me
/
guix
Archived
1
0
Fork 0
Code

Merge branch 'master' into core-updates

master
Leo Famulari 2018-01-03 14:18:01 -05:00
parent 9d7d8e7181 0c84e8679c
commit 4ed41f472b
No known key found for this signature in database
GPG Key ID: 2646FA30BACA7F08
37 changed files with 923 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README
View File

@ -23,10 +23,9 @@ GNU Guix currently depends on the following packages:
- [[https://gnu.org/software/guile/][GNU Guile 2.2.x or 2.0.x]], version 2.0.9 or later
- [[https://gnupg.org/][GNU libgcrypt]]
- [[https://www.gnu.org/software/make/][GNU Make]]
- [[https://www.gnutls.org][GnuTLS]] compiled with guile support enabled.
- [[https://gitlab.com/guile-git/guile-git][Guile-Git]]
- optionally [[https://savannah.nongnu.org/projects/guile-json/][Guile-JSON]], for the 'guix import pypi' command
- optionally [[https://www.gnutls.org][GnuTLS]] compiled with guile support enabled, for HTTPS support
in the 'guix download' command. Note that 'guix import pypi' requires
this functionality.
Unless `--disable-daemon' was passed, the following packages are needed:

8
gnu/local.mk
View File

@ -119,6 +119,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/dejagnu.scm \
%D%/packages/dico.scm \
%D%/packages/dictionaries.scm \
%D%/packages/digest.scm \
%D%/packages/direct-connect.scm \
%D%/packages/disk.scm \
%D%/packages/display-managers.scm \
@ -639,6 +640,7 @@ dist_patch_DATA = \
%D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \
%D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \
%D%/packages/patches/fontconfig-remove-debug-printf.patch \
%D%/packages/patches/fossil-CVE-2017-17459.patch \
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
%D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \
@ -672,6 +674,11 @@ dist_patch_DATA = \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
%D%/packages/patches/ghostscript-no-header-creationdate.patch \
%D%/packages/patches/ghostscript-runpath.patch \
%D%/packages/patches/gimp-CVE-2017-17784.patch \
%D%/packages/patches/gimp-CVE-2017-17785.patch \
%D%/packages/patches/gimp-CVE-2017-17786.patch \
%D%/packages/patches/gimp-CVE-2017-17787.patch \
%D%/packages/patches/gimp-CVE-2017-17789.patch \
%D%/packages/patches/glib-networking-ssl-cert-file.patch \
%D%/packages/patches/glib-respect-datadir.patch \
%D%/packages/patches/glib-tests-timer.patch \
@ -738,7 +745,6 @@ dist_patch_DATA = \
%D%/packages/patches/heimdal-CVE-2017-11103.patch \
%D%/packages/patches/hmmer-remove-cpu-specificity.patch \
%D%/packages/patches/higan-remove-march-native-flag.patch \
%D%/packages/patches/httpd-CVE-2017-9798.patch \
%D%/packages/patches/hubbub-sort-entities.patch \
%D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch \
%D%/packages/patches/hydra-disable-darcs-test.patch \

14
gnu/packages/admin.scm
View File

@ -13,7 +13,7 @@
;;; Copyright © 2016 Peter Feigl <peter.feigl@nexoid.at>
;;; Copyright © 2016 John J. Foerch <jjfoerch@earthlink.net>
;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
;;; Copyright © 2017 Ben Sturmfels <ben@sturm.com.au>
;;; Copyright © 2017 Ethan R. Jones <doubleplusgood23@gmail.com>
@ -1387,14 +1387,14 @@ of supported upstream metrics systems simultaneously.")
(define-public ansible
(package
(name "ansible")
(version "2.4.1.0")
(version "2.4.2.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "ansible" version))
(sha256
(base32
"0spv0kjaicwss4q52s727b6grdizcxpa0bbsfg26pgf5kjrayqfs"))
"0n3n9py4s3aykiii31xq8g4wmd6693jvby0424pjrg0bna01apri"))
(patches (search-patches "ansible-wrap-program-hack.patch"))))
(build-system python-build-system)
(native-inputs
@ -1413,12 +1413,12 @@ of supported upstream metrics systems simultaneously.")
("python2-paramiko" ,python2-paramiko)))
(arguments
`(#:python ,python-2)) ; incompatible with Python 3
(home-page "http://ansible.com/")
(home-page "https://www.ansible.com/")
(synopsis "Radically simple IT automation")
(description "Ansible is a radically simple IT automation system. It
handles configuration-management, application deployment, cloud provisioning,
ad-hoc task-execution, and multinode orchestration - including trivializing
things like zero downtime rolling updates with load balancers.")
handles configuration management, application deployment, cloud provisioning,
ad hoc task execution, and multinode orchestration---including trivializing
things like zero-downtime rolling updates with load balancers.")
(license license:gpl3+)))
(define-public cpulimit

5
gnu/packages/assembly.scm
View File

@ -3,6 +3,7 @@
;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@ -34,14 +35,14 @@
(define-public nasm
(package
(name "nasm")
(version "2.13.01")
(version "2.13.02")
(source (origin
(method url-fetch)
(uri (string-append "http://www.nasm.us/pub/nasm/releasebuilds/"
version "/" name "-" version ".tar.xz"))
(sha256
(base32
"0plsvcwxc7q3llr3bz10prwq1gn4ll38aqmv0yzfqcq4iw0160ma"))))
"0mqp559rypkv4cz3wb8crkp0s3a3lhcprvypm3vqz0x695gj7hwa"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl) ;for doc and test target
("texinfo" ,texinfo)))

27
gnu/packages/bioinformatics.scm
View File

@ -7,7 +7,7 @@
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2016 Raoul Bonnal <ilpuccio.febo@gmail.com>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
;;;
;;; This file is part of GNU Guix.
@ -493,6 +493,20 @@ BED, GFF/GTF, VCF.")
(base32
"0ykjbps1y3z3085q94npw8i9x5gldc6shy8vlc08v76zljsm07hv"))))
(build-system gnu-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after 'install 'wrap-executables
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out")))
(for-each
(lambda (script)
(wrap-program (string-append out "/bin/" script)
`("R_LIBS_SITE" ":" = (,(getenv "R_LIBS_SITE")))))
'("create_annotations_files.bash"
"create_metaplots.bash"
"Ribotaper_ORF_find.sh"
"Ribotaper.sh"))))))))
(inputs
`(("bedtools" ,bedtools-2.18)
("samtools" ,samtools-0.1)
@ -1439,7 +1453,7 @@ multiple sequence alignments.")
(define-public python-pysam
(package
(name "python-pysam")
(version "0.11.2.2")
(version "0.13.0")
(source (origin
(method url-fetch)
;; Test data is missing on PyPi.
@ -1449,7 +1463,7 @@ multiple sequence alignments.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1cfqdxsqs3xhacns9n0271ck6wkc76px66ddjm91wfw2jxxfklvc"))
"0dzap2axin9cbbl0d825w294bpn00zagfm1sigamm4v2pm5bj9lp"))
(modules '((guix build utils)))
(snippet
;; Drop bundled htslib. TODO: Also remove samtools and bcftools.
@ -3213,7 +3227,7 @@ VCF.")
(define-public htslib
(package
(name "htslib")
(version "1.5")
(version "1.6")
(source (origin
(method url-fetch)
(uri (string-append
@ -3221,7 +3235,7 @@ VCF.")
version "/htslib-" version ".tar.bz2"))
(sha256
(base32
"0bcjmnbwp2bib1z1bkrp95w9v2syzdwdfqww10mkb1hxlmg52ax0"))))
"1jsca3hg4rbr6iqq6imkj4lsvgl8g9768bcmny3hlff2w25vx24m"))))
(build-system gnu-build-system)
(arguments
`(#:phases
@ -3242,7 +3256,8 @@ VCF.")
(synopsis "C library for reading/writing high-throughput sequencing data")
(description
"HTSlib is a C library for reading/writing high-throughput sequencing
data. It also provides the bgzip, htsfile, and tabix utilities.")
data. It also provides the @command{bgzip}, @command{htsfile}, and
@command{tabix} utilities.")
;; Files under cram/ are released under the modified BSD license;
;; the rest is released under the Expat license
(license (list license:expat license:bsd-3))))

24
gnu/packages/compression.scm
View File

@ -10,7 +10,7 @@
;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016 David Craven <david@craven.ch>
;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
@ -58,6 +58,7 @@
#:use-module (gnu packages java)
#:use-module (gnu packages maths)
#:use-module (gnu packages perl)
#:use-module (gnu packages perl-check)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages tls)
@ -1810,24 +1811,27 @@ recreates the stored directory structure by default.")
"ZZipLib is a library based on zlib for accessing zip files.")
(license license:lgpl2.0+)))
(define-public perl-zip
(define-public perl-archive-zip
(package
(name "perl-zip")
(version "1.59")
(name "perl-archive-zip")
(version "1.60")
(source
(origin
(method url-fetch)
(uri (string-append
"mirror://cpan/authors/id/A/AD/ADAMK/Archive-Zip-"
"mirror://cpan/authors/id/P/PH/PHRED/Archive-Zip-"
version ".tar.gz"))
(sha256
(base32
"0m31qlppg65vh32pwxkwjby02q70abx49d2yk6vfd4585fqb27cx"))))
"02y2ylq83hy9kgj57sc0239x65br9sm98c0chsm61s08yc2mpiza"))))
(build-system perl-build-system)
(synopsis "Provides an interface to ZIP archive files")
(description "The Archive::Zip module allows a Perl program to create,
manipulate, read, and write Zip archive files.")
(home-page "http://search.cpan.org/~adamk/Archive-Zip-1.30/")
(native-inputs
;; For tests.
`(("perl-test-mockmodule" ,perl-test-mockmodule)))
(synopsis "Provides an interface to Zip archive files")
(description "The @code{Archive::Zip} module allows a Perl program to
create, manipulate, read, and write Zip archive files.")
(home-page "http://search.cpan.org/dist/Archive-Zip/")
(license license:perl-license)))
(define-public libzip

9
gnu/packages/crypto.scm
View File

@ -3,7 +3,7 @@
;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
@ -595,6 +595,13 @@ data on your platform, so the seed itself will be as random as possible.
(list (string-append "PREFIX=" (assoc-ref %outputs "out")))
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'disable-native-optimisation
;; This package installs more than just headers. Ensure that the
;; cryptest.exe binary & static library aren't CPU model specific.
(lambda _
(substitute* "GNUmakefile"
((" -march=native") ""))
#t))
(delete 'configure))))
(native-inputs
`(("unzip" ,unzip)))

31
gnu/packages/curl.scm
View File

@ -26,10 +26,13 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
#:use-module (guix build-system go)
#:use-module (gnu packages)
#:use-module (gnu packages compression)
#:use-module (gnu packages golang)
#:use-module (gnu packages groff)
#:use-module (gnu packages gsasl)
#:use-module (gnu packages libidn)
@ -131,3 +134,31 @@ tunneling, and so on.")
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
(define-public kurly
(package
(name "kurly")
(version "1.1.0")
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/davidjpeacock/kurly.git")
(commit (string-append "v" version))))
(sha256
(base32
"1q192f457sjypgvwq7grrf8gq8w272p3zf1d5ppc20mriqm0mbc3"))))
(build-system go-build-system)
(arguments
'(#:import-path "github.com/davidjpeacock/kurly"))
(inputs
`(("go-github-com-alsm-ioprogress" ,go-github-com-alsm-ioprogress)
("go-github-com-aki237-nscjar" ,go-github-com-aki237-nscjar)
("go-github-com-davidjpeacock-cli" ,go-github-com-davidjpeacock-cli)))
(synopsis "Command-line HTTP client")
(description "kurly is an alternative to the @code{curl} program written in
Go. kurly is designed to operate in a similar manner to curl, with select
features. Notably, kurly is not aiming for feature parity, but common flags and
mechanisms particularly within the HTTP(S) realm are to be expected. kurly does
not offer a replacement for libcurl.")
(home-page "https://github.com/davidjpeacock/kurly")
(license license:asl2.0)))

55
gnu/packages/digest.scm 100644
View File

@ -0,0 +1,55 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages digest)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu))
(define-public xxhash
(package
(name "xxhash")
(version "0.6.4")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/Cyan4973/xxHash/archive/v"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32 "08nv9h3jzg6y85ysy2dj3qvvfsdz0rwkk497a2366syz278wqw25"))))
(build-system gnu-build-system)
(arguments
`(#:make-flags
(list "CC=gcc"
"XXH_FORCE_MEMORY_ACCESS=1" ; improved performance with GCC
(string-append "prefix=" (assoc-ref %outputs "out")))
#:test-target "test"
#:phases
(modify-phases %standard-phases
(delete 'configure)))) ; no configure script
(home-page "https://cyan4973.github.io/xxHash/")
(synopsis "Extremely fast hash algorithm")
(description
"xxHash is an extremely fast non-cryptographic hash algorithm. It works
at speeds close to RAM limits, and comes in both 32- and 64-bit flavours.
The code is highly portable, and hashes of the same length are identical on all
platforms (both big and little endian).")
(license (list license:bsd-2 ; xxhash library (xxhash.[ch])
license:gpl2+)))) ; xxhsum.c

6
gnu/packages/dns.scm
View File

@ -5,7 +5,7 @@
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
@ -483,14 +483,14 @@ Extensions} (DNSSEC).")
(define-public knot
(package
(name "knot")
(version "2.6.3")
(version "2.6.4")
(source (origin
(method url-fetch)
(uri (string-append "https://secure.nic.cz/files/knot-dns/"
name "-" version ".tar.xz"))
(sha256
(base32
"143pk2124liiq1r4ja1s579nbv3hm2scbbfbfclc2pw60r07mcig"))
"0siqfm6iibx5yfshw40wa2dvmh99bibda6bmj96mbkby0jskf38x"))
(modules '((guix build utils)))
(snippet
'(begin

25
gnu/packages/emacs.scm
View File

@ -6575,3 +6575,28 @@ Feautures:
"@code{evil-matchit} is a minor mode for jumping between matching tags in
evil mode using @kbd{%}. It is a port of @code{matchit} for Vim.")
(license license:gpl3+)))
(define-public emacs-evil-smartparens
(package
(name "emacs-evil-smartparens")
(version "0.4.0")
(source
(origin
(method url-fetch)
(uri (string-append
"https://github.com/expez/evil-smartparens/archive/"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1bwzdd3054d407d5j4m3njsbvmc9r8zzp33m32pj3b3irxrl68q0"))))
(build-system emacs-build-system)
(propagated-inputs
`(("emacs-evil" ,emacs-evil)
("emacs-smartparens" ,emacs-smartparens)))
(home-page "https://github.com/expez/evil-smartparens")
(synopsis "Emacs Evil integration for Smartparens")
(description "@code{emacs-evil-smartparens} is an Emacs minor mode which
makes Evil play nice with Smartparens. Evil is an Emacs minor mode that
emulates Vim features and provides Vim-like key bindings.")
(license license:gpl3+)))

10
gnu/packages/games.scm
View File

@ -4919,7 +4919,8 @@ fight against their plot and save his fellow rabbits from slavery.")
("python-2" ,python-2)))
(build-system gnu-build-system)
(arguments
`(#:phases
`(#:make-flags '("config=release" "verbose=1" "-C" "build/workspaces/gcc")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'delete-bundles
(lambda _
@ -4946,17 +4947,12 @@ fight against their plot and save his fellow rabbits from slavery.")
(zero? (system* "./update-workspaces.sh"
(string-append "--libdir=" lib)
(string-append "--datadir=" data)
"--minimal-flags"
;; TODO: "--with-system-nvtt"
"--with-system-mozjs38"))))))
(add-before 'build 'chdir
(lambda _
(chdir "build/workspaces/gcc")
#t))
(delete 'check)
(replace 'install
(lambda* (#:key inputs outputs #:allow-other-keys)
(chdir "../../../binaries")
(chdir "binaries")
(let* ((out (assoc-ref outputs "out"))
(bin (string-append out "/bin"))
(lib (string-append out "/lib"))

5
gnu/packages/gimp.scm
View File

@ -133,6 +133,11 @@ buffers.")
(uri (string-append "http://download.gimp.org/pub/gimp/v"
(version-major+minor version)
"/gimp-" version ".tar.bz2"))
(patches (search-patches "gimp-CVE-2017-17784.patch"
"gimp-CVE-2017-17785.patch"
"gimp-CVE-2017-17786.patch"
"gimp-CVE-2017-17787.patch"
"gimp-CVE-2017-17789.patch"))
(sha256
(base32
"12k3lp938qdc9cqj29scg55f3bb8iav2fysd29w0s49bqmfa71wi"))))

75
gnu/packages/golang.scm
View File

@ -27,8 +27,10 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix packages)
#:use-module (guix build-system gnu)
#:use-module (guix build-system go)
#:use-module (gnu packages admin)
#:use-module (gnu packages gcc)
#:use-module (gnu packages base)
@ -377,3 +379,76 @@ sequential processes (CSP) concurrent programming features added.")
(supported-systems %supported-systems)))
(define-public go go-1.9)
(define-public go-github-com-alsm-ioprogress
(let ((commit "063c3725f436e7fba0c8f588547bee21ffec7ac5")
(revision "0"))
(package
(name "go-github-com-alsm-ioprogress")
(version (git-version "0.0.0" revision commit))
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/alsm/ioprogress.git")
(commit commit)))
(sha256
(base32
"10ym5qlq77nynmkxbk767f2hfwyxg2k7hrzph05hvgzv833dhivh"))))
(build-system go-build-system)
(arguments
'(#:import-path "github.com/alsm/ioprogress"))
(synopsis "Textual progress bars in Go")
(description "@code{ioprogress} is a Go library with implementations of
@code{io.Reader} and @code{io.Writer} that draws progress bars. The primary use
case for these are for command-line applications but alternate progress bar
writers can be supplied for alternate environments.")
(home-page "https://github.com/alsm/ioprogress")
(license license:expat))))
(define-public go-github-com-aki237-nscjar
(let ((commit "e2df936ddd6050d30dd90c7214c02b5019c42f06")
(revision "0"))
(package
(name "go-github-com-aki237-nscjar")
(version (git-version "0.0.0" revision commit))
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/aki237/nscjar.git")
(commit commit)))
(sha256
(base32
"03y7zzq12qvhsq86lb06sgns8xrkblbn7i7wd886wk3zr5574b96"))))
(build-system go-build-system)
(arguments
'(#:import-path "github.com/aki237/nscjar"))
(synopsis "Handle Netscape / Mozilla cookies")
(description "@code{nscjar} is a Go library used to parse and output
Netscape/Mozilla's old-style cookie files. It also implements a simple cookie
jar struct to manage the cookies added to the cookie jar.")
(home-page "https://github.com/aki237/nscjar")
(license license:expat))))
(define-public go-github-com-davidjpeacock-cli
(let ((commit "8ba6f23b6e36d03666a14bd9421f5e3efcb59aca")
(revision "0"))
(package
(name "go-github-com-davidjpeacock-cli")
(version (git-version "1.19.1" revision commit))
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/davidjpeacock/cli.git")
(commit commit)))
(sha256
(base32
"01s53ny3p0fdx64rnwcnmjj4xpc5adihnh6islsfq5z1ph2phhnj"))))
(build-system go-build-system)
(arguments
'(#:import-path "github.com/davidjpeacock/cli"))
(synopsis "Build command-line interfaces in Go")
(description "@code{cli} is a package for building command line
interfaces in Go. The goal is to enable developers to write fast and
distributable command line applications in an expressive way.")
(home-page "https://github.com/davidjpeacock/cli")
(license license:expat))))

4
gnu/packages/kde-frameworks.scm
View File

@ -3359,6 +3359,10 @@ workspace.")
(mkdir-p ".kde-unit-test/xdg/config")
(with-output-to-file ".kde-unit-test/xdg/config/foorc"
(lambda () #t)) ;; simply touch the file
;; Blacklist a test-function (failing at build.kde.org, too).
(with-output-to-file "autotests/BLACKLIST"
(lambda _
(display "[testSmb]\n*\n")))
;; kuniqueapptest hangs. TODO: Make this test pass.
(zero? (system* "dbus-launch" "ctest" "."
"-E" "kstandarddirstest|kuniqueapptest")))))))

24
gnu/packages/kde.scm
View File

@ -2,6 +2,7 @@
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Mark Meyer <mark@ofosos.org>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@ -259,7 +260,22 @@ plugins, as well as code to create plugins, or complete applications.")
(assoc-ref %build-inputs "libtiff"))
(string-append "-DCMAKE_CXX_FLAGS=-I"
(assoc-ref %build-inputs "ilmbase")
"/include/OpenEXR"))))
"/include/OpenEXR"))
#:phases
(modify-phases %standard-phases
;; Ensure that icons are found at runtime.
;; This works around <https://bugs.gnu.org/22138>.
(add-after 'install 'wrap-executable
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out"))
(qt '("qtbase" "qtsvg")))
(wrap-program (string-append out "/bin/krita")
`("QT_PLUGIN_PATH" ":" prefix
,(map (lambda (label)
(string-append (assoc-ref inputs label)
"/lib/qt5/plugins/"))
qt)))
#t))))))
(native-inputs
`(("curl" ,curl)
("eigen" ,eigen)
@ -349,7 +365,7 @@ used in KDE development tools Kompare and KDevelop.")
(define-public libksysguard
(package
(name "libksysguard")
(version "5.11.2")
(version "5.11.4")
(source
(origin
(method url-fetch)
@ -357,7 +373,7 @@ used in KDE development tools Kompare and KDevelop.")
"/libksysguard-" version ".tar.xz"))
(sha256
(base32
"12d0r4rilydbqdgkm256khvkb9m0hya3p27xqvv3hg77wgxzdl3f"))))
"1ry4478fv7blp80zyhz0xr3qragsddrkzjzmxkdarh01f4p987aq"))))
(native-inputs
`(("extra-cmake-modules" ,extra-cmake-modules)
("pkg-config" ,pkg-config)))
@ -399,7 +415,7 @@ used in KDE development tools Kompare and KDevelop.")
(lambda _
;; TODO: Fix this failing test-case
(zero? (system* "ctest" "-E" "processtest")))))))
(home-page "https://www.kde.org/info/plasma-5.11.2.php")
(home-page "https://www.kde.org/info/plasma-5.11.4.php")
(synopsis "Network enabled task and system monitoring")
(description "KSysGuard can obtain information on system load and
manage running processes. It obtains this information by interacting

2
gnu/packages/libreoffice.scm
View File

@ -926,7 +926,7 @@ and to return information on pronunciations, meanings and synonyms.")
("openssl" ,openssl)
("orcus" ,orcus)
("perl" ,perl)
("perl-zip" ,perl-zip)
("perl-archive-zip" ,perl-archive-zip)
("poppler" ,poppler)
("postgresql" ,postgresql)
("python" ,python)

6
gnu/packages/moreutils.scm
View File

@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@ -30,7 +30,7 @@
(define-public moreutils
(package
(name "moreutils")
(version "0.61")
(version "0.62")
(source
(origin
(method url-fetch)
@ -43,7 +43,7 @@
name "-" version ".tar.gz")))
(sha256
(base32
"12rhzy8hw8vljlf10b7ys9zky0p94fdvd6ihq8w8cnkia4rd6izb"))))
"1gc3rswr0jl0z42pbrmw2zc4gxsyp60hq8cnvrlsig1vk1s9vpwx"))))
(build-system gnu-build-system)
;; For building the manual pages.
(native-inputs

5
gnu/packages/package-management.scm
View File

@ -4,6 +4,7 @@
;;; Copyright © 2017 Muriithi Frederick Muriuki <fredmanglis@gmail.com>
;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
;;; Copyright © 2017 Roel Janssen <roel@gnu.org>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@ -500,13 +501,13 @@ transactions from C or Python.")
(define-public diffoscope
(package
(name "diffoscope")
(version "88")
(version "90")
(source (origin
(method url-fetch)
(uri (pypi-uri name version))
(sha256
(base32
"1zp6nb37igssxg4bqsi3cw5klx4prhcx50mzg4463l50mssn8mp2"))))
"0hhg26vi0z2q4gwklwq4k16hibc4kq16jvyzp6zhr4kspi07wl6i"))))
(build-system python-build-system)
(arguments
`(#:phases (modify-phases %standard-phases

57
gnu/packages/patches/fossil-CVE-2017-17459.patch 100644
View File

@ -0,0 +1,57 @@
Fix CVE-2017-17459:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17459
Patch copied from upstream source repository:
https://www.fossil-scm.org/xfer/info/1f63db591c77108c
Index: src/http_transport.c
==================================================================
--- src/http_transport.c
+++ src/http_transport.c
@@ -73,10 +73,23 @@
if( resetFlag ){
transport.nSent = 0;
transport.nRcvd = 0;
}
}
+
+/*
+** Remove leading "-" characters from the input string.
+**
+** This prevents attacks that try to trick a victim into using
+** a ssh:// URI with a carefully crafted hostname of other
+** parameter that ends up being interpreted as a command-line
+** option by "ssh".
+*/
+static const char *stripLeadingMinus(const char *z){
+ while( z[0]=='-' ) z++;
+ return z;
+}
/*
** Default SSH command
*/
#ifdef _WIN32
@@ -116,17 +129,17 @@
}else{
zHost = mprintf("%s", pUrlData->name);
}
n = blob_size(&zCmd);
blob_append(&zCmd, " ", 1);
- shell_escape(&zCmd, zHost);
+ shell_escape(&zCmd, stripLeadingMinus(zHost));
blob_append(&zCmd, " ", 1);
shell_escape(&zCmd, mprintf("%s", pUrlData->fossil));
blob_append(&zCmd, " test-http", 10);
if( pUrlData->path && pUrlData->path[0] ){
blob_append(&zCmd, " ", 1);
- shell_escape(&zCmd, mprintf("%s", pUrlData->path));
+ shell_escape(&zCmd, mprintf("%s", stripLeadingMinus(pUrlData->path)));
}
if( g.fSshTrace ){
fossil_print("%s\n", blob_str(&zCmd)+n); /* Show tail of SSH command */
}
free(zHost);

41
gnu/packages/patches/gimp-CVE-2017-17784.patch 100644
View File

@ -0,0 +1,41 @@
Fix CVE-2017-17784:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784
https://bugzilla.gnome.org/show_bug.cgi?id=790784
Patch copied from upstream source repository:
https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270
From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Thu, 21 Dec 2017 12:25:32 +0100
Subject: [PATCH] Bug 790784 - (CVE-2017-17784) heap overread in gbr parser /
load_image.
We were assuming the input name was well formed, hence was
nul-terminated. As any data coming from external input, this has to be
thorougly checked.
Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted
to older gimp-2-8 code.
---
plug-ins/common/file-gbr.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
index b028100bef..d3f01d9c56 100644
--- a/plug-ins/common/file-gbr.c
+++ b/plug-ins/common/file-gbr.c
@@ -443,7 +443,8 @@ load_image (const gchar *filename,
{
gchar *temp = g_new (gchar, bn_size);
- if ((read (fd, temp, bn_size)) < bn_size)
+ if ((read (fd, temp, bn_size)) < bn_size ||
+ temp[bn_size - 1] != '\0')
{
g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
_("Error in GIMP brush file '%s'"),
--
2.15.1

171
gnu/packages/patches/gimp-CVE-2017-17785.patch 100644
View File

@ -0,0 +1,171 @@
Fix CVE-2017-17785:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785
https://bugzilla.gnome.org/show_bug.cgi?id=739133
Patch copied from upstream source repository:
https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54
From 1882bac996a20ab5c15c42b0c5e8f49033a1af54 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 29 Oct 2017 15:19:41 +0100
Subject: [PATCH] Bug 739133 - (CVE-2017-17785) Heap overflow while parsing FLI
files.
It is possible to trigger a heap overflow while parsing FLI files. The
RLE decoder is vulnerable to out of boundary writes due to lack of
boundary checks.
The variable "framebuf" points to a memory area which was allocated
with fli_header->width * fli_header->height bytes. The RLE decoder
therefore must never write beyond that limit.
If an illegal frame is detected, the parser won't stop, which means
that the next valid sequence is properly parsed again. This should
allow GIMP to parse FLI files as good as possible even if they are
broken by an attacker or by accident.
While at it, I changed the variable xc to be of type size_t, because
the multiplication of width and height could overflow a 16 bit type.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
(cherry picked from commit edb251a7ef1602d20a5afcbf23f24afb163de63b)
---
plug-ins/file-fli/fli.c | 50 ++++++++++++++++++++++++++++++++++---------------
1 file changed, 35 insertions(+), 15 deletions(-)
diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
index 313efeb977..ffb651e2af 100644
--- a/plug-ins/file-fli/fli.c
+++ b/plug-ins/file-fli/fli.c
@@ -25,6 +25,8 @@
#include "config.h"
+#include <glib/gstdio.h>
+
#include <string.h>
#include <stdio.h>
@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header *fli_header, unsigned char *framebuf)
unsigned short yc;
unsigned char *pos;
for (yc=0; yc < fli_header->height; yc++) {
- unsigned short xc, pc, pcnt;
+ unsigned short pc, pcnt;
+ size_t n, xc;
pc=fli_read_char(f);
xc=0;
pos=framebuf+(fli_header->width * yc);
+ n=(size_t)fli_header->width * (fli_header->height-yc);
for (pcnt=pc; pcnt>0; pcnt--) {
unsigned short ps;
ps=fli_read_char(f);
if (ps & 0x80) {
unsigned short len;
- for (len=-(signed char)ps; len>0; len--) {
+ for (len=-(signed char)ps; len>0 && xc<n; len--) {
pos[xc++]=fli_read_char(f);
}
} else {
unsigned char val;
+ size_t len;
+ len=MIN(n-xc,ps);
val=fli_read_char(f);
- memset(&(pos[xc]), val, ps);
- xc+=ps;
+ memset(&(pos[xc]), val, len);
+ xc+=len;
}
}
}
@@ -564,25 +570,34 @@ void fli_read_lc(FILE *f, s_fli_header *fli_header, unsigned char *old_framebuf,
memcpy(framebuf, old_framebuf, fli_header->width * fli_header->height);
firstline = fli_read_short(f);
numline = fli_read_short(f);
+ if (numline > fli_header->height || fli_header->height-numline < firstline)
+ return;
+
for (yc=0; yc < numline; yc++) {
- unsigned short xc, pc, pcnt;
+ unsigned short pc, pcnt;
+ size_t n, xc;
pc=fli_read_char(f);
xc=0;
pos=framebuf+(fli_header->width * (firstline+yc));
+ n=(size_t)fli_header->width * (fli_header->height-firstline-yc);
for (pcnt=pc; pcnt>0; pcnt--) {
unsigned short ps,skip;
skip=fli_read_char(f);
ps=fli_read_char(f);
- xc+=skip;
+ xc+=MIN(n-xc,skip);
if (ps & 0x80) {
unsigned char val;
+ size_t len;
ps=-(signed char)ps;
val=fli_read_char(f);
- memset(&(pos[xc]), val, ps);
- xc+=ps;
+ len=MIN(n-xc,ps);
+ memset(&(pos[xc]), val, len);
+ xc+=len;
} else {
- fread(&(pos[xc]), ps, 1, f);
- xc+=ps;
+ size_t len;
+ len=MIN(n-xc,ps);
+ fread(&(pos[xc]), len, 1, f);
+ xc+=len;
}
}
}
@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu
yc=0;
numline = fli_read_short(f);
for (lc=0; lc < numline; lc++) {
- unsigned short xc, pc, pcnt, lpf, lpn;
+ unsigned short pc, pcnt, lpf, lpn;
+ size_t n, xc;
pc=fli_read_short(f);
lpf=0; lpn=0;
while (pc & 0x8000) {
@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu
}
pc=fli_read_short(f);
}
+ yc=MIN(yc, fli_header->height);
xc=0;
pos=framebuf+(fli_header->width * yc);
+ n=(size_t)fli_header->width * (fli_header->height-yc);
for (pcnt=pc; pcnt>0; pcnt--) {
unsigned short ps,skip;
skip=fli_read_char(f);
ps=fli_read_char(f);
- xc+=skip;
+ xc+=MIN(n-xc,skip);
if (ps & 0x80) {
unsigned char v1,v2;
ps=-(signed char)ps;
v1=fli_read_char(f);
v2=fli_read_char(f);
- while (ps>0) {
+ while (ps>0 && xc+1<n) {
pos[xc++]=v1;
pos[xc++]=v2;
ps--;
}
} else {
- fread(&(pos[xc]), ps, 2, f);
- xc+=ps << 1;
+ size_t len;
+ len=MIN((n-xc)/2,ps);
+ fread(&(pos[xc]), len, 2, f);
+ xc+=len << 1;
}
}
if (lpf) pos[xc]=lpn;
--
2.15.1

94
gnu/packages/patches/gimp-CVE-2017-17786.patch 100644
View File

@ -0,0 +1,94 @@
Fix CVE-2017-17786:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786
https://bugzilla.gnome.org/show_bug.cgi?id=739134
Both patches copied from upstream source repository:
https://git.gnome.org/browse/gimp/commit/?id=ef9c821fff8b637a2178eab1c78cae6764c50e12
https://git.gnome.org/browse/gimp/commit/?id=22e2571c25425f225abdb11a566cc281fca6f366
From ef9c821fff8b637a2178eab1c78cae6764c50e12 Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Wed, 20 Dec 2017 13:02:38 +0100
Subject: [PATCH] Bug 739134 - (CVE-2017-17786) Out of bounds read / heap
overflow in...
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
... TGA importer.
Be more thorough on valid TGA RGB and RGBA images.
In particular current TGA plug-in can import RGBA as 32 bits (8 bits per
channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and
RGB as 15 and 24 bits.
Maybe there exist more variants, but if they do exist, we simply don't
support them yet.
Thanks to Hanno Böck for the report and a first patch attempt.
(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b)
---
plug-ins/common/file-tga.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c
index aef98702d4..426acc2925 100644
--- a/plug-ins/common/file-tga.c
+++ b/plug-ins/common/file-tga.c
@@ -564,12 +564,16 @@ load_image (const gchar *filename,
}
break;
case TGA_TYPE_COLOR:
- if (info.bpp != 15 && info.bpp != 16 &&
- info.bpp != 24 && info.bpp != 32)
+ if ((info.bpp != 15 && info.bpp != 16 &&
+ info.bpp != 24 && info.bpp != 32) ||
+ ((info.bpp == 15 || info.bpp == 24) &&
+ info.alphaBits != 0) ||
+ (info.bpp == 16 && info.alphaBits != 1) ||
+ (info.bpp == 32 && info.alphaBits != 8))
{
- g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)",
+ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)",
gimp_filename_to_utf8 (filename),
- info.imageType, info.bpp);
+ info.imageType, info.bpp, info.alphaBits);
return -1;
}
break;
--
2.15.1
From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Wed, 20 Dec 2017 13:26:26 +0100
Subject: [PATCH] plug-ins: TGA 16-bit RGB (without alpha bit) is also valid.
According to some spec on the web, 16-bit RGB is also valid. In this
case, the last bit is simply ignored (at least that's how it is
implemented right now).
(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077)
---
plug-ins/common/file-tga.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c
index 426acc2925..eb14a1dadc 100644
--- a/plug-ins/common/file-tga.c
+++ b/plug-ins/common/file-tga.c
@@ -568,7 +568,8 @@ load_image (const gchar *filename,
info.bpp != 24 && info.bpp != 32) ||
((info.bpp == 15 || info.bpp == 24) &&
info.alphaBits != 0) ||
- (info.bpp == 16 && info.alphaBits != 1) ||
+ (info.bpp == 16 && info.alphaBits != 1 &&
+ info.alphaBits != 0) ||
(info.bpp == 32 && info.alphaBits != 8))
{
g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)",
--
2.15.1

42
gnu/packages/patches/gimp-CVE-2017-17787.patch 100644
View File

@ -0,0 +1,42 @@
Fix CVE-2017-17787:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787
https://bugzilla.gnome.org/show_bug.cgi?id=790853
Patch copied from upstream source repository:
https://git.gnome.org/browse/gimp/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d
From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Thu, 21 Dec 2017 12:49:41 +0100
Subject: [PATCH] Bug 790853 - (CVE-2017-17787) heap overread in psp importer.
As any external data, we have to check that strings being read at fixed
length are properly nul-terminated.
(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d)
---
plug-ins/common/file-psp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index 4cbafe37b1..e350e4d88d 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -890,6 +890,12 @@ read_creator_block (FILE *f,
g_free (string);
return -1;
}
+ if (string[length - 1] != '\0')
+ {
+ g_message ("Creator keyword data not nul-terminated");
+ g_free (string);
+ return -1;
+ }
switch (keyword)
{
case PSP_CRTR_FLD_TITLE:
--
2.15.1

48
gnu/packages/patches/gimp-CVE-2017-17789.patch 100644
View File

@ -0,0 +1,48 @@
Fix CVE-2017-17789:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789
https://bugzilla.gnome.org/show_bug.cgi?id=790849
Patch copied from upstream source repository:
https://git.gnome.org/browse/gimp/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f
From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001
From: Jehan <jehan@girinstud.io>
Date: Wed, 20 Dec 2017 16:44:20 +0100
Subject: [PATCH] Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer
overflow...
... in PSP importer.
Check if declared block length is valid (i.e. within the actual file)
before going further.
Consider the file as broken otherwise and fail loading it.
(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8)
---
plug-ins/common/file-psp.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
index ac0fff78f0..4cbafe37b1 100644
--- a/plug-ins/common/file-psp.c
+++ b/plug-ins/common/file-psp.c
@@ -1771,6 +1771,15 @@ load_image (const gchar *filename,
{
block_start = ftell (f);
+ if (block_start + block_total_len > st.st_size)
+ {
+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+ _("Could not open '%s' for reading: %s"),
+ gimp_filename_to_utf8 (filename),
+ _("invalid block size"));
+ goto error;
+ }
+
if (id == PSP_IMAGE_BLOCK)
{
if (block_number != 0)
--
2.15.1

22
gnu/packages/patches/httpd-CVE-2017-9798.patch
View File

@ -1,22 +0,0 @@
Fixes "options bleed", aka. CVE-2017-9798:
https://nvd.nist.gov/vuln/detail/CVE-2017-9798
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
From <https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch>.
--- a/server/core.c 2017/08/16 16:50:29 1805223
+++ b/server/core.c 2017/09/08 13:13:11 1807754
@@ -2266,6 +2266,12 @@
/* method has not been registered yet, but resource restriction
* is always checked before method handling, so register it.
*/
+ if (cmd->pool == cmd->temp_pool) {
+ /* In .htaccess, we can't globally register new methods. */
+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
+ "for %s from .htaccess configuration",
+ method, cmd->cmd->name);
+ }
methnum = ap_method_register(cmd->pool,
apr_pstrdup(cmd->pool, method));
}

37
gnu/packages/perl-check.scm
View File

@ -10,7 +10,7 @@
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
;;; Copyright © 2017 Petter <petter@mykolab.ch>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@ -35,6 +35,11 @@
#:use-module (guix build-system perl)
#:use-module (gnu packages perl))
;;;
;;; Please: Try to add new module packages in alphabetic order.
;;;
(define-public perl-test2-bundle-extended
(package
(name "perl-test2-bundle-extended")
@ -606,6 +611,36 @@ memory_cycle_ok( $object );
@end example")
(license artistic2.0)))
(define-public perl-test-mockmodule
(package
(name "perl-test-mockmodule")
(version "0.13")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://cpan/authors/id/G/GF/GFRANKS/"
"Test-MockModule-" version ".tar.gz"))
(sha256
(base32 "0lwh6fvnc16r6d74vvh5h4b5a1spcslpjb3mcqbv23k01lm78wvl"))))
(build-system perl-build-system)
(native-inputs
`(("perl-module-build" ,perl-module-build)
;; For tests.
("perl-test-pod" ,perl-test-pod)
("perl-test-pod-coverage" ,perl-test-pod-coverage)))
(propagated-inputs
`(("perl-super" ,perl-super)))
(home-page "http://search.cpan.org/dist/Test-MockModule/")
(synopsis "Override subroutines in a module for unit testing")
(description
"@code{Test::MockModule} lets you temporarily redefine subroutines in other
packages for the purposes of unit testing. A @code{Test::MockModule} object is
set up to mock subroutines for a given module. The mocked object remembers the
original subroutine so it can be easily restored. This happens automatically
when all @code{MockModule} objects for the given module go out of scope, or when
you @code{unmock()} the subroutine.")
(license gpl3)))
(define-public perl-test-mockobject
(package
(name "perl-test-mockobject")

49
gnu/packages/perl.scm
View File

@ -15,7 +15,7 @@
;;; Copyright © 2017 Raoul J.P. Bonnal <ilpuccio.febo@gmail.com>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Christopher Allan Webber <cwebber@dustycloud.org>
;;;
@ -42,6 +42,7 @@
#:use-module (guix build-system gnu)
#:use-module (guix build-system perl)
#:use-module (gnu packages base)
#:use-module (gnu packages compression)
#:use-module (gnu packages perl-check)
#:use-module (gnu packages perl-web)
#:use-module (gnu packages pkg-config))
@ -261,26 +262,6 @@ variable ANY_MOOSE to be Moose or Mouse.")
configuration files and parsing command line arguments.")
(license (package-license perl))))
(define-public perl-archive-zip
(package
(name "perl-archive-zip")
(version "1.30")
(source
(origin
(method url-fetch)
(uri (string-append
"mirror://cpan/authors/id/A/AD/ADAMK/Archive-Zip-"
version ".tar.gz"))
(sha256
(base32
"0633zah5z9njiqnvy3vh42fjymncmil1jdfb7d18w8xpfzzp5d7q"))))
(build-system perl-build-system)
(synopsis "Perl API to zip files")
(description "The Archive::Zip module allows a Perl program to create,
manipulate, read, and write Zip archive files.")
(home-page "http://search.cpan.org/~phred/Archive-Zip-1.37/lib/Archive/Zip.pm")
(license (package-license perl))))
(define-public perl-array-utils
(package
(name "perl-array-utils")
@ -7106,6 +7087,32 @@ The idea is just to fool caller(). All the really naughty bits of Tcl's
uplevel() are avoided.")
(license (package-license perl))))
(define-public perl-super
(package
(name "perl-super")
(version "1.20141117")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://cpan/authors/id/C/CH/CHROMATIC/"
"SUPER-" version ".tar.gz"))
(sha256
(base32 "1cn05kacg0xfbm1zzksm2yx2pnrzqja4d9163cxv3sdfc1yhwqhs"))))
(build-system perl-build-system)
(native-inputs
`(("perl-module-build" ,perl-module-build)))
(propagated-inputs
`(("perl-sub-identify" ,perl-sub-identify)))
(home-page "http://search.cpan.org/dist/SUPER/")
(synopsis "Control superclass method dispatching")
(description
"When subclassing a class, you may occasionally want to dispatch control to
the superclass---at least conditionally and temporarily. This module provides
nicer equivalents to the native Perl syntax for calling superclasses, along with
a universal @code{super} method to determine a class' own superclass, and better
support for run-time mix-ins and roles.")
(license perl-license)))
(define-public perl-svg
(package
(name "perl-svg")

7
gnu/packages/python.scm
View File

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015, 2016 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2017 Eric Bavier <bavier@member.fsf.org>
@ -5452,14 +5452,14 @@ plugins that intend to support Flake8 2.x and 3.x simultaneously.")
(define-public python-mistune
(package
(name "python-mistune")
(version "0.7.3")
(version "0.8.3")
(source
(origin
(method url-fetch)
(uri (pypi-uri "mistune" version))
(sha256
(base32
"04xpk1zvslhq3xpnf01g3ag0dy9wfv4z28p093r8k49vvxlyil11"))))
"06b662p6kf46wh2jsabaqhaq4bz1srh2zxkrnx4yg96azlxw645w"))))
(build-system python-build-system)
(native-inputs
`(("python-nose" ,python-nose)
@ -6582,6 +6582,7 @@ Jupyter kernels such as IJulia and IRKernel.")
(define python-jupyter-console-minimal
(package
(inherit python-jupyter-console)
(name "python-jupyter-console-minimal")
(arguments
(substitute-keyword-arguments
(package-arguments python-jupyter-console)

5
gnu/packages/regex.scm
View File

@ -2,6 +2,7 @@
;;; Copyright © 2014 John Darrington
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@ -28,7 +29,7 @@
(define-public re2
(package
(name "re2")
(version "2017-12-01")
(version "2018-01-01")
(source (origin
(method url-fetch)
(uri
@ -38,7 +39,7 @@
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"03gv50hv7yaspx3ls8g8l1yj8nszbc3mplhcf4cr95fcsxy7wyb2"))))
"1hhp8gi0lzw1mvnksb112rc9kcz4j9kjic7v6gbgzyfgk43996mr"))))
(build-system gnu-build-system)
(arguments
`(#:modules ((guix build gnu-build-system)

4
gnu/packages/shells.scm
View File

@ -381,14 +381,14 @@ ksh, and tcsh.")
(define-public xonsh
(package
(name "xonsh")
(version "0.5.12")
(version "0.6.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "xonsh" version))
(sha256
(base32
"1yz595hx5bni524m73cx8a08vcr6vfksfci14nx2ylz53igzva2c"))
"1ikd1xg4iyjqp51y8g8n6c4y39bgx85xnb4bdd3zibkqac3lrahr"))
(modules '((guix build utils)))
(snippet
`(begin

2
gnu/packages/version-control.scm
View File

@ -1503,6 +1503,8 @@ repository\" with git-annex.")
(string-append
"https://www.fossil-scm.org/index.html/uv/"
"fossil-src-" version ".tar.gz")))
(patches (search-patches "fossil-CVE-2017-17459.patch"))
(patch-flags '("-p0"))
(sha256
(base32
"0wfgacfg29dkl0c3l1rp5ji0kraa64gcbg5lh8p4m7mqdqcq53wv"))))

4
gnu/packages/video.scm
View File

@ -1808,7 +1808,7 @@ be used for realtime video capture via Linux-specific APIs.")
(define-public obs
(package
(name "obs")
(version "18.0.2")
(version "20.1.3")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/jp9000/obs-studio"
@ -1816,7 +1816,7 @@ be used for realtime video capture via Linux-specific APIs.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"02pbiyvf5x0zh448h5rpmyn33qnsqk694xxlyns83mdi74savyqw"))))
"1g5z6z050v25whc7n3xvg6l238wmg5crp7ihvk73qngvzxr8bg28"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f)) ; no tests

5
gnu/packages/web.scm
View File

@ -109,15 +109,14 @@
(define-public httpd
(package
(name "httpd")
(version "2.4.27")
(version "2.4.29")
(source (origin
(method url-fetch)
(uri (string-append "mirror://apache/httpd/httpd-"
version ".tar.bz2"))
(sha256
(base32
"0fn1778mxhf78np2d8qlycg1c2ak18rxax41plahasca4clc3z3i"))
(patches (search-patches "httpd-CVE-2017-9798.patch"))))
"003z3yckkdihfv69rgqsik1w2jsnh14j3ci8fjia4s2mlajm6xvp"))))
(build-system gnu-build-system)
(native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config'
(inputs `(("apr" ,apr)

115
gnu/packages/wine.scm
View File

@ -2,7 +2,7 @@
;;; Copyright © 2014, 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
;;; Copyright © 2017, 2018 Rutger Helling <rhelling@mykolab.com>
;;; Copyright © 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;;
;;; This file is part of GNU Guix.
@ -55,19 +55,20 @@
#:use-module (gnu packages tls)
#:use-module (gnu packages video)
#:use-module (gnu packages xml)
#:use-module (gnu packages xorg))
#:use-module (gnu packages xorg)
#:use-module (ice-9 match))
(define-public wine
(package
(name "wine")
(version "2.0.3")
(version "2.0.4")
(source (origin
(method url-fetch)
(uri (string-append "https://dl.winehq.org/wine/source/2.0"
"/wine-" version ".tar.xz"))
(sha256
(base32
"0mmyc94r5drffir8zr8jx6iawhgfzjk96fj494aa18vhz1jcc4d8"))))
"0nlq6apyq7hq36l3g6gw76lhi8ijz11v3v8m4vxy8d6x1qsppq5m"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)
("gettext" ,gettext-minimal)
@ -113,19 +114,24 @@
("v4l-utils" ,v4l-utils)
("zlib" ,zlib)))
(arguments
`(;; Force a 32-bit build (under the assumption that this package is
;; being used on an IA32-compatible architecture.)
#:system "i686-linux"
`(;; Force a 32-bit build targeting a similar architecture, i.e.:
;; armhf for armhf/aarch64, i686 for i686/x86_64.
#:system ,@(match (%current-system)
((or "armhf-linux" "aarch64-linux")
`("armhf-linux"))
(_
`("i686-linux")))
;; XXX: There's a test suite, but it's unclear whether it's supposed to
;; pass.
#:tests? #f
#:configure-flags
(list (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib"))
(list (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib/wine32"))
#:make-flags
(list "SHELL=bash")
(list "SHELL=bash"
(string-append "libdir=" %output "/lib/wine32"))
#:phases
(modify-phases %standard-phases
@ -141,7 +147,7 @@
(format #f "~a\"~a\"" defso (find-so soname))))
#t))))))
(home-page "https://www.winehq.org/")
(synopsis "Implementation of the Windows API")
(synopsis "Implementation of the Windows API (32-bit only)")
(description
"Wine (originally an acronym for \"Wine Is Not an Emulator\") is a
compatibility layer capable of running Windows applications. Instead of
@ -153,22 +159,56 @@ integrate Windows applications into your desktop.")
;; It really only supports IA32, but building on x86_64 will have the same
;; effect as building on i686 anyway.
(supported-systems '("i686-linux" "x86_64-linux"))))
(supported-systems (delete "mips64el-linux" %supported-systems))))
(define-public wine64
(package
(inherit wine)
(name "wine64")
(inputs `(("wine" ,wine)
,@(package-inputs wine)))
(arguments
`(#:make-flags
(list "SHELL=bash"
(string-append "libdir=" %output "/lib"))
(string-append "libdir=" %output "/lib/wine64"))
#:phases
(modify-phases %standard-phases
(add-after 'install 'copy-wine32-binaries
(lambda* (#:key outputs #:allow-other-keys)
(let* ((wine32 (assoc-ref %build-inputs "wine"))
(out (assoc-ref %outputs "out")))
;; Copy the 32-bit binaries needed for WoW64.
(copy-file (string-append wine32 "/bin/wine")
(string-append out "/bin/wine"))
(copy-file (string-append wine32 "/bin/wine-preloader")
(string-append out "/bin/wine-preloader"))
#t)))
(add-after 'compress-documentation 'copy-wine32-manpage
(lambda* (#:key outputs #:allow-other-keys)
(let* ((wine32 (assoc-ref %build-inputs "wine"))
(out (assoc-ref %outputs "out")))
;; Copy the missing man file for the wine binary from wine.
(copy-file (string-append wine32 "/share/man/man1/wine.1.gz")
(string-append out "/share/man/man1/wine.1.gz"))
#t)))
(add-after 'configure 'patch-dlopen-paths
;; Hardcode dlopened sonames to absolute paths.
(lambda _
(let* ((library-path (search-path-as-string->list
(getenv "LIBRARY_PATH")))
(find-so (lambda (soname)
(search-path library-path soname))))
(substitute* "include/config.h"
(("(#define SONAME_.* )\"(.*)\"" _ defso soname)
(format #f "~a\"~a\"" defso (find-so soname))))
#t))))
#:configure-flags
(list "--enable-win64"
(string-append "LDFLAGS=-Wl,-rpath=" %output "/lib"))
,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:system)
(string-append "LDFLAGS=-Wl,-rpath=" %output "/lib/wine64"))
,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:phases
#:system)
(package-arguments wine))))
(synopsis "Implementation of the Windows API (64-bit version)")
(synopsis "Implementation of the Windows API (WoW64 version)")
(supported-systems '("x86_64-linux" "aarch64-linux"))))
;; TODO: This is wine development version, provided for historical reasons.
@ -202,7 +242,7 @@ integrate Windows applications into your desktop.")
(inputs `(("gtk+", gtk+)
("libva", libva)
,@(package-inputs wine)))
(synopsis "Implementation of the Windows API (staging branch)")
(synopsis "Implementation of the Windows API (staging branch, 32-bit only)")
(description "Wine-Staging is the testing area of Wine. It
contains bug fixes and features, which have not been integrated into
the development branch yet. The idea of Wine-Staging is to provide
@ -221,15 +261,50 @@ integrated into the main branch.")
(package
(inherit wine-staging)
(name "wine64-staging")
(inputs `(("wine-staging" ,wine-staging)
,@(package-inputs wine-staging)))
(arguments
`(#:make-flags
(list "SHELL=bash"
(string-append "libdir=" %output "/lib"))
(string-append "libdir=" %output "/lib/wine64"))
#:phases
(modify-phases %standard-phases
(add-after 'install 'copy-wine32-binaries
(lambda* (#:key outputs #:allow-other-keys)
(let* ((wine32 (assoc-ref %build-inputs "wine-staging"))
(out (assoc-ref %outputs "out")))
;; Copy the 32-bit binaries needed for WoW64.
(copy-file (string-append wine32 "/bin/wine")
(string-append out "/bin/wine"))
(copy-file (string-append wine32 "/bin/wine-preloader")
(string-append out "/bin/wine-preloader"))
#t)))
(add-after 'compress-documentation 'copy-wine32-manpage
(lambda* (#:key outputs #:allow-other-keys)
(let* ((wine32 (assoc-ref %build-inputs "wine-staging"))
(out (assoc-ref %outputs "out")))
;; Copy the missing man file for the wine binary from
;; wine-staging.
(copy-file (string-append wine32 "/share/man/man1/wine.1.gz")
(string-append out "/share/man/man1/wine.1.gz"))
#t)))
(add-after 'configure 'patch-dlopen-paths
;; Hardcode dlopened sonames to absolute paths.
(lambda _
(let* ((library-path (search-path-as-string->list
(getenv "LIBRARY_PATH")))
(find-so (lambda (soname)
(search-path library-path soname))))
(substitute* "include/config.h"
(("(#define SONAME_.* )\"(.*)\"" _ defso soname)
(format #f "~a\"~a\"" defso (find-so soname))))
#t))))
#:configure-flags
(list "--enable-win64"
(string-append "LDFLAGS=-Wl,-rpath=" %output "/lib"))
,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:system)
(string-append "LDFLAGS=-Wl,-rpath=" %output "/lib/wine64"))
,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:phases
#:system)
(package-arguments wine-staging))))
(synopsis "Implementation of the Windows API (staging branch, 64-bit
(synopsis "Implementation of the Windows API (staging branch, WoW64
version)")
(supported-systems '("x86_64-linux" "aarch64-linux"))))

4
guix/ui.scm
View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014 Cyril Roelandt <tipecaml@gmail.com>
@ -387,7 +387,7 @@ exiting. ARGS is the list of arguments received by the 'throw' handler."
"Display version information for COMMAND and `(exit 0)'."
(simple-format #t "~a (~a) ~a~%"
command %guix-package-name %guix-version)
(format #t "Copyright ~a 2017 ~a"
(format #t "Copyright ~a 2018 ~a"
;; TRANSLATORS: Translate "(C)" to the copyright symbol
;; (C-in-a-circle), if this symbol is available in the user's
;; locale. Otherwise, do not translate "(C)"; leave it as-is. */

7
nix/scripts/list-runtime-roots.in
View File

@ -130,12 +130,13 @@ or the empty list."
(< (string->number a) (string->number b))))))
(define canonicalize-store-item
(let ((prefix (+ 1 (string-length %store-directory))))
(let* ((store (string-append %store-directory "/"))
(prefix (string-length store)))
(lambda (file)
"Return #f if FILE is not a store item; otherwise, return the store file
name without any sub-directory components."
(and (string-prefix? %store-directory file)
(string-append %store-directory "/"
(and (string-prefix? store file)
(string-append store
(let ((base (string-drop file prefix)))
(match (string-index base #\/)
(#f base)