nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into core-updates

This commit is contained in:
Leo Famulari 2017-12-21 13:58:35 -05:00
parent 24ee3b28c6 5dc0e0b055
commit f76fc96866
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
44 changed files with 716 additions and 372 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/guix.texi
View File

@ -10025,7 +10025,9 @@ well as in the @var{groups} field of the @var{operating-system} record.
@deffn {Scheme Procedure} urandom-seed-service
Save some entropy in @var{%random-seed-file} to seed @file{/dev/urandom}
when rebooting.
when rebooting. It also tries to seed @file{/dev/urandom} from
@file{/dev/hwrng} while booting, if @file{/dev/hwrng} exists and is
readable.
@end deffn
@defvr {Scheme Variable} %random-seed-file

10
gnu/local.mk
View File

@ -782,6 +782,7 @@ dist_patch_DATA = \
%D%/packages/patches/liba52-set-soname.patch \
%D%/packages/patches/liba52-use-mtune-not-mcpu.patch \
%D%/packages/patches/libarchive-CVE-2017-14166.patch \
%D%/packages/patches/libarchive-CVE-2017-14502.patch \
%D%/packages/patches/libbase-fix-includes.patch \
%D%/packages/patches/libbase-use-own-logging.patch \
%D%/packages/patches/libbonobo-activation-test-race.patch \
@ -796,6 +797,7 @@ dist_patch_DATA = \
%D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \
%D%/packages/patches/libevent-2.1-dns-tests.patch \
%D%/packages/patches/libevent-2.1-skip-failing-test.patch \
%D%/packages/patches/libexif-CVE-2017-7544.patch \
%D%/packages/patches/libgit2-0.25.1-mtime-0.patch \
%D%/packages/patches/libgdata-fix-tests.patch \
%D%/packages/patches/libgdata-glib-duplicate-tests.patch \
@ -832,6 +834,7 @@ dist_patch_DATA = \
%D%/packages/patches/lierolibre-newer-libconfig.patch \
%D%/packages/patches/lierolibre-remove-arch-warning.patch \
%D%/packages/patches/lierolibre-try-building-other-arch.patch \
%D%/packages/patches/links-CVE-2017-11114.patch \
%D%/packages/patches/linux-pam-no-setfsuid.patch \
%D%/packages/patches/lirc-localstatedir.patch \
%D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \
@ -873,11 +876,7 @@ dist_patch_DATA = \
%D%/packages/patches/mozjs38-tracelogger.patch \
%D%/packages/patches/mozjs38-version-detection.patch \
%D%/packages/patches/mumps-build-parallelism.patch \
%D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch \
%D%/packages/patches/mupdf-CVE-2017-14685.patch \
%D%/packages/patches/mupdf-CVE-2017-14686.patch \
%D%/packages/patches/mupdf-CVE-2017-14687.patch \
%D%/packages/patches/mupdf-CVE-2017-15587.patch \
%D%/packages/patches/mupdf-build-with-latest-openjpeg.patch \
%D%/packages/patches/mupen64plus-ui-console-notice.patch \
%D%/packages/patches/mutt-store-references.patch \
%D%/packages/patches/net-tools-bitrot.patch \
@ -1119,6 +1118,7 @@ dist_patch_DATA = \
%D%/packages/patches/wpa-supplicant-fix-zeroed-keys.patch \
%D%/packages/patches/wpa-supplicant-fix-nonce-reuse.patch \
%D%/packages/patches/wpa-supplicant-krack-followups.patch \
%D%/packages/patches/xboing-CVE-2004-0149.patch \
%D%/packages/patches/xcb-proto-python3-print.patch \
%D%/packages/patches/xcb-proto-python3-whitespace.patch \
%D%/packages/patches/xdotool-fix-makefile.patch \

2
gnu/packages/avr.scm
View File

@ -158,7 +158,7 @@ C++.")
(native-inputs
`(("unzip" ,unzip)
("xxd" ,xxd)))
(home-page "http://microscheme.org/")
(home-page "https://github.com/ryansuchocki/microscheme/")
(synopsis "Scheme subset for Atmel microcontrollers")
(description
"Microscheme, or @code{(ms)} for short, is a functional programming

3
gnu/packages/backup.scm
View File

@ -195,7 +195,8 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(method url-fetch)
(uri (string-append "http://libarchive.org/downloads/libarchive-"
version ".tar.gz"))
(patches (search-patches "libarchive-CVE-2017-14166.patch"))
(patches (search-patches "libarchive-CVE-2017-14166.patch"
"libarchive-CVE-2017-14502.patch"))
(sha256
(base32
"1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd"))))

37
gnu/packages/bioinformatics.scm
View File

@ -5857,14 +5857,14 @@ information as possible.")
(define-public r-vegan
(package
(name "r-vegan")
(version "2.4-4")
(version "2.4-5")
(source
(origin
(method url-fetch)
(uri (cran-uri "vegan" version))
(sha256
(base32
"1n57dzv2aid6iqd9fkqik401sidqanhzsawyak94qbiyh6dbd1x9"))))
"0cyyvn3xsjn24w590jn6z4xajafv7yzvj6c51vqi9q6m8v5831ya"))))
(build-system r-build-system)
(native-inputs
`(("gfortran" ,gfortran)))
@ -6025,14 +6025,14 @@ distribution.")
(define-public r-dexseq
(package
(name "r-dexseq")
(version "1.24.1")
(version "1.24.2")
(source
(origin
(method url-fetch)
(uri (bioconductor-uri "DEXSeq" version))
(sha256
(base32
"1hwckj4ijgpdchbakvh60nmcaz4fwd5yplhn0880z3dnlsrp8ik3"))))
"18nh8ynxirfwkmc4sawdxgl7w1sl9ny5zpv8zbhv9vi5vgb8pxmj"))))
(properties `((upstream-name . "DEXSeq")))
(build-system r-build-system)
(propagated-inputs
@ -6703,13 +6703,13 @@ authoring books and technical documents with R Markdown.")
(define-public r-biocstyle
(package
(name "r-biocstyle")
(version "2.6.0")
(version "2.6.1")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "BiocStyle" version))
(sha256
(base32
"05f2j9fx8s5gh4f8qkl6wcz32ghz04wxhqb3xxcn1bj24qd7x1x8"))))
"03pp04pkcq99kdv2spzr995h2cxsza7l6w3d4gp4112m06prcybm"))))
(properties
`((upstream-name . "BiocStyle")))
(build-system r-build-system)
@ -6973,13 +6973,13 @@ names in their natural, rather than lexicographic, order.")
(define-public r-edger
(package
(name "r-edger")
(version "3.20.1")
(version "3.20.2")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "edgeR" version))
(sha256
(base32
"01qnxwr9rmz8r5ga3hvjk632365ga2aygx71mxkk7jiad2pjznsp"))))
"0j5s3i33qmld9l7gs1rzpv601zxyqz711x8mq35hml088c8s99w9"))))
(properties `((upstream-name . "edgeR")))
(build-system r-build-system)
(propagated-inputs
@ -7039,13 +7039,13 @@ coding changes and predict coding outcomes.")
(define-public r-limma
(package
(name "r-limma")
(version "3.34.2")
(version "3.34.4")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "limma" version))
(sha256
(base32
"1zyw01z9crm1jc86fva4pqxd9zxfsbsqwjq6ry39gag9pfb7pwcz"))))
"1vcxf9jg8xngxg5kb9bp8rw5sghpnkpj320iq309m2fp41ahsk3f"))))
(build-system r-build-system)
(home-page "http://bioinf.wehi.edu.au/limma")
(synopsis "Package for linear models for microarray and RNA-seq data")
@ -7172,18 +7172,19 @@ annotation data packages using SQLite data storage.")
(define-public r-biomart
(package
(name "r-biomart")
(version "2.34.0")
(version "2.34.1")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "biomaRt" version))
(sha256
(base32
"1dn3ysf0vb3mmg2b3380g0j1ajf88x4rh7fddfp990h2xlnsy2cx"))))
"0jzv8b86vpvavwnzi5xf7y18xmn72zkabkn2kclg1mgl847cq13k"))))
(properties
`((upstream-name . "biomaRt")))
(build-system r-build-system)
(propagated-inputs
`(("r-annotationdbi" ,r-annotationdbi)
("r-httr" ,r-httr)
("r-progress" ,r-progress)
("r-rcurl" ,r-rcurl)
("r-stringr" ,r-stringr)
@ -7393,13 +7394,13 @@ alignments.")
(define-public r-rtracklayer
(package
(name "r-rtracklayer")
(version "1.38.0")
(version "1.38.2")
(source (origin
(method url-fetch)
(uri (bioconductor-uri "rtracklayer" version))
(sha256
(base32
"12al1ygzy9p4myxa1fd817m28x2fj6f863znk9bw3hp7knbi98dh"))))
"1sjn3976f1sqvrq6jq2hgc60ffxgfr3jlklaxfrk3xad5cv2kr2d"))))
(build-system r-build-system)
(arguments
`(#:phases
@ -10168,14 +10169,14 @@ defining LD blocks.")
(define-public r-gqtlstats
(package
(name "r-gqtlstats")
(version "1.10.0")
(version "1.10.1")
(source
(origin
(method url-fetch)
(uri (bioconductor-uri "gQTLstats" version))
(sha256
(base32
"1cbdqawxzgna8rrgj3siph5sw4d2pb57qc0gn6ibfkhyk45f8gdv"))))
"0gvq1sf2zjbkk431x40z6wql3c1rpclnnwa2f1hvykb8mmw70kmq"))))
(properties `((upstream-name . "gQTLstats")))
(build-system r-build-system)
(propagated-inputs
@ -10222,14 +10223,14 @@ family of feature/genome hypotheses.")
(define-public r-gviz
(package
(name "r-gviz")
(version "1.22.0")
(version "1.22.2")
(source
(origin
(method url-fetch)
(uri (bioconductor-uri "Gviz" version))
(sha256
(base32
"1lrw65a8426wpxw975wjcaiacpp6fqa00nif1yxigyankbfs23c8"))))
"173n99mc95sij2vb8n3xd016x7mxhjs961q3l29xkg1lrnnm2sva"))))
(properties `((upstream-name . "Gviz")))
(build-system r-build-system)
(propagated-inputs

12
gnu/packages/compression.scm
View File

@ -1602,7 +1602,7 @@ or junctions, and always follows hard links.")
(define-public zstd
(package
(name "zstd")
(version "1.3.2")
(version "1.3.3")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/facebook/zstd/archive/v"
@ -1610,7 +1610,7 @@ or junctions, and always follows hard links.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"12krs9k5f408kyn0d7dwxqyc67177mgd14783ay10rafqsim8l5c"))))
"0yr91gwi380632w9y7p6idl72svq0mq0jajvdii05pp77qalfz57"))))
(build-system gnu-build-system)
(arguments
`(#:phases
@ -1618,7 +1618,13 @@ or junctions, and always follows hard links.")
(delete 'configure)) ; no configure script
#:make-flags
(list "CC=gcc"
(string-append "PREFIX=" (assoc-ref %outputs "out")))
(string-append "PREFIX=" (assoc-ref %outputs "out"))
;; Skip auto-detection of, and creating a dependency on, the build
;; environment's xz for what amounts to a dubious feature anyway.
"HAVE_LZMA=0"
;; Not currently detected, but be explicit & avoid surprises later.
"HAVE_LZ4=0"
"HAVE_ZLIB=0")
#:test-target "test"))
(home-page "http://zstd.net/")
(synopsis "Zstandard real-time compression algorithm")

80
gnu/packages/cran.scm
View File

@ -541,14 +541,14 @@ plot networks.")
(define-public r-proxy
(package
(name "r-proxy")
(version "0.4-19")
(version "0.4-20")
(source
(origin
(method url-fetch)
(uri (cran-uri "proxy" version))
(sha256
(base32
"0ladwgi70jw2a3adgg2xadw8hz3mm6llsw428c1fcrl305sy49vb"))))
"15g6dacdmlbkcnimblscghl23aj732cn6qwbs583r4im9v5nvbla"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/proxy")
(synopsis "Distance and similarity measures")
@ -1444,22 +1444,66 @@ imputations.")
;; Any of these two versions.
(license (list license:gpl2 license:gpl3))))
(define-public r-truncnorm
(package
(name "r-truncnorm")
(version "1.0-7")
(source
(origin
(method url-fetch)
(uri (cran-uri "truncnorm" version))
(sha256
(base32
"1qac05z50618y4bw1d7yznsli1bv82s0g8h37iacrjrdkv87bmy7"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/truncnorm/")
(synopsis "Truncated normal distribution")
(description "This package provides functions for the truncated normal
distribution with mean equal to @code{mean} and standard deviation equal to
@code{sd}. It includes density, distribution, quantile, and expected value
functions, as well as a random generation function.")
(license license:gpl2)))
(define-public r-rsolnp
(package
(name "r-rsolnp")
(version "1.16")
(source
(origin
(method url-fetch)
(uri (cran-uri "Rsolnp" version))
(sha256
(base32
"0w7nkj6igr0gi7r7jg950lsx7dj6aipgxi6vbjsf5f5yc9h7fhii"))))
(properties `((upstream-name . "Rsolnp")))
(build-system r-build-system)
(propagated-inputs
`(("r-truncnorm" ,r-truncnorm)))
(home-page "http://cran.r-project.org/web/packages/Rsolnp/")
(synopsis "General non-linear optimization")
(description "The Rsolnp package implements a general non-linear augmented
Lagrange multiplier method solver, a @dfn{sequential quadratic
programming} (SQP) based solver).")
;; Any version of the GPL.
(license license:gpl2+)))
(define-public r-hardyweinberg
(package
(name "r-hardyweinberg")
(version "1.5.8")
(version "1.5.9")
(source
(origin
(method url-fetch)
(uri (cran-uri "HardyWeinberg" version))
(sha256
(base32
"0xbcchmzii0jv0ygr91n72r39j1axraxd2i607b56v4yd5d8sy4k"))))
"0qk3lly5qczn61rj0q9xzscppspvk238yjgr4p71pkzkjhiv40jz"))))
(properties `((upstream-name . "HardyWeinberg")))
(build-system r-build-system)
(propagated-inputs
`(("r-mice" ,r-mice)
("r-rcpp" ,r-rcpp)))
("r-rcpp" ,r-rcpp)
("r-rsolnp" ,r-rsolnp)))
(home-page "https://cran.r-project.org/package=HardyWeinberg")
(synopsis "Statistical tests and graphics for Hardy-Weinberg equilibrium")
(description
@ -1620,14 +1664,14 @@ modeling for empirical income distributions.")
(define-public r-vcd
(package
(name "r-vcd")
(version "1.4-3")
(version "1.4-4")
(source
(origin
(method url-fetch)
(uri (cran-uri "vcd" version))
(sha256
(base32
"05azric2w8mrsdk7y0484cjygcgcmbp96q2v500wvn91fj98kkhp"))))
"1lp99h0wvsc61l1dgcqjxdrcgpgw88ak430cdsv43kmm43qssqd5"))))
(build-system r-build-system)
(propagated-inputs
`(("r-colorspace" ,r-colorspace)
@ -1773,3 +1817,25 @@ plots in @code{ggplot2}.")
distributions over time or space. This package enables the creation of such
plots in @code{ggplot2}.")
(license license:gpl2)))
(define-public r-cli
(package
(name "r-cli")
(version "1.0.0")
(source
(origin
(method url-fetch)
(uri (cran-uri "cli" version))
(sha256
(base32
"07as3dr7vwx02p3qgzlmxz1dlrd3x3lysrzp222ip9jcjpydp8wg"))))
(build-system r-build-system)
(propagated-inputs
`(("r-assertthat" ,r-assertthat)
("r-crayon" ,r-crayon)))
(home-page "https://github.com/r-lib/cli#readme")
(synopsis "Helpers for developing command line interfaces")
(description "This package provides a suite of tools designed to build
attractive command line interfaces (CLIs). It includes tools for drawing
rules, boxes, trees, and Unicode symbols with ASCII alternatives.")
(license license:expat)))

48
gnu/packages/games.scm
View File

@ -1072,7 +1072,8 @@ Portable Game Notation.")
(uri (string-append "http://www.techrescue.org/xboing/xboing"
version ".tar.gz"))
(sha256
(base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7"))))
(base32 "16m2si8wmshxpifk861vhpqviqxgcg8bxj6wfw8hpnm4r2w9q0b7"))
(patches (search-patches "xboing-CVE-2004-0149.patch"))))
(arguments
`(#:tests? #f
#:phases
@ -2515,6 +2516,7 @@ emulation community. It provides highly accurate emulation.")
(uri (git-reference
(url "https://github.com/Aloshi/EmulationStation.git")
(commit commit))) ; no version tag
(file-name (string-append name "-" version "-checkout"))
(sha256
(base32
"0cm0sq2wri2l9cvab1l0g02za59q7klj0h3p028vr96n6njj4w9v"))))
@ -5136,3 +5138,47 @@ abilities and powers. With a modern graphical and customisable interface,
intuitive mouse control, streamlined mechanics and deep, challenging combat,
Tales of MajEyal offers engaging roguelike gameplay for the 21st century.")
(license license:gpl3+)))
(define-public quakespasm
(package
(name "quakespasm")
(version "0.93.0")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/quakespasm/Source/quakespasm-"
version ".tgz"))
(sha256
(base32
"0b2nz7w4za32pc34r62ql270z692qcjs2pm0i3svkxkvfammhdfq"))))
(arguments
`(#:tests? #f
#:make-flags '("CC=gcc"
"MP3LIB=mpg123"
"USE_CODEC_FLAC=1"
"USE_CODEC_MIKMOD=1"
"USE_SDL2=1"
"-CQuake")
#:phases (modify-phases %standard-phases
(delete 'configure)
(add-after 'unpack 'fix-makefile-paths
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(mkdir-p (string-append out "/bin"))
(substitute* "Quake/Makefile"
(("/usr/local/games")
(string-append out "/bin")))
#t))))))
(build-system gnu-build-system)
(inputs `(("libmikmod" ,libmikmod)
("libvorbis" ,libvorbis)
("flac" ,flac)
("mesa" ,mesa)
("mpg123" ,mpg123)
("sdl2" ,sdl2)))
(synopsis "First person shooter engine for Quake 1")
(description "Quakespasm is a modern engine for id software's Quake 1.
It includes support for 64 bit CPUs, custom music playback, a new sound driver,
some graphical niceities, and numerous bug-fixes and other improvements.")
(home-page "http://quakespasm.sourceforge.net/")
(license license:gpl2+)))

4
gnu/packages/gimp.scm
View File

@ -43,7 +43,7 @@
(define-public babl
(package
(name "babl")
(version "0.1.30")
(version "0.1.38")
(source (origin
(method url-fetch)
(uri (list (string-append "https://download.gimp.org/pub/babl/"
@ -54,7 +54,7 @@
version ".tar.bz2")))
(sha256
(base32
"1k2k3phh9ybma2snw6hm8inx2dw1jq6cf7w2aqvi4rfr0rxjrha5"))))
"11pfbyzq20596p9sgwraxspg3djg1jzz6wvz4bapf0yyr97jiyd0"))))
(build-system gnu-build-system)
(home-page "http://gegl.org/babl/")
(synopsis "Image pixel format conversion library")

31
gnu/packages/gnupg.scm
View File

@ -127,7 +127,7 @@ generation.")
(define-public libassuan
(package
(name "libassuan")
(version "2.4.4")
(version "2.5.1")
(source
(origin
(method url-fetch)
@ -135,10 +135,11 @@ generation.")
version ".tar.bz2"))
(sha256
(base32
"18bwffjkx9pn0lawbsn6zhd90i7xhjgpf9b0nl5xw9134w1a2scy"))))
"0jb4nb4nrjr949gd3lw8lh4v5d6qigxaq6xwy24w5apjnhvnrya7"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error" ,libgpg-error) ("pth" ,pth)))
`(("libgpg-error" ,libgpg-error)
("pth" ,pth)))
(home-page "https://gnupg.org")
(synopsis
"IPC library used by GnuPG and related software")
@ -212,14 +213,14 @@ compatible to GNU Pth.")
(define-public gnupg
(package
(name "gnupg")
(version "2.2.3")
(version "2.2.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/gnupg/gnupg-" version
".tar.bz2"))
(sha256
(base32
"1d4482c4pbi0p1k8cc0f9c4q51k56v8navrbz5samxrrs42p3lyb"))))
"1v7j8v2ww1knknbrhw3svfrqkmf9ll58iq0dczbsdpqgg1j3w6j0"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@ -327,7 +328,8 @@ libskba (working with X.509 certificates and CMS data).")
;; Keep the old name around to ease transition.
(symlink "gpgv" "gpgv2")
(symlink "gpg" "gpg2")
#t)))))))))
#t)))))))
(properties `((superseded . ,gnupg)))))
(define-public gnupg-1
(package (inherit gnupg)
@ -371,10 +373,14 @@ libskba (working with X.509 certificates and CMS data).")
;; Needs to be propagated because gpgme.h includes gpg-error.h.
`(("libgpg-error" ,libgpg-error)))
(inputs
`(("gnupg" ,gnupg-2.0)
`(("gnupg" ,gnupg)
("libassuan" ,libassuan)))
(arguments
`(#:phases
`(#:configure-flags
(list (string-append "--enable-fixed-path="
(assoc-ref %build-inputs "gnupg")
"/bin"))
#:phases
(modify-phases %standard-phases
(add-after 'configure 'patch-cmake-file
(lambda _
@ -478,9 +484,10 @@ distributed separately.")
(lambda _
(zero? (system* "make" "check")))))))
(build-system python-build-system)
(native-inputs
`(("gnupg" ,gnupg-1)))
(inputs
`(("gnupg" ,gnupg-2.0)
("gpgme" ,gpgme)))
`(("gpgme" ,gpgme)))
(home-page "https://launchpad.net/pygpgme")
(synopsis "Python module for working with OpenPGP messages")
(description
@ -714,14 +721,14 @@ including tools for signing keys, keyring analysis, and party preparation.
(define-public pinentry-tty
(package
(name "pinentry-tty")
(version "1.0.0")
(version "1.1.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/pinentry/pinentry-"
version ".tar.bz2"))
(sha256
(base32
"0ni7g4plq6x78p32al7m8h2zsakvg1rhfz0qbc3kdc7yq7nw4whn"))))
"0w35ypl960pczg5kp6km3dyr000m1hf0vpwwlh72jjkjza36c1v8"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--enable-pinentry-tty")))

4
gnu/packages/imagemagick.scm
View File

@ -46,14 +46,14 @@
;; The 7 release series has an incompatible API, while the 6 series is still
;; maintained. Don't update to 7 until we've made sure that the ImageMagick
;; users are ready for the 7-series API.
(version "6.9.9-23")
(version "6.9.9-27")
(source (origin
(method url-fetch)
(uri (string-append "mirror://imagemagick/ImageMagick-"
version ".tar.xz"))
(sha256
(base32
"0cd6zcbcfvznf0i3q4xz1c4wm4cfplg4zc466lvlb1w8qbn25948"))))
"0z71az1bfar1r6mm3ijxbci0vb1ri66ypaals8wb17h1d85hkl17"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch")

44
gnu/packages/irc.scm
View File

@ -153,18 +153,21 @@ SILC and ICB protocols via plugins.")
(define-public weechat
(package
(name "weechat")
(version "2.0")
(version "2.0.1")
(source (origin
(method url-fetch)
(uri (string-append "https://weechat.org/files/src/weechat-"
version ".tar.xz"))
(sha256
(base32
"1ix2izrlr5jx5vl49kz9jbib7cq9mr6i7iyxkcz6xjfrryx2s5x9"))
"1l854dramvn9vfba7jpazkjwm4k4i5pshq58vjv6z2mxmcp5hhv9"))
(patches (search-patches "weechat-python.patch"))))
(build-system cmake-build-system)
(native-inputs `(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
(native-inputs
`(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)
;; For tests.
("cpputest" ,cpputest)))
(inputs `(("ncurses" ,ncurses)
("libgcrypt" ,libgcrypt "out")
("zlib" ,zlib)
@ -177,15 +180,30 @@ SILC and ICB protocols via plugins.")
("perl" ,perl)
("tcl" ,tcl)))
(arguments
`(#:tests? #f ; tests require cpputime
#:phases (modify-phases %standard-phases
(add-after 'install 'wrap
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))
(py2 (assoc-ref inputs "python")))
(wrap-program (string-append out "/bin/weechat")
`("PATH" ":" prefix (,(string-append py2 "/bin"))))
#t))))))
`(#:configure-flags
(list "-DENABLE_TESTS=ON") ; make test fails otherwise
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'disable-failing-tests
;; For reasons best left to the imagination, CppUTest cannot skip
;; more than one single test... Resort to manual patching instead.
;; See <https://cpputest.github.io/manual.html#command_line>.
(λ _
;; Don't test plugin support for languages we don't enable.
(substitute* "tests/unit/test-plugins.cpp"
((".*\\$\\{plugin.name\\} == (javascript|php|ruby)" all)
(string-append "// SKIP" all)))
(substitute* "tests/scripts/test-scripts.cpp"
((".*\\{ \"(jvascript|php|ruby)\", " all) ; sic
(string-append "// SKIP" all)))
#t))
(add-after 'install 'wrap
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))
(py2 (assoc-ref inputs "python")))
(wrap-program (string-append out "/bin/weechat")
`("PATH" ":" prefix (,(string-append py2 "/bin"))))
#t))))))
(synopsis "Extensible chat client")
(description "WeeChat (Wee Enhanced Environment for Chat) is an
@dfn{Internet Relay Chat} (IRC) client, which is designed to be light and fast.

36
gnu/packages/linux.scm
View File

@ -370,8 +370,8 @@ It has been modified to remove all non-free binary blobs.")
(define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
(define %linux-compatible-systems '("x86_64-linux" "i686-linux" "armhf-linux"))
(define %linux-libre-version "4.14.6")
(define %linux-libre-hash "0q6dl2shkj5dkf0wgzgfyaq0axk97w05j618xi619y9xqph4ql79")
(define %linux-libre-version "4.14.8")
(define %linux-libre-hash "0y8nggpdgfqfx6dy5k39vj552k5mxamwjn6mldwrhs2aqpsrbwr3")
;; linux-libre configuration for armhf-linux is derived from Debian armmp. It
;; supports qemu "virt" machine and possibly a large number of ARM boards.
@ -384,14 +384,14 @@ It has been modified to remove all non-free binary blobs.")
#:configuration-file kernel-config))
(define-public linux-libre-4.9
(make-linux-libre "4.9.69"
"0xkqbh8fpx47appszjbxzljr6vr0wyk0fphlkynpcrmingk4b98j"
(make-linux-libre "4.9.71"
"0z4m77zbndlqy43bgl1xhklpjilbvrhbfbcppc55z3f61qwjf0mc"
%intel-compatible-systems
#:configuration-file kernel-config))
(define-public linux-libre-4.4
(make-linux-libre "4.4.105"
"177qvci7wfrc23vi11bnyayfivxf6d8hankgrzv26jr3z6j0rall"
(make-linux-libre "4.4.107"
"0pfzv15c1qj7a77n8cdmsi77yhlbzv35y7qa03j0b96ajwjsclsp"
%intel-compatible-systems
#:configuration-file kernel-config))
@ -3397,16 +3397,30 @@ The following service daemons are also provided:
(define-public rng-tools
(package
(name "rng-tools")
(version "5")
(version "6.1")
(source (origin
(method url-fetch)
(uri (string-append
"http://downloads.sourceforge.net/sourceforge/gkernel/"
"rng-tools-" version ".tar.gz"))
(uri (string-append "https://github.com/nhorman/rng-tools/"
"archive/v" version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"13h7lc8wl9khhvkr0i3bl5j9bapf8anhqis1lcnwxg1vc2v058b0"))))
"00ywsknjpc9jd9kfmz2syk9l0xkiiwyx5qhl5zvhhc69v6682i31"))))
(build-system gnu-build-system)
(arguments
`(;; Avoid using OpenSSL, curl, and libxml2, reducing the closure by 166 MiB.
#:configure-flags '("--without-nistbeacon")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'bootstrap
(lambda _
(zero? (system* "sh" "autogen.sh")))))))
(native-inputs
`(("autoconf" ,autoconf)
("automake" ,automake)
("pkg-config" ,pkg-config)))
(inputs
`(("libsysfs" ,sysfsutils)))
(synopsis "Random number generator daemon")
(description
"Monitor a hardware random number generator, and supply entropy

4
gnu/packages/mail.scm
View File

@ -1049,7 +1049,7 @@ delivery.")
(define-public exim
(package
(name "exim")
(version "4.89.1")
(version "4.90")
(source
(origin
(method url-fetch)
@ -1059,7 +1059,7 @@ delivery.")
version ".tar.bz2")))
(sha256
(base32
"133sjkcm9wlhpcxflr5v865varc1995bqa1y3vjs1w6zc34kp18w"))))
"1cmx2648zhpsc4pznky7qsqbjazd3wn4gpslbl30j56cv1m6rb3x"))))
(build-system gnu-build-system)
(inputs
`(("bdb" ,bdb)

4
gnu/packages/maths.scm
View File

@ -2482,7 +2482,7 @@ point numbers.")
(define-public wxmaxima
(package
(name "wxmaxima")
(version "17.05.1")
(version "17.10.1")
(source
(origin
(method url-fetch)
@ -2491,7 +2491,7 @@ point numbers.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"0dv0cy0cf46v0cbw32izscpkdmpxg1qhwq1f4cz46kkqd8k4yfbj"))))
"0qlzc31cqkwpfgrb9cif9bcnkj3rq487plg4rns7jxv6pq4609v1"))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,autoconf)

14
gnu/packages/messaging.scm
View File

@ -493,14 +493,14 @@ simultaneously and therefore appear under the same nickname on IRC.")
(define-public python-nbxmpp
(package
(name "python-nbxmpp")
(version "0.5.5")
(version "0.6.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "nbxmpp" version))
(sha256
(base32
"1gnzrzrdl4nii1sc5x8p5iw2ya5sl70j3nn34abqsny51p2pzmv6"))))
"0qvkiscy42nhzhccszi049ws8cnhpxgc13g8naq1rsa5x9zy163c"))))
(build-system python-build-system)
(arguments
`(#:tests? #f)) ; no tests
@ -518,7 +518,7 @@ was initially a fork of xmpppy, but uses non-blocking sockets.")
(define-public gajim
(package
(name "gajim")
(version "0.16.8")
(version "0.16.9")
(source (origin
(method url-fetch)
(uri (string-append "https://gajim.org/downloads/"
@ -526,7 +526,7 @@ was initially a fork of xmpppy, but uses non-blocking sockets.")
"/gajim-" version ".tar.bz2"))
(sha256
(base32
"0ckakdjg30fsyjsgyy2573x9nmjivdg76y049l86wns5axw8im26"))))
"0v08zdvpqaig0wxpxn1l8rsj3wr3fqvnagn8cnvch17vfqv9gcr1"))))
(build-system gnu-build-system)
(arguments
`(#:phases
@ -568,8 +568,8 @@ end-to-end encryption support; XML console.")
(define-public dino
;; The only release tarball is for version 0.0, but it is very old and fails
;; to build.
(let ((commit "2a514d0969f5c25d5e2d14421125a47df6b14974")
(revision "2"))
(let ((commit "f25fadde2d6c9492b9cafe2cddbcc7b966942e47")
(revision "3"))
(package
(name "dino")
(version (string-append "0.0-" revision "." (string-take commit 9)))
@ -581,7 +581,7 @@ end-to-end encryption support; XML console.")
(file-name (string-append name "-" version "-checkout"))
(sha256
(base32
"0v9fqikxvamdw7bxbwc4s01x0vf30vl77149y16krijaqnq6kzv0"))))
"1nhzrw3pbpybn9qclckk6z427vbgnqd0y1l63zd1rfw4zw099mzs"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ; there are no tests

4
gnu/packages/mpd.scm
View File

@ -76,7 +76,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
(define-public mpd
(package
(name "mpd")
(version "0.20.12")
(version "0.20.13")
(source (origin
(method url-fetch)
(uri
@ -85,7 +85,7 @@ interfacing MPD in the C, C++ & Objective C languages.")
"/mpd-" version ".tar.xz"))
(sha256
(base32
"02gpfkki61c24hphaas9pb29wpvd0pbmwdqrpn8wi1gv103aqng1"))))
"0h7z90dnpwlyad4kfi1ja9v9vzqic0xg93iy4q0dwlhav0scbha6"))))
(build-system gnu-build-system)
(arguments
`(#:phases

4
gnu/packages/package-management.scm
View File

@ -757,14 +757,14 @@ written entirely in Python.")))
(define-public gwl
(package
(name "gwl")
(version "0.1.0")
(version "0.1.1")
(source (origin
(method url-fetch)
(uri (string-append "https://www.guixwl.org/releases/gwl-"
version ".tar.gz"))
(sha256
(base32
"1x4swwp7kmhd57j3scii5c4h8swkcvab2r6mz7wxwwbx300wcqpy"))))
"06pm967mq1wyggx7l0nfapw5s0k5qc5r9lawk2v3db868br779a7"))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,autoconf)

4
gnu/packages/password-utils.scm
View File

@ -88,7 +88,7 @@ human.")
(define-public keepassxc
(package
(name "keepassxc")
(version "2.2.2")
(version "2.2.4")
(source
(origin
(method url-fetch)
@ -97,7 +97,7 @@ human.")
version "-src.tar.xz"))
(sha256
(base32
"0wrl8kxb16wzdgfjj057yv18cfg0b8z8lxp1fl2q8fkdgr7phm9g"))))
"1pfkq1m5vb90kx67vyw70s1hc4ivjsvq2535vm6wdwwsncna6bz5"))))
(build-system cmake-build-system)
(inputs
`(("libgcrypt" ,libgcrypt)

40
gnu/packages/patches/libarchive-CVE-2017-14502.patch Normal file
View File

@ -0,0 +1,40 @@
Fix CVE-2017-14502:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573
Patch copied from upstream source repository:
https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6
From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Sat, 9 Sep 2017 17:47:32 +0200
Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR
archives.
Reported-By: OSS-Fuzz issue 573
---
libarchive/archive_read_support_format_rar.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index cbb14c32..751de697 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry,
return (ARCHIVE_FATAL);
}
filename[filename_size++] = '\0';
- filename[filename_size++] = '\0';
+ /*
+ * Do not increment filename_size here as the computations below
+ * add the space for the terminating NUL explicitly.
+ */
+ filename[filename_size] = '\0';
/* Decoded unicode form is UTF-16BE, so we have to update a string
* conversion object for it. */
--
2.15.1

29
gnu/packages/patches/libexif-CVE-2017-7544.patch Normal file
View File

@ -0,0 +1,29 @@
Fix CVE-2017-7544:
https://sourceforge.net/p/libexif/bugs/130/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7544
Patch copied from upstream bug tracker:
https://sourceforge.net/p/libexif/bugs/130/#489a
Index: libexif/exif-data.c
===================================================================
RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v
retrieving revision 1.131
diff -u -r1.131 exif-data.c
--- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131
+++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000
@@ -255,6 +255,12 @@
exif_mnote_data_set_offset (data->priv->md, *ds - 6);
exif_mnote_data_save (data->priv->md, &e->data, &e->size);
e->components = e->size;
+ if (exif_format_get_size (e->format) != 1) {
+ /* e->format is taken from input code,
+ * but we need to make sure it is a 1 byte
+ * entity due to the multiplication below. */
+ e->format = EXIF_FORMAT_UNDEFINED;
+ }
}
}

99
gnu/packages/patches/links-CVE-2017-11114.patch Normal file
View File

@ -0,0 +1,99 @@
Fix CVE-2017-11114:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114
http://seclists.org/fulldisclosure/2017/Jul/76
Patch copied from Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12
Origin: upstream, commit: fee5dca79a93a37024e494b985386a5fe60bc1b7
Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870299#12
Author: Mikulas Patocka <mikulas@twibright.com>
Date: Wed Aug 2 20:13:29 2017 +0200
Subject: Fix read out of memory in case of corrupted UTF-8 data
---
charsets.c | 37 +------------------------------------
links.h | 9 ++++-----
2 files changed, 5 insertions(+), 41 deletions(-)
Index: links-2.14/charsets.c
===================================================================
--- links-2.14.orig/charsets.c
+++ links-2.14/charsets.c
@@ -215,41 +215,6 @@ static struct conv_table *get_translatio
return utf_table;
}
-unsigned short int utf8_2_uni_table[0x200] = {
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128, 0, 0, 0, 192, 0,
- 0, 0, 256, 0, 0, 0, 320, 0, 0, 0, 384, 0, 0, 0, 448, 0,
- 0, 0, 512, 0, 0, 0, 576, 0, 0, 0, 640, 0, 0, 0, 704, 0,
- 0, 0, 768, 0, 0, 0, 832, 0, 0, 0, 896, 0, 0, 0, 960, 0,
- 0, 0, 1024, 0, 0, 0, 1088, 0, 0, 0, 1152, 0, 0, 0, 1216, 0,
- 0, 0, 1280, 0, 0, 0, 1344, 0, 0, 0, 1408, 0, 0, 0, 1472, 0,
- 0, 0, 1536, 0, 0, 0, 1600, 0, 0, 0, 1664, 0, 0, 0, 1728, 0,
- 0, 0, 1792, 0, 0, 0, 1856, 0, 0, 0, 1920, 0, 0, 0, 1984, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-};
-
unsigned char utf_8_1[256] = {
6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
@@ -269,7 +234,7 @@ unsigned char utf_8_1[256] = {
3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 6, 6,
};
-static_const unsigned min_utf_8[9] = {
+static_const unsigned min_utf_8[8] = {
0, 0x4000000, 0x200000, 0x10000, 0x800, 0x80, 0x100, 0x1,
};
Index: links-2.14/links.h
===================================================================
--- links-2.14.orig/links.h
+++ links-2.14/links.h
@@ -3906,15 +3906,14 @@ unsigned char *cp_strchr(int charset, un
void init_charset(void);
unsigned get_utf_8(unsigned char **p);
-extern unsigned short int utf8_2_uni_table[0x200];
#define GET_UTF_8(s, c) \
do { \
if ((unsigned char)(s)[0] < 0x80) \
(c) = (s)++[0]; \
- else if (((c) = utf8_2_uni_table[((unsigned char)(s)[0] << 2) + \
- ((unsigned char)(s)[1] >> 6) - 0x200])) \
- (c) += (unsigned char)(s)[1] & 0x3f, (s) += 2; \
- else \
+ else if ((unsigned char)(s)[0] >= 0xc2 && (unsigned char)(s)[0] < 0xe0 &&\
+ ((unsigned char)(s)[1] & 0xc0) == 0x80) { \
+ (c) = (unsigned char)(s)[0] * 0x40 + (unsigned char)(s)[1], (c) -= 0x3080, (s) += 2;\
+ } else \
(c) = get_utf_8(&(s)); \
} while (0)
#define FWD_UTF_8(s) \

34
gnu/packages/patches/mupdf-CVE-2017-14685.patch
View File

@ -1,34 +0,0 @@
Fix CVE-2017-14685:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685
Patch copied from upstream source repository:
https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
From ab1a420613dec93c686acbee2c165274e922f82a Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Tue, 19 Sep 2017 15:23:04 +0200
Subject: [PATCH] Fix 698539: Don't use xps font if it could not be loaded.
xps_load_links_in_glyphs did not cope with font loading failures.
---
source/xps/xps-link.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c
index c07e0d7..c26a8d9 100644
--- a/source/xps/xps-link.c
+++ b/source/xps/xps-link.c
@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ct
bidi_level = atoi(bidi_level_att);
font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, style_att);
+ if (!font)
+ return;
text = xps_parse_glyphs_imp(ctx, doc, &local_ctm, font, fz_atof(font_size_att),
fz_atof(origin_x_att), fz_atof(origin_y_att),
is_sideways, bidi_level, indices_att, unicode_att);
--
2.9.1

34
gnu/packages/patches/mupdf-CVE-2017-14686.patch
View File

@ -1,34 +0,0 @@
Fix CVE-2017-14686:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686
Patch copied from upstream source repository:
https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
From 0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Tue, 19 Sep 2017 16:33:38 +0200
Subject: [PATCH] Fix 698540: Check name, comment and meta size field signs.
---
source/fitz/unzip.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source/fitz/unzip.c b/source/fitz/unzip.c
index f2d4f32..0bcce0f 100644
--- a/source/fitz/unzip.c
+++ b/source/fitz/unzip.c
@@ -141,6 +141,9 @@ static void read_zip_dir_imp(fz_context *ctx, fz_zip_archive *zip, int start_off
(void) fz_read_int32_le(ctx, file); /* ext file atts */
offset = fz_read_int32_le(ctx, file);
+ if (namesize < 0 || metasize < 0 || commentsize < 0)
+ fz_throw(ctx, FZ_ERROR_GENERIC, "invalid size in zip entry");
+
name = fz_malloc(ctx, namesize + 1);
n = fz_read(ctx, file, (unsigned char*)name, namesize);
if (n < (size_t)namesize)
--
2.9.1

130
gnu/packages/patches/mupdf-CVE-2017-14687.patch
View File

@ -1,130 +0,0 @@
Fix CVE-2017-14687:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687
Patch copied from upstream source repository:
https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
From 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Tue, 19 Sep 2017 17:17:12 +0200
Subject: [PATCH] Fix 698558: Handle non-tags in tag name comparisons.
Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom.
---
source/html/css-apply.c | 2 +-
source/svg/svg-run.c | 2 +-
source/xps/xps-common.c | 6 +++---
source/xps/xps-glyphs.c | 2 +-
source/xps/xps-path.c | 4 ++--
source/xps/xps-resource.c | 2 +-
6 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/source/html/css-apply.c b/source/html/css-apply.c
index de55490..6a91df0 100644
--- a/source/html/css-apply.c
+++ b/source/html/css-apply.c
@@ -328,7 +328,7 @@ match_selector(fz_css_selector *sel, fz_xml *node)
if (sel->name)
{
- if (strcmp(sel->name, fz_xml_tag(node)))
+ if (!fz_xml_is_tag(node, sel->name))
return 0;
}
diff --git a/source/svg/svg-run.c b/source/svg/svg-run.c
index f974c67..5302c64 100644
--- a/source/svg/svg-run.c
+++ b/source/svg/svg-run.c
@@ -1044,7 +1044,7 @@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co
fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1);
if (linked)
{
- if (!strcmp(fz_xml_tag(linked), "symbol"))
+ if (fz_xml_is_tag(linked, "symbol"))
svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state);
else
svg_run_element(ctx, dev, doc, linked, &local_state);
diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c
index cc7fed9..f2f9b93 100644
--- a/source/xps/xps-common.c
+++ b/source/xps/xps-common.c
@@ -47,7 +47,7 @@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const
else if (fz_xml_is_tag(node, "RadialGradientBrush"))
xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node);
else
- fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node));
+ fz_warn(ctx, "unknown brush tag");
}
void
@@ -85,7 +85,7 @@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons
if (opacity_att)
opacity = fz_atof(opacity_att);
- if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
+ if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
{
char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity");
char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color");
@@ -129,7 +129,7 @@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource
if (opacity_mask_tag)
{
- if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
+ if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
fz_pop_clip(ctx, dev);
}
}
diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c
index 29dc5b3..5b26d78 100644
--- a/source/xps/xps-glyphs.c
+++ b/source/xps/xps-glyphs.c
@@ -592,7 +592,7 @@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm,
/* If it's a solid color brush fill/stroke do a simple fill */
- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
{
fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
fill_att = fz_xml_att(fill_tag, "Color");
diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c
index 6faeb0c..021d202 100644
--- a/source/xps/xps-path.c
+++ b/source/xps/xps-path.c
@@ -879,14 +879,14 @@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b
if (!data_att && !data_tag)
return;
- if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
+ if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
{
fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
fill_att = fz_xml_att(fill_tag, "Color");
fill_tag = NULL;
}
- if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush"))
+ if (fz_xml_is_tag(stroke_tag, "SolidColorBrush"))
{
stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity");
stroke_att = fz_xml_att(stroke_tag, "Color");
diff --git a/source/xps/xps-resource.c b/source/xps/xps-resource.c
index c2292e6..8e81ab8 100644
--- a/source/xps/xps-resource.c
+++ b/source/xps/xps-resource.c
@@ -84,7 +84,7 @@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b
if (!xml)
return NULL;
- if (strcmp(fz_xml_tag(xml), "ResourceDictionary"))
+ if (!fz_xml_is_tag(xml, "ResourceDictionary"))
{
fz_drop_xml(ctx, xml);
fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element");
--
2.9.1

25
gnu/packages/patches/mupdf-CVE-2017-15587.patch
View File

@ -1,25 +0,0 @@
Fix CVE-2017-15587.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587
https://nandynarwhals.org/CVE-2017-15587/
This patch is these two upstream commits squashed together:
<https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8>
<https://git.ghostscript.com/?p=mupdf.git;h=d18bc728e46c5a5708f14d27c2b6c44e1d0c3232>
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
index 66bd0ed8..89499e61 100644
--- a/source/pdf/pdf-xref.c
+++ b/source/pdf/pdf-xref.c
@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz
pdf_xref_entry *table;
int i, n;
- if (i0 < 0 || i1 < 0)
+ if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1)
fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
//if (i0 + i1 > pdf_xref_len(ctx, doc))
// fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
--
2.15.0

8
gnu/packages/patches/mupdf-build-with-openjpeg-2.1.patch → gnu/packages/patches/mupdf-build-with-latest-openjpeg.patch
View File

@ -1,4 +1,4 @@
Make it possible to build MuPDF with OpenJPEG 2.1, which is the latest
Make it possible to build MuPDF with OpenJPEG 2.3, which is the latest
release series and contains many important bug fixes.
Patch adapted from Debian:
@ -10,16 +10,16 @@ And related to this upstream commit:
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f88bfe2e62dbadb96d4f52d7aa025f0a516078da
diff --git a/source/fitz/load-jpx.c b/source/fitz/load-jpx.c
index 6b92e5c..72dea50 100644
index 65699ba..ea84778 100644
--- a/source/fitz/load-jpx.c
+++ b/source/fitz/load-jpx.c
@@ -444,11 +444,6 @@
@@ -445,11 +445,6 @@ fz_load_jpx_info(fz_context *ctx, const unsigned char *data, size_t size, int *w
#else /* HAVE_LURATECH */
-#define OPJ_STATIC
-#define OPJ_HAVE_INTTYPES_H
-#if !defined(_WIN32) && !defined(_WIN64)
-#if !defined(_MSC_VER) || _MSC_VER >= 1600
-#define OPJ_HAVE_STDINT_H
-#endif
#define USE_JPIP

134
gnu/packages/patches/xboing-CVE-2004-0149.patch Normal file
View File

@ -0,0 +1,134 @@
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0149
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174924
---
demo.c | 2 +-
editor.c | 12 ++++++------
file.c | 2 +-
highscore.c | 6 +++---
misc.c | 2 +-
preview.c | 2 +-
6 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/demo.c b/demo.c
index 9084e70..f4fc2cd 100644
--- a/demo.c
+++ b/demo.c
@@ -154,7 +154,7 @@ static void DoBlocks(display, window)
/* Construct the demo level filename */
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/demo.data", str);
+ snprintf(levelPath, sizeof(levelPath),"%s/demo.data", str);
else
sprintf(levelPath, "%s/demo.data", LEVEL_INSTALL_DIR);
diff --git a/editor.c b/editor.c
index f2bb9ed..66d0679 100644
--- a/editor.c
+++ b/editor.c
@@ -213,7 +213,7 @@ static void DoLoadLevel(display, window)
/* Construct the Edit level filename */
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/editor.data", str);
+ snprintf(levelPath,sizeof(levelPath)-1, "%s/editor.data", str);
else
sprintf(levelPath, "%s/editor.data", LEVEL_INSTALL_DIR);
@@ -958,8 +958,8 @@ static void LoadALevel(display)
if ((num > 0) && (num <= MAX_NUM_LEVELS))
{
/* Construct the Edit level filename */
- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
+ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
+ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num);
else
sprintf(levelPath, "%s/level%02ld.data",
LEVEL_INSTALL_DIR, (u_long) num);
@@ -1017,9 +1017,9 @@ static void SaveALevel(display)
num = atoi(str);
if ((num > 0) && (num <= MAX_NUM_LEVELS))
{
- /* Construct the Edit level filename */
- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
+ /* Construct the Edit level filename */
+ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
+ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num);
else
sprintf(levelPath, "%s/level%02ld.data",
LEVEL_INSTALL_DIR, (u_long) num);
diff --git a/file.c b/file.c
index 4c043cd..99a0854 100644
--- a/file.c
+++ b/file.c
@@ -139,7 +139,7 @@ void SetupStage(display, window)
/* Construct the level filename */
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/level%02ld.data", str, newLevel);
+ snprintf(levelPath,sizeof(levelPath), "%s/level%02ld.data", str, newLevel);
else
sprintf(levelPath, "%s/level%02ld.data", LEVEL_INSTALL_DIR, newLevel);
diff --git a/highscore.c b/highscore.c
index f0db3e9..792273e 100644
--- a/highscore.c
+++ b/highscore.c
@@ -1023,7 +1023,7 @@ int ReadHighScoreTable(type)
{
/* Use the environment variable if it exists */
if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
- strcpy(filename, str);
+ strncpy(filename, str, sizeof(filename)-1);
else
strcpy(filename, HIGH_SCORE_FILE);
}
@@ -1095,7 +1095,7 @@ int WriteHighScoreTable(type)
{
/* Use the environment variable if it exists */
if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
- strcpy(filename, str);
+ strncpy(filename, str, sizeof(filename)-1);
else
strcpy(filename, HIGH_SCORE_FILE);
}
@@ -1218,7 +1218,7 @@ static int LockUnlock(cmd)
/* Use the environment variable if it exists */
if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
- strcpy(filename, str);
+ strncpy(filename, str, sizeof(filename)-1);
else
strcpy(filename, HIGH_SCORE_FILE);
diff --git a/misc.c b/misc.c
index f3ab37e..7f3ddce 100644
--- a/misc.c
+++ b/misc.c
@@ -427,7 +427,7 @@ char *GetHomeDir()
*/
if ((ptr = getenv("HOME")) != NULL)
- (void) strcpy(dest, ptr);
+ (void) strncpy(dest, ptr,sizeof(dest)-1);
else
{
/* HOME variable is not present so get USER var */
diff --git a/preview.c b/preview.c
index 41c1187..687f566 100644
--- a/preview.c
+++ b/preview.c
@@ -139,7 +139,7 @@ static void DoLoadLevel(display, window)
/* Construct the Preview level filename */
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/level%02d.data", str, lnum);
+ snprintf(levelPath, sizeof(levelPath)-1, "%s/level%02d.data", str, lnum);
else
sprintf(levelPath, "%s/level%02d.data", LEVEL_INSTALL_DIR, lnum);
--
2.15.1

13
gnu/packages/pdf.scm
View File

@ -555,25 +555,22 @@ extracting content or merging files.")
(define-public mupdf
(package
(name "mupdf")
(version "1.11")
(version "1.12.0")
(source
(origin
(method url-fetch)
(uri (string-append "https://mupdf.com/downloads/archive/"
name "-" version "-source.tar.gz"))
name "-" version "-source.tar.xz"))
(patches (search-patches "mupdf-build-with-latest-openjpeg.patch"))
(sha256
(base32
"02phamcchgsmvjnb3ir7r5sssvx9fcrscn297z73b82n1jl79510"))
(patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
"mupdf-CVE-2017-14685.patch"
"mupdf-CVE-2017-14686.patch"
"mupdf-CVE-2017-14687.patch"
"mupdf-CVE-2017-15587.patch"))
"0b9j0gqbc3jhmx87r6idcsh8lnb30840c3hyx6dk2gdjqqh3hysp"))
(modules '((guix build utils)))
(snippet '(delete-file-recursively "thirdparty"))))
(build-system gnu-build-system)
(inputs
`(("curl" ,curl)
("freeglut" ,freeglut)
("freetype" ,freetype)
("harfbuzz" ,harfbuzz)
("jbig2dec" ,jbig2dec)

24
gnu/packages/perl-check.scm
View File

@ -869,6 +869,30 @@ checks for pod coverage of all appropriate files.")
If this fails, then rather than failing tests this skips all tests.")
(license perl-license)))
(define-public perl-test-requiresinternet
(package
(name "perl-test-requiresinternet")
(version "0.05")
(source
(origin
(method url-fetch)
(uri (string-append
"mirror://cpan/authors/id/M/MA/MALLEN/Test-RequiresInternet-"
version
".tar.gz"))
(sha256
(base32
"0gl33vpj9bb78pzyijp884b66sbw6jkh1ci0xki8rmf03hmb79xv"))))
(build-system perl-build-system)
(home-page "http://search.cpan.org/dist/Test-RequiresInternet/")
(synopsis "Easily test network connectivity when running tests")
(description
"This Perl module is intended to easily test network connectivity to
non-local Internet resources before functional tests begin. If the sockets
cannot connect to the specified hosts and ports, the exception is caught and
reported, and the tests skipped.")
(license perl-license)))
(define-public perl-test-script
(package
(name "perl-test-script")

2
gnu/packages/photo.scm
View File

@ -28,6 +28,7 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix utils)
#:use-module (gnu packages)
#:use-module (gnu packages algebra)
#:use-module (gnu packages autotools)
#:use-module (gnu packages base)
@ -89,6 +90,7 @@ cameras (CRW/CR2, NEF, RAF, DNG, and others).")
(method url-fetch)
(uri (string-append "mirror://sourceforge/libexif/libexif/"
version "/libexif-" version ".tar.bz2"))
(patches (search-patches "libexif-CVE-2017-7544.patch"))
(sha256
(base32
"06nlsibr3ylfwp28w8f5466l6drgrnydgxrm4jmxzrmk5svaxk8n"))))

27
gnu/packages/python.scm
View File

@ -12045,3 +12045,30 @@ belong to tagged versions.")
"BooleanOperations provides a Python library that enables
boolean operations on paths.")
(license license:expat)))
(define-public python-tempdir
(package
(name "python-tempdir")
(version "0.7.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "tempdir" version))
(sha256
(base32
"13msyyxqbicr111a294x7fsqbkl6a31fyrqflx3q7k547gnq15k8"))))
(build-system python-build-system)
(home-page "https://pypi.org/project/tempdir/")
(arguments
;; the package has no tests
'(#:tests? #f))
(synopsis "Python library for managing temporary directories")
(description
"This library manages temporary directories that are automatically
deleted with all their contents when they are no longer needed. It is
particularly convenient for use in tests.")
(license license:expat)))
(define-public python2-tempdir
(package-with-python2 python-tempdir))

1
gnu/packages/security-token.scm
View File

@ -5,6 +5,7 @@
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;

65
gnu/packages/statistics.scm
View File

@ -703,13 +703,13 @@ effects of different types of color-blindness.")
(define-public r-digest
(package
(name "r-digest")
(version "0.6.12")
(version "0.6.13")
(source
(origin
(method url-fetch)
(uri (cran-uri "digest" version))
(sha256
(base32 "1awy9phxdvqnadby7rvwy2hkbrj210bqf4xvi27asdq028zlcyd4"))))
(base32 "1bsgl07bvf4nk6bn7n3l2ilvk4qvn3nk7yxp22miil7x405xdks6"))))
(build-system r-build-system)
;; Vignettes require r-knitr, which requires r-digest, so we have to
;; disable them and the tests.
@ -988,13 +988,13 @@ the input of another.")
(define-public r-reshape2
(package
(name "r-reshape2")
(version "1.4.2")
(version "1.4.3")
(source
(origin
(method url-fetch)
(uri (cran-uri "reshape2" version))
(sha256
(base32 "0swvjmc9f8cvkrsz463cp6snd8bncbv6q8yrfrb4rgkr0dhq6dvd"))))
(base32 "03ki5ka1dj208fc0dclbm0b4xp9d769pah2j9cs34l776p4r9zwa"))))
(build-system r-build-system)
(propagated-inputs
`(("r-plyr" ,r-plyr)
@ -1328,13 +1328,13 @@ syntax that can be converted to XHTML or other formats.")
(define-public r-yaml
(package
(name "r-yaml")
(version "2.1.14")
(version "2.1.16")
(source (origin
(method url-fetch)
(uri (cran-uri "yaml" version))
(sha256
(base32
"0x88xicrf7vwp77xgan27mnpdljhpkn0pz5kphnwqi3ddy25k9a1"))))
"1xlsmqal607w6c9rx86061y1fwpbyd5lqp9bad5n7cc9a0blpnkm"))))
(build-system r-build-system)
(home-page "https://cran.r-project.org/web/packages/yaml/")
(synopsis "Methods to convert R data to YAML and back")
@ -1502,20 +1502,23 @@ R packages that praise their users.")
(define-public r-testthat
(package
(name "r-testthat")
(version "1.0.2")
(version "2.0.0")
(source (origin
(method url-fetch)
(uri (cran-uri "testthat" version))
(sha256
(base32
"0pj1r01x4ny4capr83dfa19hi5i2sjjxky99schzip8zrq5dzxqf"))))
"155l53kb69jga5d8c5nvdwqlvlgfmk4vzyyl4d0108j53jnlgh1v"))))
(build-system r-build-system)
(propagated-inputs
`(("r-digest" ,r-digest)
`(("r-cli" ,r-cli)
("r-crayon" ,r-crayon)
("r-digest" ,r-digest)
("r-magrittr" ,r-magrittr)
("r-praise" ,r-praise)
("r-r6" ,r-r6)))
("r-r6" ,r-r6)
("r-rlang" ,r-rlang)
("r-withr" ,r-withr)))
(home-page "https://github.com/hadley/testthat")
(synopsis "Unit testing for R")
(description
@ -1898,15 +1901,17 @@ chain.")
(define-public r-ade4
(package
(name "r-ade4")
(version "1.7-8")
(version "1.7-10")
(source
(origin
(method url-fetch)
(uri (cran-uri "ade4" version))
(sha256
(base32
"1a5p3wf8l9cp1bjp57b1pc5bqs39kw1v21i4waj9j18wawzlmpb6"))))
"0zk81x0yn30gbyc0jpzyw1nxd08ccihl6vyk0ijvj3aw3nr5flc6"))))
(build-system r-build-system)
(propagated-inputs
`(("r-mass" ,r-mass)))
(home-page "http://pbil.univ-lyon1.fr/ADE-4")
(synopsis "Multivariate data analysis and graphical display")
(description
@ -2007,14 +2012,14 @@ limited to R.")
(define-public r-backports
(package
(name "r-backports")
(version "1.1.1")
(version "1.1.2")
(source
(origin
(method url-fetch)
(uri (cran-uri "backports" version))
(sha256
(base32
"15w8psmv203wzijrk4hvwaw3i4byh2m5s09yrkqwhfckhaj82kj9"))))
"0mml9h3xagi7144pyb3jj9zbh9qzns7izkhdg7df20v7bikr6nz8"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/backports")
(synopsis "Reimplementations of functions introduced since R 3.0.0")
@ -2278,13 +2283,13 @@ functions make it easy to control additional request components.")
(define-public r-git2r
(package
(name "r-git2r")
(version "0.19.0")
(version "0.20.0")
(source (origin
(method url-fetch)
(uri (cran-uri "git2r" version))
(sha256
(base32
"0ws6fbndmaafk2am4dwnz24qizxhld0yh54hgx0z6lzv3p1j209q"))))
"1pqggijvsalb5cc2pr5gwfj3s713s63f4xii1xrd0qagfgbgz846"))))
(build-system r-build-system)
;; This R package contains modified sources of libgit2. This modified
;; version of libgit2 is built as the package is built. Hence libgit2 is
@ -2415,13 +2420,13 @@ disk (or a connection).")
(define-public r-plotrix
(package
(name "r-plotrix")
(version "3.6-6")
(version "3.7")
(source (origin
(method url-fetch)
(uri (cran-uri "plotrix" version))
(sha256
(base32
"07hywp3ym0gbpqdj3f4vhr0bhmynhby8vh6p1b9cm2hv26pzs9q4"))))
"0rw81n9p3d2i03b4pgcfj5blryc94f29bm9a4j9bnp5h8qjj6pry"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/plotrix")
(synopsis "Various plotting functions")
@ -2474,13 +2479,13 @@ well as additional utilities such as panel and axis annotation functions.")
(define-public r-rcpparmadillo
(package
(name "r-rcpparmadillo")
(version "0.8.100.1.0")
(version "0.8.300.1.0")
(source (origin
(method url-fetch)
(uri (cran-uri "RcppArmadillo" version))
(sha256
(base32
"19sghlkslz6llcrjk5pd8c6dsb338jsi4dnwrbbrjkfq6jdr5jlp"))))
"0p6cbnwxgzigf7n5qhqvxdr3nd3pq3c2qq6pskqz7avzf813fy83"))))
(properties `((upstream-name . "RcppArmadillo")))
(build-system r-build-system)
(native-inputs
@ -2545,14 +2550,14 @@ encoder/decoder, round-off-error-free sum and cumsum, etc.")
(define-public r-rprojroot
(package
(name "r-rprojroot")
(version "1.2")
(version "1.3-1")
(source
(origin
(method url-fetch)
(uri (cran-uri "rprojroot" version))
(sha256
(base32
"1fgyxv1zv04sllcclzz089xl6hpdzac7xk61l0l4acb7rqsx5d18"))))
"1jigr2jh3hzy35h94im52yq81lyikw7nfvmbxij84a1b9c32r332"))))
(build-system r-build-system)
(propagated-inputs
`(("r-backports" ,r-backports)))
@ -2859,14 +2864,14 @@ statements.")
(define-public r-segmented
(package
(name "r-segmented")
(version "0.5-2.2")
(version "0.5-3.0")
(source
(origin
(method url-fetch)
(uri (cran-uri "segmented" version))
(sha256
(base32
"1wdjxkgqjqw5q2nywmgkf6y21lb0alhvaqg0m0dr2xyxf1ii79rs"))))
"0nrik5fyq59hwiwjcpbi4p5yfavgfjq6wyrynhkrbm4k6v1g1wlq"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/segmented")
(synopsis "Regression models with breakpoints estimation")
@ -2923,14 +2928,14 @@ standard R subsetting and Kronecker products.")
(define-public r-iterators
(package
(name "r-iterators")
(version "1.0.8")
(version "1.0.9")
(source
(origin
(method url-fetch)
(uri (cran-uri "iterators" version))
(sha256
(base32
"1f057pabs7ss9h1n244can26qsi5n2k3salrdk0b0vkphlrs4kmf"))))
"16sycjq912ix52fjxjhcwiaqr0yj1v5iqmrvjljd3z857031w06y"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/iterators")
(synopsis "Iterator construct for R")
@ -3144,14 +3149,14 @@ options and registries, vignette, unit test and bibtex related utilities.")
(define-public r-registry
(package
(name "r-registry")
(version "0.3")
(version "0.5")
(source
(origin
(method url-fetch)
(uri (cran-uri "registry" version))
(sha256
(base32
"0c7lscfxncwwd8zp46h2xfw9gw14dypqv6m2kx85xjhjh0xw99aq"))))
"1yqfl1g6vsl28zn8brzc39659k8lqsmfms7900j7p64ilydyb2sx"))))
(build-system r-build-system)
(home-page "http://cran.r-project.org/web/packages/registry")
(synopsis "Infrastructure for R package registries")
@ -4394,14 +4399,14 @@ Farebrother's algorithm or Liu et al.'s algorithm.")
(define-public r-cowplot
(package
(name "r-cowplot")
(version "0.9.1")
(version "0.9.2")
(source
(origin
(method url-fetch)
(uri (cran-uri "cowplot" version))
(sha256
(base32
"0iq0wsi7467cj8hqml06whk3xsiv89x8dvm9ynwp411pzzbdjgwm"))))
"13yjw7yv7imyqiawqqp304hkp6x36iv6rf6gn03dwzwkj9zwx4lb"))))
(build-system r-build-system)
(propagated-inputs
`(("r-ggplot2" ,r-ggplot2)

9
gnu/packages/textutils.scm
View File

@ -388,7 +388,14 @@ regular expression object can be specified.")
(assoc-ref %outputs "out") "/share/antiword"))
#:phases
(modify-phases %standard-phases
(delete 'configure)
(replace 'configure
(lambda* (#:key outputs #:allow-other-keys)
;; Ensure that mapping files can be found in the actual package
;; data directory.
(substitute* "antiword.h"
(("/usr/share/antiword")
(string-append (assoc-ref outputs "out") "/share/antiword")))
#t))
(replace 'install
(lambda* (#:key make-flags #:allow-other-keys)
(zero? (apply system* "make" `("global_install" ,@make-flags))))))))

4
gnu/packages/tls.scm
View File

@ -459,14 +459,14 @@ required structures.")
(define-public libressl
(package
(name "libressl")
(version "2.6.3")
(version "2.6.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://openbsd/LibreSSL/"
name "-" version ".tar.gz"))
(sha256
(base32
"162wgzmg4zzqj5cxrsrmkfv1623dc4g8h3fsf1lvjw9i4sc6bbdf"))))
"07yi37a2ghsgj2b4w30q1s4d2inqnix7ika1m21y57p9z71212k3"))))
(build-system gnu-build-system)
(arguments
;; Do as if 'getentropy' was missing since older Linux kernels lack it

1
gnu/packages/web-browsers.scm
View File

@ -83,6 +83,7 @@ older or slower computers and embedded systems.")
(method url-fetch)
(uri (string-append "http://links.twibright.com/download/"
name "-" version ".tar.bz2"))
(patches (search-patches "links-CVE-2017-11114.patch"))
(sha256
(base32
"1f24y83wa1vzzjq5kp857gjqdpnmf8pb29yw7fam0m8wxxw0c3gp"))))

14
gnu/packages/web.scm
View File

@ -3876,22 +3876,26 @@ applications.")
(define-public r-htmltable
(package
(name "r-htmltable")
(version "1.9")
(version "1.11.0")
(source
(origin
(method url-fetch)
(uri (cran-uri "htmlTable" version))
(sha256
(base32
"0ciic1f4iczq14j81fg7kxibn65sy8z1zxkvk1yxnxxg6dzplj2v"))))
"0x0qrzx6igg5z8jh901d2a8g2idpm5f4frwp1m02910scifcrxwf"))))
(properties `((upstream-name . "htmlTable")))
(build-system r-build-system)
(propagated-inputs
`(("r-checkmate" ,r-checkmate)
("r-dplyr" ,r-dplyr)
("r-htmltools" ,r-htmltools)
("r-htmlwidgets" ,r-htmlwidgets)
("r-knitr" ,r-knitr)
("r-magrittr" ,r-magrittr)
("r-stringr" ,r-stringr)))
("r-rstudioapi" ,r-rstudioapi)
("r-stringr" ,r-stringr)
("r-tidyr" ,r-tidyr)))
(home-page "http://gforge.se/packages/")
(synopsis "Advanced tables for Markdown/HTML")
(description
@ -3907,13 +3911,13 @@ LaTeX.")
(define-public r-curl
(package
(name "r-curl")
(version "3.0")
(version "3.1")
(source (origin
(method url-fetch)
(uri (cran-uri "curl" version))
(sha256
(base32
"01m52jz2q38yc32xbnmpm48hck2xj9fyhxq262p04y67gjpf7y3v"))))
"15fbjya2xrf2k9hhvg3frisrram4yk5wlfz67zj1z8ahpsb2a3r7"))))
(build-system r-build-system)
(arguments
`(#:phases

4
gnu/packages/webkit.scm
View File

@ -54,14 +54,14 @@
(define-public webkitgtk
(package
(name "webkitgtk")
(version "2.18.3")
(version "2.18.4")
(source (origin
(method url-fetch)
(uri (string-append "https://www.webkitgtk.org/releases/"
name "-" version ".tar.xz"))
(sha256
(base32
"17lgn7qwrwqxl1lgmq5icvzmna6aymx4c7al47rp0vvac7hj0m71"))))
"1f1j0r996l20cgkvbwpizn7d4yp58cy334b1pvn4kfb5c2dbpdl7"))))
(build-system cmake-build-system)
(arguments
'(#:tests? #f ; no tests

5
gnu/packages/xfce.scm
View File

@ -492,7 +492,10 @@ your system in categories, so you can quickly find and launch them.")
(build-system gnu-build-system)
(arguments
'(#:configure-flags
(list (string-append "--with-xsession-prefix=" %output))))
(list (string-append "--with-xsession-prefix=" %output))
;; Disable icon cache update.
#:make-flags
'("gtk_update_icon_cache=true")))
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)))

9
gnu/packages/xml.scm
View File

@ -179,6 +179,15 @@ project (but it is usable outside of the Gnome platform).")
based on libxml for XML parsing, tree manipulation and XPath support.")
(license license:x11)))
(define libxslt/fixed
(package
(inherit libxslt)
(source (origin
(inherit (package-source libxslt))
(patches (search-patches "libxslt-CVE-2016-4738.patch"
"libxslt-CVE-2017-5029.patch"
"libxslt-generated-ids.patch"))))))
(define-public perl-graph-readwrite
(package
(name "perl-graph-readwrite")

18
gnu/services/base.scm
View File

@ -516,6 +516,24 @@ stopped before 'kill' is called."
(call-with-output-file "/dev/urandom"
(lambda (urandom)
(dump-port seed urandom))))))
;; Try writing from /dev/hwrng into /dev/urandom.
;; It seems that the file /dev/hwrng always exists, even
;; when there is no hardware random number generator
;; available. So, we handle a failed read or any other error
;; reported by the operating system.
(let ((buf (catch 'system-error
(lambda ()
(call-with-input-file "/dev/hwrng"
(lambda (hwrng)
(get-bytevector-n hwrng 512))))
;; Silence is golden...
(const #f))))
(when buf
(call-with-output-file "/dev/urandom"
(lambda (urandom)
(put-bytevector urandom buf)))))
;; Immediately refresh the seed in case the system doesn't
;; shut down cleanly.
(call-with-input-file "/dev/urandom"

2
gnu/tests/web.scm
View File

@ -154,7 +154,7 @@ echo(\"Computed by php:\".((string)(2+3)));
(root "/srv")
(locations
(list (nginx-php-location)))
(listen "8042")
(listen '("8042"))
(ssl-certificate #f)
(ssl-certificate-key #f))))

8
guix/upstream.scm
View File

@ -278,7 +278,13 @@ and 'interactive' (default)."
((archive-type)
(match (and=> (package-source package) origin-uri)
((? string? uri)
(file-extension (basename uri)))
(let ((type (file-extension (basename uri))))
;; Sometimes we have URLs such as
;; "https://github.com/…/tarball/v0.1", in which case
;; we must not consider "1" as the extension.
(and (or (string-contains type "z")
(string=? type "tar"))
type)))
(_
"gz")))
((url signature-url)