Merge branch 'master' into staging

This commit is contained in:
Marius Bakke 2017-05-28 23:47:25 +02:00
commit 6f8cda185e
No known key found for this signature in database
GPG Key ID: A2A06DF2A33A54FA
47 changed files with 2416 additions and 1061 deletions

View File

@ -76,6 +76,7 @@ MODULES = \
guix/build-system/cmake.scm \
guix/build-system/dub.scm \
guix/build-system/emacs.scm \
guix/build-system/font.scm \
guix/build-system/asdf.scm \
guix/build-system/glib-or-gtk.scm \
guix/build-system/gnu.scm \
@ -101,6 +102,7 @@ MODULES = \
guix/build/cmake-build-system.scm \
guix/build/dub-build-system.scm \
guix/build/emacs-build-system.scm \
guix/build/font-build-system.scm \
guix/build/asdf-build-system.scm \
guix/build/git.scm \
guix/build/hg.scm \

View File

@ -218,6 +218,7 @@ Services
* Messaging Services:: Messaging services.
* Kerberos Services:: Kerberos services.
* Web Services:: Web servers.
* DNS Services:: DNS daemons.
* VPN Services:: VPN daemons.
* Network File System:: NFS related services.
* Continuous Integration:: The Cuirass service.
@ -3626,6 +3627,14 @@ package is installed in its own directory under
@file{share/emacs/site-lisp/guix.d}.
@end defvr
@defvr {Scheme Variable} font-build-system
This variable is exported by @code{(guix build-system font)}. It
implements an installation procedure for font packages where upstream
provides pre-compiled TrueType, OpenType, etc. font files that merely
need to be copied into place. It copies font files to standard
locations in the output directory.
@end defvr
Lastly, for packages that do not need anything as sophisticated, a
``trivial'' build system is provided. It is trivial in the sense that
it provides basically no support: it does not pull any implicit inputs,
@ -8737,6 +8746,7 @@ declaration.
* Messaging Services:: Messaging services.
* Kerberos Services:: Kerberos services.
* Web Services:: Web servers.
* DNS Services:: DNS daemons.
* VPN Services:: VPN daemons.
* Network File System:: NFS related services.
* Continuous Integration:: The Cuirass service.
@ -13520,6 +13530,414 @@ Whether the server should add its configuration to response.
@end table
@end deftp
@node DNS Services
@subsubsection DNS Services
@cindex DNS (domain name system)
@cindex domain name system (DNS)
The @code{(gnu services dns)} module provides services related to the
@dfn{domain name system} (DNS). It provides a server service for hosting
an @emph{authoritative} DNS server for multiple zones, slave or master.
This service uses @uref{https://www.knot-dns.cz/, Knot DNS}.
An example configuration of an authoritative server for two zones, one master
and one slave, is:
@lisp
(define-zone-entries example.org.zone
;; Name TTL Class Type Data
("@@" "" "IN" "A" "127.0.0.1")
("@@" "" "IN" "NS" "ns")
("ns" "" "IN" "A" "127.0.0.1"))
(define master-zone
(knot-zone-configuration
(domain "example.org")
(zone (zone-file
(origin "example.org")
(entries example.org.zone)))))
(define slave-zone
(knot-zone-configuration
(domain "plop.org")
(dnssec-policy "default")
(master (list "plop-master"))))
(define plop-master
(knot-remote-configuration
(id "plop-master")
(address (list "208.76.58.171"))))
(operating-system
;; ...
(services (cons* (service knot-service-type
(knot-confifguration
(remotes (list plop-master))
(zones (list master-zone slave-zone))))
;; ...
%base-services)))
@end lisp
@deffn {Scheme Variable} knot-service-type
This is the type for the Knot DNS server.
Knot DNS is an authoritative DNS server, meaning that it can serve multiple
zones, that is to say domain names you would buy from a registrar. This server
is not a resolver, meaning that it can only resolve names for which it is
authoritative. This server can be configured to serve zones as a master server
or a slave server as a per-zone basis. Slave zones will get their data from
masters, and will serve it as an authoritative server. From the point of view
of a resolver, there is no difference between master and slave.
The following data types are used to configure the Knot DNS server:
@end deffn
@deftp {Data Type} knot-key-configuration
Data type representing a key.
This type has the following parameters:
@table @asis
@item @code{id} (default: @code{""})
An identifier for other configuration fields to refer to this key. IDs must
be unique and must not be empty.
@item @code{algorithm} (default: @code{#f})
The algorithm to use. Choose between @code{#f}, @code{'hmac-md5},
@code{'hmac-sha1}, @code{'hmac-sha224}, @code{'hmac-sha256}, @code{'hmac-sha384}
and @code{'hmac-sha512}.
@item @code{secret} (default: @code{""})
The secret key itself.
@end table
@end deftp
@deftp {Data Type} knot-acl-configuration
Data type representing an Access Control List (ACL) configuration.
This type has the following parameters:
@table @asis
@item @code{id} (default: @code{""})
An identifier for ether configuration fields to refer to this key. IDs must be
unique and must not be empty.
@item @code{address} (default: @code{'()})
An ordered list of IP addresses, network subnets, or network ranges represented
with strings. The query must match one of them. Empty value means that
address match is not required.
@item @code{key} (default: @code{'()})
An ordered list of references to keys represented with strings. The string
must match a key ID defined in a @code{knot-key-configuration}. No key means
that a key is not require to match that ACL.
@item @code{action} (default: @code{'()})
An ordered list of actions that are permitted or forbidden by this ACL. Possible
values are lists of zero or more elements from @code{'transfer}, @code{'notify}
and @code{'update}.
@item @code{deny?} (default: @code{#f})
When true, the ACL defines restrictions. Listed actions are forbidden. When
false, listed actions are allowed.
@end table
@end deftp
@deftp {Data Type} zone-entry
Data type represnting a record entry in a zone file.
This type has the following parameters:
@table @asis
@item @code{name} (default: @code{"@@"})
The name of the record. @code{"@@"} refers to the origin of the zone. Names
are relative to the origin of the zone. For example, in the @code{example.org}
zone, @code{"ns.example.org"} actually refers to @code{ns.example.org.example.org}.
Names ending with a dot are absolute, which means that @code{"ns.example.org."}
refers to @code{ns.example.org}.
@item @code{ttl} (default: @code{""})
The Time-To-Live (TTL) of this record. If not set, the default TTL is used.
@item @code{class} (default: @code{"IN"})
The class of the record. Knot currently supports only @code{"IN"} and
partially @code{"CH"}.
@item @code{type} (default: @code{"A"})
The type of the record. Common types include A (IPv4 address), AAAA (IPv6
address), NS (Name Server) and MX (Mail eXchange). Many other types are
defined.
@item @code{data} (default: @code{""})
The data contained in the record. For instance an IP address associated with
an A record, or a domain name associated with an NS record. Remember that
domain names are relative to the origin unless they end with a dot.
@end table
@end deftp
@deftp {Data Type} zone-file
Data type representing the content of a zone file.
This type has the following parameters:
@table @asis
@item @code{entries} (default: @code{'()})
The list of entries. The SOA record is taken care of, so you don't need to
put it in the list of entries. This list should probably contain an entry
for your primary authoritative DNS server. Other than using a list of entries
directly, you can use @code{define-zone-entries} to define a object containing
the list of entries more easily, that you can later pass to the @code{entries}
field of the @code{zone-file}.
@item @code{origin} (default: @code{""})
The name of your zone. This parameter cannot be empty.
@item @code{ns} (default: @code{"ns"})
The domain of your primary authoritative DNS server. The name is relative to
the origin, unless it ends with a dot. It is mandatory that this primary
DNS server corresponds to an NS record in the zone and that it is associated
to an IP address in the list of entries.
@item @code{mail} (default: @code{"hostmaster"})
An email address people can contact you at, as the owner of the zone. This
is translated as @code{<mail>@@<origin>}.
@item @code{serial} (default: @code{1})
The serial number of the zone. As this is used to keep track of changes by
both slaves and resolvers, it is mandatory that it @emph{never} decreases.
Always increment it when you make a change in your zone.
@item @code{refresh} (default: @code{"2d"})
The frequency at which slaves will do a zone transfer. This value can be
a number of seconds or a number of some unit between:
@itemize
@item m: minute
@item h: hour
@item d: day
@item w: week
@end itemize
@item @code{retry} (default: @code{"15m"})
The period after which a slave will retry to contact its master when it fails
to do so a first time.
@item @code{expiry} (default: @code{"2w"})
Default TTL of records. Existing records are considered correct for at most
this amount of time. After this period, resolvers will invalidate their cache
and check again that it still exists.
@item @code{nx} (default: @code{"1h"})
Default TTL of inexistant records. This delay is usually short because you want
your new domains to reach everyone quickly.
@end table
@end deftp
@deftp {Data Type} knot-remote-configuration
Data type representing a remote configuration.
This type has the following parameters:
@table @asis
@item @code{id} (default: @code{""})
An identifier for other configuration fields to refer to this remote. IDs must
be unique and must not be empty.
@item @code{address} (default: @code{'()})
An ordered list of destination IP addresses. Addresses are tried in sequence.
An optional port can be given with the @@ separator. For instance:
@code{(list "1.2.3.4" "2.3.4.5@@53")}. Default port is 53.
@item @code{via} (default: @code{'()})
An ordered list of source IP addresses. An empty list will have Knot choose
an appropriate source IP. An optional port can be given with the @@ separator.
The default is to choose at random.
@item @code{key} (default: @code{#f})
A reference to a key, that is a string containing the identifier of a key
defined in a @code{knot-key-configuration} field.
@end table
@end deftp
@deftp {Data Type} knot-keystore-configuration
Data type representing a keystore to hold dnssec keys.
This type has the following parameters:
@table @asis
@item @code{id} (default: @code{""})
The id of the keystore. It must not be empty.
@item @code{backend} (default: @code{'pem})
The backend to store the keys in. Can be @code{'pem} or @code{'pkcs11}.
@item @code{config} (default: @code{"/var/lib/knot/keys/keys"})
The configuration string of the backend. An example for the PKCS#11 is:
@code{"pkcs11:token=knot;pin-value=1234 /gnu/store/.../lib/pkcs11/libsofthsm2.so"}.
For the pem backend, the string reprensents a path in the filesystem.
@end table
@end deftp
@deftp {Data Type} knot-policy-configuration
Data type representing a dnssec policy. Knot DNS is able to automatically
sign your zones. It can either generate and manage your keys automatically or
use keys that you generate.
Dnssec is usually implemented using two keys: a Key Signing Key (KSK) that is
used to sign the second, and a Zone Signing Key (ZSK) that is used to sign the
zone. In order to be trusted, the KSK needs to be present in the parent zone
(usually a top-level domain). If your registrar supports dnssec, you will
have to send them your KSK's hash so they can add a DS record in their zone.
This is not automated and need to be done each time you change your KSK.
The policy also defines the lifetime of keys. Usually, ZSK can be changed
easily and use weaker cryptographic functions (they use lower parameters) in
order to sign records quickly, so they are changed often. The KSK however
requires manual interaction with the registrar, so they are changed less often
and use stronger parameters because they sign only one record.
This type has the following parameters:
@table @asis
@item @code{id} (default: @code{""})
The id of the policy. It must not be empty.
@item @code{keystore} (default: @code{"default"})
A reference to a keystore, that is a string containing the identifier of a
keystore defined in a @code{knot-keystore-configuration} field. The
@code{"default"} identifier means the default keystore (a kasp database that
was setup by this service).
@item @code{manual?} (default: @code{#f})
Whether the key management is manual or automatic.
@item @code{single-type-signing?} (default: @code{#f})
When @code{#t}, use the Single-Type Signing Scheme.
@item @code{algorithm} (default: @code{"ecdsap256sha256"})
An algorithm of signing keys and issued signatures.
@item @code{ksk-size} (default: @code{256})
The length of the KSK. Note that this value is correct for the default
algorithm, but would be unsecure for other algorithms.
@item @code{zsk-size} (default: @code{256})
The length of the ZSK. Note that this value is correct for the default
algorithm, but would be unsecure for other algorithms.
@item @code{dnskey-ttl} (default: @code{'default})
The TTL value for DNSKEY records added into zone apex. The special
@code{'default} value means same as the zone SOA TTL.
@item @code{zsk-lifetime} (default: @code{"30d"})
The period between ZSK publication and the next rollover initiation.
@item @code{propagation-delay} (default: @code{"1d"})
An extra delay added for each key rollover step. This value should be high
enough to cover propagation of data from the master server to all slaves.
@item @code{rrsig-lifetime} (default: @code{"14d"})
A validity period of newly issued signatures.
@item @code{rrsig-refresh} (default: @code{"7d"})
A period how long before a signature expiration the signature will be refreshed.
@item @code{nsec3?} (default: @code{#f})
When @code{#t}, NSEC3 will be used instead of NSEC.
@item @code{nsec3-iterations} (default: @code{5})
The number of additional times the hashing is performed.
@item @code{nsec3-salt-length} (default: @code{8})
The length of a salt field in octets, which is appended to the original owner
name before hashing.
@item @code{nsec3-salt-lifetime} (default: @code{"30d"})
The validity period of newly issued salt field.
@end table
@end deftp
@deftp {Data Type} knot-zone-configuration
Data type representing a zone served by Knot.
This type has the following parameters:
@table @asis
@item @code{domain} (default: @code{""})
The domain served by this configuration. It must not be empty.
@item @code{file} (default: @code{""})
The file where this zone is saved. This parameter is ignored by master zones.
Empty means default location that depends on the domain name.
@item @code{zone} (default: @code{(zone-file)})
The content of the zone file. This parameter is ignored by slave zones. It
must contain a zone-file record.
@item @code{master} (default: @code{'()})
A list of master remotes. When empty, this zone is a master. When set, this
zone is a slave. This is a list of remotes identifiers.
@item @code{ddns-master} (default: @code{#f})
The main master. When empty, it defaults to the first master in the list of
masters.
@item @code{notify} (default: @code{'()})
A list of slave remote identifiers.
@item @code{acl} (default: @code{'()})
A list of acl identifiers.
@item @code{semantic-checks?} (default: @code{#f})
When set, this adds more semantic checks to the zone.
@item @code{disable-any?} (default: @code{#f})
When set, this forbids queries of the ANY type.
@item @code{zonefile-sync} (default: @code{0})
The delay between a modification in memory and on disk. 0 means immediate
synchronization.
@item @code{serial-policy} (default: @code{'increment})
A policy between @code{'increment} and @code{'unixtime}.
@end table
@end deftp
@deftp {Data Type} knot-configuration
Data type representing the Knot configuration.
This type has the following parameters:
@table @asis
@item @code{knot} (default: @code{knot})
The Knot package.
@item @code{run-directory} (default: @code{"/var/run/knot"})
The run directory. This directory will be used for pid file and sockets.
@item @code{listen-v4} (default: @code{"0.0.0.0"})
An ip address on which to listen.
@item @code{listen-v6} (default: @code{"::"})
An ip address on which to listen.
@item @code{listen-port} (default: @code{53})
A port on which to listen.
@item @code{keys} (default: @code{'()})
The list of knot-key-configuration used by this configuration.
@item @code{acls} (default: @code{'()})
The list of knot-acl-configuration used by this configuration.
@item @code{remotes} (default: @code{'()})
The list of knot-remote-configuration used by this configuration.
@item @code{zones} (default: @code{'()})
The list of knot-zone-configuration used by this configuration.
@end table
@end deftp
@node VPN Services
@subsubsection VPN Services
@cindex VPN (virtual private network)

View File

@ -236,7 +236,7 @@ Trailing spaces are trimmed."
;; <http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-119.pdf>.
(define (iso9660-superblock? sblock)
"Return #t when SBLOCK is a iso9660 superblock."
"Return #t when SBLOCK is an iso9660 volume descriptor."
(bytevector=? (sub-bytevector sblock 1 6)
;; Note: "\x01" is the volume descriptor format version
(string->utf8 "CD001\x01")))
@ -252,13 +252,14 @@ Trailing spaces are trimmed."
(_ (read-iso9660-primary-volume-descriptor device (+ offset 2048))))))
(define (read-iso9660-superblock device)
"Return the raw contents of DEVICE's iso9660 superblock as a bytevector, or
#f if DEVICE does not contain a iso9660 file system."
"Return the raw contents of DEVICE's iso9660 primary volume descriptor
as a bytevector, or #f if DEVICE does not contain an iso9660 file system."
;; Start reading at sector 16.
(read-iso9660-primary-volume-descriptor device (* 2048 16)))
(define (iso9660-superblock-uuid sblock)
"Return the modification time of a iso9660 superblock SBLOCK as a bytevector."
"Return the modification time of an iso9660 primary volume descriptor
SBLOCK as a bytevector."
;; Drops GMT offset for compatibility with Grub, blkid and /dev/disk/by-uuid.
;; Compare Grub: "2014-12-02-19-30-23-00".
;; Compare blkid result: "2014-12-02-19-30-23-00".

View File

@ -42,6 +42,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages.scm \
%D%/packages/abduco.scm \
%D%/packages/abiword.scm \
%D%/packages/accessibility.scm \
%D%/packages/acct.scm \
%D%/packages/acl.scm \
%D%/packages/admin.scm \
@ -321,6 +322,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/protobuf.scm \
%D%/packages/pv.scm \
%D%/packages/python.scm \
%D%/packages/tryton.scm \
%D%/packages/qemu.scm \
%D%/packages/qt.scm \
%D%/packages/ragel.scm \
@ -426,6 +428,7 @@ GNU_SYSTEM_MODULES = \
%D%/services/dbus.scm \
%D%/services/desktop.scm \
%D%/services/dict.scm \
%D%/services/dns.scm \
%D%/services/kerberos.scm \
%D%/services/lirc.scm \
%D%/services/mail.scm \
@ -595,6 +598,7 @@ dist_patch_DATA = \
%D%/packages/patches/freetype-CVE-2017-8105.patch \
%D%/packages/patches/freetype-CVE-2017-8287.patch \
%D%/packages/patches/fuse-overlapping-headers.patch \
%D%/packages/patches/gajim-CVE-2016-10376.patch \
%D%/packages/patches/gawk-shell.patch \
%D%/packages/patches/gcc-arm-bug-71399.patch \
%D%/packages/patches/gcc-arm-link-spec-fix.patch \
@ -639,11 +643,7 @@ dist_patch_DATA = \
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
%D%/packages/patches/gobject-introspection-cc.patch \
%D%/packages/patches/gobject-introspection-girepository.patch \
%D%/packages/patches/graphite2-CVE-2017-5436.patch \
%D%/packages/patches/graphite2-check-code-point-limit.patch \
%D%/packages/patches/graphite2-ffloat-store.patch \
%D%/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch \
%D%/packages/patches/graphite2-non-linear-classes-even-number.patch \
%D%/packages/patches/grep-timing-sensitive-test.patch \
%D%/packages/patches/gsl-test-i686.patch \
%D%/packages/patches/gspell-dash-test.patch \
@ -750,9 +750,6 @@ dist_patch_DATA = \
%D%/packages/patches/libtiff-CVE-2016-10093.patch \
%D%/packages/patches/libtiff-CVE-2016-10094.patch \
%D%/packages/patches/libtiff-CVE-2017-5225.patch \
%D%/packages/patches/libtiff-CVE-2017-7593.patch \
%D%/packages/patches/libtiff-CVE-2017-7594.patch \
%D%/packages/patches/libtiff-multiple-UBSAN-crashes.patch \
%D%/packages/patches/libtiff-assertion-failure.patch \
%D%/packages/patches/libtiff-divide-by-zero-ojpeg.patch \
%D%/packages/patches/libtiff-divide-by-zero-tiffcp.patch \
@ -931,6 +928,12 @@ dist_patch_DATA = \
%D%/packages/patches/python-dendropy-fix-tests.patch \
%D%/packages/patches/python-file-double-encoding-bug.patch \
%D%/packages/patches/python-fix-tests.patch \
%D%/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch \
%D%/packages/patches/python-genshi-buildable-on-python-2.7.patch \
%D%/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch \
%D%/packages/patches/python-genshi-fix-tests-on-python-3.5.patch \
%D%/packages/patches/python-genshi-isstring-helper.patch \
%D%/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch \
%D%/packages/patches/python-parse-too-many-fields.patch \
%D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \
%D%/packages/patches/python-statsmodels-fix-tests.patch \
@ -968,6 +971,7 @@ dist_patch_DATA = \
%D%/packages/patches/ruby-puma-ignore-broken-test.patch \
%D%/packages/patches/ruby-rack-ignore-failing-test.patch \
%D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
%D%/packages/patches/rxvt-unicode-escape-sequences.patch \
%D%/packages/patches/scheme48-tests.patch \
%D%/packages/patches/scotch-test-threading.patch \
%D%/packages/patches/screen-fix-info-syntax-error.patch \
@ -986,7 +990,7 @@ dist_patch_DATA = \
%D%/packages/patches/superlu-dist-scotchmetis.patch \
%D%/packages/patches/swish-e-search.patch \
%D%/packages/patches/swish-e-format-security.patch \
%D%/packages/patches/synfig-build-fix.patch \
%D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch \
%D%/packages/patches/t1lib-CVE-2010-2642.patch \
%D%/packages/patches/t1lib-CVE-2011-0764.patch \
%D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \

View File

@ -0,0 +1,78 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 ng0 <ng0@no-reply.pragmatique.xyz>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages accessibility)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system glib-or-gtk)
#:use-module (gnu packages)
#:use-module (gnu packages xml)
#:use-module (gnu packages gnome)
#:use-module (gnu packages gstreamer)
#:use-module (gnu packages gtk)
#:use-module (gnu packages xorg)
#:use-module (gnu packages gettext)
#:use-module (gnu packages glib)
#:use-module (gnu packages pkg-config))
(define-public florence
(package
(name "florence")
(version "0.6.3")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/florence/florence/" version
"/" name "-" version ".tar.bz2"))
(sha256
(base32
"07h9qm22krlwayhzvc391lr23vicw81s48g7rirvx1fj0zyr4aa2"))))
(build-system glib-or-gtk-build-system)
(arguments
`(#:configure-flags (list "--with-xtst"
"--without-docs"
"--with-notification")))
(inputs
`(("libxml2" ,libxml2)
("libglade" ,libglade)
("librsvg" ,librsvg)
("gstreamer" ,gstreamer)
("cairo" ,cairo)
("gtk+" ,gtk+)
("libxtst" ,libxtst)
("libxcomposite" ,libxcomposite)
("libnotify" ,libnotify)))
(native-inputs
`(("gettext-minimal" ,gettext-minimal)
("intltool" ,intltool)
("pkg-config" ,pkg-config)))
(home-page "http://florence.sourceforge.net/")
(synopsis "Extensible, scalable virtual keyboard for X11")
(description
"Florence is an extensible scalable virtual keyboard for X11.
It is useful for people who can't use a real hardware keyboard (for
example for people with disabilities), but you must be able to use
a pointing device (as a mouse, a trackball, a touchscreen or opengazer).
Florence stays out of your way when you don't need it: it appears on the
screen only when you need it. A timer-based auto-click input method is
available to help to click.")
;; The documentation is under FDL1.2, but we do not install the
;; documentation.
(license license:gpl2+)))

View File

@ -132,7 +132,7 @@ solve the shortest vector problem.")
(define-public pari-gp
(package
(name "pari-gp")
(version "2.9.1")
(version "2.9.2")
(source (origin
(method url-fetch)
(uri (string-append
@ -140,7 +140,7 @@ solve the shortest vector problem.")
version ".tar.gz"))
(sha256
(base32
"0rq7wz9df1xs4acdzzb5dapx8vs6m5py39n2wynw2qv4d2b0ylfw"))))
"0zi08qz9nk17wwdna4xb2vp3i3mh5sgv1y8wqbf0j2sfryxlr8ls"))))
(build-system gnu-build-system)
(native-inputs `(("texlive" ,texlive-minimal)))
(inputs `(("gmp" ,gmp)

View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
@ -23,6 +23,7 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages algebra)
#:use-module (gnu packages boost)
#:use-module (gnu packages compression)
#:use-module (gnu packages fontutils)
@ -38,15 +39,15 @@
(define-public etl
(package
(name "etl")
(version "0.04.19")
(version "0.04.22")
(source (origin
(method url-fetch)
;; Keep this synchronized with the synfig release version.
(uri (string-append "mirror://sourceforge/synfig/releases/"
"1.0.2/source/ETL-" version ".tar.gz"))
"1.2.0/source/ETL-" version ".tar.gz"))
(sha256
(base32
"070c70slizrklq1gbgja8m49xfmq65wlcd6hz6418cpx0wd4r55s"))))
"0ii73nsd3xzkhz6w1rnxwphl637j9w82xiy6apa9vin2isdynnmc"))))
(build-system gnu-build-system)
(home-page "http://www.synfig.org")
(synopsis "Extended C++ template library")
@ -59,7 +60,7 @@ C++ @dfn{Standard Template Library} (STL).")
(define-public synfig
(package
(name "synfig")
(version "1.0.2")
(version "1.2.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/synfig/releases/"
@ -67,8 +68,7 @@ C++ @dfn{Standard Template Library} (STL).")
".tar.gz"))
(sha256
(base32
"1d3z2r78j3rkff47q3wl0ami69y3l4nyi5r9zclymb8ar7mgkk9l"))
(patches (search-patches "synfig-build-fix.patch"))))
"1gqx4gn4c73rqwhsgzx0a460gr9hadmi28csp75rx30qavqsj7k1"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
@ -90,16 +90,6 @@ C++ @dfn{Standard Template Library} (STL).")
(("remove_child\\(") "remove_node("))
(substitute* "src/modules/mod_svg/svg_parser.cpp"
(("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList"))
#t))
(add-after 'unpack 'fix-isnan-error
(lambda _
(substitute* "src/synfig/time.cpp"
(("return !::isnan") "return !std::isnan"))
#t))
(add-before 'configure 'set-flags
(lambda _
;; Compile with C++11, required by libsigc++.
(setenv "CXXFLAGS" "-D__STDC_CONSTANT_MACROS -std=gnu++11")
#t)))))
(inputs
`(("boost" ,boost)
@ -110,11 +100,12 @@ C++ @dfn{Standard Template Library} (STL).")
("libmng" ,libmng)
("zlib" ,zlib)))
;; synfig.pc lists the following as required: Magick++ freetype2
;; fontconfig OpenEXR ETL glibmm-2.4 giomm-2.4 libxml++-3.0 sigc++-2.0
;; fontconfig fftw OpenEXR ETL glibmm-2.4 giomm-2.4 libxml++-3.0 sigc++-2.0
;; cairo pango pangocairo mlt++
(propagated-inputs
`(("cairo" ,cairo)
("etl" ,etl)
("fftw" ,fftw)
("fontconfig" ,fontconfig)
("freetype" ,freetype)
("glibmm" ,glibmm)
@ -137,7 +128,7 @@ for tweening, preventing the need to hand-draw each frame.")
(define-public synfigstudio
(package
(name "synfigstudio")
(version "1.0.2")
(version "1.2.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/synfig/releases/"
@ -145,27 +136,17 @@ for tweening, preventing the need to hand-draw each frame.")
".tar.gz"))
(sha256
(base32
"1xa74dlgkpjn0gzdcs0x25z7wg0806v2wygvvi73f7sn1fm88ig4"))
"0fbckfbw8dzf0m2wv7vlmw492k1dqa3zf510z019d0as3zpnp6qm"))
(modules '((guix build utils)))
(snippet
'(begin
(substitute* "src/synfigapp/pluginmanager.cpp"
(("xmlpp::Node\\* n =") "const xmlpp::Node* n =")
(("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList"))
;; Some files are ISO-8859-1 encoded.
(with-fluids ((%default-port-encoding #f))
(substitute* (find-files "src/" "\\.(cpp|h)$")
(("#include <sigc\\+\\+/retype\\.h>")
"#include <sigc++/adaptors/retype.h>")
(("#include <sigc\\+\\+/hide\\.h>")
"#include <sigc++/adaptors/hide.h>")
(("#include <sigc\\+\\+/object\\.h>")
"#include <sigc++/trackable.h>")))
#t))))
#t))
(patches
(search-patches "synfigstudio-fix-ui-with-gtk3.patch"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list "CXXFLAGS=-std=gnu++11")))
(inputs
`(("gtkmm" ,gtkmm)
("libsigc++" ,libsigc++)

View File

@ -2093,7 +2093,7 @@ identify enrichments with functional annotations of the genome.")
(define-public diamond
(package
(name "diamond")
(version "0.9.1")
(version "0.9.2")
(source (origin
(method url-fetch)
(uri (string-append
@ -2102,7 +2102,7 @@ identify enrichments with functional annotations of the genome.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"062943yk3mp23jpcawamkh1zawx9br95l7w178v0kyr863v4p5a1"))))
"03dam11dmrg6f2zsmdbqwzwkmnq5krlckh1acgarw91gcz2nhbpj"))))
(build-system cmake-build-system)
(arguments
'(#:tests? #f ; no "check" target

View File

@ -1228,6 +1228,37 @@ or XEmacs.")
the Emacs buffer.")
(license license:gpl3+)))
(define-public emacs-direnv
(package
(name "emacs-direnv")
(version "1.2.0")
(source
(origin
(method url-fetch)
(uri (string-append
"https://github.com/wbolster/emacs-direnv/archive/"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"0m9nxawklhiiysyibzzhh2zkxgq1fskqvaqb06f7r8dnhabfy9fr"))))
(build-system emacs-build-system)
(propagated-inputs
`(("dash" ,emacs-dash)
("with-editor" ,emacs-with-editor)))
(home-page "https://github.com/wbolster/emacs-direnv")
(synopsis "Direnv integration for Emacs")
(description
"This package provides support for invoking direnv to get the environment
for the current file and updating the environment within Emacs to match.
Direnv can be invoked manually, and a global minor mode is included that will
update the environment when the active buffer changes.
Using emacs-direnv means that programs started from Emacs will use the
environment set through Direnv.")
(license license:gpl3+)))
(define-public emacs-google-maps
(package
(name "emacs-google-maps")
@ -4587,9 +4618,12 @@ It should enable you to implement low-level X11 applications.")
TryExec=~@*~a~@
Type=Application~%" ,name ,synopsis exwm-executable)))
;; Add a shell wrapper to bin
;; Set DISPLAY variable to work around
;; https://github.com/ch11ng/exwm/issues/213
(with-output-to-file exwm-executable
(lambda _
(format #t "#!~a ~@
export DISPLAY=:0 ~@
~a +SI:localuser:$USER ~@
exec ~a --exit-with-session ~a \"$@\" --eval '~s' ~%"
(string-append (assoc-ref inputs "bash") "/bin/sh")
@ -4877,3 +4911,31 @@ running tests easier.")
pair of minor modes which suppress all mouse events by intercepting them and
running a customisable handler command (@code{ignore} by default). ")
(license license:gpl3+)))
(define-public emacs-restclient
(let ((commit "07a3888bb36d0e29608142ebe743b4362b800f40")
(revision "1")) ;Guix package revision,
;upstream doesn't have official releases
(package
(name "emacs-restclient")
(version (string-append revision "."
(string-take commit 7)))
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/pashky/restclient.el.git")
(commit commit)))
(sha256
(base32
"00lmjhb5im1kgrp54yipf1h9pshxzgjlg71yf2rq5n973gvb0w0q"))
(file-name (git-file-name name version))))
(build-system emacs-build-system)
(propagated-inputs
`(("emacs-helm" ,emacs-helm)))
(home-page "https://github.com/pashky/restclient.el")
(synopsis "Explore and test HTTP REST webservices")
(description
"This tool allows for testing and exploration of HTTP REST Web services
from within Emacs. Restclient runs queries from a plan-text query sheet,
displays results pretty-printed in XML or JSON with @code{restclient-mode}")
(license license:public-domain))))

View File

@ -42,6 +42,7 @@
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system font)
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
#:use-module (gnu packages base)
@ -64,18 +65,7 @@
(sha256
(base32
"06js6znbcf7swn8y3b8ki416bz96ay7d3yvddqnvi88lqhbfcq8m"))))
(build-system trivial-build-system)
(arguments
`(#:modules ((guix build utils))
#:builder (begin
(use-modules (guix build utils))
(let ((font-dir (string-append %output
"/share/fonts/opentype"))
(source (assoc-ref %build-inputs "source")))
(mkdir-p font-dir)
(copy-file source
(string-append font-dir "/" "inconsolata.otf"))))))
(native-inputs `(("source" ,source)))
(build-system font-build-system)
(home-page "http://levien.com/type/myfonts/inconsolata.html")
(synopsis "Monospace font")
(description "A monospace font, designed for code listings and the like,
@ -94,34 +84,7 @@ in print. With attention to detail for high resolution rendering.")
(sha256
(base32
"0hjvq2x758dx0sfwqhzflns0ns035qm7h6ygskbx1svzg517sva5"))))
(build-system trivial-build-system)
(arguments
`(#:modules ((guix build utils))
#:builder (begin
(use-modules (guix build utils)
(srfi srfi-26))
(let ((PATH (string-append (assoc-ref %build-inputs
"unzip")
"/bin"))
(font-dir (string-append %output
"/share/fonts/truetype"))
(doc-dir (string-append %output "/share/doc/"
,name "-" ,version)))
(setenv "PATH" PATH)
(system* "unzip" (assoc-ref %build-inputs "source"))
(mkdir-p font-dir)
(mkdir-p doc-dir)
(chdir (string-append "ubuntu-font-family-" ,version))
(for-each (lambda (ttf)
(install-file ttf font-dir))
(find-files "." "\\.ttf$"))
(for-each (lambda (doc)
(install-file doc doc-dir))
(find-files "." "\\.txt$"))))))
(native-inputs `(("source" ,source)
("unzip" ,unzip)))
(build-system font-build-system)
(home-page "http://font.ubuntu.com/")
(synopsis "The Ubuntu Font Family")
(description "The Ubuntu Font Family is a unique, custom designed font
@ -145,42 +108,15 @@ TrueType (TTF) files.")
(base32
"1mqpds24wfs5cmfhj57fsfs07mji2z8812i5c4pi5pbi738s977s"))))
(build-system trivial-build-system)
(build-system font-build-system)
(arguments
`(#:modules ((guix build utils))
#:builder (begin
(use-modules (guix build utils))
(let ((tar (string-append (assoc-ref %build-inputs
"tar")
"/bin/tar"))
(PATH (string-append (assoc-ref %build-inputs
"bzip2")
"/bin"))
(font-dir (string-append
%output "/share/fonts/truetype"))
(conf-dir (string-append
%output "/share/fontconfig/conf.avail"))
(doc-dir (string-append
%output "/share/doc/" ,name "-" ,version)))
(setenv "PATH" PATH)
(system* tar "xvf" (assoc-ref %build-inputs "source"))
(mkdir-p font-dir)
(mkdir-p conf-dir)
(mkdir-p doc-dir)
(chdir (string-append "dejavu-fonts-ttf-" ,version))
(for-each (lambda (ttf)
(install-file ttf font-dir))
(find-files "ttf" "\\.ttf$"))
(for-each (lambda (conf)
(install-file conf conf-dir))
(find-files "fontconfig" "\\.conf$"))
(for-each (lambda (doc)
(install-file doc doc-dir))
(find-files "." "\\.txt$|^[A-Z][A-Z]*$"))))))
(native-inputs `(("source" ,source)
("tar" ,tar)
("bzip2" ,bzip2)))
`(#:phases
(modify-phases %standard-phases
(add-after 'install 'install-conf
(lambda* (#:key outputs #:allow-other-keys)
(let ((conf-dir (string-append (assoc-ref outputs "out")
"/share/fontconfig/conf.avail")))
(copy-recursively "fontconfig" conf-dir)))))))
(home-page "http://dejavu-fonts.org/")
(synopsis "Vera font family derivate with additional characters")
(description "DejaVu provides an expanded version of the Vera font family
@ -204,38 +140,7 @@ provide serif, sans and monospaced variants.")
(sha256
(base32
"1p3qs51x5327gnk71yq8cvmxc6wgx79sqxfvxcv80cdvgggjfnyv"))))
(build-system trivial-build-system)
(arguments
`(#:modules ((guix build utils))
#:builder (begin
(use-modules (guix build utils)
(srfi srfi-26))
(let ((tar (string-append (assoc-ref %build-inputs
"tar")
"/bin/tar"))
(PATH (string-append (assoc-ref %build-inputs
"bzip2")
"/bin"))
(font-dir (string-append %output
"/share/fonts/truetype"))
(doc-dir (string-append %output "/share/doc/"
,name "-" ,version)))
(setenv "PATH" PATH)
(system* tar "xvf" (assoc-ref %build-inputs "source"))
(mkdir-p font-dir)
(mkdir-p doc-dir)
(chdir (string-append "ttf-bitstream-vera-" ,version))
(for-each (lambda (ttf)
(install-file ttf font-dir))
(find-files "." "\\.ttf$"))
(for-each (lambda (doc)
(install-file doc doc-dir))
(find-files "." "\\.TXT$"))))))
(native-inputs `(("source" ,source)
("tar" ,tar)
("bzip2" ,bzip2)))
(build-system font-build-system)
(home-page "http://www.gnome.org/fonts/")
(synopsis "Bitstream Vera sans-serif typeface")
(description "Vera is a sans-serif typeface from Bitstream, Inc. This

View File

@ -415,22 +415,17 @@ and returns a sequence of positioned glyphids from the font.")
(package
(inherit graphite2)
(name "graphite2")
(version "1.3.9")
(replacement #f)
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/silnrsi/graphite/releases/"
"download/" version "/" name "-" version ".tgz"))
(patches (search-patches
"graphite2-ffloat-store.patch"
"graphite2-check-code-point-limit.patch"
"graphite2-CVE-2017-5436.patch"
"graphite2-fix-32-bit-wrap-arounds.patch"
"graphite2-non-linear-classes-even-number.patch"))
(uri (let ((version "1.3.10"))
(string-append "https://github.com/silnrsi/graphite/releases/"
"download/" version "/" name "-" version ".tgz")))
(patches (search-patches "graphite2-ffloat-store.patch"))
(sha256
(base32
"0rs5h7m340z75kygx8d72cps0q6yvvqa9i788vym7585cfv8a0gc"))))))
"1bm1rl2ww0m8rvmknh8fpajyz9xqv43qs9qrzf7xd5gaz6rf7zch"))))))
(define-public potrace
(package

View File

@ -451,7 +451,61 @@ standards.")
(mozilla-patch "icecat-bug-1346012.patch" "1ce6d0652921" "163ji64a86h682frh1jq016w1mjf8g24r8cni0irsdmiihis7zxc")
(mozilla-patch "icecat-bug-1324140.patch" "8886f9cd5dd3" "0byabs9md8r3pc4r67sv2759427n1za0gfayln40nx47n2p52kmg")
(mozilla-patch "icecat-bug-1342552.patch" "ad995e90916b" "02nq9sg675p26z99nr2pykbz51hi2phf0gmrb1bjpq9pjbll7gsa")
(mozilla-patch "icecat-bug-1355039.patch" "4ae71415fecf" "0yfkkdkkimad9a3w734xx85lb7hrl870c8k8an7w78fq3vl3fjnd")))
(mozilla-patch "icecat-bug-1355039.patch" "4ae71415fecf" "0yfkkdkkimad9a3w734xx85lb7hrl870c8k8an7w78fq3vl3fjnd")
(mozilla-patch "icecat-bug-1363396.patch" "24cbb7f2e0ff" "006f0zhz5nxs72q9plwzhq4l79b47svzizvv510m5g2krsfrccza")
(mozilla-patch "icecat-bug-1356558.patch" "89c7fb6c5be3" "19650nmc4vn1prbpn5h06kz9d1al279xkc23v39577h4zhdrknkj")
(mozilla-patch "icecat-bug-1337810.patch" "0f6dd3564c76" "1sxajqh6r7fjs45xhvjwg94smpvyvplh3rdvq11d3q5m9v4kg7mz")
(mozilla-patch "icecat-bug-1347748.patch" "145905da25d3" "0c2q9f000snpm9x0qda2y0awrsm313iwxbv0kh33ca0kpza49a76")
(mozilla-patch "icecat-bug-1345355.patch" "c5012009a0b2" "0m772bgrwb8iwv2bdgx694ybg5wgbf58xg5v245x0p7gwhgwiwmr")
(mozilla-patch "icecat-bug-1351340.patch" "047f19a1b9a0" "0qjnhybibs3cpcba3ga4g7d4c0w716xa9jf87y2ir8yz7dw1f9vl")
(mozilla-patch "icecat-bug-1056322.patch" "f076a30f6c29" "0xgskjl6zmxi3v4l0f3wlas0qb2403fin5lv1hi3jf2142ihpaml")
(mozilla-patch "icecat-bug-1355414.patch" "28e09d4ac3e9" "06clr2kwz28nyjlj13y036x6rxwh6frdh11aq6kbm1nj6s01i9zl")
(mozilla-patch "icecat-bug-1313977.patch" "4c0b09f70aea" "04jq1xrlhj04n5bgh93xkbqwnh01pswfjhv81zk7i87c7xz6h92q")
(mozilla-patch "icecat-bug-1357366.patch" "0b855945ce34" "0va8kqlgx6qhq2qrawkcm66kqrwwpmxblyjp3c7ifplxd0j0ijaf")
(mozilla-patch "icecat-bug-1338574-pt0.patch" "243d7bffa4f1" "1d1v68amhnygc0g4w1afs374pjs7z5fx5inyq8idawbh4kxfncq7")
(mozilla-patch "icecat-bug-1338574-pt1.patch" "337398a83aa5" "1141n7dhy9rh70sww8v58cbkba74xm5i75j1sgm5qwvkhh69qr5h")
(mozilla-patch "icecat-bug-1338574-pt2.patch" "50e120d7ac64" "0dbcaq27vsjlh7vm30c88rlhkx8c1195rnr01six40mymh09rhym")
(mozilla-patch "icecat-bug-1338574-pt3.patch" "2d4da5a366e8" "1761npkpw5zsm4q8rzfrg8m1ayrf8c857iq3vdd8rbqcswzv6xq0")
(mozilla-patch "icecat-bug-1338574-pt4.patch" "b10d9b0c187f" "044zq9gzw4v5r3ki8dwfjg9dznai0jch29y0xrxzb2rfr6yvx0sb")
(mozilla-patch "icecat-bug-1338574-pt5.patch" "697713a6841c" "1m9q4rh4ny945xsx3p3f5bg1izs9q58d71la5drj31z6kvbhnsi2")
(mozilla-patch "icecat-bug-1338574-pt6.patch" "1d14abf37cf8" "1xyja9hjb7qfqi7kh85bw5nxkhyzw1rijjhnh5pgr5z0v718kjyc")
(mozilla-patch "icecat-bug-1338574-pt7.patch" "5e85bc599d0c" "1pmhs3hmhkgj6q19padcbpi5qvgnhx6ib09zpcwxr8ll6lllxhig")
(mozilla-patch "icecat-bug-1152353.patch" "d893dea8e7b4" "1pbayv7np6z7hlkk1dhvx3ppkni7f8n3cz8hs67l3nssw214c1ih")
(mozilla-patch "icecat-bug-1345893.patch" "3a747480ead1" "0sxd23y9g77mx5indjs9isxnnrkin835qrh6dn62dlvbll8lgqi2")
(mozilla-patch "icecat-bug-1343172.patch" "c7b064f6b93a" "1sh10j3h8cnqi3rpr70lv2yz14zhy1v9ms4f64fmrbjlz7q09j6q")
(mozilla-patch "icecat-bug-1352348.patch" "1d86e96610a1" "02ybn2608v57pjh8kjgnhkg157asawjk5xia59qb63m5vfvrinwv")
(mozilla-patch "icecat-bug-1354308.patch" "c8ba3f911eb1" "0w70b8dmvqjn1d8sphfkwnbwii8nh2q5k48clkvbhn7kpc2890mi")
(mozilla-patch "icecat-bug-1335904.patch" "366cdd623cfb" "0gcmld4bplaakx6d50gw223lg1jjcni7866q1f2hxm0h1r9wwd3k")
(mozilla-patch "icecat-bug-1355340.patch" "6b174b41fa44" "0zdgfy0zsrs3cvfkmrhxw0mrfibpnb58xp3z8fapx5ja59wmcabs")
(mozilla-patch "icecat-bug-1360574-pt1.patch" "237eee780619" "1iw6z762zdc42kwjvv58a2cjc0s4kzwwy7838apl7y7cq85g0jg2")
(mozilla-patch "icecat-bug-1360574-pt2.patch" "46a5a4aac189" "1i553f9qvav0fn5avbp8912995pqbhzbzamxxfz8gn2ik17y3xly")
(mozilla-patch "icecat-bug-1358776.patch" "bd35fa23f79a" "12nicgwhcn63knmlcl0c2askn9sj35bfclaab3826pkd9yq5g4p5")
(mozilla-patch "icecat-bug-1362590.patch" "c1314a709b41" "0klgrcyc20fig6rbm9znjpcnfsz6xnlp1v03fbvaww0riy2qm42k")
(mozilla-patch "icecat-bug-1359859.patch" "e38948fb79d6" "1sfyc5s9ndv6q72k8n9x0rvj4sz40k51iljrs42gwykzkjm2fx5m")
(mozilla-patch "icecat-bug-1342057.patch" "278bef1d7a64" "0zk18s9pnbwz9ankmc9mj4197s55j1jvax04ansqymmmc3a5ciif")
(mozilla-patch "icecat-bug-1325513.patch" "218e0963406f" "0wqms5nany4sx2g4p01lbam7la2dyazz87dhv5hcsf8ifxrfww11")
(mozilla-patch "icecat-bug-1304566.patch" "188e39630fcd" "1bfxfgj5ywx4bcf91kwyrjh5ppiv59gadx4445achyabdi639l8d")
(mozilla-patch "icecat-bug-1356601.patch" "8191e403fedf" "1k4zmq0923f5dc3dwbz1q0bkcbm90ldwkczym366hgwadb2305nd")
(mozilla-patch "icecat-bug-1334097.patch" "fe2a2c7e88cb" "1rppaivaddigwk65krn8m9f9mcdkiiv28ws9n9zj62n0rc1shyvc")
(mozilla-patch "icecat-bug-1359051.patch" "8d7dbe5c6587" "14zh74bbld4s0jy0a48fi9acxkc236mh9wjid3vrf72yj6bi5xnp")
(mozilla-patch "icecat-bug-1359697.patch" "ca2b5274549f" "1ns7v70i1hfkxqnjhf9fp0lk9095hdcllg94j3dl1nfaif4w6vbf")
(mozilla-patch "icecat-bug-1343256.patch" "a30dd7dd6617" "1k078176fp8vz871wirjz9d3yx9l2lfl8p75c4905n3j3zv2297q")
(mozilla-patch "icecat-bug-1349310.patch" "81b3ce7d37b3" "0ad0wqczy4kpggj6m3b8bzxi6ax340mik1mfawhkq89a1h2sfpxv")
(mozilla-patch "icecat-bug-1356179.patch" "66d8893f37f0" "0izl31lagvdv4qpb9gkjxvgpmxzw50x5bviap4l7bbnb56cv7d8p")
(mozilla-patch "icecat-bug-1365602.patch" "aad883966edd" "058axnrwrbvy2h9r9pb766lyky45hb92rap142sbp17yz0sxfmww")
(mozilla-patch "icecat-bug-1355520.patch" "7ca2d8839f7a" "1xbmpvr2x720x9ghd5wgbg6lknbnhcyqmkkfamdf97mqcyizyr21")
(mozilla-patch "icecat-bug-1358469.patch" "4d432638c0f9" "0qpjmwik3dryjwmgfwmkqk0rs9rb2lafb2k9fc3pkjnrq5y0l9xg")
(mozilla-patch "icecat-bug-1356025.patch" "f5967db0a0f3" "045wbvkm21kbm314dd6lbq2disiaf26kmsxi6brf442fd0028gwq")
(mozilla-patch "icecat-bug-1345910.patch" "ec6b6720e54e" "0lm15jl46mdlsds6947jsiyvhf9agb8hcdrqj2svc3kn9kzvyr2n")
(mozilla-patch "icecat-bug-1359639.patch" "a4f8d8a12afa" "0d7sjc21af074rvgvijj42gmpjvcb1v1zlpgb3s7ky7w6wjr35vx")
(mozilla-patch "icecat-bug-1357090.patch" "d07f24a72ce4" "1qbwska76b2zslb95wnx9v04znb6k9fqylr4ajyfqpwk1sr363hg")
(mozilla-patch "icecat-bug-1364283.patch" "a6caa7628e36" "1yv5f4h8js9bry9krcx130w6ic8rdmmq4fap6va24kfx8qflg70h")
(mozilla-patch "icecat-bug-1237868.patch" "41138235d4ea" "0mcj4x2kmagwf5hp8xhczf04sxm995pk1zarc9yffk84z7fcrxkj")
(mozilla-patch "icecat-bug-1331335.patch" "b724283e3b31" "1xbb1vcdzfpcmrmxm8ihwzslh2vz15k0k601nvyhh6vgx270h1wn")
(mozilla-patch "icecat-bug-1367267.patch" "4c2f4d8b693e" "1hrndhfnz0vnjnspwh5mbvgl2j8d1cs62awp04wx2w6z4l4wrmbv")
(mozilla-patch "icecat-bug-1366595.patch" "cce3fd607206" "1z97jw8jpfyx61jxf0j8nsplnna2c5bwihwnl9cvlc2cspp3kgp5")
(mozilla-patch "icecat-bug-1349266.patch" "dc4e3c64d781" "1zd666k4qpdamly3av09k602pmirjcs9l6la6ba0qq9w9vfan3g5")
(mozilla-patch "icecat-bug-1366140.patch" "379c348250e8" "0kvsyhi9j3bjx14ffr13dslqp8ghcgrz6ds2fikdkrrrk4syskd5")))
(modules '((guix build utils)))
(snippet
'(begin

View File

@ -335,7 +335,7 @@ extracting icontainer icon files.")
(define-public libtiff
(package
(name "libtiff")
(replacement libtiff/fixed)
(replacement libtiff-4.0.8)
(version "4.0.7")
(source (origin
(method url-fetch)
@ -384,18 +384,18 @@ collection of tools for doing simple manipulations of TIFF images.")
"See COPYRIGHT in the distribution."))
(home-page "http://www.simplesystems.org/libtiff/")))
(define libtiff/fixed
(define libtiff-4.0.8
(package
(inherit libtiff)
(version "4.0.8")
(source
(origin
(inherit (package-source libtiff))
(patches
(append
(origin-patches (package-source libtiff))
(search-patches "libtiff-CVE-2017-7593.patch"
"libtiff-CVE-2017-7594.patch"
"libtiff-multiple-UBSAN-crashes.patch")))))))
(method url-fetch)
(uri (string-append "http://download.osgeo.org/libtiff/tiff-"
version ".tar.gz"))
(sha256
(base32
"0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))))
(define-public libwmf
(package

View File

@ -421,7 +421,7 @@ and corrections. It is based on a Bayesian filter.")
(define-public offlineimap
(package
(name "offlineimap")
(version "7.1.0")
(version "7.1.1")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/OfflineIMAP/offlineimap/"
@ -429,7 +429,7 @@ and corrections. It is based on a Bayesian filter.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1r0sbgwyirpbks82ri9g88raf3mp8shq9rg0r92gkr7h6888v6fw"))))
"00xpxh0pxcvv3mjgb3vq3x51v498dhqcaixyb3a4srmfgskzh956"))))
(build-system python-build-system)
(native-inputs
`(("asciidoc" ,asciidoc)))

View File

@ -490,6 +490,8 @@ was initially a fork of xmpppy, but uses non-blocking sockets.")
(uri (string-append "https://gajim.org/downloads/"
(version-major+minor version)
"/gajim-" version ".tar.bz2"))
(patches
(search-patches "gajim-CVE-2016-10376.patch"))
(sha256
(base32
"13sxz0hpvyj2yvcbsfqq9yn0hp1d1zsxsj40r0v16jlibha5da9n"))))

View File

@ -45,7 +45,7 @@
(define-public parallel
(package
(name "parallel")
(version "20170422")
(version "20170522")
(source
(origin
(method url-fetch)
@ -53,7 +53,7 @@
version ".tar.bz2"))
(sha256
(base32
"0afk1q8mqzz02h6imyykgi9gwk5gj08hzs6lwgd65ilj4slkh93s"))))
"1k5wlcc0dr2fxna0vi48s0l6pvbyl4pbclbih4103f1155im23ca"))))
(build-system gnu-build-system)
(arguments
`(#:phases

View File

@ -0,0 +1,57 @@
Fix CVE-2016-10376.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376
http://seclists.org/oss-sec/2017/q2/341
https://dev.gajim.org/gajim/gajim/issues/8378
Patch copied from upstream source repository:
https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
(adapted for context in config.py)
From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001
From: Philipp Hörist <forenjunkie@chello.at>
Date: Fri, 26 May 2017 23:10:05 +0200
Subject: [PATCH] Add config option to activate XEP-0146 commands
Some of the Commands have security implications, thats why we disable them per default
Fixes #8378
---
src/common/commands.py | 7 ++++---
src/common/config.py | 1 +
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/common/commands.py b/src/common/commands.py
index 19d8c13..0eeb57c 100644
--- a/src/common/commands.py
+++ b/src/common/commands.py
@@ -345,9 +345,10 @@ class ConnectionCommands:
def __init__(self):
# a list of all commands exposed: node -> command class
self.__commands = {}
- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
- self.__commands[cmdobj.commandnode] = cmdobj
+ if gajim.config.get('remote_commands'):
+ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
+ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
+ self.__commands[cmdobj.commandnode] = cmdobj
# a list of sessions; keys are tuples (jid, sessionid, node)
self.__sessions = {}
diff --git a/src/common/config.py b/src/common/config.py
index cde1f81..fe25455 100644
--- a/src/common/config.py
+++ b/src/common/config.py
@@ -314,6 +314,7 @@ class Config:
'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')],
'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')],
'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')],
+ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')],
}, {})
__options_per_key = {
--
libgit2 0.24.0

View File

@ -1,25 +0,0 @@
From 1ce331d5548b98ed8b818532b2556d6f2c7a3b83 Mon Sep 17 00:00:00 2001
From: Martin Hosken <martin_hosken@sil.org>
Date: Thu, 9 Mar 2017 22:04:04 +0000
Subject: [PATCH] Ensure features have enough space. Fix from Mozilla
---
src/FeatureMap.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/FeatureMap.cpp b/src/FeatureMap.cpp
index b8c8405..83bd5f6 100644
--- a/src/FeatureMap.cpp
+++ b/src/FeatureMap.cpp
@@ -275,7 +275,7 @@ bool FeatureRef::applyValToFeature(uint32 val, Features & pDest) const
else
if (pDest.m_pMap!=&m_pFace->theSill().theFeatureMap())
return false; //incompatible
- pDest.reserve(m_index);
+ pDest.reserve(m_index+1);
pDest[m_index] &= ~m_mask;
pDest[m_index] |= (uint32(val) << m_bits);
return true;
--
2.12.2

View File

@ -1,50 +0,0 @@
From 348c11e4571b534efdbd58a575bbea979c880b2f Mon Sep 17 00:00:00 2001
From: Tim Eves <tim_eves@sil.org>
Date: Wed, 1 Mar 2017 14:23:46 +0700
Subject: [PATCH] Fix decoding of USV greater than U+110000
Add test cases too
---
src/inc/UtfCodec.h | 4 ++--
tests/utftest/utftest.cpp | 3 +++
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/inc/UtfCodec.h b/src/inc/UtfCodec.h
index 3417bac..9dc760f 100644
--- a/src/inc/UtfCodec.h
+++ b/src/inc/UtfCodec.h
@@ -124,7 +124,7 @@ struct _utf_codec<8>
private:
static const int8 sz_lut[16];
static const byte mask_lut[5];
-
+ static const uchar_t limit = 0x110000;
public:
typedef uint8 codeunit_t;
@@ -157,7 +157,7 @@ public:
case 0: l = -1; return 0xFFFD;
}
- if (l != seq_sz || toolong)
+ if (l != seq_sz || toolong || u >= limit)
{
l = -l;
return 0xFFFD;
diff --git a/tests/utftest/utftest.cpp b/tests/utftest/utftest.cpp
index 21cb188..a23553a 100644
--- a/tests/utftest/utftest.cpp
+++ b/tests/utftest/utftest.cpp
@@ -8,6 +8,9 @@ struct test8
unsigned char str[12];
};
struct test8 tests8[] = {
+ { 0, 0, {0xF4, 0x90, 0x80, 0x80, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000]
+ { 0, 0, {0xC0, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000]
+ { 0, 0, {0xA0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000]
{ 4, -1, {0x7F, 0xDF, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0, 0} }, // U+7F, U+7FF, U+FFFF, U+10FFF
{ 2, 3, {0x7F, 0xDF, 0xBF, 0xF0, 0x8F, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, U+7FF, long(U+FFFF), U+10FFF
{ 1, 1, {0x7F, 0xE0, 0x9F, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, long(U+7FF), U+FFFF, U+10FFF
--
2.12.2

View File

@ -1,93 +0,0 @@
This patch incorporates the following 6 consecutive commits from the upstream
graphite2 repository:
75b83cd..: Martin Hosken 2017-03-28 Fix 32-bit wrap arounds
1f97e36..: Martin Hosken 2017-03-28 balance comparisons in decompressor
9493785..: Martin Hosken 2017-03-29 Speculative rounding fix
09af043..: Tim Eves 2017-03-31 Move a MINMATCH to rhs of a comparisio
28cc60d..: Tim Eves 2017-03-31 Deal with similar wrap around in literal_len
8afc7d0..: Martin Hosken 2017-04-03 Fix 32-bit rollover in decompressor, again
This diff was generated by the following command:
git diff 1ce331d5548b98ed..8afc7d0081959866
diff --git a/src/Decompressor.cpp b/src/Decompressor.cpp
index 084570f..56d531f 100644
--- a/src/Decompressor.cpp
+++ b/src/Decompressor.cpp
@@ -51,7 +51,7 @@ bool read_sequence(u8 const * &src, u8 const * const end, u8 const * &literal, u
literal = src;
src += literal_len;
- if (src > end - 2)
+ if (src > end - 2 || src < literal)
return false;
match_dist = *src++;
@@ -85,7 +85,7 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
{
// Copy in literal. At this point the last full sequence must be at
// least MINMATCH + 5 from the end of the output buffer.
- if (dst + align(literal_len) > dst_end - (MINMATCH+5))
+ if (align(literal_len) > unsigned(dst_end - dst - (MINMATCH+5)) || dst_end - dst < MINMATCH + 5)
return -1;
dst = overrun_copy(dst, literal, literal_len);
}
@@ -94,7 +94,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
// decoded output.
u8 const * const pcpy = dst - match_dist;
if (pcpy < static_cast<u8*>(out)
- || dst + match_len + MINMATCH > dst_end - 5)
+ || match_len > unsigned(dst_end - dst - (MINMATCH+5))
+ || dst_end - dst < MINMATCH + 5)
return -1;
if (dst > pcpy+sizeof(unsigned long)
&& dst + align(match_len + MINMATCH) <= dst_end)
@@ -103,8 +104,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
dst = safe_copy(dst, pcpy, match_len + MINMATCH);
}
- if (literal + literal_len > src_end
- || dst + literal_len > dst_end)
+ if (literal_len > src_end - literal
+ || literal_len > dst_end - dst)
return -1;
dst = fast_copy(dst, literal, literal_len);
diff --git a/src/Pass.cpp b/src/Pass.cpp
index a4bac2e..683143c 100644
--- a/src/Pass.cpp
+++ b/src/Pass.cpp
@@ -171,7 +171,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su
const uint16 * const o_actions = reinterpret_cast<const uint16 *>(p);
be::skip<uint16>(p, m_numRules + 1);
const byte * const states = p;
- if (e.test(p + 2u*m_numTransition*m_numColumns >= pass_end, E_BADPASSLENGTH)) return face.error(e);
+ if (e.test(2u*m_numTransition*m_numColumns >= (unsigned)(pass_end - p), E_BADPASSLENGTH)) return face.error(e);
be::skip<int16>(p, m_numTransition*m_numColumns);
be::skip<uint8>(p);
if (e.test(p != pcCode, E_BADPASSCCODEPTR)) return face.error(e);
@@ -192,7 +192,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su
m_cPConstraint = vm::Machine::Code(true, pcCode, pcCode + pass_constraint_len,
precontext[0], be::peek<uint16>(sort_keys), *m_silf, face, PASS_TYPE_UNKNOWN);
if (e.test(!m_cPConstraint, E_OUTOFMEM)
- || e.test(!m_cPConstraint, m_cPConstraint.status() + E_CODEFAILURE))
+ || e.test(m_cPConstraint.status() != Code::loaded, m_cPConstraint.status() + E_CODEFAILURE))
return face.error(e);
face.error_context(face.error_context() - 1);
}
diff --git a/src/Silf.cpp b/src/Silf.cpp
index 72a22cd..d661992 100644
--- a/src/Silf.cpp
+++ b/src/Silf.cpp
@@ -191,7 +191,7 @@ bool Silf::readGraphite(const byte * const silf_start, size_t lSilf, Face& face,
const size_t clen = readClassMap(p, passes_start - p, version, e);
m_passes = new Pass[m_numPasses];
- if (e || e.test(p + clen > passes_start, E_BADPASSESSTART)
+ if (e || e.test(clen > unsigned(passes_start - p), E_BADPASSESSTART)
|| e.test(!m_passes, E_OUTOFMEM))
{ releaseBuffers(); return face.error(e); }

View File

@ -1,26 +0,0 @@
From 0646e4ee471183994f78a759269f0505617711f3 Mon Sep 17 00:00:00 2001
From: Martin Hosken <martin_hosken@sil.org>
Date: Tue, 18 Apr 2017 13:17:14 +0100
Subject: [PATCH] Ensure non linear classes have even number of elements
---
src/Silf.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/Silf.cpp b/src/Silf.cpp
index d661992..9f2f954 100644
--- a/src/Silf.cpp
+++ b/src/Silf.cpp
@@ -293,7 +293,8 @@ size_t Silf::readClassMap(const byte *p, size_t data_len, uint32 version, Error
if (e.test(*o + 4 > max_off, E_HIGHCLASSOFFSET) // LookupClass doesn't stretch over max_off
|| e.test(lookup[0] == 0 // A LookupClass with no looks is a suspicious thing ...
|| lookup[0] * 2 + *o + 4 > max_off // numIDs lookup pairs fits within (start of LookupClass' lookups array, max_off]
- || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO)) // rangeShift: numIDs - searchRange
+ || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO) // rangeShift: numIDs - searchRange
+ || e.test(((o[1] - *o) & 1) != 0, ERROROFFSET)) // glyphs are in pairs so difference must be even.
return ERROROFFSET;
}
--
2.12.2

View File

@ -1,113 +0,0 @@
Fixes CVE-2017-7593 (Potential uninitialized-memory access from tif_rawdata):
http://bugzilla.maptools.org/show_bug.cgi?id=2651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7593
https://security-tracker.debian.org/tracker/CVE-2017-7593
2017-01-11 Even Rouault <even.rouault at spatialys.com>
* libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add
_TIFFcalloc()
* libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
initialize tif_rawdata.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
new revision: 1.1208; previous revision: 1.1207
/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c
new revision: 1.53; previous revision: 1.52
/cvs/maptools/cvsroot/libtiff/libtiff/tif_unix.c,v <-- libtiff/tif_unix.c
new revision: 1.28; previous revision: 1.27
/cvs/maptools/cvsroot/libtiff/libtiff/tif_vms.c,v <-- libtiff/tif_vms.c
new revision: 1.14; previous revision: 1.13
/cvs/maptools/cvsroot/libtiff/libtiff/tif_win32.c,v <-- libtiff/tif_win32.c
new revision: 1.42; previous revision: 1.41
/cvs/maptools/cvsroot/libtiff/libtiff/tiffio.h,v <-- libtiff/tiffio.h
new revision: 1.94; previous revision: 1.93
diff -ru tiff-4.0.7/libtiff/tiffio.h tiff-4.0.7.new/libtiff/tiffio.h
--- tiff-4.0.7/libtiff/tiffio.h 1969-12-31 19:00:00.000000000 -0500
+++ tiff-4.0.7.new/libtiff/tiffio.h 2017-05-05 19:08:03.772999790 -0400
@@ -1,4 +1,4 @@
-/* $Id: tiffio.h,v 1.92 2016-01-23 21:20:34 erouault Exp $ */
+/* $Id: tiffio.h,v 1.94 2017-01-11 19:02:49 erouault Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -293,6 +293,7 @@
*/
extern void* _TIFFmalloc(tmsize_t s);
+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
extern void* _TIFFrealloc(void* p, tmsize_t s);
extern void _TIFFmemset(void* p, int v, tmsize_t c);
extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
diff -ru tiff-4.0.7/libtiff/tif_read.c tiff-4.0.7.new/libtiff/tif_read.c
--- tiff-4.0.7/libtiff/tif_read.c 2017-05-05 19:04:09.740966642 -0400
+++ tiff-4.0.7.new/libtiff/tif_read.c 2017-05-05 18:59:11.070709441 -0400
@@ -1,4 +1,4 @@
-/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */
+/* $Id: tif_read.c,v 1.53 2017-01-11 19:02:49 erouault Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -976,7 +976,9 @@
"Invalid buffer size");
return (0);
}
- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
+ /* Initialize to zero to avoid uninitialized buffers in case of */
+ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
+ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
tif->tif_flags |= TIFF_MYBUFFER;
}
if (tif->tif_rawdata == NULL) {
diff -ru tiff-4.0.7/libtiff/tif_unix.c tiff-4.0.7.new/libtiff/tif_unix.c
--- tiff-4.0.7/libtiff/tif_unix.c 1969-12-31 19:00:00.000000000 -0500
+++ tiff-4.0.7.new/libtiff/tif_unix.c 2017-05-05 19:10:48.302645187 -0400
@@ -1,4 +1,4 @@
-/* $Id: tif_unix.c,v 1.27 2015-08-19 02:31:04 bfriesen Exp $ */
+/* $Id: tif_unix.c,v 1.28 2017-01-11 19:02:49 erouault Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -316,6 +316,14 @@
return (malloc((size_t) s));
}
+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
+{
+ if( nmemb == 0 || siz == 0 )
+ return ((void *) NULL);
+
+ return calloc((size_t) nmemb, (size_t)siz);
+}
+
void
_TIFFfree(void* p)
{
diff -ru tiff-4.0.7/libtiff/tif_win32.c tiff-4.0.7.new/libtiff/tif_win32.c
--- tiff-4.0.7/libtiff/tif_win32.c 1969-12-31 19:00:00.000000000 -0500
+++ tiff-4.0.7.new/libtiff/tif_win32.c 2017-05-05 19:13:06.903399627 -0400
@@ -1,4 +1,4 @@
-/* $Id: tif_win32.c,v 1.41 2015-08-23 20:12:44 bfriesen Exp $ */
+/* $Id: tif_win32.c,v 1.42 2017-01-11 19:02:49 erouault Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -360,6 +360,14 @@
return (malloc((size_t) s));
}
+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
+{
+ if( nmemb == 0 || siz == 0 )
+ return ((void *) NULL);
+
+ return calloc((size_t) nmemb, (size_t)siz);
+}
+
void
_TIFFfree(void* p)
{

View File

@ -1,54 +0,0 @@
Fixes CVE-2017-7594 (Direct leak in tif_ojpeg.c):
http://bugzilla.maptools.org/show_bug.cgi?id=2659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7594
https://security-tracker.debian.org/tracker/CVE-2017-7594
2017-01-12 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
when read fails.
Patch by Nicolás Peña.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
new revision: 1.1212; previous revision: 1.1211
/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v <-- libtiff/tif_ojpeg.c
new revision: 1.67; previous revision: 1.66
Index: libtiff/libtiff/tif_ojpeg.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- libtiff/libtiff/tif_ojpeg.c 12 Jan 2017 17:43:26 -0000 1.67
+++ libtiff/libtiff/tif_ojpeg.c 12 Jan 2017 19:23:20 -0000 1.68
@@ -1,4 +1,4 @@
-/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */
+/* $Id: tif_ojpeg.c,v 1.68 2017-01-12 19:23:20 erouault Exp $ */
/* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0
specification is now totally obsolete and deprecated for new applications and
@@ -1790,7 +1790,10 @@
TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET);
p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
if (p!=64)
+ {
+ _TIFFfree(ob);
return(0);
+ }
sp->qtable[m]=ob;
sp->sof_tq[m]=m;
}
@@ -1854,7 +1857,10 @@
rb[sizeof(uint32)+5+n]=o[n];
p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
if (p!=q)
+ {
+ _TIFFfree(rb);
return(0);
+ }
sp->dctable[m]=rb;
sp->sos_tda[m]=(m<<4);
}

View File

@ -1,449 +0,0 @@
Fixes CVE-2017-{7595,7596,7597,7598,7599,7600,7601,7602}:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7602
2017-01-11 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various
clampings
of double to other data types to avoid undefined behaviour if the
output range
isn't big enough to hold the input value.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643
http://bugzilla.maptools.org/show_bug.cgi?id=2642
http://bugzilla.maptools.org/show_bug.cgi?id=2646
http://bugzilla.maptools.org/show_bug.cgi?id=2647
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
new revision: 1.1204; previous revision: 1.1203
/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v <-- libtiff/tif_dir.c
new revision: 1.129; previous revision: 1.128
/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c
new revision: 1.207; previous revision: 1.206
/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v <-- libtiff/tif_dirwrite.c
new revision: 1.85; previous revision: 1.84
2017-01-11 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_dirread.c: avoid division by floating point 0 in
TIFFReadDirEntryCheckedRational() and
TIFFReadDirEntryCheckedSrational(),
and return 0 in that case (instead of infinity as before presumably)
Apparently some sanitizers do not like those divisions by zero.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
new revision: 1.1203; previous revision: 1.1202
/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c
new revision: 1.206; previous revision: 1.205
2017-01-11 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to
avoid undefined behaviour caused by invalid shift exponent.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
new revision: 1.1205; previous revision: 1.1204
/cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v <-- libtiff/tif_jpeg.c
new revision: 1.126; previous revision: 1.125
2017-01-11 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_read.c: avoid potential undefined behaviour on signed
integer addition in TIFFReadRawStrip1() in isMapped() case.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
new revision: 1.1206; previous revision: 1.1205
/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c
new revision: 1.51; previous revision: 1.50
Index: libtiff/libtiff/tif_dir.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v
retrieving revision 1.128
retrieving revision 1.129
diff -u -r1.128 -r1.129
--- libtiff/libtiff/tif_dir.c 3 Dec 2016 15:30:31 -0000 1.128
+++ libtiff/libtiff/tif_dir.c 11 Jan 2017 16:09:02 -0000 1.129
@@ -1,4 +1,4 @@
-/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */
+/* $Id: tif_dir.c,v 1.129 2017-01-11 16:09:02 erouault Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -31,6 +31,7 @@
* (and also some miscellaneous stuff)
*/
#include "tiffiop.h"
+#include <float.h>
/*
* These are used in the backwards compatibility code...
@@ -154,6 +155,15 @@
return (0);
}
+static float TIFFClampDoubleToFloat( double val )
+{
+ if( val > FLT_MAX )
+ return FLT_MAX;
+ if( val < -FLT_MAX )
+ return -FLT_MAX;
+ return (float)val;
+}
+
static int
_TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
{
@@ -312,13 +322,13 @@
dblval = va_arg(ap, double);
if( dblval < 0 )
goto badvaluedouble;
- td->td_xresolution = (float) dblval;
+ td->td_xresolution = TIFFClampDoubleToFloat( dblval );
break;
case TIFFTAG_YRESOLUTION:
dblval = va_arg(ap, double);
if( dblval < 0 )
goto badvaluedouble;
- td->td_yresolution = (float) dblval;
+ td->td_yresolution = TIFFClampDoubleToFloat( dblval );
break;
case TIFFTAG_PLANARCONFIG:
v = (uint16) va_arg(ap, uint16_vap);
@@ -327,10 +337,10 @@
td->td_planarconfig = (uint16) v;
break;
case TIFFTAG_XPOSITION:
- td->td_xposition = (float) va_arg(ap, double);
+ td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
break;
case TIFFTAG_YPOSITION:
- td->td_yposition = (float) va_arg(ap, double);
+ td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
break;
case TIFFTAG_RESOLUTIONUNIT:
v = (uint16) va_arg(ap, uint16_vap);
Index: libtiff/libtiff/tif_dirread.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
retrieving revision 1.206
retrieving revision 1.207
diff -u -r1.206 -r1.207
--- libtiff/libtiff/tif_dirread.c 11 Jan 2017 13:28:01 -0000 1.206
+++ libtiff/libtiff/tif_dirread.c 11 Jan 2017 16:09:02 -0000 1.207
@@ -1,4 +1,4 @@
-/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */
+/* $Id: tif_dirread.c,v 1.207 2017-01-11 16:09:02 erouault Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -40,6 +40,7 @@
*/
#include "tiffiop.h"
+#include <float.h>
#define IGNORE 0 /* tag placeholder used below */
#define FAILED_FII ((uint32) -1)
@@ -2406,7 +2407,14 @@
ma=(double*)origdata;
mb=data;
for (n=0; n<count; n++)
- *mb++=(float)(*ma++);
+ {
+ double val = *ma++;
+ if( val > FLT_MAX )
+ val = FLT_MAX;
+ else if( val < -FLT_MAX )
+ val = -FLT_MAX;
+ *mb++=(float)val;
+ }
}
break;
}
Index: libtiff/libtiff/tif_dirwrite.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 12:51:59 -0000 1.84
+++ libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 16:09:02 -0000 1.85
@@ -1,4 +1,4 @@
-/* $Id: tif_dirwrite.c,v 1.83 2016-10-25 21:35:15 erouault Exp $ */
+/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -30,6 +30,7 @@
* Directory Write Support Routines.
*/
#include "tiffiop.h"
+#include <float.h>
#ifdef HAVE_IEEEFP
#define TIFFCvtNativeToIEEEFloat(tif, n, fp)
@@ -939,6 +940,69 @@
return(0);
}
+static float TIFFClampDoubleToFloat( double val )
+{
+ if( val > FLT_MAX )
+ return FLT_MAX;
+ if( val < -FLT_MAX )
+ return -FLT_MAX;
+ return (float)val;
+}
+
+static int8 TIFFClampDoubleToInt8( double val )
+{
+ if( val > 127 )
+ return 127;
+ if( val < -128 || val != val )
+ return -128;
+ return (int8)val;
+}
+
+static int16 TIFFClampDoubleToInt16( double val )
+{
+ if( val > 32767 )
+ return 32767;
+ if( val < -32768 || val != val )
+ return -32768;
+ return (int16)val;
+}
+
+static int32 TIFFClampDoubleToInt32( double val )
+{
+ if( val > 0x7FFFFFFF )
+ return 0x7FFFFFFF;
+ if( val < -0x7FFFFFFF-1 || val != val )
+ return -0x7FFFFFFF-1;
+ return (int32)val;
+}
+
+static uint8 TIFFClampDoubleToUInt8( double val )
+{
+ if( val < 0 )
+ return 0;
+ if( val > 255 || val != val )
+ return 255;
+ return (uint8)val;
+}
+
+static uint16 TIFFClampDoubleToUInt16( double val )
+{
+ if( val < 0 )
+ return 0;
+ if( val > 65535 || val != val )
+ return 65535;
+ return (uint16)val;
+}
+
+static uint32 TIFFClampDoubleToUInt32( double val )
+{
+ if( val < 0 )
+ return 0;
+ if( val > 0xFFFFFFFFU || val != val )
+ return 0xFFFFFFFFU;
+ return (uint32)val;
+}
+
static int
TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, double* value)
{
@@ -959,7 +1023,7 @@
if (tif->tif_dir.td_bitspersample<=32)
{
for (i = 0; i < count; ++i)
- ((float*)conv)[i] = (float)value[i];
+ ((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]);
ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv);
}
else
@@ -971,19 +1035,19 @@
if (tif->tif_dir.td_bitspersample<=8)
{
for (i = 0; i < count; ++i)
- ((int8*)conv)[i] = (int8)value[i];
+ ((int8*)conv)[i] = TIFFClampDoubleToInt8(value[i]);
ok = TIFFWriteDirectoryTagSbyteArray(tif,ndir,dir,tag,count,(int8*)conv);
}
else if (tif->tif_dir.td_bitspersample<=16)
{
for (i = 0; i < count; ++i)
- ((int16*)conv)[i] = (int16)value[i];
+ ((int16*)conv)[i] = TIFFClampDoubleToInt16(value[i]);
ok = TIFFWriteDirectoryTagSshortArray(tif,ndir,dir,tag,count,(int16*)conv);
}
else
{
for (i = 0; i < count; ++i)
- ((int32*)conv)[i] = (int32)value[i];
+ ((int32*)conv)[i] = TIFFClampDoubleToInt32(value[i]);
ok = TIFFWriteDirectoryTagSlongArray(tif,ndir,dir,tag,count,(int32*)conv);
}
break;
@@ -991,19 +1055,19 @@
if (tif->tif_dir.td_bitspersample<=8)
{
for (i = 0; i < count; ++i)
- ((uint8*)conv)[i] = (uint8)value[i];
+ ((uint8*)conv)[i] = TIFFClampDoubleToUInt8(value[i]);
ok = TIFFWriteDirectoryTagByteArray(tif,ndir,dir,tag,count,(uint8*)conv);
}
else if (tif->tif_dir.td_bitspersample<=16)
{
for (i = 0; i < count; ++i)
- ((uint16*)conv)[i] = (uint16)value[i];
+ ((uint16*)conv)[i] = TIFFClampDoubleToUInt16(value[i]);
ok = TIFFWriteDirectoryTagShortArray(tif,ndir,dir,tag,count,(uint16*)conv);
}
else
{
for (i = 0; i < count; ++i)
- ((uint32*)conv)[i] = (uint32)value[i];
+ ((uint32*)conv)[i] = TIFFClampDoubleToUInt32(value[i]);
ok = TIFFWriteDirectoryTagLongArray(tif,ndir,dir,tag,count,(uint32*)conv);
}
break;
@@ -2102,7 +2102,7 @@
m[0]=0;
m[1]=1;
}
- else if (value==(double)(uint32)value)
+ else if (value <= 0xFFFFFFFFU && value==(double)(uint32)value)
{
m[0]=(uint32)value;
m[1]=1;
@@ -2148,12 +2217,13 @@
}
for (na=value, nb=m, nc=0; nc<count; na++, nb+=2, nc++)
{
- if (*na<=0.0)
+ if (*na<=0.0 || *na != *na)
{
nb[0]=0;
nb[1]=1;
}
- else if (*na==(float)(uint32)(*na))
+ else if (*na >= 0 && *na <= (float)0xFFFFFFFFU &&
+ *na==(float)(uint32)(*na))
{
nb[0]=(uint32)(*na);
nb[1]=1;
Index: libtiff/libtiff/tif_dirread.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
retrieving revision 1.205
retrieving revision 1.206
diff -u -r1.205 -r1.206
--- libtiff/libtiff/tif_dirread.c 3 Dec 2016 11:02:15 -0000 1.205
+++ libtiff/libtiff/tif_dirread.c 11 Jan 2017 13:28:01 -0000 1.206
@@ -2872,7 +2872,10 @@
m.l = direntry->tdir_offset.toff_long8;
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabArrayOfLong(m.i,2);
- if (m.i[0]==0)
+ /* Not completely sure what we should do when m.i[1]==0, but some */
+ /* sanitizers do not like division by 0.0: */
+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
+ if (m.i[0]==0 || m.i[1]==0)
*value=0.0;
else
*value=(double)m.i[0]/(double)m.i[1];
@@ -2900,7 +2903,10 @@
m.l=direntry->tdir_offset.toff_long8;
if (tif->tif_flags&TIFF_SWAB)
TIFFSwabArrayOfLong(m.i,2);
- if ((int32)m.i[0]==0)
+ /* Not completely sure what we should do when m.i[1]==0, but some */
+ /* sanitizers do not like division by 0.0: */
+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
+ if ((int32)m.i[0]==0 || m.i[1]==0)
*value=0.0;
else
*value=(double)((int32)m.i[0])/(double)m.i[1];
Index: libtiff/libtiff/tif_jpeg.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v
retrieving revision 1.125
retrieving revision 1.126
diff -u -r1.125 -r1.126
--- libtiff/libtiff/tif_jpeg.c 11 Jan 2017 12:15:01 -0000 1.125
+++ libtiff/libtiff/tif_jpeg.c 11 Jan 2017 16:13:50 -0000 1.126
@@ -1,4 +1,4 @@
-/* $Id: tif_jpeg.c,v 1.123 2016-01-23 21:20:34 erouault Exp $ */
+/* $Id: tif_jpeg.c,v 1.126 2017-01-11 16:13:50 erouault Exp $ */
/*
* Copyright (c) 1994-1997 Sam Leffler
@@ -1632,6 +1632,13 @@
"Invalig horizontal/vertical sampling value");
return (0);
}
+ if( td->td_bitspersample > 16 )
+ {
+ TIFFErrorExt(tif->tif_clientdata, module,
+ "BitsPerSample %d not allowed for JPEG",
+ td->td_bitspersample);
+ return (0);
+ }
/*
* A ReferenceBlackWhite field *must* be present since the
Index: libtiff/libtiff/tif_read.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- libtiff/libtiff/tif_read.c 2 Dec 2016 21:56:56 -0000 1.50
+++ libtiff/libtiff/tif_read.c 11 Jan 2017 16:33:34 -0000 1.51
@@ -420,16 +420,25 @@
return ((tmsize_t)(-1));
}
} else {
- tmsize_t ma,mb;
+ tmsize_t ma;
tmsize_t n;
- ma=(tmsize_t)td->td_stripoffset[strip];
- mb=ma+size;
- if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
- n=0;
- else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
- n=tif->tif_size-ma;
- else
- n=size;
+ if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
+ ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
+ {
+ n=0;
+ }
+ else if( ma > TIFF_TMSIZE_T_MAX - size )
+ {
+ n=0;
+ }
+ else
+ {
+ tmsize_t mb=ma+size;
+ if (mb>tif->tif_size)
+ n=tif->tif_size-ma;
+ else
+ n=size;
+ }
if (n!=size) {
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
TIFFErrorExt(tif->tif_clientdata, module,

View File

@ -0,0 +1,151 @@
From 86b98a11559da7d1b21dc9b4c6b10511b9095bc4 Mon Sep 17 00:00:00 2001
From: Simon Cross <hodgestar@gmail.com>
Date: Sun, 16 Feb 2014 18:46:15 +0000
Subject: [PATCH 05/16] Add support for Python 3.4 AST (support for
NameConstants and changes to existing to arguments node attributes).
---
genshi/template/astutil.py | 31 ++++++++++++++++++++++++++++---
genshi/template/eval.py | 34 +++++++++++++++++++---------------
2 files changed, 47 insertions(+), 18 deletions(-)
diff --git a/genshi/template/astutil.py b/genshi/template/astutil.py
index a4c21c8..a3946b4 100644
--- a/genshi/template/astutil.py
+++ b/genshi/template/astutil.py
@@ -21,7 +21,7 @@ else:
def parse(source, mode):
return compile(source, '', mode, _ast.PyCF_ONLY_AST)
-from genshi.compat import IS_PYTHON2
+from genshi.compat import IS_PYTHON2, isstring
__docformat__ = 'restructuredtext en'
@@ -103,8 +103,13 @@ class ASTCodeGenerator(object):
self._new_line()
return self.visit(node.body)
+ # Python < 3.4
# arguments = (expr* args, identifier? vararg,
# identifier? kwarg, expr* defaults)
+ #
+ # Python >= 3.4
+ # arguments = (arg* args, arg? vararg, arg* kwonlyargs, expr* kw_defaults,
+ # arg? kwarg, expr* defaults)
def visit_arguments(self, node):
first = True
no_default_count = len(node.args) - len(node.defaults)
@@ -122,13 +127,21 @@ class ASTCodeGenerator(object):
self._write(', ')
else:
first = False
- self._write('*' + node.vararg)
+ self._write('*')
+ if isstring(node.vararg):
+ self._write(node.vararg)
+ else:
+ self.visit(node.vararg)
if getattr(node, 'kwarg', None):
if not first:
self._write(', ')
else:
first = False
- self._write('**' + node.kwarg)
+ self._write('**')
+ if isstring(node.kwarg):
+ self._write(node.kwarg)
+ else:
+ self.visit(node.kwarg)
if not IS_PYTHON2:
# In Python 3 arguments get a special node
@@ -724,6 +737,17 @@ class ASTCodeGenerator(object):
def visit_Name(self, node):
self._write(node.id)
+ # NameConstant(singleton value)
+ def visit_NameConstant(self, node):
+ if node.value is None:
+ self._write('None')
+ elif node.value is True:
+ self._write('True')
+ elif node.value is False:
+ self._write('False')
+ else:
+ raise Exception("Unknown NameConstant %r" % (node.value,))
+
# List(expr* elts, expr_context ctx)
def visit_List(self, node):
self._write('[')
@@ -829,6 +853,7 @@ class ASTTransformer(object):
visit_Attribute = _clone
visit_Subscript = _clone
visit_Name = _clone
+ visit_NameConstant = _clone
visit_List = _clone
visit_Tuple = _clone
diff --git a/genshi/template/eval.py b/genshi/template/eval.py
index 89aec49..de4bc86 100644
--- a/genshi/template/eval.py
+++ b/genshi/template/eval.py
@@ -24,7 +24,8 @@ from genshi.template.astutil import ASTTransformer, ASTCodeGenerator, \
from genshi.template.base import TemplateRuntimeError
from genshi.util import flatten
-from genshi.compat import get_code_params, build_code_chunk, IS_PYTHON2
+from genshi.compat import get_code_params, build_code_chunk, isstring, \
+ IS_PYTHON2
__all__ = ['Code', 'Expression', 'Suite', 'LenientLookup', 'StrictLookup',
'Undefined', 'UndefinedError']
@@ -495,28 +496,31 @@ class TemplateASTTransformer(ASTTransformer):
def __init__(self):
self.locals = [CONSTANTS]
+ def _process(self, names, node):
+ if not IS_PYTHON2 and isinstance(node, _ast.arg):
+ names.add(node.arg)
+ elif isstring(node):
+ names.add(node)
+ elif isinstance(node, _ast.Name):
+ names.add(node.id)
+ elif isinstance(node, _ast.alias):
+ names.add(node.asname or node.name)
+ elif isinstance(node, _ast.Tuple):
+ for elt in node.elts:
+ self._process(names, elt)
+
def _extract_names(self, node):
names = set()
- def _process(node):
- if not IS_PYTHON2 and isinstance(node, _ast.arg):
- names.add(node.arg)
- if isinstance(node, _ast.Name):
- names.add(node.id)
- elif isinstance(node, _ast.alias):
- names.add(node.asname or node.name)
- elif isinstance(node, _ast.Tuple):
- for elt in node.elts:
- _process(elt)
if hasattr(node, 'args'):
for arg in node.args:
- _process(arg)
+ self._process(names, arg)
if hasattr(node, 'vararg'):
- names.add(node.vararg)
+ self._process(names, node.vararg)
if hasattr(node, 'kwarg'):
- names.add(node.kwarg)
+ self._process(names, node.kwarg)
elif hasattr(node, 'names'):
for elt in node.names:
- _process(elt)
+ self._process(names, elt)
return names
def visit_Str(self, node):
--
2.12.0

View File

@ -0,0 +1,25 @@
From 32bfaa7cc1c736fd62fcbb6414de9498dc20ed07 Mon Sep 17 00:00:00 2001
From: Adriano Peluso <catonano@gmail.com>
Date: Wed, 5 Apr 2017 15:13:06 +0200
Subject: [PATCH 2/2] buildable on python27 too
---
genshi/template/directives.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/genshi/template/directives.py b/genshi/template/directives.py
index 6fd0f28..1f70ef6 100644
--- a/genshi/template/directives.py
+++ b/genshi/template/directives.py
@@ -266,7 +266,7 @@ class DefDirective(Directive):
if isinstance(ast, _ast.Call):
self.name = ast.func.id
for arg in ast.args:
- if isinstance(arg, _ast.Starred):
+ if hasattr(_ast, 'Starred') and isinstance(arg, _ast.Starred):
# Python 3.5+
self.star_args = arg.value.id
else:
--
2.12.0

View File

@ -0,0 +1,32 @@
From cef2c8df44166195e1705638f9f17033a4943bb7 Mon Sep 17 00:00:00 2001
From: Simon Cross <hodgestar@gmail.com>
Date: Sun, 16 Feb 2014 18:32:21 +0000
Subject: [PATCH 02/15] Disable the speedups C extension on CPython >= 3.3
since Genshi doesn't support the new Unicode C API yet.
---
setup.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index 123a2cb..a3d748c 100755
--- a/setup.py
+++ b/setup.py
@@ -65,9 +65,13 @@ available.""")
if Feature:
+ # Optional C extension module for speeding up Genshi:
+ # Not activated by default on:
+ # - PyPy (where it harms performance)
+ # - CPython >= 3.3 (the new Unicode C API is not supported yet)
speedups = Feature(
"optional C speed-enhancements",
- standard = not is_pypy,
+ standard = not is_pypy and sys.version_info < (3, 3),
ext_modules = [
Extension('genshi._speedups', ['genshi/_speedups.c']),
],
--
2.12.0

View File

@ -0,0 +1,112 @@
From ce796ad4bae5c47011876778674ad036357febdf Mon Sep 17 00:00:00 2001
From: Adriano Peluso <catonano@gmail.com>
Date: Wed, 5 Apr 2017 15:10:06 +0200
Subject: [PATCH 1/2] fixing the tests on python35
---
genshi/filters/i18n.py | 6 ++++--
genshi/template/astutil.py | 14 +++++++++++---
genshi/template/directives.py | 20 ++++++++++++++------
genshi/template/eval.py | 5 +++++
4 files changed, 34 insertions(+), 11 deletions(-)
diff --git a/genshi/filters/i18n.py b/genshi/filters/i18n.py
index 526fda4..5387fcf 100644
--- a/genshi/filters/i18n.py
+++ b/genshi/filters/i18n.py
@@ -1194,8 +1194,10 @@ def extract_from_code(code, gettext_functions):
elif arg:
strings.append(None)
[_add(arg) for arg in node.args]
- _add(node.starargs)
- _add(node.kwargs)
+ if hasattr(node, 'starargs'):
+ _add(node.starargs)
+ if hasattr(node, 'kwargs'):
+ _add(node.kwargs)
if len(strings) == 1:
strings = strings[0]
else:
diff --git a/genshi/template/astutil.py b/genshi/template/astutil.py
index f4e1edd..e561846 100644
--- a/genshi/template/astutil.py
+++ b/genshi/template/astutil.py
@@ -151,6 +151,10 @@ class ASTCodeGenerator(object):
def visit_arg(self, node):
self._write(node.arg)
+ def visit_Starred(self, node):
+ self._write('*')
+ self.visit(node.value)
+
# FunctionDef(identifier name, arguments args,
# stmt* body, expr* decorator_list)
def visit_FunctionDef(self, node):
@@ -664,9 +668,13 @@ class ASTCodeGenerator(object):
if not first:
self._write(', ')
first = False
- # keyword = (identifier arg, expr value)
- self._write(keyword.arg)
- self._write('=')
+ if not keyword.arg:
+ # Python 3.5+ star-star args
+ self._write('**')
+ else:
+ # keyword = (identifier arg, expr value)
+ self._write(keyword.arg)
+ self._write('=')
self.visit(keyword.value)
if getattr(node, 'starargs', None):
if not first:
diff --git a/genshi/template/directives.py b/genshi/template/directives.py
index 7301c2d..6fd0f28 100644
--- a/genshi/template/directives.py
+++ b/genshi/template/directives.py
@@ -266,13 +266,21 @@ class DefDirective(Directive):
if isinstance(ast, _ast.Call):
self.name = ast.func.id
for arg in ast.args:
- # only names
- self.args.append(arg.id)
+ if isinstance(arg, _ast.Starred):
+ # Python 3.5+
+ self.star_args = arg.value.id
+ else:
+ # only names
+ self.args.append(arg.id)
for kwd in ast.keywords:
- self.args.append(kwd.arg)
- exp = Expression(kwd.value, template.filepath,
- lineno, lookup=template.lookup)
- self.defaults[kwd.arg] = exp
+ if kwd.arg is None:
+ # Python 3.5+
+ self.dstar_args = kwd.value.id
+ else:
+ self.args.append(kwd.arg)
+ exp = Expression(kwd.value, template.filepath,
+ lineno, lookup=template.lookup)
+ self.defaults[kwd.arg] = exp
if getattr(ast, 'starargs', None):
self.star_args = ast.starargs.id
if getattr(ast, 'kwargs', None):
diff --git a/genshi/template/eval.py b/genshi/template/eval.py
index d378419..81644a7 100644
--- a/genshi/template/eval.py
+++ b/genshi/template/eval.py
@@ -600,6 +600,11 @@ class TemplateASTTransformer(ASTTransformer):
finally:
self.locals.pop()
+ # Only used in Python 3.5+
+ def visit_Starred(self, node):
+ node.value = self.visit(node.value)
+ return node
+
def visit_Name(self, node):
# If the name refers to a local inside a lambda, list comprehension, or
# generator expression, leave it alone
--
2.12.0

View File

@ -0,0 +1,37 @@
From cc5e07284f44cdd9beec178c69070a53f55d1323 Mon Sep 17 00:00:00 2001
From: Simon Cross <hodgestar@gmail.com>
Date: Sun, 16 Feb 2014 18:43:20 +0000
Subject: [PATCH 03/15] Add isstring helper.
---
genshi/compat.py | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/genshi/compat.py b/genshi/compat.py
index 9787325..6574e39 100644
--- a/genshi/compat.py
+++ b/genshi/compat.py
@@ -35,6 +35,15 @@ else:
'Python 2 compatibility function. Not usable in Python 3.')
+# We need to test if an object is an instance of a string type in places
+
+if IS_PYTHON2:
+ def isstring(obj):
+ return isinstance(obj, basestring)
+else:
+ def isstring(obj):
+ return isinstance(obj, str)
+
# We need to differentiate between StringIO and BytesIO in places
if IS_PYTHON2:
@@ -112,4 +121,3 @@ except NameError:
if not x:
return False
return True
-
--
2.12.0

View File

@ -0,0 +1,51 @@
From 0769be04c3891ae5c724c6779ba13d1d0f53b4ae Mon Sep 17 00:00:00 2001
From: Simon Cross <hodgestar@gmail.com>
Date: Sun, 16 Feb 2014 18:25:17 +0000
Subject: [PATCH 01/15] Also allow stripping of unsafe script tags (Python 3.4
parses the second example as a tag whose name is script&xyz).
---
genshi/filters/tests/test_html.py | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/genshi/filters/tests/test_html.py b/genshi/filters/tests/test_html.py
index 0c6cfe1..45ec0da 100644
--- a/genshi/filters/tests/test_html.py
+++ b/genshi/filters/tests/test_html.py
@@ -368,12 +368,16 @@ def StyleSanitizer():
class HTMLSanitizerTestCase(unittest.TestCase):
- def assert_parse_error_or_equal(self, expected, exploit):
+ def assert_parse_error_or_equal(self, expected, exploit,
+ allow_strip=False):
try:
html = HTML(exploit)
except ParseError:
return
- self.assertEquals(expected, (html | HTMLSanitizer()).render())
+ sanitized_html = (html | HTMLSanitizer()).render()
+ if not sanitized_html and allow_strip:
+ return
+ self.assertEquals(expected, sanitized_html)
def test_sanitize_unchanged(self):
html = HTML(u'<a href="#">fo<br />o</a>')
@@ -416,10 +420,12 @@ class HTMLSanitizerTestCase(unittest.TestCase):
html = HTML(u'<SCRIPT SRC="http://example.com/"></SCRIPT>')
self.assertEquals('', (html | HTMLSanitizer()).render())
src = u'<SCR\0IPT>alert("foo")</SCR\0IPT>'
- self.assert_parse_error_or_equal('&lt;SCR\x00IPT&gt;alert("foo")', src)
+ self.assert_parse_error_or_equal('&lt;SCR\x00IPT&gt;alert("foo")', src,
+ allow_strip=True)
src = u'<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>'
self.assert_parse_error_or_equal('&lt;SCRIPT&amp;XYZ; '
- 'SRC="http://example.com/"&gt;', src)
+ 'SRC="http://example.com/"&gt;', src,
+ allow_strip=True)
def test_sanitize_remove_onclick_attr(self):
html = HTML(u'<div onclick=\'alert("foo")\' />')
--
2.12.0

View File

@ -0,0 +1,35 @@
This patch prevents a code execution vector involving terminal escape
sequences when rxvt-unicode is in "secure mode".
This change was spurred by the following conversation on the
oss-security mailing list:
Problem description and proof of concept:
http://seclists.org/oss-sec/2017/q2/190
Upstream response:
http://seclists.org/oss-sec/2017/q2/291
Patch copied from upstream source repository:
http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
--- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582
+++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583
@@ -2695,7 +2695,7 @@
/* kidnapped escape sequence: Should be 8.3.48 */
case C1_ESA: /* ESC G */
// used by original rxvt for rob nations own graphics mode
- if (cmd_getc () == 'Q')
+ if (cmd_getc () == 'Q' && option (Opt_insecure))
tt_printf ("\033G0\012"); /* query graphics - no graphics */
break;
@@ -2914,7 +2914,7 @@
break;
case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */
- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
+ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
#ifdef ISO6429
arg[0] = -arg[0];
#else /* emulate common DEC VTs */

View File

@ -1,61 +0,0 @@
Allow Synfig to build in C++11 mode.
Taken from here:
https://projects.archlinux.org/svntogit/community.git/plain/trunk/build-fix.patch?h=packages/synfig
diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.cpp synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.cpp
--- synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.cpp 2015-03-28 13:15:00.000000000 +0300
+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.cpp 2015-04-28 16:56:11.568749053 +0300
@@ -56,8 +56,8 @@
/* === M E T H O D S ======================================================= */
-Importer_LibAVCodec::Importer_LibAVCodec(const char *file):
- filename(file)
+Importer_LibAVCodec::Importer_LibAVCodec(const synfig::FileSystem::Identifier &identifier):
+ Importer(identifier)
{
}
diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.h synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.h
--- synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.h 2015-03-28 13:15:00.000000000 +0300
+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.h 2015-04-28 16:55:18.699192946 +0300
@@ -46,7 +46,7 @@
synfig::String filename;
public:
- Importer_LibAVCodec(const char *filename);
+ Importer_LibAVCodec(const synfig::FileSystem::Identifier &identifier);
~Importer_LibAVCodec();
virtual bool get_frame(synfig::Surface &surface, const synfig::RendDesc &renddesc, synfig::Time time, synfig::ProgressCallback *callback);
diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/trgt_av.cpp synfig-1.0-RC5.my/src/modules/mod_libavcodec/trgt_av.cpp
--- synfig-1.0-RC5/src/modules/mod_libavcodec/trgt_av.cpp 2015-03-28 13:15:00.000000000 +0300
+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/trgt_av.cpp 2015-04-28 16:46:54.720091106 +0300
@@ -121,14 +121,14 @@
picture = avcodec_alloc_frame();
if (!picture)
return NULL;
- size = avpicture_get_size(pix_fmt, width, height);
+ size = avpicture_get_size((::PixelFormat)pix_fmt, width, height);
picture_buf = (uint8_t *)malloc(size);
if (!picture_buf) {
av_free(picture);
return NULL;
}
avpicture_fill((AVPicture *)picture, picture_buf,
- pix_fmt, width, height);
+ (::PixelFormat)pix_fmt, width, height);
return picture;
}
diff -wbBur synfig-1.0.2/src/synfig/time.cpp synfig-1.0.2.my/src/synfig/time.cpp
--- synfig-1.0.2/src/synfig/time.cpp 2015-07-09 10:33:03.000000000 +0300
+++ synfig-1.0.2.my/src/synfig/time.cpp 2015-10-12 13:54:58.382313903 +0300
@@ -319,5 +319,5 @@
bool
Time::is_valid()const
{
- return !isnan(value_);
+ return !::isnan(value_);
}

View File

@ -0,0 +1,55 @@
Downloaded from
https://github.com/synfig/synfig/commit/b9c3b73ee35b83c4d9183c800809040cef98b2f2.patch
Without this patch the UI of Synfig Studio (when built with the latest version
of GTK) displays very large buttons in the header of every frame.
This patch can be removed with the next release.
From b9c3b73ee35b83c4d9183c800809040cef98b2f2 Mon Sep 17 00:00:00 2001
From: caryoscelus <caryoscelus@gmx.com>
Date: Wed, 25 Jan 2017 18:34:39 +0300
Subject: [PATCH] Fix dock drop area size
Fixes #227
By using Frame instead of Button we avoid intrusive Gtk themes
from forcing huge drop area size.
---
synfig-studio/src/gui/docks/dockdroparea.cpp | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/gui/docks/dockdroparea.cpp b/synfig-studio/src/gui/docks/dockdroparea.cpp
index 0f8936fdb..e012282f0 100644
--- a/src/gui/docks/dockdroparea.cpp
+++ b/src/gui/docks/dockdroparea.cpp
@@ -35,7 +35,7 @@
#include "app.h"
#include "docks/dockdroparea.h"
#include "docks/dockmanager.h"
-#include <gtkmm/button.h>
+#include <gtkmm/frame.h>
#endif
@@ -61,10 +61,15 @@ DockDropArea::DockDropArea(Gtk::Widget *target):
std::vector<Gtk::TargetEntry> listTargets;
listTargets.push_back( Gtk::TargetEntry("SYNFIG_DOCK") );
- Gtk::Button *button_left = manage(new Gtk::Button());
- Gtk::Button *button_right = manage(new Gtk::Button());
- Gtk::Button *button_top = manage(new Gtk::Button());
- Gtk::Button *button_bottom = manage(new Gtk::Button());
+ Gtk::Frame *button_left = manage(new Gtk::Frame());
+ Gtk::Frame *button_right = manage(new Gtk::Frame());
+ Gtk::Frame *button_top = manage(new Gtk::Frame());
+ Gtk::Frame *button_bottom = manage(new Gtk::Frame());
+
+ button_left->set_size_request(20, 10);
+ button_right->set_size_request(20, 10);
+ button_top->set_size_request(20, 10);
+ button_bottom->set_size_request(20, 10);
button_left->drag_dest_set(listTargets);
button_right->drag_dest_set(listTargets);

View File

@ -14804,3 +14804,125 @@ information.")
(define-public python2-packaging
(package-with-python2 python-packaging))
(define-public python-sql
(package
(name "python-sql")
(version "0.9")
(source
(origin
(method url-fetch)
(uri (pypi-uri "python-sql" version))
(sha256
(base32
"0p6kaqj02vz0habmdx37zjk6hjxdfm8aw737zs059vvpr70ird87"))))
(build-system python-build-system)
(home-page "https://python-sql.tryton.org/")
(synopsis "Library to write SQL queries in a pythonic way")
(description "@code{python-sql} is a library to write SQL queries, that
transforms idiomatic python function calls to well-formed SQL queries.")
(license license:bsd-3)))
(define-public python2-sql
(package-with-python2 python-sql))
(define-public python-genshi
(package
(name "python-genshi")
(version "0.7")
(source
(origin
(method url-fetch)
(uri (string-append
"https://ftp.edgewall.org/pub/genshi/Genshi-"
version ".tar.gz"))
(patches
(search-patches
;; The first 4 patches are in the master branch upstream.
;; See this as a reference https://genshi.edgewall.org/ticket/582
;; The last 2 are NOT in any branch.
;; They were sent as attachments to a ticket opened at
;; https://genshi.edgewall.org/ticket/602#no1
"python-genshi-stripping-of-unsafe-script-tags.patch"
"python-genshi-disable-speedups-on-python-3.3.patch"
"python-genshi-isstring-helper.patch"
"python-genshi-add-support-for-python-3.4-AST.patch"
"python-genshi-fix-tests-on-python-3.5.patch"
"python-genshi-buildable-on-python-2.7.patch"))
(sha256
(base32
"0lkkbp6fbwzv0zda5iqc21rr7rdldkwh3hfabfjl9i4bwq14858x"))))
(build-system python-build-system)
(home-page "https://genshi.edgewall.org/")
(synopsis "Toolkit for generation of output for the web")
(description "Genshi is a Python library that provides an integrated set
of components for parsing, generating, and processing HTML, XML or other
textual content for output generation on the web.")
(license license:bsd-3)))
;; The linter here claims that patch file names should start with the package
;; name. But, in this case the patches are inherited from python-genshi with
;; the "python-genshi-" prefix instead of "python2-genshi-".
(define-public python2-genshi
(package-with-python2 python-genshi))
(define-public python-relatorio
(package
(name "python-relatorio")
(version "0.6.4")
(source
(origin
(method url-fetch)
(uri (pypi-uri "relatorio" version))
(sha256
(base32
"0lincq79mzgazwd9gh41dybjh9c3n87r83pl8nk3j79aihyfk84z"))))
(build-system python-build-system)
(propagated-inputs
`(("python-lxml" ,python-lxml)
("python-genshi" ,python-genshi)))
(home-page "https://relatorio.tryton.org/")
(synopsis "Templating library able to output ODT and PDF files")
(description "Relatorio is a templating library which provides a way to
easily output ODT, ODS, PNG, SVG and several other kinds of files. Support
for more filetypes can be easily added by creating plugins for them.")
(license license:gpl3+)))
(define-public python2-relatorio
(package-with-python2 python-relatorio))
(define-public python-radon
(package
(name "python-radon")
(version "1.5.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "radon" version))
(sha256
(base32
"1h6jv36am0i827182a04ki6291lyx4kp957xfr5njgprj4nd0qsl"))))
(build-system python-build-system)
(propagated-inputs
`(("python-colorama" ,python-colorama)
("python-flake8-polyfill" ,python-flake8-polyfill)
("python-mando" ,python-mando-0.3.1)))
(native-inputs
`(("python-flake8" ,python-flake8)
("python-tox" ,python-tox)
("python-pytest" ,python-pytest)
("python-paramunittest" ,python-paramunittest)))
(home-page "https://radon.readthedocs.org/")
(synopsis "Code Metrics in Python")
(description "Radon is a Python tool which computes various code metrics.
Supported metrics are:
@itemize @bullet
@item raw metrics: SLOC, comment lines, blank lines, &c.
@item Cyclomatic Complexity (i.e. McCabes Complexity)
@item Halstead metrics (all of them)
@item the Maintainability Index (a Visual Studio metric)
@end itemize")
(license license:expat)))
(define-public python2-radon
(package-with-python2 python-radon))

View File

@ -484,13 +484,13 @@ security, and applying best practice development processes.")
(package
(name "python-acme")
;; Remember to update the hash of certbot when updating python-acme.
(version "0.14.1")
(version "0.14.2")
(source (origin
(method url-fetch)
(uri (pypi-uri "acme" version))
(sha256
(base32
"0asmkfkzbswnkrvbj5m01xgy4f6g1fjbj2nir1hhrn3ipcdrsv8f"))))
"1kbgpjabbly7r757vyr1050ixnm9hyvrbf9n6aq49cgmb147ysqn"))))
(build-system python-build-system)
(arguments
`(#:phases
@ -549,7 +549,7 @@ security, and applying best practice development processes.")
(uri (pypi-uri name version))
(sha256
(base32
"0rdby57hw35qdrbl7kigscphnz4kqb608bqzrcb73nb99092i6si"))))
"1b39hybswzm8mkarg1mwpx47wffqg57jcgi52mz5iz60rxym9j2v"))))
(build-system python-build-system)
(arguments
`(#:python ,python-2

93
gnu/packages/tryton.scm Normal file
View File

@ -0,0 +1,93 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages tryton)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages)
#:use-module (gnu packages gtk)
#:use-module (gnu packages python)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system python))
(define-public trytond
(package
(name "trytond")
(version "4.4.1")
(source
(origin
(method url-fetch)
(uri (string-append
"https://downloads.tryton.org/4.4/trytond-"
version ".tar.gz"))
(sha256
(base32
"15gm34qwj5fpnkqvrxzndl8653zbczhsa76dm1gi4cqj1r29bbpr"))))
(build-system python-build-system)
(inputs
`(("python-dateutil" ,python-dateutil)
("python-genshi" ,python-genshi)
("python-polib" ,python-polib)
;; there's no python-mysql in Guix right now
;; so python-psycopg2 (postgresql) only for now
("python-psycopg2" ,python-psycopg2)
("python-relatorio" ,python-relatorio)
("python-lxml" ,python-lxml)
("python-sql" ,python-sql)
("python-werkzeug" ,python-werkzeug)
("python-wrapt" ,python-wrapt)))
(native-inputs
`(("python-mock" ,python-mock)))
(arguments
`(#:phases
(modify-phases %standard-phases
(add-before 'check 'preparations
(lambda _
(setenv "DB_NAME" ":memory:"))))))
(home-page "https://www.tryton.org/")
(synopsis "Server component of Tryton")
(description "Tryton is a three-tier high-level general purpose
application platform using PostgreSQL as its main database engine. It is the
core base of a complete business solution providing modularity, scalability
and security.")
(license license:gpl3+)))
(define-public tryton
(package
(name "tryton")
(version "4.4.0")
(source
(origin
(method url-fetch)
(uri (string-append
"https://downloads.tryton.org/4.4/tryton-"
version ".tar.gz"))
(sha256
(base32
"1lklcz5fs6rkrd7z2m2f5gz4fdwzkgnhg2hyvzp20kdsvi33bq2j"))))
(build-system python-build-system)
(inputs
`(("python2-chardet" ,python2-chardet)
("python2-dateutil" ,python2-dateutil)
("python2-pygtk" ,python2-pygtk)))
(arguments
`(#:python ,python-2))
(home-page "https://www.tryton.org/")
(synopsis "Client component of Tryton")
(description "This package is the client component of Tryton.")
(license license:gpl3+)))

View File

@ -9,7 +9,7 @@
;;; Copyright © 2016 Al McElrath <hello@yrns.org>
;;; Copyright © 2016 Carlo Zancanaro <carlo@zancanaro.id.au>
;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.pramatique.xyz>
;;; Copyright © 2016 doncatnip <gnopap@gmail.com>
;;; Copyright © 2016 Ivan Vilata i Balaguer <ivan@selidor.net>
;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
@ -675,3 +675,80 @@ all of them. Currently supported window managers include:
Keybinder works with GTK-based applications using the X Window System.")
(home-page "https://github.com/engla/keybinder")
(license license:gpl2+)))
(define-public spectrwm
(package
(name "spectrwm")
(version "3.0.2")
(source
(origin
(method url-fetch)
(uri (let ((version-with-underscores
(string-join (string-split version #\.) "_")))
(string-append "https://github.com/conformal/spectrwm/archive/"
"SPECTRWM_" version-with-underscores ".tar.gz")))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"065b7j8s0lxw3p58fyf3c1mr5203pdm0kww42v245rlx0f005kl2"))))
(build-system gnu-build-system)
(arguments
`(#:make-flags (let ((pkg-config (lambda (flag)
(string-append
"$(shell pkg-config " flag " "
"xft fontconfig x11 libpng)"))))
(list
"CC=gcc"
(string-append "PREFIX=" %output)
(string-append "INCS=-I. " (pkg-config "--cflags"))
(string-append "LIBS=" (pkg-config "--libs") " -lm")))
#:tests? #f ;No test suite
#:phases
(modify-phases %standard-phases
(add-before 'build 'change-dir
(lambda _
(chdir "linux") #t))
(add-after 'change-dir 'patch-makefile
(lambda _
(substitute* "Makefile"
(("-g") ""))))
(add-after 'change-dir 'fix-freetype-include
(lambda _
(substitute* "Makefile"
(("/usr/include/freetype2")
(string-append (assoc-ref %build-inputs "freetype")
"/include/freetype2")))))
(delete 'configure)))) ;no 'configure' exists
(inputs
`(("freetype" ,freetype)
("fontconfig" ,fontconfig)
("libx11" ,libx11)
("libxcursor" ,libxcursor)
("libxrandr" ,libxrandr)
("libxtst" ,libxtst)
("libxft" ,libxft)
("xcb-util" ,xcb-util)
("xcb-util-wm" ,xcb-util-wm)
("xcb-util-keysyms" ,xcb-util-keysyms)))
(native-inputs
`(("libxt" ,libxt)
("pkg-config" ,pkg-config)))
(synopsis "Minimalistic automatic tiling window manager")
(description
"Spectrwm is a small dynamic tiling and reparenting window manager for X11.
It is inspired by Xmonad and dwm. Its major features include:
@itemize
@item Navigation anywhere on all screens with either the keyboard or mouse
@item Customizable status bar
@item Restartable without losing state
@item Quick launch menu
@item Many screen layouts possible with a few simple key strokes
@item Move/resize floating windows
@item Extended Window Manager Hints (EWMH) support
@item Configureable tiling
@item Adjustable tile gap allows for a true one pixel border
@item Customizable colors and border width
@end itemize\n")
(home-page "https://github.com/conformal/spectrwm")
(license license:isc)))

View File

@ -682,6 +682,7 @@ compact configuration syntax.")
(method url-fetch)
(uri (string-append "http://dist.schmorp.de/rxvt-unicode/Attic/"
name "-" version ".tar.bz2"))
(patches (search-patches "rxvt-unicode-escape-sequences.patch"))
(sha256
(base32
"1pddjn5ynblwfrdmskylrsxb9vfnk3w4jdnq2l8xn2pspkljhip9"))))

593
gnu/services/dns.scm Normal file
View File

@ -0,0 +1,593 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu services dns)
#:use-module (gnu services)
#:use-module (gnu services configuration)
#:use-module (gnu services shepherd)
#:use-module (gnu system shadow)
#:use-module (gnu packages admin)
#:use-module (gnu packages dns)
#:use-module (guix packages)
#:use-module (guix records)
#:use-module (guix gexp)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
#:use-module (ice-9 match)
#:use-module (ice-9 regex)
#:export (knot-service-type
knot-acl-configuration
knot-key-configuration
knot-keystore-configuration
knot-zone-configuration
knot-remote-configuration
knot-policy-configuration
knot-configuration
define-zone-entries
zone-file
zone-entry))
;;;
;;; Knot DNS.
;;;
(define-record-type* <knot-key-configuration>
knot-key-configuration make-knot-key-configuration
knot-key-configuration?
(id knot-key-configuration-id
(default ""))
(algorithm knot-key-configuration-algorithm
(default #f)); one of #f, or an algorithm name
(secret knot-key-configuration-secret
(default "")))
(define-record-type* <knot-acl-configuration>
knot-acl-configuration make-knot-acl-configuration
knot-acl-configuration?
(id knot-acl-configuration-id
(default ""))
(address knot-acl-configuration-address
(default '()))
(key knot-acl-configuration-key
(default '()))
(action knot-acl-configuration-action
(default '()))
(deny? knot-acl-configuration-deny?
(default #f)))
(define-record-type* <zone-entry>
zone-entry make-zone-entry
zone-entry?
(name zone-entry-name
(default "@"))
(ttl zone-entry-ttl
(default ""))
(class zone-entry-class
(default "IN"))
(type zone-entry-type
(default "A"))
(data zone-entry-data
(default "")))
(define-record-type* <zone-file>
zone-file make-zone-file
zone-file?
(entries zone-file-entries
(default '()))
(origin zone-file-origin
(default ""))
(ns zone-file-ns
(default "ns"))
(mail zone-file-mail
(default "hostmaster"))
(serial zone-file-serial
(default 1))
(refresh zone-file-refresh
(default "2d"))
(retry zone-file-retry
(default "15m"))
(expiry zone-file-expiry
(default "2w"))
(nx zone-file-nx
(default "1h")))
(define-record-type* <knot-keystore-configuration>
knot-keystore-configuration make-knot-keystore-configuration
knot-keystore-configuration?
(id knot-keystore-configuration-id
(default ""))
(backend knot-keystore-configuration-backend
(default 'pem))
(config knot-keystore-configuration-config
(default "/var/lib/knot/keys/keys")))
(define-record-type* <knot-policy-configuration>
knot-policy-configuration make-knot-policy-configuration
knot-policy-configuration?
(id knot-policy-configuration-id
(default ""))
(keystore knot-policy-configuration-keystore
(default "default"))
(manual? knot-policy-configuration-manual?
(default #f))
(single-type-signing? knot-policy-configuration-single-type-signing?
(default #f))
(algorithm knot-policy-configuration-algorithm
(default "ecdsap256sha256"))
(ksk-size knot-policy-configuration-ksk-size
(default 256))
(zsk-size knot-policy-configuration-zsk-size
(default 256))
(dnskey-ttl knot-policy-configuration-dnskey-ttl
(default 'default))
(zsk-lifetime knot-policy-configuration-zsk-lifetime
(default "30d"))
(propagation-delay knot-policy-configuration-propagation-delay
(default "1d"))
(rrsig-lifetime knot-policy-configuration-rrsig-lifetime
(default "14d"))
(rrsig-refresh knot-policy-configuration-rrsig-refresh
(default "7d"))
(nsec3? knot-policy-configuration-nsec3?
(default #f))
(nsec3-iterations knot-policy-configuration-nsec3-iterations
(default 5))
(nsec3-salt-length knot-policy-configuration-nsec3-salt-length
(default 8))
(nsec3-salt-lifetime knot-policy-configuration-nsec3-salt-lifetime
(default "30d")))
(define-record-type* <knot-zone-configuration>
knot-zone-configuration make-knot-zone-configuration
knot-zone-configuration?
(domain knot-zone-configuration-domain
(default ""))
(file knot-zone-configuration-file
(default "")) ; the file where this zone is saved.
(zone knot-zone-configuration-zone
(default (zone-file))) ; initial content of the zone file
(master knot-zone-configuration-master
(default '()))
(ddns-master knot-zone-configuration-ddns-master
(default #f))
(notify knot-zone-configuration-notify
(default '()))
(acl knot-zone-configuration-acl
(default '()))
(semantic-checks? knot-zone-configuration-semantic-checks?
(default #f))
(disable-any? knot-zone-configuration-disable-any?
(default #f))
(zonefile-sync knot-zone-configuration-zonefile-sync
(default 0))
(dnssec-policy knot-zone-configuration-dnssec-policy
(default #f))
(serial-policy knot-zone-configuration-serial-policy
(default 'increment)))
(define-record-type* <knot-remote-configuration>
knot-remote-configuration make-knot-remote-configuration
knot-remote-configuration?
(id knot-remote-configuration-id
(default ""))
(address knot-remote-configuration-address
(default '()))
(via knot-remote-configuration-via
(default '()))
(key knot-remote-configuration-key
(default #f)))
(define-record-type* <knot-configuration>
knot-configuration make-knot-configuration
knot-configuration?
(knot knot-configuration-knot
(default knot))
(run-directory knot-configuration-run-directory
(default "/var/run/knot"))
(listen-v4 knot-configuration-listen-v4
(default "0.0.0.0"))
(listen-v6 knot-configuration-listen-v6
(default "::"))
(listen-port knot-configuration-listen-port
(default 53))
(keys knot-configuration-keys
(default '()))
(keystores knot-configuration-keystores
(default '()))
(acls knot-configuration-acls
(default '()))
(remotes knot-configuration-remotes
(default '()))
(policies knot-configuration-policies
(default '()))
(zones knot-configuration-zones
(default '())))
(define-syntax define-zone-entries
(syntax-rules ()
((_ id (name ttl class type data) ...)
(define id (list (make-zone-entry name ttl class type data) ...)))))
(define (error-out msg)
(raise (condition (&message (message msg)))))
(define (verify-knot-key-configuration key)
(unless (knot-key-configuration? key)
(error-out "keys must be a list of only knot-key-configuration."))
(let ((id (knot-key-configuration-id key)))
(unless (and (string? id) (not (equal? id "")))
(error-out "key id must be a non empty string.")))
(unless (memq '(#f hmac-md5 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512)
(knot-key-configuration-algorithm key))
(error-out "algorithm must be one of: #f, 'hmac-md5, 'hmac-sha1,
'hmac-sha224, 'hmac-sha256, 'hmac-sha384 or 'hmac-sha512")))
(define (verify-knot-keystore-configuration keystore)
(unless (knot-keystore-configuration? keystore)
(error-out "keystores must be a list of only knot-keystore-configuration."))
(let ((id (knot-keystore-configuration-id keystore)))
(unless (and (string? id) (not (equal? id "")))
(error-out "keystore id must be a non empty string.")))
(unless (memq '(pem pkcs11)
(knot-keystore-configuration-backend keystore))
(error-out "backend must be one of: 'pem or 'pkcs11")))
(define (verify-knot-policy-configuration policy)
(unless (knot-keystore-configuration? policy)
(error-out "policies must be a list of only knot-policy-configuration."))
(let ((id (knot-policy-configuration-id policy)))
(unless (and (string? id) (not (equal? id "")))
(error-out "policy id must be a non empty string."))))
(define (verify-knot-acl-configuration acl)
(unless (knot-acl-configuration? acl)
(error-out "acls must be a list of only knot-acl-configuration."))
(let ((id (knot-acl-configuration-id acl))
(address (knot-acl-configuration-address acl))
(key (knot-acl-configuration-key acl))
(action (knot-acl-configuration-action acl)))
(unless (and (string? id) (not (equal? id "")))
(error-out "acl id must be a non empty string."))
(unless (and (list? address)
(fold (lambda (x1 x2) (and (string? x1) (string? x2))) "" address))
(error-out "acl address must be a list of strings.")))
(unless (boolean? (knot-acl-configuration-deny? acl))
(error-out "deny? must be #t or #f.")))
(define (verify-knot-zone-configuration zone)
(unless (knot-zone-configuration? zone)
(error-out "zones must be a list of only knot-zone-configuration."))
(let ((domain (knot-zone-configuration-domain zone)))
(unless (and (string? domain) (not (equal? domain "")))
(error-out "zone domain must be a non empty string."))))
(define (verify-knot-remote-configuration remote)
(unless (knot-remote-configuration? remote)
(error-out "remotes must be a list of only knot-remote-configuration."))
(let ((id (knot-remote-configuration-id remote)))
(unless (and (string? id) (not (equal? id "")))
(error-out "remote id must be a non empty string."))))
(define (verify-knot-configuration config)
(unless (package? (knot-configuration-knot config))
(error-out "knot configuration field must be a package."))
(unless (string? (knot-configuration-run-directory config))
(error-out "run-directory must be a string."))
(unless (list? (knot-configuration-keys config))
(error-out "keys must be a list of knot-key-configuration."))
(for-each (lambda (key) (verify-knot-key-configuration key))
(knot-configuration-keys config))
(unless (list? (knot-configuration-keystores config))
(error-out "keystores must be a list of knot-keystore-configuration."))
(for-each (lambda (keystore) (verify-knot-keystore-configuration keystore))
(knot-configuration-keystores config))
(unless (list? (knot-configuration-acls config))
(error-out "acls must be a list of knot-acl-configuration."))
(for-each (lambda (acl) (verify-knot-acl-configuration acl))
(knot-configuration-acls config))
(unless (list? (knot-configuration-zones config))
(error-out "zones must be a list of knot-zone-configuration."))
(for-each (lambda (zone) (verify-knot-zone-configuration zone))
(knot-configuration-zones config))
(unless (list? (knot-configuration-policies config))
(error-out "policies must be a list of knot-policy-configuration."))
(for-each (lambda (policy) (verify-knot-policy-configuration policy))
(knot-configuration-policies config))
(unless (list? (knot-configuration-remotes config))
(error-out "remotes must be a list of knot-remote-configuration."))
(for-each (lambda (remote) (verify-knot-remote-configuration remote))
(knot-configuration-remotes config))
#t)
(define (format-string-list l)
"Formats a list of string in YAML"
(if (eq? l '())
""
(let ((l (reverse l)))
(string-append
"["
(fold (lambda (x1 x2)
(string-append (if (symbol? x1) (symbol->string x1) x1) ", "
(if (symbol? x2) (symbol->string x2) x2)))
(car l) (cdr l))
"]"))))
(define (knot-acl-config acls)
(with-output-to-string
(lambda ()
(for-each
(lambda (acl-config)
(let ((id (knot-acl-configuration-id acl-config))
(address (knot-acl-configuration-address acl-config))
(key (knot-acl-configuration-key acl-config))
(action (knot-acl-configuration-action acl-config))
(deny? (knot-acl-configuration-deny? acl-config)))
(format #t " - id: ~a\n" id)
(unless (eq? address '())
(format #t " address: ~a\n" (format-string-list address)))
(unless (eq? key '())
(format #t " key: ~a\n" (format-string-list key)))
(unless (eq? action '())
(format #t " action: ~a\n" (format-string-list action)))
(format #t " deny: ~a\n" (if deny? "on" "off"))))
acls))))
(define (knot-key-config keys)
(with-output-to-string
(lambda ()
(for-each
(lambda (key-config)
(let ((id (knot-key-configuration-id key-config))
(algorithm (knot-key-configuration-algorithm key-config))
(secret (knot-key-configuration-secret key-config)))
(format #t " - id: ~a\n" id)
(if algorithm
(format #t " algorithm: ~a\n" (symbol->string algorithm)))
(format #t " secret: ~a\n" secret)))
keys))))
(define (knot-keystore-config keystores)
(with-output-to-string
(lambda ()
(for-each
(lambda (keystore-config)
(let ((id (knot-keystore-configuration-id keystore-config))
(backend (knot-keystore-configuration-backend keystore-config))
(config (knot-keystore-configuration-config keystore-config)))
(format #t " - id: ~a\n" id)
(format #t " backend: ~a\n" (symbol->string backend))
(format #t " config: \"~a\"\n" config)))
keystores))))
(define (knot-policy-config policies)
(with-output-to-string
(lambda ()
(for-each
(lambda (policy-config)
(let ((id (knot-policy-configuration-id policy-config))
(keystore (knot-policy-configuration-keystore policy-config))
(manual? (knot-policy-configuration-manual? policy-config))
(single-type-signing? (knot-policy-configuration-single-type-signing?
policy-config))
(algorithm (knot-policy-configuration-algorithm policy-config))
(ksk-size (knot-policy-configuration-ksk-size policy-config))
(zsk-size (knot-policy-configuration-zsk-size policy-config))
(dnskey-ttl (knot-policy-configuration-dnskey-ttl policy-config))
(zsk-lifetime (knot-policy-configuration-zsk-lifetime policy-config))
(propagation-delay (knot-policy-configuration-propagation-delay
policy-config))
(rrsig-lifetime (knot-policy-configuration-rrsig-lifetime
policy-config))
(nsec3? (knot-policy-configuration-nsec3? policy-config))
(nsec3-iterations (knot-policy-configuration-nsec3-iterations
policy-config))
(nsec3-salt-length (knot-policy-configuration-nsec3-salt-length
policy-config))
(nsec3-salt-lifetime (knot-policy-configuration-nsec3-salt-lifetime
policy-config)))
(format #t " - id: ~a\n" id)
(format #t " keystore: ~a\n" keystore)
(format #t " manual: ~a\n" (if manual? "on" "off"))
(format #t " single-type-signing: ~a\n" (if single-type-signing?
"on" "off"))
(format #t " algorithm: ~a\n" algorithm)
(format #t " ksk-size: ~a\n" (number->string ksk-size))
(format #t " zsk-size: ~a\n" (number->string zsk-size))
(unless (eq? dnskey-ttl 'default)
(format #t " dnskey-ttl: ~a\n" dnskey-ttl))
(format #t " zsk-lifetime: ~a\n" zsk-lifetime)
(format #t " propagation-delay: ~a\n" propagation-delay)
(format #t " rrsig-lifetime: ~a\n" rrsig-lifetime)
(format #t " nsec3: ~a\n" (if nsec3? "on" "off"))
(format #t " nsec3-iterations: ~a\n"
(number->string nsec3-iterations))
(format #t " nsec3-salt-length: ~a\n"
(number->string nsec3-salt-length))
(format #t " nsec3-salt-lifetime: ~a\n" nsec3-salt-lifetime)))
policies))))
(define (knot-remote-config remotes)
(with-output-to-string
(lambda ()
(for-each
(lambda (remote-config)
(let ((id (knot-remote-configuration-id remote-config))
(address (knot-remote-configuration-address remote-config))
(via (knot-remote-configuration-via remote-config))
(key (knot-remote-configuration-key remote-config)))
(format #t " - id: ~a\n" id)
(unless (eq? address '())
(format #t " address: ~a\n" (format-string-list address)))
(unless (eq? via '())
(format #t " via: ~a\n" (format-string-list via)))
(if key
(format #t " key: ~a\n" key))))
remotes))))
(define (serialize-zone-entries entries)
(with-output-to-string
(lambda ()
(for-each
(lambda (entry)
(let ((name (zone-entry-name entry))
(ttl (zone-entry-ttl entry))
(class (zone-entry-class entry))
(type (zone-entry-type entry))
(data (zone-entry-data entry)))
(format #t "~a ~a ~a ~a ~a\n" name ttl class type data)))
entries))))
(define (serialize-zone-file zone domain)
(computed-file (string-append domain ".zone")
#~(begin
(call-with-output-file #$output
(lambda (port)
(format port "$ORIGIN ~a.\n"
#$(zone-file-origin zone))
(format port "@ IN SOA ~a ~a (~a ~a ~a ~a ~a)\n"
#$(zone-file-ns zone)
#$(zone-file-mail zone)
#$(zone-file-serial zone)
#$(zone-file-refresh zone)
#$(zone-file-retry zone)
#$(zone-file-expiry zone)
#$(zone-file-nx zone))
(format port "~a\n"
#$(serialize-zone-entries (zone-file-entries zone))))))))
(define (knot-zone-config zone)
(let ((content (knot-zone-configuration-zone zone)))
#~(with-output-to-string
(lambda ()
(let ((domain #$(knot-zone-configuration-domain zone))
(file #$(knot-zone-configuration-file zone))
(master (list #$@(knot-zone-configuration-master zone)))
(ddns-master #$(knot-zone-configuration-ddns-master zone))
(notify (list #$@(knot-zone-configuration-notify zone)))
(acl (list #$@(knot-zone-configuration-acl zone)))
(semantic-checks? #$(knot-zone-configuration-semantic-checks? zone))
(disable-any? #$(knot-zone-configuration-disable-any? zone))
(dnssec-policy #$(knot-zone-configuration-dnssec-policy zone))
(serial-policy '#$(knot-zone-configuration-serial-policy zone)))
(format #t " - domain: ~a\n" domain)
(if (eq? master '())
;; This server is a master
(if (equal? file "")
(format #t " file: ~a\n"
#$(serialize-zone-file content
(knot-zone-configuration-domain zone)))
(format #t " file: ~a\n" file))
;; This server is a slave (has masters)
(begin
(format #t " master: ~a\n"
#$(format-string-list
(knot-zone-configuration-master zone)))
(if ddns-master (format #t " ddns-master ~a\n" ddns-master))))
(unless (eq? notify '())
(format #t " notify: ~a\n"
#$(format-string-list
(knot-zone-configuration-notify zone))))
(unless (eq? acl '())
(format #t " acl: ~a\n"
#$(format-string-list
(knot-zone-configuration-acl zone))))
(format #t " semantic-checks: ~a\n" (if semantic-checks? "on" "off"))
(format #t " disable-any: ~a\n" (if disable-any? "on" "off"))
(if dnssec-policy
(begin
(format #t " dnssec-signing: on\n")
(format #t " dnssec-policy: ~a\n" dnssec-policy)))
(format #t " serial-policy: ~a\n"
(symbol->string serial-policy)))))))
(define (knot-config-file config)
(verify-knot-configuration config)
(computed-file "knot.conf"
#~(begin
(call-with-output-file #$output
(lambda (port)
(format port "server:\n")
(format port " rundir: ~a\n" #$(knot-configuration-run-directory config))
(format port " user: knot\n")
(format port " listen: ~a@~a\n"
#$(knot-configuration-listen-v4 config)
#$(knot-configuration-listen-port config))
(format port " listen: ~a@~a\n"
#$(knot-configuration-listen-v6 config)
#$(knot-configuration-listen-port config))
(format port "\nkey:\n")
(format port #$(knot-key-config (knot-configuration-keys config)))
(format port "\nkeystore:\n")
(format port #$(knot-keystore-config (knot-configuration-keystores config)))
(format port "\nacl:\n")
(format port #$(knot-acl-config (knot-configuration-acls config)))
(format port "\nremote:\n")
(format port #$(knot-remote-config (knot-configuration-remotes config)))
(format port "\npolicy:\n")
(format port #$(knot-policy-config (knot-configuration-policies config)))
(unless #$(eq? (knot-configuration-zones config) '())
(format port "\nzone:\n")
(format port "~a\n"
(string-concatenate
(list #$@(map knot-zone-config
(knot-configuration-zones config)))))))))))
(define %knot-accounts
(list (user-group (name "knot") (system? #t))
(user-account
(name "knot")
(group "knot")
(system? #t)
(comment "knot dns server user")
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
(define (knot-activation config)
#~(begin
(use-modules (guix build utils))
(define (mkdir-p/perms directory owner perms)
(mkdir-p directory)
(chown directory (passwd:uid owner) (passwd:gid owner))
(chmod directory perms))
(mkdir-p/perms #$(knot-configuration-run-directory config)
(getpwnam "knot") #o755)
(mkdir-p/perms "/var/lib/knot" (getpwnam "knot") #o755)
(mkdir-p/perms "/var/lib/knot/keys" (getpwnam "knot") #o755)
(mkdir-p/perms "/var/lib/knot/keys/keys" (getpwnam "knot") #o755)))
(define (knot-shepherd-service config)
(let* ((config-file (knot-config-file config))
(knot (knot-configuration-knot config)))
(list (shepherd-service
(documentation "Run the Knot DNS daemon.")
(provision '(knot dns))
(requirement '(networking))
(start #~(make-forkexec-constructor
(list (string-append #$knot "/sbin/knotd")
"-c" #$config-file)))
(stop #~(make-kill-destructor))))))
(define knot-service-type
(service-type (name 'knot)
(extensions
(list (service-extension shepherd-root-service-type
knot-shepherd-service)
(service-extension activation-service-type
knot-activation)
(service-extension account-service-type
(const %knot-accounts))))))

130
guix/build-system/font.scm Normal file
View File

@ -0,0 +1,130 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (guix build-system font)
#:use-module (guix utils)
#:use-module (guix packages)
#:use-module (guix derivations)
#:use-module (guix search-paths)
#:use-module (guix build-system)
#:use-module (guix build-system gnu)
#:use-module (ice-9 match)
#:export (%font-build-system-modules
font-build
font-build-system))
;; Commentary:
;;
;; Standard build procedure for fonts. This is implemented as an extension of
;; 'gnu-build-system'.
;;
;; Code:
(define %font-build-system-modules
;; Build-side modules imported by default.
`((guix build font-build-system)
,@%gnu-build-system-modules))
(define* (lower name
#:key source inputs native-inputs outputs system target
#:allow-other-keys
#:rest arguments)
"Return a bag for NAME."
(define private-keywords
'(#:target #:inputs #:native-inputs))
(bag
(name name)
(system system)
(host-inputs `(,@(if source
`(("source" ,source))
'())
,@inputs
,(list "tar" (module-ref (resolve-interface '(gnu packages base)) 'tar))
,(list "unzip" (module-ref (resolve-interface '(gnu packages zip)) 'unzip))
,@(let ((compression (resolve-interface '(gnu packages compression))))
(map (match-lambda
((name package)
(list name (module-ref compression package))))
`(("gzip" gzip)
("bzip2" bzip2)
("xz" xz))))))
(build-inputs native-inputs)
(outputs outputs)
(build font-build)
(arguments (strip-keyword-arguments private-keywords arguments))))
(define* (font-build store name inputs
#:key source
(tests? #t)
(test-target "test")
(configure-flags ''())
(phases '(@ (guix build font-build-system)
%standard-phases))
(outputs '("out"))
(search-paths '())
(system (%current-system))
(guile #f)
(imported-modules %font-build-system-modules)
(modules '((guix build font-build-system)
(guix build utils))))
"Build SOURCE with INPUTS."
(define builder
`(begin
(use-modules ,@modules)
(font-build #:name ,name
#:source ,(match (assoc-ref inputs "source")
(((? derivation? source))
(derivation->output-path source))
((source)
source)
(source
source))
#:configure-flags ,configure-flags
#:system ,system
#:test-target ,test-target
#:tests? ,tests?
#:phases ,phases
#:outputs %outputs
#:search-paths ',(map search-path-specification->sexp
search-paths)
#:inputs %build-inputs)))
(define guile-for-build
(match guile
((? package?)
(package-derivation store guile system #:graft? #f))
(#f ; the default
(let* ((distro (resolve-interface '(gnu packages commencement)))
(guile (module-ref distro 'guile-final)))
(package-derivation store guile system #:graft? #f)))))
(build-expression->derivation store name builder
#:inputs inputs
#:system system
#:modules imported-modules
#:outputs outputs
#:guile-for-build guile-for-build))
(define font-build-system
(build-system
(name 'font)
(description "The build system for font packages")
(lower lower)))
;;; font.scm ends here

View File

@ -0,0 +1,71 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (guix build font-build-system)
#:use-module ((guix build gnu-build-system) #:prefix gnu:)
#:use-module (guix build utils)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:export (%standard-phases
font-build))
;; Commentary:
;;
;; Builder-side code of the build procedure for font packages.
;;
;; Code:
(define gnu:unpack (assoc-ref gnu:%standard-phases 'unpack))
(define* (unpack #:key source #:allow-other-keys)
"Unpack SOURCE into the build directory. SOURCE may be a compressed
archive, or a font file."
(if (any (cut string-suffix? <> source)
(list ".ttf" ".otf"))
(begin
(mkdir "source")
(chdir "source")
(copy-file source (strip-store-file-name source))
#t)
(gnu:unpack #:source source)))
(define* (install #:key outputs #:allow-other-keys)
"Install the package contents."
(let* ((out (assoc-ref outputs "out"))
(source (getcwd))
(fonts (string-append out "/share/fonts")))
(for-each (cut install-file <> (string-append fonts "/truetype"))
(find-files source "\\.ttf$"))
(for-each (cut install-file <> (string-append fonts "/opentype"))
(find-files source "\\.otf$"))
#t))
(define %standard-phases
(modify-phases gnu:%standard-phases
(replace 'unpack unpack)
(delete 'configure)
(delete 'check)
(delete 'build)
(replace 'install install)))
(define* (font-build #:key inputs (phases %standard-phases)
#:allow-other-keys #:rest args)
"Build the given font package, applying all of PHASES in order."
(apply gnu:gnu-build #:inputs inputs #:phases phases args))
;;; font-build-system.scm ends here

View File

@ -69,6 +69,9 @@
pivot-root
fcntl-flock
set-thread-name
thread-name
CLONE_CHILD_CLEARTID
CLONE_CHILD_SETTID
CLONE_NEWNS
@ -882,6 +885,52 @@ exception if it's already taken."
;; Presumably we got EAGAIN or so.
(throw 'flock-error err))))))
;;;
;;; Miscellaneous, aka. 'prctl'.
;;;
(define %prctl
;; Should it win the API contest against 'ioctl'? You tell us!
(syscall->procedure int "prctl"
(list int unsigned-long unsigned-long
unsigned-long unsigned-long)))
(define PR_SET_NAME 15) ;<linux/prctl.h>
(define PR_GET_NAME 16)
(define %max-thread-name-length
;; Maximum length in bytes of the process name, including the terminating
;; zero.
16)
(define (set-thread-name name)
"Set the name of the calling thread to NAME. NAME is truncated to 15
bytes."
(let ((ptr (string->pointer name)))
(let-values (((ret err)
(%prctl PR_SET_NAME
(pointer-address ptr) 0 0 0)))
(unless (zero? ret)
(throw 'set-process-name "set-process-name"
"set-process-name: ~A"
(list (strerror err))
(list err))))))
(define (thread-name)
"Return the name of the calling thread as a string."
(let ((buf (make-bytevector %max-thread-name-length)))
(let-values (((ret err)
(%prctl PR_GET_NAME
(pointer-address (bytevector->pointer buf))
0 0 0)))
(if (zero? ret)
(bytes->string (bytevector->u8-list buf))
(throw 'process-name "process-name"
"process-name: ~A"
(list (strerror err))
(list err))))))
;;;
;;; Network interfaces.

View File

@ -34,7 +34,8 @@
#:select (nar-error? nar-error-file))
#:use-module (guix nar)
#:use-module (guix utils)
#:use-module ((guix build syscalls) #:select (fcntl-flock))
#:use-module ((guix build syscalls)
#:select (fcntl-flock set-thread-name))
#:use-module ((guix build utils) #:select (which mkdir-p))
#:use-module (guix ui)
#:use-module (srfi srfi-1)
@ -641,6 +642,7 @@ machine."
(let ((max-silent-time (string->number max-silent-time))
(build-timeout (string->number build-timeout))
(print-build-trace? (string=? print-build-trace? "1")))
(set-thread-name "guix offload")
(parameterize ((%current-system system))
(let loop ((line (read-line)))
(unless (eof-object? line)

View File

@ -58,6 +58,7 @@
#:select (with-atomic-file-output compressed-file?))
#:use-module ((guix build utils)
#:select (dump-port mkdir-p find-files))
#:use-module ((guix build syscalls) #:select (set-thread-name))
#:export (%public-key
%private-key
@ -649,6 +650,7 @@ blocking."
;; thread so that the main thread can keep working in the meantime.
(call-with-new-thread
(lambda ()
(set-thread-name "publish nar")
(let* ((response (write-response (sans-content-length response)
client))
(port (begin
@ -670,6 +672,7 @@ blocking."
;; Send a raw file in a separate thread.
(call-with-new-thread
(lambda ()
(set-thread-name "publish file")
(catch 'system-error
(lambda ()
(call-with-input-file (utf8->string body)
@ -858,10 +861,16 @@ consider using the '--user' option!~%")))
(sockaddr:port address))
(when repl-port
(repl:spawn-server (repl:make-tcp-server-socket #:port repl-port)))
;; Set the name of the main thread.
(set-thread-name "guix publish")
(with-store store
(run-publish-server socket store
#:cache cache
#:pool (and cache (make-pool workers))
#:pool (and cache (make-pool workers
#:thread-name
"publish worker"))
#:nar-path nar-path
#:compression compression
#:narinfo-ttl ttl))))))

View File

@ -39,6 +39,8 @@
. guix:open-connection-for-uri)
close-connection
store-path-abbreviation byte-count->string))
#:use-module ((guix build syscalls)
#:select (set-thread-name))
#:use-module (ice-9 rdelim)
#:use-module (ice-9 regex)
#:use-module (ice-9 match)
@ -1015,6 +1017,8 @@ default value."
(#f #f)
(locale (false-if-exception (setlocale LC_ALL locale))))
(set-thread-name "guix substitute")
(with-networking
(with-error-handling ; for signature errors
(match args

View File

@ -23,6 +23,7 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-26)
#:use-module ((guix build syscalls) #:select (set-thread-name))
#:export (pool?
make-pool
pool-enqueue!
@ -60,7 +61,8 @@
(lambda ()
(lock-mutex mutex))))
(define (worker-thunk mutex condvar pop-queue)
(define* (worker-thunk mutex condvar pop-queue
#:key (thread-name "guix worker"))
"Return the thunk executed by worker threads."
(define (loop)
(match (pop-queue)
@ -80,11 +82,18 @@
(loop))
(lambda ()
(catch 'system-error
(lambda ()
(set-thread-name thread-name))
(const #f))
(with-mutex mutex
(loop))))
(define* (make-pool #:optional (count (current-processor-count)))
"Return a pool of COUNT workers."
(define* (make-pool #:optional (count (current-processor-count))
#:key (thread-name "guix worker"))
"Return a pool of COUNT workers. Use THREAD-NAME as the name of these
threads as reported by the operating system."
(let* ((mutex (make-mutex))
(condvar (make-condition-variable))
(queue (make-q))
@ -93,7 +102,8 @@
(worker-thunk mutex condvar
(lambda ()
(and (not (q-empty? queue))
(q-pop! queue)))))
(q-pop! queue)))
#:thread-name thread-name))
1+
0))
(threads (map (lambda (proc)

View File

@ -266,6 +266,14 @@
(close-port file)
result)))))))))
(test-equal "set-thread-name"
"Syscall Test"
(let ((name (thread-name)))
(set-thread-name "Syscall Test")
(let ((new-name (thread-name)))
(set-thread-name name)
new-name)))
(test-assert "all-network-interface-names"
(match (all-network-interface-names)
(((? string? names) ..1)