Merge branch 'core-updates'

This commit is contained in:
Mark H Weaver 2016-08-04 08:17:05 -04:00
commit 536fc5f8cd
No known key found for this signature in database
GPG Key ID: 7CEF29847562C516
101 changed files with 1563 additions and 2820 deletions

View File

@ -102,6 +102,7 @@ MODULES = \
guix/build/rpath.scm \
guix/build/cvs.scm \
guix/build/svn.scm \
guix/build/syscalls.scm \
guix/build/gremlin.scm \
guix/build/emacs-utils.scm \
guix/build/graft.scm \
@ -158,13 +159,6 @@ MODULES += \
endif
if BUILD_SYSCALLS_MODULE
MODULES += \
guix/build/syscalls.scm
endif
if BUILD_DAEMON_OFFLOAD
MODULES += \
@ -385,13 +379,6 @@ EXTRA_DIST += \
endif !BUILD_DAEMON_OFFLOAD
if !BUILD_SYSCALLS_MODULE
EXTRA_DIST += \
guix/build/syscalls.scm
endif !BUILD_SYSCALLS_MODULE
CLEANFILES = \
$(GOBJECTS) \
@ -402,11 +389,13 @@ CLEANFILES = \
# there that are newer than the local .scm files (for instance because the
# user ran 'make install' recently). When that happens, we end up loading
# those previously-installed .go files, which may be stale, thereby breaking
# the whole thing.
# the whole thing. Likewise, set 'XDG_CACHE_HOME' to avoid loading possibly
# stale files from ~/.cache/guile/ccache.
%.go: make-go ; @:
make-go: $(MODULES) guix/config.scm guix/tests.scm
$(AM_V_at)echo "Compiling Scheme modules..." ; \
unset GUILE_LOAD_COMPILED_PATH ; \
XDG_CACHE_HOME=/nowhere \
host=$(host) srcdir="$(top_srcdir)" \
$(top_builddir)/pre-inst-env \
$(GUILE) -L "$(top_builddir)" -L "$(top_srcdir)" \

86
NEWS
View File

@ -14,8 +14,94 @@ Please send Guix bug reports to bug-guix@gnu.org.
** Package management
*** Substitute display adjusts to client locale and terminal width
*** New --free-space option for guix gc
*** guix gc shows the amount of disk space freed
*** Source code downloads fall back to content-addressed mirrors
*** guix graph can now be passed a store file name
*** Building the profile is faster, noticeably so on slow file systems
*** Profiles now include XDG desktop and MIME databases
*** guix size can be passed more than one package
*** --check and --rounds save the differing build output upon failure
*** New Emacs interface for package locations: M-x guix-locations
See “Package Source Locations” in the manual.
*** Emacs modes show the full profile name in buffer names
*** Emacs “Package Info” buffer now have a “Build Log” button
*** guix environment sets $GUIX_ENVIRONMENT to the environments profile
*** New --ttl option for guix publish
*** New --compression option for guix publish
*** guix publish serves source files over content-address “/file” URLs
*** New hackage updater for guix refresh
*** guix lint -c cve uses a faster caching method
*** guix lint -c cve now reports up to 3-year-old vulnerabilities
*** guix lint -c source,home-page reports suspiciously small HTTP replies
*** guix lint -c inputs-should-be-native makes more suggestions
** Distribution
*** New services
urandom-seed-service, dicod-service, gc-root-service-type, mcron-service,
rngd-service, dropbear-service, pam-limits-service (See “Services” in the
manual for details.)
*** mapped-device can refer to partitions using a LUKS UUID
*** New raid-device-type, for RAID devices using mdadm
*** console-keymap-service can be given several file names
*** Java package names are now prefixed with “java-”
*** New modular Qt packages, to replace the monolithic qt package
*** The gnupg 2.0/2.1 packages provide the gpg command instead of gpg2
*** More packages are bit-reproducible: vlc, libxslt, nasm
*** XXX new packages
*** XXX package updates
** Programming interfaces
*** New with-imported-modules form provided by (guix gexp)
It supersedes the #:modules parameter of gexp->derivation, compute-file,
gexp->script, program-file, etc, as well as the imported-modules fields
of <origin> and <shepherd-service>. See “G-Expressions” in the manual.
*** New (gnu tests) and (gnu build marionette) modules for system tests
See <http://savannah.gnu.org/forum/forum.php?forum_id=8605> for background.
*** New (guix zlib) module
*** New (guix hg-download) module, for Mercurial checkouts
*** (guix download) supports HTTP basic authentication
*** (guix svn-download) supports authentication
*** The source of packages can be a local-file or any lowerable object
*** Part of (guix utils) moved to the new (guix combinators)
*** GNU updater honors the ftp-server and ftp-directory package properties
*** CVE linter honors the cpe-name and cpe-version package properties
*** add-to-store and local-file have a new #:select? parameter
** Noteworthy bug fixes
*** Perl no longer references GCC (<http://bugs.gnu.org/23077>)
*** Grafting now fails upon I/O errors (<http://bugs.gnu.org/23581>)
*** GuixSD random source is now properly seeded (<http://bugs.gnu.org/23605>)
*** call-with-container gracefully reports mount errors
(<http://bugs.gnu.org/23306>)
*** herd start cow-store now bind-mounts the target /tmp
*** guix environment now honors --system (<http://bugs.gnu.org/23682>)
*** guix publish properly encodes archive URIs (<http://bugs.gnu.org/21888>)
*** NIX_CONF_DIR is now ignored (<http://bugs.gnu.org/22459>)
*** The shell of user nobody is nologin (<http://bugs.gnu.org/23971>)
*** Source code location is more precise in error messages involving records
(<http://bugs.gnu.org/23969>)
*** guix --version is correct in the presence of guix pull
(<http://bugs.gnu.org/19278>)
*** Git commits are now signed, for eventual authentication by guix pull
(in preparation of a fix for <http://bugs.gnu.org/22883>)
** Native language support
*** New translation: zh_CN (Simplified Chinese)
*** Updated translations: fr
* Changes in 0.10.0 (since 0.9.0)
** Community

View File

@ -86,11 +86,6 @@ dnl Check whether (srfi srfi-37) works, and provide our own if it doesn't.
GUIX_CHECK_SRFI_37
AM_CONDITIONAL([INSTALL_SRFI_37], [test "x$ac_cv_guix_srfi_37_broken" = xyes])
dnl Check whether (guix build syscalls) can be built.
GUIX_CHECK_LIBC_MOUNT
AM_CONDITIONAL([BUILD_SYSCALLS_MODULE],
[test "x$guix_cv_libc_has_mount" = "xyes"])
dnl Decompressors, for use by the substituter and other modules.
AC_PATH_PROG([GZIP], [gzip])
AC_PATH_PROG([BZIP2], [bzip2])

View File

@ -6401,8 +6401,9 @@ builds to @file{/gnu/store} which, initially, is an in-memory file system.
Next, you have to edit a file and
provide the declaration of the operating system to be installed. To
that end, the installation system comes with two text editors: GNU nano
(@pxref{Top,,, nano, GNU nano Manual}), and GNU Zile, an Emacs clone.
that end, the installation system comes with three text editors: GNU nano
(@pxref{Top,,, nano, GNU nano Manual}), GNU Zile (an Emacs clone), and
nvi (a clone of the original BSD @command{vi} editor).
We strongly recommend storing that file on the target root file system, say,
as @file{/mnt/etc/config.scm}. Failing to do that, you will have lost your
configuration file once you have rebooted into the newly-installed system.
@ -7796,7 +7797,6 @@ maximum address space that can be locked in memory. These settings are
commonly used for real-time audio systems.
@end deffn
@node Scheduled Job Execution
@subsubsection Scheduled Job Execution

View File

@ -440,6 +440,7 @@ dist_patch_DATA = \
%D%/packages/patches/audacity-fix-ffmpeg-binding.patch \
%D%/packages/patches/automake-skip-amhello-tests.patch \
%D%/packages/patches/automake-regexp-syntax.patch \
%D%/packages/patches/automake-test-gzip-warning.patch \
%D%/packages/patches/avahi-localstatedir.patch \
%D%/packages/patches/avidemux-install-to-lib.patch \
%D%/packages/patches/awesome-reproducible-png.patch \
@ -467,9 +468,9 @@ dist_patch_DATA = \
%D%/packages/patches/clucene-contribs-lib.patch \
%D%/packages/patches/cursynth-wave-rand.patch \
%D%/packages/patches/dbus-helper-search-path.patch \
%D%/packages/patches/dealii-p4est-interface.patch \
%D%/packages/patches/devil-CVE-2009-3994.patch \
%D%/packages/patches/devil-fix-libpng.patch \
%D%/packages/patches/dico-idxgcide-bug.patch \
%D%/packages/patches/dico-libtool-deterministic.patch \
%D%/packages/patches/diffutils-gets-undeclared.patch \
%D%/packages/patches/dfu-programmer-fix-libusb.patch \
@ -488,7 +489,6 @@ dist_patch_DATA = \
%D%/packages/patches/eudev-rules-directory.patch \
%D%/packages/patches/evilwm-lost-focus-bug.patch \
%D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \
%D%/packages/patches/expat-CVE-2015-1283.patch \
%D%/packages/patches/expat-CVE-2015-1283-refix.patch \
%D%/packages/patches/expat-CVE-2016-0718.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \
@ -522,12 +522,9 @@ dist_patch_DATA = \
%D%/packages/patches/gimp-CVE-2016-4994.patch \
%D%/packages/patches/glib-networking-ssl-cert-file.patch \
%D%/packages/patches/glib-tests-timer.patch \
%D%/packages/patches/glibc-CVE-2015-7547.patch \
%D%/packages/patches/glibc-bootstrap-system.patch \
%D%/packages/patches/glibc-hurd-extern-inline.patch \
%D%/packages/patches/glibc-ldd-x86_64.patch \
%D%/packages/patches/glibc-locales.patch \
%D%/packages/patches/glibc-locale-incompatibility.patch \
%D%/packages/patches/glibc-o-largefile.patch \
%D%/packages/patches/glibc-versioned-locpath.patch \
%D%/packages/patches/gmp-arm-asm-nothumb.patch \
@ -606,11 +603,6 @@ dist_patch_DATA = \
%D%/packages/patches/liba52-link-with-libm.patch \
%D%/packages/patches/liba52-set-soname.patch \
%D%/packages/patches/liba52-use-mtune-not-mcpu.patch \
%D%/packages/patches/libarchive-bsdtar-test.patch \
%D%/packages/patches/libarchive-CVE-2013-0211.patch \
%D%/packages/patches/libarchive-CVE-2016-1541.patch \
%D%/packages/patches/libarchive-fix-lzo-test-case.patch \
%D%/packages/patches/libarchive-mtree-filename-length-fix.patch \
%D%/packages/patches/libbonobo-activation-test-race.patch \
%D%/packages/patches/libcanberra-sound-theme-freedesktop.patch \
%D%/packages/patches/libcmis-fix-test-onedrive.patch \
@ -645,9 +637,8 @@ dist_patch_DATA = \
%D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \
%D%/packages/patches/libwmf-CVE-2015-4695.patch \
%D%/packages/patches/libwmf-CVE-2015-4696.patch \
%D%/packages/patches/libxslt-CVE-2015-7995.patch \
%D%/packages/patches/libxslt-generated-ids.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/libpthread-glibc-preparation.patch \
%D%/packages/patches/lm-sensors-hwmon-attrs.patch \
%D%/packages/patches/lua-CVE-2014-5461.patch \
%D%/packages/patches/lua-pkgconfig.patch \
@ -667,10 +658,6 @@ dist_patch_DATA = \
%D%/packages/patches/mcrypt-CVE-2012-4426.patch \
%D%/packages/patches/mcrypt-CVE-2012-4527.patch \
%D%/packages/patches/mhash-keygen-test-segfault.patch \
%D%/packages/patches/mit-krb5-CVE-2015-8629.patch \
%D%/packages/patches/mit-krb5-CVE-2015-8630.patch \
%D%/packages/patches/mit-krb5-CVE-2015-8631.patch \
%D%/packages/patches/mit-krb5-init-context-null-spnego.patch \
%D%/packages/patches/mpc123-initialize-ao.patch \
%D%/packages/patches/mplayer2-theora-fix.patch \
%D%/packages/patches/module-init-tools-moduledir.patch \
@ -759,6 +746,7 @@ dist_patch_DATA = \
%D%/packages/patches/python-paste-remove-timing-test.patch \
%D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
%D%/packages/patches/qt4-ldflags.patch \
%D%/packages/patches/rapicorn-isnan.patch \
%D%/packages/patches/ratpoison-shell.patch \
%D%/packages/patches/readline-link-ncurses.patch \
%D%/packages/patches/ripperx-missing-file.patch \
@ -785,7 +773,6 @@ dist_patch_DATA = \
%D%/packages/patches/t1lib-CVE-2010-2642.patch \
%D%/packages/patches/t1lib-CVE-2011-0764.patch \
%D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \
%D%/packages/patches/tar-d_ino_in_dirent-fix.patch \
%D%/packages/patches/tar-skip-unreliable-tests.patch \
%D%/packages/patches/tcl-mkindex-deterministic.patch \
%D%/packages/patches/tclxml-3.2-install.patch \

View File

@ -218,7 +218,8 @@ output is indexed in many ways to simplify browsing.")
"0dl6vfi2lzz8alnklwxzfz624b95hb1ipjvd3mk177flmddcf24r"))
(patches
(search-patches "automake-regexp-syntax.patch"
"automake-skip-amhello-tests.patch"))))
"automake-skip-amhello-tests.patch"
"automake-test-gzip-warning.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,(autoconf-wrapper))

View File

@ -135,8 +135,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
(replacement libarchive/fixed)
(version "3.1.2")
(version "3.2.1")
(source
(origin
(method url-fetch)
@ -144,12 +143,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
version ".tar.gz"))
(sha256
(base32
"0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"))
(patches
(search-patches "libarchive-mtree-filename-length-fix.patch"
"libarchive-fix-lzo-test-case.patch"
"libarchive-CVE-2013-0211.patch"
"libarchive-bsdtar-test.patch"))))
"1lngng84k1kkljl74q0cdqc3s82vn2kimfm02dgm4d6m7x71mvkj"))))
(build-system gnu-build-system)
;; TODO: Add -L/path/to/nettle in libarchive.pc.
(inputs
@ -180,7 +174,10 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(zero? (system* "./libarchive_test" "^test_*_disk*"))
(zero? (system* "./bsdcpio_test" "^test_owner_parse"))
(zero? (system* "./bsdtar_test"))))
%standard-phases))))
%standard-phases))
;; libarchive/test/test_write_format_gnutar_filenames.c needs to be
;; compiled with C99 or C11 or a gnu variant.
#:configure-flags '("CFLAGS=-O2 -g -std=c99")))
(home-page "http://libarchive.org/")
(synopsis "Multi-format archive and compression library")
(description
@ -193,14 +190,6 @@ archive. In particular, note that there is currently no built-in support for
random access nor for in-place modification.")
(license license:bsd-2)))
(define libarchive/fixed
(package
(inherit libarchive)
(source (origin
(inherit (package-source libarchive))
(patches (cons (search-patch "libarchive-CVE-2016-1541.patch")
(origin-patches (package-source libarchive))))))))
(define-public rdup
(package
(name "rdup")

View File

@ -44,7 +44,9 @@
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial))
#:use-module (guix build-system trivial)
#:use-module (ice-9 match)
#:export (glibc))
;;; Commentary:
;;;
@ -75,14 +77,14 @@ command-line arguments, multiple languages, and so on.")
(define-public grep
(package
(name "grep")
(version "2.22")
(version "2.25")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/grep/grep-"
version ".tar.xz"))
(sha256
(base32
"1srn321x7whlhs5ks36zlcrrmj4iahll8fxwsh1vbz3v04px54fa"))
"0c38b67cnwchwzv4wq2gpz6smkhdxrac2hhssv8f0l04qnx867p2"))
(patches (search-patches "grep-timing-sensitive-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl))) ;some of the tests require it
@ -137,17 +139,34 @@ implementation offers several extensions over the standard utility.")
(define-public tar
(package
(name "tar")
(version "1.28")
(version "1.29")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/tar/tar-"
version ".tar.xz"))
(sha256
(base32
"1wi2zwm4c9r3h3b8y4w0nm0qq897kn8kyj9k22ba0iqvxj48vvk4"))
(patches (search-patches "tar-d_ino_in_dirent-fix.patch"
"tar-skip-unreliable-tests.patch"))))
"097hx7sbzp8qirl4m930lw84kn0wmxhmq7v1qpra3mrg0b8cyba0"))
(patches (search-patches "tar-skip-unreliable-tests.patch"))))
(build-system gnu-build-system)
;; Note: test suite requires ~1GiB of disk space.
(arguments
'(#:phases (modify-phases %standard-phases
(add-before 'build 'set-shell-file-name
(lambda* (#:key inputs #:allow-other-keys)
;; Do not use "/bin/sh" to run programs.
(let ((bash (assoc-ref inputs "bash")))
(substitute* "src/system.c"
(("/bin/sh")
(string-append bash "/bin/sh")))
#t))))))
;; When cross-compiling, the 'set-shell-file-name' phase needs to be able
;; to refer to the target Bash.
(inputs (if (%current-target-system)
`(("bash" ,bash))
'()))
(synopsis "Managing tar archives")
(description
"Tar provides the ability to create tar archives, as well as the
@ -243,23 +262,14 @@ used to apply commands with arbitrarily long arguments.")
(define-public coreutils
(package
(name "coreutils")
(version "8.24")
(version "8.25")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/coreutils/coreutils-"
version ".tar.xz"))
(sha256
(base32
"0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2"))
(patches
(list (origin
(method url-fetch)
(uri "http://git.savannah.gnu.org/cgit/coreutils.git/\
patch/?id=3ba68f9e64fa2eb8af22d510437a0c6441feb5e0")
(sha256
(base32
"1dnlszhc8lihhg801i9sz896mlrgfsjfcz62636prb27k5hmixqz"))
(file-name "coreutils-tail-inotify-race.patch"))))))
"11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii"))))
(build-system gnu-build-system)
(inputs `(("acl" ,acl) ; TODO: add SELinux
("gmp" ,gmp) ;bignums in 'expr', yay!
@ -315,14 +325,14 @@ functionality beyond that which is outlined in the POSIX standard.")
(define-public gnu-make
(package
(name "make")
(version "4.1")
(version "4.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/make/make-" version
".tar.bz2"))
(sha256
(base32
"19gwwhik3wdwn0r42b7xcihkbxvjl9r2bdal8nifc3k5i4rn3iqb"))
"0pv5rvz5pp4njxiz3syf786d2xp4j7gzddwjvgw5zmz55yvf6p2f"))
(patches (search-patches "make-impure-dirs.patch"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config))) ; to detect Guile
@ -463,17 +473,17 @@ store.")
(export make-ld-wrapper)
(define-public glibc
(define-public glibc/linux
(package
(name "glibc")
(version "2.22")
(version "2.23")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-"
version ".tar.xz"))
(sha256
(base32
"0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb"))
"1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))
(snippet
;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is
;; required on LFS distros to avoid loading the distro's libc.so
@ -482,17 +492,14 @@ store.")
(("use_ldconfig=yes")
"use_ldconfig=no")))
(modules '((guix build utils)))
(patches
(search-patches "glibc-ldd-x86_64.patch"
"glibc-locale-incompatibility.patch"
(patches (search-patches "glibc-ldd-x86_64.patch"
"glibc-versioned-locpath.patch"
"glibc-o-largefile.patch"
"glibc-CVE-2015-7547.patch"))))
"glibc-o-largefile.patch"))))
(build-system gnu-build-system)
;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
;; users should automatically pull Linux headers as well.
(propagated-inputs `(("linux-headers" ,linux-libre-headers)))
(propagated-inputs `(("kernel-headers" ,linux-libre-headers)))
(outputs '("out" "debug"))
@ -504,7 +511,7 @@ store.")
#:parallel-build? #f
;; The libraries have an empty RUNPATH, but some, such as the versioned
;; libraries (libdl-2.22.so, etc.) have ld.so marked as NEEDED. Since
;; libraries (libdl-2.23.so, etc.) have ld.so marked as NEEDED. Since
;; these libraries are always going to be found anyway, just skip
;; RUNPATH checks.
#:validate-runpath? #f
@ -536,7 +543,7 @@ store.")
(assoc-ref ,(if (%current-target-system)
'%build-target-inputs
'%build-inputs)
"linux-headers")
"kernel-headers")
"/include")
;; This is the default for most architectures as of GNU libc 2.21,
@ -550,7 +557,7 @@ store.")
"/bin/bash")
;; XXX: Work around "undefined reference to `__stack_chk_guard'".
"libc_cv_ssp=no")
"libc_cv_ssp=no" "libc_cv_ssp_strong=no")
#:tests? #f ; XXX
#:phases (modify-phases %standard-phases
@ -564,10 +571,6 @@ store.")
;; but cross-base uses it as a native input.
(bash (or (assoc-ref inputs "static-bash")
(assoc-ref native-inputs "static-bash"))))
;; Use `pwd', not `/bin/pwd'.
(substitute* "configure"
(("/bin/pwd") "pwd"))
;; Install the rpc data base file under `$out/etc/rpc'.
;; FIXME: Use installFlags = [ "sysconfdir=$(out)/etc" ];
(substitute* "sunrpc/Makefile"
@ -648,11 +651,104 @@ with the Linux kernel.")
(license lgpl2.0+)
(home-page "http://www.gnu.org/software/libc/")))
(define-public glibc-2.21
(define-public glibc/hurd
;; The Hurd's libc variant.
(package (inherit glibc/linux)
(name "glibc-hurd")
(version "2.19")
(source (origin
(method url-fetch)
(uri (string-append "http://alpha.gnu.org/gnu/hurd/glibc-"
version "-hurd+libpthread-20160518" ".tar.gz"))
(sha256
(base32
"12zmdjviybpsdb2kq4cg98rds7909f0cc96fzdahdfrzlxx1q0px"))))
;; Libc provides <hurd.h>, which includes a bunch of Hurd and Mach headers,
;; so both should be propagated.
(propagated-inputs `(("hurd-core-headers" ,hurd-core-headers)))
(native-inputs
`(,@(package-native-inputs glibc/linux)
("mig" ,mig)
("perl" ,perl)))
(arguments
(substitute-keyword-arguments (package-arguments glibc/linux)
((#:phases original-phases)
;; Add libmachuser.so and libhurduser.so to libc.so's search path.
;; See <http://lists.gnu.org/archive/html/bug-hurd/2015-07/msg00051.html>.
`(alist-cons-after
'install 'augment-libc.so
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out")))
(substitute* (string-append out "/lib/libc.so")
(("/[^ ]+/lib/libc.so.0.3")
(string-append out "/lib/libc.so.0.3" " libmachuser.so" " libhurduser.so"))))
#t)
(alist-cons-after
'pre-configure 'pre-configure-set-pwd
(lambda _
;; Use the right 'pwd'.
(substitute* "configure"
(("/bin/pwd") "pwd")))
,original-phases)))
((#:configure-flags original-configure-flags)
`(append (list "--host=i586-pc-gnu"
;; We need this to get a working openpty() function.
"--enable-pt_chown"
;; nscd fails to build for GNU/Hurd:
;; <https://lists.gnu.org/archive/html/bug-hurd/2014-07/msg00006.html>.
;; Disable it.
"--disable-nscd")
(filter (lambda (flag)
(not (string-prefix? "--enable-kernel=" flag)))
,original-configure-flags)))))
(synopsis "The GNU C Library (GNU Hurd variant)")
(supported-systems %hurd-systems)))
(define* (glibc-for-target #:optional
(target (or (%current-target-system)
(%current-system))))
"Return the glibc for TARGET, GLIBC/LINUX for a Linux host or
GLIBC/HURD for a Hurd host"
(match target
((or "i586-pc-gnu" "i586-gnu") glibc/hurd)
(_ glibc/linux)))
(define-syntax glibc
(identifier-syntax (glibc-for-target)))
(define-public glibc-2.22
;; The old libc, which we use mostly to build locale data in the old format
;; (which the new libc can cope with.)
(package
(inherit glibc)
(version "2.22")
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-"
version ".tar.xz"))
(sha256
(base32
"0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb"))
(patches (search-patches "glibc-ldd-x86_64.patch"))))
(arguments
(substitute-keyword-arguments (package-arguments glibc)
((#:phases phases)
`(modify-phases ,phases
(add-before 'configure 'fix-pwd
(lambda _
;; Use `pwd' instead of `/bin/pwd' for glibc-2.21
(substitute* "configure"
(("/bin/pwd") "pwd"))))))))))
(define-public glibc-2.21
;; The old libc, which we use mostly to build locale data in the old format
;; (which the new libc can cope with.)
(package
(inherit glibc-2.22)
(version "2.21")
(source (origin
(inherit (package-source glibc))
@ -691,7 +787,7 @@ the 'share/locale' sub-directory of this package.")
((#:configure-flags flags)
`(append ,flags
;; Use $(libdir)/locale/X.Y as is the case by default.
(list (string-append "libc_cv_localedir="
(list (string-append "libc_cv_complocaledir="
(assoc-ref %outputs "out")
"/lib/locale/"
,(package-version glibc))))))))))
@ -767,73 +863,6 @@ variety of options. It is an alternative to the shell \"type\" built-in
command.")
(license gpl3+))) ; some files are under GPLv2+
(define-public glibc/hurd
;; The Hurd's libc variant.
(package (inherit glibc)
(name "glibc-hurd")
(version "2.18")
(source (origin
(method git-fetch)
(uri (git-reference
(url "git://git.sv.gnu.org/hurd/glibc")
(commit "cc94b3cfe65523f980359e5f0e93a26196bda1d3")))
(sha256
(base32
"17gsh0kaz0zyvghjmx861mi2p65m9901lngi179x61zm6v2v3xc4"))
(file-name (string-append name "-" version))
(patches (search-patches "glibc-hurd-extern-inline.patch"))))
;; Libc provides <hurd.h>, which includes a bunch of Hurd and Mach headers,
;; so both should be propagated.
(propagated-inputs `(("gnumach-headers" ,gnumach-headers)
("hurd-headers" ,hurd-headers)
("hurd-minimal" ,hurd-minimal)))
(native-inputs
`(,@(package-native-inputs glibc)
("patch/libpthread-patch" ,(search-patch "libpthread-glibc-preparation.patch"))
("mig" ,mig)
("perl" ,perl)
("libpthread" ,(origin
(method git-fetch)
(uri (git-reference
(url "git://git.sv.gnu.org/hurd/libpthread")
(commit "0ef7b75c4ba91b6660f0d3d8b51d14d25e3d5bfb")))
(sha256
(base32
"031py18fls15z0wprni33mf762kg6fx8xqijppimhp83yp6ky3l3"))
(file-name "libpthread")))))
(arguments
(substitute-keyword-arguments (package-arguments glibc)
((#:configure-flags original-configure-flags)
`(append (list "--host=i686-pc-gnu"
;; nscd fails to build for GNU/Hurd:
;; <https://lists.gnu.org/archive/html/bug-hurd/2014-07/msg00006.html>.
;; Disable it.
"--disable-nscd")
(filter (lambda (flag)
(not (or (string-prefix? "--with-headers=" flag)
(string-prefix? "--enable-kernel=" flag))))
;; Evaluate 'original-configure-flags' in a
;; lexical environment that has a dummy
;; "linux-headers" input, to prevent errors.
(let ((%build-inputs `(("linux-headers" . "@DUMMY@")
,@%build-inputs)))
,original-configure-flags))))
((#:phases phases)
`(alist-cons-after
'unpack 'prepare-libpthread
(lambda* (#:key inputs #:allow-other-keys)
(copy-recursively (assoc-ref inputs "libpthread") "libpthread")
(system* "patch" "--force" "-p1" "-i"
(assoc-ref inputs "patch/libpthread-patch"))
#t)
,phases))))
(synopsis "The GNU C Library (GNU Hurd variant)")
(supported-systems %hurd-systems)))
(define-public glibc/hurd-headers
(package (inherit glibc/hurd)
(name "glibc-hurd-headers")
@ -845,7 +874,7 @@ command.")
;; We just pass the flags really needed to build the headers.
((#:configure-flags _)
`(list "--enable-add-ons"
"--host=i686-pc-gnu"
"--host=i586-pc-gnu"
"--enable-obsolete-rpc"))
((#:phases _)
'(alist-replace

View File

@ -51,12 +51,13 @@
("python" ,python-2)
("tcsh" ,tcsh)))
(arguments
(let ((build-flags
`("threading=multi" "link=shared"
`(#:tests? #f
#:make-flags
(list "threading=multi" "link=shared"
;; Set the RUNPATH to $libdir so that the libs find each other.
(string-append "linkflags=-Wl,-rpath="
(assoc-ref outputs "out") "/lib")
(assoc-ref %outputs "out") "/lib")
;; Boost's 'context' library is not yet supported on mips64, so
;; we disable it. The 'coroutine' library depends on 'context',
@ -65,8 +66,7 @@
(%current-system)))
'("--without-context"
"--without-coroutine" "--without-coroutine2")
'()))))
`(#:tests? #f
'()))
#:phases
(modify-phases %standard-phases
(replace
@ -89,12 +89,12 @@
"--with-toolset=gcc")))))
(replace
'build
(lambda* (#:key outputs #:allow-other-keys)
(zero? (system* "./b2" ,@build-flags))))
(lambda* (#:key outputs make-flags #:allow-other-keys)
(zero? (apply system* "./b2" make-flags))))
(replace
'install
(lambda* (#:key outputs #:allow-other-keys)
(zero? (system* "./b2" "install" ,@build-flags))))))))
(lambda* (#:key outputs make-flags #:allow-other-keys)
(zero? (apply system* "./b2" "install" make-flags)))))))
(home-page "http://boost.org")
(synopsis "Peer-reviewed portable C++ source libraries")

View File

@ -62,7 +62,7 @@
(define (boot fetch)
(lambda* (url hash-algo hash
#:optional name #:key system)
(fetch url hash-algo hash
(fetch url hash-algo hash name
#:guile %bootstrap-guile
#:system system)))

View File

@ -52,7 +52,7 @@
(assoc-ref %build-inputs "libc")
"/include:"
(assoc-ref %build-inputs
"linux-headers")
"kernel-headers")
"/include:{B}/include")
(string-append "--libpaths="
(assoc-ref %build-inputs "libc")

View File

@ -37,15 +37,15 @@
(define-public check
(package
(name "check")
(version "0.9.14")
(version "0.10.0")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/check/check/"
version "/check-" version ".tar.gz"))
(uri (string-append "https://github.com/libcheck/check/files/71408/"
"/check-" version ".tar.gz"))
(sha256
(base32
"02l4g79d81s07hzywcv1knwj5dyrwjiq2pgxaz7kidxi8m364wn2"))))
"0lhhywf5nxl3dd0hdakra3aasl590756c9kmvyifb3vgm9k0gxgm"))))
(build-system gnu-build-system)
(home-page "https://libcheck.github.io/check/")
(synopsis "Unit test framework for C")

View File

@ -4,6 +4,7 @@
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -36,7 +37,7 @@
(define-public cmake
(package
(name "cmake")
(version "3.3.2")
(version "3.5.2")
(source (origin
(method url-fetch)
(uri (string-append "https://www.cmake.org/files/v"
@ -44,13 +45,14 @@
"/cmake-" version ".tar.gz"))
(sha256
(base32
"08pwy9ip9cgwgynhn5vrjw8drw29gijy1rmziq22n65zds6ifnp7"))
"0ap6nlmv6nda942db43k9k9mhnm5dm3fsapzvy0vh6wq7l6l3n4j"))
(patches (search-patches "cmake-fix-tests.patch"))))
(build-system gnu-build-system)
(arguments
`(#:test-target "test"
#:phases (alist-cons-before
'configure 'patch-bin-sh
#:phases
(modify-phases %standard-phases
(add-before 'configure 'patch-bin-sh
(lambda _
;; Replace "/bin/sh" by the right path in... a lot of
;; files.
@ -66,22 +68,19 @@
"Source/cmExecProgramCommand.cxx"
"Utilities/cmbzip2/Makefile-libbz2_so"
"Utilities/Release/release_cmake.cmake"
"Utilities/cmlibarchive/libarchive/\
archive_write_set_format_shar.c"
"Utilities/cmlibarchive/libarchive/archive_write_set_format_shar.c"
"Tests/CMakeLists.txt"
"Tests/RunCMake/File_Generate/RunCMakeTest.cmake")
(("/bin/sh") (which "sh"))))
(alist-cons-before
'configure 'set-paths
(("/bin/sh") (which "sh")))))
(add-before 'configure 'set-paths
(lambda _
;; Help cmake's bootstrap process to find system libraries
(begin
(setenv "CMAKE_LIBRARY_PATH" (getenv "LIBRARY_PATH"))
(setenv "CMAKE_INCLUDE_PATH" (getenv "C_INCLUDE_PATH"))
;; Get verbose output from failed tests
(setenv "CTEST_OUTPUT_ON_FAILURE" "TRUE")))
(alist-replace
'configure
(setenv "CTEST_OUTPUT_ON_FAILURE" "TRUE"))))
(replace 'configure
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(zero? (system*
@ -98,8 +97,15 @@ archive_write_set_format_shar.c"
"--mandir=share/man"
,(string-append
"--docdir=share/doc/cmake-"
(version-major+minor version))))))
%standard-phases)))))
(version-major+minor version)))))))
(add-after 'unpack 'remove-libarchive-version-test
; This test check has been failing consistantly over libarchive 3.2.x
; and cmake 3.4.x and 3.5.x so we disable it for now
(lambda _
(substitute*
"Tests/CMakeOnly/AllFindModules/CMakeLists.txt"
(("LibArchive") ""))
#t)))))
(inputs
`(("file" ,file)
("curl" ,curl)

View File

@ -270,6 +270,9 @@
(name "perl-boot0")
(replacement #f)
(arguments
;; At the very least, this must not depend on GCC & co.
(let ((args `(#:disallowed-references
,(list %bootstrap-binutils))))
(substitute-keyword-arguments (package-arguments perl)
((#:phases phases)
`(modify-phases ,phases
@ -279,7 +282,7 @@
(lambda _
(substitute* "Configure"
(("^libswanted=(.*)pthread" _ before)
(string-append "libswanted=" before))))))))))))
(string-append "libswanted=" before)))))))))))))
(package-with-bootstrap-guile
(package-with-explicit-inputs perl
%boot0-inputs
@ -306,7 +309,12 @@
;; Also, use %BOOT0-INPUTS to avoid building Perl once more.
(let ((texinfo (package (inherit texinfo)
(native-inputs '())
(inputs `(("perl" ,perl-boot0))))))
(inputs `(("perl" ,perl-boot0)))
;; Some of Texinfo 6.1's tests would fail with "Couldn't
;; set UTF-8 character type in locale" but we don't have a
;; UTF-8 locale at this stage, so skip them.
(arguments '(#:tests? #f)))))
(package-with-bootstrap-guile
(package-with-explicit-inputs texinfo %boot0-inputs
(current-source-location)
@ -355,7 +363,7 @@
"export CPATH\n"
all "\n"))))
,phases)))))
(propagated-inputs `(("linux-headers" ,(linux-libre-headers-boot0))))
(propagated-inputs `(("kernel-headers" ,(linux-libre-headers-boot0))))
(native-inputs
`(("texinfo" ,texinfo-boot0)
("perl" ,perl-boot0)))

View File

@ -150,14 +150,14 @@ adding and extracting files to/from a tar archive.")
(define-public gzip
(package
(name "gzip")
(version "1.6")
(version "1.8")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gzip/gzip-"
version ".tar.gz"))
version ".tar.xz"))
(sha256
(base32
"0zlgdm4v3dndrbiz7b67mbbj25dpwqbmbzjiycssvrfrcfvq7swp"))))
"1lxv3p4iyx7833mlihkn5wfwmz4cys5nybwpz3dfawag8kn6f5zz"))))
(build-system gnu-build-system)
(synopsis "General file (de)compression (using lzw)")
(arguments

View File

@ -32,7 +32,7 @@
(define-public conky
(package
(name "conky")
(version "1.10.0")
(version "1.10.3")
(source
(origin
(method url-fetch)
@ -40,10 +40,15 @@
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32 "1szq4ckfkvyabv5llf9nkdxipn7429sralsxyr7z0dyc3zwz74pk"))))
(base32 "1m9byrmpc2sprzk44v447yaqjzsvw230a0mlw7y1ngz3m3y44qs5"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ; there are no tests
#:configure-flags
'("-DRELEASE=true"
;; XXX: it checks ncurses with pkg-config.
;; TODO: add 'ncurses.pc' to the ncurses package.
"-DBUILD_NCURSES=false")
#:phases
(alist-cons-after
'unpack 'add-freetype-to-search-path
@ -67,6 +72,7 @@
("libx11" ,libx11)
("libxdamage" ,libxdamage)
("libxft" ,libxft)
("libxinerama" ,libxinerama)
("lua" ,lua)))
(native-inputs
`(("pkg-config" ,pkg-config)))

View File

@ -121,6 +121,14 @@ may be either a libc package or #f.)"
"--disable-libquadmath"
"--disable-decimal-float" ;would need libc
"--disable-libcilkrts"
;; When target is any OS other than 'none' these
;; libraries will fail if there is no libc
;; present. See
;; <https://lists.gnu.org/archive/html/guix-devel/2016-02/msg01311.html>
"--disable-libitm"
"--disable-libvtv"
"--disable-libsanitizer"
)))
,(if libc
@ -167,24 +175,25 @@ may be either a libc package or #f.)"
`(alist-cons-before
'configure 'set-cross-path
(lambda* (#:key inputs #:allow-other-keys)
;; Add the cross Linux headers to CROSS_C_*_INCLUDE_PATH,
;; and remove them from C_*INCLUDE_PATH.
;; Add the cross kernel headers to CROSS_CPATH, and remove them
;; from CPATH.
(let ((libc (assoc-ref inputs "libc"))
(linux (assoc-ref inputs "xlinux-headers")))
(kernel (assoc-ref inputs "xkernel-headers")))
(define (cross? x)
;; Return #t if X is a cross-libc or cross Linux.
(or (string-prefix? libc x)
(string-prefix? linux x)))
(string-prefix? kernel x)))
(let ((cpath (string-append
libc "/include"
":" linux "/include")))
":" kernel "/include")))
(for-each (cut setenv <> cpath)
'("CROSS_C_INCLUDE_PATH"
"CROSS_CPLUS_INCLUDE_PATH"
"CROSS_OBJC_INCLUDE_PATH"
"CROSS_OBJCPLUS_INCLUDE_PATH")))
(setenv "CROSS_LIBRARY_PATH"
(string-append libc "/lib"))
(string-append libc "/lib:"
kernel "/lib")) ;for Hurd's libihash
(for-each
(lambda (var)
(and=> (getenv var)
@ -255,9 +264,9 @@ GCC that does not target a libc; otherwise, target that libc."
(alist-delete "libc" %final-inputs))))
(if libc
`(("libc" ,libc)
("xlinux-headers" ;the target headers
("xkernel-headers" ;the target headers
,@(assoc-ref (package-propagated-inputs libc)
"linux-headers"))
"kernel-headers"))
,@inputs)
inputs))))
@ -334,10 +343,10 @@ XBINUTILS and the cross tool chain."
,flags))
((#:phases phases)
`(alist-cons-before
'configure 'set-cross-linux-headers-path
'configure 'set-cross-kernel-headers-path
(lambda* (#:key inputs #:allow-other-keys)
(let* ((linux (assoc-ref inputs "linux-headers"))
(cpath (string-append linux "/include")))
(let* ((kernel (assoc-ref inputs "kernel-headers"))
(cpath (string-append kernel "/include")))
(for-each (cut setenv <> cpath)
'("CROSS_C_INCLUDE_PATH"
"CROSS_CPLUS_INCLUDE_PATH"
@ -346,9 +355,9 @@ XBINUTILS and the cross tool chain."
#t))
,phases))))
;; Shadow the native "linux-headers" because glibc's recipe expects the
;; "linux-headers" input to point to the right thing.
(propagated-inputs `(("linux-headers" ,xlinux-headers)))
;; Shadow the native "kernel-headers" because glibc's recipe expects the
;; "kernel-headers" input to point to the right thing.
(propagated-inputs `(("kernel-headers" ,xlinux-headers)))
;; FIXME: 'static-bash' should really be an input, not a native input, but
;; to do that will require building an intermediate cross libc.

View File

@ -135,20 +135,17 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
;; cups-filters package.
#:tests? #f
#:phases
(alist-cons-before
'configure
'patch-makedefs
(modify-phases %standard-phases
(add-before 'configure 'patch-makedefs
(lambda _
(substitute* "Makedefs.in"
(("INITDIR.*=.*@INITDIR@") "INITDIR = @prefix@/@INITDIR@")
(("/bin/sh") (which "sh"))))
(alist-cons-before
'build
'patch-tests
(("/bin/sh") (which "sh")))))
(add-before 'build 'patch-tests
(lambda _
(substitute* "test/ippserver.c"
(("# else /\\* HAVE_AVAHI \\*/") "#elif defined(HAVE_AVAHI)")))
%standard-phases))))
(("# else /\\* HAVE_AVAHI \\*/")
"#elif defined(HAVE_AVAHI)")))))))
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs

View File

@ -86,6 +86,7 @@
("automake" ,automake)
("gettext" ,gnu-gettext)
("libtool" ,libtool)
("pcre" ,pcre "bin") ;for 'pcre-config'
("pkg-config" ,pkg-config)))
(inputs
`(("glib" ,glib)
@ -94,7 +95,6 @@
("raptor2" ,raptor2)
("readline" ,readline)
("avahi" ,avahi)
("pcre" ,pcre)
("cyrus-sasl" ,cyrus-sasl)
("openssl" ,openssl)
("util-linux" ,util-linux)))
@ -114,14 +114,14 @@ either single machines or networked clusters.")
(define-public gdbm
(package
(name "gdbm")
(version "1.11")
(version "1.12")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gdbm/gdbm-"
version ".tar.gz"))
(sha256
(base32
"1hz3jgh3pd4qzp6jy0l8pd8x01g9abw7csnrlnj1a2sxy122z4cd"))))
"1smwz4x5qa4js0zf1w3asq6z7mh20zlgwbh2bk5dczw6xrk22yyr"))))
(arguments `(#:configure-flags '("--enable-libgdbm-compat")))
(build-system gnu-build-system)
(home-page "http://www.gnu.org/software/gdbm/")
@ -136,18 +136,20 @@ and provides interfaces to the traditional file format.")
(define-public bdb
(package
(name "bdb")
(version "5.3.21")
(version "6.2.23")
(source (origin
(method url-fetch)
(uri (string-append "http://download.oracle.com/berkeley-db/db-" version
".tar.gz"))
(sha256 (base32
"1f2g2612lf8djbwbwhxsvmffmf9d7693kh2l20195pqp0f9jmnfx"))))
(uri (string-append "http://download.oracle.com/berkeley-db/db-"
version ".tar.gz"))
(sha256
(base32
"1isxx4jfmnh913jzhp8hhfngbk6dsg46f4kjpvvc56maj64jqqa7"))))
(build-system gnu-build-system)
(outputs '("out" ; programs, libraries, headers
"doc")) ; 94 MiB of HTML docs
(arguments
'(#:tests? #f ; no check target available
#:disallowed-references ("doc")
#:phases
(alist-replace
'configure
@ -165,6 +167,9 @@ and provides interfaces to the traditional file format.")
(string-append "CONFIG_SHELL=" (which "bash"))
(string-append "SHELL=" (which "bash"))
;; Remove 7 MiB of .a files.
"--disable-static"
;; The compatibility mode is needed by some packages,
;; notably iproute2.
"--enable-compat185"
@ -183,6 +188,18 @@ SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
(home-page
"http://www.oracle.com/us/products/database/berkeley-db/overview/index.html")))
(define-public bdb-5.3
(package (inherit bdb)
(name "bdb")
(version "5.3.28")
(source (origin
(method url-fetch)
(uri (string-append "http://download.oracle.com/berkeley-db/db-"
version ".tar.gz"))
(sha256
(base32
"0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0"))))))
(define-public mysql
(package
(name "mysql")
@ -465,7 +482,7 @@ for example from a shell script.")
(define-public sqlite
(package
(name "sqlite")
(version "3.10.0")
(version "3.12.2")
(source (origin
(method url-fetch)
;; TODO: Download from sqlite.org once this bug :
@ -496,7 +513,7 @@ for example from a shell script.")
))
(sha256
(base32
"0hhhv6si0pyf5i8bv7a71953m0b4gk6s3j2h09caf7vif0njkk23"))))
"1fwss0i2lixv39b27gkqiibdd2syym90wh3qbiaxnfgxk867f07x"))))
(build-system gnu-build-system)
(inputs `(("readline" ,readline)))
(arguments

View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -44,7 +44,8 @@
(base32
"04pjks075x20d19l623mj50bw64g8i41s63z4kzzqcbg9qg96x64"))
(patches (search-patches "cpio-gets-undeclared.patch"
"dico-libtool-deterministic.patch"))))
"dico-libtool-deterministic.patch"
"dico-idxgcide-bug.patch"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags (list (string-append "--with-guile-site-dir=" %output

View File

@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -27,23 +28,24 @@
(define-public ed
(package
(name "ed")
(version "1.12")
(version "1.13")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/ed/ed-"
version ".tar.lz"))
(sha256
(base32
"0bw0187a311rci58vznvncsj6pfp8bhs5phrlrqn03sa2i1mfrfj"))))
"1ly7i1iw02vbcd0zrx084z577ngxnarffmkm45dg6vndad5carnd"))))
(build-system gnu-build-system)
(native-inputs `(("lzip" ,lzip)))
(arguments
'(#:configure-flags '("CC=gcc")
#:phases (alist-cons-before 'patch-source-shebangs 'patch-test-suite
#:phases
(modify-phases %standard-phases
(add-before 'patch-source-shebangs 'patch-test-suite
(lambda _
(substitute* "testsuite/check.sh"
(("/bin/sh") (which "sh"))))
%standard-phases)))
(("/bin/sh") (which "sh"))))))))
(home-page "http://www.gnu.org/software/ed/")
(synopsis "Line-oriented text editor")
(description

View File

@ -110,14 +110,6 @@
(substitute* (find-files "." "^Makefile\\.in$")
(("/bin/pwd")
"pwd"))))
(add-after 'install 'remove-info.info
(lambda* (#:key outputs #:allow-other-keys)
;; Remove 'info.info', which is provided by Texinfo <= 6.0.
;; TODO: Remove this phase when we switch to Texinfo 6.1.
(let ((out (assoc-ref outputs "out")))
(delete-file
(string-append out "/share/info/info.info.gz"))
#t)))
(add-after 'install 'install-site-start
;; Copy guix-emacs.el from Guix and add it to site-start.el. This
;; way, Emacs packages provided by Guix and installed in

View File

@ -233,7 +233,8 @@ optimizer; and it can produce photorealistic and design review images.")
(build-system gnu-build-system)
(native-inputs
`(("texlive" ,texlive)
("ghostscript" ,ghostscript)))
("ghostscript" ,ghostscript)
("ghostscript" ,ghostscript-gs)))
(arguments
`(#:make-flags '("CC=gcc" "RM=rm" "SHELL=sh" "all")
#:parallel-build? #f

View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015, 2016 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
;;;
@ -61,7 +61,7 @@
("python" ,python-2) ; for the tests
("util-linux" ,util-linux))) ; provides the hexdump command for tests
(inputs
`(("bdb" ,bdb)
`(("bdb" ,bdb-5.3) ; with 6.2.23, there is an error: ambiguous overload
("boost" ,boost)
("libevent" ,libevent)
("miniupnpc" ,miniupnpc)

View File

@ -126,7 +126,7 @@ TrueType (TTF) files.")
(define-public font-dejavu
(package
(name "font-dejavu")
(version "2.34")
(version "2.35")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/dejavu/dejavu/"
@ -134,7 +134,7 @@ TrueType (TTF) files.")
version ".tar.bz2"))
(sha256
(base32
"0pgb0a3ngamidacmrvasg51ck3gp8gn93w6sf1s8snwzx4x2r9yh"))))
"122d35y93r820zhi6d7m9xhakdib10z51v63lnlg67qhhrardmzn"))))
(build-system trivial-build-system)
(arguments
`(#:modules ((guix build utils))

View File

@ -245,10 +245,10 @@ fonts to/from the WOFF2 format.")
(assoc-ref %build-inputs "gs-fonts")
"/share/fonts")
;; register fonts from user profile
;; TODO: Add /run/current-system/profile/share/fonts and remove
;; the skeleton that works around it from 'default-skeletons'.
"--with-add-fonts=~/.guix-profile/share/fonts"
;; Register fonts from user and system profiles.
(string-append "--with-add-fonts="
"~/.guix-profile/share/fonts,"
"/run/current-system/profile/share/fonts")
;; python is not actually needed
"PYTHON=false")

View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 John Darrington <jmd@gnu.org>
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014, 2015, 2016 David Thompson <dthompson2@worcester.edu>
;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2014 Cyrill Schenkel <cyrill.schenkel@gmail.com>
@ -20,7 +21,7 @@
;;; Copyright © 2016 Albin Söderqvist <albin@fripost.org>
;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il"
;;;
;;; This file is part of GNU Guix.
;;;
@ -2370,9 +2371,9 @@ Super Game Boy, BS-X Satellaview, and Sufami Turbo.")
(perl (string-append (assoc-ref %build-inputs
"perl")
"/bin"))
(gunzip (string-append (assoc-ref %build-inputs
(gzip (string-append (assoc-ref %build-inputs
"gzip")
"/bin/gunzip"))
"/bin/gzip"))
(tar (string-append (assoc-ref %build-inputs
"tar")
"/bin/tar"))
@ -2382,7 +2383,7 @@ Super Game Boy, BS-X Satellaview, and Sufami Turbo.")
(begin
(mkdir out)
(copy-file tarball "grue-hunter.tar.gz")
(zero? (system* gunzip "grue-hunter.tar.gz"))
(zero? (system* gzip "-d" "grue-hunter.tar.gz"))
(zero? (system* tar "xvf" "grue-hunter.tar"))
(mkdir-p bin)

View File

@ -153,7 +153,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC
("libelf" ,libelf)
("zlib" ,zlib)))
;; GCC is one of the few packages that doesn't ship .info files.
;; GCC < 5 is one of the few packages that doesn't ship .info files.
(native-inputs `(("texinfo" ,texinfo)))
(arguments
@ -352,7 +352,9 @@ Go. It also includes runtime support libraries for these languages.")
(sha256
(base32
"1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq"))
(patches (search-patches "gcc-5.0-libvtv-runpath.patch"))))))
(patches (search-patches "gcc-5.0-libvtv-runpath.patch"))))
;; GCC 5 ships with .info files, so no need for Texinfo.
(native-inputs '())))
(define-public gcc-6
(package

View File

@ -41,14 +41,14 @@
(define-public gnu-gettext
(package
(name "gettext")
(version "0.19.7")
(version "0.19.8")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gettext/gettext-"
version ".tar.gz"))
(sha256
(base32
"0gy2b2aydj8r0sapadnjw8cmb8j2rynj28d5qs1mfa800njd51jk"))))
"13ylc6n3hsk919c7xl0yyibc3pfddzb53avdykn4hmk8g6yzd91x"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;8 MiB of HTML

View File

@ -2,7 +2,7 @@
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -33,7 +33,8 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu))
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial))
(define-public lcms
(package
@ -156,7 +157,8 @@ printing, and psresize, for adjusting page sizes.")
("python" ,python-wrapper)
("tcl" ,tcl)))
(arguments
`(#:phases
`(#:disallowed-references ("doc")
#:phases
(modify-phases %standard-phases
(add-after 'configure 'patch-config-files
(lambda _
@ -172,12 +174,15 @@ printing, and psresize, for adjusting page sizes.")
(substitute* "base/gscdef.c"
(("GS_DOCDIR")
"\"~/.guix-profile/share/doc/ghostscript\""))))
(add-after 'build 'build-so
(replace 'build
(lambda _
(zero? (system* "make" "so"))))
(add-after 'install 'install-so
;; Build 'libgs.so', but don't build the statically-linked 'gs'
;; binary (saves 18 MiB).
(zero? (system* "make" "so" "-j"
(number->string (parallel-job-count))))))
(replace 'install
(lambda _
(zero? (system* "make" "install-so")))))))
(zero? (system* "make" "soinstall")))))))
(synopsis "PostScript and PDF interpreter")
(description
"Ghostscript is an interpreter for the PostScript language and the PDF
@ -194,6 +199,40 @@ output file formats and printers.")
("libxt" ,libxt)
,@(package-inputs ghostscript)))))
(define (ghostscript-wrapper name ghostscript)
;; Return a GHOSTSCRIPT wrapper that provides the 'gs' command.
;; See <https://lists.gnu.org/archive/html/guix-devel/2016-07/msg00987.html>.
(package
(name name)
(version (package-version ghostscript))
(source #f)
(build-system trivial-build-system)
(inputs `(("ghostscript" ,ghostscript)))
(arguments
`(#:modules ((guix build utils))
#:builder (begin
(use-modules (guix build utils))
(let* ((out (assoc-ref %outputs "out"))
(bin (string-append out "/bin"))
(gs (assoc-ref %build-inputs "ghostscript")))
(mkdir-p bin)
(with-directory-excursion bin
(symlink (string-append gs "/bin/gsc") "gs")
#t)))))
(synopsis "Wrapper providing Ghostscript's 'gs' command")
(description
"This package provides the @command{gs} command, which used to be
provided by Ghostscript itself and no longer is.")
(license (package-license ghostscript))
(home-page (package-home-page ghostscript))))
(define-public ghostscript-gs
(ghostscript-wrapper "ghostscript-gs" ghostscript))
(define-public ghostscript-gs/x
(ghostscript-wrapper "ghostscript-gs-with-x" ghostscript/x))
(define-public ijs
(package
(name "ijs")

View File

@ -443,7 +443,7 @@ OpenGL graphics API.")
(define-public libepoxy
(package
(name "libepoxy")
(version "1.2")
(version "1.3.1")
(source (origin
(method url-fetch)
(uri (string-append
@ -453,7 +453,7 @@ OpenGL graphics API.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1xp8g6b7xlbym2rj4vkbl6xpb7ijq7glpv656mc7k9b01x22ihs2"))))
"1d1brhwfmlzgnphmdwlvn5wbcrxsdyzf1qfcf8nb89xqzznxs037"))))
(arguments
`(#:phases
(alist-cons-after

View File

@ -6,6 +6,7 @@
;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
;;; Copyright © 2016 Nils Gillmann <ng0@libertad.pw>
;;;
;;; This file is part of GNU Guix.
;;;
@ -49,7 +50,7 @@
(define-public libgpg-error
(package
(name "libgpg-error")
(version "1.21")
(version "1.22")
(source
(origin
(method url-fetch)
@ -57,7 +58,7 @@
version ".tar.bz2"))
(sha256
(base32
"0kdq2cbnk84fr4jqcv689rlxpbyl6bda2cn6y3ll19v3mlydpnxp"))))
"0ywxwswizmkyciy480kzczxn6nhbgzf3z8my4nk43nvv67k4x87j"))))
(build-system gnu-build-system)
(home-page "https://gnupg.org")
(synopsis "Library of error values for GnuPG components")
@ -73,14 +74,14 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
(version "1.6.5")
(version "1.7.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
"0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl"))))
"14pspxwrqcgfklw3dgmywbxqwdzcym7fznfrqh9rk4vl8jkpxrmh"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error-host" ,libgpg-error)))

View File

@ -77,7 +77,10 @@
`(("perl" ,perl)
("python" ,python-2)))
(arguments
`(#:phases
`(;; XXX: parallel build fails, lacking:
;; mkdir -p "system_wrapper_js/"
#:parallel-build? #f
#:phases
(alist-cons-before
'configure 'chdir
(lambda _
@ -117,7 +120,10 @@ in C/C++.")
'(substitute* '("js/src/config/milestone.pl")
(("defined\\(@TEMPLATE_FILE)") "@TEMPLATE_FILE")))))
(arguments
'(#:phases
'(;; XXX: parallel build fails, lacking:
;; mkdir -p "system_wrapper_js/"
#:parallel-build? #f
#:phases
(modify-phases %standard-phases
(replace
'configure

View File

@ -4,6 +4,7 @@
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@ -300,7 +301,8 @@ visual effects work for film.")
"rapicorn-" version ".tar.xz"))
(sha256
(base32
"1y51yjrpsihas1jy905m9p3r8iiyhq6bwi2690c564i5dnix1f9d"))))
"1y51yjrpsihas1jy905m9p3r8iiyhq6bwi2690c564i5dnix1f9d"))
(patches (search-patches "rapicorn-isnan.patch"))))
(build-system gnu-build-system)
(arguments
`(#:phases

View File

@ -166,7 +166,8 @@ without requiring the source code to be rewritten.")
(outputs '("out" "debug"))
(arguments
`(#:phases (alist-cons-before
`(#:configure-flags '("--disable-static") ;saves 3MiB
#:phases (alist-cons-before
'configure 'pre-configure
(lambda* (#:key inputs #:allow-other-keys)
;; Tell (ice-9 popen) the file name of Bash.

View File

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -39,7 +39,7 @@
(sha256 (base32
"0q8s43z14vxm41pfa8s5h9kyyzk1fkwjhkiwbf2x70alm6rv6qi1"))))
(build-system gnu-build-system)
(propagated-inputs `(("ghostscript" ,ghostscript/x)))
(propagated-inputs `(("ghostscript" ,ghostscript-gs/x)))
(inputs `(("libx11" ,libx11)
("libxaw3d" ,libxaw3d)
("libxinerama" ,libxinerama)

View File

@ -21,12 +21,12 @@
#:use-module (guix download)
#:use-module (guix packages)
#:use-module (gnu packages)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
#:use-module (gnu packages flex)
#:use-module (gnu packages bison)
#:use-module (gnu packages perl)
#:use-module (gnu packages autotools)
#:use-module (gnu packages base)
#:use-module (guix git-download))
@ -55,7 +55,11 @@
;; GNU Mach supports only IA32 currently, so cheat so that we can at
;; least install its headers.
#:configure-flags '("--build=i686-pc-gnu")
,@(if (%current-target-system)
'()
;; See <http://lists.gnu.org/archive/html/bug-hurd/2015-06/msg00042.html>
;; <http://lists.gnu.org/archive/html/guix-devel/2015-06/msg00716.html>
'(#:configure-flags '("--build=i586-pc-gnu")))
#:tests? #f))
(home-page "https://www.gnu.org/software/hurd/microkernel/mach/gnumach.html")
@ -108,11 +112,7 @@ communication.")
"1pbc4aqgzxvkgivw80ghp3w755cl0fwxmg357vq7chimj64jk78d"))))
(build-system gnu-build-system)
(native-inputs
`(;; Autoconf shouldn't be necessary but there seems to be a bug in the
;; build system triggering its use.
("autoconf" ,autoconf)
("mig" ,mig)))
`(("mig" ,mig)))
(arguments
`(#:phases (alist-replace
'install
@ -122,10 +122,19 @@ communication.")
#:configure-flags '(;; Pretend we're on GNU/Hurd; 'configure' wants
;; that.
"--build=i686-pc-gnu"
,@(if (%current-target-system)
'()
'("--host=i586-pc-gnu"))
;; Reduce set of dependencies.
"--without-parted")
"--without-parted"
"--disable-ncursesw"
"--disable-test"
"--without-libbz2"
"--without-libz"
;; Skip the clnt_create check because it expects
;; a working glibc causing a circular dependency.
"ac_cv_search_clnt_create=no")
#:tests? #f))
(home-page "http://www.gnu.org/software/hurd/hurd.html")
@ -140,11 +149,11 @@ Library and other user programs.")
(name "hurd-minimal")
(inputs `(("glibc-hurd-headers" ,glibc/hurd-headers)))
(native-inputs
`(("autoconf" ,(autoconf-wrapper))
("mig" ,mig)))
`(("mig" ,mig)))
(arguments
`(#:phases (alist-replace
(substitute-keyword-arguments (package-arguments hurd-headers)
((#:phases _)
'(alist-replace
'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
@ -161,25 +170,7 @@ Library and other user programs.")
'build
(lambda _
(zero? (system* "make" "-Clibihash" "libihash.a")))
(alist-cons-before
'configure 'bootstrap
(lambda _
(zero? (system* "autoreconf" "-vfi")))
%standard-phases)))
#:configure-flags '(;; Pretend we're on GNU/Hurd; 'configure' wants
;; that.
"--host=i686-pc-gnu"
;; Reduce set of dependencies.
"--disable-ncursesw"
"--disable-test"
"--without-libbz2"
"--without-libz"
"--without-parted"
;; Skip the clnt_create check because it expects
;; a working glibc causing a circular dependency.
"ac_cv_search_clnt_create=no")
#:tests? #f))
%standard-phases)))))
(home-page "http://www.gnu.org/software/hurd/hurd.html")
(synopsis "GNU Hurd libraries")
(description

View File

@ -6,12 +6,16 @@
# the shebang line in Linux.
# Use `load-compiled' because `load' (and `-l') doesn't otherwise load our
# .go file (see <http://bugs.gnu.org/12519>).
# Unset 'GUILE_LOAD_COMPILED_PATH' to make sure we do not stumble upon
# incompatible .go files. See
# <https://lists.gnu.org/archive/html/guile-devel/2016-03/msg00000.html>.
unset GUILE_LOAD_COMPILED_PATH
main="(@ (gnu build-support ld-wrapper) ld-wrapper)"
exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)))" "$@"
!#
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;

View File

@ -106,7 +106,7 @@
version "-gnu.tar.xz")))
(define-public linux-libre-headers
(let* ((version "3.14.37")
(let* ((version "4.1.18")
(build-phase
(lambda (arch)
`(lambda _
@ -144,7 +144,7 @@
(uri (linux-libre-urls version))
(sha256
(base32
"1blxr2bsvfqi9khj4cpspv434bmx252zak2wsbi2mgl60zh77gza"))))
"1bddh2rg645lavhjkk9z75vflba5y0g73z2fjwgbfrj5jb44x9i7"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(arguments
@ -469,12 +469,11 @@ providing the system administrator with some help in common tasks.")
(("build_kill=yes") "build_kill=no"))
#t))))
(build-system gnu-build-system)
(outputs '("out"
"static")) ; >2 MiB of static .a libraries
(arguments
`(#:configure-flags (list "--disable-use-tty-group"
;; Do not build .a files to save 2 MiB.
"--disable-static"
;; Install completions where our
;; bash-completion package expects them.
(string-append "--with-bashcompletiondir="
@ -499,6 +498,19 @@ providing the system administrator with some help in common tasks.")
(substitute* "tests/ts/misc/mcookie"
(("/etc/services")
(string-append net "/etc/services")))
#t)))
(add-after
'install 'move-static-libraries
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))
(static (assoc-ref outputs "static")))
(mkdir-p (string-append static "/lib"))
(with-directory-excursion out
(for-each (lambda (file)
(rename-file file
(string-append static "/"
file)))
(find-files "lib" "\\.a$")))
#t))))))
(inputs `(("zlib" ,zlib)
("ncurses" ,ncurses)))
@ -527,7 +539,9 @@ block devices, UUIDs, TTYs, and many other tools.")
"procps-ng-" version ".tar.xz"))
(sha256
(base32
"1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9"))))
"1va4n0mpsq327ca9dqp4hnrpgs6821rp0f2m0jyc1bfjl9lk2jg9"))
(patches
(list (search-patch "procps-non-linux.patch")))))
(build-system gnu-build-system)
(arguments
'(#:modules ((guix build utils)
@ -1562,7 +1576,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.")
(define-public kmod
(package
(name "kmod")
(version "17")
(version "22")
(source (origin
(method url-fetch)
(uri
@ -1570,7 +1584,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.")
"kmod-" version ".tar.xz"))
(sha256
(base32
"1yid3a9b64a60ybj66fk2ysrq5klnl0ijl4g624cl16y8404g9rv"))
"10lzfkmnpq6a43a3gkx7x633njh216w0bjwz31rv8a1jlgg1sfxs"))
(patches (search-patches "kmod-module-directory.patch"))))
(build-system gnu-build-system)
(native-inputs
@ -2594,12 +2608,26 @@ and copy/paste text in the console and in xterm.")
(base32
"06c9l6m3w29dndk17jrlpgr01wykl10h34zva8zc2c571z6mrlaf"))))
(build-system gnu-build-system)
(outputs '("out"
"static")) ; static versions of binaries in "out" (~16MiB!)
(arguments
'(#:test-target "test"
'(#:phases (modify-phases %standard-phases
(add-after 'build 'build-static
(lambda _ (zero? (system* "make" "static"))))
(add-after 'install 'install-static
(let ((staticbin (string-append (assoc-ref %outputs "static")
"/bin")))
(lambda _
(zero? (system* "make"
(string-append "bindir=" staticbin)
"install-static"))))))
#:test-target "test"
#:parallel-tests? #f)) ; tests fail when run in parallel
(inputs `(("e2fsprogs" ,e2fsprogs)
("libblkid" ,util-linux)
("libblkid:static" ,util-linux "static")
("libuuid" ,util-linux)
("libuuid:static" ,util-linux "static")
("zlib" ,zlib)
("lzo" ,lzo)))
(native-inputs `(("pkg-config" ,pkg-config)

View File

@ -148,7 +148,7 @@ interface to the Tk widget system.")
`("CPATH" suffix
,(map (lambda (lib)
(input-path lib "/include"))
`("linux-headers" ,@libraries)))
`("kernel-headers" ,@libraries)))
`("LIBRARY_PATH" suffix ,library-directories)
`("LD_LIBRARY_PATH" suffix ,library-directories)))))
(add-after 'wrap 'check (assoc-ref %standard-phases 'check)))))

View File

@ -87,8 +87,9 @@
"1gb8vb1wl7ikn269dd1c7ihqhkyrwk19jwx5kd0rdvbk6g7g25ix"))))
(build-system gnu-build-system) ; actually, just a makefile
(outputs '("out" "doc"))
(inputs
`(("ghostscript" ,ghostscript)))
(native-inputs
`(("ghostscript" ,ghostscript)
("ghostscript-gs" ,ghostscript-gs)))
(arguments `(#:modules ((guix build utils)
(guix build gnu-build-system)
(srfi srfi-1)) ; we need SRFI-1

View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2014 Sou Bunnbu <iyzsong@gmail.com>
@ -743,12 +743,12 @@ delivery.")
("gzip" ,gzip)
("bzip2" ,bzip2)
("xz" ,xz)
("pcre" ,pcre)
("perl" ,perl)
("libxt" ,libxt)
("libxaw" ,libxaw)))
(native-inputs
`(("perl" ,perl)))
`(("pcre" ,pcre "bin")
("perl" ,perl)))
(arguments
'(#:phases
(alist-replace
@ -1206,8 +1206,7 @@ deliver it in various ways.")
;; filesystem are performed during 'make install'. However, these
;; are performed before the actual build process.
(build-system gnu-build-system)
(inputs `(("glibc" ,glibc)
("exim" ,exim)))
(inputs `(("exim" ,exim)))
(home-page "http://www.procmail.org/")
(synopsis "Versatile mail delivery agent (MDA)")
(description "Procmail is a mail delivery agent (MDA) featuring support

View File

@ -344,7 +344,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(libdir (string-append out "/lib"))
(incdir (string-append out "/include"))
(libc (assoc-ref %build-inputs "libc"))
(linux (assoc-ref %build-inputs "linux-headers")))
(linux (assoc-ref %build-inputs "kernel-headers")))
(mkdir-p libdir)
(for-each (lambda (file)
(let ((target (string-append libdir "/"
@ -379,7 +379,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(parameterize ((%current-target-system #f))
(cross-libc target)))
glibc)))
("linux-headers" ,linux-libre-headers)))
("kernel-headers" ,linux-libre-headers)))
;; Only one output.
(outputs '("out")))))

View File

@ -2192,7 +2192,14 @@ specifications.")
;; Pretend to be on a 64 bit platform to obtain a common directory
;; name for the build results on all architectures; nothing else
;; seems to depend on it.
(("^PLATFORM=.*$") "PLATFORM=ux64\n")))))
(("^PLATFORM=.*$") "PLATFORM=ux64\n")
;; The check for 'isnan' as it is written fails with
;; "non-floating-point argument in call to function
;; __builtin_isnan", which leads to the 'NOISNAN' cpp macro
;; definition, which in turn leads to bad things. Fix the feature
;; test.
(("isnan\\(0\\)") "isnan(0.)")))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; no check target
@ -2201,11 +2208,10 @@ specifications.")
(delete 'configure)
(replace 'build
(lambda _
(with-directory-excursion "lpsolve55"
(system* "bash" "ccc"))
(and (with-directory-excursion "lpsolve55"
(zero? (system* "bash" "ccc")))
(with-directory-excursion "lp_solve"
(system* "bash" "ccc"))
#t))
(zero? (system* "bash" "ccc"))))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
@ -2241,7 +2247,7 @@ revised simplex and the branch-and-bound methods.")
(define-public dealii
(package
(name "dealii")
(version "8.2.1")
(version "8.4.1")
(source
(origin
(method url-fetch)
@ -2249,8 +2255,7 @@ revised simplex and the branch-and-bound methods.")
"download/v" version "/dealii-" version ".tar.gz"))
(sha256
(base32
"185jych0gdnpkjwxni7pd0dda149492zwq2457xdjg76bzj78mnp"))
(patches (search-patches "dealii-p4est-interface.patch"))
"1bdksvvyp1rj37df1ndh8j3x9nzpc3sazw8nd0hzvnlw0qnyk800"))
(modules '((guix build utils)))
(snippet
;; Remove bundled sources: UMFPACK, TBB, muParser, and boost

View File

@ -30,7 +30,7 @@
(define-public mit-krb5
(package
(name "mit-krb5")
(version "1.13.3")
(version "1.14.2")
(source (origin
(method url-fetch)
(uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
@ -38,18 +38,24 @@
"/krb5-" version ".tar.gz"))
(sha256
(base32
"1gpscn78lv48dxccxq9ncyj53w9l2a15xmngjfa1wylvmn7g0jjx"))
(patches
(search-patches "mit-krb5-init-context-null-spnego.patch"
"mit-krb5-CVE-2015-8629.patch"
"mit-krb5-CVE-2015-8630.patch"
"mit-krb5-CVE-2015-8631.patch"))))
"09wbv969ak4fqlqr1ip5bi62fny1zlp1vwjarvj6a6cdfzkdgjkb"))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
("perl" ,perl)))
(arguments
`(#:phases
`(;; Work around "No rule to make target '../../include/gssapi/gssapi.h',
;; needed by 'authgss_prot.so'."
#:parallel-build? #f
;; Likewise with tests.
#:parallel-tests? #f
;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
;; while running the tests in 'src/tests'.
#:tests? ,(string=? (%current-system) "x86_64-linux")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'enter-source-directory
(lambda _

View File

@ -80,13 +80,13 @@ cryptography and computational algebra.")
(define-public mpfr
(package
(name "mpfr")
(version "3.1.3")
(version "3.1.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/mpfr/mpfr-" version
".tar.xz"))
(sha256 (base32
"05jaa5z78lvrayld09nyr0v27c1m5dm9l7kr85v2bj4jv65s0db8"))))
"1x8pcnpn1vxfzfsr0js07rwhwyq27fmdzcfjpzi5773ldnqi653n"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h>

View File

@ -405,7 +405,7 @@ interface. It is implemented as a frontend to @code{klick}.")
("font-tex-gyre" ,font-tex-gyre)
("fontconfig" ,fontconfig)
("freetype" ,freetype)
("ghostscript" ,ghostscript)
("ghostscript" ,ghostscript-gs)
("pango" ,pango)
("python" ,python-2)))
(native-inputs

View File

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -27,6 +27,7 @@
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages xml)
#:use-module (gnu packages xorg)
#:use-module (guix build-system gnu)
#:use-module ((guix licenses) #:select (gpl2))
#:use-module (guix packages)
@ -54,9 +55,8 @@
(file-name (string-append name "-" version "-checkout"))
(modules '((guix build utils)))
(snippet
;; Remove non-FSDG-compliant code.
'(begin
(use-modules (guix build utils))
;; Remove non-FSDG-compliant code.
(define-syntax drop
(syntax-rules (in)
@ -84,13 +84,22 @@
(drop "pbmto4425" "pbmtoln03" "pbmtolps" "pbmtopk" "pktopbm"
in "converter/pbm")
(drop "spottopgm" in "converter/pgm")
(drop "ppmtopjxl" in "converter/ppm")))))
(drop "ppmtopjxl" in "converter/ppm")
;; Remove timestamps from the generated code.
(substitute* "buildtools/stamp-date"
(("^DATE=.*")
"DATE=\"Thu Jan 01 00:00:00+0000 1970\"\n")
(("^USER=.*")
"USER=Guix\n"))))))
(build-system gnu-build-system)
(inputs `(("ghostscript" ,ghostscript)
("libjpeg" ,libjpeg)
("libpng" ,libpng)
("libtiff" ,libtiff)
("libxml2" ,libxml2)
("xorg-rgb" ,xorg-rgb)
("zlib" ,zlib)))
(native-inputs
`(("flex" ,flex)
@ -99,9 +108,9 @@
("python" ,python-wrapper)))
(arguments
`(#:phases
(alist-replace
'configure
(lambda _
(modify-phases %standard-phases
(replace 'configure
(lambda* (#:key inputs outputs #:allow-other-keys)
(copy-file "config.mk.in" "config.mk")
(chmod "config.mk" #o664)
(let ((f (open-file "config.mk" "a")))
@ -111,9 +120,20 @@
(display "JPEGLIB = libjpeg.so\n" f)
(display "ZLIB = libz.so\n" f)
(display (string-append "LDFLAGS += -Wl,-rpath=" %output "/lib") f)
(close-port f)))
(alist-cons-before
'check 'setup-check
(close-port f))
(let ((rgb (string-append (assoc-ref inputs "xorg-rgb")
"/share/X11/rgb.txt")))
(substitute* "pm_config.in.h"
(("/usr/share/X11/rgb.txt") rgb))
;; Our Ghostscript no longer provides the 'gs' command, only
;; 'gsc', so look for that instead.
(substitute* "converter/other/pstopnm.c"
(("\"%s/gs\"")
"\"%s/gsc\"")))
#t))
(add-before 'check 'setup-check
(lambda _
;; install temporarily into /tmp/netpbm
(system* "make" "package")
@ -126,9 +146,9 @@
(("all-in-place.test") "")
(("pnmpsnr.test") "")
(("pnmremap1.test") "")
(("gif-roundtrip.test") "")))
(alist-replace
'install
(("gif-roundtrip.test") ""))
#t))
(replace 'install
(lambda* (#:key outputs make-flags #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(apply system* "make" "package"
@ -141,8 +161,9 @@
(system* "rm" "-r" (string-append out "/misc"))
(with-directory-excursion out
(for-each delete-file
'("config_template" "pkginfo" "README" "VERSION")))))
%standard-phases)))))
'("config_template" "pkginfo" "README"
"VERSION")))
#t))))))
(synopsis "Toolkit for manipulation of images")
(description
"Netpbm is a toolkit for the manipulation of graphic images, including

View File

@ -569,6 +569,7 @@ libpanel, librsvg and quartz.")
(native-inputs
`(("ocaml" ,ocaml)
;; For documentation
("ghostscript-gs" ,ghostscript-gs)
("ghostscript" ,ghostscript)
("texlive" ,texlive)
("hevea" ,hevea)

View File

@ -34,9 +34,8 @@
(define-public openldap
(package
(replacement openldap-2.4.44)
(name "openldap")
(version "2.4.42")
(version "2.4.44")
(source (origin
(method url-fetch)
@ -53,9 +52,9 @@
"openldap-release/openldap-" version ".tgz")))
(sha256
(base32
"0qwfpb5ipp2l76v11arghq5mr0sjc6xhjfg8a0kgsaw5qpib1dzf"))))
"0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))
(build-system gnu-build-system)
(inputs `(("bdb" ,bdb)
(inputs `(("bdb" ,bdb-5.3)
("openssl" ,openssl)
("cyrus-sasl" ,cyrus-sasl)
("groff" ,groff)
@ -78,24 +77,3 @@
"OpenLDAP is a free implementation of the Lightweight Directory Access Protocol.")
(license openldap2.8)
(home-page "http://www.openldap.org/")))
(define openldap-2.4.44
(package
(inherit openldap)
(replacement #f)
(source
(let ((version "2.4.44"))
(origin
(method url-fetch)
(uri (list (string-append
"ftp://mirror.switch.ch/mirror/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")
(string-append
"ftp://ftp.OpenLDAP.org/pub/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")
(string-append
"ftp://ftp.dti.ad.jp/pub/net/OpenLDAP/"
"openldap-release/openldap-" version ".tgz")))
(sha256
(base32
"0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp")))))))

View File

@ -0,0 +1,17 @@
Adjust test to ignore gzip 1.8+ warnings.
--- automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:36:26.554218552 +0200
+++ automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:37:52.903157770 +0200
@@ -49,7 +49,11 @@ grep "cannot find sources.* in foobar" s
./configure
run_make -E -O distcheck
-test ! -s stderr
+
+# Gzip 1.8+ emits warnings like "gzip: warning: GZIP environment
+# variable is deprecated"; filter them out.
+test `grep -v '^gzip: warning' stderr | wc -l` -eq 0
+
# Sanity check: the flags have been actually seen.
$PERL -e 'undef $/; $_ = <>; s/ \\\n/ /g; print;' <stdout >t
grep '/configure .* --srcdir am-src' t || exit 99

View File

@ -1,62 +0,0 @@
From upstream commit f764598c.
The p4est_connectivity_load function used to take an unsigned long as argument,
but this has been changed to size_t in p4est 1.0. This makes no difference on
64 bit systems, but leads to compiler errors on 32 bit systems. Fix this.
--- a/source/distributed/tria.cc
+++ b/source/distributed/tria.cc
@@ -204,7 +204,11 @@ namespace internal
static
int (&connectivity_is_valid) (types<2>::connectivity *connectivity);
-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
+ static
+ types<2>::connectivity *(&connectivity_load) (const char *filename,
+ size_t *length);
+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
static
types<2>::connectivity *(&connectivity_load) (const char *filename,
long unsigned *length);
@@ -384,7 +388,12 @@ namespace internal
*connectivity)
= p4est_connectivity_is_valid;
-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
+ types<2>::connectivity *
+ (&functions<2>::connectivity_load) (const char *filename,
+ size_t *length)
+ = p4est_connectivity_load;
+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
types<2>::connectivity *
(&functions<2>::connectivity_load) (const char *filename,
long unsigned *length)
@@ -564,7 +573,11 @@ namespace internal
static
int (&connectivity_is_valid) (types<3>::connectivity *connectivity);
-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
+ static
+ types<3>::connectivity *(&connectivity_load) (const char *filename,
+ size_t *length);
+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
static
types<3>::connectivity *(&connectivity_load) (const char *filename,
long unsigned *length);
@@ -747,7 +760,12 @@ namespace internal
*connectivity)
= p8est_connectivity_is_valid;
-#if DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
+#if DEAL_II_P4EST_VERSION_GTE(1,0,0,0)
+ types<3>::connectivity *
+ (&functions<3>::connectivity_load) (const char *filename,
+ size_t *length)
+ = p8est_connectivity_load;
+#elif DEAL_II_P4EST_VERSION_GTE(0,3,4,3)
types<3>::connectivity *
(&functions<3>::connectivity_load) (const char *filename,
long unsigned *length)

View File

@ -0,0 +1,21 @@
Reported at <http://mail.gnu.org.ua/archives/bug-dico/2016-07/msg00000.html>.
Patch the .c file to avoid depending on Flex.
commit 4599abbda3b5979367138ea098e435c919fe93fc
Author: Sergey Poznyakoff <gray@gnu.org>
Date: Thu Jul 28 14:09:58 2016 +0300
Bugfix
* modules/gcide/idxgcide.l (main): Initialize ipg_header.
--- dico-2.2/modules/gcide/idxgcide.c 2016-07-28 14:15:07.823587004 +0200
+++ dico-2.2/modules/gcide/idxgcide.c 2016-07-28 14:15:09.435600549 +0200
@@ -2497,6 +2497,7 @@ main(int argc, char **argv)
dico_log(L_ERR, 0, _("not enough memory"));
exit(EX_UNAVAILABLE);
}
+ idx_page->ipg_header.hdr.phdr_numentries = 0;
idx_page->ipg_header.hdr.phdr_text_offset = idx_header.ihdr_pagesize / 2;
idx_header.ihdr_maxpageref = idx_header.ihdr_pagesize / 2 /

View File

@ -1,42 +1,39 @@
Update previous fix for CVE-2015-1283 to not rely on undefined behavior.
Follow-up upstream fix for CVE-2015-1283 to not rely on undefined
behavior.
Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2.
Adapted from a patch from Debian (found in Debian package version
2.1.0-6+deb8u2) to apply to upstream code:
https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/
From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001
From: Pascal Cuoq <cuoq@trust-in-soft.com>
Date: Sun, 15 May 2016 09:05:46 +0200
Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix.
---
expat/lib/xmlparse.c | 6 ++++--
lib/xmlparse.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index 13e080d..cdb12ef 100644
index 0f6f4cd..5c70c17 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -1695,7 +1695,8 @@ XML_GetBuffer(XML_Parser parser, int len
@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len)
}
if (len > bufferLim - bufferEnd) {
- int neededSize = len + (int)(bufferEnd - bufferPtr);
+ /* Do not invoke signed arithmetic overflow: */
+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
if (neededSize < 0) {
errorCode = XML_ERROR_NO_MEMORY;
@@ -1729,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len
return NULL;
@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len)
if (bufferSize == 0)
bufferSize = INIT_BUFFER_SIZE;
do {
- bufferSize *= 2;
+ /* Do not invoke signed arithmetic overflow: */
+ bufferSize = (int) (2U * (unsigned) bufferSize);
/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
} while (bufferSize < neededSize && bufferSize > 0);
/* END MOZILLA CHANGE */
if (bufferSize <= 0) {
errorCode = XML_ERROR_NO_MEMORY;
--
2.8.2
2.8.3

View File

@ -1,89 +0,0 @@
Copied from Debian.
Description: fix multiple integer overflows in the XML_GetBuffer function
Multiple integer overflows in the XML_GetBuffer function in Expat through
2.1.0, as used in Google Chrome before 44.0.2403.89 and other products,
allow remote attackers to cause a denial of service (heap-based buffer
overflow) or possibly have unspecified other impact via crafted XML data,
a related issue to CVE-2015-2716.
Origin: Mozilla, https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
Author: Eric Rahm <erahm@mozilla.com>
Forwarded: not-needed
Last-Update: 2015-07-24
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -1673,29 +1673,40 @@ XML_ParseBuffer(XML_Parser parser, int l
XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position);
positionPtr = bufferPtr;
return result;
}
void * XMLCALL
XML_GetBuffer(XML_Parser parser, int len)
{
+/* BEGIN MOZILLA CHANGE (sanity check len) */
+ if (len < 0) {
+ errorCode = XML_ERROR_NO_MEMORY;
+ return NULL;
+ }
+/* END MOZILLA CHANGE */
switch (ps_parsing) {
case XML_SUSPENDED:
errorCode = XML_ERROR_SUSPENDED;
return NULL;
case XML_FINISHED:
errorCode = XML_ERROR_FINISHED;
return NULL;
default: ;
}
if (len > bufferLim - bufferEnd) {
- /* FIXME avoid integer overflow */
int neededSize = len + (int)(bufferEnd - bufferPtr);
+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
+ if (neededSize < 0) {
+ errorCode = XML_ERROR_NO_MEMORY;
+ return NULL;
+ }
+/* END MOZILLA CHANGE */
#ifdef XML_CONTEXT_BYTES
int keep = (int)(bufferPtr - buffer);
if (keep > XML_CONTEXT_BYTES)
keep = XML_CONTEXT_BYTES;
neededSize += keep;
#endif /* defined XML_CONTEXT_BYTES */
if (neededSize <= bufferLim - buffer) {
@@ -1714,17 +1725,25 @@ XML_GetBuffer(XML_Parser parser, int len
}
else {
char *newBuf;
int bufferSize = (int)(bufferLim - bufferPtr);
if (bufferSize == 0)
bufferSize = INIT_BUFFER_SIZE;
do {
bufferSize *= 2;
- } while (bufferSize < neededSize);
+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
+ } while (bufferSize < neededSize && bufferSize > 0);
+/* END MOZILLA CHANGE */
+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
+ if (bufferSize <= 0) {
+ errorCode = XML_ERROR_NO_MEMORY;
+ return NULL;
+ }
+/* END MOZILLA CHANGE */
newBuf = (char *)MALLOC(bufferSize);
if (newBuf == 0) {
errorCode = XML_ERROR_NO_MEMORY;
return NULL;
}
bufferLim = newBuf + bufferSize;
#ifdef XML_CONTEXT_BYTES
if (bufferPtr) {

View File

@ -1,559 +0,0 @@
Copied from Fedora:
http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584
Adapted to apply cleanly to glibc-2.22.
Index: b/resolv/nss_dns/dns-host.c
===================================================================
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an
int h_namelen = 0;
if (ancount == 0)
- return NSS_STATUS_NOTFOUND;
+ {
+ *h_errnop = HOST_NOT_FOUND;
+ return NSS_STATUS_NOTFOUND;
+ }
while (ancount-- > 0 && cp < end_of_message && had_error == 0)
{
@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an
/* Special case here: if the resolver sent a result but it only
contains a CNAME while we are looking for a T_A or T_AAAA record,
we fail with NOTFOUND instead of TRYAGAIN. */
- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
+ if (canon != NULL)
+ {
+ *h_errnop = HOST_NOT_FOUND;
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ *h_errnop = NETDB_INTERNAL;
+ return NSS_STATUS_TRYAGAIN;
}
@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1,
enum nss_status status = NSS_STATUS_NOTFOUND;
+ /* Combining the NSS status of two distinct queries requires some
+ compromise and attention to symmetry (A or AAAA queries can be
+ returned in any order). What follows is a breakdown of how this
+ code is expected to work and why. We discuss only SUCCESS,
+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
+ that apply (though RETURN and MERGE exist). We make a distinction
+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
+ A recoverable TRYAGAIN is almost always due to buffer size issues
+ and returns ERANGE in errno and the caller is expected to retry
+ with a larger buffer.
+
+ Lastly, you may be tempted to make significant changes to the
+ conditions in this code to bring about symmetry between responses.
+ Please don't change anything without due consideration for
+ expected application behaviour. Some of the synthesized responses
+ aren't very well thought out and sometimes appear to imply that
+ IPv4 responses are always answer 1, and IPv6 responses are always
+ answer 2, but that's not true (see the implemetnation of send_dg
+ and send_vc to see response can arrive in any order, particlarly
+ for UDP). However, we expect it holds roughly enough of the time
+ that this code works, but certainly needs to be fixed to make this
+ a more robust implementation.
+
+ ----------------------------------------------
+ | Answer 1 Status / | Synthesized | Reason |
+ | Answer 2 Status | Status | |
+ |--------------------------------------------|
+ | SUCCESS/SUCCESS | SUCCESS | [1] |
+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] |
+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] |
+ | SUCCESS/NOTFOUND | SUCCESS | [1] |
+ | SUCCESS/UNAVAIL | SUCCESS | [1] |
+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] |
+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] |
+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] |
+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] |
+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] |
+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] |
+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] |
+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] |
+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] |
+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] |
+ | NOTFOUND/SUCCESS | SUCCESS | [3] |
+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] |
+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] |
+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] |
+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] |
+ | UNAVAIL/SUCCESS | UNAVAIL | [4] |
+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] |
+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] |
+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] |
+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] |
+ ----------------------------------------------
+
+ [1] If the first response is a success we return success.
+ This ignores the state of the second answer and in fact
+ incorrectly sets errno and h_errno to that of the second
+ answer. However because the response is a success we ignore
+ *errnop and *h_errnop (though that means you touched errno on
+ success). We are being conservative here and returning the
+ likely IPv4 response in the first answer as a success.
+
+ [2] If the first response is a recoverable TRYAGAIN we return
+ that instead of looking at the second response. The
+ expectation here is that we have failed to get an IPv4 response
+ and should retry both queries.
+
+ [3] If the first response was not a SUCCESS and the second
+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
+ result from the second response, otherwise the first responses
+ status is used. Again we have some odd side-effects when the
+ second response is NOTFOUND because we overwrite *errnop and
+ *h_errnop that means that a first answer of NOTFOUND might see
+ its *errnop and *h_errnop values altered. Whether it matters
+ in practice that a first response NOTFOUND has the wrong
+ *errnop and *h_errnop is undecided.
+
+ [4] If the first response is UNAVAIL we return that instead of
+ looking at the second response. The expectation here is that
+ it will have failed similarly e.g. configuration failure.
+
+ [5] Testing this code is complicated by the fact that truncated
+ second response buffers might be returned as SUCCESS if the
+ first answer is a SUCCESS. To fix this we add symmetry to
+ TRYAGAIN with the second response. If the second response
+ is a recoverable error we now return TRYAGIN even if the first
+ response was SUCCESS. */
+
if (anslen1 > 0)
status = gaih_getanswer_slice(answer1, anslen1, qname,
&pat, &buffer, &buflen,
errnop, h_errnop, ttlp,
&first);
+
if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
|| (status == NSS_STATUS_TRYAGAIN
/* We want to look at the second answer in case of an
@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1,
&pat, &buffer, &buflen,
errnop, h_errnop, ttlp,
&first);
+ /* Use the second response status in some cases. */
if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
status = status2;
+ /* Do not return a truncated second response (unless it was
+ unavoidable e.g. unrecoverable TRYAGAIN). */
+ if (status == NSS_STATUS_SUCCESS
+ && (status2 == NSS_STATUS_TRYAGAIN
+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
+ status = NSS_STATUS_TRYAGAIN;
}
return status;
Index: b/resolv/res_query.c
===================================================================
--- a/resolv/res_query.c
+++ b/resolv/res_query.c
@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
}
@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
{
free (*answerp2);
*answerp2 = NULL;
+ *nanswerp2 = 0;
*answerp2_malloced = 0;
}
if (saved_herrno != -1)
Index: b/resolv/res_send.c
===================================================================
--- a/resolv/res_send.c
+++ b/resolv/res_send.c
@@ -1,3 +1,20 @@
+/* Copyright (C) 2016 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
/*
* Copyright (c) 1985, 1989, 1993
* The Regents of the University of California. All rights reserved.
@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const
#ifdef USE_HOOKS
if (__glibc_unlikely (statp->qhook || statp->rhook)) {
if (anssiz < MAXPACKET && ansp) {
+ /* Always allocate MAXPACKET, callers expect
+ this specific size. */
u_char *buf = malloc (MAXPACKET);
if (buf == NULL)
return (-1);
@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend)
/* Private */
+/* The send_vc function is responsible for sending a DNS query over TCP
+ to the nameserver numbered NS from the res_state STATP i.e.
+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and
+ IPv6 queries at the same serially on the same socket.
+
+ Please note that for TCP there is no way to disable sending both
+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
+ and sends the queries serially and waits for the result after each
+ sent query. This implemetnation should be corrected to honour these
+ options.
+
+ Please also note that for TCP we send both queries over the same
+ socket one after another. This technically violates best practice
+ since the server is allowed to read the first query, respond, and
+ then close the socket (to service another client). If the server
+ does this, then the remaining second query in the socket data buffer
+ will cause the server to send the client an RST which will arrive
+ asynchronously and the client's OS will likely tear down the socket
+ receive buffer resulting in a potentially short read and lost
+ response data. This will force the client to retry the query again,
+ and this process may repeat until all servers and connection resets
+ are exhausted and then the query will fail. It's not known if this
+ happens with any frequency in real DNS server implementations. This
+ implementation should be corrected to use two sockets by default for
+ parallel queries.
+
+ The query stored in BUF of BUFLEN length is sent first followed by
+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
+ serially on the same socket.
+
+ Answers to the query are stored firstly in *ANSP up to a max of
+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
+ is non-NULL (to indicate that modifying the answer buffer is allowed)
+ then malloc is used to allocate a new response buffer and ANSCP and
+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
+ are needed but ANSCP is NULL, then as much of the response as
+ possible is read into the buffer, but the results will be truncated.
+ When truncation happens because of a small answer buffer the DNS
+ packets header feild TC will bet set to 1, indicating a truncated
+ message and the rest of the socket data will be read and discarded.
+
+ Answers to the query are stored secondly in *ANSP2 up to a max of
+ *ANSSIZP2 bytes, with the actual response length stored in
+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
+ is non-NULL (required for a second query) then malloc is used to
+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
+ size and *ANSP2_MALLOCED is set to 1.
+
+ The ANSP2_MALLOCED argument will eventually be removed as the
+ change in buffer pointer can be used to detect the buffer has
+ changed and that the caller should use free on the new buffer.
+
+ Note that the answers may arrive in any order from the server and
+ therefore the first and second answer buffers may not correspond to
+ the first and second queries.
+
+ It is not supported to call this function with a non-NULL ANSP2
+ but a NULL ANSCP. Put another way, you can call send_vc with a
+ single unmodifiable buffer or two modifiable buffers, but no other
+ combination is supported.
+
+ It is the caller's responsibility to free the malloc allocated
+ buffers by detecting that the pointers have changed from their
+ original values i.e. *ANSCP or *ANSP2 has changed.
+
+ If errors are encountered then *TERRNO is set to an appropriate
+ errno value and a zero result is returned for a recoverable error,
+ and a less-than zero result is returned for a non-recoverable error.
+
+ If no errors are encountered then *TERRNO is left unmodified and
+ a the length of the first response in bytes is returned. */
static int
send_vc(res_state statp,
const u_char *buf, int buflen, const u_char *buf2, int buflen2,
@@ -669,11 +759,7 @@ send_vc(res_state statp,
{
const HEADER *hp = (HEADER *) buf;
const HEADER *hp2 = (HEADER *) buf2;
- u_char *ans = *ansp;
- int orig_anssizp = *anssizp;
- // XXX REMOVE
- // int anssiz = *anssizp;
- HEADER *anhp = (HEADER *) ans;
+ HEADER *anhp = (HEADER *) *ansp;
struct sockaddr *nsap = get_nsaddr (statp, ns);
int truncating, connreset, n;
/* On some architectures compiler might emit a warning indicating
@@ -766,6 +852,8 @@ send_vc(res_state statp,
* Receive length & response
*/
int recvresp1 = 0;
+ /* Skip the second response if there is no second query.
+ To do that we mark the second response as received. */
int recvresp2 = buf2 == NULL;
uint16_t rlen16;
read_len:
@@ -802,40 +890,14 @@ send_vc(res_state statp,
u_char **thisansp;
int *thisresplenp;
if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
+ /* We have not received any responses
+ yet or we only have one response to
+ receive. */
thisanssizp = anssizp;
thisansp = anscp ?: ansp;
assert (anscp != NULL || ansp2 == NULL);
thisresplenp = &resplen;
} else {
- if (*anssizp != MAXPACKET) {
- /* No buffer allocated for the first
- reply. We can try to use the rest
- of the user-provided buffer. */
-#if __GNUC_PREREQ (4, 7)
- DIAG_PUSH_NEEDS_COMMENT;
- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
-#endif
-#if _STRING_ARCH_unaligned
- *anssizp2 = orig_anssizp - resplen;
- *ansp2 = *ansp + resplen;
-#else
- int aligned_resplen
- = ((resplen + __alignof__ (HEADER) - 1)
- & ~(__alignof__ (HEADER) - 1));
- *anssizp2 = orig_anssizp - aligned_resplen;
- *ansp2 = *ansp + aligned_resplen;
-#endif
-#if __GNUC_PREREQ (4, 7)
- DIAG_POP_NEEDS_COMMENT;
-#endif
- } else {
- /* The first reply did not fit into the
- user-provided buffer. Maybe the second
- answer will. */
- *anssizp2 = orig_anssizp;
- *ansp2 = *ansp;
- }
-
thisanssizp = anssizp2;
thisansp = ansp2;
thisresplenp = resplen2;
@@ -843,10 +905,14 @@ send_vc(res_state statp,
anhp = (HEADER *) *thisansp;
*thisresplenp = rlen;
- if (rlen > *thisanssizp) {
- /* Yes, we test ANSCP here. If we have two buffers
- both will be allocatable. */
- if (__glibc_likely (anscp != NULL)) {
+ /* Is the answer buffer too small? */
+ if (*thisanssizp < rlen) {
+ /* If the current buffer is non-NULL and it's not
+ pointing at the static user-supplied buffer then
+ we can reallocate it. */
+ if (thisansp != NULL && thisansp != ansp) {
+ /* Always allocate MAXPACKET, callers expect
+ this specific size. */
u_char *newp = malloc (MAXPACKET);
if (newp == NULL) {
*terrno = ENOMEM;
@@ -858,6 +924,9 @@ send_vc(res_state statp,
if (thisansp == ansp2)
*ansp2_malloced = 1;
anhp = (HEADER *) newp;
+ /* A uint16_t can't be larger than MAXPACKET
+ thus it's safe to allocate MAXPACKET but
+ read RLEN bytes instead. */
len = rlen;
} else {
Dprint(statp->options & RES_DEBUG,
@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in
return 1;
}
+/* The send_dg function is responsible for sending a DNS query over UDP
+ to the nameserver numbered NS from the res_state STATP i.e.
+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries
+ along with the ability to send the query in parallel for both stacks
+ (default) or serially (RES_SINGLKUP). It also supports serial lookup
+ with a close and reopen of the socket used to talk to the server
+ (RES_SNGLKUPREOP) to work around broken name servers.
+
+ The query stored in BUF of BUFLEN length is sent first followed by
+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
+
+ Answers to the query are stored firstly in *ANSP up to a max of
+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
+ is non-NULL (to indicate that modifying the answer buffer is allowed)
+ then malloc is used to allocate a new response buffer and ANSCP and
+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
+ are needed but ANSCP is NULL, then as much of the response as
+ possible is read into the buffer, but the results will be truncated.
+ When truncation happens because of a small answer buffer the DNS
+ packets header feild TC will bet set to 1, indicating a truncated
+ message, while the rest of the UDP packet is discarded.
+
+ Answers to the query are stored secondly in *ANSP2 up to a max of
+ *ANSSIZP2 bytes, with the actual response length stored in
+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
+ is non-NULL (required for a second query) then malloc is used to
+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
+ size and *ANSP2_MALLOCED is set to 1.
+
+ The ANSP2_MALLOCED argument will eventually be removed as the
+ change in buffer pointer can be used to detect the buffer has
+ changed and that the caller should use free on the new buffer.
+
+ Note that the answers may arrive in any order from the server and
+ therefore the first and second answer buffers may not correspond to
+ the first and second queries.
+
+ It is not supported to call this function with a non-NULL ANSP2
+ but a NULL ANSCP. Put another way, you can call send_vc with a
+ single unmodifiable buffer or two modifiable buffers, but no other
+ combination is supported.
+
+ It is the caller's responsibility to free the malloc allocated
+ buffers by detecting that the pointers have changed from their
+ original values i.e. *ANSCP or *ANSP2 has changed.
+
+ If an answer is truncated because of UDP datagram DNS limits then
+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1
+ if any progress was made reading a response from the nameserver and
+ is used by the caller to distinguish between ECONNREFUSED and
+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
+
+ If errors are encountered then *TERRNO is set to an appropriate
+ errno value and a zero result is returned for a recoverable error,
+ and a less-than zero result is returned for a non-recoverable error.
+
+ If no errors are encountered then *TERRNO is left unmodified and
+ a the length of the first response in bytes is returned. */
static int
send_dg(res_state statp,
const u_char *buf, int buflen, const u_char *buf2, int buflen2,
@@ -1030,8 +1159,6 @@ send_dg(res_state statp,
{
const HEADER *hp = (HEADER *) buf;
const HEADER *hp2 = (HEADER *) buf2;
- u_char *ans = *ansp;
- int orig_anssizp = *anssizp;
struct timespec now, timeout, finish;
struct pollfd pfd[1];
int ptimeout;
@@ -1064,6 +1191,8 @@ send_dg(res_state statp,
int need_recompute = 0;
int nwritten = 0;
int recvresp1 = 0;
+ /* Skip the second response if there is no second query.
+ To do that we mark the second response as received. */
int recvresp2 = buf2 == NULL;
pfd[0].fd = EXT(statp).nssocks[ns];
pfd[0].events = POLLOUT;
@@ -1227,55 +1356,56 @@ send_dg(res_state statp,
int *thisresplenp;
if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
+ /* We have not received any responses
+ yet or we only have one response to
+ receive. */
thisanssizp = anssizp;
thisansp = anscp ?: ansp;
assert (anscp != NULL || ansp2 == NULL);
thisresplenp = &resplen;
} else {
- if (*anssizp != MAXPACKET) {
- /* No buffer allocated for the first
- reply. We can try to use the rest
- of the user-provided buffer. */
-#if _STRING_ARCH_unaligned
- *anssizp2 = orig_anssizp - resplen;
- *ansp2 = *ansp + resplen;
-#else
- int aligned_resplen
- = ((resplen + __alignof__ (HEADER) - 1)
- & ~(__alignof__ (HEADER) - 1));
- *anssizp2 = orig_anssizp - aligned_resplen;
- *ansp2 = *ansp + aligned_resplen;
-#endif
- } else {
- /* The first reply did not fit into the
- user-provided buffer. Maybe the second
- answer will. */
- *anssizp2 = orig_anssizp;
- *ansp2 = *ansp;
- }
-
thisanssizp = anssizp2;
thisansp = ansp2;
thisresplenp = resplen2;
}
if (*thisanssizp < MAXPACKET
- /* Yes, we test ANSCP here. If we have two buffers
- both will be allocatable. */
- && anscp
+ /* If the current buffer is non-NULL and it's not
+ pointing at the static user-supplied buffer then
+ we can reallocate it. */
+ && (thisansp != NULL && thisansp != ansp)
#ifdef FIONREAD
+ /* Is the size too small? */
&& (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
|| *thisanssizp < *thisresplenp)
#endif
) {
+ /* Always allocate MAXPACKET, callers expect
+ this specific size. */
u_char *newp = malloc (MAXPACKET);
if (newp != NULL) {
- *anssizp = MAXPACKET;
- *thisansp = ans = newp;
+ *thisanssizp = MAXPACKET;
+ *thisansp = newp;
if (thisansp == ansp2)
*ansp2_malloced = 1;
}
}
+ /* We could end up with truncation if anscp was NULL
+ (not allowed to change caller's buffer) and the
+ response buffer size is too small. This isn't a
+ reliable way to detect truncation because the ioctl
+ may be an inaccurate report of the UDP message size.
+ Therefore we use this only to issue debug output.
+ To do truncation accurately with UDP we need
+ MSG_TRUNC which is only available on Linux. We
+ can abstract out the Linux-specific feature in the
+ future to detect truncation. */
+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
+ Dprint(statp->options & RES_DEBUG,
+ (stdout, ";; response may be truncated (UDP)\n")
+ );
+ }
+
HEADER *anhp = (HEADER *) *thisansp;
socklen_t fromlen = sizeof(struct sockaddr_in6);
assert (sizeof(from) <= fromlen);

View File

@ -1,35 +0,0 @@
This changes the way _EXTERN_INLINE is defined so we can
avoid external definition errors.
https://lists.gnu.org/archive/html/bug-hurd/2014-04/msg00002.html
diff --git a/signal/sigsetops.c b/signal/sigsetops.c
index 0317662..b92c296 100644
--- a/signal/sigsetops.c
+++ b/signal/sigsetops.c
@@ -3,7 +3,9 @@
#include <features.h>
-#define _EXTERN_INLINE
+#ifndef _EXTERN_INLINE
+#define _EXTERN_INLINE __extern_inline
+#endif
#ifndef __USE_EXTERN_INLINES
# define __USE_EXTERN_INLINES 1
#endif
Link libmachuser and libhurduser automatically with libc, since they are
considered a standard part of the API in GNU-land.
--- a/Makerules
+++ b/Makerules
@@ -978,6 +978,9 @@
'$(libdir)/$(patsubst %,$(libtype.oS),$(libprefix)$(libc-name))'\
' AS_NEEDED (' $(rtlddir)/$(rtld-installed-name) ') )' \
) > $@.new
+ifeq ($(patsubst gnu%,,$(config-os)),)
+ echo 'INPUT ( AS_NEEDED ( -lmachuser -lhurduser ) )' >> $@.new
+endif
mv -f $@.new $@
endif

View File

@ -1,23 +0,0 @@
This patch avoids an assertion failure when incompatible locale data
is encountered:
https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html
--- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200
+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200
@@ -120,10 +120,11 @@
_nl_value_type_LC_XYZ array. There are all pointers. */
switch (category)
{
-#define CATTEST(cat) \
- case LC_##cat: \
- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \
- / sizeof (_nl_value_type_LC_##cat[0]))); \
+#define CATTEST(cat) \
+ case LC_##cat: \
+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \
+ / sizeof (_nl_value_type_LC_##cat[0]))) \
+ goto puntdata; \
break
CATTEST (NUMERIC);
CATTEST (TIME);

View File

@ -5,8 +5,8 @@ in a package separate from glibc.
2. Use '--no-archive' to avoid building the big locale archive, and
because the already-built 'localedef' would want to write it
to '/run/current-system/locale', which is not possible.
3. Pass $(localedir)/$$locale to install files in the right place, and
because otherwise, 'localedef' fails with:
3. Pass $(inst_complocaledir)/$$locale to install files in the right
place, and because otherwise, 'localedef' fails with:
"cannot write output files to `(null)'".
--- glibc-2.22/localedata/Makefile 1970-01-01 01:00:00.000000000 +0100
@ -25,7 +25,7 @@ in a package separate from glibc.
$(LOCALEDEF) --alias-file=../intl/locale.alias \
-i locales/$$input -c -f charmaps/$$charset \
- $(addprefix --prefix=,$(install_root)) $$locale \
+ $(addprefix --prefix=,$(install_root)) $(localedir)/$$locale \
+ $(addprefix --prefix=,$(install_root)) $(inst_complocaledir)/$$locale \
&& echo ' done'; \
tst-setlocale-ENV = LC_ALL=ja_JP.EUC-JP

View File

@ -1,21 +0,0 @@
Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
Origin: upstream
Bug-Debian: http://bugs.debian.org/703957
Forwarded: not-needed
--- libarchive-3.0.4.orig/libarchive/archive_write.c
+++ libarchive-3.0.4/libarchive/archive_write.c
@@ -665,8 +665,13 @@ static ssize_t
_archive_write_data(struct archive *_a, const void *buff, size_t s)
{
struct archive_write *a = (struct archive_write *)_a;
+ const size_t max_write = INT_MAX;
+
archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
ARCHIVE_STATE_DATA, "archive_write_data");
+ /* In particular, this catches attempts to pass negative values. */
+ if (s > max_write)
+ s = max_write;
archive_clear_error(&a->archive);
return ((a->format_write_data)(a, buff, s));
}

View File

@ -1,67 +0,0 @@
Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata)
Taken from upstream source repository:
https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
When reading OS X metadata entries in Zip archives that were stored
without compression, libarchive would use the uncompressed entry size
to allocate a buffer but would use the compressed entry size to limit
the amount of data copied into that buffer. Since the compressed
and uncompressed sizes are provided by data in the archive itself,
an attacker could manipulate these values to write data beyond
the end of the allocated buffer.
This fix provides three new checks to guard against such
manipulation and to make libarchive generally more robust when
handling this type of entry:
1. If an OS X metadata entry is stored without compression,
abort the entire archive if the compressed and uncompressed
data sizes do not match.
2. When sanity-checking the size of an OS X metadata entry,
abort this entry if either the compressed or uncompressed
size is larger than 4MB.
3. When copying data into the allocated buffer, check the copy
size against both the compressed entry size and uncompressed
entry size.
---
libarchive/archive_read_support_format_zip.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
index 0f8262c..0a0be96 100644
--- a/libarchive/archive_read_support_format_zip.c
+++ b/libarchive/archive_read_support_format_zip.c
@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
switch(rsrc->compression) {
case 0: /* No compression. */
+ if (rsrc->uncompressed_size != rsrc->compressed_size) {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+ "Malformed OS X metadata entry: inconsistent size");
+ return (ARCHIVE_FATAL);
+ }
#ifdef HAVE_ZLIB_H
case 8: /* Deflate compression. */
#endif
@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
(intmax_t)rsrc->uncompressed_size);
return (ARCHIVE_WARN);
}
+ if (rsrc->compressed_size > (4 * 1024 * 1024)) {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+ "Mac metadata is too large: %jd > 4M bytes",
+ (intmax_t)rsrc->compressed_size);
+ return (ARCHIVE_WARN);
+ }
metadata = malloc((size_t)rsrc->uncompressed_size);
if (metadata == NULL) {
@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
bytes_avail = remaining_bytes;
switch(rsrc->compression) {
case 0: /* No compression. */
+ if ((size_t)bytes_avail > metadata_bytes)
+ bytes_avail = metadata_bytes;
memcpy(mp, p, bytes_avail);
bytes_used = (size_t)bytes_avail;
metadata_bytes -= bytes_used;

View File

@ -1,74 +0,0 @@
commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d
Author: Pavel Raiskup <praiskup@redhat.com>
Date: Thu Jun 27 16:01:30 2013 +0200
Use ustar format in the test_option_b test
.. because the ustar archive does not store SELinux context. As the default
format for bsdtar is "restricted pax" (trying to store xattrs and other
things by default), the test failed on Fedora because our files have by
default SELinux context set. This results in additional data in tested
archive ~> and the test failed because the archive was unexpectedly big:
tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048
Reviewed by Konrad Kleine <konrad.wilhelm.kleine@gmail.com>
diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c
index be2ae65..6fea474 100644
--- a/tar/test/test_option_b.c
+++ b/tar/test/test_option_b.c
@@ -25,8 +25,14 @@
#include "test.h"
__FBSDID("$FreeBSD$");
+#define USTAR_OPT " --format=ustar"
+
DEFINE_TEST(test_option_b)
{
+ char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1);
+ strcpy(testprog_ustar, testprog);
+ strcat(testprog_ustar, USTAR_OPT);
+
assertMakeFile("file1", 0644, "file1");
if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) {
skipping("Platform doesn't have cat");
@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b)
/*
* Bsdtar does not pad if the output is going directly to a disk file.
*/
- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog));
+ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar));
failure("bsdtar does not pad archives written directly to regular files");
assertFileSize("archive1.tar", 2048);
assertEmptyFile("test1.out");
@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b)
* Bsdtar does pad to the block size if the output is going to a socket.
*/
/* Default is -b 20 */
- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog));
+ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar));
failure("bsdtar does pad archives written to pipes");
assertFileSize("archive2.tar", 10240);
assertEmptyFile("test2.err");
- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog));
+ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar));
assertFileSize("archive3.tar", 10240);
assertEmptyFile("test3.err");
- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog));
+ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar));
assertFileSize("archive4.tar", 5120);
assertEmptyFile("test4.err");
- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog));
+ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar));
assertFileSize("archive5.tar", 2048);
assertEmptyFile("test5.err");
- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog));
+ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar));
assertFileSize("archive6.tar", 4194304);
assertEmptyFile("test6.err");

View File

@ -1,83 +0,0 @@
Description: This patch fixes test cases for LZO write support in various
architectures, such as armhf. Writing a certain amount of files would
cause the LZO compressor level 9 to produce a bigger archive than the
default compressor level.
Author: Andres Mejia <amejia@debian.org>
--- a/libarchive/test/test_write_filter_lzop.c
+++ b/libarchive/test/test_write_filter_lzop.c
@@ -39,7 +39,7 @@
size_t buffsize, datasize;
char path[16];
size_t used1, used2;
- int i, r, use_prog = 0;
+ int i, r, use_prog = 0, filecount;
assert((a = archive_write_new()) != NULL);
r = archive_write_add_filter_lzop(a);
@@ -58,9 +58,10 @@
datasize = 10000;
assert(NULL != (data = (char *)calloc(1, datasize)));
+ filecount = 10;
/*
- * Write a 100 files and read them all back.
+ * Write a filecount files and read them all back.
*/
assert((a = archive_write_new()) != NULL);
assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a));
@@ -77,7 +78,7 @@
assert((ae = archive_entry_new()) != NULL);
archive_entry_set_filetype(ae, AE_IFREG);
archive_entry_set_size(ae, datasize);
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
archive_entry_copy_pathname(ae, path);
assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
@@ -97,7 +98,7 @@
} else {
assertEqualIntA(a, ARCHIVE_OK,
archive_read_open_memory(a, buff, used1));
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
if (!assertEqualInt(ARCHIVE_OK,
archive_read_next_header(a, &ae)))
@@ -133,7 +134,7 @@
archive_write_set_options(a, "lzop:compression-level=9"));
assertEqualIntA(a, ARCHIVE_OK,
archive_write_open_memory(a, buff, buffsize, &used2));
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
assert((ae = archive_entry_new()) != NULL);
archive_entry_copy_pathname(ae, path);
@@ -161,7 +162,7 @@
archive_read_support_filter_all(a));
assertEqualIntA(a, ARCHIVE_OK,
archive_read_open_memory(a, buff, used2));
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
if (!assertEqualInt(ARCHIVE_OK,
archive_read_next_header(a, &ae)))
@@ -186,7 +187,7 @@
archive_write_set_filter_option(a, NULL, "compression-level", "1"));
assertEqualIntA(a, ARCHIVE_OK,
archive_write_open_memory(a, buff, buffsize, &used2));
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
assert((ae = archive_entry_new()) != NULL);
archive_entry_copy_pathname(ae, path);
@@ -216,7 +217,7 @@
} else {
assertEqualIntA(a, ARCHIVE_OK,
archive_read_open_memory(a, buff, used2));
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
if (!assertEqualInt(ARCHIVE_OK,
archive_read_next_header(a, &ae)))

View File

@ -1,18 +0,0 @@
Description: Patch to fix filename length calculation when writing mtree archives.
Author: Dave Reisner <dreisner@archlinux.org>
Origin: upstream
--- a/libarchive/archive_write_set_format_mtree.c
+++ b/libarchive/archive_write_set_format_mtree.c
@@ -1855,9 +1855,9 @@
return (ret);
}
- /* Make a basename from dirname and slash */
+ /* Make a basename from file->parentdir.s and slash */
*slash = '\0';
- file->parentdir.length = slash - dirname;
+ file->parentdir.length = slash - file->parentdir.s;
archive_strcpy(&(file->basename), slash + 1);
return (ret);
}

View File

@ -1,146 +0,0 @@
This patch helps to integrate the Hurd's libpthread as a libc add-on.
It writes the configure file, removes an rpc call not yet
implemented on the version of gnumach we use and defines
a missing macro.
diff --git a/libpthread/configure b/libpthread/configure
new file mode 100644
index 0000000..2cdbc71
--- /dev/null
+++ b/libpthread/configure
@@ -0,0 +1,2 @@
+libc_add_on_canonical=libpthread
+libc_add_on_subdirs=.
--
1.9.0
We are using a version of GNU Mach that lacks 'thread_terminate_release'
(not introduced yet). The 'thread_terminate' RPC call will be enough for
our needs.
See <http://lists.gnu.org/archive/html/bug-hurd/2014-05/msg00127.html>.
diff --git a/libpthread/sysdeps/mach/pt-thread-terminate.c b/libpthread/sysdeps/mach/pt-thread-terminate.c
index 6672065..129a611 100644
--- a/libpthread/sysdeps/mach/pt-thread-terminate.c
+++ b/libpthread/sysdeps/mach/pt-thread-terminate.c
@@ -70,9 +70,9 @@ __pthread_thread_terminate (struct __pthread *thread)
__mach_port_destroy (__mach_task_self (), wakeup_port);
/* Terminate and release all that's left. */
- err = __thread_terminate_release (kernel_thread, mach_task_self (),
- kernel_thread, reply_port,
- stackaddr, stacksize);
+ /* err = __thread_terminate_release (kernel_thread, mach_task_self (), */
+ /* kernel_thread, reply_port, */
+ /* stackaddr, stacksize); */
/* The kernel does not support it yet. Leak but at least terminate
correctly. */
--
1.9.2
The __PTHREAD_SPIN_LOCK_INITIALIZER definition is missing, so we
define it to __SPIN_LOCK_INITIALIZER which already exists.
See <http://lists.gnu.org/archive/html/commit-hurd/2009-04/msg00006.html>.
diff --git a/libpthread/sysdeps/mach/bits/spin-lock.h b/libpthread/sysdeps/mach/bits/spin-lock.h
index 537dac9..fca0e5a 100644
--- a/libpthread/sysdeps/mach/bits/spin-lock.h
+++ b/libpthread/sysdeps/mach/bits/spin-lock.h
@@ -30,7 +30,7 @@ typedef __spin_lock_t __pthread_spinlock_t;
/* Initializer for a spin lock object. */
#ifndef __PTHREAD_SPIN_LOCK_INITIALIZER
-#error __PTHREAD_SPIN_LOCK_INITIALIZER undefined: should be defined by <lock-intern.h>.
+#define __PTHREAD_SPIN_LOCK_INITIALIZER __SPIN_LOCK_INITIALIZER
#endif
__END_DECLS
The version of the glibc we use doesn't include the shm-directory.c file and does
not yet support IS_IN.
See <https://lists.gnu.org/archive/html/bug-hurd/2015-03/msg00078.html>
diff --git a/libpthread/Makefile b/libpthread/Makefile
index 2906788..b8dee58 100644
--- a/libpthread/Makefile
+++ b/libpthread/Makefile
@@ -149,8 +149,6 @@ libpthread-routines := pt-attr pt-attr-destroy pt-attr-getdetachstate \
sem-post sem-timedwait sem-trywait sem-unlink \
sem-wait \
\
- shm-directory \
- \
cthreads-compat \
$(SYSDEPS)
--
2.3.6
diff --git a/libpthread/pthread/pt-create.c b/libpthread/pthread/pt-create.c
index d88afae..84044dc 100644
--- a/libpthread/pthread/pt-create.c
+++ b/libpthread/pthread/pt-create.c
@@ -28,7 +28,7 @@
#include <pt-internal.h>
-#if IS_IN (libpthread)
+#ifdef IS_IN_libpthread
# include <ctype.h>
#endif
#ifdef HAVE_USELOCALE
@@ -50,7 +50,7 @@ entry_point (struct __pthread *self, void *(*start_routine)(void *), void *arg)
__resp = &self->res_state;
#endif
-#if IS_IN (libpthread)
+#ifdef IS_IN_libpthread
/* Initialize pointers to locale data. */
__ctype_init ();
#endif
diff --git a/libpthread/pthread/pt-initialize.c b/libpthread/pthread/pt-initialize.c
index 9e5404b..b9cacbd 100644
--- a/libpthread/pthread/pt-initialize.c
+++ b/libpthread/pthread/pt-initialize.c
@@ -28,7 +28,7 @@
DEFINE_HOOK (__pthread_init, (void));
-#if IS_IN (libpthread)
+#ifdef IS_IN_libpthread
static const struct pthread_functions pthread_functions =
{
.ptr_pthread_attr_destroy = __pthread_attr_destroy,
@@ -81,7 +81,7 @@ static const struct pthread_functions pthread_functions =
void
___pthread_init (void)
{
-#if IS_IN (libpthread)
+#ifdef IS_IN_libpthread
__libc_pthread_init(&pthread_functions);
#endif
RUN_HOOK (__pthread_init, ());
diff --git a/libpthread/pthread/pt-internal.h b/libpthread/pthread/pt-internal.h
index 18b5b4c..8cdcfce 100644
--- a/libpthread/pthread/pt-internal.h
+++ b/libpthread/pthread/pt-internal.h
@@ -35,7 +35,7 @@
#include <pt-sysdep.h>
#include <pt-machdep.h>
-#if IS_IN (libpthread)
+#ifdef IS_IN_libpthread
# include <ldsodefs.h>
#endif
@@ -60,7 +60,7 @@ enum pthread_state
# define PTHREAD_SYSDEP_MEMBERS
#endif
-#if !(IS_IN (libpthread))
+#ifndef IS_IN_libpthread
#ifdef ENABLE_TLS
/* Type of the TCB. */
typedef struct

View File

@ -1,29 +0,0 @@
From 7ca19df892ca22d9314e95d59ce2abdeff46b617 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Thu, 29 Oct 2015 19:33:23 +0800
Subject: [PATCH] Fix for type confusion in preprocessing attributes
CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
We need to check that the parent node is an element before dereferencing
its namespace
---
libxslt/preproc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libxslt/preproc.c b/libxslt/preproc.c
index 0eb80a0..7f69325 100644
--- a/libxslt/preproc.c
+++ b/libxslt/preproc.c
@@ -2249,7 +2249,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
} else if (IS_XSLT_NAME(inst, "attribute")) {
xmlNodePtr parent = inst->parent;
- if ((parent == NULL) || (parent->ns == NULL) ||
+ if ((parent == NULL) ||
+ (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
((parent->ns != inst->ns) &&
(!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
(!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
--
2.6.3

View File

@ -0,0 +1,173 @@
This makes generated IDs deterministic.
Written by Daniel Veillard.
This should be fixed in next release (2.29).
See https://bugzilla.gnome.org/show_bug.cgi?id=751621.
diff --git a/libxslt/functions.c b/libxslt/functions.c
index 6448bde..5b00a6d 100644
--- a/libxslt/functions.c
+++ b/libxslt/functions.c
@@ -651,6 +651,63 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs)
}
/**
+ * xsltCleanupIds:
+ * @ctxt: the transformation context
+ * @root: the root of the resulting document
+ *
+ * This clean up ids which may have been saved in Element contents
+ * by xsltGenerateIdFunction() to provide stable IDs on elements.
+ *
+ * Returns the number of items cleaned or -1 in case of error
+ */
+int
+xsltCleanupIds(xsltTransformContextPtr ctxt, xmlNodePtr root) {
+ xmlNodePtr cur;
+ int count = 0;
+
+ if ((ctxt == NULL) || (root == NULL))
+ return(-1);
+ if (root->type != XML_ELEMENT_NODE)
+ return(-1);
+
+ cur = root;
+ while (cur != NULL) {
+ if (cur->type == XML_ELEMENT_NODE) {
+ if (cur->content != NULL) {
+ cur->content = NULL;
+ count++;
+ }
+ if (cur->children != NULL) {
+ cur = cur->children;
+ continue;
+ }
+ }
+ if (cur->next != NULL) {
+ cur = cur->next;
+ continue;
+ }
+ do {
+ cur = cur->parent;
+ if (cur == NULL)
+ break;
+ if (cur == (xmlNodePtr) root) {
+ cur = NULL;
+ break;
+ }
+ if (cur->next != NULL) {
+ cur = cur->next;
+ break;
+ }
+ } while (cur != NULL);
+ }
+
+fprintf(stderr, "Attributed %d IDs for element, cleaned up %d\n",
+ ctxt->nextid, count);
+
+ return(count);
+}
+
+/**
* xsltGenerateIdFunction:
* @ctxt: the XPath Parser context
* @nargs: the number of arguments
@@ -701,7 +758,39 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
if (obj)
xmlXPathFreeObject(obj);
- val = (long)((char *)cur - (char *)&base_address);
+ /*
+ * Try to provide stable ID for generated document:
+ * - usually ID are computed to be placed on elements via attributes
+ * so using the element as the node for the ID
+ * - the cur->content should be a correct placeholder for this, we use
+ * it to hold element node numbers in xmlXPathOrderDocElems to
+ * speed up XPath too
+ * - xsltCleanupIds() clean them up before handing the XSLT output
+ * to the API client.
+ * - other nodes types use the node address method but that should
+ * not end up in resulting document ID
+ * - we can enable this by default without risk of performance issues
+ * only the one pass xsltCleanupIds() is added
+ */
+ if (cur->type == XML_ELEMENT_NODE) {
+ if (cur->content == NULL) {
+ xsltTransformContextPtr tctxt;
+
+ tctxt = xsltXPathGetTransformContext(ctxt);
+ if (tctxt == NULL) {
+ val = (long)((char *)cur - (char *)&base_address);
+ } else {
+ tctxt->nextid++;
+ val = tctxt->nextid;
+ cur->content = (void *) (val);
+ }
+ } else {
+ val = (long) cur->content;
+ }
+ } else {
+ val = (long)((char *)cur - (char *)&base_address);
+ }
+
if (val >= 0) {
sprintf((char *)str, "idp%ld", val);
} else {
diff --git a/libxslt/functions.h b/libxslt/functions.h
index e0e0bf9..4a1e163 100644
--- a/libxslt/functions.h
+++ b/libxslt/functions.h
@@ -64,6 +64,13 @@ XSLTPUBFUN void XSLTCALL
int nargs);
/*
+ * Cleanup for ID generation
+ */
+XSLTPUBFUN int XSLTCALL
+ xsltCleanupIds (xsltTransformContextPtr ctxt,
+ xmlNodePtr root);
+
+/*
* And the registration
*/
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 24f9eb2..2bdf6bf 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -700,6 +700,7 @@ xsltNewTransformContext(xsltStylesheetPtr style, xmlDocPtr doc) {
cur->traceCode = (unsigned long*) &xsltDefaultTrace;
cur->xinclude = xsltGetXIncludeDefault();
cur->keyInitLevel = 0;
+ cur->nextid = 0;
return(cur);
@@ -6092,6 +6093,13 @@ xsltApplyStylesheetInternal(xsltStylesheetPtr style, xmlDocPtr doc,
if (root != NULL) {
const xmlChar *doctype = NULL;
+ /*
+ * cleanup ids which may have been saved in Elements content ptrs
+ */
+ if (ctxt->nextid != 0) {
+ xsltCleanupIds(ctxt, root);
+ }
+
if ((root->ns != NULL) && (root->ns->prefix != NULL))
doctype = xmlDictQLookup(ctxt->dict, root->ns->prefix, root->name);
if (doctype == NULL)
diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
index 95e8fe6..8eedae4 100644
--- a/libxslt/xsltInternals.h
+++ b/libxslt/xsltInternals.h
@@ -1786,6 +1786,8 @@ struct _xsltTransformContext {
int funcLevel; /* Needed to catch recursive functions issues */
int maxTemplateDepth;
int maxTemplateVars;
+
+ unsigned long nextid;/* for generating stable ids */
};
/**

View File

@ -1,51 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8629.patch?h=f22
From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 8 Jan 2016 12:45:25 -0500
Subject: [PATCH 1/3] Verify decoded kadmin C strings [CVE-2015-8629]
In xdr_nullstring(), check that the decoded string is terminated with
a zero byte and does not contain any internal zero bytes.
CVE-2015-8629:
In all versions of MIT krb5, an authenticated attacker can cause
kadmind to read beyond the end of allocated memory by sending a string
without a terminating zero byte. Information leakage may be possible
for an attacker with permission to modify the database.
CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C
ticket: 8341 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
---
src/lib/kadm5/kadm_rpc_xdr.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
index 2bef858..ba67084 100644
--- a/src/lib/kadm5/kadm_rpc_xdr.c
+++ b/src/lib/kadm5/kadm_rpc_xdr.c
@@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp)
return FALSE;
}
}
- return (xdr_opaque(xdrs, *objp, size));
+ if (!xdr_opaque(xdrs, *objp, size))
+ return FALSE;
+ /* Check that the unmarshalled bytes are a C string. */
+ if ((*objp)[size - 1] != '\0')
+ return FALSE;
+ if (memchr(*objp, '\0', size - 1) != NULL)
+ return FALSE;
+ return TRUE;
case XDR_ENCODE:
if (size != 0)
--
2.7.0.rc3

View File

@ -1,81 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8630.patch?h=f22
From b863de7fbf080b15e347a736fdda0a82d42f4f6b Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 8 Jan 2016 12:52:28 -0500
Subject: [PATCH 2/3] Check for null kadm5 policy name [CVE-2015-8630]
In kadm5_create_principal_3() and kadm5_modify_principal(), check for
entry->policy being null when KADM5_POLICY is included in the mask.
CVE-2015-8630:
In MIT krb5 1.12 and later, an authenticated attacker with permission
to modify a principal entry can cause kadmind to dereference a null
pointer by supplying a null policy value but including KADM5_POLICY in
the mask.
CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
ticket: 8342 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
---
src/lib/kadm5/srv/svr_principal.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 5b95fa3..1d4365c 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -395,6 +395,8 @@ kadm5_create_principal_3(void *server_handle,
/*
* Argument sanity checking, and opening up the DB
*/
+ if (entry == NULL)
+ return EINVAL;
if(!(mask & KADM5_PRINCIPAL) || (mask & KADM5_MOD_NAME) ||
(mask & KADM5_MOD_TIME) || (mask & KADM5_LAST_PWD_CHANGE) ||
(mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
@@ -403,12 +405,12 @@ kadm5_create_principal_3(void *server_handle,
return KADM5_BAD_MASK;
if ((mask & KADM5_KEY_DATA) && entry->n_key_data != 0)
return KADM5_BAD_MASK;
+ if((mask & KADM5_POLICY) && entry->policy == NULL)
+ return KADM5_BAD_MASK;
if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
return KADM5_BAD_MASK;
if((mask & ~ALL_PRINC_MASK))
return KADM5_BAD_MASK;
- if (entry == NULL)
- return EINVAL;
/*
* Check to see if the principal exists
@@ -643,6 +645,8 @@ kadm5_modify_principal(void *server_handle,
krb5_clear_error_message(handle->context);
+ if(entry == NULL)
+ return EINVAL;
if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
(mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
(mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
@@ -651,10 +655,10 @@ kadm5_modify_principal(void *server_handle,
return KADM5_BAD_MASK;
if((mask & ~ALL_PRINC_MASK))
return KADM5_BAD_MASK;
+ if((mask & KADM5_POLICY) && entry->policy == NULL)
+ return KADM5_BAD_MASK;
if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
return KADM5_BAD_MASK;
- if(entry == (kadm5_principal_ent_t) NULL)
- return EINVAL;
if (mask & KADM5_TL_DATA) {
tl_data_orig = entry->tl_data;
while (tl_data_orig) {
--
2.7.0.rc3

View File

@ -1,576 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-CVE-2015-8631.patch?h=f22
From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 8 Jan 2016 13:16:54 -0500
Subject: [PATCH 3/3] Fix leaks in kadmin server stubs [CVE-2015-8631]
In each kadmind server stub, initialize the client_name and
server_name variables, and release them in the cleanup handler. Many
of the stubs will otherwise leak the client and server name if
krb5_unparse_name() fails. Also make sure to free the prime_arg
variables in rename_principal_2_svc(), or we can leak the first one if
unparsing the second one fails. Discovered by Simo Sorce.
CVE-2015-8631:
In all versions of MIT krb5, an authenticated attacker can cause
kadmind to leak memory by supplying a null principal name in a request
which uses one. Repeating these requests will eventually cause
kadmind to exhaust all available memory.
CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
ticket: 8343 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
---
src/kadmin/server/server_stubs.c | 151 ++++++++++++++++++++-------------------
1 file changed, 77 insertions(+), 74 deletions(-)
diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
index 1879dc6..6ac797e 100644
--- a/src/kadmin/server/server_stubs.c
+++ b/src/kadmin/server/server_stubs.c
@@ -334,7 +334,8 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name, service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
@@ -382,10 +383,10 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
free_server_handle(handle);
return &ret;
}
@@ -395,7 +396,8 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name, service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
@@ -444,10 +446,10 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
free_server_handle(handle);
return &ret;
}
@@ -457,8 +459,8 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -501,10 +503,10 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
free_server_handle(handle);
return &ret;
}
@@ -514,8 +516,8 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
@@ -559,9 +561,9 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -570,10 +572,9 @@ generic_ret *
rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
- char *prime_arg1,
- *prime_arg2;
- gss_buffer_desc client_name,
- service_name;
+ char *prime_arg1 = NULL, *prime_arg2 = NULL;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
restriction_t *rp;
@@ -655,11 +656,11 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
free(prime_arg1);
free(prime_arg2);
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -669,8 +670,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
{
static gprinc_ret ret;
char *prime_arg, *funcname;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -719,9 +720,9 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -731,8 +732,8 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
{
static gprincs_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -777,9 +778,9 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -789,8 +790,8 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -840,9 +841,9 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -852,8 +853,8 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -909,9 +910,9 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -921,8 +922,8 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -969,9 +970,9 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -981,8 +982,8 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1029,9 +1030,9 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1041,8 +1042,8 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1092,9 +1093,9 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1106,8 +1107,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
krb5_keyblock *k;
int nkeys;
char *prime_arg, *funcname;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1164,9 +1165,9 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1178,8 +1179,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
krb5_keyblock *k;
int nkeys;
char *prime_arg, *funcname;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1241,9 +1242,9 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1253,8 +1254,8 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1295,9 +1296,9 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
if (errmsg != NULL)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1307,8 +1308,8 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1347,9 +1348,9 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
if (errmsg != NULL)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1359,8 +1360,8 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1400,9 +1401,9 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
if (errmsg != NULL)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1413,8 +1414,8 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
static gpol_ret ret;
kadm5_ret_t ret2;
char *prime_arg, *funcname;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_principal_ent_rec caller_ent;
kadm5_server_handle_t handle;
@@ -1475,9 +1476,9 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
log_unauth(funcname, prime_arg,
&client_name, &service_name, rqstp);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
@@ -1488,8 +1489,8 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
{
static gpols_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1531,9 +1532,9 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
if (errmsg != NULL)
krb5_free_error_message(handle->context, errmsg);
}
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1541,7 +1542,8 @@ exit_func:
getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
{
static getprivs_ret ret;
- gss_buffer_desc client_name, service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1571,9 +1573,9 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
if (errmsg != NULL)
krb5_free_error_message(handle->context, errmsg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1583,7 +1585,8 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg, *funcname;
- gss_buffer_desc client_name, service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
@@ -1629,9 +1632,9 @@ purgekeys_2_svc(purgekeys_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1641,8 +1644,8 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
{
static gstrings_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1688,9 +1691,9 @@ get_strings_2_svc(gstrings_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1700,8 +1703,8 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
{
static generic_ret ret;
char *prime_arg;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
OM_uint32 minor_stat;
kadm5_server_handle_t handle;
const char *errmsg = NULL;
@@ -1744,9 +1747,9 @@ set_string_2_svc(sstring_arg *arg, struct svc_req *rqstp)
krb5_free_error_message(handle->context, errmsg);
}
free(prime_arg);
+exit_func:
gss_release_buffer(&minor_stat, &client_name);
gss_release_buffer(&minor_stat, &service_name);
-exit_func:
free_server_handle(handle);
return &ret;
}
@@ -1754,8 +1757,8 @@ exit_func:
generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
{
static generic_ret ret;
- gss_buffer_desc client_name,
- service_name;
+ gss_buffer_desc client_name = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc service_name = GSS_C_EMPTY_BUFFER;
kadm5_server_handle_t handle;
OM_uint32 minor_stat;
const char *errmsg = NULL;
@@ -1797,10 +1800,10 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
rqstp->rq_cred.oa_flavor);
if (errmsg != NULL)
krb5_free_error_message(NULL, errmsg);
- gss_release_buffer(&minor_stat, &client_name);
- gss_release_buffer(&minor_stat, &service_name);
exit_func:
+ gss_release_buffer(&minor_stat, &client_name);
+ gss_release_buffer(&minor_stat, &service_name);
return(&ret);
}
--
2.7.0.rc3

View File

@ -1,49 +0,0 @@
Copied from Fedora.
http://pkgs.fedoraproject.org/cgit/rpms/krb5.git/tree/krb5-init_context_null_spnego.patch?h=f22
From 3beb564cea3d219efcf71682b6576cad548c2d23 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 5 Jan 2016 12:11:59 -0500
Subject: [PATCH] Check internal context on init context errors
If the mechanism deletes the internal context handle on error, the
mechglue must do the same with the union context, to avoid crashes if
the application calls other functions with this invalid union context.
[ghudson@mit.edu: edit commit message and code comment]
ticket: 8337 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
---
src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
index aaae767..9f154b8 100644
--- a/src/lib/gssapi/mechglue/g_init_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
@@ -224,12 +224,15 @@ OM_uint32 * time_rec;
if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
/*
- * the spec says (the preferred) method is to delete all
- * context info on the first call to init, and on all
- * subsequent calls make the caller responsible for
- * calling gss_delete_sec_context
+ * The spec says the preferred method is to delete all context info on
+ * the first call to init, and on all subsequent calls make the caller
+ * responsible for calling gss_delete_sec_context. However, if the
+ * mechanism decided to delete the internal context, we should also
+ * delete the union context.
*/
map_error(minor_status, mech);
+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
+ *context_handle = GSS_C_NO_CONTEXT;
if (*context_handle == GSS_C_NO_CONTEXT) {
free(union_ctx_id->mech_type->elements);
free(union_ctx_id->mech_type);
--
2.6.4

View File

@ -0,0 +1,40 @@
From aa9bd38d0a6fe53aff7f78fb2d9f61e55677c7b5 Mon Sep 17 00:00:00 2001
From: Craig Small <csmall@enc.com.au>
Date: Sun, 17 Apr 2016 09:09:41 +1000
Subject: [PATCH] tests: Conditionally add prctl to test process
prctl was already bypassed on Cygwin systems. This extends to
non-Linux systems such as kFreeBSD and Hurd.
---
lib/test_process.c | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/test_process.c b/lib/test_process.c
index 6e652ed..6a4776c 100644
--- a/lib/test_process.c
+++ b/lib/test_process.c
@@ -21,7 +21,9 @@
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
+#ifdef __linux__
#include <sys/prctl.h>
+#endif
#include "c.h"
#define DEFAULT_SLEEPTIME 300
@@ -78,8 +80,10 @@
sigaction(SIGUSR1, &signal_action, NULL);
sigaction(SIGUSR2, &signal_action, NULL);
+#ifdef __linux__
/* set process name */
prctl(PR_SET_NAME, MY_NAME, NULL, NULL, NULL);
+#endif
while (sleep_time > 0) {
sleep_time = sleep(sleep_time);
--
2.8.2

View File

@ -0,0 +1,87 @@
From e0c8341b3e4e13778bcde00d477e461ea8e94306 Mon Sep 17 00:00:00 2001
From: Stefan Westerfeld <stefan@space.twc.de>
Date: Fri, 22 Apr 2016 18:03:37 +0200
Subject: [PATCH 031/176] RCORE: compile fixes for KUbuntu 16.04/gcc
5.3.1-14ubuntu2
Rapicorn uses isnan(...) and isinf(...) from cmath.h, however on KUbuntu 16.04
it should use std::isnan(...) and std::isinf(...) instead. Patch below.
Acked-by: Tim Janik <timj@gnu.org>
---
rcore/strings.cc | 10 +++++-----
rcore/tests/benchrcore.cc | 4 ++--
rcore/tests/strings.cc | 4 ++--
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/rcore/strings.cc b/rcore/strings.cc
index d5b0216..8b3bc3f 100644
--- a/rcore/strings.cc
+++ b/rcore/strings.cc
@@ -437,7 +437,7 @@ static long double
libc_strtold (const char *nptr, char **endptr)
{
const long double result = strtold (nptr, endptr);
- if (isnan (result) && std::signbit (result) == 0)
+ if (std::isnan (result) && std::signbit (result) == 0)
{
const char *p = nptr;
while (isspace (*p))
@@ -500,9 +500,9 @@ string_to_double (const char *dblstring, const char **endptr)
String
string_from_float (float value)
{
- if (isnan (value))
+ if (std::isnan (value))
return std::signbit (value) ? "-NaN" : "+NaN";
- if (isinf (value))
+ if (std::isinf (value))
return std::signbit (value) ? "-Infinity" : "+Infinity";
return string_format ("%.7g", value);
}
@@ -511,9 +511,9 @@ string_from_float (float value)
String
string_from_double (double value)
{
- if (isnan (value))
+ if (std::isnan (value))
return std::signbit (value) ? "-NaN" : "+NaN";
- if (isinf (value))
+ if (std::isinf (value))
return std::signbit (value) ? "-Infinity" : "+Infinity";
return string_format ("%.17g", value);
}
diff --git a/rcore/tests/benchrcore.cc b/rcore/tests/benchrcore.cc
index 3899a08..12fde16 100644
--- a/rcore/tests/benchrcore.cc
+++ b/rcore/tests/benchrcore.cc
@@ -188,8 +188,8 @@ test_random_numbers()
const double rf = random_frange (989617512, 9876547656);
TASSERT (rf >= 989617512 && rf < 9876547656);
}
- TASSERT (isnan (random_frange (NAN, 1)));
- TASSERT (isnan (random_frange (0, NAN)));
+ TASSERT (std::isnan (random_frange (NAN, 1)));
+ TASSERT (std::isnan (random_frange (0, NAN)));
#if 0 // example penalty paid in random_int64()
size_t i, j = 0;
for (i = 0; i < 100; i++)
diff --git a/rcore/tests/strings.cc b/rcore/tests/strings.cc
index 468a6e6..dae3e3d 100644
--- a/rcore/tests/strings.cc
+++ b/rcore/tests/strings.cc
@@ -311,9 +311,9 @@ string_conversions (void)
TCMP (string_to_double ("-0.5"), ==, -0.5);
double tfloat;
tfloat = string_to_double ("+NAN");
- assert (isnan (tfloat) && std::signbit (tfloat) == 0);
+ assert (std::isnan (tfloat) && std::signbit (tfloat) == 0);
tfloat = string_to_double ("-NAN");
- assert (isnan (tfloat) && std::signbit (tfloat) == 1);
+ assert (std::isnan (tfloat) && std::signbit (tfloat) == 1);
TCMP (string_capitalize ("fOO bar"), ==, "Foo Bar");
TCMP (string_capitalize ("foo BAR BAZ", 2), ==, "Foo Bar BAZ");
}
--
2.9.1

View File

@ -1,33 +0,0 @@
commit e9ddc08da0982f36581ae5a8c7763453ff41cfe8
Author: Sergey Poznyakoff <gray@gnu.org>
Date: Thu Sep 25 00:22:16 2014 +0300
Bugfixes.
* doc/tar.1: Fix typo in font spec.
* src/tar.c (sort_mode_arg, sort_mode_flag): Protect "inode"
(SAVEDIR_SORT_INODE) with D_INO_IN_DIRENT
diff --git a/src/tar.c b/src/tar.c
index 225c624..f8102e0 100644
--- a/src/tar.c
+++ b/src/tar.c
@@ -1341,14 +1341,18 @@ static char filename_terminator;
static char const *const sort_mode_arg[] = {
"none",
"name",
+#if D_INO_IN_DIRENT
"inode",
+#endif
NULL
};
static int sort_mode_flag[] = {
SAVEDIR_SORT_NONE,
SAVEDIR_SORT_NAME,
+#if D_INO_IN_DIRENT
SAVEDIR_SORT_INODE
+#endif
};
ARGMATCH_VERIFY (sort_mode_arg, sort_mode_flag);

View File

@ -32,7 +32,6 @@
(package
(name "pcre")
(version "8.38")
(replacement pcre-fixed)
(source (origin
(method url-fetch)
(uri (list
@ -43,15 +42,18 @@
version "/pcre-" version ".tar.bz2")))
(sha256
(base32
"1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r"))))
"1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r"))
(patches (list (search-patch "pcre-CVE-2016-3191.patch")))))
(build-system gnu-build-system)
(outputs '("out"
(outputs '("out" ;library & headers
"bin" ;depends on Readline (adds 20MiB to the closure)
"doc")) ;1.8 MiB of HTML
(inputs `(("bzip2" ,bzip2)
("readline" ,readline)
("zlib" ,zlib)))
(arguments
`(#:configure-flags '("--enable-utf"
'(#:disallowed-references ("doc")
#:configure-flags '("--enable-utf"
"--enable-pcregrep-libz"
"--enable-pcregrep-libbz2"
"--enable-pcretest-libreadline"
@ -68,13 +70,6 @@ POSIX regular expression API.")
(license license:bsd-3)
(home-page "http://www.pcre.org/")))
(define pcre-fixed ;for CVE-2016-3191
(package
(inherit pcre)
(source (origin
(inherit (package-source pcre))
(patches (search-patches "pcre-CVE-2016-3191.patch"))))))
(define-public pcre2
(package
(name "pcre2")

View File

@ -88,7 +88,10 @@
`(#:tests? #f ; no test data provided with the tarball
#:configure-flags
'("--enable-xpdf-headers" ; to install header files
"--enable-zlib")
"--enable-zlib"
;; Saves 8 MiB of .a files.
"--disable-static")
#:phases
(alist-cons-before
'configure 'setenv
@ -509,10 +512,21 @@ and examining the file structure (pdfshow).")
(uri (string-append "mirror://sourceforge/qpdf/qpdf/" version
"/qpdf-" version ".tar.gz"))
(sha256 (base32
"1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm"))))
"1lq1v7xghvl6p4hgrwbps3a13ad6lh4ib3myimb83hxgsgd4n5nm"))
(modules '((guix build utils)))
(snippet
;; Replace shebang with the bi-lingual shell/Perl trick to remove
;; dependency on Perl.
'(substitute* "qpdf/fix-qdf"
(("#!/usr/bin/env perl")
"\
eval '(exit $?0)' && eval 'exec perl -wS \"$0\" ${1+\"$@\"}'
& eval 'exec perl -wS \"$0\" $argv:q'
if 0;\n")))))
(build-system gnu-build-system)
(arguments
'(#:phases (alist-cons-before
`(#:disallowed-references (,perl)
#:phases (alist-cons-before
'configure 'patch-paths
(lambda _
(substitute* "make/libtool.mk"
@ -524,12 +538,12 @@ and examining the file structure (pdfshow).")
(("/usr/bin/env") (which "env"))))
%standard-phases)))
(native-inputs
`(("pkg-config" ,pkg-config)))
`(("pkg-config" ,pkg-config)
("perl" ,perl)))
(propagated-inputs
`(("pcre" ,pcre)))
(inputs
`(("zlib" ,zlib)
("perl" ,perl)))
`(("zlib" ,zlib)))
(synopsis "Command-line tools and library for transforming PDF files")
(description
"QPDF is a command-line program that does structural, content-preserving

View File

@ -90,15 +90,7 @@
"-Dinstallstyle=lib/perl5"
"-Duseshrplib"
(string-append "-Dlocincpth=" libc "/include")
(string-append "-Dloclibpth=" libc "/lib")
;; Force the library search path to contain only libc
;; because it is recorded in Config.pm and
;; Config_heavy.pl; we don't want to keep a reference
;; to everything that's in $LIBRARY_PATH at build
;; time (Binutils, bzip2, file, etc.)
(string-append "-Dlibpth=" libc "/lib")
(string-append "-Dplibpth=" libc "/lib"))))))
(string-append "-Dloclibpth=" libc "/lib"))))))
(add-before
'strip 'make-shared-objects-writable
@ -109,7 +101,34 @@
(lib (string-append out "/lib")))
(for-each (lambda (dso)
(chmod dso #o755))
(find-files lib "\\.so$"))))))))
(find-files lib "\\.so$")))))
(add-after 'install 'remove-extra-references
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(libc (assoc-ref inputs "libc"))
(config1 (car (find-files (string-append out "/lib/perl5")
"^Config_heavy\\.pl$")))
(config2 (find-files (string-append out "/lib/perl5")
"^Config\\.pm$")))
;; Force the library search path to contain only libc because
;; it is recorded in Config.pm and Config_heavy.pl; we don't
;; want to keep a reference to everything that's in
;; $LIBRARY_PATH at build time (GCC, Binutils, bzip2, file,
;; etc.)
(substitute* config1
(("^incpth=.*$")
(string-append "incpth='" libc "/include'\n"))
(("^(libpth|plibpth|libspath)=.*$" _ variable)
(string-append variable "='" libc "/lib'\n")))
(for-each (lambda (file)
(substitute* config2
(("libpth => .*$")
(string-append "libpth => '" libc
"/lib',\n"))))
config2)
#t))))))
(native-search-paths (list (search-path-specification
(variable "PERL5LIB")
(files '("lib/perl5/site_perl")))))

View File

@ -186,7 +186,8 @@ colors, styles, options and details.")
;; "help" command in interactive mode, so adding a "doc" output is not
;; currently useful.
(native-inputs
`(("gs" ,ghostscript) ;For tests
`(("gs" ,ghostscript-gs) ;For tests
("gs-2" ,ghostscript) ;For dvipdfm
("texinfo" ,texinfo) ;For generating documentation
("texlive" ,texlive) ;For tests and documentation
("emacs" ,emacs-minimal)

View File

@ -2,6 +2,7 @@
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -135,6 +136,7 @@ rates.")
(arguments
`(#:configure-flags (list "--localstatedir=/var" ;"--sysconfdir=/etc"
"--disable-oss-output"
"--enable-bluez5"
(string-append "--with-udev-rules-dir="
(assoc-ref %outputs "out")
"/lib/udev/rules.d"))
@ -150,8 +152,9 @@ rates.")
%standard-phases)))
(inputs
;; TODO: Add optional inputs (GTK+?).
`(;; ("sbc" ,sbc)
("alsa-lib" ,alsa-lib)
`(("alsa-lib" ,alsa-lib)
("bluez" ,bluez)
("sbc" ,sbc)
("json-c" ,json-c)
("speex" ,speex)
("libsndfile" ,libsndfile)

View File

@ -101,7 +101,7 @@
(define-public python-2.7
(package
(name "python")
(version "2.7.10")
(version "2.7.11")
(source
(origin
(method url-fetch)
@ -109,56 +109,44 @@
version "/Python-" version ".tar.xz"))
(sha256
(base32
"1h7zbrf9pkj29hlm18b10548ch9757f75m64l47sy75rh43p7lqw"))
(patches (search-patches
"python-2.7-search-paths.patch"
"0iiz844riiznsyhhyy962710pz228gmhv8qi3yk4w4jhmx2lqawn"))
(patches (search-patches "python-2.7-search-paths.patch"
"python-2-deterministic-build-info.patch"
"python-2.7-source-date-epoch.patch"))))
"python-2.7-source-date-epoch.patch"))
(modules '((guix build utils)))
;; suboptimal to delete failing tests here, but if we delete them in the
;; arguments then we need to make sure to strip out that phase when it
;; gets inherited by python and python-minimal.
(snippet
'(begin
(for-each delete-file
'("Lib/test/test_compileall.py"
"Lib/test/test_distutils.py"
"Lib/test/test_import.py"
"Lib/test/test_shutil.py"
"Lib/test/test_socket.py"
"Lib/test/test_subprocess.py"))
#t))))
(outputs '("out"
"tk")) ;tkinter; adds 50 MiB to the closure
(build-system gnu-build-system)
(arguments
`(#:tests? #f
;; 268 tests OK.
;; 103 tests failed:
;; test_distutils test_shutil test_signal test_site test_slice
;; test_smtplib test_smtpnet test_socket test_socketserver
;; test_softspace test_sort test_spwd test_sqlite test_ssl
;; test_startfile test_stat test_str test_strftime test_string
;; test_stringprep test_strop test_strptime test_strtod test_struct
;; test_structmembers test_structseq test_subprocess test_sunau
;; test_sunaudiodev test_sundry test_symtable test_syntax test_sys
;; test_sys_setprofile test_sys_settrace test_sysconfig test_tarfile
;; test_tcl test_telnetlib test_tempfile test_textwrap test_thread
;; test_threaded_import test_threadedtempfile test_threading
;; test_threading_local test_threadsignals test_time test_timeit
;; test_timeout test_tk test_tokenize test_tools test_trace
;; test_traceback test_transformer test_ttk_guionly test_ttk_textonly
;; test_tuple test_typechecks test_ucn test_unary
;; test_undocumented_details test_unicode test_unicode_file
;; test_unicodedata test_univnewlines test_univnewlines2k test_unpack
;; test_urllib test_urllib2 test_urllib2_localnet test_urllib2net
;; test_urllibnet test_urlparse test_userdict test_userlist
;; test_userstring test_uu test_uuid test_wait3 test_wait4
;; test_warnings test_wave test_weakref test_weakset test_whichdb
;; test_winreg test_winsound test_with test_wsgiref test_xdrlib
;; test_xml_etree test_xml_etree_c test_xmllib test_xmlrpc
;; test_xpickle test_xrange test_zipfile test_zipfile64
;; test_zipimport test_zipimport_support test_zlib
;; 30 tests skipped:
`(;; 356 tests OK.
;; 6 tests failed:
;; test_compileall test_distutils test_import test_shutil test_socket
;; test_subprocess
;; 39 tests skipped:
;; test_aepack test_al test_applesingle test_bsddb test_bsddb185
;; test_bsddb3 test_cd test_cl test_codecmaps_cn test_codecmaps_hk
;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_crypt
;; test_curses test_dl test_gdb test_gl test_idle test_imageop
;; test_imgfile test_ioctl test_kqueue test_linuxaudiodev test_macos
;; test_macostools test_msilib test_nis test_ossaudiodev
;; test_scriptpackages
;; 6 skips unexpected on linux2:
;; test_bsddb test_bsddb3 test_crypt test_gdb test_idle test_ioctl
;; One of the typical errors:
;; test_unicode
;; test test_unicode crashed -- <type 'exceptions.OSError'>: [Errno 2] No
;; such file or directory
;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_curses
;; test_dl test_gdb test_gl test_imageop test_imgfile test_ioctl
;; test_kqueue test_linuxaudiodev test_macos test_macostools
;; test_msilib test_ossaudiodev test_scriptpackages test_smtpnet
;; test_socketserver test_startfile test_sunaudiodev test_timeout
;; test_tk test_ttk_guionly test_urllib2net test_urllibnet
;; test_winreg test_winsound test_zipfile64
;; 4 skips unexpected on linux2:
;; test_bsddb test_bsddb3 test_gdb test_ioctl
#:test-target "test"
#:configure-flags
(list "--enable-shared" ;allow embedding
@ -208,6 +196,13 @@
(lambda _
;; 'Lib/test/test_site.py' needs a valid $HOME
(setenv "HOME" (getcwd))
,@(if (string-prefix? "mips64el" (%current-system))
;; XXX: The following test fails on mips64el.
'((false-if-exception
(delete-file "Lib/test/test_ctypes.py")))
'())
#t))
(add-after
'unpack 'set-source-file-times-to-1980
@ -221,6 +216,37 @@
(utime file circa-1980 circa-1980)
#t))
#t)))
(add-after 'install 'remove-tests
;; Remove 25 MiB of unneeded unit tests. Keep test_support.*
;; because these files are used by some libraries out there.
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(match (scandir (string-append out "/lib")
(lambda (name)
(string-prefix? "python" name)))
((pythonX.Y)
(let ((testdir (string-append out "/lib/" pythonX.Y
"/test")))
(with-directory-excursion testdir
(for-each delete-file-recursively
(scandir testdir
(match-lambda
((or "." "..") #f)
(file
(not
(string-prefix? "test_support."
file))))))
(call-with-output-file "__init__.py" (const #t))
#t)))))))
(add-before 'strip 'make-libraries-writable
(lambda* (#:key outputs #:allow-other-keys)
;; Make .so files writable so they can be stripped.
(let ((out (assoc-ref outputs "out")))
(for-each (lambda (file)
(chmod file #o755))
(find-files (string-append out "/lib")
"\\.so"))
#t)))
(add-after 'install 'move-tk-inter
(lambda* (#:key outputs #:allow-other-keys)
;; When Tkinter support is built move it to a separate output so
@ -353,8 +379,8 @@ data types.")
(lambda (old new)
(symlink (string-append python old)
(string-append bin "/" new)))
`("python3" ,"pydoc3" ,"idle3")
`("python" ,"pydoc" ,"idle"))))))
'("python3" "pydoc3" "idle3")
'("python" "pydoc" "idle"))))))
(synopsis "Wrapper for the Python 3 commands")
(description
"This package provides wrappers for the commands of Python@tie{}3.x such
@ -3646,14 +3672,14 @@ simple and Pythonic domain language.")
(define-public python-alembic
(package
(name "python-alembic")
(version "0.8.4")
(version "0.8.7")
(source
(origin
(method url-fetch)
(uri (pypi-uri "alembic" version))
(sha256
(base32
"0jk23a852l3ybv7gfz81xzslyrnqnpjds5x15zd234y9rh9gq1w5"))))
"0ias6fdzwr2s220fnjspkdgm9510bd0cnap0hx5y4zy4srba9f3z"))))
(build-system python-build-system)
(native-inputs
`(("python-mock" ,python-mock)

View File

@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
;;; Copyright © 2015, 2016 Federico Beffa <beffa@fbengineering.ch>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
@ -23,17 +23,23 @@
(define-module (gnu packages scheme)
#:use-module (gnu packages)
#:use-module ((guix licenses) #:hide (openssl))
#:use-module ((guix licenses)
#:select (gpl2+ lgpl2.0+ lgpl2.1+ asl2.0 bsd-3
cc-by-sa4.0))
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
#:use-module (gnu packages compression)
#:use-module (gnu packages m4)
#:use-module (gnu packages multiprecision)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages databases)
#:use-module (gnu packages emacs)
#:use-module (gnu packages ghostscript)
#:use-module (gnu packages netpbm)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages tex)
#:use-module (gnu packages base)
@ -587,6 +593,160 @@ an isolated heap allowing multiple VMs to run simultaneously in different OS
threads.")
(license bsd-3)))
(define nanopass
(let ((version "1.9"))
(origin
(method url-fetch)
(uri (string-append
"https://github.com/nanopass/nanopass-framework-scheme/archive"
"/v" version ".tar.gz"))
(sha256 (base32 "11pwyy4jiwhcl2am3a4ciczacjbjkyvdizqzdglb3l1hj2gj6nv2"))
(file-name (string-append "nanopass-" version ".tar.gz")))))
(define stex
(let ((version "1.2.1"))
(origin
(method url-fetch)
(uri (string-append
"https://github.com/dybvig/stex/archive"
"/v" version ".tar.gz"))
(sha256 (base32 "03pl3f668h24dn51vccr1sj5lsba9zq3j37bnxjvdadcdaj4qy5z"))
(file-name (string-append "stex-" version ".tar.gz")))))
(define-public chez-scheme
(package
(name "chez-scheme")
(version "9.4")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/cisco/ChezScheme/archive/"
"v" version ".tar.gz"))
(sha256
(base32 "0lprmpsjg2plc6ykgkz482zyvhkzv6gd0vnar71ph21h6zknyklz"))
(file-name (string-append "chez-scheme-" version ".tar.gz"))))
(build-system gnu-build-system)
(inputs
`(("ncurses" ,ncurses)
("libx11" ,libx11)
("xorg-rgb" ,xorg-rgb)
("nanopass" ,nanopass)
("zlib" ,zlib)
("stex" ,stex)))
(native-inputs
`(("texlive" ,texlive)
("ghostscript" ,ghostscript-gs)
("netpbm" ,netpbm)))
(outputs '("out" "doc"))
(arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
(ice-9 match))
#:test-target "test"
#:phases
(modify-phases %standard-phases
;; Adapt the custom 'configure' script.
(replace 'configure
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))
(nanopass (assoc-ref inputs "nanopass"))
(stex (assoc-ref inputs "stex"))
(zlib (assoc-ref inputs "zlib"))
(unpack (assoc-ref %standard-phases 'unpack))
(patch-source-shebangs
(assoc-ref %standard-phases 'patch-source-shebangs)))
(map (match-lambda
((src orig-name new-name)
(with-directory-excursion "."
(apply unpack (list #:source src))
(apply patch-source-shebangs (list #:source src)))
(delete-file-recursively new-name)
(system* "mv" orig-name new-name)))
`((,nanopass "nanopass-framework-scheme-1.9" "nanopass")
(,stex "stex-1.2.1" "stex")))
;; The Makefile wants to download and compile "zlib". We patch
;; it to use the one from our 'zlib' package.
(substitute* "configure"
(("rmdir zlib .*$") "echo \"using system zlib\"\n"))
(substitute* (find-files "./c" "Mf-[a-zA-Z0-9.]+")
(("\\$\\{Kernel\\}: \\$\\{kernelobj\\} \\.\\./zlib/libz\\.a")
"${Kernel}: ${kernelobj}")
(("ld -melf_x86_64 -r -X -o \\$\\{Kernel\\} \\$\\{kernelobj\\} \\.\\./zlib/libz\\.a")
(string-append "ld -melf_x86_64 -r -X -o ${Kernel} ${kernelobj} "
zlib "/lib/libz.a"))
(("\\(cd \\.\\./zlib; CFLAGS=-m64 \\./configure --64)")
(which "true"))
(("(cd \\.\\./zlib; make)")
(which "true")))
(substitute* (find-files "mats" "Mf-.*")
(("^[[:space:]]+(cc ) *") "\tgcc "))
(substitute*
(find-files "." (string-append
"("
"Mf-[a-zA-Z0-9.]+"
"|Makefile[a-zA-Z0-9.]*"
"|checkin"
"|stex\\.stex"
"|newrelease"
"|workarea"
;;"|[a-zA-Z0-9.]+\\.ms" ; guile can't read
")"))
(("/bin/rm") (which "rm"))
(("/bin/ln") (which "ln"))
(("/bin/cp") (which "cp")))
(substitute* "makefiles/installsh"
(("/bin/true") (which "true")))
(substitute* "stex/Makefile"
(("PREFIX=/usr") (string-append "PREFIX=" out)))
(zero? (system* "./configure" "--threads"
(string-append "--installprefix=" out))))))
;; Installation of the documentation requires a running "chez".
(add-after 'install 'install-doc
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((bin (string-append (assoc-ref outputs "out") "/bin"))
(doc (string-append (assoc-ref outputs "doc")
"/share/doc/" ,name "-" ,version)))
(setenv "HOME" (getcwd))
(setenv "PATH" (string-append (getenv "PATH") ":" bin))
(with-directory-excursion "stex"
(system* "make" (string-append "BIN=" bin)))
(system* "make" "docs")
(with-directory-excursion "csug"
(substitute* "Makefile"
(("/tmp/csug9") doc)
(("^m = a6le")
"m := $(shell echo '(machine-type)' | scheme -q)"))
(system* "make" "install")
(install-file "csug.pdf" doc))
(with-directory-excursion "release_notes"
(install-file "release_notes.pdf" doc))
#t)))
;; The binary file name is called "scheme" as the one from MIT/GNU
;; Scheme. We add a symlink to use in case both are installed.
(add-after 'install 'install-symlink
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(bin (string-append out "/bin"))
(lib (string-append out "/lib"))
(name "chez-scheme"))
(symlink (string-append bin "/scheme")
(string-append bin "/" name))
(map (lambda (file)
(symlink file (string-append (dirname file)
"/" name ".boot")))
(find-files lib "scheme.boot"))
#t))))))
;; According to the documentation MIPS is not supported.
(supported-systems (delete "mips64el-linux" %supported-systems))
(home-page "http://www.scheme.com")
(synopsis "R6RS Scheme compiler and run-time")
(description
"Chez Scheme is a compiler and run-time system for the language of the
Revised^6 Report on Scheme (R6RS), with numerous extensions. The compiler
generates native code for each target processor, with support for x86, x86_64,
and 32-bit PowerPC architectures.")
(license asl2.0)))
(define-public scmutils
(let ()
(define (system-suffix)

View File

@ -63,7 +63,8 @@
#:parallel-build? #f))
(native-inputs `(("pkg-config" ,pkg-config)))
(native-inputs `(("pkg-config" ,pkg-config)
("ghostscript-gs" , ghostscript-gs)))
(inputs `(("guile" ,guile-2.0)
("imagemagick" ,imagemagick)

View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
@ -41,10 +41,9 @@
(base32
"0g1a69vrqxgsnr1wkx851ljn73a2x3jqzxa66s2l3w0kyblbjk4z"))))
(build-system gnu-build-system)
(native-inputs `(("boost" ,boost)))
(inputs `(("pcre" ,pcre)
;; Provide these to run the corresponding tests.
(native-inputs `(("boost" ,boost)
("pcre" ,pcre "bin"))) ;for 'pcre-config'
(inputs `(;; Provide these to run the corresponding tests.
("guile" ,guile-2.0)
("perl" ,perl)))
;; FIXME: reactivate input python as soon as the test failures

View File

@ -4,6 +4,7 @@
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Federico Beffa <beffa@fbengineering.ch>
;;;
;;; This file is part of GNU Guix.
;;;
@ -186,6 +187,11 @@ This package contains the binaries.")
`(#:modules ((guix build gnu-build-system)
(guix build utils)
(srfi srfi-26))
;; This package takes 4 GiB, which we can't afford to distribute from
;; our servers.
#:substitutable? #f
#:phases
(modify-phases (map (cut assq <> %standard-phases)
'(set-paths unpack patch-source-shebangs))
@ -206,7 +212,10 @@ This package contains the binaries.")
;; Register SHARE as TEXMFROOT in texmf.cnf.
(substitute* texmfcnf
(("TEXMFROOT = \\$SELFAUTOPARENT")
(string-append "TEXMFROOT = " share)))
(string-append "TEXMFROOT = " share))
(("TEXMFLOCAL = \\$SELFAUTOGRANDPARENT/texmf-local")
"TEXMFLOCAL = $SELFAUTODIR/share/texmf-local")
(("!!\\$TEXMFLOCAL") "$TEXMFLOCAL"))
;; Register paths in texmfcnf.lua, needed for context.
(substitute* (string-append texmfroot "/texmfcnf.lua")
(("selfautodir:") out)
@ -242,6 +251,10 @@ This package contains the complete tree of texmf-dist data.")
(inputs `(("bash" ,bash) ; for wrap-program
("texlive-bin" ,texlive-bin)
("texlive-texmf" ,texlive-texmf)))
(native-search-paths
(list (search-path-specification
(variable "TEXMFLOCAL")
(files '("share/texmf-local")))))
(arguments
`(#:modules ((guix build utils))
#:builder
@ -293,7 +306,8 @@ This package contains the complete TeX Live distribution.")
;; texlive-texmf-minimal is a pruned, small version of the texlive tree,
;; in particular dropping documentation and fonts.
;; in particular dropping documentation and fonts. It weighs in at 470 MiB
;; instead of 4 GiB.
(define texlive-texmf-minimal
(package (inherit texlive-texmf)
(name "texlive-texmf-minimal")
@ -353,6 +367,10 @@ This package contains a small subset of the texmf-dist data.")))
(inputs
`(("texlive-texmf" ,texlive-texmf-minimal)
,@(alist-delete "texlive-texmf" (package-inputs texlive))))
(native-search-paths
(list (search-path-specification
(variable "TEXMFLOCAL")
(files '("share/texmf-local")))))
(description
"TeX Live provides a comprehensive TeX document production system.
It includes all the major TeX-related programs, macro packages, and fonts

View File

@ -32,14 +32,14 @@
(define-public texinfo
(package
(name "texinfo")
(version "6.0")
(version "6.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/texinfo/texinfo-"
version ".tar.xz"))
(sha256
(base32
"1r3i6jyynn6ab45fxw5bms8mflk9ry4qpj6gqyry72vfd5c47fhi"))))
"1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c"))))
(build-system gnu-build-system)
(native-inputs `(("procps" ,procps))) ;one of the tests needs pgrep
(inputs `(("ncurses" ,ncurses)
@ -62,18 +62,6 @@ their source and the command-line Info reader. The emphasis of the language
is on expressing the content semantically, avoiding physical markup commands.")
(license gpl3+)))
(define-public texinfo-6.1
(package
(inherit texinfo)
(version "6.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/texinfo/texinfo-"
version ".tar.xz"))
(sha256
(base32
"1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c"))))))
(define-public texinfo-5
(package (inherit texinfo)
(version "5.2")
@ -105,10 +93,10 @@ is on expressing the content semantically, avoiding physical markup commands.")
;; The idea of this package is to have the standalone Info reader without
;; the dependency on Perl that 'makeinfo' drags.
(package
(inherit texinfo-6.1)
(inherit texinfo)
(name "info-reader")
(arguments
`(#:disallowed-references ,(assoc-ref (package-inputs texinfo-6.1)
`(#:disallowed-references ,(assoc-ref (package-inputs texinfo)
"perl")
#:modules ((ice-9 ftw) (srfi srfi-1)

View File

@ -36,6 +36,7 @@
#:use-module (gnu packages guile)
#:use-module (gnu packages libffi)
#:use-module (gnu packages libidn)
#:use-module (gnu packages linux)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages nettle)
#:use-module (gnu packages perl)
@ -47,7 +48,7 @@
(define-public libtasn1
(package
(name "libtasn1")
(version "4.7")
(version "4.8")
(source
(origin
(method url-fetch)
@ -55,7 +56,7 @@
version ".tar.gz"))
(sha256
(base32
"1j8iixynchziw1y39lnibyl5h81m4p78w3i4f28q2vgwjgf801x4"))))
"04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(home-page "http://www.gnu.org/software/libtasn1/")
@ -65,22 +66,8 @@
for transmitting machine-neutral encodings of data objects in computer
networking, allowing for formal validation of data according to some
specifications.")
(replacement libtasn1/fixed)
(license license:lgpl2.0+)))
(define libtasn1/fixed ;for CVE-2016-4008
(package
(inherit libtasn1)
(source
(let ((version "4.8"))
(origin
(method url-fetch)
(uri (string-append "mirror://gnu/libtasn1/libtasn1-"
version ".tar.gz"))
(sha256
(base32
"04y5m29pqmvkfdbppmsdifyx89v8xclxzklpfc7a1fkr9p4jz07s")))))))
(define-public p11-kit
(package
(name "p11-kit")
@ -122,7 +109,7 @@ living in the same process.")
(define-public gnutls
(package
(name "gnutls")
(version "3.4.7")
(version "3.5.2")
(source (origin
(method url-fetch)
(uri
@ -133,7 +120,7 @@ living in the same process.")
"/gnutls-" version ".tar.xz"))
(sha256
(base32
"0nifi3mr5jhz608pidkp8cjs4vwfj1m2qczsjrgpnp99615rxgn1"))))
"10l5pv7qc5c850aamih3pdkbqpc4v2a6g164dzd7c7fjpxffji9b"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
@ -172,7 +159,8 @@ living in the same process.")
"debug"
"doc")) ;4.1 MiB of man pages
(native-inputs
`(("pkg-config" ,pkg-config)
`(("net-tools" ,net-tools)
("pkg-config" ,pkg-config)
("which" ,which)))
(inputs
`(("guile" ,guile-2.0)
@ -183,7 +171,7 @@ living in the same process.")
("libidn" ,libidn)
("nettle" ,nettle)
("zlib" ,zlib)))
(home-page "http://www.gnu.org/software/gnutls/")
(home-page "https://www.gnu.org/software/gnutls/")
(synopsis "Transport layer security library")
(description
"GnuTLS is a secure communications library implementing the SSL, TLS
@ -197,8 +185,7 @@ required structures.")
(define-public openssl
(package
(name "openssl")
(version "1.0.2g")
(replacement openssl/fixed)
(version "1.0.2h")
(source (origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
@ -208,15 +195,25 @@ required structures.")
"/" name "-" version ".tar.gz")))
(sha256
(base32
"0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
"06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
(patches (search-patches "openssl-runpath.patch"
"openssl-c-rehash-in.patch"))))
"openssl-c-rehash-in.patch"
"openssl-CVE-2016-2177.patch"
"openssl-CVE-2016-2178.patch"))))
(build-system gnu-build-system)
(outputs '("out"
"doc" ;1.5MiB of man3 pages
"static")) ;6MiB of .a files
(native-inputs `(("perl" ,perl)))
(arguments
`(#:parallel-build? #f
`(#:disallowed-references (,perl)
#:parallel-build? #f
#:parallel-tests? #f
#:test-target "test"
;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
;; so we explicitly disallow it here.
#:disallowed-references ,(list (canonical-package perl))
#:phases
(modify-phases %standard-phases
(add-before
@ -263,6 +260,33 @@ required structures.")
(find-files (string-append out "/lib")
"\\.so"))
#t)))
(add-after 'install 'move-static-libraries
(lambda* (#:key outputs #:allow-other-keys)
;; Move static libraries to the "static" output.
(let* ((out (assoc-ref outputs "out"))
(lib (string-append out "/lib"))
(static (assoc-ref outputs "static"))
(slib (string-append static "/lib")))
(mkdir-p slib)
(for-each (lambda (file)
(install-file file slib)
(delete-file file))
(find-files lib "\\.a$"))
#t)))
(add-after 'install 'move-man3-pages
(lambda* (#:key outputs #:allow-other-keys)
;; Move section 3 man pages to "doc".
(let* ((out (assoc-ref outputs "out"))
(man3 (string-append out "/share/man/man3"))
(doc (assoc-ref outputs "doc"))
(target (string-append doc "/share/man/man3")))
(mkdir-p target)
(for-each (lambda (file)
(rename-file file
(string-append target "/"
(basename file))))
(find-files man3))
#t)))
(add-before
'patch-source-shebangs 'patch-tests
(lambda* (#:key inputs native-inputs #:allow-other-keys)
@ -299,27 +323,6 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/")))
(define openssl/fixed
(package
(inherit openssl)
(source
(let ((name "openssl")
(version "1.0.2h"))
(origin
(method url-fetch)
(uri (list (string-append "ftp://ftp.openssl.org/source/"
name "-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/" name "-" version ".tar.gz")))
(sha256
(base32
"06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
(patches (search-patches "openssl-runpath.patch"
"openssl-c-rehash-in.patch"
"openssl-CVE-2016-2177.patch"
"openssl-CVE-2016-2178.patch")))))))
(define-public libressl
(package
(name "libressl")

View File

@ -174,6 +174,11 @@ as well as the classic centralized workflow.")
(("/bin/sh") (which "sh"))
(("/usr/bin/perl") (which "perl"))
(("/usr/bin/python") (which "python")))))
(add-after 'configure 'add-PM.stamp
(lambda _
;; Add the "PM.stamp" to avoid "no rule to make target".
(call-with-output-file "perl/PM.stamp" (const #t))
#t))
(add-after 'install 'install-shell-completion
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))

View File

@ -330,7 +330,7 @@ SMPTE 314M.")
(define-public libva
(package
(name "libva")
(version "1.6.1")
(version "1.7.0")
(source
(origin
(method url-fetch)
@ -338,7 +338,7 @@ SMPTE 314M.")
"https://www.freedesktop.org/software/vaapi/releases/libva/libva-"
version".tar.bz2"))
(sha256
(base32 "0bjfb5s8dk3lql843l91ffxzlq47isqks5sj19cxh7j3nhzw58kz"))))
(base32 "0py9igf4kicj7ji22bjawkpd6my013qpg0s4ir2np9l1rk5vr2d6"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@ -369,7 +369,7 @@ SMPTE 314M.")
#:make-flags
(list (string-append "dummy_drv_video_ladir="
(assoc-ref %outputs "out") "/lib/dri"))))
(home-page "http://www.freedesktop.org/wiki/Software/vaapi/")
(home-page "https://www.freedesktop.org/wiki/Software/vaapi/")
(synopsis "Video acceleration library")
(description "The main motivation for VA-API (Video Acceleration API) is
to enable hardware accelerated video decode/encode at various
@ -625,6 +625,12 @@ audio/video codec library.")
(arguments
`(#:configure-flags
`("--disable-a52" ; FIXME: reenable once available
;; Gross workaround for <https://trac.videolan.org/vlc/ticket/16907>.
;; In our case, this led to a test failure:
;; test_libvlc_equalizer: libvlc/equalizer.c:122: test_equalizer: Assertion `isnan(libvlc_audio_equalizer_get_amp_at_index (equalizer, u_bands))' failed.
"ac_cv_c_fast_math=no"
,(string-append "LDFLAGS=-Wl,-rpath -Wl,"
(assoc-ref %build-inputs "ffmpeg")
"/lib")) ;needed for the tests

View File

@ -85,10 +85,10 @@
(base32
"0n2yx3gjlpr4kgqx845fj6amnmg25r2l6a7rzab5hxnpmar985hc"))))
(build-system gnu-build-system)
(native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config'
(inputs `(("apr" ,apr)
("apr-util" ,apr-util)
("openssl" ,openssl)
("pcre" ,pcre)
("perl" ,perl))) ; needed to run bin/apxs
(arguments
`(#:test-target "test"

View File

@ -52,7 +52,7 @@
(define-public wine
(package
(name "wine")
(version "1.9.4")
(version "1.9.15")
(source (origin
(method url-fetch)
(uri (string-append "https://dl.winehq.org/wine/source/"
@ -60,7 +60,7 @@
"/wine-" version ".tar.bz2"))
(sha256
(base32
"1f5v1gns0xs512a6ym785cn29j8dxdbnxnvkg8v0p1w0p6vfmhbm"))))
"1nmd65knzyh8b0yhxlqqvzai5rpnmhhm0c46n789zr5hj74jm6fg"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)
("gettext" ,gnu-gettext)

View File

@ -264,7 +264,7 @@ rasterisation.")
(define-public libdrm
(package
(name "libdrm")
(version "2.4.65")
(version "2.4.67")
(source
(origin
(method url-fetch)
@ -274,7 +274,7 @@ rasterisation.")
".tar.bz2"))
(sha256
(base32
"1i4n7mz49l0j4kr0dg9n1j3hlc786ncqgj0v5fci1mz7pp40m5ki"))
"1gnf206zs8dwszvkv4z2hbvh23045z0q29kms127bqrv27hp2nzf"))
(patches (search-patches "libdrm-symbol-check.patch"))))
(build-system gnu-build-system)
(inputs

View File

@ -7,6 +7,7 @@
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com>
;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
@ -46,16 +47,17 @@
(define-public expat
(package
(name "expat")
(replacement expat/fixed)
(version "2.1.0")
(version "2.1.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/expat/expat/"
version "/expat-" version ".tar.gz"))
version "/expat-" version ".tar.bz2"))
(patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch"
"expat-CVE-2015-1283-refix.patch"
"expat-CVE-2016-0718.patch"))
(sha256
(base32
"11pblz61zyxh68s5pdcbhc30ha1b2vfjd83aiwfg4vc15x3hadw2"))
(patches (search-patches "expat-CVE-2015-1283.patch"))))
"0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg"))))
(build-system gnu-build-system)
(home-page "http://www.libexpat.org/")
(synopsis "Stream-oriented XML parser library written in C")
@ -65,28 +67,17 @@ stream-oriented parser in which an application registers handlers for
things the parser might find in the XML document (like start tags).")
(license license:expat)))
(define expat/fixed
(package
(inherit expat)
(source (origin
(inherit (package-source expat))
(patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch"
"expat-CVE-2015-1283.patch"
"expat-CVE-2015-1283-refix.patch"
"expat-CVE-2016-0718.patch"))))))
(define-public libxml2
(package
(name "libxml2")
(version "2.9.3")
(replacement libxml2/fixed) ;multiple CVEs
(version "2.9.4")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
version ".tar.gz"))
(sha256
(base32
"0bd17g6znn2r98gzpjppsqjg33iraky4px923j3k8kdl8qgy7sad"))))
"0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz"))))
(build-system gnu-build-system)
(home-page "http://www.xmlsoft.org/")
(synopsis "C parser for XML")
@ -106,20 +97,6 @@ things the parser might find in the XML document (like start tags).")
project (but it is usable outside of the Gnome platform).")
(license license:x11)))
(define libxml2/fixed
(package
(inherit libxml2)
(source
(let ((name "libxml2")
(version "2.9.4"))
(origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
version ".tar.gz"))
(sha256
(base32
"0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz")))))))
(define-public python-libxml2
(package (inherit libxml2)
(name "python-libxml2")
@ -153,16 +130,15 @@ project (but it is usable outside of the Gnome platform).")
(define-public libxslt
(package
(name "libxslt")
(version "1.1.28")
(replacement libxslt/fixed) ; CVE-2016-1683 and CVE-2016-1684
(version "1.1.29")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
version ".tar.gz"))
(sha256
(base32
"13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz"))
(patches (search-patches "libxslt-CVE-2015-7995.patch"))))
"1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))
(patches (search-patches "libxslt-generated-ids.patch"))))
(build-system gnu-build-system)
(home-page "http://xmlsoft.org/XSLT/index.html")
(synopsis "C library for applying XSLT stylesheets to XML documents")
@ -175,19 +151,6 @@ project (but it is usable outside of the Gnome platform).")
based on libxml for XML parsing, tree manipulation and XPath support.")
(license license:x11)))
(define-public libxslt/fixed
(package
(inherit libxslt)
(source
(let ((version "1.1.29"))
(origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
version ".tar.gz"))
(sha256
(base32
"1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")))))))
(define-public perl-xml-parser
(package
(name "perl-xml-parser")
@ -244,7 +207,7 @@ module.")
(define-public perl-xml-libxml
(package
(name "perl-xml-libxml")
(version "2.0125")
(version "2.0128")
(source
(origin
(method url-fetch)
@ -252,7 +215,7 @@ module.")
"XML-LibXML-" version ".tar.gz"))
(sha256
(base32
"1mvbv1pwpdqni9ia9b6brg8brnnvfxr8j5x872qsngc92gipyh01"))))
"0awgd2gjzy7kn38bqblsigikzl81xsi561phkz9f9b9v3x2vmrr6"))))
(build-system perl-build-system)
(propagated-inputs
`(("perl-xml-namespacesupport" ,perl-xml-namespacesupport)

View File

@ -4404,7 +4404,30 @@ Various information is displayed depending on which options are selected.")
formatted dump file, such as produced by xwd.")
(license license:x11)))
(define-public xorg-rgb
(package
(name "xorg-rgb")
(version "1.0.6")
(source
(origin
(method url-fetch)
(uri (string-append
"mirror://xorg/individual/app/rgb-"
version
".tar.bz2"))
(sha256
(base32
"1c76zcjs39ljil6f6jpx1x17c8fnvwazz7zvl3vbjfcrlmm7rjmv"))))
(build-system gnu-build-system)
(inputs
`(("xproto" ,xproto)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "http://www.x.org/wiki/")
(synopsis "X color name database")
(description
"This package provides the X color name database.")
(license license:x11)))
;; packages of height 1 in the propagated-inputs tree

View File

@ -29,7 +29,7 @@
(define-public zsh
(package
(name "zsh")
(version "5.1.1")
(version "5.2")
(source (origin
(method url-fetch)
(uri (list (string-append
@ -40,7 +40,7 @@
".tar.gz")))
(sha256
(base32
"11shllzhq53fg8ngy3bgbmpf09fn2czifg7hsb41nxi3410mpvcl"))))
"0dsr450v8nydvpk8ry276fvbznlrjgddgp7zvhcw4cv69i9lr4ps"))))
(build-system gnu-build-system)
(arguments `(#:configure-flags '("--with-tcsetpgrp" "--enable-pcre")
#:phases (alist-cons-before

View File

@ -35,6 +35,7 @@
#:use-module (gnu packages grub)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages compression)
#:use-module (gnu packages nvi)
#:use-module (ice-9 match)
#:use-module (srfi srfi-26)
#:export (self-contained-tarball
@ -401,6 +402,7 @@ Use Alt-F2 for documentation.
;; space; furthermore util-linux's fdisk is already
;; available here, so we keep that.
bash-completion
nvi ;:wq!
%base-packages))))
;; Return it here so 'guix system' can consume it directly.

View File

@ -133,12 +133,6 @@
(define (default-skeletons)
"Return the default skeleton files for /etc/skel. These files are copied by
'useradd' in the home directory of newly created user accounts."
(define fonts.conf-content
;; SXML for ~/.config/fontconfig/fonts.conf. This works around the fact
;; that Fontconfig currently does not such this directory by default,
;; thereby ignoring fonts installed system-wide (FIXME).
`(fontconfig (dir "/run/current-system/profile/share/fonts")))
(define copy-guile-wm
(with-imported-modules '((guix build utils))
#~(begin
@ -182,22 +176,6 @@ source /etc/profile\n"))
(xdefaults (plain-file "Xdefaults" "\
XTerm*utf8: always
XTerm*metaSendsEscape: true\n"))
(fonts.conf (computed-file
"fonts.conf"
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils)
(sxml simple))
(define dir
(string-append #$output
"/fontconfig"))
(mkdir-p dir)
(call-with-output-file (string-append dir
"/fonts.conf")
(lambda (port)
(sxml->xml '#$fonts.conf-content port)))))))
(gdbinit (plain-file "gdbinit" "\
# Tell GDB where to look for separate debugging files.
set debug-file-directory ~/.guix-profile/lib/debug\n")))
@ -206,7 +184,6 @@ set debug-file-directory ~/.guix-profile/lib/debug\n")))
(".zlogin" ,zlogin)
(".Xdefaults" ,xdefaults)
(".guile-wm" ,guile-wm)
(".config" ,fonts.conf)
(".gdbinit" ,gdbinit))))
(define (skeleton-directory skeletons)

View File

@ -737,7 +737,8 @@ or #f."
(append-map (lambda (make-url)
(filter-map (match-lambda
((hash-algo . hash)
(string->uri (make-url file hash-algo hash))))
(let ((file (strip-store-file-name file)))
(string->uri (make-url file hash-algo hash)))))
hashes))
content-addressed-mirrors))

View File

@ -303,7 +303,7 @@ makefiles."
(define (list-of-files dir)
(map (cut string-append dir "/" <>)
(or (scandir dir (lambda (f)
(let ((s (stat (string-append dir "/" f))))
(let ((s (lstat (string-append dir "/" f))))
(eq? 'regular (stat:type s)))))
'())))

View File

@ -282,8 +282,15 @@
;; List of content-addressed mirrors. Each mirror is represented as a
;; procedure that takes a file name, an algorithm (symbol) and a hash
;; (bytevector), and returns a URL or #f.
;; Note: Avoid 'https' to mitigate <http://bugs.gnu.org/22774>.
;; TODO: Add more.
'(list (lambda (file algo hash)
;; Files served by 'guix publish' are accessible under a single
;; hash algorithm.
(string-append "http://mirror.hydra.gnu.org/file/"
file "/" (symbol->string algo) "/"
(bytevector->nix-base32-string hash)))
(lambda (file algo hash)
;; 'tarballs.nixos.org' supports several algorithms.
(string-append "http://tarballs.nixos.org/"
(symbol->string algo) "/"

View File

@ -280,19 +280,6 @@ AC_DEFUN([GUIX_ASSERT_CXX11], [
fi
])
dnl GUIX_CHECK_LIBC_MOUNT
dnl
dnl Check whether libc provides 'mount'. On GNU/Hurd it doesn't (yet).
AC_DEFUN([GUIX_CHECK_LIBC_MOUNT], [
AC_CACHE_CHECK([whether libc provides 'mount'], [guix_cv_libc_has_mount],
[GUILE_CHECK([retval], [(dynamic-func \"mount\" (dynamic-link))])
if test "$retval" = 0; then
guix_cv_libc_has_mount="yes"
else
guix_cv_libc_has_mount="no"
fi])
])
dnl GUIX_LIBGCRYPT_LIBDIR VAR
dnl
dnl Attempt to determine libgcrypt's LIBDIR; store the result in VAR.

Some files were not shown because too many files have changed in this diff Show More