nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into core-updates

This commit is contained in:
Leo Famulari 2017-06-04 14:56:31 -04:00
parent 8b4186e116 cc24bf98bd
commit 9f825cec1b
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
25 changed files with 1278 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
doc/guix.texi
View File

@ -1146,6 +1146,24 @@ Allow at most @var{n} build jobs in parallel. The default value is
locally; instead, the daemon will offload builds (@pxref{Daemon Offload
Setup}), or simply fail.
@item --max-silent-time=@var{seconds}
When the build or substitution process remains silent for more than
@var{seconds}, terminate it and report a build failure.
The default value is @code{0}, which disables the timeout.
The value specified here can be overridden by clients (@pxref{Common
Build Options, @code{--max-silent-time}}).
@item --timeout=@var{seconds}
Likewise, when the build or substitution process lasts for more than
@var{seconds}, terminate it and report a build failure.
The default value is @code{0}, which disables the timeout.
The value specified here can be overridden by clients (@pxref{Common
Build Options, @code{--timeout}}).
@item --rounds=@var{N}
Build each derivation @var{n} times in a row, and raise an error if
consecutive build results are not bit-for-bit identical. Note that this
@ -4940,12 +4958,15 @@ instead of offloading builds to remote machines.
When the build or substitution process remains silent for more than
@var{seconds}, terminate it and report a build failure.
By default, the daemon's setting is honored (@pxref{Invoking
guix-daemon, @code{--max-silent-time}}).
@item --timeout=@var{seconds}
Likewise, when the build or substitution process lasts for more than
@var{seconds}, terminate it and report a build failure.
By default there is no timeout. This behavior can be restored with
@code{--timeout=0}.
By default, the daemon's setting is honored (@pxref{Invoking
guix-daemon, @code{--timeout}}).
@item --verbosity=@var{level}
Use the given verbosity level. @var{level} must be an integer between 0
@ -5854,6 +5875,11 @@ The @code{non-core} subset refers to the remaining packages. It is
typically useful in cases where an update of the core packages would be
inconvenient.
@item --manifest=@var{file}
@itemx -m @var{file}
Select all the packages from the manifest in @var{file}. This is useful to
check if any packages of the user manifest can be updated.
@item --type=@var{updater}
@itemx -t @var{updater}
Select only packages handled by @var{updater} (may be a comma-separated

6
gnu/build/file-systems.scm
View File

@ -260,7 +260,11 @@ volume descriptor from ~s"
"Return the raw contents of DEVICE's iso9660 primary volume descriptor
as a bytevector, or #f if DEVICE does not contain an iso9660 file system."
;; Start reading at sector 16.
(read-iso9660-primary-volume-descriptor device (* 2048 16)))
;; Since we are not sure that the device contains an ISO9660 filesystem,
;; we have to find that out first.
(if (read-superblock device (* 2048 16) 2048 iso9660-superblock?)
(read-iso9660-primary-volume-descriptor device (* 2048 16))
#f)) ; Device does not contain an iso9660 filesystem.
(define (iso9660-superblock-uuid sblock)
"Return the modification time of an iso9660 primary volume descriptor

5
gnu/local.mk
View File

@ -723,6 +723,7 @@ dist_patch_DATA = \
%D%/packages/patches/libevent-2.1-dns-tests.patch \
%D%/packages/patches/libevent-2.1-skip-failing-test.patch \
%D%/packages/patches/libextractor-ffmpeg-3.patch \
%D%/packages/patches/libgit2-0.25.1-mtime-0.patch \
%D%/packages/patches/libgit2-use-after-free.patch \
%D%/packages/patches/libffi-3.2.1-complex-alpha.patch \
%D%/packages/patches/libjxr-fix-function-signature.patch \
@ -931,6 +932,10 @@ dist_patch_DATA = \
%D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \
%D%/packages/patches/python2-subprocess32-disable-input-test.patch \
%D%/packages/patches/qemu-CVE-2017-7493.patch \
%D%/packages/patches/qemu-CVE-2017-8112.patch \
%D%/packages/patches/qemu-CVE-2017-8309.patch \
%D%/packages/patches/qemu-CVE-2017-8379.patch \
%D%/packages/patches/qemu-CVE-2017-8380.patch \
%D%/packages/patches/qt4-ldflags.patch \
%D%/packages/patches/qtscript-disable-tests.patch \
%D%/packages/patches/quickswitch-fix-dmenu-check.patch \

101
gnu/packages/android.scm
View File

@ -3,6 +3,7 @@
;;; Copyright © 2015 Kai-Chung Yan <seamlikok@gmail.com>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -23,8 +24,13 @@
#:use-module (guix packages)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
#:use-module (guix build-system python)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages python)
#:use-module (gnu packages ssh)
#:use-module (gnu packages version-control)
#:use-module (gnu packages tls))
;; The Makefiles that we add are largely based on the Debian
@ -298,3 +304,98 @@ with an emulator instance or connected Android device. It facilitates a variety
of device actions, such as installing and debugging apps, and it provides access
to a Unix shell that can run commands on the connected device or emulator.")
(license license:asl2.0)))
(define-public git-repo
(package
(name "git-repo")
(version "1.12.37")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://gerrit.googlesource.com/git-repo")
(commit (string-append "v" version))))
(file-name (string-append "git-repo-" version "-checkout"))
(sha256
(base32 "0qp7jqhblv7xblfgpcq4n18dyjdv8shz7r60c3vnjxx2fngkj2jd"))))
(build-system python-build-system)
(arguments
`(#:python ,python-2 ; code says: "Python 3 support is … experimental."
#:phases
(modify-phases %standard-phases
(add-before 'build 'set-executable-paths
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(git (assoc-ref inputs "git"))
(gpg (assoc-ref inputs "gnupg"))
(ssh (assoc-ref inputs "ssh")))
(substitute* '("repo" "git_command.py")
(("^GIT = 'git' ")
(string-append "GIT = '" git "/bin/git' ")))
(substitute* "repo"
((" cmd = \\['gpg',")
(string-append " cmd = ['" gpg "/bin/gpg',")))
(substitute* "git_config.py"
((" command_base = \\['ssh',")
(string-append " command_base = ['" ssh "/bin/ssh',")))
#t)))
(add-before 'build 'do-not-clone-this-source
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(repo-dir (string-append out "/share/" ,name)))
(substitute* "repo"
(("^def _FindRepo\\(\\):.*")
(format #f "
def _FindRepo():
'''Look for a repo installation, starting at the current directory.'''
# Use the installed version of git-repo.
repo_main = '~a/main.py'
curdir = os.getcwd()
olddir = None
while curdir != '/' and curdir != olddir:
dot_repo = os.path.join(curdir, repodir)
if os.path.isdir(dot_repo):
return (repo_main, dot_repo)
else:
olddir = curdir
curdir = os.path.dirname(curdir)
return None, ''
# The remaining of this function is dead code. It was used to
# find a git-checked-out version in the local project.\n" repo-dir))
;; Neither clone, check out, nor verify the git repository
(("(^\\s+)_Clone\\(.*\\)") "")
(("(^\\s+)_Checkout\\(.*\\)") "")
((" rev = _Verify\\(.*\\)") " rev = None"))
#t)))
(delete 'build) ; nothing to build
(replace 'check
(lambda _
(zero? (system* "python" "-m" "nose"))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(bin-dir (string-append out "/bin"))
(repo-dir (string-append out "/share/" ,name)))
(mkdir-p bin-dir)
(mkdir-p repo-dir)
(copy-recursively "." repo-dir)
(delete-file-recursively (string-append repo-dir "/tests"))
(symlink (string-append repo-dir "/repo")
(string-append bin-dir "/repo"))
#t))))))
(inputs
;; TODO: Add git-remote-persistent-https once it is available in guix
`(("git" ,git)
("gnupg" ,gnupg)
("ssh", openssh)))
(native-inputs
`(("nose" ,python2-nose)))
(home-page "https://code.google.com/p/git-repo/")
(synopsis "Helps to manage many Git repositories.")
(description "Repo is a tool built on top of Git. Repo helps manage many
Git repositories, does the uploads to revision control systems, and automates
parts of the development workflow. Repo is not meant to replace Git, only to
make it easier to work with Git. The repo command is an executable Python
script that you can put anywhere in your path.")
(license license:asl2.0)))

77
gnu/packages/compression.scm
View File

@ -15,6 +15,7 @@
;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -37,6 +38,7 @@
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (guix build-system perl)
#:use-module (guix build-system python)
@ -46,10 +48,13 @@
#:use-module (gnu packages backup)
#:use-module (gnu packages base)
#:use-module (gnu packages check)
#:use-module (gnu packages curl)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages tls)
#:use-module (gnu packages valgrind)
#:use-module (gnu packages zip)
#:use-module (ice-9 match)
#:use-module ((srfi srfi-1) #:select (last)))
@ -1153,6 +1158,78 @@ or junctions, and always follows hard links.")
;; expat-licenced (or MIT) code.
license:expat))))
(define-public unshield
(package
(name "unshield")
(version "1.4.2")
(source
(origin (method url-fetch)
(uri (string-append "http://github.com/twogood/unshield/archive/"
version ".tar.gz"))
(sha256
(base32
"0x7ps644yp5dka2zhb8w0ifqmw3d255jafpzfwv8xbcpgq6fmm2x"))))
(build-system cmake-build-system)
(inputs
`(("zlib" ,zlib)
("openssl" ,openssl)
;; test data that is otherwise downloaded with curl
("unshield-avigomanager11b22.zip"
,(origin
(method url-fetch)
(uri (string-append "https://www.dropbox.com/s/8r4b6752swe3nhu/\"
unshield-avigomanager11b22.zip?dl=1"))
(sha256
(base32 "0fwq7lih04if68wpwpsk5wjqyvh32db76a41sq6gbx4dn1lc3ddn"))
(file-name "unshield-avigomanager11b22.zip")))
("unshield-the-feeble-files-spanish.zip"
,(origin
(method url-fetch)
(uri (string-append "https://www.dropbox.com/s/1ng0z9kfxc7eb1e/\"
unshield-the-feeble-files-spanish.zip?dl=1"))
(sha256
(base32 "1k5cw6vnpja8yjlnhx5124xrw9i8s1l539hfdqqrqz3l5gn0bnyd"))
(file-name "unshield-the-feeble-files-spanish.zip")))))
(native-inputs
`(("unzip" ,unzip)))
(arguments
`(#:out-of-source? #f
#:phases
(modify-phases %standard-phases
(add-before 'check 'pre-check
(lambda* (#:key inputs #:allow-other-keys)
(for-each (lambda (i)
(copy-file (assoc-ref inputs i)
(string-append "test/v0/" i)))
'("unshield-avigomanager11b22.zip"
"unshield-the-feeble-files-spanish.zip"))
(substitute* (find-files "test/" "/*\\.sh")
;; Tests expect the unshield binary in a specific
;; location.
(("/var/tmp/unshield/bin/unshield")
(string-append (getcwd) "/src/unshield"))
;; We no longer need to download the data.
((".?URL=.*$") "")
(("curl -(|f)sSL -o test.zip .*") ""))
(substitute* "test/v0/avigomanager.sh"
(("test.zip")
(string-append (getcwd)
"/test/v0/unshield-avigomanager11b22.zip")))
(substitute* "test/v0/the-feeble-files-spanish.sh"
(("test.zip")
(string-append (getcwd)
"/test/v0/unshield-the-feeble-files-spanish.zip")))
#t))
(replace 'check
(lambda _
(zero? (system* "./run-tests.sh")))))))
(home-page "https://github.com/twogood/unshield")
(synopsis "Extract CAB files from InstallShield installers")
(description
"@command{unshield} is a tool and library for extracting @file{.cab}
archives from InstallShield installers.")
(license license:expat)))
(define-public unrar
(package
(name "unrar")

25
gnu/packages/game-development.scm
View File

@ -483,8 +483,9 @@ programming language.")
(version "4.4.2")
(source (origin
(method url-fetch)
(uri (string-append "http://download.gna.org/allegro/allegro/"
version "/allegro-" version ".tar.gz"))
(uri (string-append "https://github.com/liballeg/allegro5/"
"releases/download/" version "/allegro-"
version ".tar.gz"))
(sha256
(base32
"1p0ghkmpc4kwij1z9rzxfv7adnpy4ayi0ifahlns1bdzgmbyf88v"))))
@ -518,14 +519,18 @@ etc.")
(define-public allegro
(package
(name "allegro")
(version "5.2.0")
(version "5.2.2.0")
(source (origin
(method url-fetch)
(uri (string-append "http://download.gna.org/allegro/allegro/"
version "/allegro-" version ".tar.gz"))
(uri (string-append "https://github.com/liballeg/allegro5/releases"
"/download/" version "/allegro-"
(if (equal? "0" (string-take-right version 1))
(string-drop-right version 2)
version)
".tar.gz"))
(sha256
(base32
"1mwzgzc4nb5k5zkbq7yrc6hg63yxq3wk69lmjag1h19x8b6njnmg"))))
"1z4lrrlmn471wb7vzbd9iw7g379vj0k964vy1s64hcvv5bhvk1g2"))))
(build-system cmake-build-system)
(arguments `(#:tests? #f)) ; there are no tests
(inputs
@ -561,8 +566,12 @@ etc.")
(version "5.0.11")
(source (origin
(method url-fetch)
(uri (string-append "http://download.gna.org/allegro/allegro/"
version "/allegro-" version ".tar.gz"))
(uri (string-append "https://github.com/liballeg/allegro5/releases"
"/download/" version "/allegro-"
(if (equal? "0" (string-take-right version 1))
(string-drop-right version 2)
version)
".tar.gz"))
(sha256
(base32
"0cd51qrh97jrr0xdmnivqgwljpmizg8pixsgvc4blqqlaz4i9zj9"))))))

90
gnu/packages/games.scm
View File

@ -136,6 +136,82 @@
#:use-module (guix build-system cmake)
#:use-module (guix build-system trivial))
(define-public cataclysm-dda
(package
(name "cataclysm-dda")
(version "0.C")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/CleverRaven/Cataclysm-DDA/"
"archive/" version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1xlajmgl9cviqyjpp5g5q4rbljy9gqc49v54bi8gpzr68s14gsb9"))
(modules '((guix build utils)))
(snippet
;; Import cmath header for the std::pow function.
'(for-each (lambda (file)
(substitute* file
(("#include <math.h>")
"#include <cmath>")))
(find-files "src")))))
(build-system gnu-build-system)
(arguments
'(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
"USE_HOME_DIR=1" "DYNAMIC_LINKING=1" "RELEASE=1")
#:phases
(modify-phases %standard-phases
(replace 'configure
(lambda _
(substitute* "Makefile"
(("ncursesw5-config") "ncursesw6-config")
(("RELEASE_FLAGS = -Werror") "RELEASE_FLAGS ="))
#t))
(add-after 'build 'build-tiles
(lambda* (#:key make-flags outputs #:allow-other-keys)
;; Change prefix directory and enable tile graphics and sound.
(zero?
(apply system* "make" "TILES=1" "SOUND=1"
(string-append "PREFIX="
(assoc-ref outputs "tiles"))
(cdr make-flags)))))
(add-after 'install 'install-tiles
(lambda* (#:key make-flags outputs #:allow-other-keys)
(zero?
(apply system* "make" "install" "TILES=1" "SOUND=1"
(string-append "PREFIX="
(assoc-ref outputs "tiles"))
(cdr make-flags))))))
;; TODO: Add libtap++ from https://github.com/cbab/libtappp as a native
;; input in order to support tests.
#:tests? #f))
(outputs '("out"
"tiles")) ; For tile graphics and sound support.
(native-inputs
`(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(inputs
`(("freetype" ,freetype)
("libogg" ,libogg)
("libvorbis" ,libvorbis)
("ncurses" ,ncurses)
("sdl2" ,sdl2)
("sdl2-image", sdl2-image)
("sdl2-ttf" ,sdl2-ttf)
("sdl2-mixer" ,sdl2-mixer)))
(home-page "http://en.cataclysmdda.com/")
(synopsis "Survival horror roguelike video game")
(description
"Cataclysm: Dark Days Ahead is a roguelike set in a post-apocalyptic world.
Struggle to survive in a harsh, persistent, procedurally generated world.
Scavenge the remnants of a dead civilization for food, equipment, or, if you are
lucky, a vehicle with a full tank of gas to get you out of Dodge. Fight to
defeat or escape from a wide variety of powerful monstrosities, from zombies to
giant insects to killer robots and things far stranger and deadlier, and against
the others like yourself, that want what you have.")
(license license:cc-by-sa3.0)))
(define-public freedoom
(package
(name "freedoom")
@ -3405,16 +3481,20 @@ for Un*x systems with X11.")
(define-public freeciv
(package
(name "freeciv")
(version "2.5.6")
(version "2.5.7")
(source
(origin
(method url-fetch)
(uri (string-append
"http://download.gna.org/freeciv/"
"stable/freeciv-" version ".tar.bz2"))
(uri (list (string-append
"http://files.freeciv.org/stable/freeciv-"
version ".tar.bz2")
(string-append
"mirror://sourceforge/freeciv/Freeciv%20"
(version-major+minor version) "/" version
"/freeciv-" version ".tar.bz2")))
(sha256
(base32
"16wrnsx5rmbz6rjs03bhy0vn20i6n6g73lx7fjpai98ixhzc5bfg"))))
"1lmydnnqraa947l7gdz6xgm0bgks1ywsivp9h4v8jr3avcv6gqzz"))))
(build-system gnu-build-system)
(inputs
`(("curl" ,curl)

3
gnu/packages/image-processing.scm
View File

@ -45,8 +45,7 @@
#:use-module (gnu packages serialization)
#:use-module (gnu packages xiph)
#:use-module (gnu packages xml)
#:use-module (gnu packages xorg)
#:use-module (gnu packages vtk))
#:use-module (gnu packages xorg))
;; We use the latest snapshot of this package because the latest release is
;; from 2011 and has known vulnerabilities that cannot easily be fixed by

6
gnu/packages/kodi.scm
View File

@ -239,8 +239,8 @@ generator library for C++.")
(define-public kodi
;; We package the git version because the current released
;; version was cut while the cmake transition was in turmoil.
(let ((commit "1a38948ad068870671042bff2d8ac615dca9e5d8")
(revision "5"))
(let ((commit "f22d62dc3f6e811a538dda9c434e1804abb8b95f")
(revision "6"))
(package
(name "kodi")
(version (string-append "18.0_alpha-" revision "-" (string-take commit 7)))
@ -252,7 +252,7 @@ generator library for C++.")
(file-name (string-append name "-" version "-checkout"))
(sha256
(base32
"1apkiicmxb6ncqhznflb8wc4n770jx89asw1drmch7lq7j9m6sns"))
"0x8fqvid8b8qra327z615r2ygfkdca2p7wccdj5nfb4i5gy0sr09"))
(snippet
'(begin
(use-modules (guix build utils))

10
gnu/packages/mes.scm
View File

@ -34,14 +34,14 @@
(define-public nyacc
(package
(name "nyacc")
(version "0.78.3")
(version "0.79.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://savannah/nyacc/"
name "-" version ".tar.gz"))
(sha256
(base32
"0xrnl2hl9rpl50n8cihvclcd951zj640fj5kpi3d6ihwcqjcdi0a"))))
"14rhr9nv1022r7m94agb3299y0k093aq1ps22zgii3aa7cf9h1w4"))))
(build-system gnu-build-system)
(native-inputs
`(("guile" ,guile-2.2)))
@ -54,10 +54,10 @@ extensive examples, including parsers for the Javascript and C99 languages.")
(license (list gpl3+ lgpl3+))))
(define-public mes
(let ((commit "d4420bbcc9f994e2cce430cf156f383dc4092bca")
(let ((commit "7fdca75d2188b28df806b34ec92627d57aafa9ae")
(revision "0")
(triplet "i686-unknown-linux-gnu")
(version "0.6"))
(version "0.7"))
(package
(name "mes")
(version (string-append version "-" revision "." (string-take commit 7)))
@ -68,7 +68,7 @@ extensive examples, including parsers for the Javascript and C99 languages.")
(commit commit)))
(file-name (string-append name "-" version))
(sha256
(base32 "0qqywk3siyhf08v7xac08lqldklrqfndlp495wgy6ii9fn93197k"))))
(base32 "0fvzr1ai2rmi46zdi5b2bdjb6s8ip78mkmsk02yxl46rajmp2pb1"))))
(build-system gnu-build-system)
(supported-systems '("i686-linux" "x86_64-linux"))
(propagated-inputs

52
gnu/packages/networking.scm
View File

@ -13,6 +13,7 @@
;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch>
;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;;
;;; This file is part of GNU Guix.
;;;
@ -1184,3 +1185,54 @@ enabled due to license conflicts between the BSD advertising clause and the GPL.
;; others under a 4-clause BSD license. Refer to the files in the source
;; distribution for clarification.
(license (list license:bsd-3 license:bsd-4))))
(define-public spiped
(package
(name "spiped")
(version "1.6.0")
(source (origin
(method url-fetch)
(uri (string-append "https://www.tarsnap.com/spiped/spiped-"
version ".tgz"))
(sha256
(base32
"1r51rdcl7nib1yv3yvgd5alwlkkwmr387brqavaklb0p2bwzixz6"))))
(build-system gnu-build-system)
(arguments
'(#:test-target "test"
#:make-flags (let* ((out (assoc-ref %outputs "out"))
(bindir (string-append out "/bin"))
(man1dir (string-append out "/share/man/man1")))
(list "CC=gcc" ; It tries to invoke `c99`.
(string-append "BINDIR=" bindir)
(string-append "MAN1DIR=" man1dir)))
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'patch-command-invocations
(lambda _
(substitute* '("Makefile"
"libcperciva/cpusupport/Build/cpusupport.sh"
"libcperciva/POSIX/posix-cflags.sh"
"libcperciva/POSIX/posix-l.sh")
(("command -p") ""))
#t))
(delete 'configure) ; No ./configure script.
(add-after 'install 'install-more-docs
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref %outputs "out"))
(misc (string-append out "/share/doc/spiped")))
(install-file "DESIGN.md" misc)
#t))))))
(native-inputs
`(("procps" ,procps))) ; `ps` is used by the test suite.
(inputs
`(("openssl" ,openssl)))
(home-page "https://www.tarsnap.com/spiped.html")
(synopsis "Create secure pipes between sockets")
(description "Spiped (pronounced \"ess-pipe-dee\") is a utility for creating
symmetrically encrypted and authenticated pipes between socket addresses, so
that one may connect to one address (e.g., a UNIX socket on localhost) and
transparently have a connection established to another address (e.g., a UNIX
socket on a different system). This is similar to 'ssh -L' functionality, but
does not use SSH and requires a pre-shared symmetric key.")
(license license:bsd-2)))

14
gnu/packages/patches/libgit2-0.25.1-mtime-0.patch Normal file
View File

@ -0,0 +1,14 @@
The Clar test framework has a bug whereby it skips the parsing phase
on files with mtime=0.
Reported upstream at <https://github.com/vmg/clar/pull/78>.
diff --git a/tests/generate.py b/tests/generate.py
index b639c8f..111ca41 100644
--- a/tests/generate.py
+++ b/tests/generate.py
@@ -63,3 +63,3 @@ class Module(object):
- self.mtime = 0
+ self.mtime = None # Guix sets all file mtimes to '0'
self.enabled = True

41
gnu/packages/patches/qemu-CVE-2017-8112.patch Normal file
View File

@ -0,0 +1,41 @@
Fix CVE-2017-8112:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8112
Patch copied from upstream source repository:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=f68826989cd4d1217797251339579c57b3c0934e
From f68826989cd4d1217797251339579c57b3c0934e Mon Sep 17 00:00:00 2001
From: P J P <ppandit@redhat.com>
Date: Tue, 25 Apr 2017 18:36:23 +0530
Subject: [PATCH] vmw_pvscsi: check message ring page count at initialisation
A guest could set the message ring page count to zero, resulting in
infinite loop. Add check to avoid it.
Reported-by: YY Z <bigbird475958471@gmail.com>
Signed-off-by: P J P <ppandit@redhat.com>
Message-Id: <20170425130623.3649-1-ppandit@redhat.com>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/scsi/vmw_pvscsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 75575461e2..4a106da856 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
uint32_t len_log2;
uint32_t ring_size;
- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
return -1;
}
ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
--
2.13.0

46
gnu/packages/patches/qemu-CVE-2017-8309.patch Normal file
View File

@ -0,0 +1,46 @@
Fix CVE-2017-8309:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8309
Patch copied from upstream source repository:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3268a845f41253fb55852a8429c32b50f36f349a
From 3268a845f41253fb55852a8429c32b50f36f349a Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 28 Apr 2017 09:56:12 +0200
Subject: [PATCH] audio: release capture buffers
AUD_add_capture() allocates two buffers which are never released.
Add the missing calls to AUD_del_capture().
Impact: Allows vnc clients to exhaust host memory by repeatedly
starting and stopping audio capture.
Fixes: CVE-2017-8309
Cc: P J P <ppandit@redhat.com>
Cc: Huawei PSIRT <PSIRT@huawei.com>
Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20170428075612.9997-1-kraxel@redhat.com
---
audio/audio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/audio/audio.c b/audio/audio.c
index c8898d8422..beafed209b 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
sw = sw1;
}
QLIST_REMOVE (cap, entries);
+ g_free (cap->hw.mix_buf);
+ g_free (cap->buf);
g_free (cap);
}
return;
--
2.13.0

98
gnu/packages/patches/qemu-CVE-2017-8379.patch Normal file
View File

@ -0,0 +1,98 @@
Fix CVE-2017-8379:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8379
Patch copied from upstream source repository:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fa18f36a461984eae50ab957e47ec78dae3c14fc
From fa18f36a461984eae50ab957e47ec78dae3c14fc Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 28 Apr 2017 10:42:37 +0200
Subject: [PATCH] input: limit kbd queue depth
Apply a limit to the number of items we accept into the keyboard queue.
Impact: Without this limit vnc clients can exhaust host memory by
sending keyboard events faster than qemu feeds them to the guest.
Fixes: CVE-2017-8379
Cc: P J P <ppandit@redhat.com>
Cc: Huawei PSIRT <PSIRT@huawei.com>
Reported-by: jiangxin1@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20170428084237.23960-1-kraxel@redhat.com
---
ui/input.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/ui/input.c b/ui/input.c
index ed88cda6d6..fb1f404095 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
QTAILQ_HEAD_INITIALIZER(kbd_queue);
static QEMUTimer *kbd_timer;
static uint32_t kbd_default_delay_ms = 10;
+static uint32_t queue_count;
+static uint32_t queue_limit = 1024;
QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
QemuInputHandler *handler)
@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
break;
}
QTAILQ_REMOVE(queue, item, node);
+ queue_count--;
g_free(item);
}
}
@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
item->delay_ms = delay_ms;
item->timer = timer;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
if (start_timer) {
timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
item->src = src;
item->evt = evt;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
}
static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
item->type = QEMU_INPUT_QUEUE_SYNC;
QTAILQ_INSERT_TAIL(queue, item, node);
+ queue_count++;
}
void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
qemu_input_event_send(src, evt);
qemu_input_event_sync();
qapi_free_InputEvent(evt);
- } else {
+ } else if (queue_count < queue_limit) {
qemu_input_queue_event(&kbd_queue, src, evt);
qemu_input_queue_sync(&kbd_queue);
}
@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
&kbd_queue);
}
- qemu_input_queue_delay(&kbd_queue, kbd_timer,
- delay_ms ? delay_ms : kbd_default_delay_ms);
+ if (queue_count < queue_limit) {
+ qemu_input_queue_delay(&kbd_queue, kbd_timer,
+ delay_ms ? delay_ms : kbd_default_delay_ms);
+ }
}
InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
--
2.13.0

53
gnu/packages/patches/qemu-CVE-2017-8380.patch Normal file
View File

@ -0,0 +1,53 @@
Fix CVE-2017-8380:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8380
Patch copied from upstream source repository:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f
From 24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f Mon Sep 17 00:00:00 2001
From: Prasad J Pandit <pjp@fedoraproject.org>
Date: Mon, 24 Apr 2017 17:36:34 +0530
Subject: [PATCH] scsi: avoid an off-by-one error in megasas_mmio_write
While reading magic sequence(MFI_SEQ) in megasas_mmio_write,
an off-by-one error could occur as 's->adp_reset' index is not
reset after reading the last sequence.
Reported-by: YY Z <bigbird475958471@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20170424120634.12268-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/scsi/megasas.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 84b8caf901..804122ab05 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
case MFI_SEQ:
trace_megasas_mmio_writel("MFI_SEQ", val);
/* Magic sequence to start ADP reset */
- if (adp_reset_seq[s->adp_reset] == val) {
- s->adp_reset++;
+ if (adp_reset_seq[s->adp_reset++] == val) {
+ if (s->adp_reset == 6) {
+ s->adp_reset = 0;
+ s->diag = MFI_DIAG_WRITE_ENABLE;
+ }
} else {
s->adp_reset = 0;
s->diag = 0;
}
- if (s->adp_reset == 6) {
- s->diag = MFI_DIAG_WRITE_ENABLE;
- }
break;
case MFI_DIAG:
trace_megasas_mmio_writel("MFI_DIAG", val);
--
2.13.0

374
gnu/packages/python.scm
View File

@ -14922,3 +14922,377 @@ Supported metrics are:
(define-public python2-radon
(package-with-python2 python-radon))
(define-public python-sure
(package
(name "python-sure")
(version "1.4.6")
(source
(origin
(method url-fetch)
(uri (pypi-uri "sure" version))
(sha256
(base32
"1iyqsy2d6radi88g1qf0lziy5b39h5cpb3g5jiqyb4xi46ig3x1z"))))
(build-system python-build-system)
(propagated-inputs
`(("python-mock" ,python-mock)
("python-six" ,python-six)))
(native-inputs
`(("python-nose" ,python-nose)))
(home-page "https://github.com/gabrielfalcao/sure")
(synopsis "Automated testing library in python for python")
(description
"Sure is a python library that leverages a DSL for writing assertions.
Sure is heavily inspired by @code{RSpec Expectations} and @code{should.js}.")
(license license:gpl3+)))
(define-public python2-sure
(package-with-python2 python-sure))
(define-public python2-couleur
;; This package does not seem to support python3 at all, hence,
;; only the python2 variant definition is provided.
(package
(name "python2-couleur")
(version "0.6.2")
(source
(origin
(method url-fetch)
(uri (pypi-uri "couleur" version))
(sha256
(base32
"1qqaxyqz74wvid0cr119dhcwz0h0if5b5by44zl49pd5z65v58k1"))))
(build-system python-build-system)
(arguments
`(#:python ,python-2))
(home-page "https://github.com/gabrielfalcao/couleur")
(synopsis
"ANSI terminal tool for python, colored shell and other handy fancy features")
(description
"@code{Couleur} provides python programs a way to use the ANSI features in a unix
terminal such as coloured output in the shell, overwriting output, indentation, etc.")
;; README.md says ASL2.0, but all source code headers are LGPL3+.
;; https://github.com/gabrielfalcao/couleur/issues/11
(license license:lgpl3+)))
(define-public python-misaka
(package
(name "python-misaka")
(version "2.1.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "misaka" version))
(sha256
(base32
"1yqrq3a5rracirmvk52n28nn6ckdaz897gnigv89a9gmyn87sqw7"))))
(build-system python-build-system)
(arguments
`(;; Line 37 of setup.py calls self.run_command('develop')
;; in the 'check' phase. This command seems to be trying
;; to write to
;; /gnu/store/...-python-<version>/lib/python<version>/site-packages/
;; for which it does not have the permission to write.
#:tests? #f))
(propagated-inputs
`(("python-cffi" ,python-cffi)))
(home-page "https://github.com/FSX/misaka")
(synopsis "Python binding for Hoedown")
(description
"@code{Misaka} is a CFFI-based binding for @code{Hoedown}, a fast markdown processing
library written in C. It features a fast HTML renderer and functionality to make custom
renderers (e.g. man pages or LaTeX).")
(license license:expat)))
(define-public python2-misaka
(package-with-python2 python-misaka))
(define-public python2-steadymark
;; This is forced into being a python2 only variant
;; due to its dependence on couleur that has no support
;; for python3
(package
(name "python2-steadymark")
(version "0.7.3")
(source
(origin
(method url-fetch)
(uri (pypi-uri "steadymark" version))
(sha256
(base32
"1640i9g8dycql3cc8j0bky0jkzj0q39blfbp4lsgpkprkfgcdk8v"))))
(build-system python-build-system)
(native-inputs
`(("python-couleur" ,python2-couleur)
("python-sure" ,python2-sure)
("python-misaka" ,python2-misaka)))
(arguments
`(#:python ,python-2
#:phases
(modify-phases %standard-phases
(add-before 'build 'patch-setup-py
(lambda _
;; Update requirements from dependency==version
;; to dependency>=version
(substitute* "setup.py"
(("==") ">="))
#t)))))
(home-page "https://github.com/gabrielfalcao/steadymark")
(synopsis "Markdown-based test runner for python")
(description
"@code{Steadymark} allows documentation to be written in github-flavoured
markdown. The documentation may contain snippets of code surrounded by python
code blocks and @code{Steadymark} will find these snippets and run them, making
sure that there are no old malfunctional examples in the documentation examples.")
(license license:expat)))
(define-public python-nose-randomly
(package
(name "python-nose-randomly")
(version "1.2.5")
(source
(origin
(method url-fetch)
(uri (pypi-uri "nose-randomly" version))
(sha256
(base32
"1cw9dlr1zh3w4i438kin7z0rm8092ki52hayisyc43h9pcplq7rn"))))
(build-system python-build-system)
(native-inputs
`(("python-nose" ,python-nose)
("python-numpy" ,python-numpy)))
(home-page "https://github.com/adamchainz/nose-randomly")
(synopsis
"Nose plugin to randomly order tests and control random.seed")
(description
"This is a @code{Nose} plugin to randomly order tests which can be quite
powerful in discovering hidden flaws in the tests themselves, while helping to
reduce inter-test dependencies. It also helps in controlling @code{random.seed},
by resetting it to a repeatable number for each test, enabling the tests to
create data based on random numbers and yet remain repeatable.")
(license license:bsd-3)))
(define-public python2-nose-randomly
(package-with-python2 python-nose-randomly))
(define-public python-jsonpointer
(package
(name "python-jsonpointer")
(version "1.10")
(source
(origin
(method url-fetch)
(uri (pypi-uri "jsonpointer" version))
(sha256
(base32
"1cg0gvgqjysydv6p45v4jywg1jb3v48c7m3cbpi57zgf6nndr9cz"))))
(build-system python-build-system)
(home-page "https://github.com/stefankoegl/python-json-pointer")
(synopsis "Identify specific nodes in a JSON document")
(description "@code{jsonpointer} allows you to access specific nodes
by path in a JSON document (see RFC 6901).")
(license license:bsd-3)))
(define-public python2-jsonpointer
(package-with-python2 python-jsonpointer))
(define-public python-rfc3987
(package
(name "python-rfc3987")
(version "1.3.7")
(source
(origin
(method url-fetch)
(uri (pypi-uri "rfc3987" version))
(sha256
(base32
"192pclzs2y0yaywqkrlvd0x73740q310kvqvm6jldhi619mq59wi"))))
(build-system python-build-system)
(home-page "http://pypi.python.org/pypi/rfc3987")
(synopsis "Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)")
(description "@code{rfc3987} provides routines for parsing and
validation of URIs (see RFC 3986) and IRIs (see RFC 3987).")
(license license:gpl3+)))
(define-public python2-rfc3987
(package-with-python2 python-rfc3987))
(define-public python-validate-email
(package
(name "python-validate-email")
(version "1.3")
(source
(origin
(method url-fetch)
(uri (pypi-uri "validate_email" version))
(sha256
(base32
"1bxffaf5yz2cph8ki55vdvdypbwkvn2xr1firlcy62vqbzf1jivq"))))
(build-system python-build-system)
(home-page "http://github.com/syrusakbary/validate_email")
(synopsis "Verifies if an email address is valid and really exists")
(description "@code{validate_email} can be used to verify if an email
address is valid and really exists.")
(license license:lgpl3+)))
(define-public python2-validate-email
(package-with-python2 python-validate-email))
(define-public python-flex
(package
(name "python-flex")
(version "6.10.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "flex" version))
(sha256
(base32
"00pamnwla3khk8nyla7y28dq9jnh69swd7f4jfsl7sn1izs8n8zk"))))
(build-system python-build-system)
(propagated-inputs
`(("python-click" ,python-click)
("python-iso8601" ,python-iso8601)
("python-jsonpointer" ,python-jsonpointer)
("python-pyyaml" ,python-pyyaml)
("python-requests" ,python-requests)
("python-rfc3987" ,python-rfc3987)
("python-six" ,python-six)
("python-validate-email" ,python-validate-email)))
(home-page "https://github.com/pipermerriam/flex")
(synopsis "Validates Swagger schemata")
(description "@code{flex} can be used to validate Swagger schemata.")
(license license:bsd-3)))
(define-public python2-flex
(package-with-python2 python-flex))
(define-public python-marshmallow
(package
(name "python-marshmallow")
(version "3.0.0b2")
(source
(origin
(method url-fetch)
(uri (pypi-uri "marshmallow" version))
(sha256
(base32
"11bnpvfdbczr74177p295zbkdrax2cahvbj5bqhhlprgz2xxi5d9"))))
(build-system python-build-system)
(propagated-inputs
`(("python-dateutil" ,python-dateutil)
("python-simplejson" ,python-simplejson)))
(native-inputs
`(("python-pytest-3.0" ,python-pytest-3.0)
("python-pytz" ,python-pytz)))
(home-page "https://github.com/marshmallow-code/marshmallow")
(synopsis "Convert complex datatypes to and from native
Python datatypes.")
(description "@code{marshmallow} provides a library for converting
complex datatypes to and from native Python datatypes.")
(license license:expat)))
(define-public python2-marshmallow
(package-with-python2 python-marshmallow))
(define-public python-bottle
(package
(name "python-bottle")
(version "0.12.13")
(source
(origin
(method url-fetch)
(uri (pypi-uri "bottle" version))
(sha256
(base32
"0m9k2a7yxvggc4kw8fsvj381vgsvfcdshg5nzy6vwrxiw2p53drr"))))
(build-system python-build-system)
(home-page "http://bottlepy.org/")
(synopsis "WSGI framework for small web-applications.")
(description "@code{python-bottle} is a WSGI framework for small web-applications.")
(license license:expat)))
(define-public python2-bottle
(package-with-python2 python-bottle))
(define-public python-apispec
(package
(name "python-apispec")
(version "0.22.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "apispec" version))
(sha256
(base32
"0y3jxmgp2d24am3hxl40f5rw9abb0r8037sagax3dv64h4n1azwq"))))
(build-system python-build-system)
(propagated-inputs
`(("python-pyyaml" ,python-pyyaml)))
(native-inputs
`(("python-pytest-3.0" ,python-pytest-3.0)
("python-flask" ,python-flask)
("python-marshmallow" ,python-marshmallow)
("python-tornado" ,python-tornado)
("python-bottle" ,python-bottle)
("python-mock" ,python-mock)))
(home-page "https://github.com/marshmallow-code/apispec")
(synopsis "Swagger 2.0 API specification generator")
(description "@code{python-apispec} is a pluggable API specification
generator. Currently supports the OpenAPI specification (f.k.a.
Swagger 2.0).")
(license license:expat)))
(define-public python2-apispec
(package-with-python2 python-apispec))
(define-public python-flasgger
(package
(name "python-flasgger")
(version "0.6.3")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/rochacbruno/flasgger/archive/"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1gqzlm0rb55fdpsy5ipkganlx9cnpi454fqyycr03jm22zql14ay"))))
(build-system python-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(replace 'check
(lambda* (#:key inputs outputs #:allow-other-keys)
(substitute* "Makefile"
(("flake8 flasgger --ignore=F403")
"flake8 flasgger --ignore=E731,F403"))
(setenv "PYTHONPATH" (string-append (getcwd)
":"
(getenv "PYTHONPATH")))
(zero? (system* "py.test")))))))
(propagated-inputs
`(("python-flask" ,python-flask)
("python-pyyaml" ,python-pyyaml)
("python-jsonschema" ,python-jsonschema)
("python-mistune" ,python-mistune)
("python-six" ,python-six)))
(native-inputs
`(("python-decorator" ,python-decorator)
("python-flake8" ,python-flake8)
("python-flask-restful" ,python-flask-restful)
("python-flex" ,python-flex)
("python-pytest-3.0" ,python-pytest-3.0)
("python-pytest-cov" ,python-pytest-cov)
("python-marshmallow" ,python-marshmallow)
("python-apispec" ,python-apispec)))
(home-page "https://github.com/rochacbruno/flasgger/")
(synopsis "Extract Swagger specs from your Flask project")
(description "@code{python-flasgger} allows extracting Swagger specs
from your Flask project. It is a fork of Flask-Swagger.")
(license license:expat)))
(define-public python2-flasgger
(package-with-python2 python-flasgger))

6
gnu/packages/qemu.scm
View File

@ -74,7 +74,11 @@
(method url-fetch)
(uri (string-append "http://wiki.qemu-project.org/download/qemu-"
version ".tar.xz"))
(patches (search-patches "qemu-CVE-2017-7493.patch"))
(patches (search-patches "qemu-CVE-2017-7493.patch"
"qemu-CVE-2017-8112.patch"
"qemu-CVE-2017-8309.patch"
"qemu-CVE-2017-8379.patch"
"qemu-CVE-2017-8380.patch"))
(sha256
(base32
"08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h"))))

105
gnu/packages/shells.scm
View File

@ -459,6 +459,111 @@ and redirections, and a complete syscall library for low-level access to the
operating system.")
(license bsd-3))))
(define-public linenoise
(package
(name "linenoise")
(version "1.0")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/antirez/linenoise/"
"archive/" version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"05006hd56xcvxjdpll4x720bpfan7vwqmxbw8a2kvm10w57ll1gm"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ;No tests are included
#:make-flags (list "CC=gcc")
#:phases
(modify-phases %standard-phases
(delete 'configure)
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
;; At the moment there is no 'make install' in upstream.
(let* ((out (assoc-ref outputs "out")))
(install-file "linenoise.h"
(string-append out "/include/linenoise"))
(install-file "linenoise.c"
(string-append out "/include/linenoise"))
#t))))))
(home-page "https://github.com/antirez/linenoise")
(synopsis "Minimal zero-config readline replacement")
(description
"Linenoise is a minimal, zero-config, readline replacement.
Its features include:
@enumerate
@item Single and multi line editing mode with the usual key bindings
@item History handling
@item Completion
@item Hints (suggestions at the right of the prompt as you type)
@item A subset of VT100 escapes, ANSI.SYS compatible
@end enumerate\n")
(license bsd-2)))
(define-public s
(let ((commit "6604341edb3a775ff94415762af3ee9bd86bfb3c")
(revision "1"))
(package
(name "s")
(version (string-append "0.0.0-" revision "." (string-take commit 7)))
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/rain-1/s")
(commit commit)))
(file-name (string-append name "-" version "-checkout"))
(sha256
(base32
"1075cml6dl15d770j3m12yz90cjacsdslbv3gank1nxd76vmpdcr"))))
(build-system gnu-build-system)
(inputs
`(("linenoise" ,linenoise)))
(arguments
`(#:tests? #f
#:make-flags (list "CC=gcc")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'install-directory-fix
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(bin (string-append out "/bin")))
(substitute* "Makefile"
(("out") bin))
#t)))
(add-after 'install 'manpage
(lambda* (#:key outputs #:allow-other-keys)
(install-file "s.1" (string-append (assoc-ref outputs "out")
"/share/man/man1"))))
(replace 'configure
(lambda* (#:key inputs outputs #:allow-other-keys)
;; At this point linenoise is meant to be included,
;; so we have to really copy it into the working directory
;; of s.
(let* ((linenoise (assoc-ref inputs "linenoise"))
(noisepath (string-append linenoise "/include/linenoise"))
(out (assoc-ref outputs "out")))
(copy-recursively noisepath "linenoise")
(substitute* "s.c"
(("/bin/s") (string-append out "/bin/s")))
#t))))))
(home-page "https://github.com/rain-1/s")
(synopsis "Extremely minimal shell with the simplest syntax possible")
(description
"S is a new shell that aims to be extremely simple.
S does not implemnt the POSIX shell standard.
There are no globs or \"splatting\" where a variable $FOO turns into multiple
command line arguments. One token stays one token forever.
This is a \"no surprises\" straightforward approach.
There are no redirection operators > in the shell language, they are added as
extra programs. > is just another unix command, < is essentially cat(1).
A @code{andglob} program is also provided along with s.")
(license bsd-3))))
(define-public loksh
(package
(name "loksh")

18
gnu/packages/version-control.scm
View File

@ -336,7 +336,9 @@ everything from small to very large projects with speed and efficiency.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s"))))
"1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s"))
(patches (search-patches "libgit2-use-after-free.patch"
"libgit2-0.25.1-mtime-0.patch"))))
(build-system cmake-build-system)
(arguments
`(#:phases
@ -349,25 +351,13 @@ everything from small to very large projects with speed and efficiency.")
(("/bin/cp") (which "cp"))
(("/bin/rm") (which "rm")))
#t))
(add-after 'unpack 'apply-patch
(lambda* (#:key inputs #:allow-other-keys)
;; XXX: For some reason adding the patch in 'patches', which
;; leads to a new tarball with all timestamps reset and ordering
;; by name (slightly different file order compared to the
;; original tarball) leads to an obscure Python error while
;; running 'generate.py':
;; 'Module' object has no attribute 'callbacks'
;; Thus, apply the patch here, which minimizes disruption.
(let ((patch (assoc-ref inputs "patch")))
(zero? (system* "patch" "-p1" "--force" "--input" patch)))))
;; Run checks more verbosely.
(replace 'check
(lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q")))))))
(inputs
`(("libssh2" ,libssh2)
("libcurl" ,curl)
("python" ,python-wrapper)
("patch" ,(search-patch "libgit2-use-after-free.patch"))))
("python" ,python-wrapper)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(propagated-inputs

78
gnu/packages/video.scm
View File

@ -19,6 +19,7 @@
;;; Copyright © 2017 Chris Marusich <cmmarusich@gmail.com>
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Ethan R. Jones <doubleplusgood23@gmail.com>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -659,7 +660,10 @@ audio/video codec library.")
"1a22b913p2227ljz89c4fgjlyln5gcz8z58w32r0wh4srnnd60y4"))))
(build-system gnu-build-system)
(native-inputs
`(("git" ,git) ; needed for a test
`(("autoconf" ,autoconf)
("automake" ,automake)
("git" ,git) ; needed for a test
("libtool" ,libtool)
("pkg-config" ,pkg-config)))
;; FIXME: Add optional inputs once available.
(inputs
@ -673,6 +677,7 @@ audio/video codec library.")
("gnutls" ,gnutls)
("liba52" ,liba52)
("libcddb" ,libcddb)
("libdvbpsi" ,libdvbpsi)
("libgcrypt" ,libgcrypt)
("libkate" ,libkate)
("libmad" ,libmad)
@ -687,6 +692,7 @@ audio/video codec library.")
("libxinerama" ,libxinerama)
("libxml2" ,libxml2)
("libxpm" ,libxpm)
("livemedia-utils" ,livemedia-utils)
("lua" ,lua-5.1)
("mesa" ,mesa)
("opus" ,opus)
@ -714,6 +720,15 @@ audio/video codec library.")
#:phases
(modify-phases %standard-phases
(add-before 'configure 'bootstrap
(lambda _ (zero? (system* "sh" "bootstrap"))))
(add-before 'bootstrap 'fix-livemedia-utils-prefix
(lambda* (#:key inputs #:allow-other-keys)
(let ((livemedia-utils (assoc-ref inputs "livemedia-utils")))
(substitute* "configure.ac"
(("LIVE555_PREFIX=\\$\\{LIVE555_PREFIX-\"/usr\"\\}")
(string-append "LIVE555_PREFIX=" livemedia-utils)))
#t)))
(add-before 'configure 'remove-visual-tests
;; Some of the tests require using the display to test out VLC,
;; which fails in our sandboxed build system
@ -2153,3 +2168,64 @@ MPEG-2, MPEG-4, DVD (VOB)...
information and other metadata about audio or video files. It supports the
many codecs and formats supported by libmediainfo.")
(license license:bsd-2)))
(define-public livemedia-utils
(package
(name "livemedia-utils")
(version "2017.05.24")
(source (origin
(method url-fetch)
(uri (string-append
"http://www.live555.com/liveMedia/public/live."
version ".tar.gz"))
(sha256
(base32
"1ra64j3qa89hf3xika8jz9gd8al8mcaqlk5ivw5pclnd2df5f4im"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f ; no tests
#:make-flags (list "CC=gcc"
(string-append "LDFLAGS=-Wl,-rpath="
(assoc-ref %outputs "out") "/lib")
(string-append "PREFIX="
(assoc-ref %outputs "out")))
#:phases (modify-phases %standard-phases
(add-before 'configure 'fix-makefiles-generation
(lambda _
(substitute* "genMakefiles"
(("/bin/rm") "rm"))
#t))
(replace 'configure
(lambda _
(zero? (system* "./genMakefiles"
"linux-with-shared-libraries")))))))
(home-page "http://www.live555.com/liveMedia/")
(synopsis "Set of C++ libraries for multimedia streaming")
(description "This code forms a set of C++ libraries for multimedia
streaming, using open standard protocols (RTP/RTCP, RTSP, SIP). The libraries
can be used to stream, receive, and process MPEG, H.265, H.264, H.263+, DV or
JPEG video, and several audio codecs. They can easily be extended to support
additional (audio and/or video) codecs, and can also be used to build basic
RTSP or SIP clients and servers.")
(license license:lgpl3+)))
(define-public libdvbpsi
(package
(name "libdvbpsi")
(version "1.3.1")
(source (origin
(method url-fetch)
(uri (string-append
"https://download.videolan.org/pub/libdvbpsi/"
version "/libdvbpsi-" version ".tar.bz2"))
(sha256
(base32
"0824r08kaspbrrg2dd5d46s475zb7j59brqkm2y6x3mdsnpng0yn"))))
(build-system gnu-build-system)
(home-page "https://www.videolan.org/developers/libdvbpsi.html")
(synopsis "Library for decoding and generation of MPEG TS and DVB PSI
tables")
(description "libdvbpsi is a simple library designed for decoding and
generation of MPEG TS and DVB PSI tables according to standards ISO/IEC 13818s
and ITU-T H.222.0.")
(license license:lgpl2.1)))

5
gnu/packages/wine.scm
View File

@ -2,6 +2,7 @@
;;; Copyright © 2014, 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -54,14 +55,14 @@
(define-public wine
(package
(name "wine")
(version "2.4")
(version "2.9")
(source (origin
(method url-fetch)
(uri (string-append "https://dl.winehq.org/wine/source/2.x"
"/wine-" version ".tar.xz"))
(sha256
(base32
"13klfadvd44zdfrzh38al99s53i02x3mlhcj5z7fq7vqwh3xzdc7"))))
"0pslhs3kwjimlz5ad6vzzdw7lgbfpwl8vyg4jmf17p61pfxzfimc"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)
("gettext" ,gettext-minimal)

34
guix/scripts/refresh.scm
View File

@ -4,6 +4,7 @@
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -27,6 +28,7 @@
#:use-module (guix store)
#:use-module (guix utils)
#:use-module (guix packages)
#:use-module (guix profiles)
#:use-module (guix upstream)
#:use-module (guix discovery)
#:use-module (guix graph)
@ -79,6 +81,9 @@
(option '(#\L "list-updaters") #f #f
(lambda args
(list-updaters-and-exit)))
(option '(#\m "manifest") #t #f
(lambda (opt name arg result)
(alist-cons 'manifest arg result)))
(option '(#\e "expression") #t #f
(lambda (opt name arg result)
(alist-cons 'expression arg result)))
@ -125,6 +130,8 @@ specified with `--select'.\n"))
-s, --select=SUBSET select all the packages in SUBSET, one of
`core' or `non-core'"))
(display (G_ "
-m, --manifest=FILE select all the packages from the manifest in FILE"))
(display (G_ "
-t, --type=UPDATER,... restrict to updates from the specified updaters
(e.g., 'gnu')"))
(display (G_ "
@ -306,6 +313,24 @@ dependent packages are rebuilt: ~{~a~^ ~}~%"
(map full-name covering))))
(return #t))))
;;;
;;; Manifest.
;;;
(define (manifest->packages manifest)
"Return the list of packages in MANIFEST."
(filter-map (lambda (entry)
(let ((item (manifest-entry-item entry)))
(if (package? item) item #f)))
(manifest-entries manifest)))
(define (packages-from-manifest manifest)
"Return the list of packages in loaded MANIFEST."
(let* ((user-module (make-user-module '((guix profiles) (gnu))))
(manifest (load* manifest user-module)))
(manifest->packages manifest)))
;;;
;;; Entry point.
@ -378,8 +403,7 @@ update would trigger a complete rebuild."
;; the command line.
(warn? (or (assoc-ref opts 'argument)
(assoc-ref opts 'expression)))
(packages
(args-packages
(match (filter-map (match-lambda
(('argument . spec)
;; Take either the specified version or the
@ -400,7 +424,11 @@ update would trigger a complete rebuild."
result))
'())))
(some ; user-specified packages
some))))
some)))
(packages
(match (assoc-ref opts 'manifest)
(#f args-packages)
((? string? file) (packages-from-manifest file)))))
(with-error-handling
(with-store store
(run-with-store store

12
nix/nix-daemon/guix-daemon.cc
View File

@ -81,6 +81,8 @@ builds derivations on behalf of its clients.");
#define GUIX_OPT_GC_KEEP_OUTPUTS 15
#define GUIX_OPT_GC_KEEP_DERIVATIONS 16
#define GUIX_OPT_BUILD_ROUNDS 17
#define GUIX_OPT_TIMEOUT 18
#define GUIX_OPT_MAX_SILENT_TIME 19
static const struct argp_option options[] =
{
@ -91,6 +93,10 @@ static const struct argp_option options[] =
},
{ "max-jobs", 'M', n_("N"), 0,
n_("allow at most N build jobs") },
{ "timeout", GUIX_OPT_TIMEOUT, n_("SECONDS"), 0,
n_("mark builds as failed after SECONDS of activity") },
{ "max-silent-time", GUIX_OPT_MAX_SILENT_TIME, n_("SECONDS"), 0,
n_("mark builds as failed after SECONDS of silence") },
{ "disable-chroot", GUIX_OPT_DISABLE_CHROOT, 0, 0,
n_("disable chroot builds") },
{ "chroot-directory", GUIX_OPT_CHROOT_DIR, n_("DIR"), 0,
@ -245,6 +251,12 @@ parse_opt (int key, char *arg, struct argp_state *state)
case 'M':
settings.set ("build-max-jobs", arg);
break;
case GUIX_OPT_TIMEOUT:
settings.set ("build-timeout", arg);
break;
case GUIX_OPT_MAX_SILENT_TIME:
settings.set ("build-max-silent-time", arg);
break;
case GUIX_OPT_SYSTEM:
settings.thisSystem = arg;
break;

36
tests/guix-daemon.sh
View File

@ -145,3 +145,39 @@ guile -c '
(exit
(= 42 (pk (call-with-input-file (derivation->output-path drv)
read)))))))'
kill "$daemon_pid"
# Make sure the daemon's default 'timeout' and 'max-silent-time' settings are
# honored.
client_code='
(use-modules (guix) (gnu packages) (guix tests) (srfi srfi-34))
(with-store store
(let* ((build (add-text-to-store store "build.sh"
"while true ; do : ; done"))
(bash (add-to-store store "bash" #t "sha256"
(search-bootstrap-binary "bash"
(%current-system))))
(drv (derivation store "the-thing" bash
`("-e" ,build)
#:inputs `((,bash) (,build))
#:env-vars `(("x" . ,(random-text))))))
(exit (guard (c ((nix-protocol-error? c)
(->bool
(string-contains (pk (nix-protocol-error-message c))
"failed"))))
(build-derivations store (list drv))
#f))))'
for option in --max-silent-time=1 --timeout=1
do
guix-daemon --listen="$socket" --disable-chroot "$option" &
daemon_pid=$!
GUIX_DAEMON_SOCKET="$socket" guile -c "$client_code"
kill "$daemon_pid"
done