diff options
56 files changed, 539 insertions, 2268 deletions
diff --git a/Makefile.am b/Makefile.am index fd6f9729c9..affeb8dda7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -402,7 +402,7 @@ check-local: endif !CAN_RUN_TESTS -check-system: $(GOBJECTS) $(BOOTSTRAP_GUILE_TARBALLS) +check-system: $(GOBJECTS) $(AM_V_at)$(top_builddir)/pre-inst-env \ $(GUILE) --no-auto-compile \ -e '(@@ (run-system-tests) run-system-tests)' \ @@ -432,7 +432,6 @@ EXTRA_DIST = \ build-aux/hydra/guix.scm \ build-aux/check-available-binaries.scm \ build-aux/check-final-inputs-self-contained.scm \ - build-aux/download.scm \ build-aux/generate-authors.scm \ build-aux/test-driver.scm \ build-aux/update-guix-package.scm \ diff --git a/build-aux/download.scm b/build-aux/download.scm deleted file mode 100644 index 8dfa914603..0000000000 --- a/build-aux/download.scm +++ /dev/null @@ -1,73 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2017 Ludovic Courtès <ludo@gnu.org> -;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> -;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. - -;;; -;;; Download a binary file from an external source. -;;; - -(use-modules (ice-9 match) - (web uri) - (web client) - (rnrs io ports) - (srfi srfi-11) - (guix base16) - (guix hash)) - -(define %url-base - "http://alpha.gnu.org/gnu/guix/bootstrap" - - ;; Alternately: - ;;"http://www.fdn.fr/~lcourtes/software/guix/packages" - ) - -(define (file-name->uri file) - "Return the URI for FILE." - (match (string-tokenize file (char-set-complement (char-set #\/))) - ((_ ... system basename) - (string->uri - (string-append %url-base "/" system - (match system - ("aarch64-linux" - "/20170217/") - ("armhf-linux" - "/20150101/") - (_ - "/20131110/")) - basename))))) - -(match (command-line) - ((_ file expected-hash) - (let ((uri (file-name->uri file))) - (format #t "downloading file `~a'~%from `~a'...~%" - file (uri->string uri)) - (let*-values (((resp data) (http-get uri #:decode-body? #f)) - ((hash) (bytevector->base16-string (sha256 data))) - ((part) (string-append file ".part"))) - (if (string=? expected-hash hash) - (begin - (call-with-output-file part - (lambda (port) - (put-bytevector port data))) - (rename-file part file)) - (begin - (format (current-error-port) - "file at `~a' has SHA256 ~a; expected ~a~%" - (uri->string uri) hash expected-hash) - (exit 1))))))) diff --git a/build-aux/test-env.in b/build-aux/test-env.in index 1657556b19..4a422cf607 100644 --- a/build-aux/test-env.in +++ b/build-aux/test-env.in @@ -1,7 +1,7 @@ #!/bin/sh # GNU Guix --- Functional package management for GNU -# Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> +# Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> # # This file is part of GNU Guix. # @@ -110,6 +110,20 @@ then daemon_pid=$! trap "kill $daemon_pid ; rm -rf $NIX_STATE_DIR" EXIT + + # The test suite expects the 'guile-bootstrap' package to be available. + # Normally the Guile bootstrap tarball is downloaded by a fixed-output + # derivation but when network access is missing we allow users to drop + # the tarball in 'gnu/packages/bootstrap/SYSTEM' and "intern" it here. + bootstrap_directory="@abs_top_builddir@/gnu/packages/bootstrap/@guix_system@" + if [ -d "$bootstrap_directory" ] + then + for file in "$bootstrap_directory"/guile-* + do + "@abs_top_builddir@/pre-inst-env" \ + guix download "file://$file" > /dev/null + done + fi fi # Avoid issues that could stem from l10n, such as language/encoding diff --git a/gnu/local.mk b/gnu/local.mk index f2044c9857..060357ea8f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -535,8 +535,6 @@ dist_patch_DATA = \ %D%/packages/patches/ath9k-htc-firmware-gcc.patch \ %D%/packages/patches/ath9k-htc-firmware-objcopy.patch \ %D%/packages/patches/automake-skip-amhello-tests.patch \ - %D%/packages/patches/automake-regexp-syntax.patch \ - %D%/packages/patches/automake-test-gzip-warning.patch \ %D%/packages/patches/avahi-localstatedir.patch \ %D%/packages/patches/avidemux-install-to-lib.patch \ %D%/packages/patches/awesome-reproducible-png.patch \ @@ -571,7 +569,6 @@ dist_patch_DATA = \ %D%/packages/patches/cool-retro-term-fix-array-size.patch \ %D%/packages/patches/cool-retro-term-memory-leak-1.patch \ %D%/packages/patches/cool-retro-term-remove-non-free-fonts.patch \ - %D%/packages/patches/coreutils-cut-huge-range-test.patch \ %D%/packages/patches/cpio-CVE-2016-2037.patch \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/cracklib-CVE-2016-6318.patch \ @@ -629,8 +626,8 @@ dist_patch_DATA = \ %D%/packages/patches/gawk-shell.patch \ %D%/packages/patches/gcc-arm-bug-71399.patch \ %D%/packages/patches/gcc-arm-link-spec-fix.patch \ - %D%/packages/patches/gcc-asan-powerpc-missing-include.patch \ %D%/packages/patches/gcc-cross-environment-variables.patch \ + %D%/packages/patches/gcc-fix-texi2pod.patch \ %D%/packages/patches/gcc-libvtv-runpath.patch \ %D%/packages/patches/gcc-strmov-store-file-names.patch \ %D%/packages/patches/gcc-4.6-gnu-inline.patch \ @@ -650,12 +647,12 @@ dist_patch_DATA = \ %D%/packages/patches/gettext-multi-core.patch \ %D%/packages/patches/gettext-gnulib-multi-core.patch \ %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \ - %D%/packages/patches/ghostscript-CVE-2017-8291.patch \ %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-no-header-uuid.patch \ %D%/packages/patches/ghostscript-no-header-creationdate.patch \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ + %D%/packages/patches/glib-respect-datadir.patch \ %D%/packages/patches/glib-tests-timer.patch \ %D%/packages/patches/glibc-CVE-2015-5180.patch \ %D%/packages/patches/glibc-CVE-2015-7547.patch \ @@ -693,7 +690,6 @@ dist_patch_DATA = \ %D%/packages/patches/graphicsmagick-CVE-2017-14165.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-14649.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ - %D%/packages/patches/grep-gnulib-lock.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ %D%/packages/patches/groff-source-date-epoch.patch \ %D%/packages/patches/gsl-test-i686.patch \ @@ -823,15 +819,7 @@ dist_patch_DATA = \ %D%/packages/patches/libxcb-python-3.5-compat.patch \ %D%/packages/patches/libxfont-CVE-2017-13720.patch \ %D%/packages/patches/libxfont-CVE-2017-13722.patch \ - %D%/packages/patches/libxml2-CVE-2016-4658.patch \ - %D%/packages/patches/libxml2-CVE-2016-5131.patch \ - %D%/packages/patches/libxml2-CVE-2017-0663.patch \ - %D%/packages/patches/libxml2-CVE-2017-7375.patch \ - %D%/packages/patches/libxml2-CVE-2017-7376.patch \ - %D%/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch \ - %D%/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ - %D%/packages/patches/libxslt-CVE-2016-4738.patch \ %D%/packages/patches/libxt-guix-search-paths.patch \ %D%/packages/patches/lierolibre-check-unaligned-access.patch \ %D%/packages/patches/lierolibre-is-free-software.patch \ @@ -927,7 +915,6 @@ dist_patch_DATA = \ %D%/packages/patches/patchelf-rework-for-arm.patch \ %D%/packages/patches/patchutils-xfail-gendiff-tests.patch \ %D%/packages/patches/patch-hurd-path-max.patch \ - %D%/packages/patches/pcre-CVE-2017-7186.patch \ %D%/packages/patches/pcre2-CVE-2017-7186.patch \ %D%/packages/patches/pcre2-CVE-2017-8786.patch \ %D%/packages/patches/perl-file-path-CVE-2017-6512.patch \ @@ -1182,56 +1169,7 @@ dist_bootstrap_mips64el_linux_DATA = \ %D%/packages/bootstrap/mips64el-linux/tar \ %D%/packages/bootstrap/mips64el-linux/xz -# Big bootstrap binaries are not included in the tarball. Instead, they -# are downloaded. -nodist_bootstrap_x86_64_linux_DATA = \ - %D%/packages/bootstrap/x86_64-linux/guile-2.0.9.tar.xz -nodist_bootstrap_i686_linux_DATA = \ - %D%/packages/bootstrap/i686-linux/guile-2.0.9.tar.xz -nodist_bootstrap_armhf_linux_DATA = \ - %D%/packages/bootstrap/armhf-linux/guile-2.0.11.tar.xz -nodist_bootstrap_aarch64_linux_DATA = \ - %D%/packages/bootstrap/aarch64-linux/guile-2.0.14.tar.xz -nodist_bootstrap_mips64el_linux_DATA = \ - %D%/packages/bootstrap/mips64el-linux/guile-2.0.9.tar.xz - # Those files must remain executable, so they remain executable once # imported into the store. set-bootstrap-executable-permissions: chmod +x $(DESTDIR)$(bootstrapdir)/*/{bash,mkdir,tar,xz} - -BOOTSTRAP_GUILE_TARBALLS = \ - $(nodist_bootstrap_x86_64_linux_DATA) \ - $(nodist_bootstrap_i686_linux_DATA) \ - $(nodist_bootstrap_armhf_linux_DATA) \ - $(nodist_bootstrap_aarch64_linux_DATA) \ - $(nodist_bootstrap_mips64el_linux_DATA) - -DISTCLEANFILES = $(BOOTSTRAP_GUILE_TARBALLS) - -# Method to download a file from an external source. -DOWNLOAD_FILE = \ - GUILE_LOAD_COMPILED_PATH="$(top_builddir):$$GUILE_LOAD_COMPILED_PATH" \ - $(GUILE) --no-auto-compile -L "$(top_builddir)" -L "$(top_srcdir)" \ - "$(top_srcdir)/build-aux/download.scm" - -%D%/packages/bootstrap/x86_64-linux/guile-2.0.9.tar.xz: - $(AM_V_DL)$(MKDIR_P) `dirname "$@"`; \ - $(DOWNLOAD_FILE) "$@" \ - "037b103522a2d0d7d69c7ffd8de683dfe5bb4b59c1fafd70b4ffd397fd2f57f0" -%D%/packages/bootstrap/i686-linux/guile-2.0.9.tar.xz: - $(AM_V_DL)$(MKDIR_P) `dirname "$@"`; \ - $(DOWNLOAD_FILE) "$@" \ - "b757cd46bf13ecac83fb8e955fb50096ac2d17bb610ca8eb816f29302a00a846" -%D%/packages/bootstrap/armhf-linux/guile-2.0.11.tar.xz: - $(AM_V_DL)$(MKDIR_P) `dirname "$@"`; \ - $(DOWNLOAD_FILE) "$@" \ - "e551d05d4d385d6706ab8d574856a087758294dc90ab4c06e70a157a685e23d6" -%D%/packages/bootstrap/aarch64-linux/guile-2.0.14.tar.xz: - $(AM_V_DL)$(MKDIR_P) `dirname "$@"`; \ - $(DOWNLOAD_FILE) "$@" \ - "3939909f24dcb955621aa7f81ecde6844bea8a083969c2d275c55699af123ebe" -%D%/packages/bootstrap/mips64el-linux/guile-2.0.9.tar.xz: - $(AM_V_DL)$(MKDIR_P) `dirname "$@"`; \ - $(DOWNLOAD_FILE) "$@" \ - "994680f0001346864aa2c2cc5110f380ee7518dcd701c614291682b8e948f73b" diff --git a/gnu/packages/acl.scm b/gnu/packages/acl.scm index ae6764993b..35bafc4c14 100644 --- a/gnu/packages/acl.scm +++ b/gnu/packages/acl.scm @@ -47,16 +47,15 @@ `(#:tests? #f ; FIXME: Investigate test suite failures #:test-target "tests" #:phases - (alist-cons-after - 'build 'patch-exec-bin-sh - (lambda _ - (substitute* "test/run" - (("/bin/sh") (which "sh")))) - (alist-replace - 'install - (lambda _ - (zero? (system* "make" "install" "install-lib" "install-dev"))) - %standard-phases)))) + (modify-phases %standard-phases + (add-after 'build 'patch-exec-bin-sh + (lambda _ + (substitute* "test/run" + (("/bin/sh") (which "sh"))) + #t)) + (replace 'install + (lambda _ + (zero? (system* "make" "install" "install-lib" "install-dev"))))))) (inputs `(("attr" ,attr))) (native-inputs `(("gettext" ,gettext-minimal) diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm index 79ef31fc1b..6cba9ee2df 100644 --- a/gnu/packages/autotools.scm +++ b/gnu/packages/autotools.scm @@ -238,21 +238,18 @@ output is indexed in many ways to simplify browsing.") (license gpl3+))) (define-public automake - ;; Replace with 'automake/latest' on the next rebuild cycle. (package (name "automake") - (version "1.15") + (version "1.15.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/automake/automake-" version ".tar.xz")) (sha256 (base32 - "0dl6vfi2lzz8alnklwxzfz624b95hb1ipjvd3mk177flmddcf24r")) + "1bzd9g32dfm4rsbw93ld9x7b5nc1y6i4m6zp032qf1i28a8s6sxg")) (patches - (search-patches "automake-regexp-syntax.patch" - "automake-skip-amhello-tests.patch" - "automake-test-gzip-warning.patch")))) + (search-patches "automake-skip-amhello-tests.patch")))) (build-system gnu-build-system) (native-inputs `(("autoconf" ,(autoconf-wrapper)) @@ -267,47 +264,47 @@ output is indexed in many ways to simplify browsing.") (srfi srfi-1) (srfi srfi-26) (rnrs io ports)) - #:phases (alist-cons-before - 'patch-source-shebangs 'patch-tests-shebangs - (lambda _ - (let ((sh (which "sh"))) - (substitute* (find-files "t" "\\.(sh|tap)$") - (("#![[:blank:]]?/bin/sh") - (string-append "#!" sh))) + #:phases + (modify-phases %standard-phases + (add-before 'patch-source-shebangs 'patch-tests-shebangs + (lambda _ + (let ((sh (which "sh"))) + (substitute* (find-files "t" "\\.(sh|tap)$") + (("#![[:blank:]]?/bin/sh") + (string-append "#!" sh))) - ;; Set these variables for all the `configure' runs - ;; that occur during the test suite. - (setenv "SHELL" sh) - (setenv "CONFIG_SHELL" sh))) + ;; Set these variables for all the `configure' runs + ;; that occur during the test suite. + (setenv "SHELL" sh) + (setenv "CONFIG_SHELL" sh) + #t))) - ;; Files like `install-sh', `mdate.sh', etc. must use - ;; #!/bin/sh, otherwise users could leak erroneous shebangs - ;; in the wild. See <http://bugs.gnu.org/14201> for an - ;; example. - (alist-cons-after - 'install 'unpatch-shebangs - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (dir (string-append out "/share"))) - (define (starts-with-shebang? file) - (equal? (call-with-input-file file - (lambda (p) - (list (get-u8 p) (get-u8 p)))) - (map char->integer '(#\# #\!)))) + ;; Files like `install-sh', `mdate.sh', etc. must use + ;; #!/bin/sh, otherwise users could leak erroneous shebangs + ;; in the wild. See <http://bugs.gnu.org/14201> for an + ;; example. + (add-after 'install 'unpatch-shebangs + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (dir (string-append out "/share"))) + (define (starts-with-shebang? file) + (equal? (call-with-input-file file + (lambda (p) + (list (get-u8 p) (get-u8 p)))) + (map char->integer '(#\# #\!)))) - (for-each (lambda (file) - (when (and (starts-with-shebang? file) - (executable-file? file)) - (format #t "restoring shebang on `~a'~%" - file) - (substitute* file - (("^#!.*/bin/sh") - "#!/bin/sh") - (("^#!.*/bin/env(.*)$" _ args) - (string-append "#!/usr/bin/env" - args))))) - (find-files dir ".*")))) - %standard-phases)))) + (for-each (lambda (file) + (when (and (starts-with-shebang? file) + (executable-file? file)) + (format #t "restoring shebang on `~a'~%" + file) + (substitute* file + (("^#!.*/bin/sh") + "#!/bin/sh") + (("^#!.*/bin/env(.*)$" _ args) + (string-append "#!/usr/bin/env" + args))))) + (find-files dir ".*")))))))) (home-page "https://www.gnu.org/software/automake/") (synopsis "Making GNU standards-compliant Makefiles") (description @@ -317,22 +314,6 @@ intuitive format and then Automake works with Autoconf to produce a robust Makefile, simplifying the entire process for the developer.") (license gpl2+))) ; some files are under GPLv3+ - -(define-public automake/latest - ;; Merge with 'automake' on the next rebuild cycle. - (package - (inherit automake) - (version "1.15.1") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/automake/automake-" - version ".tar.xz")) - (sha256 - (base32 - "1bzd9g32dfm4rsbw93ld9x7b5nc1y6i4m6zp032qf1i28a8s6sxg")) - (patches - (search-patches "automake-skip-amhello-tests.patch")))))) - (define-public libtool (package (name "libtool") @@ -410,11 +391,9 @@ complexity of working with shared libraries across platforms.") (build-system gnu-build-system) (arguments '(#:configure-flags '("--enable-ltdl-install") ;really install it - #:phases (alist-cons-before - 'configure 'change-directory - (lambda _ - (chdir "libltdl")) - %standard-phases))) + #:phases (modify-phases %standard-phases + (add-before 'configure 'change-directory + (lambda _ (chdir "libltdl") #t))))) (synopsis "System-independent dlopen wrapper of GNU libtool") (description (package-description libtool)) diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index 55d5ede040..00328cb344 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net> ;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2017 Christopher Allan Webber <cwebber@dustycloud.org> ;;; ;;; This file is part of GNU Guix. @@ -185,16 +186,16 @@ backups (called chunks) to allow easy burning to CD/DVD.") (define-public libarchive (package (name "libarchive") - (replacement libarchive-3.3.2) - (version "3.3.1") + (version "3.3.2") (source (origin (method url-fetch) (uri (string-append "http://libarchive.org/downloads/libarchive-" version ".tar.gz")) + (patches (search-patches "libarchive-CVE-2017-14166.patch")) (sha256 (base32 - "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9")))) + "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd")))) (build-system gnu-build-system) ;; TODO: Add -L/path/to/nettle in libarchive.pc. (inputs @@ -206,26 +207,25 @@ backups (called chunks) to allow easy burning to CD/DVD.") ("xz" ,xz))) (arguments `(#:phases - (alist-cons-before - 'build 'patch-pwd - (lambda _ - (substitute* "Makefile" - (("/bin/pwd") (which "pwd")))) - (alist-replace - 'check - (lambda _ - ;; XXX: The test_owner_parse, test_read_disk, and - ;; test_write_disk_lookup tests expect user 'root' to exist, but - ;; the chroot's /etc/passwd doesn't have it. Turn off those tests. - ;; - ;; The tests allow one to disable tests matching a globbing pattern. - (and (zero? (system* "make" - "libarchive_test" "bsdcpio_test" "bsdtar_test")) - ;; XXX: This glob disables too much. - (zero? (system* "./libarchive_test" "^test_*_disk*")) - (zero? (system* "./bsdcpio_test" "^test_owner_parse")) - (zero? (system* "./bsdtar_test")))) - %standard-phases)) + (modify-phases %standard-phases + (add-before 'build 'patch-pwd + (lambda _ + (substitute* "Makefile" + (("/bin/pwd") (which "pwd")) + #t))) + (replace 'check + (lambda _ + ;; XXX: The test_owner_parse, test_read_disk, and + ;; test_write_disk_lookup tests expect user 'root' to exist, but + ;; the chroot's /etc/passwd doesn't have it. Turn off those tests. + ;; + ;; The tests allow one to disable tests matching a globbing pattern. + (and (zero? (system* "make" + "libarchive_test" "bsdcpio_test" "bsdtar_test")) + ;; XXX: This glob disables too much. + (zero? (system* "./libarchive_test" "^test_*_disk*")) + (zero? (system* "./bsdcpio_test" "^test_owner_parse")) + (zero? (system* "./bsdtar_test")))))) ;; libarchive/test/test_write_format_gnutar_filenames.c needs to be ;; compiled with C99 or C11 or a gnu variant. #:configure-flags '("CFLAGS=-O2 -g -std=c99"))) @@ -241,20 +241,6 @@ archive. In particular, note that there is currently no built-in support for random access nor for in-place modification.") (license license:bsd-2))) -(define libarchive-3.3.2 - (package - (inherit libarchive) - (version "3.3.2") - (source - (origin - (method url-fetch) - (uri (string-append "http://libarchive.org/downloads/libarchive-" - version ".tar.gz")) - (patches (search-patches "libarchive-CVE-2017-14166.patch")) - (sha256 - (base32 - "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd")))))) - (define-public rdup (package (name "rdup") diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 9cb628d8d7..16c6a15a58 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -81,16 +81,15 @@ command-line arguments, multiple languages, and so on.") (define-public grep (package (name "grep") - (version "3.0") + (version "3.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/grep/grep-" version ".tar.xz")) (sha256 (base32 - "1dcasjp3a578nrvzrcn38mpizb8w1q6mvfzhjmcqqgkf0nsivj72")) - (patches (search-patches "grep-timing-sensitive-test.patch" - "grep-gnulib-lock.patch")))) + "0zm0ywmyz9g8vn1plw14mn8kj74yipx5qsljndbyfgmvndx5qqnv")) + (patches (search-patches "grep-timing-sensitive-test.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) ;some of the tests require it (arguments @@ -293,15 +292,14 @@ used to apply commands with arbitrarily long arguments.") (define-public coreutils (package (name "coreutils") - (version "8.27") + (version "8.28") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/coreutils/coreutils-" version ".tar.xz")) (sha256 (base32 - "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8")) - (patches (search-patches "coreutils-cut-huge-range-test.patch")))) + "0r8c1bgm68kl70j1lgd0rv12iykw6143k4m9a56xip9rc2hv25qi")))) (build-system gnu-build-system) (inputs `(("acl" ,acl) ; TODO: add SELinux ("gmp" ,gmp) ;bignums in 'expr', yay! @@ -322,21 +320,18 @@ used to apply commands with arbitrarily long arguments.") (outputs '("out" "debug")) (arguments `(#:parallel-build? #f ; help2man may be called too early - #:phases (alist-cons-before - 'build 'patch-shell-references - (lambda* (#:key inputs #:allow-other-keys) - (let ((bash (assoc-ref inputs "bash"))) - ;; 'split' uses either $SHELL or /bin/sh. Set $SHELL so - ;; that tests pass, since /bin/sh isn't in the chroot. - (setenv "SHELL" (which "sh")) - - (substitute* (find-files "gnulib-tests" "\\.c$") - (("/bin/sh") - (format #f "~a/bin/sh" bash))) - (substitute* (find-files "tests" "\\.sh$") - (("#!/bin/sh") - (format #f "#!~a/bin/sh" bash))))) - %standard-phases))) + #:phases (modify-phases %standard-phases + (add-before 'build 'patch-shell-references + (lambda _ + ;; 'split' uses either $SHELL or /bin/sh. Set $SHELL so + ;; that tests pass, since /bin/sh isn't in the chroot. + (setenv "SHELL" (which "sh")) + + (substitute* (find-files "gnulib-tests" "\\.c$") + (("/bin/sh") (which "sh"))) + (substitute* (find-files "tests" "\\.sh$") + (("#!/bin/sh") (which "sh"))) + #t))))) (synopsis "Core GNU utilities (file, text, shell)") (description "GNU Coreutils includes all of the basic command-line tools that are @@ -394,16 +389,15 @@ change. GNU make offers many powerful extensions over the standard utility.") (define-public binutils (package - (replacement binutils/fixed) (name "binutils") - (version "2.28") + (version "2.28.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/binutils/binutils-" version ".tar.bz2")) (sha256 (base32 - "0wiasgns7i8km8nrxas265sh2dfpsw93b3qw195ipc90w4z475v2")) + "1sj234nd05cdgga1r36zalvvdkvpfbr12g5mir2n8i1dwsdrj939")) (patches (search-patches "binutils-ld-new-dtags.patch" "binutils-loongson-workaround.patch")))) (build-system gnu-build-system) @@ -436,19 +430,6 @@ included.") (license gpl3+) (home-page "https://www.gnu.org/software/binutils/"))) -(define binutils/fixed - (package - (inherit binutils) - ;; 2.28.1 is two characters longer than 2.28, so grafting fails due to - ;; mismatched lengths of filenames, so we have to force it to the same length. - (version "2281") - (source - (origin (inherit (package-source binutils)) - (uri "mirror://gnu/binutils/binutils-2.28.1.tar.bz2") - (sha256 - (base32 - "1sj234nd05cdgga1r36zalvvdkvpfbr12g5mir2n8i1dwsdrj939")))))) - (define* (make-ld-wrapper name #:key (target (const #f)) binutils @@ -558,7 +539,8 @@ store.") ;; users should automatically pull Linux headers as well. (propagated-inputs `(("kernel-headers" ,linux-libre-headers))) - (outputs '("out" "debug")) + (outputs '("out" "debug" + "static")) ;9 MiB of .a files (arguments `(#:out-of-source? #t @@ -569,6 +551,11 @@ store.") ;; RUNPATH checks. #:validate-runpath? #f + #:modules ((ice-9 ftw) + (srfi srfi-26) + (guix build utils) + (guix build gnu-build-system)) + #:configure-flags (list "--enable-add-ons" "--sysconfdir=/etc" @@ -673,7 +660,46 @@ store.") ;; "bilingual" eval/exec magic at the top of the file. "") (("exec @PERL@") - "exec perl")))))))) + "exec perl"))))) + + (add-after 'install 'move-static-libs + (lambda* (#:key outputs #:allow-other-keys) + ;; Move static libraries to the "static" output. + (define (static-library? file) + ;; Return true if FILE is a static library. The + ;; "_nonshared.a" files are referred to by libc.so, + ;; libpthread.so, etc., which are in fact linker + ;; scripts. + (and (string-suffix? ".a" file) + (not (string-contains file "_nonshared")))) + + (define (linker-script? file) + ;; Guess whether FILE, a ".a" file, is actually a + ;; linker script. + (and (not (ar-file? file)) + (not (elf-file? file)))) + + (let* ((out (assoc-ref outputs "out")) + (lib (string-append out "/lib")) + (files (scandir lib static-library?)) + (static (assoc-ref outputs "static")) + (slib (string-append static "/lib"))) + (mkdir-p slib) + (for-each (lambda (base) + (rename-file (string-append lib "/" base) + (string-append slib "/" base))) + files) + + ;; Usually libm.a is a linker script so we need to + ;; change the file names in there to refer to STATIC + ;; instead of OUT. + (for-each (lambda (ld-script) + (substitute* ld-script + ((out) static))) + (filter linker-script? + (map (cut string-append slib "/" <>) + files))) + #t)))))) (inputs `(("static-bash" ,static-bash))) diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm index ba733b3a9e..d1b03eb882 100644 --- a/gnu/packages/bootstrap.scm +++ b/gnu/packages/bootstrap.scm @@ -26,8 +26,10 @@ #:use-module (guix build-system) #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) - #:use-module ((guix store) #:select (add-to-store add-text-to-store)) - #:use-module ((guix derivations) #:select (derivation)) + #:use-module ((guix store) + #:select (run-with-store add-to-store add-text-to-store)) + #:use-module ((guix derivations) + #:select (derivation derivation->output-path)) #:use-module ((guix utils) #:select (gnu-triplet->nix-system)) #:use-module ((guix build utils) #:select (elf-file?)) #:use-module (guix memoization) @@ -38,6 +40,8 @@ package-with-bootstrap-guile glibc-dynamic-linker + bootstrap-guile-origin + %bootstrap-guile %bootstrap-coreutils&co %bootstrap-binutils @@ -191,6 +195,56 @@ successful, or false to signal an error." ;;; Bootstrap packages. ;;; +(define %bootstrap-base-urls + ;; This is where the initial binaries come from. + '("https://alpha.gnu.org/gnu/guix/bootstrap" + "http://alpha.gnu.org/gnu/guix/bootstrap" + "ftp://alpha.gnu.org/gnu/guix/bootstrap" + "http://www.fdn.fr/~lcourtes/software/guix/packages" + "http://flashner.co.il/guix/bootstrap")) + +(define (bootstrap-guile-url-path system) + "Return the URI for FILE." + (string-append "/" system + (match system + ("aarch64-linux" + "/20170217/guile-2.0.14.tar.xz") + ("armhf-linux" + "/20150101/guile-2.0.11.tar.xz") + (_ + "/20131110/guile-2.0.9.tar.xz")))) + +(define (bootstrap-guile-hash system) + "Return the SHA256 hash of the Guile bootstrap tarball for SYSTEM." + (match system + ("x86_64-linux" + (base32 "1w2p5zyrglzzniqgvyn1b55vprfzhgk8vzbzkkbdgl5248si0yq3")) + ("i686-linux" + (base32 "0im800m30abgh7msh331pcbjvb4n02smz5cfzf1srv0kpx3csmxp")) + ("mips64el-linux" + (base32 "0fzp93lvi0hn54acc0fpvhc7bvl0yc853k62l958cihk03q80ilr")) + ("armhf-linux" + (base32 "1mi3brl7l58aww34rawhvja84xc7l1b4hmwdmc36fp9q9mfx0lg5")) + ("aarch64-linux" + (base32 "1giy2aprjmn5fp9c4s9r125fljw4wv6ixy5739i5bffw4jgr0f9r")))) + +(define (bootstrap-guile-origin system) + "Return an <origin> object for the Guile tarball of SYSTEM." + (origin + (method url-fetch) + (uri (map (cute string-append <> (bootstrap-guile-url-path system)) + %bootstrap-base-urls)) + (sha256 (bootstrap-guile-hash system)))) + +(define (download-bootstrap-guile store system) + "Return a derivation that downloads the bootstrap Guile tarball for SYSTEM." + (let* ((path (bootstrap-guile-url-path system)) + (base (basename path)) + (urls (map (cut string-append <> path) %bootstrap-base-urls))) + (run-with-store store + (url-fetch urls 'sha256 (bootstrap-guile-hash system) + #:system system)))) + (define* (raw-build store name inputs #:key outputs system search-paths #:allow-other-keys) @@ -205,13 +259,7 @@ successful, or false to signal an error." (xz (->store "xz")) (mkdir (->store "mkdir")) (bash (->store "bash")) - (guile (->store (match system - ("armhf-linux" - "guile-2.0.11.tar.xz") - ("aarch64-linux" - "guile-2.0.14.tar.xz") - (_ - "guile-2.0.9.tar.xz")))) + (guile (download-bootstrap-guile store system)) ;; The following code, run by the bootstrap guile after it is ;; unpacked, creates a wrapper for itself to set its load path. ;; This replaces the previous non-portable method based on @@ -246,7 +294,7 @@ exec -a \"~a0\" ~a \"~a@\"\n" echo \"unpacking bootstrap Guile to '$out'...\" ~a $out cd $out -~a -dc < ~a | ~a xv +~a -dc < $GUILE_TARBALL | ~a xv # Use the bootstrap guile to create its own wrapper to set the load path. GUILE_SYSTEM_PATH=$out/share/guile/2.0 \ @@ -255,14 +303,16 @@ $out/bin/guile -c ~s $out ~a # Sanity check. $out/bin/guile --version~%" - mkdir xz guile tar + mkdir xz tar (format #f "~s" make-guile-wrapper) bash) - (list mkdir xz guile tar bash)))) + (list mkdir xz tar bash)))) (derivation store name bash `(,builder) #:system system - #:inputs `((,bash) (,builder))))) + #:inputs `((,bash) (,builder) (,guile)) + #:env-vars `(("GUILE_TARBALL" + . ,(derivation->output-path guile)))))) (define* (make-raw-bag name #:key source inputs native-inputs outputs @@ -294,13 +344,6 @@ $out/bin/guile --version~%" (home-page #f) (license lgpl3+)))) -(define %bootstrap-base-urls - ;; This is where the initial binaries come from. - '("ftp://alpha.gnu.org/gnu/guix/bootstrap" - "http://alpha.gnu.org/gnu/guix/bootstrap" - "http://www.fdn.fr/~lcourtes/software/guix/packages" - "http://flashner.co.il/guix/bootstrap")) - (define %bootstrap-coreutils&co (package-from-tarball "bootstrap-binaries" (lambda (system) diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index ec7677814f..93199d210d 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -113,7 +113,7 @@ (define file-boot0 (package-with-bootstrap-guile - (package-with-explicit-inputs (package/inherit file + (package-with-explicit-inputs (package (inherit file) (name "file-boot0")) `(("make" ,gnu-make-boot0) ,@%bootstrap-inputs) @@ -140,7 +140,7 @@ (define binutils-boot0 (package-with-bootstrap-guile - (package/inherit binutils + (package (inherit binutils) (name "binutils-cross-boot0") (arguments `(#:guile ,%bootstrap-guile @@ -149,23 +149,22 @@ #:modules ((guix build gnu-build-system) (guix build utils) (ice-9 ftw)) ; for 'scandir' - #:phases (alist-cons-after - 'install 'add-symlinks - (lambda* (#:key outputs #:allow-other-keys) - ;; The cross-gcc invokes 'as', 'ld', etc, without the - ;; triplet prefix, so add symlinks. - (let ((out (assoc-ref outputs "out")) - (triplet-prefix (string-append ,(boot-triplet) "-"))) - (define (has-triplet-prefix? name) - (string-prefix? triplet-prefix name)) - (define (remove-triplet-prefix name) - (substring name (string-length triplet-prefix))) - (with-directory-excursion (string-append out "/bin") - (for-each (lambda (name) - (symlink name (remove-triplet-prefix name))) - (scandir "." has-triplet-prefix?))) - #t)) - %standard-phases) + #:phases (modify-phases %standard-phases + (add-after 'install 'add-symlinks + (lambda* (#:key outputs #:allow-other-keys) + ;; The cross-gcc invokes 'as', 'ld', etc, without the + ;; triplet prefix, so add symlinks. + (let ((out (assoc-ref outputs "out")) + (triplet-prefix (string-append ,(boot-triplet) "-"))) + (define (has-triplet-prefix? name) + (string-prefix? triplet-prefix name)) + (define (remove-triplet-prefix name) + (substring name (string-length triplet-prefix))) + (with-directory-excursion (string-append out "/bin") + (for-each (lambda (name) + (symlink name (remove-triplet-prefix name))) + (scandir "." has-triplet-prefix?))) + #t)))) ,@(substitute-keyword-arguments (package-arguments binutils) ((#:configure-flags cf) @@ -286,9 +285,8 @@ ("libc-native" ,@(assoc-ref %boot0-inputs "libc")) ,@(alist-delete "libc" %boot0-inputs))) - ;; No need for Texinfo at this stage. - (native-inputs (alist-delete "texinfo" - (package-native-inputs gcc)))))) + ;; No need for the native-inputs to build the documentation at this stage. + (native-inputs `())))) (define perl-boot0 (let ((perl (package @@ -466,7 +464,7 @@ the bootstrap environment." ;; built just below; the only difference is that this one uses the ;; bootstrap Bash. (package-with-bootstrap-guile - (package/inherit glibc + (package (inherit glibc) (name "glibc-intermediate") (arguments `(#:guile ,%bootstrap-guile @@ -583,12 +581,24 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" (let* ((gcc (cross-gcc-wrapper gcc-boot0 binutils-boot0 glibc-final-with-bootstrap-bash (car (assoc-ref %boot1-inputs "bash")))) - (bash (package (inherit static-bash) + (bash (package + (inherit static-bash) (arguments - `(#:guile ,%bootstrap-guile - ,@(package-arguments static-bash))))) + (substitute-keyword-arguments + (package-arguments static-bash) + ((#:guile _ #f) + '%bootstrap-guile) + ((#:configure-flags flags '()) + ;; Add a '-L' flag so that the pseudo-cross-ld of + ;; BINUTILS-BOOT0 can find libc.a. + `(append ,flags + (list (string-append "LDFLAGS=-static -L" + (assoc-ref %build-inputs + "libc:static") + "/lib")))))))) (inputs `(("gcc" ,gcc) ("libc" ,glibc-final-with-bootstrap-bash) + ("libc:static" ,glibc-final-with-bootstrap-bash "static") ,@(fold alist-delete %boot1-inputs '("gcc" "libc"))))) (package-with-bootstrap-guile @@ -632,7 +642,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" (define glibc-final ;; The final glibc, which embeds the statically-linked Bash built above. - (package/inherit glibc-final-with-bootstrap-bash + (package (inherit glibc-final-with-bootstrap-bash) (name "glibc") (inputs `(("static-bash" ,static-bash-for-glibc) ,@(alist-delete @@ -663,12 +673,13 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" (define %boot2-inputs ;; 3rd stage inputs. `(("libc" ,glibc-final) + ("libc:static" ,glibc-final "static") ("gcc" ,gcc-boot0-wrapped) ,@(fold alist-delete %boot1-inputs '("libc" "gcc")))) (define binutils-final (package-with-bootstrap-guile - (package/inherit binutils + (package (inherit binutils) (arguments `(#:guile ,%bootstrap-guile #:implicit-inputs? #f @@ -679,34 +690,29 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" (define libstdc++ ;; Intermediate libstdc++ that will allow us to build the final GCC ;; (remember that GCC-BOOT0 cannot build libstdc++.) - ;; TODO: Write in terms of 'make-libstdc++'. - (package-with-bootstrap-guile - (package (inherit gcc) - (name "libstdc++") - (arguments - `(#:guile ,%bootstrap-guile - #:implicit-inputs? #f - #:allowed-references ("out") - #:out-of-source? #t - #:phases (alist-cons-before - 'configure 'chdir - (lambda _ - (chdir "libstdc++-v3")) - %standard-phases) - #:configure-flags `("--disable-shared" - "--disable-libstdcxx-threads" - "--disable-libstdcxx-pch" - ,(string-append "--with-gxx-include-dir=" - (assoc-ref %outputs "out") - "/include" - ;; "/include/c++/" - ;; ,(package-version gcc) - )))) - (outputs '("out")) - (inputs %boot2-inputs) - (native-inputs '()) - (propagated-inputs '()) - (synopsis "GNU C++ standard library (intermediate)")))) + (let ((lib (package-with-bootstrap-guile (make-libstdc++ gcc)))) + (package + (inherit lib) + (arguments + `(#:guile ,%bootstrap-guile + #:implicit-inputs? #f + #:allowed-references ("out") + + ;; XXX: libstdc++.so NEEDs ld.so for some reason. + #:validate-runpath? #f + + ;; All of the package arguments from 'make-libstdc++ + ;; except for the configure-flags. + ,@(package-arguments lib) + #:configure-flags `("--disable-shared" + "--disable-libstdcxx-threads" + "--disable-libstdcxx-pch" + ,(string-append "--with-gxx-include-dir=" + (assoc-ref %outputs "out") + "/include")))) + (outputs '("out")) + (inputs %boot2-inputs) + (synopsis "GNU C++ standard library (intermediate)")))) (define zlib-final ;; Zlib used by GCC-FINAL. @@ -779,6 +785,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" ;; scripts such as 'mkheaders' and 'fixinc.sh' (XXX: who cares about these ;; scripts?). (native-inputs `(("texinfo" ,texinfo-boot0) + ("perl" ,perl-boot0) ;for manpages ("static-bash" ,static-bash-for-glibc) ,@(package-native-inputs gcc-boot0))) @@ -923,12 +930,13 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%" ("binutils" ,binutils-final) ("gcc" ,gcc-final) ("libc" ,glibc-final) + ("libc:static" ,glibc-final "static") ("locales" ,glibc-utf8-locales-final)))) (define-public canonical-package (let ((name->package (fold (lambda (input result) (match input - ((_ package) + ((_ package . outputs) (vhash-cons (package-full-name package) package result)))) vlist-null diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index a2bf3a1861..9a1b628809 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -205,7 +205,16 @@ adding and extracting files to/from a tar archive.") (synopsis "General file (de)compression (using lzw)") (arguments ;; FIXME: The test suite wants `less', and optionally Perl. - '(#:tests? #f)) + '(#:tests? #f + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'use-absolute-name-of-gzip + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "gunzip.in" + (("exec gzip") + (string-append "exec " (assoc-ref outputs "out") + "/bin/gzip"))) + #t))))) (description "GNU Gzip provides data compression and decompression utilities; the typical extension is \".gz\". Unlike the \"zip\" format, it compresses a single @@ -344,7 +353,7 @@ compressed with pbzip2 can be decompressed with bzip2).") (define-public xz (package (name "xz") - (version "5.2.2") + (version "5.2.3") (source (origin (method url-fetch) (uri (list (string-append "http://tukaani.org/xz/xz-" version @@ -353,7 +362,7 @@ compressed with pbzip2 can be decompressed with bzip2).") version ".tar.gz"))) (sha256 (base32 - "18h2k4jndhzjs8ln3a54qdnfv59y6spxiwh9gpaqniph6iflvpvk")))) + "1jr8pxnz55ifc8cvp3ivgl79ph9iik5aypsc9cma228aglsqp4ki")))) (build-system gnu-build-system) (synopsis "General-purpose data compression") (description @@ -372,7 +381,7 @@ than gzip and 15 % smaller output than bzip2.") (define-public lzo (package (name "lzo") - (version "2.09") + (version "2.10") (source (origin (method url-fetch) @@ -380,7 +389,7 @@ than gzip and 15 % smaller output than bzip2.") version ".tar.gz")) (sha256 (base32 - "0k5kpj3jnsjfxqqkblpfpx0mqcy86zs5fhjhgh2kq1hksg7ag57j")))) + "0wm04519pd3g8hqpjqhfr72q8qmbiwqaxcs3cndny9h86aa95y60")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--enable-shared"))) (home-page "http://www.oberhumer.com/opensource/lzo") @@ -459,14 +468,14 @@ some compression ratio).") (define-public lzip (package (name "lzip") - (version "1.18") + (version "1.19") (source (origin (method url-fetch) (uri (string-append "mirror://savannah/lzip/lzip-" version ".tar.gz")) (sha256 (base32 - "1p8lvc22sv3damld9ng8y6i8z2dvvpsbi9v7yhr5bc2a20m8iya7")))) + "1abbch762gv8rjr579q3qyyk6c80plklbv2mw4x0vg71dgsw9bgz")))) (build-system gnu-build-system) (home-page "http://www.nongnu.org/lzip/lzip.html") (synopsis "Lossless data compressor based on the LZMA algorithm") diff --git a/gnu/packages/cross-base.scm b/gnu/packages/cross-base.scm index abc3a2821c..369083eab0 100644 --- a/gnu/packages/cross-base.scm +++ b/gnu/packages/cross-base.scm @@ -248,6 +248,7 @@ target that libc." ,@inputs))) (libc `(("libc" ,libc) + ("libc:static" ,libc "static") ("xkernel-headers" ;the target headers ,@(assoc-ref (package-propagated-inputs libc) "kernel-headers")) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 2e4a48d1ef..cad2d6f796 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -42,7 +43,7 @@ (define-public curl (package (name "curl") - (version "7.55.1") + (version "7.56.0") (replacement curl-7.56.1) (source (origin (method url-fetch) @@ -50,7 +51,7 @@ version ".tar.xz")) (sha256 (base32 - "1dvbcwcar3dv488h9378hy145ma3ws2fwpbr6mgszd7chipcmbry")))) + "0wni3zkw7jyrwgwkqnrkf2x2b7c78wsp7p4z6a246hz9l367nhrj")))) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.2 MiB of man3 pages @@ -109,7 +110,15 @@ ;; The top-level "make check" does "make -C tests quiet-test", which ;; is too quiet. Use the "test" target instead, which is more ;; verbose. - (zero? (system* "make" "-C" "tests" "test"))))))) + (zero? (system* "make" "-C" "tests" "test")))) + (add-before 'install 'fix-Makefile + ;; Fix a regression in 7.55.0 where docs are not installed. + ;; https://github.com/curl/curl/commit/a7bbbb7c368c6096802007f61f19a02e9d75285b + (lambda _ + (substitute* "Makefile" + (("install-data-hook:\n") + "install-data-hook:\n\tcd docs/libcurl && $(MAKE) install\n")) + #t))))) (synopsis "Command line tool for transferring data with URL syntax") (description "curl is a command line tool for transferring data with URL syntax, diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index 991bb3d692..8ccbba2b1a 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -898,7 +898,7 @@ for example from a shell script.") (define-public sqlite (package (name "sqlite") - (version "3.19.3") + (version "3.20.1") (source (origin (method url-fetch) (uri (let ((numeric-version @@ -914,7 +914,7 @@ for example from a shell script.") numeric-version ".tar.gz"))) (sha256 (base32 - "00b3l2qglpl1inx21fckiwxnfq5xf6441flc79rqg7zdvh1rq4h6")))) + "0hh7jnxfwvs2qlvmjwrgkvxb8sk4x8hj04m54fq9h1xw55dmjrpc")))) (build-system gnu-build-system) (inputs `(("readline" ,readline))) (arguments diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index 3bc8e1dcfe..63aa3fac49 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -27,16 +27,15 @@ (define-public file (package - (replacement file/fixed) (name "file") - (version "5.30") + (version "5.32") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.astron.com/pub/file/file-" version ".tar.gz")) (sha256 (base32 - "057jpcyy8ws7q4s4sm8r1rxb8xycdbng2z4y9i98f094wlr28k39")))) + "0l1bfa0icng9vdwya00ff48fhvjazi5610ylbhl35qi13d6xqfc6")))) (build-system gnu-build-system) ;; When cross-compiling, this package depends upon a native install of @@ -50,11 +49,4 @@ you in words what kind of data a file contains. It does not rely on filename extensions to tell you the type of a file, but looks at the actual contents of the file.") (license bsd-2) - (home-page "http://www.darwinsys.com/file/"))) - -(define file/fixed - (package - (inherit file) - (source (origin - (inherit (package-source file)) - (patches (search-patches "file-CVE-2017-1000249.patch")))))) + (home-page "https://www.darwinsys.com/file/"))) diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index 7870d4513f..a4d181cb11 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -138,7 +138,8 @@ where the OS part is overloaded to denote a specific ABI---into GCC version "/gcc-" version ".tar.bz2")) (sha256 (base32 - "10k2k71kxgay283ylbbhhs51cl55zn2q38vj5pk4k950qdnirrlj")))) + "10k2k71kxgay283ylbbhhs51cl55zn2q38vj5pk4k950qdnirrlj")) + (patches (search-patches "gcc-fix-texi2pod.patch")))) (build-system gnu-build-system) ;; Separate out the run-time support libraries because all the @@ -155,7 +156,8 @@ where the OS part is overloaded to denote a specific ABI---into GCC ;; GCC < 5 is one of the few packages that doesn't ship .info files. ;; Newer texinfos fail to build the manual, so we use an older one. - (native-inputs `(("texinfo" ,texinfo-5))) + (native-inputs `(("perl" ,perl) ;for manpages + ("texinfo" ,texinfo-5))) (arguments `(#:out-of-source? #t @@ -351,7 +353,8 @@ Go. It also includes runtime support libraries for these languages.") (sha256 (base32 "08yggr18v373a1ihj0rg2vd6psnic42b518xcgp3r9k81xz1xyr2")) - (patches (search-patches "gcc-arm-link-spec-fix.patch")))) + (patches (search-patches "gcc-arm-link-spec-fix.patch" + "gcc-fix-texi2pod.patch")))) (supported-systems %supported-systems) (inputs `(("isl" ,isl-0.11) @@ -369,31 +372,33 @@ Go. It also includes runtime support libraries for these languages.") (base32 "14l06m7nvcvb0igkbip58x59w3nq6315k6jcz3wr9ch1rn9d44bc")) (patches (search-patches "gcc-arm-bug-71399.patch" - "gcc-libvtv-runpath.patch")))) - (native-inputs `(("texinfo" ,texinfo))))) + "gcc-libvtv-runpath.patch" + "gcc-fix-texi2pod.patch")))) + ;; Override inherited texinfo-5 with latest version. + (native-inputs `(("perl" ,perl) ;for manpages + ("texinfo" ,texinfo))))) (define-public gcc-5 ;; Note: GCC >= 5 ships with .info files but 'make install' fails to install ;; them in a VPATH build. (package (inherit gcc-4.9) - (version "5.4.0") + (version "5.5.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/gcc/gcc-" - version "/gcc-" version ".tar.bz2")) + version "/gcc-" version ".tar.xz")) (sha256 (base32 - "0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0")) + "11zd1hgzkli3b2v70qsm2hyqppngd4616qc96lmm9zl2kl9yl32k")) (patches (search-patches "gcc-arm-bug-71399.patch" "gcc-strmov-store-file-names.patch" - "gcc-asan-powerpc-missing-include.patch" "gcc-5.0-libvtv-runpath.patch" "gcc-5-source-date-epoch-1.patch" - "gcc-5-source-date-epoch-2.patch")))))) - ;; TODO: gcc-5 doesn't need cloog. - ;;(inputs - ;; `(("isl" ,isl) - ;; ,@(package-inputs gcc-4.7))))) + "gcc-5-source-date-epoch-2.patch" + "gcc-fix-texi2pod.patch")))) + (inputs + `(("isl" ,isl) + ,@(package-inputs gcc-4.7))))) (define-public gcc-6 (package @@ -407,10 +412,7 @@ Go. It also includes runtime support libraries for these languages.") (base32 "1m0lr7938lw5d773dkvwld90hjlcq2282517d1gwvrfzmwgg42w5")) (patches (search-patches "gcc-strmov-store-file-names.patch" - "gcc-5.0-libvtv-runpath.patch")))) - (inputs - `(("isl" ,isl) - ,@(package-inputs gcc-4.7))))) + "gcc-5.0-libvtv-runpath.patch")))))) (define-public gcc-7 (package diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 28477b2c42..72a737b013 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -100,23 +100,23 @@ paper size.") (arguments `(#:tests? #f ; none provided #:phases - (alist-replace - 'configure - (lambda* (#:key inputs outputs #:allow-other-keys #:rest args) - (let ((perl (assoc-ref inputs "perl")) - (out (assoc-ref outputs "out"))) - (copy-file "Makefile.unix" "Makefile") - (substitute* "Makefile" - (("/usr/local/bin/perl") (string-append perl "/bin/perl"))) - (substitute* "Makefile" - (("/usr/local") out)) - ;; for the install phase - (substitute* "Makefile" - (("-mkdir") "mkdir -p")) - ;; drop installation of non-free files - (substitute* "Makefile" - ((" install.include") "")))) - %standard-phases))) + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key inputs outputs #:allow-other-keys #:rest args) + (let ((perl (assoc-ref inputs "perl")) + (out (assoc-ref outputs "out"))) + (copy-file "Makefile.unix" "Makefile") + (substitute* "Makefile" + (("/usr/local/bin/perl") (string-append perl "/bin/perl"))) + (substitute* "Makefile" + (("/usr/local") out)) + ;; for the install phase + (substitute* "Makefile" + (("-mkdir") "mkdir -p")) + ;; drop installation of non-free files + (substitute* "Makefile" + ((" install.include") ""))) + #t))))) (synopsis "Collection of utilities for manipulating PostScript documents") (description "PSUtils is a collection of utilities for manipulating PostScript @@ -131,8 +131,7 @@ printing, and psresize, for adjusting page sizes.") (define-public ghostscript (package (name "ghostscript") - (replacement ghostscript-9.22) - (version "9.21") + (version "9.22") (source (origin (method url-fetch) @@ -142,9 +141,8 @@ printing, and psresize, for adjusting page sizes.") "/ghostscript-" version ".tar.xz")) (sha256 (base32 - "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b")) + "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61")) (patches (search-patches "ghostscript-runpath.patch" - "ghostscript-CVE-2017-8291.patch" "ghostscript-no-header-creationdate.patch" "ghostscript-no-header-id.patch" "ghostscript-no-header-uuid.patch")) @@ -255,25 +253,6 @@ output file formats and printers.") (home-page "https://www.ghostscript.com/") (license license:agpl3+))) -(define ghostscript-9.22 - (package - (inherit ghostscript) - (version "9.22") - (source - (origin - (inherit (package-source ghostscript)) - (uri (string-append "https://github.com/ArtifexSoftware/" - "ghostpdl-downloads/releases/download/gs" - (string-delete #\. version) - "/ghostscript-" version ".tar.xz")) - (sha256 - (base32 - "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61")) - (patches (search-patches "ghostscript-runpath.patch" - "ghostscript-no-header-creationdate.patch" - "ghostscript-no-header-id.patch" - "ghostscript-no-header-uuid.patch")))))) - (define-public ghostscript/x (package/inherit ghostscript (name (string-append (package-name ghostscript) "-with-x")) diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index bacc63270a..6024c7600f 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -67,7 +67,7 @@ (define dbus (package (name "dbus") - (version "1.10.22") + (version "1.10.24") (source (origin (method url-fetch) (uri (string-append @@ -75,7 +75,7 @@ version ".tar.gz")) (sha256 (base32 - "15vv9gz5i4f5l7h0d045qz5iyvl89hjk2k83lb4vbizd7qg41cg2")) + "06ydmrg76l1kwl3190d72zpiy3qxy248x6gskxbj9qiqfsr4w63i")) (patches (search-patches "dbus-helper-search-path.patch")))) (build-system gnu-build-system) (arguments @@ -137,7 +137,7 @@ shared NFS home directories.") (define glib (package (name "glib") - (version "2.52.3") + (version "2.54.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" @@ -145,8 +145,9 @@ shared NFS home directories.") name "-" version ".tar.xz")) (sha256 (base32 - "0a71wkkhkvad84gm30w13micxxgqqw3sxhybj7nd9z60lwspdvi5")) - (patches (search-patches "glib-tests-timer.patch")))) + "18s7rw127wrvb107bkmxd1lmh62b2v19ww5rz7xi0krj34a1ph2h")) + (patches (search-patches "glib-respect-datadir.patch" + "glib-tests-timer.patch")))) (build-system gnu-build-system) (outputs '("out" ; everything "bin" ; glib-mkenums, gtester, etc.; depends on Python @@ -247,12 +248,7 @@ shared NFS home directories.") ("gio/tests/gdbus-unix-addresses.c" (;; Requires /etc/machine-id. - "/gdbus/x11-autolaunch")) - - ("glib/tests/gdatetime.c" - (;; Assumes that the Brasilian time zone is named 'BRT', - ;; which is no longer true as of tzdata-2017a. - "/GDateTime/new_full"))))) + "/gdbus/x11-autolaunch"))))) (and-map (lambda (x) (apply disable x)) failing-tests))))) ;; Note: `--docdir' and `--htmldir' are not honored, so work around it. @@ -284,19 +280,19 @@ shared NFS home directories.") and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.") (home-page "https://developer.gnome.org/glib/") - (license license:lgpl2.0+))) ; some files are under lgpl2.1+ + (license license:lgpl2.1+))) (define gobject-introspection (package (name "gobject-introspection") - (version "1.52.1") + (version "1.54.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" "gobject-introspection/" (version-major+minor version) "/gobject-introspection-" version ".tar.xz")) (sha256 - (base32 "1x5gkyrglv3dn9b4fsgw6asqgjw1wj7qc37g9pyac6pyaa6w7l1f")) + (base32 "0zl7pfkzkm07733391b4f3cwjbnvb1nwvpmajf5bajh6bxgfv3dq")) (modules '((guix build utils))) (snippet '(substitute* "tools/g-ir-tool-template.in" diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index bce2b8ae93..2ebbd29565 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -1166,7 +1166,7 @@ dealing with different structured file formats.") (define-public librsvg (package (name "librsvg") - (version "2.40.18") + (version "2.40.19") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -1174,7 +1174,7 @@ dealing with different structured file formats.") name "-" version ".tar.xz")) (sha256 (base32 - "0k2nbd4g31qinkdfd8r5c5ih2ixl85fbkgkqqh9747lwr24c9j5z")))) + "1xy12qi29xqf3i61awf9qmm5ysw6v5qgxqwvi5fny0q9hs5lsav1")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index d332158e27..e8a44f20b8 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -86,16 +86,15 @@ Daemon and possibly more in the future.") (define-public libgcrypt (package - (replacement libgcrypt/fixed) (name "libgcrypt") - (version "1.7.8") + (version "1.8.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" version ".tar.bz2")) (sha256 (base32 - "16f1rsv4y4w2pk1il2jbcqggsb6mrlfva5vayd205fp68zm7d0ll")))) + "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s")))) (build-system gnu-build-system) (propagated-inputs `(("libgpg-error-host" ,libgpg-error))) @@ -121,18 +120,6 @@ generation.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgcrypt"))))) -(define libgcrypt/fixed - (package - (inherit libgcrypt) - (version "1.8.1") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" - version ".tar.bz2")) - (sha256 - (base32 - "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s")))))) - (define-public libassuan (package (name "libassuan") diff --git a/gnu/packages/groff.scm b/gnu/packages/groff.scm index 67dd1dbfa6..6e1a60e9ba 100644 --- a/gnu/packages/groff.scm +++ b/gnu/packages/groff.scm @@ -56,7 +56,14 @@ ("perl" ,perl) ("psutils" ,psutils) ("texinfo" ,texinfo))) - (arguments '(#:parallel-build? #f)) ; parallel build fails + (arguments + `(#:parallel-build? #f ; parallel build fails + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'setenv + (lambda _ + (setenv "GS_GENERATE_UUIDS" "0") + #t))))) (synopsis "Typesetting from plain text mixed with formatting commands") (description "Groff is a typesetting package that reads plain text and produces diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 235d2c3718..bb77279b32 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com> ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com> ;;; Coypright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Fabian Harfert <fhmgufs@web.de> ;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net> ;;; Copyright © 2016 Patrick Hetu <patrick.hetu@auf.org> @@ -428,7 +428,7 @@ highlighting and other features typical of a source code editor.") (define-public gdk-pixbuf (package (name "gdk-pixbuf") - (version "2.36.10") + (version "2.36.11") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -436,7 +436,7 @@ highlighting and other features typical of a source code editor.") name "-" version ".tar.xz")) (sha256 (base32 - "1klsjkdbashd8yb8xjsc9ff3bz32n2id5s79nrrmqiw9df4zmxpq")))) + "1wz2vpciwdpdv612s8kbww08q80hgcs5dxrfsxp1a4q44n3snqmf")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--with-x11") @@ -654,7 +654,7 @@ application suites.") (name "gtk+") ;; NOTE: When updating the version of 'gtk+', the hash of 'mate-themes' in ;; mate.scm will also need to be updated. - (version "3.22.21") + (version "3.22.24") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -662,7 +662,7 @@ application suites.") name "-" version ".tar.xz")) (sha256 (base32 - "11vb1shgr4rlayfk0b858gz986jsn2mpjlxvr89b2kgvbjlc3lqv")) + "0asr6gccw1vv02i29ivwr74fpxlmdxhr0wigybsvi2ljzi66xcfb")) (patches (search-patches "gtk3-respect-GUIX_GTK3_PATH.patch" "gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch")))) (outputs '("out" "bin" "doc")) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index b53247de82..7d23d41be0 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -71,7 +71,7 @@ (define-public libpng (package (name "libpng") - (version "1.6.29") + (version "1.6.34") (source (origin (method url-fetch) (uri (list (string-append "mirror://sourceforge/libpng/libpng16/" @@ -84,7 +84,7 @@ "/libpng16/libpng-" version ".tar.xz"))) (sha256 (base32 - "0fgjqp7x6jynacmqh6dj72cn6nnf6yxjfqqqfsxrx0pyx22bcia2")))) + "1xjr0v34fyjgnhvaa1zixcpx5yvxcg4zwvfh0fyklfyfj86rc7ig")))) (build-system gnu-build-system) ;; libpng.la says "-lz", so propagate it. diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index 801b4e44a9..b9f774a32a 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -46,8 +46,7 @@ (define-public mit-krb5 (package (name "mit-krb5") - (replacement mit-krb5-1.15.2) - (version "1.15.1") + (version "1.15.2") (source (origin (method url-fetch) (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/" @@ -55,7 +54,7 @@ "/krb5-" version ".tar.gz")) (sha256 (base32 - "0igbi5d095c2hgpn2cixpc4q2ij8vgg2bx7yjfly5zfmvlqqhz23")))) + "0zn8s7anb10hw3nzwjz7vg10fgmmgvwnibn2zrn3nppjxn9f6f8n")))) (build-system gnu-build-system) (native-inputs `(("bison" ,bison) @@ -94,19 +93,6 @@ cryptography.") (home-page "http://web.mit.edu/kerberos/") (properties '((cpe-name . "kerberos"))))) -(define mit-krb5-1.15.2 ; CVE-2017-{11368,11462} - (package - (inherit mit-krb5) - (version "1.15.2") - (source (origin - (method url-fetch) - (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/" - (version-major+minor version) - "/krb5-" version ".tar.gz")) - (sha256 - (base32 - "0zn8s7anb10hw3nzwjz7vg10fgmmgvwnibn2zrn3nppjxn9f6f8n")))))) - (define-public shishi (package (name "shishi") diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm index dfb1be6c4f..ff0c05bad0 100644 --- a/gnu/packages/libidn.scm +++ b/gnu/packages/libidn.scm @@ -55,15 +55,14 @@ Java libraries.") (define-public libidn2 (package (name "libidn2") - (version "2.0.2") - (replacement libidn2-2.0.4) + (version "2.0.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/libidn/" name "-" version ".tar.lz")) (sha256 (base32 - "0pqaj8d01aj4i110669fincqs10kgynyqcrmq2q7pss8v9dcd1jq")))) + "00f2fyw5kwr9is3cdn5h9arzxp0lnvg0z9bb9zyfs0dq81gaqim4")))) (native-inputs `(("lzip" ,lzip))) (inputs @@ -75,19 +74,7 @@ the IDNA2008 specifications. Libidn2 is believed to be a complete IDNA2008 implementation, but has yet to be as extensively used as the original Libidn library.") (home-page "https://www.gnu.org/software/libidn/#libidn2") + (properties '((ftp-directory . "/gnu/libidn"))) ;; The command-line tool 'idn2' is GPL3+, while the library is dual-licensed ;; GPL2+ or LGPL3+. (license (list gpl2+ gpl3+ lgpl3+)))) - -(define-public libidn2-2.0.4 - (package - (inherit libidn2) - (name "libidn2") - (version "2.0.4") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/libidn/" name "-" version - ".tar.lz")) - (sha256 - (base32 - "00f2fyw5kwr9is3cdn5h9arzxp0lnvg0z9bb9zyfs0dq81gaqim4")))))) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 49665e24d3..45a4146cd7 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -2046,30 +2046,50 @@ from the module-init-tools project.") ;; The post-systemd fork, maintained by Gentoo. (package (name "eudev") - (version "3.2.2") + (version "3.2.4") (source (origin (method url-fetch) - (uri (string-append - "http://dev.gentoo.org/~blueness/eudev/eudev-" - version ".tar.gz")) + (uri (string-append "https://github.com/gentoo/eudev/archive/v" + version ".zip")) + (file-name (string-append name "-" version ".zip")) (sha256 (base32 - "0qqgbgpm5wdllk0s04pf80nwc8pr93xazwri1bylm1f15zn5ck1y")) + "1r1ag0snarygrj5qqxi2xdq9w6g3sfjd5jx1b0fl7zmqlsz3vvxx")) (patches (search-patches "eudev-rules-directory.patch")))) (build-system gnu-build-system) (arguments - '(#:phases (modify-phases %standard-phases - (add-after 'install 'build-hwdb - (lambda* (#:key outputs #:allow-other-keys) - ;; Build OUT/etc/udev/hwdb.bin. This allows 'lsusb' and - ;; similar tools to display product names. - (let ((out (assoc-ref outputs "out"))) - (zero? (system* (string-append out "/bin/udevadm") - "hwdb" "--update")))))))) + '(#:phases + (modify-phases %standard-phases + (add-before 'configure 'bootstrap + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "man/make.sh" + (("/usr/bin/xsltproc") + (string-append (assoc-ref inputs "xsltproc") + "/bin/xsltproc"))) + ;; Manual pages are regenerated here. + (zero? (system* "./autogen.sh")))) + (add-after 'install 'build-hwdb + (lambda* (#:key outputs #:allow-other-keys) + ;; Build OUT/etc/udev/hwdb.bin. This allows 'lsusb' and + ;; similar tools to display product names. + (let ((out (assoc-ref outputs "out"))) + (zero? (system* (string-append out "/bin/udevadm") + "hwdb" "--update")))))) + #:configure-flags (list "--enable-manpages"))) (native-inputs - `(("pkg-config" ,pkg-config) + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("gperf" ,gperf) + ("libtool" ,libtool) + ("pkg-config" ,pkg-config) + ;; For tests. ("perl" ,perl) - ("gperf" ,gperf))) + ("python" ,python-wrapper) + ;; For documentation. + ("docbook-xml" ,docbook-xml-4.2) + ("docbook-xsl" ,docbook-xsl) + ("libxml2" ,libxml2) ;for $XML_CATALOG_FILES + ("xsltproc", libxslt))) (inputs ;; When linked against libblkid, eudev can populate /dev/disk/by-label ;; and similar; it also installs the '60-persistent-storage.rules' file, @@ -3044,16 +3064,14 @@ Bluetooth audio output devices like headphones or loudspeakers.") (string-append "--with-udevdir=" out "/lib/udev"))) #:phases (modify-phases %standard-phases - ,@(if (string=? (%current-system) "armhf-linux") - ;; This test fails unpredictably. - ;; TODO: skip it for all architectures. - `((add-before 'check 'skip-wonky-test - (lambda _ - (substitute* "unit/test-gatt.c" - (("tester_init\\(&argc, &argv\\);") "return 77;")) - #t))) - `()) - + ;; Test unit/test-gatt fails unpredictably. Seems to be a timing + ;; issue (discussion on upstream mailing list: + ;; https://marc.info/?t=149578476300002&r=1&w=2) + (add-before 'check 'skip-wonky-test + (lambda _ + (substitute* "unit/test-gatt.c" + (("tester_init\\(&argc, &argv\\);") "return 77;")) + #t)) (add-after 'install 'post-install (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 8f57670dbc..9af6448621 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -2601,7 +2601,7 @@ parts of it.") (define-public openblas (package (name "openblas") - (version "0.2.19") + (version "0.2.20") (source (origin (method url-fetch) @@ -2610,10 +2610,10 @@ parts of it.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "071zqnmnxhh0c9phzyn3f198yxa0hjxda7016azdbq2056sm70w7")))) + "1bd03c5xni0bla0wg1wba841b36b0sg13sjja955kn5xzvy4i61a")))) (build-system gnu-build-system) (arguments - `(#:tests? #f ;no "check" target + `(#:test-target "test" ;; DYNAMIC_ARCH is only supported on x86. When it is disabled and no ;; TARGET is specified, OpenBLAS will tune itself to the build host, so ;; we need to disable substitutions. diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm index b6d2d7f4af..69272eb18a 100644 --- a/gnu/packages/multiprecision.scm +++ b/gnu/packages/multiprecision.scm @@ -87,13 +87,13 @@ cryptography and computational algebra.") (define-public mpfr (package (name "mpfr") - (version "3.1.5") + (version "3.1.6") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/mpfr/mpfr-" version ".tar.xz")) (sha256 (base32 - "1g32l2fg8f62lcyzzh88y3fsh6rk539qc6ahhdgvx7wpnf1dwpq1")))) + "0l598h9klpgkz2bp0rxiqb90mkqh9f2f81n5rpy191j00hdaqqks")))) (build-system gnu-build-system) (outputs '("out" "debug")) (propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h> diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 9ecdd90c64..07ac59da5b 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -33,6 +33,7 @@ #:use-module (gnu packages guile) #:use-module (gnu packages file) #:use-module (gnu packages backup) + #:use-module (gnu packages bootstrap) ;for 'bootstrap-guile-origin' #:use-module (gnu packages compression) #:use-module (gnu packages gnupg) #:use-module (gnu packages databases) @@ -229,39 +230,19 @@ ("graphviz" ,graphviz) ("help2man" ,help2man))) (inputs - (let ((boot-guile (lambda (arch hash) - (origin - (method url-fetch) - (uri (boot-guile-uri arch)) - (sha256 hash))))) - `(("bzip2" ,bzip2) - ("gzip" ,gzip) - ("zlib" ,zlib) ;for 'guix publish' - - ("sqlite" ,sqlite) - ("libgcrypt" ,libgcrypt) - ("guile" ,guile-2.2) - - ("boot-guile/i686" - ,(boot-guile "i686" - (base32 - "0im800m30abgh7msh331pcbjvb4n02smz5cfzf1srv0kpx3csmxp"))) - ("boot-guile/x86_64" - ,(boot-guile "x86_64" - (base32 - "1w2p5zyrglzzniqgvyn1b55vprfzhgk8vzbzkkbdgl5248si0yq3"))) - ("boot-guile/mips64el" - ,(boot-guile "mips64el" - (base32 - "0fzp93lvi0hn54acc0fpvhc7bvl0yc853k62l958cihk03q80ilr"))) - ("boot-guile/armhf" - ,(boot-guile "armhf" - (base32 - "1mi3brl7l58aww34rawhvja84xc7l1b4hmwdmc36fp9q9mfx0lg5"))) - ("boot-guile/aarch64" - ,(boot-guile "aarch64" - (base32 - "1giy2aprjmn5fp9c4s9r125fljw4wv6ixy5739i5bffw4jgr0f9r")))))) + `(("bzip2" ,bzip2) + ("gzip" ,gzip) + ("zlib" ,zlib) ;for 'guix publish' + + ("sqlite" ,sqlite) + ("libgcrypt" ,libgcrypt) + ("guile" ,guile-2.2) + + ("boot-guile/i686" ,(bootstrap-guile-origin "i686-linux")) + ("boot-guile/x86_64" ,(bootstrap-guile-origin "x86_64-linux")) + ("boot-guile/mips64el" ,(bootstrap-guile-origin "mips64el-linux")) + ("boot-guile/armhf" ,(bootstrap-guile-origin "armhf-linux")) + ("boot-guile/aarch64" ,(bootstrap-guile-origin "aarch64-linux")))) (propagated-inputs `(("gnutls" ,gnutls) ("guile-json" ,guile-json) diff --git a/gnu/packages/patches/automake-regexp-syntax.patch b/gnu/packages/patches/automake-regexp-syntax.patch deleted file mode 100644 index 2e965c8c50..0000000000 --- a/gnu/packages/patches/automake-regexp-syntax.patch +++ /dev/null @@ -1,34 +0,0 @@ -From <https://lists.gnu.org/archive/html/automake-patches/2015-07/msg00000.html>. -See also <http://bugs.gnu.org/22372>. - -From 34163794a58b5bd91c5d6bd9adf5437571c7a479 Mon Sep 17 00:00:00 2001 -From: Pavel Raiskup <praiskup@redhat.com> -Date: Tue, 7 Jul 2015 10:54:24 +0200 -Subject: [PATCH] bin/automake: escape '{' in regexp pattern - -Based on perlre(1) documentation: -.. in Perl v5.26, literal uses of a curly bracket will be required -to be escaped, say by preceding them with a backslash ("\{" ) or -enclosing them within square brackets ("[{]") .. - -References: -https://bugzilla.redhat.com/1239379 - -* bin/automake.in (substitute_ac_subst_variables): Escape the -occurrence of '{' character. ---- - bin/automake.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bin/automake.in b/bin/automake.in -index 0c29184..c294ced 100644 ---- a/bin/automake.in -+++ b/bin/automake.in -@@ -3898,7 +3898,7 @@ sub substitute_ac_subst_variables_worker - sub substitute_ac_subst_variables - { - my ($text) = @_; -- $text =~ s/\${([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge; -+ $text =~ s/\$\{([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge; - return $text; - } diff --git a/gnu/packages/patches/automake-test-gzip-warning.patch b/gnu/packages/patches/automake-test-gzip-warning.patch deleted file mode 100644 index bcc9c207ae..0000000000 --- a/gnu/packages/patches/automake-test-gzip-warning.patch +++ /dev/null @@ -1,17 +0,0 @@ -Adjust test to ignore gzip 1.8+ warnings. - ---- automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:36:26.554218552 +0200 -+++ automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:37:52.903157770 +0200 -@@ -49,7 +49,11 @@ grep "cannot find sources.* in foobar" s - - ./configure - run_make -E -O distcheck --test ! -s stderr -+ -+# Gzip 1.8+ emits warnings like "gzip: warning: GZIP environment -+# variable is deprecated"; filter them out. -+test `grep -v '^gzip: warning' stderr | wc -l` -eq 0 -+ - # Sanity check: the flags have been actually seen. - $PERL -e 'undef $/; $_ = <>; s/ \\\n/ /g; print;' <stdout >t - grep '/configure .* --srcdir am-src' t || exit 99 diff --git a/gnu/packages/patches/coreutils-cut-huge-range-test.patch b/gnu/packages/patches/coreutils-cut-huge-range-test.patch deleted file mode 100644 index e3a0ef28eb..0000000000 --- a/gnu/packages/patches/coreutils-cut-huge-range-test.patch +++ /dev/null @@ -1,33 +0,0 @@ -This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our -the build environment chroot, as reported at <https://bugs.gnu.org/26253>, -and now on x86_64-linux-gnu as well. It is a variant of this upstream patch: - - commit f5422009389678680dba9ff4ecb7d33632ee3383 - Author: Ludovic Courtès <ludo@gnu.org> - Date: Mon Mar 27 20:34:39 2017 -0700 - - tests: avoid false ulimit failure on some systems - - * tests/misc/cut-huge-range.sh: On some systems returns_ may - use more memory, so incorporate that in the determination - of the ulimit value to use. Noticed on ARMv7 with bash-4.4.12, - and x86_64 with bash-4.2.37. - Fixes http://bugs.gnu.org/26253 - -... which appeared to be insufficient. - -diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh -index 6b3c5b6ed..55b7b640e 100755 ---- a/tests/misc/cut-huge-range.sh -+++ b/tests/misc/cut-huge-range.sh -@@ -20,9 +20,9 @@ - print_ver_ cut - getlimits_ - --vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \ -+vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \ - || skip_ "this shell lacks ulimit support" - vm=$(($vm + 1000)) # avoid spurious failures - - # sed script to subtract one from the input. - # Each input line should consist of a positive decimal number. diff --git a/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch b/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch deleted file mode 100644 index 74b10c4a44..0000000000 --- a/gnu/packages/patches/gcc-asan-powerpc-missing-include.patch +++ /dev/null @@ -1,20 +0,0 @@ -Add missing include that triggers a build failure on PowerPC: - - ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc: In function ‘bool __asan::AsanInterceptsSignal(int)’: - ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc:222:20: error: ‘SIGSEGV’ was not declared in this scope - return signum == SIGSEGV && common_flags()->handle_segv; - ^ -From <https://patchwork.ozlabs.org/patch/725596/>. - -diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc -index c504168..59087b9 100644 ---- a/libsanitizer/asan/asan_linux.cc -+++ b/libsanitizer/asan/asan_linux.cc -@@ -29,6 +29,7 @@ - #include <dlfcn.h> - #include <fcntl.h> - #include <pthread.h> -+#include <signal.h> - #include <stdio.h> - #include <unistd.h> - #include <unwind.h> diff --git a/gnu/packages/patches/gcc-fix-texi2pod.patch b/gnu/packages/patches/gcc-fix-texi2pod.patch new file mode 100644 index 0000000000..28bd56a382 --- /dev/null +++ b/gnu/packages/patches/gcc-fix-texi2pod.patch @@ -0,0 +1,19 @@ +This patch was taken from the official GCC git repository. +X-Git-Url: https://gcc.gnu.org/git/?p=gcc.git;a=blobdiff_plain;f=contrib%2Ftexi2pod.pl;h=91bdbb5cea933d0381f2924ab94490fca31d5800;hp=eba1bcaa3cffa78b46030b219d04fe7d68367658;hb=67b56c905078d49d3e4028085e5cb1e1fb87a8aa;hpb=2f508a78310caab123e9794d3dcfe41f2769449b + +It fixes a defect in the contrib/texi2pod.pl script that prevented generating +manual pages. It was corrected in the GCC 6.X series. + +diff --git a/contrib/texi2pod.pl b/contrib/texi2pod.pl +index eba1bca..91bdbb5 100755 +--- a/contrib/texi2pod.pl ++++ b/contrib/texi2pod.pl +@@ -316,7 +316,7 @@ while(<$inf>) { + @columns = (); + for $column (split (/\s*\@tab\s*/, $1)) { + # @strong{...} is used a @headitem work-alike +- $column =~ s/^\@strong{(.*)}$/$1/; ++ $column =~ s/^\@strong\{(.*)\}$/$1/; + push @columns, $column; + } + $_ = "\n=item ".join (" : ", @columns)."\n"; diff --git a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch b/gnu/packages/patches/ghostscript-CVE-2017-8291.patch deleted file mode 100644 index d38bd593c0..0000000000 --- a/gnu/packages/patches/ghostscript-CVE-2017-8291.patch +++ /dev/null @@ -1,195 +0,0 @@ -Fix CVE-2017-8291: - -https://bugs.ghostscript.com/show_bug.cgi?id=697799 -https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291 - -Patches copied from upstream source repository: - -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e -https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad - -From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 27 Apr 2017 13:03:33 +0100 -Subject: [PATCH] Bug 697799: have .eqproc check its parameters - -The Ghostscript custom operator .eqproc was not check the number or type of -the parameters it was given. ---- - psi/zmisc3.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 54b304246..37293ff4b 100644 ---- a/psi/zmisc3.c -+++ b/psi/zmisc3.c -@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p) - ref2_t stack[MAX_DEPTH + 1]; - ref2_t *top = stack; - -+ if (ref_stack_count(&o_stack) < 2) -+ return_error(gs_error_stackunderflow); -+ if (!r_is_array(op - 1) || !r_is_array(op)) { -+ return_error(gs_error_typecheck); -+ } -+ - make_array(&stack[0].proc1, 0, 1, op - 1); - make_array(&stack[0].proc2, 0, 1, op); - for (;;) { --- -2.13.0 - -From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 27 Apr 2017 13:21:31 +0100 -Subject: [PATCH] Bug 697799: have .rsdparams check its parameters - -The Ghostscript internal operator .rsdparams wasn't checking the number or -type of the operands it was being passed. Do so. ---- - psi/zfrsd.c | 22 +++++++++++++++------- - 1 file changed, 15 insertions(+), 7 deletions(-) - -diff --git a/psi/zfrsd.c b/psi/zfrsd.c -index 191107d8a..950588d69 100644 ---- a/psi/zfrsd.c -+++ b/psi/zfrsd.c -@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p) - ref *pFilter; - ref *pDecodeParms; - int Intent = 0; -- bool AsyncRead; -+ bool AsyncRead = false; - ref empty_array, filter1_array, parms1_array; - uint i; -- int code; -+ int code = 0; -+ -+ if (ref_stack_count(&o_stack) < 1) -+ return_error(gs_error_stackunderflow); -+ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { -+ return_error(gs_error_typecheck); -+ } - - make_empty_array(&empty_array, a_readonly); -- if (dict_find_string(op, "Filter", &pFilter) > 0) { -+ if (r_has_type(op, t_dictionary) -+ && dict_find_string(op, "Filter", &pFilter) > 0) { - if (!r_is_array(pFilter)) { - if (!r_has_type(pFilter, t_name)) - return_error(gs_error_typecheck); -@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p) - return_error(gs_error_typecheck); - } - } -- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); -+ if (r_has_type(op, t_dictionary)) -+ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent); - if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */ - return code; -- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0 -- ) -- return code; -+ if (r_has_type(op, t_dictionary)) -+ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0) -+ return code; - push(1); - op[-1] = *pFilter; - if (pDecodeParms) --- -2.13.0 - -From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 3 May 2017 12:05:45 +0100 -Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc) - -When using the "DELAYBIND" feature, it turns out that .eqproc can be called with -parameters that are not both procedures. In this case, it turns out, the -expectation is for the operator to return 'false', rather than throw an error. ---- - psi/zmisc3.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 37293ff4b..3f01d39a3 100644 ---- a/psi/zmisc3.c -+++ b/psi/zmisc3.c -@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p) - return gs_cliprestore(igs); - } - -+static inline bool -+eqproc_check_type(ref *r) -+{ -+ return r_has_type(r, t_array) -+ || r_has_type(r, t_mixedarray) -+ || r_has_type(r, t_shortarray) -+ || r_has_type(r, t_oparray); -+} -+ - /* <proc1> <proc2> .eqproc <bool> */ - /* - * Test whether two procedures are equal to depth 10. -@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p) - - if (ref_stack_count(&o_stack) < 2) - return_error(gs_error_stackunderflow); -- if (!r_is_array(op - 1) || !r_is_array(op)) { -- return_error(gs_error_typecheck); -+ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { -+ make_false(op - 1); -+ pop(1); -+ return 0; - } - - make_array(&stack[0].proc1, 0, 1, op - 1); --- -2.13.0 - -From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 11 May 2017 14:07:48 +0100 -Subject: [PATCH] Bug 697892: fix check for op stack underflow. - -In the original fix, I used the wrong method to check for stack underflow, this -is using the correct method. ---- - psi/zfrsd.c | 3 +-- - psi/zmisc3.c | 3 +-- - 2 files changed, 2 insertions(+), 4 deletions(-) - -diff --git a/psi/zfrsd.c b/psi/zfrsd.c -index 950588d69..9c035b96d 100644 ---- a/psi/zfrsd.c -+++ b/psi/zfrsd.c -@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p) - uint i; - int code = 0; - -- if (ref_stack_count(&o_stack) < 1) -- return_error(gs_error_stackunderflow); -+ check_op(1); - if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) { - return_error(gs_error_typecheck); - } -diff --git a/psi/zmisc3.c b/psi/zmisc3.c -index 3f01d39a3..43803b55b 100644 ---- a/psi/zmisc3.c -+++ b/psi/zmisc3.c -@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p) - ref2_t stack[MAX_DEPTH + 1]; - ref2_t *top = stack; - -- if (ref_stack_count(&o_stack) < 2) -- return_error(gs_error_stackunderflow); -+ check_op(2); - if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) { - make_false(op - 1); - pop(1); --- -2.13.0 - diff --git a/gnu/packages/patches/glib-respect-datadir.patch b/gnu/packages/patches/glib-respect-datadir.patch new file mode 100644 index 0000000000..309ce9fc0b --- /dev/null +++ b/gnu/packages/patches/glib-respect-datadir.patch @@ -0,0 +1,21 @@ +On Guix, Python modules are in a different output from the executables, +so searching "../share/glib-2.0" will not work. + +This patch restores behaviour prior to this commit: +<https://git.gnome.org/browse/glib/commit/?id=fe2a9887a8ccb14f2386e01b14834e97a33bc2d7> + +--- a/gio/gdbus-2.0/codegen/gdbus-codegen.in ++++ b/gio/gdbus-2.0/codegen/gdbus-codegen.in +@@ -25,9 +25,12 @@ + + srcdir = os.getenv('UNINSTALLED_GLIB_SRCDIR', None) + filedir = os.path.dirname(__file__) ++datadir = os.path.join('@datadir@', 'glib-2.0') + + if srcdir is not None: + path = os.path.join(srcdir, 'gio', 'gdbus-2.0') ++elif os.path.exists(os.path.join(datadir, 'codegen')): ++ path = datadir + elif os.path.basename(filedir) == 'bin': + # Make the prefix containing gdbus-codegen 'relocatable' at runtime by + # adding /some/prefix/bin/../share/glib-2.0 to the python path diff --git a/gnu/packages/patches/grep-gnulib-lock.patch b/gnu/packages/patches/grep-gnulib-lock.patch deleted file mode 100644 index 68c33f1031..0000000000 --- a/gnu/packages/patches/grep-gnulib-lock.patch +++ /dev/null @@ -1,32 +0,0 @@ -This patch fix error on 'gnulib' library required to build -'grep' package on GNU/Hurd. -The patch was adapted from upstream source repository: -'<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=4084b3a1094372b960ce4a97634e08f4538c8bdd>' - -Commit: 4084b3a1094372b960ce4a97634e08f4538c8bdd - -diff --git a/lib/glthread/lock.c b/lib/glthread/lock.c -index 061562b..afc86f4 100644 ---- a/lib/glthread/lock.c -+++ b/lib/glthread/lock.c -@@ -30,7 +30,7 @@ - - /* ------------------------- gl_rwlock_t datatype ------------------------- */ - --# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) -+# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) - - # ifdef PTHREAD_RWLOCK_INITIALIZER - -diff --git a/lib/glthread/lock.h b/lib/glthread/lock.h -index ec16d39..67932aa 100644 ---- a/lib/glthread/lock.h -+++ b/lib/glthread/lock.h -@@ -179,7 +179,7 @@ typedef pthread_mutex_t gl_lock_t; - - /* ------------------------- gl_rwlock_t datatype ------------------------- */ - --# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1)) -+# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1))) - - # ifdef PTHREAD_RWLOCK_INITIALIZER diff --git a/gnu/packages/patches/libxml2-CVE-2016-4658.patch b/gnu/packages/patches/libxml2-CVE-2016-4658.patch deleted file mode 100644 index a4e1f31fae..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2016-4658.patch +++ /dev/null @@ -1,257 +0,0 @@ -Fix CVE-2016-4658: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b - -From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 28 Jun 2016 18:34:52 +0200 -Subject: [PATCH] Disallow namespace nodes in XPointer ranges - -Namespace nodes must be copied to avoid use-after-free errors. -But they don't necessarily have a physical representation in a -document, so simply disallow them in XPointer ranges. - -Found with afl-fuzz. - -Fixes CVE-2016-4658. ---- - xpointer.c | 149 +++++++++++++++++++++++-------------------------------------- - 1 file changed, 56 insertions(+), 93 deletions(-) - -diff --git a/xpointer.c b/xpointer.c -index a7b03fbd..694d120e 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) { - } - - /** -+ * xmlXPtrNewRangeInternal: -+ * @start: the starting node -+ * @startindex: the start index -+ * @end: the ending point -+ * @endindex: the ending index -+ * -+ * Internal function to create a new xmlXPathObjectPtr of type range -+ * -+ * Returns the newly created object. -+ */ -+static xmlXPathObjectPtr -+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex, -+ xmlNodePtr end, int endindex) { -+ xmlXPathObjectPtr ret; -+ -+ /* -+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs). -+ * Disallow them for now. -+ */ -+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL)) -+ return(NULL); -+ -+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -+ if (ret == NULL) { -+ xmlXPtrErrMemory("allocating range"); -+ return(NULL); -+ } -+ memset(ret, 0, sizeof(xmlXPathObject)); -+ ret->type = XPATH_RANGE; -+ ret->user = start; -+ ret->index = startindex; -+ ret->user2 = end; -+ ret->index2 = endindex; -+ return(ret); -+} -+ -+/** - * xmlXPtrNewRange: - * @start: the starting node - * @startindex: the start index -@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex, - if (endindex < 0) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = startindex; -- ret->user2 = end; -- ret->index2 = endindex; -+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user, -+ end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) { - if (start->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start->user; -- ret->index = start->index; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) { - if (end->type != XPATH_POINT) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end->user; -- ret->index2 = end->index; -+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) { - if (end == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = end; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } -@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - if (start == NULL) - return(NULL); - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- ret->user2 = NULL; -- ret->index2 = -1; -+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1); - return(ret); - } - -@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) { - */ - xmlXPathObjectPtr - xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { -+ xmlNodePtr endNode; -+ int endIndex; - xmlXPathObjectPtr ret; - - if (start == NULL) -@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - return(NULL); - switch (end->type) { - case XPATH_POINT: -+ endNode = end->user; -+ endIndex = end->index; -+ break; - case XPATH_RANGE: -+ endNode = end->user2; -+ endIndex = end->index2; - break; - case XPATH_NODESET: - /* -@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) { - */ - if (end->nodesetval->nodeNr <= 0) - return(NULL); -+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -+ endIndex = -1; - break; - default: - /* TODO */ - return(NULL); - } - -- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject)); -- if (ret == NULL) { -- xmlXPtrErrMemory("allocating range"); -- return(NULL); -- } -- memset(ret, 0 , (size_t) sizeof(xmlXPathObject)); -- ret->type = XPATH_RANGE; -- ret->user = start; -- ret->index = -1; -- switch (end->type) { -- case XPATH_POINT: -- ret->user2 = end->user; -- ret->index2 = end->index; -- break; -- case XPATH_RANGE: -- ret->user2 = end->user2; -- ret->index2 = end->index2; -- break; -- case XPATH_NODESET: { -- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1]; -- ret->index2 = -1; -- break; -- } -- default: -- STRANGE -- return(NULL); -- } -+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex); - xmlXPtrRangeCheckOrder(ret); - return(ret); - } --- -2.11.0 - diff --git a/gnu/packages/patches/libxml2-CVE-2016-5131.patch b/gnu/packages/patches/libxml2-CVE-2016-5131.patch deleted file mode 100644 index 38938c8e3e..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2016-5131.patch +++ /dev/null @@ -1,218 +0,0 @@ -Fix CVE-2016-5131: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131 - -Patches copied from upstream source repository (the test suite fails -without the 2nd patch): - -https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e -https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8 - -From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 28 Jun 2016 14:22:23 +0200 -Subject: [PATCH] Fix XPointer paths beginning with range-to - -The old code would invoke the broken xmlXPtrRangeToFunction. range-to -isn't really a function but a special kind of location step. Remove -this function and always handle range-to in the XPath code. - -The old xmlXPtrRangeToFunction could also be abused to trigger a -use-after-free error with the potential for remote code execution. - -Found with afl-fuzz. - -Fixes CVE-2016-5131. ---- - result/XPath/xptr/vidbase | 13 ++++++++ - test/XPath/xptr/vidbase | 1 + - xpath.c | 7 ++++- - xpointer.c | 76 ++++------------------------------------------- - 4 files changed, 26 insertions(+), 71 deletions(-) - -diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase -index 8b9e92d6..f19193e7 100644 ---- a/result/XPath/xptr/vidbase -+++ b/result/XPath/xptr/vidbase -@@ -17,3 +17,16 @@ Object is a Location Set: - To node - ELEMENT p - -+ -+======================== -+Expression: xpointer(range-to(id('chapter2'))) -+Object is a Location Set: -+1 : Object is a range : -+ From node -+ / -+ To node -+ ELEMENT chapter -+ ATTRIBUTE id -+ TEXT -+ content=chapter2 -+ -diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase -index b1463830..884b1065 100644 ---- a/test/XPath/xptr/vidbase -+++ b/test/XPath/xptr/vidbase -@@ -1,2 +1,3 @@ - xpointer(id('chapter1')/p) - xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) -+xpointer(range-to(id('chapter2'))) -diff --git a/xpath.c b/xpath.c -index d992841e..5a01b1b3 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) { - lc = 1; - break; - } else if ((NXT(len) == '(')) { -- /* Note Type or Function */ -+ /* Node Type or Function */ - if (xmlXPathIsNodeType(name)) { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, - "PathExpr: Type search\n"); - #endif - lc = 1; -+#ifdef LIBXML_XPTR_ENABLED -+ } else if (ctxt->xptr && -+ xmlStrEqual(name, BAD_CAST "range-to")) { -+ lc = 1; -+#endif - } else { - #ifdef DEBUG_STEP - xmlGenericError(xmlGenericErrorContext, -diff --git a/xpointer.c b/xpointer.c -index 676c5105..d74174a3 100644 ---- a/xpointer.c -+++ b/xpointer.c -@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) { - ret->here = here; - ret->origin = origin; - -- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", -- xmlXPtrRangeToFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range", - xmlXPtrRangeFunction); - xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", -@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) { - * @nargs: the number of args - * - * Implement the range-to() XPointer function -+ * -+ * Obsolete. range-to is not a real function but a special type of location -+ * step which is handled in xpath.c. - */ - void --xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { -- xmlXPathObjectPtr range; -- const xmlChar *cur; -- xmlXPathObjectPtr res, obj; -- xmlXPathObjectPtr tmp; -- xmlLocationSetPtr newset = NULL; -- xmlNodeSetPtr oldset; -- int i; -- -- if (ctxt == NULL) return; -- CHECK_ARITY(1); -- /* -- * Save the expression pointer since we will have to evaluate -- * it multiple times. Initialize the new set. -- */ -- CHECK_TYPE(XPATH_NODESET); -- obj = valuePop(ctxt); -- oldset = obj->nodesetval; -- ctxt->context->node = NULL; -- -- cur = ctxt->cur; -- newset = xmlXPtrLocationSetCreate(NULL); -- -- for (i = 0; i < oldset->nodeNr; i++) { -- ctxt->cur = cur; -- -- /* -- * Run the evaluation with a node list made of a single item -- * in the nodeset. -- */ -- ctxt->context->node = oldset->nodeTab[i]; -- tmp = xmlXPathNewNodeSet(ctxt->context->node); -- valuePush(ctxt, tmp); -- -- xmlXPathEvalExpr(ctxt); -- CHECK_ERROR; -- -- /* -- * The result of the evaluation need to be tested to -- * decided whether the filter succeeded or not -- */ -- res = valuePop(ctxt); -- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); -- if (range != NULL) { -- xmlXPtrLocationSetAdd(newset, range); -- } -- -- /* -- * Cleanup -- */ -- if (res != NULL) -- xmlXPathFreeObject(res); -- if (ctxt->value == tmp) { -- res = valuePop(ctxt); -- xmlXPathFreeObject(res); -- } -- -- ctxt->context->node = NULL; -- } -- -- /* -- * The result is used as the new evaluation set. -- */ -- xmlXPathFreeObject(obj); -- ctxt->context->node = NULL; -- ctxt->context->contextSize = -1; -- ctxt->context->proximityPosition = -1; -- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); -+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, -+ int nargs ATTRIBUTE_UNUSED) { -+ XP_ERROR(XPATH_EXPR_ERROR); - } - - /** --- -2.11.0 - -From a005199330b86dada19d162cae15ef9bdcb6baa8 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 28 Jun 2016 14:19:58 +0200 -Subject: [PATCH] Fix comparison with root node in xmlXPathCmpNodes - -This change has already been made in xmlXPathCmpNodesExt but not in -xmlXPathCmpNodes. ---- - xpath.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/xpath.c b/xpath.c -index 751665b8..d992841e 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) { - * compute depth to root - */ - for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { -- if (cur == node1) -+ if (cur->parent == node1) - return(1); - depth2++; - } - root = cur; - for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { -- if (cur == node2) -+ if (cur->parent == node2) - return(-1); - depth1++; - } --- -2.11.0 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-0663.patch b/gnu/packages/patches/libxml2-CVE-2017-0663.patch deleted file mode 100644 index b0277a2d23..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-0663.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix CVE-2017-0663: - -https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663 -https://security-tracker.debian.org/tracker/CVE-2017-0663 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66 - -From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Tue, 6 Jun 2017 12:56:28 +0200 -Subject: [PATCH] Fix type confusion in xmlValidateOneNamespace - -Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on -namespace declarations make no practical sense anyway. - -Fixes bug 780228. - -Found with libFuzzer and ASan. ---- - valid.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/valid.c b/valid.c -index 8075d3a0..c51ea290 100644 ---- a/valid.c -+++ b/valid.c -@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - } - } - -+ /* -+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions -+ * xmlAddID and xmlAddRef for namespace declarations, but it makes -+ * no practical sense to use ID types anyway. -+ */ -+#if 0 - /* Validity Constraint: ID uniqueness */ - if (attrDecl->atype == XML_ATTRIBUTE_ID) { - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) -@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) - ret = 0; - } -+#endif - - /* Validity Constraint: Notation Attributes */ - if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-7375.patch b/gnu/packages/patches/libxml2-CVE-2017-7375.patch deleted file mode 100644 index 32af1ff6ba..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-7375.patch +++ /dev/null @@ -1,45 +0,0 @@ -Fix CVE-2017-7375: - -https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375 -https://security-tracker.debian.org/tracker/CVE-2017-7375 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e - -From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001 -From: Neel Mehta <nmehta@google.com> -Date: Fri, 7 Apr 2017 17:43:02 +0200 -Subject: [PATCH] Prevent unwanted external entity reference - -For https://bugzilla.gnome.org/show_bug.cgi?id=780691 - -* parser.c: add a specific check to avoid PE reference ---- - parser.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/parser.c b/parser.c -index 609a2703..c2c812de 100644 ---- a/parser.c -+++ b/parser.c -@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt) - if (xmlPushInput(ctxt, input) < 0) - return; - } else { -+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && -+ ((ctxt->options & XML_PARSE_NOENT) == 0) && -+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) && -+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) && -+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) && -+ (ctxt->replaceEntities == 0) && -+ (ctxt->validate == 0)) -+ return; -+ - /* - * TODO !!! - * handle the extra spaces added before and after --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-7376.patch b/gnu/packages/patches/libxml2-CVE-2017-7376.patch deleted file mode 100644 index 5b9e45bd83..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-7376.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix CVE-2017-7376: - -https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376 -https://security-tracker.debian.org/tracker/CVE-2017-7376 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e - -From 5dca9eea1bd4263bfa4d037ab2443de1cd730f7e Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Fri, 7 Apr 2017 17:13:28 +0200 -Subject: [PATCH] Increase buffer space for port in HTTP redirect support - -For https://bugzilla.gnome.org/show_bug.cgi?id=780690 - -nanohttp.c: the code wrongly assumed a short int port value. ---- - nanohttp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/nanohttp.c b/nanohttp.c -index e109ad75..373425de 100644 ---- a/nanohttp.c -+++ b/nanohttp.c -@@ -1423,9 +1423,9 @@ retry: - if (ctxt->port != 80) { - /* reserve space for ':xxxxx', incl. potential proxy */ - if (proxy) -- blen += 12; -+ blen += 17; - else -- blen += 6; -+ blen += 11; - } - bp = (char*)xmlMallocAtomic(blen); - if ( bp == NULL ) { --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch b/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch deleted file mode 100644 index 0a0e6d34cf..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch +++ /dev/null @@ -1,130 +0,0 @@ -Fix CVE-2017-{9047,9048}: - -https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not yet public) -https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048 -http://www.openwall.com/lists/oss-security/2017/05/15/1 -https://security-tracker.debian.org/tracker/CVE-2017-9047 -https://security-tracker.debian.org/tracker/CVE-2017-9048 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74 - -From 932cc9896ab41475d4aa429c27d9afd175959d74 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Sat, 3 Jun 2017 02:01:29 +0200 -Subject: [PATCH] Fix buffer size checks in xmlSnprintfElementContent -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -xmlSnprintfElementContent failed to correctly check the available -buffer space in two locations. - -Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). - -Thanks to Marcel Böhme and Thuan Pham for the report. ---- - result/valid/781333.xml | 5 +++++ - result/valid/781333.xml.err | 3 +++ - result/valid/781333.xml.err.rdr | 6 ++++++ - test/valid/781333.xml | 4 ++++ - valid.c | 20 +++++++++++--------- - 5 files changed, 29 insertions(+), 9 deletions(-) - create mode 100644 result/valid/781333.xml - create mode 100644 result/valid/781333.xml.err - create mode 100644 result/valid/781333.xml.err.rdr - create mode 100644 test/valid/781333.xml - -diff --git a/result/valid/781333.xml b/result/valid/781333.xml -new file mode 100644 -index 00000000..45dc451d ---- /dev/null -+++ b/result/valid/781333.xml -@@ -0,0 +1,5 @@ -+<?xml version="1.0"?> -+<!DOCTYPE a [ -+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> -+]> -+<a/> -diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err -new file mode 100644 -index 00000000..b401b49a ---- /dev/null -+++ b/result/valid/781333.xml.err -@@ -0,0 +1,3 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+<a/> -+ ^ -diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr -new file mode 100644 -index 00000000..5ff56992 ---- /dev/null -+++ b/result/valid/781333.xml.err.rdr -@@ -0,0 +1,6 @@ -+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got -+<a/> -+ ^ -+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child -+ -+^ -diff --git a/test/valid/781333.xml b/test/valid/781333.xml -new file mode 100644 -index 00000000..b29e5a68 ---- /dev/null -+++ b/test/valid/781333.xml -@@ -0,0 +1,4 @@ -+<!DOCTYPE a [ -+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> -+]> -+<a/> -diff --git a/valid.c b/valid.c -index 19f84b82..9b2df56a 100644 ---- a/valid.c -+++ b/valid.c -@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - case XML_ELEMENT_CONTENT_PCDATA: - strcat(buf, "#PCDATA"); - break; -- case XML_ELEMENT_CONTENT_ELEMENT: -+ case XML_ELEMENT_CONTENT_ELEMENT: { -+ int qnameLen = xmlStrlen(content->name); -+ -+ if (content->prefix != NULL) -+ qnameLen += xmlStrlen(content->prefix) + 1; -+ if (size - len < qnameLen + 10) { -+ strcat(buf, " ..."); -+ return; -+ } - if (content->prefix != NULL) { -- if (size - len < xmlStrlen(content->prefix) + 10) { -- strcat(buf, " ..."); -- return; -- } - strcat(buf, (char *) content->prefix); - strcat(buf, ":"); - } -- if (size - len < xmlStrlen(content->name) + 10) { -- strcat(buf, " ..."); -- return; -- } - if (content->name != NULL) - strcat(buf, (char *) content->name); - break; -+ } - case XML_ELEMENT_CONTENT_SEQ: - if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || - (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) -@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int - xmlSnprintfElementContent(buf, size, content->c2, 0); - break; - } -+ if (size - strlen(buf) <= 2) return; - if (englob) - strcat(buf, ")"); - switch (content->ocur) { --- -2.14.1 - diff --git a/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch b/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch deleted file mode 100644 index 890e9c2284..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch +++ /dev/null @@ -1,319 +0,0 @@ -Fix CVE-2017-{9049,9050}: - -https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not yet public) -https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not yet public) -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050 -http://www.openwall.com/lists/oss-security/2017/05/15/1 -https://security-tracker.debian.org/tracker/CVE-2017-9049 -https://security-tracker.debian.org/tracker/CVE-2017-9050 - -Patch copied from upstream source repository: - -https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3 - -Changes to 'runtest.c' are removed since they introduce test failure -when applying to libxml2 2.9.4 release tarball. - -From e26630548e7d138d2c560844c43820b6767251e3 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Mon, 5 Jun 2017 15:37:17 +0200 -Subject: [PATCH] Fix handling of parameter-entity references -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There were two bugs where parameter-entity references could lead to an -unexpected change of the input buffer in xmlParseNameComplex and -xmlDictLookup being called with an invalid pointer. - -Percent sign in DTD Names -========================= - -The NEXTL macro used to call xmlParserHandlePEReference. When parsing -"complex" names inside the DTD, this could result in entity expansion -which created a new input buffer. The fix is to simply remove the call -to xmlParserHandlePEReference from the NEXTL macro. This is safe because -no users of the macro require expansion of parameter entities. - -- xmlParseNameComplex -- xmlParseNCNameComplex -- xmlParseNmtoken - -The percent sign is not allowed in names, which are grammatical tokens. - -- xmlParseEntityValue - -Parameter-entity references in entity values are expanded but this -happens in a separate step in this function. - -- xmlParseSystemLiteral - -Parameter-entity references are ignored in the system literal. - -- xmlParseAttValueComplex -- xmlParseCharDataComplex -- xmlParseCommentComplex -- xmlParsePI -- xmlParseCDSect - -Parameter-entity references are ignored outside the DTD. - -- xmlLoadEntityContent - -This function is only called from xmlStringLenDecodeEntities and -entities are replaced in a separate step immediately after the function -call. - -This bug could also be triggered with an internal subset and double -entity expansion. - -This fixes bug 766956 initially reported by Wei Lei and independently by -Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone -involved. - -xmlParseNameComplex with XML_PARSE_OLD10 -======================================== - -When parsing Names inside an expanded parameter entity with the -XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the -GROW macro if the input buffer was exhausted. At the end of the -parameter entity's replacement text, this function would then call -xmlPopInput which invalidated the input buffer. - -There should be no need to invoke GROW in this situation because the -buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, -at least for UTF-8, in xmlCurrentChar. This also matches the code path -executed when XML_PARSE_OLD10 is not set. - -This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). -Thanks to Marcel Böhme and Thuan Pham for the report. - -Additional hardening -==================== - -A separate check was added in xmlParseNameComplex to validate the -buffer size. ---- - Makefile.am | 18 ++++++++++++++++++ - parser.c | 18 ++++++++++-------- - result/errors10/781205.xml | 0 - result/errors10/781205.xml.err | 21 +++++++++++++++++++++ - result/errors10/781361.xml | 0 - result/errors10/781361.xml.err | 13 +++++++++++++ - result/valid/766956.xml | 0 - result/valid/766956.xml.err | 9 +++++++++ - result/valid/766956.xml.err.rdr | 10 ++++++++++ - runtest.c | 3 +++ - test/errors10/781205.xml | 3 +++ - test/errors10/781361.xml | 3 +++ - test/valid/766956.xml | 2 ++ - test/valid/dtds/766956.dtd | 2 ++ - 14 files changed, 94 insertions(+), 8 deletions(-) - create mode 100644 result/errors10/781205.xml - create mode 100644 result/errors10/781205.xml.err - create mode 100644 result/errors10/781361.xml - create mode 100644 result/errors10/781361.xml.err - create mode 100644 result/valid/766956.xml - create mode 100644 result/valid/766956.xml.err - create mode 100644 result/valid/766956.xml.err.rdr - create mode 100644 test/errors10/781205.xml - create mode 100644 test/errors10/781361.xml - create mode 100644 test/valid/766956.xml - create mode 100644 test/valid/dtds/766956.dtd - -diff --git a/Makefile.am b/Makefile.am -index 6fc8ffa9..10e716a5 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -427,6 +427,24 @@ Errtests : xmllint$(EXEEXT) - if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ - rm result.$$name error.$$name ; \ - fi ; fi ; done) -+ @echo "## Error cases regression tests (old 1.0)" -+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \ -+ name=`basename $$i`; \ -+ if [ ! -d $$i ] ; then \ -+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \ -+ echo New test file $$name ; \ -+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \ -+ 2> $(srcdir)/result/errors10/$$name.err \ -+ > $(srcdir)/result/errors10/$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ else \ -+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \ -+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ -+ diff $(srcdir)/result/errors10/$$name result.$$name ; \ -+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \ -+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ -+ rm result.$$name error.$$name ; \ -+ fi ; fi ; done) - @echo "## Error cases stream regression tests" - -@(for i in $(srcdir)/test/errors/*.xml ; do \ - name=`basename $$i`; \ -diff --git a/parser.c b/parser.c -index df2efa55..a175ac4e 100644 ---- a/parser.c -+++ b/parser.c -@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) { - ctxt->input->line++; ctxt->input->col = 1; \ - } else ctxt->input->col++; \ - ctxt->input->cur += l; \ -- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \ - } while (0) - - #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l) -@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - len += l; - NEXTL(l); - c = CUR_CHAR(l); -- if (c == 0) { -- count = 0; -- GROW; -- if (ctxt->instate == XML_PARSER_EOF) -- return(NULL); -- c = CUR_CHAR(l); -- } - } - } - if ((len > XML_MAX_NAME_LENGTH) && -@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); - return(NULL); - } -+ if (ctxt->input->cur - ctxt->input->base < len) { -+ /* -+ * There were a couple of bugs where PERefs lead to to a change -+ * of the buffer. Check the buffer size to avoid passing an invalid -+ * pointer to xmlDictLookup. -+ */ -+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, -+ "unexpected change of input buffer"); -+ return (NULL); -+ } - if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); - return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); -diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml -new file mode 100644 -index 00000000..e69de29b -diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err -new file mode 100644 -index 00000000..da15c3f7 ---- /dev/null -+++ b/result/errors10/781205.xml.err -@@ -0,0 +1,21 @@ -+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+Entity: line 1: parser error : DOCTYPE improperly terminated -+ %a; -+ ^ -+Entity: line 1: -+<:0000 -+^ -+namespace error : Failed to parse QName ':0000' -+ %a; -+ ^ -+<:0000 -+ ^ -+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1 -+ -+^ -diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml -new file mode 100644 -index 00000000..e69de29b -diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err -new file mode 100644 -index 00000000..655f41a2 ---- /dev/null -+++ b/result/errors10/781361.xml.err -@@ -0,0 +1,13 @@ -+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected -+ -+^ -+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ -+^ -+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated -+ -+^ -+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found -+ -+^ -diff --git a/result/valid/766956.xml b/result/valid/766956.xml -new file mode 100644 -index 00000000..e69de29b -diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err -new file mode 100644 -index 00000000..34b1dae6 ---- /dev/null -+++ b/result/valid/766956.xml.err -@@ -0,0 +1,9 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr -new file mode 100644 -index 00000000..77603462 ---- /dev/null -+++ b/result/valid/766956.xml.err.rdr -@@ -0,0 +1,10 @@ -+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' -+%ä%ent; -+ ^ -+Entity: line 1: parser error : Content error in the external subset -+ %ent; -+ ^ -+Entity: line 1: -+value -+^ -+./test/valid/766956.xml : failed to parse -diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml -new file mode 100644 -index 00000000..d9e9e839 ---- /dev/null -+++ b/test/errors10/781205.xml -@@ -0,0 +1,3 @@ -+<!DOCTYPE D [ -+ <!ENTITY % a "<:0000"> -+ %a; -diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml -new file mode 100644 -index 00000000..67476bcb ---- /dev/null -+++ b/test/errors10/781361.xml -@@ -0,0 +1,3 @@ -+<!DOCTYPE doc [ -+ <!ENTITY % elem "<!ELEMENT e0000000000"> -+ %elem; -diff --git a/test/valid/766956.xml b/test/valid/766956.xml -new file mode 100644 -index 00000000..19a95a0e ---- /dev/null -+++ b/test/valid/766956.xml -@@ -0,0 +1,2 @@ -+<!DOCTYPE test SYSTEM "dtds/766956.dtd"> -+<test/> -diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd -new file mode 100644 -index 00000000..dddde68b ---- /dev/null -+++ b/test/valid/dtds/766956.dtd -@@ -0,0 +1,2 @@ -+<!ENTITY % ent "value"> -+%ä%ent; --- -2.14.1 - diff --git a/gnu/packages/patches/libxslt-CVE-2016-4738.patch b/gnu/packages/patches/libxslt-CVE-2016-4738.patch deleted file mode 100644 index a7537c66ca..0000000000 --- a/gnu/packages/patches/libxslt-CVE-2016-4738.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix CVE-2016-4738: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738 -https://bugs.chromium.org/p/chromium/issues/detail?id=619006 - -Patch copied from upstream source repository: -https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880 - -From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Fri, 10 Jun 2016 14:23:58 +0200 -Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion - -An empty decimal-separator could cause a heap overread. This can be -exploited to leak a couple of bytes after the buffer that holds the -pattern string. - -Found with afl-fuzz and ASan. ---- - libxslt/numbers.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libxslt/numbers.c b/libxslt/numbers.c -index d1549b4..e78c46b 100644 ---- a/libxslt/numbers.c -+++ b/libxslt/numbers.c -@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self, - } - - /* We have finished the integer part, now work on fraction */ -- if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) { -+ if ( (*the_format != 0) && -+ (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) { - format_info.add_decimal = TRUE; - the_format += xsltUTF8Size(the_format); /* Skip over the decimal */ - } --- -2.10.2 - diff --git a/gnu/packages/patches/pcre-CVE-2017-7186.patch b/gnu/packages/patches/pcre-CVE-2017-7186.patch deleted file mode 100644 index d23aa10374..0000000000 --- a/gnu/packages/patches/pcre-CVE-2017-7186.patch +++ /dev/null @@ -1,56 +0,0 @@ -Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186> -from <https://vcs.pcre.org/pcre?view=revision&revision=1688>. - ---- trunk/pcre_internal.h 2016/05/21 13:34:44 1649 -+++ trunk/pcre_internal.h 2017/02/24 17:30:30 1688 -@@ -2772,6 +2772,9 @@ - extern const pcre_uint16 PRIV(ucd_stage2)[]; - extern const pcre_uint32 PRIV(ucp_gentype)[]; - extern const pcre_uint32 PRIV(ucp_gbtable)[]; -+#ifdef COMPILE_PCRE32 -+extern const ucd_record PRIV(dummy_ucd_record)[]; -+#endif - #ifdef SUPPORT_JIT - extern const int PRIV(ucp_typerange)[]; - #endif -@@ -2780,9 +2783,15 @@ - /* UCD access macros */ - - #define UCD_BLOCK_SIZE 128 --#define GET_UCD(ch) (PRIV(ucd_records) + \ -+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \ - PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \ - UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE]) -+ -+#ifdef COMPILE_PCRE32 -+#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch)) -+#else -+#define GET_UCD(ch) REAL_GET_UCD(ch) -+#endif - - #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype - #define UCD_SCRIPT(ch) GET_UCD(ch)->script - ---- trunk/pcre_ucd.c 2014/06/19 07:51:39 1490 -+++ trunk/pcre_ucd.c 2017/02/24 17:30:30 1688 -@@ -38,6 +38,20 @@ - const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0}; - #else - -+/* If the 32-bit library is run in non-32-bit mode, character values -+greater than 0x10ffff may be encountered. For these we set up a -+special record. */ -+ -+#ifdef COMPILE_PCRE32 -+const ucd_record PRIV(dummy_ucd_record)[] = {{ -+ ucp_Common, /* script */ -+ ucp_Cn, /* type unassigned */ -+ ucp_gbOther, /* grapheme break property */ -+ 0, /* case set */ -+ 0, /* other case */ -+ }}; -+#endif -+ - /* When recompiling tables with a new Unicode version, please check the - types in this structure definition from pcre_internal.h (the actual - field names will be different): diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm index 574ae4a6ba..c84f07cc7e 100644 --- a/gnu/packages/pcre.scm +++ b/gnu/packages/pcre.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -33,8 +34,7 @@ (define-public pcre (package (name "pcre") - (version "8.40") - (replacement pcre-8.41) + (version "8.41") (source (origin (method url-fetch) (uri (list @@ -43,10 +43,9 @@ "pcre-" version ".tar.bz2") (string-append "mirror://sourceforge/pcre/pcre/" version "/pcre-" version ".tar.bz2"))) - (patches (search-patches "pcre-CVE-2017-7186.patch")) (sha256 (base32 - "1x7lpjn7jhk0n3sdvggxrlrhab8kkfjwl7qix0ypw9nlx8lpmqh0")))) + "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76")))) (build-system gnu-build-system) (outputs '("out" ;library & headers "bin" ;depends on Readline (adds 20MiB to the closure) @@ -73,21 +72,6 @@ POSIX regular expression API.") (license license:bsd-3) (home-page "http://www.pcre.org/"))) -(define pcre-8.41 - (package - (inherit pcre) - (version "8.41") - (source (origin - (method url-fetch) - (uri (list (string-append "mirror://sourceforge/pcre/pcre/" - version "/pcre-" version ".tar.bz2") - (string-append "ftp://ftp.csx.cam.ac.uk" - "/pub/software/programming/pcre/" - "pcre-" version ".tar.bz2"))) - (sha256 - (base32 - "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76")))))) - (define-public pcre2 (package (name "pcre2") diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index c392c305a4..438ccdf3f9 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -54,14 +54,14 @@ ;; Yeah, Perl... It is required early in the bootstrap process by Linux. (package (name "perl") - (version "5.26.0") + (version "5.26.1") (source (origin (method url-fetch) (uri (string-append "mirror://cpan/src/5.0/perl-" version ".tar.gz")) (sha256 (base32 - "0zxn9hd7mqgq06ikyi6k70ngbvjf01z1paw0jd25byyl0rlwdrzb")) + "1p81wwvr5jb81m41d07kfywk5gvbk0axdrnvhc2aghcdbr4alqz7")) (patches (search-patches "perl-file-path-CVE-2017-6512.patch" "perl-no-sys-dirs.patch" diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 4b080a8341..de9b321fb7 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -6246,14 +6246,15 @@ implementation of D-Bus.") (define-public python-apsw (package (name "python-apsw") - (version "3.9.2-r1") + (version "3.20.1-r1") (source (origin (method url-fetch) - (uri (pypi-uri "apsw" version)) + (uri (string-append "https://github.com/rogerbinns/apsw/archive/" + version ".tar.gz")) (sha256 (base32 - "0w4jb0wpx785qw42r3h4fh7gl5w2968q48i7gygybsfxck8nzffs")))) + "00ai7m2pqi26qaflhz314d8k5i3syw7xzr145fhfl0crhyh6adz2")))) (build-system python-build-system) (inputs `(("sqlite" ,sqlite))) diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index caab8fac4b..5a7548df68 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2015, 2016, 2017 Ben Woodcroft <donttrustben@gmail.com> ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm index 8c33023bd0..c7f2f4840f 100644 --- a/gnu/packages/texinfo.scm +++ b/gnu/packages/texinfo.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2012, 2013, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -30,19 +31,17 @@ #:use-module (gnu packages ncurses)) (define-public texinfo - ;; TODO: Merge with 'texinfo-latest' on the next core-updates. (package (name "texinfo") - (version "6.3") + (version "6.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/texinfo/texinfo-" version ".tar.xz")) (sha256 (base32 - "0fpr9kdjjl6nj2pc50k2zr7134hvqz8bi8pfqa7131a9lpzz6v14")))) + "0qjzvbvnv9003xdrcpi3jp7y68j4hq2ciw9frh2hghh698zlnxvp")))) (build-system gnu-build-system) - (native-inputs `(("procps" ,procps))) ;one of the tests needs pgrep (inputs `(("ncurses" ,ncurses) ("perl" ,perl))) @@ -63,19 +62,6 @@ their source and the command-line Info reader. The emphasis of the language is on expressing the content semantically, avoiding physical markup commands.") (license gpl3+))) -(define-public texinfo-latest - ;; TODO: Turn this into 'texinfo' on the next core-updates cycle. - (package (inherit texinfo) - (version "6.5") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/texinfo/texinfo-" - version ".tar.xz")) - (sha256 - (base32 - "0qjzvbvnv9003xdrcpi3jp7y68j4hq2ciw9frh2hghh698zlnxvp")))) - (native-inputs '()))) - (define-public texinfo-5 (package (inherit texinfo) (version "5.2") diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 075ea7a1c2..fe4c908c32 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -56,7 +56,6 @@ (package (name "libtasn1") (version "4.12") - (replacement libtasn1/fixed) (source (origin (method url-fetch) @@ -64,7 +63,8 @@ version ".tar.gz")) (sha256 (base32 - "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7")))) + "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7")) + (patches (search-patches "libtasn1-CVE-2017-10790.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (home-page "https://www.gnu.org/software/libtasn1/") @@ -76,13 +76,6 @@ networking, allowing for formal validation of data according to some specifications.") (license license:lgpl2.0+))) -(define libtasn1/fixed - (package - (inherit libtasn1) - (source (origin - (inherit (package-source libtasn1)) - (patches (search-patches "libtasn1-CVE-2017-10790.patch")))))) - (define-public asn1c (package (name "asn1c") diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 163743c07d..13eb608144 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org> -;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com> ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org> ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> @@ -57,15 +57,14 @@ (define-public expat (package (name "expat") - (version "2.2.1") - (replacement expat-2.2.2) + (version "2.2.2") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/expat/expat/" version "/expat-" version ".tar.bz2")) (sha256 (base32 - "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q")))) + "0ik0r39ala9c6hj4kxrk933klgwkzlkbrfhvhaykx8l1rwgr2xj3")))) (build-system gnu-build-system) (home-page "http://www.libexpat.org/") (synopsis "Stream-oriented XML parser library written in C") @@ -75,18 +74,6 @@ stream-oriented parser in which an application registers handlers for things the parser might find in the XML document (like start tags).") (license license:expat))) -(define expat-2.2.2 ; Fixes CVE-2017-9233, CVE-2016-9063 and other issues. - (package - (inherit expat) - (version "2.2.2") - (source (origin - (method url-fetch) - (uri (string-append "mirror://sourceforge/expat/expat/" - version "/expat-" version ".tar.bz2")) - (sha256 - (base32 - "0ik0r39ala9c6hj4kxrk933klgwkzlkbrfhvhaykx8l1rwgr2xj3")))))) - (define-public libebml (package (name "libebml") @@ -111,17 +98,14 @@ hierarchical form with variable field lengths.") (define-public libxml2 (package (name "libxml2") - (version "2.9.4") - (replacement libxml2/fixed) + (version "2.9.6") (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-" version ".tar.gz")) - (patches (search-patches "libxml2-CVE-2016-4658.patch" - "libxml2-CVE-2016-5131.patch")) (sha256 (base32 - "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz")))) + "1g7byn6y0yw17rl74gs89xnxrpwj424938rf8qfqh3i4lz63i44b")))) (build-system gnu-build-system) (home-page "http://www.xmlsoft.org/") (synopsis "C parser for XML") @@ -141,20 +125,6 @@ hierarchical form with variable field lengths.") project (but it is usable outside of the Gnome platform).") (license license:x11))) -(define libxml2/fixed - (package - (inherit libxml2) - (source - (origin - (inherit (package-source libxml2)) - (patches - (append (origin-patches (package-source libxml2)) - (search-patches "libxml2-CVE-2017-0663.patch" - "libxml2-CVE-2017-7375.patch" - "libxml2-CVE-2017-7376.patch" - "libxml2-CVE-2017-9047+CVE-2017-9048.patch" - "libxml2-CVE-2017-9049+CVE-2017-9050.patch"))))))) - (define-public python-libxml2 (package (inherit libxml2) (name "python-libxml2") @@ -187,15 +157,14 @@ project (but it is usable outside of the Gnome platform).") (define-public libxslt (package (name "libxslt") - (version "1.1.29") + (version "1.1.31") (source (origin (method url-fetch) (uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-" version ".tar.gz")) - (patches (search-patches "libxslt-CVE-2016-4738.patch")) (sha256 (base32 - "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm")) + "1azk48vf91nfajhm7k9cz3zrvh0aaq85ph37gqkl84c0ddmyj9fv")) (patches (search-patches "libxslt-generated-ids.patch")))) (build-system gnu-build-system) (home-page "http://xmlsoft.org/XSLT/index.html") diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 4caa3d9ff7..1a2bf80004 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -3818,7 +3818,7 @@ extension to the X11 protocol. It includes: (define-public xkeyboard-config (package (name "xkeyboard-config") - (version "2.21") + (version "2.22") (source (origin (method url-fetch) @@ -3828,7 +3828,7 @@ extension to the X11 protocol. It includes: ".tar.bz2")) (sha256 (base32 - "1iffxpchy6dfgbby23nfsqqk17h9lfddlmjnhwagqag1z94p1h9h")))) + "1garmbyfjp0han04l2l90zzwlfbdgdxl6r1qnic36i5wkycckbny")))) (build-system gnu-build-system) (inputs `(("gettext" ,gettext-minimal) @@ -4892,24 +4892,16 @@ new API's in libXft, or the legacy API's in libX11.") (package (inherit libxfont) (version "2.0.1") - (replacement libxfont2/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://xorg/individual/lib/libXfont2-" version ".tar.bz2")) + (patches (search-patches "libxfont-CVE-2017-13720.patch" + "libxfont-CVE-2017-13722.patch")) (sha256 (base32 "0znvwk36nhmyqpmhbm9mzisgixp1mp5qkfald8x1n5yxbm3vpyz9")))))) -(define libxfont2/fixed - (package - (inherit libxfont2) - (source - (origin - (inherit (package-source libxfont2)) - (patches (search-patches "libxfont-CVE-2017-13720.patch" - "libxfont-CVE-2017-13722.patch")))))) - (define-public libxi (package (name "libxi") diff --git a/guix/build/utils.scm b/guix/build/utils.scm index 7391307c87..d7ed3d5177 100644 --- a/guix/build/utils.scm +++ b/guix/build/utils.scm @@ -29,6 +29,7 @@ #:use-module (ice-9 regex) #:use-module (ice-9 rdelim) #:use-module (ice-9 format) + #:use-module (ice-9 threads) #:use-module (rnrs bytevectors) #:use-module (rnrs io ports) #:re-export (alist-cons diff --git a/guix/download.scm b/guix/download.scm index 074322b24f..449521c199 100644 --- a/guix/download.scm +++ b/guix/download.scm @@ -412,89 +412,6 @@ download by itself using its own dependencies." ;; for that built-in is widespread. #:local-build? #t))) -(define* (in-band-download file-name url - #:key system hash-algo hash - mirrors content-addressed-mirrors - guile) - "Download FILE-NAME from URL using a normal, \"in-band\" fixed-output -derivation. - -This is now deprecated since it has the drawback of causing bootstrapping -issues: we may need to build GnuTLS just to be able to download the source of -GnuTLS itself and its dependencies. See <http://bugs.gnu.org/22774>." - (define need-gnutls? - ;; True if any of the URLs need TLS support. - (let ((https? (cut string-prefix? "https://" <>))) - (match url - ((? string?) - (https? url)) - ((url ...) - (any https? url))))) - - (define builder - (with-imported-modules '((guix build download) - (guix build utils) - (guix ftp-client) - (guix base32) - (guix base64)) - #~(begin - #+(if need-gnutls? - - ;; Add GnuTLS to the inputs and to the load path. - #~(eval-when (load expand eval) - (set! %load-path - (cons (string-append #+(gnutls-package) - "/share/guile/site/" - (effective-version)) - %load-path))) - #~#t) - - (use-modules (guix build download) - (guix base32)) - - (let ((value-from-environment (lambda (variable) - (call-with-input-string - (getenv variable) - read)))) - (url-fetch (value-from-environment "guix download url") - #$output - #:mirrors (call-with-input-file #$mirrors read) - - ;; Content-addressed mirrors. - #:hashes - (value-from-environment "guix download hashes") - #:content-addressed-mirrors - (primitive-load #$content-addressed-mirrors) - - ;; No need to validate certificates since we know the - ;; hash of the expected result. - #:verify-certificate? #f))))) - - (mlet %store-monad ((guile (package->derivation guile system))) - (gexp->derivation file-name builder - #:guile-for-build guile - #:system system - #:hash-algo hash-algo - #:hash hash - - ;; Use environment variables and a fixed script - ;; name so there's only one script in store for - ;; all the downloads. - #:script-name "download" - #:env-vars - `(("guix download url" . ,(object->string url)) - ("guix download hashes" - . ,(object->string `((,hash-algo . ,hash))))) - - ;; Honor the user's proxy settings. - #:leaked-env-vars '("http_proxy" "https_proxy") - - ;; In general, offloading downloads is not a good - ;; idea. Daemons before 0.8.3 would also - ;; interpret this as "do not substitute" (see - ;; <https://bugs.gnu.org/18747>.) - #:local-build? #t))) - (define* (url-fetch url hash-algo hash #:optional name #:key (system (%current-system)) @@ -521,18 +438,21 @@ in the store." (and uri (memq (uri-scheme uri) '(#f file)))) (interned-file (if uri (uri-path uri) url) (or name file-name)) - (mlet* %store-monad ((builtins (built-in-builders*)) - (download -> (if (member "download" builtins) - built-in-download - in-band-download))) - (download (or name file-name) url - #:guile guile - #:system system - #:hash-algo hash-algo - #:hash hash - #:mirrors %mirror-file - #:content-addressed-mirrors - %content-addressed-mirror-file))))) + (mlet %store-monad ((builtins (built-in-builders*))) + ;; The "download" built-in builder was added in guix-daemon in + ;; Nov. 2016 and made it in the 0.12.0 release of Dec. 2016. We now + ;; require it. + (unless (member "download" builtins) + (error "'guix-daemon' is too old, please upgrade" builtins)) + + (built-in-download (or name file-name) url + #:guile guile + #:system system + #:hash-algo hash-algo + #:hash hash + #:mirrors %mirror-file + #:content-addressed-mirrors + %content-addressed-mirror-file))))) (define* (url-fetch/tarbomb url hash-algo hash #:optional name |