summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2018-01-03 14:18:01 -0500
committerLeo Famulari <leo@famulari.name>2018-01-03 14:18:01 -0500
commit4ed41f472bd2be465b371abf6760e8713ec59f92 (patch)
treee44eec8362c732ae3c5f1e773fe7797d3e69cc5f
parent9d7d8e71810388985edbc0cb6e6e46e6038ae830 (diff)
parent0c84e8679c6d41e46416cfe97d63221a64beee55 (diff)
Merge branch 'master' into core-updates
-rw-r--r--README5
-rw-r--r--gnu/local.mk8
-rw-r--r--gnu/packages/admin.scm14
-rw-r--r--gnu/packages/assembly.scm5
-rw-r--r--gnu/packages/bioinformatics.scm27
-rw-r--r--gnu/packages/compression.scm24
-rw-r--r--gnu/packages/crypto.scm9
-rw-r--r--gnu/packages/curl.scm31
-rw-r--r--gnu/packages/digest.scm55
-rw-r--r--gnu/packages/dns.scm6
-rw-r--r--gnu/packages/emacs.scm25
-rw-r--r--gnu/packages/games.scm10
-rw-r--r--gnu/packages/gimp.scm5
-rw-r--r--gnu/packages/golang.scm75
-rw-r--r--gnu/packages/kde-frameworks.scm4
-rw-r--r--gnu/packages/kde.scm24
-rw-r--r--gnu/packages/libreoffice.scm2
-rw-r--r--gnu/packages/moreutils.scm6
-rw-r--r--gnu/packages/package-management.scm5
-rw-r--r--gnu/packages/patches/fossil-CVE-2017-17459.patch57
-rw-r--r--gnu/packages/patches/gimp-CVE-2017-17784.patch41
-rw-r--r--gnu/packages/patches/gimp-CVE-2017-17785.patch171
-rw-r--r--gnu/packages/patches/gimp-CVE-2017-17786.patch94
-rw-r--r--gnu/packages/patches/gimp-CVE-2017-17787.patch42
-rw-r--r--gnu/packages/patches/gimp-CVE-2017-17789.patch48
-rw-r--r--gnu/packages/patches/httpd-CVE-2017-9798.patch22
-rw-r--r--gnu/packages/perl-check.scm37
-rw-r--r--gnu/packages/perl.scm49
-rw-r--r--gnu/packages/python.scm7
-rw-r--r--gnu/packages/regex.scm5
-rw-r--r--gnu/packages/shells.scm4
-rw-r--r--gnu/packages/version-control.scm2
-rw-r--r--gnu/packages/video.scm4
-rw-r--r--gnu/packages/web.scm5
-rw-r--r--gnu/packages/wine.scm115
-rw-r--r--guix/ui.scm4
-rw-r--r--nix/scripts/list-runtime-roots.in7
37 files changed, 923 insertions, 131 deletions
diff --git a/README b/README
index 18e685672d..4192eb4129 100644
--- a/README
+++ b/README
@@ -23,10 +23,9 @@ GNU Guix currently depends on the following packages:
- [[https://gnu.org/software/guile/][GNU Guile 2.2.x or 2.0.x]], version 2.0.9 or later
- [[https://gnupg.org/][GNU libgcrypt]]
- [[https://www.gnu.org/software/make/][GNU Make]]
+ - [[https://www.gnutls.org][GnuTLS]] compiled with guile support enabled.
+ - [[https://gitlab.com/guile-git/guile-git][Guile-Git]]
- optionally [[https://savannah.nongnu.org/projects/guile-json/][Guile-JSON]], for the 'guix import pypi' command
- - optionally [[https://www.gnutls.org][GnuTLS]] compiled with guile support enabled, for HTTPS support
- in the 'guix download' command. Note that 'guix import pypi' requires
- this functionality.
Unless `--disable-daemon' was passed, the following packages are needed:
diff --git a/gnu/local.mk b/gnu/local.mk
index 7299372e8d..37a31299a5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -119,6 +119,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/dejagnu.scm \
%D%/packages/dico.scm \
%D%/packages/dictionaries.scm \
+ %D%/packages/digest.scm \
%D%/packages/direct-connect.scm \
%D%/packages/disk.scm \
%D%/packages/display-managers.scm \
@@ -639,6 +640,7 @@ dist_patch_DATA = \
%D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \
%D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \
%D%/packages/patches/fontconfig-remove-debug-printf.patch \
+ %D%/packages/patches/fossil-CVE-2017-17459.patch \
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
%D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \
@@ -672,6 +674,11 @@ dist_patch_DATA = \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
%D%/packages/patches/ghostscript-no-header-creationdate.patch \
%D%/packages/patches/ghostscript-runpath.patch \
+ %D%/packages/patches/gimp-CVE-2017-17784.patch \
+ %D%/packages/patches/gimp-CVE-2017-17785.patch \
+ %D%/packages/patches/gimp-CVE-2017-17786.patch \
+ %D%/packages/patches/gimp-CVE-2017-17787.patch \
+ %D%/packages/patches/gimp-CVE-2017-17789.patch \
%D%/packages/patches/glib-networking-ssl-cert-file.patch \
%D%/packages/patches/glib-respect-datadir.patch \
%D%/packages/patches/glib-tests-timer.patch \
@@ -738,7 +745,6 @@ dist_patch_DATA = \
%D%/packages/patches/heimdal-CVE-2017-11103.patch \
%D%/packages/patches/hmmer-remove-cpu-specificity.patch \
%D%/packages/patches/higan-remove-march-native-flag.patch \
- %D%/packages/patches/httpd-CVE-2017-9798.patch \
%D%/packages/patches/hubbub-sort-entities.patch \
%D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch \
%D%/packages/patches/hydra-disable-darcs-test.patch \
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index f8b0cc388e..d90bc7c050 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -13,7 +13,7 @@
;;; Copyright © 2016 Peter Feigl <peter.feigl@nexoid.at>
;;; Copyright © 2016 John J. Foerch <jjfoerch@earthlink.net>
;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
-;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
;;; Copyright © 2017 Ben Sturmfels <ben@sturm.com.au>
;;; Copyright © 2017 Ethan R. Jones <doubleplusgood23@gmail.com>
@@ -1387,14 +1387,14 @@ of supported upstream metrics systems simultaneously.")
(define-public ansible
(package
(name "ansible")
- (version "2.4.1.0")
+ (version "2.4.2.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "ansible" version))
(sha256
(base32
- "0spv0kjaicwss4q52s727b6grdizcxpa0bbsfg26pgf5kjrayqfs"))
+ "0n3n9py4s3aykiii31xq8g4wmd6693jvby0424pjrg0bna01apri"))
(patches (search-patches "ansible-wrap-program-hack.patch"))))
(build-system python-build-system)
(native-inputs
@@ -1413,12 +1413,12 @@ of supported upstream metrics systems simultaneously.")
("python2-paramiko" ,python2-paramiko)))
(arguments
`(#:python ,python-2)) ; incompatible with Python 3
- (home-page "http://ansible.com/")
+ (home-page "https://www.ansible.com/")
(synopsis "Radically simple IT automation")
(description "Ansible is a radically simple IT automation system. It
-handles configuration-management, application deployment, cloud provisioning,
-ad-hoc task-execution, and multinode orchestration - including trivializing
-things like zero downtime rolling updates with load balancers.")
+handles configuration management, application deployment, cloud provisioning,
+ad hoc task execution, and multinode orchestration---including trivializing
+things like zero-downtime rolling updates with load balancers.")
(license license:gpl3+)))
(define-public cpulimit
diff --git a/gnu/packages/assembly.scm b/gnu/packages/assembly.scm
index 769e5d2fca..22765b456a 100644
--- a/gnu/packages/assembly.scm
+++ b/gnu/packages/assembly.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -34,14 +35,14 @@
(define-public nasm
(package
(name "nasm")
- (version "2.13.01")
+ (version "2.13.02")
(source (origin
(method url-fetch)
(uri (string-append "http://www.nasm.us/pub/nasm/releasebuilds/"
version "/" name "-" version ".tar.xz"))
(sha256
(base32
- "0plsvcwxc7q3llr3bz10prwq1gn4ll38aqmv0yzfqcq4iw0160ma"))))
+ "0mqp559rypkv4cz3wb8crkp0s3a3lhcprvypm3vqz0x695gj7hwa"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl) ;for doc and test target
("texinfo" ,texinfo)))
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index d3d9344322..0e9c20f1f1 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -7,7 +7,7 @@
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2016 Raoul Bonnal <ilpuccio.febo@gmail.com>
-;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
;;;
;;; This file is part of GNU Guix.
@@ -493,6 +493,20 @@ BED, GFF/GTF, VCF.")
(base32
"0ykjbps1y3z3085q94npw8i9x5gldc6shy8vlc08v76zljsm07hv"))))
(build-system gnu-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-after 'install 'wrap-executables
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out")))
+ (for-each
+ (lambda (script)
+ (wrap-program (string-append out "/bin/" script)
+ `("R_LIBS_SITE" ":" = (,(getenv "R_LIBS_SITE")))))
+ '("create_annotations_files.bash"
+ "create_metaplots.bash"
+ "Ribotaper_ORF_find.sh"
+ "Ribotaper.sh"))))))))
(inputs
`(("bedtools" ,bedtools-2.18)
("samtools" ,samtools-0.1)
@@ -1439,7 +1453,7 @@ multiple sequence alignments.")
(define-public python-pysam
(package
(name "python-pysam")
- (version "0.11.2.2")
+ (version "0.13.0")
(source (origin
(method url-fetch)
;; Test data is missing on PyPi.
@@ -1449,7 +1463,7 @@ multiple sequence alignments.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "1cfqdxsqs3xhacns9n0271ck6wkc76px66ddjm91wfw2jxxfklvc"))
+ "0dzap2axin9cbbl0d825w294bpn00zagfm1sigamm4v2pm5bj9lp"))
(modules '((guix build utils)))
(snippet
;; Drop bundled htslib. TODO: Also remove samtools and bcftools.
@@ -3213,7 +3227,7 @@ VCF.")
(define-public htslib
(package
(name "htslib")
- (version "1.5")
+ (version "1.6")
(source (origin
(method url-fetch)
(uri (string-append
@@ -3221,7 +3235,7 @@ VCF.")
version "/htslib-" version ".tar.bz2"))
(sha256
(base32
- "0bcjmnbwp2bib1z1bkrp95w9v2syzdwdfqww10mkb1hxlmg52ax0"))))
+ "1jsca3hg4rbr6iqq6imkj4lsvgl8g9768bcmny3hlff2w25vx24m"))))
(build-system gnu-build-system)
(arguments
`(#:phases
@@ -3242,7 +3256,8 @@ VCF.")
(synopsis "C library for reading/writing high-throughput sequencing data")
(description
"HTSlib is a C library for reading/writing high-throughput sequencing
-data. It also provides the bgzip, htsfile, and tabix utilities.")
+data. It also provides the @command{bgzip}, @command{htsfile}, and
+@command{tabix} utilities.")
;; Files under cram/ are released under the modified BSD license;
;; the rest is released under the Expat license
(license (list license:expat license:bsd-3))))
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 47241321fe..c92442042f 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -10,7 +10,7 @@
;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
-;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016 David Craven <david@craven.ch>
;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
@@ -58,6 +58,7 @@
#:use-module (gnu packages java)
#:use-module (gnu packages maths)
#:use-module (gnu packages perl)
+ #:use-module (gnu packages perl-check)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages tls)
@@ -1810,24 +1811,27 @@ recreates the stored directory structure by default.")
"ZZipLib is a library based on zlib for accessing zip files.")
(license license:lgpl2.0+)))
-(define-public perl-zip
+(define-public perl-archive-zip
(package
- (name "perl-zip")
- (version "1.59")
+ (name "perl-archive-zip")
+ (version "1.60")
(source
(origin
(method url-fetch)
(uri (string-append
- "mirror://cpan/authors/id/A/AD/ADAMK/Archive-Zip-"
+ "mirror://cpan/authors/id/P/PH/PHRED/Archive-Zip-"
version ".tar.gz"))
(sha256
(base32
- "0m31qlppg65vh32pwxkwjby02q70abx49d2yk6vfd4585fqb27cx"))))
+ "02y2ylq83hy9kgj57sc0239x65br9sm98c0chsm61s08yc2mpiza"))))
(build-system perl-build-system)
- (synopsis "Provides an interface to ZIP archive files")
- (description "The Archive::Zip module allows a Perl program to create,
-manipulate, read, and write Zip archive files.")
- (home-page "http://search.cpan.org/~adamk/Archive-Zip-1.30/")
+ (native-inputs
+ ;; For tests.
+ `(("perl-test-mockmodule" ,perl-test-mockmodule)))
+ (synopsis "Provides an interface to Zip archive files")
+ (description "The @code{Archive::Zip} module allows a Perl program to
+create, manipulate, read, and write Zip archive files.")
+ (home-page "http://search.cpan.org/dist/Archive-Zip/")
(license license:perl-license)))
(define-public libzip
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 92da952999..1ac704ddb8 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -3,7 +3,7 @@
;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
;;; Copyright © 2016, 2017 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2017 Pierre Langlois <pierre.langlois@gmx.com>
@@ -595,6 +595,13 @@ data on your platform, so the seed itself will be as random as possible.
(list (string-append "PREFIX=" (assoc-ref %outputs "out")))
#:phases
(modify-phases %standard-phases
+ (add-after 'unpack 'disable-native-optimisation
+ ;; This package installs more than just headers. Ensure that the
+ ;; cryptest.exe binary & static library aren't CPU model specific.
+ (lambda _
+ (substitute* "GNUmakefile"
+ ((" -march=native") ""))
+ #t))
(delete 'configure))))
(native-inputs
`(("unzip" ,unzip)))
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 3df8acc2c7..302c696233 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -26,10 +26,13 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
+ #:use-module (guix git-download)
#:use-module (guix utils)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system go)
#:use-module (gnu packages)
#:use-module (gnu packages compression)
+ #:use-module (gnu packages golang)
#:use-module (gnu packages groff)
#:use-module (gnu packages gsasl)
#:use-module (gnu packages libidn)
@@ -131,3 +134,31 @@ tunneling, and so on.")
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
+
+(define-public kurly
+ (package
+ (name "kurly")
+ (version "1.1.0")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/davidjpeacock/kurly.git")
+ (commit (string-append "v" version))))
+ (sha256
+ (base32
+ "1q192f457sjypgvwq7grrf8gq8w272p3zf1d5ppc20mriqm0mbc3"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/davidjpeacock/kurly"))
+ (inputs
+ `(("go-github-com-alsm-ioprogress" ,go-github-com-alsm-ioprogress)
+ ("go-github-com-aki237-nscjar" ,go-github-com-aki237-nscjar)
+ ("go-github-com-davidjpeacock-cli" ,go-github-com-davidjpeacock-cli)))
+ (synopsis "Command-line HTTP client")
+ (description "kurly is an alternative to the @code{curl} program written in
+Go. kurly is designed to operate in a similar manner to curl, with select
+features. Notably, kurly is not aiming for feature parity, but common flags and
+mechanisms particularly within the HTTP(S) realm are to be expected. kurly does
+not offer a replacement for libcurl.")
+ (home-page "https://github.com/davidjpeacock/kurly")
+ (license license:asl2.0)))
diff --git a/gnu/packages/digest.scm b/gnu/packages/digest.scm
new file mode 100644
index 0000000000..5f14ab913b
--- /dev/null
+++ b/gnu/packages/digest.scm
@@ -0,0 +1,55 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages digest)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix build-system gnu))
+
+(define-public xxhash
+ (package
+ (name "xxhash")
+ (version "0.6.4")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/Cyan4973/xxHash/archive/v"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32 "08nv9h3jzg6y85ysy2dj3qvvfsdz0rwkk497a2366syz278wqw25"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:make-flags
+ (list "CC=gcc"
+ "XXH_FORCE_MEMORY_ACCESS=1" ; improved performance with GCC
+ (string-append "prefix=" (assoc-ref %outputs "out")))
+ #:test-target "test"
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)))) ; no configure script
+ (home-page "https://cyan4973.github.io/xxHash/")
+ (synopsis "Extremely fast hash algorithm")
+ (description
+ "xxHash is an extremely fast non-cryptographic hash algorithm. It works
+at speeds close to RAM limits, and comes in both 32- and 64-bit flavours.
+The code is highly portable, and hashes of the same length are identical on all
+platforms (both big and little endian).")
+ (license (list license:bsd-2 ; xxhash library (xxhash.[ch])
+ license:gpl2+)))) ; xxhsum.c
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index e0197fca32..85b44fb6fb 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -5,7 +5,7 @@
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 John Darrington <jmd@gnu.org>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
-;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
@@ -483,14 +483,14 @@ Extensions} (DNSSEC).")
(define-public knot
(package
(name "knot")
- (version "2.6.3")
+ (version "2.6.4")
(source (origin
(method url-fetch)
(uri (string-append "https://secure.nic.cz/files/knot-dns/"
name "-" version ".tar.xz"))
(sha256
(base32
- "143pk2124liiq1r4ja1s579nbv3hm2scbbfbfclc2pw60r07mcig"))
+ "0siqfm6iibx5yfshw40wa2dvmh99bibda6bmj96mbkby0jskf38x"))
(modules '((guix build utils)))
(snippet
'(begin
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index c4d7e7bc60..b9280728c4 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -6575,3 +6575,28 @@ Feautures:
"@code{evil-matchit} is a minor mode for jumping between matching tags in
evil mode using @kbd{%}. It is a port of @code{matchit} for Vim.")
(license license:gpl3+)))
+
+(define-public emacs-evil-smartparens
+ (package
+ (name "emacs-evil-smartparens")
+ (version "0.4.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/expez/evil-smartparens/archive/"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1bwzdd3054d407d5j4m3njsbvmc9r8zzp33m32pj3b3irxrl68q0"))))
+ (build-system emacs-build-system)
+ (propagated-inputs
+ `(("emacs-evil" ,emacs-evil)
+ ("emacs-smartparens" ,emacs-smartparens)))
+ (home-page "https://github.com/expez/evil-smartparens")
+ (synopsis "Emacs Evil integration for Smartparens")
+ (description "@code{emacs-evil-smartparens} is an Emacs minor mode which
+makes Evil play nice with Smartparens. Evil is an Emacs minor mode that
+emulates Vim features and provides Vim-like key bindings.")
+ (license license:gpl3+)))
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index b879fbd5a8..8d0db5ee4f 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -4919,7 +4919,8 @@ fight against their plot and save his fellow rabbits from slavery.")
("python-2" ,python-2)))
(build-system gnu-build-system)
(arguments
- `(#:phases
+ `(#:make-flags '("config=release" "verbose=1" "-C" "build/workspaces/gcc")
+ #:phases
(modify-phases %standard-phases
(add-after 'unpack 'delete-bundles
(lambda _
@@ -4946,17 +4947,12 @@ fight against their plot and save his fellow rabbits from slavery.")
(zero? (system* "./update-workspaces.sh"
(string-append "--libdir=" lib)
(string-append "--datadir=" data)
- "--minimal-flags"
;; TODO: "--with-system-nvtt"
"--with-system-mozjs38"))))))
- (add-before 'build 'chdir
- (lambda _
- (chdir "build/workspaces/gcc")
- #t))
(delete 'check)
(replace 'install
(lambda* (#:key inputs outputs #:allow-other-keys)
- (chdir "../../../binaries")
+ (chdir "binaries")
(let* ((out (assoc-ref outputs "out"))
(bin (string-append out "/bin"))
(lib (string-append out "/lib"))
diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm
index b0797453fa..fc2c8ff516 100644
--- a/gnu/packages/gimp.scm
+++ b/gnu/packages/gimp.scm
@@ -133,6 +133,11 @@ buffers.")
(uri (string-append "http://download.gimp.org/pub/gimp/v"
(version-major+minor version)
"/gimp-" version ".tar.bz2"))
+ (patches (search-patches "gimp-CVE-2017-17784.patch"
+ "gimp-CVE-2017-17785.patch"
+ "gimp-CVE-2017-17786.patch"
+ "gimp-CVE-2017-17787.patch"
+ "gimp-CVE-2017-17789.patch"))
(sha256
(base32
"12k3lp938qdc9cqj29scg55f3bb8iav2fysd29w0s49bqmfa71wi"))))
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index b8f86ac5fd..e7c2d228cc 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -27,8 +27,10 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix utils)
#:use-module (guix download)
+ #:use-module (guix git-download)
#:use-module (guix packages)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system go)
#:use-module (gnu packages admin)
#:use-module (gnu packages gcc)
#:use-module (gnu packages base)
@@ -377,3 +379,76 @@ sequential processes (CSP) concurrent programming features added.")
(supported-systems %supported-systems)))
(define-public go go-1.9)
+
+(define-public go-github-com-alsm-ioprogress
+ (let ((commit "063c3725f436e7fba0c8f588547bee21ffec7ac5")
+ (revision "0"))
+ (package
+ (name "go-github-com-alsm-ioprogress")
+ (version (git-version "0.0.0" revision commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/alsm/ioprogress.git")
+ (commit commit)))
+ (sha256
+ (base32
+ "10ym5qlq77nynmkxbk767f2hfwyxg2k7hrzph05hvgzv833dhivh"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/alsm/ioprogress"))
+ (synopsis "Textual progress bars in Go")
+ (description "@code{ioprogress} is a Go library with implementations of
+@code{io.Reader} and @code{io.Writer} that draws progress bars. The primary use
+case for these are for command-line applications but alternate progress bar
+writers can be supplied for alternate environments.")
+ (home-page "https://github.com/alsm/ioprogress")
+ (license license:expat))))
+
+(define-public go-github-com-aki237-nscjar
+ (let ((commit "e2df936ddd6050d30dd90c7214c02b5019c42f06")
+ (revision "0"))
+ (package
+ (name "go-github-com-aki237-nscjar")
+ (version (git-version "0.0.0" revision commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/aki237/nscjar.git")
+ (commit commit)))
+ (sha256
+ (base32
+ "03y7zzq12qvhsq86lb06sgns8xrkblbn7i7wd886wk3zr5574b96"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/aki237/nscjar"))
+ (synopsis "Handle Netscape / Mozilla cookies")
+ (description "@code{nscjar} is a Go library used to parse and output
+Netscape/Mozilla's old-style cookie files. It also implements a simple cookie
+jar struct to manage the cookies added to the cookie jar.")
+ (home-page "https://github.com/aki237/nscjar")
+ (license license:expat))))
+
+(define-public go-github-com-davidjpeacock-cli
+ (let ((commit "8ba6f23b6e36d03666a14bd9421f5e3efcb59aca")
+ (revision "0"))
+ (package
+ (name "go-github-com-davidjpeacock-cli")
+ (version (git-version "1.19.1" revision commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/davidjpeacock/cli.git")
+ (commit commit)))
+ (sha256
+ (base32
+ "01s53ny3p0fdx64rnwcnmjj4xpc5adihnh6islsfq5z1ph2phhnj"))))
+ (build-system go-build-system)
+ (arguments
+ '(#:import-path "github.com/davidjpeacock/cli"))
+ (synopsis "Build command-line interfaces in Go")
+ (description "@code{cli} is a package for building command line
+interfaces in Go. The goal is to enable developers to write fast and
+distributable command line applications in an expressive way.")
+ (home-page "https://github.com/davidjpeacock/cli")
+ (license license:expat))))
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index 72dff868cc..ef2a7cb07c 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -3359,6 +3359,10 @@ workspace.")
(mkdir-p ".kde-unit-test/xdg/config")
(with-output-to-file ".kde-unit-test/xdg/config/foorc"
(lambda () #t)) ;; simply touch the file
+ ;; Blacklist a test-function (failing at build.kde.org, too).
+ (with-output-to-file "autotests/BLACKLIST"
+ (lambda _
+ (display "[testSmb]\n*\n")))
;; kuniqueapptest hangs. TODO: Make this test pass.
(zero? (system* "dbus-launch" "ctest" "."
"-E" "kstandarddirstest|kuniqueapptest")))))))
diff --git a/gnu/packages/kde.scm b/gnu/packages/kde.scm
index 89ad30ecd2..f0df44528e 100644
--- a/gnu/packages/kde.scm
+++ b/gnu/packages/kde.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Mark Meyer <mark@ofosos.org>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -259,7 +260,22 @@ plugins, as well as code to create plugins, or complete applications.")
(assoc-ref %build-inputs "libtiff"))
(string-append "-DCMAKE_CXX_FLAGS=-I"
(assoc-ref %build-inputs "ilmbase")
- "/include/OpenEXR"))))
+ "/include/OpenEXR"))
+ #:phases
+ (modify-phases %standard-phases
+ ;; Ensure that icons are found at runtime.
+ ;; This works around <https://bugs.gnu.org/22138>.
+ (add-after 'install 'wrap-executable
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out"))
+ (qt '("qtbase" "qtsvg")))
+ (wrap-program (string-append out "/bin/krita")
+ `("QT_PLUGIN_PATH" ":" prefix
+ ,(map (lambda (label)
+ (string-append (assoc-ref inputs label)
+ "/lib/qt5/plugins/"))
+ qt)))
+ #t))))))
(native-inputs
`(("curl" ,curl)
("eigen" ,eigen)
@@ -349,7 +365,7 @@ used in KDE development tools Kompare and KDevelop.")
(define-public libksysguard
(package
(name "libksysguard")
- (version "5.11.2")
+ (version "5.11.4")
(source
(origin
(method url-fetch)
@@ -357,7 +373,7 @@ used in KDE development tools Kompare and KDevelop.")
"/libksysguard-" version ".tar.xz"))
(sha256
(base32
- "12d0r4rilydbqdgkm256khvkb9m0hya3p27xqvv3hg77wgxzdl3f"))))
+ "1ry4478fv7blp80zyhz0xr3qragsddrkzjzmxkdarh01f4p987aq"))))
(native-inputs
`(("extra-cmake-modules" ,extra-cmake-modules)
("pkg-config" ,pkg-config)))
@@ -399,7 +415,7 @@ used in KDE development tools Kompare and KDevelop.")
(lambda _
;; TODO: Fix this failing test-case
(zero? (system* "ctest" "-E" "processtest")))))))
- (home-page "https://www.kde.org/info/plasma-5.11.2.php")
+ (home-page "https://www.kde.org/info/plasma-5.11.4.php")
(synopsis "Network enabled task and system monitoring")
(description "KSysGuard can obtain information on system load and
manage running processes. It obtains this information by interacting
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index 6524e58400..799b062439 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -926,7 +926,7 @@ and to return information on pronunciations, meanings and synonyms.")
("openssl" ,openssl)
("orcus" ,orcus)
("perl" ,perl)
- ("perl-zip" ,perl-zip)
+ ("perl-archive-zip" ,perl-archive-zip)
("poppler" ,poppler)
("postgresql" ,postgresql)
("python" ,python)
diff --git a/gnu/packages/moreutils.scm b/gnu/packages/moreutils.scm
index bb6228af7f..34bce23c30 100644
--- a/gnu/packages/moreutils.scm
+++ b/gnu/packages/moreutils.scm
@@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -30,7 +30,7 @@
(define-public moreutils
(package
(name "moreutils")
- (version "0.61")
+ (version "0.62")
(source
(origin
(method url-fetch)
@@ -43,7 +43,7 @@
name "-" version ".tar.gz")))
(sha256
(base32
- "12rhzy8hw8vljlf10b7ys9zky0p94fdvd6ihq8w8cnkia4rd6izb"))))
+ "1gc3rswr0jl0z42pbrmw2zc4gxsyp60hq8cnvrlsig1vk1s9vpwx"))))
(build-system gnu-build-system)
;; For building the manual pages.
(native-inputs
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 0c1bb4183c..3c53de63af 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2017 Muriithi Frederick Muriuki <fredmanglis@gmail.com>
;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
;;; Copyright © 2017 Roel Janssen <roel@gnu.org>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -500,13 +501,13 @@ transactions from C or Python.")
(define-public diffoscope
(package
(name "diffoscope")
- (version "88")
+ (version "90")
(source (origin
(method url-fetch)
(uri (pypi-uri name version))
(sha256
(base32
- "1zp6nb37igssxg4bqsi3cw5klx4prhcx50mzg4463l50mssn8mp2"))))
+ "0hhg26vi0z2q4gwklwq4k16hibc4kq16jvyzp6zhr4kspi07wl6i"))))
(build-system python-build-system)
(arguments
`(#:phases (modify-phases %standard-phases
diff --git a/gnu/packages/patches/fossil-CVE-2017-17459.patch b/gnu/packages/patches/fossil-CVE-2017-17459.patch
new file mode 100644
index 0000000000..e566235b4e
--- /dev/null
+++ b/gnu/packages/patches/fossil-CVE-2017-17459.patch
@@ -0,0 +1,57 @@
+Fix CVE-2017-17459:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17459
+
+Patch copied from upstream source repository:
+
+https://www.fossil-scm.org/xfer/info/1f63db591c77108c
+
+Index: src/http_transport.c
+==================================================================
+--- src/http_transport.c
++++ src/http_transport.c
+@@ -73,10 +73,23 @@
+ if( resetFlag ){
+ transport.nSent = 0;
+ transport.nRcvd = 0;
+ }
+ }
++
++/*
++** Remove leading "-" characters from the input string.
++**
++** This prevents attacks that try to trick a victim into using
++** a ssh:// URI with a carefully crafted hostname of other
++** parameter that ends up being interpreted as a command-line
++** option by "ssh".
++*/
++static const char *stripLeadingMinus(const char *z){
++ while( z[0]=='-' ) z++;
++ return z;
++}
+
+ /*
+ ** Default SSH command
+ */
+ #ifdef _WIN32
+@@ -116,17 +129,17 @@
+ }else{
+ zHost = mprintf("%s", pUrlData->name);
+ }
+ n = blob_size(&zCmd);
+ blob_append(&zCmd, " ", 1);
+- shell_escape(&zCmd, zHost);
++ shell_escape(&zCmd, stripLeadingMinus(zHost));
+ blob_append(&zCmd, " ", 1);
+ shell_escape(&zCmd, mprintf("%s", pUrlData->fossil));
+ blob_append(&zCmd, " test-http", 10);
+ if( pUrlData->path && pUrlData->path[0] ){
+ blob_append(&zCmd, " ", 1);
+- shell_escape(&zCmd, mprintf("%s", pUrlData->path));
++ shell_escape(&zCmd, mprintf("%s", stripLeadingMinus(pUrlData->path)));
+ }
+ if( g.fSshTrace ){
+ fossil_print("%s\n", blob_str(&zCmd)+n); /* Show tail of SSH command */
+ }
+ free(zHost);
+
diff --git a/gnu/packages/patches/gimp-CVE-2017-17784.patch b/gnu/packages/patches/gimp-CVE-2017-17784.patch
new file mode 100644
index 0000000000..c791772fb5
--- /dev/null
+++ b/gnu/packages/patches/gimp-CVE-2017-17784.patch
@@ -0,0 +1,41 @@
+Fix CVE-2017-17784:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784
+https://bugzilla.gnome.org/show_bug.cgi?id=790784
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270
+
+From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001
+From: Jehan <jehan@girinstud.io>
+Date: Thu, 21 Dec 2017 12:25:32 +0100
+Subject: [PATCH] Bug 790784 - (CVE-2017-17784) heap overread in gbr parser /
+ load_image.
+
+We were assuming the input name was well formed, hence was
+nul-terminated. As any data coming from external input, this has to be
+thorougly checked.
+Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted
+to older gimp-2-8 code.
+---
+ plug-ins/common/file-gbr.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c
+index b028100bef..d3f01d9c56 100644
+--- a/plug-ins/common/file-gbr.c
++++ b/plug-ins/common/file-gbr.c
+@@ -443,7 +443,8 @@ load_image (const gchar *filename,
+ {
+ gchar *temp = g_new (gchar, bn_size);
+
+- if ((read (fd, temp, bn_size)) < bn_size)
++ if ((read (fd, temp, bn_size)) < bn_size ||
++ temp[bn_size - 1] != '\0')
+ {
+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+ _("Error in GIMP brush file '%s'"),
+--
+2.15.1
+
diff --git a/gnu/packages/patches/gimp-CVE-2017-17785.patch b/gnu/packages/patches/gimp-CVE-2017-17785.patch
new file mode 100644
index 0000000000..939b01f214
--- /dev/null
+++ b/gnu/packages/patches/gimp-CVE-2017-17785.patch
@@ -0,0 +1,171 @@
+Fix CVE-2017-17785:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17785
+https://bugzilla.gnome.org/show_bug.cgi?id=739133
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54
+
+From 1882bac996a20ab5c15c42b0c5e8f49033a1af54 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Sun, 29 Oct 2017 15:19:41 +0100
+Subject: [PATCH] Bug 739133 - (CVE-2017-17785) Heap overflow while parsing FLI
+ files.
+
+It is possible to trigger a heap overflow while parsing FLI files. The
+RLE decoder is vulnerable to out of boundary writes due to lack of
+boundary checks.
+
+The variable "framebuf" points to a memory area which was allocated
+with fli_header->width * fli_header->height bytes. The RLE decoder
+therefore must never write beyond that limit.
+
+If an illegal frame is detected, the parser won't stop, which means
+that the next valid sequence is properly parsed again. This should
+allow GIMP to parse FLI files as good as possible even if they are
+broken by an attacker or by accident.
+
+While at it, I changed the variable xc to be of type size_t, because
+the multiplication of width and height could overflow a 16 bit type.
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+(cherry picked from commit edb251a7ef1602d20a5afcbf23f24afb163de63b)
+---
+ plug-ins/file-fli/fli.c | 50 ++++++++++++++++++++++++++++++++++---------------
+ 1 file changed, 35 insertions(+), 15 deletions(-)
+
+diff --git a/plug-ins/file-fli/fli.c b/plug-ins/file-fli/fli.c
+index 313efeb977..ffb651e2af 100644
+--- a/plug-ins/file-fli/fli.c
++++ b/plug-ins/file-fli/fli.c
+@@ -25,6 +25,8 @@
+
+ #include "config.h"
+
++#include <glib/gstdio.h>
++
+ #include <string.h>
+ #include <stdio.h>
+
+@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header *fli_header, unsigned char *framebuf)
+ unsigned short yc;
+ unsigned char *pos;
+ for (yc=0; yc < fli_header->height; yc++) {
+- unsigned short xc, pc, pcnt;
++ unsigned short pc, pcnt;
++ size_t n, xc;
+ pc=fli_read_char(f);
+ xc=0;
+ pos=framebuf+(fli_header->width * yc);
++ n=(size_t)fli_header->width * (fli_header->height-yc);
+ for (pcnt=pc; pcnt>0; pcnt--) {
+ unsigned short ps;
+ ps=fli_read_char(f);
+ if (ps & 0x80) {
+ unsigned short len;
+- for (len=-(signed char)ps; len>0; len--) {
++ for (len=-(signed char)ps; len>0 && xc<n; len--) {
+ pos[xc++]=fli_read_char(f);
+ }
+ } else {
+ unsigned char val;
++ size_t len;
++ len=MIN(n-xc,ps);
+ val=fli_read_char(f);
+- memset(&(pos[xc]), val, ps);
+- xc+=ps;
++ memset(&(pos[xc]), val, len);
++ xc+=len;
+ }
+ }
+ }
+@@ -564,25 +570,34 @@ void fli_read_lc(FILE *f, s_fli_header *fli_header, unsigned char *old_framebuf,
+ memcpy(framebuf, old_framebuf, fli_header->width * fli_header->height);
+ firstline = fli_read_short(f);
+ numline = fli_read_short(f);
++ if (numline > fli_header->height || fli_header->height-numline < firstline)
++ return;
++
+ for (yc=0; yc < numline; yc++) {
+- unsigned short xc, pc, pcnt;
++ unsigned short pc, pcnt;
++ size_t n, xc;
+ pc=fli_read_char(f);
+ xc=0;
+ pos=framebuf+(fli_header->width * (firstline+yc));
++ n=(size_t)fli_header->width * (fli_header->height-firstline-yc);
+ for (pcnt=pc; pcnt>0; pcnt--) {
+ unsigned short ps,skip;
+ skip=fli_read_char(f);
+ ps=fli_read_char(f);
+- xc+=skip;
++ xc+=MIN(n-xc,skip);
+ if (ps & 0x80) {
+ unsigned char val;
++ size_t len;
+ ps=-(signed char)ps;
+ val=fli_read_char(f);
+- memset(&(pos[xc]), val, ps);
+- xc+=ps;
++ len=MIN(n-xc,ps);
++ memset(&(pos[xc]), val, len);
++ xc+=len;
+ } else {
+- fread(&(pos[xc]), ps, 1, f);
+- xc+=ps;
++ size_t len;
++ len=MIN(n-xc,ps);
++ fread(&(pos[xc]), len, 1, f);
++ xc+=len;
+ }
+ }
+ }
+@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu
+ yc=0;
+ numline = fli_read_short(f);
+ for (lc=0; lc < numline; lc++) {
+- unsigned short xc, pc, pcnt, lpf, lpn;
++ unsigned short pc, pcnt, lpf, lpn;
++ size_t n, xc;
+ pc=fli_read_short(f);
+ lpf=0; lpn=0;
+ while (pc & 0x8000) {
+@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header *fli_header, unsigned char *old_framebu
+ }
+ pc=fli_read_short(f);
+ }
++ yc=MIN(yc, fli_header->height);
+ xc=0;
+ pos=framebuf+(fli_header->width * yc);
++ n=(size_t)fli_header->width * (fli_header->height-yc);
+ for (pcnt=pc; pcnt>0; pcnt--) {
+ unsigned short ps,skip;
+ skip=fli_read_char(f);
+ ps=fli_read_char(f);
+- xc+=skip;
++ xc+=MIN(n-xc,skip);
+ if (ps & 0x80) {
+ unsigned char v1,v2;
+ ps=-(signed char)ps;
+ v1=fli_read_char(f);
+ v2=fli_read_char(f);
+- while (ps>0) {
++ while (ps>0 && xc+1<n) {
+ pos[xc++]=v1;
+ pos[xc++]=v2;
+ ps--;
+ }
+ } else {
+- fread(&(pos[xc]), ps, 2, f);
+- xc+=ps << 1;
++ size_t len;
++ len=MIN((n-xc)/2,ps);
++ fread(&(pos[xc]), len, 2, f);
++ xc+=len << 1;
+ }
+ }
+ if (lpf) pos[xc]=lpn;
+--
+2.15.1
+
diff --git a/gnu/packages/patches/gimp-CVE-2017-17786.patch b/gnu/packages/patches/gimp-CVE-2017-17786.patch
new file mode 100644
index 0000000000..851227ac1d
--- /dev/null
+++ b/gnu/packages/patches/gimp-CVE-2017-17786.patch
@@ -0,0 +1,94 @@
+Fix CVE-2017-17786:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786
+https://bugzilla.gnome.org/show_bug.cgi?id=739134
+
+Both patches copied from upstream source repository:
+
+https://git.gnome.org/browse/gimp/commit/?id=ef9c821fff8b637a2178eab1c78cae6764c50e12
+https://git.gnome.org/browse/gimp/commit/?id=22e2571c25425f225abdb11a566cc281fca6f366
+
+From ef9c821fff8b637a2178eab1c78cae6764c50e12 Mon Sep 17 00:00:00 2001
+From: Jehan <jehan@girinstud.io>
+Date: Wed, 20 Dec 2017 13:02:38 +0100
+Subject: [PATCH] Bug 739134 - (CVE-2017-17786) Out of bounds read / heap
+ overflow in...
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+... TGA importer.
+
+Be more thorough on valid TGA RGB and RGBA images.
+In particular current TGA plug-in can import RGBA as 32 bits (8 bits per
+channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and
+RGB as 15 and 24 bits.
+Maybe there exist more variants, but if they do exist, we simply don't
+support them yet.
+
+Thanks to Hanno Böck for the report and a first patch attempt.
+
+(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b)
+---
+ plug-ins/common/file-tga.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c
+index aef98702d4..426acc2925 100644
+--- a/plug-ins/common/file-tga.c
++++ b/plug-ins/common/file-tga.c
+@@ -564,12 +564,16 @@ load_image (const gchar *filename,
+ }
+ break;
+ case TGA_TYPE_COLOR:
+- if (info.bpp != 15 && info.bpp != 16 &&
+- info.bpp != 24 && info.bpp != 32)
++ if ((info.bpp != 15 && info.bpp != 16 &&
++ info.bpp != 24 && info.bpp != 32) ||
++ ((info.bpp == 15 || info.bpp == 24) &&
++ info.alphaBits != 0) ||
++ (info.bpp == 16 && info.alphaBits != 1) ||
++ (info.bpp == 32 && info.alphaBits != 8))
+ {
+- g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)",
++ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)",
+ gimp_filename_to_utf8 (filename),
+- info.imageType, info.bpp);
++ info.imageType, info.bpp, info.alphaBits);
+ return -1;
+ }
+ break;
+--
+2.15.1
+
+From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001
+From: Jehan <jehan@girinstud.io>
+Date: Wed, 20 Dec 2017 13:26:26 +0100
+Subject: [PATCH] plug-ins: TGA 16-bit RGB (without alpha bit) is also valid.
+
+According to some spec on the web, 16-bit RGB is also valid. In this
+case, the last bit is simply ignored (at least that's how it is
+implemented right now).
+
+(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077)
+---
+ plug-ins/common/file-tga.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c
+index 426acc2925..eb14a1dadc 100644
+--- a/plug-ins/common/file-tga.c
++++ b/plug-ins/common/file-tga.c
+@@ -568,7 +568,8 @@ load_image (const gchar *filename,
+ info.bpp != 24 && info.bpp != 32) ||
+ ((info.bpp == 15 || info.bpp == 24) &&
+ info.alphaBits != 0) ||
+- (info.bpp == 16 && info.alphaBits != 1) ||
++ (info.bpp == 16 && info.alphaBits != 1 &&
++ info.alphaBits != 0) ||
+ (info.bpp == 32 && info.alphaBits != 8))
+ {
+ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)",
+--
+2.15.1
+
diff --git a/gnu/packages/patches/gimp-CVE-2017-17787.patch b/gnu/packages/patches/gimp-CVE-2017-17787.patch
new file mode 100644
index 0000000000..b5310d33d9
--- /dev/null
+++ b/gnu/packages/patches/gimp-CVE-2017-17787.patch
@@ -0,0 +1,42 @@
+Fix CVE-2017-17787:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787
+https://bugzilla.gnome.org/show_bug.cgi?id=790853
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/gimp/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d
+
+From 87ba505fff85989af795f4ab6a047713f4d9381d Mon Sep 17 00:00:00 2001
+From: Jehan <jehan@girinstud.io>
+Date: Thu, 21 Dec 2017 12:49:41 +0100
+Subject: [PATCH] Bug 790853 - (CVE-2017-17787) heap overread in psp importer.
+
+As any external data, we have to check that strings being read at fixed
+length are properly nul-terminated.
+
+(cherry picked from commit eb2980683e6472aff35a3117587c4f814515c74d)
+---
+ plug-ins/common/file-psp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
+index 4cbafe37b1..e350e4d88d 100644
+--- a/plug-ins/common/file-psp.c
++++ b/plug-ins/common/file-psp.c
+@@ -890,6 +890,12 @@ read_creator_block (FILE *f,
+ g_free (string);
+ return -1;
+ }
++ if (string[length - 1] != '\0')
++ {
++ g_message ("Creator keyword data not nul-terminated");
++ g_free (string);
++ return -1;
++ }
+ switch (keyword)
+ {
+ case PSP_CRTR_FLD_TITLE:
+--
+2.15.1
+
diff --git a/gnu/packages/patches/gimp-CVE-2017-17789.patch b/gnu/packages/patches/gimp-CVE-2017-17789.patch
new file mode 100644
index 0000000000..6dfa435fd0
--- /dev/null
+++ b/gnu/packages/patches/gimp-CVE-2017-17789.patch
@@ -0,0 +1,48 @@
+Fix CVE-2017-17789:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17789
+https://bugzilla.gnome.org/show_bug.cgi?id=790849
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/gimp/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f
+
+From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001
+From: Jehan <jehan@girinstud.io>
+Date: Wed, 20 Dec 2017 16:44:20 +0100
+Subject: [PATCH] Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer
+ overflow...
+
+... in PSP importer.
+Check if declared block length is valid (i.e. within the actual file)
+before going further.
+Consider the file as broken otherwise and fail loading it.
+
+(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8)
+---
+ plug-ins/common/file-psp.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
+index ac0fff78f0..4cbafe37b1 100644
+--- a/plug-ins/common/file-psp.c
++++ b/plug-ins/common/file-psp.c
+@@ -1771,6 +1771,15 @@ load_image (const gchar *filename,
+ {
+ block_start = ftell (f);
+
++ if (block_start + block_total_len > st.st_size)
++ {
++ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
++ _("Could not open '%s' for reading: %s"),
++ gimp_filename_to_utf8 (filename),
++ _("invalid block size"));
++ goto error;
++ }
++
+ if (id == PSP_IMAGE_BLOCK)
+ {
+ if (block_number != 0)
+--
+2.15.1
+
diff --git a/gnu/packages/patches/httpd-CVE-2017-9798.patch b/gnu/packages/patches/httpd-CVE-2017-9798.patch
deleted file mode 100644
index 8391a3db4a..0000000000
--- a/gnu/packages/patches/httpd-CVE-2017-9798.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Fixes "options bleed", aka. CVE-2017-9798:
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-9798
- https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
-
-From <https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch>.
-
---- a/server/core.c 2017/08/16 16:50:29 1805223
-+++ b/server/core.c 2017/09/08 13:13:11 1807754
-@@ -2266,6 +2266,12 @@
- /* method has not been registered yet, but resource restriction
- * is always checked before method handling, so register it.
- */
-+ if (cmd->pool == cmd->temp_pool) {
-+ /* In .htaccess, we can't globally register new methods. */
-+ return apr_psprintf(cmd->pool, "Could not register method '%s' "
-+ "for %s from .htaccess configuration",
-+ method, cmd->cmd->name);
-+ }
- methnum = ap_method_register(cmd->pool,
- apr_pstrdup(cmd->pool, method));
- }
diff --git a/gnu/packages/perl-check.scm b/gnu/packages/perl-check.scm
index 5df2940bd6..121ebec414 100644
--- a/gnu/packages/perl-check.scm
+++ b/gnu/packages/perl-check.scm
@@ -10,7 +10,7 @@
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
;;; Copyright © 2017 Petter <petter@mykolab.ch>
-;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -35,6 +35,11 @@
#:use-module (guix build-system perl)
#:use-module (gnu packages perl))
+;;;
+;;; Please: Try to add new module packages in alphabetic order.
+;;;
+
+
(define-public perl-test2-bundle-extended
(package
(name "perl-test2-bundle-extended")
@@ -606,6 +611,36 @@ memory_cycle_ok( $object );
@end example")
(license artistic2.0)))
+(define-public perl-test-mockmodule
+ (package
+ (name "perl-test-mockmodule")
+ (version "0.13")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://cpan/authors/id/G/GF/GFRANKS/"
+ "Test-MockModule-" version ".tar.gz"))
+ (sha256
+ (base32 "0lwh6fvnc16r6d74vvh5h4b5a1spcslpjb3mcqbv23k01lm78wvl"))))
+ (build-system perl-build-system)
+ (native-inputs
+ `(("perl-module-build" ,perl-module-build)
+ ;; For tests.
+ ("perl-test-pod" ,perl-test-pod)
+ ("perl-test-pod-coverage" ,perl-test-pod-coverage)))
+ (propagated-inputs
+ `(("perl-super" ,perl-super)))
+ (home-page "http://search.cpan.org/dist/Test-MockModule/")
+ (synopsis "Override subroutines in a module for unit testing")
+ (description
+ "@code{Test::MockModule} lets you temporarily redefine subroutines in other
+packages for the purposes of unit testing. A @code{Test::MockModule} object is
+set up to mock subroutines for a given module. The mocked object remembers the
+original subroutine so it can be easily restored. This happens automatically
+when all @code{MockModule} objects for the given module go out of scope, or when
+you @code{unmock()} the subroutine.")
+ (license gpl3)))
+
(define-public perl-test-mockobject
(package
(name "perl-test-mockobject")
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 4dbe77c4e9..520395b5b5 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -15,7 +15,7 @@
;;; Copyright © 2017 Raoul J.P. Bonnal <ilpuccio.febo@gmail.com>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
-;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Christopher Allan Webber <cwebber@dustycloud.org>
;;;
@@ -42,6 +42,7 @@
#:use-module (guix build-system gnu)
#:use-module (guix build-system perl)
#:use-module (gnu packages base)
+ #:use-module (gnu packages compression)
#:use-module (gnu packages perl-check)
#:use-module (gnu packages perl-web)
#:use-module (gnu packages pkg-config))
@@ -261,26 +262,6 @@ variable ANY_MOOSE to be Moose or Mouse.")
configuration files and parsing command line arguments.")
(license (package-license perl))))
-(define-public perl-archive-zip
- (package
- (name "perl-archive-zip")
- (version "1.30")
- (source
- (origin
- (method url-fetch)
- (uri (string-append
- "mirror://cpan/authors/id/A/AD/ADAMK/Archive-Zip-"
- version ".tar.gz"))
- (sha256
- (base32
- "0633zah5z9njiqnvy3vh42fjymncmil1jdfb7d18w8xpfzzp5d7q"))))
- (build-system perl-build-system)
- (synopsis "Perl API to zip files")
- (description "The Archive::Zip module allows a Perl program to create,
-manipulate, read, and write Zip archive files.")
- (home-page "http://search.cpan.org/~phred/Archive-Zip-1.37/lib/Archive/Zip.pm")
- (license (package-license perl))))
-
(define-public perl-array-utils
(package
(name "perl-array-utils")
@@ -7106,6 +7087,32 @@ The idea is just to fool caller(). All the really naughty bits of Tcl's
uplevel() are avoided.")
(license (package-license perl))))
+(define-public perl-super
+ (package
+ (name "perl-super")
+ (version "1.20141117")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://cpan/authors/id/C/CH/CHROMATIC/"
+ "SUPER-" version ".tar.gz"))
+ (sha256
+ (base32 "1cn05kacg0xfbm1zzksm2yx2pnrzqja4d9163cxv3sdfc1yhwqhs"))))
+ (build-system perl-build-system)
+ (native-inputs
+ `(("perl-module-build" ,perl-module-build)))
+ (propagated-inputs
+ `(("perl-sub-identify" ,perl-sub-identify)))
+ (home-page "http://search.cpan.org/dist/SUPER/")
+ (synopsis "Control superclass method dispatching")
+ (description
+ "When subclassing a class, you may occasionally want to dispatch control to
+the superclass---at least conditionally and temporarily. This module provides
+nicer equivalents to the native Perl syntax for calling superclasses, along with
+a universal @code{super} method to determine a class' own superclass, and better
+support for run-time mix-ins and roles.")
+ (license perl-license)))
+
(define-public perl-svg
(package
(name "perl-svg")
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 34f40f0c72..931b37eb6a 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015, 2016 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2017 Eric Bavier <bavier@member.fsf.org>
@@ -5452,14 +5452,14 @@ plugins that intend to support Flake8 2.x and 3.x simultaneously.")
(define-public python-mistune
(package
(name "python-mistune")
- (version "0.7.3")
+ (version "0.8.3")
(source
(origin
(method url-fetch)
(uri (pypi-uri "mistune" version))
(sha256
(base32
- "04xpk1zvslhq3xpnf01g3ag0dy9wfv4z28p093r8k49vvxlyil11"))))
+ "06b662p6kf46wh2jsabaqhaq4bz1srh2zxkrnx4yg96azlxw645w"))))
(build-system python-build-system)
(native-inputs
`(("python-nose" ,python-nose)
@@ -6582,6 +6582,7 @@ Jupyter kernels such as IJulia and IRKernel.")
(define python-jupyter-console-minimal
(package
(inherit python-jupyter-console)
+ (name "python-jupyter-console-minimal")
(arguments
(substitute-keyword-arguments
(package-arguments python-jupyter-console)
diff --git a/gnu/packages/regex.scm b/gnu/packages/regex.scm
index 4648a4d004..20242322b1 100644
--- a/gnu/packages/regex.scm
+++ b/gnu/packages/regex.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2014 John Darrington
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -28,7 +29,7 @@
(define-public re2
(package
(name "re2")
- (version "2017-12-01")
+ (version "2018-01-01")
(source (origin
(method url-fetch)
(uri
@@ -38,7 +39,7 @@
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "03gv50hv7yaspx3ls8g8l1yj8nszbc3mplhcf4cr95fcsxy7wyb2"))))
+ "1hhp8gi0lzw1mvnksb112rc9kcz4j9kjic7v6gbgzyfgk43996mr"))))
(build-system gnu-build-system)
(arguments
`(#:modules ((guix build gnu-build-system)
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 590b2c741d..022287dbf5 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -381,14 +381,14 @@ ksh, and tcsh.")
(define-public xonsh
(package
(name "xonsh")
- (version "0.5.12")
+ (version "0.6.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "xonsh" version))
(sha256
(base32
- "1yz595hx5bni524m73cx8a08vcr6vfksfci14nx2ylz53igzva2c"))
+ "1ikd1xg4iyjqp51y8g8n6c4y39bgx85xnb4bdd3zibkqac3lrahr"))
(modules '((guix build utils)))
(snippet
`(begin
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index cbf5ce7d87..d400afd6ef 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -1503,6 +1503,8 @@ repository\" with git-annex.")
(string-append
"https://www.fossil-scm.org/index.html/uv/"
"fossil-src-" version ".tar.gz")))
+ (patches (search-patches "fossil-CVE-2017-17459.patch"))
+ (patch-flags '("-p0"))
(sha256
(base32
"0wfgacfg29dkl0c3l1rp5ji0kraa64gcbg5lh8p4m7mqdqcq53wv"))))
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 111ae9b7c8..a43934257d 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -1808,7 +1808,7 @@ be used for realtime video capture via Linux-specific APIs.")
(define-public obs
(package
(name "obs")
- (version "18.0.2")
+ (version "20.1.3")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/jp9000/obs-studio"
@@ -1816,7 +1816,7 @@ be used for realtime video capture via Linux-specific APIs.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "02pbiyvf5x0zh448h5rpmyn33qnsqk694xxlyns83mdi74savyqw"))))
+ "1g5z6z050v25whc7n3xvg6l238wmg5crp7ihvk73qngvzxr8bg28"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f)) ; no tests
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 2cae88523c..aef54982db 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -109,15 +109,14 @@
(define-public httpd
(package
(name "httpd")
- (version "2.4.27")
+ (version "2.4.29")
(source (origin
(method url-fetch)
(uri (string-append "mirror://apache/httpd/httpd-"
version ".tar.bz2"))
(sha256
(base32
- "0fn1778mxhf78np2d8qlycg1c2ak18rxax41plahasca4clc3z3i"))
- (patches (search-patches "httpd-CVE-2017-9798.patch"))))
+ "003z3yckkdihfv69rgqsik1w2jsnh14j3ci8fjia4s2mlajm6xvp"))))
(build-system gnu-build-system)
(native-inputs `(("pcre" ,pcre "bin"))) ;for 'pcre-config'
(inputs `(("apr" ,apr)
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index b4a303df93..da7620cd3d 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -2,7 +2,7 @@
;;; Copyright © 2014, 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2017, 2018 Rutger Helling <rhelling@mykolab.com>
;;; Copyright © 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;;
;;; This file is part of GNU Guix.
@@ -55,19 +55,20 @@
#:use-module (gnu packages tls)
#:use-module (gnu packages video)
#:use-module (gnu packages xml)
- #:use-module (gnu packages xorg))
+ #:use-module (gnu packages xorg)
+ #:use-module (ice-9 match))
(define-public wine
(package
(name "wine")
- (version "2.0.3")
+ (version "2.0.4")
(source (origin
(method url-fetch)
(uri (string-append "https://dl.winehq.org/wine/source/2.0"
"/wine-" version ".tar.xz"))
(sha256
(base32
- "0mmyc94r5drffir8zr8jx6iawhgfzjk96fj494aa18vhz1jcc4d8"))))
+ "0nlq6apyq7hq36l3g6gw76lhi8ijz11v3v8m4vxy8d6x1qsppq5m"))))
(build-system gnu-build-system)
(native-inputs `(("pkg-config" ,pkg-config)
("gettext" ,gettext-minimal)
@@ -113,19 +114,24 @@
("v4l-utils" ,v4l-utils)
("zlib" ,zlib)))
(arguments
- `(;; Force a 32-bit build (under the assumption that this package is
- ;; being used on an IA32-compatible architecture.)
- #:system "i686-linux"
+ `(;; Force a 32-bit build targeting a similar architecture, i.e.:
+ ;; armhf for armhf/aarch64, i686 for i686/x86_64.
+ #:system ,@(match (%current-system)
+ ((or "armhf-linux" "aarch64-linux")
+ `("armhf-linux"))
+ (_
+ `("i686-linux")))
;; XXX: There's a test suite, but it's unclear whether it's supposed to
;; pass.
#:tests? #f
#:configure-flags
- (list (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib"))
+ (list (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib/wine32"))
#:make-flags
- (list "SHELL=bash")
+ (list "SHELL=bash"
+ (string-append "libdir=" %output "/lib/wine32"))
#:phases
(modify-phases %standard-phases
@@ -141,7 +147,7 @@
(format #f "~a\"~a\"" defso (find-so soname))))
#t))))))
(home-page "https://www.winehq.org/")
- (synopsis "Implementation of the Windows API")
+ (synopsis "Implementation of the Windows API (32-bit only)")
(description
"Wine (originally an acronym for \"Wine Is Not an Emulator\") is a
compatibility layer capable of running Windows applications. Instead of
@@ -153,22 +159,56 @@ integrate Windows applications into your desktop.")
;; It really only supports IA32, but building on x86_64 will have the same
;; effect as building on i686 anyway.
- (supported-systems '("i686-linux" "x86_64-linux"))))
+ (supported-systems (delete "mips64el-linux" %supported-systems))))
(define-public wine64
(package
(inherit wine)
(name "wine64")
+ (inputs `(("wine" ,wine)
+ ,@(package-inputs wine)))
(arguments
`(#:make-flags
(list "SHELL=bash"
- (string-append "libdir=" %output "/lib"))
+ (string-append "libdir=" %output "/lib/wine64"))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'install 'copy-wine32-binaries
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((wine32 (assoc-ref %build-inputs "wine"))
+ (out (assoc-ref %outputs "out")))
+ ;; Copy the 32-bit binaries needed for WoW64.
+ (copy-file (string-append wine32 "/bin/wine")
+ (string-append out "/bin/wine"))
+ (copy-file (string-append wine32 "/bin/wine-preloader")
+ (string-append out "/bin/wine-preloader"))
+ #t)))
+ (add-after 'compress-documentation 'copy-wine32-manpage
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((wine32 (assoc-ref %build-inputs "wine"))
+ (out (assoc-ref %outputs "out")))
+ ;; Copy the missing man file for the wine binary from wine.
+ (copy-file (string-append wine32 "/share/man/man1/wine.1.gz")
+ (string-append out "/share/man/man1/wine.1.gz"))
+ #t)))
+ (add-after 'configure 'patch-dlopen-paths
+ ;; Hardcode dlopened sonames to absolute paths.
+ (lambda _
+ (let* ((library-path (search-path-as-string->list
+ (getenv "LIBRARY_PATH")))
+ (find-so (lambda (soname)
+ (search-path library-path soname))))
+ (substitute* "include/config.h"
+ (("(#define SONAME_.* )\"(.*)\"" _ defso soname)
+ (format #f "~a\"~a\"" defso (find-so soname))))
+ #t))))
#:configure-flags
(list "--enable-win64"
- (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib"))
- ,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:system)
+ (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib/wine64"))
+ ,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:phases
+ #:system)
(package-arguments wine))))
- (synopsis "Implementation of the Windows API (64-bit version)")
+ (synopsis "Implementation of the Windows API (WoW64 version)")
(supported-systems '("x86_64-linux" "aarch64-linux"))))
;; TODO: This is wine development version, provided for historical reasons.
@@ -202,7 +242,7 @@ integrate Windows applications into your desktop.")
(inputs `(("gtk+", gtk+)
("libva", libva)
,@(package-inputs wine)))
- (synopsis "Implementation of the Windows API (staging branch)")
+ (synopsis "Implementation of the Windows API (staging branch, 32-bit only)")
(description "Wine-Staging is the testing area of Wine. It
contains bug fixes and features, which have not been integrated into
the development branch yet. The idea of Wine-Staging is to provide
@@ -221,15 +261,50 @@ integrated into the main branch.")
(package
(inherit wine-staging)
(name "wine64-staging")
+ (inputs `(("wine-staging" ,wine-staging)
+ ,@(package-inputs wine-staging)))
(arguments
`(#:make-flags
(list "SHELL=bash"
- (string-append "libdir=" %output "/lib"))
+ (string-append "libdir=" %output "/lib/wine64"))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'install 'copy-wine32-binaries
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((wine32 (assoc-ref %build-inputs "wine-staging"))
+ (out (assoc-ref %outputs "out")))
+ ;; Copy the 32-bit binaries needed for WoW64.
+ (copy-file (string-append wine32 "/bin/wine")
+ (string-append out "/bin/wine"))
+ (copy-file (string-append wine32 "/bin/wine-preloader")
+ (string-append out "/bin/wine-preloader"))
+ #t)))
+ (add-after 'compress-documentation 'copy-wine32-manpage
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((wine32 (assoc-ref %build-inputs "wine-staging"))
+ (out (assoc-ref %outputs "out")))
+ ;; Copy the missing man file for the wine binary from
+ ;; wine-staging.
+ (copy-file (string-append wine32 "/share/man/man1/wine.1.gz")
+ (string-append out "/share/man/man1/wine.1.gz"))
+ #t)))
+ (add-after 'configure 'patch-dlopen-paths
+ ;; Hardcode dlopened sonames to absolute paths.
+ (lambda _
+ (let* ((library-path (search-path-as-string->list
+ (getenv "LIBRARY_PATH")))
+ (find-so (lambda (soname)
+ (search-path library-path soname))))
+ (substitute* "include/config.h"
+ (("(#define SONAME_.* )\"(.*)\"" _ defso soname)
+ (format #f "~a\"~a\"" defso (find-so soname))))
+ #t))))
#:configure-flags
(list "--enable-win64"
- (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib"))
- ,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:system)
+ (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib/wine64"))
+ ,@(strip-keyword-arguments '(#:configure-flags #:make-flags #:phases
+ #:system)
(package-arguments wine-staging))))
- (synopsis "Implementation of the Windows API (staging branch, 64-bit
+ (synopsis "Implementation of the Windows API (staging branch, WoW64
version)")
(supported-systems '("x86_64-linux" "aarch64-linux"))))
diff --git a/guix/ui.scm b/guix/ui.scm
index 2b7cc3d41a..6e08a611cd 100644
--- a/guix/ui.scm
+++ b/guix/ui.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014 Cyril Roelandt <tipecaml@gmail.com>
@@ -387,7 +387,7 @@ exiting. ARGS is the list of arguments received by the 'throw' handler."
"Display version information for COMMAND and `(exit 0)'."
(simple-format #t "~a (~a) ~a~%"
command %guix-package-name %guix-version)
- (format #t "Copyright ~a 2017 ~a"
+ (format #t "Copyright ~a 2018 ~a"
;; TRANSLATORS: Translate "(C)" to the copyright symbol
;; (C-in-a-circle), if this symbol is available in the user's
;; locale. Otherwise, do not translate "(C)"; leave it as-is. */
diff --git a/nix/scripts/list-runtime-roots.in b/nix/scripts/list-runtime-roots.in
index 48a07edf5f..5f2660fb5e 100644
--- a/nix/scripts/list-runtime-roots.in
+++ b/nix/scripts/list-runtime-roots.in
@@ -130,12 +130,13 @@ or the empty list."
(< (string->number a) (string->number b))))))
(define canonicalize-store-item
- (let ((prefix (+ 1 (string-length %store-directory))))
+ (let* ((store (string-append %store-directory "/"))
+ (prefix (string-length store)))
(lambda (file)
"Return #f if FILE is not a store item; otherwise, return the store file
name without any sub-directory components."
- (and (string-prefix? %store-directory file)
- (string-append %store-directory "/"
+ (and (string-prefix? store file)
+ (string-append store
(let ((base (string-drop file prefix)))
(match (string-index base #\/)
(#f base)