Merge branch 'core-updates'

This commit is contained in:
Ludovic Courtès 2016-11-13 00:34:16 +01:00
commit 2cab1dd58b
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
158 changed files with 4800 additions and 5085 deletions

View File

@ -2847,6 +2847,10 @@ file name explicitly because the default is not very descriptive.
@item @code{patches} (default: @code{'()})
A list of file names containing patches to be applied to the source.
This list of patches must be unconditional. In particular, it cannot
depend on the value of @code{%current-system} or
@code{%current-target-system}.
@item @code{snippet} (default: @code{#f})
A G-expression (@pxref{G-Expressions}) or S-expression that will be run
in the source directory. This is a convenient way to modify the source,
@ -7777,6 +7781,7 @@ declaration.
* Log Rotation:: The rottlog service.
* Networking Services:: Network setup, SSH daemon, etc.
* X Window:: Graphical display.
* Printing Services:: Local and remote printer support.
* Desktop Services:: D-Bus and desktop services.
* Database Services:: SQL databases.
* Mail Services:: IMAP, POP3, SMTP, and all that.
@ -8848,6 +8853,837 @@ makes the good ol' XlockMore usable.
@end deffn
@node Printing Services
@subsubsection Printing Services
The @code{(gnu services cups)} module provides a Guix service definition
for the CUPS printing service. To add printer support to a GuixSD
system, add a @code{cups-service} to the operating system definition:
@deffn {Scheme Variable} cups-service-type
The service type for the CUPS print server. Its value should be a valid
CUPS configuration (see below). For example:
@example
(service cups-service-type (cups-configuration))
@end example
@end deffn
The CUPS configuration controls the basic things about your CUPS
installation: what interfaces it listens on, what to do if a print job
fails, how much logging to do, and so on. To actually add a printer,
you have to visit the @url{http://localhost:631} URL, or use a tool such
as GNOME's printer configuration services. By default, configuring a
CUPS service will generate a self-signed certificate if needed, for
secure connections to the print server.
One way you might want to customize CUPS is to enable or disable the web
interface. You can do that directly, like this:
@example
(service cups-service-type
(cups-configuration
(web-interface? #f)))
@end example
The available configuration parameters follow. Each parameter
definition is preceded by its type; for example, @samp{string-list foo}
indicates that the @code{foo} parameter should be specified as a list of
strings. There is also a way to specify the configuration as a string,
if you have an old @code{cupsd.conf} file that you want to port over
from some other system; see the end for more details.
@c The following documentation was initially generated by
@c (generate-documentation) in (gnu services cups). Manually maintained
@c documentation is better, so we shouldn't hesitate to edit below as
@c needed. However if the change you want to make to this documentation
@c can be done in an automated way, it's probably easier to change
@c (generate-documentation) than to make it below and have to deal with
@c the churn as CUPS updates.
Available @code{cups-configuration} fields are:
@deftypevr {@code{cups-configuration} parameter} package cups
The CUPS package.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} package-list extensions
Drivers and other extensions to the CUPS package.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} files-configuration files-configuration
Configuration of where to write logs, what directories to use for print
spools, and related privileged configuration parameters.
Available @code{files-configuration} fields are:
@deftypevr {@code{files-configuration} parameter} log-location access-log
Defines the access log filename. Specifying a blank filename disables
access log generation. The value @code{stderr} causes log entries to be
sent to the standard error file when the scheduler is running in the
foreground, or to the system log daemon when run in the background. The
value @code{syslog} causes log entries to be sent to the system log
daemon. The server name may be included in filenames using the string
@code{%s}, as in @code{/var/log/cups/%s-access_log}.
Defaults to @samp{"/var/log/cups/access_log"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} file-name cache-dir
Where CUPS should cache data.
Defaults to @samp{"/var/cache/cups"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} string config-file-perm
Specifies the permissions for all configuration files that the scheduler
writes.
Note that the permissions for the printers.conf file are currently
masked to only allow access from the scheduler user (typically root).
This is done because printer device URIs sometimes contain sensitive
authentication information that should not be generally known on the
system. There is no way to disable this security feature.
Defaults to @samp{"0640"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} log-location error-log
Defines the error log filename. Specifying a blank filename disables
access log generation. The value @code{stderr} causes log entries to be
sent to the standard error file when the scheduler is running in the
foreground, or to the system log daemon when run in the background. The
value @code{syslog} causes log entries to be sent to the system log
daemon. The server name may be included in filenames using the string
@code{%s}, as in @code{/var/log/cups/%s-error_log}.
Defaults to @samp{"/var/log/cups/error_log"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} string fatal-errors
Specifies which errors are fatal, causing the scheduler to exit. The
kind strings are:
@table @code
@item none
No errors are fatal.
@item all
All of the errors below are fatal.
@item browse
Browsing initialization errors are fatal, for example failed connections
to the DNS-SD daemon.
@item config
Configuration file syntax errors are fatal.
@item listen
Listen or Port errors are fatal, except for IPv6 failures on the
loopback or @code{any} addresses.
@item log
Log file creation or write errors are fatal.
@item permissions
Bad startup file permissions are fatal, for example shared TLS
certificate and key files with world-read permissions.
@end table
Defaults to @samp{"all -browse"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} boolean file-device?
Specifies whether the file pseudo-device can be used for new printer
queues. The URI @uref{file:///dev/null} is always allowed.
Defaults to @samp{#f}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} string group
Specifies the group name or ID that will be used when executing external
programs.
Defaults to @samp{"lp"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} string log-file-perm
Specifies the permissions for all log files that the scheduler writes.
Defaults to @samp{"0644"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} log-location page-log
Defines the page log filename. Specifying a blank filename disables
access log generation. The value @code{stderr} causes log entries to be
sent to the standard error file when the scheduler is running in the
foreground, or to the system log daemon when run in the background. The
value @code{syslog} causes log entries to be sent to the system log
daemon. The server name may be included in filenames using the string
@code{%s}, as in @code{/var/log/cups/%s-page_log}.
Defaults to @samp{"/var/log/cups/page_log"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} string remote-root
Specifies the username that is associated with unauthenticated accesses
by clients claiming to be the root user. The default is @code{remroot}.
Defaults to @samp{"remroot"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} file-name request-root
Specifies the directory that contains print jobs and other HTTP request
data.
Defaults to @samp{"/var/spool/cups"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} sandboxing sandboxing
Specifies the level of security sandboxing that is applied to print
filters, backends, and other child processes of the scheduler; either
@code{relaxed} or @code{strict}. This directive is currently only
used/supported on macOS.
Defaults to @samp{strict}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} file-name server-keychain
Specifies the location of TLS certificates and private keys. CUPS will
look for public and private keys in this directory: a @code{.crt} files
for PEM-encoded certificates and corresponding @code{.key} files for
PEM-encoded private keys.
Defaults to @samp{"/etc/cups/ssl"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} file-name server-root
Specifies the directory containing the server configuration files.
Defaults to @samp{"/etc/cups"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} boolean sync-on-close?
Specifies whether the scheduler calls fsync(2) after writing
configuration or state files.
Defaults to @samp{#f}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} space-separated-string-list system-group
Specifies the group(s) to use for @code{@@SYSTEM} group authentication.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} file-name temp-dir
Specifies the directory where temporary files are stored.
Defaults to @samp{"/var/spool/cups/tmp"}.
@end deftypevr
@deftypevr {@code{files-configuration} parameter} string user
Specifies the user name or ID that is used when running external
programs.
Defaults to @samp{"lp"}.
@end deftypevr
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} access-log-level access-log-level
Specifies the logging level for the AccessLog file. The @code{config}
level logs when printers and classes are added, deleted, or modified and
when configuration files are accessed or updated. The @code{actions}
level logs when print jobs are submitted, held, released, modified, or
canceled, and any of the conditions for @code{config}. The @code{all}
level logs all requests.
Defaults to @samp{actions}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} boolean auto-purge-jobs?
Specifies whether to purge job history data automatically when it is no
longer required for quotas.
Defaults to @samp{#f}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} browse-local-protocols browse-local-protocols
Specifies which protocols to use for local printer sharing.
Defaults to @samp{dnssd}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} boolean browse-web-if?
Specifies whether the CUPS web interface is advertised.
Defaults to @samp{#f}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} boolean browsing?
Specifies whether shared printers are advertised.
Defaults to @samp{#f}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} string classification
Specifies the security classification of the server. Any valid banner
name can be used, including "classified", "confidential", "secret",
"topsecret", and "unclassified", or the banner can be omitted to disable
secure printing functions.
Defaults to @samp{""}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} boolean classify-override?
Specifies whether users may override the classification (cover page) of
individual print jobs using the @code{job-sheets} option.
Defaults to @samp{#f}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} default-auth-type default-auth-type
Specifies the default type of authentication to use.
Defaults to @samp{Basic}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} default-encryption default-encryption
Specifies whether encryption will be used for authenticated requests.
Defaults to @samp{Required}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} string default-language
Specifies the default language to use for text and web content.
Defaults to @samp{"en"}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} string default-paper-size
Specifies the default paper size for new print queues. @samp{"Auto"}
uses a locale-specific default, while @samp{"None"} specifies there is
no default paper size. Specific size names are typically
@samp{"Letter"} or @samp{"A4"}.
Defaults to @samp{"Auto"}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} string default-policy
Specifies the default access policy to use.
Defaults to @samp{"default"}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} boolean default-shared?
Specifies whether local printers are shared by default.
Defaults to @samp{#t}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer dirty-clean-interval
Specifies the delay for updating of configuration and state files, in
seconds. A value of 0 causes the update to happen as soon as possible,
typically within a few milliseconds.
Defaults to @samp{30}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} error-policy error-policy
Specifies what to do when an error occurs. Possible values are
@code{abort-job}, which will discard the failed print job;
@code{retry-job}, which will retry the job at a later time;
@code{retry-this-job}, which retries the failed job immediately; and
@code{stop-printer}, which stops the printer.
Defaults to @samp{stop-printer}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer filter-limit
Specifies the maximum cost of filters that are run concurrently, which
can be used to minimize disk, memory, and CPU resource problems. A
limit of 0 disables filter limiting. An average print to a
non-PostScript printer needs a filter limit of about 200. A PostScript
printer needs about half that (100). Setting the limit below these
thresholds will effectively limit the scheduler to printing a single job
at any time.
Defaults to @samp{0}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer filter-nice
Specifies the scheduling priority of filters that are run to print a
job. The nice value ranges from 0, the highest priority, to 19, the
lowest priority.
Defaults to @samp{0}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} host-name-lookups host-name-lookups
Specifies whether to do reverse lookups on connecting clients. The
@code{double} setting causes @code{cupsd} to verify that the hostname
resolved from the address matches one of the addresses returned for that
hostname. Double lookups also prevent clients with unregistered
addresses from connecting to your server. Only set this option to
@code{#t} or @code{double} if absolutely required.
Defaults to @samp{#f}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-kill-delay
Specifies the number of seconds to wait before killing the filters and
backend associated with a canceled or held job.
Defaults to @samp{30}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-retry-interval
Specifies the interval between retries of jobs in seconds. This is
typically used for fax queues but can also be used with normal print
queues whose error policy is @code{retry-job} or
@code{retry-current-job}.
Defaults to @samp{30}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-retry-limit
Specifies the number of retries that are done for jobs. This is
typically used for fax queues but can also be used with normal print
queues whose error policy is @code{retry-job} or
@code{retry-current-job}.
Defaults to @samp{5}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} boolean keep-alive?
Specifies whether to support HTTP keep-alive connections.
Defaults to @samp{#t}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer keep-alive-timeout
Specifies how long an idle client connection remains open, in seconds.
Defaults to @samp{30}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer limit-request-body
Specifies the maximum size of print files, IPP requests, and HTML form
data. A limit of 0 disables the limit check.
Defaults to @samp{0}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} multiline-string-list listen
Listens on the specified interfaces for connections. Valid values are
of the form @var{address}:@var{port}, where @var{address} is either an
IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to
indicate all addresses. Values can also be file names of local UNIX
domain sockets. The Listen directive is similar to the Port directive
but allows you to restrict access to specific interfaces or networks.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer listen-back-log
Specifies the number of pending connections that will be allowed. This
normally only affects very busy servers that have reached the MaxClients
limit, but can also be triggered by large numbers of simultaneous
connections. When the limit is reached, the operating system will
refuse additional connections until the scheduler can accept the pending
ones.
Defaults to @samp{128}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} location-access-control-list location-access-controls
Specifies a set of additional access controls.
Available @code{location-access-controls} fields are:
@deftypevr {@code{location-access-controls} parameter} file-name path
Specifies the URI path to which the access control applies.
@end deftypevr
@deftypevr {@code{location-access-controls} parameter} access-control-list access-controls
Access controls for all access to this path, in the same format as the
@code{access-controls} of @code{operation-access-control}.
Defaults to @samp{()}.
@end deftypevr
@deftypevr {@code{location-access-controls} parameter} method-access-control-list method-access-controls
Access controls for method-specific access to this path.
Defaults to @samp{()}.
Available @code{method-access-controls} fields are:
@deftypevr {@code{method-access-controls} parameter} boolean reverse?
If @code{#t}, apply access controls to all methods except the listed
methods. Otherwise apply to only the listed methods.
Defaults to @samp{#f}.
@end deftypevr
@deftypevr {@code{method-access-controls} parameter} method-list methods
Methods to which this access control applies.
Defaults to @samp{()}.
@end deftypevr
@deftypevr {@code{method-access-controls} parameter} access-control-list access-controls
Access control directives, as a list of strings. Each string should be
one directive, such as "Order allow,deny".
Defaults to @samp{()}.
@end deftypevr
@end deftypevr
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer log-debug-history
Specifies the number of debugging messages that are retained for logging
if an error occurs in a print job. Debug messages are logged regardless
of the LogLevel setting.
Defaults to @samp{100}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} log-level log-level
Specifies the level of logging for the ErrorLog file. The value
@code{none} stops all logging while @code{debug2} logs everything.
Defaults to @samp{info}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} log-time-format log-time-format
Specifies the format of the date and time in the log files. The value
@code{standard} logs whole seconds while @code{usecs} logs microseconds.
Defaults to @samp{standard}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-clients
Specifies the maximum number of simultaneous clients that are allowed by
the scheduler.
Defaults to @samp{100}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-clients-per-host
Specifies the maximum number of simultaneous clients that are allowed
from a single address.
Defaults to @samp{100}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-copies
Specifies the maximum number of copies that a user can print of each
job.
Defaults to @samp{9999}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-hold-time
Specifies the maximum time a job may remain in the @code{indefinite}
hold state before it is canceled. A value of 0 disables cancellation of
held jobs.
Defaults to @samp{0}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs
Specifies the maximum number of simultaneous jobs that are allowed. Set
to 0 to allow an unlimited number of jobs.
Defaults to @samp{500}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs-per-printer
Specifies the maximum number of simultaneous jobs that are allowed per
printer. A value of 0 allows up to MaxJobs jobs per printer.
Defaults to @samp{0}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs-per-user
Specifies the maximum number of simultaneous jobs that are allowed per
user. A value of 0 allows up to MaxJobs jobs per user.
Defaults to @samp{0}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-job-time
Specifies the maximum time a job may take to print before it is
canceled, in seconds. Set to 0 to disable cancellation of "stuck" jobs.
Defaults to @samp{10800}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-log-size
Specifies the maximum size of the log files before they are rotated, in
bytes. The value 0 disables log rotation.
Defaults to @samp{1048576}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer multiple-operation-timeout
Specifies the maximum amount of time to allow between files in a
multiple file print job, in seconds.
Defaults to @samp{300}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} string page-log-format
Specifies the format of PageLog lines. Sequences beginning with percent
(@samp{%}) characters are replaced with the corresponding information,
while all other characters are copied literally. The following percent
sequences are recognized:
@table @samp
@item %%
insert a single percent character
@item %@{name@}
insert the value of the specified IPP attribute
@item %C
insert the number of copies for the current page
@item %P
insert the current page number
@item %T
insert the current date and time in common log format
@item %j
insert the job ID
@item %p
insert the printer name
@item %u
insert the username
@end table
A value of the empty string disables page logging. The string @code{%p
%u %j %T %P %C %@{job-billing@} %@{job-originating-host-name@}
%@{job-name@} %@{media@} %@{sides@}} creates a page log with the
standard items.
Defaults to @samp{""}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} environment-variables environment-variables
Passes the specified environment variable(s) to child processes; a list
of strings.
Defaults to @samp{()}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} policy-configuration-list policies
Specifies named access control policies.
Available @code{policy-configuration} fields are:
@deftypevr {@code{policy-configuration} parameter} string name
Name of the policy.
@end deftypevr
@deftypevr {@code{policy-configuration} parameter} string job-private-access
Specifies an access list for a job's private values. @code{@@ACL} maps
to the printer's requesting-user-name-allowed or
requesting-user-name-denied values. @code{@@OWNER} maps to the job's
owner. @code{@@SYSTEM} maps to the groups listed for the
@code{system-group} field of the @code{files-config} configuration,
which is reified into the @code{cups-files.conf(5)} file. Other
possible elements of the access list include specific user names, and
@code{@@@var{group}} to indicate members of a specific group. The
access list may also be simply @code{all} or @code{default}.
Defaults to @samp{"@@OWNER @@SYSTEM"}.
@end deftypevr
@deftypevr {@code{policy-configuration} parameter} string job-private-values
Specifies the list of job values to make private, or @code{all},
@code{default}, or @code{none}.
Defaults to @samp{"job-name job-originating-host-name
job-originating-user-name phone"}.
@end deftypevr
@deftypevr {@code{policy-configuration} parameter} string subscription-private-access
Specifies an access list for a subscription's private values.
@code{@@ACL} maps to the printer's requesting-user-name-allowed or
requesting-user-name-denied values. @code{@@OWNER} maps to the job's
owner. @code{@@SYSTEM} maps to the groups listed for the
@code{system-group} field of the @code{files-config} configuration,
which is reified into the @code{cups-files.conf(5)} file. Other
possible elements of the access list include specific user names, and
@code{@@@var{group}} to indicate members of a specific group. The
access list may also be simply @code{all} or @code{default}.
Defaults to @samp{"@@OWNER @@SYSTEM"}.
@end deftypevr
@deftypevr {@code{policy-configuration} parameter} string subscription-private-values
Specifies the list of job values to make private, or @code{all},
@code{default}, or @code{none}.
Defaults to @samp{"notify-events notify-pull-method notify-recipient-uri
notify-subscriber-user-name notify-user-data"}.
@end deftypevr
@deftypevr {@code{policy-configuration} parameter} operation-access-control-list access-controls
Access control by IPP operation.
Defaults to @samp{()}.
@end deftypevr
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} boolean-or-non-negative-integer preserve-job-files
Specifies whether job files (documents) are preserved after a job is
printed. If a numeric value is specified, job files are preserved for
the indicated number of seconds after printing. Otherwise a boolean
value applies indefinitely.
Defaults to @samp{86400}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} boolean-or-non-negative-integer preserve-job-history
Specifies whether the job history is preserved after a job is printed.
If a numeric value is specified, the job history is preserved for the
indicated number of seconds after printing. If @code{#t}, the job
history is preserved until the MaxJobs limit is reached.
Defaults to @samp{#t}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer reload-timeout
Specifies the amount of time to wait for job completion before
restarting the scheduler.
Defaults to @samp{30}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} string rip-cache
Specifies the maximum amount of memory to use when converting documents
into bitmaps for a printer.
Defaults to @samp{"128m"}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} string server-admin
Specifies the email address of the server administrator.
Defaults to @samp{"root@@localhost.localdomain"}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} host-name-list-or-* server-alias
The ServerAlias directive is used for HTTP Host header validation when
clients connect to the scheduler from external interfaces. Using the
special name @code{*} can expose your system to known browser-based DNS
rebinding attacks, even when accessing sites through a firewall. If the
auto-discovery of alternate names does not work, we recommend listing
each alternate name with a ServerAlias directive instead of using
@code{*}.
Defaults to @samp{*}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} string server-name
Specifies the fully-qualified host name of the server.
Defaults to @samp{"localhost"}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} server-tokens server-tokens
Specifies what information is included in the Server header of HTTP
responses. @code{None} disables the Server header. @code{ProductOnly}
reports @code{CUPS}. @code{Major} reports @code{CUPS 2}. @code{Minor}
reports @code{CUPS 2.0}. @code{Minimal} reports @code{CUPS 2.0.0}.
@code{OS} reports @code{CUPS 2.0.0 (@var{uname})} where @var{uname} is
the output of the @code{uname} command. @code{Full} reports @code{CUPS
2.0.0 (@var{uname}) IPP/2.0}.
Defaults to @samp{Minimal}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} string set-env
Set the specified environment variable to be passed to child processes.
Defaults to @samp{"variable value"}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} multiline-string-list ssl-listen
Listens on the specified interfaces for encrypted connections. Valid
values are of the form @var{address}:@var{port}, where @var{address} is
either an IPv6 address enclosed in brackets, an IPv4 address, or
@code{*} to indicate all addresses.
Defaults to @samp{()}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} ssl-options ssl-options
Sets encryption options. By default, CUPS only supports encryption
using TLS v1.0 or higher using known secure cipher suites. The
@code{AllowRC4} option enables the 128-bit RC4 cipher suites, which are
required for some older clients that do not implement newer ones. The
@code{AllowSSL3} option enables SSL v3.0, which is required for some
older clients that do not support TLS v1.0.
Defaults to @samp{()}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} boolean strict-conformance?
Specifies whether the scheduler requires clients to strictly adhere to
the IPP specifications.
Defaults to @samp{#f}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} non-negative-integer timeout
Specifies the HTTP request timeout, in seconds.
Defaults to @samp{300}.
@end deftypevr
@deftypevr {@code{cups-configuration} parameter} boolean web-interface?
Specifies whether the web interface is enabled.
Defaults to @samp{#f}.
@end deftypevr
At this point you're probably thinking ``oh dear, Guix manual, I like
you but you can stop already with the configuration options''. Indeed.
However, one more point: it could be that you have an existing
@code{cupsd.conf} that you want to use. In that case, you can pass an
@code{opaque-cups-configuration} as the configuration of a
@code{cups-service-type}.
Available @code{opaque-cups-configuration} fields are:
@deftypevr {@code{opaque-cups-configuration} parameter} package cups
The CUPS package.
@end deftypevr
@deftypevr {@code{opaque-cups-configuration} parameter} string cupsd.conf
The contents of the @code{cupsd.conf}, as a string.
@end deftypevr
@deftypevr {@code{opaque-cups-configuration} parameter} string cups-files.conf
The contents of the @code{cups-files.conf} file, as a string.
@end deftypevr
For example, if your @code{cupsd.conf} and @code{cups-files.conf} are in
strings of the same name, you could instantiate a CUPS service like
this:
@example
(service cups-service-type
(opaque-cups-configuration
(cupsd.conf cupsd.conf)
(cups-files.conf cups-files.conf)))
@end example
@node Desktop Services
@subsubsection Desktop Services

View File

@ -5,6 +5,7 @@
# Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
# Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
# Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
# Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
# Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
# Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
# Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
@ -398,6 +399,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/admin.scm \
%D%/services/avahi.scm \
%D%/services/base.scm \
%D%/services/cups.scm \
%D%/services/databases.scm \
%D%/services/dbus.scm \
%D%/services/desktop.scm \
@ -480,6 +482,7 @@ dist_patch_DATA = \
%D%/packages/patches/bigloo-gc-shebangs.patch \
%D%/packages/patches/binutils-ld-new-dtags.patch \
%D%/packages/patches/binutils-loongson-workaround.patch \
%D%/packages/patches/binutils-mips-bash-bug.patch \
%D%/packages/patches/byobu-writable-status.patch \
%D%/packages/patches/calibre-drop-unrar.patch \
%D%/packages/patches/calibre-no-updates-dialog.patch \
@ -520,9 +523,6 @@ dist_patch_DATA = \
%D%/packages/patches/emacs-source-date-epoch.patch \
%D%/packages/patches/eudev-rules-directory.patch \
%D%/packages/patches/evilwm-lost-focus-bug.patch \
%D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \
%D%/packages/patches/expat-CVE-2015-1283-refix.patch \
%D%/packages/patches/expat-CVE-2016-0718.patch \
%D%/packages/patches/expat-CVE-2016-0718-fix-regression.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \
%D%/packages/patches/fastcap-mulSetup.patch \
@ -533,15 +533,15 @@ dist_patch_DATA = \
%D%/packages/patches/fasthenry-spFactor.patch \
%D%/packages/patches/findutils-localstatedir.patch \
%D%/packages/patches/findutils-test-xargs.patch \
%D%/packages/patches/flex-CVE-2016-6354.patch \
%D%/packages/patches/flint-ldconfig.patch \
%D%/packages/patches/fltk-shared-lib-defines.patch \
%D%/packages/patches/fltk-xfont-on-demand.patch \
%D%/packages/patches/fontconfig-CVE-2016-5384.patch \
%D%/packages/patches/fontforge-svg-modtime.patch \
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
%D%/packages/patches/gawk-fts-test.patch \
%D%/packages/patches/gawk-shell.patch \
%D%/packages/patches/gcc-arm-bug-71399.patch \
%D%/packages/patches/gcc-arm-link-spec-fix.patch \
%D%/packages/patches/gcc-cross-environment-variables.patch \
%D%/packages/patches/gcc-libvtv-runpath.patch \
@ -573,7 +573,6 @@ dist_patch_DATA = \
%D%/packages/patches/gmp-faulty-test.patch \
%D%/packages/patches/gnome-tweak-tool-search-paths.patch \
%D%/packages/patches/gnucash-price-quotes-perl.patch \
%D%/packages/patches/gnupg-fix-expired-test.patch \
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
%D%/packages/patches/gobject-introspection-cc.patch \
%D%/packages/patches/gobject-introspection-girepository.patch \
@ -612,12 +611,14 @@ dist_patch_DATA = \
%D%/packages/patches/hypre-doc-tables.patch \
%D%/packages/patches/hypre-ldflags.patch \
%D%/packages/patches/icecat-avoid-bundled-libraries.patch \
%D%/packages/patches/icecat-binutils.patch \
%D%/packages/patches/icu4c-CVE-2014-6585.patch \
%D%/packages/patches/icu4c-CVE-2015-1270.patch \
%D%/packages/patches/icu4c-CVE-2015-4760.patch \
%D%/packages/patches/id3lib-CVE-2007-4460.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
%D%/packages/patches/inkscape-drop-wait-for-targets.patch \
%D%/packages/patches/isl-0.11.1-aarch64-support.patch \
%D%/packages/patches/jbig2dec-ignore-testtest.patch \
%D%/packages/patches/jq-CVE-2015-8863.patch \
%D%/packages/patches/khmer-use-libraries.patch \
@ -685,18 +686,9 @@ dist_patch_DATA = \
%D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \
%D%/packages/patches/libwmf-CVE-2015-4695.patch \
%D%/packages/patches/libwmf-CVE-2015-4696.patch \
%D%/packages/patches/libx11-CVE-2016-7942.patch \
%D%/packages/patches/libx11-CVE-2016-7943.patch \
%D%/packages/patches/libxfixes-CVE-2016-7944.patch \
%D%/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch \
%D%/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch \
%D%/packages/patches/libxrender-CVE-2016-7949.patch \
%D%/packages/patches/libxrender-CVE-2016-7950.patch \
%D%/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch \
%D%/packages/patches/libxv-CVE-2016-5407.patch \
%D%/packages/patches/libxvmc-CVE-2016-7953.patch \
%D%/packages/patches/libxslt-generated-ids.patch \
%D%/packages/patches/libxslt-CVE-2016-4738.patch \
%D%/packages/patches/linux-pam-no-setfsuid.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/llvm-for-extempore.patch \
%D%/packages/patches/lm-sensors-hwmon-attrs.patch \
@ -718,6 +710,7 @@ dist_patch_DATA = \
%D%/packages/patches/mcrypt-CVE-2012-4409.patch \
%D%/packages/patches/mcrypt-CVE-2012-4426.patch \
%D%/packages/patches/mcrypt-CVE-2012-4527.patch \
%D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch \
%D%/packages/patches/metabat-remove-compilation-date.patch \
%D%/packages/patches/mhash-keygen-test-segfault.patch \
%D%/packages/patches/mpc123-initialize-ao.patch \
@ -753,6 +746,7 @@ dist_patch_DATA = \
%D%/packages/patches/nvi-db4.patch \
%D%/packages/patches/ocaml-CVE-2015-8869.patch \
%D%/packages/patches/ocaml-findlib-make-install.patch \
%D%/packages/patches/ola-readdir-r.patch \
%D%/packages/patches/onionshare-fix-install-paths.patch \
%D%/packages/patches/openexr-missing-samples.patch \
%D%/packages/patches/openjpeg-CVE-2015-6581.patch \
@ -764,8 +758,6 @@ dist_patch_DATA = \
%D%/packages/patches/openssl-runpath.patch \
%D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \
%D%/packages/patches/openssl-c-rehash-in.patch \
%D%/packages/patches/openssl-CVE-2016-2177.patch \
%D%/packages/patches/openssl-CVE-2016-2178.patch \
%D%/packages/patches/orpheus-cast-errors-and-includes.patch \
%D%/packages/patches/ots-no-include-missing-file.patch \
%D%/packages/patches/p7zip-remove-unused-code.patch \
@ -775,8 +767,6 @@ dist_patch_DATA = \
%D%/packages/patches/patch-hurd-path-max.patch \
%D%/packages/patches/pcre-CVE-2016-3191.patch \
%D%/packages/patches/pcre2-CVE-2016-3191.patch \
%D%/packages/patches/perl-CVE-2015-8607.patch \
%D%/packages/patches/perl-CVE-2016-2381.patch \
%D%/packages/patches/perl-autosplit-default-time.patch \
%D%/packages/patches/perl-deterministic-ordering.patch \
%D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
@ -785,10 +775,10 @@ dist_patch_DATA = \
%D%/packages/patches/perl-net-amazon-s3-moose-warning.patch \
%D%/packages/patches/perl-net-ssleay-disable-ede-test.patch \
%D%/packages/patches/perl-net-dns-resolver-programmable-Fix-broken-interface.patch \
%D%/packages/patches/perl-no-build-time.patch \
%D%/packages/patches/perl-no-sys-dirs.patch \
%D%/packages/patches/perl-module-pluggable-search.patch \
%D%/packages/patches/perl-source-date-epoch.patch \
%D%/packages/patches/perl-reproducible-build-date.patch \
%D%/packages/patches/perl-www-curl-remove-symbol.patch \
%D%/packages/patches/pidgin-add-search-path.patch \
%D%/packages/patches/pinball-const-fix.patch \
%D%/packages/patches/pinball-cstddef.patch \
@ -804,7 +794,6 @@ dist_patch_DATA = \
%D%/packages/patches/portmidi-modular-build.patch \
%D%/packages/patches/procmail-ambiguous-getline-debian.patch \
%D%/packages/patches/procmail-CVE-2014-3618.patch \
%D%/packages/patches/procps-non-linux.patch \
%D%/packages/patches/pt-scotch-build-parallelism.patch \
%D%/packages/patches/pulseaudio-fix-mult-test.patch \
%D%/packages/patches/pulseaudio-longer-test-timeout.patch \
@ -818,9 +807,12 @@ dist_patch_DATA = \
%D%/packages/patches/python-2.7-source-date-epoch.patch \
%D%/packages/patches/python-3-deterministic-build-info.patch \
%D%/packages/patches/python-3-search-paths.patch \
%D%/packages/patches/python-3.4-fix-tests.patch \
%D%/packages/patches/python-3.5-fix-tests.patch \
%D%/packages/patches/python-dendropy-exclude-failing-tests.patch \
%D%/packages/patches/python-disable-ssl-test.patch \
%D%/packages/patches/python-file-double-encoding-bug.patch \
%D%/packages/patches/python-fix-tests.patch \
%D%/packages/patches/python-parse-too-many-fields.patch \
%D%/packages/patches/python-rarfile-fix-tests.patch \
%D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \
%D%/packages/patches/python-statsmodels-fix-tests.patch \
@ -870,6 +862,7 @@ dist_patch_DATA = \
%D%/packages/patches/tar-skip-unreliable-tests.patch \
%D%/packages/patches/tcl-mkindex-deterministic.patch \
%D%/packages/patches/tclxml-3.2-install.patch \
%D%/packages/patches/tcsh-do-not-define-BSDWAIT.patch \
%D%/packages/patches/tcsh-fix-autotest.patch \
%D%/packages/patches/teensy-loader-cli-help.patch \
%D%/packages/patches/texi2html-document-encoding.patch \

View File

@ -59,7 +59,7 @@
%standard-phases))))
(inputs `(("attr" ,attr)))
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("perl" ,perl)))
(home-page "http://savannah.nongnu.org/projects/acl")
(synopsis

View File

@ -178,7 +178,7 @@ interface and is based on GNU Guile.")
"0zk1ppx93ijimf4sbgqilxxikpsa2gmpbynknyh41xy7jbdjxp0b"))))
(build-system cmake-build-system)
(arguments '(#:tests? #f)) ; There are no tests.
(native-inputs `(("gettext" ,gnu-gettext)))
(native-inputs `(("gettext" ,gettext-minimal)))
(home-page "http://projects.gw-computing.net/projects/dfc")
(synopsis "Display file system space usage using graphs and colors")
(description
@ -1556,7 +1556,7 @@ platform-specific methods.")
#t)))))
(inputs
`(("openldap" ,openldap)
("openssl" ,openssl)
("gnutls" ,gnutls)
("sasl" ,cyrus-sasl)))
(synopsis "User-space component to the Linux auditing system")
(description
@ -1767,7 +1767,7 @@ highly portable. Great for heterogenous networks.")
(delete 'configure)))) ; no configure script
(inputs
`(("gtk+" ,gtk+)
("gnu-gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("libnotify" ,libnotify)))
(native-inputs
`(("pkg-config" ,pkg-config)))

View File

@ -534,14 +534,14 @@ a C program.")
(define-public fftw
(package
(name "fftw")
(version "3.3.4")
(version "3.3.5")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.fftw.org/pub/fftw/fftw-"
version".tar.gz"))
(sha256
(base32
"10h9mzjxnwlsjziah4lri85scc05rlajz39nqf3mbh4vja8dw34g"))))
"1kwbx92ps0r7s2mqy7lxbxanslxdzj7dp7r7gmdkzv1j8yqf3kwf"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-shared" "--enable-openmp")

View File

@ -41,7 +41,7 @@
(build-system gnu-build-system)
(home-page "http://www.gnu.org/software/apl/")
(inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("lapack" ,lapack)
("sqlite" ,sqlite)
("readline" ,readline)))

View File

@ -25,6 +25,7 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (gnu packages)
#:use-module (gnu packages compression)
#:use-module (gnu packages perl)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages python)
@ -104,6 +105,7 @@ debugging information in STABS, DWARF 2, and CodeView 8 formats.")
(base32
"19j9nwl88k660045s40cbz5zrl1wpd2mcxnnc8qqnnaj311a58qz"))))
(build-system gnu-build-system)
(native-inputs `(("zlib" ,zlib)))
(synopsis "Library for generating assembly code at runtime")
(description
"GNU Lightning is a library that generates assembly language code at

View File

@ -69,7 +69,7 @@
'()
`(("perl" ,perl))))
(native-inputs
`(("gettext" ,gnu-gettext)))
`(("gettext" ,gettext-minimal)))
(home-page "http://savannah.nongnu.org/projects/attr/")
(synopsis "Library and tools for manipulating extended attributes")

View File

@ -462,7 +462,7 @@ emulation (valve, tape), bit fiddling (decimator, pointer-cast), etc.")
("liblo" ,liblo)
("ladspa" ,ladspa)
("jack" ,jack-1)
("gettext" ,gnu-gettext)))
("gettext" ,gettext-minimal)))
(native-inputs
`(("bison" ,bison)
("flex" ,flex)
@ -1043,7 +1043,7 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
`(("gperf" ,gperf)
("faust" ,faust)
("intltool" ,intltool)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(native-search-paths
(list (search-path-specification
@ -2213,7 +2213,15 @@ conversion. It may be used, for example, to resample PCM-encoded audio.")
(uri (string-append "mirror://sourceforge/twolame/twolame/" version
"/twolame-" version ".tar.gz"))
(sha256
(base32 "0ahiqqng5pidwhj1wzph4vxxgxxgcfa3gl0gywipzx2ii7s35wwq"))))
(base32 "0ahiqqng5pidwhj1wzph4vxxgxxgcfa3gl0gywipzx2ii7s35wwq"))
(modules '((guix build utils)))
;; The tests break with Perl 5.24:
;; https://github.com/njh/twolame/issues/21
;; TODO: Remove this snippet when upgrading twolame.
(snippet
'(begin
(substitute* "tests/test.pl" (("\\(@_\\)") "($_[0])"))
#t))))
(build-system gnu-build-system)
(inputs
`(("libsndfile" ,libsndfile)))

View File

@ -172,13 +172,17 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
(replacement libarchive/fixed)
(version "3.2.1")
(source
(origin
(method url-fetch)
(uri (string-append "http://libarchive.org/downloads/libarchive-"
version ".tar.gz"))
(patches (search-patches
"libarchive-7zip-heap-overflow.patch"
"libarchive-fix-symlink-check.patch"
"libarchive-fix-filesystem-attacks.patch"
"libarchive-safe_fprintf-buffer-overflow.patch"))
(sha256
(base32
"1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj"))))
@ -228,17 +232,6 @@ archive. In particular, note that there is currently no built-in support for
random access nor for in-place modification.")
(license license:bsd-2)))
(define libarchive/fixed
(package
(inherit libarchive)
(source (origin
(inherit (package-source libarchive))
(patches (search-patches
"libarchive-7zip-heap-overflow.patch"
"libarchive-fix-symlink-check.patch"
"libarchive-fix-filesystem-attacks.patch"
"libarchive-safe_fprintf-buffer-overflow.patch"))))))
(define-public rdup
(package
(name "rdup")
@ -438,7 +431,27 @@ detection, and lossless compression.")
(setenv "BORG_OPENSSL_PREFIX" openssl)
(setenv "BORG_LZ4_PREFIX" lz4)
(setenv "PYTHON_EGG_CACHE" "/tmp")
;; The test 'test_return_codes[python]' fails when
;; HOME=/homeless-shelter.
(setenv "HOME" "/tmp")
#t)))
;; The tests need to be run after Borg is installed.
(delete 'check)
(add-after 'install 'check
(lambda _
(zero?
(system* "py.test" "-v" "--pyargs" "borg.testsuite" "-k"
(string-append
;; These tests need to write to '/var'.
"not test_get_cache_dir "
"and not test_get_keys_dir "
;; These tests assume there is a root user in
;; '/etc/passwd'.
"and not test_access_acl "
"and not test_default_acl "
"and not test_non_ascii_acl "
;; This test needs the unpackaged pytest-benchmark.
"and not benchmark")))))
(add-after 'install 'install-doc
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
@ -457,6 +470,9 @@ detection, and lossless compression.")
(native-inputs
`(("python-cython" ,python-cython)
("python-setuptools-scm" ,python-setuptools-scm)
;; Borg 1.0.8's test suite uses 'tmpdir_factory', which was introduced in
;; pytest 2.8.
("python-pytest" ,python-pytest-2.9.2)
;; For generating the documentation.
("python-sphinx" ,python-sphinx)
("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)))
@ -490,7 +506,10 @@ to not fully trusted targets. Borg is a fork of Attic.")
"0b5skd36r4c0915lwpkqg5hxm49gls9pprs1b7hc40910wlcsl36"))))
(build-system python-build-system)
(arguments
`(#:phases
`(;; The tests assume they are run as root:
;; https://github.com/jborg/attic/issues/7
#:tests? #f
#:phases
(modify-phases %standard-phases
(add-before
'build 'set-openssl-prefix

View File

@ -88,6 +88,20 @@ command-line arguments, multiple languages, and so on.")
(patches (search-patches "grep-timing-sensitive-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl))) ;some of the tests require it
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after 'install 'fix-egrep-and-fgrep
;; Patch 'egrep' and 'fgrep' to execute 'grep' via its
;; absolute file name instead of searching for it in $PATH.
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(bin (string-append out "/bin")))
(substitute* (list (string-append bin "/egrep")
(string-append bin "/fgrep"))
(("^exec grep")
(string-append "exec " bin "/grep")))
#t))))))
(synopsis "Print lines matching a pattern")
(description
"grep is a tool for finding text inside files. Text is found by
@ -205,14 +219,14 @@ differences.")
(define-public diffutils
(package
(name "diffutils")
(version "3.3")
(version "3.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/diffutils/diffutils-"
version ".tar.xz"))
(sha256
(base32
"1761vymxbp4wb5rzjvabhdkskk95pghnn67464byvzb5mfl8jpm2"))))
"0csmqfz8ks23kdjsq0v2ll1acqiz8lva06dj19mwmymrsp69ilys"))))
(build-system gnu-build-system)
(synopsis "Comparing and merging files")
(description
@ -325,30 +339,30 @@ functionality beyond that which is outlined in the POSIX standard.")
(define-public gnu-make
(package
(name "make")
(version "4.2")
(version "4.2.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/make/make-" version
".tar.bz2"))
(sha256
(base32
"0pv5rvz5pp4njxiz3syf786d2xp4j7gzddwjvgw5zmz55yvf6p2f"))
"12f5zzyq2w56g95nni65hc0g5p7154033y2f3qmjvd016szn5qnn"))
(patches (search-patches "make-impure-dirs.patch"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config))) ; to detect Guile
(inputs `(("guile" ,guile-2.0)))
(outputs '("out" "debug"))
(arguments
'(#:phases (alist-cons-before
'build 'set-default-shell
'(#:phases
(modify-phases %standard-phases
(add-before 'build 'set-default-shell
(lambda* (#:key inputs #:allow-other-keys)
;; Change the default shell from /bin/sh.
(let ((bash (assoc-ref inputs "bash")))
(substitute* "job.c"
(("default_shell =.*$")
(format #f "default_shell = \"~a/bin/bash\";\n"
bash)))))
%standard-phases)))
bash)))))))))
(synopsis "Remake files automatically")
(description
"Make is a program that is used to control the production of
@ -363,16 +377,17 @@ change. GNU make offers many powerful extensions over the standard utility.")
(define-public binutils
(package
(name "binutils")
(version "2.25.1")
(version "2.27")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/binutils/binutils-"
version ".tar.bz2"))
(sha256
(base32
"08lzmhidzc16af1zbx34f8cy4z7mzrswpdbhrb8shy3xxpflmcdm"))
"125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn"))
(patches (search-patches "binutils-ld-new-dtags.patch"
"binutils-loongson-workaround.patch"))))
"binutils-loongson-workaround.patch"
"binutils-mips-bash-bug.patch"))))
(build-system gnu-build-system)
;; TODO: Add dependency on zlib + those for Gold.
@ -407,14 +422,22 @@ included.")
(license gpl3+)
(home-page "http://www.gnu.org/software/binutils/")))
(define* (make-ld-wrapper name #:key binutils
(define* (make-ld-wrapper name #:key
(target (const #f))
binutils
(guile (canonical-package guile-2.0))
(bash (canonical-package bash)) target
(bash (canonical-package bash))
(guile-for-build guile))
"Return a package called NAME that contains a wrapper for the 'ld' program
of BINUTILS, which adds '-rpath' flags to the actual 'ld' command line. When
TARGET is not #f, make a wrapper for the cross-linker for TARGET, called
'TARGET-ld'. The wrapper uses GUILE and BASH."
of BINUTILS, which adds '-rpath' flags to the actual 'ld' command line. The
wrapper uses GUILE and BASH.
TARGET must be a one-argument procedure that, given a system type, returns a
cross-compilation target triplet or #f. When the result is not #f, make a
wrapper for the cross-linker for that target, called 'TARGET-ld'."
;; Note: #:system->target-triplet is a procedure so that the evaluation of
;; its result can be delayed until the 'arguments' field is evaluated, thus
;; in a context where '%current-system' is accurate.
(package
(name name)
(version "0")
@ -426,6 +449,7 @@ TARGET is not #f, make a wrapper for the cross-linker for TARGET, called
("wrapper" ,(search-path %load-path
"gnu/packages/ld-wrapper.in"))))
(arguments
(let ((target (target (%current-system))))
`(#:guile ,guile-for-build
#:modules ((guix build utils))
#:builder (begin
@ -462,7 +486,7 @@ TARGET is not #f, make a wrapper for the cross-linker for TARGET, called
target "-ld")
"/bin/ld"))))
(chmod ld #o555)
(compile-file ld #:output-file go)))))
(compile-file ld #:output-file go))))))
(synopsis "The linker wrapper")
(description
"The linker wrapper (or 'ld-wrapper') wraps the linker to add any
@ -476,14 +500,14 @@ store.")
(define-public glibc/linux
(package
(name "glibc")
(version "2.23")
(version "2.24")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-"
version ".tar.xz"))
(sha256
(base32
"1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))
"1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r"))
(snippet
;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is
;; required on LFS distros to avoid loading the distro's libc.so
@ -511,7 +535,7 @@ store.")
#:parallel-build? #f
;; The libraries have an empty RUNPATH, but some, such as the versioned
;; libraries (libdl-2.23.so, etc.) have ld.so marked as NEEDED. Since
;; libraries (libdl-2.24.so, etc.) have ld.so marked as NEEDED. Since
;; these libraries are always going to be found anyway, just skip
;; RUNPATH checks.
#:validate-runpath? #f
@ -527,7 +551,7 @@ store.")
;; Set the default locale path. In practice, $LOCPATH may be
;; defined to point whatever locales users want. However, setuid
;; binaries don't honor $LOCPATH, so they'll instead look into
;; $libc_cv_localedir; we choose /run/current-system/locale/X.Y,
;; $libc_cv_complocaledir; we choose /run/current-system/locale/X.Y,
;; with the idea that it is going to be populated by the sysadmin.
;; The "X.Y" sub-directory is because locale data formats are
;; incompatible across libc versions; see
@ -535,8 +559,7 @@ store.")
;;
;; `--localedir' is not honored, so work around it.
;; See <http://sourceware.org/ml/libc-alpha/2013-03/msg00093.html>.
;; FIXME: This hack no longer works on 2.23!
(string-append "libc_cv_localedir=/run/current-system/locale/"
(string-append "libc_cv_complocaledir=/run/current-system/locale/"
,version)
(string-append "--with-headers="
@ -629,7 +652,7 @@ store.")
;; install the message catalogs, with 'msgfmt'.
(native-inputs `(("texinfo" ,texinfo)
("perl" ,perl)
("gettext" ,gnu-gettext)))
("gettext" ,gettext-minimal)))
(native-search-paths
;; Search path for packages that provide locale data. This is useful
@ -720,9 +743,22 @@ GLIBC/HURD for a Hurd host"
(define-syntax glibc
(identifier-syntax (glibc-for-target)))
;; Below are old libc versions, which we use mostly to build locale data in
;; the old format (which the new libc cannot cope with.)
(define-public glibc-2.23
(package
(inherit glibc)
(version "2.23")
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-"
version ".tar.xz"))
(sha256
(base32
"1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))))))
(define-public glibc-2.22
;; The old libc, which we use mostly to build locale data in the old format
;; (which the new libc can cope with.)
(package
(inherit glibc)
(version "2.22")
@ -745,8 +781,6 @@ GLIBC/HURD for a Hurd host"
(("/bin/pwd") "pwd"))))))))))
(define-public glibc-2.21
;; The old libc, which we use mostly to build locale data in the old format
;; (which the new libc can cope with.)
(package
(inherit glibc-2.22)
(version "2.21")
@ -905,7 +939,7 @@ command.")
(define-public tzdata
(package
(name "tzdata")
(version "2015g")
(version "2016g")
(source (origin
(method url-fetch)
(uri (string-append
@ -913,7 +947,7 @@ command.")
version ".tar.gz"))
(sha256
(base32
"0qb1awqrn3215zd2jikpqnmkzrxwfjf0d3dw2xmnk4c40yzws8xr"))))
"1lgbh49bsbysibzr7imjsh1xa7pqmimphxvvwh6kncj7pjr3fw9w"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f
@ -936,23 +970,24 @@ command.")
(guix build gnu-build-system)
(srfi srfi-1))
#:phases
(alist-replace
'unpack
(modify-phases %standard-phases
(replace 'unpack
(lambda* (#:key source inputs #:allow-other-keys)
(and (zero? (system* "tar" "xvf" source))
(zero? (system* "tar" "xvf" (assoc-ref inputs "tzcode")))))
(alist-cons-after
'install 'post-install
(zero? (system* "tar" "xvf" (assoc-ref inputs "tzcode"))))))
(add-after 'install 'post-install
(lambda* (#:key outputs #:allow-other-keys)
;; Move data in the right place.
(let ((out (assoc-ref outputs "out")))
(copy-recursively (string-append out "/share/zoneinfo-posix")
(symlink (string-append out "/share/zoneinfo")
(string-append out "/share/zoneinfo/posix"))
(delete-file-recursively
(string-append out "/share/zoneinfo-posix"))
(copy-recursively (string-append out "/share/zoneinfo-leaps")
(string-append out "/share/zoneinfo/right"))
(delete-file-recursively (string-append out "/share/zoneinfo-posix"))
(delete-file-recursively (string-append out "/share/zoneinfo-leaps"))))
(alist-delete 'configure %standard-phases)))))
(delete-file-recursively
(string-append out "/share/zoneinfo-leaps")))))
(delete 'configure))))
(inputs `(("tzcode" ,(origin
(method url-fetch)
(uri (string-append
@ -960,7 +995,7 @@ command.")
version ".tar.gz"))
(sha256
(base32
"1i3y1kzjiz2j62c7vd4wf85983sqk9x9lg3473njvbdz4kph5r0q"))))))
"0azsz436vd65bkdkdmjgsh7zhh0whnqqfliva45191krmm3hpy8z"))))))
(home-page "http://www.iana.org/time-zones")
(synopsis "Database of current and historical time zones")
(description "The Time Zone Database (often called tz or zoneinfo)

View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
;;;
@ -51,52 +51,10 @@
(list (bash-patch seqno (base32 hash))
...))
(define %patch-series-4.3
;; This is the current patches series for 4.3, generated using
(define %patch-series-4.4
;; This is the current patches series for 4.4, generated using
;; 'download-patches' below.
(patch-series
(1 "0hip2n2s5hws8p4nfcz37379zn6cak83ljsm64z52rw6ckrdzczc")
(2 "0ashj5d1g3zbyr7zf0r72s5wnk96cz1xj919y3jajadbc9qcvrzf")
(3 "0z88q4daq7dmw93iqd9c5i5d1sndklih3nrh0v75746da2n6w3h0")
(4 "0f0kh9j5k4ym6knshscx31przm50x5cc7ifkwqk0swh6clna982y")
(5 "1ym3b8b7lgmdp3dklp8qaqhyq965wd5392namq8mz7rb0d231j0s")
(6 "04q20igq49py49ynb0f83f6f52cdkyqwd9bpic6akr0m5pkqwr50")
(7 "18zkz23d9myshrwfcwcdjk7qmkqp8az5n91ni9jaixlwqlhy64qi")
(8 "0pprcwvh7ngdli0x95pc1cpssg4qg7layi9xrv2jq6c7965ajhcr")
(9 "19a0pf0alp30d1bjj0zf3zq2f5n0s6y91w7brm9jyswl51kns8n0")
(10 "1dzhr5ammyijisz48cqi5vaw26hfr5vh9smnqxq4qc9p06f7j1ff")
(11 "0fvzdzzi142a8rf3v965r6gbpn0k7fv2gif1yq8a4160vcn40qvw")
(12 "04lcgfcyz7p3zagb4hkia3hkpd7lii9m8ycy9qqwzyrm1c1pj4ry")
(13 "0y9cqi378z6flapkd5k5lfl4lq3ivzg4njj3i3wmw7xb6r9wma5z")
(14 "04xcb0k9fxxq4vashgzb98567xzdnm4655nlm4jvfvjv6si6ykas")
(15 "13ay6lldy1p00xj41nfjpq8lai3vw2qwca79gx6s80z04j53wa8k")
(16 "0wq7bvx3pfw90pnfb86yg5nr9jgjsvm2nq5rrkqxf6zn977hpmlj")
(17 "103p7sibihv6cshqj12k546zsbz0dnd5cv5vlx1719avddfc4rqj")
(18 "0n1x3812y1brb9xbabaj3fvr4cpvm2225iwckmqk2fcpkq5b9a3s")
(19 "08rd1p7zpzgbpmmmnj2im8wj2pcwmbbx51psr9vdc5c049si9ad7")
(20 "163c6g05qpag2plx5q795pmw3f3m904jy7z93xj2i08pgzc8cpna")
(21 "1a90cl3h10dh8k9f2ddrsjmw5ywaw2d5x78xb4fd2sryi039yhs1")
(22 "120s0s4qcqd0q12j1iv0hkpf9fp3w5jnqw646kv66n66jnxlfkgx")
(23 "1m00sfi88p2akgiyrg4hw0gvz3s1586pkzjdr3dm73vs773m1hls")
(24 "0v0gjqzjsqjfgj5x17fq7g649k94jn8zq92qsxkhc2d6l215hl1v")
(25 "0lcj96i659q35f1jcmwwbnw3p7w7vvlxjxqi989vn6d6qksqcl8y") ;CVE-2014-6271
(26 "0k919ir0inwn4wai2vdzpbwqq5h54fnrlkmgccxjg91v3ch15k1f") ;CVE-2014-7169
(27 "1gnsfvq6bhb3srlbh0cannj2hackdsipcg7z0ds7zlk1hp96mdqy")
(28 "17a65c4fn4c5rgsiw9gqqnzhznh3gwnd2xzzv2dppyi48znxpc78") ;CVE-2014-7186
(29 "14k27p28r5l2fz3r03kd0x72vvsq8bja8c6hjz5kxikbzsbs7i2c") ;CVE-2014-6277
(30 "0nrqb0m7s89qsrbfaffpilc5gcf82bx9yvgzld4hr79p5y54yhw5") ;CVE-2014-6278
(31 "07d62bl3z7qa8v6kgk47vzzazw563mlk9zhrsr4xsbqgvmcrylnd")
(32 "0jjgapfq4qhmndfrw8c3q3lva8xjdhlbd9cc631v41b0kb95g4w8")
(33 "05ma5rlxiadnfh925p4y7s0vvk917kmsdb1mfdx05gizl63pfapv")
(34 "12gq9whkq3naa3iy7c7x5pfpvrg7d0kwqld8609zxphhy424ysgi")
(35 "1qy1jflmbazjykq766gwabkaiswnx7pwa66whqiny0w02zjqa39p")
(36 "0z6jbyy70lfdm6d3x0sbazbqdxb3xnpn9bmz7madpvrnbd284pxc")
(37 "04sqr8zkl6s5fccfvb775ppn3ldij5imria9swc39aq0fkfp1w9k")
(38 "0rv3g14mpgv8br267bf7rmgqlgwnc4v6g3g8y0sjba571i8amgmd")
(39 "1v3l3vkc3g2b6fjycqwlakr8xhiw6bmw6q0zd6bi0m0m4bnxr55b")
(40 "0sypv66vsldmc95gwvf7ylz1k7y37vnvdsjg8ajjr6b2j9mkkfw4")
(41 "06ic2gdpbi1afik3wqf9d4vh95if4bz8bmhcgr555621dsb35i2f")
(42 "06a90k0p6bqc4wk2dsmapna69124an76xvlnlj3xm497vci968dc")))
(patch-series))
(define (download-patches store count)
"Download COUNT Bash patches into store. Return a list of
@ -134,34 +92,7 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
" -Wl,-rpath -Wl,"
(assoc-ref %build-inputs "ncurses")
"/lib")))
(post-install-phase
'(lambda* (#:key outputs #:allow-other-keys)
;; Add a `bash' -> `sh' link.
(let ((out (assoc-ref outputs "out")))
(with-directory-excursion (string-append out "/bin")
(symlink "bash" "sh")))))
(install-headers-phase
'(lambda* (#:key outputs #:allow-other-keys)
;; Install Bash headers so that packages that provide extensions
;; can use them. We install them in include/bash; that's what
;; Debian does and what Bash extensions like recutils or
;; guile-bash expect.
(let ((include (string-append (assoc-ref outputs "include")
"/include/bash"))
(includes "^\\./include/[^/]+\\.h$")
(headers "^\\./(builtins/|lib/glob/|lib/tilde/|)[^/]+\\.h$"))
(mkdir-p include)
(for-each (lambda (file)
(when (string-match includes file)
(install-file file include))
(when (string-match headers file)
(install-file file
(string-append include "/"
(dirname file)))))
(find-files "." "\\.h$"))
(delete-file (string-append include "/" "y.tab.h"))
#t)))
(version "4.3"))
(version "4.4"))
(package
(name "bash")
(source (origin
@ -170,22 +101,16 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
"mirror://gnu/bash/bash-" version ".tar.gz"))
(sha256
(base32
"1m14s1f61mf6bijfibcjm9y6pkyvz6gibyl8p4hxq90fisi8gimg"))
"1jyz6snd63xjn6skk7za6psgidsd53k05cr3lksqybi0q6936syq"))
(patch-flags '("-p0"))
(patches %patch-series-4.3)
;; The patches above modify 'parse.y', so force a rebuild of the
;; parser.
(snippet '(for-each delete-file
'("y.tab.c" "y.tab.h" "parser-built")))))
(patches %patch-series-4.4)))
(version (string-append version "."
(number->string (length %patch-series-4.3))))
(number->string (length %patch-series-4.4))))
(build-system gnu-build-system)
(outputs '("out"
"doc" ;1.7 MiB of HTML and extra files
"include")) ;headers used by extensions
(native-inputs `(("bison" ,bison))) ;to rebuild the parser
(inputs `(("readline" ,readline)
("ncurses" ,ncurses))) ;TODO: add texinfo
(arguments
@ -206,14 +131,41 @@ number/base32-hash tuples, directly usable in the 'patch-series' form."
;; for now.
#:tests? #f
#:modules ((ice-9 regex)
#:modules ((srfi srfi-26)
(guix build utils)
(guix build gnu-build-system))
#:phases (modify-phases %standard-phases
(add-after 'install 'post-install ,post-install-phase)
(add-after 'install 'install-headers
,install-headers-phase))))
#:phases
(modify-phases %standard-phases
(add-after 'install 'install-sh-symlink
(lambda* (#:key outputs #:allow-other-keys)
;; Add a `sh' -> `bash' link.
(let ((out (assoc-ref outputs "out")))
(with-directory-excursion (string-append out "/bin")
(symlink "bash" "sh")))))
(add-after 'install 'move-development-files
(lambda* (#:key outputs #:allow-other-keys)
;; Move 'Makefile.inc' and 'bash.pc' to "include" to avoid
;; circular references among the outputs.
(let ((out (assoc-ref outputs "out"))
(include (assoc-ref outputs "include"))
(lib (cut string-append <> "/lib/bash")))
(mkdir-p (lib include))
(rename-file (string-append (lib out)
"/Makefile.inc")
(string-append (lib include)
"/Makefile.inc"))
(rename-file (string-append out "/lib/pkgconfig")
(string-append include
"/lib/pkgconfig"))
#t))))))
(native-search-paths
(list (search-path-specification ;new in 4.4
(variable "BASH_LOADABLES_PATH")
(files '("lib/bash")))))
(synopsis "The GNU Bourne-Again SHell")
(description
"Bash is the shell, or command-line interpreter, of the GNU system. It
@ -230,6 +182,10 @@ without modification.")
(package (inherit bash)
(name "bash-minimal")
(inputs '()) ; no readline, no curses
;; No "include" output because there's no support for loadable modules.
(outputs (delete "include" (package-outputs bash)))
(arguments
(let ((args `(#:modules ((guix build gnu-build-system)
(guix build utils)
@ -246,9 +202,17 @@ without modification.")
"--disable-net-redirections"
"--disable-nls"
;; Pretend 'dlopen' is missing so we don't build loadable
;; modules and related code.
"ac_cv_func_dlopen=no"
,@(if (%current-target-system)
'("bash_cv_job_control_missing=no")
'()))))))))
'())))
((#:phases phases)
`(modify-phases ,phases
;; No loadable modules.
(delete 'move-development-files))))))))
(define-public static-bash
;; Statically-linked Bash that contains nothing but the 'bash' binary and
@ -261,16 +225,15 @@ without modification.")
(substitute-keyword-arguments
`(#:allowed-references ("out") ,@(package-arguments bash))
((#:phases phases)
`(alist-cons-after
'strip 'remove-everything-but-the-binary
`(modify-phases ,phases
(add-after 'strip 'remove-everything-but-the-binary
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(bin (string-append out "/bin")))
(remove-store-references (string-append bin "/bash"))
(delete-file (string-append bin "/bashbug"))
(delete-file-recursively (string-append out "/share"))
#t))
,phases)))))))
#t))))))))))
(define-public bash-completion
(package

View File

@ -206,7 +206,7 @@ reconstruction capability.")
(inputs
`(("gtk+" ,gtk+-2)))
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)
("which" ,which)))
(arguments

View File

@ -78,7 +78,7 @@
("stex" ,stex)))
(native-inputs
`(("texlive" ,texlive)
("ghostscript" ,ghostscript-gs)
("ghostscript" ,ghostscript)
("netpbm" ,netpbm)))
(native-search-paths
(list (search-path-specification

View File

@ -32,12 +32,13 @@
#:use-module (gnu packages compression)
#:use-module (gnu packages curl)
#:use-module (gnu packages file)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages xml))
(define-public cmake
(package
(name "cmake")
(version "3.5.2")
(version "3.6.1")
(source (origin
(method url-fetch)
(uri (string-append "https://www.cmake.org/files/v"
@ -45,7 +46,7 @@
"/cmake-" version ".tar.gz"))
(sha256
(base32
"0ap6nlmv6nda942db43k9k9mhnm5dm3fsapzvy0vh6wq7l6l3n4j"))
"04ggm9c0zklxypm6df1v4klrrd85m6vpv13kasj42za283n9ivi8"))
(patches (search-patches "cmake-fix-tests.patch"))))
(build-system gnu-build-system)
(arguments
@ -97,27 +98,20 @@
"--mandir=share/man"
,(string-append
"--docdir=share/doc/cmake-"
(version-major+minor version)))))))
(add-after 'unpack 'remove-libarchive-version-test
; This test check has been failing consistantly over libarchive 3.2.x
; and cmake 3.4.x and 3.5.x so we disable it for now
(lambda _
(substitute*
"Tests/CMakeOnly/AllFindModules/CMakeLists.txt"
(("LibArchive") ""))
#t)))))
(version-major+minor version))))))))))
(inputs
`(("file" ,file)
("curl" ,curl)
("zlib" ,zlib)
("expat" ,expat)
("bzip2" ,bzip2)
("ncurses" ,ncurses) ; required for ccmake
("libarchive" ,libarchive)))
(native-search-paths
(list (search-path-specification
(variable "CMAKE_PREFIX_PATH")
(files '("")))))
(home-page "http://www.cmake.org/")
(home-page "https://www.cmake.org/")
(synopsis "Cross-platform build system")
(description
"CMake is a family of tools designed to build, test and package software.

View File

@ -27,15 +27,18 @@
#:use-module (gnu packages bash)
#:use-module (gnu packages gcc)
#:use-module (gnu packages m4)
#:use-module (gnu packages indent)
#:use-module (gnu packages file)
#:use-module (gnu packages gawk)
#:use-module (gnu packages bison)
#:use-module (gnu packages flex)
#:use-module (gnu packages guile)
#:use-module (gnu packages gettext)
#:use-module (gnu packages multiprecision)
#:use-module (gnu packages compression)
#:use-module (gnu packages perl)
#:use-module (gnu packages linux)
#:use-module (gnu packages hurd)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages pkg-config)
#:use-module (guix packages)
@ -46,7 +49,8 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 vlist)
#:use-module (ice-9 match))
#:use-module (ice-9 match)
#:use-module (ice-9 regex))
;;; Commentary:
;;;
@ -71,17 +75,15 @@
#:tests? #f ; cannot run "make check"
,@(substitute-keyword-arguments (package-arguments gnu-make)
((#:phases phases)
`(alist-replace
'build (lambda _
(zero? (system* "./build.sh")))
(alist-replace
'install (lambda* (#:key outputs #:allow-other-keys)
`(modify-phases ,phases
(replace 'build
(lambda _
(zero? (system* "./build.sh"))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(bin (string-append out "/bin")))
(mkdir-p bin)
(copy-file "make"
(string-append bin "/make"))))
,phases))))))
(install-file "make" bin)))))))))
(native-inputs '()) ; no need for 'pkg-config'
(inputs %bootstrap-inputs))))
@ -282,13 +284,55 @@
(lambda _
(substitute* "Configure"
(("^libswanted=(.*)pthread" _ before)
(string-append "libswanted=" before)))))))))))))
(string-append "libswanted=" before)))))))
;; Do not configure with '-Dusethreads' since pthread
;; support is missing.
((#:configure-flags configure-flags)
`(delete "-Dusethreads" ,configure-flags))))))))
(package-with-bootstrap-guile
(package-with-explicit-inputs perl
%boot0-inputs
(current-source-location)
#:guile %bootstrap-guile))))
(define bison-boot0
;; This Bison is needed to build MiG so we need it early in the process.
;; It is also needed to rebuild Bash's parser, which is modified by
;; its CVE patches. Remove it when it's no longer needed.
(let* ((m4 (package-with-bootstrap-guile
(package-with-explicit-inputs m4 %boot0-inputs
(current-source-location)
#:guile %bootstrap-guile)))
(bison (package (inherit bison)
(propagated-inputs `(("m4" ,m4)))
(inputs '()) ;remove Flex...
(arguments
'(#:tests? #f ;... and thus disable tests
;; Zero timestamps in liby.a; this must be done
;; explicitly here because the bootstrap Binutils don't
;; do that (default is "cru".)
#:make-flags '("ARFLAGS=crD" "RANLIB=ranlib -D"
"V=1"))))))
(package
(inherit (package-with-bootstrap-guile
(package-with-explicit-inputs bison %boot0-inputs
(current-source-location)
#:guile %bootstrap-guile)))
(native-inputs `(("perl" ,perl-boot0))))))
(define flex-boot0
;; This Flex is needed to build MiG.
(let* ((flex (package (inherit flex)
(native-inputs `(("bison" ,bison-boot0)))
(propagated-inputs `(("m4" ,m4)))
(inputs `(("indent" ,indent)))
(arguments '(#:tests? #f)))))
(package-with-bootstrap-guile
(package-with-explicit-inputs flex %boot0-inputs
(current-source-location)
#:guile %bootstrap-guile))))
(define (linux-libre-headers-boot0)
"Return Linux-Libre header files for the bootstrap environment."
;; Note: this is wrapped in a thunk to nicely handle circular dependencies
@ -302,6 +346,63 @@
`(("perl" ,perl-boot0)
,@%boot0-inputs)))))
(define gnumach-headers-boot0
(package-with-bootstrap-guile
(package-with-explicit-inputs gnumach-headers
%boot0-inputs
(current-source-location)
#:guile %bootstrap-guile)))
(define mig-boot0
(let* ((mig (package (inherit mig)
(native-inputs `(("bison" ,bison-boot0)
("flex" ,flex-boot0)))
(inputs `(("flex" ,flex-boot0)))
(arguments
`(#:configure-flags
`(,(string-append "LDFLAGS=-Wl,-rpath="
(assoc-ref %build-inputs "flex") "/lib/")))))))
(package-with-bootstrap-guile
(package-with-explicit-inputs mig %boot0-inputs
(current-source-location)
#:guile %bootstrap-guile))))
(define hurd-headers-boot0
(let ((hurd-headers (package (inherit hurd-headers)
(native-inputs `(("mig" ,mig-boot0)))
(inputs '()))))
(package-with-bootstrap-guile
(package-with-explicit-inputs hurd-headers %boot0-inputs
(current-source-location)
#:guile %bootstrap-guile))))
(define hurd-minimal-boot0
(let ((hurd-minimal (package (inherit hurd-minimal)
(native-inputs `(("mig" ,mig-boot0)))
(inputs '()))))
(package-with-bootstrap-guile
(package-with-explicit-inputs hurd-minimal %boot0-inputs
(current-source-location)
#:guile %bootstrap-guile))))
(define (hurd-core-headers-boot0)
"Return the Hurd and Mach headers as well as initial Hurd libraries for
the bootstrap environment."
(package-with-bootstrap-guile
(package (inherit hurd-core-headers)
(arguments `(#:guile ,%bootstrap-guile
,@(package-arguments hurd-core-headers)))
(inputs
`(("gnumach-headers" ,gnumach-headers-boot0)
("hurd-headers" ,hurd-headers-boot0)
("hurd-minimal" ,hurd-minimal-boot0)
,@%boot0-inputs)))))
(define* (kernel-headers-boot0 #:optional (system (%current-system)))
(match system
("i586-gnu" (hurd-core-headers-boot0))
(_ (linux-libre-headers-boot0))))
(define texinfo-boot0
;; Texinfo used to build libc's manual.
;; We build without ncurses because it fails to build at this stage, and
@ -320,9 +421,25 @@
(current-source-location)
#:guile %bootstrap-guile))))
(define ld-wrapper-boot0
;; We need this so binaries on Hurd will have libmachuser and libhurduser
;; in their RUNPATH, otherwise validate-runpath will fail.
;;
;; XXX: Work around <http://bugs.gnu.org/24832> by fixing the name and
;; triplet on GNU/Linux. For GNU/Hurd, use the right triplet.
(make-ld-wrapper (string-append "ld-wrapper-" "x86_64-guix-linux-gnu")
#:target (lambda (system)
(if (string-suffix? "-linux" system)
"x86_64-guix-linux-gnu"
(boot-triplet system)))
#:binutils binutils-boot0
#:guile %bootstrap-guile
#:bash (car (assoc-ref %boot0-inputs "bash"))))
(define %boot1-inputs
;; 2nd stage inputs.
`(("gcc" ,gcc-boot0)
("ld-wrapper-cross" ,ld-wrapper-boot0)
("binutils-cross" ,binutils-boot0)
,@(alist-delete "binutils" %boot0-inputs)))
@ -356,6 +473,15 @@
(setenv "NATIVE_CPATH" (getenv "CPATH"))
(unsetenv "CPATH")
;; Tell 'libpthread' where to find 'libihash' on Hurd systems.
,@(if (string-match "i586-gnu" (%current-system))
`((substitute* "libpthread/Makefile"
(("LDLIBS-pthread.so =.*")
(string-append "LDLIBS-pthread.so = "
(assoc-ref %build-inputs "kernel-headers")
"/lib/libihash.a\n"))))
'())
;; 'rpcgen' needs native libc headers to be built.
(substitute* "sunrpc/Makefile"
(("sunrpc-CPPFLAGS =.*" all)
@ -363,7 +489,7 @@
"export CPATH\n"
all "\n"))))
,phases)))))
(propagated-inputs `(("kernel-headers" ,(linux-libre-headers-boot0))))
(propagated-inputs `(("kernel-headers" ,(kernel-headers-boot0))))
(native-inputs
`(("texinfo" ,texinfo-boot0)
("perl" ,perl-boot0)))
@ -372,6 +498,11 @@
;; it in $CPATH, hence the 'pre-configure' phase above.
,@%boot1-inputs
;; A native MiG is needed to build Glibc on Hurd.
,@(if (string-match "i586-gnu" (%current-system))
`(("mig" ,mig-boot0))
'())
;; A native GCC is needed to build `cross-rpcgen'.
("native-gcc" ,@(assoc-ref %boot0-inputs "gcc"))
@ -430,31 +561,6 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
("bash" ,bash)))
(inputs '())))
(define bison-boot1
;; XXX: This Bison is needed to rebuild Bash's parser, which is modified by
;; its CVE patches. Remove it when it's no longer needed.
(let* ((m4 (package-with-bootstrap-guile
(package-with-explicit-inputs m4 %boot0-inputs
(current-source-location)
#:guile %bootstrap-guile)))
(bison (package (inherit bison)
(propagated-inputs `(("m4" ,m4)))
(inputs '()) ;remove Flex...
(arguments
'(#:tests? #f ;... and thus disable tests
;; Zero timestamps in liby.a; this must be done
;; explicitly here because the bootstrap Binutils don't
;; do that (default is "cru".)
#:make-flags '("ARFLAGS=crD" "RANLIB=ranlib -D"
"V=1"))))))
(package
(inherit (package-with-bootstrap-guile
(package-with-explicit-inputs bison %boot0-inputs
(current-source-location)
#:guile %bootstrap-guile)))
(native-inputs `(("perl" ,perl-boot0))))))
(define static-bash-for-glibc
;; A statically-linked Bash to be used by GLIBC-FINAL in system(3) & co.
(let* ((gcc (cross-gcc-wrapper gcc-boot0 binutils-boot0
@ -468,23 +574,21 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
("libc" ,glibc-final-with-bootstrap-bash)
,@(fold alist-delete %boot1-inputs
'("gcc" "libc")))))
(package
(inherit (package-with-bootstrap-guile
(package-with-bootstrap-guile
(package-with-explicit-inputs bash inputs
(current-source-location)
#:guile %bootstrap-guile)))
(native-inputs `(("bison" ,bison-boot1))))))
#:guile %bootstrap-guile))))
(define gettext-boot0
;; A minimal gettext used during bootstrap.
(let ((gettext-minimal
(package (inherit gnu-gettext)
(package (inherit gettext-minimal)
(name "gettext-boot0")
(inputs '()) ;zero dependencies
(arguments
(substitute-keyword-arguments
`(#:tests? #f
,@(package-arguments gnu-gettext))
,@(package-arguments gettext-minimal))
((#:phases phases)
`(modify-phases ,phases
;; Build only the tools.
@ -527,7 +631,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
;; if 'allowed-references' were per-output.
(arguments
`(#:allowed-references
,(cons* `(,gcc-boot0 "lib") (linux-libre-headers-boot0)
,(cons* `(,gcc-boot0 "lib") (kernel-headers-boot0)
static-bash-for-glibc
(package-outputs glibc-final-with-bootstrap-bash))
@ -679,13 +783,11 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
(define bash-final
;; Link with `-static-libgcc' to make sure we don't retain a reference
;; to the bootstrap GCC.
(package
(inherit (package-with-bootstrap-guile
(package-with-bootstrap-guile
(package-with-explicit-inputs (static-libgcc-package bash)
%boot3-inputs
(current-source-location)
#:guile %bootstrap-guile)))
(native-inputs `(("bison" ,bison-boot1)))))
(define %boot4-inputs
;; Now use the final Bash.

View File

@ -2,6 +2,7 @@
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -24,6 +25,7 @@
#:use-module (gnu packages gcc)
#:use-module (gnu packages base)
#:use-module (gnu packages linux)
#:use-module (gnu packages hurd)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
@ -32,6 +34,7 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:use-module (ice-9 regex)
#:export (cross-binutils
cross-libc
cross-gcc))
@ -250,7 +253,7 @@ GCC that does not target a libc; otherwise, target that libc."
(native-inputs
`(("ld-wrapper-cross" ,(make-ld-wrapper
(string-append "ld-wrapper-" target)
#:target target
#:target (const target)
#:binutils xbinutils))
("binutils-cross" ,xbinutils)
@ -291,12 +294,12 @@ GCC that does not target a libc; otherwise, target that libc."
(files '("lib" "lib64")))))
(native-search-paths '())))
(define* (cross-libc target
(define* (cross-kernel-headers target
#:optional
(xgcc (cross-gcc target))
(xbinutils (cross-binutils target)))
"Return a libc cross-built for TARGET, a GNU triplet. Use XGCC and
XBINUTILS and the cross tool chain."
"Return headers depending on TARGET."
(define xlinux-headers
(package (inherit linux-libre-headers)
(name (string-append (package-name linux-libre-headers)
@ -319,7 +322,150 @@ XBINUTILS and the cross tool chain."
("cross-binutils" ,xbinutils)
,@(package-native-inputs linux-libre-headers)))))
(package (inherit glibc)
(define xgnumach-headers
(package (inherit gnumach-headers)
(name (string-append (package-name gnumach-headers)
"-cross-" target))
(native-inputs `(("cross-gcc" ,xgcc)
("cross-binutils" ,xbinutils)
,@(package-native-inputs gnumach-headers)))))
(define xmig
(package (inherit mig)
(name (string-append "mig-cross"))
(arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
(srfi srfi-26))
#:phases (alist-cons-before
'configure 'set-cross-headers-path
(lambda* (#:key inputs #:allow-other-keys)
(let* ((mach (assoc-ref inputs "cross-gnumach-headers"))
(cpath (string-append mach "/include")))
(for-each (cut setenv <> cpath)
'("CROSS_C_INCLUDE_PATH"
"CROSS_CPLUS_INCLUDE_PATH"
"CROSS_OBJC_INCLUDE_PATH"
"CROSS_OBJCPLUS_INCLUDE_PATH"))))
%standard-phases)
#:configure-flags (list ,(string-append "--target=" target))
,@(package-arguments mig)))
(propagated-inputs `(("cross-gnumach-headers" ,xgnumach-headers)))
(native-inputs `(("cross-gcc" ,xgcc)
("cross-binutils" ,xbinutils)
,@(package-native-inputs mig)))))
(define xhurd-headers
(package (inherit hurd-headers)
(name (string-append (package-name hurd-headers)
"-cross-" target))
(propagated-inputs `(("cross-mig" ,xmig)))
(native-inputs `(("cross-gcc" ,xgcc)
("cross-binutils" ,xbinutils)
("cross-mig" ,xmig)
,@(alist-delete "mig"(package-native-inputs hurd-headers))))))
(define xglibc/hurd-headers
(package (inherit glibc/hurd-headers)
(name (string-append (package-name glibc/hurd-headers)
"-cross-" target))
(arguments
(substitute-keyword-arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
(srfi srfi-26))
,@(package-arguments glibc/hurd-headers))
((#:phases phases)
`(alist-cons-before
'pre-configure 'set-cross-headers-path
(lambda* (#:key inputs #:allow-other-keys)
(let* ((mach (assoc-ref inputs "gnumach-headers"))
(hurd (assoc-ref inputs "hurd-headers"))
(cpath (string-append mach "/include:"
hurd "/include")))
(for-each (cut setenv <> cpath)
'("CROSS_C_INCLUDE_PATH"
"CROSS_CPLUS_INCLUDE_PATH"
"CROSS_OBJC_INCLUDE_PATH"
"CROSS_OBJCPLUS_INCLUDE_PATH"))))
,phases))))
(propagated-inputs `(("gnumach-headers" ,xgnumach-headers)
("hurd-headers" ,xhurd-headers)))
(native-inputs `(("cross-gcc" ,xgcc)
("cross-binutils" ,xbinutils)
("cross-mig" ,xmig)
,@(alist-delete "mig"(package-native-inputs glibc/hurd-headers))))))
(define xhurd-minimal
(package (inherit hurd-minimal)
(name (string-append (package-name hurd-minimal)
"-cross-" target))
(arguments
(substitute-keyword-arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
(srfi srfi-26))
,@(package-arguments hurd-minimal))
((#:phases phases)
`(alist-cons-before
'configure 'set-cross-headers-path
(lambda* (#:key inputs #:allow-other-keys)
(let* ((glibc-headers (assoc-ref inputs "cross-glibc-hurd-headers"))
(cpath (string-append glibc-headers "/include")))
(for-each (cut setenv <> cpath)
'("CROSS_C_INCLUDE_PATH"
"CROSS_CPLUS_INCLUDE_PATH"
"CROSS_OBJC_INCLUDE_PATH"
"CROSS_OBJCPLUS_INCLUDE_PATH"))))
,phases))))
(inputs `(("cross-glibc-hurd-headers" ,xglibc/hurd-headers)))
(native-inputs `(("cross-gcc" ,xgcc)
("cross-binutils" ,xbinutils)
("cross-mig" ,xmig)
,@(alist-delete "mig"(package-native-inputs hurd-minimal))))))
(define xhurd-core-headers
(package (inherit hurd-core-headers)
(name (string-append (package-name hurd-core-headers)
"-cross-" target))
(inputs `(("gnumach-headers" ,xgnumach-headers)
("hurd-headers" ,xhurd-headers)
("hurd-minimal" ,xhurd-minimal)))
(native-inputs `(("cross-gcc" ,xgcc)
("cross-binutils" ,xbinutils)
("cross-mig" ,xmig)
,@(package-native-inputs hurd-core-headers)))))
(match target
((or "i586-pc-gnu" "i586-gnu") xhurd-core-headers)
(_ xlinux-headers)))
(define* (cross-libc target
#:optional
(xgcc (cross-gcc target))
(xbinutils (cross-binutils target))
(xheaders (cross-kernel-headers target)))
"Return a libc cross-built for TARGET, a GNU triplet. Use XGCC and
XBINUTILS and the cross tool chain."
(define (cross-libc-for-target target)
"Return libc depending on TARGET."
(match target
((or "i586-pc-gnu" "i586-gnu") glibc/hurd)
(_ glibc/linux)))
;; Use (cross-libc-for-target ...) to determine the correct libc to use.
(let ((libc (cross-libc-for-target target)))
(package (inherit libc)
(name (string-append "glibc-cross-" target))
(arguments
(substitute-keyword-arguments
@ -336,7 +482,7 @@ XBINUTILS and the cross tool chain."
(guix build utils)
(srfi srfi-26))
,@(package-arguments glibc))
,@(package-arguments libc))
((#:configure-flags flags)
`(cons ,(string-append "--host=" target)
,flags))
@ -351,12 +497,14 @@ XBINUTILS and the cross tool chain."
"CROSS_CPLUS_INCLUDE_PATH"
"CROSS_OBJC_INCLUDE_PATH"
"CROSS_OBJCPLUS_INCLUDE_PATH"))
(setenv "CROSS_LIBRARY_PATH"
(string-append kernel "/lib")) ;for Hurd's libihash
#t))
,phases))))
;; Shadow the native "kernel-headers" because glibc's recipe expects the
;; "kernel-headers" input to point to the right thing.
(propagated-inputs `(("kernel-headers" ,xlinux-headers)))
(propagated-inputs `(("kernel-headers" ,xheaders)))
;; FIXME: 'static-bash' should really be an input, not a native input, but
;; to do that will require building an intermediate cross libc.
@ -364,8 +512,13 @@ XBINUTILS and the cross tool chain."
(native-inputs `(("cross-gcc" ,xgcc)
("cross-binutils" ,xbinutils)
,@(package-inputs glibc) ;FIXME: static-bash
,@(package-native-inputs glibc)))))
,@(if (string-match (or "i586-pc-gnu" "i586-gnu") target)
`(("cross-mig"
,@(assoc-ref (package-native-inputs xheaders)
"cross-mig")))
'())
,@(package-inputs libc) ;FIXME: static-bash
,@(package-native-inputs libc))))))
;;; Concrete cross tool chains are instantiated like this:

View File

@ -189,7 +189,7 @@ communication.")
#:directories? #t)))))
(build-system cmake-build-system)
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
;; Test dependencies.
("expect" ,expect)

View File

@ -40,23 +40,32 @@
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages tls))
;; Delay to avoid module circularity problems.
(define ghostscript/cups
(delay
(package (inherit ghostscript)
(name "ghostscript-with-cups")
(inputs `(("cups" ,cups-minimal)
,@(package-inputs ghostscript))))))
(define-public cups-filters
(package
(name "cups-filters")
(version "1.4.0")
(source (origin
(version "1.11.5")
(source(origin
(method url-fetch)
(uri
(string-append "http://openprinting.org/download/cups-filters/"
"cups-filters-" version ".tar.xz"))
(sha256
(base32
"16jpqqlixlv2dxqv8gak5qg4qnsnw4p745xr6rhw9dgylf13z9ha"))
"1hcp1cfx1a71aa6fyayajjh7vw1ia7zya6981gz73vsy2pdb23qf"))
(modules '((guix build utils)))
(snippet
;; install backends, banners and filters to cups-filters output
;; directory, not the cups server directory
'(substitute* "Makefile.in"
'(begin
(substitute* "Makefile.in"
(("CUPS_DATADIR = @CUPS_DATADIR@")
"CUPS_DATADIR = $(PREFIX)/share/cups")
(("pkgcupsserverrootdir = \\$\\(CUPS_SERVERROOT\\)")
@ -66,7 +75,12 @@
(("pkgbackenddir = \\$\\(CUPS_SERVERBIN\\)/backend")
"pkgbackenddir = $(PREFIX)/lib/cups/backend")
(("pkgfilterdir = \\$\\(CUPS_SERVERBIN\\)/filter")
"pkgfilterdir = $(PREFIX)/lib/cups/filter")))))
"pkgfilterdir = $(PREFIX)/lib/cups/filter"))
;; Find bannertopdf data such as the print test page in our
;; output directory, not CUPS's prefix.
(substitute* "configure"
(("\\{CUPS_DATADIR\\}/data")
"{prefix}/share/cups/data"))))))
(build-system gnu-build-system)
(arguments
`(#:make-flags (list (string-append "PREFIX=" %output))
@ -74,27 +88,32 @@
`(,(string-append "--with-test-font-path="
(assoc-ref %build-inputs "font-dejavu")
"/share/fonts/truetype/DejaVuSans.ttf")
,(string-append "--with-gs-path="
(assoc-ref %build-inputs "ghostscript")
"/bin/gsc")
,(string-append "--with-rcdir="
(assoc-ref %outputs "out") "/etc/rc.d"))))
(native-inputs
`(("glib" ,glib "bin") ; for gdbus-codegen
("pkg-config" ,pkg-config)))
(inputs
`(("fontconfig" ,fontconfig)
`(("avahi" ,avahi)
("fontconfig" ,fontconfig)
("freetype" ,freetype)
("font-dejavu" ,font-dejavu) ;needed by test suite
("ghostscript" ,ghostscript)
("ghostscript" ,(force ghostscript/cups))
("ijs" ,ijs)
("dbus" ,dbus)
("lcms" ,lcms)
("libjpeg-8" ,libjpeg-8)
("libpng" ,libpng)
("libtiff" ,libtiff)
("mupdf" ,mupdf)
("glib" ,glib)
("qpdf" ,qpdf)
("poppler" ,poppler)
("cups-minimal" ,cups-minimal)))
(home-page "http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters")
(home-page "https://wiki.linuxfoundation.org/openprinting/cups-filters")
(synopsis "OpenPrinting CUPS filters and backends")
(description
"Contains backends, filters, and other software that was once part of the
@ -116,14 +135,15 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
(define-public cups-minimal
(package
(name "cups-minimal")
(version "2.1.0")
(source (origin
(version "2.2.1")
(source
(origin
(method url-fetch)
(uri (string-append "http://www.cups.org/software/"
version "/cups-" version "-source.tar.bz2"))
(uri (string-append "https://github.com/apple/cups/releases/download/v"
version "/cups-" version "-source.tar.gz"))
(sha256
(base32
"1jfjqsw9l7jbn5kb9i96k0wj12kjdbgx0rd8157dif22hi0kh0ms"))))
"1m8rwhbk0l8n19iwm51r2569jj15d0x6mpqhfig0bk3pm4577f43"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
@ -151,7 +171,7 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
(inputs
`(("zlib" ,zlib)
("gnutls" ,gnutls)))
(home-page "http://www.cups.org")
(home-page "https://www.cups.org")
(synopsis "The Common Unix Printing System")
(description
"CUPS is a printing system that uses the Internet Printing
@ -178,16 +198,13 @@ device-specific programs to convert and print many types of files.")
'("--disable-launchd"
"--disable-systemd")
#:phases
(alist-cons-before
'configure
'patch-makedefs
(modify-phases %standard-phases
(add-before 'configure 'patch-makedefs
(lambda _
(substitute* "Makedefs.in"
(("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@")
(("/bin/sh") (which "sh"))))
(alist-cons-before
'check
'patch-tests
(("/bin/sh") (which "sh")))))
(add-before 'check 'patch-tests
(lambda _
(let ((filters (assoc-ref %build-inputs "cups-filters"))
(catpath (string-append
@ -244,10 +261,8 @@ device-specific programs to convert and print many types of files.")
(("cupsFileFind\\(\"cat\", \"/bin\"")
(string-append "cupsFileFind(\"cat\", \"" catpath "\""))
(("cupsFileFind\\(\"cat\", \"/bin:/usr/bin\"")
(string-append "cupsFileFind(\"cat\", \"" catpath "\"")))))
(alist-cons-after
'install
'install-cups-filters-symlinks
(string-append "cupsFileFind(\"cat\", \"" catpath "\""))))))
(add-after 'install 'install-cups-filters-symlinks
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))
(cups-filters (assoc-ref inputs "cups-filters")))
@ -292,8 +307,7 @@ device-specific programs to convert and print many types of files.")
(let ((data "/share/cups/data"))
(delete-file-recursively (string-append out data))
(symlink (string-append cups-filters data)
(string-append out data)))))
%standard-phases)))))
(string-append out data)))))))))
(inputs
`(("avahi" ,avahi)
("gnutls" ,gnutls)

View File

@ -41,14 +41,14 @@
(package
(name "curl")
(replacement curl-7.51.0)
(version "7.47.0")
(version "7.50.3")
(source (origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.lzma"))
(sha256
(base32
"1n284wdqzwb4bkmv0fnh36zl6lhlzy3clw2b7pn28kpgdy09ly7p"))))
"1spmk0345hq0sgpwxs8d410268lmg3wf1x9v23hxff7wxki5fm4c"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.2 MiB of man3 pages
@ -84,10 +84,6 @@
(lambda _
(substitute* "tests/runtests.pl"
(("/bin/sh") (which "sh")))
;; Test #1135 requires extern-scan.pl, which is not part of the
;; tarball due to a mistake. It has been fixed upstream. We can
;; simply disable the test as it is specific to VMS and OS/400.
(delete-file "tests/data/test1135")
;; XXX FIXME: Test #1510 seems to work on some machines and not
;; others, possibly based on the kernel version. It works on GuixSD

View File

@ -91,7 +91,7 @@
("python" ,python-2)
("autoconf" ,autoconf)
("automake" ,automake)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("libtool" ,libtool)
("pcre" ,pcre "bin") ;for 'pcre-config'
("pkg-config" ,pkg-config)))
@ -405,7 +405,24 @@ pictures, sounds, or video.")
#:configure-flags
(list (string-append "--with-bash-headers="
(assoc-ref %build-inputs "bash:include")
"/include/bash"))))
"/include/bash"))
#:phases (modify-phases %standard-phases
(add-before 'build 'set-bash4.4-header-location
(lambda _
(substitute* "bash/Makefile.in"
;; Adjust the header search path for Bash
;; 4.4 in accordance with 'bash.pc'.
(("AM_CPPFLAGS = (.*)$" _ rest)
(string-append "AM_CPPFLAGS = "
"-I$(BASH_HEADERS)/include "
rest))
;; Install to PREFIX/lib/bash to match Bash
;; 4.4's search path.
(("^libdir = .*$")
"libdir = @libdir@/bash\n"))
#t)))))
(native-inputs `(("emacs" ,emacs-minimal)
("bc" ,bc)
@ -490,7 +507,7 @@ for example from a shell script.")
(define-public sqlite
(package
(name "sqlite")
(version "3.12.2")
(version "3.14.1")
(source (origin
(method url-fetch)
;; TODO: Download from sqlite.org once this bug :
@ -521,15 +538,17 @@ for example from a shell script.")
))
(sha256
(base32
"1fwss0i2lixv39b27gkqiibdd2syym90wh3qbiaxnfgxk867f07x"))))
"19j73j44akqgc6m82wm98yvnmm3mfzmfqr8mp3n7n080d53q4wdw"))))
(build-system gnu-build-system)
(inputs `(("readline" ,readline)))
(arguments
`(#:configure-flags
;; Add -DSQLITE_SECURE_DELETE and -DSQLITE_ENABLE_UNLOCK_NOTIFY to
;; CFLAGS. GNU Icecat will refuse to use the system SQLite unless these
;; options are enabled.
'("CFLAGS=-O2 -DSQLITE_SECURE_DELETE -DSQLITE_ENABLE_UNLOCK_NOTIFY")))
;; Add -DSQLITE_SECURE_DELETE, -DSQLITE_ENABLE_UNLOCK_NOTIFY and
;; -DSQLITE_ENABLE_DBSTAT_VTAB to CFLAGS. GNU Icecat will refuse
;; to use the system SQLite unless these options are enabled.
(list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE "
"-DSQLITE_ENABLE_UNLOCK_NOTIFY "
"-DSQLITE_ENABLE_DBSTAT_VTAB"))))
(home-page "http://www.sqlite.org/")
(synopsis "The SQLite database management system")
(description

View File

@ -34,6 +34,14 @@
(base32
"1c5lv8qca21mndkx350wxv34qypqh6gb4rhzms4anr642clq3jg2"))))
(build-system python-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(replace 'check
(lambda _
(zero? (system* "py.test")))))))
(native-inputs
`(("python-pytest" ,python-pytest)))
(propagated-inputs
;; TODO: Add python-pam
`(("python-requests" ,python-requests)))

View File

@ -44,7 +44,13 @@
version ".tar.xz"))
(sha256
(base32
"13by0zimx90v2j8v7n4k9y3xwmh4q9jdc2f4f8yjs3x7f5bzm2pk"))))
"13by0zimx90v2j8v7n4k9y3xwmh4q9jdc2f4f8yjs3x7f5bzm2pk"))
(snippet
;; Upstream commit 89922fc.
'(substitute* "include/dico/markup.h"
(("const char \\*dico_markup_type;")
"extern const char *dico_markup_type;")))
(modules '((guix build utils)))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags (list (string-append "--with-guile-site-dir=" %output

View File

@ -72,7 +72,7 @@
("readline" ,readline)
("util-linux" ,util-linux)))
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
;; For the tests.
("perl" ,perl)
("python" ,python-2)))
@ -97,7 +97,7 @@ tables. It includes a library and command-line utility.")
"04nd7civ561x2lwcmxhsqbprml3178jfc58fy1v7hzqg5k4nbhy3"))))
(build-system gnu-build-system)
(inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("guile" ,guile-1.8)
("util-linux" ,util-linux)
("parted" ,parted)))
@ -123,7 +123,7 @@ tables, and it understands a variety of different formats.")
"1izazbyv5n2d81qdym77i8mg9m870hiydmq4d0s51npx5vp8lk46"))))
(build-system gnu-build-system)
(inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("ncurses" ,ncurses)
("popt" ,popt)
("util-linux" ,util-linux))) ; libuuid

View File

@ -145,7 +145,8 @@ with arguments to the field constructor.")
(("setuptools_scm==1.8.0") "setuptools_scm"))
#t)))))
(native-inputs
`(("python-setuptools-scm" ,python-setuptools-scm)))
`(("python-django" ,python-django)
("python-setuptools-scm" ,python-setuptools-scm)))
(inputs
`(("python-py" ,python-py)
("python-pytest" ,python-pytest)))
@ -175,6 +176,9 @@ useful tools for testing Django applications and projects.")
(base32
"0f78hmk8c903zwfzlsiw7ivgag81ymmb5hi73rzxbhnlg2v0l3fx"))))
(build-system python-build-system)
(native-inputs
`(("python-django" ,python-django)
("python-mock" ,python-mock)))
(home-page "https://django-filter.readthedocs.io/en/latest/")
(synopsis "Reusable Django application to filter querysets dynamically")
(description

View File

@ -126,7 +126,7 @@ and to some extent D.")
(build-system gnu-build-system)
(native-inputs
`(("flex" ,flex)
("gettext" ,gnu-gettext)))
("gettext" ,gettext-minimal)))
(home-page "http://docpp.sourceforge.net/")
(synopsis "Documentation system for C, C++, IDL, and Java")
(description

View File

@ -59,7 +59,7 @@
("zlib" ,zlib)
("qtserialport" ,qtserialport)
("qtscript" ,qtscript)
("gettext" ,gnu-gettext)))
("gettext" ,gettext-minimal)))
(native-inputs
`(("qtbase" ,qtbase) ;Qt MOC is needed at compile time
("qttools" ,qttools)

View File

@ -38,7 +38,8 @@
#:use-module (gnu packages libusb)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages texinfo))
#:use-module (gnu packages texinfo)
#:use-module (srfi srfi-1))
;; We must not use the released GCC sources here, because the cross-compiler
;; does not produce working binaries. Instead we take the very same SVN
@ -63,7 +64,13 @@
(sha256
(base32
"113r98kygy8rrjfv2pd3z6zlfzbj543pq7xyq8bgh72c608mmsbr"))
(patches (origin-patches (package-source xgcc)))))
;; Remove the one patch that doesn't apply to this 4.9 snapshot (the
;; patch is for 4.9.4 and later but this svn snapshot is older).
(patches (remove (lambda (patch)
(string=? (basename patch)
"gcc-arm-bug-71399.patch"))
(origin-patches (package-source xgcc))))))
(native-inputs
`(("flex" ,flex)
,@(package-native-inputs xgcc)))

View File

@ -238,8 +238,7 @@ optimizer; and it can produce photorealistic and design review images.")
(build-system gnu-build-system)
(native-inputs
`(("texlive" ,texlive)
("ghostscript" ,ghostscript)
("ghostscript" ,ghostscript-gs)))
("ghostscript" ,ghostscript)))
(arguments
`(#:make-flags '("CC=gcc" "RM=rm" "SHELL=sh" "all")
#:parallel-build? #f
@ -449,7 +448,7 @@ ready for production.")
`(("autoconf" ,autoconf)
("automake" ,automake)
("libtool" ,libtool)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("po4a" ,po4a)
("pkg-config" ,pkg-config)))
(inputs

View File

@ -209,7 +209,7 @@ Libraries with some extra bells and whistles.")
(arguments
`(#:configure-flags '("--enable-mount-eeze")))
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(inputs
`(("alsa-lib" ,alsa-lib)

View File

@ -70,7 +70,7 @@
(inputs
`(("dbus" ,dbus)
("enchant" ,enchant)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("gtk2" ,gtk+-2)
("gtk3" ,gtk+)
("icu4c" ,icu4c)

View File

@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -27,14 +28,14 @@
(define-public file
(package
(name "file")
(version "5.25")
(version "5.28")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.astron.com/pub/file/file-"
version ".tar.gz"))
(sha256
(base32
"1jhfi5mivdnqvry5la5q919l503ahwdwbf3hjhiv97znccakhd9p"))))
"04p0w9ggqq6cqvwhyni0flji1z0rwrz896hmhkxd2mc6dca5xjqf"))))
(build-system gnu-build-system)
;; When cross-compiling, this package depends upon a native install of

View File

@ -36,6 +36,7 @@
(method url-fetch)
(uri (string-append "mirror://sourceforge/flex/flex-"
version ".tar.bz2"))
(patches (search-patches "flex-CVE-2016-6354.patch"))
(sha256
(base32
"1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4"))))

View File

@ -11,6 +11,7 @@
;;; Copyright © 2016 Jookia <166291@gmail.com>
;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Dmitry Nikolaev <cameltheman@gmail.com>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;;
;;; This file is part of GNU Guix.
@ -128,7 +129,7 @@ TrueType (TTF) files.")
(define-public font-dejavu
(package
(name "font-dejavu")
(version "2.35")
(version "2.37")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/dejavu/dejavu/"
@ -136,7 +137,7 @@ TrueType (TTF) files.")
version ".tar.bz2"))
(sha256
(base32
"122d35y93r820zhi6d7m9xhakdib10z51v63lnlg67qhhrardmzn"))))
"1mqpds24wfs5cmfhj57fsfs07mji2z8812i5c4pi5pbi738s977s"))))
(build-system trivial-build-system)
(arguments
`(#:modules ((guix build utils))

View File

@ -223,15 +223,14 @@ fonts to/from the WOFF2 format.")
(define-public fontconfig
(package
(name "fontconfig")
(replacement fontconfig/fixed)
(version "2.11.94")
(version "2.12.1")
(source (origin
(method url-fetch)
(uri (string-append
"https://www.freedesktop.org/software/fontconfig/release/fontconfig-"
version ".tar.bz2"))
(sha256 (base32
"1psrl4b4gi4wmbvwwh43lk491wsl8lgvqj146prlcha3vwjc0qyp"))))
"1wy7svvp7df6bjpg1m5vizb3ngd7rhb20vpclv3x3qa71khs6jdl"))))
(build-system gnu-build-system)
(propagated-inputs `(("expat" ,expat)
("freetype" ,freetype)))
@ -276,13 +275,6 @@ high quality, anti-aliased and subpixel rendered text on a display.")
"See COPYING in the distribution."))
(home-page "http://www.freedesktop.org/wiki/Software/fontconfig")))
(define fontconfig/fixed
(package
(inherit fontconfig)
(source (origin
(inherit (package-source fontconfig))
(patches (search-patches "fontconfig-CVE-2016-5384.patch"))))))
(define-public t1lib
(package
(name "t1lib")
@ -529,7 +521,7 @@ definitions.")
(inputs `(("cairo" ,cairo)
("fontconfig" ,fontconfig) ;dlopen'd
("freetype" ,freetype)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("glib" ,glib) ;needed for pango detection
("libICE" ,libice)
("libSM" ,libsm)

View File

@ -191,7 +191,7 @@ the freedesktop.org XDG Base Directory specification.")
"/libexec/elogind/elogind\n"))))))))
(native-inputs
`(("intltool" ,intltool)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("docbook-xsl" ,docbook-xsl)
("docbook-xml" ,docbook-xml)
("xsltproc" ,libxslt)

View File

@ -161,7 +161,7 @@ representation of the playing board.")
("libx11" ,libx11)
("guile" ,guile-2.0)
("gtkglext" ,gtkglext)))
(native-inputs `(("gettext" ,gnu-gettext)
(native-inputs `(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(home-page "https://www.gnu.org/software/gnubik/")
(synopsis "3d Rubik's cube game")
@ -360,7 +360,7 @@ interface or via an external visual interface such as GNU XBoard.")
"08c51imfjfcydm7h0va09z8qfw5nc837bi2x754ni2z737hb5kw2"))))
(build-system gnu-build-system)
(arguments `(#:configure-flags '("--disable-embedded-resources")))
(native-inputs `(("gettext" ,gnu-gettext)
(native-inputs `(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(inputs `(("sdl" ,sdl)
("sdl-image" ,sdl-image)
@ -731,7 +731,7 @@ match, cannon keep, and grave-itation pit.")
("freetype" ,(@ (gnu packages fontutils) freetype))
("curl" ,curl)
("luajit" ,luajit)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("sqlite" ,sqlite)))
(propagated-inputs
`(("minetest-data" ,minetest-data)))
@ -1104,7 +1104,7 @@ falling, themeable graphics and sounds, and replays.")
;; cc1plus: all warnings being treated as errors
'("-DENABLE_STRICT_COMPILATION=OFF")))
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(inputs
`(("boost" ,boost)
@ -2620,7 +2620,7 @@ safety of the Chromium vessel.")
(inputs
`(("cairo" ,cairo)
("fribidi" ,fribidi)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("libpng" ,libpng)
("librsvg" ,librsvg)
("libpaper" ,libpaper)
@ -2716,7 +2716,7 @@ with the \"Stamp\" tool within Tux Paint.")
"1z12s46mvy87qs3vgq9m0ki9pp21zqc52mmgphahpihw3s7haf6v"))))
(build-system gnu-build-system)
(native-inputs
`(("gettext" ,gnu-gettext)))
`(("gettext" ,gettext-minimal)))
(inputs
`(("fltk" ,fltk)
("libpaper" ,libpaper)

View File

@ -29,20 +29,19 @@
(define-public gawk
(package
(name "gawk")
(version "4.1.3")
(version "4.1.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gawk/gawk-" version
".tar.xz"))
(sha256
(base32 "09d6pmx6h3i2glafm0jd1v1iyrs03vcyv2rkz12jisii3vlmbkz3"))
(patches (search-patches "gawk-fts-test.patch"))))
(base32 "0rn2mmjxm767zliqzd67j7h2ncjn4j0321c60y9fy3grs3i89qak"))))
(build-system gnu-build-system)
(arguments
`(#:parallel-tests? #f ; test suite fails in parallel
#:phases (alist-cons-before
'configure 'set-shell-file-name
#:phases (modify-phases %standard-phases
(add-before 'configure 'set-shell-file-name
(lambda* (#:key inputs #:allow-other-keys)
;; Refer to the right shell.
(let ((bash (assoc-ref inputs "bash")))
@ -51,15 +50,28 @@
(string-append bash "/bin/bash")))
;; When cross-compiling, remove dependencies on the
;; `check-for-shared-lib-support' target, which tries to
;; run the cross-built `gawk'.
;; `check-for-shared-lib-support' target, which tries
;; to run the cross-built `gawk'.
,@(if (%current-target-system)
'((substitute* "extension/Makefile.in"
(("^.*: check-for-shared-lib-support" match)
(string-append "### " match))))
'())))
'()))))
(add-before 'check 'adjust-test-infrastructure
(lambda _
;; Remove dependency on 'more' (from util-linux), which
;; would needlessly complicate bootstrapping.
(substitute* "test/Makefile"
(("\\| more") ""))
;; Adjust the shebang in that file since it is then diff'd
;; against the actual test output.
(substitute* "test/watchpoint1.ok"
(("#! /usr/bin/gawk")
(string-append "#!" (which "gawk"))))
#t)))))
%standard-phases)))
(inputs `(("libsigsegv" ,libsigsegv)
,@(if (%current-target-system)

View File

@ -3,7 +3,7 @@
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -40,6 +40,7 @@
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
#:use-module (guix utils)
#:use-module (srfi srfi-1)
#:use-module (ice-9 regex))
(define %gcc-infrastructure
@ -154,7 +155,8 @@ where the OS part is overloaded to denote a specific ABI---into GCC
("zlib" ,zlib)))
;; GCC < 5 is one of the few packages that doesn't ship .info files.
(native-inputs `(("texinfo" ,texinfo)))
;; Newer texinfos fail to build the manual, so we use an older one.
(native-inputs `(("texinfo" ,texinfo-5)))
(arguments
`(#:out-of-source? #t
@ -331,29 +333,31 @@ Go. It also includes runtime support libraries for these languages.")
(patches (search-patches "gcc-arm-link-spec-fix.patch"))))))
(define-public gcc-4.9
(package (inherit gcc-4.8)
(version "4.9.3")
(package (inherit gcc-4.7)
(version "4.9.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gcc/gcc-"
version "/gcc-" version ".tar.bz2"))
(sha256
(base32
"0zmnm00d2a1hsd41g34bhvxzvxisa2l584q3p447bd91lfjv4ci3"))
(patches (search-patches "gcc-libvtv-runpath.patch"))))))
"14l06m7nvcvb0igkbip58x59w3nq6315k6jcz3wr9ch1rn9d44bc"))
(patches (search-patches "gcc-arm-bug-71399.patch"
"gcc-libvtv-runpath.patch"))))
(native-inputs `(("texinfo" ,texinfo)))))
(define-public gcc-5
;; Note: GCC >= 5 ships with .info files but 'make install' fails to install
;; them in a VPATH build.
(package (inherit gcc-4.9)
(version "5.3.0")
(version "5.4.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gcc/gcc-"
version "/gcc-" version ".tar.bz2"))
(sha256
(base32
"1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq"))
"0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0"))
(patches (search-patches "gcc-strmov-store-file-names.patch"
"gcc-5.0-libvtv-runpath.patch"))))))
@ -726,7 +730,8 @@ as the 'native-search-paths' field."
name "-" version ".tar.gz")))
(sha256
(base32
"13d9cqa5rzhbjq0xf0b2dyxag7pqa72xj9dhsa03m8ccr1a4npq9"))))
"13d9cqa5rzhbjq0xf0b2dyxag7pqa72xj9dhsa03m8ccr1a4npq9"))
(patches (search-patches "isl-0.11.1-aarch64-support.patch"))))
(build-system gnu-build-system)
(inputs `(("gmp" ,gmp)))
(home-page "http://isl.gforge.inria.fr/")

View File

@ -3,6 +3,7 @@
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -27,28 +28,23 @@
#:use-module (guix build-system gnu)
#:use-module (guix build-system perl)
#:use-module (gnu packages docbook)
#:use-module (gnu packages emacs)
#:use-module (gnu packages perl)
#:use-module (gnu packages tex)
#:use-module (gnu packages xml))
#:use-module (gnu packages xml)
#:use-module (guix utils))
;; Use that name to avoid clashes with Guile's 'gettext' procedure.
;;
;; We used to resort to #:renamer on the user side, but that prevented
;; circular dependencies involving (gnu packages gettext). This is because
;; 'resolve-interface' (as of Guile 2.0.9) iterates eagerly over the used
;; module when there's a #:renamer, and that module may be empty at that point
;; in case or circular dependencies.
(define-public gnu-gettext
(define-public gettext-minimal
(package
(name "gettext")
(version "0.19.8")
(name "gettext-minimal")
(version "0.19.8.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gettext/gettext-"
version ".tar.gz"))
(sha256
(base32
"13ylc6n3hsk919c7xl0yyibc3pfddzb53avdykn4hmk8g6yzd91x"))))
"0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;8 MiB of HTML
@ -90,15 +86,41 @@
;; When tests fail, we want to know the details.
#:make-flags '("VERBOSE=yes")))
(home-page "http://www.gnu.org/software/gettext/")
(synopsis "Tools and documentation for translation")
(synopsis
"Tools and documentation for translation (used to build other packages)")
(description
"GNU Gettext is a package providing a framework for translating the
textual output of programs into multiple languages. It provides translators
with the means to create message catalogs, as well as an Emacs mode to work
with them, and a runtime library to load translated messages from the
catalogs. Nearly all GNU packages use Gettext.")
with the means to create message catalogs, and a runtime library to load
translated messages from the catalogs. Nearly all GNU packages use Gettext.")
(license gpl3+))) ;some files are under GPLv2+
;; Use that name to avoid clashes with Guile's 'gettext' procedure.
;;
;; We used to resort to #:renamer on the user side, but that prevented
;; circular dependencies involving (gnu packages gettext). This is because
;; 'resolve-interface' (as of Guile 2.0.9) iterates eagerly over the used
;; module when there's a #:renamer, and that module may be empty at that point
;; in case or circular dependencies.
(define-public gnu-gettext
(package
(inherit gettext-minimal)
(name "gettext")
(arguments
(substitute-keyword-arguments (package-arguments gettext-minimal)
((#:phases phases)
`(modify-phases ,phases
(add-after 'install 'add-emacs-autoloads
(lambda* (#:key outputs #:allow-other-keys)
;; Make 'po-mode' and other things available by default.
(with-directory-excursion
(string-append (assoc-ref outputs "out")
"/share/emacs/site-lisp")
(symlink "start-po.el" "gettext-autoloads.el")
#t)))))))
(native-inputs `(("emacs" ,emacs-minimal))) ; for Emacs tools
(synopsis "Tools and documentation for translation")))
(define-public po4a
(package
(name "po4a")
@ -140,7 +162,7 @@ catalogs. Nearly all GNU packages use Gettext.")
(find-files bin "\\.*$"))
#t))))))
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("perl-module-build" ,perl-module-build)
("docbook-xsl" ,docbook-xsl)
("docbook-xml" ,docbook-xml) ;for tests

View File

@ -127,7 +127,6 @@ printing, and psresize, for adjusting page sizes.")
(package
(name "ghostscript")
(version "9.14.0")
(replacement ghostscript/fixed)
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-"
@ -135,7 +134,12 @@ printing, and psresize, for adjusting page sizes.")
(sha256
(base32
"0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1"))
(patches (search-patches "ghostscript-CVE-2015-3228.patch"
(patches (search-patches "ghostscript-CVE-2013-5653.patch"
"ghostscript-CVE-2015-3228.patch"
"ghostscript-CVE-2016-7976.patch"
"ghostscript-CVE-2016-7978.patch"
"ghostscript-CVE-2016-7979.patch"
"ghostscript-CVE-2016-8602.patch"
"ghostscript-runpath.patch"))
(modules '((guix build utils)))
(snippet
@ -183,7 +187,12 @@ printing, and psresize, for adjusting page sizes.")
(number->string (parallel-job-count))))))
(replace 'install
(lambda _
(zero? (system* "make" "soinstall")))))))
(zero? (system* "make" "soinstall"))))
(add-after 'install 'create-gs-symlink
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
;; some programs depend on having a 'gs' binary available
(symlink "gsc" (string-append out "/bin/gs"))))))))
(synopsis "PostScript and PDF interpreter")
(description
"Ghostscript is an interpreter for the PostScript language and the PDF
@ -194,61 +203,13 @@ output file formats and printers.")
(home-page "http://www.gnu.org/software/ghostscript/")
(properties '((upstream-name . "gnu-ghostscript")))))
(define ghostscript/fixed
(package
(inherit ghostscript)
(replacement #f) ; Prevent ghostscript/x from inheriting the replacement
(source (origin
(inherit (package-source ghostscript))
(patches (search-patches "ghostscript-CVE-2013-5653.patch"
"ghostscript-CVE-2015-3228.patch"
"ghostscript-CVE-2016-7976.patch"
"ghostscript-CVE-2016-7978.patch"
"ghostscript-CVE-2016-7979.patch"
"ghostscript-CVE-2016-8602.patch"
"ghostscript-runpath.patch"))))))
(define-public ghostscript/x
(package (inherit ghostscript/fixed)
(package (inherit ghostscript)
(name (string-append (package-name ghostscript) "-with-x"))
(inputs `(("libxext" ,libxext)
("libxt" ,libxt)
,@(package-inputs ghostscript)))))
(define (ghostscript-wrapper name ghostscript)
;; Return a GHOSTSCRIPT wrapper that provides the 'gs' command.
;; See <https://lists.gnu.org/archive/html/guix-devel/2016-07/msg00987.html>.
(package
(name name)
(version (package-version ghostscript))
(source #f)
(build-system trivial-build-system)
(inputs `(("ghostscript" ,ghostscript)))
(arguments
`(#:modules ((guix build utils))
#:builder (begin
(use-modules (guix build utils))
(let* ((out (assoc-ref %outputs "out"))
(bin (string-append out "/bin"))
(gs (assoc-ref %build-inputs "ghostscript")))
(mkdir-p bin)
(with-directory-excursion bin
(symlink (string-append gs "/bin/gsc") "gs")
#t)))))
(synopsis "Wrapper providing Ghostscript's 'gs' command")
(description
"This package provides the @command{gs} command, which used to be
provided by Ghostscript itself and no longer is.")
(license (package-license ghostscript))
(home-page (package-home-page ghostscript))))
(define-public ghostscript-gs
(ghostscript-wrapper "ghostscript-gs" ghostscript))
(define-public ghostscript-gs/x
(ghostscript-wrapper "ghostscript-gs-with-x" ghostscript/x))
(define-public ijs
(package
(name "ijs")

View File

@ -41,7 +41,7 @@
"12rc6zaa7kb60b9744lbrlfkxxfniprm6x0mispv63h4kh75navh"))))
(build-system gnu-build-system)
(inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("gtk+" ,gtk+-2)
("libice" ,libice)
("libsm" ,libsm)))

View File

@ -2,7 +2,7 @@
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2013 Joshua Grant <tadni@riseup.net>
;;; Copyright © 2014, 2016 David Thompson <davet@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;;
@ -22,6 +22,7 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages gl)
#:use-module (gnu packages)
#:use-module (gnu packages autotools)
#:use-module (gnu packages bison)
#:use-module (gnu packages documentation)
@ -195,7 +196,7 @@ also known as DXTn or DXTC) for Mesa.")
(define-public mesa
(package
(name "mesa")
(version "11.0.9")
(version "12.0.1")
(source
(origin
(method url-fetch)
@ -203,44 +204,59 @@ also known as DXTn or DXTC) for Mesa.")
version "/mesa-" version ".tar.xz"))
(sha256
(base32
"009b3nq8ly5nzy9cxi9cxf4qasrhggjz0v0q87rwq5kaqvqjy9m1"))))
"12b3i59xdn2in2hchrkgh4fwij8zhznibx976l3pdj3qkyvlzcms"))))
(build-system gnu-build-system)
(propagated-inputs
`(("glproto" ,glproto)
;; The following are in the Requires.private field of gl.pc.
("libdrm" ,libdrm)
("libvdpau" ,libvdpau)
("libx11" ,libx11)
("libxdamage" ,libxdamage)
("libxfixes" ,libxfixes)
("libxshmfence" ,libxshmfence)
("libxxf86vm" ,libxxf86vm)))
;; TODO: Add vdpau.
(inputs
`(("udev" ,eudev)
`(("expat" ,expat)
("dri2proto" ,dri2proto)
("dri3proto" ,dri3proto)
("presentproto" ,presentproto)
("expat" ,expat)
("libva" ,(force libva-without-mesa))
("libxml2" ,libxml2)
;; TODO: Add 'libxml2-python' for OpenGL ES 1.1 and 2.0 support
("libxvmc" ,libxvmc)
("makedepend" ,makedepend)
("s2tc" ,s2tc)))
("presentproto" ,presentproto)
("s2tc" ,s2tc)
("udev" ,eudev)
("wayland" ,wayland)))
(native-inputs
`(("pkg-config" ,pkg-config)))
`(("pkg-config" ,pkg-config)
("python" ,python-2)
;; XXX To prevent a large number of rebuilds on other systems,
;; apply the following patch on MIPS systems only. In the next
;; core-updates cycle, this patch could be applied on all platforms.
,@(if (string-prefix? "mips" (or (%current-target-system)
(%current-system)))
`(("mips-patch"
,(search-patch "mesa-wayland-egl-symbols-check-mips.patch")))
'())))
(arguments
`(#:configure-flags
'(;; drop r300 from default gallium drivers, as it requires llvm
"--with-gallium-drivers=r600,svga,swrast,nouveau"
"--with-gallium-drivers=r600,svga,swrast,nouveau,virgl"
;; Enable various optional features. TODO: opencl requires libclc,
;; omx requires libomxil-bellagio
"--with-egl-platforms=x11,drm"
"--with-egl-platforms=x11,drm,wayland"
"--enable-glx-tls" ;Thread Local Storage, improves performance
;; "--enable-opencl"
;; "--enable-omx"
"--enable-osmesa"
"--enable-xa"
;; features required by wayland
"--enable-gles2"
"--enable-gbm"
"--enable-shared-glapi"
;; on non-intel systems, drop i915 and i965
;; from the default dri drivers
@ -249,12 +265,26 @@ also known as DXTn or DXTC) for Mesa.")
'())
(_
'("--with-dri-drivers=nouveau,r200,radeon,swrast"))))
#:phases (alist-cons-after
#:phases
(modify-phases %standard-phases
;; Add an 'apply-mips-patch' phase conditionally (see above.)
,@(if (string-prefix? "mips" (or (%current-target-system)
(%current-system)))
`((add-after 'unpack 'apply-mips-patch
(lambda* (#:key inputs #:allow-other-keys)
(let ((patch (assoc-ref inputs "mips-patch")))
(zero? (system* "patch" "-p1" "--force"
"--input" patch))))))
'())
(add-after
'unpack 'patch-create_test_cases
(lambda _
(substitute* "src/glsl/tests/lower_jumps/create_test_cases.py"
(("/usr/bin/env bash") (which "bash"))))
(alist-cons-before
(substitute* "src/compiler/glsl/tests/lower_jumps/create_test_cases.py"
(("/usr/bin/env bash") (which "bash")))
(substitute* "src/intel/genxml/gen_pack_header.py"
(("/usr/bin/env python2") (which "python")))))
(add-before
'build 'fix-dlopen-libnames
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((s2tc (assoc-ref inputs "s2tc"))
@ -282,8 +312,7 @@ also known as DXTn or DXTC) for Mesa.")
;; it's never installed since Mesa removed its
;; egl_gallium support.
(("\"gbm_dri\\.so")
(string-append "\"" out "/lib/dri/gbm_dri.so")))))
%standard-phases))))
(string-append "\"" out "/lib/dri/gbm_dri.so")))))))))
(home-page "http://mesa3d.org/")
(synopsis "OpenGL implementation")
(description "Mesa is a free implementation of the OpenGL specification -
@ -459,11 +488,12 @@ OpenGL graphics API.")
"1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037"))))
(arguments
`(#:phases
(alist-cons-after
(modify-phases %standard-phases
(add-after
'unpack 'autoreconf
(lambda _
(zero? (system* "autoreconf" "-vif")))
(alist-cons-before
(zero? (system* "autoreconf" "-vif"))))
(add-before
'configure 'patch-paths
(lambda* (#:key inputs #:allow-other-keys)
(let ((python (assoc-ref inputs "python"))
@ -483,8 +513,7 @@ OpenGL graphics API.")
'((substitute* '"test/dlwrap.c"
(("\"GLIBC_2\\.0\"") "\"GLIBC_2.0\", \"GLIBC_2.4\"")))
'())
#t))
%standard-phases))))
#t))))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,autoconf)

View File

@ -65,7 +65,7 @@
(package
(name "dbus")
(replacement dbus-1.10.12)
(version "1.10.8")
(version "1.10.10")
(source (origin
(method url-fetch)
(uri (string-append
@ -73,7 +73,7 @@
version ".tar.gz"))
(sha256
(base32
"0560y3hxpgh346w6avcrcz79c8ansmn771y5xpcvvlr6m8mx5wxs"))
"0hwsfczhx2djmc9116vj5v230i7gpjihwh3vbljs1ldlk831v3wx"))
(patches (search-patches "dbus-helper-search-path.patch"))))
(build-system gnu-build-system)
(arguments
@ -150,7 +150,7 @@ shared NFS home directories.")
(define glib
(package
(name "glib")
(version "2.48.0")
(version "2.48.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/"
@ -158,7 +158,7 @@ shared NFS home directories.")
name "-" version ".tar.xz"))
(sha256
(base32
"0d3w2hblrw7vvpx60l1kbvb830ygn3v8zhwdz65cc5593j9ycjvl"))
"1x6kwrk1zyd3csv0ca3pmwc4bnkc33agn95cds15h6nbi4apappj"))
(patches (search-patches "glib-tests-timer.patch"))))
(build-system gnu-build-system)
(outputs '("out" ; everything
@ -172,7 +172,7 @@ shared NFS home directories.")
("zlib" ,zlib)
("tzdata" ,tzdata))) ; for tests/gdatetime.c
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("dbus" ,dbus) ; for GDBus tests
("pkg-config" ,pkg-config)
("python" ,python-wrapper)
@ -362,7 +362,7 @@ bindings to call into the C library.")
(propagated-inputs
`(;; Propagate gettext because users expect it to be there, and so does
;; the `intltool-update' script.
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("perl-xml-parser" ,perl-xml-parser)
("perl" ,perl)))
@ -443,7 +443,7 @@ translated.")
(define dbus-glib
(package
(name "dbus-glib")
(version "0.104")
(version "0.106")
(source (origin
(method url-fetch)
(uri
@ -451,7 +451,7 @@ translated.")
version ".tar.gz"))
(sha256
(base32
"1xi1v1msz75qs0s4lkyf1psrksdppa3hwkg0mznc6gpw5flg3hdz"))))
"0in0i6v68ixcy0ip28i84hdczf10ykq9x682qgcvls6gdmq552dk"))))
(build-system gnu-build-system)
(propagated-inputs ; according to dbus-glib-1.pc
`(("dbus" ,dbus)

View File

@ -243,7 +243,7 @@ commonly used macros.")
(define-public gnome-desktop
(package
(name "gnome-desktop")
(version "3.20.1")
(version "3.20.2")
(source
(origin
(method url-fetch)
@ -252,7 +252,7 @@ commonly used macros.")
name "-" version ".tar.xz"))
(sha256
(base32
"0h6185lmkaf49dr43pb6gsb9yi25rc32n7dq5186hwln38mppb3f"))))
"1cp2c6q1ybirfq6rqyfj5lr5vyqdizy730bfg5jqnflcmakjsb29"))))
(build-system gnu-build-system)
(native-inputs
`(("gobject-introspection" ,gobject-introspection)
@ -465,7 +465,7 @@ forgotten when the session ends.")
(define-public evince
(package
(name "evince")
(version "3.20.0")
(version "3.20.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -473,7 +473,7 @@ forgotten when the session ends.")
name "-" version ".tar.xz"))
(sha256
(base32
"1052lm4i5qq27sgk6ck5xc1cxh0qx4zzhifjhmzjlv38afj5i0yg"))))
"0m80s98k4i463dclpyk01fqb91cawbb6vvcz5vq2974k6qqc4ypw"))))
(build-system glib-or-gtk-build-system)
(arguments
`(#:configure-flags '("--disable-nautilus")
@ -481,7 +481,15 @@ forgotten when the session ends.")
;; FIXME: Tests fail with:
;; ImportError: No module named gi.repository
;; Where should that module come from?
#:tests? #f))
#:tests? #f
#:phases
(modify-phases %standard-phases
(add-before 'install 'skip-gtk-update-icon-cache
;; Don't create 'icon-theme.cache'.
(lambda _
(substitute* "data/Makefile"
(("gtk-update-icon-cache") "true"))
#t)))))
(inputs
`(("libspectre" ,libspectre)
("djvulibre" ,djvulibre)
@ -638,9 +646,14 @@ update-desktop-database: updates the database containing a cache of MIME types
(base32
"0fjh9qmmgj34zlgxb09231ld7khys562qxbpsjlaplq2j85p57im"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
;; Don't create 'icon-theme.cache'.
(let* ((coreutils (assoc-ref %build-inputs "coreutils"))
(true (string-append coreutils "/bin/true")))
(list (string-append "GTK_UPDATE_ICON_CACHE=" true)))))
(native-inputs
`(("gtk+" ,gtk+) ; for gtk-update-icon-cache
("icon-naming-utils" ,icon-naming-utils)
`(("icon-naming-utils" ,icon-naming-utils)
("intltool" ,intltool)
("pkg-config" ,pkg-config)))
(home-page "http://art.gnome.org/")
@ -662,7 +675,9 @@ update-desktop-database: updates the database containing a cache of MIME types
name "-" version ".tar.xz"))
(sha256
(base32
"0ddfwwqx8s63qbqimmbb015lqsab4s0rvy1j81jdsh7k95rqh2ks"))))))
"0ddfwwqx8s63qbqimmbb015lqsab4s0rvy1j81jdsh7k95rqh2ks"))))
(native-inputs
`(("gtk-encode-symbolic-svg" ,gtk+ "bin")))))
(define-public shared-mime-info
(package
@ -890,7 +905,7 @@ XML/CSS rendering engine.")
(define-public libgsf
(package
(name "libgsf")
(version "1.14.36")
(version "1.14.40")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -898,7 +913,7 @@ XML/CSS rendering engine.")
name "-" version ".tar.xz"))
(sha256
(base32
"0h19ssxzz0cmznwga2xy55kjibm24mwxqarnpd0w7xy0hrzm1dvi"))))
"1q2i5p9s5zw0y0502risykrzkfma7p24n3mmh244scjy9f4kh1im"))))
(build-system gnu-build-system)
(native-inputs
`(("intltool" ,intltool)
@ -923,7 +938,7 @@ dealing with different structured file formats.")
(define-public librsvg
(package
(name "librsvg")
(version "2.40.15")
(version "2.40.16")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -931,7 +946,7 @@ dealing with different structured file formats.")
name "-" version ".tar.xz"))
(sha256
(base32
"1x05vd2llpmskq3prkp7kbpmshmpp9whj4kfl99ybipf4fhw9jnr"))))
"0bpz6gsq8xi1pb5k9ax6vinph460v14znch3y5yz167s0dmwz2yl"))))
(build-system gnu-build-system)
(arguments
`(#:phases
@ -1115,7 +1130,8 @@ use in GNOME applications, built on top of CORBA.")
(synopsis "Store application preferences")
(description "Gconf is a system for storing application preferences. It
is intended for user preferences; not arbitrary data storage.")
(license license:lgpl2.0+)))
(license license:lgpl2.0+)
(properties '((upstream-name . "GConf")))))
(define-public gnome-mime-data
@ -1478,14 +1494,14 @@ controls using the Bonobo component framework.")
(define-public libwnck
(package
(name "libwnck")
(version "3.14.1")
(version "3.20.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32 "1ymya8gkjygvg0i901wr3q6ihfqxx5yf4g4pb6fag2iw8af3qr5v"))))
(base32 "0wms3hli6y0b9l3cszq6maqi6fyy6kss9gryvzgmhw27phb3gc0w"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
@ -1524,14 +1540,14 @@ Hints specification (EWMH).")
(define-public goffice
(package
(name "goffice")
(version "0.10.28")
(version "0.10.32")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32 "12rsgxrixkfpk420gv026i74pnlgqjzsvm6vffrmih54w46hd3q6"))))
(base32 "1hvs5558x98yzm43dc3f93v596x45lfmv1vkp4jjgfagynlpvcq2"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;4.1 MiB of gtk-doc
@ -1589,7 +1605,7 @@ Hints specification (EWMH).")
(define-public gnumeric
(package
(name "gnumeric")
(version "1.12.31")
(version "1.12.32")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -1597,7 +1613,7 @@ Hints specification (EWMH).")
name "-" version ".tar.xz"))
(sha256
(base32
"1rvadlgikklwb6rccqc3rlhqv3m9qx27rchm7znxr062fn7fgb68"))))
"1s3dxvdwzmppsp2dfg90rccilf4hknhwjdy7lazr9sys58zchyx0"))))
(build-system glib-or-gtk-build-system)
(arguments
`(;; The gnumeric developers don't worry much about failing tests.
@ -1648,7 +1664,7 @@ engineering.")
(define-public gnome-themes-standard
(package
(name "gnome-themes-standard")
(version "3.20")
(version "3.20.2")
(source
(origin
(method url-fetch)
@ -1657,8 +1673,14 @@ engineering.")
version ".tar.xz"))
(sha256
(base32
"1p1vvmzfky1ax3yv9ld10xgqwydhmglxpgq3skrfc4539nrq9phw"))))
"05br99z67f82i18nljpxnwssfnaqp7mph61w3hq0i44z5i5rq3cx"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
;; Don't create 'icon-theme.cache'.
(let* ((coreutils (assoc-ref %build-inputs "coreutils"))
(true (string-append coreutils "/bin/true")))
(list (string-append "GTK_UPDATE_ICON_CACHE=" true)))))
(inputs
`(("gtk+" ,gtk+)
("gtk+-2" ,gtk+-2)
@ -1714,7 +1736,7 @@ passwords in the GNOME keyring.")
(define-public vala
(package
(name "vala")
(version "0.32.0")
(version "0.32.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -1722,7 +1744,7 @@ passwords in the GNOME keyring.")
name "-" version ".tar.xz"))
(sha256
(base32
"0vpvq403vdd25irvgk7zibz3nw4x4i17m0dgnns8j1q4vr7am8h7"))))
"1ab1l44abf9fj1wznzq5956431ia136rl5049cggnk5393jlf3fx"))))
(build-system gnu-build-system)
(arguments
'(#:phases
@ -1756,7 +1778,7 @@ libraries written in C.")
(define-public vte
(package
(name "vte")
(version "0.44.1")
(version "0.44.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -1764,7 +1786,7 @@ libraries written in C.")
name "-" version ".tar.xz"))
(sha256
(base32
"0kjxzqcwqxky0l7bl8ydn9hl6fm1f0k2pl91wbbhyq4z6d4dabbi"))))
"0j899ccrkzh7208w29c835m1yms0cas5cxkck8x6l4xv2i45ksm1"))))
(build-system gnu-build-system)
(arguments
;; XXX: fails to compile tests with the default flags.
@ -1930,7 +1952,7 @@ configuration storage systems.")
(define-public json-glib
(package
(name "json-glib")
(version "1.2.0")
(version "1.2.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -1938,7 +1960,7 @@ configuration storage systems.")
name "-" version ".tar.xz"))
(sha256
(base32
"1lx7p1c7cl21byvfgw92n8dhm09vi6qxrs0zkx9dg3y096zdzmlr"))
"08d6449sgnwfh92x8rhwsm03g8frv0mvp3s4wl3cskw25asql4pa"))
(modules '((guix build utils)))
(snippet
;; Don't duplicate test names.
@ -2037,7 +2059,7 @@ library.")
(define-public glib-networking
(package
(name "glib-networking")
(version "2.48.1")
(version "2.48.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/glib-networking/"
@ -2045,7 +2067,7 @@ library.")
name "-" version ".tar.xz"))
(sha256
(base32
"0jm4pr91kbq7rcyll08840zkagb9vfhhm2ymyrd1q0b0k2mj76fg"))
"111spcar6wbp6m0rdxzjscc7vfqx5nawscrfbxlvbf5jsr4hqp4j"))
(patches
(search-patches "glib-networking-ssl-cert-file.patch"))))
(build-system gnu-build-system)
@ -2237,7 +2259,7 @@ and other secrets. It communicates with the \"Secret Service\" using DBus.")
(define-public gnome-mines
(package
(name "gnome-mines")
(version "3.20.0")
(version "3.20.1")
(source
(origin
(method url-fetch)
@ -2246,7 +2268,7 @@ and other secrets. It communicates with the \"Secret Service\" using DBus.")
name "-" version ".tar.xz"))
(sha256
(base32
"19khp4ckqbdgk6828gprxy52fsg8klf957dnwsin75nskk8whxbp"))))
"0frb1r0f55giz7yqxl9920vvzqlirdivz54ygc9d85r8v63fh5aq"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:phases
@ -2274,7 +2296,7 @@ floating in an ocean using only your brain and a little bit of luck.")
(define-public gnome-sudoku
(package
(name "gnome-sudoku")
(version "3.20.0")
(version "3.20.5")
(source
(origin
(method url-fetch)
@ -2283,7 +2305,7 @@ floating in an ocean using only your brain and a little bit of luck.")
name "-" version ".tar.xz"))
(sha256
(base32
"1n8hp3pl56p9s0c5kldk11zg1vg7ykhgn3ndp8nf375h1q49ldh8"))))
"166bbv5k50v7pjp3wbl2rmxcmv1adwr14hxg5rw2ws8kams8151k"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
@ -2309,7 +2331,7 @@ more fun.")
(define-public gnome-terminal
(package
(name "gnome-terminal")
(version "3.20.1")
(version "3.20.2")
(source
(origin
(method url-fetch)
@ -2318,7 +2340,7 @@ more fun.")
name "-" version ".tar.xz"))
(sha256
(base32
"1508nm35znlfq9v1s2j4ypx5x608yq391c565b4hazxk2f5z9dwq"))))
"08ssch8h1y85wyhddkyr7ab4v8dnsn17z4ayyc5ff78gfdh30f7m"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:configure-flags
@ -2560,7 +2582,7 @@ service via the system message bus.")
(define-public libgweather
(package
(name "libgweather")
(version "3.20.0")
(version "3.20.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -2568,7 +2590,7 @@ service via the system message bus.")
name "-" version ".tar.xz"))
(sha256
(base32
"1mmqg7wf0bhk450akyj0x71x75kh1v7j68isyivr75ydky79nqjj"))))
"02vcnlchcq3hxsm75x2szzkszg1yp1rg164p1b23vnzm9svcaszv"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
@ -2577,13 +2599,18 @@ service via the system message bus.")
"/share/zoneinfo"))
#:phases
(modify-phases %standard-phases
(add-before
'check 'pre-check
(add-before 'check 'pre-check
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "data/check-timezones.sh"
(("/usr/share/zoneinfo/zone.tab")
(string-append (assoc-ref inputs "tzdata")
"/share/zoneinfo/zone.tab")))
;; 'Asia/Rangoon' was renamed in tzdata-2016:
;; <https://github.com/eggert/tz/commit/4368251ebf11310a4aadccd1910daeac9080c501>.
(substitute* "data/Locations.xml"
(("Asia/Rangoon")
"Asia/Yangon"))
#t)))))
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-mkenums
@ -2701,7 +2728,7 @@ playlists in a variety of formats.")
(define-public aisleriot
(package
(name "aisleriot")
(version "3.20.1")
(version "3.20.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -2709,7 +2736,7 @@ playlists in a variety of formats.")
name "-" version ".tar.xz"))
(sha256
(base32
"1nipky336jj81mhm8wwxp96zilgcrarihf95dnyj3r1pw8kpg7gy"))))
"0vhpi7bzm4gbraky1d3ma26rbwnylcqdakav82j67bpqd7f6n0v2"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:configure-flags
@ -3048,7 +3075,7 @@ GNOME Games, but it may be used by others.")
(define-public gnome-klotski
(package
(name "gnome-klotski")
(version "3.20.1")
(version "3.20.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -3056,7 +3083,7 @@ GNOME Games, but it may be used by others.")
name "-" version ".tar.xz"))
(sha256
(base32
"1130v6sk9h74b3xgv0bq43anaw7xs9x8vdab3q7p9db6w0px02wj"))))
"14w40a1gjlg4l1vhcy0qcf3scmwm2v3vhxnxj269pfqlv8s7alaw"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("desktop-file-utils" ,desktop-file-utils)
@ -3352,7 +3379,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.")
(define-public eog
(package
(name "eog")
(version "3.20.1")
(version "3.20.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -3360,7 +3387,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.")
name "-" version ".tar.xz"))
(sha256
(base32
"0ll3vz1kyjagiqmrpypk1a4nwjhrjsapiz45bxblsjxjy641j0jg"))))
"1qsv3brhi8l8fr22nd3d0fwq5xhwspqw0bammhkkq3ga0z6791wn"))))
(build-system glib-or-gtk-build-system)
(arguments
`(#:phases
@ -3547,7 +3574,7 @@ USB transfers with your high-level application or system daemon.")
("gusb" ,gusb)
("libsane" ,sane-backends)))
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("itstool" ,itstool)
("colord" ,colord)
("glib" ,glib "bin") ; glib-compile-schemas, etc.
@ -3856,7 +3883,8 @@ metadata in photo and video files of various formats.")
(native-inputs
`(("pkg-config" ,pkg-config)
("itstool" ,itstool)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("gtk+" ,gtk+ "bin") ; gtk-update-icon-cache
("itstool" ,itstool)
("vala" ,vala)))
(inputs
@ -3896,6 +3924,15 @@ share them with others via social networking and more.")
(base32
"1sa46vjx78d670m6bikpibgz39a5zb6ri8yjmj632lmxqvj2sp3b"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:phases
(modify-phases %standard-phases
(add-before 'install 'skip-gtk-update-icon-cache
(lambda _
;; Don't create 'icon-theme.cache'
(substitute* (find-files "data" "^Makefile$")
(("gtk-update-icon-cache") (which "true")))
#t)))))
(native-inputs
`(("intltool" ,intltool)
("pkg-config" ,pkg-config)))
@ -4051,7 +4088,7 @@ javascript engine and the GObject introspection framework.")
(define-public gedit
(package
(name "gedit")
(version "3.20.1")
(version "3.20.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -4059,7 +4096,7 @@ javascript engine and the GObject introspection framework.")
name "-" version ".tar.xz"))
(sha256
(base32
"1i0x1jd9x1vpv8lwdlzwf0ml8jxh3b3l6nlg6pbnfjw47w3y6iws"))))
"1y330hanqfld3kssf77wfphah2qpfg17pa109spsbm50f5m2g89j"))))
(build-system glib-or-gtk-build-system)
(arguments
`(#:configure-flags '("--disable-spell") ; XXX: gspell not packaged yet
@ -4122,7 +4159,7 @@ powerful general purpose text editor.")
"0j2sy6imwp41l75hy3fwr68n35drvanbwgmr42kc04zqjy9pbs02"))))
(build-system gnu-build-system)
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("itstool" ,itstool)
("pkg-config" ,pkg-config)))
(inputs
@ -4138,7 +4175,7 @@ to display dialog boxes from the commandline and shell scripts.")
(define-public mutter
(package
(name "mutter")
(version "3.20.1")
(version "3.20.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -4146,7 +4183,7 @@ to display dialog boxes from the commandline and shell scripts.")
name "-" version ".tar.xz"))
(sha256
(base32
"0752vkkmaaay8ziczqrf7z3735bq3brx2djw36arqsdhwawh6jba"))))
"05pr78vgq52bkkqpbfnp9mxw14ij2wk91l2yfa69dpjbvxqm4b0l"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
@ -4188,7 +4225,7 @@ window manager.")
(define-public gnome-online-accounts
(package
(name "gnome-online-accounts")
(version "3.20.1")
(version "3.20.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -4196,7 +4233,7 @@ window manager.")
name "-" version ".tar.xz"))
(sha256
(base32
"14qcih1g136sn2aklzagv83jl82d3qc598rkdm8zac9gw70ynyn3"))))
"0ip0q539bik3wqwl867rjc63w2d5rjyvbqzwczkard70yd6c0kq9"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
@ -4226,7 +4263,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
(define-public evolution-data-server
(package
(name "evolution-data-server")
(version "3.20.1")
(version "3.20.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -4234,7 +4271,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
name "-" version ".tar.xz"))
(sha256
(base32
"0lsbhzacr2bs90z8sx44vf403r0h2yqsy4l2svrh5hjnassgdyqx"))))
"0zmybf63y0d5zn48q3xjgkh2p2c3ka9xvzd6labp96bd6b6qc58d"))))
(build-system gnu-build-system)
(arguments
'(;; XXX: fails with:
@ -4290,7 +4327,7 @@ Evolution (hence the name), but is now used by other packages as well.")
(define-public caribou
(package
(name "caribou")
(version "0.4.20")
(version "0.4.21")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -4298,7 +4335,7 @@ Evolution (hence the name), but is now used by other packages as well.")
name "-" version ".tar.xz"))
(sha256
(base32
"1nahpfs5ap9f9wsvn93kg8isqffk60v785f1q6k64awcd7an8ris"))))
"0mfychh1q3dx0b96pjz9a9y112bm9yqyim40yykzxx1hppsdjhww"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:phases
@ -4355,7 +4392,7 @@ users.")
(define-public network-manager
(package
(name "network-manager")
(version "1.2.0")
(version "1.4.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/NetworkManager/"
@ -4363,7 +4400,7 @@ users.")
"NetworkManager-" version ".tar.xz"))
(sha256
(base32
"101axwk3bc1pm9m98vwrnxyjna6w0qgzaskgivldq69xz8qcyiz9"))))
"016jc21mwjxvnfiblp5lji55sr8aq6w8a08fsjmqvnpnvm3y6r58"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ; 8 MiB of gtk-doc HTML
@ -4447,7 +4484,8 @@ devices and connections, attempting to keep active network connectivity when
available. It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE
devices, and provides VPN integration with a variety of different VPN
services.")
(license license:gpl2+)))
(license license:gpl2+)
(properties '((upstream-name . "NetworkManager")))))
(define-public mobile-broadband-provider-info
(package
@ -4473,7 +4511,7 @@ services.")
(define-public network-manager-applet
(package
(name "network-manager-applet")
(version "1.2.0")
(version "1.4.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -4481,9 +4519,12 @@ services.")
name "-" version ".tar.xz"))
(sha256
(base32
"0dhvk3dvy6djn6blpkv46dn6yfh28wsh6mpl0v53qxfip97j8kwk"))))
"16a43sl9aijmvxbb08hbjqyjnlshj8dckycbgi9nm333fr47n6s3"))))
(build-system glib-or-gtk-build-system)
(arguments '(#:configure-flags '("--disable-migration")))
;; TODO: WWAN support supposedly requires an update of glibmm which in turn
;; requires an update of the its dependencies (glib and others).
(arguments '(#:configure-flags '("--disable-migration"
"--without-wwan")))
(native-inputs
`(("intltool" ,intltool)
("gobject-introspection" ,gobject-introspection)
@ -4497,7 +4538,8 @@ services.")
`(("iso-codes" ,iso-codes)
("libgudev" ,libgudev)
("libnotify" ,libnotify)
("libsecret" ,libsecret)))
("libsecret" ,libsecret)
("jansson" ,jansson))) ;for team support
(synopsis "Applet for managing network connections")
(home-page "http://www.gnome.org/projects/NetworkManager/")
(description
@ -4609,7 +4651,7 @@ providing graphical log-ins and managing local and remote displays.")
(define-public libgtop
(package
(name "libgtop")
(version "2.34.0")
(version "2.34.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -4617,7 +4659,7 @@ providing graphical log-ins and managing local and remote displays.")
name "-" version ".tar.xz"))
(sha256
(base32
"0apfnh9k6vmbdm8ms5wxyhagrrl8r88fv48k7q5qq70df2gf72ld"))))
"1qh9srg8pqmrsl12mwnclncs7agmjjvx3q6v5qwqvcb2cskpi6f8"))))
(build-system gnu-build-system)
(native-inputs
`(("gobject-introspection" ,gobject-introspection)
@ -4636,7 +4678,7 @@ usage and information about running processes.")
(define-public gnome-bluetooth
(package
(name "gnome-bluetooth")
(version "3.18.3")
(version "3.20.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -4644,7 +4686,7 @@ usage and information about running processes.")
name "-" version ".tar.xz"))
(sha256
(base32
"1qwc9q7x22sc71zhqv4db78rqzxl6fqfw6d978ydqap54c2bg0g4"))))
"0lzbwk2kn7kp39sv5bf4ja92mfkxkc27gxxk8k86i8a8ncbcmcwk"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("glib:bin" ,glib "bin") ; for gdbus-codegen, etc.
@ -4739,7 +4781,7 @@ properties, screen resolution, and other GNOME parameters.")
(define-public gnome-shell
(package
(name "gnome-shell")
(version "3.20.1")
(version "3.20.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -4747,7 +4789,7 @@ properties, screen resolution, and other GNOME parameters.")
name "-" version ".tar.xz"))
(sha256
(base32
"08cgbr15cim3rgcngrv98rm48pkdxwj4nqx5za1lsnv376m4x5bs"))))
"0kd9y847pw9v3zl0g52ly7xdcjz0b9v37aqmi19iddfkxjjyn4qc"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:phases
@ -4821,7 +4863,7 @@ like switching to windows and launching applications.")
(define-public gtk-vnc
(package
(name "gtk-vnc")
(version "0.5.4")
(version "0.6.0")
(source
(origin
(method url-fetch)
@ -4830,7 +4872,7 @@ like switching to windows and launching applications.")
name "-" version ".tar.xz"))
(sha256
(base32
"1rwwdh7lb16xdmy76ca6mpqfc3zfl3a4bkcr0qb6hs6ffrxak2j8"))))
"0cq42dghjp4bhsxlj9hd2nz5s5rhd53fx7snmq6i6kg60n438ncm"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--with-gtk=3.0")))
@ -4859,7 +4901,7 @@ as SASL, TLS and VeNCrypt. Additionally it supports encoding extensions.")
(define-public nautilus
(package
(name "nautilus")
(version "3.20.1")
(version "3.20.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -4867,7 +4909,7 @@ as SASL, TLS and VeNCrypt. Additionally it supports encoding extensions.")
name "-" version ".tar.xz"))
(sha256
(base32
"1s41bsihacs7cywm60vqgv46m22gmga4b0bwxnki4r02jjwhgagj"))))
"1bnalv0ljdjzqzvh3rfyg7r4z8vdbq1gdard5q68riqdi2dnfvld"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:configure-flags
@ -4995,7 +5037,7 @@ beautifying border effects.")
(define-public dconf-editor
(package
(name "dconf-editor")
(version "3.20.1")
(version "3.20.3")
(source
(origin
(method url-fetch)
@ -5004,8 +5046,17 @@ beautifying border effects.")
name "-" version ".tar.xz"))
(sha256
(base32
"0pfpmvpv57a01nsd1fah3np33avihm5ic43fi6b60dyw6c5z953p"))))
"0yf553bd9l030shhs0jkl5gvkzkfxbxxm56xv0l0nmbplaci8wm8"))))
(build-system glib-or-gtk-build-system)
(arguments
'(#:phases
(modify-phases %standard-phases
(add-before 'install 'skip-gtk-update-icon-cache
(lambda _
;; Don't create 'icon-theme.cache'.
(substitute* "editor/Makefile"
(("gtk-update-icon-cache") "true"))
#t)))))
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-compile-schemas, gio-2.0.
("intltool" ,intltool)
@ -5519,7 +5570,7 @@ handling the startup notification side.")
(define-public gnome-calculator
(package
(name "gnome-calculator")
(version "3.20.2")
(version "3.22.2")
(source
(origin
(method url-fetch)
@ -5528,7 +5579,7 @@ handling the startup notification side.")
name "-" version ".tar.xz"))
(sha256
(base32
"1yx86kyd54y3k3b6rmdazvmpxzl0zn791zr1q87zjc5228mc3w9a"))))
"03il7xl4yr6xbzj6x1lbl16yzlb166c9h9wny1w7mj9dccnz99wr"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-compile-schemas, gio-2.0.

View File

@ -54,7 +54,7 @@
(define-public libgpg-error
(package
(name "libgpg-error")
(version "1.22")
(version "1.24")
(source
(origin
(method url-fetch)
@ -62,7 +62,7 @@
version ".tar.bz2"))
(sha256
(base32
"0ywxwswizmkyciy480kzczxn6nhbgzf3z8my4nk43nvv67k4x87j"))))
"0h75sf1ngr750c3fjfn4583q7wz40qm63jhg8vjfdrbx936f2s4j"))))
(build-system gnu-build-system)
(home-page "https://gnupg.org")
(synopsis "Library of error values for GnuPG components")
@ -78,15 +78,14 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
(replacement libgcrypt-1.7.3)
(version "1.7.0")
(version "1.7.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
"14pspxwrqcgfklw3dgmywbxqwdzcym7fznfrqh9rk4vl8jkpxrmh"))))
"0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error-host" ,libgpg-error)))
@ -112,22 +111,9 @@ generation.")
(properties '((ftp-server . "ftp.gnupg.org")
(ftp-directory . "/gcrypt/libgcrypt")))))
(define libgcrypt-1.7.3
(package
(inherit libgcrypt)
(version "1.7.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
"0wbh6fq5zi9wg2xcfvfpwh7dv52jihivx1vm4h91c2kx0w8n3b6x"))))))
(define-public libgcrypt-1.5
(package (inherit libgcrypt)
(replacement libgcrypt-1.5.6)
(version "1.5.4")
(version "1.5.6")
(source
(origin
(method url-fetch)
@ -135,20 +121,7 @@ generation.")
version ".tar.bz2"))
(sha256
(base32
"0czvqxkzd5y872ipy6s010ifwdwv29sqbnqc4pf56sd486gqvy6m"))))))
(define libgcrypt-1.5.6
(package
(inherit libgcrypt-1.5)
(source
(let ((version "1.5.6"))
(origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
"0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))))
"0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))
(define-public libassuan
(package
@ -240,15 +213,14 @@ compatible to GNU Pth.")
(define-public gnupg
(package
(name "gnupg")
(version "2.1.13")
(version "2.1.15")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/gnupg/gnupg-" version
".tar.bz2"))
(patches (search-patches "gnupg-fix-expired-test.patch"))
(sha256
(base32
"0xcn46vcb5x5qx0bc803vpzhzhnn6wfhp7x71w9n1ahx4ak877ag"))))
"1pgz02gd84ab94w4xdg67p9z8kvkyr9d523bvcxxd2hviwh1m362"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@ -279,6 +251,18 @@ compatible to GNU Pth.")
(("\"(libpcsclite\\.so[^\"]*)\"" _ name)
(string-append "\"" (assoc-ref inputs "pcsc-lite")
"/lib/" name "\"")))
#t))
(add-after 'build 'patch-scheme-tests
(lambda _
(substitute* (find-files "tests" ".\\.scm$")
(("/usr/bin/env gpgscm")
(string-append (getcwd) "/tests/gpgscm/gpgscm")))))
(add-before 'check 'set-home
;; Some tests require write access to $HOME, otherwise leading to
;; 'failed to create directory /homeless-shelter/.asy' error.
;; TODO Try removing this phase for GnuPG 2.1.16.
(lambda _
(setenv "HOME" "/tmp")
#t)))))
(home-page "https://gnupg.org/")
(synopsis "GNU Privacy Guard")

View File

@ -318,6 +318,7 @@ standards.")
"1hk5lwaqm8nkfm43sq521mzyrx0x3iiwvlcy62m7cq7grz9wixp6"))
(patches
`(,(search-patch "icecat-avoid-bundled-libraries.patch")
,(search-patch "icecat-binutils.patch")
,(mozilla-patch "icecat-CVE-2016-5250.patch" "6711ccb0184e" "1p0s91rw1j7ib6hy9gh5p0l33rja32rfgygh29jw4wq1hxfql8rk")
,(mozilla-patch "icecat-CVE-2016-5257-pt1.patch" "b08f28db372e" "0fmifimavawbff700rzjibsnr16am6902gp965scvi1iy78754ia")
,(mozilla-patch "icecat-CVE-2016-5257-pt2.patch" "a49fd7eb57ba" "1dyh0pjdmf64sjbj1x0mdjwfispacx9yny1kx9nzpf85myryr640")
@ -432,21 +433,7 @@ standards.")
("mit-krb5" ,mit-krb5)
("nspr" ,nspr)
("nss" ,nss)
;; XXX Work around the fact that our 'sqlite' package was not built
;; with -DSQLITE_ENABLE_DBSTAT_VTAB.
("sqlite" ,(package
(inherit sqlite)
(arguments
`(#:configure-flags
;; Add -DSQLITE_SECURE_DELETE, -DSQLITE_ENABLE_UNLOCK_NOTIFY and
;; -DSQLITE_ENABLE_DBSTAT_VTAB to CFLAGS. GNU Icecat will refuse
;; to use the system SQLite unless these options are enabled.
(list (string-append "CFLAGS=-O2 -DSQLITE_SECURE_DELETE "
"-DSQLITE_ENABLE_UNLOCK_NOTIFY "
"-DSQLITE_ENABLE_DBSTAT_VTAB"))))))
;;("sqlite" ,sqlite)
("sqlite" ,sqlite)
("startup-notification" ,startup-notification)
("unzip" ,unzip)
("yasm" ,yasm)

View File

@ -4,6 +4,7 @@
;;; Copyright © 2016 Andy Wingo <wingo@igalia.com>
;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Petter <petter@mykolab.ch>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is an addendum GNU Guix.
;;;
@ -113,6 +114,13 @@
("net/dial_test.go" "(.+)(TestDialTimeout.+)")
("os/os_test.go" "(.+)(TestHostname.+)")
("time/format_test.go" "(.+)(TestParseInSydney.+)")
;; Tzdata 2016g changed the name of the time zone used in this
;; test, and the patch for Go 1.7 does not work for 1.4.3:
;; https://github.com/golang/go/issues/17545
;; https://github.com/golang/go/issues/17276
("time/time_test.go" "(.+)(TestLoadFixed.+)")
("os/exec/exec_test.go" "(.+)(TestEcho.+)")
("os/exec/exec_test.go" "(.+)(TestCommandRelativeName.+)")
("os/exec/exec_test.go" "(.+)(TestCatStdin.+)")
@ -139,7 +147,9 @@
(setenv "GOOS" "linux")
(setenv "GOROOT" (dirname (getcwd)))
(setenv "GOROOT_FINAL" output)
(setenv "CGO_ENABLED" "1")
;; Go 1.4's cgo will not work with binutils >= 2.27:
;; https://github.com/golang/go/issues/16906
(setenv "CGO_ENABLED" "0")
(zero? (system* "sh" "all.bash")))))
(replace 'install
@ -272,7 +282,18 @@ sequential processes (CSP) concurrent programming features added.")
("os/exec/exec_test.go" "(.+)(TestExtraFilesRace.+)")
("net/lookup_test.go" "(.+)(TestLookupPort.+)")
("syscall/exec_linux_test.go"
"(.+)(TestCloneNEWUSERAndRemapNoRootDisableSetgroups.+)")))
"(.+)(TestCloneNEWUSERAndRemapNoRootDisableSetgroups.+)")
;; This test broke when tzdata updated to 2016g:
;; https://github.com/golang/go/issues/17276
;; Applying the upstream patch causes the failure of another
;; test, because that test requires upstream's mtimes to be
;; preserved, but applying the patch and re-packing the
;; tarball causes mtimes to be set to Unix epoch.
;; https://github.com/golang/go/issues/17535
;; TODO Try re-enabling this test for Go > 1.7.3.
("time/time_test.go" "(.+)(TestLoadFixed.+)")))
(substitute* "../misc/cgo/testsanitizers/test.bash"
(("(CC=)cc" all var) (string-append var "gcc")))
@ -306,6 +327,18 @@ sequential processes (CSP) concurrent programming features added.")
(setenv "GOGC" "400")
(setenv "GO_TEST_TIMEOUT_SCALE" "9999")
#t)))
(replace 'build
(lambda* (#:key inputs outputs #:allow-other-keys)
;; FIXME: Some of the .a files are not bit-reproducible.
(let* ((output (assoc-ref outputs "out")))
(setenv "CC" (which "gcc"))
(setenv "GOOS" "linux")
(setenv "GOROOT" (dirname (getcwd)))
(setenv "GOROOT_FINAL" output)
(setenv "CGO_ENABLED" "1")
(zero? (system* "sh" "all.bash")))))
(replace 'install
;; TODO: Most of this could be factorized with Go 1.4.
(lambda* (#:key outputs #:allow-other-keys)

View File

@ -66,14 +66,14 @@
(define-public blender
(package
(name "blender")
(version "2.76b")
(version "2.78a")
(source (origin
(method url-fetch)
(uri (string-append "http://download.blender.org/source/"
"blender-" version ".tar.gz"))
(sha256
(base32
"0pb0mlj4vj0iir528ifqq67nsh3ca1942933d9cwlbpcja2jm1dx"))))
"1byf1klrvm8fdw2libx7wldz2i6lblp9nih6y58ydh00paqi8jh1"))))
(build-system cmake-build-system)
(arguments
`(;; Test files are very large and not included in the release tarball.

View File

@ -128,8 +128,8 @@
#t)))))
(inputs
`(;; ("lvm2" ,lvm2)
("gettext" ,gettext-minimal)
("mdadm" ,mdadm)
("gettext" ,gnu-gettext)
("freetype" ,freetype)
;; ("libusb" ,libusb)
;; ("fuse" ,fuse)

View File

@ -357,7 +357,7 @@ printing and other features typical of a source code editor.")
(define-public gtksourceview
(package
(name "gtksourceview")
(version "3.20.2")
(version "3.20.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -365,7 +365,7 @@ printing and other features typical of a source code editor.")
name "-" version ".tar.xz"))
(sha256
(base32
"03vxirdbjpgjrkl5ph0p9b1saq17xxr4kvhz1ijpg40a9jf3ci4y"))))
"009xag7df07ngav2wzs0rdrrx4s2m6ahx93pxzc2p1pkbz4nl3ks"))))
(build-system gnu-build-system)
(arguments
'(#:phases
@ -486,7 +486,7 @@ in the GNOME project.")
(define-public at-spi2-core
(package
(name "at-spi2-core")
(version "2.20.1")
(version "2.20.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -494,7 +494,7 @@ in the GNOME project.")
name "-" version ".tar.xz"))
(sha256
(base32
"0039y6bj1zfzhmfjbj5g830dlczphbpvbgmkcab9mapmh7kmin3f"))))
"0hx12snd9as4cq99ka3bn056xdf13f87pd1ilp6177qk8ffxx948"))))
(build-system gnu-build-system)
(outputs '("out" "doc"))
(arguments
@ -594,7 +594,7 @@ is part of the GNOME accessibility project.")
("libxrandr" ,libxrandr)))
(native-inputs
`(("perl" ,perl)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("glib" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
("pkg-config" ,pkg-config)
@ -629,7 +629,7 @@ application suites.")
(define-public gtk+
(package (inherit gtk+-2)
(name "gtk+")
(version "3.20.3")
(version "3.20.9")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -637,9 +637,10 @@ application suites.")
name "-" version ".tar.xz"))
(sha256
(base32
"157nh9gg0p2avw765hrnkvr8lsh2w811397yxgjv6q5j4fzz6d1q"))
"05xcwvy68p7f4hdhi4bgdm3aycvqqr4pr5kkkr8ba91l5yx0k9l3"))
(patches (search-patches "gtk3-respect-GUIX_GTK3_PATH.patch"
"gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch"))))
(outputs '("out" "bin" "doc"))
(propagated-inputs
`(("at-spi2-atk" ,at-spi2-atk)
("atk" ,atk)
@ -662,7 +663,7 @@ application suites.")
(native-inputs
`(("perl" ,perl)
("glib" ,glib "bin")
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)
("gobject-introspection" ,gobject-introspection)
("python-wrapper" ,python-wrapper)
@ -684,7 +685,16 @@ application suites.")
(substitute* "testsuite/Makefile.in"
(("SUBDIRS = gdk gtk a11y css reftests")
"SUBDIRS = gdk"))
#t)))))
#t))
(add-after 'install 'move-desktop-files
;; Move desktop files into 'bin' to avoid cycle references.
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))
(bin (assoc-ref outputs "bin")))
(mkdir-p (string-append bin "/share"))
(rename-file (string-append out "/share/applications")
(string-append bin "/share/applications"))
#t))))))
(native-search-paths
(list (search-path-specification
(variable "GUIX_GTK3_PATH")
@ -928,7 +938,7 @@ library.")
(define-public pangomm
(package
(name "pangomm")
(version "2.40.0")
(version "2.40.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -936,7 +946,7 @@ library.")
name "-" version ".tar.xz"))
(sha256
(base32
"03fpqdjp7plybf4zsgszbm8yhgl28vmajzfpmaqcsmyfvjlszl3x"))))
"1bz3gciff23bpw9bqc4v2l3lkq9w7394v3a4jxkvx0ap5lmfwqlp"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)))
(propagated-inputs
@ -1177,7 +1187,7 @@ write GNOME applications.")
(base32
"03wsxj27hvcbs3x96nah7j3paclifwlfag8kdph4kldl48srp9pb"))))
(native-inputs `(("pkg-config" ,pkg-config)
("gettext" ,gnu-gettext)))
("gettext" ,gettext-minimal)))
(inputs `(("gtk+" ,gtk+)
("check" ,check)))
(arguments
@ -1241,7 +1251,7 @@ information.")
`(("pkg-config" ,pkg-config)
("itstool" ,itstool)
("libxml" ,libxml2)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("bc" ,bc)))
(inputs
`(("perl" ,perl)

View File

@ -133,15 +133,15 @@ without requiring the source code to be rewritten.")
(define-public guile-2.0
(package
(name "guile")
(version "2.0.11")
(version "2.0.12")
(replacement guile-2.0.13) ;CVE-2016-8606 and CVE-2016-8605
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/guile/guile-" version
".tar.xz"))
(sha256
(base32
"1qh3j7308qvsjgwf7h94yqgckpbgz2k3yqdkzsyhqcafvfka9l5f"))
(patches (search-patches "guile-arm-fixes.patch"))))
"1sdpjq0jf1h65w29q0zprj4x6kdp5jskkvbnlwphy9lvdxrqg0fy"))))
(build-system gnu-build-system)
(native-inputs `(("pkgconfig" ,pkg-config)))
(inputs `(("libffi" ,libffi)
@ -186,7 +186,7 @@ without requiring the source code to be rewritten.")
(files '("share/guile/site/2.0")))
(search-path-specification
(variable "GUILE_LOAD_COMPILED_PATH")
(files '("lib/guile/2.0/ccache"
(files '("lib/guile/2.0/site-ccache"
"share/guile/site/2.0")))))
(synopsis "Scheme implementation intended especially for extensions")
@ -202,12 +202,28 @@ without requiring the source code to be rewritten.")
(define-public guile-2.0/fixed
;; A package of Guile 2.0 that's rarely changed. It is the one used
;; in the `base' module, and thus changing it entails a full rebuild.
guile-2.0)
(package
(inherit guile-2.0)
(properties '((hidden? . #t))) ;people should install 'guile-2.0'
(replacement #f)))
(define guile-2.0.13
(package
(inherit guile-2.0)
(version "2.0.13")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/guile/guile-" version
".tar.xz"))
(sha256
(base32
"12yqkr974y91ylgw6jnmci2v90i90s7h9vxa4zk0sai8vjnz4i1p"))))))
(define-public guile-next
(package (inherit guile-2.0)
(name "guile-next")
(version "2.1.4")
(replacement #f)
(source (origin
(method url-fetch)
(uri (string-append "ftp://alpha.gnu.org/gnu/guile/guile-"
@ -281,7 +297,7 @@ applicable."
("libtool" ,libtool)
("flex" ,flex)
("texinfo" ,texinfo)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
,@(package-native-inputs guile-next)))
;; Same as in guile-2.0
(native-search-paths
@ -496,23 +512,33 @@ format is also supported.")
(define-public guile-lib
(package
(name "guile-lib")
(version "0.2.2")
(version "0.2.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://savannah/guile-lib/guile-lib-"
version ".tar.gz"))
(sha256
(base32
"1f9n2b5b5r75lzjinyk6zp6g20g60msa0jpfrk5hhg4j8cy0ih4b"))))
"0pwdd52vakni1fabaiav8v0ad7xp3bx8x3brijbr1mpgamm9dxqc"))))
(build-system gnu-build-system)
(arguments
'(#:phases (alist-cons-before
'configure 'patch-module-dir
'(#:phases (modify-phases %standard-phases
(add-before 'configure 'patch-module-dir
(lambda _
(substitute* "src/Makefile.in"
(("^moddir[[:blank:]]*=[[:blank:]]*([[:graph:]]+)" _ rhs)
(string-append "moddir = " rhs "/2.0\n"))))
%standard-phases)))
(("^moddir = ([[:graph:]]+)")
"moddir = $(datadir)/guile/site/@GUILE_EFFECTIVE_VERSION@\n")
(("^godir = ([[:graph:]]+)")
"godir = \
$(libdir)/guile/@GUILE_EFFECTIVE_VERSION@/site-ccache\n"))
#t))
(replace 'check
(lambda _
;; Work around a harmless test failure involving
;; two-spaces-after-period rendering.
(zero? (system* "make" "check" ;"-C" "unit-tests"
"XFAIL_TESTS=texinfo.serialize.scm")))))))
(native-inputs `(("pkg-config" ,pkg-config)))
(inputs `(("guile" ,guile-2.0)))
(home-page "http://www.nongnu.org/guile-lib/")
(synopsis "Collection of useful Guile Scheme modules")

View File

@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -39,7 +40,7 @@
(sha256 (base32
"0q8s43z14vxm41pfa8s5h9kyyzk1fkwjhkiwbf2x70alm6rv6qi1"))))
(build-system gnu-build-system)
(propagated-inputs `(("ghostscript" ,ghostscript-gs/x)))
(propagated-inputs `(("ghostscript" ,ghostscript/x)))
(inputs `(("libx11" ,libx11)
("libxaw3d" ,libxaw3d)
("libxinerama" ,libxinerama)

View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 John Darrington <jmd@gnu.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -37,6 +38,15 @@
(sha256
(base32 "01ggvvp0nyn8xczh93icifnji468wsjgqzd1f1bixwsqziaicknv"))))
(build-system gnu-build-system)
(arguments
'(#:phases
(modify-phases %standard-phases
(add-before 'install 'skip-gtk-update-icon-cache
;; Don't create 'icon-theme.cache'.
(lambda _
(substitute* "Makefile"
(("gtk-update-icon-cache") "true"))
#t)))))
(inputs
`(("gtk+" ,gtk+)))
(native-inputs

View File

@ -267,7 +267,7 @@ Chinese pinyin input methods.")
'("ibus-engine-anthy" "ibus-setup-anthy"))
#t))))))
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("intltool" ,intltool)
("pkg-config" ,pkg-config)
("python" ,python)))

View File

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -48,8 +48,10 @@
(arguments
`(#:configure-flags
'("--enable-rpath"
,@(if (string-prefix? "arm" (or (%current-target-system)
(%current-system)))
,@(if (let ((s (or (%current-target-system)
(%current-system))))
(or (string-prefix? "arm" s)
(string-prefix? "mips" s)))
'("--with-data-packaging=archive")
'()))
#:phases

View File

@ -59,18 +59,18 @@
(define-public libpng
(package
(name "libpng")
(version "1.5.26")
(version "1.6.25")
(source (origin
(method url-fetch)
;; Note: upstream removes older tarballs.
(uri (list (string-append "mirror://sourceforge/libpng/libpng15/"
(uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
version "/libpng-" version ".tar.xz")
(string-append
"ftp://ftp.simplesystems.org/pub/libpng/png/src"
"/libpng15/libpng-" version ".tar.xz")))
(sha256
(base32 "0kbissyd7d4ahwdpm968nnzl7q15p6hadg44i9x0vrkrzdgdi93v"))))
(base32 "04c8inn745hw25wz2dc5vll5n5d2gsndj01i4srwzgz8861qvzh9"))))
(build-system gnu-build-system)
;; libpng.la says "-lz", so propagate it.
@ -102,13 +102,13 @@ library. It supports almost all PNG features and is extensible.")
(define-public libjpeg
(package
(name "libjpeg")
(version "9a")
(version "9b")
(source (origin
(method url-fetch)
(uri (string-append "http://www.ijg.org/files/jpegsrc.v"
version ".tar.gz"))
(sha256 (base32
"19q5zr4n60sjcvfbyv06n4pcl1mai3ipvnd2akflayciinj3wx9s"))))
"0lnhpahgdwlrkd41lx6cr90r199f8mc6ydlh7jznj5klvacd63r4"))))
(build-system gnu-build-system)
(synopsis "Library for handling JPEG files")
(description
@ -254,7 +254,14 @@ extracting icontainer icon files.")
(patches (search-patches
"libtiff-oob-accesses-in-decode.patch"
"libtiff-oob-write-in-nextdecode.patch"
"libtiff-CVE-2015-8665+CVE-2015-8683.patch"))))
"libtiff-CVE-2015-8665+CVE-2015-8683.patch"
"libtiff-CVE-2016-3623.patch"
"libtiff-CVE-2016-3945.patch"
"libtiff-CVE-2016-3990.patch"
"libtiff-CVE-2016-3991.patch"
"libtiff-CVE-2016-5314.patch"
"libtiff-CVE-2016-5321.patch"
"libtiff-CVE-2016-5323.patch"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.3 MiB of HTML documentation

View File

@ -157,7 +157,7 @@ SILC and ICB protocols via plugins.")
("libtool" ,libtool)))
(inputs `(("ncurses" ,ncurses)
("diffutils" ,diffutils)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("libltdl" ,libltdl)
("libgcrypt" ,libgcrypt "out")
("zlib" ,zlib)

View File

@ -40,7 +40,7 @@
"037hmfs5pk3g36psm378vap1mbrkk86vv8wsdnv65mzbnph52gv0"))))
(build-system gnu-build-system)
(inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("perl" ,perl)
("python" ,python-wrapper)))
(home-page "https://pkg-isocodes.alioth.debian.org/")

View File

@ -609,7 +609,7 @@ interfaces in the areas of colors, fonts, text, images, keyboard input.")
"0a66z325bvdv7g6ysml2bf8559nkjhv2fxwj1ja6vsxkn95d54ff"))))
(build-system cmake-build-system)
(propagated-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("python" ,python)))
(native-inputs
`(("extra-cmake-modules" ,extra-cmake-modules)))

View File

@ -199,7 +199,7 @@ generator library for C++.")
("cmake" ,cmake)
("doxygen" ,doxygen)
("gawk" ,gawk)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("icedtea" ,icedtea) ; needed at build-time only, mandatory
("libtool" ,libtool)
("pkg-config" ,pkg-config)

View File

@ -27,14 +27,14 @@
(define-public libidn
(package
(name "libidn")
(replacement libidn-1.33)
(version "1.32")
(version "1.33")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/libidn/libidn-" version
".tar.gz"))
(sha256 (base32
"1xf4hphhahcjm2xwx147lfpsavjwv9l4c2gf6hx71zxywbz5lpds"))))
(sha256
(base32
"068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4"))))
(build-system gnu-build-system)
;; FIXME: No Java and C# libraries are currently built.
(synopsis "Internationalized string processing library")
@ -48,19 +48,6 @@ Java libraries.")
(license (list gpl2+ gpl3+ lgpl3+ fdl1.3+))
(home-page "http://www.gnu.org/software/libidn/")))
(define libidn-1.33
(package
(inherit libidn)
(source
(let ((version "1.33"))
(origin
(method url-fetch)
(uri (string-append "mirror://gnu/libidn/libidn-" version
".tar.gz"))
(sha256
(base32
"068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4")))))))
(define-public libidn2
(package
(name "libidn2")

View File

@ -21,6 +21,7 @@
#:use-module (guix download)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (gnu packages)
#:use-module (gnu packages bison)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
@ -41,6 +42,7 @@
(uri (string-append
"https://github.com/OpenLightingProject/ola/releases/download/"
version "/ola-" version ".tar.gz"))
(patches (search-patches "ola-readdir-r.patch"))
(sha256
(base32
"09zx1c8nkj29shfdzkahrh9397m3mwnsy0gj7jrb63f89f3n2vlq"))))

View File

@ -16,6 +16,7 @@
;;; Copyright © 2016 David Craven <david@craven.ch>
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -114,17 +115,36 @@
version "-gnu.tar.xz")))
(define-public linux-libre-headers
(let* ((version "4.1.18")
(build-phase
(lambda (arch)
`(lambda _
(setenv "ARCH" ,(system->linux-architecture arch))
(package
(name "linux-libre-headers")
(version "4.4.18")
(source (origin
(method url-fetch)
(uri (linux-libre-urls version))
(sha256
(base32
"0k8k17in7dkjd9d8zg3i8l1ax466dba6bxw28flxizzyq8znljps"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
(srfi srfi-1))
#:phases
(modify-phases %standard-phases
(delete 'configure)
(replace 'build
(lambda _
(let ((arch ,(system->linux-architecture
(or (%current-target-system)
(%current-system)))))
(setenv "ARCH" arch)
(format #t "`ARCH' set to `~a'~%" (getenv "ARCH"))
(and (zero? (system* "make" "defconfig"))
(zero? (system* "make" "mrproper" "headers_check"))))))
(install-phase
`(lambda* (#:key outputs #:allow-other-keys)
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(and (zero? (system* "make"
(string-append "INSTALL_HDR_PATH=" out)
@ -144,33 +164,12 @@
(for-each delete-file (find-files out "\\.install"))
#t))))))
(package
(name "linux-libre-headers")
(version version)
(source (origin
(method url-fetch)
(uri (linux-libre-urls version))
(sha256
(base32
"1bddh2rg645lavhjkk9z75vflba5y0g73z2fjwgbfrj5jb44x9i7"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
(srfi srfi-1))
#:phases (alist-replace
'build ,(build-phase (or (%current-target-system)
(%current-system)))
(alist-replace
'install ,install-phase
(alist-delete 'configure %standard-phases)))
#:allowed-references ()
#:tests? #f))
(home-page "http://www.gnu.org/software/linux-libre")
(synopsis "GNU Linux-Libre kernel headers")
(description "Headers of the Linux-Libre kernel.")
(license license:gpl2)
(home-page "http://www.gnu.org/software/linux-libre/"))))
(license license:gpl2)))
(define %boot-logo-patch
;; Linux-Libre boot logo featuring Freedo and a gnu.
@ -364,17 +363,18 @@ It has been modified to remove all non-free binary blobs.")
(define-public linux-pam
(package
(name "linux-pam")
(version "1.2.1")
(version "1.3.0")
(source
(origin
(method url-fetch)
(uri (list (string-append "http://www.linux-pam.org/library/Linux-PAM-"
version ".tar.bz2")
(string-append "mirror://kernel.org/linux/libs/pam/library/Linux-PAM-"
version ".tar.bz2")))
(uri (string-append
"http://www.linux-pam.org/library/"
"Linux-PAM-" version ".tar.bz2"))
(sha256
(base32
"1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))))
"1fyi04d5nsh8ivd0rn2y0z83ylgc0licz7kifbb6xxi2ylgfs6i4"))
(patches (search-patches "linux-pam-no-setfsuid.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("flex" ,flex)
@ -402,6 +402,21 @@ be used through the PAM API to perform tasks, like authenticating a user
at login. Local and dynamic reconfiguration are its key features.")
(license license:bsd-3)))
(define-public linux-pam-1.2
(package
(inherit linux-pam)
(version "1.2.1")
(source
(origin
(method url-fetch)
(uri (string-append
"http://www.linux-pam.org/library/"
"Linux-PAM-" version ".tar.bz2"))
(sha256
(base32
"1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))
(patches (search-patches "linux-pam-no-setfsuid.patch"))))))
;;;
;;; Miscellaneous.
@ -433,7 +448,7 @@ providing the system administrator with some help in common tasks.")
(define-public util-linux
(package
(name "util-linux")
(version "2.27")
(version "2.28.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/utils/"
@ -441,7 +456,7 @@ providing the system administrator with some help in common tasks.")
name "-" version ".tar.xz"))
(sha256
(base32
"1ivdx1bhjbakf77agm9dn3wyxia1wgz9lzxgd61zqxw3xzih9gzw"))
"03xnaw3c7pavxvvh1vnimcr44hlhhf25whawiyv8dxsflfj4xkiy"))
(patches (search-patches "util-linux-tests.patch"))
(modules '((guix build utils)))
(snippet
@ -516,16 +531,14 @@ block devices, UUIDs, TTYs, and many other tools.")
(define-public procps
(package
(name "procps")
(version "3.3.11")
(version "3.3.12")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/procps-ng/Production/"
"procps-ng-" version ".tar.xz"))
(sha256
(base32
"1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9"))
(patches
(list (search-patch "procps-non-linux.patch")))))
"1m57w6jmry84njd5sgk5afycbglql0al80grx027kwqqcfw5mmkf"))))
(build-system gnu-build-system)
(arguments
'(#:modules ((guix build utils)
@ -534,6 +547,15 @@ block devices, UUIDs, TTYs, and many other tools.")
(srfi srfi-26))
#:phases
(modify-phases %standard-phases
(add-before 'check 'disable-strtod-test
(lambda _
;; Disable the 'strtod' test, which fails on 32-bit systems.
;; This is what upstream does:
;; <https://gitlab.com/procps-ng/procps/commit/100afbc1491be388f1429021ff65d969f4b1e08f>.
(substitute* "Makefile"
(("^(TESTS|check_PROGRAMS) = .*$" all)
(string-append "# " all "\n")))
#t))
(add-after
'install 'post-install
;; Remove commands and man pages redudant with
@ -860,7 +882,7 @@ MIDI functionality to the Linux-based operating system.")
("ncurses" ,ncurses)
("alsa-lib" ,alsa-lib)
("xmlto" ,xmlto)
("gettext" ,gnu-gettext)))
("gettext" ,gettext-minimal)))
(home-page "http://www.alsa-project.org/")
(synopsis "Utilities for the Advanced Linux Sound Architecture (ALSA)")
(description
@ -1051,7 +1073,7 @@ manpages.")
(sha256
(base32
"0p93lsqx23v5fv4hpbrydmfvw1ha2rgqpn2zqbs2jhxkzhjc030p"))))))
(native-inputs `(("gettext" ,gnu-gettext)))
(native-inputs `(("gettext" ,gettext-minimal)))
(synopsis "Tools for controlling the network subsystem in Linux")
(description
@ -1612,7 +1634,7 @@ from the module-init-tools project.")
;; The post-systemd fork, maintained by Gentoo.
(package
(name "eudev")
(version "3.1.5")
(version "3.2")
(source (origin
(method url-fetch)
(uri (string-append
@ -1620,7 +1642,7 @@ from the module-init-tools project.")
version ".tar.gz"))
(sha256
(base32
"0akg9gcc3c2p56xbhlvbybqavcprly5q0bvk655zwl6d62j8an7p"))
"099w62ncq78nxpxizf910mx18hc8x4qvzw3azjd00fir89wmyjnq"))
(patches (search-patches "eudev-rules-directory.patch"))))
(build-system gnu-build-system)
(native-inputs
@ -2507,7 +2529,7 @@ Bluetooth audio output devices like headphones or loudspeakers.")
#t))))))
(native-inputs
`(("pkg-config" ,pkg-config)
("gettext" ,gnu-gettext)))
("gettext" ,gettext-minimal)))
(inputs
`(("glib" ,glib)
("dbus" ,dbus)
@ -2847,7 +2869,7 @@ from that to the system kernel's @file{/dev/random} machinery.")
"DEBUG=false"
"PACKAGE_BUGREPORT=bug-guix@gnu.org"))
#:tests? #f)) ;no tests
(native-inputs `(("gettext" ,gnu-gettext)))
(native-inputs `(("gettext" ,gettext-minimal)))
(inputs `(("pciutils" ,pciutils)))
(home-page (package-home-page linux-libre))
(synopsis "CPU frequency and voltage scaling tools for Linux")

View File

@ -88,8 +88,7 @@
(build-system gnu-build-system) ; actually, just a makefile
(outputs '("out" "doc"))
(native-inputs
`(("ghostscript" ,ghostscript)
("ghostscript-gs" ,ghostscript-gs)))
`(("ghostscript" ,ghostscript)))
(arguments `(#:modules ((guix build utils)
(guix build gnu-build-system)
(srfi srfi-1)) ; we need SRFI-1

View File

@ -113,9 +113,6 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(current-source-location)
#:native-inputs native-inputs))
(define %bash-static
(static-package bash-minimal))
(define %static-inputs
;; Packages that are to be used as %BOOTSTRAP-INPUTS.
(let ((coreutils (package (inherit coreutils)
@ -183,7 +180,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(("-Wl,-export-dynamic") "")))
,phases)))))
(inputs (if (%current-target-system)
`(("bash" ,%bash-static))
`(("bash" ,static-bash))
'()))))
(tar (package (inherit tar)
(arguments
@ -210,7 +207,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
("sed" ,sed)
("grep" ,grep)
("gawk" ,gawk)))
("bash" ,%bash-static))))
("bash" ,static-bash))))
(define %static-binaries
(package
@ -525,6 +522,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(patches patches)))
(guile (package (inherit guile-2.0)
(name (string-append (package-name guile-2.0) "-static"))
(replacement #f)
(source source)
(synopsis "Statically-linked and relocatable Guile")

View File

@ -189,7 +189,7 @@ Linux kernel and C library interfaces employed by user-space programs.")
`(("perl" ,perl)
;; TODO: Add these optional dependencies.
;; ("perl-LocaleGettext" ,perl-LocaleGettext)
;; ("gettext" ,gnu-gettext)
;; ("gettext" ,gettext-minimal)
))
(home-page "http://www.gnu.org/software/help2man/")
(synopsis "Automatically generate man pages from program --help")

View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016 Fabian Harfert <fhmgufs@web.de>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -36,7 +37,7 @@
(define-public mate-icon-theme
(package
(name "mate-icon-theme")
(version "1.12.0")
(version "1.16.0")
(source (origin
(method url-fetch)
(uri (string-append "http://pub.mate-desktop.org/releases/"
@ -44,7 +45,7 @@
name "-" version ".tar.xz"))
(sha256
(base32
"0d91rvl9rw3xl8hmdcbb6xvi880kfmh2ra5chhrjimrjqgl57qkp"))))
"1zldw22p1i76iss8car39pmfagpfxxlfk1fdhvr4x5r6gf36gv7d"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
@ -60,23 +61,22 @@
(define-public mate-themes
(package
(name "mate-themes")
(version "1.12.2")
(version (package-version gtk+))
(source (origin
(method url-fetch)
(uri (string-append "http://pub.mate-desktop.org/releases/"
(version-major+minor version) "/"
name "-gtk"
(uri (string-append "http://pub.mate-desktop.org/releases/themes/"
(version-major+minor (package-version gtk+))
"-" version ".tar.xz"))
"/mate-themes-" (package-version gtk+)
".tar.xz"))
(sha256
(base32
"0kyrlgs5azzj60gnxx2n9qszcligxn959wr42wr0iqnrpiygk5nf"))))
"12p6xvqs8smbk9nivi43089fiw1jbb3g9836arr0sksmmziklnvy"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)))
(inputs
`(("gtk+" ,gtk+-2)
`(("gtk+" ,gtk+)
("gdk-pixbuf" ,gdk-pixbuf)
("gtk-engines" ,gtk-engines)
("murrine" ,murrine)))
@ -85,14 +85,15 @@
"Official themes for the MATE desktop")
(description
"This package includes the standard themes for the MATE desktop, for
example Menta, TraditionalOk, GreenLaguna or BlackMate.")
example Menta, TraditionalOk, GreenLaguna or BlackMate. This package has
themes for both gtk+-2 and gtk+-3.")
(license (list license:lgpl2.1+ license:cc-by-sa3.0 license:gpl3+
license:gpl2+))))
(define-public mate-desktop
(package
(name "mate-desktop")
(version "1.12.1")
(version "1.16.1")
(source (origin
(method url-fetch)
(uri (string-append "http://pub.mate-desktop.org/releases/"
@ -100,8 +101,11 @@ example Menta, TraditionalOk, GreenLaguna or BlackMate.")
name "-" version ".tar.xz"))
(sha256
(base32
"00ssrzm07xyrjra075jhir1f8iy382lla7923fhic29lap26mffr"))))
"1pzncfgrzp2mp9407ivk1113hkadpf110blr058h31jkwsk8syjq"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--with-gtk=3.0"
"--enable-mpaste")))
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)
@ -110,11 +114,12 @@ example Menta, TraditionalOk, GreenLaguna or BlackMate.")
("yelp-tools" ,yelp-tools)))
;;("gtk-doc" ,gtk-doc))) ; add back in when gtk-doc builds
(inputs
`(("libxrandr" ,libxrandr)))
(propagated-inputs
`(("dconf" ,dconf)
("gtk+" ,gtk+-2)
`(("gtk+" ,gtk+)
("libxrandr" ,libxrandr)
("python2" ,python-2)
("startup-notification" ,startup-notification)))
(propagated-inputs
`(("dconf" ,dconf))) ; mate-desktop-2.0.pc
(home-page "http://mate-desktop.org/")
(synopsis "Library with common API for various MATE modules")
(description
@ -125,7 +130,7 @@ desktop and the mate-about program.")
(define-public libmateweather
(package
(name "libmateweather")
(version "1.12.1")
(version "1.16.1")
(source (origin
(method url-fetch)
(uri (string-append "http://pub.mate-desktop.org/releases/"
@ -133,11 +138,12 @@ desktop and the mate-about program.")
name "-" version ".tar.xz"))
(sha256
(base32
"0qrq6z6knybixnxmsvkw58hm033m91inf523mbvzgv2r822fpakl"))))
"0w1b8b1ckmkbvwnqi9yh2lwbskzhz99s5yxdkar5xiqylnjrwmm3"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
`(,(string-append "--with-zoneinfo-dir="
`("--with-gtk=3.0"
,(string-append "--with-zoneinfo-dir="
(assoc-ref %build-inputs "tzdata")
"/share/zoneinfo"))
#:phases
@ -156,23 +162,24 @@ desktop and the mate-about program.")
("glib:bin" ,glib "bin")))
(inputs
`(("dconf" ,dconf)
("gdk-pixbuf" ,gdk-pixbuf)
("gtk+" ,gtk+)
("tzdata" ,tzdata)))
(propagated-inputs
`(("gtk+" ,gtk+-2)
("gdk-pixbuf" ,gdk-pixbuf)
("libxml2" ,libxml2)
("libsoup" ,libsoup)))
;; both of these are requires.private in mateweather.pc
`(("libsoup" ,libsoup)
("libxml2" ,libxml2)))
(home-page "http://mate-desktop.org/")
(synopsis "MATE library for weather information from the Internet")
(description
"This library provides acess to weather information from the internet for
"This library provides access to weather information from the internet for
the MATE desktop environment.")
(license license:lgpl2.1+)))
(define-public mate-menus
(package
(name "mate-menus")
(version "1.12.0")
(version "1.16.0")
(source (origin
(method url-fetch)
(uri (string-append "http://pub.mate-desktop.org/releases/"
@ -180,7 +187,7 @@ the MATE desktop environment.")
name "-" version ".tar.xz"))
(sha256
(base32
"1i4m3fj0vd85zyhqhm8x9yr0h5i08aa4l99zqvbk59ncj6z3bdxh"))))
"0crw07iszwsqk54y8znfqdgfz76rjdz8992v4q9kpwwlrl11xmc5"))))
(build-system gnu-build-system)
(arguments
`(#:phases
@ -193,15 +200,15 @@ the MATE desktop environment.")
(("`\\$PKG_CONFIG --variable=girdir gobject-introspection-1.0`")
(string-append "\"" out "/share/gir-1.0/\""))
(("\\$\\(\\$PKG_CONFIG --variable=typelibdir gobject-introspection-1.0\\)")
(string-append out "/lib/girepository-1.0/")))))))))
(string-append out "/lib/girepository-1.0/")))
#t))))))
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)
("gobject-introspection" ,gobject-introspection)))
(inputs
`(("python" ,python-2)))
(propagated-inputs
`(("glib" ,glib)))
`(("glib" ,glib)
("python" ,python-2)))
(home-page "http://mate-desktop.org/")
(synopsis "Freedesktop menu specification implementation for MATE")
(description

View File

@ -2057,7 +2057,7 @@ parts of it.")
(define-public openblas
(package
(name "openblas")
(version "0.2.15")
(version "0.2.19")
(source
(origin
(method url-fetch)
@ -2066,7 +2066,7 @@ parts of it.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1k5f6vjlk54qlplk5m7xkbaw6g2y7dl50lwwdv6xsbcsgsbxfcpy"))))
"071zqnmnxhh0c9phzyn3f198yxa0hjxda7016azdbq2056sm70w7"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ;no "check" target
@ -2627,7 +2627,7 @@ evaluates expressions using the standard order of operations.")
(base32
"15cd1cx1dyygw6g2nhjqq3bsfdj8sj8m4va9n75i0f3ryww3x7wq"))))
(build-system gnu-build-system)
(native-inputs `(("gettext" ,gnu-gettext)))
(native-inputs `(("gettext" ,gettext-minimal)))
(inputs `(("libx11" ,libx11)
("zlib" ,zlib)
("libpng" ,libpng)

View File

@ -2,6 +2,7 @@
;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -31,8 +32,7 @@
(define-public mit-krb5
(package
(name "mit-krb5")
(replacement mit-krb5-1.14.3)
(version "1.14.2")
(version "1.14.3")
(source (origin
(method url-fetch)
(uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
@ -40,7 +40,7 @@
"/krb5-" version ".tar.gz"))
(sha256
(base32
"09wbv969ak4fqlqr1ip5bi62fny1zlp1vwjarvj6a6cdfzkdgjkb"))))
"1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind"))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
@ -84,17 +84,3 @@ cryptography.")
(license (non-copyleft "file://NOTICE"
"See NOTICE in the distribution."))
(home-page "http://web.mit.edu/kerberos/")))
(define mit-krb5-1.14.3
(package
(inherit mit-krb5)
(source
(let ((version "1.14.3"))
(origin
(method url-fetch)
(uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
(version-major+minor version)
"/krb5-" version ".tar.gz"))
(sha256
(base32
"1jgjiyh1sp72lkxvk437lz5hzcibvw99jc4ihzfz03fg43aj0ind")))))))

View File

@ -44,7 +44,7 @@
"0jibyvyv2jy8dq5ij0j00iq3v74r0y90dcjc3dkspcfbnn37cphn"))))
(build-system gnu-build-system)
(native-inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("glib" ,glib)
("libxslt" ,libxslt)
("perl" ,perl)

View File

@ -445,7 +445,7 @@ format.")
(install-file "mpc123" bin)))))
#:tests? #f))
(native-inputs
`(("gettext" ,gnu-gettext)))
`(("gettext" ,gettext-minimal)))
(inputs
`(("libao" ,ao)
("libmpcdec" ,libmpcdec)))

View File

@ -31,7 +31,7 @@
(define-public gmp
(package
(name "gmp")
(version "6.1.0")
(version "6.1.1")
(source (origin
(method url-fetch)
(uri
@ -39,7 +39,7 @@
version ".tar.xz"))
(sha256
(base32
"12b9s4jn48gbar6dbs5qrlmljdmnq43xy3ji9yjzic0mwp6dmnk8"))
"0cg84n482gcvl0s4xq4wgwsk4r0x0m8dnzpizwqdd2j8vw2rqvnk"))
(patches (search-patches "gmp-faulty-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("m4" ,m4)))

View File

@ -493,7 +493,7 @@ for path in [path for path in sys.path if 'site-packages' in path]: site.addsite
("python2-pyliblo" ,python2-pyliblo)
("python2-pygtk" ,python2-pygtk)))
(native-inputs
`(("gettext" ,gnu-gettext)))
`(("gettext" ,gettext-minimal)))
(home-page "http://das.nasophon.de/gtklick/")
(synopsis "Simple metronome with an easy-to-use graphical interface")
(description
@ -555,7 +555,7 @@ interface. It is implemented as a frontend to @code{klick}.")
("font-tex-gyre" ,font-tex-gyre)
("fontconfig" ,fontconfig)
("freetype" ,freetype)
("ghostscript" ,ghostscript-gs)
("ghostscript" ,ghostscript)
("pango" ,pango)
("python" ,python-2)))
(native-inputs
@ -564,7 +564,7 @@ interface. It is implemented as a frontend to @code{klick}.")
("flex" ,flex)
("fontforge" ,fontforge)
("dblatex" ,dblatex)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("imagemagick" ,imagemagick)
("netpbm" ,netpbm) ;for pngtopnm
("texlive" ,texlive) ;metafont and metapost
@ -712,7 +712,7 @@ for path in [path for path in sys.path if 'site-packages' in path]: site.addsite
(inputs
`(("python" ,python-2)
("pygtk" ,python2-pygtk)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("gtk" ,gtk+)
("lilypond" ,lilypond)
;; players needed at runtime
@ -1029,7 +1029,7 @@ Laurens Hammond and Don Leslie.")
("flac" ,flac)
("alsa-lib" ,alsa-lib)
("libvorbis" ,libvorbis)
("gettext" ,gnu-gettext)))
("gettext" ,gettext-minimal)))
(native-inputs
`(("pkg-config" ,pkg-config)
("glib:bin" ,glib "bin")
@ -1222,7 +1222,7 @@ export.")
`(("autoconf" ,autoconf)
("automake" ,automake)
("libtool" ,libtool)
("gettext" ,gnu-gettext)
("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(inputs
`(("tk" ,tk)

View File

@ -40,7 +40,7 @@
"06715a39hmp2dl0qz0979cyv8brpb91z5hn94q224ymbsc876m41"))))
(build-system gnu-build-system)
(inputs
`(("gettext" ,gnu-gettext)
`(("gettext" ,gettext-minimal)
("ncurses" ,ncurses)))
(home-page "https://www.nano-editor.org/")
(synopsis "Small, user-friendly console text editor")

View File

@ -529,7 +529,7 @@ network frames.")
"1y7sbgkhgadmd93x1zafqc4yp26ssiv16ni5bbi9vmvvdl55m29y"))))
(build-system gnu-build-system)
(native-inputs
`(("gettext" ,gnu-gettext)))
`(("gettext" ,gettext-minimal)))
(inputs
`(("fftw" ,fftw)
("ncurses" ,ncurses)

View File

@ -5,6 +5,7 @@
;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -573,7 +574,6 @@ libpanel, librsvg and quartz.")
(native-inputs
`(("ocaml" ,ocaml)
;; For documentation
("ghostscript-gs" ,ghostscript-gs)
("ghostscript" ,ghostscript)
("texlive" ,texlive)
("hevea" ,hevea)

View File

@ -55,14 +55,11 @@
"0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))
(build-system gnu-build-system)
(inputs `(("bdb" ,bdb-5.3)
("openssl" ,openssl)
("cyrus-sasl" ,cyrus-sasl)
("gnutls" ,gnutls)
("groff" ,groff)
("icu4c" ,icu4c)
("libgcrypt" ,libgcrypt)
;; FIXME: currently, openldap requires openssl or gnutls<3, see
;; http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17
;; Once this is fixed, switch to gnutls.
("zlib" ,zlib)))
(native-inputs `(("libtool" ,libtool)))
(arguments

View File

@ -256,6 +256,7 @@ tested on Python version 3.2, 2.7 and 2.6.")
`(("python-pbr" ,python-pbr)))
(native-inputs
`(("python-discover" ,python-discover)
("python-docutils" ,python-docutils)
("python-fixtures" ,python-fixtures)
("python-mock" ,python-mock)
("python-sphinx" ,python-sphinx)

View File

@ -495,6 +495,13 @@ transactions from C or Python.")
(lambda _
(substitute* "setup.py"
(("'python-magic',") ""))))
;; The test suite assumes we have pytest >= 2.9.0.
;; https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841146
(add-after 'unpack 'disable-failing-test
(lambda _
(substitute* "tests/comparators/utils.py"
(("skip\\(reason\\=\\\"requires \\{\\}\\\"\\.format\\(tool\\)\\)")
"skipif(True, reason=\"Requires pytest >= 2.9\")"))))
(add-before 'build 'disable-egg-zipping
(lambda _
;; Leave the .egg file uncompressed.

View File

@ -1,6 +1,12 @@
This Binutils patch is from the ath9k-htc-firmware repository (version 1.3.2).
Not applying it (apparently) leads to miscompiled firmware, and loading it
fails with a "Target is unresponsive" message from the 'ath9k_htc' module.
These Binutils patches are from the ath9k-htc-firmware repository
(commit f6af791348b68ceadab375e4ed0f7bcda86cb3c0).
Not applying the first patch (apparently) leads to miscompiled firmware,
and loading it fails with a "Target is unresponsive" message from the
'ath9k_htc' module.
The final hunk, applied to 'gas/config/tc-xtensa.c', is copied from the
upstream file 'local/patches/binutils-2.27_fixup.patch'.
From dbca73446265ce01b8e11462c3346b25953e3399 Mon Sep 17 00:00:00 2001
From: Sujith Manoharan <c_manoha@qca.qualcomm.com>
@ -28873,16 +28879,6 @@ diff --git a/include/xtensa-config.h b/include/xtensa-config.h
index 30f4f41..fe9b051 100644
--- a/include/xtensa-config.h
+++ b/include/xtensa-config.h
@@ -1,7 +1,7 @@
/* Xtensa configuration settings.
- Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2010
+ Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007
Free Software Foundation, Inc.
- Contributed by Bob Wilson (bob.wilson@acm.org) at Tensilica.
+ Contributed by Bob Wilson (bwilson@tensilica.com) at Tensilica.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -44,10 +44,7 @@
#define XCHAL_HAVE_L32R 1
@ -28973,3 +28969,20 @@ index 30f4f41..fe9b051 100644
#define XCHAL_MAX_INSTRUCTION_SIZE 3
--
1.8.1
diff --git a/gas/config/tc-xtensa.c b/gas/config/tc-xtensa.c
index d062044..ca261ae 100644
--- a/gas/config/tc-xtensa.c
+++ b/gas/config/tc-xtensa.c
@@ -2228,7 +2228,7 @@ xg_reverse_shift_count (char **cnt_argp)
cnt_arg = *cnt_argp;
/* replace the argument with "31-(argument)" */
- new_arg = concat ("31-(", cnt_argp, ")", (char *) NULL);
+ new_arg = concat ("31-(", cnt_arg, ")", (char *) NULL);
free (cnt_arg);
*cnt_argp = new_arg;
--
2.10.1

View File

@ -0,0 +1,22 @@
Bash 4.2.0(1)-release, which we use during bootstrap, does not yield the
"x" case in:
case x"$EMULATION_NAME" in x) ;; *) ;; esac
when 'EMULATION_NAME' is undefined. Bash 4.3.30(1)-release doesn't have this
problem. Work around it.
This Bash bug was fixed
in <http://ftp.gnu.org/gnu/bash/bash-4.2-patches/bash42-007>.
--- a/ld/emulparams/elf32bmipn32-defs.sh
+++ b/ld/emulparams/elf32bmipn32-defs.sh
@@ -13,7 +13,7 @@ LITTLE_OUTPUT_FORMAT="elf32-littlemips"
TEMPLATE_NAME=elf32
EXTRA_EM_FILE=mipself
-case x"$EMULATION_NAME" in
+case "x$EMULATION_NAME" in
xelf32*n32*) ELFSIZE=32 ;;
xelf64*) ELFSIZE=64 ;;
x) ;;

View File

@ -1,6 +1,17 @@
--- cmake-3.2.2.orig/Tests/CMakeLists.txt 2015-04-14 01:09:00.000000000 +0800
+++ cmake-3.2.2/Tests/CMakeLists.txt 2015-04-28 15:02:34.913039742 +0800
@@ -342,10 +342,12 @@
From af0a62dadfb3db25880bc653e2e4c97435a604c9 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Mon, 29 Aug 2016 20:07:58 +0300
Subject: [PATCH] cmake-fix-tests
---
Tests/CMakeLists.txt | 83 ++++++++++++++++++++++++++++------------------------
1 file changed, 44 insertions(+), 39 deletions(-)
diff --git a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt
index f21e430..56014a2 100644
--- a/Tests/CMakeLists.txt
+++ b/Tests/CMakeLists.txt
@@ -416,10 +416,12 @@ if(BUILD_TESTING)
endif()
# run test for BundleUtilities on supported platforms/compilers
@ -17,7 +28,7 @@
if(NOT "${CMAKE_GENERATOR}" STREQUAL "Watcom WMake")
add_test(BundleUtilities ${CMAKE_CTEST_COMMAND}
@@ -2257,16 +2259,17 @@
@@ -2481,30 +2483,32 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
PASS_REGULAR_EXPRESSION "Could not find executable"
FAIL_REGULAR_EXPRESSION "SegFault")
@ -31,6 +42,20 @@
- )
- set_tests_properties(CTestTestUpload PROPERTIES
- PASS_REGULAR_EXPRESSION "Upload\\.xml")
-
- configure_file(
- "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in"
- "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake"
- @ONLY ESCAPE_QUOTES)
- add_test(CTestCoverageCollectGCOV ${CMAKE_CTEST_COMMAND}
- -C \${CTEST_CONFIGURATION_TYPE}
- -S "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -VV
- --output-log "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/testOut.log"
- )
- set_tests_properties(CTestCoverageCollectGCOV PROPERTIES
- PASS_REGULAR_EXPRESSION
- "PASSED with correct output.*Testing/CoverageInfo/main.cpp.gcov")
- set_property(TEST CTestCoverageCollectGCOV PROPERTY ENVIRONMENT CTEST_PARALLEL_LEVEL=)
+# This test requires network connectivity: skip it.
+# configure_file(
+# "${CMake_SOURCE_DIR}/Tests/CTestTestUpload/test.cmake.in"
@ -42,6 +67,54 @@
+# )
+# set_tests_properties(CTestTestUpload PROPERTIES
+# PASS_REGULAR_EXPRESSION "Upload\\.xml")
+
+# This test times out
+# configure_file(
+# "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in"
+# "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake"
+# @ONLY ESCAPE_QUOTES)
+# add_test(CTestCoverageCollectGCOV ${CMAKE_CTEST_COMMAND}
+# -C \${CTEST_CONFIGURATION_TYPE}
+# -S "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -VV
+# --output-log "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/testOut.log"
+# )
+# set_tests_properties(CTestCoverageCollectGCOV PROPERTIES
+# PASS_REGULAR_EXPRESSION
+# "PASSED with correct output.*Testing/CoverageInfo/main.cpp.gcov")
+# set_property(TEST CTestCoverageCollectGCOV PROPERTY ENVIRONMENT CTEST_PARALLEL_LEVEL=)
configure_file(
"${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in"
"${CMake_SOURCE_DIR}/Tests/CTestTestEmptyBinaryDirectory/test.cmake.in"
@@ -2860,17 +2864,18 @@ ${CMake_BINARY_DIR}/bin/cmake -DDIR=dev -P ${CMake_SOURCE_DIR}/Utilities/Release
set_tests_properties(CTestTestStopTime PROPERTIES
PASS_REGULAR_EXPRESSION "The stop time has been passed")
- configure_file(
- "${CMake_SOURCE_DIR}/Tests/CTestTestSubdir/test.cmake.in"
- "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake"
- @ONLY ESCAPE_QUOTES)
- add_test(CTestTestSubdir ${CMAKE_CTEST_COMMAND}
- -S "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -V
- --output-log "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/testOutput.log"
- )
- #make sure all 3 subdirs were added
- set_tests_properties(CTestTestSubdir PROPERTIES
- PASS_REGULAR_EXPRESSION "0 tests failed out of 3")
+# This test fails to build 2 of the 3 tests
+# configure_file(
+# "${CMake_SOURCE_DIR}/Tests/CTestTestSubdir/test.cmake.in"
+# "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake"
+# @ONLY ESCAPE_QUOTES)
+# add_test(CTestTestSubdir ${CMAKE_CTEST_COMMAND}
+# -S "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -V
+# --output-log "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/testOutput.log"
+# )
+# #make sure all 3 subdirs were added
+# set_tests_properties(CTestTestSubdir PROPERTIES
+# PASS_REGULAR_EXPRESSION "0 tests failed out of 3")
configure_file(
"${CMake_SOURCE_DIR}/Tests/CTestTestTimeout/test.cmake.in"
--
2.9.3

View File

@ -1,142 +0,0 @@
Fix CVE-2012-6702 and CVE-2016-5300.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300
Patch copied from:
https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u3/debian/patches/cve-2012-6702-plus-cve-2016-5300-v1.patch/
From cb31522769d11a375078a073cba94e7176cb48a4 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Wed, 16 Mar 2016 15:30:12 +0100
Subject: [PATCH] Resolve call to srand, use more entropy (patch version 1.0)
Squashed backport against vanilla Expat 2.1.1, addressing:
* CVE-2012-6702 -- unanticipated internal calls to srand
* CVE-2016-5300 -- use of too little entropy
Since commit e3e81a6d9f0885ea02d3979151c358f314bf3d6d
(released with Expat 2.1.0) Expat called srand by itself
from inside generate_hash_secret_salt for an instance
of XML_Parser if XML_SetHashSalt was either (a) not called
for that instance or if (b) salt 0 was passed to XML_SetHashSalt
prior to parsing. That call to srand passed (rather litle)
entropy extracted from the current time as a seed for srand.
That call to srand (1) broke repeatability for code calling
srand with a non-random seed prior to parsing with Expat,
and (2) resulted in a rather small set of hashing salts in
Expat in total.
For a short- to mid-term fix, the new approach avoids calling
srand altogether, extracts more entropy out of the clock and
other sources, too.
For a long term fix, we may want to read sizeof(long) bytes
from a source like getrandom(..) on Linux, and from similar
sources on other supported architectures.
https://bugzilla.redhat.com/show_bug.cgi?id=1197087
---
CMakeLists.txt | 3 +++
lib/xmlparse.c | 48 +++++++++++++++++++++++++++++++++++++++++-------
2 files changed, 44 insertions(+), 7 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 353627e..524d514 100755
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -41,6 +41,9 @@ include_directories(${CMAKE_BINARY_DIR} ${CMAKE_SOURCE_DIR}/lib)
if(MSVC)
add_definitions(-D_CRT_SECURE_NO_WARNINGS -wd4996)
endif(MSVC)
+if(WIN32)
+ add_definitions(-DCOMPILED_FROM_DSP)
+endif(WIN32)
set(expat_SRCS
lib/xmlparse.c
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index e308c79..c5f942f 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -6,7 +6,14 @@
#include <string.h> /* memset(), memcpy() */
#include <assert.h>
#include <limits.h> /* UINT_MAX */
-#include <time.h> /* time() */
+
+#ifdef COMPILED_FROM_DSP
+#define getpid GetCurrentProcessId
+#else
+#include <sys/time.h> /* gettimeofday() */
+#include <sys/types.h> /* getpid() */
+#include <unistd.h> /* getpid() */
+#endif
#define XML_BUILDING_EXPAT 1
@@ -432,7 +439,7 @@ static ELEMENT_TYPE *
getElementType(XML_Parser parser, const ENCODING *enc,
const char *ptr, const char *end);
-static unsigned long generate_hash_secret_salt(void);
+static unsigned long generate_hash_secret_salt(XML_Parser parser);
static XML_Bool startParsing(XML_Parser parser);
static XML_Parser
@@ -691,11 +698,38 @@ static const XML_Char implicitContext[] = {
};
static unsigned long
-generate_hash_secret_salt(void)
+gather_time_entropy(void)
{
- unsigned int seed = time(NULL) % UINT_MAX;
- srand(seed);
- return rand();
+#ifdef COMPILED_FROM_DSP
+ FILETIME ft;
+ GetSystemTimeAsFileTime(&ft); /* never fails */
+ return ft.dwHighDateTime ^ ft.dwLowDateTime;
+#else
+ struct timeval tv;
+ int gettimeofday_res;
+
+ gettimeofday_res = gettimeofday(&tv, NULL);
+ assert (gettimeofday_res == 0);
+
+ /* Microseconds time is <20 bits entropy */
+ return tv.tv_usec;
+#endif
+}
+
+static unsigned long
+generate_hash_secret_salt(XML_Parser parser)
+{
+ /* Process ID is 0 bits entropy if attacker has local access
+ * XML_Parser address is few bits of entropy if attacker has local access */
+ const unsigned long entropy =
+ gather_time_entropy() ^ getpid() ^ (unsigned long)parser;
+
+ /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */
+ if (sizeof(unsigned long) == 4) {
+ return entropy * 2147483647;
+ } else {
+ return entropy * 2305843009213693951;
+ }
}
static XML_Bool /* only valid for root parser */
@@ -703,7 +737,7 @@ startParsing(XML_Parser parser)
{
/* hash functions must be initialized before setContext() is called */
if (hash_secret_salt == 0)
- hash_secret_salt = generate_hash_secret_salt();
+ hash_secret_salt = generate_hash_secret_salt(parser);
if (ns) {
/* implicit context only set for root parser, since child
parsers (i.e. external entity parsers) will inherit it
--
2.8.2

View File

@ -1,39 +0,0 @@
Follow-up upstream fix for CVE-2015-1283 to not rely on undefined
behavior.
Adapted from a patch from Debian (found in Debian package version
2.1.0-6+deb8u2) to apply to upstream code:
https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/
---
lib/xmlparse.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index 0f6f4cd..5c70c17 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len)
}
if (len > bufferLim - bufferEnd) {
- int neededSize = len + (int)(bufferEnd - bufferPtr);
+ /* Do not invoke signed arithmetic overflow: */
+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
if (neededSize < 0) {
errorCode = XML_ERROR_NO_MEMORY;
return NULL;
@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len)
if (bufferSize == 0)
bufferSize = INIT_BUFFER_SIZE;
do {
- bufferSize *= 2;
+ /* Do not invoke signed arithmetic overflow: */
+ bufferSize = (int) (2U * (unsigned) bufferSize);
} while (bufferSize < neededSize && bufferSize > 0);
if (bufferSize <= 0) {
errorCode = XML_ERROR_NO_MEMORY;
--
2.8.3

View File

@ -1,761 +0,0 @@
Fix CVE-2016-0718.
Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2.
https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2016-0718-v2-2-1.patch/
From cdfcb1b5c95e93b00ae9e9d25708b4a3bee72c15 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 2 May 2016 00:02:44 +0200
Subject: [PATCH] Address CVE-2016-0718 (/patch/ version 2.2.1)
* Out of bounds memory access when doing text conversion on malformed input
* Integer overflow related to memory allocation
Reported by Gustavo Grieco
Patch credits go to
* Christian Heimes
* Karl Waclawek
* Gustavo Grieco
* Sebastian Pipping
* Pascal Cuoq
---
expat/lib/xmlparse.c | 34 +++++++++-----
expat/lib/xmltok.c | 115 +++++++++++++++++++++++++++++++++++-------------
expat/lib/xmltok.h | 10 ++++-
expat/lib/xmltok_impl.c | 62 +++++++++++++-------------
4 files changed, 146 insertions(+), 75 deletions(-)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index e308c79..13e080d 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -2436,11 +2436,11 @@ doContent(XML_Parser parser,
for (;;) {
int bufSize;
int convLen;
- XmlConvert(enc,
+ const enum XML_Convert_Result convert_res = XmlConvert(enc,
&fromPtr, rawNameEnd,
(ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
convLen = (int)(toPtr - (XML_Char *)tag->buf);
- if (fromPtr == rawNameEnd) {
+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
tag->name.strLen = convLen;
break;
}
@@ -2661,11 +2661,11 @@ doContent(XML_Parser parser,
if (MUST_CONVERT(enc, s)) {
for (;;) {
ICHAR *dataPtr = (ICHAR *)dataBuf;
- XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
*eventEndPP = s;
charDataHandler(handlerArg, dataBuf,
(int)(dataPtr - (ICHAR *)dataBuf));
- if (s == next)
+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
break;
*eventPP = s;
}
@@ -3269,11 +3269,11 @@ doCdataSection(XML_Parser parser,
if (MUST_CONVERT(enc, s)) {
for (;;) {
ICHAR *dataPtr = (ICHAR *)dataBuf;
- XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
*eventEndPP = next;
charDataHandler(handlerArg, dataBuf,
(int)(dataPtr - (ICHAR *)dataBuf));
- if (s == next)
+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
break;
*eventPP = s;
}
@@ -5350,6 +5350,7 @@ reportDefault(XML_Parser parser, const ENCODING *enc,
const char *s, const char *end)
{
if (MUST_CONVERT(enc, s)) {
+ enum XML_Convert_Result convert_res;
const char **eventPP;
const char **eventEndPP;
if (enc == encoding) {
@@ -5362,11 +5363,11 @@ reportDefault(XML_Parser parser, const ENCODING *enc,
}
do {
ICHAR *dataPtr = (ICHAR *)dataBuf;
- XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
+ convert_res = XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
*eventEndPP = s;
defaultHandler(handlerArg, dataBuf, (int)(dataPtr - (ICHAR *)dataBuf));
*eventPP = s;
- } while (s != end);
+ } while ((convert_res != XML_CONVERT_COMPLETED) && (convert_res != XML_CONVERT_INPUT_INCOMPLETE));
}
else
defaultHandler(handlerArg, (XML_Char *)s, (int)((XML_Char *)end - (XML_Char *)s));
@@ -6169,8 +6170,8 @@ poolAppend(STRING_POOL *pool, const ENCODING *enc,
if (!pool->ptr && !poolGrow(pool))
return NULL;
for (;;) {
- XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end);
- if (ptr == end)
+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end);
+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))
break;
if (!poolGrow(pool))
return NULL;
@@ -6254,8 +6255,13 @@ poolGrow(STRING_POOL *pool)
}
}
if (pool->blocks && pool->start == pool->blocks->s) {
- int blockSize = (int)(pool->end - pool->start)*2;
- BLOCK *temp = (BLOCK *)
+ BLOCK *temp;
+ int blockSize = (int)((unsigned)(pool->end - pool->start)*2U);
+
+ if (blockSize < 0)
+ return XML_FALSE;
+
+ temp = (BLOCK *)
pool->mem->realloc_fcn(pool->blocks,
(offsetof(BLOCK, s)
+ blockSize * sizeof(XML_Char)));
@@ -6270,6 +6276,10 @@ poolGrow(STRING_POOL *pool)
else {
BLOCK *tem;
int blockSize = (int)(pool->end - pool->start);
+
+ if (blockSize < 0)
+ return XML_FALSE;
+
if (blockSize < INIT_BLOCK_SIZE)
blockSize = INIT_BLOCK_SIZE;
else
diff --git a/lib/xmltok.c b/lib/xmltok.c
index bf09dfc..cb98ce1 100644
--- a/lib/xmltok.c
+++ b/lib/xmltok.c
@@ -318,39 +318,55 @@ enum { /* UTF8_cvalN is value of masked first byte of N byte sequence */
UTF8_cval4 = 0xf0
};
-static void PTRCALL
+static enum XML_Convert_Result PTRCALL
utf8_toUtf8(const ENCODING *enc,
const char **fromP, const char *fromLim,
char **toP, const char *toLim)
{
+ enum XML_Convert_Result res = XML_CONVERT_COMPLETED;
char *to;
const char *from;
if (fromLim - *fromP > toLim - *toP) {
/* Avoid copying partial characters. */
+ res = XML_CONVERT_OUTPUT_EXHAUSTED;
for (fromLim = *fromP + (toLim - *toP); fromLim > *fromP; fromLim--)
if (((unsigned char)fromLim[-1] & 0xc0) != 0x80)
break;
}
- for (to = *toP, from = *fromP; from != fromLim; from++, to++)
+ for (to = *toP, from = *fromP; (from < fromLim) && (to < toLim); from++, to++)
*to = *from;
*fromP = from;
*toP = to;
+
+ if ((to == toLim) && (from < fromLim))
+ return XML_CONVERT_OUTPUT_EXHAUSTED;
+ else
+ return res;
}
-static void PTRCALL
+static enum XML_Convert_Result PTRCALL
utf8_toUtf16(const ENCODING *enc,
const char **fromP, const char *fromLim,
unsigned short **toP, const unsigned short *toLim)
{
+ enum XML_Convert_Result res = XML_CONVERT_COMPLETED;
unsigned short *to = *toP;
const char *from = *fromP;
- while (from != fromLim && to != toLim) {
+ while (from < fromLim && to < toLim) {
switch (((struct normal_encoding *)enc)->type[(unsigned char)*from]) {
case BT_LEAD2:
+ if (fromLim - from < 2) {
+ res = XML_CONVERT_INPUT_INCOMPLETE;
+ break;
+ }
*to++ = (unsigned short)(((from[0] & 0x1f) << 6) | (from[1] & 0x3f));
from += 2;
break;
case BT_LEAD3:
+ if (fromLim - from < 3) {
+ res = XML_CONVERT_INPUT_INCOMPLETE;
+ break;
+ }
*to++ = (unsigned short)(((from[0] & 0xf) << 12)
| ((from[1] & 0x3f) << 6) | (from[2] & 0x3f));
from += 3;
@@ -358,8 +374,14 @@ utf8_toUtf16(const ENCODING *enc,
case BT_LEAD4:
{
unsigned long n;
- if (to + 1 == toLim)
+ if (toLim - to < 2) {
+ res = XML_CONVERT_OUTPUT_EXHAUSTED;
goto after;
+ }
+ if (fromLim - from < 4) {
+ res = XML_CONVERT_INPUT_INCOMPLETE;
+ goto after;
+ }
n = ((from[0] & 0x7) << 18) | ((from[1] & 0x3f) << 12)
| ((from[2] & 0x3f) << 6) | (from[3] & 0x3f);
n -= 0x10000;
@@ -377,6 +399,7 @@ utf8_toUtf16(const ENCODING *enc,
after:
*fromP = from;
*toP = to;
+ return res;
}
#ifdef XML_NS
@@ -425,7 +448,7 @@ static const struct normal_encoding internal_utf8_encoding = {
STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
};
-static void PTRCALL
+static enum XML_Convert_Result PTRCALL
latin1_toUtf8(const ENCODING *enc,
const char **fromP, const char *fromLim,
char **toP, const char *toLim)
@@ -433,30 +456,35 @@ latin1_toUtf8(const ENCODING *enc,
for (;;) {
unsigned char c;
if (*fromP == fromLim)
- break;
+ return XML_CONVERT_COMPLETED;
c = (unsigned char)**fromP;
if (c & 0x80) {
if (toLim - *toP < 2)
- break;
+ return XML_CONVERT_OUTPUT_EXHAUSTED;
*(*toP)++ = (char)((c >> 6) | UTF8_cval2);
*(*toP)++ = (char)((c & 0x3f) | 0x80);
(*fromP)++;
}
else {
if (*toP == toLim)
- break;
+ return XML_CONVERT_OUTPUT_EXHAUSTED;
*(*toP)++ = *(*fromP)++;
}
}
}
-static void PTRCALL
+static enum XML_Convert_Result PTRCALL
latin1_toUtf16(const ENCODING *enc,
const char **fromP, const char *fromLim,
unsigned short **toP, const unsigned short *toLim)
{
- while (*fromP != fromLim && *toP != toLim)
+ while (*fromP < fromLim && *toP < toLim)
*(*toP)++ = (unsigned char)*(*fromP)++;
+
+ if ((*toP == toLim) && (*fromP < fromLim))
+ return XML_CONVERT_OUTPUT_EXHAUSTED;
+ else
+ return XML_CONVERT_COMPLETED;
}
#ifdef XML_NS
@@ -483,13 +511,18 @@ static const struct normal_encoding latin1_encoding = {
STANDARD_VTABLE(sb_)
};
-static void PTRCALL
+static enum XML_Convert_Result PTRCALL
ascii_toUtf8(const ENCODING *enc,
const char **fromP, const char *fromLim,
char **toP, const char *toLim)
{
- while (*fromP != fromLim && *toP != toLim)
+ while (*fromP < fromLim && *toP < toLim)
*(*toP)++ = *(*fromP)++;
+
+ if ((*toP == toLim) && (*fromP < fromLim))
+ return XML_CONVERT_OUTPUT_EXHAUSTED;
+ else
+ return XML_CONVERT_COMPLETED;
}
#ifdef XML_NS
@@ -536,13 +569,14 @@ unicode_byte_type(char hi, char lo)
}
#define DEFINE_UTF16_TO_UTF8(E) \
-static void PTRCALL \
+static enum XML_Convert_Result PTRCALL \
E ## toUtf8(const ENCODING *enc, \
const char **fromP, const char *fromLim, \
char **toP, const char *toLim) \
{ \
- const char *from; \
- for (from = *fromP; from != fromLim; from += 2) { \
+ const char *from = *fromP; \
+ fromLim = from + (((fromLim - from) >> 1) << 1); /* shrink to even */ \
+ for (; from < fromLim; from += 2) { \
int plane; \
unsigned char lo2; \
unsigned char lo = GET_LO(from); \
@@ -552,7 +586,7 @@ E ## toUtf8(const ENCODING *enc, \
if (lo < 0x80) { \
if (*toP == toLim) { \
*fromP = from; \
- return; \
+ return XML_CONVERT_OUTPUT_EXHAUSTED; \
} \
*(*toP)++ = lo; \
break; \
@@ -562,7 +596,7 @@ E ## toUtf8(const ENCODING *enc, \
case 0x4: case 0x5: case 0x6: case 0x7: \
if (toLim - *toP < 2) { \
*fromP = from; \
- return; \
+ return XML_CONVERT_OUTPUT_EXHAUSTED; \
} \
*(*toP)++ = ((lo >> 6) | (hi << 2) | UTF8_cval2); \
*(*toP)++ = ((lo & 0x3f) | 0x80); \
@@ -570,7 +604,7 @@ E ## toUtf8(const ENCODING *enc, \
default: \
if (toLim - *toP < 3) { \
*fromP = from; \
- return; \
+ return XML_CONVERT_OUTPUT_EXHAUSTED; \
} \
/* 16 bits divided 4, 6, 6 amongst 3 bytes */ \
*(*toP)++ = ((hi >> 4) | UTF8_cval3); \
@@ -580,7 +614,11 @@ E ## toUtf8(const ENCODING *enc, \
case 0xD8: case 0xD9: case 0xDA: case 0xDB: \
if (toLim - *toP < 4) { \
*fromP = from; \
- return; \
+ return XML_CONVERT_OUTPUT_EXHAUSTED; \
+ } \
+ if (fromLim - from < 4) { \
+ *fromP = from; \
+ return XML_CONVERT_INPUT_INCOMPLETE; \
} \
plane = (((hi & 0x3) << 2) | ((lo >> 6) & 0x3)) + 1; \
*(*toP)++ = ((plane >> 2) | UTF8_cval4); \
@@ -596,20 +634,32 @@ E ## toUtf8(const ENCODING *enc, \
} \
} \
*fromP = from; \
+ if (from < fromLim) \
+ return XML_CONVERT_INPUT_INCOMPLETE; \
+ else \
+ return XML_CONVERT_COMPLETED; \
}
#define DEFINE_UTF16_TO_UTF16(E) \
-static void PTRCALL \
+static enum XML_Convert_Result PTRCALL \
E ## toUtf16(const ENCODING *enc, \
const char **fromP, const char *fromLim, \
unsigned short **toP, const unsigned short *toLim) \
{ \
+ enum XML_Convert_Result res = XML_CONVERT_COMPLETED; \
+ fromLim = *fromP + (((fromLim - *fromP) >> 1) << 1); /* shrink to even */ \
/* Avoid copying first half only of surrogate */ \
if (fromLim - *fromP > ((toLim - *toP) << 1) \
- && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) \
+ && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) { \
fromLim -= 2; \
- for (; *fromP != fromLim && *toP != toLim; *fromP += 2) \
+ res = XML_CONVERT_INPUT_INCOMPLETE; \
+ } \
+ for (; *fromP < fromLim && *toP < toLim; *fromP += 2) \
*(*toP)++ = (GET_HI(*fromP) << 8) | GET_LO(*fromP); \
+ if ((*toP == toLim) && (*fromP < fromLim)) \
+ return XML_CONVERT_OUTPUT_EXHAUSTED; \
+ else \
+ return res; \
}
#define SET2(ptr, ch) \
@@ -1288,7 +1338,7 @@ unknown_isInvalid(const ENCODING *enc, const char *p)
return (c & ~0xFFFF) || checkCharRefNumber(c) < 0;
}
-static void PTRCALL
+static enum XML_Convert_Result PTRCALL
unknown_toUtf8(const ENCODING *enc,
const char **fromP, const char *fromLim,
char **toP, const char *toLim)
@@ -1299,21 +1349,21 @@ unknown_toUtf8(const ENCODING *enc,
const char *utf8;
int n;
if (*fromP == fromLim)
- break;
+ return XML_CONVERT_COMPLETED;
utf8 = uenc->utf8[(unsigned char)**fromP];
n = *utf8++;
if (n == 0) {
int c = uenc->convert(uenc->userData, *fromP);
n = XmlUtf8Encode(c, buf);
if (n > toLim - *toP)
- break;
+ return XML_CONVERT_OUTPUT_EXHAUSTED;
utf8 = buf;
*fromP += (AS_NORMAL_ENCODING(enc)->type[(unsigned char)**fromP]
- (BT_LEAD2 - 2));
}
else {
if (n > toLim - *toP)
- break;
+ return XML_CONVERT_OUTPUT_EXHAUSTED;
(*fromP)++;
}
do {
@@ -1322,13 +1372,13 @@ unknown_toUtf8(const ENCODING *enc,
}
}
-static void PTRCALL
+static enum XML_Convert_Result PTRCALL
unknown_toUtf16(const ENCODING *enc,
const char **fromP, const char *fromLim,
unsigned short **toP, const unsigned short *toLim)
{
const struct unknown_encoding *uenc = AS_UNKNOWN_ENCODING(enc);
- while (*fromP != fromLim && *toP != toLim) {
+ while (*fromP < fromLim && *toP < toLim) {
unsigned short c = uenc->utf16[(unsigned char)**fromP];
if (c == 0) {
c = (unsigned short)
@@ -1340,6 +1390,11 @@ unknown_toUtf16(const ENCODING *enc,
(*fromP)++;
*(*toP)++ = c;
}
+
+ if ((*toP == toLim) && (*fromP < fromLim))
+ return XML_CONVERT_OUTPUT_EXHAUSTED;
+ else
+ return XML_CONVERT_COMPLETED;
}
ENCODING *
@@ -1503,7 +1558,7 @@ initScan(const ENCODING * const *encodingTable,
{
const ENCODING **encPtr;
- if (ptr == end)
+ if (ptr >= end)
return XML_TOK_NONE;
encPtr = enc->encPtr;
if (ptr + 1 == end) {
diff --git a/lib/xmltok.h b/lib/xmltok.h
index ca867aa..752007e 100644
--- a/lib/xmltok.h
+++ b/lib/xmltok.h
@@ -130,6 +130,12 @@ typedef int (PTRCALL *SCANNER)(const ENCODING *,
const char *,
const char **);
+enum XML_Convert_Result {
+ XML_CONVERT_COMPLETED = 0,
+ XML_CONVERT_INPUT_INCOMPLETE = 1,
+ XML_CONVERT_OUTPUT_EXHAUSTED = 2 /* and therefore potentially input remaining as well */
+};
+
struct encoding {
SCANNER scanners[XML_N_STATES];
SCANNER literalScanners[XML_N_LITERAL_TYPES];
@@ -158,12 +164,12 @@ struct encoding {
const char *ptr,
const char *end,
const char **badPtr);
- void (PTRCALL *utf8Convert)(const ENCODING *enc,
+ enum XML_Convert_Result (PTRCALL *utf8Convert)(const ENCODING *enc,
const char **fromP,
const char *fromLim,
char **toP,
const char *toLim);
- void (PTRCALL *utf16Convert)(const ENCODING *enc,
+ enum XML_Convert_Result (PTRCALL *utf16Convert)(const ENCODING *enc,
const char **fromP,
const char *fromLim,
unsigned short **toP,
diff --git a/lib/xmltok_impl.c b/lib/xmltok_impl.c
index 9c2895b..6c5a3ba 100644
--- a/lib/xmltok_impl.c
+++ b/lib/xmltok_impl.c
@@ -93,13 +93,13 @@ static int PTRCALL
PREFIX(scanComment)(const ENCODING *enc, const char *ptr,
const char *end, const char **nextTokPtr)
{
- if (ptr != end) {
+ if (ptr < end) {
if (!CHAR_MATCHES(enc, ptr, ASCII_MINUS)) {
*nextTokPtr = ptr;
return XML_TOK_INVALID;
}
ptr += MINBPC(enc);
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
INVALID_CASES(ptr, nextTokPtr)
case BT_MINUS:
@@ -147,7 +147,7 @@ PREFIX(scanDecl)(const ENCODING *enc, const char *ptr,
*nextTokPtr = ptr;
return XML_TOK_INVALID;
}
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
case BT_PERCNT:
if (ptr + MINBPC(enc) == end)
@@ -233,7 +233,7 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr,
*nextTokPtr = ptr;
return XML_TOK_INVALID;
}
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
case BT_S: case BT_CR: case BT_LF:
@@ -242,7 +242,7 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr,
return XML_TOK_INVALID;
}
ptr += MINBPC(enc);
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
INVALID_CASES(ptr, nextTokPtr)
case BT_QUEST:
@@ -305,7 +305,7 @@ static int PTRCALL
PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr,
const char *end, const char **nextTokPtr)
{
- if (ptr == end)
+ if (ptr >= end)
return XML_TOK_NONE;
if (MINBPC(enc) > 1) {
size_t n = end - ptr;
@@ -348,7 +348,7 @@ PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr,
ptr += MINBPC(enc);
break;
}
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \
@@ -391,11 +391,11 @@ PREFIX(scanEndTag)(const ENCODING *enc, const char *ptr,
*nextTokPtr = ptr;
return XML_TOK_INVALID;
}
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
case BT_S: case BT_CR: case BT_LF:
- for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
+ for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) {
switch (BYTE_TYPE(enc, ptr)) {
case BT_S: case BT_CR: case BT_LF:
break;
@@ -432,7 +432,7 @@ static int PTRCALL
PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr,
const char *end, const char **nextTokPtr)
{
- if (ptr != end) {
+ if (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
case BT_DIGIT:
case BT_HEX:
@@ -441,7 +441,7 @@ PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr,
*nextTokPtr = ptr;
return XML_TOK_INVALID;
}
- for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
+ for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) {
switch (BYTE_TYPE(enc, ptr)) {
case BT_DIGIT:
case BT_HEX:
@@ -464,7 +464,7 @@ static int PTRCALL
PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr,
const char *end, const char **nextTokPtr)
{
- if (ptr != end) {
+ if (ptr < end) {
if (CHAR_MATCHES(enc, ptr, ASCII_x))
return PREFIX(scanHexCharRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);
switch (BYTE_TYPE(enc, ptr)) {
@@ -474,7 +474,7 @@ PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr,
*nextTokPtr = ptr;
return XML_TOK_INVALID;
}
- for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) {
+ for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) {
switch (BYTE_TYPE(enc, ptr)) {
case BT_DIGIT:
break;
@@ -506,7 +506,7 @@ PREFIX(scanRef)(const ENCODING *enc, const char *ptr, const char *end,
*nextTokPtr = ptr;
return XML_TOK_INVALID;
}
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
case BT_SEMI:
@@ -529,7 +529,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,
#ifdef XML_NS
int hadColon = 0;
#endif
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
#ifdef XML_NS
@@ -716,7 +716,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,
hadColon = 0;
#endif
/* we have a start-tag */
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
#ifdef XML_NS
@@ -740,7 +740,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,
case BT_S: case BT_CR: case BT_LF:
{
ptr += MINBPC(enc);
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
case BT_GT:
@@ -785,7 +785,7 @@ static int PTRCALL
PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,
const char **nextTokPtr)
{
- if (ptr == end)
+ if (ptr >= end)
return XML_TOK_NONE;
if (MINBPC(enc) > 1) {
size_t n = end - ptr;
@@ -832,7 +832,7 @@ PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,
ptr += MINBPC(enc);
break;
}
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \
@@ -895,7 +895,7 @@ PREFIX(scanPercent)(const ENCODING *enc, const char *ptr, const char *end,
*nextTokPtr = ptr;
return XML_TOK_INVALID;
}
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
case BT_SEMI:
@@ -921,7 +921,7 @@ PREFIX(scanPoundName)(const ENCODING *enc, const char *ptr, const char *end,
*nextTokPtr = ptr;
return XML_TOK_INVALID;
}
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
case BT_CR: case BT_LF: case BT_S:
@@ -941,7 +941,7 @@ PREFIX(scanLit)(int open, const ENCODING *enc,
const char *ptr, const char *end,
const char **nextTokPtr)
{
- while (ptr != end) {
+ while (ptr < end) {
int t = BYTE_TYPE(enc, ptr);
switch (t) {
INVALID_CASES(ptr, nextTokPtr)
@@ -973,7 +973,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
const char **nextTokPtr)
{
int tok;
- if (ptr == end)
+ if (ptr >= end)
return XML_TOK_NONE;
if (MINBPC(enc) > 1) {
size_t n = end - ptr;
@@ -1141,7 +1141,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
*nextTokPtr = ptr;
return XML_TOK_INVALID;
}
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
case BT_GT: case BT_RPAR: case BT_COMMA:
@@ -1204,10 +1204,10 @@ PREFIX(attributeValueTok)(const ENCODING *enc, const char *ptr,
const char *end, const char **nextTokPtr)
{
const char *start;
- if (ptr == end)
+ if (ptr >= end)
return XML_TOK_NONE;
start = ptr;
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: ptr += n; break;
@@ -1262,10 +1262,10 @@ PREFIX(entityValueTok)(const ENCODING *enc, const char *ptr,
const char *end, const char **nextTokPtr)
{
const char *start;
- if (ptr == end)
+ if (ptr >= end)
return XML_TOK_NONE;
start = ptr;
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: ptr += n; break;
@@ -1326,7 +1326,7 @@ PREFIX(ignoreSectionTok)(const ENCODING *enc, const char *ptr,
end = ptr + n;
}
}
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
INVALID_CASES(ptr, nextTokPtr)
case BT_LT:
@@ -1373,7 +1373,7 @@ PREFIX(isPublicId)(const ENCODING *enc, const char *ptr, const char *end,
{
ptr += MINBPC(enc);
end -= MINBPC(enc);
- for (; ptr != end; ptr += MINBPC(enc)) {
+ for (; ptr < end; ptr += MINBPC(enc)) {
switch (BYTE_TYPE(enc, ptr)) {
case BT_DIGIT:
case BT_HEX:
@@ -1760,7 +1760,7 @@ PREFIX(updatePosition)(const ENCODING *enc,
case BT_CR:
pos->lineNumber++;
ptr += MINBPC(enc);
- if (ptr != end && BYTE_TYPE(enc, ptr) == BT_LF)
+ if (ptr < end && BYTE_TYPE(enc, ptr) == BT_LF)
ptr += MINBPC(enc);
pos->columnNumber = (XML_Size)-1;
break;
--
2.8.2

View File

@ -0,0 +1,30 @@
Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
https://security-tracker.debian.org/tracker/CVE-2016-6354
Patch copied from upstream source repository:
https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
From: Will Estes <westes575@gmail.com>
Date: Sat, 27 Feb 2016 11:56:05 -0500
Subject: [PATCH] Fixed incorrect integer type
---
src/flex.skl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/flex.skl b/src/flex.skl
index 36a526a..64f853d 100644
--- a/src/flex.skl
+++ b/src/flex.skl
@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
else
{
- yy_size_t num_to_read =
+ int num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )

View File

@ -1,170 +0,0 @@
Fix CVE-2016-5384 (double-free resulting in arbitrary code execution):
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5384>
Copied from upstream code repository:
<https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940>
From 7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sat, 25 Jun 2016 19:18:53 +0200
Subject: Properly validate offsets in cache files.
The cache files are insufficiently validated. Even though the magic
number at the beginning of the file as well as time stamps are checked,
it is not verified if contained offsets are in legal ranges or are
even pointers.
The lack of validation allows an attacker to trigger arbitrary free()
calls, which in turn allows double free attacks and therefore arbitrary
code execution. Due to the conversion from offsets into pointers through
macros, this even allows to circumvent ASLR protections.
This attack vector allows privilege escalation when used with setuid
binaries like fbterm. A user can create ~/.fonts or any other
system-defined user-private font directory, run fc-cache and adjust
cache files in ~/.cache/fontconfig. The execution of setuid binaries will
scan these files and therefore are prone to attacks.
If it's not about code execution, an endless loop can be created by
letting linked lists become circular linked lists.
This patch verifies that:
- The file is not larger than the maximum addressable space, which
basically only affects 32 bit systems. This allows out of boundary
access into unallocated memory.
- Offsets are always positive or zero
- Offsets do not point outside file boundaries
- No pointers are allowed in cache files, every "pointer or offset"
field must be an offset or NULL
- Iterating linked lists must not take longer than the amount of elements
specified. A violation of this rule can break a possible endless loop.
If one or more of these points are violated, the cache is recreated.
This is current behaviour.
Even though this patch fixes many issues, the use of mmap() shall be
forbidden in setuid binaries. It is impossible to guarantee with these
checks that a malicious user does not change cache files after
verification. This should be handled in a different patch.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
diff --git a/src/fccache.c b/src/fccache.c
index 71e8f03..02ec301 100644
--- a/src/fccache.c
+++ b/src/fccache.c
@@ -27,6 +27,7 @@
#include <fcntl.h>
#include <dirent.h>
#include <string.h>
+#include <limits.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <assert.h>
@@ -587,6 +588,82 @@ FcCacheTimeValid (FcConfig *config, FcCache *cache, struct stat *dir_stat)
return cache->checksum == (int) dir_stat->st_mtime && fnano;
}
+static FcBool
+FcCacheOffsetsValid (FcCache *cache)
+{
+ char *base = (char *)cache;
+ char *end = base + cache->size;
+ intptr_t *dirs;
+ FcFontSet *fs;
+ int i, j;
+
+ if (cache->dir < 0 || cache->dir > cache->size - sizeof (intptr_t) ||
+ memchr (base + cache->dir, '\0', cache->size - cache->dir) == NULL)
+ return FcFalse;
+
+ if (cache->dirs < 0 || cache->dirs >= cache->size ||
+ cache->dirs_count < 0 ||
+ cache->dirs_count > (cache->size - cache->dirs) / sizeof (intptr_t))
+ return FcFalse;
+
+ dirs = FcCacheDirs (cache);
+ if (dirs)
+ {
+ for (i = 0; i < cache->dirs_count; i++)
+ {
+ FcChar8 *dir;
+
+ if (dirs[i] < 0 ||
+ dirs[i] > end - (char *) dirs - sizeof (intptr_t))
+ return FcFalse;
+
+ dir = FcOffsetToPtr (dirs, dirs[i], FcChar8);
+ if (memchr (dir, '\0', end - (char *) dir) == NULL)
+ return FcFalse;
+ }
+ }
+
+ if (cache->set < 0 || cache->set > cache->size - sizeof (FcFontSet))
+ return FcFalse;
+
+ fs = FcCacheSet (cache);
+ if (fs)
+ {
+ if (fs->nfont > (end - (char *) fs) / sizeof (FcPattern))
+ return FcFalse;
+
+ if (fs->fonts != 0 && !FcIsEncodedOffset(fs->fonts))
+ return FcFalse;
+
+ for (i = 0; i < fs->nfont; i++)
+ {
+ FcPattern *font = FcFontSetFont (fs, i);
+ FcPatternElt *e;
+ FcValueListPtr l;
+
+ if ((char *) font < base ||
+ (char *) font > end - sizeof (FcFontSet) ||
+ font->elts_offset < 0 ||
+ font->elts_offset > end - (char *) font ||
+ font->num > (end - (char *) font - font->elts_offset) / sizeof (FcPatternElt))
+ return FcFalse;
+
+
+ e = FcPatternElts(font);
+ if (e->values != 0 && !FcIsEncodedOffset(e->values))
+ return FcFalse;
+
+ for (j = font->num, l = FcPatternEltValues(e); j >= 0 && l; j--, l = FcValueListNext(l))
+ if (l->next != NULL && !FcIsEncodedOffset(l->next))
+ break;
+ if (j < 0)
+ return FcFalse;
+ }
+ }
+
+ return FcTrue;
+}
+
/*
* Map a cache file into memory
*/
@@ -596,7 +673,8 @@ FcDirCacheMapFd (FcConfig *config, int fd, struct stat *fd_stat, struct stat *di
FcCache *cache;
FcBool allocated = FcFalse;
- if (fd_stat->st_size < (int) sizeof (FcCache))
+ if (fd_stat->st_size > INTPTR_MAX ||
+ fd_stat->st_size < (int) sizeof (FcCache))
return NULL;
cache = FcCacheFindByStat (fd_stat);
if (cache)
@@ -652,6 +730,7 @@ FcDirCacheMapFd (FcConfig *config, int fd, struct stat *fd_stat, struct stat *di
if (cache->magic != FC_CACHE_MAGIC_MMAP ||
cache->version < FC_CACHE_VERSION_NUMBER ||
cache->size != (intptr_t) fd_stat->st_size ||
+ !FcCacheOffsetsValid (cache) ||
!FcCacheTimeValid (config, cache, dir_stat) ||
!FcCacheInsert (cache, fd_stat))
{
--
cgit v0.10.2

View File

@ -1,51 +0,0 @@
This is upstream commit c9a018c. We have observed random failures of
this test on i686 that seem related to load.
2015-05-21 Arnold D. Robbins <arnold@skeeve.com>
* fts.awk: Really remove atime from the output.
This avoids spurious failures on heavily loaded systems.
diff --git a/test/fts.awk b/test/fts.awk
index b1df060..dea5b68 100644
--- a/test/fts.awk
+++ b/test/fts.awk
@@ -50,6 +50,11 @@ function sort_traverse(data, sorted, i)
{
asorti(data, sorted)
for (i = 1; i in sorted; i++) {
+ # 5/2015: skip for atime, since there can
+ # occasionally be small differences.
+ if (sorted[i] == "atime")
+ continue
+
indent()
printf("%s --> %s\n", sorted[i], data[sorted[i]]) > output
}
@@ -63,17 +68,20 @@ function traverse(data, i)
printf("%s:\n", i) > output
Level++
- if (("mtime" in data[i]) && ! isarray(data[i][mtime])) {
+ if (("mtime" in data[i]) && ! isarray(data[i]["mtime"])) {
sort_traverse(data[i])
} else {
traverse(data[i])
}
Level--
- } else if (data[i] != "atime") {
- # 4/2015: skip for atime, since there can
- # occasionally be small differences.
- indent()
- printf("%s --> %s\n", i, data[i]) > output
+# } else {
+# JUNK = 1
+# if (i != "atime") {
+# # 4/2015: skip for atime, since there can
+# # occasionally be small differences.
+# indent()
+# printf("%s --> %s\n", i, data[i]) > output
+# }
}
}
}

View File

@ -0,0 +1,55 @@
Revert the following commit to work around a bootstrap comparison failure on
ARMv7, as reported at <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71399>.
commit f6ab85b7049a03962ea98924d00802da357a1ad3
Author: renlin <renlin@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Wed Dec 2 14:06:31 2015 +0000
[PR67383][ARM][4.9]Backport of "Allow any register for DImode values in Thumb2"
This partially fix PR67383. It allows the reload more flexibility to choose
spilling pseudo registers.
gcc/ChangeLog:
2015-12-02 Renlin Li <renlin.li@arm.com>
Backport from mainline.
2014-04-22 Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
* config/arm/arm.c (arm_hard_regno_mode_ok): Loosen
restrictions on core registers for DImode values in Thumb2.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-4_9-branch@231177 138bc75d-0d04-0410-961f-82ee72b054a4
diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
index 8ba6060..d9028a1 100644
--- b/gcc/config/arm/arm.c
+++ a/gcc/config/arm/arm.c
@@ -22624,19 +22624,12 @@
}
/* We allow almost any value to be stored in the general registers.
- Restrict doubleword quantities to even register pairs in ARM state
- so that we can use ldrd. Do not allow very large Neon structure
- opaque modes in general registers; they would use too many. */
+ Restrict doubleword quantities to even register pairs so that we can
+ use ldrd. Do not allow very large Neon structure opaque modes in
+ general registers; they would use too many. */
if (regno <= LAST_ARM_REGNUM)
- {
- if (ARM_NUM_REGS (mode) > 4)
- return FALSE;
-
- if (TARGET_THUMB2)
- return TRUE;
-
- return !(TARGET_LDRD && GET_MODE_SIZE (mode) > 4 && (regno & 1) != 0);
- }
+ return !(TARGET_LDRD && GET_MODE_SIZE (mode) > 4 && (regno & 1) != 0)
+ && ARM_NUM_REGS (mode) <= 4;
if (regno == FRAME_POINTER_REGNUM
|| regno == ARG_POINTER_REGNUM)

View File

@ -1,78 +0,0 @@
Fix a test that has an expiration date of 2016-09-17:
https://bugs.gnupg.org/gnupg/issue2393
Patch adapted from upstream source repository:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e584d6468a2e72cd01e55f46104f9f96b56c0b66
The patch has been altered by commenting out a diff that does not apply
to the version of GnuPG that we are applying it to, 2.1.13. This is
what the patch author refers to below with "This commit includes changes
to the old test as well, for those who need to backport it." We keep the
old test and comment out the new test.
From e584d6468a2e72cd01e55f46104f9f96b56c0b66 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@g10code.com>
Date: Thu, 23 Jun 2016 17:24:23 +0200
Subject: [PATCH] tests/openpgp: Fake the system time for the tofu test.
The keys in the tofu test are set to expire on 2016-09-17. Fake the
system time for this test.
This commit includes changes to the old test as well, for those who
need to backport it.
* tests/openpgp/gpg-agent.conf.tmpl: Drop trailing newlines.
* tests/openpgp/tofu.scm: Fake system time.
* tests/openpgp/tofu.test: Likewise.
GnuPG-bug-id: 2393
Signed-off-by: Justus Winter <justus@g10code.com>
---
tests/openpgp/gpg-agent.conf.tmpl | 2 --
tests/openpgp/tofu.scm | 4 +++-
tests/openpgp/tofu.test | 3 +++
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/tests/openpgp/gpg-agent.conf.tmpl b/tests/openpgp/gpg-agent.conf.tmpl
index b3cb54f..70e1633 100644
--- a/tests/openpgp/gpg-agent.conf.tmpl
+++ b/tests/openpgp/gpg-agent.conf.tmpl
@@ -1,4 +1,2 @@
allow-preset-passphrase
no-grab
-
-
#diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
#index 24fa9df..38b6a0f 100755
#--- a/tests/openpgp/tofu.scm
#+++ b/tests/openpgp/tofu.scm
#@@ -19,7 +19,9 @@
#
# (load (with-path "defs.scm"))
#
#-(define GPG `(,(tool 'gpg) --no-permission-warning)) ;; w/o --always-trust
#+ ;; Redefine GPG without --always-trust and a fixed time.
#+(define GPG `(,(tool 'gpg) --no-permission-warning
#+ --faked-system-time=1466684990))
# (define GNUPGHOME (getenv "GNUPGHOME"))
# (if (string=? "" GNUPGHOME)
# (error "GNUPGHOME not set"))
diff --git a/tests/openpgp/tofu.test b/tests/openpgp/tofu.test
index 18c1756..0d34af4 100755
--- a/tests/openpgp/tofu.test
+++ b/tests/openpgp/tofu.test
@@ -4,6 +4,9 @@
# set -x
+# Redefine GPG with a fixed time.
+GPG="$GPG --faked-system-time=1466684990"
+
KEYS="2183839A BC15C85A EE37CF96"
# Make sure $srcdir is set.
--
2.10.0

View File

@ -1,8 +1,6 @@
This patch changes Guile to use a default search path relative to the
location of the `guile' binary, allowing it to be relocated.
diff --git a/libguile/load.c b/libguile/load.c
index af2ca45..19dd338 100644
--- a/libguile/load.c
+++ b/libguile/load.c
@@ -26,6 +26,7 @@
@ -12,8 +10,8 @@ index af2ca45..19dd338 100644
+#include <libgen.h>
#include "libguile/_scm.h"
#include "libguile/private-gc.h" /* scm_getenv_int */
@@ -255,6 +256,32 @@ scm_init_load_path ()
#include "libguile/alist.h"
@@ -325,6 +326,32 @@
SCM cpath = SCM_EOL;
#ifdef SCM_LIBRARY_DIR
@ -43,10 +41,10 @@ index af2ca45..19dd338 100644
+ strcpy (ccache_dir, prefix);
+ strcat (ccache_dir, "/lib/guile/2.0/ccache");
+
env = getenv ("GUILE_SYSTEM_PATH");
env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_PATH"));
if (env && strcmp (env, "") == 0)
/* special-case interpret system-path=="" as meaning no system path instead
@@ -263,10 +290,7 @@ scm_init_load_path ()
@@ -333,10 +360,7 @@
else if (env)
path = scm_parse_path (scm_from_locale_string (env), path);
else
@ -56,9 +54,9 @@ index af2ca45..19dd338 100644
- scm_from_locale_string (SCM_PKGDATA_DIR));
+ path = scm_list_1 (scm_from_locale_string (module_dir));
env = getenv ("GUILE_SYSTEM_COMPILED_PATH");
env = scm_i_mirror_backslashes (getenv ("GUILE_SYSTEM_COMPILED_PATH"));
if (env && strcmp (env, "") == 0)
@@ -276,8 +300,7 @@ scm_init_load_path ()
@@ -346,8 +370,7 @@
cpath = scm_parse_path (scm_from_locale_string (env), cpath);
else
{

View File

@ -0,0 +1,40 @@
# HG changeset patch
# User J. Brown <jb999@gmx.de>
# Date 1476951900 14400
# Node ID cca249d09ef600650e6127c18be438a37e9d4587
# Parent d8bbf1a3957fd25ff24bfee51331c150b154cc39
Bug 1242901 - Fix linking libxul.so with binutils/GNU ld >= 2.26. r=glandium
The build fails with:
/usr/bin/ld: ../../xpcom/components/nsComponentManager.o: relocation R_386_GOTOFF against protected data `start_kPStaticModules_NSModule' can not be used when making a shared object
/usr/bin/ld: final link failed: Bad value
collect2: error: ld returned 1 exit status
This is a patch from 2016/04/27 16:36:50 ryoon found on
http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/firefox45/patches/#dirlist.
diff --git a/xpcom/components/Module.h b/xpcom/components/Module.h
--- a/xpcom/components/Module.h
+++ b/xpcom/components/Module.h
@@ -133,17 +133,17 @@ struct Module
#if defined(MOZILLA_INTERNAL_API)
# define NSMODULE_NAME(_name) _name##_NSModule
# if defined(_MSC_VER)
# pragma section(".kPStaticModules$M", read)
# pragma comment(linker, "/merge:.kPStaticModules=.rdata")
# define NSMODULE_SECTION __declspec(allocate(".kPStaticModules$M"), dllexport)
# elif defined(__GNUC__)
# if defined(__ELF__)
-# define NSMODULE_SECTION __attribute__((section(".kPStaticModules"), visibility("protected")))
+# define NSMODULE_SECTION __attribute__((section(".kPStaticModules"), visibility("default")))
# elif defined(__MACH__)
# define NSMODULE_SECTION __attribute__((section("__DATA, .kPStaticModules"), visibility("default")))
# elif defined (_WIN32)
# define NSMODULE_SECTION __attribute__((section(".kPStaticModules"), dllexport))
# endif
# endif
# if !defined(NSMODULE_SECTION)
# error Do not know how to define sections.

View File

@ -0,0 +1,40 @@
Add aarch64 support to config.guess and config.sub, as would be found if using
a more recent version of autoconf.
---
config.guess | 7 +++++++
config.sub | 1 +
2 files changed, 8 insertions(+)
diff --git a/config.guess b/config.guess
index 40eaed4..baad294 100755
--- a/config.guess
+++ b/config.guess
@@ -861,6 +861,13 @@ EOF
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
exit ;;
+ aarch64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ aarch64_be:Linux:*:*)
+ UNAME_MACHINE=aarch64_be
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
EV5) UNAME_MACHINE=alphaev5 ;;
diff --git a/config.sub b/config.sub
index 30fdca8..8f5b018 100755
--- a/config.sub
+++ b/config.sub
@@ -247,6 +247,7 @@ case $basic_machine in
# Some are omitted here because they have special meanings below.
1750a | 580 \
| a29k \
+ | aarch64 | aarch64_be \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
--
2.9.0

View File

@ -1,76 +0,0 @@
Fix CVE-2016-7942:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
From 8ea762f94f4c942d898fdeb590a1630c83235c17 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 21:25:25 +0200
Subject: [PATCH] Validation of server responses in XGetImage()
Check if enough bytes were received for specified image type and
geometry. Otherwise GetPixel and other functions could trigger an
out of boundary read later on.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/GetImage.c | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/src/GetImage.c b/src/GetImage.c
index c461abc..ff32d58 100644
--- a/src/GetImage.c
+++ b/src/GetImage.c
@@ -59,6 +59,7 @@ XImage *XGetImage (
char *data;
unsigned long nbytes;
XImage *image;
+ int planes;
LockDisplay(dpy);
GetReq (GetImage, req);
/*
@@ -91,18 +92,28 @@ XImage *XGetImage (
return (XImage *) NULL;
}
_XReadPad (dpy, data, nbytes);
- if (format == XYPixmap)
- image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual),
- Ones (plane_mask &
- (((unsigned long)0xFFFFFFFF) >> (32 - rep.depth))),
- format, 0, data, width, height, dpy->bitmap_pad, 0);
- else /* format == ZPixmap */
- image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual),
- rep.depth, ZPixmap, 0, data, width, height,
- _XGetScanlinePad(dpy, (int) rep.depth), 0);
+ if (format == XYPixmap) {
+ image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual),
+ Ones (plane_mask &
+ (((unsigned long)0xFFFFFFFF) >> (32 - rep.depth))),
+ format, 0, data, width, height, dpy->bitmap_pad, 0);
+ planes = image->depth;
+ } else { /* format == ZPixmap */
+ image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual),
+ rep.depth, ZPixmap, 0, data, width, height,
+ _XGetScanlinePad(dpy, (int) rep.depth), 0);
+ planes = 1;
+ }
if (!image)
Xfree(data);
+ if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 ||
+ INT_MAX / image->height <= image->bytes_per_line ||
+ INT_MAX / planes <= image->height * image->bytes_per_line ||
+ nbytes < planes * image->height * image->bytes_per_line) {
+ XDestroyImage(image);
+ image = NULL;
+ }
UnlockDisplay(dpy);
SyncHandle();
return (image);
--
2.10.1

View File

@ -1,113 +0,0 @@
Fix CVE-2016-7943:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943.
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
From 8c29f1607a31dac0911e45a0dd3d74173822b3c9 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 21:22:57 +0200
Subject: [PATCH] The validation of server responses avoids out of boundary
accesses.
v2: FontNames.c return a NULL list whenever a single
length field from the server is incohent.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/FontNames.c | 23 +++++++++++++++++------
src/ListExt.c | 12 ++++++++----
src/ModMap.c | 3 ++-
3 files changed, 27 insertions(+), 11 deletions(-)
diff --git a/src/FontNames.c b/src/FontNames.c
index 21dcafe..e55f338 100644
--- a/src/FontNames.c
+++ b/src/FontNames.c
@@ -66,7 +66,7 @@ int *actualCount) /* RETURN */
if (rep.nFonts) {
flist = Xmalloc (rep.nFonts * sizeof(char *));
- if (rep.length < (INT_MAX >> 2)) {
+ if (rep.length > 0 && rep.length < (INT_MAX >> 2)) {
rlen = rep.length << 2;
ch = Xmalloc(rlen + 1);
/* +1 to leave room for last null-terminator */
@@ -93,11 +93,22 @@ int *actualCount) /* RETURN */
if (ch + length < chend) {
flist[i] = ch + 1; /* skip over length */
ch += length + 1; /* find next length ... */
- length = *(unsigned char *)ch;
- *ch = '\0'; /* and replace with null-termination */
- count++;
- } else
- flist[i] = NULL;
+ if (ch <= chend) {
+ length = *(unsigned char *)ch;
+ *ch = '\0'; /* and replace with null-termination */
+ count++;
+ } else {
+ Xfree(flist);
+ flist = NULL;
+ count = 0;
+ break;
+ }
+ } else {
+ Xfree(flist);
+ flist = NULL;
+ count = 0;
+ break;
+ }
}
}
*actualCount = count;
diff --git a/src/ListExt.c b/src/ListExt.c
index be6b989..0516e45 100644
--- a/src/ListExt.c
+++ b/src/ListExt.c
@@ -55,7 +55,7 @@ char **XListExtensions(
if (rep.nExtensions) {
list = Xmalloc (rep.nExtensions * sizeof (char *));
- if (rep.length < (INT_MAX >> 2)) {
+ if (rep.length > 0 && rep.length < (INT_MAX >> 2)) {
rlen = rep.length << 2;
ch = Xmalloc (rlen + 1);
/* +1 to leave room for last null-terminator */
@@ -80,9 +80,13 @@ char **XListExtensions(
if (ch + length < chend) {
list[i] = ch+1; /* skip over length */
ch += length + 1; /* find next length ... */
- length = *ch;
- *ch = '\0'; /* and replace with null-termination */
- count++;
+ if (ch <= chend) {
+ length = *ch;
+ *ch = '\0'; /* and replace with null-termination */
+ count++;
+ } else {
+ list[i] = NULL;
+ }
} else
list[i] = NULL;
}
diff --git a/src/ModMap.c b/src/ModMap.c
index a809aa2..49a5d08 100644
--- a/src/ModMap.c
+++ b/src/ModMap.c
@@ -42,7 +42,8 @@ XGetModifierMapping(register Display *dpy)
GetEmptyReq(GetModifierMapping, req);
(void) _XReply (dpy, (xReply *)&rep, 0, xFalse);
- if (rep.length < (INT_MAX >> 2)) {
+ if (rep.length < (INT_MAX >> 2) &&
+ (rep.length >> 1) == rep.numKeyPerModifier) {
nbytes = (unsigned long)rep.length << 2;
res = Xmalloc(sizeof (XModifierKeymap));
if (res)
--
2.10.1

View File

@ -1,62 +0,0 @@
Fix CVE-2016-7944:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
From 61c1039ee23a2d1de712843bed3480654d7ef42e Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 22:38:44 +0200
Subject: [PATCH] Integer overflow on illegal server response
The 32 bit field "rep.length" is not checked for validity, which allows
an integer overflow on 32 bit systems.
A malicious server could send INT_MAX as length, which gets multiplied
by the size of XRectangle. In that case the client won't read the whole
data from server, getting out of sync.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/Region.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/Region.c b/src/Region.c
index cb0cf6e..59bcc1a 100644
--- a/src/Region.c
+++ b/src/Region.c
@@ -23,6 +23,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
+#include <limits.h>
#include "Xfixesint.h"
XserverRegion
@@ -333,9 +334,17 @@ XFixesFetchRegionAndBounds (Display *dpy,
bounds->y = rep.y;
bounds->width = rep.width;
bounds->height = rep.height;
- nbytes = (long) rep.length << 2;
- nrects = rep.length >> 1;
- rects = Xmalloc (nrects * sizeof (XRectangle));
+
+ if (rep.length < (INT_MAX >> 2)) {
+ nbytes = (long) rep.length << 2;
+ nrects = rep.length >> 1;
+ rects = Xmalloc (nrects * sizeof (XRectangle));
+ } else {
+ nbytes = 0;
+ nrects = 0;
+ rects = NULL;
+ }
+
if (!rects)
{
_XEatDataWords(dpy, rep.length);
--
2.10.1

View File

@ -1,420 +0,0 @@
Fix CVE-2016-7945:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
From 19a9cd607de73947fcfb104682f203ffe4e1f4e5 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 22:31:34 +0200
Subject: [PATCH] Properly validate server responses.
By validating length fields from server responses, out of boundary
accesses and endless loops can be mitigated.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/XGMotion.c | 3 ++-
src/XGetBMap.c | 3 ++-
src/XGetDCtl.c | 6 ++++--
src/XGetFCtl.c | 7 ++++++-
src/XGetKMap.c | 14 +++++++++++---
src/XGetMMap.c | 11 +++++++++--
src/XIQueryDevice.c | 36 ++++++++++++++++++++++++++++++++++--
src/XListDev.c | 21 +++++++++++++++------
src/XOpenDev.c | 13 ++++++++++---
src/XQueryDv.c | 8 ++++++--
10 files changed, 99 insertions(+), 23 deletions(-)
diff --git a/src/XGMotion.c b/src/XGMotion.c
index 7785843..9433e29 100644
--- a/src/XGMotion.c
+++ b/src/XGMotion.c
@@ -114,7 +114,8 @@ XGetDeviceMotionEvents(
}
/* rep.axes is a CARD8, so assume max number of axes for bounds check */
if (rep.nEvents <
- (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int))))) {
+ (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int)))) &&
+ rep.nEvents * (rep.axes + 1) <= rep.length) {
size_t bsize = rep.nEvents *
(sizeof(XDeviceTimeCoord) + (rep.axes * sizeof(int)));
bufp = Xmalloc(bsize);
diff --git a/src/XGetBMap.c b/src/XGetBMap.c
index 002daba..13bb8c6 100644
--- a/src/XGetBMap.c
+++ b/src/XGetBMap.c
@@ -92,7 +92,8 @@ XGetDeviceButtonMapping(
status = _XReply(dpy, (xReply *) & rep, 0, xFalse);
if (status == 1) {
- if (rep.length <= (sizeof(mapping) >> 2)) {
+ if (rep.length <= (sizeof(mapping) >> 2) &&
+ rep.nElts <= (rep.length << 2)) {
unsigned long nbytes = rep.length << 2;
_XRead(dpy, (char *)mapping, nbytes);
diff --git a/src/XGetDCtl.c b/src/XGetDCtl.c
index c5d3b53..7f6b396 100644
--- a/src/XGetDCtl.c
+++ b/src/XGetDCtl.c
@@ -93,7 +93,8 @@ XGetDeviceControl(
if (rep.length > 0) {
unsigned long nbytes;
size_t size = 0;
- if (rep.length < (INT_MAX >> 2)) {
+ if (rep.length < (INT_MAX >> 2) &&
+ (rep.length << 2) >= sizeof(xDeviceState)) {
nbytes = (unsigned long) rep.length << 2;
d = Xmalloc(nbytes);
}
@@ -117,7 +118,8 @@ XGetDeviceControl(
size_t val_size;
r = (xDeviceResolutionState *) d;
- if (r->num_valuators >= (INT_MAX / (3 * sizeof(int))))
+ if (sizeof(xDeviceResolutionState) > nbytes ||
+ r->num_valuators >= (INT_MAX / (3 * sizeof(int))))
goto out;
val_size = 3 * sizeof(int) * r->num_valuators;
if ((sizeof(xDeviceResolutionState) + val_size) > nbytes)
diff --git a/src/XGetFCtl.c b/src/XGetFCtl.c
index 7fd6d0e..82dcc64 100644
--- a/src/XGetFCtl.c
+++ b/src/XGetFCtl.c
@@ -73,6 +73,7 @@ XGetFeedbackControl(
XFeedbackState *Sav = NULL;
xFeedbackState *f = NULL;
xFeedbackState *sav = NULL;
+ char *end = NULL;
xGetFeedbackControlReq *req;
xGetFeedbackControlReply rep;
XExtDisplayInfo *info = XInput_find_display(dpy);
@@ -105,10 +106,12 @@ XGetFeedbackControl(
goto out;
}
sav = f;
+ end = (char *)f + nbytes;
_XRead(dpy, (char *)f, nbytes);
for (i = 0; i < *num_feedbacks; i++) {
- if (f->length > nbytes)
+ if ((char *)f + sizeof(*f) > end ||
+ f->length == 0 || f->length > nbytes)
goto out;
nbytes -= f->length;
@@ -125,6 +128,8 @@ XGetFeedbackControl(
case StringFeedbackClass:
{
xStringFeedbackState *strf = (xStringFeedbackState *) f;
+ if ((char *)f + sizeof(*strf) > end)
+ goto out;
size += sizeof(XStringFeedbackState) +
(strf->num_syms_supported * sizeof(KeySym));
}
diff --git a/src/XGetKMap.c b/src/XGetKMap.c
index 0540ce4..008a72b 100644
--- a/src/XGetKMap.c
+++ b/src/XGetKMap.c
@@ -54,6 +54,7 @@ SOFTWARE.
#include <config.h>
#endif
+#include <limits.h>
#include <X11/extensions/XI.h>
#include <X11/extensions/XIproto.h>
#include <X11/Xlibint.h>
@@ -93,9 +94,16 @@ XGetDeviceKeyMapping(register Display * dpy, XDevice * dev,
return (KeySym *) NULL;
}
if (rep.length > 0) {
- *syms_per_code = rep.keySymsPerKeyCode;
- nbytes = (long)rep.length << 2;
- mapping = (KeySym *) Xmalloc((unsigned)nbytes);
+ if (rep.length < INT_MAX >> 2 &&
+ rep.length == rep.keySymsPerKeyCode * keycount) {
+ *syms_per_code = rep.keySymsPerKeyCode;
+ nbytes = (long)rep.length << 2;
+ mapping = (KeySym *) Xmalloc((unsigned)nbytes);
+ } else {
+ *syms_per_code = 0;
+ nbytes = 0;
+ mapping = NULL;
+ }
if (mapping)
_XRead(dpy, (char *)mapping, nbytes);
else
diff --git a/src/XGetMMap.c b/src/XGetMMap.c
index 246698c..33c114f 100644
--- a/src/XGetMMap.c
+++ b/src/XGetMMap.c
@@ -53,6 +53,7 @@ SOFTWARE.
#include <config.h>
#endif
+#include <limits.h>
#include <X11/extensions/XI.h>
#include <X11/extensions/XIproto.h>
#include <X11/Xlibint.h>
@@ -85,8 +86,14 @@ XGetDeviceModifierMapping(
SyncHandle();
return (XModifierKeymap *) NULL;
}
- nbytes = (unsigned long)rep.length << 2;
- res = (XModifierKeymap *) Xmalloc(sizeof(XModifierKeymap));
+ if (rep.length < (INT_MAX >> 2) &&
+ rep.numKeyPerModifier == rep.length >> 1) {
+ nbytes = (unsigned long)rep.length << 2;
+ res = (XModifierKeymap *) Xmalloc(sizeof(XModifierKeymap));
+ } else {
+ nbytes = 0;
+ res = NULL;
+ }
if (res) {
res->modifiermap = (KeyCode *) Xmalloc(nbytes);
if (res->modifiermap)
diff --git a/src/XIQueryDevice.c b/src/XIQueryDevice.c
index fb8504f..a457cd6 100644
--- a/src/XIQueryDevice.c
+++ b/src/XIQueryDevice.c
@@ -26,6 +26,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdint.h>
#include <X11/Xlibint.h>
#include <X11/extensions/XI2proto.h>
@@ -43,6 +44,7 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
xXIQueryDeviceReq *req;
xXIQueryDeviceReply reply;
char *ptr;
+ char *end;
int i;
char *buf;
@@ -60,14 +62,24 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
if (!_XReply(dpy, (xReply*) &reply, 0, xFalse))
goto error;
- *ndevices_return = reply.num_devices;
- info = Xmalloc((reply.num_devices + 1) * sizeof(XIDeviceInfo));
+ if (reply.length < INT_MAX / 4)
+ {
+ *ndevices_return = reply.num_devices;
+ info = Xmalloc((reply.num_devices + 1) * sizeof(XIDeviceInfo));
+ }
+ else
+ {
+ *ndevices_return = 0;
+ info = NULL;
+ }
+
if (!info)
goto error;
buf = Xmalloc(reply.length * 4);
_XRead(dpy, buf, reply.length * 4);
ptr = buf;
+ end = buf + reply.length * 4;
/* info is a null-terminated array */
info[reply.num_devices].name = NULL;
@@ -79,6 +91,9 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
XIDeviceInfo *lib = &info[i];
xXIDeviceInfo *wire = (xXIDeviceInfo*)ptr;
+ if (ptr + sizeof(xXIDeviceInfo) > end)
+ goto error_loop;
+
lib->deviceid = wire->deviceid;
lib->use = wire->use;
lib->attachment = wire->attachment;
@@ -87,12 +102,23 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
ptr += sizeof(xXIDeviceInfo);
+ if (ptr + wire->name_len > end)
+ goto error_loop;
+
lib->name = Xcalloc(wire->name_len + 1, 1);
+ if (lib->name == NULL)
+ goto error_loop;
strncpy(lib->name, ptr, wire->name_len);
+ lib->name[wire->name_len] = '\0';
ptr += ((wire->name_len + 3)/4) * 4;
sz = size_classes((xXIAnyInfo*)ptr, nclasses);
lib->classes = Xmalloc(sz);
+ if (lib->classes == NULL)
+ {
+ Xfree(lib->name);
+ goto error_loop;
+ }
ptr += copy_classes(lib, (xXIAnyInfo*)ptr, &nclasses);
/* We skip over unused classes */
lib->num_classes = nclasses;
@@ -103,6 +129,12 @@ XIQueryDevice(Display *dpy, int deviceid, int *ndevices_return)
SyncHandle();
return info;
+error_loop:
+ while (--i >= 0)
+ {
+ Xfree(info[i].name);
+ Xfree(info[i].classes);
+ }
error:
UnlockDisplay(dpy);
error_unlocked:
diff --git a/src/XListDev.c b/src/XListDev.c
index b85ff3c..f850cd0 100644
--- a/src/XListDev.c
+++ b/src/XListDev.c
@@ -74,7 +74,7 @@ static int pad_to_xid(int base_size)
}
static size_t
-SizeClassInfo(xAnyClassPtr *any, int num_classes)
+SizeClassInfo(xAnyClassPtr *any, size_t len, int num_classes)
{
int size = 0;
int j;
@@ -90,6 +90,8 @@ SizeClassInfo(xAnyClassPtr *any, int num_classes)
{
xValuatorInfoPtr v;
+ if (len < sizeof(v))
+ return 0;
v = (xValuatorInfoPtr) *any;
size += pad_to_xid(sizeof(XValuatorInfo) +
(v->num_axes * sizeof(XAxisInfo)));
@@ -98,6 +100,8 @@ SizeClassInfo(xAnyClassPtr *any, int num_classes)
default:
break;
}
+ if ((*any)->length > len)
+ return 0;
*any = (xAnyClassPtr) ((char *)(*any) + (*any)->length);
}
@@ -170,7 +174,7 @@ XListInputDevices(
register Display *dpy,
int *ndevices)
{
- size_t size;
+ size_t s, size;
xListInputDevicesReq *req;
xListInputDevicesReply rep;
xDeviceInfo *list, *slist = NULL;
@@ -178,6 +182,7 @@ XListInputDevices(
XDeviceInfo *clist = NULL;
xAnyClassPtr any, sav_any;
XAnyClassPtr Any;
+ char *end = NULL;
unsigned char *nptr, *Nptr;
int i;
unsigned long rlen;
@@ -213,16 +218,20 @@ XListInputDevices(
any = (xAnyClassPtr) ((char *)list + (*ndevices * sizeof(xDeviceInfo)));
sav_any = any;
+ end = (char *)list + rlen;
for (i = 0; i < *ndevices; i++, list++) {
- size += SizeClassInfo(&any, (int)list->num_classes);
+ s = SizeClassInfo(&any, end - (char *)any, (int)list->num_classes);
+ if (!s)
+ goto out;
+ size += s;
}
- Nptr = ((unsigned char *)list) + rlen + 1;
+ Nptr = ((unsigned char *)list) + rlen;
for (i = 0, nptr = (unsigned char *)any; i < *ndevices; i++) {
+ if (nptr >= Nptr)
+ goto out;
size += *nptr + 1;
nptr += (*nptr + 1);
- if (nptr > Nptr)
- goto out;
}
clist = (XDeviceInfoPtr) Xmalloc(size);
diff --git a/src/XOpenDev.c b/src/XOpenDev.c
index 029dec2..4b3c460 100644
--- a/src/XOpenDev.c
+++ b/src/XOpenDev.c
@@ -53,6 +53,7 @@ SOFTWARE.
#include <config.h>
#endif
+#include <limits.h>
#include <X11/extensions/XI.h>
#include <X11/extensions/XIproto.h>
#include <X11/Xlibint.h>
@@ -86,9 +87,15 @@ XOpenDevice(
return (XDevice *) NULL;
}
- rlen = rep.length << 2;
- dev = (XDevice *) Xmalloc(sizeof(XDevice) + rep.num_classes *
- sizeof(XInputClassInfo));
+ if (rep.length < INT_MAX >> 2 &&
+ (rep.length << 2) >= rep.num_classes * sizeof(xInputClassInfo)) {
+ rlen = rep.length << 2;
+ dev = (XDevice *) Xmalloc(sizeof(XDevice) + rep.num_classes *
+ sizeof(XInputClassInfo));
+ } else {
+ rlen = 0;
+ dev = NULL;
+ }
if (dev) {
int dlen; /* data length */
diff --git a/src/XQueryDv.c b/src/XQueryDv.c
index de1c0e5..7ee2272 100644
--- a/src/XQueryDv.c
+++ b/src/XQueryDv.c
@@ -73,7 +73,7 @@ XQueryDeviceState(
xQueryDeviceStateReply rep;
XDeviceState *state = NULL;
XInputClass *any, *Any;
- char *data = NULL;
+ char *data = NULL, *end = NULL;
XExtDisplayInfo *info = XInput_find_display(dpy);
LockDisplay(dpy);
@@ -92,6 +92,7 @@ XQueryDeviceState(
if (rep.length < (INT_MAX >> 2)) {
rlen = (unsigned long) rep.length << 2;
data = Xmalloc(rlen);
+ end = data + rlen;
}
if (!data) {
_XEatDataWords(dpy, rep.length);
@@ -100,7 +101,8 @@ XQueryDeviceState(
_XRead(dpy, data, rlen);
for (i = 0, any = (XInputClass *) data; i < (int)rep.num_classes; i++) {
- if (any->length > rlen)
+ if ((char *)any + sizeof(XInputClass) > end ||
+ any->length == 0 || any->length > rlen)
goto out;
rlen -= any->length;
@@ -114,6 +116,8 @@ XQueryDeviceState(
case ValuatorClass:
{
xValuatorState *v = (xValuatorState *) any;
+ if ((char *)any + sizeof(xValuatorState) > end)
+ goto out;
size += (sizeof(XValuatorState) +
(v->num_valuators * sizeof(int)));
}
--
2.10.1

View File

@ -1,447 +0,0 @@
Fix CVE-2016-7947 and CVE-2016-7948.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
From a0df3e1c7728205e5c7650b2e6dce684139254a6 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 22:21:40 +0200
Subject: [PATCH] Avoid out of boundary accesses on illegal responses
The responses of the connected X server have to be properly checked
to avoid out of boundary accesses that could otherwise be triggered
by a malicious server.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
---
src/XrrConfig.c | 32 +++++++++++++--------
src/XrrCrtc.c | 83 ++++++++++++++++++++++++++++++++++++++++++-------------
src/XrrMonitor.c | 18 ++++++++++++
src/XrrOutput.c | 11 ++++++++
src/XrrProvider.c | 28 ++++++++++++++++---
src/XrrScreen.c | 52 ++++++++++++++++++++++------------
6 files changed, 172 insertions(+), 52 deletions(-)
diff --git a/src/XrrConfig.c b/src/XrrConfig.c
index 2f0282b..e68c45a 100644
--- a/src/XrrConfig.c
+++ b/src/XrrConfig.c
@@ -29,6 +29,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -272,23 +273,30 @@ static XRRScreenConfiguration *_XRRGetScreenInfo (Display *dpy,
rep.rate = 0;
rep.nrateEnts = 0;
}
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytes = (long) rep.length << 2;
+ nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
+ ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF(CARD16) */);
- nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
- ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF (CARD16) */);
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+ rbytes = sizeof (XRRScreenConfiguration) +
+ (rep.nSizes * sizeof (XRRScreenSize) +
+ rep.nrateEnts * sizeof (int));
- rbytes = sizeof (XRRScreenConfiguration) +
- (rep.nSizes * sizeof (XRRScreenSize) +
- rep.nrateEnts * sizeof (int));
+ scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ scp = NULL;
+ }
- scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
if (scp == NULL) {
_XEatData (dpy, (unsigned long) nbytes);
return NULL;
diff --git a/src/XrrCrtc.c b/src/XrrCrtc.c
index 5ae35c5..6665092 100644
--- a/src/XrrCrtc.c
+++ b/src/XrrCrtc.c
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -57,22 +58,33 @@ XRRGetCrtcInfo (Display *dpy, XRRScreenResources *resources, RRCrtc crtc)
return NULL;
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2)
+ {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nOutput * 4 +
- rep.nPossibleOutput * 4);
+ nbytesRead = (long) (rep.nOutput * 4 +
+ rep.nPossibleOutput * 4);
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
- rbytes = (sizeof (XRRCrtcInfo) +
- rep.nOutput * sizeof (RROutput) +
- rep.nPossibleOutput * sizeof (RROutput));
+ rbytes = (sizeof (XRRCrtcInfo) +
+ rep.nOutput * sizeof (RROutput) +
+ rep.nPossibleOutput * sizeof (RROutput));
+
+ xci = (XRRCrtcInfo *) Xmalloc(rbytes);
+ }
+ else
+ {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xci = NULL;
+ }
- xci = (XRRCrtcInfo *) Xmalloc(rbytes);
if (xci == NULL) {
_XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
@@ -194,12 +206,21 @@ XRRGetCrtcGamma (Display *dpy, RRCrtc crtc)
if (!_XReply (dpy, (xReply *) &rep, 0, xFalse))
goto out;
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2)
+ {
+ nbytes = (long) rep.length << 2;
- /* three channels of CARD16 data */
- nbytesRead = (rep.size * 2 * 3);
+ /* three channels of CARD16 data */
+ nbytesRead = (rep.size * 2 * 3);
- crtc_gamma = XRRAllocGamma (rep.size);
+ crtc_gamma = XRRAllocGamma (rep.size);
+ }
+ else
+ {
+ nbytes = 0;
+ nbytesRead = 0;
+ crtc_gamma = NULL;
+ }
if (!crtc_gamma)
{
@@ -357,7 +378,7 @@ XRRGetCrtcTransform (Display *dpy,
xRRGetCrtcTransformReq *req;
int major_version, minor_version;
XRRCrtcTransformAttributes *attr;
- char *extra = NULL, *e;
+ char *extra = NULL, *end = NULL, *e;
int p;
*attributes = NULL;
@@ -395,9 +416,17 @@ XRRGetCrtcTransform (Display *dpy,
else
{
int extraBytes = rep.length * 4 - CrtcTransformExtra;
- extra = Xmalloc (extraBytes);
+ if (rep.length < INT_MAX / 4 &&
+ rep.length * 4 >= CrtcTransformExtra) {
+ extra = Xmalloc (extraBytes);
+ end = extra + extraBytes;
+ } else
+ extra = NULL;
if (!extra) {
- _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2));
+ if (rep.length > (CrtcTransformExtra >> 2))
+ _XEatDataWords (dpy, rep.length - (CrtcTransformExtra >> 2));
+ else
+ _XEatDataWords (dpy, rep.length);
UnlockDisplay (dpy);
SyncHandle ();
return False;
@@ -429,22 +458,38 @@ XRRGetCrtcTransform (Display *dpy,
e = extra;
+ if (e + rep.pendingNbytesFilter > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (attr->pendingFilter, e, rep.pendingNbytesFilter);
attr->pendingFilter[rep.pendingNbytesFilter] = '\0';
e += (rep.pendingNbytesFilter + 3) & ~3;
for (p = 0; p < rep.pendingNparamsFilter; p++) {
INT32 f;
+ if (e + 4 > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (&f, e, 4);
e += 4;
attr->pendingParams[p] = (XFixed) f;
}
attr->pendingNparams = rep.pendingNparamsFilter;
+ if (e + rep.currentNbytesFilter > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (attr->currentFilter, e, rep.currentNbytesFilter);
attr->currentFilter[rep.currentNbytesFilter] = '\0';
e += (rep.currentNbytesFilter + 3) & ~3;
for (p = 0; p < rep.currentNparamsFilter; p++) {
INT32 f;
+ if (e + 4 > end) {
+ XFree (extra);
+ return False;
+ }
memcpy (&f, e, 4);
e += 4;
attr->currentParams[p] = (XFixed) f;
diff --git a/src/XrrMonitor.c b/src/XrrMonitor.c
index a9eaa7b..adc5330 100644
--- a/src/XrrMonitor.c
+++ b/src/XrrMonitor.c
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -65,6 +66,15 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors)
return NULL;
}
+ if (rep.length > INT_MAX >> 2 ||
+ rep.nmonitors > INT_MAX / SIZEOF(xRRMonitorInfo) ||
+ rep.noutputs > INT_MAX / 4 ||
+ rep.nmonitors * SIZEOF(xRRMonitorInfo) > INT_MAX - rep.noutputs * 4) {
+ _XEatData (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
nbytes = (long) rep.length << 2;
nmon = rep.nmonitors;
noutput = rep.noutputs;
@@ -111,6 +121,14 @@ XRRGetMonitors(Display *dpy, Window window, Bool get_active, int *nmonitors)
mon[m].outputs = output;
buf += SIZEOF (xRRMonitorInfo);
xoutput = (CARD32 *) buf;
+ if (xmon->noutput > rep.noutputs) {
+ Xfree(buf);
+ Xfree(mon);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+ rep.noutputs -= xmon->noutput;
for (o = 0; o < xmon->noutput; o++)
output[o] = xoutput[o];
output += xmon->noutput;
diff --git a/src/XrrOutput.c b/src/XrrOutput.c
index 85f0b6e..30f3d40 100644
--- a/src/XrrOutput.c
+++ b/src/XrrOutput.c
@@ -25,6 +25,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -60,6 +61,16 @@ XRRGetOutputInfo (Display *dpy, XRRScreenResources *resources, RROutput output)
return NULL;
}
+ if (rep.length > INT_MAX >> 2 || rep.length < (OutputInfoExtra >> 2))
+ {
+ if (rep.length > (OutputInfoExtra >> 2))
+ _XEatDataWords (dpy, rep.length - (OutputInfoExtra >> 2));
+ else
+ _XEatDataWords (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
nbytes = ((long) (rep.length) << 2) - OutputInfoExtra;
nbytesRead = (long) (rep.nCrtcs * 4 +
diff --git a/src/XrrProvider.c b/src/XrrProvider.c
index 9e620c7..d796cd0 100644
--- a/src/XrrProvider.c
+++ b/src/XrrProvider.c
@@ -25,6 +25,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -59,12 +60,20 @@ XRRGetProviderResources(Display *dpy, Window window)
return NULL;
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nProviders * 4);
+ nbytesRead = (long) (rep.nProviders * 4);
- rbytes = (sizeof(XRRProviderResources) + rep.nProviders * sizeof(RRProvider));
- xrpr = (XRRProviderResources *) Xmalloc(rbytes);
+ rbytes = (sizeof(XRRProviderResources) + rep.nProviders *
+ sizeof(RRProvider));
+ xrpr = (XRRProviderResources *) Xmalloc(rbytes);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xrpr = NULL;
+ }
if (xrpr == NULL) {
_XEatDataWords (dpy, rep.length);
@@ -121,6 +130,17 @@ XRRGetProviderInfo(Display *dpy, XRRScreenResources *resources, RRProvider provi
return NULL;
}
+ if (rep.length > INT_MAX >> 2 || rep.length < ProviderInfoExtra >> 2)
+ {
+ if (rep.length < ProviderInfoExtra >> 2)
+ _XEatDataWords (dpy, rep.length);
+ else
+ _XEatDataWords (dpy, rep.length - (ProviderInfoExtra >> 2));
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+
nbytes = ((long) rep.length << 2) - ProviderInfoExtra;
nbytesRead = (long)(rep.nCrtcs * 4 +
diff --git a/src/XrrScreen.c b/src/XrrScreen.c
index b8ce7e5..1f7ffe6 100644
--- a/src/XrrScreen.c
+++ b/src/XrrScreen.c
@@ -24,6 +24,7 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdio.h>
#include <X11/Xlib.h>
/* we need to be able to manipulate the Display structure on events */
@@ -105,27 +106,36 @@ doGetScreenResources (Display *dpy, Window window, int poll)
xrri->has_rates = _XRRHasRates (xrri->minor_version, xrri->major_version);
}
- nbytes = (long) rep.length << 2;
+ if (rep.length < INT_MAX >> 2) {
+ nbytes = (long) rep.length << 2;
- nbytesRead = (long) (rep.nCrtcs * 4 +
- rep.nOutputs * 4 +
- rep.nModes * SIZEOF (xRRModeInfo) +
- ((rep.nbytesNames + 3) & ~3));
+ nbytesRead = (long) (rep.nCrtcs * 4 +
+ rep.nOutputs * 4 +
+ rep.nModes * SIZEOF (xRRModeInfo) +
+ ((rep.nbytesNames + 3) & ~3));
- /*
- * first we must compute how much space to allocate for
- * randr library's use; we'll allocate the structures in a single
- * allocation, on cleanlyness grounds.
- */
+ /*
+ * first we must compute how much space to allocate for
+ * randr library's use; we'll allocate the structures in a single
+ * allocation, on cleanlyness grounds.
+ */
+
+ rbytes = (sizeof (XRRScreenResources) +
+ rep.nCrtcs * sizeof (RRCrtc) +
+ rep.nOutputs * sizeof (RROutput) +
+ rep.nModes * sizeof (XRRModeInfo) +
+ rep.nbytesNames + rep.nModes); /* '\0' terminate names */
- rbytes = (sizeof (XRRScreenResources) +
- rep.nCrtcs * sizeof (RRCrtc) +
- rep.nOutputs * sizeof (RROutput) +
- rep.nModes * sizeof (XRRModeInfo) +
- rep.nbytesNames + rep.nModes); /* '\0' terminate names */
+ xrsr = (XRRScreenResources *) Xmalloc(rbytes);
+ wire_names = (char *) Xmalloc (rep.nbytesNames);
+ } else {
+ nbytes = 0;
+ nbytesRead = 0;
+ rbytes = 0;
+ xrsr = NULL;
+ wire_names = NULL;
+ }
- xrsr = (XRRScreenResources *) Xmalloc(rbytes);
- wire_names = (char *) Xmalloc (rep.nbytesNames);
if (xrsr == NULL || wire_names == NULL) {
Xfree (xrsr);
Xfree (wire_names);
@@ -174,6 +184,14 @@ doGetScreenResources (Display *dpy, Window window, int poll)
wire_name = wire_names;
for (i = 0; i < rep.nModes; i++) {
xrsr->modes[i].name = names;
+ if (xrsr->modes[i].nameLength > rep.nbytesNames) {
+ Xfree (xrsr);
+ Xfree (wire_names);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return NULL;
+ }
+ rep.nbytesNames -= xrsr->modes[i].nameLength;
memcpy (names, wire_name, xrsr->modes[i].nameLength);
names[xrsr->modes[i].nameLength] = '\0';
names += xrsr->modes[i].nameLength + 1;
--
2.10.1

View File

@ -1,66 +0,0 @@
Fix CVE-2016-7949:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949
Patch copied from upstream source repository:
https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
From 9362c7ddd1af3b168953d0737877bc52d79c94f4 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 25 Sep 2016 21:43:09 +0200
Subject: [PATCH] Validate lengths while parsing server data.
Individual lengths inside received server data can overflow
the previously reserved memory.
It is therefore important to validate every single length
field to not overflow the previously agreed sum of all invidual
length fields.
v2: consume remaining bytes in the reply buffer on error.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb@laas.fr
---
src/Xrender.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/Xrender.c b/src/Xrender.c
index 3102eb2..71cf3e6 100644
--- a/src/Xrender.c
+++ b/src/Xrender.c
@@ -533,12 +533,30 @@ XRenderQueryFormats (Display *dpy)
screen->fallback = _XRenderFindFormat (xri, xScreen->fallback);
screen->subpixel = SubPixelUnknown;
xDepth = (xPictDepth *) (xScreen + 1);
+ if (screen->ndepths > rep.numDepths) {
+ Xfree (xri);
+ Xfree (xData);
+ _XEatDataWords (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return 0;
+ }
+ rep.numDepths -= screen->ndepths;
for (nd = 0; nd < screen->ndepths; nd++)
{
depth->depth = xDepth->depth;
depth->nvisuals = xDepth->nPictVisuals;
depth->visuals = visual;
xVisual = (xPictVisual *) (xDepth + 1);
+ if (depth->nvisuals > rep.numVisuals) {
+ Xfree (xri);
+ Xfree (xData);
+ _XEatDataWords (dpy, rep.length);
+ UnlockDisplay (dpy);
+ SyncHandle ();
+ return 0;
+ }
+ rep.numVisuals -= depth->nvisuals;
for (nv = 0; nv < depth->nvisuals; nv++)
{
visual->visual = _XRenderFindVisual (dpy, xVisual->visual);
--
2.10.1

Some files were not shown because too many files have changed in this diff Show More