diff --git a/doc/guix.texi b/doc/guix.texi index b9bf986640..46d9e77fe6 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -3795,7 +3795,7 @@ does not have any effect on what the G-expression does. content is directly passed as a string. @deffn {Scheme Procedure} local-file @var{file} [@var{name}] @ - [#:recursive? #t] + [#:recursive? #f] Return an object representing local file @var{file} to add to the store; this object can be used in a gexp. If @var{file} is a relative file name, it is looked up relative to the source file where this form appears. @var{file} will be added to @@ -5545,6 +5545,16 @@ accept connections from any interface. Change privileges to @var{user} as soon as possible---i.e., once the server socket is open and the signing key has been read. +@item --ttl=@var{ttl} +Produce @code{Cache-Control} HTTP headers that advertise a time-to-live +(TTL) of @var{ttl}. @var{ttl} must denote a duration: @code{5d} means 5 +days, @code{1m} means 1 month, and so on. + +This allows the user's Guix to keep substitute information in cache for +@var{ttl}. However, note that @code{guix publish} does not itself +guarantee that the store items it provides will indeed remain available +for as long as @var{ttl}. + @item --repl[=@var{port}] @itemx -r [@var{port}] Spawn a Guile REPL server (@pxref{REPL Servers,,, guile, GNU Guile @@ -6048,7 +6058,7 @@ passphrase for the network you are connecting to: @example network=@{ - ssid=@var{my-ssid} + ssid="@var{my-ssid}" key_mgmt=WPA-PSK psk="the network's secret passphrase" @} diff --git a/gnu/local.mk b/gnu/local.mk index ef7b4df7f9..15c5138679 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -480,6 +480,7 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-source-date-epoch.patch \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ + %D%/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch \ %D%/packages/patches/expat-CVE-2015-1283-refix.patch \ %D%/packages/patches/expat-CVE-2016-0718.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ @@ -538,6 +539,7 @@ dist_patch_DATA = \ %D%/packages/patches/gtk3-respect-GUIX_GTK3_PATH.patch \ %D%/packages/patches/gtkglext-disable-disable-deprecated.patch \ %D%/packages/patches/hdf5-config-date.patch \ + %D%/packages/patches/higan-remove-march-native-flag.patch \ %D%/packages/patches/hop-bigloo-4.0b.patch \ %D%/packages/patches/hop-linker-flags.patch \ %D%/packages/patches/hydra-automake-1.15.patch \ @@ -545,6 +547,20 @@ dist_patch_DATA = \ %D%/packages/patches/hypre-doc-tables.patch \ %D%/packages/patches/hypre-ldflags.patch \ %D%/packages/patches/icecat-avoid-bundled-includes.patch \ + %D%/packages/patches/icecat-CVE-2016-2818-pt1.patch \ + %D%/packages/patches/icecat-CVE-2016-2818-pt2.patch \ + %D%/packages/patches/icecat-CVE-2016-2818-pt3.patch \ + %D%/packages/patches/icecat-CVE-2016-2818-pt4.patch \ + %D%/packages/patches/icecat-CVE-2016-2818-pt5.patch \ + %D%/packages/patches/icecat-CVE-2016-2818-pt6.patch \ + %D%/packages/patches/icecat-CVE-2016-2818-pt7.patch \ + %D%/packages/patches/icecat-CVE-2016-2818-pt8.patch \ + %D%/packages/patches/icecat-CVE-2016-2818-pt9.patch \ + %D%/packages/patches/icecat-CVE-2016-2819.patch \ + %D%/packages/patches/icecat-CVE-2016-2821.patch \ + %D%/packages/patches/icecat-CVE-2016-2824.patch \ + %D%/packages/patches/icecat-CVE-2016-2828.patch \ + %D%/packages/patches/icecat-CVE-2016-2831.patch \ %D%/packages/patches/icedtea-remove-overrides.patch \ %D%/packages/patches/icu4c-CVE-2014-6585.patch \ %D%/packages/patches/icu4c-CVE-2015-1270.patch \ @@ -597,6 +613,7 @@ dist_patch_DATA = \ %D%/packages/patches/libtiff-oob-write-in-nextdecode.patch \ %D%/packages/patches/libtool-skip-tests2.patch \ %D%/packages/patches/libunwind-CVE-2015-3239.patch \ + %D%/packages/patches/libvpx-CVE-2016-2818.patch \ %D%/packages/patches/libwmf-CAN-2004-0941.patch \ %D%/packages/patches/libwmf-CVE-2006-3376.patch \ %D%/packages/patches/libwmf-CVE-2007-0455.patch \ @@ -722,7 +739,9 @@ dist_patch_DATA = \ %D%/packages/patches/ripperx-missing-file.patch \ %D%/packages/patches/rpm-CVE-2014-8118.patch \ %D%/packages/patches/rsem-makefile.patch \ + %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \ %D%/packages/patches/ruby-symlinkfix.patch \ + %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ %D%/packages/patches/rush-CVE-2013-6889.patch \ %D%/packages/patches/sed-hurd-path-max.patch \ %D%/packages/patches/scheme48-tests.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index abfef36660..78f36a18cf 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -10,6 +10,7 @@ ;;; Copyright © 2016 Pjotr Prins ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2016 Peter Feigl ;;; ;;; This file is part of GNU Guix. ;;; @@ -58,6 +59,7 @@ #:use-module (gnu packages mcrypt) #:use-module (gnu packages pkg-config) #:use-module (gnu packages popt) + #:use-module (gnu packages python) #:use-module (gnu packages texinfo) #:use-module (gnu packages groff) #:use-module (gnu packages pciutils) @@ -1643,3 +1645,39 @@ results (ndiff), and a packet generation and response analysis tool (nping).") ;; This package uses nmap's bundled versions of libdnet and liblinear, which ;; both use a 3-clause BSD license. (license (list license:nmap license:bsd-3)))) + +(define-public dstat + (package + (name "dstat") + (version "0.7.3") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/dagwieers/dstat/archive/" + version ".tar.gz")) + (file-name (string-append "dstat-" version ".tar.gz")) + (sha256 + (base32 + "16286z3y2lc9nsq8njzjkv6k2vyxrj9xiixj1k3gnsbvhlhkirj6")))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ;; no make check + #:make-flags (let ((out (assoc-ref %outputs "out"))) + (list (string-append "DESTDIR=" out) + "prefix=/")) + ;; no configure script + #:phases (alist-delete 'configure %standard-phases))) + (inputs `(("python-2" ,python-2))) + (synopsis "Versatile resource statistics tool") + (description "Dstat is a versatile replacement for @command{vmstat}, +@command{iostat}, @command{netstat}, and @command{ifstat}. Dstat overcomes +some of their limitations and adds some extra features, more counters and +flexibility. Dstat is handy for monitoring systems during performance tuning +tests, benchmarks or troubleshooting. + +Dstat allows you to view all of your system resources in real-time, you can, +e.g., compare disk utilization in combination with interrupts from your IDE +controller, or compare the network bandwidth numbers directly with the disk +throughput (in the same interval).") + (home-page "http://dag.wiee.rs/home-made/dstat/") + (license license:gpl2+))) diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm index 2b2dce9e9e..95c80438e9 100644 --- a/gnu/packages/check.scm +++ b/gnu/packages/check.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2015 Andreas Enge ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Roel Janssen +;;; Copyright © 2016 Lukas Gradl ;;; ;;; This file is part of GNU Guix. ;;; @@ -24,6 +25,7 @@ (define-module (gnu packages check) #:use-module (gnu packages) #:use-module (gnu packages autotools) + #:use-module (gnu packages python) #:use-module (guix licenses) #:use-module (guix packages) #:use-module (guix download) @@ -193,3 +195,62 @@ in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).") (license gpl3+))) + +(define-public googletest + (package + (name "googletest") + (version "1.7.0") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/google/googletest/archive/" + "release-" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1k0nf1l9cb3prdmsvaajl5i31bx86c1mw0d5jgzykz7rzm36afpp")))) + (build-system gnu-build-system) + (native-inputs + `(("python-2" ,python-2) + ("autoconf" ,autoconf) + ("automake" ,automake) + ("libtool" ,libtool))) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'configure 'autoconf + (lambda _ + (zero? (system* "autoreconf" "-vfi")))) + (add-before 'autoconf 'generate-headers + (lambda _ + (begin + (delete-file "include/gtest/gtest-param-test.h") + (system* "python2" "scripts/pump.py" + "include/gtest/gtest-param-test.h.pump") + (delete-file "include/gtest/internal/gtest-tuple.h") + (system* "python2" "scripts/pump.py" + "include/gtest//internal/gtest-tuple.h.pump") + (delete-file + "include/gtest/internal/gtest-param-util-generated.h") + (system* + "python2" "scripts/pump.py" + "include/gtest/internal/gtest-param-util-generated.h.pump") + (delete-file "include/gtest/internal/gtest-type-util.h") + (system* "python2" "scripts/pump.py" + "include/gtest/internal/gtest-type-util.h.pump")))) + (replace 'install + (lambda _ + (let ((out (assoc-ref %outputs "out"))) + (begin + (install-file "lib/.libs/libgtest_main.a" + (string-append out "/lib")) + (install-file "lib/.libs/libgtest.a" + (string-append out "/lib")) + (copy-recursively "include" + (string-append out "/include"))))))))) + (home-page "https://github.com/google/googletest/") + (synopsis "Test discovery and XUnit test framework") + (description "Google Test features an XUnit test framework, automated test +discovery, death tests, assertions, parameterized tests and XML test report +generation.") + (license bsd-3))) diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm index b2ea848937..3f0b508d3c 100644 --- a/gnu/packages/crypto.scm +++ b/gnu/packages/crypto.scm @@ -53,7 +53,7 @@ communication, encryption, decryption, signatures, etc.") (define-public signify (package (name "signify") - (version "17") + (version "18") (source (origin (method url-fetch) (uri (string-append "https://github.com/aperezdc/signify/" @@ -61,7 +61,7 @@ communication, encryption, decryption, signatures, etc.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0kfv2k1fqck31vwlnicavb0h541ilad9zd7j8zz8x2kx36wwqpr7")))) + "00lbjiy0gv1b1fvrd6ni4qah96ah4qf6aig05vd2hji4vs00jgwg")))) (build-system gnu-build-system) ;; TODO Build with libwaive (described in README.md), to implement something ;; like OpenBSD's pledge(). diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 80aa54f7a2..a912166e84 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -405,6 +405,67 @@ types are supported, as is encryption.") (license gpl3+) (home-page "http://www.gnu.org/software/recutils/"))) +(define-public sparql-query + (package + (name "sparql-query") + (version "1.1") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/tialaramex/" + name "/archive/" version ".tar.gz")) + (sha256 + (base32 "0yq3k20472rv8npcc420q9ab6idy584g5y0q501d360k5q0ggr8w")) + (file-name (string-append name "-" version ".tar.gz")))) + (build-system gnu-build-system) + (inputs + `(("readline" ,readline) + ("ncurses" ,ncurses) + ("glib" ,glib) + ("libxml2" ,libxml2) + ("curl" ,curl))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (arguments + `(#:make-flags '("CC=gcc") + #:phases + (modify-phases %standard-phases + (delete 'configure) + ;; The Makefile uses git to obtain versioning information. This phase + ;; substitutes the git invocation with the package version. + (add-after 'unpack 'remove-git-dependency + (lambda _ + (substitute* "Makefile" + (("^gitrev :=.*$") + (string-append "gitrev = \"v" ,version "\""))))) + ;; The install phase of the Makefile assumes $PREFIX/usr/local/bin. + ;; This replacement does the same thing, except for using $PREFIX/bin + ;; instead. + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin"))) + (install-file "sparql-query" bin) + (system* "ln" "--symbolic" + (string-append bin "/sparql-query") + (string-append bin "/sparql-update"))))) + (replace 'check + (lambda* (#:key make-flags #:allow-other-keys) + (and + (zero? (apply system* "make" `(,@make-flags "scan-test"))) + (zero? (system "./scan-test")))))))) + (home-page "https://github.com/tialaramex/sparql-query/") + (synopsis "Command-line tool for accessing SPARQL endpoints over HTTP") + (description "Sparql-query is a command-line tool for accessing SPARQL +endpoints over HTTP. It has been intentionally designed to 'feel' similar to +tools for interrogating SQL databases. For example, you can enter a query over +several lines, using a semi-colon at the end of a line to indicate the end of +your query. It also supports readline so that you can more easily recall and +edit previous queries, even across sessions. It can be used non-interactively, +for example from a shell script.") + ;; Some files (like scan-sparql.c) contain a GPLv3+ license header, while + ;; others (like sparql-query.c) contain a GPLv2+ license header. + (license (list gpl3+)))) + (define-public sqlite (package (name "sqlite") diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index 386f91aebc..a8b5018edb 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -12,6 +12,7 @@ ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 David Thompson ;;; Copyright © 2016 Matthew Jordan +;;; Copyright © 2016 Roel Janssen ;;; ;;; This file is part of GNU Guix. ;;; @@ -1925,6 +1926,28 @@ matching delimiters, orient yourself in the code, and tell which statements are at a given level.") (license license:gpl3+))) +(define-public emacs-rainbow-identifiers + (package + (name "emacs-rainbow-identifiers") + (version "0.2.2") + (source (origin + (method url-fetch) + (uri (string-append "https://raw.githubusercontent.com/Fanael" + "/rainbow-identifiers/" version + "/rainbow-identifiers.el")) + (file-name (string-append "rainbow-identifiers-" version ".el")) + (sha256 + (base32 + "0325abxj47k0g1i8nqrq70w2wr6060ckhhf92krv1s072b3jzm31")))) + (build-system emacs-build-system) + (home-page "https://github.com/Fanael/rainbow-identifiers") + (synopsis "Highlight identifiers in source code") + (description + "Rainbow identifiers mode is an Emacs minor mode providing highlighting of +identifiers based on their names. Each identifier gets a color based on a hash +of its name.") + (license license:bsd-2))) + (define-public emacs-ido-completing-read+ (package (name "emacs-ido-completing-read+") diff --git a/gnu/packages/fish.scm b/gnu/packages/fish.scm index 72e2156a35..7abaaf0ecd 100644 --- a/gnu/packages/fish.scm +++ b/gnu/packages/fish.scm @@ -29,14 +29,14 @@ (define-public fish (package (name "fish") - (version "2.2.0") + (version "2.3.0") (source (origin (method url-fetch) (uri (string-append "http://fishshell.com/files/" version "/fish-" version ".tar.gz")) (sha256 (base32 - "0ympqz7llmf0hafxwglykplw6j5cz82yhlrw50lw4bnf2kykjqx7")) + "1ralmp7lavdl0plc09ppm232aqsn0crxx6m3hgaa06ibam3sqawi")) (modules '((guix build utils))) ;; Don't try to install /etc/fish/config.fish. (snippet diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm index deb11841da..4b8a278610 100644 --- a/gnu/packages/fonts.scm +++ b/gnu/packages/fonts.scm @@ -9,6 +9,7 @@ ;;; Copyright © 2016 Nils Gillmann ;;; Copyright © 2016 Jookia <166291@gmail.com> ;;; Copyright © 2016 Eric Bavier +;;; Copyright © 2016 Dmitry Nikolaev ;;; ;;; This file is part of GNU Guix. ;;; @@ -808,3 +809,57 @@ mind. The font includes a bold version and a good italic version with new glyph designs, not just an added slant.") (home-page "https://fontlibrary.org/en/font/fantasque-sans-mono") (license license:silofl1.1))) + +(define-public font-hack + (package + (name "font-hack") + (version "2.020") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/chrissimpkins/Hack/releases/download/v" + version "/Hack-v" + (string-replace-substring version "." "_") + "-ttf.zip")) + (sha256 + (base32 + "16kkmc3psckw1b7k07ccn1gi5ymhlg9djh43nqjzg065g6p6d184")))) + (build-system trivial-build-system) + (arguments + `(#:modules ((guix build utils)) + #:builder (begin + (use-modules (guix build utils) + (srfi srfi-26)) + + (let ((PATH (string-append (assoc-ref %build-inputs + "unzip") + "/bin")) + (font-dir (string-append %output + "/share/fonts/truetype")) + (doc-dir (string-append %output "/share/doc/" + ,name "-" ,version))) + (setenv "PATH" PATH) + (system* "unzip" (assoc-ref %build-inputs "source")) + + (mkdir-p font-dir) + (mkdir-p doc-dir) + (for-each (lambda (ttf) + (copy-file ttf + (string-append font-dir "/" ttf))) + (find-files "." "\\.ttf$")) + (for-each (lambda (doc) + (copy-file doc + (string-append doc-dir "/" doc))) + (find-files "." "\\.txt$")))))) + (native-inputs + `(("source" ,source) + ("unzip" ,unzip))) + (home-page "https://sourcefoundry.org/hack/") + (synopsis "Typeface designed for sourcecode") + (description + "Hack is designed to be a workhorse typeface for code, it expands upon +the Bitstream Vera & DejaVu projects, provides 1561 glyphs including +powerline support.") + (license (license:x11-style + "https://github.com/chrissimpkins/Hack/blob/master/LICENSE.md" + "Hack Open Font License v2.0")))) diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index 368f09632c..9f4a4f9e81 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -418,7 +418,7 @@ exec ~a/bin/freedink -refdir ~a/share/dink\n" (define-public xboard (package (name "xboard") - (version "4.8.0") + (version "4.9.0") (source (origin (method url-fetch) @@ -426,12 +426,11 @@ exec ~a/bin/freedink -refdir ~a/share/dink\n" ".tar.gz")) (sha256 (base32 - "05rdj0nyirc4g1qi5hhrjy45y52ihp1j3ldq2c5bwrz0gzy4i3y8")))) + "1av6r3s5vyclwf3c9i1pkr2442ryrf4ixhhf2i44a4j1xyhlp5jb")))) (build-system gnu-build-system) - (inputs `(("cairo" ,cairo) - ("librsvg" ,librsvg) - ("libxt" ,libxt) - ("libxaw" ,libxaw))) + (inputs + `(("gtk+" ,gtk+-2) + ("librsvg" ,librsvg))) (native-inputs `(("texinfo" ,texinfo) ("pkg-config" ,pkg-config))) (home-page "http://www.gnu.org/software/xboard") @@ -1191,7 +1190,7 @@ is programmed in Haskell.") (define-public manaplus (package (name "manaplus") - (version "1.6.4.23") + (version "1.6.6.4") (source (origin (method url-fetch) (uri (string-append @@ -1199,7 +1198,7 @@ is programmed in Haskell.") version "/manaplus-" version ".tar.xz")) (sha256 (base32 - "1ja2w86rz3pliq0sdc7yxppsdjg3d1ymcx9fdsiwnw6fv5a8nbzj")))) + "00sdw2mspdhrqvz0vl6jbnhiclj7vmvyjih9qf8dbkfw2s921ybc")))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -2244,3 +2243,98 @@ Red Eclipse provides fast paced and accessible gameplay.") license:cc-by-sa3.0 license:cc-by3.0 license:cc0))))) + +(define-public higan + (package + (name "higan") + (version "099") + (source + (origin + (method url-fetch) + (uri (string-append + "https://gitlab.com/higan/higan/repository/archive.tar.gz?ref=v" + version)) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 "0xlzjqrd308hmg6yjzjkmxkkr9p3w387kf6yxyplb47jcbx2sq4n")) + (patches (search-patches "higan-remove-march-native-flag.patch")))) + (build-system gnu-build-system) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("alsa-lib" ,alsa-lib) + ("ao" ,ao) + ("eudev" ,eudev) + ("gtk+" ,gtk+-2) + ("gtksourceview-2" ,gtksourceview-2) + ("libxv" ,libxv) + ("mesa" ,mesa) + ("openal" ,openal) + ("pulseaudio" ,pulseaudio) + ("sdl" ,sdl))) + (arguments + '(#:phases + (let ((build-phase (assoc-ref %standard-phases 'build)) + (install-phase (assoc-ref %standard-phases 'install))) + (modify-phases %standard-phases + ;; The higan build system has no configure phase. + (delete 'configure) + (add-before 'build 'chdir-to-higan + (lambda _ + (chdir "higan"))) + (add-before 'install 'create-/share/applications + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + ;; It seems the author forgot to do this in the Makefile. + (mkdir-p (string-append out "/share/applications"))))) + (add-after 'install 'chdir-to-icarus + (lambda _ + (chdir "../icarus"))) + (add-after 'chdir-to-icarus 'build-icarus build-phase) + (add-after 'build-icarus 'install-icarus install-phase) + (add-after 'install-icarus 'wrap-higan-executable + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin")) + (higan (string-append bin "/higan")) + (higan-original (string-append higan "-original")) + (bash (string-append (assoc-ref inputs "bash") + "/bin/bash")) + (coreutils (assoc-ref inputs "coreutils")) + (mkdir (string-append coreutils "/bin/mkdir")) + (cp (string-append coreutils "/bin/cp")) + (cp-r (string-append cp " -r --no-preserve=mode"))) + ;; First, have the executable make sure ~/.local/share/higan + ;; contains up to date files. Higan insists on looking there + ;; for these data files. + (rename-file higan higan-original) + (with-output-to-file higan + (lambda () + (display + (string-append + "#!" bash "\n" + ;; higan doesn't respect $XDG_DATA_HOME + mkdir " -p ~/.local/share\n" + cp-r " " out "/share/higan ~/.local/share\n" + "exec " higan-original)))) + (chmod higan #o555) + ;; Second, make sure higan will find icarus in PATH. + (wrap-program higan + `("PATH" ":" prefix (,bin)))))))) + #:make-flags + (list "compiler=g++" + (string-append "prefix=" (assoc-ref %outputs "out"))) + ;; There is no test suite. + #:tests? #f)) + (home-page "http://byuu.org/emulation/higan/") + (synopsis "Nintendo multi-system emulator") + (description + "higan (formerly bsnes) is an emulator for multiple Nintendo video game +consoles, including the Nintendo Entertainment System (NES/Famicom), Super +Nintendo Entertainment System (SNES/Super Famicom), Game Boy, Game Boy +Color (GBC), and Game Boy Advance (GBA). It also supports the subsystems +Super Game Boy, BS-X Satellaview, and Sufami Turbo.") + ;; As noted in these files among more: + ;; - icarus/icarus.cpp + ;; - higan/emulator/emulator.hpp + (license license:gpl3))) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 8384c76d66..c87c371423 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -5182,3 +5182,103 @@ GNOME 3. This includes things like the fonts used in user interface elements, alternative user interface themes, changes in window management behavior, GNOME Shell appearance and extension, etc.") (license license:gpl3+))) + +(define-public arc-theme + (package + (name "arc-theme") + (version "20160605") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/horst3180/arc-theme" + "/archive/" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0sq2031xda8jn2ws0x2bvhq77jfh7xy0c3kg86v6vm2kbrrss7y6")))) + (build-system gnu-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'bootstrap + (lambda _ + (zero? (system* "autoreconf" "-vif"))))))) + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("pkg-config" ,pkg-config))) + (inputs + `(("gtk+" ,gtk+))) + (synopsis "A flat GTK+ theme with transparent elements") + (description "Arc is a flat theme with transparent elements for GTK 3, GTK +2, and GNOME Shell which supports GTK 3 and GTK 2 based desktop environments +like GNOME, Unity, Budgie, Pantheon, XFCE, Mate, etc.") + (home-page "https://github.com/horst3180/arc-theme") + ;; No "or later" language found. + (license license:gpl3))) + +(define-public moka-icon-theme + (package + (name "moka-icon-theme") + (version "5.3.1") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/moka-project" + "/moka-icon-theme/archive/v" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1lnk7p8dsd9xh6cgz5krvlcr457w8yl4m6p6s5c2g5narsjswzrm")))) + (build-system gnu-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-makefile.am + (lambda _ + (substitute* '("Makefile.am") + (("\\$\\(DESTDIR\\)/usr/share") + "$(datadir)")) + #t)) + (add-after 'patch-makefile.am 'bootstrap + (lambda _ + (zero? (system* "autoreconf" "-vif"))))))) + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake))) + (synopsis "Moka icon theme") + (description "Moka is a stylized desktop icon set, designed to be clear, +simple and consistent.") + (home-page "http://snwh.org/moka") + (license license:gpl3+))) + +(define-public arc-icon-theme + (package + (name "arc-icon-theme") + (version "20160605") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/horst3180/arc-icon-theme" + "/archive/" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1npf0ki0j0llrw9wbffhxxa1cdms0q7b8xlg9m943dd9g7pgdm2p")))) + (build-system gnu-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'bootstrap + (lambda _ + (zero? (system* "autoreconf" "-vif"))))))) + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake))) + ;; When Arc is missing an icon, it looks in the Moka icon theme for it. + (propagated-inputs + `(("moka-icon-theme" ,moka-icon-theme))) + (synopsis "Arc icon theme") + (description "The Arc icon theme provides a set of icons matching the +style of the Arc GTK theme. Icons missing from the Arc theme are provided by +the Moka icon theme.") + (home-page "https://github.com/horst3180/arc-icon-theme") + (license license:gpl3+))) diff --git a/gnu/packages/gnucash.scm b/gnu/packages/gnucash.scm index 5c0ce4f544..eaa84ccc32 100644 --- a/gnu/packages/gnucash.scm +++ b/gnu/packages/gnucash.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015 Ricardo Wurmus +;;; Copyright © 2015, 2016 Ricardo Wurmus ;;; Copyright © 2015 Eric Bavier ;;; Copyright © 2016 Efraim Flashner ;;; @@ -19,18 +19,22 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu packages gnucash) - #:use-module (guix licenses) + #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix build-system gnu) #:use-module (gnu packages) + #:use-module (gnu packages autotools) #:use-module (gnu packages gnome) + #:use-module (gnu packages gnupg) #:use-module (gnu packages glib) #:use-module (gnu packages gtk) #:use-module (gnu packages guile) #:use-module (gnu packages icu4c) + #:use-module (gnu packages multiprecision) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) + #:use-module (gnu packages tls) #:use-module (gnu packages web) #:use-module (gnu packages webkit) #:use-module (gnu packages xml)) @@ -59,6 +63,7 @@ ("libxml2" ,libxml2) ("libxslt" ,libxslt) ("webkitgtk" ,webkitgtk/gtk+-2) + ("aqbanking" ,aqbanking) ("perl-date-manip" ,perl-date-manip) ("perl-finance-quote" ,perl-finance-quote))) (native-inputs @@ -67,7 +72,8 @@ ("pkg-config" ,pkg-config))) (arguments `(#:tests? #f ;FIXME: failing at /qof/gnc-date/qof print date dmy buff - #:configure-flags '("--disable-dbi") + #:configure-flags '("--disable-dbi" + "--enable-aqbanking") #:phases (modify-phases %standard-phases (add-after @@ -106,4 +112,86 @@ It can be used to track bank accounts, stocks, income and expenses, based on the double-entry accounting practice. It includes support for QIF/OFX/HBCI import and transaction matching. It also automates several tasks, such as financial calculations or scheduled transactions.") - (license gpl3+))) + (license license:gpl3+))) + +(define-public gwenhywfar + (package + (name "gwenhywfar") + (version "4.15.3") + (source + (origin + (method url-fetch) + (uri (string-append "http://www.aquamaniac.de/sites/download/download.php?" + "package=01&release=201&file=01&dummy=gwenhywfar-" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0fp67s932x66xfljb26zbrn8ambbc5y5c3hllr6l284nr63qf3ka")))) + (build-system gnu-build-system) + (arguments + `(#:configure-flags + (list "--disable-network-checks" + ;; Both GTK+2 and QT4 are supported. + "--with-guis=gtk2" + (string-append "--with-openssl-includes=" + (assoc-ref %build-inputs "openssl") "/include") + (string-append "--with-openssl-libs=" + (assoc-ref %build-inputs "openssl") "/lib")))) + (inputs + `(("libgcrypt" ,libgcrypt) + ("gnutls" ,gnutls) + ("openssl" ,openssl) + ("gtk+" ,gtk+-2))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "http://www.aquamaniac.de/sites/aqbanking/index.php") + (synopsis "Utility library for networking and security applications") + (description + "This package provides a helper library for networking and security +applications and libraries. It is used by AqBanking.") + ;; The license includes an explicit additional permission to compile and + ;; distribute this library with the OpenSSL Toolkit. + (license license:lgpl2.1+))) + +(define-public aqbanking + (package + (name "aqbanking") + (version "5.6.10") + (source + (origin + (method url-fetch) + (uri (string-append "http://www.aquamaniac.de/sites/download/download.php?" + "package=03&release=206&file=01&dummy=aqbanking-" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1x0isvpk43rq2zlyyb9p0kgjmqv7yq07vgkiprw3f5sjkykvxw6d")))) + (build-system gnu-build-system) + (arguments + `(;; Parallel building fails because aqhbci is required before it's + ;; built. + #:parallel-build? #f + #:configure-flags + (list (string-append "--with-gwen-dir=" + (assoc-ref %build-inputs "gwenhywfar"))))) + (propagated-inputs + `(("gwenhywfar" ,gwenhywfar))) + (inputs + `(("gmp" ,gmp) + ("xmlsec" ,xmlsec) + ("gnutls" ,gnutls))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("libltdl" ,libltdl))) + (home-page "http://www.aquamaniac.de/sites/aqbanking/index.php") + (synopsis "Interface for online banking tasks") + (description + "AqBanking is a modular and generic interface to online banking tasks, +financial file formats (import/export) and bank/country/currency information. +AqBanking uses backend plugins to actually perform the online tasks. HBCI, +OFX DirectConnect, YellowNet, GeldKarte, and DTAUS discs are currently +supported. AqBanking is used by GnuCash, KMyMoney, and QBankManager.") + ;; AqBanking is licensed under the GPLv2 or GPLv3 + (license (list license:gpl2 license:gpl3)))) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 0819c485cb..c4e2a37955 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2016 Ni* Gillmann ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2016 Mark H Weaver +;;; Copyright © 2016 ng0 ;;; ;;; This file is part of GNU Guix. ;;; @@ -121,14 +122,14 @@ tool to extract metadata from a file and print the results.") (define-public libmicrohttpd (package (name "libmicrohttpd") - (version "0.9.48") + (version "0.9.50") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/libmicrohttpd/libmicrohttpd-" version ".tar.gz")) (sha256 (base32 - "1952z36lf31jy0x19r4y389d9188wgzmdqh2l28wdy1biwapwrl7")))) + "1mzbqr6sqisppz88mh73bbh5sw57g8l87qvhcjdx5pmbd183idni")))) (build-system gnu-build-system) (inputs `(("curl" ,curl) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 4ffa3ac165..46342ee247 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -298,7 +298,21 @@ standards.") (base32 "0v4k47ziqsyfksv9sn4v1xvk4q414rc883hb1qzld63grj2nxxwp")) (patches (search-patches - "icecat-avoid-bundled-includes.patch")) + "icecat-avoid-bundled-includes.patch" + "icecat-CVE-2016-2818-pt1.patch" + "icecat-CVE-2016-2818-pt2.patch" + "icecat-CVE-2016-2818-pt3.patch" + "icecat-CVE-2016-2818-pt4.patch" + "icecat-CVE-2016-2818-pt5.patch" + "icecat-CVE-2016-2818-pt6.patch" + "icecat-CVE-2016-2818-pt7.patch" + "icecat-CVE-2016-2818-pt8.patch" + "icecat-CVE-2016-2818-pt9.patch" + "icecat-CVE-2016-2819.patch" + "icecat-CVE-2016-2821.patch" + "icecat-CVE-2016-2824.patch" + "icecat-CVE-2016-2828.patch" + "icecat-CVE-2016-2831.patch")) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm index 8838426130..7c0254e3b6 100644 --- a/gnu/packages/guile.scm +++ b/gnu/packages/guile.scm @@ -940,6 +940,16 @@ capabilities.") ("guile-lib" ,guile-lib))) (inputs `(("libffi" ,libffi))) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'configure 'pre-configure + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (substitute* (find-files "." "^Makefile.in$") + (("guilemoduledir =.*guile/site" all) + (string-append all "/2.0"))) + #t)))))) (synopsis "Generate C bindings for Guile") (description "G-Wrap is a tool and Guile library for generating function wrappers for inter-language calls. It currently only supports generating Guile diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 5231200919..79b006f416 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -41,14 +41,14 @@ (define-public imagemagick (package (name "imagemagick") - (version "6.9.4-7") + (version "6.9.4-9") (source (origin (method url-fetch) (uri (string-append "mirror://imagemagick/ImageMagick-" version ".tar.xz")) (sha256 (base32 - "11jcbc9phx37m7ra4v3qsfa2iqh3srsvxplxz38h911jvgfchkzm")))) + "0js5l6inar2p7zi5qhr8g34qs0gm2x03gs8k8yjh4cnzzac18d82")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--with-frozenpaths") diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm index 64edf652f8..def16c939c 100644 --- a/gnu/packages/irc.scm +++ b/gnu/packages/irc.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2014 Kevin Lemonnier ;;; Copyright © 2015 Ludovic Courtès ;;; Copyright © 2015, 2016 Efraim Flashner +;;; Copyright © 2016 ng0 ;;; ;;; This file is part of GNU Guix. ;;; @@ -134,14 +135,14 @@ SILC and ICB protocols via plugins.") (define-public weechat (package (name "weechat") - (version "1.4") + (version "1.5") (source (origin (method url-fetch) (uri (string-append "http://weechat.org/files/src/weechat-" version ".tar.gz")) (sha256 (base32 - "19apd3hav77v74j7flicai0843k7wrkr2fd3q2ayvzkgnbrrp1ai")) + "0w87w4wy61x705ama8h36z9mgdj2gmmzdfrsxvwyh2m2as2max1i")) (patches (search-patches "weechat-python.patch")))) (build-system gnu-build-system) (native-inputs `(("autoconf" ,autoconf) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index fa6109a07d..e1651938b9 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -51,21 +51,35 @@ #:use-module (gnu packages xorg) #:use-module (gnu packages zip) #:use-module (gnu packages texinfo) - #:use-module ((srfi srfi-1) #:select (fold alist-delete))) + #:use-module ((srfi srfi-1) #:select (fold alist-delete)) + #:use-module (srfi srfi-11) + #:use-module (ice-9 match)) (define-public java-swt (package (name "java-swt") (version "4.5") - (source (origin - (method url-fetch) - (uri (string-append - "http://ftp-stud.fht-esslingen.de/pub/Mirrors/" - "eclipse/eclipse/downloads/drops4/R-" version - "-201506032000/swt-" version "-gtk-linux-x86.zip")) - (sha256 - (base32 - "03mhzraikcs4fsz7d3h5af9pw1bbcfd6dglsvbk2ciwimy9zj30q")))) + (source + ;; The types of many variables and procedures differ in the sources + ;; dependent on whether the target architecture is a 32-bit system or a + ;; 64-bit system. Instead of patching the sources on demand in a build + ;; phase we download either the 32-bit archive (which mostly uses "int" + ;; types) or the 64-bit archive (which mostly uses "long" types). + (let ((hash32 "03mhzraikcs4fsz7d3h5af9pw1bbcfd6dglsvbk2ciwimy9zj30q") + (hash64 "1qq0pjll6030v4ml0hifcaaik7sx3fl7ghybfdw95vsvxafwp2ff") + (file32 "x86") + (file64 "x86_64")) + (let-values (((hash file) + (match (or (%current-target-system) (%current-system)) + ("x86_64-linux" (values hash64 file64)) + (_ (values hash32 file32))))) + (origin + (method url-fetch) + (uri (string-append + "http://ftp-stud.fht-esslingen.de/pub/Mirrors/" + "eclipse/eclipse/downloads/drops4/R-" version + "-201506032000/swt-" version "-gtk-linux-" file ".zip")) + (sha256 (base32 hash)))))) (build-system ant-build-system) (arguments `(#:jar-name "swt.jar" diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 2ca9fe7600..3aa3adea72 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -225,7 +225,7 @@ for SYSTEM and optionally VARIANT, or #f if there is no such configuration." (search-path %load-path file))) (define-public linux-libre - (let* ((version "4.6.1") + (let* ((version "4.6.2") (build-phase '(lambda* (#:key system inputs #:allow-other-keys #:rest args) ;; Avoid introducing timestamps @@ -303,7 +303,7 @@ for SYSTEM and optionally VARIANT, or #f if there is no such configuration." (uri (linux-libre-urls version)) (sha256 (base32 - "16cwr2jhd688bxdjfjpymap7sq0qsl24k5dylbz1rwfblnv2wn51")))) + "1sq75sbs85kwngq8l0n5v5v1z973l71by98k3wbw1mfq3g0s323b")))) (build-system gnu-build-system) (supported-systems '("x86_64-linux" "i686-linux")) (native-inputs `(("perl" ,perl) @@ -340,13 +340,13 @@ It has been modified to remove all non-free binary blobs.") (define-public linux-libre-4.4 (package (inherit linux-libre) - (version "4.4.12") + (version "4.4.13") (source (origin (method url-fetch) (uri (linux-libre-urls version)) (sha256 (base32 - "1zbds4ihk4x3lxr1jw7yrjzv1dkl995m41a54dfgqm0kj70li8ws")))) + "1qcgnprgl9hy4g51bkx4bjs1cdsyy9kpwqymxggwghrzdid41x9l")))) (native-inputs (let ((conf (kernel-config (or (%current-target-system) (%current-system)) @@ -357,13 +357,13 @@ It has been modified to remove all non-free binary blobs.") (define-public linux-libre-4.1 (package (inherit linux-libre) - (version "4.1.25") + (version "4.1.26") (source (origin (method url-fetch) (uri (linux-libre-urls version)) (sha256 (base32 - "1vpgcnmfnn005rcd60wyyg0f84fgapdmz2dpcy77p2l66mw4pakf")))) + "1vrqz7z0b9zl6g8nbvz1hb2jhgy5zpnbdwc1v3zc4wjc35i2c4i4")))) (native-inputs (let ((conf (kernel-config (or (%current-target-system) (%current-system)) diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index ba8023aeaa..72c601102c 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -149,6 +149,43 @@ filtering (subscriptions), seamless access to multiple transport protocols and more.") (license license:lgpl3+))) +(define-public librdkafka + (package + (name "librdkafka") + (version "0.9.1") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/edenhill/librdkafka/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "10ldx7g7ymmg17snzx78vy4n8ma1rjx0agzi34g15j2fk867xmas")))) + (build-system gnu-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (replace 'configure + ;; its custom configure script doesn't understand 'CONFIG_SHELL'. + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + ;; librdkafka++.so lacks RUNPATH for librdkafka.so + (setenv "LDFLAGS" + (string-append "-Wl,-rpath=" out "/lib")) + (zero? (system* "./configure" + (string-append "--prefix=" out))))))))) + (native-inputs + `(("python" ,python-wrapper))) + (propagated-inputs + `(("zlib" ,zlib))) ; in the Libs.private field of rdkafka.pc + (home-page "https://github.com/edenhill/librdkafka") + (synopsis "Apache Kafka C/C++ client library") + (description + "librdkafka is a C library implementation of the Apache Kafka protocol, +containing both Producer and Consumer support.") + (license license:bsd-2))) + (define-public libndp (package (name "libndp") @@ -291,7 +328,7 @@ and up to 1 Mbit/s downstream.") (define-public wireshark (package (name "wireshark") - (version "2.0.3") + (version "2.0.4") (synopsis "Network traffic analyzer") (source (origin @@ -300,7 +337,7 @@ and up to 1 Mbit/s downstream.") version ".tar.bz2")) (sha256 (base32 - "1z358k65frp9m0l07cppwxhvbcp1w9ya5sml87pzs8gyfmp3g5p1")))) + "19g11m8m8qd7dkcvcb27lyppklg608d9ap7wr3mr88clm4nwiacy")))) (build-system glib-or-gtk-build-system) (inputs `(("bison" ,bison) ("c-ares" ,c-ares) diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm index a0a4b936db..bd913f6ecd 100644 --- a/gnu/packages/ocaml.scm +++ b/gnu/packages/ocaml.scm @@ -590,8 +590,14 @@ libpanel, librsvg and quartz.") (mkdir-p bin) (setenv "HOME" out) ; forces correct INSTALLDIR in Makefile #t))) + (add-after 'install 'install-fsmonitor + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin"))) + ;; 'unison-fsmonitor' is used in "unison -repeat watch" mode. + (install-file "src/unison-fsmonitor" bin)))) (add-after 'install 'install-doc - (lambda* (#:key inputs outputs #:allow-other-keys) + (lambda* (#:key outputs #:allow-other-keys) (let ((doc (string-append (assoc-ref outputs "doc") "/share/doc/unison"))) (mkdir-p doc) diff --git a/gnu/packages/owncloud.scm b/gnu/packages/owncloud.scm index 954e689f7d..4969d31c01 100644 --- a/gnu/packages/owncloud.scm +++ b/gnu/packages/owncloud.scm @@ -34,14 +34,14 @@ (define-public owncloud-client (package (name "owncloud-client") - (version "2.2.0") + (version "2.2.1") (source (origin (method url-fetch) (uri (string-append "https://download.owncloud.com/desktop/stable/" "owncloudclient-" version ".tar.xz")) (sha256 - (base32 "1ak7hq13hl7qndm3zz7hdfvw6930kmhjh27s1427g784vxcqb23q")))) + (base32 "1wis62jk4y4mbr25y39y6af57pi6vp2mbryazmvn6zgnygf69m3h")))) (build-system cmake-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch b/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch new file mode 100644 index 0000000000..edc43f84f1 --- /dev/null +++ b/gnu/packages/patches/expat-CVE-2012-6702-and-CVE-2016-5300.patch @@ -0,0 +1,142 @@ +Fix CVE-2012-6702 and CVE-2016-5300. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300 + +Patch copied from: +https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u3/debian/patches/cve-2012-6702-plus-cve-2016-5300-v1.patch/ + +From cb31522769d11a375078a073cba94e7176cb48a4 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping +Date: Wed, 16 Mar 2016 15:30:12 +0100 +Subject: [PATCH] Resolve call to srand, use more entropy (patch version 1.0) + +Squashed backport against vanilla Expat 2.1.1, addressing: +* CVE-2012-6702 -- unanticipated internal calls to srand +* CVE-2016-5300 -- use of too little entropy + +Since commit e3e81a6d9f0885ea02d3979151c358f314bf3d6d +(released with Expat 2.1.0) Expat called srand by itself +from inside generate_hash_secret_salt for an instance +of XML_Parser if XML_SetHashSalt was either (a) not called +for that instance or if (b) salt 0 was passed to XML_SetHashSalt +prior to parsing. That call to srand passed (rather litle) +entropy extracted from the current time as a seed for srand. + +That call to srand (1) broke repeatability for code calling +srand with a non-random seed prior to parsing with Expat, +and (2) resulted in a rather small set of hashing salts in +Expat in total. + +For a short- to mid-term fix, the new approach avoids calling +srand altogether, extracts more entropy out of the clock and +other sources, too. + +For a long term fix, we may want to read sizeof(long) bytes +from a source like getrandom(..) on Linux, and from similar +sources on other supported architectures. + +https://bugzilla.redhat.com/show_bug.cgi?id=1197087 +--- + CMakeLists.txt | 3 +++ + lib/xmlparse.c | 48 +++++++++++++++++++++++++++++++++++++++++------- + 2 files changed, 44 insertions(+), 7 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 353627e..524d514 100755 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -41,6 +41,9 @@ include_directories(${CMAKE_BINARY_DIR} ${CMAKE_SOURCE_DIR}/lib) + if(MSVC) + add_definitions(-D_CRT_SECURE_NO_WARNINGS -wd4996) + endif(MSVC) ++if(WIN32) ++ add_definitions(-DCOMPILED_FROM_DSP) ++endif(WIN32) + + set(expat_SRCS + lib/xmlparse.c +diff --git a/lib/xmlparse.c b/lib/xmlparse.c +index e308c79..c5f942f 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -6,7 +6,14 @@ + #include /* memset(), memcpy() */ + #include + #include /* UINT_MAX */ +-#include /* time() */ ++ ++#ifdef COMPILED_FROM_DSP ++#define getpid GetCurrentProcessId ++#else ++#include /* gettimeofday() */ ++#include /* getpid() */ ++#include /* getpid() */ ++#endif + + #define XML_BUILDING_EXPAT 1 + +@@ -432,7 +439,7 @@ static ELEMENT_TYPE * + getElementType(XML_Parser parser, const ENCODING *enc, + const char *ptr, const char *end); + +-static unsigned long generate_hash_secret_salt(void); ++static unsigned long generate_hash_secret_salt(XML_Parser parser); + static XML_Bool startParsing(XML_Parser parser); + + static XML_Parser +@@ -691,11 +698,38 @@ static const XML_Char implicitContext[] = { + }; + + static unsigned long +-generate_hash_secret_salt(void) ++gather_time_entropy(void) + { +- unsigned int seed = time(NULL) % UINT_MAX; +- srand(seed); +- return rand(); ++#ifdef COMPILED_FROM_DSP ++ FILETIME ft; ++ GetSystemTimeAsFileTime(&ft); /* never fails */ ++ return ft.dwHighDateTime ^ ft.dwLowDateTime; ++#else ++ struct timeval tv; ++ int gettimeofday_res; ++ ++ gettimeofday_res = gettimeofday(&tv, NULL); ++ assert (gettimeofday_res == 0); ++ ++ /* Microseconds time is <20 bits entropy */ ++ return tv.tv_usec; ++#endif ++} ++ ++static unsigned long ++generate_hash_secret_salt(XML_Parser parser) ++{ ++ /* Process ID is 0 bits entropy if attacker has local access ++ * XML_Parser address is few bits of entropy if attacker has local access */ ++ const unsigned long entropy = ++ gather_time_entropy() ^ getpid() ^ (unsigned long)parser; ++ ++ /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */ ++ if (sizeof(unsigned long) == 4) { ++ return entropy * 2147483647; ++ } else { ++ return entropy * 2305843009213693951; ++ } + } + + static XML_Bool /* only valid for root parser */ +@@ -703,7 +737,7 @@ startParsing(XML_Parser parser) + { + /* hash functions must be initialized before setContext() is called */ + if (hash_secret_salt == 0) +- hash_secret_salt = generate_hash_secret_salt(); ++ hash_secret_salt = generate_hash_secret_salt(parser); + if (ns) { + /* implicit context only set for root parser, since child + parsers (i.e. external entity parsers) will inherit it +-- +2.8.2 + diff --git a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch index af5e3bcc3e..fc8d6291f5 100644 --- a/gnu/packages/patches/expat-CVE-2015-1283-refix.patch +++ b/gnu/packages/patches/expat-CVE-2015-1283-refix.patch @@ -1,42 +1,39 @@ -Update previous fix for CVE-2015-1283 to not rely on undefined behavior. +Follow-up upstream fix for CVE-2015-1283 to not rely on undefined +behavior. -Copied from Debian, as found in Debian package version 2.1.0-6+deb8u2. +Adapted from a patch from Debian (found in Debian package version +2.1.0-6+deb8u2) to apply to upstream code: https://sources.debian.net/src/expat/2.1.0-6%2Bdeb8u2/debian/patches/CVE-2015-1283-refix.patch/ -From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001 -From: Pascal Cuoq -Date: Sun, 15 May 2016 09:05:46 +0200 -Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. - --- - expat/lib/xmlparse.c | 6 ++++-- + lib/xmlparse.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 13e080d..cdb12ef 100644 +index 0f6f4cd..5c70c17 100644 --- a/lib/xmlparse.c +++ b/lib/xmlparse.c -@@ -1695,7 +1695,8 @@ XML_GetBuffer(XML_Parser parser, int len +@@ -1727,7 +1727,8 @@ XML_GetBuffer(XML_Parser parser, int len) } if (len > bufferLim - bufferEnd) { - int neededSize = len + (int)(bufferEnd - bufferPtr); + /* Do not invoke signed arithmetic overflow: */ + int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr)); - /* BEGIN MOZILLA CHANGE (sanity check neededSize) */ if (neededSize < 0) { errorCode = XML_ERROR_NO_MEMORY; -@@ -1729,7 +1730,8 @@ XML_GetBuffer(XML_Parser parser, int len + return NULL; +@@ -1759,7 +1760,8 @@ XML_GetBuffer(XML_Parser parser, int len) if (bufferSize == 0) bufferSize = INIT_BUFFER_SIZE; do { - bufferSize *= 2; + /* Do not invoke signed arithmetic overflow: */ + bufferSize = (int) (2U * (unsigned) bufferSize); - /* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */ } while (bufferSize < neededSize && bufferSize > 0); - /* END MOZILLA CHANGE */ + if (bufferSize <= 0) { + errorCode = XML_ERROR_NO_MEMORY; -- -2.8.2 +2.8.3 diff --git a/gnu/packages/patches/higan-remove-march-native-flag.patch b/gnu/packages/patches/higan-remove-march-native-flag.patch new file mode 100644 index 0000000000..8f4a36dc35 --- /dev/null +++ b/gnu/packages/patches/higan-remove-march-native-flag.patch @@ -0,0 +1,13 @@ +Remove -march=native from build flags. + +--- a/higan/GNUmakefile ++++ b/higan/GNUmakefile +@@ -32,7 +32,7 @@ ifeq ($(platform),windows) + else ifeq ($(platform),macosx) + flags += -march=native + else ifneq ($(filter $(platform),linux bsd),) +- flags += -march=native -fopenmp ++ flags += -fopenmp + link += -fopenmp + link += -Wl,-export-dynamic + link += -lX11 -lXext diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt1.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt1.patch new file mode 100644 index 0000000000..57bc45f3c2 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2818-pt1.patch @@ -0,0 +1,62 @@ + changeset: 312039:4290826b078c + user: Timothy Nikkel + Date: Fri May 13 06:09:38 2016 +0200 + summary: Bug 1261230. r=mats, a=ritu + +diff -r 45a59425b498 -r 4290826b078c layout/generic/nsSubDocumentFrame.cpp +--- a/layout/generic/nsSubDocumentFrame.cpp Tue May 10 14:12:20 2016 +0200 ++++ b/layout/generic/nsSubDocumentFrame.cpp Fri May 13 06:09:38 2016 +0200 +@@ -132,6 +132,7 @@ + nsCOMPtr oldContainerDoc; + nsView* detachedViews = + frameloader->GetDetachedSubdocView(getter_AddRefs(oldContainerDoc)); ++ frameloader->SetDetachedSubdocView(nullptr, nullptr); + if (detachedViews) { + if (oldContainerDoc == aContent->OwnerDoc()) { + // Restore stashed presentation. +@@ -142,7 +143,6 @@ + frameloader->Hide(); + } + } +- frameloader->SetDetachedSubdocView(nullptr, nullptr); + } + + nsContentUtils::AddScriptRunner(new AsyncFrameInit(this)); +@@ -936,13 +936,16 @@ + if (!mPresShell->IsDestroying()) { + mPresShell->FlushPendingNotifications(Flush_Frames); + } ++ ++ // Either the frame has been constructed by now, or it never will be, ++ // either way we want to clear the stashed views. ++ mFrameLoader->SetDetachedSubdocView(nullptr, nullptr); ++ + nsSubDocumentFrame* frame = do_QueryFrame(mFrameElement->GetPrimaryFrame()); + if ((!frame && mHideViewerIfFrameless) || + mPresShell->IsDestroying()) { + // Either the frame element has no nsIFrame or the presshell is being +- // destroyed. Hide the nsFrameLoader, which destroys the presentation, +- // and clear our references to the stashed presentation. +- mFrameLoader->SetDetachedSubdocView(nullptr, nullptr); ++ // destroyed. Hide the nsFrameLoader, which destroys the presentation. + mFrameLoader->Hide(); + } + return NS_OK; +@@ -968,7 +971,7 @@ + // Detach the subdocument's views and stash them in the frame loader. + // We can then reattach them if we're being reframed (for example if + // the frame has been made position:fixed). +- nsFrameLoader* frameloader = FrameLoader(); ++ RefPtr frameloader = FrameLoader(); + if (frameloader) { + nsView* detachedViews = ::BeginSwapDocShellsForViews(mInnerView->GetFirstChild()); + frameloader->SetDetachedSubdocView(detachedViews, mContent->OwnerDoc()); +@@ -977,7 +980,7 @@ + // safely determine whether the frame is being reframed or destroyed. + nsContentUtils::AddScriptRunner( + new nsHideViewer(mContent, +- mFrameLoader, ++ frameloader, + PresContext()->PresShell(), + (mDidCreateDoc || mCallingShow))); + } diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch new file mode 100644 index 0000000000..843e2eb244 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2818-pt2.patch @@ -0,0 +1,29 @@ + changeset: 312044:09418166fd77 + user: Jon Coppeard + Date: Wed May 11 10:14:45 2016 +0100 + summary: Bug 1264575 - Add missing pre-barrier in Ion r=jandem a=ritu + +diff -r 9cc65cca1f71 -r 09418166fd77 js/src/jit-test/tests/self-hosting/bug1264575.js +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ b/js/src/jit-test/tests/self-hosting/bug1264575.js Wed May 11 10:14:45 2016 +0100 +@@ -0,0 +1,7 @@ ++function f(x, [y]) {} ++f(0, []); ++// jsfunfuzz-generated ++let i = 0; ++for (var z of [0, 0, 0]) { ++ verifyprebarriers(); ++} +diff -r 9cc65cca1f71 -r 09418166fd77 js/src/jit/MCallOptimize.cpp +--- a/js/src/jit/MCallOptimize.cpp Mon May 16 15:11:24 2016 -0400 ++++ b/js/src/jit/MCallOptimize.cpp Wed May 11 10:14:45 2016 +0100 +@@ -2263,7 +2263,8 @@ + + callInfo.setImplicitlyUsedUnchecked(); + +- MStoreFixedSlot* store = MStoreFixedSlot::New(alloc(), callInfo.getArg(0), slot, callInfo.getArg(2)); ++ MStoreFixedSlot* store = ++ MStoreFixedSlot::NewBarriered(alloc(), callInfo.getArg(0), slot, callInfo.getArg(2)); + current->add(store); + current->push(store); + diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt3.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt3.patch new file mode 100644 index 0000000000..fab003158c --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2818-pt3.patch @@ -0,0 +1,18 @@ + changeset: 312051:9ec3d076fbee + parents: 312049:e0a272d5e162 + user: Eric Faust + Date: Wed May 04 15:54:43 2016 -0700 + summary: Bug 1269729 - Handle another OOM case on ARM. (r=jolesen) a=ritu + +diff -r e0a272d5e162 -r 9ec3d076fbee js/src/jit/arm/CodeGenerator-arm.cpp +--- a/js/src/jit/arm/CodeGenerator-arm.cpp Tue May 17 08:26:37 2016 -0400 ++++ b/js/src/jit/arm/CodeGenerator-arm.cpp Wed May 04 15:54:43 2016 -0700 +@@ -1116,7 +1116,7 @@ + for (int32_t i = 0; i < cases; i++) { + CodeLabel cl; + masm.writeCodePointer(cl.dest()); +- ool->addCodeLabel(cl); ++ masm.propagateOOM(ool->addCodeLabel(cl)); + } + addOutOfLineCode(ool, mir); + } diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt4.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt4.patch new file mode 100644 index 0000000000..0973203e0f --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2818-pt4.patch @@ -0,0 +1,61 @@ + changeset: 312055:b74f1ab939d2 + user: Olli Pettay + Date: Mon May 16 21:42:24 2016 +0300 + summary: Bug 1273202, make sure to not keep objects alive too long because of some useless event dispatching, r=jwatt a=ritu + +diff -r 072992bf176d -r b74f1ab939d2 dom/html/HTMLInputElement.cpp +--- a/dom/html/HTMLInputElement.cpp Sun May 15 17:03:06 2016 +0300 ++++ b/dom/html/HTMLInputElement.cpp Mon May 16 21:42:24 2016 +0300 +@@ -1168,7 +1168,7 @@ + mFileList->Disconnect(); + } + if (mNumberControlSpinnerIsSpinning) { +- StopNumberControlSpinnerSpin(); ++ StopNumberControlSpinnerSpin(eDisallowDispatchingEvents); + } + DestroyImageLoadingContent(); + FreeData(); +@@ -3721,7 +3721,7 @@ + } + + void +-HTMLInputElement::StopNumberControlSpinnerSpin() ++HTMLInputElement::StopNumberControlSpinnerSpin(SpinnerStopState aState) + { + if (mNumberControlSpinnerIsSpinning) { + if (nsIPresShell::GetCapturingContent() == this) { +@@ -3732,11 +3732,16 @@ + + mNumberControlSpinnerIsSpinning = false; + +- FireChangeEventIfNeeded(); ++ if (aState == eAllowDispatchingEvents) { ++ FireChangeEventIfNeeded(); ++ } + + nsNumberControlFrame* numberControlFrame = + do_QueryFrame(GetPrimaryFrame()); + if (numberControlFrame) { ++ MOZ_ASSERT(aState == eAllowDispatchingEvents, ++ "Shouldn't have primary frame for the element when we're not " ++ "allowed to dispatch events to it anymore."); + numberControlFrame->SpinnerStateChanged(); + } + } +diff -r 072992bf176d -r b74f1ab939d2 dom/html/HTMLInputElement.h +--- a/dom/html/HTMLInputElement.h Sun May 15 17:03:06 2016 +0300 ++++ b/dom/html/HTMLInputElement.h Mon May 16 21:42:24 2016 +0300 +@@ -721,7 +721,12 @@ + HTMLInputElement* GetOwnerNumberControl(); + + void StartNumberControlSpinnerSpin(); +- void StopNumberControlSpinnerSpin(); ++ enum SpinnerStopState { ++ eAllowDispatchingEvents, ++ eDisallowDispatchingEvents ++ }; ++ void StopNumberControlSpinnerSpin(SpinnerStopState aState = ++ eAllowDispatchingEvents); + void StepNumberControlForUserEvent(int32_t aDirection); + + /** diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt5.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt5.patch new file mode 100644 index 0000000000..cd98d0b28b --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2818-pt5.patch @@ -0,0 +1,266 @@ + changeset: 312063:88bea96c802a + user: Andrea Marchesini + Date: Tue May 10 10:52:19 2016 +0200 + summary: Bug 1267130 - Improve the URL segment calculation, r=valentin a=ritu + +diff -r 28dcecced055 -r 88bea96c802a netwerk/base/nsStandardURL.cpp +--- a/netwerk/base/nsStandardURL.cpp Wed May 18 11:55:29 2016 +1200 ++++ b/netwerk/base/nsStandardURL.cpp Tue May 10 10:52:19 2016 +0200 +@@ -475,19 +475,28 @@ + } + + uint32_t +-nsStandardURL::AppendSegmentToBuf(char *buf, uint32_t i, const char *str, URLSegment &seg, const nsCString *escapedStr, bool useEscaped) ++nsStandardURL::AppendSegmentToBuf(char *buf, uint32_t i, const char *str, ++ const URLSegment &segInput, URLSegment &segOutput, ++ const nsCString *escapedStr, ++ bool useEscaped, int32_t *diff) + { +- if (seg.mLen > 0) { ++ MOZ_ASSERT(segInput.mLen == segOutput.mLen); ++ ++ if (diff) *diff = 0; ++ ++ if (segInput.mLen > 0) { + if (useEscaped) { +- seg.mLen = escapedStr->Length(); +- memcpy(buf + i, escapedStr->get(), seg.mLen); ++ MOZ_ASSERT(diff); ++ segOutput.mLen = escapedStr->Length(); ++ *diff = segOutput.mLen - segInput.mLen; ++ memcpy(buf + i, escapedStr->get(), segOutput.mLen); ++ } else { ++ memcpy(buf + i, str + segInput.mPos, segInput.mLen); + } +- else +- memcpy(buf + i, str + seg.mPos, seg.mLen); +- seg.mPos = i; +- i += seg.mLen; ++ segOutput.mPos = i; ++ i += segOutput.mLen; + } else { +- seg.mPos = i; ++ segOutput.mPos = i; + } + return i; + } +@@ -598,6 +607,20 @@ + } + } + ++ // We must take a copy of every single segment because they are pointing to ++ // the |spec| while we are changing their value, in case we must use ++ // encoded strings. ++ URLSegment username(mUsername); ++ URLSegment password(mPassword); ++ URLSegment host(mHost); ++ URLSegment path(mPath); ++ URLSegment filepath(mFilepath); ++ URLSegment directory(mDirectory); ++ URLSegment basename(mBasename); ++ URLSegment extension(mExtension); ++ URLSegment query(mQuery); ++ URLSegment ref(mRef); ++ + // + // generate the normalized URL string + // +@@ -607,9 +630,10 @@ + char *buf; + mSpec.BeginWriting(buf); + uint32_t i = 0; ++ int32_t diff = 0; + + if (mScheme.mLen > 0) { +- i = AppendSegmentToBuf(buf, i, spec, mScheme); ++ i = AppendSegmentToBuf(buf, i, spec, mScheme, mScheme); + net_ToLowerCase(buf + mScheme.mPos, mScheme.mLen); + i = AppendToBuf(buf, i, "://", 3); + } +@@ -619,15 +643,22 @@ + + // append authority + if (mUsername.mLen > 0) { +- i = AppendSegmentToBuf(buf, i, spec, mUsername, &encUsername, useEncUsername); +- if (mPassword.mLen >= 0) { ++ i = AppendSegmentToBuf(buf, i, spec, username, mUsername, ++ &encUsername, useEncUsername, &diff); ++ ShiftFromPassword(diff); ++ if (password.mLen >= 0) { + buf[i++] = ':'; +- i = AppendSegmentToBuf(buf, i, spec, mPassword, &encPassword, useEncPassword); ++ i = AppendSegmentToBuf(buf, i, spec, password, mPassword, ++ &encPassword, useEncPassword, &diff); ++ ShiftFromHost(diff); + } + buf[i++] = '@'; + } +- if (mHost.mLen > 0) { +- i = AppendSegmentToBuf(buf, i, spec, mHost, &encHost, useEncHost); ++ if (host.mLen > 0) { ++ i = AppendSegmentToBuf(buf, i, spec, host, mHost, &encHost, useEncHost, ++ &diff); ++ ShiftFromPath(diff); ++ + net_ToLowerCase(buf + mHost.mPos, mHost.mLen); + MOZ_ASSERT(mPort >= -1, "Invalid negative mPort"); + if (mPort != -1 && mPort != mDefaultPort) { +@@ -652,21 +683,23 @@ + } + else { + uint32_t leadingSlash = 0; +- if (spec[mPath.mPos] != '/') { ++ if (spec[path.mPos] != '/') { + LOG(("adding leading slash to path\n")); + leadingSlash = 1; + buf[i++] = '/'; + // basename must exist, even if empty (bugs 113508, 429347) + if (mBasename.mLen == -1) { +- mBasename.mPos = i; +- mBasename.mLen = 0; ++ mBasename.mPos = basename.mPos = i; ++ mBasename.mLen = basename.mLen = 0; + } + } + + // record corrected (file)path starting position + mPath.mPos = mFilepath.mPos = i - leadingSlash; + +- i = AppendSegmentToBuf(buf, i, spec, mDirectory, &encDirectory, useEncDirectory); ++ i = AppendSegmentToBuf(buf, i, spec, directory, mDirectory, ++ &encDirectory, useEncDirectory, &diff); ++ ShiftFromBasename(diff); + + // the directory must end with a '/' + if (buf[i-1] != '/') { +@@ -674,7 +707,9 @@ + mDirectory.mLen++; + } + +- i = AppendSegmentToBuf(buf, i, spec, mBasename, &encBasename, useEncBasename); ++ i = AppendSegmentToBuf(buf, i, spec, basename, mBasename, ++ &encBasename, useEncBasename, &diff); ++ ShiftFromExtension(diff); + + // make corrections to directory segment if leadingSlash + if (leadingSlash) { +@@ -687,18 +722,24 @@ + + if (mExtension.mLen >= 0) { + buf[i++] = '.'; +- i = AppendSegmentToBuf(buf, i, spec, mExtension, &encExtension, useEncExtension); ++ i = AppendSegmentToBuf(buf, i, spec, extension, mExtension, ++ &encExtension, useEncExtension, &diff); ++ ShiftFromQuery(diff); + } + // calculate corrected filepath length + mFilepath.mLen = i - mFilepath.mPos; + + if (mQuery.mLen >= 0) { + buf[i++] = '?'; +- i = AppendSegmentToBuf(buf, i, spec, mQuery, &encQuery, useEncQuery); ++ i = AppendSegmentToBuf(buf, i, spec, query, mQuery, ++ &encQuery, useEncQuery, ++ &diff); ++ ShiftFromRef(diff); + } + if (mRef.mLen >= 0) { + buf[i++] = '#'; +- i = AppendSegmentToBuf(buf, i, spec, mRef, &encRef, useEncRef); ++ i = AppendSegmentToBuf(buf, i, spec, ref, mRef, &encRef, useEncRef, ++ &diff); + } + // calculate corrected path length + mPath.mLen = i - mPath.mPos; +@@ -953,6 +994,39 @@ + #undef GOT_PREF + } + ++#define SHIFT_FROM(name, what) \ ++void \ ++nsStandardURL::name(int32_t diff) \ ++{ \ ++ if (!diff) return; \ ++ if (what.mLen >= 0) { \ ++ CheckedInt pos = what.mPos; \ ++ pos += diff; \ ++ MOZ_ASSERT(pos.isValid()); \ ++ what.mPos = pos.value(); \ ++ } ++ ++#define SHIFT_FROM_NEXT(name, what, next) \ ++ SHIFT_FROM(name, what) \ ++ next(diff); \ ++} ++ ++#define SHIFT_FROM_LAST(name, what) \ ++ SHIFT_FROM(name, what) \ ++} ++ ++SHIFT_FROM_NEXT(ShiftFromAuthority, mAuthority, ShiftFromUsername) ++SHIFT_FROM_NEXT(ShiftFromUsername, mUsername, ShiftFromPassword) ++SHIFT_FROM_NEXT(ShiftFromPassword, mPassword, ShiftFromHost) ++SHIFT_FROM_NEXT(ShiftFromHost, mHost, ShiftFromPath) ++SHIFT_FROM_NEXT(ShiftFromPath, mPath, ShiftFromFilepath) ++SHIFT_FROM_NEXT(ShiftFromFilepath, mFilepath, ShiftFromDirectory) ++SHIFT_FROM_NEXT(ShiftFromDirectory, mDirectory, ShiftFromBasename) ++SHIFT_FROM_NEXT(ShiftFromBasename, mBasename, ShiftFromExtension) ++SHIFT_FROM_NEXT(ShiftFromExtension, mExtension, ShiftFromQuery) ++SHIFT_FROM_NEXT(ShiftFromQuery, mQuery, ShiftFromRef) ++SHIFT_FROM_LAST(ShiftFromRef, mRef) ++ + //---------------------------------------------------------------------------- + // nsStandardURL::nsISupports + //---------------------------------------------------------------------------- +diff -r 28dcecced055 -r 88bea96c802a netwerk/base/nsStandardURL.h +--- a/netwerk/base/nsStandardURL.h Wed May 18 11:55:29 2016 +1200 ++++ b/netwerk/base/nsStandardURL.h Tue May 10 10:52:19 2016 +0200 +@@ -77,6 +77,7 @@ + + URLSegment() : mPos(0), mLen(-1) {} + URLSegment(uint32_t pos, int32_t len) : mPos(pos), mLen(len) {} ++ URLSegment(const URLSegment& aCopy) : mPos(aCopy.mPos), mLen(aCopy.mLen) {} + void Reset() { mPos = 0; mLen = -1; } + // Merge another segment following this one to it if they're contiguous + // Assumes we have something like "foo;bar" where this object is 'foo' and right +@@ -177,7 +178,10 @@ + bool NormalizeIDN(const nsCSubstring &host, nsCString &result); + void CoalescePath(netCoalesceFlags coalesceFlag, char *path); + +- uint32_t AppendSegmentToBuf(char *, uint32_t, const char *, URLSegment &, const nsCString *esc=nullptr, bool useEsc = false); ++ uint32_t AppendSegmentToBuf(char *, uint32_t, const char *, ++ const URLSegment &input, URLSegment &output, ++ const nsCString *esc=nullptr, ++ bool useEsc = false, int32_t* diff = nullptr); + uint32_t AppendToBuf(char *, uint32_t, const char *, uint32_t); + + nsresult BuildNormalizedSpec(const char *spec); +@@ -216,17 +220,17 @@ + const nsDependentCSubstring Ref() { return Segment(mRef); } + + // shift the URLSegments to the right by diff +- void ShiftFromAuthority(int32_t diff) { mAuthority.mPos += diff; ShiftFromUsername(diff); } +- void ShiftFromUsername(int32_t diff) { mUsername.mPos += diff; ShiftFromPassword(diff); } +- void ShiftFromPassword(int32_t diff) { mPassword.mPos += diff; ShiftFromHost(diff); } +- void ShiftFromHost(int32_t diff) { mHost.mPos += diff; ShiftFromPath(diff); } +- void ShiftFromPath(int32_t diff) { mPath.mPos += diff; ShiftFromFilepath(diff); } +- void ShiftFromFilepath(int32_t diff) { mFilepath.mPos += diff; ShiftFromDirectory(diff); } +- void ShiftFromDirectory(int32_t diff) { mDirectory.mPos += diff; ShiftFromBasename(diff); } +- void ShiftFromBasename(int32_t diff) { mBasename.mPos += diff; ShiftFromExtension(diff); } +- void ShiftFromExtension(int32_t diff) { mExtension.mPos += diff; ShiftFromQuery(diff); } +- void ShiftFromQuery(int32_t diff) { mQuery.mPos += diff; ShiftFromRef(diff); } +- void ShiftFromRef(int32_t diff) { mRef.mPos += diff; } ++ void ShiftFromAuthority(int32_t diff); ++ void ShiftFromUsername(int32_t diff); ++ void ShiftFromPassword(int32_t diff); ++ void ShiftFromHost(int32_t diff); ++ void ShiftFromPath(int32_t diff); ++ void ShiftFromFilepath(int32_t diff); ++ void ShiftFromDirectory(int32_t diff); ++ void ShiftFromBasename(int32_t diff); ++ void ShiftFromExtension(int32_t diff); ++ void ShiftFromQuery(int32_t diff); ++ void ShiftFromRef(int32_t diff); + + // fastload helper functions + nsresult ReadSegment(nsIBinaryInputStream *, URLSegment &); diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt6.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt6.patch new file mode 100644 index 0000000000..143b02fa58 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2818-pt6.patch @@ -0,0 +1,17 @@ + changeset: 312067:380ddd689680 + user: Timothy Nikkel + Date: Tue May 10 22:58:26 2016 -0500 + summary: Bug 1261752. Part 1. r=mats a=ritu + +diff -r 02df988a56ae -r 380ddd689680 view/nsViewManager.cpp +--- a/view/nsViewManager.cpp Thu May 26 10:06:15 2016 -0700 ++++ b/view/nsViewManager.cpp Tue May 10 22:58:26 2016 -0500 +@@ -416,7 +416,7 @@ + if (aWidget->NeedsPaint()) { + // If an ancestor widget was hidden and then shown, we could + // have a delayed resize to handle. +- for (nsViewManager *vm = this; vm; ++ for (RefPtr vm = this; vm; + vm = vm->mRootView->GetParent() + ? vm->mRootView->GetParent()->GetViewManager() + : nullptr) { diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt7.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt7.patch new file mode 100644 index 0000000000..23c509d6c1 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2818-pt7.patch @@ -0,0 +1,33 @@ + changeset: 312068:73cc9a2d8fc1 + user: Timothy Nikkel + Date: Tue May 10 22:58:47 2016 -0500 + summary: Bug 1261752. Part 2. r=mats a=ritu + +diff -r 380ddd689680 -r 73cc9a2d8fc1 view/nsViewManager.cpp +--- a/view/nsViewManager.cpp Tue May 10 22:58:26 2016 -0500 ++++ b/view/nsViewManager.cpp Tue May 10 22:58:47 2016 -0500 +@@ -372,7 +372,7 @@ + } + } + if (rootShell->GetViewManager() != this) { +- return; // 'this' might have been destroyed ++ return; // presentation might have been torn down + } + if (aFlushDirtyRegion) { + nsAutoScriptBlocker scriptBlocker; +@@ -1069,6 +1069,7 @@ + if (mPresShell) { + mPresShell->GetPresContext()->RefreshDriver()->RevokeViewManagerFlush(); + ++ RefPtr strongThis(this); + CallWillPaintOnObservers(); + + ProcessPendingUpdatesForView(mRootView, true); +@@ -1085,6 +1086,7 @@ + + if (mHasPendingWidgetGeometryChanges) { + mHasPendingWidgetGeometryChanges = false; ++ RefPtr strongThis(this); + ProcessPendingUpdatesForView(mRootView, false); + } + } diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt8.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt8.patch new file mode 100644 index 0000000000..ee5e54e805 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2818-pt8.patch @@ -0,0 +1,267 @@ + changeset: 312069:3c2bd9158ad3 + user: Timothy Nikkel + Date: Tue May 10 22:58:47 2016 -0500 + summary: Bug 1261752. Part 3. r=mats a=ritu + +diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 layout/forms/nsComboboxControlFrame.cpp +--- a/layout/forms/nsComboboxControlFrame.cpp Tue May 10 22:58:47 2016 -0500 ++++ b/layout/forms/nsComboboxControlFrame.cpp Tue May 10 22:58:47 2016 -0500 +@@ -1417,7 +1417,11 @@ + // The popup's visibility doesn't update until the minimize animation has + // finished, so call UpdateWidgetGeometry to update it right away. + nsViewManager* viewManager = mDropdownFrame->GetView()->GetViewManager(); +- viewManager->UpdateWidgetGeometry(); ++ viewManager->UpdateWidgetGeometry(); // might destroy us ++ } ++ ++ if (!weakFrame.IsAlive()) { ++ return consume; + } + + return consume; +diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 view/nsViewManager.cpp +--- a/view/nsViewManager.cpp Tue May 10 22:58:47 2016 -0500 ++++ b/view/nsViewManager.cpp Tue May 10 22:58:47 2016 -0500 +@@ -670,15 +670,16 @@ + + void nsViewManager::WillPaintWindow(nsIWidget* aWidget) + { +- if (aWidget) { +- nsView* view = nsView::GetViewFor(aWidget); +- LayerManager *manager = aWidget->GetLayerManager(); ++ RefPtr widget(aWidget); ++ if (widget) { ++ nsView* view = nsView::GetViewFor(widget); ++ LayerManager* manager = widget->GetLayerManager(); + if (view && + (view->ForcedRepaint() || !manager->NeedsWidgetInvalidation())) { + ProcessPendingUpdates(); + // Re-get the view pointer here since the ProcessPendingUpdates might have + // destroyed it during CallWillPaintOnObservers. +- view = nsView::GetViewFor(aWidget); ++ view = nsView::GetViewFor(widget); + if (view) { + view->SetForcedRepaint(false); + } +diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/PuppetWidget.cpp +--- a/widget/PuppetWidget.cpp Tue May 10 22:58:47 2016 -0500 ++++ b/widget/PuppetWidget.cpp Tue May 10 22:58:47 2016 -0500 +@@ -823,6 +823,8 @@ + mDirtyRegion.SetEmpty(); + mPaintTask.Revoke(); + ++ RefPtr strongThis(this); ++ + mAttachedWidgetListener->WillPaintWindow(this); + + if (mAttachedWidgetListener) { +diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/cocoa/nsChildView.mm +--- a/widget/cocoa/nsChildView.mm Tue May 10 22:58:47 2016 -0500 ++++ b/widget/cocoa/nsChildView.mm Tue May 10 22:58:47 2016 -0500 +@@ -3716,6 +3716,8 @@ + + - (void)viewWillDraw + { ++ nsAutoRetainCocoaObject kungFuDeathGrip(self); ++ + if (mGeckoChild) { + // The OS normally *will* draw our NSWindow, no matter what we do here. + // But Gecko can delete our parent widget(s) (along with mGeckoChild) +diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/gonk/nsWindow.cpp +--- a/widget/gonk/nsWindow.cpp Tue May 10 22:58:47 2016 -0500 ++++ b/widget/gonk/nsWindow.cpp Tue May 10 22:58:47 2016 -0500 +@@ -196,7 +196,7 @@ + return; + } + +- nsWindow *targetWindow = (nsWindow *)sTopWindows[0]; ++ RefPtr targetWindow = (nsWindow *)sTopWindows[0]; + while (targetWindow->GetLastChild()) + targetWindow = (nsWindow *)targetWindow->GetLastChild(); + +@@ -205,15 +205,15 @@ + listener->WillPaintWindow(targetWindow); + } + +- LayerManager* lm = targetWindow->GetLayerManager(); +- if (mozilla::layers::LayersBackend::LAYERS_CLIENT == lm->GetBackendType()) { +- // No need to do anything, the compositor will handle drawing +- } else { +- NS_RUNTIMEABORT("Unexpected layer manager type"); +- } +- + listener = targetWindow->GetWidgetListener(); + if (listener) { ++ LayerManager* lm = targetWindow->GetLayerManager(); ++ if (mozilla::layers::LayersBackend::LAYERS_CLIENT == lm->GetBackendType()) { ++ // No need to do anything, the compositor will handle drawing ++ } else { ++ NS_RUNTIMEABORT("Unexpected layer manager type"); ++ } ++ + listener->DidPaintWindow(); + } + } +diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/gtk/nsWindow.cpp +--- a/widget/gtk/nsWindow.cpp Tue May 10 22:58:47 2016 -0500 ++++ b/widget/gtk/nsWindow.cpp Tue May 10 22:58:47 2016 -0500 +@@ -469,6 +469,12 @@ + } + } + ++nsIWidgetListener* ++nsWindow::GetListener() ++{ ++ return mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener; ++} ++ + nsresult + nsWindow::DispatchEvent(WidgetGUIEvent* aEvent, nsEventStatus& aStatus) + { +@@ -481,8 +487,7 @@ + aEvent->refPoint.y = GdkCoordToDevicePixels(aEvent->refPoint.y); + + aStatus = nsEventStatus_eIgnore; +- nsIWidgetListener* listener = +- mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener; ++ nsIWidgetListener* listener = GetListener(); + if (listener) { + aStatus = listener->HandleEvent(aEvent, mUseAttachedEvents); + } +@@ -2119,8 +2124,7 @@ + if (!mGdkWindow || mIsFullyObscured || !mHasMappedToplevel) + return FALSE; + +- nsIWidgetListener *listener = +- mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener; ++ nsIWidgetListener *listener = GetListener(); + if (!listener) + return FALSE; + +@@ -2149,6 +2153,8 @@ + clientLayers->SendInvalidRegion(region); + } + ++ RefPtr strongThis(this); ++ + // Dispatch WillPaintWindow notification to allow scripts etc. to run + // before we paint + { +@@ -2161,8 +2167,7 @@ + + // Re-get the listener since the will paint notification might have + // killed it. +- listener = +- mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener; ++ listener = GetListener(); + if (!listener) + return FALSE; + } +@@ -2223,6 +2228,13 @@ + // If this widget uses OMTC... + if (GetLayerManager()->GetBackendType() == LayersBackend::LAYERS_CLIENT) { + listener->PaintWindow(this, region); ++ ++ // Re-get the listener since the will paint notification might have ++ // killed it. ++ listener = GetListener(); ++ if (!listener) ++ return TRUE; ++ + listener->DidPaintWindow(); + return TRUE; + } +@@ -2307,6 +2319,13 @@ + if (GetLayerManager()->GetBackendType() == LayersBackend::LAYERS_BASIC) { + AutoLayerManagerSetup setupLayerManager(this, ctx, layerBuffering); + painted = listener->PaintWindow(this, region); ++ ++ // Re-get the listener since the will paint notification might have ++ // killed it. ++ listener = GetListener(); ++ if (!listener) ++ return TRUE; ++ + } + } + +diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/gtk/nsWindow.h +--- a/widget/gtk/nsWindow.h Tue May 10 22:58:47 2016 -0500 ++++ b/widget/gtk/nsWindow.h Tue May 10 22:58:47 2016 -0500 +@@ -359,6 +359,7 @@ + GdkWindow** aWindow, gint* aButton, + gint* aRootX, gint* aRootY); + void ClearCachedResources(); ++ nsIWidgetListener* GetListener(); + + GtkWidget *mShell; + MozContainer *mContainer; +diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/qt/nsWindow.cpp +--- a/widget/qt/nsWindow.cpp Tue May 10 22:58:47 2016 -0500 ++++ b/widget/qt/nsWindow.cpp Tue May 10 22:58:47 2016 -0500 +@@ -857,18 +857,28 @@ + + // EVENTS + ++nsIWidgetListener* ++nsWindow::GetPaintListener() ++{ ++ return mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener; ++} ++ + void + nsWindow::OnPaint() + { + LOGDRAW(("nsWindow::%s [%p]\n", __FUNCTION__, (void *)this)); +- nsIWidgetListener* listener = +- mAttachedWidgetListener ? mAttachedWidgetListener : mWidgetListener; ++ nsIWidgetListener* listener = GetPaintListener(); + if (!listener) { + return; + } + + listener->WillPaintWindow(this); + ++ nsIWidgetListener* listener = GetPaintListener(); ++ if (!listener) { ++ return; ++ } ++ + switch (GetLayerManager()->GetBackendType()) { + case mozilla::layers::LayersBackend::LAYERS_CLIENT: { + nsIntRegion region(nsIntRect(0, 0, mWidget->width(), mWidget->height())); +@@ -879,6 +889,11 @@ + NS_ERROR("Invalid layer manager"); + } + ++ nsIWidgetListener* listener = GetPaintListener(); ++ if (!listener) { ++ return; ++ } ++ + listener->DidPaintWindow(); + } + +diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/qt/nsWindow.h +--- a/widget/qt/nsWindow.h Tue May 10 22:58:47 2016 -0500 ++++ b/widget/qt/nsWindow.h Tue May 10 22:58:47 2016 -0500 +@@ -254,6 +254,7 @@ + bool needDispatch; + } MozCachedMoveEvent; + ++ nsIWidgetListener* GetPaintListener(); + bool CheckForRollup(double aMouseX, double aMouseY, bool aIsWheel); + void* SetupPluginPort(void); + nsresult SetWindowIconList(const nsTArray &aIconList); +diff -r 73cc9a2d8fc1 -r 3c2bd9158ad3 widget/windows/nsWindowGfx.cpp +--- a/widget/windows/nsWindowGfx.cpp Tue May 10 22:58:47 2016 -0500 ++++ b/widget/windows/nsWindowGfx.cpp Tue May 10 22:58:47 2016 -0500 +@@ -298,6 +298,8 @@ + clientLayerManager->SendInvalidRegion(region); + } + ++ RefPtr strongThis(this); ++ + nsIWidgetListener* listener = GetPaintListener(); + if (listener) { + listener->WillPaintWindow(this); diff --git a/gnu/packages/patches/icecat-CVE-2016-2818-pt9.patch b/gnu/packages/patches/icecat-CVE-2016-2818-pt9.patch new file mode 100644 index 0000000000..a72698cc0b --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2818-pt9.patch @@ -0,0 +1,188 @@ + changeset: 312075:ee870911fabb + user: Timothy Nikkel + Date: Wed May 04 16:12:48 2016 -0500 + summary: Bug 1265577. r=mats, a=lizzard + +diff -r 751208d22b91 -r ee870911fabb dom/base/nsFrameLoader.cpp +--- a/dom/base/nsFrameLoader.cpp Thu May 26 17:07:49 2016 -0400 ++++ b/dom/base/nsFrameLoader.cpp Wed May 04 16:12:48 2016 -0500 +@@ -155,7 +155,7 @@ + nsFrameLoader::nsFrameLoader(Element* aOwner, bool aNetworkCreated) + : mOwnerContent(aOwner) + , mAppIdSentToPermissionManager(nsIScriptSecurityManager::NO_APP_ID) +- , mDetachedSubdocViews(nullptr) ++ , mDetachedSubdocFrame(nullptr) + , mIsPrerendered(false) + , mDepthTooGreat(false) + , mIsTopLevelContent(false) +@@ -2507,18 +2507,18 @@ + } + + void +-nsFrameLoader::SetDetachedSubdocView(nsView* aDetachedViews, +- nsIDocument* aContainerDoc) ++nsFrameLoader::SetDetachedSubdocFrame(nsIFrame* aDetachedFrame, ++ nsIDocument* aContainerDoc) + { +- mDetachedSubdocViews = aDetachedViews; ++ mDetachedSubdocFrame = aDetachedFrame; + mContainerDocWhileDetached = aContainerDoc; + } + +-nsView* +-nsFrameLoader::GetDetachedSubdocView(nsIDocument** aContainerDoc) const ++nsIFrame* ++nsFrameLoader::GetDetachedSubdocFrame(nsIDocument** aContainerDoc) const + { + NS_IF_ADDREF(*aContainerDoc = mContainerDocWhileDetached); +- return mDetachedSubdocViews; ++ return mDetachedSubdocFrame.GetFrame(); + } + + void +diff -r 751208d22b91 -r ee870911fabb dom/base/nsFrameLoader.h +--- a/dom/base/nsFrameLoader.h Thu May 26 17:07:49 2016 -0400 ++++ b/dom/base/nsFrameLoader.h Wed May 04 16:12:48 2016 -0500 +@@ -23,6 +23,7 @@ + #include "mozilla/Attributes.h" + #include "FrameMetrics.h" + #include "nsStubMutationObserver.h" ++#include "nsIFrame.h" + + class nsIURI; + class nsSubDocumentFrame; +@@ -197,23 +198,23 @@ + void SetRemoteBrowser(nsITabParent* aTabParent); + + /** +- * Stashes a detached view on the frame loader. We do this when we're ++ * Stashes a detached nsIFrame on the frame loader. We do this when we're + * destroying the nsSubDocumentFrame. If the nsSubdocumentFrame is +- * being reframed we'll restore the detached view when it's recreated, ++ * being reframed we'll restore the detached nsIFrame when it's recreated, + * otherwise we'll discard the old presentation and set the detached +- * subdoc view to null. aContainerDoc is the document containing the ++ * subdoc nsIFrame to null. aContainerDoc is the document containing the + * the subdoc frame. This enables us to detect when the containing + * document has changed during reframe, so we can discard the presentation + * in that case. + */ +- void SetDetachedSubdocView(nsView* aDetachedView, +- nsIDocument* aContainerDoc); ++ void SetDetachedSubdocFrame(nsIFrame* aDetachedFrame, ++ nsIDocument* aContainerDoc); + + /** +- * Retrieves the detached view and the document containing the view, +- * as set by SetDetachedSubdocView(). ++ * Retrieves the detached nsIFrame and the document containing the nsIFrame, ++ * as set by SetDetachedSubdocFrame(). + */ +- nsView* GetDetachedSubdocView(nsIDocument** aContainerDoc) const; ++ nsIFrame* GetDetachedSubdocFrame(nsIDocument** aContainerDoc) const; + + /** + * Applies a new set of sandbox flags. These are merged with the sandbox +@@ -326,12 +327,12 @@ + nsRefPtr mMessageManager; + nsCOMPtr mChildMessageManager; + private: +- // Stores the root view of the subdocument while the subdocument is being ++ // Stores the root frame of the subdocument while the subdocument is being + // reframed. Used to restore the presentation after reframing. +- nsView* mDetachedSubdocViews; ++ nsWeakFrame mDetachedSubdocFrame; + // Stores the containing document of the frame corresponding to this + // frame loader. This is reference is kept valid while the subframe's +- // presentation is detached and stored in mDetachedSubdocViews. This ++ // presentation is detached and stored in mDetachedSubdocFrame. This + // enables us to detect whether the frame has moved documents during + // a reframe, so that we know not to restore the presentation. + nsCOMPtr mContainerDocWhileDetached; +diff -r 751208d22b91 -r ee870911fabb layout/generic/nsSubDocumentFrame.cpp +--- a/layout/generic/nsSubDocumentFrame.cpp Thu May 26 17:07:49 2016 -0400 ++++ b/layout/generic/nsSubDocumentFrame.cpp Wed May 04 16:12:48 2016 -0500 +@@ -130,13 +130,16 @@ + nsRefPtr frameloader = FrameLoader(); + if (frameloader) { + nsCOMPtr oldContainerDoc; +- nsView* detachedViews = +- frameloader->GetDetachedSubdocView(getter_AddRefs(oldContainerDoc)); +- frameloader->SetDetachedSubdocView(nullptr, nullptr); +- if (detachedViews) { +- if (oldContainerDoc == aContent->OwnerDoc()) { ++ nsIFrame* detachedFrame = ++ frameloader->GetDetachedSubdocFrame(getter_AddRefs(oldContainerDoc)); ++ frameloader->SetDetachedSubdocFrame(nullptr, nullptr); ++ MOZ_ASSERT(oldContainerDoc || !detachedFrame); ++ if (oldContainerDoc) { ++ nsView* detachedView = ++ detachedFrame ? detachedFrame->GetView() : nullptr; ++ if (detachedView && oldContainerDoc == aContent->OwnerDoc()) { + // Restore stashed presentation. +- ::InsertViewsInReverseOrder(detachedViews, mInnerView); ++ ::InsertViewsInReverseOrder(detachedView, mInnerView); + ::EndSwapDocShellsForViews(mInnerView->GetFirstChild()); + } else { + // Presentation is for a different document, don't restore it. +@@ -252,11 +255,12 @@ + nsRefPtr frameloader = FrameLoader(); + if (frameloader) { + nsCOMPtr oldContainerDoc; +- nsView* detachedViews = +- frameloader->GetDetachedSubdocView(getter_AddRefs(oldContainerDoc)); +- if (detachedViews) { +- nsSize size = detachedViews->GetBounds().Size(); +- nsPresContext* presContext = detachedViews->GetFrame()->PresContext(); ++ nsIFrame* detachedFrame = ++ frameloader->GetDetachedSubdocFrame(getter_AddRefs(oldContainerDoc)); ++ nsView* view = detachedFrame ? detachedFrame->GetView() : nullptr; ++ if (view) { ++ nsSize size = view->GetBounds().Size(); ++ nsPresContext* presContext = detachedFrame->PresContext(); + return nsIntSize(presContext->AppUnitsToDevPixels(size.width), + presContext->AppUnitsToDevPixels(size.height)); + } +@@ -939,7 +943,7 @@ + + // Either the frame has been constructed by now, or it never will be, + // either way we want to clear the stashed views. +- mFrameLoader->SetDetachedSubdocView(nullptr, nullptr); ++ mFrameLoader->SetDetachedSubdocFrame(nullptr, nullptr); + + nsSubDocumentFrame* frame = do_QueryFrame(mFrameElement->GetPrimaryFrame()); + if ((!frame && mHideViewerIfFrameless) || +@@ -974,15 +978,25 @@ + RefPtr frameloader = FrameLoader(); + if (frameloader) { + nsView* detachedViews = ::BeginSwapDocShellsForViews(mInnerView->GetFirstChild()); +- frameloader->SetDetachedSubdocView(detachedViews, mContent->OwnerDoc()); + +- // We call nsFrameLoader::HideViewer() in a script runner so that we can +- // safely determine whether the frame is being reframed or destroyed. +- nsContentUtils::AddScriptRunner( +- new nsHideViewer(mContent, +- frameloader, +- PresContext()->PresShell(), +- (mDidCreateDoc || mCallingShow))); ++ if (detachedViews && detachedViews->GetFrame()) { ++ MOZ_ASSERT(mContent->OwnerDoc()); ++ frameloader->SetDetachedSubdocFrame( ++ detachedViews->GetFrame(), mContent->OwnerDoc()); ++ ++ // We call nsFrameLoader::HideViewer() in a script runner so that we can ++ // safely determine whether the frame is being reframed or destroyed. ++ nsContentUtils::AddScriptRunner( ++ new nsHideViewer(mContent, ++ frameloader, ++ PresContext()->PresShell(), ++ (mDidCreateDoc || mCallingShow))); ++ } else { ++ frameloader->SetDetachedSubdocFrame(nullptr, nullptr); ++ if (mDidCreateDoc || mCallingShow) { ++ frameloader->Hide(); ++ } ++ } + } + + nsLeafFrame::DestroyFrom(aDestructRoot); diff --git a/gnu/packages/patches/icecat-CVE-2016-2819.patch b/gnu/packages/patches/icecat-CVE-2016-2819.patch new file mode 100644 index 0000000000..cbb833d43d --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2819.patch @@ -0,0 +1,102 @@ + changeset: 312054:072992bf176d + user: Henri Sivonen + Date: Sun May 15 17:03:06 2016 +0300 + summary: Bug 1270381. r=wchen. a=ritu + +diff -r d30748143c21 -r 072992bf176d parser/html/javasrc/TreeBuilder.java +--- a/parser/html/javasrc/TreeBuilder.java Mon May 09 18:05:32 2016 -0700 ++++ b/parser/html/javasrc/TreeBuilder.java Sun May 15 17:03:06 2016 +0300 +@@ -39,6 +39,11 @@ + import java.util.HashMap; + import java.util.Map; + ++import org.xml.sax.ErrorHandler; ++import org.xml.sax.Locator; ++import org.xml.sax.SAXException; ++import org.xml.sax.SAXParseException; ++ + import nu.validator.htmlparser.annotation.Auto; + import nu.validator.htmlparser.annotation.Const; + import nu.validator.htmlparser.annotation.IdType; +@@ -54,11 +59,6 @@ + import nu.validator.htmlparser.common.TokenHandler; + import nu.validator.htmlparser.common.XmlViolationPolicy; + +-import org.xml.sax.ErrorHandler; +-import org.xml.sax.Locator; +-import org.xml.sax.SAXException; +-import org.xml.sax.SAXParseException; +- + public abstract class TreeBuilder implements TokenHandler, + TreeBuilderState { + +@@ -1924,7 +1924,6 @@ + break starttagloop; + } + generateImpliedEndTags(); +- // XXX is the next if dead code? + if (errorHandler != null && !isCurrent("table")) { + errNoCheckUnclosedElementsOnStack(); + } +@@ -2183,11 +2182,11 @@ + pop(); + } + break; +- } else if (node.isSpecial() ++ } else if (eltPos == 0 || (node.isSpecial() + && (node.ns != "http://www.w3.org/1999/xhtml" +- || (node.name != "p" +- && node.name != "address" +- && node.name != "div"))) { ++ || (node.name != "p" ++ && node.name != "address" ++ && node.name != "div")))) { + break; + } + eltPos--; +@@ -3878,7 +3877,7 @@ + pop(); + } + break endtagloop; +- } else if (node.isSpecial()) { ++ } else if (eltPos == 0 || node.isSpecial()) { + errStrayEndTag(name); + break endtagloop; + } +@@ -4745,6 +4744,7 @@ + int furthestBlockPos = formattingEltStackPos + 1; + while (furthestBlockPos <= currentPtr) { + StackNode node = stack[furthestBlockPos]; // weak ref ++ assert furthestBlockPos > 0: "How is formattingEltStackPos + 1 not > 0?"; + if (node.isSpecial()) { + break; + } +diff -r d30748143c21 -r 072992bf176d parser/html/nsHtml5TreeBuilder.cpp +--- a/parser/html/nsHtml5TreeBuilder.cpp Mon May 09 18:05:32 2016 -0700 ++++ b/parser/html/nsHtml5TreeBuilder.cpp Sun May 15 17:03:06 2016 +0300 +@@ -1102,7 +1102,7 @@ + pop(); + } + break; +- } else if (node->isSpecial() && (node->ns != kNameSpaceID_XHTML || (node->name != nsHtml5Atoms::p && node->name != nsHtml5Atoms::address && node->name != nsHtml5Atoms::div))) { ++ } else if (!eltPos || (node->isSpecial() && (node->ns != kNameSpaceID_XHTML || (node->name != nsHtml5Atoms::p && node->name != nsHtml5Atoms::address && node->name != nsHtml5Atoms::div)))) { + break; + } + eltPos--; +@@ -2749,7 +2749,7 @@ + pop(); + } + NS_HTML5_BREAK(endtagloop); +- } else if (node->isSpecial()) { ++ } else if (!eltPos || node->isSpecial()) { + errStrayEndTag(name); + NS_HTML5_BREAK(endtagloop); + } +@@ -3593,6 +3593,7 @@ + int32_t furthestBlockPos = formattingEltStackPos + 1; + while (furthestBlockPos <= currentPtr) { + nsHtml5StackNode* node = stack[furthestBlockPos]; ++ MOZ_ASSERT(furthestBlockPos > 0, "How is formattingEltStackPos + 1 not > 0?"); + if (node->isSpecial()) { + break; + } diff --git a/gnu/packages/patches/icecat-CVE-2016-2821.patch b/gnu/packages/patches/icecat-CVE-2016-2821.patch new file mode 100644 index 0000000000..8255d60009 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2821.patch @@ -0,0 +1,16 @@ + changeset: 312045:7aea44059251 + user: Olli Pettay + Date: Fri May 13 20:10:22 2016 +0300 + summary: Bug 1271460, don't leak editor created element objects, r=ehsan a=ritu + +diff -r 09418166fd77 -r 7aea44059251 editor/libeditor/nsHTMLInlineTableEditor.cpp +--- a/editor/libeditor/nsHTMLInlineTableEditor.cpp Wed May 11 10:14:45 2016 +0100 ++++ b/editor/libeditor/nsHTMLInlineTableEditor.cpp Fri May 13 20:10:22 2016 +0300 +@@ -109,7 +109,6 @@ + + // get the root content node. + nsCOMPtr bodyContent = GetRoot(); +- NS_ENSURE_TRUE(bodyContent, NS_ERROR_FAILURE); + + DeleteRefToAnonymousNode(mAddColumnBeforeButton, bodyContent, ps); + mAddColumnBeforeButton = nullptr; diff --git a/gnu/packages/patches/icecat-CVE-2016-2824.patch b/gnu/packages/patches/icecat-CVE-2016-2824.patch new file mode 100644 index 0000000000..72772ed15f --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2824.patch @@ -0,0 +1,85 @@ + changeset: 312070:4b54feddf36c + user: JerryShih + Date: Wed May 25 16:27:41 2016 +0200 + summary: Bug 1248580 - strip the uploading element num according to the uniform array size. r=jgilbert a=ritu + +diff -r 3c2bd9158ad3 -r 4b54feddf36c dom/canvas/WebGLContextValidate.cpp +--- a/dom/canvas/WebGLContextValidate.cpp Tue May 10 22:58:47 2016 -0500 ++++ b/dom/canvas/WebGLContextValidate.cpp Wed May 25 16:27:41 2016 +0200 +@@ -1531,9 +1531,10 @@ + if (!loc->ValidateArrayLength(setterElemSize, setterArraySize, this, funcName)) + return false; + ++ MOZ_ASSERT((size_t)loc->mActiveInfo->mElemCount > loc->mArrayIndex); ++ size_t uniformElemCount = loc->mActiveInfo->mElemCount - loc->mArrayIndex; + *out_rawLoc = loc->mLoc; +- *out_numElementsToUpload = std::min((size_t)loc->mActiveInfo->mElemCount, +- setterArraySize / setterElemSize); ++ *out_numElementsToUpload = std::min(uniformElemCount, setterArraySize / setterElemSize); + return true; + } + +diff -r 3c2bd9158ad3 -r 4b54feddf36c dom/canvas/WebGLProgram.cpp +--- a/dom/canvas/WebGLProgram.cpp Tue May 10 22:58:47 2016 -0500 ++++ b/dom/canvas/WebGLProgram.cpp Wed May 25 16:27:41 2016 +0200 +@@ -510,8 +510,14 @@ + const NS_LossyConvertUTF16toASCII userName(userName_wide); + + nsDependentCString baseUserName; +- bool isArray; +- size_t arrayIndex; ++ bool isArray = false; ++ // GLES 2.0.25, Section 2.10, p35 ++ // If the the uniform location is an array, then the location of the first ++ // element of that array can be retrieved by either using the name of the ++ // uniform array, or the name of the uniform array appended with "[0]". ++ // The ParseName() can't recognize this rule. So always initialize ++ // arrayIndex with 0. ++ size_t arrayIndex = 0; + if (!ParseName(userName, &baseUserName, &isArray, &arrayIndex)) + return nullptr; + +@@ -536,7 +542,8 @@ + return nullptr; + + nsRefPtr locObj = new WebGLUniformLocation(mContext, LinkInfo(), +- loc, activeInfo); ++ loc, arrayIndex, ++ activeInfo); + return locObj.forget(); + } + +diff -r 3c2bd9158ad3 -r 4b54feddf36c dom/canvas/WebGLUniformLocation.cpp +--- a/dom/canvas/WebGLUniformLocation.cpp Tue May 10 22:58:47 2016 -0500 ++++ b/dom/canvas/WebGLUniformLocation.cpp Wed May 25 16:27:41 2016 +0200 +@@ -16,10 +16,13 @@ + + WebGLUniformLocation::WebGLUniformLocation(WebGLContext* webgl, + const webgl::LinkedProgramInfo* linkInfo, +- GLuint loc, const WebGLActiveInfo* activeInfo) ++ GLuint loc, ++ size_t arrayIndex, ++ const WebGLActiveInfo* activeInfo) + : WebGLContextBoundObject(webgl) + , mLinkInfo(linkInfo) + , mLoc(loc) ++ , mArrayIndex(arrayIndex) + , mActiveInfo(activeInfo) + { } + +diff -r 3c2bd9158ad3 -r 4b54feddf36c dom/canvas/WebGLUniformLocation.h +--- a/dom/canvas/WebGLUniformLocation.h Tue May 10 22:58:47 2016 -0500 ++++ b/dom/canvas/WebGLUniformLocation.h Wed May 25 16:27:41 2016 +0200 +@@ -41,10 +41,11 @@ + + const WeakPtr mLinkInfo; + const GLuint mLoc; ++ const size_t mArrayIndex; + const WebGLActiveInfo* const mActiveInfo; + + WebGLUniformLocation(WebGLContext* webgl, const webgl::LinkedProgramInfo* linkInfo, +- GLuint loc, const WebGLActiveInfo* activeInfo); ++ GLuint loc, size_t arrayIndex, const WebGLActiveInfo* activeInfo); + + bool ValidateForProgram(WebGLProgram* prog, WebGLContext* webgl, + const char* funcName) const; diff --git a/gnu/packages/patches/icecat-CVE-2016-2828.patch b/gnu/packages/patches/icecat-CVE-2016-2828.patch new file mode 100644 index 0000000000..951eb4fc46 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2828.patch @@ -0,0 +1,185 @@ + changeset: 312096:dc190bd03d24 + tag: FIREFOX_45_2_0esr_BUILD2 + tag: FIREFOX_45_2_0esr_RELEASE + user: Jeff Gilbert + Date: Thu Apr 14 13:50:04 2016 -0700 + summary: Bug 1224199 - Destroy SharedSurfaces before ~GLContext(). - r=jrmuizel a=lizzard + +diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/GLBlitHelper.cpp +--- a/gfx/gl/GLBlitHelper.cpp Mon Mar 07 11:51:12 2016 +0000 ++++ b/gfx/gl/GLBlitHelper.cpp Thu Apr 14 13:50:04 2016 -0700 +@@ -172,6 +172,9 @@ + + GLBlitHelper::~GLBlitHelper() + { ++ if (!mGL->MakeCurrent()) ++ return; ++ + DeleteTexBlitProgram(); + + GLuint tex[] = { +diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/GLContext.cpp +--- a/gfx/gl/GLContext.cpp Mon Mar 07 11:51:12 2016 +0000 ++++ b/gfx/gl/GLContext.cpp Thu Apr 14 13:50:04 2016 -0700 +@@ -2079,12 +2079,13 @@ + if (IsDestroyed()) + return; + ++ // Null these before they're naturally nulled after dtor, as we want GLContext to ++ // still be alive in *their* dtors. ++ mScreen = nullptr; ++ mBlitHelper = nullptr; ++ mReadTexImageHelper = nullptr; ++ + if (MakeCurrent()) { +- DestroyScreenBuffer(); +- +- mBlitHelper = nullptr; +- mReadTexImageHelper = nullptr; +- + mTexGarbageBin->GLContextTeardown(); + } else { + NS_WARNING("MakeCurrent() failed during MarkDestroyed! Skipping GL object teardown."); +@@ -2328,8 +2329,6 @@ + return false; + } + +- DestroyScreenBuffer(); +- + // This will rebind to 0 (Screen) if needed when + // it falls out of scope. + ScopedBindFramebuffer autoFB(this); +@@ -2349,12 +2348,6 @@ + } + + void +-GLContext::DestroyScreenBuffer() +-{ +- mScreen = nullptr; +-} +- +-void + GLContext::ForceDirtyScreen() + { + ScopedBindFramebuffer autoFB(0); +diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/GLContext.h +--- a/gfx/gl/GLContext.h Mon Mar 07 11:51:12 2016 +0000 ++++ b/gfx/gl/GLContext.h Thu Apr 14 13:50:04 2016 -0700 +@@ -3492,8 +3492,6 @@ + friend class GLScreenBuffer; + UniquePtr mScreen; + +- void DestroyScreenBuffer(); +- + SharedSurface* mLockedSurface; + + public: +diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/GLReadTexImageHelper.cpp +--- a/gfx/gl/GLReadTexImageHelper.cpp Mon Mar 07 11:51:12 2016 +0000 ++++ b/gfx/gl/GLReadTexImageHelper.cpp Thu Apr 14 13:50:04 2016 -0700 +@@ -31,6 +31,9 @@ + + GLReadTexImageHelper::~GLReadTexImageHelper() + { ++ if (!mGL->MakeCurrent()) ++ return; ++ + mGL->fDeleteProgram(mPrograms[0]); + mGL->fDeleteProgram(mPrograms[1]); + mGL->fDeleteProgram(mPrograms[2]); +diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/SharedSurfaceANGLE.cpp +--- a/gfx/gl/SharedSurfaceANGLE.cpp Mon Mar 07 11:51:12 2016 +0000 ++++ b/gfx/gl/SharedSurfaceANGLE.cpp Thu Apr 14 13:50:04 2016 -0700 +@@ -120,8 +120,10 @@ + { + mEGL->fDestroySurface(Display(), mPBuffer); + ++ if (!mGL->MakeCurrent()) ++ return; ++ + if (mFence) { +- mGL->MakeCurrent(); + mGL->fDeleteFences(1, &mFence); + } + } +diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/SharedSurfaceEGL.cpp +--- a/gfx/gl/SharedSurfaceEGL.cpp Mon Mar 07 11:51:12 2016 +0000 ++++ b/gfx/gl/SharedSurfaceEGL.cpp Thu Apr 14 13:50:04 2016 -0700 +@@ -87,9 +87,12 @@ + { + mEGL->fDestroyImage(Display(), mImage); + +- mGL->MakeCurrent(); +- mGL->fDeleteTextures(1, &mProdTex); +- mProdTex = 0; ++ if (mSync) { ++ // We can't call this unless we have the ext, but we will always have ++ // the ext if we have something to destroy. ++ mEGL->fDestroySync(Display(), mSync); ++ mSync = 0; ++ } + + if (mConsTex) { + MOZ_ASSERT(mGarbageBin); +@@ -97,12 +100,11 @@ + mConsTex = 0; + } + +- if (mSync) { +- // We can't call this unless we have the ext, but we will always have +- // the ext if we have something to destroy. +- mEGL->fDestroySync(Display(), mSync); +- mSync = 0; +- } ++ if (!mGL->MakeCurrent()) ++ return; ++ ++ mGL->fDeleteTextures(1, &mProdTex); ++ mProdTex = 0; + } + + void +diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/SharedSurfaceGralloc.cpp +--- a/gfx/gl/SharedSurfaceGralloc.cpp Mon Mar 07 11:51:12 2016 +0000 ++++ b/gfx/gl/SharedSurfaceGralloc.cpp Thu Apr 14 13:50:04 2016 -0700 +@@ -154,7 +154,9 @@ + + DEBUG_PRINT("[SharedSurface_Gralloc %p] destroyed\n", this); + +- mGL->MakeCurrent(); ++ if (!mGL->MakeCurrent()) ++ return; ++ + mGL->fDeleteTextures(1, &mProdTex); + + if (mSync) { +diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/SharedSurfaceIO.cpp +--- a/gfx/gl/SharedSurfaceIO.cpp Mon Mar 07 11:51:12 2016 +0000 ++++ b/gfx/gl/SharedSurfaceIO.cpp Thu Apr 14 13:50:04 2016 -0700 +@@ -111,11 +111,10 @@ + + SharedSurface_IOSurface::~SharedSurface_IOSurface() + { +- if (mProdTex) { +- DebugOnly success = mGL->MakeCurrent(); +- MOZ_ASSERT(success); +- mGL->fDeleteTextures(1, &mProdTex); +- } ++ if (!mGL->MakeCurrent()) ++ return; ++ ++ mGL->fDeleteTextures(1, &mProdTex); + } + + //////////////////////////////////////////////////////////////////////// +diff -r b24e1cc592ec -r dc190bd03d24 gfx/gl/TextureGarbageBin.cpp +--- a/gfx/gl/TextureGarbageBin.cpp Mon Mar 07 11:51:12 2016 +0000 ++++ b/gfx/gl/TextureGarbageBin.cpp Thu Apr 14 13:50:04 2016 -0700 +@@ -36,6 +36,7 @@ + if (!mGL) + return; + ++ MOZ_RELEASE_ASSERT(mGL->IsCurrent()); + while (!mGarbageTextures.empty()) { + GLuint tex = mGarbageTextures.top(); + mGarbageTextures.pop(); diff --git a/gnu/packages/patches/icecat-CVE-2016-2831.patch b/gnu/packages/patches/icecat-CVE-2016-2831.patch new file mode 100644 index 0000000000..b99ecb6458 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2016-2831.patch @@ -0,0 +1,120 @@ + changeset: 312091:a3fff31b8b70 + user: Xidorn Quan + Date: Thu Apr 14 17:38:13 2016 +1000 + summary: Bug 1261933 - Continue unlocking pointer even if the widget has gone. r=smaug a=lizzard + + MozReview-Commit-ID: 1siQhemFf9O + +diff -r f5e862ea4a72 -r a3fff31b8b70 dom/base/nsDocument.cpp +--- a/dom/base/nsDocument.cpp Tue May 31 18:35:26 2016 -0700 ++++ b/dom/base/nsDocument.cpp Thu Apr 14 17:38:13 2016 +1000 +@@ -12315,49 +12315,37 @@ + bool + nsDocument::SetPointerLock(Element* aElement, int aCursorStyle) + { +- // NOTE: aElement will be nullptr when unlocking. +- nsCOMPtr window = GetWindow(); +- if (!window) { +- NS_WARNING("SetPointerLock(): No Window"); +- return false; +- } +- +- nsIDocShell *docShell = window->GetDocShell(); +- if (!docShell) { +- NS_WARNING("SetPointerLock(): No DocShell (window already closed?)"); +- return false; +- } +- +- nsRefPtr presContext; +- docShell->GetPresContext(getter_AddRefs(presContext)); +- if (!presContext) { +- NS_WARNING("SetPointerLock(): Unable to get presContext in \ +- domWindow->GetDocShell()->GetPresContext()"); ++ MOZ_ASSERT(!aElement || aElement->OwnerDoc() == this, ++ "We should be either unlocking pointer (aElement is nullptr), " ++ "or locking pointer to an element in this document"); ++#ifdef DEBUG ++ if (!aElement) { ++ nsCOMPtr pointerLockedDoc = ++ do_QueryReferent(EventStateManager::sPointerLockedDoc); ++ MOZ_ASSERT(pointerLockedDoc == this); ++ } ++#endif ++ ++ nsIPresShell* shell = GetShell(); ++ if (!shell) { ++ NS_WARNING("SetPointerLock(): No PresShell"); + return false; + } +- +- nsCOMPtr shell = presContext->PresShell(); +- if (!shell) { +- NS_WARNING("SetPointerLock(): Unable to find presContext->PresShell()"); +- return false; +- } +- +- nsIFrame* rootFrame = shell->GetRootFrame(); +- if (!rootFrame) { +- NS_WARNING("SetPointerLock(): Unable to get root frame"); ++ nsPresContext* presContext = shell->GetPresContext(); ++ if (!presContext) { ++ NS_WARNING("SetPointerLock(): Unable to get PresContext"); + return false; + } + +- nsCOMPtr widget = rootFrame->GetNearestWidget(); +- if (!widget) { +- NS_WARNING("SetPointerLock(): Unable to find widget in \ +- shell->GetRootFrame()->GetNearestWidget();"); +- return false; +- } +- +- if (aElement && (aElement->OwnerDoc() != this)) { +- NS_WARNING("SetPointerLock(): Element not in this document."); +- return false; ++ nsCOMPtr widget; ++ nsIFrame* rootFrame = shell->GetRootFrame(); ++ if (!NS_WARN_IF(!rootFrame)) { ++ widget = rootFrame->GetNearestWidget(); ++ NS_WARN_IF_FALSE(widget, "SetPointerLock(): Unable to find widget " ++ "in shell->GetRootFrame()->GetNearestWidget();"); ++ if (aElement && !widget) { ++ return false; ++ } + } + + // Hide the cursor and set pointer lock for future mouse events +diff -r f5e862ea4a72 -r a3fff31b8b70 dom/events/EventStateManager.cpp +--- a/dom/events/EventStateManager.cpp Tue May 31 18:35:26 2016 -0700 ++++ b/dom/events/EventStateManager.cpp Thu Apr 14 17:38:13 2016 +1000 +@@ -4128,10 +4128,6 @@ + // NOTE: aElement will be nullptr when unlocking. + sIsPointerLocked = !!aElement; + +- if (!aWidget) { +- return; +- } +- + // Reset mouse wheel transaction + WheelTransaction::EndTransaction(); + +@@ -4140,6 +4136,8 @@ + do_GetService("@mozilla.org/widget/dragservice;1"); + + if (sIsPointerLocked) { ++ MOZ_ASSERT(aWidget, "Locking pointer requires a widget"); ++ + // Store the last known ref point so we can reposition the pointer after unlock. + mPreLockPoint = sLastRefPoint; + +@@ -4164,7 +4162,9 @@ + // pre-pointerlock position, so that the synthetic mouse event reports + // no movement. + sLastRefPoint = mPreLockPoint; +- aWidget->SynthesizeNativeMouseMove(mPreLockPoint + aWidget->WidgetToScreenOffset()); ++ if (aWidget) { ++ aWidget->SynthesizeNativeMouseMove(mPreLockPoint + aWidget->WidgetToScreenOffset()); ++ } + + // Don't retarget events to this element any more. + nsIPresShell::SetCapturingContent(nullptr, CAPTURE_POINTERLOCK); diff --git a/gnu/packages/patches/libvpx-CVE-2016-2818.patch b/gnu/packages/patches/libvpx-CVE-2016-2818.patch new file mode 100644 index 0000000000..1fdf01cbca --- /dev/null +++ b/gnu/packages/patches/libvpx-CVE-2016-2818.patch @@ -0,0 +1,36 @@ +Patch contents copied from Mozilla esr45 changeset 312077:7ebfe49f001c + + changeset: 312077:7ebfe49f001c + user: Randell Jesup + Date: Fri Apr 15 23:11:01 2016 -0400 + summary: Bug 1263384: validate input frames against configured resolution in vp8 r=rillian, a=ritu,lizzard + + MozReview-Commit-ID: BxDCnJe0mzs + +--- libvpx-1.5.0/vp8/vp8_cx_iface.c.orig 2015-11-09 17:12:38.000000000 -0500 ++++ libvpx-1.5.0/vp8/vp8_cx_iface.c 2016-06-08 08:48:46.037213092 -0400 +@@ -925,11 +925,19 @@ + { + res = image2yuvconfig(img, &sd); + +- if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, +- &sd, dst_time_stamp, dst_end_time_stamp)) +- { +- VP8_COMP *cpi = (VP8_COMP *)ctx->cpi; +- res = update_error_state(ctx, &cpi->common.error); ++ if (sd.y_width != ctx->cfg.g_w || sd.y_height != ctx->cfg.g_h) { ++ /* from vp8_encoder.h for g_w/g_h: ++ "Note that the frames passed as input to the encoder must have this resolution" ++ */ ++ ctx->base.err_detail = "Invalid input frame resolution"; ++ res = VPX_CODEC_INVALID_PARAM; ++ } else { ++ if (vp8_receive_raw_frame(ctx->cpi, ctx->next_frame_flag | lib_flags, ++ &sd, dst_time_stamp, dst_end_time_stamp)) ++ { ++ VP8_COMP *cpi = (VP8_COMP *)ctx->cpi; ++ res = update_error_state(ctx, &cpi->common.error); ++ } + } + + /* reset for next frame */ diff --git a/gnu/packages/patches/ruby-concurrent-ignore-broken-test.patch b/gnu/packages/patches/ruby-concurrent-ignore-broken-test.patch new file mode 100644 index 0000000000..4e801c3225 --- /dev/null +++ b/gnu/packages/patches/ruby-concurrent-ignore-broken-test.patch @@ -0,0 +1,16 @@ +This test appears to fail in GNU Guix and elsewhere. It has been reported +upstream at https://github.com/puma/puma/issues/995 + +diff --git a/spec/concurrent/channel_spec.rb b/spec/concurrent/channel_spec.rb +index d70fba8..4f29a8b 100644 +--- a/spec/concurrent/channel_spec.rb ++++ b/spec/concurrent/channel_spec.rb +@@ -598,7 +598,7 @@ module Concurrent + }.to raise_error(ArgumentError) + end + +- it 'loops until the block returns false' do ++ xit 'loops until the block returns false' do + actual = 0 + expected = 3 + latch = Concurrent::CountDownLatch.new(expected) diff --git a/gnu/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch b/gnu/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch new file mode 100644 index 0000000000..5d1f04b994 --- /dev/null +++ b/gnu/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch @@ -0,0 +1,13 @@ +diff --git a/test/tc_definitions.rb b/test/tc_definitions.rb +index 7b20a3d..75b9798 100644 +--- a/test/tc_definitions.rb ++++ b/test/tc_definitions.rb +@@ -58,7 +58,7 @@ class TCDefinitions < Minitest::Test + identifier = $3.to_sym + is_dst = $4 == '1' + +- if utc && local ++ if utc && local && !line.match(/Sun Oct 25 01:59:59 2037 UT = Sun Oct 25 02:59:59 2037 WEST isdst=1 gmtoff=3600/) + tzi_local = zone.utc_to_local(utc) + tzi_period = zone.period_for_utc(utc) + tzi_identifier = tzi_period.zone_identifier diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 0c86183e42..c21a5f7eec 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -9028,3 +9028,120 @@ focus on event-based network programming and multiprotocol integration.") (define-public python2-twisted (package-with-python2 python-twisted)) + +(define-public python-ply + (package + (name "python-ply") + (version "3.8") + (source + (origin + (method url-fetch) + (uri (string-append + "https://pypi.python.org/packages/" + "96/e0/430fcdb6b3ef1ae534d231397bee7e9304be14a47a267e82ebcb3323d0b5" + "/ply-" version ".tar.gz")) + (sha256 + (base32 + "1f70ipynmiy09k6px2j7v4w5cdrc21za3xs2k6f1bsvb0bzvvlg7")))) + (build-system python-build-system) + (home-page "http://www.dabeaz.com/ply/") + (synopsis "Python Lex & Yacc") + (description "PLY is a @code{lex}/@code{yacc} implemented purely in Python. +It uses LR parsing and does extensive error checking.") + (license bsd-3) + (properties `((python2-variant . ,(delay python2-ply)))))) + +(define-public python2-ply + (package + (inherit (package-with-python2 + (strip-python2-variant python-ply))) + (native-inputs `(("python2-setuptools" ,python2-setuptools))))) + +(define-public python-tabulate + (package + (name "python-tabulate") + (version "0.7.5") + (source (origin + (method url-fetch) + (uri (pypi-uri "tabulate" version)) + (sha256 + (base32 + "03l1r7ddd1a0j2snv1yd0hlnghjad3fg1an1jr8936ksv75slwch")) + ;; Fix tests + (modules '((guix build utils))) + (snippet '(substitute* '("test/test_cli.py" + "test/test_input.py" + "test/test_output.py" + "test/test_regression.py") + (("from common") "from nose.tools"))))) + (build-system python-build-system) + (native-inputs + `(("python-setuptools" ,python-setuptools) + ;; For testing + ("python-nose" ,python-nose))) + (home-page "https://bitbucket.org/astanin/python-tabulate") + (synopsis "Pretty-print tabular data") + (description + "Tabulate is a library and command-line utility to pretty-print tabular +data in Python.") + (license license:expat))) + +(define-public python2-tabulate + (package-with-python2 python-tabulate)) + +(define-public python-kazoo + (package + (name "python-kazoo") + (version "2.2.1") + (source + (origin + (method url-fetch) + (uri (pypi-uri "kazoo" version)) + (sha256 + (base32 + "10pb864if9qi2pq9lfb9m8f7z7ss6rml80gf1d9h64lap5crjnjj")))) + (build-system python-build-system) + (arguments '(#:tests? #f)) ; XXX: needs zookeeper + (native-inputs + `(("python-setuptools" ,python-setuptools) + ("python-six" ,python-six))) + (home-page "https://kazoo.readthedocs.org") + (synopsis "High-level Zookeeper client library") + (description + "Kazoo is a Python client library for the Apache Zookeeper distributed +application service. It is designed to be easy to use and to avoid common +programming errors.") + (license asl2.0))) + +(define-public python2-kazoo + (package-with-python2 python-kazoo)) + +(define-public python-pykafka + (package + (name "python-pykafka") + (version "2.4.0") + (source (origin + (method url-fetch) + (uri (pypi-uri "pykafka" version)) + (sha256 + (base32 + "1id6sr159p6aa13bxcqyr9gln8sqg1l0ddzns5iws8kk5q1p5cfv")))) + (build-system python-build-system) + (arguments '(#:tests? #f)) ; XXX: needs zookeeper, kafka, etc. + (native-inputs + `(("python-gevent" ,python-gevent) + ("python-kazoo" ,python-kazoo) + ("python-setuptools" ,python-setuptools) + ("python-tabulate" ,python-tabulate))) + (inputs + `(("librdkafka" ,librdkafka))) + (home-page "https://pykafka.readthedocs.io/") + (synopsis "Apache Kafka client for Python") + (description + "PyKafka is a client for the Apache Kafka distributed messaging system. +It includes Python implementations of Kafka producers and consumers, which +are optionally backed by a C extension built on librdkafka.") + (license asl2.0))) + +(define-public python2-pykafka + (package-with-python2 python-pykafka)) diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm index acfda4a2df..c79160f05c 100644 --- a/gnu/packages/qt.scm +++ b/gnu/packages/qt.scm @@ -301,7 +301,7 @@ developers using C++ or QML, a CSS & JavaScript like language.") (define-public qtbase (package (name "qtbase") - (version "5.6.0") + (version "5.6.1") (source (origin (method url-fetch) (uri (string-append "https://download.qt.io/official_releases/qt/" @@ -310,7 +310,7 @@ developers using C++ or QML, a CSS & JavaScript like language.") version ".tar.xz")) (sha256 (base32 - "0ynnvcs5idivzldsq5ciqg9myg82b3l3906l4vjv54lyamf8mykf")) + "0r3jrqymnnxrig4f11xvs33c26f0kzfakbp3kcbdpv795gpc276h")) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index c6b6eedb9d..527f76b404 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -2101,6 +2101,38 @@ aware transformations between times in different time zones.") (home-page "http://tzinfo.github.io") (license license:expat))) +(define-public ruby-tzinfo-data + (package + (name "ruby-tzinfo-data") + (version "1.2016.4") + (source + (origin + (method url-fetch) + ;; Download from GitHub because the rubygems version does not contain + ;; Rakefile or tests. + (uri (string-append + "https://github.com/tzinfo/tzinfo-data/archive/v" + version + ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0jnm8i379hn48cq5n39j7wzm08i0mw73kqzx3cqbxpiwlb1hnz80")) + ;; Remove the known test failure. + ;; https://github.com/tzinfo/tzinfo-data/issues/10 + ;; https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1587128 + (patches (search-patches + "ruby-tzinfo-data-ignore-broken-test.patch")))) + (build-system ruby-build-system) + (propagated-inputs + `(("ruby-tzinfo" ,ruby-tzinfo))) + (synopsis "Data from the IANA Time Zone database") + (description + "This library provides @code{TZInfo::Data}, which contains data from the +IANA Time Zone database packaged as Ruby modules for use with @code{TZInfo}.") + (home-page "http://tzinfo.github.io") + (license license:expat))) + (define-public ruby-rb-inotify (package (name "ruby-rb-inotify") @@ -2509,7 +2541,8 @@ you about the changes.") ("ruby-json" ,ruby-json) ("ruby-minitest" ,ruby-minitest) ("ruby-thread-safe" ,ruby-thread-safe) - ("ruby-tzinfo" ,ruby-tzinfo))) + ("ruby-tzinfo" ,ruby-tzinfo) + ("ruby-tzinfo-data" ,ruby-tzinfo-data))) (synopsis "Ruby on Rails utility library") (description "ActiveSupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. It includes support for @@ -3927,3 +3960,96 @@ comprehensive ORM layer for mapping records to Ruby objects and handling associated records.") (home-page "http://sequel.jeremyevans.net") (license license:expat))) + +(define-public ruby-timecop + (package + (name "ruby-timecop") + (version "0.8.1") + (source + (origin + (method url-fetch) + (uri (rubygems-uri "timecop" version)) + (sha256 + (base32 + "0vwbkwqyxhavzvr1820hqwz43ylnfcf6w4x6sag0nghi44sr9kmx")))) + (build-system ruby-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'check 'set-check-rubylib + (lambda _ + ;; Set RUBYLIB so timecop tests finds its own lib. + (setenv "RUBYLIB" "lib") + #t))))) + (native-inputs + `(("bundler" ,bundler) + ("ruby-minitest-rg" ,ruby-minitest-rg) + ("ruby-mocha" ,ruby-mocha) + ("ruby-activesupport" ,ruby-activesupport))) + (synopsis "Test mocks for time-dependent functions.") + (description + "Timecop provides \"time travel\" and \"time freezing\" capabilities, +making it easier to test time-dependent code. It provides a unified method to +mock @code{Time.now}, @code{Date.today}, and @code{DateTime.now} in a single +call.") + (home-page "https://github.com/travisjeffery/timecop") + (license license:expat))) + +(define-public ruby-concurrent + (package + (name "ruby-concurrent") + (version "1.0.2") + (source + (origin + (method url-fetch) + ;; Download from GitHub because the rubygems version does not contain + ;; Rakefile. + (uri (string-append + "https://github.com/ruby-concurrency/concurrent-ruby/archive/v" + version + ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1x3g2admp14ykwfxidsicqbhlfsnxh9wyc806np4i15hws4if1d8")) + ;; Exclude failing test reported at + ;; https://github.com/ruby-concurrency/concurrent-ruby/issues/534 + (patches (search-patches "ruby-concurrent-ignore-broken-test.patch")))) + (build-system ruby-build-system) + (arguments + `(#:test-target "spec" + #:phases + (modify-phases %standard-phases + (add-before 'build 'remove-git-lsfiles-and-extra-gemspecs + (lambda _ + (for-each (lambda (file) + (substitute* file + (("git ls-files") "find * |sort"))) + (list "concurrent-ruby.gemspec" + "support/file_map.rb")) + #t)) + (add-before 'build 'remove-extra-gemspecs + (lambda _ + ;; Delete extra gemspec files so 'first-gemspec' chooses the + ;; correct one. + (delete-file "concurrent-ruby-edge.gemspec") + (delete-file "concurrent-ruby-ext.gemspec") + #t)) + (add-before 'check 'rake-compile + ;; Fix the test error described at + ;; https://github.com/ruby-concurrency/concurrent-ruby/pull/408 + (lambda _ (zero? (system* "rake" "compile"))))))) + (native-inputs + `(("ruby-rake-compiler" ,ruby-rake-compiler) + ("ruby-yard" ,ruby-yard) + ("ruby-rspec" ,ruby-rspec) + ("ruby-timecop" ,ruby-timecop))) + (synopsis "Concurrency tools for Ruby") + (description + "This library provides modern concurrency tools including agents, +futures, promises, thread pools, actors, supervisors, and more. It is +inspired by Erlang, Clojure, Go, JavaScript, actors and classic concurrency +patterns.") + (home-page "http://www.concurrent-ruby.com") + (license license:expat))) + diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm index f582aea42f..87e5aadc40 100644 --- a/gnu/packages/suckless.scm +++ b/gnu/packages/suckless.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2013 Cyril Roelandt ;;; Copyright © 2015 Amirouche Boubekki ;;; Copyright © 2016 Al McElrath +;;; Copyright © 2016 ng0 ;;; ;;; This file is part of GNU Guix. ;;; @@ -151,7 +152,7 @@ numbers of user-defined menu items efficiently.") (define-public st (package (name "st") - (version "0.5") + (version "0.6") (source (origin (method url-fetch) @@ -159,7 +160,7 @@ numbers of user-defined menu items efficiently.") version ".tar.gz")) (sha256 (base32 - "0knxpzaa86pprng6hak8hx8bw22yw22rpz1ffxjpcvqlz3xdv05f")))) + "0avsfc1qp8zvshsfjwwrkvk411jlqy58z225bsdhjkl1qc40qcc5")))) (build-system gnu-build-system) (arguments '(#:tests? #f ; no tests diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 45c37f7493..d3ab981056 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -322,7 +322,7 @@ required structures.") (define-public libressl (package (name "libressl") - (version "2.3.4") + (version "2.3.5") (source (origin (method url-fetch) @@ -331,7 +331,7 @@ required structures.") version ".tar.gz")) (sha256 (base32 - "1ag65pbvdikqj5y1w780jicl3ngi9ld2332ki6794y0gcar3a4bs")))) + "0fvmifz61zfq6byy4dh1qqdg9fpbdsyldjwx5hlcgg6ywxf2f9gl")))) (build-system gnu-build-system) (native-search-paths ;; FIXME: These two variables must designate a single file or directory diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 346f9753a8..801bd29442 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -112,14 +112,14 @@ as well as the classic centralized workflow.") ;; Keep in sync with 'git-manpages'! (package (name "git") - (version "2.8.3") + (version "2.8.4") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/software/scm/git/git-" version ".tar.xz")) (sha256 (base32 - "14dafk7rz8cy2z5b92yf009qf4pc70s0viwq7hxsgd4898knr3kx")))) + "0mqnzs4wz2x1fa6kq2ckgf42fgx6qwp64ra1lgg73245l4r9l3hj")))) (build-system gnu-build-system) (native-inputs `(("native-perl" ,perl) @@ -292,7 +292,7 @@ everything from small to very large projects with speed and efficiency.") version ".tar.xz")) (sha256 (base32 - "1ilbi4xdn77a5yrjyrcx0nap0j4raw3h1fr0k32zs9y35c6f29cx")))) + "1xdpp1i8sgdzk708vnxrm1z6dg4mip12fswihb8hlg2v5qqgrpfj")))) (build-system trivial-build-system) (arguments '(#:modules ((guix build utils)) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 4782ec4692..ecdf4c35e6 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -559,15 +559,15 @@ audio/video codec library.") (define-public vlc (package (name "vlc") - (version "2.2.1") + (version "2.2.4") (source (origin (method url-fetch) (uri (string-append - "http://download.videolan.org/pub/videolan/vlc/" + "https://download.videolan.org/pub/videolan/vlc/" version "/vlc-" version ".tar.xz")) (sha256 (base32 - "1jqzrzrpw6932lbkf863xk8cfmn4z2ngbxz7w8ggmh4f6xz9sgal")) + "1gjkrwlg8ab3skzl67cxb9qzg4187ifckd1z9kpy11q058fyjchn")) (modules '((guix build utils))) (snippet ;; There are two occurrences where __DATE__ and __TIME__ are @@ -609,7 +609,8 @@ audio/video codec library.") ("perl" ,perl) ("pulseaudio" ,pulseaudio) ("python" ,python-wrapper) - ("qt" ,qt) + ("qtbase" ,qtbase) + ;("qtx11extras" ,qtx11extras) ("sdl" ,sdl) ("sdl-image" ,sdl-image) ("speex" ,speex) @@ -623,6 +624,13 @@ audio/video codec library.") #:phases (modify-phases %standard-phases + (add-before 'configure 'remove-visual-tests + ;; Some of the tests require using the display to test out VLC, + ;; which fails in our sandboxed build system + (lambda _ + (substitute* "test/run_vlc.sh" + (("./vlc --ignore-config") "echo")) + #t)) (add-after 'install 'regenerate-plugin-cache (lambda* (#:key outputs #:allow-other-keys) ;; The 'install-exec-hook' rule in the top-level Makefile.am @@ -831,7 +839,8 @@ projects while introducing many more.") name "-" version ".tar.bz2")) (sha256 (base32 - "15v7qw0ydyxn08ksb6lxn1l51pxgpwgshdwd3275yrr5hs86fv9h")))) + "15v7qw0ydyxn08ksb6lxn1l51pxgpwgshdwd3275yrr5hs86fv9h")) + (patches (search-patches "libvpx-CVE-2016-2818.patch")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 6ac03fcce6..28f247cba6 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -12,6 +12,7 @@ ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Rene Saavedra ;;; Copyright © 2016 Ben Woodcroft +;;; Copyright © 2016 Clément Lassieur ;;; ;;; This file is part of GNU Guix. ;;; @@ -41,6 +42,7 @@ #:use-module (guix build-system perl) #:use-module (guix build-system cmake) #:use-module (guix build-system r) + #:use-module (guix build-system trivial) #:use-module (gnu packages) #:use-module (gnu packages apr) #:use-module (gnu packages documentation) @@ -3350,3 +3352,39 @@ you'd expect.") HTTPS. It provides a library, libuhttpmock, which implements recording and playback of HTTP request/response traces.") (license l:lgpl2.1+))) + +(define-public woof + (package + (name "woof") + (version "2012-05-31") + (source (origin + (method url-fetch) + (uri (string-append + "http://www.home.unix-ag.org/simon/woof-" + version ".py")) + (sha256 + (base32 + "0wjmjhpg6xlid33yi59j47q2qadz20sijrqsjahj30vngz856hyq")))) + (build-system trivial-build-system) + (arguments + '(#:modules ((guix build utils)) + #:builder + (begin + (use-modules (guix build utils)) + (let* ((source (assoc-ref %build-inputs "source")) + (out (assoc-ref %outputs "out")) + (bin (string-append out "/bin")) + (python (assoc-ref %build-inputs "python"))) + (mkdir-p bin) + (with-directory-excursion bin + (copy-file source "woof") + (patch-shebang "woof" (list (string-append python "/bin"))) + (chmod "woof" #o555)) + #t)))) + (inputs `(("python" ,python-2))) + (home-page "http://www.home.unix-ag.org/simon/woof.html") + (synopsis "Single file web server") + (description "Woof (Web Offer One File) is a small simple web server that +can easily be invoked on a single file. Your partner can access the file with +tools they trust (e.g. wget).") + (license l:gpl2+))) diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index a860f98053..e0d795b62f 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -3,7 +3,7 @@ ;;; Copyright © 2013, 2015 Andreas Enge ;;; Copyright © 2015 Eric Bavier ;;; Copyright © 2015 Sou Bunnbu -;;; Copyright © 2015 Ricardo Wurmus +;;; Copyright © 2015, 2016 Ricardo Wurmus ;;; Copyright © 2015, 2016 Mark H Weaver ;;; Copyright © 2015 Efraim Flashner ;;; Copyright © 2015 Raimon Grau @@ -41,7 +41,8 @@ #:use-module (guix build-system gnu) #:use-module (guix build-system perl) #:use-module (guix build-system python) - #:use-module (gnu packages linux)) + #:use-module (gnu packages linux) + #:use-module (gnu packages pkg-config)) (define-public expat (package @@ -51,6 +52,9 @@ (method url-fetch) (uri (string-append "mirror://sourceforge/expat/expat/" version "/expat-" version ".tar.bz2")) + (patches (search-patches "expat-CVE-2012-6702-and-CVE-2016-5300.patch" + "expat-CVE-2015-1283-refix.patch" + "expat-CVE-2016-0718.patch")) (sha256 (base32 "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg")))) @@ -612,6 +616,8 @@ XSL-T processor. It also performs any necessary post-processing.") `(("gnutls" ,gnutls) ("libgcrypt" ,libgcrypt) ("libltdl" ,libltdl))) + (native-inputs + `(("pkg-config" ,pkg-config))) (home-page "http://www.libexpat.org/") (synopsis "XML Security Library") (description diff --git a/guix/gnu-maintenance.scm b/guix/gnu-maintenance.scm index adb62aa68c..0dd08bf535 100644 --- a/guix/gnu-maintenance.scm +++ b/guix/gnu-maintenance.scm @@ -48,7 +48,7 @@ gnu-package-download-url official-gnu-packages - find-packages + find-package gnu-package? release-file? @@ -155,13 +155,12 @@ to fetch the list of GNU packages over HTTP." (close-port port) lst))) -(define (find-packages regexp) - "Find GNU packages which satisfy REGEXP." - (let ((name-rx (make-regexp regexp))) - (filter (lambda (package) - (false-if-exception - (regexp-exec name-rx (gnu-package-name package)))) - (official-gnu-packages)))) +(define (find-package name) + "Find GNU package called NAME and return it. Return #f if it was not +found." + (find (lambda (package) + (string=? name (gnu-package-name package))) + (official-gnu-packages))) (define gnu-package? (memoize diff --git a/guix/import/gnu.scm b/guix/import/gnu.scm index 2cfb46beb9..bbb17047f0 100644 --- a/guix/import/gnu.scm +++ b/guix/import/gnu.scm @@ -111,13 +111,13 @@ details.)" (match (latest-release name) ((? upstream-source? release) (let ((version (upstream-source-version release))) - (match (find-packages (regexp-quote name)) - ((info . _) - (gnu-package->sexp info release #:key-download key-download)) - (() + (match (find-package name) + (#f (raise (condition (&message - (message "couldn't find meta-data for GNU package")))))))) + (message "couldn't find meta-data for GNU package"))))) + (info + (gnu-package->sexp info release #:key-download key-download))))) (_ (raise (condition (&message diff --git a/guix/profiles.scm b/guix/profiles.scm index ce8a11fbe5..90c43325a0 100644 --- a/guix/profiles.scm +++ b/guix/profiles.scm @@ -469,7 +469,8 @@ MANIFEST that named NAME, or #f if not found." (with-monad %store-monad (match (manifest-entry-item entry) ((? package? package) - (match (package-transitive-inputs package) + (match (cons (list (package-name package) package) + (package-transitive-inputs package)) (((labels inputs . _) ...) (return (find-among-inputs inputs))))) ((? string? item) @@ -509,9 +510,9 @@ MANIFEST." info (string-append #$output "/share/info/dir")))) (mkdir-p (string-append #$output "/share/info")) - (every install-info - (append-map info-files - '#$(manifest-inputs manifest))))) + (exit (every install-info + (append-map info-files + '#$(manifest-inputs manifest)))))) (gexp->derivation "info-dir" build #:modules '((guix build utils)) @@ -561,7 +562,7 @@ entries of MANIFEST, or #f if MANIFEST does not have any GHC packages." (system* (string-append #+ghc "/bin/ghc-pkg") "recache" (string-append "--package-db=" db-dir))))) (for-each delete-file (find-files db-dir "\\.conf$")) - success))) + (exit success)))) (with-monad %store-monad ;; Don't depend on GHC when there's nothing to do. @@ -709,7 +710,7 @@ MIME type." (mkdir-p (string-append #$output "/share")) (union-build destdir appdirs #:log-port (%make-void-port "w")) - (zero? (system* update-desktop-database destdir))))) + (exit (zero? (system* update-desktop-database destdir)))))) ;; Don't run the hook when 'desktop-file-utils' is not referenced. (if desktop-file-utils @@ -733,18 +734,18 @@ entries. It's used to query the MIME type of a given file." (guix build union)) (let* ((datadir (string-append #$output "/share")) (destdir (string-append datadir "/mime")) - (mimedirs (filter file-exists? - (map (cut string-append <> - "/share/mime") - '#$(manifest-inputs manifest)))) + (pkgdirs (filter file-exists? + (map (cut string-append <> + "/share/mime/packages") + '#$(manifest-inputs manifest)))) (update-mime-database (string-append #+shared-mime-info "/bin/update-mime-database"))) - (mkdir-p datadir) - (union-build destdir mimedirs - #:log-port (%make-void-port "w")) - (setenv "XDG_DATA_HOME" datadir) - (zero? (system* update-mime-database destdir))))) + (mkdir-p destdir) + (union-build (string-append destdir "/packages") pkgdirs + #:log-port (%make-void-port "w")) + (setenv "XDG_DATA_HOME" datadir) + (exit (zero? (system* update-mime-database destdir)))))) ;; Don't run the hook when 'shared-mime-info' is referenced. (if shared-mime-info diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm index 46292131d7..4c0aa8e419 100644 --- a/guix/scripts/publish.scm +++ b/guix/scripts/publish.scm @@ -28,6 +28,7 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-2) #:use-module (srfi srfi-9 gnu) + #:use-module (srfi srfi-19) #:use-module (srfi srfi-26) #:use-module (srfi srfi-37) #:use-module (web http) @@ -57,6 +58,8 @@ Publish ~a over HTTP.\n") %store-directory) --listen=HOST listen on the network interface for HOST")) (display (_ " -u, --user=USER change privileges to USER as soon as possible")) + (display (_ " + --ttl=TTL announce narinfos can be cached for TTL seconds")) (display (_ " -r, --repl[=PORT] spawn REPL server on PORT")) (newline) @@ -99,6 +102,13 @@ Publish ~a over HTTP.\n") %store-directory) (() (leave (_ "lookup of host '~a' returned nothing") name))))) + (option '("ttl") #t #f + (lambda (opt name arg result) + (let ((duration (string->duration arg))) + (unless duration + (leave (_ "~a: invalid duration~%") arg)) + (alist-cons 'narinfo-ttl (time-second duration) + result)))) (option '(#\r "repl") #f #t (lambda (opt name arg result) ;; If port unspecified, use default Guile REPL port. @@ -146,7 +156,8 @@ Publish ~a over HTTP.\n") %store-directory) "Generate a narinfo key/value string for STORE-PATH; an exception is raised if STORE-PATH is invalid. The narinfo is signed with KEY." (let* ((path-info (query-path-info store store-path)) - (url (string-append "nar/" (basename store-path))) + (url (encode-and-join-uri-path (list "nar" + (basename store-path)))) (hash (bytevector->nix-base32-string (path-info-hash path-info))) (size (path-info-nar-size path-info)) @@ -198,12 +209,18 @@ References: ~a~%" (format port "~a: ~a~%" key value))) %nix-cache-info)))) -(define (render-narinfo store request hash) - "Render metadata for the store path corresponding to HASH." +(define* (render-narinfo store request hash #:key ttl) + "Render metadata for the store path corresponding to HASH. If TTL is true, +advertise it as the maximum validity period (in seconds) via the +'Cache-Control' header. This allows 'guix substitute' to cache it for an +appropriate duration." (let ((store-path (hash-part->path store hash))) (if (string-null? store-path) (not-found request) - (values '((content-type . (application/x-nix-narinfo))) + (values `((content-type . (application/x-nix-narinfo)) + ,@(if ttl + `((cache-control (max-age . ,ttl))) + '())) (cut display (narinfo-string store store-path (force %private-key)) <>))))) @@ -299,7 +316,7 @@ blocking." http-write (@@ (web server http) http-close)) -(define (make-request-handler store) +(define* (make-request-handler store #:key narinfo-ttl) (lambda (request body) (format #t "~a ~a~%" (request-method request) @@ -311,15 +328,18 @@ blocking." (render-nix-cache-info)) ;; /.narinfo (((= extract-narinfo-hash (? string? hash))) - (render-narinfo store request hash)) + ;; TODO: Register roots for HASH that will somehow remain for + ;; NARINFO-TTL. + (render-narinfo store request hash #:ttl narinfo-ttl)) ;; /nar/ (("nar" store-item) (render-nar store request store-item)) (_ (not-found request))) (not-found request)))) -(define (run-publish-server socket store) - (run-server (make-request-handler store) +(define* (run-publish-server socket store + #:key narinfo-ttl) + (run-server (make-request-handler store #:narinfo-ttl narinfo-ttl) concurrent-http-server `(#:socket ,socket))) @@ -357,6 +377,7 @@ blocking." %default-options)) (user (assoc-ref opts 'user)) (port (assoc-ref opts 'port)) + (ttl (assoc-ref opts 'narinfo-ttl)) (address (let ((addr (assoc-ref opts 'address))) (make-socket-address (sockaddr:fam addr) (sockaddr:addr addr) @@ -383,4 +404,4 @@ consider using the '--user' option!~%"))) (when repl-port (repl:spawn-server (repl:make-tcp-server-socket #:port repl-port))) (with-store store - (run-publish-server socket store))))) + (run-publish-server socket store #:narinfo-ttl ttl))))) diff --git a/guix/serialization.scm b/guix/serialization.scm index 286b4cbf30..f17f516c09 100644 --- a/guix/serialization.scm +++ b/guix/serialization.scm @@ -256,53 +256,57 @@ the size in bytes." ;; Magic cookie for Nix archives. "nix-archive-1") -(define (write-file file port) +(define* (write-file file port + #:key (select? (const #t))) "Write the contents of FILE to PORT in Nar format, recursing into -sub-directories of FILE as needed." +sub-directories of FILE as needed. For each directory entry, call (SELECT? +FILE STAT), where FILE is the entry's absolute file name and STAT is the +result of 'lstat'; exclude entries for which SELECT? does not return true." (define p port) (write-string %archive-version-1 p) - (let dump ((f file)) - (let ((s (lstat f))) - (write-string "(" p) - (case (stat:type s) - ((regular) - (write-string "type" p) - (write-string "regular" p) - (if (not (zero? (logand (stat:mode s) #o100))) - (begin - (write-string "executable" p) - (write-string "" p))) - (write-contents f p (stat:size s))) - ((directory) - (write-string "type" p) - (write-string "directory" p) - (let ((entries - ;; 'scandir' defaults to 'string-locale '("." ".."))) string '("." ".."))) stringnumber (match:substring match 1))))) - (cond ((string-match "^([0-9]+)d$" str) + (cond ((string-match "^([0-9]+)s$" str) + => + (lambda (match) + (make-time time-duration 0 + (string->number (match:substring match 1))))) + ((string-match "^([0-9]+)h$" str) + (lambda (match) + (hours->duration 1 match))) + ((string-match "^([0-9]+)d$" str) => (lambda (match) (hours->duration 24 match))) diff --git a/tests/nar.scm b/tests/nar.scm index 9796980e35..4f4b304b1d 100644 --- a/tests/nar.scm +++ b/tests/nar.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès +;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -241,6 +241,46 @@ (lambda () (rmdir input))))) +(test-assert "write-file #:select? + restore-file" + (let ((input (string-append %test-dir ".input"))) + (mkdir input) + (dynamic-wind + (const #t) + (lambda () + (with-file-tree input + (directory "root" + ((directory "a" (("x") ("y") ("z"))) + ("b") ("c") ("d" -> "b"))) + (let* ((output %test-dir) + (nar (string-append output ".nar"))) + (dynamic-wind + (lambda () #t) + (lambda () + (call-with-output-file nar + (lambda (port) + (write-file input port + #:select? + (lambda (file stat) + (and (not (string=? (basename file) + "a")) + (not (eq? (stat:type stat) + 'symlink))))))) + (call-with-input-file nar + (cut restore-file <> output)) + + ;; Make sure "a" and "d" have been filtered out. + (and (not (file-exists? (string-append output "/root/a"))) + (file=? (string-append output "/root/b") + (string-append input "/root/b")) + (file=? (string-append output "/root/c") + (string-append input "/root/c")) + (not (file-exists? (string-append output "/root/d"))))) + (lambda () + (false-if-exception (delete-file nar)) + (false-if-exception (rm-rf output))))))) + (lambda () + (rmdir input))))) + ;; 'restore-file-set' depends on 'open-sha256-input-port', which in turn ;; relies on a Guile 2.0.10+ feature. (test-skip (if (false-if-exception diff --git a/tests/publish.scm b/tests/publish.scm index 6645286f5a..d6d537c58a 100644 --- a/tests/publish.scm +++ b/tests/publish.scm @@ -30,12 +30,14 @@ #:use-module (guix base64) #:use-module ((guix serialization) #:select (restore-file)) #:use-module (guix pk-crypto) + #:use-module (web uri) #:use-module (web client) #:use-module (web response) #:use-module (rnrs bytevectors) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (srfi srfi-64) + #:use-module (ice-9 format) #:use-module (ice-9 match) #:use-module (ice-9 rdelim)) @@ -101,6 +103,37 @@ References: ~a~%" (publish-uri (string-append "/" (store-path-hash-part %item) ".narinfo"))))) +(test-equal "/*.narinfo with properly encoded '+' sign" + ;; See . + (let* ((item (add-text-to-store %store "fake-gtk+" "Congrats!")) + (info (query-path-info %store item)) + (unsigned-info + (format #f + "StorePath: ~a +URL: nar/~a +Compression: none +NarHash: sha256:~a +NarSize: ~d +References: ~%" + item + (uri-encode (basename item)) + (bytevector->nix-base32-string + (path-info-hash info)) + (path-info-nar-size info))) + (signature (base64-encode + (string->utf8 + (canonical-sexp->string + ((@@ (guix scripts publish) signed-string) + unsigned-info)))))) + (format #f "~aSignature: 1;~a;~a~%" + unsigned-info (gethostname) signature)) + + (let ((item (add-text-to-store %store "fake-gtk+" "Congrats!"))) + (utf8->string + (http-get-body + (publish-uri + (string-append "/" (store-path-hash-part item) ".narinfo")))))) + (test-equal "/nar/*" "bar" (call-with-temporary-output-file @@ -112,6 +145,18 @@ References: ~a~%" (call-with-input-string nar (cut restore-file <> temp))) (call-with-input-file temp read-string)))) +(test-equal "/nar/ with properly encoded '+' sign" + "Congrats!" + (let ((item (add-text-to-store %store "fake-gtk+" "Congrats!"))) + (call-with-temporary-output-file + (lambda (temp port) + (let ((nar (utf8->string + (http-get-body + (publish-uri + (string-append "/nar/" (uri-encode (basename item)))))))) + (call-with-input-string nar (cut restore-file <> temp))) + (call-with-input-file temp read-string))))) + (test-equal "/nar/invalid" 404 (begin diff --git a/tests/ui.scm b/tests/ui.scm index 51577acb76..058207e8b9 100644 --- a/tests/ui.scm +++ b/tests/ui.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -189,6 +189,10 @@ Second line" 24)) (string->duration "1m") (string->duration "30d")) +(test-equal "duration, 1 second" + (make-time time-duration 0 1) + (string->duration "1s")) + (test-equal "duration, integer" #f (string->duration "1"))