From 488d380c82c0b4aac631e15099eb8d40551d49e0 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 4 Oct 2017 18:50:31 -0400 Subject: [PATCH 01/21] gnu: go: update to 1.9.1 [security fixes]. See the release announcement and bug reports for more details about the security issues fixed in this release: https://groups.google.com/forum/m/#!topic/golang-nuts/sHfMg4gZNps https://golang.org/issue/22125 https://golang.org/issue/22134 * gnu/packages/golang.scm (go-1.9): Update to 1.9.1. --- gnu/packages/golang.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index 9f3ccc8f69..b1967b3f1a 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -204,7 +204,7 @@ sequential processes (CSP) concurrent programming features added.") (package (inherit go-1.4) (name "go") - (version "1.9") + (version "1.9.1") (source (origin (method url-fetch) @@ -212,7 +212,7 @@ sequential processes (CSP) concurrent programming features added.") name version ".src.tar.gz")) (sha256 (base32 - "14z9azh8pk5cwyl2qdk893j68lk0cca7a9b8k2hpn5pd52825ax4")))) + "03jmrgqq852wqyphvd8p46i32f72xki3bmylhkxf0kynqyfzqjm8")))) (arguments (substitute-keyword-arguments (package-arguments go-1.4) ((#:phases phases) From 46cf31868c1b12eec50bc9b8dda64604dd81f986 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Wed, 4 Oct 2017 10:28:42 -0400 Subject: [PATCH 02/21] gnu: curl: Update replacement to 7.56.0 [security fixes]. Fixes CVE-2017-1000254. See for details. * gnu/packages/curl.scm (curl)[replacement]: Update to 7.56.0. (curl-7.55.0): Rename to ... (curl-7.56.0): ... this. [arguments]: Remove 'fix-Makefile' phase. [source]: Remove patch. * gnu/packages/patches/curl-bounds-check.patch: Delete it. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/curl.scm | 21 ++++---------------- gnu/packages/patches/curl-bounds-check.patch | 19 ------------------ 3 files changed, 4 insertions(+), 37 deletions(-) delete mode 100644 gnu/packages/patches/curl-bounds-check.patch diff --git a/gnu/local.mk b/gnu/local.mk index 6db176b767..f3baadd8ab 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -579,7 +579,6 @@ dist_patch_DATA = \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ - %D%/packages/patches/curl-bounds-check.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cvs-2017-12836.patch \ %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \ diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 23606b4810..ef1b6c74ba 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -42,7 +42,7 @@ (define-public curl (package (name "curl") - (replacement curl-7.55.0) + (replacement curl-7.56.0) (version "7.54.1") (source (origin (method url-fetch) @@ -123,28 +123,15 @@ tunneling, and so on.") "See COPYING in the distribution.")) (home-page "https://curl.haxx.se/"))) -(define-public curl-7.55.0 +(define-public curl-7.56.0 (package (inherit curl) - (version "7.55.0") + (version "7.56.0") (source (origin (method url-fetch) (uri (string-append "https://curl.haxx.se/download/curl-" version ".tar.xz")) - (patches (search-patches "curl-bounds-check.patch")) (sha256 (base32 - "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd")))) - (arguments - `(,@(substitute-keyword-arguments (package-arguments curl) - ((#:phases phases) - `(modify-phases ,phases - (add-before 'install 'fix-Makefile - ;; Fix a regression in 7.55.0 where docs are not installed. - ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b - (lambda _ - (substitute* "Makefile" - (("install-data-hook:\n") - "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n")) - #t))))))))) + "0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj")))))) diff --git a/gnu/packages/patches/curl-bounds-check.patch b/gnu/packages/patches/curl-bounds-check.patch deleted file mode 100644 index 4b8ff65304..0000000000 --- a/gnu/packages/patches/curl-bounds-check.patch +++ /dev/null @@ -1,19 +0,0 @@ -Fix test failure on some 32-bit platforms. - -Patch copied from upstream source repository: - -https://github.com/curl/curl/commit/45a560390c4356bcb81d933bbbb229c8ea2acb63 - -diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c -index b9dedc989e..85c5e79a7e 100644 ---- a/src/tool_paramhlp.c -+++ b/src/tool_paramhlp.c -@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max) - num = strtod(str, &endptr); - if(errno == ERANGE) - return PARAM_NUMBER_TOO_LARGE; -- if((long)num > max) { -+ if(num > max) { - /* too large */ - return PARAM_NUMBER_TOO_LARGE; - } From eaa1db1de615bc0ed51b295a0a191ce2c816ee7e Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Thu, 5 Oct 2017 11:56:45 +0200 Subject: [PATCH 03/21] Revert "gnu: python-numpy: Update to 1.13.1." This reverts commit 025b196d9b739418dd9d305864fdb1fb1d0d5af2. This is necessary as neither the current release nor the latest development version of python-pandas can be build with numpy 1.13.x. --- gnu/packages/python.scm | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 5052b65022..271f147b43 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -3720,21 +3720,22 @@ between language specification and implementation aspects.") (define-public python-numpy (package (name "python-numpy") - (version "1.13.1") + (version "1.12.0") (source (origin (method url-fetch) - (uri (pypi-uri "numpy" version ".zip")) + (uri (string-append + "https://github.com/numpy/numpy/archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1fsgkhh1vdkhmlz8vmdgxnj9n9yaanckxxzz9s0b4p08fqvjic69")))) + "025d4j4aakcp8w5i5diqh812cbbjgac7jszx1j56ivrbi1i8vv7d")))) (build-system python-build-system) (inputs `(("openblas" ,openblas) ("lapack" ,lapack))) (native-inputs - `(("unzip" ,unzip) - ("python-cython" ,python-cython) + `(("python-cython" ,python-cython) ("python-nose" ,python-nose) ("gfortran" ,gfortran))) (arguments From 67a08f1809c5a67dfb862ccdc3dc4e13ae35dcbf Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Thu, 5 Oct 2017 11:56:46 +0200 Subject: [PATCH 04/21] gnu: Add python-numpy-next. * gnu/packages/python.scm (python-numpy-next, python2-numpy-next): New variables. --- gnu/packages/python.scm | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 271f147b43..594dd38e42 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -3717,6 +3717,8 @@ producing implementations of dynamic languages, emphasizing a clean separation between language specification and implementation aspects.") (license license:expat))) +;; NOTE: when upgrading numpy please make sure that python-pandas and +;; python-scipy still build, as these three packages are often used together. (define-public python-numpy (package (name "python-numpy") @@ -3793,6 +3795,26 @@ capabilities.") (define-public python2-numpy (package-with-python2 python-numpy)) +(define-public python-numpy-next + (package (inherit python-numpy) + (name "python-numpy-next") + (version "1.13.1") + (source + (origin + (method url-fetch) + (uri (pypi-uri "numpy" version ".zip")) + (sha256 + (base32 + "1fsgkhh1vdkhmlz8vmdgxnj9n9yaanckxxzz9s0b4p08fqvjic69")))) + (native-inputs + `(("unzip" ,unzip) + ("python-cython" ,python-cython) + ("python-nose" ,python-nose) + ("gfortran" ,gfortran))))) + +(define-public python2-numpy-next + (package-with-python2 python-numpy-next)) + (define-public python-munch (package (name "python-munch") From aed1f1b049f6e7ef9f2f2db58bdca6cd3effe94b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 4 Oct 2017 21:34:09 +0200 Subject: [PATCH 05/21] =?UTF-8?q?uuid:=20Add=20'uuid=3D=3F'=20and=20use=20?= =?UTF-8?q?it.?= * gnu/system/uuid.scm (uuid=?): New procedure. * tests/uuid.scm ("uuid=?"): New test. * gnu/build/file-systems.scm (partition-uuid-predicate) (luks-partition-uuid-predicate): Use it instead of 'bytevector=?'. --- gnu/build/file-systems.scm | 4 ++-- gnu/system/uuid.scm | 13 +++++++++++++ tests/uuid.scm | 6 ++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm index 32885f1d2e..140bcb414b 100644 --- a/gnu/build/file-systems.scm +++ b/gnu/build/file-systems.scm @@ -415,12 +415,12 @@ was READ is = to the given value." (partition-predicate read-partition-label string=?)) (define partition-uuid-predicate - (partition-predicate read-partition-uuid bytevector=?)) + (partition-predicate read-partition-uuid uuid=?)) (define luks-partition-uuid-predicate (partition-predicate (partition-field-reader read-luks-header luks-header-uuid) - bytevector=?)) + uuid=?)) (define (find-partition predicate) "Return the first partition found that matches PREDICATE, or #f if none diff --git a/gnu/system/uuid.scm b/gnu/system/uuid.scm index 6470abb8cc..e422e06a6d 100644 --- a/gnu/system/uuid.scm +++ b/gnu/system/uuid.scm @@ -29,6 +29,7 @@ uuid? uuid-type uuid-bytevector + uuid=? bytevector->uuid @@ -281,3 +282,15 @@ corresponding bytevector; otherwise return #f." ((_ . (? procedure? unparse)) (unparse bv)))) (((? uuid? uuid)) (uuid->string (uuid-bytevector uuid) (uuid-type uuid))))) + +(define uuid=? + ;; Return true if A is equal to B, comparing only the actual bits. + (match-lambda* + (((? bytevector? a) (? bytevector? b)) + (bytevector=? a b)) + (((? uuid? a) (? bytevector? b)) + (bytevector=? (uuid-bytevector a) b)) + (((? uuid? a) (? uuid? b)) + (bytevector=? (uuid-bytevector a) (uuid-bytevector b))) + ((a b) + (uuid=? b a)))) diff --git a/tests/uuid.scm b/tests/uuid.scm index aacce77233..68676f775d 100644 --- a/tests/uuid.scm +++ b/tests/uuid.scm @@ -57,4 +57,10 @@ "1234-ABCD" (uuid->string (uuid "1234-abcd" 'fat32))) +(test-equal "uuid=?" + (and (uuid=? (uuid-bytevector (uuid "1234-abcd" 'fat32)) + (uuid "1234-abcd" 'fat32)) + (uuid=? (uuid "1234-abcd" 'fat32) + (uuid "1234-abcd" 'fat)))) + (test-end) From dd41a7f8d8d07a8638a19404072c78e9d0ac01b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 4 Oct 2017 21:35:31 +0200 Subject: [PATCH 06/21] file-systems: Add a 'location' field to . * gnu/system/file-systems.scm ()[location]: New field. --- gnu/system/file-systems.scm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm index 52f16676f5..92f040425d 100644 --- a/gnu/system/file-systems.scm +++ b/gnu/system/file-systems.scm @@ -38,6 +38,7 @@ file-system-check? file-system-create-mount-point? file-system-dependencies + file-system-location file-system-type-predicate @@ -101,7 +102,10 @@ (create-mount-point? file-system-create-mount-point? ; Boolean (default #f)) (dependencies file-system-dependencies ; list of - (default '()))) ; or + (default '())) ; or + (location file-system-location + (default (current-source-location)) + (innate))) ;; Note: This module is used both on the build side and on the host side. ;; Arrange not to pull (guix store) and (guix config) because the latter From 9d80d0e95c9eab042ddd8250ad9a231ed0c458dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 4 Oct 2017 21:39:20 +0200 Subject: [PATCH 07/21] guix system: Error out when passed a wrong file system UUID/label. * guix/scripts/system.scm (check-file-system-availability): New procedure. (perform-action): Use it. --- guix/scripts/system.scm | 65 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index 567d8bb643..e50f1d8ac7 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -37,6 +37,8 @@ #:use-module (guix scripts graph) #:use-module (guix build utils) #:use-module (gnu build install) + #:autoload (gnu build file-systems) + (find-partition-by-label find-partition-by-uuid) #:use-module (gnu system) #:use-module (gnu bootloader) #:use-module (gnu system file-systems) @@ -404,6 +406,7 @@ NUMBERS, which is a list of generation numbers." "Roll back the system profile to its previous generation. STORE is an open connection to the store." (switch-to-system-generation store "-1")) + ;;; ;;; Switch generations. @@ -554,6 +557,61 @@ PATTERN, a string. When PATTERN is #f, display all the system generations." (else (leave (G_ "invalid syntax: ~a~%") pattern)))) + +;;; +;;; File system declaration checks. +;;; + +(define (check-file-system-availability file-systems) + "Check whether the UUIDs or partition labels that FILE-SYSTEMS refer to, if +any, are available. Raise an error if they're not." + (define relevant + (filter (lambda (fs) + (and (file-system-mount? fs) + (not (string=? "tmpfs" (file-system-type fs))) + (not (memq 'bind-mount (file-system-flags fs))))) + file-systems)) + + (define labeled + (filter (lambda (fs) + (eq? (file-system-title fs) 'label)) + relevant)) + + (define uuid + (filter (lambda (fs) + (eq? (file-system-title fs) 'uuid)) + relevant)) + + (define fail? #f) + + (define (file-system-location* fs) + (location->string + (source-properties->location + (file-system-location fs)))) + + (let-syntax ((error (syntax-rules () + ((_ args ...) + (begin + (set! fail? #t) + (format (current-error-port) + args ...)))))) + (for-each (lambda (fs) + (unless (find-partition-by-label (file-system-device fs)) + (error (G_ "~a: error: file system with label '~a' not found~%") + (file-system-location* fs) + (file-system-device fs)))) + labeled) + (for-each (lambda (fs) + (unless (find-partition-by-uuid (file-system-device fs)) + (error (G_ "~a: error: file system with UUID '~a' not found~%") + (file-system-location* fs) + (uuid->string (file-system-device fs))))) + uuid) + + (when fail? + ;; Better be safe than sorry. + (exit 1)))) + ;;; ;;; Action. @@ -637,6 +695,13 @@ output when building a system derivation, such as a disk image." (when (eq? action 'reconfigure) (maybe-suggest-running-guix-pull)) + ;; Check whether the declared file systems exist. This is better than + ;; instantiating a broken configuration. Assume that we can only check if + ;; running as root. + (when (and (memq action '(init reconfigure)) + (zero? (getuid))) + (check-file-system-availability (operating-system-file-systems os))) + (mlet* %store-monad ((sys (system-derivation-for-action os action #:file-system-type file-system-type From 04717e9406f3b5171ad28ed67d926ce0e25da94d Mon Sep 17 00:00:00 2001 From: Dave Love Date: Tue, 3 Oct 2017 19:14:50 +0100 Subject: [PATCH 08/21] gnu: Add imb-openmpi. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/benchmark.scm (imb): New procedure. (imb-openmpi): New variable. Signed-off-by: Ludovic Courtès --- gnu/packages/benchmark.scm | 67 +++++++++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/gnu/packages/benchmark.scm b/gnu/packages/benchmark.scm index 136f141d8b..feed7b545b 100644 --- a/gnu/packages/benchmark.scm +++ b/gnu/packages/benchmark.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016, 2017 Marius Bakke +;;; Copyright © 2017 Dave Love ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,8 +25,10 @@ #:use-module (gnu packages compression) #:use-module (gnu packages linux) #:use-module (gnu packages maths) + #:use-module (gnu packages mpi) #:use-module (gnu packages python) - #:use-module (gnu packages storage)) + #:use-module (gnu packages storage) + #:use-module (ice-9 match)) (define-public fio (package @@ -103,3 +106,65 @@ is to write a job file matching the I/O load one wants to simulate.") ;; are covered by other licenses. (license (list license:gpl2 license:gpl2+ license:bsd-2 license:public-domain)))) + +;; Parameterized in anticipation of m(va)pich support +(define (imb mpi) + (package + (name (string-append "imb-" (package-name mpi))) + (version "2017.2") + (source + (origin + (method url-fetch) + (uri (match (string-split version #\.) + ((major minor) + (string-append + "https://software.intel.com/sites/default/files/managed/76/6c/IMB_" + major "_Update" minor ".tgz")))) + (sha256 (base32 "11nczxm686rsppmw9gjc2p2sxc0jniv5kv18yxm1lzp5qfh5rqyb")))) + (build-system gnu-build-system) + (inputs + `(("mpi" ,mpi))) + (arguments + `(#:phases + (modify-phases %standard-phases + (delete 'configure) + (delete 'check) + (replace 'build + (lambda* (#:key inputs #:allow-other-keys) + (let ((mpi-home (assoc-ref inputs "mpi"))) + (zero? + ;; Not safe for parallel build + (system* "make" "-C" "imb/src" "-f" "make_mpich" "SHELL=sh" + (string-append "MPI_HOME=" mpi-home)))))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (doc (string-append out "/share/doc/" ,name)) + (bin (string-append out "/bin"))) + (with-directory-excursion "imb/src" + (for-each + (lambda (file) + (install-file file bin)) + '("IMB-IO" "IMB-EXT" "IMB-MPI1" "IMB-NBC" "IMB-RMA"))) + (mkdir-p doc) + (with-directory-excursion "imb" + (copy-recursively "license" doc))) + #t))))) + (home-page "https://software.intel.com/en-us/articles/intel-mpi-benchmarks") + (synopsis "Intel MPI Benchmarks") + (description + "This package provides benchmarks for implementations of the @dfn{Message +Passing Interface} (MPI). It contains MPI performance measurements for +point-to-point and global communication, and file, operations for a range of +message sizes. The generated benchmark data fully characterize: + +@itemize +@item +Performance of a cluster system, including node performance, network latency, +and throughput; +@item +Efficiency of the MPI implementation. +@end itemize") + (license license:cpl1.0))) + +(define-public imb-openmpi (imb openmpi)) From 227dbd841a630034a508ccd2718609a5113a0a5d Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Fri, 29 Sep 2017 16:15:57 +0200 Subject: [PATCH 09/21] gnu: Add pdsh. * gnu/packages/ssh.scm (pdsh): New variable. --- gnu/packages/ssh.scm | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index 1dac85d74a..8317f29cd8 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2016 Christopher Allan Webber ;;; Copyright © 2017 Tobias Geerinckx-Rice ;;; Copyright © 2017 Stefan Reichör +;;; Copyright © 2017 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. ;;; @@ -603,3 +604,40 @@ monitor it, restarting it as necessary should it die or stop passing traffic.") ;; copy of this license in their headers, but there's no separate file ;; with that information. (license:non-copyleft "file://autossh.c")))) + +(define-public pdsh + (package + (name "pdsh") + (version "2.29") + (source + (origin + (method url-fetch) + (uri (string-append "https://storage.googleapis.com/" + "google-code-archive-downloads/v2/code.google.com/" + "pdsh/pdsh-" version ".tar.bz2")) + (sha256 + (base32 "1kvzz01fyaxfqmbh53f4ljfsgvxdykh5jyr6fh4f1bw2ywxr1w2p")))) + (build-system gnu-build-system) + (arguments + `(#:configure-flags + (list "--with-ssh") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-/bin/sh + (lambda _ + (substitute* '("tests/runtests.sh" + "tests/test-lib.sh" + "tests/test-modules/pcptest.c") + (("/bin/sh") (which "bash"))) + #t))))) + (inputs + `(("openssh" ,openssh) + ("mit-krb5" ,mit-krb5) + ("perl" ,perl))) + (home-page "https://code.google.com/archive/p/pdsh") + (synopsis "Parallel distributed shell") + (description "Pdsh is a an efficient, multithreaded remote shell client +which executes commands on multiple remote hosts in parallel. Pdsh implements +dynamically loadable modules for extended functionality such as new remote +shell services and remote host selection.") + (license license:gpl2+))) From 5fe56448f3fa61902521c41ab00cf4aa1c672c92 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Thu, 5 Oct 2017 10:35:07 -0400 Subject: [PATCH 10/21] gnu: lightning: Update to 2.1.2. * gnu/packages/assembly.scm (lightning): Update to 2.1.2. --- gnu/packages/assembly.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/assembly.scm b/gnu/packages/assembly.scm index 27db8fc559..769e5d2fca 100644 --- a/gnu/packages/assembly.scm +++ b/gnu/packages/assembly.scm @@ -103,14 +103,14 @@ debugging information in STABS, DWARF 2, and CodeView 8 formats.") (define-public lightning (package (name "lightning") - (version "2.1.0") + (version "2.1.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/lightning/lightning-" version ".tar.gz")) (sha256 (base32 - "19j9nwl88k660045s40cbz5zrl1wpd2mcxnnc8qqnnaj311a58qz")))) + "0sbs2lm8b9in2m8d52zf0x9gpp40x6r7sl6sha92yq3pr78rwa4v")))) (build-system gnu-build-system) (native-inputs `(("zlib" ,zlib))) (synopsis "Library for generating assembly code at runtime") From eb93f1c9c44bb9173b7c691971f098a378e3ac7c Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 5 Oct 2017 08:03:00 -0400 Subject: [PATCH 11/21] gnu: certbot, python-acme: Update to 0.19.0. * gnu/packages/tls.scm (certbot, python-acme): Update to 0.19.0. --- gnu/packages/tls.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index bb005f3682..075ea7a1c2 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -498,13 +498,13 @@ netcat implementation that supports TLS.") (package (name "python-acme") ;; Remember to update the hash of certbot when updating python-acme. - (version "0.18.2") + (version "0.19.0") (source (origin (method url-fetch) (uri (pypi-uri "acme" version)) (sha256 (base32 - "1xiy8m7501g5l9kpdmyvyz72nfnl72l19qkrf76fyvby7adzm3ki")))) + "08p8w50zciqlhgn3ab0wbbvi1zyg3x37r1gywq0z1allsij3v8hz")))) (build-system python-build-system) (arguments `(#:phases @@ -552,7 +552,7 @@ netcat implementation that supports TLS.") (uri (pypi-uri name version)) (sha256 (base32 - "16lw4n7kwnkvh9sz2f97c7ad1wwp33mg5fc332lpy5n17zpfc8h1")))) + "0lwxqz3r0fg3dy06fgba1dfs7n6ribc25z0rh5rqbl7mvy8hf8x7")))) (build-system python-build-system) (arguments `(,@(substitute-keyword-arguments (package-arguments python-acme) From 6cdd8c97b7d22d8c719e785a9948ed5832fe2448 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 5 Oct 2017 10:42:07 -0400 Subject: [PATCH 12/21] gnu: libpng@1.2: Update to 1.2.59. * gnu/packages/image.scm (libpng-1.2): Update to 1.2.59. --- gnu/packages/image.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index e525c75693..5dbf5b18e2 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -167,7 +167,7 @@ APNG patch provides APNG support to libpng.") (define-public libpng-1.2 (package (inherit libpng) - (version "1.2.57") + (version "1.2.59") (source (origin (method url-fetch) @@ -180,7 +180,8 @@ APNG patch provides APNG support to libpng.") "ftp://ftp.simplesystems.org/pub/libpng/png/src/history" "/libpng12/libpng-" version ".tar.xz"))) (sha256 - (base32 "1n2lrzjkm5jhfg2bs10q398lkwbbx742fi27zgdgx0x23zhj0ihg")))))) + (base32 + "1izw9ybm27llk8531w6h4jp4rk2rxy2s9vil16nwik5dp0amyqxl")))))) (define-public r-png (package From 6d89a1ab4e1d886e857e8490091a61f91603f5b9 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 5 Oct 2017 20:14:13 +0200 Subject: [PATCH 13/21] gnu: imagemagick: Update to 6.9.9-18. Fixes . Reported by Diego Nicola Barbato . * gnu/packages/imagemagick.scm (imagemagick): Update to 6.9.9-18. --- gnu/packages/imagemagick.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 5840ad665a..fabbd707ac 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -46,14 +46,14 @@ ;; The 7 release series has an incompatible API, while the 6 series is still ;; maintained. Don't update to 7 until we've made sure that the ImageMagick ;; users are ready for the 7-series API. - (version "6.9.9-17") + (version "6.9.9-18") (source (origin (method url-fetch) (uri (string-append "mirror://imagemagick/ImageMagick-" version ".tar.xz")) (sha256 (base32 - "0y39jcd6358dph51ch5w43sqk9lv079jhgg3l7g5mks6m25f49gz")))) + "1d70dvrgcasa3cla4c1dag4mw7vq4jk1nzbd604fk20l0l6xa78j")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch") From 3f697ff2e8b44941749ce54ca9dfbe0cc388a764 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 5 Oct 2017 20:23:06 +0200 Subject: [PATCH 14/21] gnu: openjpeg: Update to 2.3.0. * gnu/packages/patches/openjpeg-CVE-2017-12982.patch, gnu/packages/patches/openjpeg-CVE-2017-14040.patch, gnu/packages/patches/openjpeg-CVE-2017-14041.patch, gnu/packages/patches/openjpeg-CVE-2017-14151.patch, gnu/packages/patches/openjpeg-CVE-2017-14152.patch, gnu/packages/patches/openjpeg-CVE-2017-14164.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/image.scm (openjpeg): Update to 2.3.0. [source](patches): Remove. * gnu/packages/gstreamer.scm (gst-plugins-bad)[arguments]: Adjust openjpeg substitution. --- gnu/local.mk | 6 -- gnu/packages/gstreamer.scm | 4 +- gnu/packages/image.scm | 10 +-- .../patches/openjpeg-CVE-2017-12982.patch | 28 ------ .../patches/openjpeg-CVE-2017-14040.patch | 83 ----------------- .../patches/openjpeg-CVE-2017-14041.patch | 25 ------ .../patches/openjpeg-CVE-2017-14151.patch | 46 ---------- .../patches/openjpeg-CVE-2017-14152.patch | 38 -------- .../patches/openjpeg-CVE-2017-14164.patch | 89 ------------------- 9 files changed, 4 insertions(+), 325 deletions(-) delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-12982.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14040.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14041.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14151.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14152.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14164.patch diff --git a/gnu/local.mk b/gnu/local.mk index f3baadd8ab..e10d7ec2fb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -904,12 +904,6 @@ dist_patch_DATA = \ %D%/packages/patches/openscenegraph-ffmpeg3.patch \ %D%/packages/patches/openexr-missing-samples.patch \ %D%/packages/patches/openfoam-4.1-cleanup.patch \ - %D%/packages/patches/openjpeg-CVE-2017-12982.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14040.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14041.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14151.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14152.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14164.patch \ %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm index bc8f75ba12..c308dc9f34 100644 --- a/gnu/packages/gstreamer.scm +++ b/gnu/packages/gstreamer.scm @@ -280,10 +280,10 @@ developers consider to have good quality code and correct functionality.") (modify-phases %standard-phases (add-after 'unpack 'patch-openjpeg-reference (lambda _ - ;; Remove hard-coded openjpeg-2.1 path. 2.2 is API- and + ;; Remove hard-coded openjpeg-2.2 path. 2.3 is API- and ;; ABI-compatible. (substitute* "ext/openjpeg/gstopenjpeg.h" - ((" -Date: Mon, 14 Aug 2017 17:26:58 +0200 -Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0 - (#983) - ---- - src/bin/jp2/convertbmp.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c -index b49e7a080..2715fdf24 100644 ---- a/src/bin/jp2/convertbmp.c -+++ b/src/bin/jp2/convertbmp.c -@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header) - - header->biBitCount = (OPJ_UINT16)getc(IN); - header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8); -+ if (header->biBitCount == 0) { -+ fprintf(stderr, "Error, invalid biBitCount %d\n", 0); -+ return OPJ_FALSE; -+ } - - if (header->biSize >= 40U) { - header->biCompression = (OPJ_UINT32)getc(IN); diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch b/gnu/packages/patches/openjpeg-CVE-2017-14040.patch deleted file mode 100644 index bd7473ba0d..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch +++ /dev/null @@ -1,83 +0,0 @@ -http://openwall.com/lists/oss-security/2017/08/28/3 -https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281.patch - -From 2cd30c2b06ce332dede81cccad8b334cde997281 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Thu, 17 Aug 2017 11:47:40 +0200 -Subject: [PATCH] tgatoimage(): avoid excessive memory allocation attempt, and - fixes unaligned load (#995) - ---- - src/bin/jp2/convert.c | 39 +++++++++++++++++++++++++++------------ - 1 file changed, 27 insertions(+), 12 deletions(-) - -diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c -index a4eb81f6a..73dfc8d5f 100644 ---- a/src/bin/jp2/convert.c -+++ b/src/bin/jp2/convert.c -@@ -580,13 +580,10 @@ struct tga_header { - }; - #endif /* INFORMATION_ONLY */ - --static unsigned short get_ushort(const unsigned char *data) -+/* Returns a ushort from a little-endian serialized value */ -+static unsigned short get_tga_ushort(const unsigned char *data) - { -- unsigned short val = *(const unsigned short *)data; --#ifdef OPJ_BIG_ENDIAN -- val = ((val & 0xffU) << 8) | (val >> 8); --#endif -- return val; -+ return data[0] | (data[1] << 8); - } - - #define TGA_HEADER_SIZE 18 -@@ -613,17 +610,17 @@ static int tga_readheader(FILE *fp, unsigned int *bits_per_pixel, - id_len = tga[0]; - /*cmap_type = tga[1];*/ - image_type = tga[2]; -- /*cmap_index = get_ushort(&tga[3]);*/ -- cmap_len = get_ushort(&tga[5]); -+ /*cmap_index = get_tga_ushort(&tga[3]);*/ -+ cmap_len = get_tga_ushort(&tga[5]); - cmap_entry_size = tga[7]; - - - #if 0 -- x_origin = get_ushort(&tga[8]); -- y_origin = get_ushort(&tga[10]); -+ x_origin = get_tga_ushort(&tga[8]); -+ y_origin = get_tga_ushort(&tga[10]); - #endif -- image_w = get_ushort(&tga[12]); -- image_h = get_ushort(&tga[14]); -+ image_w = get_tga_ushort(&tga[12]); -+ image_h = get_tga_ushort(&tga[14]); - pixel_depth = tga[16]; - image_desc = tga[17]; - -@@ -817,6 +814,24 @@ opj_image_t* tgatoimage(const char *filename, opj_cparameters_t *parameters) - color_space = OPJ_CLRSPC_SRGB; - } - -+ /* If the declared file size is > 10 MB, check that the file is big */ -+ /* enough to avoid excessive memory allocations */ -+ if (image_height != 0 && image_width > 10000000 / image_height / numcomps) { -+ char ch; -+ OPJ_UINT64 expected_file_size = -+ (OPJ_UINT64)image_width * image_height * numcomps; -+ long curpos = ftell(f); -+ if (expected_file_size > (OPJ_UINT64)INT_MAX) { -+ expected_file_size = (OPJ_UINT64)INT_MAX; -+ } -+ fseek(f, (long)expected_file_size - 1, SEEK_SET); -+ if (fread(&ch, 1, 1, f) != 1) { -+ fclose(f); -+ return NULL; -+ } -+ fseek(f, curpos, SEEK_SET); -+ } -+ - subsampling_dx = parameters->subsampling_dx; - subsampling_dy = parameters->subsampling_dy; - diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch b/gnu/packages/patches/openjpeg-CVE-2017-14041.patch deleted file mode 100644 index 6e3fccf3c0..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch +++ /dev/null @@ -1,25 +0,0 @@ -http://openwall.com/lists/oss-security/2017/08/28/4 -https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch - -From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Fri, 18 Aug 2017 13:39:20 +0200 -Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997) - ---- - src/bin/jp2/convert.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c -index 5459f7d44..e606c9be7 100644 ---- a/src/bin/jp2/convert.c -+++ b/src/bin/jp2/convert.c -@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters) - } - - fseek(f, 0, SEEK_SET); -- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, -+ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1, - &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) { - fclose(f); - fprintf(stderr, diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch deleted file mode 100644 index 4fcf6af6db..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch +++ /dev/null @@ -1,46 +0,0 @@ -https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch -http://openwall.com/lists/oss-security/2017/09/06/1 - -From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Mon, 14 Aug 2017 17:20:37 +0200 -Subject: [PATCH] Encoder: grow buffer size in - opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in - opj_mqc_flush (#982) - ---- - src/lib/openjp2/tcd.c | 7 +++++-- - tests/nonregression/test_suite.ctest.in | 2 ++ - 2 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c -index 301c7213e..53cdcf64d 100644 ---- a/src/lib/openjp2/tcd.c -+++ b/src/lib/openjp2/tcd.c -@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t * - { - OPJ_UINT32 l_data_size; - -- /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ -- l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * -+ /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ -+ /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ -+ /* TODO: is there a theoretical upper-bound for the compressed code */ -+ /* block size ? */ -+ l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * - (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); - - if (l_data_size > p_code_block->data_size) { -diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in -index aaf40d7d0..ffd964c2a 100644 ---- a/tests/nonregression/test_suite.ctest.in -+++ b/tests/nonregression/test_suite.ctest.in -@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban - # Same rate as Bretagne2_4.j2k - opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800 - -+opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1 -+ - # DECODER TEST SUITE - opj_decompress -i @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx - opj_decompress -i @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch deleted file mode 100644 index 6c083be123..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch +++ /dev/null @@ -1,38 +0,0 @@ -https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch -http://openwall.com/lists/oss-security/2017/09/06/2 - -From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Tue, 15 Aug 2017 11:55:58 +0200 -Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in - opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985) - ---- - src/lib/openjp2/j2k.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c -index a2521ebbc..54b490a8c 100644 ---- a/src/lib/openjp2/j2k.c -+++ b/src/lib/openjp2/j2k.c -@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters, - - /* Precincts */ - parameters->csty |= 0x01; -- parameters->res_spec = parameters->numresolution - 1; -- for (i = 0; i < parameters->res_spec; i++) { -- parameters->prcw_init[i] = 256; -- parameters->prch_init[i] = 256; -+ if (parameters->numresolution == 1) { -+ parameters->res_spec = 1; -+ parameters->prcw_init[0] = 128; -+ parameters->prch_init[0] = 128; -+ } else { -+ parameters->res_spec = parameters->numresolution - 1; -+ for (i = 0; i < parameters->res_spec; i++) { -+ parameters->prcw_init[i] = 256; -+ parameters->prch_init[i] = 256; -+ } - } - - /* The progression order shall be CPRL */ diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch deleted file mode 100644 index 2bfc5a6a85..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch +++ /dev/null @@ -1,89 +0,0 @@ -https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a.patch -http://openwall.com/lists/oss-security/2017/09/06/3 - -From dcac91b8c72f743bda7dbfa9032356bc8110098a Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Wed, 16 Aug 2017 17:09:10 +0200 -Subject: [PATCH] opj_j2k_write_sot(): fix potential write heap buffer overflow - (#991) - ---- - src/lib/openjp2/j2k.c | 25 ++++++++++++++++++++----- - 1 file changed, 20 insertions(+), 5 deletions(-) - -diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c -index 54b490a8c..16915452e 100644 ---- a/src/lib/openjp2/j2k.c -+++ b/src/lib/openjp2/j2k.c -@@ -832,13 +832,15 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k, - * Writes the SOT marker (Start of tile-part) - * - * @param p_j2k J2K codec. -- * @param p_data FIXME DOC -- * @param p_data_written FIXME DOC -+ * @param p_data Output buffer -+ * @param p_total_data_size Output buffer size -+ * @param p_data_written Number of bytes written into stream - * @param p_stream the stream to write data to. - * @param p_manager the user event manager. - */ - static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, - OPJ_BYTE * p_data, -+ OPJ_UINT32 p_total_data_size, - OPJ_UINT32 * p_data_written, - const opj_stream_private_t *p_stream, - opj_event_mgr_t * p_manager); -@@ -4201,6 +4203,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k, - - static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, - OPJ_BYTE * p_data, -+ OPJ_UINT32 p_total_data_size, - OPJ_UINT32 * p_data_written, - const opj_stream_private_t *p_stream, - opj_event_mgr_t * p_manager -@@ -4214,6 +4217,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k, - OPJ_UNUSED(p_stream); - OPJ_UNUSED(p_manager); - -+ if (p_total_data_size < 12) { -+ opj_event_msg(p_manager, EVT_ERROR, -+ "Not enough bytes in output buffer to write SOT marker\n"); -+ return OPJ_FALSE; -+ } -+ - opj_write_bytes(p_data, J2K_MS_SOT, - 2); /* SOT */ - p_data += 2; -@@ -11480,7 +11489,8 @@ static OPJ_BOOL opj_j2k_write_first_tile_part(opj_j2k_t *p_j2k, - - l_current_nb_bytes_written = 0; - l_begin_data = p_data; -- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, -+ if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size, -+ &l_current_nb_bytes_written, p_stream, - p_manager)) { - return OPJ_FALSE; - } -@@ -11572,7 +11582,10 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k, - l_part_tile_size = 0; - l_begin_data = p_data; - -- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, -+ if (! opj_j2k_write_sot(p_j2k, p_data, -+ p_total_data_size, -+ &l_current_nb_bytes_written, -+ p_stream, - p_manager)) { - return OPJ_FALSE; - } -@@ -11615,7 +11628,9 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k, - l_part_tile_size = 0; - l_begin_data = p_data; - -- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream, -+ if (! opj_j2k_write_sot(p_j2k, p_data, -+ p_total_data_size, -+ &l_current_nb_bytes_written, p_stream, - p_manager)) { - return OPJ_FALSE; - } From 7006370e5970198706b8110ef39a31860300c49d Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 5 Oct 2017 20:26:38 +0200 Subject: [PATCH 15/21] gnu: vte-ng: Update to 0.50.1.a. * gnu/packages/gnome.scm (vte-ng): Update to 0.50.1.a. --- gnu/packages/gnome.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 653fdad7fd..fcd107af99 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -2053,7 +2053,7 @@ editors, IDEs, etc.") (package (inherit vte) (name "vte-ng") - (version "0.50.0.a") + (version "0.50.1.a") (native-inputs `(("gtk-doc" ,gtk-doc) ("gperf" ,gperf) @@ -2068,7 +2068,7 @@ editors, IDEs, etc.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0h5ifg6xpix074k445bmnd39mc75llrfkrsr9vw98dxa4rffxrgf")))) + "1r70jysdrc7r1vyn3mikpc8hh7rm4lpr0psakj8yssy11p451pja")))) (arguments `(#:configure-flags '("CXXFLAGS=-Wformat=0") #:phases (modify-phases %standard-phases From e5788ebbe1f45a1088249b9138de17b330609712 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 5 Oct 2017 22:15:19 +0200 Subject: [PATCH 16/21] publish: Cache uncompressed nars as well. Fixes . Reported by Maxim Cournoyer . * guix/scripts/publish.scm (bake-narinfo+nar): When COMPRESSION is 'none, write NAR instead of doing nothing. (make-request-handler): Use 'render-nar/cached' for /nar URLs with no compression. * tests/publish.scm ("with cache", "with cache, uncompressed"): Adjust expected result accordingly. --- guix/scripts/publish.scm | 15 ++++++++++----- tests/publish.scm | 4 ++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm index ade3c49a54..dd54f03996 100644 --- a/guix/scripts/publish.scm +++ b/guix/scripts/publish.scm @@ -484,9 +484,11 @@ requested using POOL." #:buffer-size (* 128 1024)) (rename-file (string-append nar ".tmp") nar)) ('none - ;; When compression is disabled, we retrieve files directly from the - ;; store; no need to cache them. - #t)) + ;; Cache nars even when compression is disabled so that we can + ;; guarantee the TTL (see .) + (with-atomic-file-output nar + (lambda (port) + (write-file item port))))) (mkdir-p (dirname narinfo)) (with-atomic-file-output narinfo @@ -788,8 +790,11 @@ blocking." ;; /nar/ ((components ... store-item) (if (nar-path? components) - (render-nar store request store-item - #:compression %no-compression) + (if cache + (render-nar/cached store cache request store-item + #:compression %no-compression) + (render-nar store request store-item + #:compression %no-compression)) (not-found request))) (x (not-found request))) diff --git a/tests/publish.scm b/tests/publish.scm index 31043f71fa..f33898fd58 100644 --- a/tests/publish.scm +++ b/tests/publish.scm @@ -340,7 +340,7 @@ FileSize: ~a~%" 200 ;nar/gzip/… #t ;Content-Length #t ;FileSize - 200) ;nar/… + 404) ;nar/… (call-with-temporary-directory (lambda (cache) (let ((thread (with-separate-output-ports @@ -393,7 +393,7 @@ FileSize: ~a~%" (let ((item (add-text-to-store %store "fake-compressed-thing.tar.gz" (random-text)))) (test-equal "with cache, uncompressed" - (list #f + (list #t `(("StorePath" . ,item) ("URL" . ,(string-append "nar/" (basename item))) ("Compression" . "none")) From 5ca4fe96969b5016e4e8a97131eb8b6b74f17620 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Mon, 7 Aug 2017 16:13:17 +0530 Subject: [PATCH 17/21] gnu: octave: Reference makeinfo with absolute path. * gnu/packages/maths.scm (octave)[arguments]: Add configure-makeinfo phase. [inputs]: Add texinfo. [native-inputs]: Remove texinfo. --- gnu/packages/maths.scm | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 9aa037838b..088f47f1d6 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -19,6 +19,7 @@ ;;; Copyright © 2017 ng0 ;;; Copyright © 2017 Ben Woodcroft ;;; Copyright © 2017 Theodoros Foradis +;;; Copyright © 2017 Arun Isaac ;;; ;;; This file is part of GNU Guix. ;;; @@ -1126,7 +1127,7 @@ can solve two kinds of problems: (license license:bsd-3))) ;; For a fully featured Octave, users are strongly recommended also to install -;; the following packages: texinfo, less, ghostscript, gnuplot. +;; the following packages: less, ghostscript, gnuplot. (define-public octave (package (name "octave") @@ -1158,6 +1159,7 @@ can solve two kinds of problems: ("glu" ,glu) ("zlib" ,zlib) ("curl" ,curl) + ("texinfo" ,texinfo) ("graphicsmagick" ,graphicsmagick))) (native-inputs `(("lzip" ,lzip) @@ -1172,14 +1174,23 @@ can solve two kinds of problems: ;; will still run without them, albeit without the features they ;; provide. ("less" ,less) - ("texinfo" ,texinfo) ("ghostscript" ,ghostscript) ("gnuplot" ,gnuplot))) (arguments `(#:configure-flags (list (string-append "--with-shell=" (assoc-ref %build-inputs "bash") - "/bin/sh")))) + "/bin/sh")) + #:phases + (modify-phases %standard-phases + (add-after 'configure 'configure-makeinfo + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "libinterp/corefcn/help.cc" + (("Vmakeinfo_program = \"makeinfo\"") + (string-append "Vmakeinfo_program = \"" + (assoc-ref inputs "texinfo") + "/bin/makeinfo\""))) + #t))))) (home-page "https://www.gnu.org/software/octave/") (synopsis "High-level language for numerical computation") (description "GNU Octave is a high-level interpreted language that is From b519d4626947443561b8a4d4163574b74fde5247 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 3 Oct 2017 15:40:41 +0200 Subject: [PATCH 18/21] gnu: tor: Fix typo. * gnu/packages/tor.scm (tor)[inputs]: Move unquote to its operand. --- gnu/packages/tor.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm index 12cb5e3a55..39c4ebcb9e 100644 --- a/gnu/packages/tor.scm +++ b/gnu/packages/tor.scm @@ -62,7 +62,7 @@ `(("zlib" ,zlib) ("openssl" ,openssl) ("libevent" ,libevent) - ("libseccomp", libseccomp))) + ("libseccomp" ,libseccomp))) (home-page "https://www.torproject.org/") (synopsis "Anonymous network router to improve privacy on the Internet") (description From 6c97f17fa1b56afd6c4b281837d1102c84b4022c Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 3 Oct 2017 14:49:37 +0200 Subject: [PATCH 19/21] gnu: tor: Enable directory protocol compression. * gnu/packages/tor.scm (tor)[native-inputs]: Add pkg-config. [inputs]: Add xz and zstd. --- gnu/packages/tor.scm | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm index 39c4ebcb9e..352e7f10a8 100644 --- a/gnu/packages/tor.scm +++ b/gnu/packages/tor.scm @@ -35,6 +35,7 @@ #:use-module (gnu packages linux) #:use-module (gnu packages compression) #:use-module (gnu packages pcre) + #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) #:use-module (gnu packages qt) #:use-module (gnu packages autotools) @@ -57,12 +58,15 @@ `(#:configure-flags (list "--enable-gcc-hardening" "--enable-linker-hardening"))) (native-inputs - `(("python" ,python-2))) ; for tests + `(("pkg-config" ,pkg-config) + ("python" ,python-2))) ; for tests (inputs `(("zlib" ,zlib) ("openssl" ,openssl) ("libevent" ,libevent) - ("libseccomp" ,libseccomp))) + ("libseccomp" ,libseccomp) + ("xz" ,xz) + ("zstd" ,zstd))) (home-page "https://www.torproject.org/") (synopsis "Anonymous network router to improve privacy on the Internet") (description From 4a79befe2cf944958f5b45be682bee290a64998f Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 6 Oct 2017 00:56:13 +0200 Subject: [PATCH 20/21] gnu: glade: Update to 3.20.1. * gnu/packages/gnome.scm (glade): Update to 3.20.1. --- gnu/packages/gnome.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index fcd107af99..a0a7cd329d 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -1055,7 +1055,7 @@ API add-ons to make GTK+ widgets OpenGL-capable.") (define-public glade3 (package (name "glade") - (version "3.20.0") + (version "3.20.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -1063,7 +1063,7 @@ API add-ons to make GTK+ widgets OpenGL-capable.") name "-" version ".tar.xz")) (sha256 (base32 - "1zhqvhagy0m85p54jfiayfl0v9af7g0lj7glw8sfwh7cbp56vnc2")))) + "1pxikhzdzd092d4x3nacf5gfzi3mvhywrhcfqc07xakbsinnfr40")))) (build-system glib-or-gtk-build-system) (arguments `(#:tests? #f ; needs X, GL, and software rendering From 8bde6a524e19d2bc9763b84dbf99959faf653bf8 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 6 Oct 2017 00:56:38 +0200 Subject: [PATCH 21/21] gnu: dconf: Update to 0.26.1. * gnu/packages/gnome.scm (dconf): Update to 0.26.1. --- gnu/packages/gnome.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index a0a7cd329d..50bd011e4b 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -2172,7 +2172,7 @@ and RDP protocols.") (define-public dconf (package (name "dconf") - (version "0.26.0") + (version "0.26.1") (source (origin (method url-fetch) (uri (string-append @@ -2181,7 +2181,7 @@ and RDP protocols.") name "-" version ".tar.xz")) (sha256 (base32 - "1jaqsr1r0grpd25rbsc2v3vb0sc51lia9w31wlqswgqsncp2k0w6")))) + "0da587hpiqy8h3pswn1102h4b905x8k6mk3ajpi7kf4kzkvv30ym")))) (build-system glib-or-gtk-build-system) (inputs `(("gtk+" ,gtk+)