diff options
Diffstat (limited to 'gnu/packages')
-rw-r--r-- | gnu/packages/android.scm | 101 | ||||
-rw-r--r-- | gnu/packages/compression.scm | 77 | ||||
-rw-r--r-- | gnu/packages/game-development.scm | 25 | ||||
-rw-r--r-- | gnu/packages/games.scm | 90 | ||||
-rw-r--r-- | gnu/packages/image-processing.scm | 3 | ||||
-rw-r--r-- | gnu/packages/kodi.scm | 6 | ||||
-rw-r--r-- | gnu/packages/mes.scm | 10 | ||||
-rw-r--r-- | gnu/packages/networking.scm | 52 | ||||
-rw-r--r-- | gnu/packages/patches/libgit2-0.25.1-mtime-0.patch | 14 | ||||
-rw-r--r-- | gnu/packages/patches/qemu-CVE-2017-8112.patch | 41 | ||||
-rw-r--r-- | gnu/packages/patches/qemu-CVE-2017-8309.patch | 46 | ||||
-rw-r--r-- | gnu/packages/patches/qemu-CVE-2017-8379.patch | 98 | ||||
-rw-r--r-- | gnu/packages/patches/qemu-CVE-2017-8380.patch | 53 | ||||
-rw-r--r-- | gnu/packages/python.scm | 374 | ||||
-rw-r--r-- | gnu/packages/qemu.scm | 6 | ||||
-rw-r--r-- | gnu/packages/shells.scm | 105 | ||||
-rw-r--r-- | gnu/packages/version-control.scm | 18 | ||||
-rw-r--r-- | gnu/packages/video.scm | 78 | ||||
-rw-r--r-- | gnu/packages/wine.scm | 5 |
19 files changed, 1161 insertions, 41 deletions
diff --git a/gnu/packages/android.scm b/gnu/packages/android.scm index e23d0fd910..be3f50add2 100644 --- a/gnu/packages/android.scm +++ b/gnu/packages/android.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2015 Kai-Chung Yan <seamlikok@gmail.com> ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu> +;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -23,8 +24,13 @@ #:use-module (guix packages) #:use-module (guix git-download) #:use-module (guix build-system gnu) + #:use-module (guix build-system python) #:use-module ((guix licenses) #:prefix license:) #:use-module (gnu packages) + #:use-module (gnu packages gnupg) + #:use-module (gnu packages python) + #:use-module (gnu packages ssh) + #:use-module (gnu packages version-control) #:use-module (gnu packages tls)) ;; The Makefiles that we add are largely based on the Debian @@ -298,3 +304,98 @@ with an emulator instance or connected Android device. It facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that can run commands on the connected device or emulator.") (license license:asl2.0))) + +(define-public git-repo + (package + (name "git-repo") + (version "1.12.37") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://gerrit.googlesource.com/git-repo") + (commit (string-append "v" version)))) + (file-name (string-append "git-repo-" version "-checkout")) + (sha256 + (base32 "0qp7jqhblv7xblfgpcq4n18dyjdv8shz7r60c3vnjxx2fngkj2jd")))) + (build-system python-build-system) + (arguments + `(#:python ,python-2 ; code says: "Python 3 support is … experimental." + #:phases + (modify-phases %standard-phases + (add-before 'build 'set-executable-paths + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (git (assoc-ref inputs "git")) + (gpg (assoc-ref inputs "gnupg")) + (ssh (assoc-ref inputs "ssh"))) + (substitute* '("repo" "git_command.py") + (("^GIT = 'git' ") + (string-append "GIT = '" git "/bin/git' "))) + (substitute* "repo" + ((" cmd = \\['gpg',") + (string-append " cmd = ['" gpg "/bin/gpg',"))) + (substitute* "git_config.py" + ((" command_base = \\['ssh',") + (string-append " command_base = ['" ssh "/bin/ssh',"))) + #t))) + (add-before 'build 'do-not-clone-this-source + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (repo-dir (string-append out "/share/" ,name))) + (substitute* "repo" + (("^def _FindRepo\\(\\):.*") + (format #f " +def _FindRepo(): + '''Look for a repo installation, starting at the current directory.''' + # Use the installed version of git-repo. + repo_main = '~a/main.py' + curdir = os.getcwd() + olddir = None + while curdir != '/' and curdir != olddir: + dot_repo = os.path.join(curdir, repodir) + if os.path.isdir(dot_repo): + return (repo_main, dot_repo) + else: + olddir = curdir + curdir = os.path.dirname(curdir) + return None, '' + + # The remaining of this function is dead code. It was used to + # find a git-checked-out version in the local project.\n" repo-dir)) + ;; Neither clone, check out, nor verify the git repository + (("(^\\s+)_Clone\\(.*\\)") "") + (("(^\\s+)_Checkout\\(.*\\)") "") + ((" rev = _Verify\\(.*\\)") " rev = None")) + #t))) + (delete 'build) ; nothing to build + (replace 'check + (lambda _ + (zero? (system* "python" "-m" "nose")))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin-dir (string-append out "/bin")) + (repo-dir (string-append out "/share/" ,name))) + (mkdir-p bin-dir) + (mkdir-p repo-dir) + (copy-recursively "." repo-dir) + (delete-file-recursively (string-append repo-dir "/tests")) + (symlink (string-append repo-dir "/repo") + (string-append bin-dir "/repo")) + #t)))))) + (inputs + ;; TODO: Add git-remote-persistent-https once it is available in guix + `(("git" ,git) + ("gnupg" ,gnupg) + ("ssh", openssh))) + (native-inputs + `(("nose" ,python2-nose))) + (home-page "https://code.google.com/p/git-repo/") + (synopsis "Helps to manage many Git repositories.") + (description "Repo is a tool built on top of Git. Repo helps manage many +Git repositories, does the uploads to revision control systems, and automates +parts of the development workflow. Repo is not meant to replace Git, only to +make it easier to work with Git. The repo command is an executable Python +script that you can put anywhere in your path.") + (license license:asl2.0))) diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 2b576743d6..c7b6ccc8ab 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -15,6 +15,7 @@ ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org> ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net> +;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -37,6 +38,7 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix git-download) + #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) #:use-module (guix build-system perl) #:use-module (guix build-system python) @@ -46,10 +48,13 @@ #:use-module (gnu packages backup) #:use-module (gnu packages base) #:use-module (gnu packages check) + #:use-module (gnu packages curl) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) + #:use-module (gnu packages tls) #:use-module (gnu packages valgrind) + #:use-module (gnu packages zip) #:use-module (ice-9 match) #:use-module ((srfi srfi-1) #:select (last))) @@ -1153,6 +1158,78 @@ or junctions, and always follows hard links.") ;; expat-licenced (or ‘MIT’) code. license:expat)))) +(define-public unshield + (package + (name "unshield") + (version "1.4.2") + (source + (origin (method url-fetch) + (uri (string-append "http://github.com/twogood/unshield/archive/" + version ".tar.gz")) + (sha256 + (base32 + "0x7ps644yp5dka2zhb8w0ifqmw3d255jafpzfwv8xbcpgq6fmm2x")))) + (build-system cmake-build-system) + (inputs + `(("zlib" ,zlib) + ("openssl" ,openssl) + ;; test data that is otherwise downloaded with curl + ("unshield-avigomanager11b22.zip" + ,(origin + (method url-fetch) + (uri (string-append "https://www.dropbox.com/s/8r4b6752swe3nhu/\" +unshield-avigomanager11b22.zip?dl=1")) + (sha256 + (base32 "0fwq7lih04if68wpwpsk5wjqyvh32db76a41sq6gbx4dn1lc3ddn")) + (file-name "unshield-avigomanager11b22.zip"))) + ("unshield-the-feeble-files-spanish.zip" + ,(origin + (method url-fetch) + (uri (string-append "https://www.dropbox.com/s/1ng0z9kfxc7eb1e/\" +unshield-the-feeble-files-spanish.zip?dl=1")) + (sha256 + (base32 "1k5cw6vnpja8yjlnhx5124xrw9i8s1l539hfdqqrqz3l5gn0bnyd")) + (file-name "unshield-the-feeble-files-spanish.zip"))))) + (native-inputs + `(("unzip" ,unzip))) + (arguments + `(#:out-of-source? #f + #:phases + (modify-phases %standard-phases + (add-before 'check 'pre-check + (lambda* (#:key inputs #:allow-other-keys) + (for-each (lambda (i) + (copy-file (assoc-ref inputs i) + (string-append "test/v0/" i))) + '("unshield-avigomanager11b22.zip" + "unshield-the-feeble-files-spanish.zip")) + (substitute* (find-files "test/" "/*\\.sh") + ;; Tests expect the unshield binary in a specific + ;; location. + (("/var/tmp/unshield/bin/unshield") + (string-append (getcwd) "/src/unshield")) + ;; We no longer need to download the data. + ((".?URL=.*$") "") + (("curl -(|f)sSL -o test.zip .*") "")) + (substitute* "test/v0/avigomanager.sh" + (("test.zip") + (string-append (getcwd) + "/test/v0/unshield-avigomanager11b22.zip"))) + (substitute* "test/v0/the-feeble-files-spanish.sh" + (("test.zip") + (string-append (getcwd) + "/test/v0/unshield-the-feeble-files-spanish.zip"))) + #t)) + (replace 'check + (lambda _ + (zero? (system* "./run-tests.sh"))))))) + (home-page "https://github.com/twogood/unshield") + (synopsis "Extract CAB files from InstallShield installers") + (description + "@command{unshield} is a tool and library for extracting @file{.cab} + archives from InstallShield installers.") + (license license:expat))) + (define-public unrar (package (name "unrar") diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm index d7f9d2456c..6d9e4061d1 100644 --- a/gnu/packages/game-development.scm +++ b/gnu/packages/game-development.scm @@ -483,8 +483,9 @@ programming language.") (version "4.4.2") (source (origin (method url-fetch) - (uri (string-append "http://download.gna.org/allegro/allegro/" - version "/allegro-" version ".tar.gz")) + (uri (string-append "https://github.com/liballeg/allegro5/" + "releases/download/" version "/allegro-" + version ".tar.gz")) (sha256 (base32 "1p0ghkmpc4kwij1z9rzxfv7adnpy4ayi0ifahlns1bdzgmbyf88v")))) @@ -518,14 +519,18 @@ etc.") (define-public allegro (package (name "allegro") - (version "5.2.0") + (version "5.2.2.0") (source (origin (method url-fetch) - (uri (string-append "http://download.gna.org/allegro/allegro/" - version "/allegro-" version ".tar.gz")) + (uri (string-append "https://github.com/liballeg/allegro5/releases" + "/download/" version "/allegro-" + (if (equal? "0" (string-take-right version 1)) + (string-drop-right version 2) + version) + ".tar.gz")) (sha256 (base32 - "1mwzgzc4nb5k5zkbq7yrc6hg63yxq3wk69lmjag1h19x8b6njnmg")))) + "1z4lrrlmn471wb7vzbd9iw7g379vj0k964vy1s64hcvv5bhvk1g2")))) (build-system cmake-build-system) (arguments `(#:tests? #f)) ; there are no tests (inputs @@ -561,8 +566,12 @@ etc.") (version "5.0.11") (source (origin (method url-fetch) - (uri (string-append "http://download.gna.org/allegro/allegro/" - version "/allegro-" version ".tar.gz")) + (uri (string-append "https://github.com/liballeg/allegro5/releases" + "/download/" version "/allegro-" + (if (equal? "0" (string-take-right version 1)) + (string-drop-right version 2) + version) + ".tar.gz")) (sha256 (base32 "0cd51qrh97jrr0xdmnivqgwljpmizg8pixsgvc4blqqlaz4i9zj9")))))) diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index c1993485bc..9153a2b5cf 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -136,6 +136,82 @@ #:use-module (guix build-system cmake) #:use-module (guix build-system trivial)) +(define-public cataclysm-dda + (package + (name "cataclysm-dda") + (version "0.C") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/CleverRaven/Cataclysm-DDA/" + "archive/" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1xlajmgl9cviqyjpp5g5q4rbljy9gqc49v54bi8gpzr68s14gsb9")) + (modules '((guix build utils))) + (snippet + ;; Import cmath header for the std::pow function. + '(for-each (lambda (file) + (substitute* file + (("#include <math.h>") + "#include <cmath>"))) + (find-files "src"))))) + (build-system gnu-build-system) + (arguments + '(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")) + "USE_HOME_DIR=1" "DYNAMIC_LINKING=1" "RELEASE=1") + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda _ + (substitute* "Makefile" + (("ncursesw5-config") "ncursesw6-config") + (("RELEASE_FLAGS = -Werror") "RELEASE_FLAGS =")) + #t)) + (add-after 'build 'build-tiles + (lambda* (#:key make-flags outputs #:allow-other-keys) + ;; Change prefix directory and enable tile graphics and sound. + (zero? + (apply system* "make" "TILES=1" "SOUND=1" + (string-append "PREFIX=" + (assoc-ref outputs "tiles")) + (cdr make-flags))))) + (add-after 'install 'install-tiles + (lambda* (#:key make-flags outputs #:allow-other-keys) + (zero? + (apply system* "make" "install" "TILES=1" "SOUND=1" + (string-append "PREFIX=" + (assoc-ref outputs "tiles")) + (cdr make-flags)))))) + ;; TODO: Add libtap++ from https://github.com/cbab/libtappp as a native + ;; input in order to support tests. + #:tests? #f)) + (outputs '("out" + "tiles")) ; For tile graphics and sound support. + (native-inputs + `(("gettext" ,gettext-minimal) + ("pkg-config" ,pkg-config))) + (inputs + `(("freetype" ,freetype) + ("libogg" ,libogg) + ("libvorbis" ,libvorbis) + ("ncurses" ,ncurses) + ("sdl2" ,sdl2) + ("sdl2-image", sdl2-image) + ("sdl2-ttf" ,sdl2-ttf) + ("sdl2-mixer" ,sdl2-mixer))) + (home-page "http://en.cataclysmdda.com/") + (synopsis "Survival horror roguelike video game") + (description + "Cataclysm: Dark Days Ahead is a roguelike set in a post-apocalyptic world. +Struggle to survive in a harsh, persistent, procedurally generated world. +Scavenge the remnants of a dead civilization for food, equipment, or, if you are +lucky, a vehicle with a full tank of gas to get you out of Dodge. Fight to +defeat or escape from a wide variety of powerful monstrosities, from zombies to +giant insects to killer robots and things far stranger and deadlier, and against +the others like yourself, that want what you have.") + (license license:cc-by-sa3.0))) + (define-public freedoom (package (name "freedoom") @@ -3405,16 +3481,20 @@ for Un*x systems with X11.") (define-public freeciv (package (name "freeciv") - (version "2.5.6") + (version "2.5.7") (source (origin (method url-fetch) - (uri (string-append - "http://download.gna.org/freeciv/" - "stable/freeciv-" version ".tar.bz2")) + (uri (list (string-append + "http://files.freeciv.org/stable/freeciv-" + version ".tar.bz2") + (string-append + "mirror://sourceforge/freeciv/Freeciv%20" + (version-major+minor version) "/" version + "/freeciv-" version ".tar.bz2"))) (sha256 (base32 - "16wrnsx5rmbz6rjs03bhy0vn20i6n6g73lx7fjpai98ixhzc5bfg")))) + "1lmydnnqraa947l7gdz6xgm0bgks1ywsivp9h4v8jr3avcv6gqzz")))) (build-system gnu-build-system) (inputs `(("curl" ,curl) diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm index 3d34eb2c34..0037fdb26c 100644 --- a/gnu/packages/image-processing.scm +++ b/gnu/packages/image-processing.scm @@ -45,8 +45,7 @@ #:use-module (gnu packages serialization) #:use-module (gnu packages xiph) #:use-module (gnu packages xml) - #:use-module (gnu packages xorg) - #:use-module (gnu packages vtk)) + #:use-module (gnu packages xorg)) ;; We use the latest snapshot of this package because the latest release is ;; from 2011 and has known vulnerabilities that cannot easily be fixed by diff --git a/gnu/packages/kodi.scm b/gnu/packages/kodi.scm index cdab7eca03..061d5f1b2e 100644 --- a/gnu/packages/kodi.scm +++ b/gnu/packages/kodi.scm @@ -239,8 +239,8 @@ generator library for C++.") (define-public kodi ;; We package the git version because the current released ;; version was cut while the cmake transition was in turmoil. - (let ((commit "1a38948ad068870671042bff2d8ac615dca9e5d8") - (revision "5")) + (let ((commit "f22d62dc3f6e811a538dda9c434e1804abb8b95f") + (revision "6")) (package (name "kodi") (version (string-append "18.0_alpha-" revision "-" (string-take commit 7))) @@ -252,7 +252,7 @@ generator library for C++.") (file-name (string-append name "-" version "-checkout")) (sha256 (base32 - "1apkiicmxb6ncqhznflb8wc4n770jx89asw1drmch7lq7j9m6sns")) + "0x8fqvid8b8qra327z615r2ygfkdca2p7wccdj5nfb4i5gy0sr09")) (snippet '(begin (use-modules (guix build utils)) diff --git a/gnu/packages/mes.scm b/gnu/packages/mes.scm index 1e233a852d..e711148c7c 100644 --- a/gnu/packages/mes.scm +++ b/gnu/packages/mes.scm @@ -34,14 +34,14 @@ (define-public nyacc (package (name "nyacc") - (version "0.78.3") + (version "0.79.4") (source (origin (method url-fetch) (uri (string-append "mirror://savannah/nyacc/" name "-" version ".tar.gz")) (sha256 (base32 - "0xrnl2hl9rpl50n8cihvclcd951zj640fj5kpi3d6ihwcqjcdi0a")))) + "14rhr9nv1022r7m94agb3299y0k093aq1ps22zgii3aa7cf9h1w4")))) (build-system gnu-build-system) (native-inputs `(("guile" ,guile-2.2))) @@ -54,10 +54,10 @@ extensive examples, including parsers for the Javascript and C99 languages.") (license (list gpl3+ lgpl3+)))) (define-public mes - (let ((commit "d4420bbcc9f994e2cce430cf156f383dc4092bca") + (let ((commit "7fdca75d2188b28df806b34ec92627d57aafa9ae") (revision "0") (triplet "i686-unknown-linux-gnu") - (version "0.6")) + (version "0.7")) (package (name "mes") (version (string-append version "-" revision "." (string-take commit 7))) @@ -68,7 +68,7 @@ extensive examples, including parsers for the Javascript and C99 languages.") (commit commit))) (file-name (string-append name "-" version)) (sha256 - (base32 "0qqywk3siyhf08v7xac08lqldklrqfndlp495wgy6ii9fn93197k")))) + (base32 "0fvzr1ai2rmi46zdi5b2bdjb6s8ip78mkmsk02yxl46rajmp2pb1")))) (build-system gnu-build-system) (supported-systems '("i686-linux" "x86_64-linux")) (propagated-inputs diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 94152226da..1e22b70329 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -13,6 +13,7 @@ ;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch> ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> +;;; Copyright © 2017 Leo Famulari <leo@famulari.name> ;;; ;;; This file is part of GNU Guix. ;;; @@ -1184,3 +1185,54 @@ enabled due to license conflicts between the BSD advertising clause and the GPL. ;; others under a 4-clause BSD license. Refer to the files in the source ;; distribution for clarification. (license (list license:bsd-3 license:bsd-4)))) + +(define-public spiped + (package + (name "spiped") + (version "1.6.0") + (source (origin + (method url-fetch) + (uri (string-append "https://www.tarsnap.com/spiped/spiped-" + version ".tgz")) + (sha256 + (base32 + "1r51rdcl7nib1yv3yvgd5alwlkkwmr387brqavaklb0p2bwzixz6")))) + (build-system gnu-build-system) + (arguments + '(#:test-target "test" + #:make-flags (let* ((out (assoc-ref %outputs "out")) + (bindir (string-append out "/bin")) + (man1dir (string-append out "/share/man/man1"))) + (list "CC=gcc" ; It tries to invoke `c99`. + (string-append "BINDIR=" bindir) + (string-append "MAN1DIR=" man1dir))) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-command-invocations + (lambda _ + (substitute* '("Makefile" + "libcperciva/cpusupport/Build/cpusupport.sh" + "libcperciva/POSIX/posix-cflags.sh" + "libcperciva/POSIX/posix-l.sh") + (("command -p") "")) + #t)) + (delete 'configure) ; No ./configure script. + (add-after 'install 'install-more-docs + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref %outputs "out")) + (misc (string-append out "/share/doc/spiped"))) + (install-file "DESIGN.md" misc) + #t)))))) + (native-inputs + `(("procps" ,procps))) ; `ps` is used by the test suite. + (inputs + `(("openssl" ,openssl))) + (home-page "https://www.tarsnap.com/spiped.html") + (synopsis "Create secure pipes between sockets") + (description "Spiped (pronounced \"ess-pipe-dee\") is a utility for creating +symmetrically encrypted and authenticated pipes between socket addresses, so +that one may connect to one address (e.g., a UNIX socket on localhost) and +transparently have a connection established to another address (e.g., a UNIX +socket on a different system). This is similar to 'ssh -L' functionality, but +does not use SSH and requires a pre-shared symmetric key.") + (license license:bsd-2))) diff --git a/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch b/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch new file mode 100644 index 0000000000..a6fdb50fff --- /dev/null +++ b/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch @@ -0,0 +1,14 @@ +The Clar test framework has a bug whereby it skips the parsing phase +on files with mtime=0. + +Reported upstream at <https://github.com/vmg/clar/pull/78>. + +diff --git a/tests/generate.py b/tests/generate.py +index b639c8f..111ca41 100644 +--- a/tests/generate.py ++++ b/tests/generate.py +@@ -63,3 +63,3 @@ class Module(object): + +- self.mtime = 0 ++ self.mtime = None # Guix sets all file mtimes to '0' + self.enabled = True diff --git a/gnu/packages/patches/qemu-CVE-2017-8112.patch b/gnu/packages/patches/qemu-CVE-2017-8112.patch new file mode 100644 index 0000000000..88b33aa2f0 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-8112.patch @@ -0,0 +1,41 @@ +Fix CVE-2017-8112: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8112 + +Patch copied from upstream source repository: + +http://git.qemu.org/?p=qemu.git;a=commitdiff;h=f68826989cd4d1217797251339579c57b3c0934e + +From f68826989cd4d1217797251339579c57b3c0934e Mon Sep 17 00:00:00 2001 +From: P J P <ppandit@redhat.com> +Date: Tue, 25 Apr 2017 18:36:23 +0530 +Subject: [PATCH] vmw_pvscsi: check message ring page count at initialisation + +A guest could set the message ring page count to zero, resulting in +infinite loop. Add check to avoid it. + +Reported-by: YY Z <bigbird475958471@gmail.com> +Signed-off-by: P J P <ppandit@redhat.com> +Message-Id: <20170425130623.3649-1-ppandit@redhat.com> +Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + hw/scsi/vmw_pvscsi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c +index 75575461e2..4a106da856 100644 +--- a/hw/scsi/vmw_pvscsi.c ++++ b/hw/scsi/vmw_pvscsi.c +@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri) + uint32_t len_log2; + uint32_t ring_size; + +- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { ++ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { + return -1; + } + ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE; +-- +2.13.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-8309.patch b/gnu/packages/patches/qemu-CVE-2017-8309.patch new file mode 100644 index 0000000000..dc4b4006b7 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-8309.patch @@ -0,0 +1,46 @@ +Fix CVE-2017-8309: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8309 + +Patch copied from upstream source repository: + +http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3268a845f41253fb55852a8429c32b50f36f349a + +From 3268a845f41253fb55852a8429c32b50f36f349a Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Fri, 28 Apr 2017 09:56:12 +0200 +Subject: [PATCH] audio: release capture buffers + +AUD_add_capture() allocates two buffers which are never released. +Add the missing calls to AUD_del_capture(). + +Impact: Allows vnc clients to exhaust host memory by repeatedly +starting and stopping audio capture. + +Fixes: CVE-2017-8309 +Cc: P J P <ppandit@redhat.com> +Cc: Huawei PSIRT <PSIRT@huawei.com> +Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org> +Message-id: 20170428075612.9997-1-kraxel@redhat.com +--- + audio/audio.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/audio/audio.c b/audio/audio.c +index c8898d8422..beafed209b 100644 +--- a/audio/audio.c ++++ b/audio/audio.c +@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque) + sw = sw1; + } + QLIST_REMOVE (cap, entries); ++ g_free (cap->hw.mix_buf); ++ g_free (cap->buf); + g_free (cap); + } + return; +-- +2.13.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-8379.patch b/gnu/packages/patches/qemu-CVE-2017-8379.patch new file mode 100644 index 0000000000..200b133d3e --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-8379.patch @@ -0,0 +1,98 @@ +Fix CVE-2017-8379: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8379 + +Patch copied from upstream source repository: + +http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fa18f36a461984eae50ab957e47ec78dae3c14fc + +From fa18f36a461984eae50ab957e47ec78dae3c14fc Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Fri, 28 Apr 2017 10:42:37 +0200 +Subject: [PATCH] input: limit kbd queue depth + +Apply a limit to the number of items we accept into the keyboard queue. + +Impact: Without this limit vnc clients can exhaust host memory by +sending keyboard events faster than qemu feeds them to the guest. + +Fixes: CVE-2017-8379 +Cc: P J P <ppandit@redhat.com> +Cc: Huawei PSIRT <PSIRT@huawei.com> +Reported-by: jiangxin1@huawei.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Message-id: 20170428084237.23960-1-kraxel@redhat.com +--- + ui/input.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/ui/input.c b/ui/input.c +index ed88cda6d6..fb1f404095 100644 +--- a/ui/input.c ++++ b/ui/input.c +@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue = + QTAILQ_HEAD_INITIALIZER(kbd_queue); + static QEMUTimer *kbd_timer; + static uint32_t kbd_default_delay_ms = 10; ++static uint32_t queue_count; ++static uint32_t queue_limit = 1024; + + QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev, + QemuInputHandler *handler) +@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque) + break; + } + QTAILQ_REMOVE(queue, item, node); ++ queue_count--; + g_free(item); + } + } +@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue, + item->delay_ms = delay_ms; + item->timer = timer; + QTAILQ_INSERT_TAIL(queue, item, node); ++ queue_count++; + + if (start_timer) { + timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue, + item->src = src; + item->evt = evt; + QTAILQ_INSERT_TAIL(queue, item, node); ++ queue_count++; + } + + static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) +@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) + + item->type = QEMU_INPUT_QUEUE_SYNC; + QTAILQ_INSERT_TAIL(queue, item, node); ++ queue_count++; + } + + void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt) +@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down) + qemu_input_event_send(src, evt); + qemu_input_event_sync(); + qapi_free_InputEvent(evt); +- } else { ++ } else if (queue_count < queue_limit) { + qemu_input_queue_event(&kbd_queue, src, evt); + qemu_input_queue_sync(&kbd_queue); + } +@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms) + kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process, + &kbd_queue); + } +- qemu_input_queue_delay(&kbd_queue, kbd_timer, +- delay_ms ? delay_ms : kbd_default_delay_ms); ++ if (queue_count < queue_limit) { ++ qemu_input_queue_delay(&kbd_queue, kbd_timer, ++ delay_ms ? delay_ms : kbd_default_delay_ms); ++ } + } + + InputEvent *qemu_input_event_new_btn(InputButton btn, bool down) +-- +2.13.0 + diff --git a/gnu/packages/patches/qemu-CVE-2017-8380.patch b/gnu/packages/patches/qemu-CVE-2017-8380.patch new file mode 100644 index 0000000000..65e49fc885 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-8380.patch @@ -0,0 +1,53 @@ +Fix CVE-2017-8380: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8380 + +Patch copied from upstream source repository: + +http://git.qemu.org/?p=qemu.git;a=commitdiff;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f + +From 24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Mon, 24 Apr 2017 17:36:34 +0530 +Subject: [PATCH] scsi: avoid an off-by-one error in megasas_mmio_write + +While reading magic sequence(MFI_SEQ) in megasas_mmio_write, +an off-by-one error could occur as 's->adp_reset' index is not +reset after reading the last sequence. + +Reported-by: YY Z <bigbird475958471@gmail.com> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Message-Id: <20170424120634.12268-1-ppandit@redhat.com> +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +--- + hw/scsi/megasas.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c +index 84b8caf901..804122ab05 100644 +--- a/hw/scsi/megasas.c ++++ b/hw/scsi/megasas.c +@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr, + case MFI_SEQ: + trace_megasas_mmio_writel("MFI_SEQ", val); + /* Magic sequence to start ADP reset */ +- if (adp_reset_seq[s->adp_reset] == val) { +- s->adp_reset++; ++ if (adp_reset_seq[s->adp_reset++] == val) { ++ if (s->adp_reset == 6) { ++ s->adp_reset = 0; ++ s->diag = MFI_DIAG_WRITE_ENABLE; ++ } + } else { + s->adp_reset = 0; + s->diag = 0; + } +- if (s->adp_reset == 6) { +- s->diag = MFI_DIAG_WRITE_ENABLE; +- } + break; + case MFI_DIAG: + trace_megasas_mmio_writel("MFI_DIAG", val); +-- +2.13.0 + diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 1017c31dad..45fdca211c 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -14922,3 +14922,377 @@ Supported metrics are: (define-public python2-radon (package-with-python2 python-radon)) + +(define-public python-sure + (package + (name "python-sure") + (version "1.4.6") + (source + (origin + (method url-fetch) + (uri (pypi-uri "sure" version)) + (sha256 + (base32 + "1iyqsy2d6radi88g1qf0lziy5b39h5cpb3g5jiqyb4xi46ig3x1z")))) + (build-system python-build-system) + (propagated-inputs + `(("python-mock" ,python-mock) + ("python-six" ,python-six))) + (native-inputs + `(("python-nose" ,python-nose))) + (home-page "https://github.com/gabrielfalcao/sure") + (synopsis "Automated testing library in python for python") + (description + "Sure is a python library that leverages a DSL for writing assertions. +Sure is heavily inspired by @code{RSpec Expectations} and @code{should.js}.") + (license license:gpl3+))) + +(define-public python2-sure + (package-with-python2 python-sure)) + +(define-public python2-couleur + ;; This package does not seem to support python3 at all, hence, + ;; only the python2 variant definition is provided. + (package + (name "python2-couleur") + (version "0.6.2") + (source + (origin + (method url-fetch) + (uri (pypi-uri "couleur" version)) + (sha256 + (base32 + "1qqaxyqz74wvid0cr119dhcwz0h0if5b5by44zl49pd5z65v58k1")))) + (build-system python-build-system) + (arguments + `(#:python ,python-2)) + (home-page "https://github.com/gabrielfalcao/couleur") + (synopsis + "ANSI terminal tool for python, colored shell and other handy fancy features") + (description + "@code{Couleur} provides python programs a way to use the ANSI features in a unix +terminal such as coloured output in the shell, overwriting output, indentation, etc.") + ;; README.md says ASL2.0, but all source code headers are LGPL3+. + ;; https://github.com/gabrielfalcao/couleur/issues/11 + (license license:lgpl3+))) + +(define-public python-misaka + (package + (name "python-misaka") + (version "2.1.0") + (source + (origin + (method url-fetch) + (uri (pypi-uri "misaka" version)) + (sha256 + (base32 + "1yqrq3a5rracirmvk52n28nn6ckdaz897gnigv89a9gmyn87sqw7")))) + (build-system python-build-system) + (arguments + `(;; Line 37 of setup.py calls self.run_command('develop') + ;; in the 'check' phase. This command seems to be trying + ;; to write to + ;; /gnu/store/...-python-<version>/lib/python<version>/site-packages/ + ;; for which it does not have the permission to write. + #:tests? #f)) + (propagated-inputs + `(("python-cffi" ,python-cffi))) + (home-page "https://github.com/FSX/misaka") + (synopsis "Python binding for Hoedown") + (description + "@code{Misaka} is a CFFI-based binding for @code{Hoedown}, a fast markdown processing +library written in C. It features a fast HTML renderer and functionality to make custom +renderers (e.g. man pages or LaTeX).") + (license license:expat))) + +(define-public python2-misaka + (package-with-python2 python-misaka)) + +(define-public python2-steadymark + ;; This is forced into being a python2 only variant + ;; due to its dependence on couleur that has no support + ;; for python3 + (package + (name "python2-steadymark") + (version "0.7.3") + (source + (origin + (method url-fetch) + (uri (pypi-uri "steadymark" version)) + (sha256 + (base32 + "1640i9g8dycql3cc8j0bky0jkzj0q39blfbp4lsgpkprkfgcdk8v")))) + (build-system python-build-system) + (native-inputs + `(("python-couleur" ,python2-couleur) + ("python-sure" ,python2-sure) + ("python-misaka" ,python2-misaka))) + (arguments + `(#:python ,python-2 + #:phases + (modify-phases %standard-phases + (add-before 'build 'patch-setup-py + (lambda _ + ;; Update requirements from dependency==version + ;; to dependency>=version + (substitute* "setup.py" + (("==") ">=")) + #t))))) + (home-page "https://github.com/gabrielfalcao/steadymark") + (synopsis "Markdown-based test runner for python") + (description + "@code{Steadymark} allows documentation to be written in github-flavoured +markdown. The documentation may contain snippets of code surrounded by python +code blocks and @code{Steadymark} will find these snippets and run them, making +sure that there are no old malfunctional examples in the documentation examples.") + (license license:expat))) + +(define-public python-nose-randomly + (package + (name "python-nose-randomly") + (version "1.2.5") + (source + (origin + (method url-fetch) + (uri (pypi-uri "nose-randomly" version)) + (sha256 + (base32 + "1cw9dlr1zh3w4i438kin7z0rm8092ki52hayisyc43h9pcplq7rn")))) + (build-system python-build-system) + (native-inputs + `(("python-nose" ,python-nose) + ("python-numpy" ,python-numpy))) + (home-page "https://github.com/adamchainz/nose-randomly") + (synopsis + "Nose plugin to randomly order tests and control random.seed") + (description + "This is a @code{Nose} plugin to randomly order tests which can be quite +powerful in discovering hidden flaws in the tests themselves, while helping to +reduce inter-test dependencies. It also helps in controlling @code{random.seed}, +by resetting it to a repeatable number for each test, enabling the tests to +create data based on random numbers and yet remain repeatable.") + (license license:bsd-3))) + +(define-public python2-nose-randomly + (package-with-python2 python-nose-randomly)) + +(define-public python-jsonpointer + (package + (name "python-jsonpointer") + (version "1.10") + (source + (origin + (method url-fetch) + (uri (pypi-uri "jsonpointer" version)) + (sha256 + (base32 + "1cg0gvgqjysydv6p45v4jywg1jb3v48c7m3cbpi57zgf6nndr9cz")))) + (build-system python-build-system) + (home-page "https://github.com/stefankoegl/python-json-pointer") + (synopsis "Identify specific nodes in a JSON document") + (description "@code{jsonpointer} allows you to access specific nodes +by path in a JSON document (see RFC 6901).") + (license license:bsd-3))) + +(define-public python2-jsonpointer + (package-with-python2 python-jsonpointer)) + +(define-public python-rfc3987 + (package + (name "python-rfc3987") + (version "1.3.7") + (source + (origin + (method url-fetch) + (uri (pypi-uri "rfc3987" version)) + (sha256 + (base32 + "192pclzs2y0yaywqkrlvd0x73740q310kvqvm6jldhi619mq59wi")))) + (build-system python-build-system) + (home-page "http://pypi.python.org/pypi/rfc3987") + (synopsis "Parsing and validation of URIs (RFC 3986) and IRIs (RFC 3987)") + (description "@code{rfc3987} provides routines for parsing and +validation of URIs (see RFC 3986) and IRIs (see RFC 3987).") + (license license:gpl3+))) + +(define-public python2-rfc3987 + (package-with-python2 python-rfc3987)) + +(define-public python-validate-email + (package + (name "python-validate-email") + (version "1.3") + (source + (origin + (method url-fetch) + (uri (pypi-uri "validate_email" version)) + (sha256 + (base32 + "1bxffaf5yz2cph8ki55vdvdypbwkvn2xr1firlcy62vqbzf1jivq")))) + (build-system python-build-system) + (home-page "http://github.com/syrusakbary/validate_email") + (synopsis "Verifies if an email address is valid and really exists") + (description "@code{validate_email} can be used to verify if an email +address is valid and really exists.") + (license license:lgpl3+))) + +(define-public python2-validate-email + (package-with-python2 python-validate-email)) + +(define-public python-flex + (package + (name "python-flex") + (version "6.10.0") + (source + (origin + (method url-fetch) + (uri (pypi-uri "flex" version)) + (sha256 + (base32 + "00pamnwla3khk8nyla7y28dq9jnh69swd7f4jfsl7sn1izs8n8zk")))) + (build-system python-build-system) + (propagated-inputs + `(("python-click" ,python-click) + ("python-iso8601" ,python-iso8601) + ("python-jsonpointer" ,python-jsonpointer) + ("python-pyyaml" ,python-pyyaml) + ("python-requests" ,python-requests) + ("python-rfc3987" ,python-rfc3987) + ("python-six" ,python-six) + ("python-validate-email" ,python-validate-email))) + (home-page "https://github.com/pipermerriam/flex") + (synopsis "Validates Swagger schemata") + (description "@code{flex} can be used to validate Swagger schemata.") + (license license:bsd-3))) + +(define-public python2-flex + (package-with-python2 python-flex)) + +(define-public python-marshmallow + (package + (name "python-marshmallow") + (version "3.0.0b2") + (source + (origin + (method url-fetch) + (uri (pypi-uri "marshmallow" version)) + (sha256 + (base32 + "11bnpvfdbczr74177p295zbkdrax2cahvbj5bqhhlprgz2xxi5d9")))) + (build-system python-build-system) + (propagated-inputs + `(("python-dateutil" ,python-dateutil) + ("python-simplejson" ,python-simplejson))) + (native-inputs + `(("python-pytest-3.0" ,python-pytest-3.0) + ("python-pytz" ,python-pytz))) + (home-page "https://github.com/marshmallow-code/marshmallow") + (synopsis "Convert complex datatypes to and from native +Python datatypes.") + (description "@code{marshmallow} provides a library for converting +complex datatypes to and from native Python datatypes.") + (license license:expat))) + +(define-public python2-marshmallow + (package-with-python2 python-marshmallow)) + +(define-public python-bottle + (package + (name "python-bottle") + (version "0.12.13") + (source + (origin + (method url-fetch) + (uri (pypi-uri "bottle" version)) + (sha256 + (base32 + "0m9k2a7yxvggc4kw8fsvj381vgsvfcdshg5nzy6vwrxiw2p53drr")))) + (build-system python-build-system) + (home-page "http://bottlepy.org/") + (synopsis "WSGI framework for small web-applications.") + (description "@code{python-bottle} is a WSGI framework for small web-applications.") + (license license:expat))) + +(define-public python2-bottle + (package-with-python2 python-bottle)) + +(define-public python-apispec + (package + (name "python-apispec") + (version "0.22.0") + (source + (origin + (method url-fetch) + (uri (pypi-uri "apispec" version)) + (sha256 + (base32 + "0y3jxmgp2d24am3hxl40f5rw9abb0r8037sagax3dv64h4n1azwq")))) + (build-system python-build-system) + (propagated-inputs + `(("python-pyyaml" ,python-pyyaml))) + (native-inputs + `(("python-pytest-3.0" ,python-pytest-3.0) + ("python-flask" ,python-flask) + ("python-marshmallow" ,python-marshmallow) + ("python-tornado" ,python-tornado) + ("python-bottle" ,python-bottle) + ("python-mock" ,python-mock))) + (home-page "https://github.com/marshmallow-code/apispec") + (synopsis "Swagger 2.0 API specification generator") + (description "@code{python-apispec} is a pluggable API specification +generator. Currently supports the OpenAPI specification (f.k.a. +Swagger 2.0).") + (license license:expat))) + +(define-public python2-apispec + (package-with-python2 python-apispec)) + +(define-public python-flasgger + (package + (name "python-flasgger") + (version "0.6.3") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/rochacbruno/flasgger/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1gqzlm0rb55fdpsy5ipkganlx9cnpi454fqyycr03jm22zql14ay")))) + (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'check + (lambda* (#:key inputs outputs #:allow-other-keys) + (substitute* "Makefile" + (("flake8 flasgger --ignore=F403") + "flake8 flasgger --ignore=E731,F403")) + (setenv "PYTHONPATH" (string-append (getcwd) + ":" + (getenv "PYTHONPATH"))) + (zero? (system* "py.test"))))))) + (propagated-inputs + `(("python-flask" ,python-flask) + ("python-pyyaml" ,python-pyyaml) + ("python-jsonschema" ,python-jsonschema) + ("python-mistune" ,python-mistune) + ("python-six" ,python-six))) + (native-inputs + `(("python-decorator" ,python-decorator) + ("python-flake8" ,python-flake8) + ("python-flask-restful" ,python-flask-restful) + ("python-flex" ,python-flex) + ("python-pytest-3.0" ,python-pytest-3.0) + ("python-pytest-cov" ,python-pytest-cov) + ("python-marshmallow" ,python-marshmallow) + ("python-apispec" ,python-apispec))) + (home-page "https://github.com/rochacbruno/flasgger/") + (synopsis "Extract Swagger specs from your Flask project") + (description "@code{python-flasgger} allows extracting Swagger specs +from your Flask project. It is a fork of Flask-Swagger.") + (license license:expat))) + +(define-public python2-flasgger + (package-with-python2 python-flasgger)) diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm index 0734b6d0f7..31354b25d7 100644 --- a/gnu/packages/qemu.scm +++ b/gnu/packages/qemu.scm @@ -74,7 +74,11 @@ (method url-fetch) (uri (string-append "http://wiki.qemu-project.org/download/qemu-" version ".tar.xz")) - (patches (search-patches "qemu-CVE-2017-7493.patch")) + (patches (search-patches "qemu-CVE-2017-7493.patch" + "qemu-CVE-2017-8112.patch" + "qemu-CVE-2017-8309.patch" + "qemu-CVE-2017-8379.patch" + "qemu-CVE-2017-8380.patch")) (sha256 (base32 "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h")))) diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm index 47d3a46148..5e04e86539 100644 --- a/gnu/packages/shells.scm +++ b/gnu/packages/shells.scm @@ -459,6 +459,111 @@ and redirections, and a complete syscall library for low-level access to the operating system.") (license bsd-3)))) +(define-public linenoise + (package + (name "linenoise") + (version "1.0") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/antirez/linenoise/" + "archive/" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "05006hd56xcvxjdpll4x720bpfan7vwqmxbw8a2kvm10w57ll1gm")))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ;No tests are included + #:make-flags (list "CC=gcc") + #:phases + (modify-phases %standard-phases + (delete 'configure) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + ;; At the moment there is no 'make install' in upstream. + (let* ((out (assoc-ref outputs "out"))) + (install-file "linenoise.h" + (string-append out "/include/linenoise")) + (install-file "linenoise.c" + (string-append out "/include/linenoise")) + #t)))))) + (home-page "https://github.com/antirez/linenoise") + (synopsis "Minimal zero-config readline replacement") + (description + "Linenoise is a minimal, zero-config, readline replacement. +Its features include: + +@enumerate +@item Single and multi line editing mode with the usual key bindings +@item History handling +@item Completion +@item Hints (suggestions at the right of the prompt as you type) +@item A subset of VT100 escapes, ANSI.SYS compatible +@end enumerate\n") + (license bsd-2))) + +(define-public s + (let ((commit "6604341edb3a775ff94415762af3ee9bd86bfb3c") + (revision "1")) + (package + (name "s") + (version (string-append "0.0.0-" revision "." (string-take commit 7))) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/rain-1/s") + (commit commit))) + (file-name (string-append name "-" version "-checkout")) + (sha256 + (base32 + "1075cml6dl15d770j3m12yz90cjacsdslbv3gank1nxd76vmpdcr")))) + (build-system gnu-build-system) + (inputs + `(("linenoise" ,linenoise))) + (arguments + `(#:tests? #f + #:make-flags (list "CC=gcc") + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'install-directory-fix + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin"))) + (substitute* "Makefile" + (("out") bin)) + #t))) + (add-after 'install 'manpage + (lambda* (#:key outputs #:allow-other-keys) + (install-file "s.1" (string-append (assoc-ref outputs "out") + "/share/man/man1")))) + (replace 'configure + (lambda* (#:key inputs outputs #:allow-other-keys) + ;; At this point linenoise is meant to be included, + ;; so we have to really copy it into the working directory + ;; of s. + (let* ((linenoise (assoc-ref inputs "linenoise")) + (noisepath (string-append linenoise "/include/linenoise")) + (out (assoc-ref outputs "out"))) + (copy-recursively noisepath "linenoise") + (substitute* "s.c" + (("/bin/s") (string-append out "/bin/s"))) + #t)))))) + (home-page "https://github.com/rain-1/s") + (synopsis "Extremely minimal shell with the simplest syntax possible") + (description + "S is a new shell that aims to be extremely simple. +S does not implemnt the POSIX shell standard. +There are no globs or \"splatting\" where a variable $FOO turns into multiple +command line arguments. One token stays one token forever. +This is a \"no surprises\" straightforward approach. + +There are no redirection operators > in the shell language, they are added as +extra programs. > is just another unix command, < is essentially cat(1). +A @code{andglob} program is also provided along with s.") + (license bsd-3)))) + (define-public loksh (package (name "loksh") diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 12fc2c6cc3..32c9a132a6 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -336,7 +336,9 @@ everything from small to very large projects with speed and efficiency.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s")))) + "1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s")) + (patches (search-patches "libgit2-use-after-free.patch" + "libgit2-0.25.1-mtime-0.patch")))) (build-system cmake-build-system) (arguments `(#:phases @@ -349,25 +351,13 @@ everything from small to very large projects with speed and efficiency.") (("/bin/cp") (which "cp")) (("/bin/rm") (which "rm"))) #t)) - (add-after 'unpack 'apply-patch - (lambda* (#:key inputs #:allow-other-keys) - ;; XXX: For some reason adding the patch in 'patches', which - ;; leads to a new tarball with all timestamps reset and ordering - ;; by name (slightly different file order compared to the - ;; original tarball) leads to an obscure Python error while - ;; running 'generate.py': - ;; 'Module' object has no attribute 'callbacks' - ;; Thus, apply the patch here, which minimizes disruption. - (let ((patch (assoc-ref inputs "patch"))) - (zero? (system* "patch" "-p1" "--force" "--input" patch))))) ;; Run checks more verbosely. (replace 'check (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q"))))))) (inputs `(("libssh2" ,libssh2) ("libcurl" ,curl) - ("python" ,python-wrapper) - ("patch" ,(search-patch "libgit2-use-after-free.patch")))) + ("python" ,python-wrapper))) (native-inputs `(("pkg-config" ,pkg-config))) (propagated-inputs diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index ac2eec5f94..909d23ad2e 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -19,6 +19,7 @@ ;;; Copyright © 2017 Chris Marusich <cmmarusich@gmail.com> ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> ;;; Copyright © 2017 Ethan R. Jones <doubleplusgood23@gmail.com> +;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -659,7 +660,10 @@ audio/video codec library.") "1a22b913p2227ljz89c4fgjlyln5gcz8z58w32r0wh4srnnd60y4")))) (build-system gnu-build-system) (native-inputs - `(("git" ,git) ; needed for a test + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("git" ,git) ; needed for a test + ("libtool" ,libtool) ("pkg-config" ,pkg-config))) ;; FIXME: Add optional inputs once available. (inputs @@ -673,6 +677,7 @@ audio/video codec library.") ("gnutls" ,gnutls) ("liba52" ,liba52) ("libcddb" ,libcddb) + ("libdvbpsi" ,libdvbpsi) ("libgcrypt" ,libgcrypt) ("libkate" ,libkate) ("libmad" ,libmad) @@ -687,6 +692,7 @@ audio/video codec library.") ("libxinerama" ,libxinerama) ("libxml2" ,libxml2) ("libxpm" ,libxpm) + ("livemedia-utils" ,livemedia-utils) ("lua" ,lua-5.1) ("mesa" ,mesa) ("opus" ,opus) @@ -714,6 +720,15 @@ audio/video codec library.") #:phases (modify-phases %standard-phases + (add-before 'configure 'bootstrap + (lambda _ (zero? (system* "sh" "bootstrap")))) + (add-before 'bootstrap 'fix-livemedia-utils-prefix + (lambda* (#:key inputs #:allow-other-keys) + (let ((livemedia-utils (assoc-ref inputs "livemedia-utils"))) + (substitute* "configure.ac" + (("LIVE555_PREFIX=\\$\\{LIVE555_PREFIX-\"/usr\"\\}") + (string-append "LIVE555_PREFIX=" livemedia-utils))) + #t))) (add-before 'configure 'remove-visual-tests ;; Some of the tests require using the display to test out VLC, ;; which fails in our sandboxed build system @@ -2153,3 +2168,64 @@ MPEG-2, MPEG-4, DVD (VOB)... information and other metadata about audio or video files. It supports the many codecs and formats supported by libmediainfo.") (license license:bsd-2))) + +(define-public livemedia-utils + (package + (name "livemedia-utils") + (version "2017.05.24") + (source (origin + (method url-fetch) + (uri (string-append + "http://www.live555.com/liveMedia/public/live." + version ".tar.gz")) + (sha256 + (base32 + "1ra64j3qa89hf3xika8jz9gd8al8mcaqlk5ivw5pclnd2df5f4im")))) + (build-system gnu-build-system) + (arguments + '(#:tests? #f ; no tests + #:make-flags (list "CC=gcc" + (string-append "LDFLAGS=-Wl,-rpath=" + (assoc-ref %outputs "out") "/lib") + (string-append "PREFIX=" + (assoc-ref %outputs "out"))) + #:phases (modify-phases %standard-phases + (add-before 'configure 'fix-makefiles-generation + (lambda _ + (substitute* "genMakefiles" + (("/bin/rm") "rm")) + #t)) + (replace 'configure + (lambda _ + (zero? (system* "./genMakefiles" + "linux-with-shared-libraries"))))))) + (home-page "http://www.live555.com/liveMedia/") + (synopsis "Set of C++ libraries for multimedia streaming") + (description "This code forms a set of C++ libraries for multimedia +streaming, using open standard protocols (RTP/RTCP, RTSP, SIP). The libraries +can be used to stream, receive, and process MPEG, H.265, H.264, H.263+, DV or +JPEG video, and several audio codecs. They can easily be extended to support +additional (audio and/or video) codecs, and can also be used to build basic +RTSP or SIP clients and servers.") + (license license:lgpl3+))) + +(define-public libdvbpsi + (package + (name "libdvbpsi") + (version "1.3.1") + (source (origin + (method url-fetch) + (uri (string-append + "https://download.videolan.org/pub/libdvbpsi/" + version "/libdvbpsi-" version ".tar.bz2")) + (sha256 + (base32 + "0824r08kaspbrrg2dd5d46s475zb7j59brqkm2y6x3mdsnpng0yn")))) + (build-system gnu-build-system) + (home-page "https://www.videolan.org/developers/libdvbpsi.html") + (synopsis "Library for decoding and generation of MPEG TS and DVB PSI +tables") + (description "libdvbpsi is a simple library designed for decoding and +generation of MPEG TS and DVB PSI tables according to standards ISO/IEC 13818s +and ITU-T H.222.0.") + (license license:lgpl2.1))) diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm index a74cbcf2b4..7d51f899f0 100644 --- a/gnu/packages/wine.scm +++ b/gnu/packages/wine.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2014, 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -54,14 +55,14 @@ (define-public wine (package (name "wine") - (version "2.4") + (version "2.9") (source (origin (method url-fetch) (uri (string-append "https://dl.winehq.org/wine/source/2.x" "/wine-" version ".tar.xz")) (sha256 (base32 - "13klfadvd44zdfrzh38al99s53i02x3mlhcj5z7fq7vqwh3xzdc7")))) + "0pslhs3kwjimlz5ad6vzzdw7lgbfpwl8vyg4jmf17p61pfxzfimc")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config) ("gettext" ,gettext-minimal) |