Merge branch 'master' into staging
This commit is contained in:
commit
6f8cda185e
|
@ -76,6 +76,7 @@ MODULES = \
|
|||
guix/build-system/cmake.scm \
|
||||
guix/build-system/dub.scm \
|
||||
guix/build-system/emacs.scm \
|
||||
guix/build-system/font.scm \
|
||||
guix/build-system/asdf.scm \
|
||||
guix/build-system/glib-or-gtk.scm \
|
||||
guix/build-system/gnu.scm \
|
||||
|
@ -101,6 +102,7 @@ MODULES = \
|
|||
guix/build/cmake-build-system.scm \
|
||||
guix/build/dub-build-system.scm \
|
||||
guix/build/emacs-build-system.scm \
|
||||
guix/build/font-build-system.scm \
|
||||
guix/build/asdf-build-system.scm \
|
||||
guix/build/git.scm \
|
||||
guix/build/hg.scm \
|
||||
|
|
418
doc/guix.texi
418
doc/guix.texi
|
@ -218,6 +218,7 @@ Services
|
|||
* Messaging Services:: Messaging services.
|
||||
* Kerberos Services:: Kerberos services.
|
||||
* Web Services:: Web servers.
|
||||
* DNS Services:: DNS daemons.
|
||||
* VPN Services:: VPN daemons.
|
||||
* Network File System:: NFS related services.
|
||||
* Continuous Integration:: The Cuirass service.
|
||||
|
@ -3626,6 +3627,14 @@ package is installed in its own directory under
|
|||
@file{share/emacs/site-lisp/guix.d}.
|
||||
@end defvr
|
||||
|
||||
@defvr {Scheme Variable} font-build-system
|
||||
This variable is exported by @code{(guix build-system font)}. It
|
||||
implements an installation procedure for font packages where upstream
|
||||
provides pre-compiled TrueType, OpenType, etc. font files that merely
|
||||
need to be copied into place. It copies font files to standard
|
||||
locations in the output directory.
|
||||
@end defvr
|
||||
|
||||
Lastly, for packages that do not need anything as sophisticated, a
|
||||
``trivial'' build system is provided. It is trivial in the sense that
|
||||
it provides basically no support: it does not pull any implicit inputs,
|
||||
|
@ -8737,6 +8746,7 @@ declaration.
|
|||
* Messaging Services:: Messaging services.
|
||||
* Kerberos Services:: Kerberos services.
|
||||
* Web Services:: Web servers.
|
||||
* DNS Services:: DNS daemons.
|
||||
* VPN Services:: VPN daemons.
|
||||
* Network File System:: NFS related services.
|
||||
* Continuous Integration:: The Cuirass service.
|
||||
|
@ -13520,6 +13530,414 @@ Whether the server should add its configuration to response.
|
|||
@end table
|
||||
@end deftp
|
||||
|
||||
@node DNS Services
|
||||
@subsubsection DNS Services
|
||||
@cindex DNS (domain name system)
|
||||
@cindex domain name system (DNS)
|
||||
|
||||
The @code{(gnu services dns)} module provides services related to the
|
||||
@dfn{domain name system} (DNS). It provides a server service for hosting
|
||||
an @emph{authoritative} DNS server for multiple zones, slave or master.
|
||||
This service uses @uref{https://www.knot-dns.cz/, Knot DNS}.
|
||||
|
||||
An example configuration of an authoritative server for two zones, one master
|
||||
and one slave, is:
|
||||
|
||||
@lisp
|
||||
(define-zone-entries example.org.zone
|
||||
;; Name TTL Class Type Data
|
||||
("@@" "" "IN" "A" "127.0.0.1")
|
||||
("@@" "" "IN" "NS" "ns")
|
||||
("ns" "" "IN" "A" "127.0.0.1"))
|
||||
|
||||
(define master-zone
|
||||
(knot-zone-configuration
|
||||
(domain "example.org")
|
||||
(zone (zone-file
|
||||
(origin "example.org")
|
||||
(entries example.org.zone)))))
|
||||
|
||||
(define slave-zone
|
||||
(knot-zone-configuration
|
||||
(domain "plop.org")
|
||||
(dnssec-policy "default")
|
||||
(master (list "plop-master"))))
|
||||
|
||||
(define plop-master
|
||||
(knot-remote-configuration
|
||||
(id "plop-master")
|
||||
(address (list "208.76.58.171"))))
|
||||
|
||||
(operating-system
|
||||
;; ...
|
||||
(services (cons* (service knot-service-type
|
||||
(knot-confifguration
|
||||
(remotes (list plop-master))
|
||||
(zones (list master-zone slave-zone))))
|
||||
;; ...
|
||||
%base-services)))
|
||||
@end lisp
|
||||
|
||||
@deffn {Scheme Variable} knot-service-type
|
||||
This is the type for the Knot DNS server.
|
||||
|
||||
Knot DNS is an authoritative DNS server, meaning that it can serve multiple
|
||||
zones, that is to say domain names you would buy from a registrar. This server
|
||||
is not a resolver, meaning that it can only resolve names for which it is
|
||||
authoritative. This server can be configured to serve zones as a master server
|
||||
or a slave server as a per-zone basis. Slave zones will get their data from
|
||||
masters, and will serve it as an authoritative server. From the point of view
|
||||
of a resolver, there is no difference between master and slave.
|
||||
|
||||
The following data types are used to configure the Knot DNS server:
|
||||
@end deffn
|
||||
|
||||
@deftp {Data Type} knot-key-configuration
|
||||
Data type representing a key.
|
||||
This type has the following parameters:
|
||||
|
||||
@table @asis
|
||||
@item @code{id} (default: @code{""})
|
||||
An identifier for other configuration fields to refer to this key. IDs must
|
||||
be unique and must not be empty.
|
||||
|
||||
@item @code{algorithm} (default: @code{#f})
|
||||
The algorithm to use. Choose between @code{#f}, @code{'hmac-md5},
|
||||
@code{'hmac-sha1}, @code{'hmac-sha224}, @code{'hmac-sha256}, @code{'hmac-sha384}
|
||||
and @code{'hmac-sha512}.
|
||||
|
||||
@item @code{secret} (default: @code{""})
|
||||
The secret key itself.
|
||||
|
||||
@end table
|
||||
@end deftp
|
||||
|
||||
@deftp {Data Type} knot-acl-configuration
|
||||
Data type representing an Access Control List (ACL) configuration.
|
||||
This type has the following parameters:
|
||||
|
||||
@table @asis
|
||||
@item @code{id} (default: @code{""})
|
||||
An identifier for ether configuration fields to refer to this key. IDs must be
|
||||
unique and must not be empty.
|
||||
|
||||
@item @code{address} (default: @code{'()})
|
||||
An ordered list of IP addresses, network subnets, or network ranges represented
|
||||
with strings. The query must match one of them. Empty value means that
|
||||
address match is not required.
|
||||
|
||||
@item @code{key} (default: @code{'()})
|
||||
An ordered list of references to keys represented with strings. The string
|
||||
must match a key ID defined in a @code{knot-key-configuration}. No key means
|
||||
that a key is not require to match that ACL.
|
||||
|
||||
@item @code{action} (default: @code{'()})
|
||||
An ordered list of actions that are permitted or forbidden by this ACL. Possible
|
||||
values are lists of zero or more elements from @code{'transfer}, @code{'notify}
|
||||
and @code{'update}.
|
||||
|
||||
@item @code{deny?} (default: @code{#f})
|
||||
When true, the ACL defines restrictions. Listed actions are forbidden. When
|
||||
false, listed actions are allowed.
|
||||
|
||||
@end table
|
||||
@end deftp
|
||||
|
||||
@deftp {Data Type} zone-entry
|
||||
Data type represnting a record entry in a zone file.
|
||||
This type has the following parameters:
|
||||
|
||||
@table @asis
|
||||
@item @code{name} (default: @code{"@@"})
|
||||
The name of the record. @code{"@@"} refers to the origin of the zone. Names
|
||||
are relative to the origin of the zone. For example, in the @code{example.org}
|
||||
zone, @code{"ns.example.org"} actually refers to @code{ns.example.org.example.org}.
|
||||
Names ending with a dot are absolute, which means that @code{"ns.example.org."}
|
||||
refers to @code{ns.example.org}.
|
||||
|
||||
@item @code{ttl} (default: @code{""})
|
||||
The Time-To-Live (TTL) of this record. If not set, the default TTL is used.
|
||||
|
||||
@item @code{class} (default: @code{"IN"})
|
||||
The class of the record. Knot currently supports only @code{"IN"} and
|
||||
partially @code{"CH"}.
|
||||
|
||||
@item @code{type} (default: @code{"A"})
|
||||
The type of the record. Common types include A (IPv4 address), AAAA (IPv6
|
||||
address), NS (Name Server) and MX (Mail eXchange). Many other types are
|
||||
defined.
|
||||
|
||||
@item @code{data} (default: @code{""})
|
||||
The data contained in the record. For instance an IP address associated with
|
||||
an A record, or a domain name associated with an NS record. Remember that
|
||||
domain names are relative to the origin unless they end with a dot.
|
||||
|
||||
@end table
|
||||
@end deftp
|
||||
|
||||
@deftp {Data Type} zone-file
|
||||
Data type representing the content of a zone file.
|
||||
This type has the following parameters:
|
||||
|
||||
@table @asis
|
||||
@item @code{entries} (default: @code{'()})
|
||||
The list of entries. The SOA record is taken care of, so you don't need to
|
||||
put it in the list of entries. This list should probably contain an entry
|
||||
for your primary authoritative DNS server. Other than using a list of entries
|
||||
directly, you can use @code{define-zone-entries} to define a object containing
|
||||
the list of entries more easily, that you can later pass to the @code{entries}
|
||||
field of the @code{zone-file}.
|
||||
|
||||
@item @code{origin} (default: @code{""})
|
||||
The name of your zone. This parameter cannot be empty.
|
||||
|
||||
@item @code{ns} (default: @code{"ns"})
|
||||
The domain of your primary authoritative DNS server. The name is relative to
|
||||
the origin, unless it ends with a dot. It is mandatory that this primary
|
||||
DNS server corresponds to an NS record in the zone and that it is associated
|
||||
to an IP address in the list of entries.
|
||||
|
||||
@item @code{mail} (default: @code{"hostmaster"})
|
||||
An email address people can contact you at, as the owner of the zone. This
|
||||
is translated as @code{<mail>@@<origin>}.
|
||||
|
||||
@item @code{serial} (default: @code{1})
|
||||
The serial number of the zone. As this is used to keep track of changes by
|
||||
both slaves and resolvers, it is mandatory that it @emph{never} decreases.
|
||||
Always increment it when you make a change in your zone.
|
||||
|
||||
@item @code{refresh} (default: @code{"2d"})
|
||||
The frequency at which slaves will do a zone transfer. This value can be
|
||||
a number of seconds or a number of some unit between:
|
||||
@itemize
|
||||
@item m: minute
|
||||
@item h: hour
|
||||
@item d: day
|
||||
@item w: week
|
||||
@end itemize
|
||||
|
||||
@item @code{retry} (default: @code{"15m"})
|
||||
The period after which a slave will retry to contact its master when it fails
|
||||
to do so a first time.
|
||||
|
||||
@item @code{expiry} (default: @code{"2w"})
|
||||
Default TTL of records. Existing records are considered correct for at most
|
||||
this amount of time. After this period, resolvers will invalidate their cache
|
||||
and check again that it still exists.
|
||||
|
||||
@item @code{nx} (default: @code{"1h"})
|
||||
Default TTL of inexistant records. This delay is usually short because you want
|
||||
your new domains to reach everyone quickly.
|
||||
|
||||
@end table
|
||||
@end deftp
|
||||
|
||||
@deftp {Data Type} knot-remote-configuration
|
||||
Data type representing a remote configuration.
|
||||
This type has the following parameters:
|
||||
|
||||
@table @asis
|
||||
@item @code{id} (default: @code{""})
|
||||
An identifier for other configuration fields to refer to this remote. IDs must
|
||||
be unique and must not be empty.
|
||||
|
||||
@item @code{address} (default: @code{'()})
|
||||
An ordered list of destination IP addresses. Addresses are tried in sequence.
|
||||
An optional port can be given with the @@ separator. For instance:
|
||||
@code{(list "1.2.3.4" "2.3.4.5@@53")}. Default port is 53.
|
||||
|
||||
@item @code{via} (default: @code{'()})
|
||||
An ordered list of source IP addresses. An empty list will have Knot choose
|
||||
an appropriate source IP. An optional port can be given with the @@ separator.
|
||||
The default is to choose at random.
|
||||
|
||||
@item @code{key} (default: @code{#f})
|
||||
A reference to a key, that is a string containing the identifier of a key
|
||||
defined in a @code{knot-key-configuration} field.
|
||||
|
||||
@end table
|
||||
@end deftp
|
||||
|
||||
@deftp {Data Type} knot-keystore-configuration
|
||||
Data type representing a keystore to hold dnssec keys.
|
||||
This type has the following parameters:
|
||||
|
||||
@table @asis
|
||||
@item @code{id} (default: @code{""})
|
||||
The id of the keystore. It must not be empty.
|
||||
|
||||
@item @code{backend} (default: @code{'pem})
|
||||
The backend to store the keys in. Can be @code{'pem} or @code{'pkcs11}.
|
||||
|
||||
@item @code{config} (default: @code{"/var/lib/knot/keys/keys"})
|
||||
The configuration string of the backend. An example for the PKCS#11 is:
|
||||
@code{"pkcs11:token=knot;pin-value=1234 /gnu/store/.../lib/pkcs11/libsofthsm2.so"}.
|
||||
For the pem backend, the string reprensents a path in the filesystem.
|
||||
|
||||
@end table
|
||||
@end deftp
|
||||
|
||||
@deftp {Data Type} knot-policy-configuration
|
||||
Data type representing a dnssec policy. Knot DNS is able to automatically
|
||||
sign your zones. It can either generate and manage your keys automatically or
|
||||
use keys that you generate.
|
||||
|
||||
Dnssec is usually implemented using two keys: a Key Signing Key (KSK) that is
|
||||
used to sign the second, and a Zone Signing Key (ZSK) that is used to sign the
|
||||
zone. In order to be trusted, the KSK needs to be present in the parent zone
|
||||
(usually a top-level domain). If your registrar supports dnssec, you will
|
||||
have to send them your KSK's hash so they can add a DS record in their zone.
|
||||
This is not automated and need to be done each time you change your KSK.
|
||||
|
||||
The policy also defines the lifetime of keys. Usually, ZSK can be changed
|
||||
easily and use weaker cryptographic functions (they use lower parameters) in
|
||||
order to sign records quickly, so they are changed often. The KSK however
|
||||
requires manual interaction with the registrar, so they are changed less often
|
||||
and use stronger parameters because they sign only one record.
|
||||
|
||||
This type has the following parameters:
|
||||
|
||||
@table @asis
|
||||
@item @code{id} (default: @code{""})
|
||||
The id of the policy. It must not be empty.
|
||||
|
||||
@item @code{keystore} (default: @code{"default"})
|
||||
A reference to a keystore, that is a string containing the identifier of a
|
||||
keystore defined in a @code{knot-keystore-configuration} field. The
|
||||
@code{"default"} identifier means the default keystore (a kasp database that
|
||||
was setup by this service).
|
||||
|
||||
@item @code{manual?} (default: @code{#f})
|
||||
Whether the key management is manual or automatic.
|
||||
|
||||
@item @code{single-type-signing?} (default: @code{#f})
|
||||
When @code{#t}, use the Single-Type Signing Scheme.
|
||||
|
||||
@item @code{algorithm} (default: @code{"ecdsap256sha256"})
|
||||
An algorithm of signing keys and issued signatures.
|
||||
|
||||
@item @code{ksk-size} (default: @code{256})
|
||||
The length of the KSK. Note that this value is correct for the default
|
||||
algorithm, but would be unsecure for other algorithms.
|
||||
|
||||
@item @code{zsk-size} (default: @code{256})
|
||||
The length of the ZSK. Note that this value is correct for the default
|
||||
algorithm, but would be unsecure for other algorithms.
|
||||
|
||||
@item @code{dnskey-ttl} (default: @code{'default})
|
||||
The TTL value for DNSKEY records added into zone apex. The special
|
||||
@code{'default} value means same as the zone SOA TTL.
|
||||
|
||||
@item @code{zsk-lifetime} (default: @code{"30d"})
|
||||
The period between ZSK publication and the next rollover initiation.
|
||||
|
||||
@item @code{propagation-delay} (default: @code{"1d"})
|
||||
An extra delay added for each key rollover step. This value should be high
|
||||
enough to cover propagation of data from the master server to all slaves.
|
||||
|
||||
@item @code{rrsig-lifetime} (default: @code{"14d"})
|
||||
A validity period of newly issued signatures.
|
||||
|
||||
@item @code{rrsig-refresh} (default: @code{"7d"})
|
||||
A period how long before a signature expiration the signature will be refreshed.
|
||||
|
||||
@item @code{nsec3?} (default: @code{#f})
|
||||
When @code{#t}, NSEC3 will be used instead of NSEC.
|
||||
|
||||
@item @code{nsec3-iterations} (default: @code{5})
|
||||
The number of additional times the hashing is performed.
|
||||
|
||||
@item @code{nsec3-salt-length} (default: @code{8})
|
||||
The length of a salt field in octets, which is appended to the original owner
|
||||
name before hashing.
|
||||
|
||||
@item @code{nsec3-salt-lifetime} (default: @code{"30d"})
|
||||
The validity period of newly issued salt field.
|
||||
|
||||
@end table
|
||||
@end deftp
|
||||
|
||||
@deftp {Data Type} knot-zone-configuration
|
||||
Data type representing a zone served by Knot.
|
||||
This type has the following parameters:
|
||||
|
||||
@table @asis
|
||||
@item @code{domain} (default: @code{""})
|
||||
The domain served by this configuration. It must not be empty.
|
||||
|
||||
@item @code{file} (default: @code{""})
|
||||
The file where this zone is saved. This parameter is ignored by master zones.
|
||||
Empty means default location that depends on the domain name.
|
||||
|
||||
@item @code{zone} (default: @code{(zone-file)})
|
||||
The content of the zone file. This parameter is ignored by slave zones. It
|
||||
must contain a zone-file record.
|
||||
|
||||
@item @code{master} (default: @code{'()})
|
||||
A list of master remotes. When empty, this zone is a master. When set, this
|
||||
zone is a slave. This is a list of remotes identifiers.
|
||||
|
||||
@item @code{ddns-master} (default: @code{#f})
|
||||
The main master. When empty, it defaults to the first master in the list of
|
||||
masters.
|
||||
|
||||
@item @code{notify} (default: @code{'()})
|
||||
A list of slave remote identifiers.
|
||||
|
||||
@item @code{acl} (default: @code{'()})
|
||||
A list of acl identifiers.
|
||||
|
||||
@item @code{semantic-checks?} (default: @code{#f})
|
||||
When set, this adds more semantic checks to the zone.
|
||||
|
||||
@item @code{disable-any?} (default: @code{#f})
|
||||
When set, this forbids queries of the ANY type.
|
||||
|
||||
@item @code{zonefile-sync} (default: @code{0})
|
||||
The delay between a modification in memory and on disk. 0 means immediate
|
||||
synchronization.
|
||||
|
||||
@item @code{serial-policy} (default: @code{'increment})
|
||||
A policy between @code{'increment} and @code{'unixtime}.
|
||||
|
||||
@end table
|
||||
@end deftp
|
||||
|
||||
@deftp {Data Type} knot-configuration
|
||||
Data type representing the Knot configuration.
|
||||
This type has the following parameters:
|
||||
|
||||
@table @asis
|
||||
@item @code{knot} (default: @code{knot})
|
||||
The Knot package.
|
||||
|
||||
@item @code{run-directory} (default: @code{"/var/run/knot"})
|
||||
The run directory. This directory will be used for pid file and sockets.
|
||||
|
||||
@item @code{listen-v4} (default: @code{"0.0.0.0"})
|
||||
An ip address on which to listen.
|
||||
|
||||
@item @code{listen-v6} (default: @code{"::"})
|
||||
An ip address on which to listen.
|
||||
|
||||
@item @code{listen-port} (default: @code{53})
|
||||
A port on which to listen.
|
||||
|
||||
@item @code{keys} (default: @code{'()})
|
||||
The list of knot-key-configuration used by this configuration.
|
||||
|
||||
@item @code{acls} (default: @code{'()})
|
||||
The list of knot-acl-configuration used by this configuration.
|
||||
|
||||
@item @code{remotes} (default: @code{'()})
|
||||
The list of knot-remote-configuration used by this configuration.
|
||||
|
||||
@item @code{zones} (default: @code{'()})
|
||||
The list of knot-zone-configuration used by this configuration.
|
||||
|
||||
@end table
|
||||
@end deftp
|
||||
|
||||
@node VPN Services
|
||||
@subsubsection VPN Services
|
||||
@cindex VPN (virtual private network)
|
||||
|
|
|
@ -236,7 +236,7 @@ Trailing spaces are trimmed."
|
|||
;; <http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-119.pdf>.
|
||||
|
||||
(define (iso9660-superblock? sblock)
|
||||
"Return #t when SBLOCK is a iso9660 superblock."
|
||||
"Return #t when SBLOCK is an iso9660 volume descriptor."
|
||||
(bytevector=? (sub-bytevector sblock 1 6)
|
||||
;; Note: "\x01" is the volume descriptor format version
|
||||
(string->utf8 "CD001\x01")))
|
||||
|
@ -252,13 +252,14 @@ Trailing spaces are trimmed."
|
|||
(_ (read-iso9660-primary-volume-descriptor device (+ offset 2048))))))
|
||||
|
||||
(define (read-iso9660-superblock device)
|
||||
"Return the raw contents of DEVICE's iso9660 superblock as a bytevector, or
|
||||
#f if DEVICE does not contain a iso9660 file system."
|
||||
"Return the raw contents of DEVICE's iso9660 primary volume descriptor
|
||||
as a bytevector, or #f if DEVICE does not contain an iso9660 file system."
|
||||
;; Start reading at sector 16.
|
||||
(read-iso9660-primary-volume-descriptor device (* 2048 16)))
|
||||
|
||||
(define (iso9660-superblock-uuid sblock)
|
||||
"Return the modification time of a iso9660 superblock SBLOCK as a bytevector."
|
||||
"Return the modification time of an iso9660 primary volume descriptor
|
||||
SBLOCK as a bytevector."
|
||||
;; Drops GMT offset for compatibility with Grub, blkid and /dev/disk/by-uuid.
|
||||
;; Compare Grub: "2014-12-02-19-30-23-00".
|
||||
;; Compare blkid result: "2014-12-02-19-30-23-00".
|
||||
|
|
20
gnu/local.mk
20
gnu/local.mk
|
@ -42,6 +42,7 @@ GNU_SYSTEM_MODULES = \
|
|||
%D%/packages.scm \
|
||||
%D%/packages/abduco.scm \
|
||||
%D%/packages/abiword.scm \
|
||||
%D%/packages/accessibility.scm \
|
||||
%D%/packages/acct.scm \
|
||||
%D%/packages/acl.scm \
|
||||
%D%/packages/admin.scm \
|
||||
|
@ -321,6 +322,7 @@ GNU_SYSTEM_MODULES = \
|
|||
%D%/packages/protobuf.scm \
|
||||
%D%/packages/pv.scm \
|
||||
%D%/packages/python.scm \
|
||||
%D%/packages/tryton.scm \
|
||||
%D%/packages/qemu.scm \
|
||||
%D%/packages/qt.scm \
|
||||
%D%/packages/ragel.scm \
|
||||
|
@ -426,6 +428,7 @@ GNU_SYSTEM_MODULES = \
|
|||
%D%/services/dbus.scm \
|
||||
%D%/services/desktop.scm \
|
||||
%D%/services/dict.scm \
|
||||
%D%/services/dns.scm \
|
||||
%D%/services/kerberos.scm \
|
||||
%D%/services/lirc.scm \
|
||||
%D%/services/mail.scm \
|
||||
|
@ -595,6 +598,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/freetype-CVE-2017-8105.patch \
|
||||
%D%/packages/patches/freetype-CVE-2017-8287.patch \
|
||||
%D%/packages/patches/fuse-overlapping-headers.patch \
|
||||
%D%/packages/patches/gajim-CVE-2016-10376.patch \
|
||||
%D%/packages/patches/gawk-shell.patch \
|
||||
%D%/packages/patches/gcc-arm-bug-71399.patch \
|
||||
%D%/packages/patches/gcc-arm-link-spec-fix.patch \
|
||||
|
@ -639,11 +643,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
|
||||
%D%/packages/patches/gobject-introspection-cc.patch \
|
||||
%D%/packages/patches/gobject-introspection-girepository.patch \
|
||||
%D%/packages/patches/graphite2-CVE-2017-5436.patch \
|
||||
%D%/packages/patches/graphite2-check-code-point-limit.patch \
|
||||
%D%/packages/patches/graphite2-ffloat-store.patch \
|
||||
%D%/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch \
|
||||
%D%/packages/patches/graphite2-non-linear-classes-even-number.patch \
|
||||
%D%/packages/patches/grep-timing-sensitive-test.patch \
|
||||
%D%/packages/patches/gsl-test-i686.patch \
|
||||
%D%/packages/patches/gspell-dash-test.patch \
|
||||
|
@ -750,9 +750,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/libtiff-CVE-2016-10093.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2016-10094.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2017-5225.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2017-7593.patch \
|
||||
%D%/packages/patches/libtiff-CVE-2017-7594.patch \
|
||||
%D%/packages/patches/libtiff-multiple-UBSAN-crashes.patch \
|
||||
%D%/packages/patches/libtiff-assertion-failure.patch \
|
||||
%D%/packages/patches/libtiff-divide-by-zero-ojpeg.patch \
|
||||
%D%/packages/patches/libtiff-divide-by-zero-tiffcp.patch \
|
||||
|
@ -931,6 +928,12 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/python-dendropy-fix-tests.patch \
|
||||
%D%/packages/patches/python-file-double-encoding-bug.patch \
|
||||
%D%/packages/patches/python-fix-tests.patch \
|
||||
%D%/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch \
|
||||
%D%/packages/patches/python-genshi-buildable-on-python-2.7.patch \
|
||||
%D%/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch \
|
||||
%D%/packages/patches/python-genshi-fix-tests-on-python-3.5.patch \
|
||||
%D%/packages/patches/python-genshi-isstring-helper.patch \
|
||||
%D%/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch \
|
||||
%D%/packages/patches/python-parse-too-many-fields.patch \
|
||||
%D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \
|
||||
%D%/packages/patches/python-statsmodels-fix-tests.patch \
|
||||
|
@ -968,6 +971,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/ruby-puma-ignore-broken-test.patch \
|
||||
%D%/packages/patches/ruby-rack-ignore-failing-test.patch \
|
||||
%D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
|
||||
%D%/packages/patches/rxvt-unicode-escape-sequences.patch \
|
||||
%D%/packages/patches/scheme48-tests.patch \
|
||||
%D%/packages/patches/scotch-test-threading.patch \
|
||||
%D%/packages/patches/screen-fix-info-syntax-error.patch \
|
||||
|
@ -986,7 +990,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/superlu-dist-scotchmetis.patch \
|
||||
%D%/packages/patches/swish-e-search.patch \
|
||||
%D%/packages/patches/swish-e-format-security.patch \
|
||||
%D%/packages/patches/synfig-build-fix.patch \
|
||||
%D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch \
|
||||
%D%/packages/patches/t1lib-CVE-2010-2642.patch \
|
||||
%D%/packages/patches/t1lib-CVE-2011-0764.patch \
|
||||
%D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \
|
||||
|
|
|
@ -0,0 +1,78 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2017 ng0 <ng0@no-reply.pragmatique.xyz>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
||||
;;; under the terms of the GNU General Public License as published by
|
||||
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;;; your option) any later version.
|
||||
;;;
|
||||
;;; GNU Guix is distributed in the hope that it will be useful, but
|
||||
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
;;; GNU General Public License for more details.
|
||||
;;;
|
||||
;;; You should have received a copy of the GNU General Public License
|
||||
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(define-module (gnu packages accessibility)
|
||||
#:use-module ((guix licenses) #:prefix license:)
|
||||
#:use-module (guix packages)
|
||||
#:use-module (guix download)
|
||||
#:use-module (guix build-system glib-or-gtk)
|
||||
#:use-module (gnu packages)
|
||||
#:use-module (gnu packages xml)
|
||||
#:use-module (gnu packages gnome)
|
||||
#:use-module (gnu packages gstreamer)
|
||||
#:use-module (gnu packages gtk)
|
||||
#:use-module (gnu packages xorg)
|
||||
#:use-module (gnu packages gettext)
|
||||
#:use-module (gnu packages glib)
|
||||
#:use-module (gnu packages pkg-config))
|
||||
|
||||
(define-public florence
|
||||
(package
|
||||
(name "florence")
|
||||
(version "0.6.3")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://sourceforge/florence/florence/" version
|
||||
"/" name "-" version ".tar.bz2"))
|
||||
(sha256
|
||||
(base32
|
||||
"07h9qm22krlwayhzvc391lr23vicw81s48g7rirvx1fj0zyr4aa2"))))
|
||||
(build-system glib-or-gtk-build-system)
|
||||
(arguments
|
||||
`(#:configure-flags (list "--with-xtst"
|
||||
"--without-docs"
|
||||
"--with-notification")))
|
||||
(inputs
|
||||
`(("libxml2" ,libxml2)
|
||||
("libglade" ,libglade)
|
||||
("librsvg" ,librsvg)
|
||||
("gstreamer" ,gstreamer)
|
||||
("cairo" ,cairo)
|
||||
("gtk+" ,gtk+)
|
||||
("libxtst" ,libxtst)
|
||||
("libxcomposite" ,libxcomposite)
|
||||
("libnotify" ,libnotify)))
|
||||
(native-inputs
|
||||
`(("gettext-minimal" ,gettext-minimal)
|
||||
("intltool" ,intltool)
|
||||
("pkg-config" ,pkg-config)))
|
||||
(home-page "http://florence.sourceforge.net/")
|
||||
(synopsis "Extensible, scalable virtual keyboard for X11")
|
||||
(description
|
||||
"Florence is an extensible scalable virtual keyboard for X11.
|
||||
It is useful for people who can't use a real hardware keyboard (for
|
||||
example for people with disabilities), but you must be able to use
|
||||
a pointing device (as a mouse, a trackball, a touchscreen or opengazer).
|
||||
|
||||
Florence stays out of your way when you don't need it: it appears on the
|
||||
screen only when you need it. A timer-based auto-click input method is
|
||||
available to help to click.")
|
||||
;; The documentation is under FDL1.2, but we do not install the
|
||||
;; documentation.
|
||||
(license license:gpl2+)))
|
|
@ -132,7 +132,7 @@ solve the shortest vector problem.")
|
|||
(define-public pari-gp
|
||||
(package
|
||||
(name "pari-gp")
|
||||
(version "2.9.1")
|
||||
(version "2.9.2")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
|
@ -140,7 +140,7 @@ solve the shortest vector problem.")
|
|||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0rq7wz9df1xs4acdzzb5dapx8vs6m5py39n2wynw2qv4d2b0ylfw"))))
|
||||
"0zi08qz9nk17wwdna4xb2vp3i3mh5sgv1y8wqbf0j2sfryxlr8ls"))))
|
||||
(build-system gnu-build-system)
|
||||
(native-inputs `(("texlive" ,texlive-minimal)))
|
||||
(inputs `(("gmp" ,gmp)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
|
||||
;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -23,6 +23,7 @@
|
|||
#:use-module ((guix licenses) #:prefix license:)
|
||||
#:use-module (guix build-system gnu)
|
||||
#:use-module (gnu packages)
|
||||
#:use-module (gnu packages algebra)
|
||||
#:use-module (gnu packages boost)
|
||||
#:use-module (gnu packages compression)
|
||||
#:use-module (gnu packages fontutils)
|
||||
|
@ -38,15 +39,15 @@
|
|||
(define-public etl
|
||||
(package
|
||||
(name "etl")
|
||||
(version "0.04.19")
|
||||
(version "0.04.22")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
;; Keep this synchronized with the synfig release version.
|
||||
(uri (string-append "mirror://sourceforge/synfig/releases/"
|
||||
"1.0.2/source/ETL-" version ".tar.gz"))
|
||||
"1.2.0/source/ETL-" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"070c70slizrklq1gbgja8m49xfmq65wlcd6hz6418cpx0wd4r55s"))))
|
||||
"0ii73nsd3xzkhz6w1rnxwphl637j9w82xiy6apa9vin2isdynnmc"))))
|
||||
(build-system gnu-build-system)
|
||||
(home-page "http://www.synfig.org")
|
||||
(synopsis "Extended C++ template library")
|
||||
|
@ -59,7 +60,7 @@ C++ @dfn{Standard Template Library} (STL).")
|
|||
(define-public synfig
|
||||
(package
|
||||
(name "synfig")
|
||||
(version "1.0.2")
|
||||
(version "1.2.0")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://sourceforge/synfig/releases/"
|
||||
|
@ -67,8 +68,7 @@ C++ @dfn{Standard Template Library} (STL).")
|
|||
".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"1d3z2r78j3rkff47q3wl0ami69y3l4nyi5r9zclymb8ar7mgkk9l"))
|
||||
(patches (search-patches "synfig-build-fix.patch"))))
|
||||
"1gqx4gn4c73rqwhsgzx0a460gr9hadmi28csp75rx30qavqsj7k1"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
`(#:configure-flags
|
||||
|
@ -90,16 +90,6 @@ C++ @dfn{Standard Template Library} (STL).")
|
|||
(("remove_child\\(") "remove_node("))
|
||||
(substitute* "src/modules/mod_svg/svg_parser.cpp"
|
||||
(("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList"))
|
||||
#t))
|
||||
(add-after 'unpack 'fix-isnan-error
|
||||
(lambda _
|
||||
(substitute* "src/synfig/time.cpp"
|
||||
(("return !::isnan") "return !std::isnan"))
|
||||
#t))
|
||||
(add-before 'configure 'set-flags
|
||||
(lambda _
|
||||
;; Compile with C++11, required by libsigc++.
|
||||
(setenv "CXXFLAGS" "-D__STDC_CONSTANT_MACROS -std=gnu++11")
|
||||
#t)))))
|
||||
(inputs
|
||||
`(("boost" ,boost)
|
||||
|
@ -110,11 +100,12 @@ C++ @dfn{Standard Template Library} (STL).")
|
|||
("libmng" ,libmng)
|
||||
("zlib" ,zlib)))
|
||||
;; synfig.pc lists the following as required: Magick++ freetype2
|
||||
;; fontconfig OpenEXR ETL glibmm-2.4 giomm-2.4 libxml++-3.0 sigc++-2.0
|
||||
;; fontconfig fftw OpenEXR ETL glibmm-2.4 giomm-2.4 libxml++-3.0 sigc++-2.0
|
||||
;; cairo pango pangocairo mlt++
|
||||
(propagated-inputs
|
||||
`(("cairo" ,cairo)
|
||||
("etl" ,etl)
|
||||
("fftw" ,fftw)
|
||||
("fontconfig" ,fontconfig)
|
||||
("freetype" ,freetype)
|
||||
("glibmm" ,glibmm)
|
||||
|
@ -137,7 +128,7 @@ for tweening, preventing the need to hand-draw each frame.")
|
|||
(define-public synfigstudio
|
||||
(package
|
||||
(name "synfigstudio")
|
||||
(version "1.0.2")
|
||||
(version "1.2.0")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://sourceforge/synfig/releases/"
|
||||
|
@ -145,27 +136,17 @@ for tweening, preventing the need to hand-draw each frame.")
|
|||
".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"1xa74dlgkpjn0gzdcs0x25z7wg0806v2wygvvi73f7sn1fm88ig4"))
|
||||
"0fbckfbw8dzf0m2wv7vlmw492k1dqa3zf510z019d0as3zpnp6qm"))
|
||||
(modules '((guix build utils)))
|
||||
(snippet
|
||||
'(begin
|
||||
(substitute* "src/synfigapp/pluginmanager.cpp"
|
||||
(("xmlpp::Node\\* n =") "const xmlpp::Node* n =")
|
||||
(("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList"))
|
||||
;; Some files are ISO-8859-1 encoded.
|
||||
(with-fluids ((%default-port-encoding #f))
|
||||
(substitute* (find-files "src/" "\\.(cpp|h)$")
|
||||
(("#include <sigc\\+\\+/retype\\.h>")
|
||||
"#include <sigc++/adaptors/retype.h>")
|
||||
(("#include <sigc\\+\\+/hide\\.h>")
|
||||
"#include <sigc++/adaptors/hide.h>")
|
||||
(("#include <sigc\\+\\+/object\\.h>")
|
||||
"#include <sigc++/trackable.h>")))
|
||||
#t))))
|
||||
#t))
|
||||
(patches
|
||||
(search-patches "synfigstudio-fix-ui-with-gtk3.patch"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
`(#:configure-flags
|
||||
(list "CXXFLAGS=-std=gnu++11")))
|
||||
(inputs
|
||||
`(("gtkmm" ,gtkmm)
|
||||
("libsigc++" ,libsigc++)
|
||||
|
|
|
@ -2093,7 +2093,7 @@ identify enrichments with functional annotations of the genome.")
|
|||
(define-public diamond
|
||||
(package
|
||||
(name "diamond")
|
||||
(version "0.9.1")
|
||||
(version "0.9.2")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
|
@ -2102,7 +2102,7 @@ identify enrichments with functional annotations of the genome.")
|
|||
(file-name (string-append name "-" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"062943yk3mp23jpcawamkh1zawx9br95l7w178v0kyr863v4p5a1"))))
|
||||
"03dam11dmrg6f2zsmdbqwzwkmnq5krlckh1acgarw91gcz2nhbpj"))))
|
||||
(build-system cmake-build-system)
|
||||
(arguments
|
||||
'(#:tests? #f ; no "check" target
|
||||
|
|
|
@ -1228,6 +1228,37 @@ or XEmacs.")
|
|||
the Emacs buffer.")
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define-public emacs-direnv
|
||||
(package
|
||||
(name "emacs-direnv")
|
||||
(version "1.2.0")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
"https://github.com/wbolster/emacs-direnv/archive/"
|
||||
version ".tar.gz"))
|
||||
(file-name (string-append name "-" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0m9nxawklhiiysyibzzhh2zkxgq1fskqvaqb06f7r8dnhabfy9fr"))))
|
||||
(build-system emacs-build-system)
|
||||
(propagated-inputs
|
||||
`(("dash" ,emacs-dash)
|
||||
("with-editor" ,emacs-with-editor)))
|
||||
(home-page "https://github.com/wbolster/emacs-direnv")
|
||||
(synopsis "Direnv integration for Emacs")
|
||||
(description
|
||||
"This package provides support for invoking direnv to get the environment
|
||||
for the current file and updating the environment within Emacs to match.
|
||||
|
||||
Direnv can be invoked manually, and a global minor mode is included that will
|
||||
update the environment when the active buffer changes.
|
||||
|
||||
Using emacs-direnv means that programs started from Emacs will use the
|
||||
environment set through Direnv.")
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define-public emacs-google-maps
|
||||
(package
|
||||
(name "emacs-google-maps")
|
||||
|
@ -4587,9 +4618,12 @@ It should enable you to implement low-level X11 applications.")
|
|||
TryExec=~@*~a~@
|
||||
Type=Application~%" ,name ,synopsis exwm-executable)))
|
||||
;; Add a shell wrapper to bin
|
||||
;; Set DISPLAY variable to work around
|
||||
;; https://github.com/ch11ng/exwm/issues/213
|
||||
(with-output-to-file exwm-executable
|
||||
(lambda _
|
||||
(format #t "#!~a ~@
|
||||
export DISPLAY=:0 ~@
|
||||
~a +SI:localuser:$USER ~@
|
||||
exec ~a --exit-with-session ~a \"$@\" --eval '~s' ~%"
|
||||
(string-append (assoc-ref inputs "bash") "/bin/sh")
|
||||
|
@ -4877,3 +4911,31 @@ running tests easier.")
|
|||
pair of minor modes which suppress all mouse events by intercepting them and
|
||||
running a customisable handler command (@code{ignore} by default). ")
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define-public emacs-restclient
|
||||
(let ((commit "07a3888bb36d0e29608142ebe743b4362b800f40")
|
||||
(revision "1")) ;Guix package revision,
|
||||
;upstream doesn't have official releases
|
||||
(package
|
||||
(name "emacs-restclient")
|
||||
(version (string-append revision "."
|
||||
(string-take commit 7)))
|
||||
(source (origin
|
||||
(method git-fetch)
|
||||
(uri (git-reference
|
||||
(url "https://github.com/pashky/restclient.el.git")
|
||||
(commit commit)))
|
||||
(sha256
|
||||
(base32
|
||||
"00lmjhb5im1kgrp54yipf1h9pshxzgjlg71yf2rq5n973gvb0w0q"))
|
||||
(file-name (git-file-name name version))))
|
||||
(build-system emacs-build-system)
|
||||
(propagated-inputs
|
||||
`(("emacs-helm" ,emacs-helm)))
|
||||
(home-page "https://github.com/pashky/restclient.el")
|
||||
(synopsis "Explore and test HTTP REST webservices")
|
||||
(description
|
||||
"This tool allows for testing and exploration of HTTP REST Web services
|
||||
from within Emacs. Restclient runs queries from a plan-text query sheet,
|
||||
displays results pretty-printed in XML or JSON with @code{restclient-mode}")
|
||||
(license license:public-domain))))
|
||||
|
|
|
@ -42,6 +42,7 @@
|
|||
#:use-module (guix packages)
|
||||
#:use-module (guix download)
|
||||
#:use-module (guix git-download)
|
||||
#:use-module (guix build-system font)
|
||||
#:use-module (guix build-system gnu)
|
||||
#:use-module (guix build-system trivial)
|
||||
#:use-module (gnu packages base)
|
||||
|
@ -64,18 +65,7 @@
|
|||
(sha256
|
||||
(base32
|
||||
"06js6znbcf7swn8y3b8ki416bz96ay7d3yvddqnvi88lqhbfcq8m"))))
|
||||
(build-system trivial-build-system)
|
||||
(arguments
|
||||
`(#:modules ((guix build utils))
|
||||
#:builder (begin
|
||||
(use-modules (guix build utils))
|
||||
(let ((font-dir (string-append %output
|
||||
"/share/fonts/opentype"))
|
||||
(source (assoc-ref %build-inputs "source")))
|
||||
(mkdir-p font-dir)
|
||||
(copy-file source
|
||||
(string-append font-dir "/" "inconsolata.otf"))))))
|
||||
(native-inputs `(("source" ,source)))
|
||||
(build-system font-build-system)
|
||||
(home-page "http://levien.com/type/myfonts/inconsolata.html")
|
||||
(synopsis "Monospace font")
|
||||
(description "A monospace font, designed for code listings and the like,
|
||||
|
@ -94,34 +84,7 @@ in print. With attention to detail for high resolution rendering.")
|
|||
(sha256
|
||||
(base32
|
||||
"0hjvq2x758dx0sfwqhzflns0ns035qm7h6ygskbx1svzg517sva5"))))
|
||||
(build-system trivial-build-system)
|
||||
(arguments
|
||||
`(#:modules ((guix build utils))
|
||||
#:builder (begin
|
||||
(use-modules (guix build utils)
|
||||
(srfi srfi-26))
|
||||
|
||||
(let ((PATH (string-append (assoc-ref %build-inputs
|
||||
"unzip")
|
||||
"/bin"))
|
||||
(font-dir (string-append %output
|
||||
"/share/fonts/truetype"))
|
||||
(doc-dir (string-append %output "/share/doc/"
|
||||
,name "-" ,version)))
|
||||
(setenv "PATH" PATH)
|
||||
(system* "unzip" (assoc-ref %build-inputs "source"))
|
||||
|
||||
(mkdir-p font-dir)
|
||||
(mkdir-p doc-dir)
|
||||
(chdir (string-append "ubuntu-font-family-" ,version))
|
||||
(for-each (lambda (ttf)
|
||||
(install-file ttf font-dir))
|
||||
(find-files "." "\\.ttf$"))
|
||||
(for-each (lambda (doc)
|
||||
(install-file doc doc-dir))
|
||||
(find-files "." "\\.txt$"))))))
|
||||
(native-inputs `(("source" ,source)
|
||||
("unzip" ,unzip)))
|
||||
(build-system font-build-system)
|
||||
(home-page "http://font.ubuntu.com/")
|
||||
(synopsis "The Ubuntu Font Family")
|
||||
(description "The Ubuntu Font Family is a unique, custom designed font
|
||||
|
@ -145,42 +108,15 @@ TrueType (TTF) files.")
|
|||
(base32
|
||||
"1mqpds24wfs5cmfhj57fsfs07mji2z8812i5c4pi5pbi738s977s"))))
|
||||
(build-system trivial-build-system)
|
||||
(build-system font-build-system)
|
||||
(arguments
|
||||
`(#:modules ((guix build utils))
|
||||
#:builder (begin
|
||||
(use-modules (guix build utils))
|
||||
|
||||
(let ((tar (string-append (assoc-ref %build-inputs
|
||||
"tar")
|
||||
"/bin/tar"))
|
||||
(PATH (string-append (assoc-ref %build-inputs
|
||||
"bzip2")
|
||||
"/bin"))
|
||||
(font-dir (string-append
|
||||
%output "/share/fonts/truetype"))
|
||||
(conf-dir (string-append
|
||||
%output "/share/fontconfig/conf.avail"))
|
||||
(doc-dir (string-append
|
||||
%output "/share/doc/" ,name "-" ,version)))
|
||||
(setenv "PATH" PATH)
|
||||
(system* tar "xvf" (assoc-ref %build-inputs "source"))
|
||||
|
||||
(mkdir-p font-dir)
|
||||
(mkdir-p conf-dir)
|
||||
(mkdir-p doc-dir)
|
||||
(chdir (string-append "dejavu-fonts-ttf-" ,version))
|
||||
(for-each (lambda (ttf)
|
||||
(install-file ttf font-dir))
|
||||
(find-files "ttf" "\\.ttf$"))
|
||||
(for-each (lambda (conf)
|
||||
(install-file conf conf-dir))
|
||||
(find-files "fontconfig" "\\.conf$"))
|
||||
(for-each (lambda (doc)
|
||||
(install-file doc doc-dir))
|
||||
(find-files "." "\\.txt$|^[A-Z][A-Z]*$"))))))
|
||||
(native-inputs `(("source" ,source)
|
||||
("tar" ,tar)
|
||||
("bzip2" ,bzip2)))
|
||||
`(#:phases
|
||||
(modify-phases %standard-phases
|
||||
(add-after 'install 'install-conf
|
||||
(lambda* (#:key outputs #:allow-other-keys)
|
||||
(let ((conf-dir (string-append (assoc-ref outputs "out")
|
||||
"/share/fontconfig/conf.avail")))
|
||||
(copy-recursively "fontconfig" conf-dir)))))))
|
||||
(home-page "http://dejavu-fonts.org/")
|
||||
(synopsis "Vera font family derivate with additional characters")
|
||||
(description "DejaVu provides an expanded version of the Vera font family
|
||||
|
@ -204,38 +140,7 @@ provide serif, sans and monospaced variants.")
|
|||
(sha256
|
||||
(base32
|
||||
"1p3qs51x5327gnk71yq8cvmxc6wgx79sqxfvxcv80cdvgggjfnyv"))))
|
||||
(build-system trivial-build-system)
|
||||
(arguments
|
||||
`(#:modules ((guix build utils))
|
||||
#:builder (begin
|
||||
(use-modules (guix build utils)
|
||||
(srfi srfi-26))
|
||||
|
||||
(let ((tar (string-append (assoc-ref %build-inputs
|
||||
"tar")
|
||||
"/bin/tar"))
|
||||
(PATH (string-append (assoc-ref %build-inputs
|
||||
"bzip2")
|
||||
"/bin"))
|
||||
(font-dir (string-append %output
|
||||
"/share/fonts/truetype"))
|
||||
(doc-dir (string-append %output "/share/doc/"
|
||||
,name "-" ,version)))
|
||||
(setenv "PATH" PATH)
|
||||
(system* tar "xvf" (assoc-ref %build-inputs "source"))
|
||||
|
||||
(mkdir-p font-dir)
|
||||
(mkdir-p doc-dir)
|
||||
(chdir (string-append "ttf-bitstream-vera-" ,version))
|
||||
(for-each (lambda (ttf)
|
||||
(install-file ttf font-dir))
|
||||
(find-files "." "\\.ttf$"))
|
||||
(for-each (lambda (doc)
|
||||
(install-file doc doc-dir))
|
||||
(find-files "." "\\.TXT$"))))))
|
||||
(native-inputs `(("source" ,source)
|
||||
("tar" ,tar)
|
||||
("bzip2" ,bzip2)))
|
||||
(build-system font-build-system)
|
||||
(home-page "http://www.gnome.org/fonts/")
|
||||
(synopsis "Bitstream Vera sans-serif typeface")
|
||||
(description "Vera is a sans-serif typeface from Bitstream, Inc. This
|
||||
|
|
|
@ -415,22 +415,17 @@ and returns a sequence of positioned glyphids from the font.")
|
|||
(package
|
||||
(inherit graphite2)
|
||||
(name "graphite2")
|
||||
(version "1.3.9")
|
||||
(replacement #f)
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "https://github.com/silnrsi/graphite/releases/"
|
||||
"download/" version "/" name "-" version ".tgz"))
|
||||
(patches (search-patches
|
||||
"graphite2-ffloat-store.patch"
|
||||
"graphite2-check-code-point-limit.patch"
|
||||
"graphite2-CVE-2017-5436.patch"
|
||||
"graphite2-fix-32-bit-wrap-arounds.patch"
|
||||
"graphite2-non-linear-classes-even-number.patch"))
|
||||
(uri (let ((version "1.3.10"))
|
||||
(string-append "https://github.com/silnrsi/graphite/releases/"
|
||||
"download/" version "/" name "-" version ".tgz")))
|
||||
(patches (search-patches "graphite2-ffloat-store.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"0rs5h7m340z75kygx8d72cps0q6yvvqa9i788vym7585cfv8a0gc"))))))
|
||||
"1bm1rl2ww0m8rvmknh8fpajyz9xqv43qs9qrzf7xd5gaz6rf7zch"))))))
|
||||
|
||||
(define-public potrace
|
||||
(package
|
||||
|
|
|
@ -451,7 +451,61 @@ standards.")
|
|||
(mozilla-patch "icecat-bug-1346012.patch" "1ce6d0652921" "163ji64a86h682frh1jq016w1mjf8g24r8cni0irsdmiihis7zxc")
|
||||
(mozilla-patch "icecat-bug-1324140.patch" "8886f9cd5dd3" "0byabs9md8r3pc4r67sv2759427n1za0gfayln40nx47n2p52kmg")
|
||||
(mozilla-patch "icecat-bug-1342552.patch" "ad995e90916b" "02nq9sg675p26z99nr2pykbz51hi2phf0gmrb1bjpq9pjbll7gsa")
|
||||
(mozilla-patch "icecat-bug-1355039.patch" "4ae71415fecf" "0yfkkdkkimad9a3w734xx85lb7hrl870c8k8an7w78fq3vl3fjnd")))
|
||||
(mozilla-patch "icecat-bug-1355039.patch" "4ae71415fecf" "0yfkkdkkimad9a3w734xx85lb7hrl870c8k8an7w78fq3vl3fjnd")
|
||||
(mozilla-patch "icecat-bug-1363396.patch" "24cbb7f2e0ff" "006f0zhz5nxs72q9plwzhq4l79b47svzizvv510m5g2krsfrccza")
|
||||
(mozilla-patch "icecat-bug-1356558.patch" "89c7fb6c5be3" "19650nmc4vn1prbpn5h06kz9d1al279xkc23v39577h4zhdrknkj")
|
||||
(mozilla-patch "icecat-bug-1337810.patch" "0f6dd3564c76" "1sxajqh6r7fjs45xhvjwg94smpvyvplh3rdvq11d3q5m9v4kg7mz")
|
||||
(mozilla-patch "icecat-bug-1347748.patch" "145905da25d3" "0c2q9f000snpm9x0qda2y0awrsm313iwxbv0kh33ca0kpza49a76")
|
||||
(mozilla-patch "icecat-bug-1345355.patch" "c5012009a0b2" "0m772bgrwb8iwv2bdgx694ybg5wgbf58xg5v245x0p7gwhgwiwmr")
|
||||
(mozilla-patch "icecat-bug-1351340.patch" "047f19a1b9a0" "0qjnhybibs3cpcba3ga4g7d4c0w716xa9jf87y2ir8yz7dw1f9vl")
|
||||
(mozilla-patch "icecat-bug-1056322.patch" "f076a30f6c29" "0xgskjl6zmxi3v4l0f3wlas0qb2403fin5lv1hi3jf2142ihpaml")
|
||||
(mozilla-patch "icecat-bug-1355414.patch" "28e09d4ac3e9" "06clr2kwz28nyjlj13y036x6rxwh6frdh11aq6kbm1nj6s01i9zl")
|
||||
(mozilla-patch "icecat-bug-1313977.patch" "4c0b09f70aea" "04jq1xrlhj04n5bgh93xkbqwnh01pswfjhv81zk7i87c7xz6h92q")
|
||||
(mozilla-patch "icecat-bug-1357366.patch" "0b855945ce34" "0va8kqlgx6qhq2qrawkcm66kqrwwpmxblyjp3c7ifplxd0j0ijaf")
|
||||
(mozilla-patch "icecat-bug-1338574-pt0.patch" "243d7bffa4f1" "1d1v68amhnygc0g4w1afs374pjs7z5fx5inyq8idawbh4kxfncq7")
|
||||
(mozilla-patch "icecat-bug-1338574-pt1.patch" "337398a83aa5" "1141n7dhy9rh70sww8v58cbkba74xm5i75j1sgm5qwvkhh69qr5h")
|
||||
(mozilla-patch "icecat-bug-1338574-pt2.patch" "50e120d7ac64" "0dbcaq27vsjlh7vm30c88rlhkx8c1195rnr01six40mymh09rhym")
|
||||
(mozilla-patch "icecat-bug-1338574-pt3.patch" "2d4da5a366e8" "1761npkpw5zsm4q8rzfrg8m1ayrf8c857iq3vdd8rbqcswzv6xq0")
|
||||
(mozilla-patch "icecat-bug-1338574-pt4.patch" "b10d9b0c187f" "044zq9gzw4v5r3ki8dwfjg9dznai0jch29y0xrxzb2rfr6yvx0sb")
|
||||
(mozilla-patch "icecat-bug-1338574-pt5.patch" "697713a6841c" "1m9q4rh4ny945xsx3p3f5bg1izs9q58d71la5drj31z6kvbhnsi2")
|
||||
(mozilla-patch "icecat-bug-1338574-pt6.patch" "1d14abf37cf8" "1xyja9hjb7qfqi7kh85bw5nxkhyzw1rijjhnh5pgr5z0v718kjyc")
|
||||
(mozilla-patch "icecat-bug-1338574-pt7.patch" "5e85bc599d0c" "1pmhs3hmhkgj6q19padcbpi5qvgnhx6ib09zpcwxr8ll6lllxhig")
|
||||
(mozilla-patch "icecat-bug-1152353.patch" "d893dea8e7b4" "1pbayv7np6z7hlkk1dhvx3ppkni7f8n3cz8hs67l3nssw214c1ih")
|
||||
(mozilla-patch "icecat-bug-1345893.patch" "3a747480ead1" "0sxd23y9g77mx5indjs9isxnnrkin835qrh6dn62dlvbll8lgqi2")
|
||||
(mozilla-patch "icecat-bug-1343172.patch" "c7b064f6b93a" "1sh10j3h8cnqi3rpr70lv2yz14zhy1v9ms4f64fmrbjlz7q09j6q")
|
||||
(mozilla-patch "icecat-bug-1352348.patch" "1d86e96610a1" "02ybn2608v57pjh8kjgnhkg157asawjk5xia59qb63m5vfvrinwv")
|
||||
(mozilla-patch "icecat-bug-1354308.patch" "c8ba3f911eb1" "0w70b8dmvqjn1d8sphfkwnbwii8nh2q5k48clkvbhn7kpc2890mi")
|
||||
(mozilla-patch "icecat-bug-1335904.patch" "366cdd623cfb" "0gcmld4bplaakx6d50gw223lg1jjcni7866q1f2hxm0h1r9wwd3k")
|
||||
(mozilla-patch "icecat-bug-1355340.patch" "6b174b41fa44" "0zdgfy0zsrs3cvfkmrhxw0mrfibpnb58xp3z8fapx5ja59wmcabs")
|
||||
(mozilla-patch "icecat-bug-1360574-pt1.patch" "237eee780619" "1iw6z762zdc42kwjvv58a2cjc0s4kzwwy7838apl7y7cq85g0jg2")
|
||||
(mozilla-patch "icecat-bug-1360574-pt2.patch" "46a5a4aac189" "1i553f9qvav0fn5avbp8912995pqbhzbzamxxfz8gn2ik17y3xly")
|
||||
(mozilla-patch "icecat-bug-1358776.patch" "bd35fa23f79a" "12nicgwhcn63knmlcl0c2askn9sj35bfclaab3826pkd9yq5g4p5")
|
||||
(mozilla-patch "icecat-bug-1362590.patch" "c1314a709b41" "0klgrcyc20fig6rbm9znjpcnfsz6xnlp1v03fbvaww0riy2qm42k")
|
||||
(mozilla-patch "icecat-bug-1359859.patch" "e38948fb79d6" "1sfyc5s9ndv6q72k8n9x0rvj4sz40k51iljrs42gwykzkjm2fx5m")
|
||||
(mozilla-patch "icecat-bug-1342057.patch" "278bef1d7a64" "0zk18s9pnbwz9ankmc9mj4197s55j1jvax04ansqymmmc3a5ciif")
|
||||
(mozilla-patch "icecat-bug-1325513.patch" "218e0963406f" "0wqms5nany4sx2g4p01lbam7la2dyazz87dhv5hcsf8ifxrfww11")
|
||||
(mozilla-patch "icecat-bug-1304566.patch" "188e39630fcd" "1bfxfgj5ywx4bcf91kwyrjh5ppiv59gadx4445achyabdi639l8d")
|
||||
(mozilla-patch "icecat-bug-1356601.patch" "8191e403fedf" "1k4zmq0923f5dc3dwbz1q0bkcbm90ldwkczym366hgwadb2305nd")
|
||||
(mozilla-patch "icecat-bug-1334097.patch" "fe2a2c7e88cb" "1rppaivaddigwk65krn8m9f9mcdkiiv28ws9n9zj62n0rc1shyvc")
|
||||
(mozilla-patch "icecat-bug-1359051.patch" "8d7dbe5c6587" "14zh74bbld4s0jy0a48fi9acxkc236mh9wjid3vrf72yj6bi5xnp")
|
||||
(mozilla-patch "icecat-bug-1359697.patch" "ca2b5274549f" "1ns7v70i1hfkxqnjhf9fp0lk9095hdcllg94j3dl1nfaif4w6vbf")
|
||||
(mozilla-patch "icecat-bug-1343256.patch" "a30dd7dd6617" "1k078176fp8vz871wirjz9d3yx9l2lfl8p75c4905n3j3zv2297q")
|
||||
(mozilla-patch "icecat-bug-1349310.patch" "81b3ce7d37b3" "0ad0wqczy4kpggj6m3b8bzxi6ax340mik1mfawhkq89a1h2sfpxv")
|
||||
(mozilla-patch "icecat-bug-1356179.patch" "66d8893f37f0" "0izl31lagvdv4qpb9gkjxvgpmxzw50x5bviap4l7bbnb56cv7d8p")
|
||||
(mozilla-patch "icecat-bug-1365602.patch" "aad883966edd" "058axnrwrbvy2h9r9pb766lyky45hb92rap142sbp17yz0sxfmww")
|
||||
(mozilla-patch "icecat-bug-1355520.patch" "7ca2d8839f7a" "1xbmpvr2x720x9ghd5wgbg6lknbnhcyqmkkfamdf97mqcyizyr21")
|
||||
(mozilla-patch "icecat-bug-1358469.patch" "4d432638c0f9" "0qpjmwik3dryjwmgfwmkqk0rs9rb2lafb2k9fc3pkjnrq5y0l9xg")
|
||||
(mozilla-patch "icecat-bug-1356025.patch" "f5967db0a0f3" "045wbvkm21kbm314dd6lbq2disiaf26kmsxi6brf442fd0028gwq")
|
||||
(mozilla-patch "icecat-bug-1345910.patch" "ec6b6720e54e" "0lm15jl46mdlsds6947jsiyvhf9agb8hcdrqj2svc3kn9kzvyr2n")
|
||||
(mozilla-patch "icecat-bug-1359639.patch" "a4f8d8a12afa" "0d7sjc21af074rvgvijj42gmpjvcb1v1zlpgb3s7ky7w6wjr35vx")
|
||||
(mozilla-patch "icecat-bug-1357090.patch" "d07f24a72ce4" "1qbwska76b2zslb95wnx9v04znb6k9fqylr4ajyfqpwk1sr363hg")
|
||||
(mozilla-patch "icecat-bug-1364283.patch" "a6caa7628e36" "1yv5f4h8js9bry9krcx130w6ic8rdmmq4fap6va24kfx8qflg70h")
|
||||
(mozilla-patch "icecat-bug-1237868.patch" "41138235d4ea" "0mcj4x2kmagwf5hp8xhczf04sxm995pk1zarc9yffk84z7fcrxkj")
|
||||
(mozilla-patch "icecat-bug-1331335.patch" "b724283e3b31" "1xbb1vcdzfpcmrmxm8ihwzslh2vz15k0k601nvyhh6vgx270h1wn")
|
||||
(mozilla-patch "icecat-bug-1367267.patch" "4c2f4d8b693e" "1hrndhfnz0vnjnspwh5mbvgl2j8d1cs62awp04wx2w6z4l4wrmbv")
|
||||
(mozilla-patch "icecat-bug-1366595.patch" "cce3fd607206" "1z97jw8jpfyx61jxf0j8nsplnna2c5bwihwnl9cvlc2cspp3kgp5")
|
||||
(mozilla-patch "icecat-bug-1349266.patch" "dc4e3c64d781" "1zd666k4qpdamly3av09k602pmirjcs9l6la6ba0qq9w9vfan3g5")
|
||||
(mozilla-patch "icecat-bug-1366140.patch" "379c348250e8" "0kvsyhi9j3bjx14ffr13dslqp8ghcgrz6ds2fikdkrrrk4syskd5")))
|
||||
(modules '((guix build utils)))
|
||||
(snippet
|
||||
'(begin
|
||||
|
|
|
@ -335,7 +335,7 @@ extracting icontainer icon files.")
|
|||
(define-public libtiff
|
||||
(package
|
||||
(name "libtiff")
|
||||
(replacement libtiff/fixed)
|
||||
(replacement libtiff-4.0.8)
|
||||
(version "4.0.7")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
|
@ -384,18 +384,18 @@ collection of tools for doing simple manipulations of TIFF images.")
|
|||
"See COPYRIGHT in the distribution."))
|
||||
(home-page "http://www.simplesystems.org/libtiff/")))
|
||||
|
||||
(define libtiff/fixed
|
||||
(define libtiff-4.0.8
|
||||
(package
|
||||
(inherit libtiff)
|
||||
(version "4.0.8")
|
||||
(source
|
||||
(origin
|
||||
(inherit (package-source libtiff))
|
||||
(patches
|
||||
(append
|
||||
(origin-patches (package-source libtiff))
|
||||
(search-patches "libtiff-CVE-2017-7593.patch"
|
||||
"libtiff-CVE-2017-7594.patch"
|
||||
"libtiff-multiple-UBSAN-crashes.patch")))))))
|
||||
(method url-fetch)
|
||||
(uri (string-append "http://download.osgeo.org/libtiff/tiff-"
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))))
|
||||
|
||||
(define-public libwmf
|
||||
(package
|
||||
|
|
|
@ -421,7 +421,7 @@ and corrections. It is based on a Bayesian filter.")
|
|||
(define-public offlineimap
|
||||
(package
|
||||
(name "offlineimap")
|
||||
(version "7.1.0")
|
||||
(version "7.1.1")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "https://github.com/OfflineIMAP/offlineimap/"
|
||||
|
@ -429,7 +429,7 @@ and corrections. It is based on a Bayesian filter.")
|
|||
(file-name (string-append name "-" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"1r0sbgwyirpbks82ri9g88raf3mp8shq9rg0r92gkr7h6888v6fw"))))
|
||||
"00xpxh0pxcvv3mjgb3vq3x51v498dhqcaixyb3a4srmfgskzh956"))))
|
||||
(build-system python-build-system)
|
||||
(native-inputs
|
||||
`(("asciidoc" ,asciidoc)))
|
||||
|
|
|
@ -490,6 +490,8 @@ was initially a fork of xmpppy, but uses non-blocking sockets.")
|
|||
(uri (string-append "https://gajim.org/downloads/"
|
||||
(version-major+minor version)
|
||||
"/gajim-" version ".tar.bz2"))
|
||||
(patches
|
||||
(search-patches "gajim-CVE-2016-10376.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"13sxz0hpvyj2yvcbsfqq9yn0hp1d1zsxsj40r0v16jlibha5da9n"))))
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
(define-public parallel
|
||||
(package
|
||||
(name "parallel")
|
||||
(version "20170422")
|
||||
(version "20170522")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
|
@ -53,7 +53,7 @@
|
|||
version ".tar.bz2"))
|
||||
(sha256
|
||||
(base32
|
||||
"0afk1q8mqzz02h6imyykgi9gwk5gj08hzs6lwgd65ilj4slkh93s"))))
|
||||
"1k5wlcc0dr2fxna0vi48s0l6pvbyl4pbclbih4103f1155im23ca"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
`(#:phases
|
||||
|
|
|
@ -0,0 +1,57 @@
|
|||
Fix CVE-2016-10376.
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376
|
||||
http://seclists.org/oss-sec/2017/q2/341
|
||||
https://dev.gajim.org/gajim/gajim/issues/8378
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
|
||||
|
||||
(adapted for context in config.py)
|
||||
|
||||
From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001
|
||||
From: Philipp Hörist <forenjunkie@chello.at>
|
||||
Date: Fri, 26 May 2017 23:10:05 +0200
|
||||
Subject: [PATCH] Add config option to activate XEP-0146 commands
|
||||
|
||||
Some of the Commands have security implications, thats why we disable them per default
|
||||
Fixes #8378
|
||||
---
|
||||
src/common/commands.py | 7 ++++---
|
||||
src/common/config.py | 1 +
|
||||
2 files changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/common/commands.py b/src/common/commands.py
|
||||
index 19d8c13..0eeb57c 100644
|
||||
--- a/src/common/commands.py
|
||||
+++ b/src/common/commands.py
|
||||
@@ -345,9 +345,10 @@ class ConnectionCommands:
|
||||
def __init__(self):
|
||||
# a list of all commands exposed: node -> command class
|
||||
self.__commands = {}
|
||||
- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
|
||||
- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
|
||||
- self.__commands[cmdobj.commandnode] = cmdobj
|
||||
+ if gajim.config.get('remote_commands'):
|
||||
+ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand,
|
||||
+ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand):
|
||||
+ self.__commands[cmdobj.commandnode] = cmdobj
|
||||
|
||||
# a list of sessions; keys are tuples (jid, sessionid, node)
|
||||
self.__sessions = {}
|
||||
diff --git a/src/common/config.py b/src/common/config.py
|
||||
index cde1f81..fe25455 100644
|
||||
--- a/src/common/config.py
|
||||
+++ b/src/common/config.py
|
||||
@@ -314,6 +314,7 @@ class Config:
|
||||
'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')],
|
||||
'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')],
|
||||
'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')],
|
||||
+ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')],
|
||||
}, {})
|
||||
|
||||
__options_per_key = {
|
||||
--
|
||||
libgit2 0.24.0
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
From 1ce331d5548b98ed8b818532b2556d6f2c7a3b83 Mon Sep 17 00:00:00 2001
|
||||
From: Martin Hosken <martin_hosken@sil.org>
|
||||
Date: Thu, 9 Mar 2017 22:04:04 +0000
|
||||
Subject: [PATCH] Ensure features have enough space. Fix from Mozilla
|
||||
|
||||
---
|
||||
src/FeatureMap.cpp | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/FeatureMap.cpp b/src/FeatureMap.cpp
|
||||
index b8c8405..83bd5f6 100644
|
||||
--- a/src/FeatureMap.cpp
|
||||
+++ b/src/FeatureMap.cpp
|
||||
@@ -275,7 +275,7 @@ bool FeatureRef::applyValToFeature(uint32 val, Features & pDest) const
|
||||
else
|
||||
if (pDest.m_pMap!=&m_pFace->theSill().theFeatureMap())
|
||||
return false; //incompatible
|
||||
- pDest.reserve(m_index);
|
||||
+ pDest.reserve(m_index+1);
|
||||
pDest[m_index] &= ~m_mask;
|
||||
pDest[m_index] |= (uint32(val) << m_bits);
|
||||
return true;
|
||||
--
|
||||
2.12.2
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
From 348c11e4571b534efdbd58a575bbea979c880b2f Mon Sep 17 00:00:00 2001
|
||||
From: Tim Eves <tim_eves@sil.org>
|
||||
Date: Wed, 1 Mar 2017 14:23:46 +0700
|
||||
Subject: [PATCH] Fix decoding of USV greater than U+110000
|
||||
|
||||
Add test cases too
|
||||
---
|
||||
src/inc/UtfCodec.h | 4 ++--
|
||||
tests/utftest/utftest.cpp | 3 +++
|
||||
2 files changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/inc/UtfCodec.h b/src/inc/UtfCodec.h
|
||||
index 3417bac..9dc760f 100644
|
||||
--- a/src/inc/UtfCodec.h
|
||||
+++ b/src/inc/UtfCodec.h
|
||||
@@ -124,7 +124,7 @@ struct _utf_codec<8>
|
||||
private:
|
||||
static const int8 sz_lut[16];
|
||||
static const byte mask_lut[5];
|
||||
-
|
||||
+ static const uchar_t limit = 0x110000;
|
||||
|
||||
public:
|
||||
typedef uint8 codeunit_t;
|
||||
@@ -157,7 +157,7 @@ public:
|
||||
case 0: l = -1; return 0xFFFD;
|
||||
}
|
||||
|
||||
- if (l != seq_sz || toolong)
|
||||
+ if (l != seq_sz || toolong || u >= limit)
|
||||
{
|
||||
l = -l;
|
||||
return 0xFFFD;
|
||||
diff --git a/tests/utftest/utftest.cpp b/tests/utftest/utftest.cpp
|
||||
index 21cb188..a23553a 100644
|
||||
--- a/tests/utftest/utftest.cpp
|
||||
+++ b/tests/utftest/utftest.cpp
|
||||
@@ -8,6 +8,9 @@ struct test8
|
||||
unsigned char str[12];
|
||||
};
|
||||
struct test8 tests8[] = {
|
||||
+ { 0, 0, {0xF4, 0x90, 0x80, 0x80, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000]
|
||||
+ { 0, 0, {0xC0, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000]
|
||||
+ { 0, 0, {0xA0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000]
|
||||
{ 4, -1, {0x7F, 0xDF, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0, 0} }, // U+7F, U+7FF, U+FFFF, U+10FFF
|
||||
{ 2, 3, {0x7F, 0xDF, 0xBF, 0xF0, 0x8F, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, U+7FF, long(U+FFFF), U+10FFF
|
||||
{ 1, 1, {0x7F, 0xE0, 0x9F, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, long(U+7FF), U+FFFF, U+10FFF
|
||||
--
|
||||
2.12.2
|
||||
|
|
@ -1,93 +0,0 @@
|
|||
This patch incorporates the following 6 consecutive commits from the upstream
|
||||
graphite2 repository:
|
||||
|
||||
75b83cd..: Martin Hosken 2017-03-28 Fix 32-bit wrap arounds
|
||||
1f97e36..: Martin Hosken 2017-03-28 balance comparisons in decompressor
|
||||
9493785..: Martin Hosken 2017-03-29 Speculative rounding fix
|
||||
09af043..: Tim Eves 2017-03-31 Move a MINMATCH to rhs of a comparisio
|
||||
28cc60d..: Tim Eves 2017-03-31 Deal with similar wrap around in literal_len
|
||||
8afc7d0..: Martin Hosken 2017-04-03 Fix 32-bit rollover in decompressor, again
|
||||
|
||||
This diff was generated by the following command:
|
||||
|
||||
git diff 1ce331d5548b98ed..8afc7d0081959866
|
||||
|
||||
|
||||
diff --git a/src/Decompressor.cpp b/src/Decompressor.cpp
|
||||
index 084570f..56d531f 100644
|
||||
--- a/src/Decompressor.cpp
|
||||
+++ b/src/Decompressor.cpp
|
||||
@@ -51,7 +51,7 @@ bool read_sequence(u8 const * &src, u8 const * const end, u8 const * &literal, u
|
||||
literal = src;
|
||||
src += literal_len;
|
||||
|
||||
- if (src > end - 2)
|
||||
+ if (src > end - 2 || src < literal)
|
||||
return false;
|
||||
|
||||
match_dist = *src++;
|
||||
@@ -85,7 +85,7 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
|
||||
{
|
||||
// Copy in literal. At this point the last full sequence must be at
|
||||
// least MINMATCH + 5 from the end of the output buffer.
|
||||
- if (dst + align(literal_len) > dst_end - (MINMATCH+5))
|
||||
+ if (align(literal_len) > unsigned(dst_end - dst - (MINMATCH+5)) || dst_end - dst < MINMATCH + 5)
|
||||
return -1;
|
||||
dst = overrun_copy(dst, literal, literal_len);
|
||||
}
|
||||
@@ -94,7 +94,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
|
||||
// decoded output.
|
||||
u8 const * const pcpy = dst - match_dist;
|
||||
if (pcpy < static_cast<u8*>(out)
|
||||
- || dst + match_len + MINMATCH > dst_end - 5)
|
||||
+ || match_len > unsigned(dst_end - dst - (MINMATCH+5))
|
||||
+ || dst_end - dst < MINMATCH + 5)
|
||||
return -1;
|
||||
if (dst > pcpy+sizeof(unsigned long)
|
||||
&& dst + align(match_len + MINMATCH) <= dst_end)
|
||||
@@ -103,8 +104,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size)
|
||||
dst = safe_copy(dst, pcpy, match_len + MINMATCH);
|
||||
}
|
||||
|
||||
- if (literal + literal_len > src_end
|
||||
- || dst + literal_len > dst_end)
|
||||
+ if (literal_len > src_end - literal
|
||||
+ || literal_len > dst_end - dst)
|
||||
return -1;
|
||||
dst = fast_copy(dst, literal, literal_len);
|
||||
|
||||
diff --git a/src/Pass.cpp b/src/Pass.cpp
|
||||
index a4bac2e..683143c 100644
|
||||
--- a/src/Pass.cpp
|
||||
+++ b/src/Pass.cpp
|
||||
@@ -171,7 +171,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su
|
||||
const uint16 * const o_actions = reinterpret_cast<const uint16 *>(p);
|
||||
be::skip<uint16>(p, m_numRules + 1);
|
||||
const byte * const states = p;
|
||||
- if (e.test(p + 2u*m_numTransition*m_numColumns >= pass_end, E_BADPASSLENGTH)) return face.error(e);
|
||||
+ if (e.test(2u*m_numTransition*m_numColumns >= (unsigned)(pass_end - p), E_BADPASSLENGTH)) return face.error(e);
|
||||
be::skip<int16>(p, m_numTransition*m_numColumns);
|
||||
be::skip<uint8>(p);
|
||||
if (e.test(p != pcCode, E_BADPASSCCODEPTR)) return face.error(e);
|
||||
@@ -192,7 +192,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su
|
||||
m_cPConstraint = vm::Machine::Code(true, pcCode, pcCode + pass_constraint_len,
|
||||
precontext[0], be::peek<uint16>(sort_keys), *m_silf, face, PASS_TYPE_UNKNOWN);
|
||||
if (e.test(!m_cPConstraint, E_OUTOFMEM)
|
||||
- || e.test(!m_cPConstraint, m_cPConstraint.status() + E_CODEFAILURE))
|
||||
+ || e.test(m_cPConstraint.status() != Code::loaded, m_cPConstraint.status() + E_CODEFAILURE))
|
||||
return face.error(e);
|
||||
face.error_context(face.error_context() - 1);
|
||||
}
|
||||
diff --git a/src/Silf.cpp b/src/Silf.cpp
|
||||
index 72a22cd..d661992 100644
|
||||
--- a/src/Silf.cpp
|
||||
+++ b/src/Silf.cpp
|
||||
@@ -191,7 +191,7 @@ bool Silf::readGraphite(const byte * const silf_start, size_t lSilf, Face& face,
|
||||
|
||||
const size_t clen = readClassMap(p, passes_start - p, version, e);
|
||||
m_passes = new Pass[m_numPasses];
|
||||
- if (e || e.test(p + clen > passes_start, E_BADPASSESSTART)
|
||||
+ if (e || e.test(clen > unsigned(passes_start - p), E_BADPASSESSTART)
|
||||
|| e.test(!m_passes, E_OUTOFMEM))
|
||||
{ releaseBuffers(); return face.error(e); }
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
From 0646e4ee471183994f78a759269f0505617711f3 Mon Sep 17 00:00:00 2001
|
||||
From: Martin Hosken <martin_hosken@sil.org>
|
||||
Date: Tue, 18 Apr 2017 13:17:14 +0100
|
||||
Subject: [PATCH] Ensure non linear classes have even number of elements
|
||||
|
||||
---
|
||||
src/Silf.cpp | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/Silf.cpp b/src/Silf.cpp
|
||||
index d661992..9f2f954 100644
|
||||
--- a/src/Silf.cpp
|
||||
+++ b/src/Silf.cpp
|
||||
@@ -293,7 +293,8 @@ size_t Silf::readClassMap(const byte *p, size_t data_len, uint32 version, Error
|
||||
if (e.test(*o + 4 > max_off, E_HIGHCLASSOFFSET) // LookupClass doesn't stretch over max_off
|
||||
|| e.test(lookup[0] == 0 // A LookupClass with no looks is a suspicious thing ...
|
||||
|| lookup[0] * 2 + *o + 4 > max_off // numIDs lookup pairs fits within (start of LookupClass' lookups array, max_off]
|
||||
- || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO)) // rangeShift: numIDs - searchRange
|
||||
+ || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO) // rangeShift: numIDs - searchRange
|
||||
+ || e.test(((o[1] - *o) & 1) != 0, ERROROFFSET)) // glyphs are in pairs so difference must be even.
|
||||
return ERROROFFSET;
|
||||
}
|
||||
|
||||
--
|
||||
2.12.2
|
||||
|
|
@ -1,113 +0,0 @@
|
|||
Fixes CVE-2017-7593 (Potential uninitialized-memory access from tif_rawdata):
|
||||
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2651
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7593
|
||||
https://security-tracker.debian.org/tracker/CVE-2017-7593
|
||||
|
||||
2017-01-11 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add
|
||||
_TIFFcalloc()
|
||||
|
||||
* libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
|
||||
initialize tif_rawdata.
|
||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
|
||||
|
||||
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
|
||||
new revision: 1.1208; previous revision: 1.1207
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c
|
||||
new revision: 1.53; previous revision: 1.52
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_unix.c,v <-- libtiff/tif_unix.c
|
||||
new revision: 1.28; previous revision: 1.27
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_vms.c,v <-- libtiff/tif_vms.c
|
||||
new revision: 1.14; previous revision: 1.13
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_win32.c,v <-- libtiff/tif_win32.c
|
||||
new revision: 1.42; previous revision: 1.41
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tiffio.h,v <-- libtiff/tiffio.h
|
||||
new revision: 1.94; previous revision: 1.93
|
||||
|
||||
diff -ru tiff-4.0.7/libtiff/tiffio.h tiff-4.0.7.new/libtiff/tiffio.h
|
||||
--- tiff-4.0.7/libtiff/tiffio.h 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ tiff-4.0.7.new/libtiff/tiffio.h 2017-05-05 19:08:03.772999790 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $Id: tiffio.h,v 1.92 2016-01-23 21:20:34 erouault Exp $ */
|
||||
+/* $Id: tiffio.h,v 1.94 2017-01-11 19:02:49 erouault Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988-1997 Sam Leffler
|
||||
@@ -293,6 +293,7 @@
|
||||
*/
|
||||
|
||||
extern void* _TIFFmalloc(tmsize_t s);
|
||||
+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
|
||||
extern void* _TIFFrealloc(void* p, tmsize_t s);
|
||||
extern void _TIFFmemset(void* p, int v, tmsize_t c);
|
||||
extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
|
||||
diff -ru tiff-4.0.7/libtiff/tif_read.c tiff-4.0.7.new/libtiff/tif_read.c
|
||||
--- tiff-4.0.7/libtiff/tif_read.c 2017-05-05 19:04:09.740966642 -0400
|
||||
+++ tiff-4.0.7.new/libtiff/tif_read.c 2017-05-05 18:59:11.070709441 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */
|
||||
+/* $Id: tif_read.c,v 1.53 2017-01-11 19:02:49 erouault Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988-1997 Sam Leffler
|
||||
@@ -976,7 +976,9 @@
|
||||
"Invalid buffer size");
|
||||
return (0);
|
||||
}
|
||||
- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
|
||||
+ /* Initialize to zero to avoid uninitialized buffers in case of */
|
||||
+ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
|
||||
+ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
|
||||
tif->tif_flags |= TIFF_MYBUFFER;
|
||||
}
|
||||
if (tif->tif_rawdata == NULL) {
|
||||
diff -ru tiff-4.0.7/libtiff/tif_unix.c tiff-4.0.7.new/libtiff/tif_unix.c
|
||||
--- tiff-4.0.7/libtiff/tif_unix.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ tiff-4.0.7.new/libtiff/tif_unix.c 2017-05-05 19:10:48.302645187 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $Id: tif_unix.c,v 1.27 2015-08-19 02:31:04 bfriesen Exp $ */
|
||||
+/* $Id: tif_unix.c,v 1.28 2017-01-11 19:02:49 erouault Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988-1997 Sam Leffler
|
||||
@@ -316,6 +316,14 @@
|
||||
return (malloc((size_t) s));
|
||||
}
|
||||
|
||||
+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
|
||||
+{
|
||||
+ if( nmemb == 0 || siz == 0 )
|
||||
+ return ((void *) NULL);
|
||||
+
|
||||
+ return calloc((size_t) nmemb, (size_t)siz);
|
||||
+}
|
||||
+
|
||||
void
|
||||
_TIFFfree(void* p)
|
||||
{
|
||||
diff -ru tiff-4.0.7/libtiff/tif_win32.c tiff-4.0.7.new/libtiff/tif_win32.c
|
||||
--- tiff-4.0.7/libtiff/tif_win32.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ tiff-4.0.7.new/libtiff/tif_win32.c 2017-05-05 19:13:06.903399627 -0400
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $Id: tif_win32.c,v 1.41 2015-08-23 20:12:44 bfriesen Exp $ */
|
||||
+/* $Id: tif_win32.c,v 1.42 2017-01-11 19:02:49 erouault Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988-1997 Sam Leffler
|
||||
@@ -360,6 +360,14 @@
|
||||
return (malloc((size_t) s));
|
||||
}
|
||||
|
||||
+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
|
||||
+{
|
||||
+ if( nmemb == 0 || siz == 0 )
|
||||
+ return ((void *) NULL);
|
||||
+
|
||||
+ return calloc((size_t) nmemb, (size_t)siz);
|
||||
+}
|
||||
+
|
||||
void
|
||||
_TIFFfree(void* p)
|
||||
{
|
|
@ -1,54 +0,0 @@
|
|||
Fixes CVE-2017-7594 (Direct leak in tif_ojpeg.c):
|
||||
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2659
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7594
|
||||
https://security-tracker.debian.org/tracker/CVE-2017-7594
|
||||
|
||||
2017-01-12 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
|
||||
when read fails.
|
||||
Patch by Nicolás Peña.
|
||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
|
||||
|
||||
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
|
||||
new revision: 1.1212; previous revision: 1.1211
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v <-- libtiff/tif_ojpeg.c
|
||||
new revision: 1.67; previous revision: 1.66
|
||||
|
||||
Index: libtiff/libtiff/tif_ojpeg.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v
|
||||
retrieving revision 1.67
|
||||
retrieving revision 1.68
|
||||
diff -u -r1.67 -r1.68
|
||||
--- libtiff/libtiff/tif_ojpeg.c 12 Jan 2017 17:43:26 -0000 1.67
|
||||
+++ libtiff/libtiff/tif_ojpeg.c 12 Jan 2017 19:23:20 -0000 1.68
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */
|
||||
+/* $Id: tif_ojpeg.c,v 1.68 2017-01-12 19:23:20 erouault Exp $ */
|
||||
|
||||
/* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0
|
||||
specification is now totally obsolete and deprecated for new applications and
|
||||
@@ -1790,7 +1790,10 @@
|
||||
TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET);
|
||||
p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
|
||||
if (p!=64)
|
||||
+ {
|
||||
+ _TIFFfree(ob);
|
||||
return(0);
|
||||
+ }
|
||||
sp->qtable[m]=ob;
|
||||
sp->sof_tq[m]=m;
|
||||
}
|
||||
@@ -1854,7 +1857,10 @@
|
||||
rb[sizeof(uint32)+5+n]=o[n];
|
||||
p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
|
||||
if (p!=q)
|
||||
+ {
|
||||
+ _TIFFfree(rb);
|
||||
return(0);
|
||||
+ }
|
||||
sp->dctable[m]=rb;
|
||||
sp->sos_tda[m]=(m<<4);
|
||||
}
|
|
@ -1,449 +0,0 @@
|
|||
Fixes CVE-2017-{7595,7596,7597,7598,7599,7600,7601,7602}:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7595
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7596
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7597
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7598
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7599
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7600
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7601
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7602
|
||||
|
||||
2017-01-11 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various
|
||||
clampings
|
||||
of double to other data types to avoid undefined behaviour if the
|
||||
output range
|
||||
isn't big enough to hold the input value.
|
||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2642
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2646
|
||||
http://bugzilla.maptools.org/show_bug.cgi?id=2647
|
||||
|
||||
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
|
||||
new revision: 1.1204; previous revision: 1.1203
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v <-- libtiff/tif_dir.c
|
||||
new revision: 1.129; previous revision: 1.128
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c
|
||||
new revision: 1.207; previous revision: 1.206
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v <-- libtiff/tif_dirwrite.c
|
||||
new revision: 1.85; previous revision: 1.84
|
||||
|
||||
2017-01-11 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* libtiff/tif_dirread.c: avoid division by floating point 0 in
|
||||
TIFFReadDirEntryCheckedRational() and
|
||||
TIFFReadDirEntryCheckedSrational(),
|
||||
and return 0 in that case (instead of infinity as before presumably)
|
||||
Apparently some sanitizers do not like those divisions by zero.
|
||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644
|
||||
|
||||
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
|
||||
new revision: 1.1203; previous revision: 1.1202
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c
|
||||
new revision: 1.206; previous revision: 1.205
|
||||
|
||||
2017-01-11 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to
|
||||
avoid undefined behaviour caused by invalid shift exponent.
|
||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
|
||||
|
||||
|
||||
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
|
||||
new revision: 1.1205; previous revision: 1.1204
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v <-- libtiff/tif_jpeg.c
|
||||
new revision: 1.126; previous revision: 1.125
|
||||
|
||||
2017-01-11 Even Rouault <even.rouault at spatialys.com>
|
||||
|
||||
* libtiff/tif_read.c: avoid potential undefined behaviour on signed
|
||||
integer addition in TIFFReadRawStrip1() in isMapped() case.
|
||||
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650
|
||||
|
||||
/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
|
||||
new revision: 1.1206; previous revision: 1.1205
|
||||
/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c
|
||||
new revision: 1.51; previous revision: 1.50
|
||||
|
||||
Index: libtiff/libtiff/tif_dir.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v
|
||||
retrieving revision 1.128
|
||||
retrieving revision 1.129
|
||||
diff -u -r1.128 -r1.129
|
||||
--- libtiff/libtiff/tif_dir.c 3 Dec 2016 15:30:31 -0000 1.128
|
||||
+++ libtiff/libtiff/tif_dir.c 11 Jan 2017 16:09:02 -0000 1.129
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */
|
||||
+/* $Id: tif_dir.c,v 1.129 2017-01-11 16:09:02 erouault Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988-1997 Sam Leffler
|
||||
@@ -31,6 +31,7 @@
|
||||
* (and also some miscellaneous stuff)
|
||||
*/
|
||||
#include "tiffiop.h"
|
||||
+#include <float.h>
|
||||
|
||||
/*
|
||||
* These are used in the backwards compatibility code...
|
||||
@@ -154,6 +155,15 @@
|
||||
return (0);
|
||||
}
|
||||
|
||||
+static float TIFFClampDoubleToFloat( double val )
|
||||
+{
|
||||
+ if( val > FLT_MAX )
|
||||
+ return FLT_MAX;
|
||||
+ if( val < -FLT_MAX )
|
||||
+ return -FLT_MAX;
|
||||
+ return (float)val;
|
||||
+}
|
||||
+
|
||||
static int
|
||||
_TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
|
||||
{
|
||||
@@ -312,13 +322,13 @@
|
||||
dblval = va_arg(ap, double);
|
||||
if( dblval < 0 )
|
||||
goto badvaluedouble;
|
||||
- td->td_xresolution = (float) dblval;
|
||||
+ td->td_xresolution = TIFFClampDoubleToFloat( dblval );
|
||||
break;
|
||||
case TIFFTAG_YRESOLUTION:
|
||||
dblval = va_arg(ap, double);
|
||||
if( dblval < 0 )
|
||||
goto badvaluedouble;
|
||||
- td->td_yresolution = (float) dblval;
|
||||
+ td->td_yresolution = TIFFClampDoubleToFloat( dblval );
|
||||
break;
|
||||
case TIFFTAG_PLANARCONFIG:
|
||||
v = (uint16) va_arg(ap, uint16_vap);
|
||||
@@ -327,10 +337,10 @@
|
||||
td->td_planarconfig = (uint16) v;
|
||||
break;
|
||||
case TIFFTAG_XPOSITION:
|
||||
- td->td_xposition = (float) va_arg(ap, double);
|
||||
+ td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
|
||||
break;
|
||||
case TIFFTAG_YPOSITION:
|
||||
- td->td_yposition = (float) va_arg(ap, double);
|
||||
+ td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) );
|
||||
break;
|
||||
case TIFFTAG_RESOLUTIONUNIT:
|
||||
v = (uint16) va_arg(ap, uint16_vap);
|
||||
Index: libtiff/libtiff/tif_dirread.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
|
||||
retrieving revision 1.206
|
||||
retrieving revision 1.207
|
||||
diff -u -r1.206 -r1.207
|
||||
--- libtiff/libtiff/tif_dirread.c 11 Jan 2017 13:28:01 -0000 1.206
|
||||
+++ libtiff/libtiff/tif_dirread.c 11 Jan 2017 16:09:02 -0000 1.207
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */
|
||||
+/* $Id: tif_dirread.c,v 1.207 2017-01-11 16:09:02 erouault Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988-1997 Sam Leffler
|
||||
@@ -40,6 +40,7 @@
|
||||
*/
|
||||
|
||||
#include "tiffiop.h"
|
||||
+#include <float.h>
|
||||
|
||||
#define IGNORE 0 /* tag placeholder used below */
|
||||
#define FAILED_FII ((uint32) -1)
|
||||
@@ -2406,7 +2407,14 @@
|
||||
ma=(double*)origdata;
|
||||
mb=data;
|
||||
for (n=0; n<count; n++)
|
||||
- *mb++=(float)(*ma++);
|
||||
+ {
|
||||
+ double val = *ma++;
|
||||
+ if( val > FLT_MAX )
|
||||
+ val = FLT_MAX;
|
||||
+ else if( val < -FLT_MAX )
|
||||
+ val = -FLT_MAX;
|
||||
+ *mb++=(float)val;
|
||||
+ }
|
||||
}
|
||||
break;
|
||||
}
|
||||
Index: libtiff/libtiff/tif_dirwrite.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v
|
||||
retrieving revision 1.84
|
||||
retrieving revision 1.85
|
||||
diff -u -r1.84 -r1.85
|
||||
--- libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 12:51:59 -0000 1.84
|
||||
+++ libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 16:09:02 -0000 1.85
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $Id: tif_dirwrite.c,v 1.83 2016-10-25 21:35:15 erouault Exp $ */
|
||||
+/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988-1997 Sam Leffler
|
||||
@@ -30,6 +30,7 @@
|
||||
* Directory Write Support Routines.
|
||||
*/
|
||||
#include "tiffiop.h"
|
||||
+#include <float.h>
|
||||
|
||||
#ifdef HAVE_IEEEFP
|
||||
#define TIFFCvtNativeToIEEEFloat(tif, n, fp)
|
||||
@@ -939,6 +940,69 @@
|
||||
return(0);
|
||||
}
|
||||
|
||||
+static float TIFFClampDoubleToFloat( double val )
|
||||
+{
|
||||
+ if( val > FLT_MAX )
|
||||
+ return FLT_MAX;
|
||||
+ if( val < -FLT_MAX )
|
||||
+ return -FLT_MAX;
|
||||
+ return (float)val;
|
||||
+}
|
||||
+
|
||||
+static int8 TIFFClampDoubleToInt8( double val )
|
||||
+{
|
||||
+ if( val > 127 )
|
||||
+ return 127;
|
||||
+ if( val < -128 || val != val )
|
||||
+ return -128;
|
||||
+ return (int8)val;
|
||||
+}
|
||||
+
|
||||
+static int16 TIFFClampDoubleToInt16( double val )
|
||||
+{
|
||||
+ if( val > 32767 )
|
||||
+ return 32767;
|
||||
+ if( val < -32768 || val != val )
|
||||
+ return -32768;
|
||||
+ return (int16)val;
|
||||
+}
|
||||
+
|
||||
+static int32 TIFFClampDoubleToInt32( double val )
|
||||
+{
|
||||
+ if( val > 0x7FFFFFFF )
|
||||
+ return 0x7FFFFFFF;
|
||||
+ if( val < -0x7FFFFFFF-1 || val != val )
|
||||
+ return -0x7FFFFFFF-1;
|
||||
+ return (int32)val;
|
||||
+}
|
||||
+
|
||||
+static uint8 TIFFClampDoubleToUInt8( double val )
|
||||
+{
|
||||
+ if( val < 0 )
|
||||
+ return 0;
|
||||
+ if( val > 255 || val != val )
|
||||
+ return 255;
|
||||
+ return (uint8)val;
|
||||
+}
|
||||
+
|
||||
+static uint16 TIFFClampDoubleToUInt16( double val )
|
||||
+{
|
||||
+ if( val < 0 )
|
||||
+ return 0;
|
||||
+ if( val > 65535 || val != val )
|
||||
+ return 65535;
|
||||
+ return (uint16)val;
|
||||
+}
|
||||
+
|
||||
+static uint32 TIFFClampDoubleToUInt32( double val )
|
||||
+{
|
||||
+ if( val < 0 )
|
||||
+ return 0;
|
||||
+ if( val > 0xFFFFFFFFU || val != val )
|
||||
+ return 0xFFFFFFFFU;
|
||||
+ return (uint32)val;
|
||||
+}
|
||||
+
|
||||
static int
|
||||
TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, double* value)
|
||||
{
|
||||
@@ -959,7 +1023,7 @@
|
||||
if (tif->tif_dir.td_bitspersample<=32)
|
||||
{
|
||||
for (i = 0; i < count; ++i)
|
||||
- ((float*)conv)[i] = (float)value[i];
|
||||
+ ((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]);
|
||||
ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv);
|
||||
}
|
||||
else
|
||||
@@ -971,19 +1035,19 @@
|
||||
if (tif->tif_dir.td_bitspersample<=8)
|
||||
{
|
||||
for (i = 0; i < count; ++i)
|
||||
- ((int8*)conv)[i] = (int8)value[i];
|
||||
+ ((int8*)conv)[i] = TIFFClampDoubleToInt8(value[i]);
|
||||
ok = TIFFWriteDirectoryTagSbyteArray(tif,ndir,dir,tag,count,(int8*)conv);
|
||||
}
|
||||
else if (tif->tif_dir.td_bitspersample<=16)
|
||||
{
|
||||
for (i = 0; i < count; ++i)
|
||||
- ((int16*)conv)[i] = (int16)value[i];
|
||||
+ ((int16*)conv)[i] = TIFFClampDoubleToInt16(value[i]);
|
||||
ok = TIFFWriteDirectoryTagSshortArray(tif,ndir,dir,tag,count,(int16*)conv);
|
||||
}
|
||||
else
|
||||
{
|
||||
for (i = 0; i < count; ++i)
|
||||
- ((int32*)conv)[i] = (int32)value[i];
|
||||
+ ((int32*)conv)[i] = TIFFClampDoubleToInt32(value[i]);
|
||||
ok = TIFFWriteDirectoryTagSlongArray(tif,ndir,dir,tag,count,(int32*)conv);
|
||||
}
|
||||
break;
|
||||
@@ -991,19 +1055,19 @@
|
||||
if (tif->tif_dir.td_bitspersample<=8)
|
||||
{
|
||||
for (i = 0; i < count; ++i)
|
||||
- ((uint8*)conv)[i] = (uint8)value[i];
|
||||
+ ((uint8*)conv)[i] = TIFFClampDoubleToUInt8(value[i]);
|
||||
ok = TIFFWriteDirectoryTagByteArray(tif,ndir,dir,tag,count,(uint8*)conv);
|
||||
}
|
||||
else if (tif->tif_dir.td_bitspersample<=16)
|
||||
{
|
||||
for (i = 0; i < count; ++i)
|
||||
- ((uint16*)conv)[i] = (uint16)value[i];
|
||||
+ ((uint16*)conv)[i] = TIFFClampDoubleToUInt16(value[i]);
|
||||
ok = TIFFWriteDirectoryTagShortArray(tif,ndir,dir,tag,count,(uint16*)conv);
|
||||
}
|
||||
else
|
||||
{
|
||||
for (i = 0; i < count; ++i)
|
||||
- ((uint32*)conv)[i] = (uint32)value[i];
|
||||
+ ((uint32*)conv)[i] = TIFFClampDoubleToUInt32(value[i]);
|
||||
ok = TIFFWriteDirectoryTagLongArray(tif,ndir,dir,tag,count,(uint32*)conv);
|
||||
}
|
||||
break;
|
||||
@@ -2102,7 +2102,7 @@
|
||||
m[0]=0;
|
||||
m[1]=1;
|
||||
}
|
||||
- else if (value==(double)(uint32)value)
|
||||
+ else if (value <= 0xFFFFFFFFU && value==(double)(uint32)value)
|
||||
{
|
||||
m[0]=(uint32)value;
|
||||
m[1]=1;
|
||||
@@ -2148,12 +2217,13 @@
|
||||
}
|
||||
for (na=value, nb=m, nc=0; nc<count; na++, nb+=2, nc++)
|
||||
{
|
||||
- if (*na<=0.0)
|
||||
+ if (*na<=0.0 || *na != *na)
|
||||
{
|
||||
nb[0]=0;
|
||||
nb[1]=1;
|
||||
}
|
||||
- else if (*na==(float)(uint32)(*na))
|
||||
+ else if (*na >= 0 && *na <= (float)0xFFFFFFFFU &&
|
||||
+ *na==(float)(uint32)(*na))
|
||||
{
|
||||
nb[0]=(uint32)(*na);
|
||||
nb[1]=1;
|
||||
Index: libtiff/libtiff/tif_dirread.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
|
||||
retrieving revision 1.205
|
||||
retrieving revision 1.206
|
||||
diff -u -r1.205 -r1.206
|
||||
--- libtiff/libtiff/tif_dirread.c 3 Dec 2016 11:02:15 -0000 1.205
|
||||
+++ libtiff/libtiff/tif_dirread.c 11 Jan 2017 13:28:01 -0000 1.206
|
||||
@@ -2872,7 +2872,10 @@
|
||||
m.l = direntry->tdir_offset.toff_long8;
|
||||
if (tif->tif_flags&TIFF_SWAB)
|
||||
TIFFSwabArrayOfLong(m.i,2);
|
||||
- if (m.i[0]==0)
|
||||
+ /* Not completely sure what we should do when m.i[1]==0, but some */
|
||||
+ /* sanitizers do not like division by 0.0: */
|
||||
+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
|
||||
+ if (m.i[0]==0 || m.i[1]==0)
|
||||
*value=0.0;
|
||||
else
|
||||
*value=(double)m.i[0]/(double)m.i[1];
|
||||
@@ -2900,7 +2903,10 @@
|
||||
m.l=direntry->tdir_offset.toff_long8;
|
||||
if (tif->tif_flags&TIFF_SWAB)
|
||||
TIFFSwabArrayOfLong(m.i,2);
|
||||
- if ((int32)m.i[0]==0)
|
||||
+ /* Not completely sure what we should do when m.i[1]==0, but some */
|
||||
+ /* sanitizers do not like division by 0.0: */
|
||||
+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
|
||||
+ if ((int32)m.i[0]==0 || m.i[1]==0)
|
||||
*value=0.0;
|
||||
else
|
||||
*value=(double)((int32)m.i[0])/(double)m.i[1];
|
||||
Index: libtiff/libtiff/tif_jpeg.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v
|
||||
retrieving revision 1.125
|
||||
retrieving revision 1.126
|
||||
diff -u -r1.125 -r1.126
|
||||
--- libtiff/libtiff/tif_jpeg.c 11 Jan 2017 12:15:01 -0000 1.125
|
||||
+++ libtiff/libtiff/tif_jpeg.c 11 Jan 2017 16:13:50 -0000 1.126
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $Id: tif_jpeg.c,v 1.123 2016-01-23 21:20:34 erouault Exp $ */
|
||||
+/* $Id: tif_jpeg.c,v 1.126 2017-01-11 16:13:50 erouault Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1994-1997 Sam Leffler
|
||||
@@ -1632,6 +1632,13 @@
|
||||
"Invalig horizontal/vertical sampling value");
|
||||
return (0);
|
||||
}
|
||||
+ if( td->td_bitspersample > 16 )
|
||||
+ {
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||
+ "BitsPerSample %d not allowed for JPEG",
|
||||
+ td->td_bitspersample);
|
||||
+ return (0);
|
||||
+ }
|
||||
|
||||
/*
|
||||
* A ReferenceBlackWhite field *must* be present since the
|
||||
Index: libtiff/libtiff/tif_read.c
|
||||
===================================================================
|
||||
RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v
|
||||
retrieving revision 1.50
|
||||
retrieving revision 1.51
|
||||
diff -u -r1.50 -r1.51
|
||||
--- libtiff/libtiff/tif_read.c 2 Dec 2016 21:56:56 -0000 1.50
|
||||
+++ libtiff/libtiff/tif_read.c 11 Jan 2017 16:33:34 -0000 1.51
|
||||
@@ -420,16 +420,25 @@
|
||||
return ((tmsize_t)(-1));
|
||||
}
|
||||
} else {
|
||||
- tmsize_t ma,mb;
|
||||
+ tmsize_t ma;
|
||||
tmsize_t n;
|
||||
- ma=(tmsize_t)td->td_stripoffset[strip];
|
||||
- mb=ma+size;
|
||||
- if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
|
||||
- n=0;
|
||||
- else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
|
||||
- n=tif->tif_size-ma;
|
||||
- else
|
||||
- n=size;
|
||||
+ if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
|
||||
+ ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
|
||||
+ {
|
||||
+ n=0;
|
||||
+ }
|
||||
+ else if( ma > TIFF_TMSIZE_T_MAX - size )
|
||||
+ {
|
||||
+ n=0;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ tmsize_t mb=ma+size;
|
||||
+ if (mb>tif->tif_size)
|
||||
+ n=tif->tif_size-ma;
|
||||
+ else
|
||||
+ n=size;
|
||||
+ }
|
||||
if (n!=size) {
|
||||
#if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
|
||||
TIFFErrorExt(tif->tif_clientdata, module,
|
|
@ -0,0 +1,151 @@
|
|||
From 86b98a11559da7d1b21dc9b4c6b10511b9095bc4 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Cross <hodgestar@gmail.com>
|
||||
Date: Sun, 16 Feb 2014 18:46:15 +0000
|
||||
Subject: [PATCH 05/16] Add support for Python 3.4 AST (support for
|
||||
NameConstants and changes to existing to arguments node attributes).
|
||||
|
||||
---
|
||||
genshi/template/astutil.py | 31 ++++++++++++++++++++++++++++---
|
||||
genshi/template/eval.py | 34 +++++++++++++++++++---------------
|
||||
2 files changed, 47 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/genshi/template/astutil.py b/genshi/template/astutil.py
|
||||
index a4c21c8..a3946b4 100644
|
||||
--- a/genshi/template/astutil.py
|
||||
+++ b/genshi/template/astutil.py
|
||||
@@ -21,7 +21,7 @@ else:
|
||||
def parse(source, mode):
|
||||
return compile(source, '', mode, _ast.PyCF_ONLY_AST)
|
||||
|
||||
-from genshi.compat import IS_PYTHON2
|
||||
+from genshi.compat import IS_PYTHON2, isstring
|
||||
|
||||
__docformat__ = 'restructuredtext en'
|
||||
|
||||
@@ -103,8 +103,13 @@ class ASTCodeGenerator(object):
|
||||
self._new_line()
|
||||
return self.visit(node.body)
|
||||
|
||||
+ # Python < 3.4
|
||||
# arguments = (expr* args, identifier? vararg,
|
||||
# identifier? kwarg, expr* defaults)
|
||||
+ #
|
||||
+ # Python >= 3.4
|
||||
+ # arguments = (arg* args, arg? vararg, arg* kwonlyargs, expr* kw_defaults,
|
||||
+ # arg? kwarg, expr* defaults)
|
||||
def visit_arguments(self, node):
|
||||
first = True
|
||||
no_default_count = len(node.args) - len(node.defaults)
|
||||
@@ -122,13 +127,21 @@ class ASTCodeGenerator(object):
|
||||
self._write(', ')
|
||||
else:
|
||||
first = False
|
||||
- self._write('*' + node.vararg)
|
||||
+ self._write('*')
|
||||
+ if isstring(node.vararg):
|
||||
+ self._write(node.vararg)
|
||||
+ else:
|
||||
+ self.visit(node.vararg)
|
||||
if getattr(node, 'kwarg', None):
|
||||
if not first:
|
||||
self._write(', ')
|
||||
else:
|
||||
first = False
|
||||
- self._write('**' + node.kwarg)
|
||||
+ self._write('**')
|
||||
+ if isstring(node.kwarg):
|
||||
+ self._write(node.kwarg)
|
||||
+ else:
|
||||
+ self.visit(node.kwarg)
|
||||
|
||||
if not IS_PYTHON2:
|
||||
# In Python 3 arguments get a special node
|
||||
@@ -724,6 +737,17 @@ class ASTCodeGenerator(object):
|
||||
def visit_Name(self, node):
|
||||
self._write(node.id)
|
||||
|
||||
+ # NameConstant(singleton value)
|
||||
+ def visit_NameConstant(self, node):
|
||||
+ if node.value is None:
|
||||
+ self._write('None')
|
||||
+ elif node.value is True:
|
||||
+ self._write('True')
|
||||
+ elif node.value is False:
|
||||
+ self._write('False')
|
||||
+ else:
|
||||
+ raise Exception("Unknown NameConstant %r" % (node.value,))
|
||||
+
|
||||
# List(expr* elts, expr_context ctx)
|
||||
def visit_List(self, node):
|
||||
self._write('[')
|
||||
@@ -829,6 +853,7 @@ class ASTTransformer(object):
|
||||
visit_Attribute = _clone
|
||||
visit_Subscript = _clone
|
||||
visit_Name = _clone
|
||||
+ visit_NameConstant = _clone
|
||||
visit_List = _clone
|
||||
visit_Tuple = _clone
|
||||
|
||||
diff --git a/genshi/template/eval.py b/genshi/template/eval.py
|
||||
index 89aec49..de4bc86 100644
|
||||
--- a/genshi/template/eval.py
|
||||
+++ b/genshi/template/eval.py
|
||||
@@ -24,7 +24,8 @@ from genshi.template.astutil import ASTTransformer, ASTCodeGenerator, \
|
||||
from genshi.template.base import TemplateRuntimeError
|
||||
from genshi.util import flatten
|
||||
|
||||
-from genshi.compat import get_code_params, build_code_chunk, IS_PYTHON2
|
||||
+from genshi.compat import get_code_params, build_code_chunk, isstring, \
|
||||
+ IS_PYTHON2
|
||||
|
||||
__all__ = ['Code', 'Expression', 'Suite', 'LenientLookup', 'StrictLookup',
|
||||
'Undefined', 'UndefinedError']
|
||||
@@ -495,28 +496,31 @@ class TemplateASTTransformer(ASTTransformer):
|
||||
def __init__(self):
|
||||
self.locals = [CONSTANTS]
|
||||
|
||||
+ def _process(self, names, node):
|
||||
+ if not IS_PYTHON2 and isinstance(node, _ast.arg):
|
||||
+ names.add(node.arg)
|
||||
+ elif isstring(node):
|
||||
+ names.add(node)
|
||||
+ elif isinstance(node, _ast.Name):
|
||||
+ names.add(node.id)
|
||||
+ elif isinstance(node, _ast.alias):
|
||||
+ names.add(node.asname or node.name)
|
||||
+ elif isinstance(node, _ast.Tuple):
|
||||
+ for elt in node.elts:
|
||||
+ self._process(names, elt)
|
||||
+
|
||||
def _extract_names(self, node):
|
||||
names = set()
|
||||
- def _process(node):
|
||||
- if not IS_PYTHON2 and isinstance(node, _ast.arg):
|
||||
- names.add(node.arg)
|
||||
- if isinstance(node, _ast.Name):
|
||||
- names.add(node.id)
|
||||
- elif isinstance(node, _ast.alias):
|
||||
- names.add(node.asname or node.name)
|
||||
- elif isinstance(node, _ast.Tuple):
|
||||
- for elt in node.elts:
|
||||
- _process(elt)
|
||||
if hasattr(node, 'args'):
|
||||
for arg in node.args:
|
||||
- _process(arg)
|
||||
+ self._process(names, arg)
|
||||
if hasattr(node, 'vararg'):
|
||||
- names.add(node.vararg)
|
||||
+ self._process(names, node.vararg)
|
||||
if hasattr(node, 'kwarg'):
|
||||
- names.add(node.kwarg)
|
||||
+ self._process(names, node.kwarg)
|
||||
elif hasattr(node, 'names'):
|
||||
for elt in node.names:
|
||||
- _process(elt)
|
||||
+ self._process(names, elt)
|
||||
return names
|
||||
|
||||
def visit_Str(self, node):
|
||||
--
|
||||
2.12.0
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
From 32bfaa7cc1c736fd62fcbb6414de9498dc20ed07 Mon Sep 17 00:00:00 2001
|
||||
From: Adriano Peluso <catonano@gmail.com>
|
||||
Date: Wed, 5 Apr 2017 15:13:06 +0200
|
||||
Subject: [PATCH 2/2] buildable on python27 too
|
||||
|
||||
---
|
||||
genshi/template/directives.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/genshi/template/directives.py b/genshi/template/directives.py
|
||||
index 6fd0f28..1f70ef6 100644
|
||||
--- a/genshi/template/directives.py
|
||||
+++ b/genshi/template/directives.py
|
||||
@@ -266,7 +266,7 @@ class DefDirective(Directive):
|
||||
if isinstance(ast, _ast.Call):
|
||||
self.name = ast.func.id
|
||||
for arg in ast.args:
|
||||
- if isinstance(arg, _ast.Starred):
|
||||
+ if hasattr(_ast, 'Starred') and isinstance(arg, _ast.Starred):
|
||||
# Python 3.5+
|
||||
self.star_args = arg.value.id
|
||||
else:
|
||||
--
|
||||
2.12.0
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
From cef2c8df44166195e1705638f9f17033a4943bb7 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Cross <hodgestar@gmail.com>
|
||||
Date: Sun, 16 Feb 2014 18:32:21 +0000
|
||||
Subject: [PATCH 02/15] Disable the speedups C extension on CPython >= 3.3
|
||||
since Genshi doesn't support the new Unicode C API yet.
|
||||
|
||||
---
|
||||
setup.py | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/setup.py b/setup.py
|
||||
index 123a2cb..a3d748c 100755
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -65,9 +65,13 @@ available.""")
|
||||
|
||||
|
||||
if Feature:
|
||||
+ # Optional C extension module for speeding up Genshi:
|
||||
+ # Not activated by default on:
|
||||
+ # - PyPy (where it harms performance)
|
||||
+ # - CPython >= 3.3 (the new Unicode C API is not supported yet)
|
||||
speedups = Feature(
|
||||
"optional C speed-enhancements",
|
||||
- standard = not is_pypy,
|
||||
+ standard = not is_pypy and sys.version_info < (3, 3),
|
||||
ext_modules = [
|
||||
Extension('genshi._speedups', ['genshi/_speedups.c']),
|
||||
],
|
||||
--
|
||||
2.12.0
|
||||
|
|
@ -0,0 +1,112 @@
|
|||
From ce796ad4bae5c47011876778674ad036357febdf Mon Sep 17 00:00:00 2001
|
||||
From: Adriano Peluso <catonano@gmail.com>
|
||||
Date: Wed, 5 Apr 2017 15:10:06 +0200
|
||||
Subject: [PATCH 1/2] fixing the tests on python35
|
||||
|
||||
---
|
||||
genshi/filters/i18n.py | 6 ++++--
|
||||
genshi/template/astutil.py | 14 +++++++++++---
|
||||
genshi/template/directives.py | 20 ++++++++++++++------
|
||||
genshi/template/eval.py | 5 +++++
|
||||
4 files changed, 34 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/genshi/filters/i18n.py b/genshi/filters/i18n.py
|
||||
index 526fda4..5387fcf 100644
|
||||
--- a/genshi/filters/i18n.py
|
||||
+++ b/genshi/filters/i18n.py
|
||||
@@ -1194,8 +1194,10 @@ def extract_from_code(code, gettext_functions):
|
||||
elif arg:
|
||||
strings.append(None)
|
||||
[_add(arg) for arg in node.args]
|
||||
- _add(node.starargs)
|
||||
- _add(node.kwargs)
|
||||
+ if hasattr(node, 'starargs'):
|
||||
+ _add(node.starargs)
|
||||
+ if hasattr(node, 'kwargs'):
|
||||
+ _add(node.kwargs)
|
||||
if len(strings) == 1:
|
||||
strings = strings[0]
|
||||
else:
|
||||
diff --git a/genshi/template/astutil.py b/genshi/template/astutil.py
|
||||
index f4e1edd..e561846 100644
|
||||
--- a/genshi/template/astutil.py
|
||||
+++ b/genshi/template/astutil.py
|
||||
@@ -151,6 +151,10 @@ class ASTCodeGenerator(object):
|
||||
def visit_arg(self, node):
|
||||
self._write(node.arg)
|
||||
|
||||
+ def visit_Starred(self, node):
|
||||
+ self._write('*')
|
||||
+ self.visit(node.value)
|
||||
+
|
||||
# FunctionDef(identifier name, arguments args,
|
||||
# stmt* body, expr* decorator_list)
|
||||
def visit_FunctionDef(self, node):
|
||||
@@ -664,9 +668,13 @@ class ASTCodeGenerator(object):
|
||||
if not first:
|
||||
self._write(', ')
|
||||
first = False
|
||||
- # keyword = (identifier arg, expr value)
|
||||
- self._write(keyword.arg)
|
||||
- self._write('=')
|
||||
+ if not keyword.arg:
|
||||
+ # Python 3.5+ star-star args
|
||||
+ self._write('**')
|
||||
+ else:
|
||||
+ # keyword = (identifier arg, expr value)
|
||||
+ self._write(keyword.arg)
|
||||
+ self._write('=')
|
||||
self.visit(keyword.value)
|
||||
if getattr(node, 'starargs', None):
|
||||
if not first:
|
||||
diff --git a/genshi/template/directives.py b/genshi/template/directives.py
|
||||
index 7301c2d..6fd0f28 100644
|
||||
--- a/genshi/template/directives.py
|
||||
+++ b/genshi/template/directives.py
|
||||
@@ -266,13 +266,21 @@ class DefDirective(Directive):
|
||||
if isinstance(ast, _ast.Call):
|
||||
self.name = ast.func.id
|
||||
for arg in ast.args:
|
||||
- # only names
|
||||
- self.args.append(arg.id)
|
||||
+ if isinstance(arg, _ast.Starred):
|
||||
+ # Python 3.5+
|
||||
+ self.star_args = arg.value.id
|
||||
+ else:
|
||||
+ # only names
|
||||
+ self.args.append(arg.id)
|
||||
for kwd in ast.keywords:
|
||||
- self.args.append(kwd.arg)
|
||||
- exp = Expression(kwd.value, template.filepath,
|
||||
- lineno, lookup=template.lookup)
|
||||
- self.defaults[kwd.arg] = exp
|
||||
+ if kwd.arg is None:
|
||||
+ # Python 3.5+
|
||||
+ self.dstar_args = kwd.value.id
|
||||
+ else:
|
||||
+ self.args.append(kwd.arg)
|
||||
+ exp = Expression(kwd.value, template.filepath,
|
||||
+ lineno, lookup=template.lookup)
|
||||
+ self.defaults[kwd.arg] = exp
|
||||
if getattr(ast, 'starargs', None):
|
||||
self.star_args = ast.starargs.id
|
||||
if getattr(ast, 'kwargs', None):
|
||||
diff --git a/genshi/template/eval.py b/genshi/template/eval.py
|
||||
index d378419..81644a7 100644
|
||||
--- a/genshi/template/eval.py
|
||||
+++ b/genshi/template/eval.py
|
||||
@@ -600,6 +600,11 @@ class TemplateASTTransformer(ASTTransformer):
|
||||
finally:
|
||||
self.locals.pop()
|
||||
|
||||
+ # Only used in Python 3.5+
|
||||
+ def visit_Starred(self, node):
|
||||
+ node.value = self.visit(node.value)
|
||||
+ return node
|
||||
+
|
||||
def visit_Name(self, node):
|
||||
# If the name refers to a local inside a lambda, list comprehension, or
|
||||
# generator expression, leave it alone
|
||||
--
|
||||
2.12.0
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
From cc5e07284f44cdd9beec178c69070a53f55d1323 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Cross <hodgestar@gmail.com>
|
||||
Date: Sun, 16 Feb 2014 18:43:20 +0000
|
||||
Subject: [PATCH 03/15] Add isstring helper.
|
||||
|
||||
---
|
||||
genshi/compat.py | 10 +++++++++-
|
||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/genshi/compat.py b/genshi/compat.py
|
||||
index 9787325..6574e39 100644
|
||||
--- a/genshi/compat.py
|
||||
+++ b/genshi/compat.py
|
||||
@@ -35,6 +35,15 @@ else:
|
||||
'Python 2 compatibility function. Not usable in Python 3.')
|
||||
|
||||
|
||||
+# We need to test if an object is an instance of a string type in places
|
||||
+
|
||||
+if IS_PYTHON2:
|
||||
+ def isstring(obj):
|
||||
+ return isinstance(obj, basestring)
|
||||
+else:
|
||||
+ def isstring(obj):
|
||||
+ return isinstance(obj, str)
|
||||
+
|
||||
# We need to differentiate between StringIO and BytesIO in places
|
||||
|
||||
if IS_PYTHON2:
|
||||
@@ -112,4 +121,3 @@ except NameError:
|
||||
if not x:
|
||||
return False
|
||||
return True
|
||||
-
|
||||
--
|
||||
2.12.0
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
From 0769be04c3891ae5c724c6779ba13d1d0f53b4ae Mon Sep 17 00:00:00 2001
|
||||
From: Simon Cross <hodgestar@gmail.com>
|
||||
Date: Sun, 16 Feb 2014 18:25:17 +0000
|
||||
Subject: [PATCH 01/15] Also allow stripping of unsafe script tags (Python 3.4
|
||||
parses the second example as a tag whose name is script&xyz).
|
||||
|
||||
---
|
||||
genshi/filters/tests/test_html.py | 14 ++++++++++----
|
||||
1 file changed, 10 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/genshi/filters/tests/test_html.py b/genshi/filters/tests/test_html.py
|
||||
index 0c6cfe1..45ec0da 100644
|
||||
--- a/genshi/filters/tests/test_html.py
|
||||
+++ b/genshi/filters/tests/test_html.py
|
||||
@@ -368,12 +368,16 @@ def StyleSanitizer():
|
||||
|
||||
class HTMLSanitizerTestCase(unittest.TestCase):
|
||||
|
||||
- def assert_parse_error_or_equal(self, expected, exploit):
|
||||
+ def assert_parse_error_or_equal(self, expected, exploit,
|
||||
+ allow_strip=False):
|
||||
try:
|
||||
html = HTML(exploit)
|
||||
except ParseError:
|
||||
return
|
||||
- self.assertEquals(expected, (html | HTMLSanitizer()).render())
|
||||
+ sanitized_html = (html | HTMLSanitizer()).render()
|
||||
+ if not sanitized_html and allow_strip:
|
||||
+ return
|
||||
+ self.assertEquals(expected, sanitized_html)
|
||||
|
||||
def test_sanitize_unchanged(self):
|
||||
html = HTML(u'<a href="#">fo<br />o</a>')
|
||||
@@ -416,10 +420,12 @@ class HTMLSanitizerTestCase(unittest.TestCase):
|
||||
html = HTML(u'<SCRIPT SRC="http://example.com/"></SCRIPT>')
|
||||
self.assertEquals('', (html | HTMLSanitizer()).render())
|
||||
src = u'<SCR\0IPT>alert("foo")</SCR\0IPT>'
|
||||
- self.assert_parse_error_or_equal('<SCR\x00IPT>alert("foo")', src)
|
||||
+ self.assert_parse_error_or_equal('<SCR\x00IPT>alert("foo")', src,
|
||||
+ allow_strip=True)
|
||||
src = u'<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>'
|
||||
self.assert_parse_error_or_equal('<SCRIPT&XYZ; '
|
||||
- 'SRC="http://example.com/">', src)
|
||||
+ 'SRC="http://example.com/">', src,
|
||||
+ allow_strip=True)
|
||||
|
||||
def test_sanitize_remove_onclick_attr(self):
|
||||
html = HTML(u'<div onclick=\'alert("foo")\' />')
|
||||
--
|
||||
2.12.0
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
This patch prevents a code execution vector involving terminal escape
|
||||
sequences when rxvt-unicode is in "secure mode".
|
||||
|
||||
This change was spurred by the following conversation on the
|
||||
oss-security mailing list:
|
||||
|
||||
Problem description and proof of concept:
|
||||
http://seclists.org/oss-sec/2017/q2/190
|
||||
|
||||
Upstream response:
|
||||
http://seclists.org/oss-sec/2017/q2/291
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
|
||||
|
||||
--- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582
|
||||
+++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583
|
||||
@@ -2695,7 +2695,7 @@
|
||||
/* kidnapped escape sequence: Should be 8.3.48 */
|
||||
case C1_ESA: /* ESC G */
|
||||
// used by original rxvt for rob nations own graphics mode
|
||||
- if (cmd_getc () == 'Q')
|
||||
+ if (cmd_getc () == 'Q' && option (Opt_insecure))
|
||||
tt_printf ("\033G0\012"); /* query graphics - no graphics */
|
||||
break;
|
||||
|
||||
@@ -2914,7 +2914,7 @@
|
||||
break;
|
||||
|
||||
case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */
|
||||
- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
|
||||
+ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
|
||||
#ifdef ISO6429
|
||||
arg[0] = -arg[0];
|
||||
#else /* emulate common DEC VTs */
|
|
@ -1,61 +0,0 @@
|
|||
Allow Synfig to build in C++11 mode.
|
||||
|
||||
Taken from here:
|
||||
https://projects.archlinux.org/svntogit/community.git/plain/trunk/build-fix.patch?h=packages/synfig
|
||||
|
||||
diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.cpp synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.cpp
|
||||
--- synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.cpp 2015-03-28 13:15:00.000000000 +0300
|
||||
+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.cpp 2015-04-28 16:56:11.568749053 +0300
|
||||
@@ -56,8 +56,8 @@
|
||||
/* === M E T H O D S ======================================================= */
|
||||
|
||||
|
||||
-Importer_LibAVCodec::Importer_LibAVCodec(const char *file):
|
||||
- filename(file)
|
||||
+Importer_LibAVCodec::Importer_LibAVCodec(const synfig::FileSystem::Identifier &identifier):
|
||||
+ Importer(identifier)
|
||||
{
|
||||
}
|
||||
|
||||
diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.h synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.h
|
||||
--- synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.h 2015-03-28 13:15:00.000000000 +0300
|
||||
+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.h 2015-04-28 16:55:18.699192946 +0300
|
||||
@@ -46,7 +46,7 @@
|
||||
synfig::String filename;
|
||||
|
||||
public:
|
||||
- Importer_LibAVCodec(const char *filename);
|
||||
+ Importer_LibAVCodec(const synfig::FileSystem::Identifier &identifier);
|
||||
~Importer_LibAVCodec();
|
||||
|
||||
virtual bool get_frame(synfig::Surface &surface, const synfig::RendDesc &renddesc, synfig::Time time, synfig::ProgressCallback *callback);
|
||||
diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/trgt_av.cpp synfig-1.0-RC5.my/src/modules/mod_libavcodec/trgt_av.cpp
|
||||
--- synfig-1.0-RC5/src/modules/mod_libavcodec/trgt_av.cpp 2015-03-28 13:15:00.000000000 +0300
|
||||
+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/trgt_av.cpp 2015-04-28 16:46:54.720091106 +0300
|
||||
@@ -121,14 +121,14 @@
|
||||
picture = avcodec_alloc_frame();
|
||||
if (!picture)
|
||||
return NULL;
|
||||
- size = avpicture_get_size(pix_fmt, width, height);
|
||||
+ size = avpicture_get_size((::PixelFormat)pix_fmt, width, height);
|
||||
picture_buf = (uint8_t *)malloc(size);
|
||||
if (!picture_buf) {
|
||||
av_free(picture);
|
||||
return NULL;
|
||||
}
|
||||
avpicture_fill((AVPicture *)picture, picture_buf,
|
||||
- pix_fmt, width, height);
|
||||
+ (::PixelFormat)pix_fmt, width, height);
|
||||
return picture;
|
||||
}
|
||||
|
||||
diff -wbBur synfig-1.0.2/src/synfig/time.cpp synfig-1.0.2.my/src/synfig/time.cpp
|
||||
--- synfig-1.0.2/src/synfig/time.cpp 2015-07-09 10:33:03.000000000 +0300
|
||||
+++ synfig-1.0.2.my/src/synfig/time.cpp 2015-10-12 13:54:58.382313903 +0300
|
||||
@@ -319,5 +319,5 @@
|
||||
bool
|
||||
Time::is_valid()const
|
||||
{
|
||||
- return !isnan(value_);
|
||||
+ return !::isnan(value_);
|
||||
}
|
|
@ -0,0 +1,55 @@
|
|||
Downloaded from
|
||||
https://github.com/synfig/synfig/commit/b9c3b73ee35b83c4d9183c800809040cef98b2f2.patch
|
||||
|
||||
Without this patch the UI of Synfig Studio (when built with the latest version
|
||||
of GTK) displays very large buttons in the header of every frame.
|
||||
|
||||
This patch can be removed with the next release.
|
||||
|
||||
|
||||
From b9c3b73ee35b83c4d9183c800809040cef98b2f2 Mon Sep 17 00:00:00 2001
|
||||
From: caryoscelus <caryoscelus@gmx.com>
|
||||
Date: Wed, 25 Jan 2017 18:34:39 +0300
|
||||
Subject: [PATCH] Fix dock drop area size
|
||||
|
||||
Fixes #227
|
||||
|
||||
By using Frame instead of Button we avoid intrusive Gtk themes
|
||||
from forcing huge drop area size.
|
||||
---
|
||||
synfig-studio/src/gui/docks/dockdroparea.cpp | 15 ++++++++++-----
|
||||
1 file changed, 10 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/gui/docks/dockdroparea.cpp b/synfig-studio/src/gui/docks/dockdroparea.cpp
|
||||
index 0f8936fdb..e012282f0 100644
|
||||
--- a/src/gui/docks/dockdroparea.cpp
|
||||
+++ b/src/gui/docks/dockdroparea.cpp
|
||||
@@ -35,7 +35,7 @@
|
||||
#include "app.h"
|
||||
#include "docks/dockdroparea.h"
|
||||
#include "docks/dockmanager.h"
|
||||
-#include <gtkmm/button.h>
|
||||
+#include <gtkmm/frame.h>
|
||||
|
||||
#endif
|
||||
|
||||
@@ -61,10 +61,15 @@ DockDropArea::DockDropArea(Gtk::Widget *target):
|
||||
std::vector<Gtk::TargetEntry> listTargets;
|
||||
listTargets.push_back( Gtk::TargetEntry("SYNFIG_DOCK") );
|
||||
|
||||
- Gtk::Button *button_left = manage(new Gtk::Button());
|
||||
- Gtk::Button *button_right = manage(new Gtk::Button());
|
||||
- Gtk::Button *button_top = manage(new Gtk::Button());
|
||||
- Gtk::Button *button_bottom = manage(new Gtk::Button());
|
||||
+ Gtk::Frame *button_left = manage(new Gtk::Frame());
|
||||
+ Gtk::Frame *button_right = manage(new Gtk::Frame());
|
||||
+ Gtk::Frame *button_top = manage(new Gtk::Frame());
|
||||
+ Gtk::Frame *button_bottom = manage(new Gtk::Frame());
|
||||
+
|
||||
+ button_left->set_size_request(20, 10);
|
||||
+ button_right->set_size_request(20, 10);
|
||||
+ button_top->set_size_request(20, 10);
|
||||
+ button_bottom->set_size_request(20, 10);
|
||||
|
||||
button_left->drag_dest_set(listTargets);
|
||||
button_right->drag_dest_set(listTargets);
|
|
@ -14804,3 +14804,125 @@ information.")
|
|||
|
||||
(define-public python2-packaging
|
||||
(package-with-python2 python-packaging))
|
||||
|
||||
(define-public python-sql
|
||||
(package
|
||||
(name "python-sql")
|
||||
(version "0.9")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (pypi-uri "python-sql" version))
|
||||
(sha256
|
||||
(base32
|
||||
"0p6kaqj02vz0habmdx37zjk6hjxdfm8aw737zs059vvpr70ird87"))))
|
||||
(build-system python-build-system)
|
||||
(home-page "https://python-sql.tryton.org/")
|
||||
(synopsis "Library to write SQL queries in a pythonic way")
|
||||
(description "@code{python-sql} is a library to write SQL queries, that
|
||||
transforms idiomatic python function calls to well-formed SQL queries.")
|
||||
(license license:bsd-3)))
|
||||
|
||||
(define-public python2-sql
|
||||
(package-with-python2 python-sql))
|
||||
|
||||
(define-public python-genshi
|
||||
(package
|
||||
(name "python-genshi")
|
||||
(version "0.7")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
"https://ftp.edgewall.org/pub/genshi/Genshi-"
|
||||
version ".tar.gz"))
|
||||
(patches
|
||||
(search-patches
|
||||
;; The first 4 patches are in the master branch upstream.
|
||||
;; See this as a reference https://genshi.edgewall.org/ticket/582
|
||||
;; The last 2 are NOT in any branch.
|
||||
;; They were sent as attachments to a ticket opened at
|
||||
;; https://genshi.edgewall.org/ticket/602#no1
|
||||
"python-genshi-stripping-of-unsafe-script-tags.patch"
|
||||
"python-genshi-disable-speedups-on-python-3.3.patch"
|
||||
"python-genshi-isstring-helper.patch"
|
||||
"python-genshi-add-support-for-python-3.4-AST.patch"
|
||||
"python-genshi-fix-tests-on-python-3.5.patch"
|
||||
"python-genshi-buildable-on-python-2.7.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"0lkkbp6fbwzv0zda5iqc21rr7rdldkwh3hfabfjl9i4bwq14858x"))))
|
||||
(build-system python-build-system)
|
||||
(home-page "https://genshi.edgewall.org/")
|
||||
(synopsis "Toolkit for generation of output for the web")
|
||||
(description "Genshi is a Python library that provides an integrated set
|
||||
of components for parsing, generating, and processing HTML, XML or other
|
||||
textual content for output generation on the web.")
|
||||
(license license:bsd-3)))
|
||||
|
||||
;; The linter here claims that patch file names should start with the package
|
||||
;; name. But, in this case the patches are inherited from python-genshi with
|
||||
;; the "python-genshi-" prefix instead of "python2-genshi-".
|
||||
(define-public python2-genshi
|
||||
(package-with-python2 python-genshi))
|
||||
|
||||
(define-public python-relatorio
|
||||
(package
|
||||
(name "python-relatorio")
|
||||
(version "0.6.4")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (pypi-uri "relatorio" version))
|
||||
(sha256
|
||||
(base32
|
||||
"0lincq79mzgazwd9gh41dybjh9c3n87r83pl8nk3j79aihyfk84z"))))
|
||||
(build-system python-build-system)
|
||||
(propagated-inputs
|
||||
`(("python-lxml" ,python-lxml)
|
||||
("python-genshi" ,python-genshi)))
|
||||
(home-page "https://relatorio.tryton.org/")
|
||||
(synopsis "Templating library able to output ODT and PDF files")
|
||||
(description "Relatorio is a templating library which provides a way to
|
||||
easily output ODT, ODS, PNG, SVG and several other kinds of files. Support
|
||||
for more filetypes can be easily added by creating plugins for them.")
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define-public python2-relatorio
|
||||
(package-with-python2 python-relatorio))
|
||||
|
||||
(define-public python-radon
|
||||
(package
|
||||
(name "python-radon")
|
||||
(version "1.5.0")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (pypi-uri "radon" version))
|
||||
(sha256
|
||||
(base32
|
||||
"1h6jv36am0i827182a04ki6291lyx4kp957xfr5njgprj4nd0qsl"))))
|
||||
(build-system python-build-system)
|
||||
(propagated-inputs
|
||||
`(("python-colorama" ,python-colorama)
|
||||
("python-flake8-polyfill" ,python-flake8-polyfill)
|
||||
("python-mando" ,python-mando-0.3.1)))
|
||||
(native-inputs
|
||||
`(("python-flake8" ,python-flake8)
|
||||
("python-tox" ,python-tox)
|
||||
("python-pytest" ,python-pytest)
|
||||
("python-paramunittest" ,python-paramunittest)))
|
||||
(home-page "https://radon.readthedocs.org/")
|
||||
(synopsis "Code Metrics in Python")
|
||||
(description "Radon is a Python tool which computes various code metrics.
|
||||
Supported metrics are:
|
||||
@itemize @bullet
|
||||
@item raw metrics: SLOC, comment lines, blank lines, &c.
|
||||
@item Cyclomatic Complexity (i.e. McCabe’s Complexity)
|
||||
@item Halstead metrics (all of them)
|
||||
@item the Maintainability Index (a Visual Studio metric)
|
||||
@end itemize")
|
||||
(license license:expat)))
|
||||
|
||||
(define-public python2-radon
|
||||
(package-with-python2 python-radon))
|
||||
|
|
|
@ -484,13 +484,13 @@ security, and applying best practice development processes.")
|
|||
(package
|
||||
(name "python-acme")
|
||||
;; Remember to update the hash of certbot when updating python-acme.
|
||||
(version "0.14.1")
|
||||
(version "0.14.2")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (pypi-uri "acme" version))
|
||||
(sha256
|
||||
(base32
|
||||
"0asmkfkzbswnkrvbj5m01xgy4f6g1fjbj2nir1hhrn3ipcdrsv8f"))))
|
||||
"1kbgpjabbly7r757vyr1050ixnm9hyvrbf9n6aq49cgmb147ysqn"))))
|
||||
(build-system python-build-system)
|
||||
(arguments
|
||||
`(#:phases
|
||||
|
@ -549,7 +549,7 @@ security, and applying best practice development processes.")
|
|||
(uri (pypi-uri name version))
|
||||
(sha256
|
||||
(base32
|
||||
"0rdby57hw35qdrbl7kigscphnz4kqb608bqzrcb73nb99092i6si"))))
|
||||
"1b39hybswzm8mkarg1mwpx47wffqg57jcgi52mz5iz60rxym9j2v"))))
|
||||
(build-system python-build-system)
|
||||
(arguments
|
||||
`(#:python ,python-2
|
||||
|
|
|
@ -0,0 +1,93 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
||||
;;; under the terms of the GNU General Public License as published by
|
||||
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;;; your option) any later version.
|
||||
;;;
|
||||
;;; GNU Guix is distributed in the hope that it will be useful, but
|
||||
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
;;; GNU General Public License for more details.
|
||||
;;;
|
||||
;;; You should have received a copy of the GNU General Public License
|
||||
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(define-module (gnu packages tryton)
|
||||
#:use-module ((guix licenses) #:prefix license:)
|
||||
#:use-module (gnu packages)
|
||||
#:use-module (gnu packages gtk)
|
||||
#:use-module (gnu packages python)
|
||||
#:use-module (guix packages)
|
||||
#:use-module (guix download)
|
||||
#:use-module (guix build-system python))
|
||||
|
||||
(define-public trytond
|
||||
(package
|
||||
(name "trytond")
|
||||
(version "4.4.1")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
"https://downloads.tryton.org/4.4/trytond-"
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"15gm34qwj5fpnkqvrxzndl8653zbczhsa76dm1gi4cqj1r29bbpr"))))
|
||||
(build-system python-build-system)
|
||||
(inputs
|
||||
`(("python-dateutil" ,python-dateutil)
|
||||
("python-genshi" ,python-genshi)
|
||||
("python-polib" ,python-polib)
|
||||
;; there's no python-mysql in Guix right now
|
||||
;; so python-psycopg2 (postgresql) only for now
|
||||
("python-psycopg2" ,python-psycopg2)
|
||||
("python-relatorio" ,python-relatorio)
|
||||
("python-lxml" ,python-lxml)
|
||||
("python-sql" ,python-sql)
|
||||
("python-werkzeug" ,python-werkzeug)
|
||||
("python-wrapt" ,python-wrapt)))
|
||||
(native-inputs
|
||||
`(("python-mock" ,python-mock)))
|
||||
(arguments
|
||||
`(#:phases
|
||||
(modify-phases %standard-phases
|
||||
(add-before 'check 'preparations
|
||||
(lambda _
|
||||
(setenv "DB_NAME" ":memory:"))))))
|
||||
(home-page "https://www.tryton.org/")
|
||||
(synopsis "Server component of Tryton")
|
||||
(description "Tryton is a three-tier high-level general purpose
|
||||
application platform using PostgreSQL as its main database engine. It is the
|
||||
core base of a complete business solution providing modularity, scalability
|
||||
and security.")
|
||||
(license license:gpl3+)))
|
||||
|
||||
(define-public tryton
|
||||
(package
|
||||
(name "tryton")
|
||||
(version "4.4.0")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
"https://downloads.tryton.org/4.4/tryton-"
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"1lklcz5fs6rkrd7z2m2f5gz4fdwzkgnhg2hyvzp20kdsvi33bq2j"))))
|
||||
(build-system python-build-system)
|
||||
(inputs
|
||||
`(("python2-chardet" ,python2-chardet)
|
||||
("python2-dateutil" ,python2-dateutil)
|
||||
("python2-pygtk" ,python2-pygtk)))
|
||||
(arguments
|
||||
`(#:python ,python-2))
|
||||
(home-page "https://www.tryton.org/")
|
||||
(synopsis "Client component of Tryton")
|
||||
(description "This package is the client component of Tryton.")
|
||||
(license license:gpl3+)))
|
|
@ -9,7 +9,7 @@
|
|||
;;; Copyright © 2016 Al McElrath <hello@yrns.org>
|
||||
;;; Copyright © 2016 Carlo Zancanaro <carlo@zancanaro.id.au>
|
||||
;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
|
||||
;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
|
||||
;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.pramatique.xyz>
|
||||
;;; Copyright © 2016 doncatnip <gnopap@gmail.com>
|
||||
;;; Copyright © 2016 Ivan Vilata i Balaguer <ivan@selidor.net>
|
||||
;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
|
||||
|
@ -675,3 +675,80 @@ all of them. Currently supported window managers include:
|
|||
Keybinder works with GTK-based applications using the X Window System.")
|
||||
(home-page "https://github.com/engla/keybinder")
|
||||
(license license:gpl2+)))
|
||||
|
||||
(define-public spectrwm
|
||||
(package
|
||||
(name "spectrwm")
|
||||
(version "3.0.2")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (let ((version-with-underscores
|
||||
(string-join (string-split version #\.) "_")))
|
||||
(string-append "https://github.com/conformal/spectrwm/archive/"
|
||||
"SPECTRWM_" version-with-underscores ".tar.gz")))
|
||||
(file-name (string-append name "-" version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"065b7j8s0lxw3p58fyf3c1mr5203pdm0kww42v245rlx0f005kl2"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
`(#:make-flags (let ((pkg-config (lambda (flag)
|
||||
(string-append
|
||||
"$(shell pkg-config " flag " "
|
||||
"xft fontconfig x11 libpng)"))))
|
||||
(list
|
||||
"CC=gcc"
|
||||
(string-append "PREFIX=" %output)
|
||||
(string-append "INCS=-I. " (pkg-config "--cflags"))
|
||||
(string-append "LIBS=" (pkg-config "--libs") " -lm")))
|
||||
#:tests? #f ;No test suite
|
||||
#:phases
|
||||
(modify-phases %standard-phases
|
||||
(add-before 'build 'change-dir
|
||||
(lambda _
|
||||
(chdir "linux") #t))
|
||||
(add-after 'change-dir 'patch-makefile
|
||||
(lambda _
|
||||
(substitute* "Makefile"
|
||||
(("-g") ""))))
|
||||
(add-after 'change-dir 'fix-freetype-include
|
||||
(lambda _
|
||||
(substitute* "Makefile"
|
||||
(("/usr/include/freetype2")
|
||||
(string-append (assoc-ref %build-inputs "freetype")
|
||||
"/include/freetype2")))))
|
||||
(delete 'configure)))) ;no 'configure' exists
|
||||
(inputs
|
||||
`(("freetype" ,freetype)
|
||||
("fontconfig" ,fontconfig)
|
||||
("libx11" ,libx11)
|
||||
("libxcursor" ,libxcursor)
|
||||
("libxrandr" ,libxrandr)
|
||||
("libxtst" ,libxtst)
|
||||
("libxft" ,libxft)
|
||||
("xcb-util" ,xcb-util)
|
||||
("xcb-util-wm" ,xcb-util-wm)
|
||||
("xcb-util-keysyms" ,xcb-util-keysyms)))
|
||||
(native-inputs
|
||||
`(("libxt" ,libxt)
|
||||
("pkg-config" ,pkg-config)))
|
||||
(synopsis "Minimalistic automatic tiling window manager")
|
||||
(description
|
||||
"Spectrwm is a small dynamic tiling and reparenting window manager for X11.
|
||||
It is inspired by Xmonad and dwm. Its major features include:
|
||||
|
||||
@itemize
|
||||
@item Navigation anywhere on all screens with either the keyboard or mouse
|
||||
@item Customizable status bar
|
||||
@item Restartable without losing state
|
||||
@item Quick launch menu
|
||||
@item Many screen layouts possible with a few simple key strokes
|
||||
@item Move/resize floating windows
|
||||
@item Extended Window Manager Hints (EWMH) support
|
||||
@item Configureable tiling
|
||||
@item Adjustable tile gap allows for a true one pixel border
|
||||
@item Customizable colors and border width
|
||||
@end itemize\n")
|
||||
(home-page "https://github.com/conformal/spectrwm")
|
||||
(license license:isc)))
|
||||
|
|
|
@ -682,6 +682,7 @@ compact configuration syntax.")
|
|||
(method url-fetch)
|
||||
(uri (string-append "http://dist.schmorp.de/rxvt-unicode/Attic/"
|
||||
name "-" version ".tar.bz2"))
|
||||
(patches (search-patches "rxvt-unicode-escape-sequences.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"1pddjn5ynblwfrdmskylrsxb9vfnk3w4jdnq2l8xn2pspkljhip9"))))
|
||||
|
|
|
@ -0,0 +1,593 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
||||
;;; under the terms of the GNU General Public License as published by
|
||||
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;;; your option) any later version.
|
||||
;;;
|
||||
;;; GNU Guix is distributed in the hope that it will be useful, but
|
||||
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
;;; GNU General Public License for more details.
|
||||
;;;
|
||||
;;; You should have received a copy of the GNU General Public License
|
||||
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(define-module (gnu services dns)
|
||||
#:use-module (gnu services)
|
||||
#:use-module (gnu services configuration)
|
||||
#:use-module (gnu services shepherd)
|
||||
#:use-module (gnu system shadow)
|
||||
#:use-module (gnu packages admin)
|
||||
#:use-module (gnu packages dns)
|
||||
#:use-module (guix packages)
|
||||
#:use-module (guix records)
|
||||
#:use-module (guix gexp)
|
||||
#:use-module (srfi srfi-1)
|
||||
#:use-module (srfi srfi-34)
|
||||
#:use-module (srfi srfi-35)
|
||||
#:use-module (ice-9 match)
|
||||
#:use-module (ice-9 regex)
|
||||
#:export (knot-service-type
|
||||
knot-acl-configuration
|
||||
knot-key-configuration
|
||||
knot-keystore-configuration
|
||||
knot-zone-configuration
|
||||
knot-remote-configuration
|
||||
knot-policy-configuration
|
||||
knot-configuration
|
||||
define-zone-entries
|
||||
zone-file
|
||||
zone-entry))
|
||||
|
||||
;;;
|
||||
;;; Knot DNS.
|
||||
;;;
|
||||
|
||||
(define-record-type* <knot-key-configuration>
|
||||
knot-key-configuration make-knot-key-configuration
|
||||
knot-key-configuration?
|
||||
(id knot-key-configuration-id
|
||||
(default ""))
|
||||
(algorithm knot-key-configuration-algorithm
|
||||
(default #f)); one of #f, or an algorithm name
|
||||
(secret knot-key-configuration-secret
|
||||
(default "")))
|
||||
|
||||
(define-record-type* <knot-acl-configuration>
|
||||
knot-acl-configuration make-knot-acl-configuration
|
||||
knot-acl-configuration?
|
||||
(id knot-acl-configuration-id
|
||||
(default ""))
|
||||
(address knot-acl-configuration-address
|
||||
(default '()))
|
||||
(key knot-acl-configuration-key
|
||||
(default '()))
|
||||
(action knot-acl-configuration-action
|
||||
(default '()))
|
||||
(deny? knot-acl-configuration-deny?
|
||||
(default #f)))
|
||||
|
||||
(define-record-type* <zone-entry>
|
||||
zone-entry make-zone-entry
|
||||
zone-entry?
|
||||
(name zone-entry-name
|
||||
(default "@"))
|
||||
(ttl zone-entry-ttl
|
||||
(default ""))
|
||||
(class zone-entry-class
|
||||
(default "IN"))
|
||||
(type zone-entry-type
|
||||
(default "A"))
|
||||
(data zone-entry-data
|
||||
(default "")))
|
||||
|
||||
(define-record-type* <zone-file>
|
||||
zone-file make-zone-file
|
||||
zone-file?
|
||||
(entries zone-file-entries
|
||||
(default '()))
|
||||
(origin zone-file-origin
|
||||
(default ""))
|
||||
(ns zone-file-ns
|
||||
(default "ns"))
|
||||
(mail zone-file-mail
|
||||
(default "hostmaster"))
|
||||
(serial zone-file-serial
|
||||
(default 1))
|
||||
(refresh zone-file-refresh
|
||||
(default "2d"))
|
||||
(retry zone-file-retry
|
||||
(default "15m"))
|
||||
(expiry zone-file-expiry
|
||||
(default "2w"))
|
||||
(nx zone-file-nx
|
||||
(default "1h")))
|
||||
(define-record-type* <knot-keystore-configuration>
|
||||
knot-keystore-configuration make-knot-keystore-configuration
|
||||
knot-keystore-configuration?
|
||||
(id knot-keystore-configuration-id
|
||||
(default ""))
|
||||
(backend knot-keystore-configuration-backend
|
||||
(default 'pem))
|
||||
(config knot-keystore-configuration-config
|
||||
(default "/var/lib/knot/keys/keys")))
|
||||
|
||||
(define-record-type* <knot-policy-configuration>
|
||||
knot-policy-configuration make-knot-policy-configuration
|
||||
knot-policy-configuration?
|
||||
(id knot-policy-configuration-id
|
||||
(default ""))
|
||||
(keystore knot-policy-configuration-keystore
|
||||
(default "default"))
|
||||
(manual? knot-policy-configuration-manual?
|
||||
(default #f))
|
||||
(single-type-signing? knot-policy-configuration-single-type-signing?
|
||||
(default #f))
|
||||
(algorithm knot-policy-configuration-algorithm
|
||||
(default "ecdsap256sha256"))
|
||||
(ksk-size knot-policy-configuration-ksk-size
|
||||
(default 256))
|
||||
(zsk-size knot-policy-configuration-zsk-size
|
||||
(default 256))
|
||||
(dnskey-ttl knot-policy-configuration-dnskey-ttl
|
||||
(default 'default))
|
||||
(zsk-lifetime knot-policy-configuration-zsk-lifetime
|
||||
(default "30d"))
|
||||
(propagation-delay knot-policy-configuration-propagation-delay
|
||||
(default "1d"))
|
||||
(rrsig-lifetime knot-policy-configuration-rrsig-lifetime
|
||||
(default "14d"))
|
||||
(rrsig-refresh knot-policy-configuration-rrsig-refresh
|
||||
(default "7d"))
|
||||
(nsec3? knot-policy-configuration-nsec3?
|
||||
(default #f))
|
||||
(nsec3-iterations knot-policy-configuration-nsec3-iterations
|
||||
(default 5))
|
||||
(nsec3-salt-length knot-policy-configuration-nsec3-salt-length
|
||||
(default 8))
|
||||
(nsec3-salt-lifetime knot-policy-configuration-nsec3-salt-lifetime
|
||||
(default "30d")))
|
||||
|
||||
(define-record-type* <knot-zone-configuration>
|
||||
knot-zone-configuration make-knot-zone-configuration
|
||||
knot-zone-configuration?
|
||||
(domain knot-zone-configuration-domain
|
||||
(default ""))
|
||||
(file knot-zone-configuration-file
|
||||
(default "")) ; the file where this zone is saved.
|
||||
(zone knot-zone-configuration-zone
|
||||
(default (zone-file))) ; initial content of the zone file
|
||||
(master knot-zone-configuration-master
|
||||
(default '()))
|
||||
(ddns-master knot-zone-configuration-ddns-master
|
||||
(default #f))
|
||||
(notify knot-zone-configuration-notify
|
||||
(default '()))
|
||||
(acl knot-zone-configuration-acl
|
||||
(default '()))
|
||||
(semantic-checks? knot-zone-configuration-semantic-checks?
|
||||
(default #f))
|
||||
(disable-any? knot-zone-configuration-disable-any?
|
||||
(default #f))
|
||||
(zonefile-sync knot-zone-configuration-zonefile-sync
|
||||
(default 0))
|
||||
(dnssec-policy knot-zone-configuration-dnssec-policy
|
||||
(default #f))
|
||||
(serial-policy knot-zone-configuration-serial-policy
|
||||
(default 'increment)))
|
||||
|
||||
(define-record-type* <knot-remote-configuration>
|
||||
knot-remote-configuration make-knot-remote-configuration
|
||||
knot-remote-configuration?
|
||||
(id knot-remote-configuration-id
|
||||
(default ""))
|
||||
(address knot-remote-configuration-address
|
||||
(default '()))
|
||||
(via knot-remote-configuration-via
|
||||
(default '()))
|
||||
(key knot-remote-configuration-key
|
||||
(default #f)))
|
||||
|
||||
(define-record-type* <knot-configuration>
|
||||
knot-configuration make-knot-configuration
|
||||
knot-configuration?
|
||||
(knot knot-configuration-knot
|
||||
(default knot))
|
||||
(run-directory knot-configuration-run-directory
|
||||
(default "/var/run/knot"))
|
||||
(listen-v4 knot-configuration-listen-v4
|
||||
(default "0.0.0.0"))
|
||||
(listen-v6 knot-configuration-listen-v6
|
||||
(default "::"))
|
||||
(listen-port knot-configuration-listen-port
|
||||
(default 53))
|
||||
(keys knot-configuration-keys
|
||||
(default '()))
|
||||
(keystores knot-configuration-keystores
|
||||
(default '()))
|
||||
(acls knot-configuration-acls
|
||||
(default '()))
|
||||
(remotes knot-configuration-remotes
|
||||
(default '()))
|
||||
(policies knot-configuration-policies
|
||||
(default '()))
|
||||
(zones knot-configuration-zones
|
||||
(default '())))
|
||||
|
||||
(define-syntax define-zone-entries
|
||||
(syntax-rules ()
|
||||
((_ id (name ttl class type data) ...)
|
||||
(define id (list (make-zone-entry name ttl class type data) ...)))))
|
||||
|
||||
(define (error-out msg)
|
||||
(raise (condition (&message (message msg)))))
|
||||
|
||||
(define (verify-knot-key-configuration key)
|
||||
(unless (knot-key-configuration? key)
|
||||
(error-out "keys must be a list of only knot-key-configuration."))
|
||||
(let ((id (knot-key-configuration-id key)))
|
||||
(unless (and (string? id) (not (equal? id "")))
|
||||
(error-out "key id must be a non empty string.")))
|
||||
(unless (memq '(#f hmac-md5 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512)
|
||||
(knot-key-configuration-algorithm key))
|
||||
(error-out "algorithm must be one of: #f, 'hmac-md5, 'hmac-sha1,
|
||||
'hmac-sha224, 'hmac-sha256, 'hmac-sha384 or 'hmac-sha512")))
|
||||
|
||||
(define (verify-knot-keystore-configuration keystore)
|
||||
(unless (knot-keystore-configuration? keystore)
|
||||
(error-out "keystores must be a list of only knot-keystore-configuration."))
|
||||
(let ((id (knot-keystore-configuration-id keystore)))
|
||||
(unless (and (string? id) (not (equal? id "")))
|
||||
(error-out "keystore id must be a non empty string.")))
|
||||
(unless (memq '(pem pkcs11)
|
||||
(knot-keystore-configuration-backend keystore))
|
||||
(error-out "backend must be one of: 'pem or 'pkcs11")))
|
||||
|
||||
(define (verify-knot-policy-configuration policy)
|
||||
(unless (knot-keystore-configuration? policy)
|
||||
(error-out "policies must be a list of only knot-policy-configuration."))
|
||||
(let ((id (knot-policy-configuration-id policy)))
|
||||
(unless (and (string? id) (not (equal? id "")))
|
||||
(error-out "policy id must be a non empty string."))))
|
||||
|
||||
(define (verify-knot-acl-configuration acl)
|
||||
(unless (knot-acl-configuration? acl)
|
||||
(error-out "acls must be a list of only knot-acl-configuration."))
|
||||
(let ((id (knot-acl-configuration-id acl))
|
||||
(address (knot-acl-configuration-address acl))
|
||||
(key (knot-acl-configuration-key acl))
|
||||
(action (knot-acl-configuration-action acl)))
|
||||
(unless (and (string? id) (not (equal? id "")))
|
||||
(error-out "acl id must be a non empty string."))
|
||||
(unless (and (list? address)
|
||||
(fold (lambda (x1 x2) (and (string? x1) (string? x2))) "" address))
|
||||
(error-out "acl address must be a list of strings.")))
|
||||
(unless (boolean? (knot-acl-configuration-deny? acl))
|
||||
(error-out "deny? must be #t or #f.")))
|
||||
|
||||
(define (verify-knot-zone-configuration zone)
|
||||
(unless (knot-zone-configuration? zone)
|
||||
(error-out "zones must be a list of only knot-zone-configuration."))
|
||||
(let ((domain (knot-zone-configuration-domain zone)))
|
||||
(unless (and (string? domain) (not (equal? domain "")))
|
||||
(error-out "zone domain must be a non empty string."))))
|
||||
|
||||
(define (verify-knot-remote-configuration remote)
|
||||
(unless (knot-remote-configuration? remote)
|
||||
(error-out "remotes must be a list of only knot-remote-configuration."))
|
||||
(let ((id (knot-remote-configuration-id remote)))
|
||||
(unless (and (string? id) (not (equal? id "")))
|
||||
(error-out "remote id must be a non empty string."))))
|
||||
|
||||
(define (verify-knot-configuration config)
|
||||
(unless (package? (knot-configuration-knot config))
|
||||
(error-out "knot configuration field must be a package."))
|
||||
(unless (string? (knot-configuration-run-directory config))
|
||||
(error-out "run-directory must be a string."))
|
||||
(unless (list? (knot-configuration-keys config))
|
||||
(error-out "keys must be a list of knot-key-configuration."))
|
||||
(for-each (lambda (key) (verify-knot-key-configuration key))
|
||||
(knot-configuration-keys config))
|
||||
(unless (list? (knot-configuration-keystores config))
|
||||
(error-out "keystores must be a list of knot-keystore-configuration."))
|
||||
(for-each (lambda (keystore) (verify-knot-keystore-configuration keystore))
|
||||
(knot-configuration-keystores config))
|
||||
(unless (list? (knot-configuration-acls config))
|
||||
(error-out "acls must be a list of knot-acl-configuration."))
|
||||
(for-each (lambda (acl) (verify-knot-acl-configuration acl))
|
||||
(knot-configuration-acls config))
|
||||
(unless (list? (knot-configuration-zones config))
|
||||
(error-out "zones must be a list of knot-zone-configuration."))
|
||||
(for-each (lambda (zone) (verify-knot-zone-configuration zone))
|
||||
(knot-configuration-zones config))
|
||||
(unless (list? (knot-configuration-policies config))
|
||||
(error-out "policies must be a list of knot-policy-configuration."))
|
||||
(for-each (lambda (policy) (verify-knot-policy-configuration policy))
|
||||
(knot-configuration-policies config))
|
||||
(unless (list? (knot-configuration-remotes config))
|
||||
(error-out "remotes must be a list of knot-remote-configuration."))
|
||||
(for-each (lambda (remote) (verify-knot-remote-configuration remote))
|
||||
(knot-configuration-remotes config))
|
||||
#t)
|
||||
|
||||
(define (format-string-list l)
|
||||
"Formats a list of string in YAML"
|
||||
(if (eq? l '())
|
||||
""
|
||||
(let ((l (reverse l)))
|
||||
(string-append
|
||||
"["
|
||||
(fold (lambda (x1 x2)
|
||||
(string-append (if (symbol? x1) (symbol->string x1) x1) ", "
|
||||
(if (symbol? x2) (symbol->string x2) x2)))
|
||||
(car l) (cdr l))
|
||||
"]"))))
|
||||
|
||||
(define (knot-acl-config acls)
|
||||
(with-output-to-string
|
||||
(lambda ()
|
||||
(for-each
|
||||
(lambda (acl-config)
|
||||
(let ((id (knot-acl-configuration-id acl-config))
|
||||
(address (knot-acl-configuration-address acl-config))
|
||||
(key (knot-acl-configuration-key acl-config))
|
||||
(action (knot-acl-configuration-action acl-config))
|
||||
(deny? (knot-acl-configuration-deny? acl-config)))
|
||||
(format #t " - id: ~a\n" id)
|
||||
(unless (eq? address '())
|
||||
(format #t " address: ~a\n" (format-string-list address)))
|
||||
(unless (eq? key '())
|
||||
(format #t " key: ~a\n" (format-string-list key)))
|
||||
(unless (eq? action '())
|
||||
(format #t " action: ~a\n" (format-string-list action)))
|
||||
(format #t " deny: ~a\n" (if deny? "on" "off"))))
|
||||
acls))))
|
||||
|
||||
(define (knot-key-config keys)
|
||||
(with-output-to-string
|
||||
(lambda ()
|
||||
(for-each
|
||||
(lambda (key-config)
|
||||
(let ((id (knot-key-configuration-id key-config))
|
||||
(algorithm (knot-key-configuration-algorithm key-config))
|
||||
(secret (knot-key-configuration-secret key-config)))
|
||||
(format #t " - id: ~a\n" id)
|
||||
(if algorithm
|
||||
(format #t " algorithm: ~a\n" (symbol->string algorithm)))
|
||||
(format #t " secret: ~a\n" secret)))
|
||||
keys))))
|
||||
|
||||
(define (knot-keystore-config keystores)
|
||||
(with-output-to-string
|
||||
(lambda ()
|
||||
(for-each
|
||||
(lambda (keystore-config)
|
||||
(let ((id (knot-keystore-configuration-id keystore-config))
|
||||
(backend (knot-keystore-configuration-backend keystore-config))
|
||||
(config (knot-keystore-configuration-config keystore-config)))
|
||||
(format #t " - id: ~a\n" id)
|
||||
(format #t " backend: ~a\n" (symbol->string backend))
|
||||
(format #t " config: \"~a\"\n" config)))
|
||||
keystores))))
|
||||
|
||||
(define (knot-policy-config policies)
|
||||
(with-output-to-string
|
||||
(lambda ()
|
||||
(for-each
|
||||
(lambda (policy-config)
|
||||
(let ((id (knot-policy-configuration-id policy-config))
|
||||
(keystore (knot-policy-configuration-keystore policy-config))
|
||||
(manual? (knot-policy-configuration-manual? policy-config))
|
||||
(single-type-signing? (knot-policy-configuration-single-type-signing?
|
||||
policy-config))
|
||||
(algorithm (knot-policy-configuration-algorithm policy-config))
|
||||
(ksk-size (knot-policy-configuration-ksk-size policy-config))
|
||||
(zsk-size (knot-policy-configuration-zsk-size policy-config))
|
||||
(dnskey-ttl (knot-policy-configuration-dnskey-ttl policy-config))
|
||||
(zsk-lifetime (knot-policy-configuration-zsk-lifetime policy-config))
|
||||
(propagation-delay (knot-policy-configuration-propagation-delay
|
||||
policy-config))
|
||||
(rrsig-lifetime (knot-policy-configuration-rrsig-lifetime
|
||||
policy-config))
|
||||
(nsec3? (knot-policy-configuration-nsec3? policy-config))
|
||||
(nsec3-iterations (knot-policy-configuration-nsec3-iterations
|
||||
policy-config))
|
||||
(nsec3-salt-length (knot-policy-configuration-nsec3-salt-length
|
||||
policy-config))
|
||||
(nsec3-salt-lifetime (knot-policy-configuration-nsec3-salt-lifetime
|
||||
policy-config)))
|
||||
(format #t " - id: ~a\n" id)
|
||||
(format #t " keystore: ~a\n" keystore)
|
||||
(format #t " manual: ~a\n" (if manual? "on" "off"))
|
||||
(format #t " single-type-signing: ~a\n" (if single-type-signing?
|
||||
"on" "off"))
|
||||
(format #t " algorithm: ~a\n" algorithm)
|
||||
(format #t " ksk-size: ~a\n" (number->string ksk-size))
|
||||
(format #t " zsk-size: ~a\n" (number->string zsk-size))
|
||||
(unless (eq? dnskey-ttl 'default)
|
||||
(format #t " dnskey-ttl: ~a\n" dnskey-ttl))
|
||||
(format #t " zsk-lifetime: ~a\n" zsk-lifetime)
|
||||
(format #t " propagation-delay: ~a\n" propagation-delay)
|
||||
(format #t " rrsig-lifetime: ~a\n" rrsig-lifetime)
|
||||
(format #t " nsec3: ~a\n" (if nsec3? "on" "off"))
|
||||
(format #t " nsec3-iterations: ~a\n"
|
||||
(number->string nsec3-iterations))
|
||||
(format #t " nsec3-salt-length: ~a\n"
|
||||
(number->string nsec3-salt-length))
|
||||
(format #t " nsec3-salt-lifetime: ~a\n" nsec3-salt-lifetime)))
|
||||
policies))))
|
||||
|
||||
(define (knot-remote-config remotes)
|
||||
(with-output-to-string
|
||||
(lambda ()
|
||||
(for-each
|
||||
(lambda (remote-config)
|
||||
(let ((id (knot-remote-configuration-id remote-config))
|
||||
(address (knot-remote-configuration-address remote-config))
|
||||
(via (knot-remote-configuration-via remote-config))
|
||||
(key (knot-remote-configuration-key remote-config)))
|
||||
(format #t " - id: ~a\n" id)
|
||||
(unless (eq? address '())
|
||||
(format #t " address: ~a\n" (format-string-list address)))
|
||||
(unless (eq? via '())
|
||||
(format #t " via: ~a\n" (format-string-list via)))
|
||||
(if key
|
||||
(format #t " key: ~a\n" key))))
|
||||
remotes))))
|
||||
|
||||
(define (serialize-zone-entries entries)
|
||||
(with-output-to-string
|
||||
(lambda ()
|
||||
(for-each
|
||||
(lambda (entry)
|
||||
(let ((name (zone-entry-name entry))
|
||||
(ttl (zone-entry-ttl entry))
|
||||
(class (zone-entry-class entry))
|
||||
(type (zone-entry-type entry))
|
||||
(data (zone-entry-data entry)))
|
||||
(format #t "~a ~a ~a ~a ~a\n" name ttl class type data)))
|
||||
entries))))
|
||||
|
||||
(define (serialize-zone-file zone domain)
|
||||
(computed-file (string-append domain ".zone")
|
||||
#~(begin
|
||||
(call-with-output-file #$output
|
||||
(lambda (port)
|
||||
(format port "$ORIGIN ~a.\n"
|
||||
#$(zone-file-origin zone))
|
||||
(format port "@ IN SOA ~a ~a (~a ~a ~a ~a ~a)\n"
|
||||
#$(zone-file-ns zone)
|
||||
#$(zone-file-mail zone)
|
||||
#$(zone-file-serial zone)
|
||||
#$(zone-file-refresh zone)
|
||||
#$(zone-file-retry zone)
|
||||
#$(zone-file-expiry zone)
|
||||
#$(zone-file-nx zone))
|
||||
(format port "~a\n"
|
||||
#$(serialize-zone-entries (zone-file-entries zone))))))))
|
||||
|
||||
(define (knot-zone-config zone)
|
||||
(let ((content (knot-zone-configuration-zone zone)))
|
||||
#~(with-output-to-string
|
||||
(lambda ()
|
||||
(let ((domain #$(knot-zone-configuration-domain zone))
|
||||
(file #$(knot-zone-configuration-file zone))
|
||||
(master (list #$@(knot-zone-configuration-master zone)))
|
||||
(ddns-master #$(knot-zone-configuration-ddns-master zone))
|
||||
(notify (list #$@(knot-zone-configuration-notify zone)))
|
||||
(acl (list #$@(knot-zone-configuration-acl zone)))
|
||||
(semantic-checks? #$(knot-zone-configuration-semantic-checks? zone))
|
||||
(disable-any? #$(knot-zone-configuration-disable-any? zone))
|
||||
(dnssec-policy #$(knot-zone-configuration-dnssec-policy zone))
|
||||
(serial-policy '#$(knot-zone-configuration-serial-policy zone)))
|
||||
(format #t " - domain: ~a\n" domain)
|
||||
(if (eq? master '())
|
||||
;; This server is a master
|
||||
(if (equal? file "")
|
||||
(format #t " file: ~a\n"
|
||||
#$(serialize-zone-file content
|
||||
(knot-zone-configuration-domain zone)))
|
||||
(format #t " file: ~a\n" file))
|
||||
;; This server is a slave (has masters)
|
||||
(begin
|
||||
(format #t " master: ~a\n"
|
||||
#$(format-string-list
|
||||
(knot-zone-configuration-master zone)))
|
||||
(if ddns-master (format #t " ddns-master ~a\n" ddns-master))))
|
||||
(unless (eq? notify '())
|
||||
(format #t " notify: ~a\n"
|
||||
#$(format-string-list
|
||||
(knot-zone-configuration-notify zone))))
|
||||
(unless (eq? acl '())
|
||||
(format #t " acl: ~a\n"
|
||||
#$(format-string-list
|
||||
(knot-zone-configuration-acl zone))))
|
||||
(format #t " semantic-checks: ~a\n" (if semantic-checks? "on" "off"))
|
||||
(format #t " disable-any: ~a\n" (if disable-any? "on" "off"))
|
||||
(if dnssec-policy
|
||||
(begin
|
||||
(format #t " dnssec-signing: on\n")
|
||||
(format #t " dnssec-policy: ~a\n" dnssec-policy)))
|
||||
(format #t " serial-policy: ~a\n"
|
||||
(symbol->string serial-policy)))))))
|
||||
|
||||
(define (knot-config-file config)
|
||||
(verify-knot-configuration config)
|
||||
(computed-file "knot.conf"
|
||||
#~(begin
|
||||
(call-with-output-file #$output
|
||||
(lambda (port)
|
||||
(format port "server:\n")
|
||||
(format port " rundir: ~a\n" #$(knot-configuration-run-directory config))
|
||||
(format port " user: knot\n")
|
||||
(format port " listen: ~a@~a\n"
|
||||
#$(knot-configuration-listen-v4 config)
|
||||
#$(knot-configuration-listen-port config))
|
||||
(format port " listen: ~a@~a\n"
|
||||
#$(knot-configuration-listen-v6 config)
|
||||
#$(knot-configuration-listen-port config))
|
||||
(format port "\nkey:\n")
|
||||
(format port #$(knot-key-config (knot-configuration-keys config)))
|
||||
(format port "\nkeystore:\n")
|
||||
(format port #$(knot-keystore-config (knot-configuration-keystores config)))
|
||||
(format port "\nacl:\n")
|
||||
(format port #$(knot-acl-config (knot-configuration-acls config)))
|
||||
(format port "\nremote:\n")
|
||||
(format port #$(knot-remote-config (knot-configuration-remotes config)))
|
||||
(format port "\npolicy:\n")
|
||||
(format port #$(knot-policy-config (knot-configuration-policies config)))
|
||||
(unless #$(eq? (knot-configuration-zones config) '())
|
||||
(format port "\nzone:\n")
|
||||
(format port "~a\n"
|
||||
(string-concatenate
|
||||
(list #$@(map knot-zone-config
|
||||
(knot-configuration-zones config)))))))))))
|
||||
|
||||
(define %knot-accounts
|
||||
(list (user-group (name "knot") (system? #t))
|
||||
(user-account
|
||||
(name "knot")
|
||||
(group "knot")
|
||||
(system? #t)
|
||||
(comment "knot dns server user")
|
||||
(home-directory "/var/empty")
|
||||
(shell (file-append shadow "/sbin/nologin")))))
|
||||
|
||||
(define (knot-activation config)
|
||||
#~(begin
|
||||
(use-modules (guix build utils))
|
||||
(define (mkdir-p/perms directory owner perms)
|
||||
(mkdir-p directory)
|
||||
(chown directory (passwd:uid owner) (passwd:gid owner))
|
||||
(chmod directory perms))
|
||||
(mkdir-p/perms #$(knot-configuration-run-directory config)
|
||||
(getpwnam "knot") #o755)
|
||||
(mkdir-p/perms "/var/lib/knot" (getpwnam "knot") #o755)
|
||||
(mkdir-p/perms "/var/lib/knot/keys" (getpwnam "knot") #o755)
|
||||
(mkdir-p/perms "/var/lib/knot/keys/keys" (getpwnam "knot") #o755)))
|
||||
|
||||
(define (knot-shepherd-service config)
|
||||
(let* ((config-file (knot-config-file config))
|
||||
(knot (knot-configuration-knot config)))
|
||||
(list (shepherd-service
|
||||
(documentation "Run the Knot DNS daemon.")
|
||||
(provision '(knot dns))
|
||||
(requirement '(networking))
|
||||
(start #~(make-forkexec-constructor
|
||||
(list (string-append #$knot "/sbin/knotd")
|
||||
"-c" #$config-file)))
|
||||
(stop #~(make-kill-destructor))))))
|
||||
|
||||
(define knot-service-type
|
||||
(service-type (name 'knot)
|
||||
(extensions
|
||||
(list (service-extension shepherd-root-service-type
|
||||
knot-shepherd-service)
|
||||
(service-extension activation-service-type
|
||||
knot-activation)
|
||||
(service-extension account-service-type
|
||||
(const %knot-accounts))))))
|
|
@ -0,0 +1,130 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
||||
;;; under the terms of the GNU General Public License as published by
|
||||
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;;; your option) any later version.
|
||||
;;;
|
||||
;;; GNU Guix is distributed in the hope that it will be useful, but
|
||||
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
;;; GNU General Public License for more details.
|
||||
;;;
|
||||
;;; You should have received a copy of the GNU General Public License
|
||||
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(define-module (guix build-system font)
|
||||
#:use-module (guix utils)
|
||||
#:use-module (guix packages)
|
||||
#:use-module (guix derivations)
|
||||
#:use-module (guix search-paths)
|
||||
#:use-module (guix build-system)
|
||||
#:use-module (guix build-system gnu)
|
||||
#:use-module (ice-9 match)
|
||||
#:export (%font-build-system-modules
|
||||
font-build
|
||||
font-build-system))
|
||||
|
||||
;; Commentary:
|
||||
;;
|
||||
;; Standard build procedure for fonts. This is implemented as an extension of
|
||||
;; 'gnu-build-system'.
|
||||
;;
|
||||
;; Code:
|
||||
|
||||
(define %font-build-system-modules
|
||||
;; Build-side modules imported by default.
|
||||
`((guix build font-build-system)
|
||||
,@%gnu-build-system-modules))
|
||||
|
||||
(define* (lower name
|
||||
#:key source inputs native-inputs outputs system target
|
||||
#:allow-other-keys
|
||||
#:rest arguments)
|
||||
"Return a bag for NAME."
|
||||
(define private-keywords
|
||||
'(#:target #:inputs #:native-inputs))
|
||||
|
||||
(bag
|
||||
(name name)
|
||||
(system system)
|
||||
(host-inputs `(,@(if source
|
||||
`(("source" ,source))
|
||||
'())
|
||||
,@inputs
|
||||
,(list "tar" (module-ref (resolve-interface '(gnu packages base)) 'tar))
|
||||
,(list "unzip" (module-ref (resolve-interface '(gnu packages zip)) 'unzip))
|
||||
,@(let ((compression (resolve-interface '(gnu packages compression))))
|
||||
(map (match-lambda
|
||||
((name package)
|
||||
(list name (module-ref compression package))))
|
||||
`(("gzip" gzip)
|
||||
("bzip2" bzip2)
|
||||
("xz" xz))))))
|
||||
(build-inputs native-inputs)
|
||||
(outputs outputs)
|
||||
(build font-build)
|
||||
(arguments (strip-keyword-arguments private-keywords arguments))))
|
||||
|
||||
(define* (font-build store name inputs
|
||||
#:key source
|
||||
(tests? #t)
|
||||
(test-target "test")
|
||||
(configure-flags ''())
|
||||
(phases '(@ (guix build font-build-system)
|
||||
%standard-phases))
|
||||
(outputs '("out"))
|
||||
(search-paths '())
|
||||
(system (%current-system))
|
||||
(guile #f)
|
||||
(imported-modules %font-build-system-modules)
|
||||
(modules '((guix build font-build-system)
|
||||
(guix build utils))))
|
||||
"Build SOURCE with INPUTS."
|
||||
(define builder
|
||||
`(begin
|
||||
(use-modules ,@modules)
|
||||
(font-build #:name ,name
|
||||
#:source ,(match (assoc-ref inputs "source")
|
||||
(((? derivation? source))
|
||||
(derivation->output-path source))
|
||||
((source)
|
||||
source)
|
||||
(source
|
||||
source))
|
||||
#:configure-flags ,configure-flags
|
||||
#:system ,system
|
||||
#:test-target ,test-target
|
||||
#:tests? ,tests?
|
||||
#:phases ,phases
|
||||
#:outputs %outputs
|
||||
#:search-paths ',(map search-path-specification->sexp
|
||||
search-paths)
|
||||
#:inputs %build-inputs)))
|
||||
|
||||
(define guile-for-build
|
||||
(match guile
|
||||
((? package?)
|
||||
(package-derivation store guile system #:graft? #f))
|
||||
(#f ; the default
|
||||
(let* ((distro (resolve-interface '(gnu packages commencement)))
|
||||
(guile (module-ref distro 'guile-final)))
|
||||
(package-derivation store guile system #:graft? #f)))))
|
||||
|
||||
(build-expression->derivation store name builder
|
||||
#:inputs inputs
|
||||
#:system system
|
||||
#:modules imported-modules
|
||||
#:outputs outputs
|
||||
#:guile-for-build guile-for-build))
|
||||
|
||||
(define font-build-system
|
||||
(build-system
|
||||
(name 'font)
|
||||
(description "The build system for font packages")
|
||||
(lower lower)))
|
||||
|
||||
;;; font.scm ends here
|
|
@ -0,0 +1,71 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
||||
;;; under the terms of the GNU General Public License as published by
|
||||
;;; the Free Software Foundation; either version 3 of the License, or (at
|
||||
;;; your option) any later version.
|
||||
;;;
|
||||
;;; GNU Guix is distributed in the hope that it will be useful, but
|
||||
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
;;; GNU General Public License for more details.
|
||||
;;;
|
||||
;;; You should have received a copy of the GNU General Public License
|
||||
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(define-module (guix build font-build-system)
|
||||
#:use-module ((guix build gnu-build-system) #:prefix gnu:)
|
||||
#:use-module (guix build utils)
|
||||
#:use-module (srfi srfi-1)
|
||||
#:use-module (srfi srfi-26)
|
||||
#:export (%standard-phases
|
||||
font-build))
|
||||
|
||||
;; Commentary:
|
||||
;;
|
||||
;; Builder-side code of the build procedure for font packages.
|
||||
;;
|
||||
;; Code:
|
||||
|
||||
(define gnu:unpack (assoc-ref gnu:%standard-phases 'unpack))
|
||||
|
||||
(define* (unpack #:key source #:allow-other-keys)
|
||||
"Unpack SOURCE into the build directory. SOURCE may be a compressed
|
||||
archive, or a font file."
|
||||
(if (any (cut string-suffix? <> source)
|
||||
(list ".ttf" ".otf"))
|
||||
(begin
|
||||
(mkdir "source")
|
||||
(chdir "source")
|
||||
(copy-file source (strip-store-file-name source))
|
||||
#t)
|
||||
(gnu:unpack #:source source)))
|
||||
|
||||
(define* (install #:key outputs #:allow-other-keys)
|
||||
"Install the package contents."
|
||||
(let* ((out (assoc-ref outputs "out"))
|
||||
(source (getcwd))
|
||||
(fonts (string-append out "/share/fonts")))
|
||||
(for-each (cut install-file <> (string-append fonts "/truetype"))
|
||||
(find-files source "\\.ttf$"))
|
||||
(for-each (cut install-file <> (string-append fonts "/opentype"))
|
||||
(find-files source "\\.otf$"))
|
||||
#t))
|
||||
|
||||
(define %standard-phases
|
||||
(modify-phases gnu:%standard-phases
|
||||
(replace 'unpack unpack)
|
||||
(delete 'configure)
|
||||
(delete 'check)
|
||||
(delete 'build)
|
||||
(replace 'install install)))
|
||||
|
||||
(define* (font-build #:key inputs (phases %standard-phases)
|
||||
#:allow-other-keys #:rest args)
|
||||
"Build the given font package, applying all of PHASES in order."
|
||||
(apply gnu:gnu-build #:inputs inputs #:phases phases args))
|
||||
|
||||
;;; font-build-system.scm ends here
|
|
@ -69,6 +69,9 @@
|
|||
pivot-root
|
||||
fcntl-flock
|
||||
|
||||
set-thread-name
|
||||
thread-name
|
||||
|
||||
CLONE_CHILD_CLEARTID
|
||||
CLONE_CHILD_SETTID
|
||||
CLONE_NEWNS
|
||||
|
@ -882,6 +885,52 @@ exception if it's already taken."
|
|||
;; Presumably we got EAGAIN or so.
|
||||
(throw 'flock-error err))))))
|
||||
|
||||
|
||||
;;;
|
||||
;;; Miscellaneous, aka. 'prctl'.
|
||||
;;;
|
||||
|
||||
(define %prctl
|
||||
;; Should it win the API contest against 'ioctl'? You tell us!
|
||||
(syscall->procedure int "prctl"
|
||||
(list int unsigned-long unsigned-long
|
||||
unsigned-long unsigned-long)))
|
||||
|
||||
(define PR_SET_NAME 15) ;<linux/prctl.h>
|
||||
(define PR_GET_NAME 16)
|
||||
|
||||
(define %max-thread-name-length
|
||||
;; Maximum length in bytes of the process name, including the terminating
|
||||
;; zero.
|
||||
16)
|
||||
|
||||
(define (set-thread-name name)
|
||||
"Set the name of the calling thread to NAME. NAME is truncated to 15
|
||||
bytes."
|
||||
(let ((ptr (string->pointer name)))
|
||||
(let-values (((ret err)
|
||||
(%prctl PR_SET_NAME
|
||||
(pointer-address ptr) 0 0 0)))
|
||||
(unless (zero? ret)
|
||||
(throw 'set-process-name "set-process-name"
|
||||
"set-process-name: ~A"
|
||||
(list (strerror err))
|
||||
(list err))))))
|
||||
|
||||
(define (thread-name)
|
||||
"Return the name of the calling thread as a string."
|
||||
(let ((buf (make-bytevector %max-thread-name-length)))
|
||||
(let-values (((ret err)
|
||||
(%prctl PR_GET_NAME
|
||||
(pointer-address (bytevector->pointer buf))
|
||||
0 0 0)))
|
||||
(if (zero? ret)
|
||||
(bytes->string (bytevector->u8-list buf))
|
||||
(throw 'process-name "process-name"
|
||||
"process-name: ~A"
|
||||
(list (strerror err))
|
||||
(list err))))))
|
||||
|
||||
|
||||
;;;
|
||||
;;; Network interfaces.
|
||||
|
|
|
@ -34,7 +34,8 @@
|
|||
#:select (nar-error? nar-error-file))
|
||||
#:use-module (guix nar)
|
||||
#:use-module (guix utils)
|
||||
#:use-module ((guix build syscalls) #:select (fcntl-flock))
|
||||
#:use-module ((guix build syscalls)
|
||||
#:select (fcntl-flock set-thread-name))
|
||||
#:use-module ((guix build utils) #:select (which mkdir-p))
|
||||
#:use-module (guix ui)
|
||||
#:use-module (srfi srfi-1)
|
||||
|
@ -641,6 +642,7 @@ machine."
|
|||
(let ((max-silent-time (string->number max-silent-time))
|
||||
(build-timeout (string->number build-timeout))
|
||||
(print-build-trace? (string=? print-build-trace? "1")))
|
||||
(set-thread-name "guix offload")
|
||||
(parameterize ((%current-system system))
|
||||
(let loop ((line (read-line)))
|
||||
(unless (eof-object? line)
|
||||
|
|
|
@ -58,6 +58,7 @@
|
|||
#:select (with-atomic-file-output compressed-file?))
|
||||
#:use-module ((guix build utils)
|
||||
#:select (dump-port mkdir-p find-files))
|
||||
#:use-module ((guix build syscalls) #:select (set-thread-name))
|
||||
#:export (%public-key
|
||||
%private-key
|
||||
|
||||
|
@ -649,6 +650,7 @@ blocking."
|
|||
;; thread so that the main thread can keep working in the meantime.
|
||||
(call-with-new-thread
|
||||
(lambda ()
|
||||
(set-thread-name "publish nar")
|
||||
(let* ((response (write-response (sans-content-length response)
|
||||
client))
|
||||
(port (begin
|
||||
|
@ -670,6 +672,7 @@ blocking."
|
|||
;; Send a raw file in a separate thread.
|
||||
(call-with-new-thread
|
||||
(lambda ()
|
||||
(set-thread-name "publish file")
|
||||
(catch 'system-error
|
||||
(lambda ()
|
||||
(call-with-input-file (utf8->string body)
|
||||
|
@ -858,10 +861,16 @@ consider using the '--user' option!~%")))
|
|||
(sockaddr:port address))
|
||||
(when repl-port
|
||||
(repl:spawn-server (repl:make-tcp-server-socket #:port repl-port)))
|
||||
|
||||
;; Set the name of the main thread.
|
||||
(set-thread-name "guix publish")
|
||||
|
||||
(with-store store
|
||||
(run-publish-server socket store
|
||||
#:cache cache
|
||||
#:pool (and cache (make-pool workers))
|
||||
#:pool (and cache (make-pool workers
|
||||
#:thread-name
|
||||
"publish worker"))
|
||||
#:nar-path nar-path
|
||||
#:compression compression
|
||||
#:narinfo-ttl ttl))))))
|
||||
|
|
|
@ -39,6 +39,8 @@
|
|||
. guix:open-connection-for-uri)
|
||||
close-connection
|
||||
store-path-abbreviation byte-count->string))
|
||||
#:use-module ((guix build syscalls)
|
||||
#:select (set-thread-name))
|
||||
#:use-module (ice-9 rdelim)
|
||||
#:use-module (ice-9 regex)
|
||||
#:use-module (ice-9 match)
|
||||
|
@ -1015,6 +1017,8 @@ default value."
|
|||
(#f #f)
|
||||
(locale (false-if-exception (setlocale LC_ALL locale))))
|
||||
|
||||
(set-thread-name "guix substitute")
|
||||
|
||||
(with-networking
|
||||
(with-error-handling ; for signature errors
|
||||
(match args
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
#:use-module (srfi srfi-1)
|
||||
#:use-module (srfi srfi-9)
|
||||
#:use-module (srfi srfi-26)
|
||||
#:use-module ((guix build syscalls) #:select (set-thread-name))
|
||||
#:export (pool?
|
||||
make-pool
|
||||
pool-enqueue!
|
||||
|
@ -60,7 +61,8 @@
|
|||
(lambda ()
|
||||
(lock-mutex mutex))))
|
||||
|
||||
(define (worker-thunk mutex condvar pop-queue)
|
||||
(define* (worker-thunk mutex condvar pop-queue
|
||||
#:key (thread-name "guix worker"))
|
||||
"Return the thunk executed by worker threads."
|
||||
(define (loop)
|
||||
(match (pop-queue)
|
||||
|
@ -80,11 +82,18 @@
|
|||
(loop))
|
||||
|
||||
(lambda ()
|
||||
(catch 'system-error
|
||||
(lambda ()
|
||||
(set-thread-name thread-name))
|
||||
(const #f))
|
||||
|
||||
(with-mutex mutex
|
||||
(loop))))
|
||||
|
||||
(define* (make-pool #:optional (count (current-processor-count)))
|
||||
"Return a pool of COUNT workers."
|
||||
(define* (make-pool #:optional (count (current-processor-count))
|
||||
#:key (thread-name "guix worker"))
|
||||
"Return a pool of COUNT workers. Use THREAD-NAME as the name of these
|
||||
threads as reported by the operating system."
|
||||
(let* ((mutex (make-mutex))
|
||||
(condvar (make-condition-variable))
|
||||
(queue (make-q))
|
||||
|
@ -93,7 +102,8 @@
|
|||
(worker-thunk mutex condvar
|
||||
(lambda ()
|
||||
(and (not (q-empty? queue))
|
||||
(q-pop! queue)))))
|
||||
(q-pop! queue)))
|
||||
#:thread-name thread-name))
|
||||
1+
|
||||
0))
|
||||
(threads (map (lambda (proc)
|
||||
|
|
|
@ -266,6 +266,14 @@
|
|||
(close-port file)
|
||||
result)))))))))
|
||||
|
||||
(test-equal "set-thread-name"
|
||||
"Syscall Test"
|
||||
(let ((name (thread-name)))
|
||||
(set-thread-name "Syscall Test")
|
||||
(let ((new-name (thread-name)))
|
||||
(set-thread-name name)
|
||||
new-name)))
|
||||
|
||||
(test-assert "all-network-interface-names"
|
||||
(match (all-network-interface-names)
|
||||
(((? string? names) ..1)
|
||||
|
|
Loading…
Reference in New Issue