.addsitedir(path)"))))
(add-after 'unpack 'inject-store-path-to-klick
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "gtklick/klick_backend.py"
(("KLICK_PATH = 'klick'")
(string-append "KLICK_PATH = '"
(assoc-ref inputs "klick")
"/bin/klick'")))
#t)))))
(inputs
`(("klick" ,klick)
("python2-pyliblo" ,python2-pyliblo)
("python2-pygtk" ,python2-pygtk)))
(native-inputs
`(("gettext" ,gnu-gettext)))
(home-page "http://das.nasophon.de/gtklick/")
(synopsis "Simple metronome with an easy-to-use graphical interface")
(description
"Gtklick is a simple metronome with an easy-to-use graphical user
interface. It is implemented as a frontend to @code{klick}.")
(license license:gpl2+)))
(define-public lilypond
(package
(name "lilypond")
@ -916,15 +937,15 @@ instrument or MIDI file player.")
(define-public zynaddsubfx
(package
(name "zynaddsubfx")
(version "2.5.2")
(version "2.5.3")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://sourceforge/zynaddsubfx/zynaddsubfx/"
version "/zynaddsubfx-" version ".tar.gz"))
version "/zynaddsubfx-" version ".tar.bz2"))
(sha256
(base32
"11yrady7xwfrzszkk2fvq81ymv99mq474h60qnirk27khdygk24m"))))
"04da54p19p7f5wm6vm7abbjbsil1qf7n5f4adj01jm6b0wqigvgb"))))
(build-system cmake-build-system)
(arguments
`(#:phases
@ -1078,3 +1099,38 @@ computer's keyboard.")
JACK for audio and ALSA sequencer for MIDI as multimedia infrastructures and
follows a traditional multi-track tape recorder control paradigm.")
(license license:gpl2+)))
(define-public pianobar
(package
(name "pianobar")
(version "2015.11.22")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/PromyLOPh/"
name "/archive/" version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"022df19bhxqvkhy0qy21xahba5s1fm17b13y0p9p9dnf2yl44wfv"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; no tests
#:make-flags (list "CC=gcc" "CFLAGS=-std=c99"
(string-append "PREFIX=" %output))
#:phases (modify-phases %standard-phases
(delete 'configure))))
(inputs
`(("ao" ,ao)
("curl" ,curl)
("libgcrypt" ,libgcrypt)
("json-c" ,json-c)
("ffmpeg" ,ffmpeg)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "http://6xq.net/projects/pianobar/")
(synopsis "Console-based pandora.com player")
(description "pianobar is a console-based music player for the
personalized online radio pandora.com. It has configurable keys for playing
and managing stations, can be controlled remotely via fifo, and can run
event-based scripts for scrobbling, notifications, etc.")
(license license:expat)))

4
gnu/packages/nano.scm
View File

@ -28,7 +28,7 @@
(define-public nano
(package
(name "nano")
(version "2.5.1")
(version "2.5.2")
(source
(origin
(method url-fetch)
@ -36,7 +36,7 @@
version ".tar.gz"))
(sha256
(base32
"1piv8prj6w3rvsrrx41ra8c10b8fzkgjhnm6399lsgqqpw0wlvz0"))))
"0hgbmqzjy1pashb1g3qby75pqb7r5g9bmn1iajlx50082b2nmgc9"))))
(build-system gnu-build-system)
(inputs
`(("gettext" ,gnu-gettext)

28
gnu/packages/nettle.scm
View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -59,30 +60,17 @@ themselves.")
;; This version is not API-compatible with version 2. In particular, lsh
;; cannot use it yet. So keep it separate.
(package (inherit nettle-2)
(version "3.1.1")
(version "3.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/nettle/nettle-"
version ".tar.gz"))
(sha256
(base32
"0k1x57zviysvi91lkk66cg8v819vywm5g5yqs22wppfqcifx5m2z"))))
"15wxhk52yc62rx0pddmry66hqm6z5brrrkx4npd3wh9nybg86hpa"))))
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after
'configure 'disable-ifunc-init-method
(lambda _
;; Work around problems with the ifunc initialization method in
;; nettle. For details, see
;; <http://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003389.html>
;; and <https://sourceware.org/ml/libc-help/2015-06/msg00010.html>.
(substitute* "config.h"
(("#define HAVE_LINK_IFUNC 1")
"/* #undef HAVE_LINK_IFUNC */"))
#t)))
,@(substitute-keyword-arguments (package-arguments nettle-2)
((#:configure-flags flags)
;; Build "fat" binaries where the right implementation is chosen
;; at run time based on CPU features (starting from 3.1.)
`(cons "--enable-fat" ,flags)))))))
(substitute-keyword-arguments (package-arguments nettle-2)
((#:configure-flags flags)
;; Build "fat" binaries where the right implementation is chosen
;; at run time based on CPU features (starting from 3.1.)
`(cons "--enable-fat" ,flags))))))

57
gnu/packages/ocaml.scm
View File

@ -4,6 +4,7 @@
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -42,6 +43,7 @@
#:use-module (gnu packages lynx)
#:use-module (gnu packages perl)
#:use-module (gnu packages python)
#:use-module (gnu packages m4)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages version-control)
#:use-module (gnu packages curl))
@ -60,6 +62,10 @@
(base32
"1qwwvy8nzd87hk8rd9sm667nppakiapnx4ypdwcrlnav2dz6kil3"))))
(build-system gnu-build-system)
(native-search-paths
(list (search-path-specification
(variable "OCAMLPATH")
(files (list (string-append "lib/ocaml"))))))
(native-inputs
`(("perl" ,perl)
("pkg-config" ,pkg-config)))
@ -471,6 +477,8 @@ provers.")
(arguments
`(#:tests? #f ; no check target
;; opt: also install cmxa files
#:make-flags (list "all" "opt")
;; Occasionally we would get "Error: Unbound module GtkThread" when
;; compiling 'gtkThInit.ml', with 'make -j'. So build sequentially.
#:parallel-build? #f
@ -613,3 +621,52 @@ a collection of files and directories to be stored on different hosts
brought up to date by propagating the changes in each replica
to the other.")
(license gpl3+)))
(define-public ocaml-findlib
(package
(name "ocaml-findlib")
(version "1.6.1")
(source (origin
(method url-fetch)
(uri (string-append "http://download.camlcity.org/download/"
"findlib" "-" version ".tar.gz"))
(sha256
(base32
"02abg1lsnwvjg3igdyb8qjgr5kv1nbwl4gaf8mdinzfii5p82721"))
(patches
(list (search-patch "ocaml-findlib-make-install.patch")))))
(build-system gnu-build-system)
(native-inputs
`(("camlp4" ,camlp4)
("m4" ,m4)
("ocaml" ,ocaml)))
(arguments
`(#:tests? #f ; no test suite
#:parallel-build? #f
#:make-flags (list "all" "opt")
#:phases (modify-phases %standard-phases
(replace
'configure
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(system*
"./configure"
"-bindir" (string-append out "/bin")
"-config" (string-append out "/etc/ocamfind.conf")
"-mandir" (string-append out "/share/man")
"-sitelib" (string-append out "/lib/ocaml/site-lib")
"-with-toolbox")))))))
(home-page "http://projects.camlcity.org/projects/findlib.html")
(synopsis "Management tool for OCaml libraries")
(description
"The \"findlib\" library provides a scheme to manage reusable software
components (packages), and includes tools that support this scheme. Packages
are collections of OCaml modules for which metainformation can be stored. The
packages are kept in the filesystem hierarchy, but with strict directory
structure. The library contains functions to look the directory up that
stores a package, to query metainformation about a package, and to retrieve
dependency information about multiple packages. There is also a tool that
allows the user to enter queries on the command-line. In order to simplify
compilation and linkage, there are new frontends of the various OCaml
compilers that can directly deal with packages.")
(license x11)))

7
gnu/packages/openbox.scm
View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -31,15 +32,15 @@
(define-public openbox
(package
(name "openbox")
(version "3.5.2")
(version "3.6.1")
(source (origin
(method url-fetch)
(uri (string-append
"http://www.icculus.org/openbox/releases/" name "-"
version ".tar.gz"))
version ".tar.xz"))
(sha256
(base32
"0cxgb334zj6aszwiki9g10i56sm18i7w1kw52vdnwgzq27pv93qj"))))
"0vg2y1qddsdxkjv806mzpvmkgzliab8ll4s7zm7ma5jnriamirxb"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)))
(inputs `(("imlib2" ,imlib2)

20
gnu/packages/openstack.scm
View File

@ -304,12 +304,7 @@ portions of your testing code.")
(license asl2.0)))
(define-public python2-requests-mock
(let ((requests-mock (package-with-python2 python-requests-mock)))
(package (inherit requests-mock)
(propagated-inputs
`(("python2-requests" ,python2-requests)
,@(alist-delete "python-requests"
(package-propagated-inputs requests-mock)))))))
(package-with-python2 python-requests-mock))
(define-public python-stevedore
(package
@ -392,12 +387,7 @@ common features used in Tempest.")
(license asl2.0)))
(define-public python2-tempest-lib
(let ((tempest-lib (package-with-python2 python-tempest-lib)))
(package (inherit tempest-lib)
(propagated-inputs
`(("python2-jsonschema", python2-jsonschema)
,@(alist-delete "python-jsonschema"
(package-propagated-inputs tempest-lib)))))))
(package-with-python2 python-tempest-lib))
;; Packages from the Oslo library
(define-public python-oslo.config
@ -606,9 +596,7 @@ from the OpenStack project.")
(license asl2.0)))
(define-public python2-oslosphinx
(let ((oslosphinx (package-with-python2 python-oslosphinx)))
(package (inherit oslosphinx)
(propagated-inputs `(("python2-requests" ,python2-requests))))))
(package-with-python2 python-oslosphinx))
(define-public python-oslotest
(package
@ -782,7 +770,7 @@ LDAP.")
"1j33l4z9vqh0scfncl4fxg01zr1hgqxhhai6gvcih1gccqm4nd7p"))))
(build-system python-build-system)
(native-inputs
`(("python-pbr", python-pbr)
`(("python-pbr" ,python-pbr)
("python-setuptools" ,python-setuptools)
("python-sphinx" ,python-sphinx)
;; The folloing packages are needed for the tests.

6
gnu/packages/owncloud.scm
View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -34,14 +34,14 @@
(define-public owncloud-client
(package
(name "owncloud-client")
(version "2.1.0")
(version "2.1.1")
(source
(origin
(method url-fetch)
(uri (string-append "https://download.owncloud.com/desktop/stable/"
"owncloudclient-" version ".tar.xz"))
(sha256
(base32 "0gyhll4yfxcpyc5m73zar5f33qgnmpwiggw2adxdiqy55hc3ymbk"))))
(base32 "1jxi439qff4acvyvszjprj42kvzhlz255wv8g4p3jrf55svzwz2f"))))
(build-system cmake-build-system)
(arguments
`(#:phases

51
gnu/packages/package-management.scm
View File

@ -239,14 +239,14 @@ the Nix package manager.")
(define-public nix
(package
(name "nix")
(version "1.10")
(version "1.11.2")
(source (origin
(method url-fetch)
(uri (string-append "http://nixos.org/releases/nix/nix-"
version "/nix-" version ".tar.xz"))
(sha256
(base32
"1xhh7l1dqwn6i3m51xp8l0aa95da3823w4h8n8hfxlcxaixcl4jn"))))
"1mk9z75gklxcv6kzwwz1h5r2ci5kjy6bh7qwk4m5lf5v9s0k64pw"))))
(build-system gnu-build-system)
;; XXX: Should we pass '--with-store-dir=/gnu/store'? But then we'd also
;; need '--localstatedir=/var'. But then! The thing would use /var/nix
@ -389,21 +389,23 @@ transactions from C or Python.")
(define-public diffoscope
(package
(name "diffoscope")
(version "34")
(version "49")
(source (origin
(method git-fetch)
(uri (git-reference
(url
"https://anonscm.debian.org/cgit/reproducible/diffoscope.git")
(commit version)))
(method url-fetch)
(uri (pypi-uri name version))
(sha256
(base32
"1g8b7bpkmns0355gkr3a244affwx4xzqwahwsl6ivw4z0qv7dih8"))
(file-name (string-append name "-" version "-checkout"))))
"1mf6b7j82ckn90ggz6bp6c2jydz87xj8r8jmfl4hg7jcmf7dxmim"))))
(build-system python-build-system)
(arguments
`(#:python ,python-2
#:phases (modify-phases %standard-phases
`(#:phases (modify-phases %standard-phases
;; setup.py mistakenly requires python-magic from PyPi, even
;; though the Python bindings of `file` are sufficient.
;; https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815844
(add-after 'unpack 'dependency-on-python-magic
(lambda _
(substitute* "setup.py"
(("'python-magic',") ""))))
(add-before 'build 'disable-egg-zipping
(lambda _
;; Leave the .egg file uncompressed.
@ -411,27 +413,16 @@ transactions from C or Python.")
(display "\n[easy_install]\nzip_ok = 0\n"
port)
(close-port port)
#t)))
(add-before 'build 'dependency-on-rpm
(lambda _
(substitute* "setup.py"
;; Somehow this requirement is reported as not met,
;; even though rpm.py is in the search path. So
;; delete it.
(("'rpm-python',") ""))
#t)))
;; FIXME: Some obscure test failures.
#:tests? #f))
#t))))))
(inputs `(("rpm" ,rpm) ;for rpm-python
("python-file" ,python2-file)
("python-debian" ,python2-debian)
("python-libarchive-c" ,python2-libarchive-c)
("python-tlsh" ,python2-tlsh)
("python-file" ,python-file)
("python-debian" ,python-debian)
("python-libarchive-c" ,python-libarchive-c)
("python-tlsh" ,python-tlsh)
;; Below are modules used for tests.
("python-pytest" ,python2-pytest)
("python-chardet" ,python2-chardet)))
(native-inputs `(("python-setuptools" ,python2-setuptools)))
("python-pytest" ,python-pytest)
("python-chardet" ,python-chardet)))
(home-page "http://diffoscope.org/")
(synopsis "Compare files, archives, and directories in depth")
(description

90
gnu/packages/parallel.scm
View File

@ -1,7 +1,9 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013,2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2013, 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Pjotr Prins <pjotr.guix@thebird.nl>
;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@ -19,17 +21,28 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages parallel)
#:use-module (guix packages)
#:use-module (guix licenses)
#:use-module (guix download)
#:use-module (guix build-system gnu)
#:use-module (guix download)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (gnu packages)
#:use-module (gnu packages perl))
#:use-module (gnu packages admin)
#:use-module (gnu packages autotools)
#:use-module (gnu packages freeipmi)
#:use-module (gnu packages linux)
#:use-module (gnu packages mpi)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages readline)
#:use-module (gnu packages tcl)
#:use-module (gnu packages tls)
#:use-module (gnu packages web))
(define-public parallel
(package
(name "parallel")
(version "20151222")
(version "20160122")
(source
(origin
(method url-fetch)
@ -37,7 +50,7 @@
version ".tar.bz2"))
(sha256
(base32
"03czpnsj77xxzqxzzr1b39ym9acn94hknzbilbh28v5q1wk7r4mf"))))
"1xs8y8jh7wyjs27079xz0ja7xfi4dywz8d6hbkl44mafdnnfjfiy"))))
(build-system gnu-build-system)
(inputs `(("perl" ,perl)))
(home-page "http://www.gnu.org/software/parallel/")
@ -46,4 +59,65 @@
"GNU Parallel is a tool for executing shell jobs in parallel using one
or more computers. Jobs can consist of single commands or of scripts
and they are executed on lists of files, hosts, users or other items.")
(license gpl3+)))
(license license:gpl3+)))
(define-public slurm
(package
(name "slurm")
(version "15.08.7.1")
(source (origin
(method url-fetch)
(uri (string-append
"https://github.com/SchedMD/slurm/archive/slurm-"
(string-join (string-split version #\.) "-") ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1rmi35l4img00dr4vic8cv8s7b6n1yx1mkq2s7kjf5hvqdh6s2ki"))
(patches (list
(search-patch "slurm-configure-remove-nonfree-contribs.patch")))
(modules '((guix build utils)))
(snippet
'(begin
(delete-file-recursively "contribs")
#t))))
;; FIXME: More optional inputs could be added,
;; in particular mysql and gtk+.
(inputs `(("expect" ,expect)
("freeipmi" ,freeipmi)
("hwloc" ,hwloc)
("json-c" ,json-c)
("linux-pam" , linux-pam)
("munge" ,munge)
("numactl" ,numactl)
("openssl" ,openssl)
("perl" ,perl)
("python" ,python-wrapper)
("readline" ,readline)))
(native-inputs
`(("autoconf" ,autoconf)
("pkg-config" ,pkg-config)))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list "--enable-pam"
(string-append "--with-freeipmi=" (assoc-ref %build-inputs "freeipmi"))
(string-append "--with-hwloc=" (assoc-ref %build-inputs "hwloc"))
(string-append "--with-json=" (assoc-ref %build-inputs "json-c"))
(string-append "--with-munge=" (assoc-ref %build-inputs "munge"))
(string-append "--with-ssl=" (assoc-ref %build-inputs "openssl")))
#:phases
(modify-phases %standard-phases
(add-before
'configure 'autogen
(lambda _ (zero? (system* "autoconf"))))))) ; configure.ac was patched
(home-page "http://slurm.schedmd.com/")
(synopsis "Workload manager for cluster computing")
(description
"SLURM is a fault-tolerant and highly scalable cluster management and job
scheduling system for large and small clusters. It allocates access to
resources (computer nodes) to users for some duration of time, provides a
framework for starting, executing, and monitoring work (typically a parallel
job) on a set of allocated nodes, and arbitrates contention for resources
by managing a queue of pending work.")
(license license:gpl2+)))

49
gnu/packages/patches/cpio-CVE-2016-2037.patch Normal file
View File

@ -0,0 +1,49 @@
Fix CVE-2016-2037 (out of bounds write in process_copy_in()).
Copied from upstream mailing list:
https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
---
Other calls to cpio_safer_name_suffix seem to be safe.
.
* src/copyin.c (process_copy_in): Make sure that file_hdr.c_name
has at least two bytes allocated.
* src/util.c (cpio_safer_name_suffix): Document that use of this
function requires to be careful.
Author: Pavel Raiskup <praiskup@redhat.com>
---
src/copyin.c | 2 ++
src/util.c | 5 ++++-
2 files changed, 6 insertions(+), 1 deletion(-)
Index: cpio-2.11+dfsg/src/copyin.c
===================================================================
--- cpio-2.11+dfsg.orig/src/copyin.c
+++ cpio-2.11+dfsg/src/copyin.c
@@ -1433,6 +1433,8 @@ process_copy_in ()
break;
}
+ if (file_hdr.c_namesize <= 1)
+ file_hdr.c_name = xrealloc(file_hdr.c_name, 2);
cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
false);
Index: cpio-2.11+dfsg/src/util.c
===================================================================
--- cpio-2.11+dfsg.orig/src/util.c
+++ cpio-2.11+dfsg/src/util.c
@@ -1374,7 +1374,10 @@ set_file_times (int fd,
}
/* Do we have to ignore absolute paths, and if so, does the filename
- have an absolute path? */
+ have an absolute path?
+ Before calling this function make sure that the allocated NAME buffer has
+ capacity at least 2 bytes to allow us to store the "." string inside. */
+
void
cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
bool strip_leading_dots)

559
gnu/packages/patches/glibc-CVE-2015-7547.patch Normal file
View File

@ -0,0 +1,559 @@
Copied from Fedora:
http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584
Adapted to apply cleanly to glibc-2.22.
Index: b/resolv/nss_dns/dns-host.c
===================================================================
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an
int h_namelen = 0;
if (ancount == 0)
- return NSS_STATUS_NOTFOUND;
+ {
+ *h_errnop = HOST_NOT_FOUND;
+ return NSS_STATUS_NOTFOUND;
+ }
while (ancount-- > 0 && cp < end_of_message && had_error == 0)
{
@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an
/* Special case here: if the resolver sent a result but it only
contains a CNAME while we are looking for a T_A or T_AAAA record,
we fail with NOTFOUND instead of TRYAGAIN. */
- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
+ if (canon != NULL)
+ {
+ *h_errnop = HOST_NOT_FOUND;
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ *h_errnop = NETDB_INTERNAL;
+ return NSS_STATUS_TRYAGAIN;
}
@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1,
enum nss_status status = NSS_STATUS_NOTFOUND;
+ /* Combining the NSS status of two distinct queries requires some
+ compromise and attention to symmetry (A or AAAA queries can be
+ returned in any order). What follows is a breakdown of how this
+ code is expected to work and why. We discuss only SUCCESS,
+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
+ that apply (though RETURN and MERGE exist). We make a distinction
+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
+ A recoverable TRYAGAIN is almost always due to buffer size issues
+ and returns ERANGE in errno and the caller is expected to retry
+ with a larger buffer.
+
+ Lastly, you may be tempted to make significant changes to the
+ conditions in this code to bring about symmetry between responses.
+ Please don't change anything without due consideration for
+ expected application behaviour. Some of the synthesized responses
+ aren't very well thought out and sometimes appear to imply that
+ IPv4 responses are always answer 1, and IPv6 responses are always
+ answer 2, but that's not true (see the implemetnation of send_dg
+ and send_vc to see response can arrive in any order, particlarly
+ for UDP). However, we expect it holds roughly enough of the time
+ that this code works, but certainly needs to be fixed to make this
+ a more robust implementation.
+
+ ----------------------------------------------
+ | Answer 1 Status / | Synthesized | Reason |
+ | Answer 2 Status | Status | |
+ |--------------------------------------------|
+ | SUCCESS/SUCCESS | SUCCESS | [1] |
+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] |
+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] |
+ | SUCCESS/NOTFOUND | SUCCESS | [1] |
+ | SUCCESS/UNAVAIL | SUCCESS | [1] |
+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] |
+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] |
+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] |
+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] |
+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] |
+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] |
+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] |
+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] |
+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] |
+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] |
+ | NOTFOUND/SUCCESS | SUCCESS | [3] |
+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] |
+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] |
+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] |
+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] |
+ | UNAVAIL/SUCCESS | UNAVAIL | [4] |
+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] |
+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] |
+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] |
+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] |
+ ----------------------------------------------
+
+ [1] If the first response is a success we return success.
+ This ignores the state of the second answer and in fact
+ incorrectly sets errno and h_errno to that of the second
+ answer. However because the response is a success we ignore
+ *errnop and *h_errnop (though that means you touched errno on
+ success). We are being conservative here and returning the
+ likely IPv4 response in the first answer as a success.
+
+ [2] If the first response is a recoverable TRYAGAIN we return
+ that instead of looking at the second response. The
+ expectation here is that we have failed to get an IPv4 response
+ and should retry both queries.
+
+ [3] If the first response was not a SUCCESS and the second
+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
+ result from the second response, otherwise the first responses
+ status is used. Again we have some odd side-effects when the
+ second response is NOTFOUND because we overwrite *errnop and
+ *h_errnop that means that a first answer of NOTFOUND might see
+ its *errnop and *h_errnop values altered. Whether it matters
+ in practice that a first response NOTFOUND has the wrong
+ *errnop and *h_errnop is undecided.
+
+ [4] If the first response is UNAVAIL we return that instead of
+ looking at the second response. The expectation here is that
+ it will have failed similarly e.g. configuration failure.
+
+ [5] Testing this code is complicated by the fact that truncated
+ second response buffers might be returned as SUCCESS if the
+ first answer is a SUCCESS. To fix this we add symmetry to
+ TRYAGAIN with the second response. If the second response
+ is a recoverable error we now return TRYAGIN even if the first
+ response was SUCCESS. */
+
if (anslen1 > 0)
status = gaih_getanswer_slice(answer1, anslen1, qname,
&pat, &buffer, &buflen,
errnop, h_errnop, ttlp,
&first);
+
if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
|| (status == NSS_STATUS_TRYAGAIN
/* We want to look at the second answer in case of an
@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1,
&pat, &buffer, &buflen,
errnop, h_errnop, ttlp,
&first);
+ /* Use the second response status in some cases. */
if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
status = status2;
+ /* Do not return a truncated second response (unless it was
+ unavoidable e.g. unrecoverable TRYAGAIN). */
+ if (status == NSS_STATUS_SUCCESS
+ && (status2 == NSS_STATUS_TRYAGAIN
+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
+ status = NSS_STATUS_TRYAGAIN;
}
return status;
Index: b/resolv/res_query.c
===================================================================
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
}
@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
if (saved_herrno != -1)
Index: b/resolv/res_send.c
===================================================================
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -1,3 +1,20 @@
+/* Copyright (C) 2016 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
/*
* Copyright (c) 1985, 1989, 1993
* The Regents of the University of California. All rights reserved.
@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const
#ifdef USE_HOOKS
if (__glibc_unlikely (statp->qhook || statp->rhook)) {
if (anssiz < MAXPACKET && ansp) {
+ /* Always allocate MAXPACKET, callers expect
+ this specific size. */
u_char *buf = malloc (MAXPACKET);
if (buf == NULL)
return (-1);
@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend)
/* Private */
+/* The send_vc function is responsible for sending a DNS query over TCP
+ to the nameserver numbered NS from the res_state STATP i.e.
+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and
+ IPv6 queries at the same serially on the same socket.
+
+ Please note that for TCP there is no way to disable sending both
+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
+ and sends the queries serially and waits for the result after each
+ sent query. This implemetnation should be corrected to honour these
+ options.
+
+ Please also note that for TCP we send both queries over the same
+ socket one after another. This technically violates best practice
+ since the server is allowed to read the first query, respond, and
+ then close the socket (to service another client). If the server
+ does this, then the remaining second query in the socket data buffer
+ will cause the server to send the client an RST which will arrive
+ asynchronously and the client's OS will likely tear down the socket
+ receive buffer resulting in a potentially short read and lost
+ response data. This will force the client to retry the query again,
+ and this process may repeat until all servers and connection resets
+ are exhausted and then the query will fail. It's not known if this
+ happens with any frequency in real DNS server implementations. This
+ implementation should be corrected to use two sockets by default for
+ parallel queries.
+
+ The query stored in BUF of BUFLEN length is sent first followed by
+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
+ serially on the same socket.
+
+ Answers to the query are stored firstly in *ANSP up to a max of
+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
+ is non-NULL (to indicate that modifying the answer buffer is allowed)
+ then malloc is used to allocate a new response buffer and ANSCP and
+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
+ are needed but ANSCP is NULL, then as much of the response as
+ possible is read into the buffer, but the results will be truncated.
+ When truncation happens because of a small answer buffer the DNS
+ packets header feild TC will bet set to 1, indicating a truncated
+ message and the rest of the socket data will be read and discarded.
+
+ Answers to the query are stored secondly in *ANSP2 up to a max of
+ *ANSSIZP2 bytes, with the actual response length stored in
+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
+ is non-NULL (required for a second query) then malloc is used to
+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
+ size and *ANSP2_MALLOCED is set to 1.
+
+ The ANSP2_MALLOCED argument will eventually be removed as the
+ change in buffer pointer can be used to detect the buffer has
+ changed and that the caller should use free on the new buffer.
+
+ Note that the answers may arrive in any order from the server and
+ therefore the first and second answer buffers may not correspond to
+ the first and second queries.
+
+ It is not supported to call this function with a non-NULL ANSP2
+ but a NULL ANSCP. Put another way, you can call send_vc with a
+ single unmodifiable buffer or two modifiable buffers, but no other
+ combination is supported.
+
+ It is the caller's responsibility to free the malloc allocated
+ buffers by detecting that the pointers have changed from their
+ original values i.e. *ANSCP or *ANSP2 has changed.
+
+ If errors are encountered then *TERRNO is set to an appropriate
+ errno value and a zero result is returned for a recoverable error,
+ and a less-than zero result is returned for a non-recoverable error.
+
+ If no errors are encountered then *TERRNO is left unmodified and
+ a the length of the first response in bytes is returned. */
static int
send_vc(res_state statp,
const u_char *buf, int buflen, const u_char *buf2, int buflen2,
@@ -669,11 +759,7 @@ send_vc(res_state statp,
{
const HEADER *hp = (HEADER *) buf;
const HEADER *hp2 = (HEADER *) buf2;
- u_char *ans = *ansp;
- int orig_anssizp = *anssizp;
- // XXX REMOVE
- // int anssiz = *anssizp;
- HEADER *anhp = (HEADER *) ans;
+ HEADER *anhp = (HEADER *) *ansp;
struct sockaddr *nsap = get_nsaddr (statp, ns);
int truncating, connreset, n;
/* On some architectures compiler might emit a warning indicating
@@ -766,6 +852,8 @@ send_vc(res_state statp,
* Receive length & response
*/
int recvresp1 = 0;
+ /* Skip the second response if there is no second query.
+ To do that we mark the second response as received. */
int recvresp2 = buf2 == NULL;
uint16_t rlen16;
read_len:
@@ -802,40 +890,14 @@ send_vc(res_state statp,
u_char **thisansp;
int *thisresplenp;
if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
+ /* We have not received any responses
+ yet or we only have one response to
+ receive. */
thisanssizp = anssizp;
thisansp = anscp ?: ansp;
assert (anscp != NULL || ansp2 == NULL);
thisresplenp = &resplen;
} else {
- if (*anssizp != MAXPACKET) {
- /* No buffer allocated for the first
- reply. We can try to use the rest
- of the user-provided buffer. */
-#if __GNUC_PREREQ (4, 7)
- DIAG_PUSH_NEEDS_COMMENT;
- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
-#endif
-#if _STRING_ARCH_unaligned
- *anssizp2 = orig_anssizp - resplen;
- *ansp2 = *ansp + resplen;
-#else
- int aligned_resplen
- = ((resplen + __alignof__ (HEADER) - 1)
- & ~(__alignof__ (HEADER) - 1));
- *anssizp2 = orig_anssizp - aligned_resplen;
- *ansp2 = *ansp + aligned_resplen;
-#endif
-#if __GNUC_PREREQ (4, 7)
- DIAG_POP_NEEDS_COMMENT;
-#endif
- } else {
- /* The first reply did not fit into the
- user-provided buffer. Maybe the second
- answer will. */
- *anssizp2 = orig_anssizp;
- *ansp2 = *ansp;
- }
-
thisanssizp = anssizp2;
thisansp = ansp2;
thisresplenp = resplen2;
@@ -843,10 +905,14 @@ send_vc(res_state statp,
anhp = (HEADER *) *thisansp;
*thisresplenp = rlen;
- if (rlen > *thisanssizp) {
- /* Yes, we test ANSCP here. If we have two buffers
- both will be allocatable. */
- if (__glibc_likely (anscp != NULL)) {
+ /* Is the answer buffer too small? */
+ if (*thisanssizp < rlen) {
+ /* If the current buffer is non-NULL and it's not
+ pointing at the static user-supplied buffer then
+ we can reallocate it. */
+ if (thisansp != NULL && thisansp != ansp) {
+ /* Always allocate MAXPACKET, callers expect
+ this specific size. */
u_char *newp = malloc (MAXPACKET);
if (newp == NULL) {
*terrno = ENOMEM;
@@ -858,6 +924,9 @@ send_vc(res_state statp,
if (thisansp == ansp2)
*ansp2_malloced = 1;
anhp = (HEADER *) newp;
+ /* A uint16_t can't be larger than MAXPACKET
+ thus it's safe to allocate MAXPACKET but
+ read RLEN bytes instead. */
len = rlen;
} else {
Dprint(statp->options & RES_DEBUG,
@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in
return 1;
}
+/* The send_dg function is responsible for sending a DNS query over UDP
+ to the nameserver numbered NS from the res_state STATP i.e.
+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries
+ along with the ability to send the query in parallel for both stacks
+ (default) or serially (RES_SINGLKUP). It also supports serial lookup
+ with a close and reopen of the socket used to talk to the server
+ (RES_SNGLKUPREOP) to work around broken name servers.
+
+ The query stored in BUF of BUFLEN length is sent first followed by
+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
+
+ Answers to the query are stored firstly in *ANSP up to a max of
+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
+ is non-NULL (to indicate that modifying the answer buffer is allowed)
+ then malloc is used to allocate a new response buffer and ANSCP and
+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
+ are needed but ANSCP is NULL, then as much of the response as
+ possible is read into the buffer, but the results will be truncated.
+ When truncation happens because of a small answer buffer the DNS
+ packets header feild TC will bet set to 1, indicating a truncated
+ message, while the rest of the UDP packet is discarded.
+
+ Answers to the query are stored secondly in *ANSP2 up to a max of
+ *ANSSIZP2 bytes, with the actual response length stored in
+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
+ is non-NULL (required for a second query) then malloc is used to
+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
+ size and *ANSP2_MALLOCED is set to 1.
+
+ The ANSP2_MALLOCED argument will eventually be removed as the
+ change in buffer pointer can be used to detect the buffer has
+ changed and that the caller should use free on the new buffer.
+
+ Note that the answers may arrive in any order from the server and
+ therefore the first and second answer buffers may not correspond to
+ the first and second queries.
+
+ It is not supported to call this function with a non-NULL ANSP2
+ but a NULL ANSCP. Put another way, you can call send_vc with a
+ single unmodifiable buffer or two modifiable buffers, but no other
+ combination is supported.
+
+ It is the caller's responsibility to free the malloc allocated
+ buffers by detecting that the pointers have changed from their
+ original values i.e. *ANSCP or *ANSP2 has changed.
+
+ If an answer is truncated because of UDP datagram DNS limits then
+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1
+ if any progress was made reading a response from the nameserver and
+ is used by the caller to distinguish between ECONNREFUSED and
+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
+
+ If errors are encountered then *TERRNO is set to an appropriate
+ errno value and a zero result is returned for a recoverable error,
+ and a less-than zero result is returned for a non-recoverable error.
+
+ If no errors are encountered then *TERRNO is left unmodified and
+ a the length of the first response in bytes is returned. */
static int
send_dg(res_state statp,
const u_char *buf, int buflen, const u_char *buf2, int buflen2,
@@ -1030,8 +1159,6 @@ send_dg(res_state statp,
{
const HEADER *hp = (HEADER *) buf;
const HEADER *hp2 = (HEADER *) buf2;
- u_char *ans = *ansp;
- int orig_anssizp = *anssizp;
struct timespec now, timeout, finish;
struct pollfd pfd[1];
int ptimeout;
@@ -1064,6 +1191,8 @@ send_dg(res_state statp,
int need_recompute = 0;
int nwritten = 0;
int recvresp1 = 0;
+ /* Skip the second response if there is no second query.
+ To do that we mark the second response as received. */
int recvresp2 = buf2 == NULL;
pfd[0].fd = EXT(statp).nssocks[ns];
pfd[0].events = POLLOUT;
@@ -1227,55 +1356,56 @@ send_dg(res_state statp,
int *thisresplenp;
if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
+ /* We have not received any responses
+ yet or we only have one response to
+ receive. */
thisanssizp = anssizp;
thisansp = anscp ?: ansp;
assert (anscp != NULL || ansp2 == NULL);
thisresplenp = &resplen;
} else {
- if (*anssizp != MAXPACKET) {
- /* No buffer allocated for the first
- reply. We can try to use the rest
- of the user-provided buffer. */
-#if _STRING_ARCH_unaligned
- *anssizp2 = orig_anssizp - resplen;
- *ansp2 = *ansp + resplen;
-#else
- int aligned_resplen
- = ((resplen + __alignof__ (HEADER) - 1)
- & ~(__alignof__ (HEADER) - 1));
- *anssizp2 = orig_anssizp - aligned_resplen;
- *ansp2 = *ansp + aligned_resplen;
-#endif
- } else {
- /* The first reply did not fit into the
- user-provided buffer. Maybe the second
- answer will. */
- *anssizp2 = orig_anssizp;
- *ansp2 = *ansp;
- }
-
thisanssizp = anssizp2;
thisansp = ansp2;
thisresplenp = resplen2;
}
if (*thisanssizp < MAXPACKET
- /* Yes, we test ANSCP here. If we have two buffers
- both will be allocatable. */
- && anscp
+ /* If the current buffer is non-NULL and it's not
+ pointing at the static user-supplied buffer then
+ we can reallocate it. */
+ && (thisansp != NULL && thisansp != ansp)
#ifdef FIONREAD
+ /* Is the size too small? */
&& (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
|| *thisanssizp < *thisresplenp)
#endif
) {
+ /* Always allocate MAXPACKET, callers expect
+ this specific size. */
u_char *newp = malloc (MAXPACKET);
if (newp != NULL) {
- *anssizp = MAXPACKET;
- *thisansp = ans = newp;
+ *thisanssizp = MAXPACKET;
+ *thisansp = newp;
if (thisansp == ansp2)
*ansp2_malloced = 1;
}
}
+ /* We could end up with truncation if anscp was NULL
+ (not allowed to change caller's buffer) and the
+ response buffer size is too small. This isn't a
+ reliable way to detect truncation because the ioctl
+ may be an inaccurate report of the UDP message size.
+ Therefore we use this only to issue debug output.
+ To do truncation accurately with UDP we need
+ MSG_TRUNC which is only available on Linux. We
+ can abstract out the Linux-specific feature in the
+ future to detect truncation. */
+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
+ Dprint(statp->options & RES_DEBUG,
+ (stdout, ";; response may be truncated (UDP)\n")
+ );
+ }
+
HEADER *anhp = (HEADER *) *thisansp;
socklen_t fromlen = sizeof(struct sockaddr_in6);
assert (sizeof(from) <= fromlen);

142
gnu/packages/patches/gnupg-simple-query-ignore-status-messages.patch Normal file
View File

@ -0,0 +1,142 @@
Copied from upstream:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=acac103ba5772ae738ce5409d17feab80596cde6
Fixes: https://debbugs.gnu.org/22558
Upstream bug: https://bugs.gnupg.org/gnupg/issue2229
From acac103ba5772ae738ce5409d17feab80596cde6 Mon Sep 17 00:00:00 2001
From: "Neal H. Walfield" <neal@g10code.com>
Date: Fri, 12 Feb 2016 22:12:21 +0100
Subject: [PATCH] common: Change simple_query to ignore status messages.
* common/simple-pwquery.c (simple_query): Ignore status messages.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2229
---
common/simple-pwquery.c | 95 ++++++++++++++++++++++++++++++++++---------------
1 file changed, 67 insertions(+), 28 deletions(-)
diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
index 90d04c0..b2d666c 100644
--- a/common/simple-pwquery.c
+++ b/common/simple-pwquery.c
@@ -618,6 +618,7 @@ simple_query (const char *query)
int fd = -1;
int nread;
char response[500];
+ int have = 0;
int rc;
rc = agent_open (&fd);
@@ -628,40 +629,78 @@ simple_query (const char *query)
if (rc)
goto leave;
- /* get response */
- nread = readline (fd, response, 499);
- if (nread < 0)
- {
- rc = -nread;
- goto leave;
- }
- if (nread < 3)
+ while (1)
{
- rc = SPWQ_PROTOCOL_ERROR;
- goto leave;
- }
+ if (! have || ! strchr (response, '\n'))
+ /* get response */
+ {
+ nread = readline (fd, &response[have],
+ sizeof (response) - 1 /* NUL */ - have);
+ if (nread < 0)
+ {
+ rc = -nread;
+ goto leave;
+ }
+ have += nread;
+ if (have < 3)
+ {
+ rc = SPWQ_PROTOCOL_ERROR;
+ goto leave;
+ }
+ response[have] = 0;
+ }
- if (response[0] == 'O' && response[1] == 'K')
- /* OK, do nothing. */;
- else if ((nread > 7 && !memcmp (response, "ERR 111", 7)
- && (response[7] == ' ' || response[7] == '\n') )
- || ((nread > 4 && !memcmp (response, "ERR ", 4)
- && (strtoul (response+4, NULL, 0) & 0xffff) == 99)) )
- {
- /* 111 is the old Assuan code for canceled which might still
- be in use by old installations. 99 is GPG_ERR_CANCELED as
- used by modern gpg-agents; 0xffff is used to mask out the
- error source. */
+ if (response[0] == 'O' && response[1] == 'K')
+ /* OK, do nothing. */;
+ else if ((nread > 7 && !memcmp (response, "ERR 111", 7)
+ && (response[7] == ' ' || response[7] == '\n') )
+ || ((nread > 4 && !memcmp (response, "ERR ", 4)
+ && (strtoul (response+4, NULL, 0) & 0xffff) == 99)) )
+ {
+ /* 111 is the old Assuan code for canceled which might still
+ be in use by old installations. 99 is GPG_ERR_CANCELED as
+ used by modern gpg-agents; 0xffff is used to mask out the
+ error source. */
#ifdef SPWQ_USE_LOGGING
- log_info (_("canceled by user\n") );
+ log_info (_("canceled by user\n") );
#endif
- }
- else
- {
+ }
+ else if (response[0] == 'S' && response[1] == ' ')
+ {
+ char *nextline;
+ int consumed;
+
+ nextline = strchr (response, '\n');
+ if (! nextline)
+ /* Point to the NUL. */
+ nextline = &response[have];
+ else
+ /* Move past the \n. */
+ nextline ++;
+
+ consumed = (size_t) nextline - (size_t) response;
+
+ /* Skip any additional newlines. */
+ while (consumed < have && response[consumed] == '\n')
+ consumed ++;
+
+ have -= consumed;
+
+ if (have)
+ memmove (response, &response[consumed], have + 1);
+
+ continue;
+ }
+ else
+ {
#ifdef SPWQ_USE_LOGGING
- log_error (_("problem with the agent\n"));
+ log_error (_("problem with the agent (unexpected response \"%s\"\n"),
+ response);
#endif
- rc = SPWQ_ERR_RESPONSE;
+ rc = SPWQ_ERR_RESPONSE;
+ }
+
+ break;
}
leave:
--
2.6.3

9988
gnu/packages/patches/icecat-update-graphite2.patch Normal file
View File

File diff suppressed because it is too large Load Diff

55
gnu/packages/patches/libsndfile-CVE-2014-9496.patch
View File

@ -1,55 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/libsndfile.git/plain/libsndfile-1.0.25-cve2014_9496.patch
diff -up libsndfile-1.0.25/src/sd2.c.cve2014_9496 libsndfile-1.0.25/src/sd2.c
--- libsndfile-1.0.25/src/sd2.c.cve2014_9496 2011-01-19 11:10:36.000000000 +0100
+++ libsndfile-1.0.25/src/sd2.c 2015-01-13 17:00:35.920285526 +0100
@@ -395,6 +395,21 @@ read_marker (const unsigned char * data,
return 0x666 ;
} /* read_marker */
+static inline int
+read_rsrc_marker (const SD2_RSRC *prsrc, int offset)
+{ const unsigned char * data = prsrc->rsrc_data ;
+
+ if (offset < 0 || offset + 3 >= prsrc->rsrc_len)
+ return 0 ;
+
+ if (CPU_IS_BIG_ENDIAN)
+ return (((uint32_t) data [offset]) << 24) + (data [offset + 1] << 16) + (data [offset + 2] << 8) + data [offset + 3] ;
+ if (CPU_IS_LITTLE_ENDIAN)
+ return data [offset] + (data [offset + 1] << 8) + (data [offset + 2] << 16) + (((uint32_t) data [offset + 3]) << 24) ;
+
+ return 0 ;
+} /* read_rsrc_marker */
+
static void
read_str (const unsigned char * data, int offset, char * buffer, int buffer_len)
{ int k ;
@@ -496,6 +511,11 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
rsrc.type_offset = rsrc.map_offset + 30 ;
+ if (rsrc.map_offset + 28 > rsrc.rsrc_len)
+ { psf_log_printf (psf, "Bad map offset.\n") ;
+ goto parse_rsrc_fork_cleanup ;
+ } ;
+
rsrc.type_count = read_short (rsrc.rsrc_data, rsrc.map_offset + 28) + 1 ;
if (rsrc.type_count < 1)
{ psf_log_printf (psf, "Bad type count.\n") ;
@@ -512,7 +532,12 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
rsrc.str_index = -1 ;
for (k = 0 ; k < rsrc.type_count ; k ++)
- { marker = read_marker (rsrc.rsrc_data, rsrc.type_offset + k * 8) ;
+ { if (rsrc.type_offset + k * 8 > rsrc.rsrc_len)
+ { psf_log_printf (psf, "Bad rsrc marker.\n") ;
+ goto parse_rsrc_fork_cleanup ;
+ } ;
+
+ marker = read_rsrc_marker (&rsrc, rsrc.type_offset + k * 8) ;
if (marker == STR_MARKER)
{ rsrc.str_index = k ;

95
gnu/packages/patches/libsndfile-CVE-2015-7805.patch
View File

@ -1,95 +0,0 @@
Slightly modified to apply cleanly to libsndfile-1.0.25.
From d2a87385c1ca1d72918e9a2875d24f202a5093e8 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Sat, 7 Feb 2015 15:45:10 +1100
Subject: [PATCH] src/common.c : Fix a header parsing bug.
When the file header is bigger that SF_HEADER_LEN, the code would seek
instead of reading causing file parse errors.
The current header parsing and writing code *badly* needs a re-write.
---
src/common.c | 27 +++++++++++----------------
1 file changed, 11 insertions(+), 16 deletions(-)
diff --git a/src/common.c b/src/common.c
index dd4edb7..c6b88cc 100644
--- a/src/common.c
+++ b/src/common.c
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 1999-2011 Erik de Castro Lopo <erikd@mega-nerd.com>
+** Copyright (C) 1999-2015 Erik de Castro Lopo <erikd@mega-nerd.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU Lesser General Public License as published by
@@ -800,21 +800,16 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
{ int count = 0 ;
if (psf->headindex >= SIGNED_SIZEOF (psf->header))
- { memset (ptr, 0, SIGNED_SIZEOF (psf->header) - psf->headindex) ;
-
- /* This is the best that we can do. */
- psf_fseek (psf, bytes, SEEK_CUR) ;
- return bytes ;
- } ;
+ return psf_fread (ptr, 1, bytes, psf) ;
if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
{ int most ;
most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
psf_fread (psf->header + psf->headend, 1, most, psf) ;
- memset ((char *) ptr + most, 0, bytes - most) ;
-
- psf_fseek (psf, bytes - most, SEEK_CUR) ;
+ memcpy (ptr, psf->header + psf->headend, most) ;
+ psf->headend = psf->headindex += most ;
+ psf_fread ((char *) ptr + most, bytes - most, 1, psf) ;
return bytes ;
} ;
@@ -822,7 +817,7 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
{ count = psf_fread (psf->header + psf->headend, 1, bytes - (psf->headend - psf->headindex), psf) ;
if (count != bytes - (int) (psf->headend - psf->headindex))
{ psf_log_printf (psf, "Error : psf_fread returned short count.\n") ;
- return 0 ;
+ return count ;
} ;
psf->headend += count ;
} ;
@@ -836,7 +831,6 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
static void
header_seek (SF_PRIVATE *psf, sf_count_t position, int whence)
{
-
switch (whence)
{ case SEEK_SET :
if (position > SIGNED_SIZEOF (psf->header))
@@ -885,8 +879,7 @@ header_seek (SF_PRIVATE *psf, sf_count_t position, int whence)
static int
header_gets (SF_PRIVATE *psf, char *ptr, int bufsize)
-{
- int k ;
+{ int k ;
for (k = 0 ; k < bufsize - 1 ; k++)
{ if (psf->headindex < psf->headend)
@@ -1073,8 +1066,10 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...)
case 'j' :
/* Get the seek position first. */
count = va_arg (argptr, size_t) ;
- header_seek (psf, count, SEEK_CUR) ;
- byte_count += count ;
+ if (count)
+ { header_seek (psf, count, SEEK_CUR) ;
+ byte_count += count ;
+ } ;
break ;
default :
--
2.6.3

77
gnu/packages/patches/libssh-0.6.5-CVE-2016-0739.patch Normal file
View File

@ -0,0 +1,77 @@
Fix CVE-2016-0739 (Weak Diffie-Hellman secret generation in
dh_generate_x() and dh_generate_y()).
"Due to a byte/bit confusion, the DH secret was too short. This file was
completely reworked and will be commited in a future version."
Source:
https://git.libssh.org/projects/libssh.git/commit/?id=f8d0026c65fc8a55748ae481758e2cf376c26c86
This patch was created by upstream for libssh-0.7.3, but applied without
modification to libssh-0.6.3 by Debian. In Guix, we apply it without
modification to libssh-0.6.5.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0739
https://security-tracker.debian.org/tracker/CVE-2016-0739
---
src/dh.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/dh.c b/src/dh.c
index e489a1d..d27b66e 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) {
}
int dh_generate_x(ssh_session session) {
+ int keysize;
+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+ keysize = 1023;
+ } else {
+ keysize = 2047;
+ }
session->next_crypto->x = bignum_new();
if (session->next_crypto->x == NULL) {
return -1;
}
#ifdef HAVE_LIBGCRYPT
- bignum_rand(session->next_crypto->x, 128);
+ bignum_rand(session->next_crypto->x, keysize);
#elif defined HAVE_LIBCRYPTO
- bignum_rand(session->next_crypto->x, 128, 0, -1);
+ bignum_rand(session->next_crypto->x, keysize, -1, 0);
#endif
/* not harder than this */
@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) {
/* used by server */
int dh_generate_y(ssh_session session) {
- session->next_crypto->y = bignum_new();
+ int keysize;
+ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) {
+ keysize = 1023;
+ } else {
+ keysize = 2047;
+ }
+ session->next_crypto->y = bignum_new();
if (session->next_crypto->y == NULL) {
return -1;
}
#ifdef HAVE_LIBGCRYPT
- bignum_rand(session->next_crypto->y, 128);
+ bignum_rand(session->next_crypto->y, keysize);
#elif defined HAVE_LIBCRYPTO
- bignum_rand(session->next_crypto->y, 128, 0, -1);
+ bignum_rand(session->next_crypto->y, keysize, -1, 0);
#endif
/* not harder than this */
--
cgit v0.12

89
gnu/packages/patches/libssh-CVE-2014-0017.patch
View File

@ -1,89 +0,0 @@
Patch from libssh 0.6, with bind.c hunk adjusted for 0.5.5.
From e99246246b4061f7e71463f8806b9dcad65affa0 Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Wed, 05 Feb 2014 20:24:12 +0000
Subject: security: fix for vulnerability CVE-2014-0017
When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.
---
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index 7374a88..e8ff32c 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -70,5 +70,6 @@ int crypt_set_algorithms_server(ssh_session session);
struct ssh_crypto_struct *crypto_new(void);
void crypto_free(struct ssh_crypto_struct *crypto);
+void ssh_reseed(void);
#endif /* WRAPPER_H_ */
diff --git a/src/bind.c b/src/bind.c
index 8d82d0d..03d3403 100644
--- a/src/bind.c
+++ b/src/bind.c
@@ -375,6 +375,8 @@ int ssh_bind_accept(ssh_bind sshbind, ss
session->dsa_key = dsa;
session->rsa_key = rsa;
+ /* force PRNG to change state in case we fork after ssh_bind_accept */
+ ssh_reseed();
return SSH_OK;
}
diff --git a/src/libcrypto.c b/src/libcrypto.c
index bb1d96a..d8cc795 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -23,6 +23,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <sys/time.h>
#include "libssh/priv.h"
#include "libssh/session.h"
@@ -38,6 +39,8 @@
#include <openssl/rsa.h>
#include <openssl/hmac.h>
#include <openssl/opensslv.h>
+#include <openssl/rand.h>
+
#ifdef HAVE_OPENSSL_AES_H
#define HAS_AES
#include <openssl/aes.h>
@@ -74,6 +77,12 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
return 0;
}
+void ssh_reseed(void){
+ struct timeval tv;
+ gettimeofday(&tv, NULL);
+ RAND_add(&tv, sizeof(tv), 0.0);
+}
+
SHACTX sha1_init(void) {
SHACTX c = malloc(sizeof(*c));
if (c == NULL) {
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index 899bccd..4617901 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -45,6 +45,9 @@ static int alloc_key(struct ssh_cipher_struct *cipher) {
return 0;
}
+void ssh_reseed(void){
+ }
+
SHACTX sha1_init(void) {
SHACTX ctx = NULL;
gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
--
cgit v0.9.1

569
gnu/packages/patches/mit-krb5-CVE-2015-2695-pt1.patch
View File

@ -1,569 +0,0 @@
Copied from Debian.
From b813d5811432faed844a2dfd3daecde914978f2c Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 14 Sep 2015 12:27:52 -0400
Subject: Fix SPNEGO context aliasing bugs [CVE-2015-2695]
The SPNEGO mechanism currently replaces its context handle with the
mechanism context handle upon establishment, under the assumption that
most GSS functions are only called after context establishment. This
assumption is incorrect, and can lead to aliasing violations for some
programs. Maintain the SPNEGO context structure after context
establishment and refer to it in all GSS methods. Add initiate and
opened flags to the SPNEGO context structure for use in
gss_inquire_context() prior to context establishment.
CVE-2015-2695:
In MIT krb5 1.5 and later, applications which call
gss_inquire_context() on a partially-established SPNEGO context can
cause the GSS-API library to read from a pointer using the wrong type,
generally causing a process crash. This bug may go unnoticed, because
the most common SPNEGO authentication scenario establishes the context
after just one call to gss_accept_sec_context(). Java server
applications using the native JGSS provider are vulnerable to this
bug. A carefully crafted SPNEGO packet might allow the
gss_inquire_context() call to succeed with attacker-determined
results, but applications should not make access control decisions
based on gss_inquire_context() results prior to context establishment.
CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C
[ghudson@mit.edu: several bugfixes, style changes, and edge-case
behavior changes; commit message and CVE description]
ticket: 8244
target_version: 1.14
tags: pullup
(cherry picked from commit b51b33f2bc5d1497ddf5bd107f791c101695000d)
Patch-Category: upstream
---
src/lib/gssapi/spnego/gssapiP_spnego.h | 2 +
src/lib/gssapi/spnego/spnego_mech.c | 254 ++++++++++++++++++++++++---------
2 files changed, 192 insertions(+), 64 deletions(-)
diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h
index bc23f56..8e05736 100644
--- a/src/lib/gssapi/spnego/gssapiP_spnego.h
+++ b/src/lib/gssapi/spnego/gssapiP_spnego.h
@@ -102,6 +102,8 @@ typedef struct {
int firstpass;
int mech_complete;
int nego_done;
+ int initiate;
+ int opened;
OM_uint32 ctx_flags;
gss_name_t internal_name;
gss_OID actual_mech;
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 6e39c37..a1072b0 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -104,7 +104,7 @@ static OM_uint32 get_negotiable_mechs(OM_uint32 *, spnego_gss_cred_id_t,
gss_cred_usage_t, gss_OID_set *);
static void release_spnego_ctx(spnego_gss_ctx_id_t *);
static void check_spnego_options(spnego_gss_ctx_id_t);
-static spnego_gss_ctx_id_t create_spnego_ctx(void);
+static spnego_gss_ctx_id_t create_spnego_ctx(int);
static int put_mech_set(gss_OID_set mechSet, gss_buffer_t buf);
static int put_input_token(unsigned char **, gss_buffer_t, unsigned int);
static int put_mech_oid(unsigned char **, gss_OID_const, unsigned int);
@@ -442,7 +442,7 @@ check_spnego_options(spnego_gss_ctx_id_t spnego_ctx)
}
static spnego_gss_ctx_id_t
-create_spnego_ctx(void)
+create_spnego_ctx(int initiate)
{
spnego_gss_ctx_id_t spnego_ctx = NULL;
spnego_ctx = (spnego_gss_ctx_id_t)
@@ -465,6 +465,8 @@ create_spnego_ctx(void)
spnego_ctx->mic_rcvd = 0;
spnego_ctx->mech_complete = 0;
spnego_ctx->nego_done = 0;
+ spnego_ctx->opened = 0;
+ spnego_ctx->initiate = initiate;
spnego_ctx->internal_name = GSS_C_NO_NAME;
spnego_ctx->actual_mech = GSS_C_NO_OID;
@@ -630,7 +632,7 @@ init_ctx_new(OM_uint32 *minor_status,
OM_uint32 ret;
spnego_gss_ctx_id_t sc = NULL;
- sc = create_spnego_ctx();
+ sc = create_spnego_ctx(1);
if (sc == NULL)
return GSS_S_FAILURE;
@@ -647,10 +649,7 @@ init_ctx_new(OM_uint32 *minor_status,
ret = GSS_S_FAILURE;
goto cleanup;
}
- /*
- * The actual context is not yet determined, set the output
- * context handle to refer to the spnego context itself.
- */
+
sc->ctx_handle = GSS_C_NO_CONTEXT;
*ctx = (gss_ctx_id_t)sc;
sc = NULL;
@@ -1091,16 +1090,11 @@ cleanup:
}
gss_release_buffer(&tmpmin, &mechtok_out);
if (ret == GSS_S_COMPLETE) {
- /*
- * Now, switch the output context to refer to the
- * negotiated mechanism's context.
- */
- *context_handle = (gss_ctx_id_t)spnego_ctx->ctx_handle;
+ spnego_ctx->opened = 1;
if (actual_mech != NULL)
*actual_mech = spnego_ctx->actual_mech;
if (ret_flags != NULL)
*ret_flags = spnego_ctx->ctx_flags;
- release_spnego_ctx(&spnego_ctx);
} else if (ret != GSS_S_CONTINUE_NEEDED) {
if (spnego_ctx != NULL) {
gss_delete_sec_context(&tmpmin,
@@ -1344,7 +1338,7 @@ acc_ctx_hints(OM_uint32 *minor_status,
if (ret != GSS_S_COMPLETE)
goto cleanup;
- sc = create_spnego_ctx();
+ sc = create_spnego_ctx(0);
if (sc == NULL) {
ret = GSS_S_FAILURE;
goto cleanup;
@@ -1426,7 +1420,7 @@ acc_ctx_new(OM_uint32 *minor_status,
gss_release_buffer(&tmpmin, &sc->DER_mechTypes);
assert(mech_wanted != GSS_C_NO_OID);
} else
- sc = create_spnego_ctx();
+ sc = create_spnego_ctx(0);
if (sc == NULL) {
ret = GSS_S_FAILURE;
*return_token = NO_TOKEN_SEND;
@@ -1809,13 +1803,12 @@ cleanup:
ret = GSS_S_FAILURE;
}
if (ret == GSS_S_COMPLETE) {
- *context_handle = (gss_ctx_id_t)sc->ctx_handle;
+ sc->opened = 1;
if (sc->internal_name != GSS_C_NO_NAME &&
src_name != NULL) {
*src_name = sc->internal_name;
sc->internal_name = GSS_C_NO_NAME;
}
- release_spnego_ctx(&sc);
} else if (ret != GSS_S_CONTINUE_NEEDED) {
if (sc != NULL) {
gss_delete_sec_context(&tmpmin, &sc->ctx_handle,
@@ -2128,8 +2121,13 @@ spnego_gss_unwrap(
gss_qop_t *qop_state)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_unwrap(minor_status,
- context_handle,
+ sc->ctx_handle,
input_message_buffer,
output_message_buffer,
conf_state,
@@ -2149,8 +2147,13 @@ spnego_gss_wrap(
gss_buffer_t output_message_buffer)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_wrap(minor_status,
- context_handle,
+ sc->ctx_handle,
conf_req_flag,
qop_req,
input_message_buffer,
@@ -2167,8 +2170,14 @@ spnego_gss_process_context_token(
const gss_buffer_t token_buffer)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ /* SPNEGO doesn't have its own context tokens. */
+ if (!sc->opened)
+ return (GSS_S_DEFECTIVE_TOKEN);
+
ret = gss_process_context_token(minor_status,
- context_handle,
+ sc->ctx_handle,
token_buffer);
return (ret);
@@ -2192,19 +2201,9 @@ spnego_gss_delete_sec_context(
if (*ctx == NULL)
return (GSS_S_COMPLETE);
- /*
- * If this is still an SPNEGO mech, release it locally.
- */
- if ((*ctx)->magic_num == SPNEGO_MAGIC_ID) {
- (void) gss_delete_sec_context(minor_status,
- &(*ctx)->ctx_handle,
- output_token);
- (void) release_spnego_ctx(ctx);
- } else {
- ret = gss_delete_sec_context(minor_status,
- context_handle,
- output_token);
- }
+ (void) gss_delete_sec_context(minor_status, &(*ctx)->ctx_handle,
+ output_token);
+ (void) release_spnego_ctx(ctx);
return (ret);
}
@@ -2216,8 +2215,13 @@ spnego_gss_context_time(
OM_uint32 *time_rec)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_context_time(minor_status,
- context_handle,
+ sc->ctx_handle,
time_rec);
return (ret);
}
@@ -2229,9 +2233,20 @@ spnego_gss_export_sec_context(
gss_buffer_t interprocess_token)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = *(spnego_gss_ctx_id_t *)context_handle;
+
+ /* We don't currently support exporting partially established
+ * contexts. */
+ if (!sc->opened)
+ return GSS_S_UNAVAILABLE;
+
ret = gss_export_sec_context(minor_status,
- context_handle,
+ &sc->ctx_handle,
interprocess_token);
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT) {
+ release_spnego_ctx(&sc);
+ *context_handle = GSS_C_NO_CONTEXT;
+ }
return (ret);
}
@@ -2241,11 +2256,12 @@ spnego_gss_import_sec_context(
const gss_buffer_t interprocess_token,
gss_ctx_id_t *context_handle)
{
- OM_uint32 ret;
- ret = gss_import_sec_context(minor_status,
- interprocess_token,
- context_handle);
- return (ret);
+ /*
+ * Until we implement partial context exports, there are no SPNEGO
+ * exported context tokens, only tokens for underlying mechs. So just
+ * return an error for now.
+ */
+ return GSS_S_UNAVAILABLE;
}
#endif /* LEAN_CLIENT */
@@ -2262,16 +2278,48 @@ spnego_gss_inquire_context(
int *opened)
{
OM_uint32 ret = GSS_S_COMPLETE;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (src_name != NULL)
+ *src_name = GSS_C_NO_NAME;
+ if (targ_name != NULL)
+ *targ_name = GSS_C_NO_NAME;
+ if (lifetime_rec != NULL)
+ *lifetime_rec = 0;
+ if (mech_type != NULL)
+ *mech_type = (gss_OID)gss_mech_spnego;
+ if (ctx_flags != NULL)
+ *ctx_flags = 0;
+ if (locally_initiated != NULL)
+ *locally_initiated = sc->initiate;
+ if (opened != NULL)
+ *opened = sc->opened;
+
+ if (sc->ctx_handle != GSS_C_NO_CONTEXT) {
+ ret = gss_inquire_context(minor_status, sc->ctx_handle,
+ src_name, targ_name, lifetime_rec,
+ mech_type, ctx_flags, NULL, NULL);
+ }
- ret = gss_inquire_context(minor_status,
- context_handle,
- src_name,
- targ_name,
- lifetime_rec,
- mech_type,
- ctx_flags,
- locally_initiated,
- opened);
+ if (!sc->opened) {
+ /*
+ * We are still doing SPNEGO negotiation, so report SPNEGO as
+ * the OID. After negotiation is complete we will report the
+ * underlying mechanism OID.
+ */
+ if (mech_type != NULL)
+ *mech_type = (gss_OID)gss_mech_spnego;
+
+ /*
+ * Remove flags we don't support with partially-established
+ * contexts. (Change this to keep GSS_C_TRANS_FLAG if we add
+ * support for exporting partial SPNEGO contexts.)
+ */
+ if (ctx_flags != NULL) {
+ *ctx_flags &= ~GSS_C_PROT_READY_FLAG;
+ *ctx_flags &= ~GSS_C_TRANS_FLAG;
+ }
+ }
return (ret);
}
@@ -2286,8 +2334,13 @@ spnego_gss_wrap_size_limit(
OM_uint32 *max_input_size)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_wrap_size_limit(minor_status,
- context_handle,
+ sc->ctx_handle,
conf_req_flag,
qop_req,
req_output_size,
@@ -2304,8 +2357,13 @@ spnego_gss_get_mic(
gss_buffer_t message_token)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_get_mic(minor_status,
- context_handle,
+ sc->ctx_handle,
qop_req,
message_buffer,
message_token);
@@ -2321,8 +2379,13 @@ spnego_gss_verify_mic(
gss_qop_t *qop_state)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_verify_mic(minor_status,
- context_handle,
+ sc->ctx_handle,
msg_buffer,
token_buffer,
qop_state);
@@ -2337,8 +2400,14 @@ spnego_gss_inquire_sec_context_by_oid(
gss_buffer_set_t *data_set)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ /* There are no SPNEGO-specific OIDs for this function. */
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_UNAVAILABLE);
+
ret = gss_inquire_sec_context_by_oid(minor_status,
- context_handle,
+ sc->ctx_handle,
desired_object,
data_set);
return (ret);
@@ -2407,8 +2476,15 @@ spnego_gss_set_sec_context_option(
const gss_buffer_t value)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)*context_handle;
+
+ /* There are no SPNEGO-specific OIDs for this function, and we cannot
+ * construct an empty SPNEGO context with it. */
+ if (sc == NULL || sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_UNAVAILABLE);
+
ret = gss_set_sec_context_option(minor_status,
- context_handle,
+ &sc->ctx_handle,
desired_object,
value);
return (ret);
@@ -2425,8 +2501,13 @@ spnego_gss_wrap_aead(OM_uint32 *minor_status,
gss_buffer_t output_message_buffer)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_wrap_aead(minor_status,
- context_handle,
+ sc->ctx_handle,
conf_req_flag,
qop_req,
input_assoc_buffer,
@@ -2447,8 +2528,13 @@ spnego_gss_unwrap_aead(OM_uint32 *minor_status,
gss_qop_t *qop_state)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_unwrap_aead(minor_status,
- context_handle,
+ sc->ctx_handle,
input_message_buffer,
input_assoc_buffer,
output_payload_buffer,
@@ -2467,8 +2553,13 @@ spnego_gss_wrap_iov(OM_uint32 *minor_status,
int iov_count)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_wrap_iov(minor_status,
- context_handle,
+ sc->ctx_handle,
conf_req_flag,
qop_req,
conf_state,
@@ -2486,8 +2577,13 @@ spnego_gss_unwrap_iov(OM_uint32 *minor_status,
int iov_count)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_unwrap_iov(minor_status,
- context_handle,
+ sc->ctx_handle,
conf_state,
qop_state,
iov,
@@ -2505,8 +2601,13 @@ spnego_gss_wrap_iov_length(OM_uint32 *minor_status,
int iov_count)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_wrap_iov_length(minor_status,
- context_handle,
+ sc->ctx_handle,
conf_req_flag,
qop_req,
conf_state,
@@ -2523,8 +2624,13 @@ spnego_gss_complete_auth_token(
gss_buffer_t input_message_buffer)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_UNAVAILABLE);
+
ret = gss_complete_auth_token(minor_status,
- context_handle,
+ sc->ctx_handle,
input_message_buffer);
return (ret);
}
@@ -2776,8 +2882,13 @@ spnego_gss_pseudo_random(OM_uint32 *minor_status,
gss_buffer_t prf_out)
{
OM_uint32 ret;
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
ret = gss_pseudo_random(minor_status,
- context,
+ sc->ctx_handle,
prf_key,
prf_in,
desired_output_len,
@@ -2918,7 +3029,12 @@ spnego_gss_get_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
gss_qop_t qop_req, gss_iov_buffer_desc *iov,
int iov_count)
{
- return gss_get_mic_iov(minor_status, context_handle, qop_req, iov,
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
+ return gss_get_mic_iov(minor_status, sc->ctx_handle, qop_req, iov,
iov_count);
}
@@ -2927,7 +3043,12 @@ spnego_gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
gss_qop_t *qop_state, gss_iov_buffer_desc *iov,
int iov_count)
{
- return gss_verify_mic_iov(minor_status, context_handle, qop_state, iov,
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
+ return gss_verify_mic_iov(minor_status, sc->ctx_handle, qop_state, iov,
iov_count);
}
@@ -2936,7 +3057,12 @@ spnego_gss_get_mic_iov_length(OM_uint32 *minor_status,
gss_ctx_id_t context_handle, gss_qop_t qop_req,
gss_iov_buffer_desc *iov, int iov_count)
{
- return gss_get_mic_iov_length(minor_status, context_handle, qop_req, iov,
+ spnego_gss_ctx_id_t sc = (spnego_gss_ctx_id_t)context_handle;
+
+ if (sc->ctx_handle == GSS_C_NO_CONTEXT)
+ return (GSS_S_NO_CONTEXT);
+
+ return gss_get_mic_iov_length(minor_status, sc->ctx_handle, qop_req, iov,
iov_count);
}

65
gnu/packages/patches/mit-krb5-CVE-2015-2695-pt2.patch
View File

@ -1,65 +0,0 @@
Copied from Debian.
From 18c512ebdcc5cacc777e9dbcc6817f83c301ad93 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 4 Nov 2015 21:29:10 -0500
Subject: Fix SPNEGO context import
The patches for CVE-2015-2695 did not implement a SPNEGO
gss_import_sec_context() function, under the erroneous belief than an
exported SPNEGO context would be tagged with the underlying context
mechanism. Implement it now to allow SPNEGO contexts to be
successfully exported and imported after establishment.
ticket: 8273
(cherry picked from commit fbb565f913c52eba9bea82f1694aba7a8c90e93d)
Patch-Category: upstream
---
src/lib/gssapi/spnego/spnego_mech.c | 33 +++++++++++++++++++++++++++------
1 file changed, 27 insertions(+), 6 deletions(-)
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index a1072b0..02284a1 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -2256,12 +2256,33 @@ spnego_gss_import_sec_context(
const gss_buffer_t interprocess_token,
gss_ctx_id_t *context_handle)
{
- /*
- * Until we implement partial context exports, there are no SPNEGO
- * exported context tokens, only tokens for underlying mechs. So just
- * return an error for now.
- */
- return GSS_S_UNAVAILABLE;
+ OM_uint32 ret, tmpmin;
+ gss_ctx_id_t mctx;
+ spnego_gss_ctx_id_t sc;
+ int initiate, opened;
+
+ ret = gss_import_sec_context(minor_status, interprocess_token, &mctx);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ ret = gss_inquire_context(&tmpmin, mctx, NULL, NULL, NULL, NULL, NULL,
+ &initiate, &opened);
+ if (ret != GSS_S_COMPLETE || !opened) {
+ /* We don't currently support importing partially established
+ * contexts. */
+ (void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
+ return GSS_S_FAILURE;
+ }
+
+ sc = create_spnego_ctx(initiate);
+ if (sc == NULL) {
+ (void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
+ return GSS_S_FAILURE;
+ }
+ sc->ctx_handle = mctx;
+ sc->opened = 1;
+ *context_handle = (gss_ctx_id_t)sc;
+ return GSS_S_COMPLETE;
}
#endif /* LEAN_CLIENT */

736
gnu/packages/patches/mit-krb5-CVE-2015-2696.patch
View File

@ -1,736 +0,0 @@
Copied from Debian.
From ebea85358bc72ec20c53130d83acb93f95853b76 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 14 Sep 2015 12:28:36 -0400
Subject: Fix IAKERB context aliasing bugs [CVE-2015-2696]
The IAKERB mechanism currently replaces its context handle with the
krb5 mechanism handle upon establishment, under the assumption that
most GSS functions are only called after context establishment. This
assumption is incorrect, and can lead to aliasing violations for some
programs. Maintain the IAKERB context structure after context
establishment and add new IAKERB entry points to refer to it with that
type. Add initiate and established flags to the IAKERB context
structure for use in gss_inquire_context() prior to context
establishment.
CVE-2015-2696:
In MIT krb5 1.9 and later, applications which call
gss_inquire_context() on a partially-established IAKERB context can
cause the GSS-API library to read from a pointer using the wrong type,
generally causing a process crash. Java server applications using the
native JGSS provider are vulnerable to this bug. A carefully crafted
IAKERB packet might allow the gss_inquire_context() call to succeed
with attacker-determined results, but applications should not make
access control decisions based on gss_inquire_context() results prior
to context establishment.
CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C
[ghudson@mit.edu: several bugfixes, style changes, and edge-case
behavior changes; commit message and CVE description]
ticket: 8244
target_version: 1.14
tags: pullup
(cherry picked from commit e04f0283516e80d2f93366e0d479d13c9b5c8c2a)
Patch-Category: upstream
---
src/lib/gssapi/krb5/gssapiP_krb5.h | 114 ++++++++++++
src/lib/gssapi/krb5/gssapi_krb5.c | 105 +++++++++--
src/lib/gssapi/krb5/iakerb.c | 351 +++++++++++++++++++++++++++++++++----
3 files changed, 529 insertions(+), 41 deletions(-)
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index a0e8625..05dc321 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -620,6 +620,21 @@ OM_uint32 KRB5_CALLCONV krb5_gss_accept_sec_context_ext
);
#endif /* LEAN_CLIENT */
+OM_uint32 KRB5_CALLCONV krb5_gss_inquire_sec_context_by_oid
+(OM_uint32*, /* minor_status */
+ const gss_ctx_id_t,
+ /* context_handle */
+ const gss_OID, /* desired_object */
+ gss_buffer_set_t* /* data_set */
+);
+
+OM_uint32 KRB5_CALLCONV krb5_gss_set_sec_context_option
+(OM_uint32*, /* minor_status */
+ gss_ctx_id_t*, /* context_handle */
+ const gss_OID, /* desired_object */
+ const gss_buffer_t/* value */
+);
+
OM_uint32 KRB5_CALLCONV krb5_gss_process_context_token
(OM_uint32*, /* minor_status */
gss_ctx_id_t, /* context_handle */
@@ -1301,6 +1316,105 @@ OM_uint32 KRB5_CALLCONV
krb5_gss_import_cred(OM_uint32 *minor_status, gss_buffer_t token,
gss_cred_id_t *cred_handle);
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_process_context_token(OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t token_buffer);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_context_time(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ OM_uint32 *time_rec);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_inquire_context(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle, gss_name_t *src_name,
+ gss_name_t *targ_name, OM_uint32 *lifetime_rec,
+ gss_OID *mech_type, OM_uint32 *ctx_flags,
+ int *locally_initiated, int *opened);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ gss_qop_t qop_req, gss_buffer_t message_buffer,
+ gss_buffer_t message_token);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ gss_qop_t qop_req, gss_iov_buffer_desc *iov,
+ int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic_iov_length(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle, gss_qop_t qop_req,
+ gss_iov_buffer_desc *iov, int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_verify_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ gss_buffer_t msg_buffer, gss_buffer_t token_buffer,
+ gss_qop_t *qop_state);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ gss_qop_t *qop_state, gss_iov_buffer_desc *iov,
+ int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ int conf_req_flag, gss_qop_t qop_req,
+ gss_buffer_t input_message_buffer, int *conf_state,
+ gss_buffer_t output_message_buffer);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ int conf_req_flag, gss_qop_t qop_req, int *conf_state,
+ gss_iov_buffer_desc *iov, int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_iov_length(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle, int conf_req_flag,
+ gss_qop_t qop_req, int *conf_state,
+ gss_iov_buffer_desc *iov, int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_unwrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer, int *conf_state,
+ gss_qop_t *qop_state);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_unwrap_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ int *conf_state, gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov, int iov_count);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_size_limit(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle, int conf_req_flag,
+ gss_qop_t qop_req, OM_uint32 req_output_size,
+ OM_uint32 *max_input_size);
+
+#ifndef LEAN_CLIENT
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_export_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ gss_buffer_t interprocess_token);
+#endif /* LEAN_CLIENT */
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_inquire_sec_context_by_oid(OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_set_sec_context_option(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_pseudo_random(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ int prf_key, const gss_buffer_t prf_in,
+ ssize_t desired_output_len, gss_buffer_t prf_out);
+
/* Magic string to identify exported krb5 GSS credentials. Increment this if
* the format changes. */
#define CRED_EXPORT_MAGIC "K5C1"
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index 77b7fff..9a23656 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -345,7 +345,7 @@ static struct {
}
};
-static OM_uint32 KRB5_CALLCONV
+OM_uint32 KRB5_CALLCONV
krb5_gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_OID desired_object,
@@ -459,7 +459,7 @@ static struct {
};
#endif
-static OM_uint32 KRB5_CALLCONV
+OM_uint32 KRB5_CALLCONV
krb5_gss_set_sec_context_option (OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
const gss_OID desired_object,
@@ -904,20 +904,103 @@ static struct gss_config krb5_mechanism = {
krb5_gss_get_mic_iov_length,
};
+/* Functions which use security contexts or acquire creds are IAKERB-specific;
+ * other functions can borrow from the krb5 mech. */
+static struct gss_config iakerb_mechanism = {
+ { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID },
+ NULL,
+ iakerb_gss_acquire_cred,
+ krb5_gss_release_cred,
+ iakerb_gss_init_sec_context,
+#ifdef LEAN_CLIENT
+ NULL,
+#else
+ iakerb_gss_accept_sec_context,
+#endif
+ iakerb_gss_process_context_token,
+ iakerb_gss_delete_sec_context,
+ iakerb_gss_context_time,
+ iakerb_gss_get_mic,
+ iakerb_gss_verify_mic,
+#if defined(IOV_SHIM_EXERCISE_WRAP) || defined(IOV_SHIM_EXERCISE)
+ NULL,
+#else
+ iakerb_gss_wrap,
+#endif
+#if defined(IOV_SHIM_EXERCISE_UNWRAP) || defined(IOV_SHIM_EXERCISE)
+ NULL,
+#else
+ iakerb_gss_unwrap,
+#endif
+ krb5_gss_display_status,
+ krb5_gss_indicate_mechs,
+ krb5_gss_compare_name,
+ krb5_gss_display_name,
+ krb5_gss_import_name,
+ krb5_gss_release_name,
+ krb5_gss_inquire_cred,
+ NULL, /* add_cred */
+#ifdef LEAN_CLIENT
+ NULL,
+ NULL,
+#else
+ iakerb_gss_export_sec_context,
+ NULL,
+#endif
+ krb5_gss_inquire_cred_by_mech,
+ krb5_gss_inquire_names_for_mech,
+ iakerb_gss_inquire_context,
+ krb5_gss_internal_release_oid,
+ iakerb_gss_wrap_size_limit,
+ krb5_gss_localname,
+ krb5_gss_authorize_localname,
+ krb5_gss_export_name,
+ krb5_gss_duplicate_name,
+ krb5_gss_store_cred,
+ iakerb_gss_inquire_sec_context_by_oid,
+ krb5_gss_inquire_cred_by_oid,
+ iakerb_gss_set_sec_context_option,
+ krb5_gssspi_set_cred_option,
+ krb5_gssspi_mech_invoke,
+ NULL, /* wrap_aead */
+ NULL, /* unwrap_aead */
+ iakerb_gss_wrap_iov,
+ iakerb_gss_unwrap_iov,
+ iakerb_gss_wrap_iov_length,
+ NULL, /* complete_auth_token */
+ NULL, /* acquire_cred_impersonate_name */
+ NULL, /* add_cred_impersonate_name */
+ NULL, /* display_name_ext */
+ krb5_gss_inquire_name,
+ krb5_gss_get_name_attribute,
+ krb5_gss_set_name_attribute,
+ krb5_gss_delete_name_attribute,
+ krb5_gss_export_name_composite,
+ krb5_gss_map_name_to_any,
+ krb5_gss_release_any_name_mapping,
+ iakerb_gss_pseudo_random,
+ NULL, /* set_neg_mechs */
+ krb5_gss_inquire_saslname_for_mech,
+ krb5_gss_inquire_mech_for_saslname,
+ krb5_gss_inquire_attrs_for_mech,
+ krb5_gss_acquire_cred_from,
+ krb5_gss_store_cred_into,
+ iakerb_gss_acquire_cred_with_password,
+ krb5_gss_export_cred,
+ krb5_gss_import_cred,
+ NULL, /* import_sec_context_by_mech */
+ NULL, /* import_name_by_mech */
+ NULL, /* import_cred_by_mech */
+ iakerb_gss_get_mic_iov,
+ iakerb_gss_verify_mic_iov,
+ iakerb_gss_get_mic_iov_length,
+};
+
#ifdef _GSS_STATIC_LINK
#include "mglueP.h"
static int gss_iakerbmechglue_init(void)
{
struct gss_mech_config mech_iakerb;
- struct gss_config iakerb_mechanism = krb5_mechanism;
-
- /* IAKERB mechanism mirrors krb5, but with different context SPIs */
- iakerb_mechanism.gss_accept_sec_context = iakerb_gss_accept_sec_context;
- iakerb_mechanism.gss_init_sec_context = iakerb_gss_init_sec_context;
- iakerb_mechanism.gss_delete_sec_context = iakerb_gss_delete_sec_context;
- iakerb_mechanism.gss_acquire_cred = iakerb_gss_acquire_cred;
- iakerb_mechanism.gssspi_acquire_cred_with_password
- = iakerb_gss_acquire_cred_with_password;
memset(&mech_iakerb, 0, sizeof(mech_iakerb));
mech_iakerb.mech = &iakerb_mechanism;
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index f30de32..4662bd9 100644
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -47,6 +47,8 @@ struct _iakerb_ctx_id_rec {
gss_ctx_id_t gssc;
krb5_data conv; /* conversation for checksumming */
unsigned int count; /* number of round trips */
+ int initiate;
+ int established;
krb5_get_init_creds_opt *gic_opts;
};
@@ -695,7 +697,7 @@ cleanup:
* Allocate and initialise an IAKERB context
*/
static krb5_error_code
-iakerb_alloc_context(iakerb_ctx_id_t *pctx)
+iakerb_alloc_context(iakerb_ctx_id_t *pctx, int initiate)
{
iakerb_ctx_id_t ctx;
krb5_error_code code;
@@ -709,6 +711,8 @@ iakerb_alloc_context(iakerb_ctx_id_t *pctx)
ctx->magic = KG_IAKERB_CONTEXT;
ctx->state = IAKERB_AS_REQ;
ctx->count = 0;
+ ctx->initiate = initiate;
+ ctx->established = 0;
code = krb5_gss_init_context(&ctx->k5c);
if (code != 0)
@@ -732,7 +736,7 @@ iakerb_gss_delete_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_buffer_t output_token)
{
- OM_uint32 major_status = GSS_S_COMPLETE;
+ iakerb_ctx_id_t iakerb_ctx = (iakerb_ctx_id_t)*context_handle;
if (output_token != GSS_C_NO_BUFFER) {
output_token->length = 0;
@@ -740,23 +744,10 @@ iakerb_gss_delete_sec_context(OM_uint32 *minor_status,
}
*minor_status = 0;
+ *context_handle = GSS_C_NO_CONTEXT;
+ iakerb_release_context(iakerb_ctx);
- if (*context_handle != GSS_C_NO_CONTEXT) {
- iakerb_ctx_id_t iakerb_ctx = (iakerb_ctx_id_t)*context_handle;
-
- if (iakerb_ctx->magic == KG_IAKERB_CONTEXT) {
- iakerb_release_context(iakerb_ctx);
- *context_handle = GSS_C_NO_CONTEXT;
- } else {
- assert(iakerb_ctx->magic == KG_CONTEXT);
-
- major_status = krb5_gss_delete_sec_context(minor_status,
- context_handle,
- output_token);
- }
- }
-
- return major_status;
+ return GSS_S_COMPLETE;
}
static krb5_boolean
@@ -802,7 +793,7 @@ iakerb_gss_accept_sec_context(OM_uint32 *minor_status,
int initialContextToken = (*context_handle == GSS_C_NO_CONTEXT);
if (initialContextToken) {
- code = iakerb_alloc_context(&ctx);
+ code = iakerb_alloc_context(&ctx, 0);
if (code != 0)
goto cleanup;
@@ -854,11 +845,8 @@ iakerb_gss_accept_sec_context(OM_uint32 *minor_status,
time_rec,
delegated_cred_handle,
&exts);
- if (major_status == GSS_S_COMPLETE) {
- *context_handle = ctx->gssc;
- ctx->gssc = NULL;
- iakerb_release_context(ctx);
- }
+ if (major_status == GSS_S_COMPLETE)
+ ctx->established = 1;
if (mech_type != NULL)
*mech_type = (gss_OID)gss_mech_krb5;
}
@@ -897,7 +885,7 @@ iakerb_gss_init_sec_context(OM_uint32 *minor_status,
int initialContextToken = (*context_handle == GSS_C_NO_CONTEXT);
if (initialContextToken) {
- code = iakerb_alloc_context(&ctx);
+ code = iakerb_alloc_context(&ctx, 1);
if (code != 0) {
*minor_status = code;
goto cleanup;
@@ -983,11 +971,8 @@ iakerb_gss_init_sec_context(OM_uint32 *minor_status,
ret_flags,
time_rec,
&exts);
- if (major_status == GSS_S_COMPLETE) {
- *context_handle = ctx->gssc;
- ctx->gssc = GSS_C_NO_CONTEXT;
- iakerb_release_context(ctx);
- }
+ if (major_status == GSS_S_COMPLETE)
+ ctx->established = 1;
if (actual_mech_type != NULL)
*actual_mech_type = (gss_OID)gss_mech_krb5;
} else {
@@ -1010,3 +995,309 @@ cleanup:
return major_status;
}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_unwrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer, int *conf_state,
+ gss_qop_t *qop_state)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_unwrap(minor_status, ctx->gssc, input_message_buffer,
+ output_message_buffer, conf_state, qop_state);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ int conf_req_flag, gss_qop_t qop_req,
+ gss_buffer_t input_message_buffer, int *conf_state,
+ gss_buffer_t output_message_buffer)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_wrap(minor_status, ctx->gssc, conf_req_flag, qop_req,
+ input_message_buffer, conf_state,
+ output_message_buffer);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_process_context_token(OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_buffer_t token_buffer)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_DEFECTIVE_TOKEN;
+
+ return krb5_gss_process_context_token(minor_status, ctx->gssc,
+ token_buffer);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_context_time(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ OM_uint32 *time_rec)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_context_time(minor_status, ctx->gssc, time_rec);
+}
+
+#ifndef LEAN_CLIENT
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_export_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ gss_buffer_t interprocess_token)
+{
+ OM_uint32 maj;
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ /* We don't currently support exporting partially established contexts. */
+ if (!ctx->established)
+ return GSS_S_UNAVAILABLE;
+
+ maj = krb5_gss_export_sec_context(minor_status, &ctx->gssc,
+ interprocess_token);
+ if (ctx->gssc == GSS_C_NO_CONTEXT) {
+ iakerb_release_context(ctx);
+ *context_handle = GSS_C_NO_CONTEXT;
+ }
+ return maj;
+}
+
+/*
+ * Until we implement partial context exports, there are no SPNEGO exported
+ * context tokens, only tokens for the underlying krb5 context. So we do not
+ * need to implement an iakerb_gss_import_sec_context() yet; it would be
+ * unreachable except via a manually constructed token.
+ */
+
+#endif /* LEAN_CLIENT */
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_inquire_context(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle, gss_name_t *src_name,
+ gss_name_t *targ_name, OM_uint32 *lifetime_rec,
+ gss_OID *mech_type, OM_uint32 *ctx_flags,
+ int *initiate, int *opened)
+{
+ OM_uint32 ret;
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (src_name != NULL)
+ *src_name = GSS_C_NO_NAME;
+ if (targ_name != NULL)
+ *targ_name = GSS_C_NO_NAME;
+ if (lifetime_rec != NULL)
+ *lifetime_rec = 0;
+ if (mech_type != NULL)
+ *mech_type = (gss_OID)gss_mech_iakerb;
+ if (ctx_flags != NULL)
+ *ctx_flags = 0;
+ if (initiate != NULL)
+ *initiate = ctx->initiate;
+ if (opened != NULL)
+ *opened = ctx->established;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_COMPLETE;
+
+ ret = krb5_gss_inquire_context(minor_status, ctx->gssc, src_name,
+ targ_name, lifetime_rec, mech_type,
+ ctx_flags, initiate, opened);
+
+ if (!ctx->established) {
+ /* Report IAKERB as the mech OID until the context is established. */
+ if (mech_type != NULL)
+ *mech_type = (gss_OID)gss_mech_iakerb;
+
+ /* We don't support exporting partially-established contexts. */
+ if (ctx_flags != NULL)
+ *ctx_flags &= ~GSS_C_TRANS_FLAG;
+ }
+
+ return ret;
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_size_limit(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle, int conf_req_flag,
+ gss_qop_t qop_req, OM_uint32 req_output_size,
+ OM_uint32 *max_input_size)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_wrap_size_limit(minor_status, ctx->gssc, conf_req_flag,
+ qop_req, req_output_size, max_input_size);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ gss_qop_t qop_req, gss_buffer_t message_buffer,
+ gss_buffer_t message_token)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_get_mic(minor_status, ctx->gssc, qop_req, message_buffer,
+ message_token);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_verify_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ gss_buffer_t msg_buffer, gss_buffer_t token_buffer,
+ gss_qop_t *qop_state)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_verify_mic(minor_status, ctx->gssc, msg_buffer,
+ token_buffer, qop_state);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_inquire_sec_context_by_oid(OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_UNAVAILABLE;
+
+ return krb5_gss_inquire_sec_context_by_oid(minor_status, ctx->gssc,
+ desired_object, data_set);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_set_sec_context_option(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)*context_handle;
+
+ if (ctx == NULL || ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_UNAVAILABLE;
+
+ return krb5_gss_set_sec_context_option(minor_status, &ctx->gssc,
+ desired_object, value);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ int conf_req_flag, gss_qop_t qop_req, int *conf_state,
+ gss_iov_buffer_desc *iov, int iov_count)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_wrap_iov(minor_status, ctx->gssc, conf_req_flag, qop_req,
+ conf_state, iov, iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_unwrap_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ int *conf_state, gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov, int iov_count)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_unwrap_iov(minor_status, ctx->gssc, conf_state, qop_state,
+ iov, iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_wrap_iov_length(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle, int conf_req_flag,
+ gss_qop_t qop_req, int *conf_state,
+ gss_iov_buffer_desc *iov, int iov_count)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_wrap_iov_length(minor_status, ctx->gssc, conf_req_flag,
+ qop_req, conf_state, iov, iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_pseudo_random(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ int prf_key, const gss_buffer_t prf_in,
+ ssize_t desired_output_len, gss_buffer_t prf_out)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_pseudo_random(minor_status, ctx->gssc, prf_key, prf_in,
+ desired_output_len, prf_out);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ gss_qop_t qop_req, gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_get_mic_iov(minor_status, ctx->gssc, qop_req, iov,
+ iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_verify_mic_iov(OM_uint32 *minor_status, gss_ctx_id_t context_handle,
+ gss_qop_t *qop_state, gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_verify_mic_iov(minor_status, ctx->gssc, qop_state, iov,
+ iov_count);
+}
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_get_mic_iov_length(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle, gss_qop_t qop_req,
+ gss_iov_buffer_desc *iov, int iov_count)
+{
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+
+ if (ctx->gssc == GSS_C_NO_CONTEXT)
+ return GSS_S_NO_CONTEXT;
+
+ return krb5_gss_get_mic_iov_length(minor_status, ctx->gssc, qop_req, iov,
+ iov_count);
+}

55
gnu/packages/patches/mit-krb5-CVE-2015-2697.patch
View File

@ -1,55 +0,0 @@
Copied from Debian.
From fcafb522a0509bfd6f4f6b57e4a1e93c0092eeb0 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 25 Sep 2015 12:51:47 -0400
Subject: Fix build_principal memory bug [CVE-2015-2697]
In build_principal_va(), use k5memdup0() instead of strdup() to make a
copy of the realm, to ensure that we allocate the correct number of
bytes and do not read past the end of the input string. This bug
affects krb5_build_principal(), krb5_build_principal_va(), and
krb5_build_principal_alloc_va(). krb5_build_principal_ext() is not
affected.
CVE-2015-2697:
In MIT krb5 1.7 and later, an authenticated attacker may be able to
cause a KDC to crash using a TGS request with a large realm field
beginning with a null byte. If the KDC attempts to find a referral to
answer the request, it constructs a principal name for lookup using
krb5_build_principal() with the requested realm. Due to a bug in this
function, the null byte causes only one byte be allocated for the
realm field of the constructed principal, far less than its length.
Subsequent operations on the lookup principal may cause a read beyond
the end of the mapped memory region, causing the KDC process to crash.
CVSSv2: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
ticket: 8252 (new)
target_version: 1.14
tags: pullup
(cherry picked from commit f0c094a1b745d91ef2f9a4eae2149aac026a5789)
Patch-Category: upstream
---
src/lib/krb5/krb/bld_princ.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/lib/krb5/krb/bld_princ.c b/src/lib/krb5/krb/bld_princ.c
index ab6fed8..8604268 100644
--- a/src/lib/krb5/krb/bld_princ.c
+++ b/src/lib/krb5/krb/bld_princ.c
@@ -40,10 +40,8 @@ build_principal_va(krb5_context context, krb5_principal princ,
data = malloc(size * sizeof(krb5_data));
if (!data) { retval = ENOMEM; }
- if (!retval) {
- r = strdup(realm);
- if (!r) { retval = ENOMEM; }
- }
+ if (!retval)
+ r = k5memdup0(realm, rlen, &retval);
while (!retval && (component = va_arg(ap, char *))) {
if (count == size) {

43
gnu/packages/patches/mit-krb5-CVE-2015-2698-pt1.patch
View File

@ -1,43 +0,0 @@
Copied from Debian.
From 1a8bdc6d81dcd7dd8a4d42e8de6d2cacf1dd4408 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 27 Oct 2015 00:44:24 -0400
Subject: Fix two IAKERB comments
The comment explaining why there is no iakerb_gss_import_sec_context()
erroneously referenced SPNEGO instead of IAKERB (noticed by Ben
Kaduk). The comment above iakerb_gss_delete_sec_context() is out of
date after the last commit.
(cherry picked from commit 92d6dd045dfc06cc03d20b327a6ee7a71e6bc24d)
Patch-Category: upstream
---
src/lib/gssapi/krb5/iakerb.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index 4662bd9..e25862d 100644
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -727,10 +727,6 @@ cleanup:
return code;
}
-/*
- * Delete an IAKERB context. This can also accept Kerberos context
- * handles. The heuristic is similar to SPNEGO's delete_sec_context.
- */
OM_uint32 KRB5_CALLCONV
iakerb_gss_delete_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
@@ -1077,7 +1073,7 @@ iakerb_gss_export_sec_context(OM_uint32 *minor_status,
}
/*
- * Until we implement partial context exports, there are no SPNEGO exported
+ * Until we implement partial context exports, there are no IAKERB exported
* context tokens, only tokens for the underlying krb5 context. So we do not
* need to implement an iakerb_gss_import_sec_context() yet; it would be
* unreachable except via a manually constructed token.

132
gnu/packages/patches/mit-krb5-CVE-2015-2698-pt2.patch
View File

@ -1,132 +0,0 @@
Copied from Debian.
From 4b330d5be1f8048be4d079ac3cb38d60c0e99e69 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 4 Nov 2015 21:28:28 -0500
Subject: Fix IAKERB context export/import [CVE-2015-2698]
The patches for CVE-2015-2696 contained a regression in the newly
added IAKERB iakerb_gss_export_sec_context() function, which could
cause it to corrupt memory. Fix the regression by properly
dereferencing the context_handle pointer before casting it.
Also, the patches did not implement an IAKERB gss_import_sec_context()
function, under the erroneous belief than an exported IAKERB context
would be tagged as a krb5 context. Implement it now to allow IAKERB
contexts to be successfully exported and imported after establishment.
CVE-2015-2698:
In any MIT krb5 release with the patches for CVE-2015-2696 applied, an
application which calls gss_export_sec_context() may experience memory
corruption if the context was established using the IAKERB mechanism.
Historically, some vulnerabilities of this nature can be translated
into remote code execution, though the necessary exploits must be
tailored to the individual application and are usually quite
complicated.
CVSSv2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C
ticket: 8273 (new)
target_version: 1.14
tags: pullup
(cherry picked from commit d8b31c874c7d1039be7649362ef11c89f4e14c27)
Patch-Category: upstream
---
src/lib/gssapi/krb5/gssapiP_krb5.h | 5 +++++
src/lib/gssapi/krb5/gssapi_krb5.c | 2 +-
src/lib/gssapi/krb5/iakerb.c | 42 +++++++++++++++++++++++++++++++-------
3 files changed, 41 insertions(+), 8 deletions(-)
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index 05dc321..ac53662 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -1396,6 +1396,11 @@ OM_uint32 KRB5_CALLCONV
iakerb_gss_export_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_buffer_t interprocess_token);
+
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_import_sec_context(OM_uint32 *minor_status,
+ const gss_buffer_t interprocess_token,
+ gss_ctx_id_t *context_handle);
#endif /* LEAN_CLIENT */
OM_uint32 KRB5_CALLCONV
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index 9a23656..d7ba279 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -945,7 +945,7 @@ static struct gss_config iakerb_mechanism = {
NULL,
#else
iakerb_gss_export_sec_context,
- NULL,
+ iakerb_gss_import_sec_context,
#endif
krb5_gss_inquire_cred_by_mech,
krb5_gss_inquire_names_for_mech,
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index e25862d..32a341e 100644
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -1057,7 +1057,7 @@ iakerb_gss_export_sec_context(OM_uint32 *minor_status,
gss_buffer_t interprocess_token)
{
OM_uint32 maj;
- iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)context_handle;
+ iakerb_ctx_id_t ctx = (iakerb_ctx_id_t)*context_handle;
/* We don't currently support exporting partially established contexts. */
if (!ctx->established)
@@ -1072,13 +1072,41 @@ iakerb_gss_export_sec_context(OM_uint32 *minor_status,
return maj;
}
-/*
- * Until we implement partial context exports, there are no IAKERB exported
- * context tokens, only tokens for the underlying krb5 context. So we do not
- * need to implement an iakerb_gss_import_sec_context() yet; it would be
- * unreachable except via a manually constructed token.
- */
+OM_uint32 KRB5_CALLCONV
+iakerb_gss_import_sec_context(OM_uint32 *minor_status,
+ gss_buffer_t interprocess_token,
+ gss_ctx_id_t *context_handle)
+{
+ OM_uint32 maj, tmpmin;
+ krb5_error_code code;
+ gss_ctx_id_t gssc;
+ krb5_gss_ctx_id_t kctx;
+ iakerb_ctx_id_t ctx;
+
+ maj = krb5_gss_import_sec_context(minor_status, interprocess_token, &gssc);
+ if (maj != GSS_S_COMPLETE)
+ return maj;
+ kctx = (krb5_gss_ctx_id_t)gssc;
+
+ if (!kctx->established) {
+ /* We don't currently support importing partially established
+ * contexts. */
+ krb5_gss_delete_sec_context(&tmpmin, &gssc, GSS_C_NO_BUFFER);
+ return GSS_S_FAILURE;
+ }
+ code = iakerb_alloc_context(&ctx, kctx->initiate);
+ if (code != 0) {
+ krb5_gss_delete_sec_context(&tmpmin, &gssc, GSS_C_NO_BUFFER);
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
+
+ ctx->gssc = gssc;
+ ctx->established = 1;
+ *context_handle = (gss_ctx_id_t)ctx;
+ return GSS_S_COMPLETE;
+}
#endif /* LEAN_CLIENT */
OM_uint32 KRB5_CALLCONV

51
gnu/packages/patches/mit-krb5-CVE-2015-8629.patch Normal file
View File

@ -0,0 +1,51 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8629.patch?h=f22
From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 8 Jan 2016 12:45:25 -0500
Subject: [PATCH 1/3] Verify decoded kadmin C strings [CVE-2015-8629]
In xdr_nullstring(), check that the decoded string is terminated with
a zero byte and does not contain any internal zero bytes.
CVE-2015-8629:
In all versions of MIT krb5, an authenticated attacker can cause
kadmind to read beyond the end of allocated memory by sending a string
without a terminating zero byte. Information leakage may be possible
for an attacker with permission to modify the database.
CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C
ticket: 8341 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
---
src/lib/kadm5/kadm_rpc_xdr.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
index 2bef858..ba67084 100644
--- a/src/lib/kadm5/kadm_rpc_xdr.c
+++ b/src/lib/kadm5/kadm_rpc_xdr.c
@@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp)
return FALSE;
}
}
- return (xdr_opaque(xdrs, *objp, size));
+ if (!xdr_opaque(xdrs, *objp, size))
+ return FALSE;
+ /* Check that the unmarshalled bytes are a C string. */
+ if ((*objp)[size - 1] != '\0')
+ return FALSE;
+ if (memchr(*objp, '\0', size - 1) != NULL)
+ return FALSE;
+ return TRUE;
case XDR_ENCODE:
if (size != 0)
--
2.7.0.rc3

81
gnu/packages/patches/mit-krb5-CVE-2015-8630.patch Normal file
View File

@ -0,0 +1,81 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8630.patch?h=f22
From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 8 Jan 2016 12:52:28 -0500
Subject: [PATCH 2/3] Check for null kadm5 policy name [CVE-2015-8630]
In kadm5_create_principal_3() and kadm5_modify_principal(), check for
entry->policy being null when KADM5_POLICY is included in the mask.
CVE-2015-8630:
In MIT krb5 1.12 and later, an authenticated attacker with permission
to modify a principal entry can cause kadmind to dereference a null
pointer by supplying a null policy value but including KADM5_POLICY in
the mask.
CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
ticket: 8342 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
---
src/lib/kadm5/srv/svr_principal.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 5b95fa3..1d4365c 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle,
/*
* Argument sanity checking, and opening up the DB
*/
+ if (entry == NULL)
+ return EINVAL;
if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
(mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
(mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle,
return KADM5_BAD_MASK;
if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0)
return KADM5_BAD_MASK;
+ if((mask & KADM5_POLICY) && entry->policy == NULL)
+ return KADM5_BAD_MASK;
if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
return KADM5_BAD_MASK;
if((mask & ~ALL_PRINC_MASK))
return KADM5_BAD_MASK;
- if (entry == NULL)
- return EINVAL;
/*
* Check to see if the principal exists
@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle,
krb5_clear_error_message(handle->context);
+ if(entry == NULL)
+ return EINVAL;
if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
(mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
(mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle,
return KADM5_BAD_MASK;
if((mask & ~ALL_PRINC_MASK))
return KADM5_BAD_MASK;
+ if((mask & KADM5_POLICY) && entry->policy == NULL)
+ return KADM5_BAD_MASK;
if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
return KADM5_BAD_MASK;
- if(entry == (kadm5_principal_ent_t) NULL)
- return EINVAL;
if (mask & KADM5_TL_DATA) {
tl_data_orig = entry->tl_data;
while (tl_data_orig) {
--
2.7.0.rc3

576
gnu/packages/patches/mit-krb5-CVE-2015-8631.patch Normal file
View File

@ -0,0 +1,576 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8631.patch?h=f22
From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 8 Jan 2016 13:16:54 -0500
Subject: [PATCH 3/3] Fix leaks in kadmin server stubs [CVE-2015-8631]
In each kadmind server stub, initialize the client_name and
server_name variables, and release them in the cleanup handler. Many
of the stubs will otherwise leak the client and server name if
krb5_unparse_name() fails. Also make sure to free the prime_arg
variables in rename_principal_2_svc(), or we can leak the first one if
unparsing the second one fails. Discovered by Simo Sorce.
CVE-2015-8631:
In all versions of MIT krb5, an authenticated attacker can cause
kadmind to leak memory by supplying a null principal name in a request
which uses one. Repeating these requests will eventually cause
kadmind to exhaust all available memory.
CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
ticket: 8343 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
---
src/kadmin/server/server_stubs.c | 151 ++++++++++++++++++++-------------------
1 file changed, 77 insertions(+), 74 deletions(-)
diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
index 1879dc6..6ac797e 100644
--- a/src/kadmin/server/server_stubs.c
+++ b/src/kadmin/server/server_stubs.c
@@ -334,7 +334,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name, service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
@@ -382,10 +383,10 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
free_server_handle(handle);
return &ret;
}
@@ -395,7 +396,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name, service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
@@ -444,10 +446,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
free_server_handle(handle);
return &ret;
}
@@ -457,8 +459,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -501,10 +503,10 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
free_server_handle(handle);
return &ret;
}
@@ -514,8 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
@@ -559,9 +561,9 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -570,10 +572,9 @@ generic_ret *
rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
- char *prime_arg1,
- *prime_arg2;
- gss_buffer_desc client_name,
- service_name;
+ char *prime_arg1 = NULL, *prime_arg2 = NULL;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
@@ -655,11 +656,11 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
free(prime_arg1);
free(prime_arg2);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -669,8 +670,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
{
static gprinc_ret ret;
char *prime_arg, *funcname;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -719,9 +720,9 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -731,8 +732,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
{
static gprincs_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -777,9 +778,9 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -789,8 +790,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -840,9 +841,9 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -852,8 +853,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -909,9 +910,9 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -921,8 +922,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -969,9 +970,9 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -981,8 +982,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1029,9 +1030,9 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1041,8 +1042,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1092,9 +1093,9 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1106,8 +1107,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
krb5_keyblock *k;
int nkeys;
char *prime_arg, *funcname;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1164,9 +1165,9 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1178,8 +1179,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
krb5_keyblock *k;
int nkeys;
char *prime_arg, *funcname;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1241,9 +1242,9 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1253,8 +1254,8 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1295,9 +1296,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
if (errmsg != NULL)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1307,8 +1308,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1347,9 +1348,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
if (errmsg != NULL)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1359,8 +1360,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1400,9 +1401,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
if (errmsg != NULL)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1413,8 +1414,8 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
static gpol_ret ret;
kadm5_ret_t ret2;
char *prime_arg, *funcname;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_principal_ent_rec caller_ent;
kadm5_server_handle_t handle;
@@ -1475,9 +1476,9 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
log_unauth(funcname, prime_arg,
&client_name, &service_name, rqstp);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
@@ -1488,8 +1489,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
{
static gpols_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1531,9 +1532,9 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
if (errmsg != NULL)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1541,7 +1542,8 @@ exit_func:
getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
{
static getprivs_ret ret;
- gss_buffer_desc client_name, service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1571,9 +1573,9 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
if (errmsg != NULL)
krb5_free_error_message(handle->context, errmsg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1583,7 +1585,8 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg, *funcname;
- gss_buffer_desc client_name, service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
@@ -1629,9 +1632,9 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1641,8 +1644,8 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
{
static gstrings_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1688,9 +1691,9 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1700,8 +1703,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1744,9 +1747,9 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1754,8 +1757,8 @@ exit_func:
generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
{
static generic_ret ret;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
kadm5_server_handle_t handle;
OM_uint32 minor_stat;
const char *errmsg = NULL;
@@ -1797,10 +1800,10 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
rqstp->rq_cred.oa_flavor);
if (errmsg != NULL)
krb5_free_error_message(NULL, errmsg);
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
return(&ret);
}
--
2.7.0.rc3

Some files were not shown because too many files have changed in this diff Show More