nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into core-updates

master
Leo Famulari 2017-05-24 18:02:27 -04:00
parent 9269ce4925 ff51a87cae
commit 38f1163c95
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
12 changed files with 151 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnu/local.mk
View File

@ -746,7 +746,8 @@ dist_patch_DATA = \
%D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch \
%D%/packages/patches/libsndfile-CVE-2017-8362.patch \
%D%/packages/patches/libssh2-fix-build-failure-with-gcrypt.patch \
%D%/packages/patches/libtar-CVE-2013-4420.patch \
%D%/packages/patches/libtar-CVE-2013-4420.patch \
%D%/packages/patches/libtasn1-CVE-2017-6891.patch \
%D%/packages/patches/libtheora-config-guess.patch \
%D%/packages/patches/libtiff-CVE-2016-10092.patch \
%D%/packages/patches/libtiff-CVE-2016-10093.patch \

7
gnu/packages/audio.scm
View File

@ -2054,11 +2054,14 @@ the Turtle syntax.")
(base32
"1kji3lhha26qr6xm9j8ic5c40zbrrb5qnwm2qxzmsfxgmrz29wkf"))))
(build-system waf-build-system)
(arguments `(#:tests? #f)) ; no check target
(arguments
`(#:tests? #f ; no check target
#:configure-flags
'("CXXFLAGS=-std=gnu++11")))
(inputs
`(("lv2" ,lv2)
("gtk+-2" ,gtk+-2)
("qt-4" ,qt-4)))
("qt" ,qtbase)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "http://drobilla.net/software/suil/")

39
gnu/packages/gnome.scm
View File

@ -1745,7 +1745,7 @@ engineering.")
(define-public gnome-themes-standard
(package
(name "gnome-themes-standard")
(version "3.22.2")
(version "3.22.3")
(source
(origin
(method url-fetch)
@ -1754,7 +1754,7 @@ engineering.")
version ".tar.xz"))
(sha256
(base32
"19bxw69ms46px5xgvwbjlhq2vkmrqfx2az49q63w2wxqb76icidk"))))
"0smmiamrgcgf5sa88bsn8hwmvsyx4gczzs359nwxbkv14b2qgp31"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
@ -2973,7 +2973,7 @@ without stepping on each others toes.")
(define-public clutter
(package
(name "clutter")
(version "1.26.0")
(version "1.26.2")
(source
(origin
(method url-fetch)
@ -2982,7 +2982,7 @@ without stepping on each others toes.")
name "-" version ".tar.xz"))
(sha256
(base32
"01nfjd4k7j2n3agpx2d9ncff86nfsqv4n23465rb9zmk4iw4wlb7"))))
"0mif1qnrpkgxi43h7pimim6w6zwywa16ixcliw0yjm9hk0a368z7"))))
;; NOTE: mutter exports a bundled fork of clutter, so when making changes
;; to clutter, corresponding changes may be appropriate in mutter as well.
(build-system gnu-build-system)
@ -3057,7 +3057,7 @@ presentations, kiosk style applications and so on.")
(define-public clutter-gst
(package
(name "clutter-gst")
(version "3.0.22")
(version "3.0.24")
(source
(origin
(method url-fetch)
@ -3066,7 +3066,7 @@ presentations, kiosk style applications and so on.")
name "-" version ".tar.xz"))
(sha256
(base32
"1m6zwc7xr7lmbwiqav961g7jhc7gp5gb73dm6j93szpa6bxmgz7i"))))
"0v6cg0syh4vx7y7ni47jsvr2r57q0j3h1f1gjlp0ciscixywiwg9"))))
(build-system gnu-build-system)
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-mkenums
@ -3088,7 +3088,7 @@ GL based interactive canvas library.")
(define-public libchamplain
(package
(name "libchamplain")
(version "0.12.14")
(version "0.12.15")
(source (origin
(method url-fetch)
(uri (string-append
@ -3096,7 +3096,7 @@ GL based interactive canvas library.")
version ".tar.xz"))
(sha256
(base32
"13snnka1jqc5qrgij8bm22xy02pncf3dn5ij3jh4rrpzq7g1sqpi"))))
"0x5qa1aw1y59lzkmf4j4szspn49341a87vcja4ydgxny1chilwjl"))))
(build-system gnu-build-system)
(arguments '(#:configure-flags '("--enable-vala")))
(native-inputs
@ -3935,7 +3935,7 @@ wraps things up in a developer-friendly way.")
(define-public libgee
(package
(name "libgee")
(version "0.18.1")
(version "0.20.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -3943,7 +3943,7 @@ wraps things up in a developer-friendly way.")
name "-" version ".tar.xz"))
(sha256
(base32
"18ir5264bhdg76kcjn8i5bfs1vz89qqn2py20aavm2cwbaz6ns4r"))))
"1fy24dr8imrjlmsqj1syn0gi139gba6hwk3j5vd6sr3pxniqnc11"))))
(build-system gnu-build-system)
(arguments
`(#:phases
@ -4860,7 +4860,7 @@ providing graphical log-ins and managing local and remote displays.")
(define-public libgtop
(package
(name "libgtop")
(version "2.34.1")
(version "2.36.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -4868,7 +4868,7 @@ providing graphical log-ins and managing local and remote displays.")
name "-" version ".tar.xz"))
(sha256
(base32
"1qh9srg8pqmrsl12mwnclncs7agmjjvx3q6v5qwqvcb2cskpi6f8"))))
"0ax17c7nplghxgsf8zl92nmhkbnggj62wwzl7nq00aqb2m6f7gqk"))))
(build-system gnu-build-system)
(native-inputs
`(("gobject-introspection" ,gobject-introspection)
@ -5112,7 +5112,7 @@ as SASL, TLS and VeNCrypt. Additionally it supports encoding extensions.")
(define-public gnome-autoar
(package
(name "gnome-autoar")
(version "0.1.1")
(version "0.2.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -5120,7 +5120,7 @@ as SASL, TLS and VeNCrypt. Additionally it supports encoding extensions.")
name "-" version ".tar.xz"))
(sha256
(base32
"1jcs6jgysg9n3zi3d1l4iqddzmczfdcvz7vkxn607p32nl8bhp7n"))))
"0qnafiwgajsaryh669lfclb4f6z5n1r9r4zhig1ha0ykxq32rzp1"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("gnome-common" ,gnome-common)
@ -5141,7 +5141,7 @@ easy, safe, and automatic.")
(define-public tracker
(package
(name "tracker")
(version "1.10.3")
(version "1.12.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -5149,7 +5149,7 @@ easy, safe, and automatic.")
name "-" version ".tar.xz"))
(sha256
(base32
"03ch3ndmxghfr9wnw9hfmpkjfa7k5v5cwwf3y1ja6ihk3c5avgbb"))))
"0vsrzzkcfvmylhpk1ww6xdx8z9sgjs0gn74gz82qngjyq3c3s6c3"))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("gnome-common" ,gnome-common)
@ -5176,13 +5176,14 @@ easy, safe, and automatic.")
("exempi" ,exempi)
("libxml2" ,libxml2)
("upower" ,upower)
("libgee" ,libgee)
("libunistring" ,libunistring)
("giflib" ,giflib)
("json-glib" ,json-glib)
("openjpeg" ,openjpeg-1)
("libosinfo" ,libosinfo)
("libcue" ,libcue)
("libseccomp" ,libseccomp)
("libsoup" ,libsoup)
("libuuid" ,util-linux)))
(arguments `(#:tests? #f)) ; XXX FIXME enable tests (some fail)
(synopsis "Metadata database, indexer and search tool")
@ -5812,7 +5813,7 @@ GLib/GObject code.")
(define-public libgnomekbd
(package
(name "libgnomekbd")
(version "3.22.0")
(version "3.22.0.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
@ -5820,7 +5821,7 @@ GLib/GObject code.")
name "-" version ".tar.xz"))
(sha256
(base32
"1pvpbljvxc0riamraiflnm05dpb6i4vlmqqgdh74xggbpzd302rl"))))
"1plkkack6s8b21gcmmly0lapgcjz53dmw2vixnn4rw4jxjwbdzaf"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)

12
gnu/packages/logging.scm
View File

@ -55,17 +55,15 @@ staying as close to their API as is reasonable.")
(define-public glog
(package
(name "glog")
(version "0.3.4")
(version "0.3.5")
(home-page "https://github.com/google/glog")
(source (origin
(method git-fetch)
(uri (git-reference
(url home-page)
(commit (string-append "v" version))))
(method url-fetch)
(uri (string-append home-page "/archive/v" version ".tar.gz"))
(sha256
(base32
"0ym5g15m7c8kjfr2c3zq6bz08ghin2d1r1nb6v2vnkfh1vn945x1"))
(file-name (string-append name "-" version "-checkout"))
"1q6ihk2asbx95a56kmyqwysq1x3grrw9jwqllafaidf0l84f903m"))
(file-name (string-append name "-" version ".tar.gz"))
(patches (search-patches "glog-gcc-5-demangling.patch"))))
(build-system gnu-build-system)
(native-inputs

10
gnu/packages/music.scm
View File

@ -1883,18 +1883,19 @@ computer's keyboard.")
(define-public qtractor
(package
(name "qtractor")
(version "0.8.1")
(version "0.8.2")
(source (origin
(method url-fetch)
(uri (string-append "http://downloads.sourceforge.net/qtractor/"
"qtractor-" version ".tar.gz"))
(sha256
(base32
"1pvs9r5ykfaci900p0kz2xc5xsrswnwwbcl2chsvd98f1ns4vwds"))))
"0sp7r9n926ggdn285l4xzvw558jz1440n7kn2f1qs6w6h6l0f1q3"))))
(build-system gnu-build-system)
(arguments `(#:tests? #f)) ; no "check" target
(inputs
`(("qt" ,qt)
`(("qt" ,qtbase)
("qtx11extras" ,qtx11extras)
("alsa-lib" ,alsa-lib)
("jack" ,jack-1)
("libsndfile" ,libsndfile)
@ -1909,7 +1910,8 @@ computer's keyboard.")
("liblo" ,liblo)
("zlib" ,zlib)))
(native-inputs
`(("pkg-config" ,pkg-config)))
`(("pkg-config" ,pkg-config)
("qttools" ,qttools)))
(home-page "http://qtractor.org/")
(synopsis "Audio/MIDI multi-track sequencer")
(description

51
gnu/packages/patches/libtasn1-CVE-2017-6891.patch Normal file
View File

@ -0,0 +1,51 @@
Fix CVE-2017-6891:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891
Patch copied from upstream source repository:
https://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=5520704d075802df25ce4ffccc010ba1641bd484
From 5520704d075802df25ce4ffccc010ba1641bd484 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 18 May 2017 18:03:34 +0200
Subject: [PATCH] asn1_find_node: added safety check on asn1_find_node()
This prevents a stack overflow in asn1_find_node() which
is triggered by too long variable names in the definitions
files. That means that applications have to deliberately
pass a too long 'name' constant to asn1_write_value()
and friends. Reported by Jakub Jirasek.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
lib/parser_aux.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/parser_aux.c b/lib/parser_aux.c
index b4a7370..976ab38 100644
--- a/lib/parser_aux.c
+++ b/lib/parser_aux.c
@@ -120,6 +120,9 @@ asn1_find_node (asn1_node pointer, const char *name)
if (n_end)
{
nsize = n_end - n_start;
+ if (nsize >= sizeof(n))
+ return NULL;
+
memcpy (n, n_start, nsize);
n[nsize] = 0;
n_start = n_end;
@@ -158,6 +161,9 @@ asn1_find_node (asn1_node pointer, const char *name)
if (n_end)
{
nsize = n_end - n_start;
+ if (nsize >= sizeof(n))
+ return NULL;
+
memcpy (n, n_start, nsize);
n[nsize] = 0;
n_start = n_end;
--
2.13.0

20
gnu/packages/python.scm
View File

@ -39,6 +39,7 @@
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
;;; Copyright © 2017 Ben Sturmfels <ben@sturm.com.au>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -4767,17 +4768,17 @@ support for Python 3 and PyPy. It is based on cffi.")
(define-public python-cairocffi
(package
(name "python-cairocffi")
(version "0.6")
(version "0.8.0")
(source
(origin
(method url-fetch)
;; The archive on pypi is missing the 'utils' directory!
(uri (string-append "https://github.com/SimonSapin/cairocffi/archive/v"
(uri (string-append "https://github.com/Kozea/cairocffi/archive/v"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"03w5p62sp3nqiccx864sbq0jvh7946277jqx3rcc3dch5xwfvv51"))))
"1rk2dvy3fxrga6bvvxc2fi5lbaynm5h4a0w0aaxyn3bc77rszjg9"))))
(build-system python-build-system)
(outputs '("out" "doc"))
(inputs
@ -4811,7 +4812,7 @@ support for Python 3 and PyPy. It is based on cffi.")
(system* "python" "setup.py" "build_sphinx")
(copy-recursively "docs/_build/html" html)
#t))))))
(home-page "https://github.com/SimonSapin/cairocffi")
(home-page "https://github.com/Kozea/cairocffi")
(synopsis "Python bindings and object-oriented API for Cairo")
(description
"Cairocffi is a CFFI-based drop-in replacement for Pycairo, a set of
@ -7154,14 +7155,14 @@ designed to efficiently cope with extremely large amounts of data.")
(define-public python-pyasn1
(package
(name "python-pyasn1")
(version "0.1.9")
(version "0.2.3")
(source
(origin
(method url-fetch)
(uri (pypi-uri "pyasn1" version))
(sha256
(base32
"0zraxni14bqi20kr4bi6nwsh32aibz0fq0xaczfisw0zdpcsqg45"))))
"1b86yx23c1x74clai05a5ma8c8nfmhlx3j1mxq0ff657i2ylx33k"))))
(build-system python-build-system)
(home-page "http://pyasn1.sourceforge.net/")
(synopsis "ASN.1 types and codecs")
@ -7252,15 +7253,14 @@ versions of Python.")
(define-public python-idna
(package
(name "python-idna")
(version "2.0")
(version "2.5")
(source
(origin
(method url-fetch)
(uri (string-append "https://pypi.python.org/packages/source/i/"
"idna/idna-" version ".tar.gz"))
(uri (pypi-uri "idna" version))
(sha256
(base32
"0frxgmgi234lr9hylg62j69j4ik5zhg0wz05w5dhyacbjfnrl68n"))))
"1ara12a7k2zc69msa0arrvw00gn61a6i6by01xb3lkkc0h4cxd9w"))))
(build-system python-build-system)
(home-page "https://github.com/kjd/idna")
(synopsis "Internationalized domain names in applications")

4
gnu/packages/samba.scm
View File

@ -147,14 +147,14 @@ anywhere.")
(define-public samba
(package
(name "samba")
(version "4.5.8")
(version "4.6.4")
(source (origin
(method url-fetch)
(uri (string-append "https://download.samba.org/pub/samba/stable/"
"samba-" version ".tar.gz"))
(sha256
(base32
"1w41pxszv5z6gjclg6zymn47mk8n51lnpgcx1k2q18i3i1nnafzn"))))
"0qcsinhcq3frlqp7bfav5mdc9xn1h4xy4l6vfpf8cmcfs4lp7ija"))))
(build-system gnu-build-system)
(arguments
'(#:phases

51
gnu/packages/scanner.scm
View File

@ -2,6 +2,7 @@
;;; Copyright © 2014 John Darrington <jmd@gnu.org>
;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@ -31,15 +32,15 @@
(define-public sane-backends-minimal
(package
(name "sane-backends-minimal")
(version "1.0.25")
(version "1.0.27")
(source (origin
(method url-fetch)
(uri (string-append
"https://alioth.debian.org/frs/download.php/file/4146/"
"https://alioth.debian.org/frs/download.php/latestfile/176/"
"sane-backends-" version ".tar.gz"))
(sha256
(base32
"0b3fvhrxl4l82bf3v0j47ypjv6a0k5lqbgknrq1agpmjca6vmmx4"))
"1j9nbqspaj0rlgalafb5z6r606k0i22kz0rcpd744p176yzlfdr9"))
(modules '((guix build utils)))
(snippet
;; Generated HTML files and udev rules normally embed a
@ -53,32 +54,34 @@
(inputs
`(("libusb-compat" ,libusb-compat)))
(arguments
`(#:tests? #f
#:phases
`(#:phases
(modify-phases %standard-phases
(add-before 'configure 'disable-backends
(lambda _
(setenv "BACKENDS" " ")
#t))
(add-after
'install 'install-udev-rules
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(mkdir-p (string-append out "/lib/udev/rules.d"))
(copy-file "tools/udev/libsane.rules"
(string-append out
"/lib/udev/rules.d/"
"60-libsane.rules"))))))))
;; It would seem that tests are not maintained - fails with
;; the following:
;;
;; < This page was last updated on Wed Jul 31 07:52:48 2013
;; < by sane-desc 3.5 from sane-backends 1.0.24git
;; ---
;; > This page was last updated on Sun Oct 19 15:41:39 2014
;; > by sane-desc 3.5 from sane-backends 1.0.24
;; **** File generated for html-backends-split mode is different from reference
;; Makefile:501: recipe for target 'check.local' failed
;; Disable unmaintained tests that that fail with errors resembling:
;;
;; < # by sane-desc 3.5 from sane-backends 1.0.24git on Jul 31 2013
;; ---
;; > # by sane-desc 3.5 from sane-backends 1.0.27 on 1970-01-01#
;; FAIL: sane-desc -m usermap -s ./data
(add-before 'configure 'disable-failing-tests
(lambda _
(for-each
(lambda (pattern)
(substitute* "testsuite/tools/Makefile.in"
(((string-append " " pattern " ")) " ")))
(list "usermap" "db" "udev" "udev\\+acl" "udev\\+hwdb" "hwdb"))
#t))
(add-after 'install 'install-udev-rules
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(mkdir-p (string-append out "/lib/udev/rules.d"))
(copy-file "tools/udev/libsane.rules"
(string-append out
"/lib/udev/rules.d/"
"60-libsane.rules"))))))))
(home-page "http://www.sane-project.org")
(synopsis
"Raster image scanner library and drivers, without scanner support")

14
gnu/packages/tls.scm
View File

@ -52,6 +52,7 @@
(define-public libtasn1
(package
(name "libtasn1")
(replacement libtasn1/fixed)
(version "4.10")
(source
(origin
@ -72,17 +73,26 @@ networking, allowing for formal validation of data according to some
specifications.")
(license license:lgpl2.0+)))
(define libtasn1/fixed
(package
(inherit libtasn1)
(source
(origin
(inherit (package-source libtasn1))
(patches
(search-patches "libtasn1-CVE-2017-6891.patch"))))))
(define-public asn1c
(package
(name "asn1c")
(version "0.9.27")
(version "0.9.28")
(source (origin
(method url-fetch)
(uri (string-append "https://lionet.info/soft/asn1c-"
version ".tar.gz"))
(sha256
(base32
"17nvn2kzvlryasr9dzqg6gs27b9lvqpval0k31pb64bjqbhn8pq2"))))
"1fc64g45ykmv73kdndr4zdm4wxhimhrir4rxnygxvwkych5l81w0"))))
(build-system gnu-build-system)
(native-inputs
`(("perl" ,perl)))

8
gnu/packages/xdisorg.scm
View File

@ -441,7 +441,7 @@ of the screen selected by mouse.")
(define-public slop
(package
(name "slop")
(version "5.3.37")
(version "5.3.38")
(source (origin
(method url-fetch)
(uri (string-append
@ -450,7 +450,7 @@ of the screen selected by mouse.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1p2ih123zkj8rxz8acsxpaim1kq57f4rbq7zqsibafn5rkw5c5is"))))
"1gvsxzl4y4l7d5gvx24i0yxk3jxc1gnb48bjwvqmrh34gx974wn7"))))
(build-system cmake-build-system)
(arguments
'(#:tests? #f)) ; no "check" target
@ -472,7 +472,7 @@ selection's dimensions to stdout.")
(define-public maim
(package
(name "maim")
(version "4.4.62")
(version "5.4.62")
(source (origin
(method url-fetch)
(uri (string-append
@ -481,7 +481,7 @@ selection's dimensions to stdout.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"08lnbsl9ialqik1ris6piz1g0fgq4r3767ycr4nziphw3kz89vr1"))))
"084czvwcicl8apjlv729inxx8rpycra76ignfjmcbaq0hhn6ip6w"))))
(build-system cmake-build-system)
(arguments
'(#:tests? #f)) ; no "check" target

12
guix/scripts/publish.scm
View File

@ -425,11 +425,13 @@ requested using POOL."
;; return 404.
(eventually pool
(single-baker item
;; (format #t "baking ~s~%" item)
(bake-narinfo+nar cache item
#:ttl ttl
#:compression compression
#:nar-path nar-path))
;; Check whether CACHED has been produced in the meantime.
(unless (file-exists? cached)
;; (format #t "baking ~s~%" item)
(bake-narinfo+nar cache item
#:ttl ttl
#:compression compression
#:nar-path nar-path)))
(when ttl
(single-baker 'cache-cleanup