summaryrefslogtreecommitdiff
path: root/gnu/packages
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/base.scm38
-rw-r--r--gnu/packages/bootstrap.scm2
-rw-r--r--gnu/packages/check.scm8
-rw-r--r--gnu/packages/cmake.scm5
-rw-r--r--gnu/packages/commencement.scm73
-rw-r--r--gnu/packages/compression.scm6
-rw-r--r--gnu/packages/databases.scm4
-rw-r--r--gnu/packages/ed.scm16
-rw-r--r--gnu/packages/emacs.scm8
-rw-r--r--gnu/packages/fonts.scm4
-rw-r--r--gnu/packages/fontutils.scm8
-rw-r--r--gnu/packages/gcc.scm11
-rw-r--r--gnu/packages/gnupg.scm5
-rw-r--r--gnu/packages/image.scm4
-rw-r--r--gnu/packages/ld-wrapper.in6
-rw-r--r--gnu/packages/linux.scm38
-rw-r--r--gnu/packages/multiprecision.scm4
-rw-r--r--gnu/packages/patches/expat-CVE-2015-1283.patch89
-rw-r--r--gnu/packages/patches/gcc-libiberty-printf-decl.patch28
-rw-r--r--gnu/packages/patches/glibc-CVE-2015-7547.patch559
-rw-r--r--gnu/packages/patches/glibc-locale-incompatibility.patch23
-rw-r--r--gnu/packages/pcre.scm6
-rw-r--r--gnu/packages/perl.scm39
-rw-r--r--gnu/packages/python.scm82
-rw-r--r--gnu/packages/texinfo.scm20
-rw-r--r--gnu/packages/tls.scm8
-rw-r--r--gnu/packages/xdisorg.scm4
-rw-r--r--gnu/packages/xml.scm9
28 files changed, 252 insertions, 855 deletions
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 1c4ebbf64f..fce193ceec 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -74,14 +74,14 @@ command-line arguments, multiple languages, and so on.")
(define-public grep
(package
(name "grep")
- (version "2.22")
+ (version "2.25")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/grep/grep-"
version ".tar.xz"))
(sha256
(base32
- "1srn321x7whlhs5ks36zlcrrmj4iahll8fxwsh1vbz3v04px54fa"))
+ "0c38b67cnwchwzv4wq2gpz6smkhdxrac2hhssv8f0l04qnx867p2"))
(patches (search-patches "grep-timing-sensitive-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl))) ;some of the tests require it
@@ -242,23 +242,14 @@ used to apply commands with arbitrarily long arguments.")
(define-public coreutils
(package
(name "coreutils")
- (version "8.24")
+ (version "8.25")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/coreutils/coreutils-"
version ".tar.xz"))
(sha256
(base32
- "0w11jw3fb5sslf0f72kxy7llxgk1ia3a6bcw0c9kmvxrlj355mx2"))
- (patches
- (list (origin
- (method url-fetch)
- (uri "http://git.savannah.gnu.org/cgit/coreutils.git/\
-patch/?id=3ba68f9e64fa2eb8af22d510437a0c6441feb5e0")
- (sha256
- (base32
- "1dnlszhc8lihhg801i9sz896mlrgfsjfcz62636prb27k5hmixqz"))
- (file-name "coreutils-tail-inotify-race.patch"))))))
+ "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii"))))
(build-system gnu-build-system)
(inputs `(("acl" ,acl) ; TODO: add SELinux
("gmp" ,gmp) ;bignums in 'expr', yay!
@@ -465,14 +456,14 @@ store.")
(define-public glibc
(package
(name "glibc")
- (version "2.22")
+ (version "2.23")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-"
version ".tar.xz"))
(sha256
(base32
- "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb"))
+ "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))
(snippet
;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is
;; required on LFS distros to avoid loading the distro's libc.so
@@ -481,12 +472,9 @@ store.")
(("use_ldconfig=yes")
"use_ldconfig=no")))
(modules '((guix build utils)))
- (patches
- (search-patches "glibc-ldd-x86_64.patch"
- "glibc-locale-incompatibility.patch"
- "glibc-versioned-locpath.patch"
- "glibc-o-largefile.patch"
- "glibc-CVE-2015-7547.patch"))))
+ (patches (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-o-largefile.patch"))))
(build-system gnu-build-system)
;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
@@ -503,7 +491,7 @@ store.")
#:parallel-build? #f
;; The libraries have an empty RUNPATH, but some, such as the versioned
- ;; libraries (libdl-2.22.so, etc.) have ld.so marked as NEEDED. Since
+ ;; libraries (libdl-2.23.so, etc.) have ld.so marked as NEEDED. Since
;; these libraries are always going to be found anyway, just skip
;; RUNPATH checks.
#:validate-runpath? #f
@@ -545,7 +533,7 @@ store.")
"/bin/bash")
;; XXX: Work around "undefined reference to `__stack_chk_guard'".
- "libc_cv_ssp=no")
+ "libc_cv_ssp=no" "libc_cv_ssp_strong=no")
#:tests? #f ; XXX
#:phases (modify-phases %standard-phases
@@ -559,10 +547,6 @@ store.")
;; but cross-base uses it as a native input.
(bash (or (assoc-ref inputs "static-bash")
(assoc-ref native-inputs "static-bash"))))
- ;; Use `pwd', not `/bin/pwd'.
- (substitute* "configure"
- (("/bin/pwd") "pwd"))
-
;; Install the rpc data base file under `$out/etc/rpc'.
;; FIXME: Use installFlags = [ "sysconfdir=$(out)/etc" ];
(substitute* "sunrpc/Makefile"
diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index a3cd18519c..2aa4711ba8 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -61,7 +61,7 @@
(define (boot fetch)
(lambda* (url hash-algo hash
#:optional name #:key system)
- (fetch url hash-algo hash
+ (fetch url hash-algo hash name
#:guile %bootstrap-guile
#:system system)))
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index 9eef7a9a71..2b2dce9e9e 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -35,15 +35,15 @@
(define-public check
(package
(name "check")
- (version "0.9.14")
+ (version "0.10.0")
(source
(origin
(method url-fetch)
- (uri (string-append "mirror://sourceforge/check/check/"
- version "/check-" version ".tar.gz"))
+ (uri (string-append "https://github.com/libcheck/check/files/71408/"
+ "/check-" version ".tar.gz"))
(sha256
(base32
- "02l4g79d81s07hzywcv1knwj5dyrwjiq2pgxaz7kidxi8m364wn2"))))
+ "0lhhywf5nxl3dd0hdakra3aasl590756c9kmvyifb3vgm9k0gxgm"))))
(build-system gnu-build-system)
(home-page "https://libcheck.github.io/check/")
(synopsis "Unit test framework for C")
diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm
index 1cb1e06993..cac059ec37 100644
--- a/gnu/packages/cmake.scm
+++ b/gnu/packages/cmake.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -36,7 +37,7 @@
(define-public cmake
(package
(name "cmake")
- (version "3.3.2")
+ (version "3.5.0")
(source (origin
(method url-fetch)
(uri (string-append "https://www.cmake.org/files/v"
@@ -44,7 +45,7 @@
"/cmake-" version ".tar.gz"))
(sha256
(base32
- "08pwy9ip9cgwgynhn5vrjw8drw29gijy1rmziq22n65zds6ifnp7"))
+ "1yly38mpk2s08b4rglp9xcw5pxalk0whp9hrcg7j8qpxlkc3mj4j"))
(patches (search-patches "cmake-fix-tests.patch"))))
(build-system gnu-build-system)
(arguments
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 6dfe5c9cb7..463f42537c 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -170,6 +170,26 @@
,cf)))))
(inputs %boot0-inputs))))
+(define libstdc++-boot0
+ ;; GCC's libcc1 is always built as a shared library (the top-level
+ ;; 'Makefile.def' forcefully adds --enable-shared) and thus needs to refer
+ ;; to libstdc++.so. We cannot build libstdc++-5.3 because it relies on
+ ;; C++14 features missing in our bootstrap compiler.
+ (let ((lib (package-with-bootstrap-guile (make-libstdc++ gcc-4.9))))
+ (package
+ (inherit lib)
+ (name "libstdc++-boot0")
+ (arguments
+ `(#:guile ,%bootstrap-guile
+ #:implicit-inputs? #f
+
+ ;; XXX: libstdc++.so NEEDs ld.so for some reason.
+ #:validate-runpath? #f
+
+ ,@(package-arguments lib)))
+ (inputs %boot0-inputs)
+ (native-inputs '()))))
+
(define gcc-boot0
(package-with-bootstrap-guile
(package (inherit gcc)
@@ -255,14 +275,13 @@
("mpc-source" ,(package-source mpc))
("binutils-cross" ,binutils-boot0)
+ ;; The libstdc++ that libcc1 links against.
+ ("libstdc++" ,libstdc++-boot0)
+
;; Call it differently so that the builder can check whether
;; the "libc" input is #f.
("libc-native" ,@(assoc-ref %boot0-inputs "libc"))
- ,@(alist-delete "libc" %boot0-inputs)))
-
- ;; No need for Texinfo at this stage.
- (native-inputs (alist-delete "texinfo"
- (package-native-inputs gcc))))))
+ ,@(alist-delete "libc" %boot0-inputs))))))
(define perl-boot0
(let ((perl (package
@@ -270,21 +289,24 @@
(name "perl-boot0")
(replacement #f)
(arguments
- (substitute-keyword-arguments (package-arguments perl)
- ((#:phases phases)
- `(modify-phases ,phases
- ;; Pthread support is missing in the bootstrap compiler
- ;; (broken spec file), so disable it.
- (add-before 'configure 'disable-pthreads
- (lambda _
- (substitute* "Configure"
- (("^libswanted=(.*)pthread" _ before)
- (string-append "libswanted=" before))))))))))))
- (package-with-bootstrap-guile
- (package-with-explicit-inputs perl
- %boot0-inputs
- (current-source-location)
- #:guile %bootstrap-guile))))
+ ;; At the very least, this must not depend on GCC & co.
+ (let ((args `(#:disallowed-references
+ ,(list %bootstrap-binutils))))
+ (substitute-keyword-arguments (package-arguments perl)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ ;; Pthread support is missing in the bootstrap compiler
+ ;; (broken spec file), so disable it.
+ (add-before 'configure 'disable-pthreads
+ (lambda _
+ (substitute* "Configure"
+ (("^libswanted=(.*)pthread" _ before)
+ (string-append "libswanted=" before)))))))))))))
+ (package-with-bootstrap-guile
+ (package-with-explicit-inputs perl
+ %boot0-inputs
+ (current-source-location)
+ #:guile %bootstrap-guile))))
(define (linux-libre-headers-boot0)
"Return Linux-Libre header files for the bootstrap environment."
@@ -306,7 +328,12 @@
;; Also, use %BOOT0-INPUTS to avoid building Perl once more.
(let ((texinfo (package (inherit texinfo)
(native-inputs '())
- (inputs `(("perl" ,perl-boot0))))))
+ (inputs `(("perl" ,perl-boot0)))
+
+ ;; Some of Texinfo 6.1's tests would fail with "Couldn't
+ ;; set UTF-8 character type in locale" but we don't have a
+ ;; UTF-8 locale at this stage, so skip them.
+ (arguments '(#:tests? #f)))))
(package-with-bootstrap-guile
(package-with-explicit-inputs texinfo %boot0-inputs
(current-source-location)
@@ -874,9 +901,9 @@ and binaries, plus debugging symbols in the 'debug' output), and Binutils.")
(gcc-toolchain gcc-4.8))
(define-public gcc-toolchain-4.9
- (gcc-toolchain gcc-final))
+ (gcc-toolchain gcc-4.9))
(define-public gcc-toolchain-5
- (gcc-toolchain gcc-5))
+ (gcc-toolchain gcc-final))
;;; commencement.scm ends here
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 8043422f8b..e5cacf5ca7 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -131,14 +131,14 @@ adding and extracting files to/from a tar archive.")
(define-public gzip
(package
(name "gzip")
- (version "1.6")
+ (version "1.8")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gzip/gzip-"
- version ".tar.gz"))
+ version ".tar.xz"))
(sha256
(base32
- "0zlgdm4v3dndrbiz7b67mbbj25dpwqbmbzjiycssvrfrcfvq7swp"))))
+ "1lxv3p4iyx7833mlihkn5wfwmz4cys5nybwpz3dfawag8kn6f5zz"))))
(build-system gnu-build-system)
(synopsis "General file (de)compression (using lzw)")
(arguments
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 9aee7b796a..88a784d293 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -350,7 +350,7 @@ types are supported, as is encryption.")
(define-public sqlite
(package
(name "sqlite")
- (version "3.10.0")
+ (version "3.11.1")
(source (origin
(method url-fetch)
;; TODO: Download from sqlite.org once this bug :
@@ -381,7 +381,7 @@ types are supported, as is encryption.")
))
(sha256
(base32
- "0hhhv6si0pyf5i8bv7a71953m0b4gk6s3j2h09caf7vif0njkk23"))))
+ "0xs3gl3kbxqfx2ahrymgcf2n8c8sy37724jr05pncbhw4z8g2gsk"))))
(build-system gnu-build-system)
(inputs `(("readline" ,readline)))
(arguments
diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm
index 7cd1fcd71d..3668aac19a 100644
--- a/gnu/packages/ed.scm
+++ b/gnu/packages/ed.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -27,23 +28,24 @@
(define-public ed
(package
(name "ed")
- (version "1.12")
+ (version "1.13")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/ed/ed-"
version ".tar.lz"))
(sha256
(base32
- "0bw0187a311rci58vznvncsj6pfp8bhs5phrlrqn03sa2i1mfrfj"))))
+ "1ly7i1iw02vbcd0zrx084z577ngxnarffmkm45dg6vndad5carnd"))))
(build-system gnu-build-system)
(native-inputs `(("lzip" ,lzip)))
(arguments
'(#:configure-flags '("CC=gcc")
- #:phases (alist-cons-before 'patch-source-shebangs 'patch-test-suite
- (lambda _
- (substitute* "testsuite/check.sh"
- (("/bin/sh") (which "sh"))))
- %standard-phases)))
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'patch-source-shebangs 'patch-test-suite
+ (lambda _
+ (substitute* "testsuite/check.sh"
+ (("/bin/sh") (which "sh"))))))))
(home-page "http://www.gnu.org/software/ed/")
(synopsis "Line-oriented text editor")
(description
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 11010b2a47..4ffc3c1b7f 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -89,14 +89,6 @@
(substitute* (find-files "." "^Makefile\\.in$")
(("/bin/pwd")
"pwd"))))
- (add-after 'install 'remove-info.info
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Remove 'info.info', which is provided by Texinfo <= 6.0.
- ;; TODO: Remove this phase when we switch to Texinfo 6.1.
- (let ((out (assoc-ref outputs "out")))
- (delete-file
- (string-append out "/share/info/info.info.gz"))
- #t)))
(add-after 'install 'install-site-start
;; Copy guix-emacs.el from Guix and add it to site-start.el. This
;; way, Emacs packages provided by Guix and installed in
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 893db56ee5..deb11841da 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -124,7 +124,7 @@ TrueType (TTF) files.")
(define-public font-dejavu
(package
(name "font-dejavu")
- (version "2.34")
+ (version "2.35")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/dejavu/"
@@ -132,7 +132,7 @@ TrueType (TTF) files.")
version ".tar.bz2"))
(sha256
(base32
- "0pgb0a3ngamidacmrvasg51ck3gp8gn93w6sf1s8snwzx4x2r9yh"))))
+ "122d35y93r820zhi6d7m9xhakdib10z51v63lnlg67qhhrardmzn"))))
(build-system trivial-build-system)
(arguments
`(#:modules ((guix build utils))
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 5f6ff15935..0ce7e6039d 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -247,10 +247,10 @@ fonts to/from the WOFF2 format.")
(assoc-ref %build-inputs "gs-fonts")
"/share/fonts")
- ;; register fonts from user profile
- ;; TODO: Add /run/current-system/profile/share/fonts and remove
- ;; the skeleton that works around it from 'default-skeletons'.
- "--with-add-fonts=~/.guix-profile/share/fonts"
+ ;; Register fonts from user and system profiles.
+ (string-append "--with-add-fonts="
+ "~/.guix-profile/share/fonts,"
+ "/run/current-system/profile/share/fonts")
;; python is not actually needed
"PYTHON=false")
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index a2b8126872..04d3f93369 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
@@ -153,7 +153,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC
("libelf" ,libelf)
("zlib" ,zlib)))
- ;; GCC is one of the few packages that doesn't ship .info files.
+ ;; GCC < 5 is one of the few packages that doesn't ship .info files.
(native-inputs `(("texinfo" ,texinfo)))
(arguments
@@ -352,11 +352,14 @@ Go. It also includes runtime support libraries for these languages.")
(sha256
(base32
"1ny4smkp5bzs3cp8ss7pl6lk8yss0d9m4av1mvdp72r1x695akxq"))
- (patches (search-patches "gcc-5.0-libvtv-runpath.patch"))))))
+ (patches (search-patches "gcc-5.0-libvtv-runpath.patch"
+ "gcc-libiberty-printf-decl.patch"))))
+ ;; GCC 5 ships with .info files, so no need for Texinfo.
+ (native-inputs '())))
;; Note: When changing the default gcc version, update
;; the gcc-toolchain-* definitions accordingly.
-(define-public gcc gcc-4.9)
+(define-public gcc gcc-5)
(define-public (make-libstdc++ gcc)
"Return a libstdc++ package based on GCC. The primary use case is when
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index d447007260..3f3964e74b 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -6,6 +6,7 @@
;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
+;;; Copyright © 2016 Nils Gillmann <ng0@libertad.pw>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -72,14 +73,14 @@ Daemon and possibly more in the future.")
(define-public libgcrypt
(package
(name "libgcrypt")
- (version "1.6.5")
+ (version "1.7.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
- "0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl"))))
+ "14pspxwrqcgfklw3dgmywbxqwdzcym7fznfrqh9rk4vl8jkpxrmh"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error-host" ,libgpg-error)))
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index db64ea0c9b..669ad5b938 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -392,14 +392,14 @@ error-resilience, a Java-viewer for j2k-images, ...")
(define-public giflib
(package
(name "giflib")
- (version "5.1.1")
+ (version "5.1.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/giflib/giflib-"
(first (string-split version #\.))
".x/giflib-" version ".tar.bz2"))
(sha256
- (base32 "1z1gzq16sdya8xnl5qjc07634kkwj5m0n3bvvj4v9j11xfn1841r"))))
+ (base32 "0z1adsza46q84chkxwr6x8ph11k117k8nywkzwar6bxhqf2a1h3n"))))
(build-system gnu-build-system)
(outputs '("bin" ; utility programs
"out")) ; library
diff --git a/gnu/packages/ld-wrapper.in b/gnu/packages/ld-wrapper.in
index c92ed1dcc7..ebfd8332c4 100644
--- a/gnu/packages/ld-wrapper.in
+++ b/gnu/packages/ld-wrapper.in
@@ -6,12 +6,16 @@
# the shebang line in Linux.
# Use `load-compiled' because `load' (and `-l') doesn't otherwise load our
# .go file (see <http://bugs.gnu.org/12519>).
+# Unset 'GUILE_LOAD_COMPILED_PATH' to make sure we do not stumble upon
+# incompatible .go files. See
+# <https://lists.gnu.org/archive/html/guile-devel/2016-03/msg00000.html>.
+unset GUILE_LOAD_COMPILED_PATH
main="(@ (gnu build-support ld-wrapper) ld-wrapper)"
exec @GUILE@ -c "(load-compiled \"@SELF@.go\") (apply $main (cdr (command-line)))" "$@"
!#
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index a26e641342..5f4b041694 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -102,7 +102,7 @@
version "-gnu.tar.xz")))
(define-public linux-libre-headers
- (let* ((version "3.14.37")
+ (let* ((version "4.1.18")
(build-phase
(lambda (arch)
`(lambda _
@@ -140,7 +140,7 @@
(uri (linux-libre-urls version))
(sha256
(base32
- "1blxr2bsvfqi9khj4cpspv434bmx252zak2wsbi2mgl60zh77gza"))))
+ "1bddh2rg645lavhjkk9z75vflba5y0g73z2fjwgbfrj5jb44x9i7"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(arguments
@@ -465,12 +465,11 @@ providing the system administrator with some help in common tasks.")
(("build_kill=yes") "build_kill=no"))
#t))))
(build-system gnu-build-system)
+ (outputs '("out"
+ "static")) ; >2 MiB of static .a libraries
(arguments
`(#:configure-flags (list "--disable-use-tty-group"
- ;; Do not build .a files to save 2 MiB.
- "--disable-static"
-
;; Install completions where our
;; bash-completion package expects them.
(string-append "--with-bashcompletiondir="
@@ -495,6 +494,19 @@ providing the system administrator with some help in common tasks.")
(substitute* "tests/ts/misc/mcookie"
(("/etc/services")
(string-append net "/etc/services")))
+ #t)))
+ (add-after
+ 'install 'move-static-libraries
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out"))
+ (static (assoc-ref outputs "static")))
+ (mkdir-p (string-append static "/lib"))
+ (with-directory-excursion out
+ (for-each (lambda (file)
+ (rename-file file
+ (string-append static "/"
+ file)))
+ (find-files "lib" "\\.a$")))
#t))))))
(inputs `(("zlib" ,zlib)
("ncurses" ,ncurses)))
@@ -2516,12 +2528,26 @@ and copy/paste text in the console and in xterm.")
(base32
"1znf2zhb56zbmdjk3lq107678xwsqwc5gczspypmc5i31qnppy7f"))))
(build-system gnu-build-system)
+ (outputs '("out"
+ "static")) ; static versions of binaries in "out" (~16MiB!)
(arguments
- '(#:test-target "test"
+ '(#:phases (modify-phases %standard-phases
+ (add-after 'build 'build-static
+ (lambda _ (zero? (system* "make" "static"))))
+ (add-after 'install 'install-static
+ (let ((staticbin (string-append (assoc-ref %outputs "static")
+ "/bin")))
+ (lambda _
+ (zero? (system* "make"
+ (string-append "bindir=" staticbin)
+ "install-static"))))))
+ #:test-target "test"
#:parallel-tests? #f)) ; tests fail when run in parallel
(inputs `(("e2fsprogs" ,e2fsprogs)
("libblkid" ,util-linux)
+ ("libblkid:static" ,util-linux "static")
("libuuid" ,util-linux)
+ ("libuuid:static" ,util-linux "static")
("zlib" ,zlib)
("lzo" ,lzo)))
(native-inputs `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/multiprecision.scm b/gnu/packages/multiprecision.scm
index 99243235ad..46540be5c4 100644
--- a/gnu/packages/multiprecision.scm
+++ b/gnu/packages/multiprecision.scm
@@ -80,13 +80,13 @@ cryptography and computational algebra.")
(define-public mpfr
(package
(name "mpfr")
- (version "3.1.3")
+ (version "3.1.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/mpfr/mpfr-" version
".tar.xz"))
(sha256 (base32
- "05jaa5z78lvrayld09nyr0v27c1m5dm9l7kr85v2bj4jv65s0db8"))))
+ "1x8pcnpn1vxfzfsr0js07rwhwyq27fmdzcfjpzi5773ldnqi653n"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h>
diff --git a/gnu/packages/patches/expat-CVE-2015-1283.patch b/gnu/packages/patches/expat-CVE-2015-1283.patch
deleted file mode 100644
index f9065bea16..0000000000
--- a/gnu/packages/patches/expat-CVE-2015-1283.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-Copied from Debian.
-
-Description: fix multiple integer overflows in the XML_GetBuffer function
- Multiple integer overflows in the XML_GetBuffer function in Expat through
- 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products,
- allow remote attackers to cause a denial of service (heap-based buffer
- overflow) or possibly have unspecified other impact via crafted XML data,
- a related issue to CVE-2015-2716.
-Origin: Mozilla, https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
-Author: Eric Rahm <erahm@mozilla.com>
-Forwarded: not-needed
-Last-Update: 2015-07-24
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1673,29 +1673,40 @@ XML_ParseBuffer(XML_Parser parser, int l
- XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position);
- positionPtr = bufferPtr;
- return result;
- }
-
- void * XMLCALL
- XML_GetBuffer(XML_Parser parser, int len)
- {
-+/* BEGIN MOZILLA CHANGE (sanity check len) */
-+ if (len < 0) {
-+ errorCode = XML_ERROR_NO_MEMORY;
-+ return NULL;
-+ }
-+/* END MOZILLA CHANGE */
- switch (ps_parsing) {
- case XML_SUSPENDED:
- errorCode = XML_ERROR_SUSPENDED;
- return NULL;
- case XML_FINISHED:
- errorCode = XML_ERROR_FINISHED;
- return NULL;
- default: ;
- }
-
- if (len > bufferLim - bufferEnd) {
-- /* FIXME avoid integer overflow */
- int neededSize = len + (int)(bufferEnd - bufferPtr);
-+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
-+ if (neededSize < 0) {
-+ errorCode = XML_ERROR_NO_MEMORY;
-+ return NULL;
-+ }
-+/* END MOZILLA CHANGE */
- #ifdef XML_CONTEXT_BYTES
- int keep = (int)(bufferPtr - buffer);
-
- if (keep > XML_CONTEXT_BYTES)
- keep = XML_CONTEXT_BYTES;
- neededSize += keep;
- #endif /* defined XML_CONTEXT_BYTES */
- if (neededSize <= bufferLim - buffer) {
-@@ -1714,17 +1725,25 @@ XML_GetBuffer(XML_Parser parser, int len
- }
- else {
- char *newBuf;
- int bufferSize = (int)(bufferLim - bufferPtr);
- if (bufferSize == 0)
- bufferSize = INIT_BUFFER_SIZE;
- do {
- bufferSize *= 2;
-- } while (bufferSize < neededSize);
-+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
-+ } while (bufferSize < neededSize && bufferSize > 0);
-+/* END MOZILLA CHANGE */
-+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
-+ if (bufferSize <= 0) {
-+ errorCode = XML_ERROR_NO_MEMORY;
-+ return NULL;
-+ }
-+/* END MOZILLA CHANGE */
- newBuf = (char *)MALLOC(bufferSize);
- if (newBuf == 0) {
- errorCode = XML_ERROR_NO_MEMORY;
- return NULL;
- }
- bufferLim = newBuf + bufferSize;
- #ifdef XML_CONTEXT_BYTES
- if (bufferPtr) {
-
-
-
-
diff --git a/gnu/packages/patches/gcc-libiberty-printf-decl.patch b/gnu/packages/patches/gcc-libiberty-printf-decl.patch
new file mode 100644
index 0000000000..a612c9e00e
--- /dev/null
+++ b/gnu/packages/patches/gcc-libiberty-printf-decl.patch
@@ -0,0 +1,28 @@
+This patch makes the exeception specifier of libiberty's 'asprintf'
+and 'vasprintf' declarations match those of glibc to work around the
+problem described at <https://gcc.gnu.org/ml/gcc-help/2016-04/msg00039.html>.
+
+The problem in part stems from the fact that libiberty is configured
+without _GNU_SOURCE (thus, it sets HAVE_DECL_ASPRINTF to 0), whereas libcc1
+is configured and built with _GNU_SOURCE, hence the conflicting declarations.
+
+--- gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:46.262709079 +0200
++++ gcc-5.3.0/include/libiberty.h 2016-04-23 22:45:37.110635439 +0200
+@@ -625,7 +625,7 @@ extern int pwait (int, int *, int);
+ /* Like sprintf but provides a pointer to malloc'd storage, which must
+ be freed by the caller. */
+
+-extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2;
++extern int asprintf (char **, const char *, ...) __THROWNL ATTRIBUTE_PRINTF_2;
+ #endif
+
+ /* Like asprintf but allocates memory without fail. This works like
+@@ -637,7 +637,7 @@ extern char *xasprintf (const char *, ..
+ /* Like vsprintf but provides a pointer to malloc'd storage, which
+ must be freed by the caller. */
+
+-extern int vasprintf (char **, const char *, va_list) ATTRIBUTE_PRINTF(2,0);
++extern int vasprintf (char **, const char *, va_list) __THROWNL ATTRIBUTE_PRINTF(2,0);
+ #endif
+
+ /* Like vasprintf but allocates memory without fail. This works like
diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch
deleted file mode 100644
index 9a0909af74..0000000000
--- a/gnu/packages/patches/glibc-CVE-2015-7547.patch
+++ /dev/null
@@ -1,559 +0,0 @@
-Copied from Fedora:
-http://pkgs.fedoraproject.org/cgit/rpms/glibc.git/tree/glibc-CVE-2015-7547.patch?h=f23&id=9f1734eb6ce3257b788d6e9203572e8204c6c584
-
-Adapted to apply cleanly to glibc-2.22.
-
-Index: b/resolv/nss_dns/dns-host.c
-===================================================================
---- a/resolv/nss_dns/dns-host.c
-+++ b/resolv/nss_dns/dns-host.c
-@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *an
- int h_namelen = 0;
-
- if (ancount == 0)
-- return NSS_STATUS_NOTFOUND;
-+ {
-+ *h_errnop = HOST_NOT_FOUND;
-+ return NSS_STATUS_NOTFOUND;
-+ }
-
- while (ancount-- > 0 && cp < end_of_message && had_error == 0)
- {
-@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *an
- /* Special case here: if the resolver sent a result but it only
- contains a CNAME while we are looking for a T_A or T_AAAA record,
- we fail with NOTFOUND instead of TRYAGAIN. */
-- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND;
-+ if (canon != NULL)
-+ {
-+ *h_errnop = HOST_NOT_FOUND;
-+ return NSS_STATUS_NOTFOUND;
-+ }
-+
-+ *h_errnop = NETDB_INTERNAL;
-+ return NSS_STATUS_TRYAGAIN;
- }
-
-
-@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1,
-
- enum nss_status status = NSS_STATUS_NOTFOUND;
-
-+ /* Combining the NSS status of two distinct queries requires some
-+ compromise and attention to symmetry (A or AAAA queries can be
-+ returned in any order). What follows is a breakdown of how this
-+ code is expected to work and why. We discuss only SUCCESS,
-+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns
-+ that apply (though RETURN and MERGE exist). We make a distinction
-+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable).
-+ A recoverable TRYAGAIN is almost always due to buffer size issues
-+ and returns ERANGE in errno and the caller is expected to retry
-+ with a larger buffer.
-+
-+ Lastly, you may be tempted to make significant changes to the
-+ conditions in this code to bring about symmetry between responses.
-+ Please don't change anything without due consideration for
-+ expected application behaviour. Some of the synthesized responses
-+ aren't very well thought out and sometimes appear to imply that
-+ IPv4 responses are always answer 1, and IPv6 responses are always
-+ answer 2, but that's not true (see the implemetnation of send_dg
-+ and send_vc to see response can arrive in any order, particlarly
-+ for UDP). However, we expect it holds roughly enough of the time
-+ that this code works, but certainly needs to be fixed to make this
-+ a more robust implementation.
-+
-+ ----------------------------------------------
-+ | Answer 1 Status / | Synthesized | Reason |
-+ | Answer 2 Status | Status | |
-+ |--------------------------------------------|
-+ | SUCCESS/SUCCESS | SUCCESS | [1] |
-+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] |
-+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] |
-+ | SUCCESS/NOTFOUND | SUCCESS | [1] |
-+ | SUCCESS/UNAVAIL | SUCCESS | [1] |
-+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] |
-+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] |
-+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] |
-+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] |
-+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] |
-+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] |
-+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] |
-+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] |
-+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] |
-+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] |
-+ | NOTFOUND/SUCCESS | SUCCESS | [3] |
-+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] |
-+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] |
-+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] |
-+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] |
-+ | UNAVAIL/SUCCESS | UNAVAIL | [4] |
-+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] |
-+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] |
-+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] |
-+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] |
-+ ----------------------------------------------
-+
-+ [1] If the first response is a success we return success.
-+ This ignores the state of the second answer and in fact
-+ incorrectly sets errno and h_errno to that of the second
-+ answer. However because the response is a success we ignore
-+ *errnop and *h_errnop (though that means you touched errno on
-+ success). We are being conservative here and returning the
-+ likely IPv4 response in the first answer as a success.
-+
-+ [2] If the first response is a recoverable TRYAGAIN we return
-+ that instead of looking at the second response. The
-+ expectation here is that we have failed to get an IPv4 response
-+ and should retry both queries.
-+
-+ [3] If the first response was not a SUCCESS and the second
-+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN,
-+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the
-+ result from the second response, otherwise the first responses
-+ status is used. Again we have some odd side-effects when the
-+ second response is NOTFOUND because we overwrite *errnop and
-+ *h_errnop that means that a first answer of NOTFOUND might see
-+ its *errnop and *h_errnop values altered. Whether it matters
-+ in practice that a first response NOTFOUND has the wrong
-+ *errnop and *h_errnop is undecided.
-+
-+ [4] If the first response is UNAVAIL we return that instead of
-+ looking at the second response. The expectation here is that
-+ it will have failed similarly e.g. configuration failure.
-+
-+ [5] Testing this code is complicated by the fact that truncated
-+ second response buffers might be returned as SUCCESS if the
-+ first answer is a SUCCESS. To fix this we add symmetry to
-+ TRYAGAIN with the second response. If the second response
-+ is a recoverable error we now return TRYAGIN even if the first
-+ response was SUCCESS. */
-+
- if (anslen1 > 0)
- status = gaih_getanswer_slice(answer1, anslen1, qname,
- &pat, &buffer, &buflen,
- errnop, h_errnop, ttlp,
- &first);
-+
- if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND
- || (status == NSS_STATUS_TRYAGAIN
- /* We want to look at the second answer in case of an
-@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1,
- &pat, &buffer, &buflen,
- errnop, h_errnop, ttlp,
- &first);
-+ /* Use the second response status in some cases. */
- if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND)
- status = status2;
-+ /* Do not return a truncated second response (unless it was
-+ unavoidable e.g. unrecoverable TRYAGAIN). */
-+ if (status == NSS_STATUS_SUCCESS
-+ && (status2 == NSS_STATUS_TRYAGAIN
-+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY))
-+ status = NSS_STATUS_TRYAGAIN;
- }
-
- return status;
-Index: b/resolv/res_query.c
-===================================================================
---- a/resolv/res_query.c
-+++ b/resolv/res_query.c
-@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp,
- {
- free (*answerp2);
- *answerp2 = NULL;
-+ *nanswerp2 = 0;
- *answerp2_malloced = 0;
- }
- }
-@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp,
- {
- free (*answerp2);
- *answerp2 = NULL;
-+ *nanswerp2 = 0;
- *answerp2_malloced = 0;
- }
-
-@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp,
- {
- free (*answerp2);
- *answerp2 = NULL;
-+ *nanswerp2 = 0;
- *answerp2_malloced = 0;
- }
- if (saved_herrno != -1)
-Index: b/resolv/res_send.c
-===================================================================
---- a/resolv/res_send.c
-+++ b/resolv/res_send.c
-@@ -1,3 +1,20 @@
-+/* Copyright (C) 2016 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
- /*
- * Copyright (c) 1985, 1989, 1993
- * The Regents of the University of California. All rights reserved.
-@@ -361,6 +378,8 @@ __libc_res_nsend(res_state statp, const
- #ifdef USE_HOOKS
- if (__glibc_unlikely (statp->qhook || statp->rhook)) {
- if (anssiz < MAXPACKET && ansp) {
-+ /* Always allocate MAXPACKET, callers expect
-+ this specific size. */
- u_char *buf = malloc (MAXPACKET);
- if (buf == NULL)
- return (-1);
-@@ -660,6 +679,77 @@ libresolv_hidden_def (res_nsend)
-
- /* Private */
-
-+/* The send_vc function is responsible for sending a DNS query over TCP
-+ to the nameserver numbered NS from the res_state STATP i.e.
-+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and
-+ IPv6 queries at the same serially on the same socket.
-+
-+ Please note that for TCP there is no way to disable sending both
-+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP
-+ and sends the queries serially and waits for the result after each
-+ sent query. This implemetnation should be corrected to honour these
-+ options.
-+
-+ Please also note that for TCP we send both queries over the same
-+ socket one after another. This technically violates best practice
-+ since the server is allowed to read the first query, respond, and
-+ then close the socket (to service another client). If the server
-+ does this, then the remaining second query in the socket data buffer
-+ will cause the server to send the client an RST which will arrive
-+ asynchronously and the client's OS will likely tear down the socket
-+ receive buffer resulting in a potentially short read and lost
-+ response data. This will force the client to retry the query again,
-+ and this process may repeat until all servers and connection resets
-+ are exhausted and then the query will fail. It's not known if this
-+ happens with any frequency in real DNS server implementations. This
-+ implementation should be corrected to use two sockets by default for
-+ parallel queries.
-+
-+ The query stored in BUF of BUFLEN length is sent first followed by
-+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
-+ serially on the same socket.
-+
-+ Answers to the query are stored firstly in *ANSP up to a max of
-+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
-+ is non-NULL (to indicate that modifying the answer buffer is allowed)
-+ then malloc is used to allocate a new response buffer and ANSCP and
-+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
-+ are needed but ANSCP is NULL, then as much of the response as
-+ possible is read into the buffer, but the results will be truncated.
-+ When truncation happens because of a small answer buffer the DNS
-+ packets header feild TC will bet set to 1, indicating a truncated
-+ message and the rest of the socket data will be read and discarded.
-+
-+ Answers to the query are stored secondly in *ANSP2 up to a max of
-+ *ANSSIZP2 bytes, with the actual response length stored in
-+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
-+ is non-NULL (required for a second query) then malloc is used to
-+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
-+ size and *ANSP2_MALLOCED is set to 1.
-+
-+ The ANSP2_MALLOCED argument will eventually be removed as the
-+ change in buffer pointer can be used to detect the buffer has
-+ changed and that the caller should use free on the new buffer.
-+
-+ Note that the answers may arrive in any order from the server and
-+ therefore the first and second answer buffers may not correspond to
-+ the first and second queries.
-+
-+ It is not supported to call this function with a non-NULL ANSP2
-+ but a NULL ANSCP. Put another way, you can call send_vc with a
-+ single unmodifiable buffer or two modifiable buffers, but no other
-+ combination is supported.
-+
-+ It is the caller's responsibility to free the malloc allocated
-+ buffers by detecting that the pointers have changed from their
-+ original values i.e. *ANSCP or *ANSP2 has changed.
-+
-+ If errors are encountered then *TERRNO is set to an appropriate
-+ errno value and a zero result is returned for a recoverable error,
-+ and a less-than zero result is returned for a non-recoverable error.
-+
-+ If no errors are encountered then *TERRNO is left unmodified and
-+ a the length of the first response in bytes is returned. */
- static int
- send_vc(res_state statp,
- const u_char *buf, int buflen, const u_char *buf2, int buflen2,
-@@ -669,11 +759,7 @@ send_vc(res_state statp,
- {
- const HEADER *hp = (HEADER *) buf;
- const HEADER *hp2 = (HEADER *) buf2;
-- u_char *ans = *ansp;
-- int orig_anssizp = *anssizp;
-- // XXX REMOVE
-- // int anssiz = *anssizp;
-- HEADER *anhp = (HEADER *) ans;
-+ HEADER *anhp = (HEADER *) *ansp;
- struct sockaddr *nsap = get_nsaddr (statp, ns);
- int truncating, connreset, n;
- /* On some architectures compiler might emit a warning indicating
-@@ -766,6 +852,8 @@ send_vc(res_state statp,
- * Receive length & response
- */
- int recvresp1 = 0;
-+ /* Skip the second response if there is no second query.
-+ To do that we mark the second response as received. */
- int recvresp2 = buf2 == NULL;
- uint16_t rlen16;
- read_len:
-@@ -802,40 +890,14 @@ send_vc(res_state statp,
- u_char **thisansp;
- int *thisresplenp;
- if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
-+ /* We have not received any responses
-+ yet or we only have one response to
-+ receive. */
- thisanssizp = anssizp;
- thisansp = anscp ?: ansp;
- assert (anscp != NULL || ansp2 == NULL);
- thisresplenp = &resplen;
- } else {
-- if (*anssizp != MAXPACKET) {
-- /* No buffer allocated for the first
-- reply. We can try to use the rest
-- of the user-provided buffer. */
--#if __GNUC_PREREQ (4, 7)
-- DIAG_PUSH_NEEDS_COMMENT;
-- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized");
--#endif
--#if _STRING_ARCH_unaligned
-- *anssizp2 = orig_anssizp - resplen;
-- *ansp2 = *ansp + resplen;
--#else
-- int aligned_resplen
-- = ((resplen + __alignof__ (HEADER) - 1)
-- & ~(__alignof__ (HEADER) - 1));
-- *anssizp2 = orig_anssizp - aligned_resplen;
-- *ansp2 = *ansp + aligned_resplen;
--#endif
--#if __GNUC_PREREQ (4, 7)
-- DIAG_POP_NEEDS_COMMENT;
--#endif
-- } else {
-- /* The first reply did not fit into the
-- user-provided buffer. Maybe the second
-- answer will. */
-- *anssizp2 = orig_anssizp;
-- *ansp2 = *ansp;
-- }
--
- thisanssizp = anssizp2;
- thisansp = ansp2;
- thisresplenp = resplen2;
-@@ -843,10 +905,14 @@ send_vc(res_state statp,
- anhp = (HEADER *) *thisansp;
-
- *thisresplenp = rlen;
-- if (rlen > *thisanssizp) {
-- /* Yes, we test ANSCP here. If we have two buffers
-- both will be allocatable. */
-- if (__glibc_likely (anscp != NULL)) {
-+ /* Is the answer buffer too small? */
-+ if (*thisanssizp < rlen) {
-+ /* If the current buffer is non-NULL and it's not
-+ pointing at the static user-supplied buffer then
-+ we can reallocate it. */
-+ if (thisansp != NULL && thisansp != ansp) {
-+ /* Always allocate MAXPACKET, callers expect
-+ this specific size. */
- u_char *newp = malloc (MAXPACKET);
- if (newp == NULL) {
- *terrno = ENOMEM;
-@@ -858,6 +924,9 @@ send_vc(res_state statp,
- if (thisansp == ansp2)
- *ansp2_malloced = 1;
- anhp = (HEADER *) newp;
-+ /* A uint16_t can't be larger than MAXPACKET
-+ thus it's safe to allocate MAXPACKET but
-+ read RLEN bytes instead. */
- len = rlen;
- } else {
- Dprint(statp->options & RES_DEBUG,
-@@ -1021,6 +1090,66 @@ reopen (res_state statp, int *terrno, in
- return 1;
- }
-
-+/* The send_dg function is responsible for sending a DNS query over UDP
-+ to the nameserver numbered NS from the res_state STATP i.e.
-+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries
-+ along with the ability to send the query in parallel for both stacks
-+ (default) or serially (RES_SINGLKUP). It also supports serial lookup
-+ with a close and reopen of the socket used to talk to the server
-+ (RES_SNGLKUPREOP) to work around broken name servers.
-+
-+ The query stored in BUF of BUFLEN length is sent first followed by
-+ the query stored in BUF2 of BUFLEN2 length. Queries are sent
-+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP).
-+
-+ Answers to the query are stored firstly in *ANSP up to a max of
-+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP
-+ is non-NULL (to indicate that modifying the answer buffer is allowed)
-+ then malloc is used to allocate a new response buffer and ANSCP and
-+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes
-+ are needed but ANSCP is NULL, then as much of the response as
-+ possible is read into the buffer, but the results will be truncated.
-+ When truncation happens because of a small answer buffer the DNS
-+ packets header feild TC will bet set to 1, indicating a truncated
-+ message, while the rest of the UDP packet is discarded.
-+
-+ Answers to the query are stored secondly in *ANSP2 up to a max of
-+ *ANSSIZP2 bytes, with the actual response length stored in
-+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2
-+ is non-NULL (required for a second query) then malloc is used to
-+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer
-+ size and *ANSP2_MALLOCED is set to 1.
-+
-+ The ANSP2_MALLOCED argument will eventually be removed as the
-+ change in buffer pointer can be used to detect the buffer has
-+ changed and that the caller should use free on the new buffer.
-+
-+ Note that the answers may arrive in any order from the server and
-+ therefore the first and second answer buffers may not correspond to
-+ the first and second queries.
-+
-+ It is not supported to call this function with a non-NULL ANSP2
-+ but a NULL ANSCP. Put another way, you can call send_vc with a
-+ single unmodifiable buffer or two modifiable buffers, but no other
-+ combination is supported.
-+
-+ It is the caller's responsibility to free the malloc allocated
-+ buffers by detecting that the pointers have changed from their
-+ original values i.e. *ANSCP or *ANSP2 has changed.
-+
-+ If an answer is truncated because of UDP datagram DNS limits then
-+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to
-+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1
-+ if any progress was made reading a response from the nameserver and
-+ is used by the caller to distinguish between ECONNREFUSED and
-+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1).
-+
-+ If errors are encountered then *TERRNO is set to an appropriate
-+ errno value and a zero result is returned for a recoverable error,
-+ and a less-than zero result is returned for a non-recoverable error.
-+
-+ If no errors are encountered then *TERRNO is left unmodified and
-+ a the length of the first response in bytes is returned. */
- static int
- send_dg(res_state statp,
- const u_char *buf, int buflen, const u_char *buf2, int buflen2,
-@@ -1030,8 +1159,6 @@ send_dg(res_state statp,
- {
- const HEADER *hp = (HEADER *) buf;
- const HEADER *hp2 = (HEADER *) buf2;
-- u_char *ans = *ansp;
-- int orig_anssizp = *anssizp;
- struct timespec now, timeout, finish;
- struct pollfd pfd[1];
- int ptimeout;
-@@ -1064,6 +1191,8 @@ send_dg(res_state statp,
- int need_recompute = 0;
- int nwritten = 0;
- int recvresp1 = 0;
-+ /* Skip the second response if there is no second query.
-+ To do that we mark the second response as received. */
- int recvresp2 = buf2 == NULL;
- pfd[0].fd = EXT(statp).nssocks[ns];
- pfd[0].events = POLLOUT;
-@@ -1227,55 +1356,56 @@ send_dg(res_state statp,
- int *thisresplenp;
-
- if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) {
-+ /* We have not received any responses
-+ yet or we only have one response to
-+ receive. */
- thisanssizp = anssizp;
- thisansp = anscp ?: ansp;
- assert (anscp != NULL || ansp2 == NULL);
- thisresplenp = &resplen;
- } else {
-- if (*anssizp != MAXPACKET) {
-- /* No buffer allocated for the first
-- reply. We can try to use the rest
-- of the user-provided buffer. */
--#if _STRING_ARCH_unaligned
-- *anssizp2 = orig_anssizp - resplen;
-- *ansp2 = *ansp + resplen;
--#else
-- int aligned_resplen
-- = ((resplen + __alignof__ (HEADER) - 1)
-- & ~(__alignof__ (HEADER) - 1));
-- *anssizp2 = orig_anssizp - aligned_resplen;
-- *ansp2 = *ansp + aligned_resplen;
--#endif
-- } else {
-- /* The first reply did not fit into the
-- user-provided buffer. Maybe the second
-- answer will. */
-- *anssizp2 = orig_anssizp;
-- *ansp2 = *ansp;
-- }
--
- thisanssizp = anssizp2;
- thisansp = ansp2;
- thisresplenp = resplen2;
- }
-
- if (*thisanssizp < MAXPACKET
-- /* Yes, we test ANSCP here. If we have two buffers
-- both will be allocatable. */
-- && anscp
-+ /* If the current buffer is non-NULL and it's not
-+ pointing at the static user-supplied buffer then
-+ we can reallocate it. */
-+ && (thisansp != NULL && thisansp != ansp)
- #ifdef FIONREAD
-+ /* Is the size too small? */
- && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0
- || *thisanssizp < *thisresplenp)
- #endif
- ) {
-+ /* Always allocate MAXPACKET, callers expect
-+ this specific size. */
- u_char *newp = malloc (MAXPACKET);
- if (newp != NULL) {
-- *anssizp = MAXPACKET;
-- *thisansp = ans = newp;
-+ *thisanssizp = MAXPACKET;
-+ *thisansp = newp;
- if (thisansp == ansp2)
- *ansp2_malloced = 1;
- }
- }
-+ /* We could end up with truncation if anscp was NULL
-+ (not allowed to change caller's buffer) and the
-+ response buffer size is too small. This isn't a
-+ reliable way to detect truncation because the ioctl
-+ may be an inaccurate report of the UDP message size.
-+ Therefore we use this only to issue debug output.
-+ To do truncation accurately with UDP we need
-+ MSG_TRUNC which is only available on Linux. We
-+ can abstract out the Linux-specific feature in the
-+ future to detect truncation. */
-+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) {
-+ Dprint(statp->options & RES_DEBUG,
-+ (stdout, ";; response may be truncated (UDP)\n")
-+ );
-+ }
-+
- HEADER *anhp = (HEADER *) *thisansp;
- socklen_t fromlen = sizeof(struct sockaddr_in6);
- assert (sizeof(from) <= fromlen);
diff --git a/gnu/packages/patches/glibc-locale-incompatibility.patch b/gnu/packages/patches/glibc-locale-incompatibility.patch
deleted file mode 100644
index baf30a79a7..0000000000
--- a/gnu/packages/patches/glibc-locale-incompatibility.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-This patch avoids an assertion failure when incompatible locale data
-is encountered:
-
- https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html
-
---- glibc-2.22/locale/loadlocale.c 2015-09-22 17:16:02.321981548 +0200
-+++ glibc-2.22/locale/loadlocale.c 2015-09-22 17:17:34.814659064 +0200
-@@ -120,10 +120,11 @@
- _nl_value_type_LC_XYZ array. There are all pointers. */
- switch (category)
- {
--#define CATTEST(cat) \
-- case LC_##cat: \
-- assert (cnt < (sizeof (_nl_value_type_LC_##cat) \
-- / sizeof (_nl_value_type_LC_##cat[0]))); \
-+#define CATTEST(cat) \
-+ case LC_##cat: \
-+ if (cnt >= (sizeof (_nl_value_type_LC_##cat) \
-+ / sizeof (_nl_value_type_LC_##cat[0]))) \
-+ goto puntdata; \
- break
- CATTEST (NUMERIC);
- CATTEST (TIME);
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 24ecf905e0..248242af4d 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -42,7 +42,8 @@
version "/pcre-" version ".tar.bz2")))
(sha256
(base32
- "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r"))))
+ "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r"))
+ (patches (list (search-patch "pcre-CVE-2016-3191.patch")))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.8 MiB of HTML
@@ -50,7 +51,8 @@
("readline" ,readline)
("zlib" ,zlib)))
(arguments
- `(#:configure-flags '("--enable-utf"
+ '(#:disallowed-references ("doc")
+ #:configure-flags '("--enable-utf"
"--enable-pcregrep-libz"
"--enable-pcregrep-libbz2"
"--enable-pcretest-libreadline"
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index a517581e7d..1b5ca134fe 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -86,15 +86,7 @@
"-Dinstallstyle=lib/perl5"
"-Duseshrplib"
(string-append "-Dlocincpth=" libc "/include")
- (string-append "-Dloclibpth=" libc "/lib")
-
- ;; Force the library search path to contain only libc
- ;; because it is recorded in Config.pm and
- ;; Config_heavy.pl; we don't want to keep a reference
- ;; to everything that's in $LIBRARY_PATH at build
- ;; time (Binutils, bzip2, file, etc.)
- (string-append "-Dlibpth=" libc "/lib")
- (string-append "-Dplibpth=" libc "/lib"))))))
+ (string-append "-Dloclibpth=" libc "/lib"))))))
(add-before
'strip 'make-shared-objects-writable
@@ -105,7 +97,34 @@
(lib (string-append out "/lib")))
(for-each (lambda (dso)
(chmod dso #o755))
- (find-files lib "\\.so$"))))))))
+ (find-files lib "\\.so$")))))
+
+ (add-after 'install 'remove-extra-references
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (libc (assoc-ref inputs "libc"))
+ (config1 (car (find-files (string-append out "/lib/perl5")
+ "^Config_heavy\\.pl$")))
+ (config2 (find-files (string-append out "/lib/perl5")
+ "^Config\\.pm$")))
+ ;; Force the library search path to contain only libc because
+ ;; it is recorded in Config.pm and Config_heavy.pl; we don't
+ ;; want to keep a reference to everything that's in
+ ;; $LIBRARY_PATH at build time (GCC, Binutils, bzip2, file,
+ ;; etc.)
+ (substitute* config1
+ (("^incpth=.*$")
+ (string-append "incpth='" libc "/include'\n"))
+ (("^(libpth|plibpth|libspath)=.*$" _ variable)
+ (string-append variable "='" libc "/lib'\n")))
+
+ (for-each (lambda (file)
+ (substitute* config2
+ (("libpth => .*$")
+ (string-append "libpth => '" libc
+ "/lib',\n"))))
+ config2)
+ #t))))))
(native-search-paths (list (search-path-specification
(variable "PERL5LIB")
(files '("lib/perl5/site_perl")))))
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 7593fc71ac..ef06c89298 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -93,7 +93,7 @@
(define-public python-2
(package
(name "python")
- (version "2.7.10")
+ (version "2.7.11")
(source
(origin
(method url-fetch)
@@ -101,56 +101,44 @@
version "/Python-" version ".tar.xz"))
(sha256
(base32
- "1h7zbrf9pkj29hlm18b10548ch9757f75m64l47sy75rh43p7lqw"))
- (patches (search-patches
- "python-2.7-search-paths.patch"
- "python-2-deterministic-build-info.patch"
- "python-2.7-source-date-epoch.patch"))))
+ "0iiz844riiznsyhhyy962710pz228gmhv8qi3yk4w4jhmx2lqawn"))
+ (patches (search-patches "python-2.7-search-paths.patch"
+ "python-2-deterministic-build-info.patch"
+ "python-2.7-source-date-epoch.patch"))
+ (modules '((guix build utils)))
+ ;; suboptimal to delete failing tests here, but if we delete them in the
+ ;; arguments then we need to make sure to strip out that phase when it
+ ;; gets inherited by python and python-minimal.
+ (snippet
+ '(begin
+ (for-each delete-file
+ '("Lib/test/test_compileall.py"
+ "Lib/test/test_distutils.py"
+ "Lib/test/test_import.py"
+ "Lib/test/test_shutil.py"
+ "Lib/test/test_socket.py"
+ "Lib/test/test_subprocess.py"))
+ #t))))
(outputs '("out"
"tk")) ;tkinter; adds 50 MiB to the closure
(build-system gnu-build-system)
(arguments
- `(#:tests? #f
- ;; 268 tests OK.
- ;; 103 tests failed:
- ;; test_distutils test_shutil test_signal test_site test_slice
- ;; test_smtplib test_smtpnet test_socket test_socketserver
- ;; test_softspace test_sort test_spwd test_sqlite test_ssl
- ;; test_startfile test_stat test_str test_strftime test_string
- ;; test_stringprep test_strop test_strptime test_strtod test_struct
- ;; test_structmembers test_structseq test_subprocess test_sunau
- ;; test_sunaudiodev test_sundry test_symtable test_syntax test_sys
- ;; test_sys_setprofile test_sys_settrace test_sysconfig test_tarfile
- ;; test_tcl test_telnetlib test_tempfile test_textwrap test_thread
- ;; test_threaded_import test_threadedtempfile test_threading
- ;; test_threading_local test_threadsignals test_time test_timeit
- ;; test_timeout test_tk test_tokenize test_tools test_trace
- ;; test_traceback test_transformer test_ttk_guionly test_ttk_textonly
- ;; test_tuple test_typechecks test_ucn test_unary
- ;; test_undocumented_details test_unicode test_unicode_file
- ;; test_unicodedata test_univnewlines test_univnewlines2k test_unpack
- ;; test_urllib test_urllib2 test_urllib2_localnet test_urllib2net
- ;; test_urllibnet test_urlparse test_userdict test_userlist
- ;; test_userstring test_uu test_uuid test_wait3 test_wait4
- ;; test_warnings test_wave test_weakref test_weakset test_whichdb
- ;; test_winreg test_winsound test_with test_wsgiref test_xdrlib
- ;; test_xml_etree test_xml_etree_c test_xmllib test_xmlrpc
- ;; test_xpickle test_xrange test_zipfile test_zipfile64
- ;; test_zipimport test_zipimport_support test_zlib
- ;; 30 tests skipped:
+ `(;; 356 tests OK.
+ ;; 6 tests failed:
+ ;; test_compileall test_distutils test_import test_shutil test_socket
+ ;; test_subprocess
+ ;; 39 tests skipped:
;; test_aepack test_al test_applesingle test_bsddb test_bsddb185
;; test_bsddb3 test_cd test_cl test_codecmaps_cn test_codecmaps_hk
- ;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_crypt
- ;; test_curses test_dl test_gdb test_gl test_idle test_imageop
- ;; test_imgfile test_ioctl test_kqueue test_linuxaudiodev test_macos
- ;; test_macostools test_msilib test_nis test_ossaudiodev
- ;; test_scriptpackages
- ;; 6 skips unexpected on linux2:
- ;; test_bsddb test_bsddb3 test_crypt test_gdb test_idle test_ioctl
- ;; One of the typical errors:
- ;; test_unicode
- ;; test test_unicode crashed -- <type 'exceptions.OSError'>: [Errno 2] No
- ;; such file or directory
+ ;; test_codecmaps_jp test_codecmaps_kr test_codecmaps_tw test_curses
+ ;; test_dl test_gdb test_gl test_imageop test_imgfile test_ioctl
+ ;; test_kqueue test_linuxaudiodev test_macos test_macostools
+ ;; test_msilib test_ossaudiodev test_scriptpackages test_smtpnet
+ ;; test_socketserver test_startfile test_sunaudiodev test_timeout
+ ;; test_tk test_ttk_guionly test_urllib2net test_urllibnet
+ ;; test_winreg test_winsound test_zipfile64
+ ;; 4 skips unexpected on linux2:
+ ;; test_bsddb test_bsddb3 test_gdb test_ioctl
#:test-target "test"
#:configure-flags
(list "--enable-shared" ;allow embedding
@@ -336,8 +324,8 @@ data types.")
(lambda (old new)
(symlink (string-append python old)
(string-append bin "/" new)))
- `("python3" ,"pydoc3" ,"idle3")
- `("python" ,"pydoc" ,"idle"))))))
+ '("python3" "pydoc3" "idle3")
+ '("python" "pydoc" "idle"))))))
(synopsis "Wrapper for the Python 3 commands")
(description
"This package provides wrappers for the commands of Python@tie{}3.x such
diff --git a/gnu/packages/texinfo.scm b/gnu/packages/texinfo.scm
index 4921b10124..d645ef4bc1 100644
--- a/gnu/packages/texinfo.scm
+++ b/gnu/packages/texinfo.scm
@@ -32,14 +32,14 @@
(define-public texinfo
(package
(name "texinfo")
- (version "6.0")
+ (version "6.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/texinfo/texinfo-"
version ".tar.xz"))
(sha256
(base32
- "1r3i6jyynn6ab45fxw5bms8mflk9ry4qpj6gqyry72vfd5c47fhi"))))
+ "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c"))))
(build-system gnu-build-system)
(native-inputs `(("procps" ,procps))) ;one of the tests needs pgrep
(inputs `(("ncurses" ,ncurses)
@@ -62,18 +62,6 @@ their source and the command-line Info reader. The emphasis of the language
is on expressing the content semantically, avoiding physical markup commands.")
(license gpl3+)))
-(define-public texinfo-6.1
- (package
- (inherit texinfo)
- (version "6.1")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/texinfo/texinfo-"
- version ".tar.xz"))
- (sha256
- (base32
- "1ll3d0l8izygdxqz96wfr2631kxahifwdknpgsx2090vw963js5c"))))))
-
(define-public texinfo-5
(package (inherit texinfo)
(version "5.2")
@@ -105,10 +93,10 @@ is on expressing the content semantically, avoiding physical markup commands.")
;; The idea of this package is to have the standalone Info reader without
;; the dependency on Perl that 'makeinfo' drags.
(package
- (inherit texinfo-6.1)
+ (inherit texinfo)
(name "info-reader")
(arguments
- `(#:disallowed-references ,(assoc-ref (package-inputs texinfo-6.1)
+ `(#:disallowed-references ,(assoc-ref (package-inputs texinfo)
"perl")
#:modules ((ice-9 ftw) (srfi srfi-1)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 0f4441d70c..4ec0ed7d34 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -122,7 +122,7 @@ living in the same process.")
(define-public gnutls
(package
(name "gnutls")
- (version "3.4.7")
+ (version "3.4.9")
(source (origin
(method url-fetch)
(uri
@@ -133,7 +133,7 @@ living in the same process.")
"/gnutls-" version ".tar.xz"))
(sha256
(base32
- "0nifi3mr5jhz608pidkp8cjs4vwfj1m2qczsjrgpnp99615rxgn1"))))
+ "0gvwyl0kdp1qpzbzp46wqfdzzrmwy9n54sgcjvvm1m1kpanlyna8"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
@@ -216,6 +216,10 @@ required structures.")
`(#:parallel-build? #f
#:parallel-tests? #f
#:test-target "test"
+
+ ;; Changes to OpenSSL sometimes cause Perl to "sneak in" to the closure,
+ ;; so we explicitly disallow it here.
+ #:disallowed-references ,(list (canonical-package perl))
#:phases
(modify-phases %standard-phases
(add-before
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 126e997673..67bca6d894 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -222,7 +222,7 @@ rasterisation.")
(define-public libdrm
(package
(name "libdrm")
- (version "2.4.65")
+ (version "2.4.67")
(source
(origin
(method url-fetch)
@@ -232,7 +232,7 @@ rasterisation.")
".tar.bz2"))
(sha256
(base32
- "1i4n7mz49l0j4kr0dg9n1j3hlc786ncqgj0v5fci1mz7pp40m5ki"))
+ "1gnf206zs8dwszvkv4z2hbvh23045z0q29kms127bqrv27hp2nzf"))
(patches (search-patches "libdrm-symbol-check.patch"))))
(build-system gnu-build-system)
(inputs
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index e1f111e329..838ce34364 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -4,7 +4,7 @@
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com>
;;;
@@ -44,15 +44,14 @@
(define-public expat
(package
(name "expat")
- (version "2.1.0")
+ (version "2.1.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/expat/expat/"
- version "/expat-" version ".tar.gz"))
+ version "/expat-" version ".tar.bz2"))
(sha256
(base32
- "11pblz61zyxh68s5pdcbhc30ha1b2vfjd83aiwfg4vc15x3hadw2"))
- (patches (search-patches "expat-CVE-2015-1283.patch"))))
+ "0ryyjgvy7jq0qb7a9mhc1giy3bzn56aiwrs8dpydqngplbjq9xdg"))))
(build-system gnu-build-system)
(home-page "http://www.libexpat.org/")
(synopsis "Stream-oriented XML parser library written in C")