From 8a238180fd6d2919fb88c378a9852189661a22c9 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Thu, 21 Sep 2017 20:46:37 +0200 Subject: gnu: Add ocaml-graph. * gnu/packages/ocaml.scm (ocaml-graph): New variable. * gnu/packages/patches/ocaml-graph-honor-source-date-epoch.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index e4c25bf12e..edd6d8237e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -894,6 +894,7 @@ dist_patch_DATA = \ %D%/packages/patches/ocaml-CVE-2015-8869.patch \ %D%/packages/patches/ocaml-Add-a-.file-directive.patch \ %D%/packages/patches/ocaml-findlib-make-install.patch \ + %D%/packages/patches/ocaml-graph-honor-source-date-epoch.patch \ %D%/packages/patches/omake-fix-non-determinism.patch \ %D%/packages/patches/ola-readdir-r.patch \ %D%/packages/patches/openscenegraph-ffmpeg3.patch \ -- cgit v1.2.3 From 032a2760eef6dc64fa36f2fb3a211b755d5124bb Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Tue, 3 Oct 2017 10:36:35 +0300 Subject: gnu: services: Add cgit. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/version-control.scm (, ): New record types. (cgit-configuration-robots-string, cgit-activation, cgit-configuration-nginx-config): New procedures. (%cgit-configuration-nginx, cgit-service-type): New variables. * gnu/tests/version-control.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (Version Control): Document the cgit service. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 65 +++++++++++++++ gnu/local.mk | 1 + gnu/services/version-control.scm | 119 +++++++++++++++++++++++++- gnu/tests/version-control.scm | 176 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 360 insertions(+), 1 deletion(-) create mode 100644 gnu/tests/version-control.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index 9e301d0072..b9d127c47c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -17000,6 +17000,71 @@ Extra options will be passed to @code{git daemon}, please run @end table @end deftp +@subsubheading Cgit Service + +@cindex Cgit service +@cindex Git, web interface +@uref{https://git.zx2c4.com/cgit/, Cgit} is a web frontend for Git +repositories written in C. + +The following example will configure the service with default values. +By default, Cgit can be accessed on port 80 (@code{http://localhost:80}). + +@example +(service nginx-service-type) +(service fcgiwrap-service-type) +(service cgit-service-type) +@end example + +@deftp {Data Type} cgit-configuration +Data type representing the configuration of Cgit. +This type has the following parameters: + +@table @asis +@item @code{config-file} (default: @code{(cgit-configuration-file)}) +The configuration file to use for Cgit. This can be set to a +@dfn{cgit-configuration-file} record value, or any gexp +(@pxref{G-Expressions}). + +For example, to instead use a local file, the @code{local-file} function +can be used: + +@example +(service cgit-service-type + (cgit-configuration + (config-file (local-file "./my-cgitrc.conf")))) +@end example + +@item @code{package} (default: @code{cgit}) +The Cgit package to use. + +@end table +@end deftp + +@deftp {Data Type} cgit-configuration-file +Data type representing the configuration options for Cgit. +This type has the following parameters: + +@table @asis +@item @code{css} (default: @code{"/share/cgit/cgit.css"}) +URL which specifies the css document to include in all Cgit pages. + +@item @code{logo} (default: @code{"/share/cgit/cgit.png"}) +URL which specifies the source of an image which will be used as a logo +on all Cgit pages. + +@item @code{virtual-root} (default: @code{"/"}) +URL which, if specified, will be used as root for all Cgit links. + +@item @code{repository-directory} (default: @code{"/srv/git"}) +Name of the directory to scan for repositories. + +@item @code{robots} (default: @code{(list "noindex" "nofollow")}) +Text used as content for the ``robots'' meta-tag. + +@end table +@end deftp + @node Setuid Programs @subsection Setuid Programs diff --git a/gnu/local.mk b/gnu/local.mk index edd6d8237e..cceada5ae6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -501,6 +501,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/networking.scm \ %D%/tests/rsync.scm \ %D%/tests/ssh.scm \ + %D%/tests/version-control.scm \ %D%/tests/virtualization.scm \ %D%/tests/web.scm diff --git a/gnu/services/version-control.scm b/gnu/services/version-control.scm index 107bc8e77a..e39f4411fd 100644 --- a/gnu/services/version-control.scm +++ b/gnu/services/version-control.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 ng0 ;;; Copyright © 2016 Sou Bunnbu +;;; Copyright © 2017 Oleg Pykhalov ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,18 +22,40 @@ (define-module (gnu services version-control) #:use-module (gnu services) #:use-module (gnu services base) #:use-module (gnu services shepherd) + #:use-module (gnu services web) #:use-module (gnu system shadow) #:use-module (gnu packages version-control) #:use-module (gnu packages admin) #:use-module (guix records) #:use-module (guix gexp) + #:use-module (guix store) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (ice-9 match) #:export (git-daemon-service git-daemon-service-type git-daemon-configuration - git-daemon-configuration?)) + git-daemon-configuration? + + + cgit-configuration-file + cgit-configuration-file? + cgit-configuration-file-css + cgit-configuration-file-logo + cgit-configuration-file-robots + cgit-configuration-file-virtual-root + cgit-configuration-file-repository-directory + + + cgit-configuration + cgit-configuration? + cgit-configuration-config-file + cgit-configuration-package + + %cgit-configuration-nginx + cgit-configuration-nginx-config + + cgit-service-type)) ;;; Commentary: ;;; @@ -139,3 +162,97 @@ (define* (git-daemon-service #:key (config (git-daemon-configuration))) @code{} object, by default it allows read-only access to exported repositories under @file{/srv/git}." (service git-daemon-service-type config)) + + +;;; +;;; Cgit +;;; + +(define-record-type* + cgit-configuration-file + make-cgit-configuration-file + cgit-configuration-file? + (css cgit-configuration-file-css ; string + (default "/share/cgit/cgit.css")) + (logo cgit-configuration-file-logo ; string + (default "/share/cgit/cgit.png")) + (robots cgit-configuration-file-robots ; list + (default '("noindex" "nofollow"))) + (virtual-root cgit-configuration-file-virtual-root ; string + (default "/")) + (repository-directory cgit-configuration-file-repository-directory ; string + (default "/srv/git"))) + +(define (cgit-configuration-robots-string robots) + (string-join robots ", ")) + +(define-gexp-compiler (cgit-configuration-file-compiler + (file ) system target) + (match file + (($ css logo + robots virtual-root repository-directory) + (apply text-file* "cgitrc" + (letrec-syntax ((option (syntax-rules () + ((_ key value) + (if value + `(,key "=" ,value "\n") + '())))) + (key/value (syntax-rules () + ((_ (key value) rest ...) + (append (option key value) + (key/value rest ...))) + ((_) + '())))) + (key/value ("css" css) + ("logo" logo) + ("robots" (cgit-configuration-robots-string robots)) + ("virtual-root" virtual-root) + ("scan-path" repository-directory))))))) + +(define %cgit-configuration-nginx + (list + (nginx-server-configuration + (root cgit) + (locations + (list + (nginx-location-configuration + (uri "@cgit") + (body '("fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi;" + "fastcgi_param PATH_INFO $uri;" + "fastcgi_param QUERY_STRING $args;" + "fastcgi_param HTTP_HOST $server_name;" + "fastcgi_pass 127.0.0.1:9000;"))))) + (try-files (list "$uri" "@cgit")) + (https-port #f) + (ssl-certificate #f) + (ssl-certificate-key #f)))) + +(define-record-type* + cgit-configuration make-cgit-configuration + cgit-configuration? + (config-file cgit-configuration-config-file + (default (cgit-configuration-file))) + (package cgit-configuration-package + (default cgit)) + (nginx cgit-configuration-nginx + (default %cgit-configuration-nginx))) + +(define (cgit-activation config) + ;; Cgit compiled with default configuration path + #~(begin + (use-modules (guix build utils)) + (mkdir-p "/var/cache/cgit") + (copy-file #$(cgit-configuration-config-file config) "/etc/cgitrc"))) + +(define (cgit-configuration-nginx-config config) + (cgit-configuration-nginx config)) + +(define cgit-service-type + (service-type + (name 'cgit) + (extensions + (list (service-extension activation-service-type + cgit-activation) + (service-extension nginx-service-type + cgit-configuration-nginx-config))) + (default-value (cgit-configuration)))) diff --git a/gnu/tests/version-control.scm b/gnu/tests/version-control.scm new file mode 100644 index 0000000000..5a3937cfed --- /dev/null +++ b/gnu/tests/version-control.scm @@ -0,0 +1,176 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Oleg Pykhalov +;;; Copyright © 2017 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests version-control) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system file-systems) + #:use-module (gnu system shadow) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services version-control) + #:use-module (gnu services web) + #:use-module (gnu services networking) + #:use-module (gnu packages version-control) + #:use-module (guix gexp) + #:use-module (guix store) + #:export (%test-cgit)) + +(define %make-git-repository + ;; Create Git repository in /srv/git/test. + #~(begin + (mkdir-p "/srv/git/test") + (system* (string-append #$git "/bin/git") "-C" "/srv/git/test" + "init" "--bare"))) + +(define %cgit-configuration-nginx + (list + (nginx-server-configuration + (root cgit) + (locations + (list + (nginx-location-configuration + (uri "@cgit") + (body '("fastcgi_param SCRIPT_FILENAME $document_root/lib/cgit/cgit.cgi;" + "fastcgi_param PATH_INFO $uri;" + "fastcgi_param QUERY_STRING $args;" + "fastcgi_param HTTP_HOST $server_name;" + "fastcgi_pass 127.0.0.1:9000;"))))) + (try-files (list "$uri" "@cgit")) + (http-port 19418) + (https-port #f) + (ssl-certificate #f) + (ssl-certificate-key #f)))) + +(define %cgit-os + ;; Operating system under test. + (let ((base-os + (simple-operating-system + (dhcp-client-service) + (service nginx-service-type) + (service fcgiwrap-service-type) + (service cgit-service-type + (cgit-configuration + (nginx %cgit-configuration-nginx))) + (simple-service 'make-git-repository activation-service-type + %make-git-repository)))) + (operating-system + (inherit base-os) + (packages (cons* git + (operating-system-packages base-os)))))) + +(define* (run-cgit-test #:optional (http-port 19418)) + "Run tests in %CGIT-OS, which has nginx running and listening on +HTTP-PORT." + (define os + (marionette-operating-system + %cgit-os + #:imported-modules '((gnu services herd) + (guix combinators)))) + + (define vm + (virtual-machine + (operating-system os) + (port-forwardings `((8080 . ,http-port))))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (gnu build marionette) + (web uri) + (web client) + (web response)) + + (define marionette + (make-marionette (list #$vm))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "cgit") + + ;; Wait for nginx to be up and running. + (test-eq "service running" + 'running! + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'nginx) + 'running!) + marionette)) + + ;; Wait for fcgiwrap to be up and running. + (test-eq "service running" + 'running! + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'fcgiwrap) + 'running!) + marionette)) + + ;; Make sure the PID file is created. + (test-assert "PID file" + (marionette-eval + '(file-exists? "/var/run/nginx/pid") + marionette)) + + ;; Make sure the configuration file is created. + (test-assert "configuration file" + (marionette-eval + '(file-exists? "/etc/cgitrc") + marionette)) + + ;; Make sure Git test repository is created. + (test-assert "Git test repository" + (marionette-eval + '(file-exists? "/srv/git/test") + marionette)) + + ;; Make sure we can access pages that correspond to our repository. + (letrec-syntax ((test-url + (syntax-rules () + ((_ path code) + (test-equal (string-append "GET " path) + code + (let-values (((response body) + (http-get (string-append + "http://localhost:8080" + path)))) + (response-code response)))) + ((_ path) + (test-url path 200))))) + (test-url "/") + (test-url "/test") + (test-url "/test/log") + (test-url "/test/tree") + (test-url "/test/does-not-exist" 404) + (test-url "/does-not-exist" 404)) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "cgit-test" test)) + +(define %test-cgit + (system-test + (name "cgit") + (description "Connect to a running Cgit server.") + (value (run-cgit-test)))) -- cgit v1.2.3 From 6a3af24f062350751ab70ba21bdcf8792b6624d6 Mon Sep 17 00:00:00 2001 From: Dave Love Date: Mon, 2 Oct 2017 21:48:43 +0100 Subject: gnu: Add papi. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/profiling.scm: New file. * gnu/local.mk: Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/profiling.scm | 126 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 127 insertions(+) create mode 100644 gnu/packages/profiling.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index cceada5ae6..d5fb935e33 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -326,6 +326,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/plotutils.scm \ %D%/packages/polkit.scm \ %D%/packages/popt.scm \ + %D%/packages/profiling.scm \ %D%/packages/pth.scm \ %D%/packages/pulseaudio.scm \ %D%/packages/pumpio.scm \ diff --git a/gnu/packages/profiling.scm b/gnu/packages/profiling.scm new file mode 100644 index 0000000000..6d62aa2609 --- /dev/null +++ b/gnu/packages/profiling.scm @@ -0,0 +1,126 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Dave Love +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages profiling) + #:use-module (guix packages) + #:use-module ((guix licenses) #:prefix license:) ; avoid zlib, expat clashes + #:use-module (guix download) + #:use-module (guix utils) + #:use-module (guix build-system gnu) + #:use-module (gnu packages) + #:use-module (gnu packages autotools) + #:use-module (gnu packages base) ;for "which" + #:use-module (gnu packages fabric-management) + #:use-module (gnu packages gcc) + #:use-module (gnu packages libunwind) + #:use-module (gnu packages linux) + #:use-module (gnu packages ncurses)) + +;; Fixme: Separate out lib and fix resulting cycle errors; separate libpfm +;; output(?); build libmsr and add that component. +(define-public papi + (package + (name "papi") + (version "5.5.1") + (source + (origin + (method url-fetch) + (uri (string-append "http://icl.utk.edu/projects/papi/downloads/papi-" + version ".tar.gz")) + (sha256 (base32 "1m62s8fkjjgq04ayf18jcxc33rqfd7nrkdw1gr54q5pn4cijrp29")))) + (build-system gnu-build-system) + (inputs + `(("ncurses" ,ncurses) + ("lm-sensors" ,lm-sensors "lib") + ("rdma-core" ,rdma-core) + ("infiniband-diags" ,infiniband-diags "lib") + ("net-tools" ,net-tools))) + (native-inputs + `(("autoconf" ,autoconf) + ("gfortran" ,gfortran))) + (arguments + '(#:tests? #f ; no check target + #:configure-flags + ;; These are roughly per Fedora, but elide mx (assumed to be dead, even + ;; Open-MX) and add and powercap -- I don't know the pros/cons of + ;; infiniband and infiniband_mad, but you can't use them together, and + ;; the umad version needs at least one patch. + ;; Implicit enabled components: perf_event perf_event_uncore + `("--with-perf-events" "--with-shared-lib=yes" "--with-shlib" + "--with-static-lib=no" + "--with-components=appio coretemp example lustre micpower net rapl \ +stealtime lmsensors infiniband powercap" + ;; So utils get rpath set correctly: + ,(string-append "LDFLAGS=-Xlinker -rpath -Xlinker " + (assoc-ref %outputs "out") "/lib")) + #:phases + (modify-phases %standard-phases + (add-before 'configure 'autoconf + (lambda _ + (chdir "src") + (zero? (system* "autoconf")))) + ;; Amalgamating with the following clause gives double substitution. + (add-before 'patch-source-shebangs 'patch-components + (lambda _ + (with-directory-excursion "src/components" + (substitute* '("lmsensors/configure" "infiniband_umad/configure") + (("/bin/sh") (which "sh")))) + #t)) + (add-after 'configure 'components + (lambda* (#:key inputs #:allow-other-keys) + (with-directory-excursion "components" + (and + (with-directory-excursion "infiniband_umad" + (zero? (system* "./configure"))) + (with-directory-excursion "lmsensors" + (let ((base (assoc-ref inputs "lm-sensors"))) + (zero? + (system* + "./configure" + (string-append "--with-sensors_incdir=" base + "/include/sensors") + (string-append "--with-sensors_libdir=" base "/lib"))))))))) + (add-after 'install 'extra-doc + (lambda* (#:key outputs #:allow-other-keys) + (let ((doc (string-append (assoc-ref outputs "out") + "/share/doc"))) + (mkdir-p doc) + (chdir "..") ; we went into src above + (for-each (lambda (file) + (install-file file doc)) + '("README" "RELEASENOTES.txt" "LICENSE.txt")) + #t)))))) + (home-page "http://icl.cs.utk.edu/papi/") + (synopsis "Performance Application Programming Interface") + (description + "PAPI provides the tool designer and application engineer with a consistent +interface and methodology for use of the performance counter hardware found in +most major microprocessors. PAPI enables software engineers to see, in near +real time, the relation between software performance and processor events. + +In addition, PAPI provides access to a collection of components that expose +performance measurement opportunites across the hardware and software stack.") + ;; See Debian papi copyright file. + (license (list license:bsd-3 + license:lgpl2.1+ ;src/components/infiniband/pscanf.h + ;; not used in output + license:gpl2+ ;src/components/appio/tests/iozone/gengnuplot.sh + ;src/libpfm-3.y/*/multiplex* + ;; "BSD-like": src/libpfm-3.y/*, src/libpfm4/* + ;; lgpl2.1+: src/perfctr-2.*/* + )))) -- cgit v1.2.3 From a66408f8c0aedce21802e73d3dddda30281e4ef6 Mon Sep 17 00:00:00 2001 From: Dave Love Date: Mon, 2 Oct 2017 21:48:45 +0100 Subject: gnu: Add cube. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/profiling.scm(cube): New variable. * gnu/packages/patches/cube-nocheck.patch: New file. * gnu/local.mk: Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/patches/cube-nocheck.patch | 16 ++++ gnu/packages/profiling.scm | 139 +++++++++++++++++++++++++++++++- 3 files changed, 155 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/cube-nocheck.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index d5fb935e33..6d14f2a47c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -577,6 +577,7 @@ dist_patch_DATA = \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ + %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/curl-bounds-check.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cvs-2017-12836.patch \ diff --git a/gnu/packages/patches/cube-nocheck.patch b/gnu/packages/patches/cube-nocheck.patch new file mode 100644 index 0000000000..576044e622 --- /dev/null +++ b/gnu/packages/patches/cube-nocheck.patch @@ -0,0 +1,16 @@ +Unconditionally disable network check for new versions (from Fedora). + +diff -u /home/dlove/rpmbuild/BUILD/cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp\~ /home/dlove/rpmbuild/BUILD/cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp +--- cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp~ 2016-04-03 00:05:37.942066948 +0100 ++++ cube-4.3.4/src/GUI-qt/display/VersionCheckWidget.cpp 2016-05-06 17:16:31.648143908 +0100 +@@ -52,7 +52,8 @@ + url = QUrl( UPDATE_CHECK_URL ); + download = NULL; + update_Available = false; +- bool no_http = env_str2bool( getenv( "CUBE_DISABLE_HTTP_DOCS" ) ); ++ // bool no_http = env_str2bool( getenv( "CUBE_DISABLE_HTTP_DOCS" ) ); ++ bool no_http = true; + if ( !no_http ) + { + updateDescription = tr( "Check for update is not performed yet." ); + diff --git a/gnu/packages/profiling.scm b/gnu/packages/profiling.scm index 9a2f2a6642..598633c3e5 100644 --- a/gnu/packages/profiling.scm +++ b/gnu/packages/profiling.scm @@ -25,13 +25,18 @@ (define-module (gnu packages profiling) #:use-module (gnu packages) #:use-module (gnu packages autotools) #:use-module (gnu packages base) ;for "which" + #:use-module (gnu packages compression) + #:use-module (gnu packages documentation) #:use-module (gnu packages fabric-management) #:use-module (gnu packages gawk) #:use-module (gnu packages gcc) + #:use-module (gnu packages glib) #:use-module (gnu packages libunwind) #:use-module (gnu packages linux) #:use-module (gnu packages ncurses) - #:use-module (gnu packages python)) + #:use-module (gnu packages perl) + #:use-module (gnu packages python) + #:use-module (gnu packages qt)) ;; Fixme: Separate out lib and fix resulting cycle errors; separate libpfm ;; output(?); build libmsr and add that component. @@ -193,3 +198,135 @@ (define-public opari2 and hybrid codes. It surrounds OpenMP directives and runtime library calls with calls to the POMP2 measurement interface.") (license license:bsd-3))) + +(define-public cube + (package + (name "cube") + (version "4.3.5") + (source + (origin + (method url-fetch) + (uri (string-append + "http://apps.fz-juelich.de/scalasca/releases/cube/4.3/dist/cube-" + version ".tar.gz")) + (sha256 (base32 "04irflia4rfw02093w9nx7rr98r640y4q8hisjywvd4b7r3nzhhx")) + (patches (search-patches "cube-nocheck.patch")))) + (inputs `(("dbus" ,dbus) + ("zlib" ,zlib))) + (native-inputs `(("perl" ,perl) + ("qtbase" ,qtbase) ; native because of qmake + ("which" ,which))) + + ;; FIXME: The doc is 14MB, but adding a doc output results in a cycle. + (outputs '("out" ;"doc" + "lib")) + + (build-system gnu-build-system) + (arguments + `(#:configure-flags + `("--enable-shared" "--disable-static" "--disable-silent-rules" + ,(string-append "LDFLAGS=-L" (assoc-ref %outputs "lib") "/lib")) + #:parallel-tests? #f + #:phases + (modify-phases %standard-phases + (add-after 'configure 'rpath + ;; Account for moving GUI stuff + (lambda* (#:key outputs #:allow-other-keys) + (let ((wl (string-append "-Wl,-rpath=" (assoc-ref outputs "out") + "/lib"))) + (substitute* "build-backend/Makefile" + (("^cube_LDFLAGS =") (string-append "cube_LDFLAGS = " wl)) + (("^libheatmap_plugin_la_LDFLAGS =") + (string-append "libheatmap_plugin_la_LDFLAGS = " wl)) + (("^libbarplot_plugin_la_LDFLAGS =") + (string-append "libbarplot_plugin_la_LDFLAGS = " wl))) + #t))) + (add-before 'install 'includes-cube + ;; It tries to install here before include exists. + (lambda* (#:key outputs #:allow-other-keys) + (let ((inc (string-append (assoc-ref outputs "lib") "/include"))) + (mkdir-p (string-append inc "/cube")) + (mkdir-p (string-append inc "/cubew")) + #t))) + (add-after 'install 'licence + (lambda* (#:key outputs #:allow-other-keys) + (let ((doc (string-append (assoc-ref outputs "lib") + "/share/doc/cube"))) + (install-file "COPYING" doc) + #t))) + ;; XXX: Commented due to cycle (see comment above.) + ;; (add-after 'install 'doc + ;; (lambda _ + ;; (let ((share (string-append (assoc-ref %outputs "doc") + ;; "/share"))) + ;; (mkdir-p share) + ;; (rename-file (string-append %output "/share/doc") + ;; (string-append share "/doc"))))) + (add-after 'install 'gui-stuff + ;; Get the Qt horror dependencies out of the lib closure + (lambda _ + (let ((outlib (string-append (assoc-ref %outputs "out") "/lib")) + (lib (string-append (assoc-ref %outputs "lib") "/lib"))) + (mkdir-p outlib) + (rename-file (string-append lib "/cube-plugins") + (string-append outlib "/cube-plugins")) + (for-each (lambda (file) + (rename-file + file (string-append outlib "/" (basename file)))) + (append (find-files lib "libgraphwidgetcommon-plugin\\..*") + (find-files lib "libcube4gui\\.so.*"))) + #t))) + (add-after 'install 'move-include + ;; Most of the headers end up under %output for some reason, + ;; despite --includedir in configure. + (lambda* (#:key outputs #:allow-other-keys) + (let ((outinc (string-append (assoc-ref outputs "out") + "/include")) + (libinc (string-append (assoc-ref outputs "lib") + "/include"))) + (for-each (lambda (file) + (let ((from (string-append outinc "/" file))) + (copy-recursively from libinc) + (delete-file-recursively from))) + '("cube" "cubew")) + #t))) + + ;; XXX: This doesn't work because cube-config, which is needed for + ;; building stuff, sources cube-config-frontend. We don't want that + ;; in the lib output because it pulls in >1GB via QT. + ;; + ;; (add-after 'install 'cube-config + ;; (lambda _ + ;; (let* ((lib (assoc-ref %outputs "lib")) + ;; (libbin (string-append lib "/bin"))) + ;; (mkdir-p libbin) + ;; (system (string-append "mv " (assoc-ref %outputs "out") + ;; "/bin/cube-config* " libbin)) + ;; (substitute* (list (string-append libbin "/cube-config")) + ;; (("^prefix=.*") (string-append "prefix=" lib)) + ;; (("^exec_prefix=\"\\$\\{prefix\\}\"") + ;; (string-append "exec_prefix=" lib)))))) + (add-after 'install 'cube-config + (lambda* (#:key outputs #:allow-other-keys) + (let* ((lib (assoc-ref outputs "lib")) + (libbin (string-append lib "/bin"))) + (mkdir-p libbin) + (install-file (string-append %output "/bin/cube-config") libbin) + (install-file (string-append %output "/bin/cube-config-backend") + libbin) + (substitute* (list (string-append libbin "/cube-config")) + (("^source .*frontend.*$") "") + (((assoc-ref outputs "out")) lib)) + #t)))))) + (home-page "http://www.scalasca.org/software/cube-4.x/download.html") + (synopsis "Performance report explorer for parallel programs") + (description + "CUBE (CUBE Uniform Behavioral Encoding) is a tool to display a variety +of performance metrics for parallel programs including MPI and OpenMP +applications. CUBE allows interactive exploration of a multidimensional +performance space in a scalable fashion. Scalability is achieved in two ways: +hierarchical decomposition of individual dimensions and aggregation across +different dimensions. All performance metrics are uniformly accommodated in +the same display and thus provide the ability to easily compare the effects of +different kinds of performance behavior.") + (license license:bsd-3))) -- cgit v1.2.3 From 4d6801b735550ee804454a6d4f0d44c3372e0ae9 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sat, 30 Sep 2017 09:11:43 -0400 Subject: gnu: graphicsmagick: Fix CVE-2017-14649. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. * gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 3 +- .../patches/graphicsmagick-CVE-2017-14649.patch | 210 +++++++++++++++++++++ 3 files changed, 213 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 6d14f2a47c..88d24fab27 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -691,6 +691,7 @@ dist_patch_DATA = \ %D%/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-14042.patch \ %D%/packages/patches/graphicsmagick-CVE-2017-14165.patch \ + %D%/packages/patches/graphicsmagick-CVE-2017-14649.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ %D%/packages/patches/grep-gnulib-lock.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 7599f87311..b22799eea2 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -185,7 +185,8 @@ (define-public graphicsmagick "graphicsmagick-CVE-2017-13775.patch" "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch" "graphicsmagick-CVE-2017-14042.patch" - "graphicsmagick-CVE-2017-14165.patch")))) + "graphicsmagick-CVE-2017-14165.patch" + "graphicsmagick-CVE-2017-14649.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch new file mode 100644 index 0000000000..8e1166ba7a --- /dev/null +++ b/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch @@ -0,0 +1,210 @@ +http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a +http://www.openwall.com/lists/oss-security/2017/09/22/2 + +Some changes were made to make the patch apply. + +Notably, the DestroyJNG() function in the upstream diff has been replaced by +its equivalent, a series of calls to MagickFreeMemory(), DestroyImageInfo(), +and DestroyImage(). See +http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5. + +# HG changeset patch +# User Glenn Randers-Pehrson +# Date 1504014487 14400 +# Node ID 358608a46f0a9c55e9bb8b37d09bf1ac9bc87f06 +# Parent 38c362f0ae5e7a914c3fe822284c6953f8e6eee2 +Fix Issue 439 + +diff -ru a/coders/png.c b/coders/png.c +--- a/coders/png.c 1969-12-31 19:00:00.000000000 -0500 ++++ b/coders/png.c 2017-09-30 08:20:16.218944991 -0400 +@@ -1176,15 +1176,15 @@ + /* allocate space */ + if (length == 0) + { +- (void) ThrowException2(&image->exception,CoderWarning, +- "invalid profile length",(char *) NULL); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "invalid profile length"); + return (MagickFail); + } + info=MagickAllocateMemory(unsigned char *,length); + if (info == (unsigned char *) NULL) + { +- (void) ThrowException2(&image->exception,CoderWarning, +- "unable to copy profile",(char *) NULL); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "Unable to copy profile"); + return (MagickFail); + } + /* copy profile, skipping white space and column 1 "=" signs */ +@@ -1197,8 +1197,8 @@ + if (*sp == '\0') + { + MagickFreeMemory(info); +- (void) ThrowException2(&image->exception,CoderWarning, +- "ran out of profile data",(char *) NULL); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "ran out of profile data"); + return (MagickFail); + } + sp++; +@@ -1234,8 +1234,9 @@ + if(SetImageProfile(image,profile_name,info,length) == MagickFail) + { + MagickFreeMemory(info); +- (void) ThrowException(&image->exception,ResourceLimitError, +- MemoryAllocationFailed,"unable to copy profile"); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ "unable to copy profile"); ++ return MagickFail; + } + MagickFreeMemory(info); + return MagickTrue; +@@ -3285,7 +3286,6 @@ + if (status == MagickFalse) + { + DestroyJNGInfo(color_image_info,alpha_image_info); +- DestroyImage(alpha_image); + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + " could not allocate alpha_image blob"); + return ((Image *)NULL); +@@ -3534,7 +3534,7 @@ + CloseBlob(color_image); + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +- " Reading jng_image from color_blob."); ++ " Reading jng_image from color_blob."); + + FormatString(color_image_info->filename,"%.1024s",color_image->filename); + +@@ -3558,13 +3558,18 @@ + + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +- " Copying jng_image pixels to main image."); ++ " Copying jng_image pixels to main image."); + image->rows=jng_height; + image->columns=jng_width; + length=image->columns*sizeof(PixelPacket); ++ if ((jng_height == 0 || jng_width == 0) && logging) ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " jng_width=%lu jng_height=%lu", ++ (unsigned long)jng_width,(unsigned long)jng_height); + for (y=0; y < (long) image->rows; y++) + { +- s=AcquireImagePixels(jng_image,0,y,image->columns,1,&image->exception); ++ s=AcquireImagePixels(jng_image,0,y,image->columns,1, ++ &image->exception); + q=SetImagePixels(image,0,y,image->columns,1); + (void) memcpy(q,s,length); + if (!SyncImagePixels(image)) +@@ -3589,45 +3594,79 @@ + CloseBlob(alpha_image); + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), +- " Reading opacity from alpha_blob."); ++ " Reading opacity from alpha_blob."); + + FormatString(alpha_image_info->filename,"%.1024s", + alpha_image->filename); + + jng_image=ReadImage(alpha_image_info,exception); + +- for (y=0; y < (long) image->rows; y++) ++ if (jng_image == (Image *)NULL) + { +- s=AcquireImagePixels(jng_image,0,y,image->columns,1, +- &image->exception); +- if (image->matte) +- { +- q=SetImagePixels(image,0,y,image->columns,1); +- for (x=(long) image->columns; x > 0; x--,q++,s++) +- q->opacity=(Quantum) MaxRGB-s->red; +- } +- else ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " jng_image is NULL."); ++ if (color_image_info) ++ DestroyImageInfo(color_image_info); ++ if (alpha_image_info) ++ DestroyImageInfo(alpha_image_info); ++ if (color_image) ++ DestroyImage(color_image); ++ if (alpha_image) ++ DestroyImage(alpha_image); ++ } ++ else ++ { ++ ++ if (logging) + { +- q=SetImagePixels(image,0,y,image->columns,1); +- for (x=(long) image->columns; x > 0; x--,q++,s++) +- { +- q->opacity=(Quantum) MaxRGB-s->red; +- if (q->opacity != OpaqueOpacity) +- image->matte=MagickTrue; +- } ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " Read jng_image."); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " jng_image->width=%lu, jng_image->height=%lu", ++ (unsigned long)jng_width,(unsigned long)jng_height); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " image->rows=%lu, image->columns=%lu", ++ (unsigned long)image->rows, ++ (unsigned long)image->columns); + } +- if (!SyncImagePixels(image)) +- break; +- } +- (void) LiberateUniqueFileResource(alpha_image->filename); +- DestroyImage(alpha_image); +- alpha_image = (Image *)NULL; +- DestroyImageInfo(alpha_image_info); +- alpha_image_info = (ImageInfo *)NULL; +- (void) LogMagickEvent(CoderEvent,GetMagickModule(), +- " Destroy the JNG image"); +- DestroyImage(jng_image); +- jng_image = (Image *)NULL; ++ ++ for (y=0; y < (long) image->rows; y++) ++ { ++ s=AcquireImagePixels(jng_image,0,y,image->columns,1, ++ &image->exception); ++ if (image->matte) ++ { ++ q=SetImagePixels(image,0,y,image->columns,1); ++ for (x=(long) image->columns; x > 0; x--,q++,s++) ++ q->opacity=(Quantum) MaxRGB-s->red; ++ } ++ else ++ { ++ q=SetImagePixels(image,0,y,image->columns,1); ++ for (x=(long) image->columns; x > 0; x--,q++,s++) ++ { ++ q->opacity=(Quantum) MaxRGB-s->red; ++ if (q->opacity != OpaqueOpacity) ++ image->matte=MagickTrue; ++ } ++ } ++ if (!SyncImagePixels(image)) ++ break; ++ } ++ (void) LiberateUniqueFileResource(alpha_image->filename); ++ if (color_image_info) ++ DestroyImageInfo(color_image_info); ++ if (alpha_image_info) ++ DestroyImageInfo(alpha_image_info); ++ if (color_image) ++ DestroyImage(color_image); ++ if (alpha_image) ++ DestroyImage(alpha_image); ++ (void) LogMagickEvent(CoderEvent,GetMagickModule(), ++ " Destroy the JNG image"); ++ DestroyImage(jng_image); ++ jng_image = (Image *)NULL; ++ } + } + } -- cgit v1.2.3 From 2299f5cd78a9874ec7797d02d9bd53cc3c30b698 Mon Sep 17 00:00:00 2001 From: Cyril Roelandt Date: Tue, 3 Oct 2017 22:28:51 +0200 Subject: gnu: python-nose-timer: Add missing patch. * gnu/packages/patches/python-nose-timer-drop-ordereddict.patch: New file. * gnu/local.mk: Add it. --- gnu/local.mk | 1 + .../python-nose-timer-drop-ordereddict.patch | 44 ++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 gnu/packages/patches/python-nose-timer-drop-ordereddict.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 88d24fab27..c802b7b340 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -984,6 +984,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-genshi-isstring-helper.patch \ %D%/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch \ %D%/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch \ + %D%/packages/patches/python-nose-timer-drop-ordereddict.patch \ %D%/packages/patches/python-parse-too-many-fields.patch \ %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \ %D%/packages/patches/python-statsmodels-fix-tests.patch \ diff --git a/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch b/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch new file mode 100644 index 0000000000..e1e71a332a --- /dev/null +++ b/gnu/packages/patches/python-nose-timer-drop-ordereddict.patch @@ -0,0 +1,44 @@ +From 700076019b5aff72aac7651cc830aaef21ee9a47 Mon Sep 17 00:00:00 2001 +From: jakirkham +Date: Fri, 7 Jul 2017 05:57:56 -0400 +Subject: [PATCH] Drop ordereddict requirement (#84) + +* Drop ordereddict requirement + +As Python 2.7 is the minimum Python supported, every version of Python +should have `ordereddict` preincluded in the standard library one way or +another. So we can drop this dependency and just handle the differences +between Python 2 and Python 3. +--- + nosetimer/plugin.py | 5 +---- + setup.py | 1 - + 2 files changed, 1 insertion(+), 5 deletions(-) + +diff --git a/nosetimer/plugin.py b/nosetimer/plugin.py +index ef28e11..d093a51 100644 +--- a/nosetimer/plugin.py ++++ b/nosetimer/plugin.py +@@ -12,10 +12,7 @@ + except ImportError: + import queue as Queue + +-try: +- from collections import OrderedDict +-except ImportError: +- from ordereddict import OrderedDict ++from collections import OrderedDict + + + # define constants +diff --git a/setup.py b/setup.py +index 6a55b82..d249325 100755 +--- a/setup.py ++++ b/setup.py +@@ -27,7 +27,6 @@ + install_requires=[ + 'nose', + 'termcolor', +- 'ordereddict', + ], + license='MIT', + entry_points={ -- cgit v1.2.3 From f9bd2051f041d5530f88fb2e8b183193209b5f41 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 3 Oct 2017 23:00:23 +0200 Subject: gnu: qemu: Update to 2.10.1. * gnu/packages/patches/qemu-CVE-2017-13711.patch, gnu/packages/patches/qemu-CVE-2017-14167.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/virtualization.scm (qemu): Update to 2.10.1. [source](patches): Remove. --- gnu/local.mk | 2 - gnu/packages/patches/qemu-CVE-2017-13711.patch | 89 -------------------------- gnu/packages/patches/qemu-CVE-2017-14167.patch | 69 -------------------- gnu/packages/virtualization.scm | 6 +- 4 files changed, 2 insertions(+), 164 deletions(-) delete mode 100644 gnu/packages/patches/qemu-CVE-2017-13711.patch delete mode 100644 gnu/packages/patches/qemu-CVE-2017-14167.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index c802b7b340..9f4c6398b2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -999,8 +999,6 @@ dist_patch_DATA = \ %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \ %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ - %D%/packages/patches/qemu-CVE-2017-13711.patch \ - %D%/packages/patches/qemu-CVE-2017-14167.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ diff --git a/gnu/packages/patches/qemu-CVE-2017-13711.patch b/gnu/packages/patches/qemu-CVE-2017-13711.patch deleted file mode 100644 index 4070115419..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-13711.patch +++ /dev/null @@ -1,89 +0,0 @@ -Fix CVE-2017-13711: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13711 - -Patch copied from upstream source repository: - -https://git.qemu.org/?p=qemu.git;a=commitdiff;h=1201d308519f1e915866d7583d5136d03cc1d384 - -From 1201d308519f1e915866d7583d5136d03cc1d384 Mon Sep 17 00:00:00 2001 -From: Samuel Thibault -Date: Fri, 25 Aug 2017 01:35:53 +0200 -Subject: [PATCH] slirp: fix clearing ifq_so from pending packets -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The if_fastq and if_batchq contain not only packets, but queues of packets -for the same socket. When sofree frees a socket, it thus has to clear ifq_so -from all the packets from the queues, not only the first. - -Signed-off-by: Samuel Thibault -Reviewed-by: Philippe Mathieu-Daudé -Cc: qemu-stable@nongnu.org -Signed-off-by: Peter Maydell ---- - slirp/socket.c | 39 +++++++++++++++++++++++---------------- - 1 file changed, 23 insertions(+), 16 deletions(-) - -diff --git a/slirp/socket.c b/slirp/socket.c -index ecec0295a9..cb7b5b608d 100644 ---- a/slirp/socket.c -+++ b/slirp/socket.c -@@ -59,6 +59,27 @@ socreate(Slirp *slirp) - return(so); - } - -+/* -+ * Remove references to so from the given message queue. -+ */ -+static void -+soqfree(struct socket *so, struct quehead *qh) -+{ -+ struct mbuf *ifq; -+ -+ for (ifq = (struct mbuf *) qh->qh_link; -+ (struct quehead *) ifq != qh; -+ ifq = ifq->ifq_next) { -+ if (ifq->ifq_so == so) { -+ struct mbuf *ifm; -+ ifq->ifq_so = NULL; -+ for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) { -+ ifm->ifq_so = NULL; -+ } -+ } -+ } -+} -+ - /* - * remque and free a socket, clobber cache - */ -@@ -66,23 +87,9 @@ void - sofree(struct socket *so) - { - Slirp *slirp = so->slirp; -- struct mbuf *ifm; - -- for (ifm = (struct mbuf *) slirp->if_fastq.qh_link; -- (struct quehead *) ifm != &slirp->if_fastq; -- ifm = ifm->ifq_next) { -- if (ifm->ifq_so == so) { -- ifm->ifq_so = NULL; -- } -- } -- -- for (ifm = (struct mbuf *) slirp->if_batchq.qh_link; -- (struct quehead *) ifm != &slirp->if_batchq; -- ifm = ifm->ifq_next) { -- if (ifm->ifq_so == so) { -- ifm->ifq_so = NULL; -- } -- } -+ soqfree(so, &slirp->if_fastq); -+ soqfree(so, &slirp->if_batchq); - - if (so->so_emu==EMU_RSH && so->extra) { - sofree(so->extra); --- -2.14.1 - diff --git a/gnu/packages/patches/qemu-CVE-2017-14167.patch b/gnu/packages/patches/qemu-CVE-2017-14167.patch deleted file mode 100644 index a6007ac082..0000000000 --- a/gnu/packages/patches/qemu-CVE-2017-14167.patch +++ /dev/null @@ -1,69 +0,0 @@ -Fix CVE-2017-14167: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14167 -http://seclists.org/oss-sec/2017/q3/407 - -Patch copied from upstream development mailing list: - -https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html - -From: Prasad J Pandit - -While loading kernel via multiboot-v1 image, (flags & 0x00010000) -indicates that multiboot header contains valid addresses to load -the kernel image. These addresses are used to compute kernel -size and kernel text offset in the OS image. Validate these -address values to avoid an OOB access issue. - -This is CVE-2017-14167. - -Reported-by: Thomas Garnier -Signed-off-by: Prasad J Pandit ---- - hw/i386/multiboot.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -Update: add CVE-ID to the commit message. - -diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c -index 6001f4caa2..c7b70c91d5 100644 ---- a/hw/i386/multiboot.c -+++ b/hw/i386/multiboot.c -@@ -221,15 +221,34 @@ int load_multiboot(FWCfgState *fw_cfg, - uint32_t mh_header_addr = ldl_p(header+i+12); - uint32_t mh_load_end_addr = ldl_p(header+i+20); - uint32_t mh_bss_end_addr = ldl_p(header+i+24); -+ - mh_load_addr = ldl_p(header+i+16); -+ if (mh_header_addr < mh_load_addr) { -+ fprintf(stderr, "invalid mh_load_addr address\n"); -+ exit(1); -+ } -+ - uint32_t mb_kernel_text_offset = i - (mh_header_addr - mh_load_addr); - uint32_t mb_load_size = 0; - mh_entry_addr = ldl_p(header+i+28); - - if (mh_load_end_addr) { -+ if (mh_bss_end_addr < mh_load_addr) { -+ fprintf(stderr, "invalid mh_bss_end_addr address\n"); -+ exit(1); -+ } - mb_kernel_size = mh_bss_end_addr - mh_load_addr; -+ -+ if (mh_load_end_addr < mh_load_addr) { -+ fprintf(stderr, "invalid mh_load_end_addr address\n"); -+ exit(1); -+ } - mb_load_size = mh_load_end_addr - mh_load_addr; - } else { -+ if (kernel_file_size < mb_kernel_text_offset) { -+ fprintf(stderr, "invalid kernel_file_size\n"); -+ exit(1); -+ } - mb_kernel_size = kernel_file_size - mb_kernel_text_offset; - mb_load_size = mb_kernel_size; - } --- -2.13.5 - diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 344ffc786b..a8e54d6840 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -72,16 +72,14 @@ (define (qemu-patch commit file-name sha256) (define-public qemu (package (name "qemu") - (version "2.10.0") + (version "2.10.1") (source (origin (method url-fetch) (uri (string-append "https://download.qemu.org/qemu-" version ".tar.xz")) - (patches (search-patches "qemu-CVE-2017-13711.patch" - "qemu-CVE-2017-14167.patch")) (sha256 (base32 - "0dgk7zcni41nf1jp84y0m6dk2nb4frnh571m8hkiv0m4hz4imn2m")))) + "1ahwl7r18iw2ds0q3c51nlivqsan9hcgnc8bbf9pv366iy81mm8x")))) (build-system gnu-build-system) (arguments '(;; Running tests in parallel can occasionally lead to failures, like: -- cgit v1.2.3 From f473b8f1f7db695dce1ed5b145be501424e76b34 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 3 Oct 2017 22:46:40 +0300 Subject: gnu: clisp: Update to 2.49-60. * gnu/packages/lisp.scm (clisp): Update to 2.49-60. [source]: Download mercurial repository, apply patch. [inputs]: Replace readline@6.2 with readline, add ncurses. [arguments]: Add multiple configure flags. Remove build phase to build in "src" directory. Remove more uses of a timestamp. --- gnu/local.mk | 1 + gnu/packages/lisp.scm | 32 ++++++++++------ .../patches/clisp-remove-failing-test.patch | 43 ++++++++++++++++++++++ 3 files changed, 65 insertions(+), 11 deletions(-) create mode 100644 gnu/packages/patches/clisp-remove-failing-test.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9f4c6398b2..ad8b02a082 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -560,6 +560,7 @@ dist_patch_DATA = \ %D%/packages/patches/chmlib-inttypes.patch \ %D%/packages/patches/clang-libc-search-path.patch \ %D%/packages/patches/clang-3.8-libc-search-path.patch \ + %D%/packages/patches/clisp-remove-failing-test.patch \ %D%/packages/patches/clucene-pkgconfig.patch \ %D%/packages/patches/clx-remove-demo.patch \ %D%/packages/patches/cmake-fix-tests.patch \ diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm index 224cea56f6..f5840e1b28 100644 --- a/gnu/packages/lisp.scm +++ b/gnu/packages/lisp.scm @@ -33,6 +33,7 @@ (define-module (gnu packages lisp) #:use-module (gnu packages m4) #:use-module (guix download) #:use-module (guix git-download) + #:use-module (guix hg-download) #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (guix build-system asdf) @@ -42,6 +43,7 @@ (define-module (gnu packages lisp) #:use-module (gnu packages fontutils) #:use-module (gnu packages maths) #:use-module (gnu packages multiprecision) + #:use-module (gnu packages ncurses) #:use-module (gnu packages bdw-gc) #:use-module (gnu packages libffi) #:use-module (gnu packages libffcall) @@ -228,21 +230,31 @@ (define-public ecl (define-public clisp (package (name "clisp") - (version "2.49") + (version "2.49-60") (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/clisp/release/" version - "/clisp-" version ".tar.gz")) + (method hg-fetch) + (uri (hg-reference + (url "http://hg.code.sf.net/p/clisp/clisp") + (changeset "clisp_2_49_60-2017-06-25"))) + (file-name (string-append name "-" version "-checkout")) (sha256 - (base32 "0rp82nqp5362isl9i34rwgg04cidz7izljd9d85pqcw1qr964bxx")))) + (base32 "0qjv3z274rbdmb941hy03hl63f4z7bmci234f8dyz4skgfr82d3i")) + (patches (search-patches "clisp-remove-failing-test.patch")))) (build-system gnu-build-system) (inputs `(("libffcall" ,libffcall) - ("readline" ,readline-6.2) + ("ncurses" ,ncurses) + ("readline" ,readline) ("libsigsegv" ,libsigsegv))) (arguments '(;; XXX The custom configure script does not cope well when passed ;; --build=. + #:configure-flags '("CFLAGS=-falign-functions=4" + "--enable-portability" + "--with-dynamic-ffi" + "--with-dynamic-modules" + "--with-module=bindings/glibc" + "--with-module=rawsock") #:build #f #:phases (modify-phases %standard-phases @@ -262,11 +274,9 @@ (define-public clisp (lambda _ (substitute* "src/constobj.d" (("__DATE__ __TIME__") "\"1\"")) - #t)) - (add-before 'build 'chdir-to-source - (lambda _ - ;; We are supposed to call make under the src sub-directory. - (chdir "src") + (substitute* "src/genclisph.d" + (("__DATE__") "\"1\"") + (("__TIME__") "\"1\"")) #t))) ;; Makefiles seem to have race conditions. #:parallel-build? #f)) diff --git a/gnu/packages/patches/clisp-remove-failing-test.patch b/gnu/packages/patches/clisp-remove-failing-test.patch new file mode 100644 index 0000000000..e44ce80f74 --- /dev/null +++ b/gnu/packages/patches/clisp-remove-failing-test.patch @@ -0,0 +1,43 @@ +This test doesn't ever complete or timeout + +--- + tests/socket.tst | 24 ------------------------ + 1 file changed, 24 deletions(-) + +diff --git a/tests/socket.tst b/tests/socket.tst +index 93c6310..1d976ff 100644 +--- a/tests/socket.tst ++++ b/tests/socket.tst +@@ -551,30 +551,6 @@ T + interfaces)) + ("0.0.0.0" "127.0.0.1" "0.0.0.0" "127.0.0.1") + +-(multiple-value-bind (run args) (cmd-args) +- (let ((se (socket:socket-server))) +- (ext:run-program run :arguments (append args (list "-q" "-q" "-x" (format nil "(close (socket:socket-connect ~D))" (socket:socket-server-port se)))) +- :wait nil :input nil :output nil) +- (unwind-protect +- (with-open-stream (so (socket:socket-accept se)) +- (list +- (socket:socket-status so) +- (write-line "foo" so) +- (socket:socket-status so) +- #+macos (handler-case (read-char so) +- (end-of-file (c) +- (princ 'read-char) (princ-error c) t)) +- #-macos (check-os-error (read-char so) (:ECONNRESET 104)) +- (null (member (socket:socket-status so) '(:EOF :APPEND))) +- #+macos (string= (write-line "bar" so) "bar") +- #-macos (check-os-error (write-line "bar" so) (:EPIPE 32)) +- (null (member (socket:socket-status so) '(:EOF :APPEND))) +- (handler-case (read-char so) +- (end-of-file (c) +- (princ 'read-char) (princ-error c) 'end-of-file)))) +- (socket:socket-server-close se)))) +-(:OUTPUT "foo" :OUTPUT T NIL T NIL END-OF-FILE) +- + ;; https://sourceforge.net/p/clisp/feature-requests/46/ + (check-os-error (socket:socket-connect 0) + #-(or win32 macos) (:ECONNREFUSED 111) +-- + -- cgit v1.2.3 From a35532f52df3ba3bc360346938aa90806cad493e Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 5 Oct 2017 00:34:53 +0200 Subject: gnu: xorg-server: Update to 1.19.4 [fixes CVE-2017-13721, CVE-2017-13723]. The GPG signature for the bz2 tarball is bad, but the checksum matches the signed release announcement, and contents are identical to the good .gz. * gnu/packages/xorg.scm (xorg-server): Update to 1.19.4. [source]: Remove obsolete patches. * gnu/packages/patches/xorg-server-CVE-2017-10971.patch, gnu/packages/patches/xorg-server-CVE-2017-10972.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. --- gnu/local.mk | 2 - .../patches/xorg-server-CVE-2017-10971.patch | 153 --------------------- .../patches/xorg-server-CVE-2017-10972.patch | 35 ----- gnu/packages/xorg.scm | 10 +- 4 files changed, 4 insertions(+), 196 deletions(-) delete mode 100644 gnu/packages/patches/xorg-server-CVE-2017-10971.patch delete mode 100644 gnu/packages/patches/xorg-server-CVE-2017-10972.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index ad8b02a082..6db176b767 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1124,8 +1124,6 @@ dist_patch_DATA = \ %D%/packages/patches/xinetd-fix-fd-leak.patch \ %D%/packages/patches/xinetd-CVE-2013-4342.patch \ %D%/packages/patches/xmodmap-asprintf.patch \ - %D%/packages/patches/xorg-server-CVE-2017-10971.patch \ - %D%/packages/patches/xorg-server-CVE-2017-10972.patch \ %D%/packages/patches/libyaml-CVE-2014-9130.patch \ %D%/packages/patches/zathura-plugindir-environment-variable.patch \ %D%/packages/patches/zziplib-CVE-2017-5974.patch \ diff --git a/gnu/packages/patches/xorg-server-CVE-2017-10971.patch b/gnu/packages/patches/xorg-server-CVE-2017-10971.patch deleted file mode 100644 index 2696033e58..0000000000 --- a/gnu/packages/patches/xorg-server-CVE-2017-10971.patch +++ /dev/null @@ -1,153 +0,0 @@ -From 215f894965df5fb0bb45b107d84524e700d2073c Mon Sep 17 00:00:00 2001 -From: Michal Srb -Date: Wed, 24 May 2017 15:54:40 +0300 -Subject: dix: Disallow GenericEvent in SendEvent request. - -The SendEvent request holds xEvent which is exactly 32 bytes long, no more, -no less. Both ProcSendEvent and SProcSendEvent verify that the received data -exactly match the request size. However nothing stops the client from passing -in event with xEvent::type = GenericEvent and any value of -xGenericEvent::length. - -In the case of ProcSendEvent, the event will be eventually passed to -WriteEventsToClient which will see that it is Generic event and copy the -arbitrary length from the receive buffer (and possibly past it) and send it to -the other client. This allows clients to copy unitialized heap memory out of X -server or to crash it. - -In case of SProcSendEvent, it will attempt to swap the incoming event by -calling a swapping function from the EventSwapVector array. The swapped event -is written to target buffer, which in this case is local xEvent variable. The -xEvent variable is 32 bytes long, but the swapping functions for GenericEvents -expect that the target buffer has size matching the size of the source -GenericEvent. This allows clients to cause stack buffer overflows. - -Signed-off-by: Michal Srb -Reviewed-by: Peter Hutterer -Signed-off-by: Peter Hutterer - -diff --git a/dix/events.c b/dix/events.c -index 3e3a01e..d3a33ea 100644 ---- a/dix/events.c -+++ b/dix/events.c -@@ -5366,6 +5366,12 @@ ProcSendEvent(ClientPtr client) - client->errorValue = stuff->event.u.u.type; - return BadValue; - } -+ /* Generic events can have variable size, but SendEvent request holds -+ exactly 32B of event data. */ -+ if (stuff->event.u.u.type == GenericEvent) { -+ client->errorValue = stuff->event.u.u.type; -+ return BadValue; -+ } - if (stuff->event.u.u.type == ClientMessage && - stuff->event.u.u.detail != 8 && - stuff->event.u.u.detail != 16 && stuff->event.u.u.detail != 32) { -diff --git a/dix/swapreq.c b/dix/swapreq.c -index 719e9b8..6785059 100644 ---- a/dix/swapreq.c -+++ b/dix/swapreq.c -@@ -292,6 +292,13 @@ SProcSendEvent(ClientPtr client) - swapl(&stuff->destination); - swapl(&stuff->eventMask); - -+ /* Generic events can have variable size, but SendEvent request holds -+ exactly 32B of event data. */ -+ if (stuff->event.u.u.type == GenericEvent) { -+ client->errorValue = stuff->event.u.u.type; -+ return BadValue; -+ } -+ - /* Swap event */ - proc = EventSwapVector[stuff->event.u.u.type & 0177]; - if (!proc || proc == NotImplemented) /* no swapping proc; invalid event type? */ --- -cgit v0.10.2 - -From 8caed4df36b1f802b4992edcfd282cbeeec35d9d Mon Sep 17 00:00:00 2001 -From: Michal Srb -Date: Wed, 24 May 2017 15:54:41 +0300 -Subject: Xi: Verify all events in ProcXSendExtensionEvent. - -The requirement is that events have type in range -EXTENSION_EVENT_BASE..lastEvent, but it was tested -only for first event of all. - -Signed-off-by: Michal Srb -Reviewed-by: Peter Hutterer -Signed-off-by: Peter Hutterer - -diff --git a/Xi/sendexev.c b/Xi/sendexev.c -index 1cf118a..5e63bfc 100644 ---- a/Xi/sendexev.c -+++ b/Xi/sendexev.c -@@ -117,7 +117,7 @@ SProcXSendExtensionEvent(ClientPtr client) - int - ProcXSendExtensionEvent(ClientPtr client) - { -- int ret; -+ int ret, i; - DeviceIntPtr dev; - xEvent *first; - XEventClass *list; -@@ -141,10 +141,12 @@ ProcXSendExtensionEvent(ClientPtr client) - /* The client's event type must be one defined by an extension. */ - - first = ((xEvent *) &stuff[1]); -- if (!((EXTENSION_EVENT_BASE <= first->u.u.type) && -- (first->u.u.type < lastEvent))) { -- client->errorValue = first->u.u.type; -- return BadValue; -+ for (i = 0; i < stuff->num_events; i++) { -+ if (!((EXTENSION_EVENT_BASE <= first[i].u.u.type) && -+ (first[i].u.u.type < lastEvent))) { -+ client->errorValue = first[i].u.u.type; -+ return BadValue; -+ } - } - - list = (XEventClass *) (first + stuff->num_events); --- -cgit v0.10.2 - -From ba336b24052122b136486961c82deac76bbde455 Mon Sep 17 00:00:00 2001 -From: Michal Srb -Date: Wed, 24 May 2017 15:54:42 +0300 -Subject: Xi: Do not try to swap GenericEvent. - -The SProcXSendExtensionEvent must not attempt to swap GenericEvent because -it is assuming that the event has fixed size and gives the swapping function -xEvent-sized buffer. - -A GenericEvent would be later rejected by ProcXSendExtensionEvent anyway. - -Signed-off-by: Michal Srb -Reviewed-by: Peter Hutterer -Signed-off-by: Peter Hutterer - -diff --git a/Xi/sendexev.c b/Xi/sendexev.c -index 5e63bfc..5c2e0fc 100644 ---- a/Xi/sendexev.c -+++ b/Xi/sendexev.c -@@ -95,9 +95,17 @@ SProcXSendExtensionEvent(ClientPtr client) - - eventP = (xEvent *) &stuff[1]; - for (i = 0; i < stuff->num_events; i++, eventP++) { -+ if (eventP->u.u.type == GenericEvent) { -+ client->errorValue = eventP->u.u.type; -+ return BadValue; -+ } -+ - proc = EventSwapVector[eventP->u.u.type & 0177]; -- if (proc == NotImplemented) /* no swapping proc; invalid event type? */ -+ /* no swapping proc; invalid event type? */ -+ if (proc == NotImplemented) { -+ client->errorValue = eventP->u.u.type; - return BadValue; -+ } - (*proc) (eventP, &eventT); - *eventP = eventT; - } --- -cgit v0.10.2 - diff --git a/gnu/packages/patches/xorg-server-CVE-2017-10972.patch b/gnu/packages/patches/xorg-server-CVE-2017-10972.patch deleted file mode 100644 index f24e9c0ae6..0000000000 --- a/gnu/packages/patches/xorg-server-CVE-2017-10972.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 05442de962d3dc624f79fc1a00eca3ffc5489ced Mon Sep 17 00:00:00 2001 -From: Michal Srb -Date: Wed, 24 May 2017 15:54:39 +0300 -Subject: Xi: Zero target buffer in SProcXSendExtensionEvent. - -Make sure that the xEvent eventT is initialized with zeros, the same way as -in SProcSendEvent. - -Some event swapping functions do not overwrite all 32 bytes of xEvent -structure, for example XSecurityAuthorizationRevoked. Two cooperating -clients, one swapped and the other not, can send -XSecurityAuthorizationRevoked event to each other to retrieve old stack data -from X server. This can be potentialy misused to go around ASLR or -stack-protector. - -Signed-off-by: Michal Srb -Reviewed-by: Peter Hutterer -Signed-off-by: Peter Hutterer - -diff --git a/Xi/sendexev.c b/Xi/sendexev.c -index 11d8202..1cf118a 100644 ---- a/Xi/sendexev.c -+++ b/Xi/sendexev.c -@@ -78,7 +78,7 @@ SProcXSendExtensionEvent(ClientPtr client) - { - CARD32 *p; - int i; -- xEvent eventT; -+ xEvent eventT = { .u.u.type = 0 }; - xEvent *eventP; - EventSwapPtr proc; - --- -cgit v0.10.2 - diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index d66cf417f6..f3d415c096 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5067,7 +5067,7 @@ (define-public libxcb (define-public xorg-server (package (name "xorg-server") - (version "1.19.3") + (version "1.19.4") (source (origin (method url-fetch) @@ -5076,9 +5076,9 @@ (define-public xorg-server name "-" version ".tar.bz2")) (sha256 (base32 - "162s1v901djr57gxmmk4airk8hiwcz79dqyz72972x1lw1k82yk7")) + "1a690fzv5l5ks45g9zhlzdskdq8q73mcbpb9a3wz3shxm778lxda")) (patches - (cons + (list ;; See: ;; https://lists.fedoraproject.org/archives/list/devel@lists. ;; fedoraproject.org/message/JU655YB7AM4OOEQ4MOMCRHJTYJ76VFOK/ @@ -5090,9 +5090,7 @@ (define-public xorg-server (sha256 (base32 "0mm70y058r8s9y9jiv7q2myv0ycnaw3iqzm7d274410s0ik38w7q")) - (file-name "xorg-server-use-intel-only-on-pre-gen4.diff")) - (search-patches "xorg-server-CVE-2017-10971.patch" - "xorg-server-CVE-2017-10972.patch"))))) + (file-name "xorg-server-use-intel-only-on-pre-gen4.diff")))))) (build-system gnu-build-system) (propagated-inputs `(("dri2proto" ,dri2proto) -- cgit v1.2.3