diff options
Diffstat (limited to 'gnu')
31 files changed, 2410 insertions, 157 deletions
diff --git a/gnu/packages.scm b/gnu/packages.scm index c9efd0d691..6109d1f896 100644 --- a/gnu/packages.scm +++ b/gnu/packages.scm @@ -105,24 +105,29 @@ (append environment `((,%distro-root-directory . "gnu/packages")))))) (define* (scheme-files directory) - "Return the list of Scheme files found under DIRECTORY." - (file-system-fold (const #t) ; enter? - (lambda (path stat result) ; leaf - (if (string-suffix? ".scm" path) - (cons path result) - result)) - (lambda (path stat result) ; down - result) - (lambda (path stat result) ; up - result) - (const #f) ; skip - (lambda (path stat errno result) - (warning (_ "cannot access `~a': ~a~%") - path (strerror errno)) - result) - '() - directory - stat)) + "Return the list of Scheme files found under DIRECTORY, recursively. The +returned list is sorted in alphabetical order." + + ;; Sort entries so that 'fold-packages' works in a deterministic fashion + ;; regardless of details of the underlying file system. + (sort (file-system-fold (const #t) ; enter? + (lambda (path stat result) ; leaf + (if (string-suffix? ".scm" path) + (cons path result) + result)) + (lambda (path stat result) ; down + result) + (lambda (path stat result) ; up + result) + (const #f) ; skip + (lambda (path stat errno result) + (warning (_ "cannot access `~a': ~a~%") + path (strerror errno)) + result) + '() + directory + stat) + string<?)) (define file-name->module-name (let ((not-slash (char-set-complement (char-set #\/)))) diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 6f6178a3ff..ff6c3379af 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -28,6 +28,113 @@ #:use-module (gnu packages pkg-config) #:use-module (gnu packages python)) +(define-public bedtools + (package + (name "bedtools") + (version "2.22.0") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/arq5x/bedtools2/archive/v" + version ".tar.gz")) + (sha256 + (base32 + "16aq0w3dmbd0853j32xk9jin4vb6v6fgakfyvrsmsjizzbn3fpfl")))) + (build-system gnu-build-system) + (native-inputs `(("python" ,python-2))) + (inputs `(("samtools" ,samtools) + ("zlib" ,zlib))) + (arguments + '(#:test-target "test" + #:phases + (alist-cons-after + 'unpack 'patch-makefile-SHELL-definition + (lambda _ + ;; patch-makefile-SHELL cannot be used here as it does not + ;; yet patch definitions with `:='. Since changes to + ;; patch-makefile-SHELL result in a full rebuild, features + ;; of patch-makefile-SHELL are reimplemented here. + (substitute* "Makefile" + (("^SHELL := .*$") (string-append "SHELL := " (which "bash") " -e \n")))) + (alist-delete + 'configure + (alist-replace + 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((bin (string-append (assoc-ref outputs "out") "/bin/"))) + (mkdir-p bin) + (for-each (lambda (file) + (copy-file file (string-append bin (basename file)))) + (find-files "bin" ".*")))) + %standard-phases))))) + (home-page "https://github.com/arq5x/bedtools2") + (synopsis "Tools for genome analysis and arithmetic") + (description + "Collectively, the bedtools utilities are a swiss-army knife of tools for +a wide-range of genomics analysis tasks. The most widely-used tools enable +genome arithmetic: that is, set theory on the genome. For example, bedtools +allows one to intersect, merge, count, complement, and shuffle genomic +intervals from multiple files in widely-used genomic file formats such as BAM, +BED, GFF/GTF, VCF.") + (license license:gpl2))) + +(define-public bowtie + (package + (name "bowtie") + (version "2.2.4") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/BenLangmead/bowtie2/archive/v" + version ".tar.gz")) + (sha256 + (base32 + "15dnbqippwvhyh9zqjhaxkabk7lm1xbh1nvar1x4b5kwm117zijn")) + (modules '((guix build utils))) + (snippet + '(substitute* "Makefile" + (("^CC = .*$") "CC = gcc") + (("^CPP = .*$") "CPP = g++") + ;; replace BUILD_HOST and BUILD_TIME for deterministic build + (("-DBUILD_HOST=.*") "-DBUILD_HOST=\"\\\"guix\\\"\"") + (("-DBUILD_TIME=.*") "-DBUILD_TIME=\"\\\"0\\\"\""))))) + (build-system gnu-build-system) + (inputs `(("perl" ,perl) + ("perl-clone" ,perl-clone) + ("perl-test-deep" ,perl-test-deep) + ("perl-test-simple" ,perl-test-simple) + ("python" ,python-2))) + (arguments + '(#:make-flags '("allall") + #:phases + (alist-delete + 'configure + (alist-replace + 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((bin (string-append (assoc-ref outputs "out") "/bin/"))) + (mkdir-p bin) + (for-each (lambda (file) + (copy-file file (string-append bin file))) + (find-files "." "bowtie2.*")))) + (alist-replace + 'check + (lambda* (#:key outputs #:allow-other-keys) + (system* "perl" + "scripts/test/simple_tests.pl" + "--bowtie2=./bowtie2" + "--bowtie2-build=./bowtie2-build")) + %standard-phases))))) + (home-page "http://bowtie-bio.sourceforge.net/bowtie2/index.shtml") + (synopsis "Fast and sensitive nucleotide sequence read aligner") + (description + "Bowtie 2 is a fast and memory-efficient tool for aligning sequencing +reads to long reference sequences. It is particularly good at aligning reads +of about 50 up to 100s or 1,000s of characters, and particularly good at +aligning to relatively long (e.g. mammalian) genomes. Bowtie 2 indexes the +genome with an FM Index to keep its memory footprint small: for the human +genome, its memory footprint is typically around 3.2 GB. Bowtie 2 supports +gapped, local, and paired-end alignment modes.") + (license license:gpl3+))) + (define-public samtools (package (name "samtools") @@ -43,7 +150,14 @@ "1y5p2hs4gif891b4ik20275a8xf3qrr1zh9wpysp4g8m0g1jckf2")))) (build-system gnu-build-system) (arguments - '(#:make-flags (list (string-append "prefix=" (assoc-ref %outputs "out"))) + `(;; There are 87 test failures when building on non-64-bit architectures + ;; due to invalid test data. This has since been fixed upstream (see + ;; <https://github.com/samtools/samtools/pull/307>), but as there has + ;; not been a new release we disable the tests for all non-64-bit + ;; systems. + #:tests? ,(string=? (or (%current-system) (%current-target-system)) + "x86_64-linux") + #:make-flags (list (string-append "prefix=" (assoc-ref %outputs "out"))) #:phases (alist-cons-after 'unpack diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 7c22300dd1..f2736b9eb3 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -70,6 +70,26 @@ independent of the input data and can be reduced, if necessary, at some cost in compression.") (license license:zlib))) +(define-public fastjar + (package + (name "fastjar") + (version "0.98") + (source (origin + (method url-fetch) + (uri (string-append "mirror://savannah/fastjar/fastjar-" + version ".tar.gz")) + (sha256 + (base32 + "0iginbz2m15hcsa3x4y7v3mhk54gr1r7m3ghx0pg4n46vv2snmpi")))) + (build-system gnu-build-system) + (inputs `(("zlib" ,zlib))) + (home-page "http://savannah.nongnu.org/projects/fastjar") + (synopsis "Replacement for Sun's 'jar' utility") + (description + "FastJar is an attempt to create a much faster replacement for Sun's 'jar' +utility. Instead of being written in Java, FastJar is written in C.") + (license license:gpl2+))) + (define-public gzip (package (name "gzip") diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm new file mode 100644 index 0000000000..056b3681a7 --- /dev/null +++ b/gnu/packages/game-development.scm @@ -0,0 +1,48 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2014 Tomáš Čech <sleep_walker@suse.cz> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu packages game-development) + #:use-module (guix licenses) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system cmake) + #:use-module (gnu packages)) + +(define-public bullet + (package + (name "bullet") + (version "2.82-r2704") + (source (origin + (method url-fetch) + (uri (string-append "https://bullet.googlecode.com/files/bullet-" + version ".tgz")) + (sha256 + (base32 + "1lnfksxa9b1slyfcxys313ymsllvbsnxh9np06azkbgpfvmwkr37")))) + (build-system cmake-build-system) + (arguments '(#:tests? #f ; no 'test' target + #:configure-flags (list + (string-append + "-DCMAKE_CXX_FLAGS=-fPIC " + (or (getenv "CXXFLAGS") ""))))) + (home-page "http://bulletphysics.org/") + (synopsis "3D physics engine library") + (description + "Bullet is a physics engine library usable for collision detection. It +is used in some video games and movies.") + (license zlib))) diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index f21eeadf45..405b4e744e 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> +;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -33,14 +34,14 @@ (define-public lcms (package (name "lcms") - (version "2.4") + (version "2.6") (source (origin (method url-fetch) (uri (string-append "http://downloads.sourceforge.net/project/lcms/lcms/" version "/lcms2-" version ".tar.gz")) (sha256 (base32 - "1s1ppvqaydf2yqc72mw6zfviwxccb311a6hrbi802sgjxw84sl9a")))) + "1c8lgq8gfs3nyplvbx9k8wzfj6r2bqi3f611vb1m8z3476454wji")))) (build-system gnu-build-system) (inputs `(("libjpeg-8" ,libjpeg-8) ("libtiff" ,libtiff) @@ -118,13 +119,13 @@ printing, and psresize, for adjusting page sizes.") (define-public ghostscript (package (name "ghostscript") - (version "9.06.0") + (version "9.14.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/ghostscript/gnu-ghostscript-" version ".tar.xz")) (sha256 (base32 - "0bcg2203p7cm0f53f3s883xhj2c91xnaxakj2cy7kcdknfxplvs4")))) + "0q4jj41p0qbr4mgcc9q78f5zs8cm1g57wgryhsm2yq4lfslm3ib1")))) (build-system gnu-build-system) (inputs `(("freetype" ,freetype) ("lcms" ,lcms) @@ -160,7 +161,7 @@ printing, and psresize, for adjusting page sizes.") file format. It also includes a C library that implements the graphics capabilities of the PostScript language. It supports a wide variety of output file formats and printers.") - (license license:gpl3+) + (license license:agpl3+) (home-page "http://www.gnu.org/software/ghostscript/"))) (define-public gs-fonts diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 1d3ce25421..d9a22b41bb 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -47,7 +47,8 @@ #:use-module (gnu packages gl) #:use-module (gnu packages compression) #:use-module (gnu packages xorg) - #:use-module (gnu packages xdisorg)) + #:use-module (gnu packages xdisorg) + #:use-module (gnu packages ncurses)) (define-public brasero (package @@ -1292,3 +1293,89 @@ engineering.") (description "The default GNOME 3 themes (Adwaita and some accessibility themes).") (license license:lgpl2.1+))) + +(define-public vala + (package + (name "vala") + (version "0.26.1") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnome/sources/" name "/" + (version-major+minor version) "/" + name "-" version ".tar.xz")) + (sha256 + (base32 + "0swyym2papln0f62ah05dpvq3vv6fssap26jq2zqp9dkkaqsn1w4")))) + (build-system gnu-build-system) + (arguments '(#:make-flags '("CC=gcc"))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("flex" ,flex) + ("bison" ,bison) + ("xsltproc" ,libxslt) + ("dbus" ,dbus) ; for dbus tests + ("gobject-introspection" ,gobject-introspection))) ; for gir tests + (propagated-inputs + `(("glib" ,glib))) ; required by libvala-0.26.pc + (home-page "http://live.gnome.org/Vala/") + (synopsis "Compiler for the GObject type system") + (description + "Vala is a programming language that aims to bring modern programming +language features to GNOME developers without imposing any additional runtime +requirements and without using a different ABI compared to applications and +libraries written in C.") + (license license:lgpl2.1+))) + +(define-public vte + (package + (name "vte") + (version "0.38.2") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnome/sources/" name "/" + (version-major+minor version) "/" + name "-" version ".tar.xz")) + (sha256 + (base32 + "1rbxrigff9yszbgdw0gw4c2saz4d1hbbpz21phzxx14w49wvmnmj")))) + (build-system gnu-build-system) + (native-inputs + `(("pkg-config" ,pkg-config) + ("intltool" ,intltool) + ("vala" ,vala) + ("gobject-introspection" ,gobject-introspection) + ("glib" ,glib "bin") ; for glib-genmarshal, etc. + ("xmllint" ,libxml2))) + (propagated-inputs + `(("gtk+" ,gtk+))) ; required by libvte-2.91.pc + (home-page "http://www.gnome.org/") + (synopsis "Virtual Terminal Emulator") + (description + "VTE is a library (libvte) implementing a terminal emulator widget for +GTK+, and a minimal sample application (vte) using that. Vte is mainly used in +gnome-terminal, but can also be used to embed a console/terminal in games, +editors, IDEs, etc.") + (license license:lgpl2.1+))) + +;; stable version for gtk2, required by xfce4-terminal. +(define-public vte/gtk+-2 + (package (inherit vte) + (name "vte") + (version "0.28.2") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnome/sources/" name "/" + (version-major+minor version) "/" + name "-" version ".tar.xz")) + (sha256 + (base32 + "1bmhahkf8wdsra9whd3k5l5z4rv7r58ksr8mshzajgq2ma0hpkw6")))) + (arguments + '(#:configure-flags '("--disable-python"))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("intltool" ,intltool) + ("glib" ,glib "bin"))) ; for glib-genmarshal, etc. + (propagated-inputs + `(("gtk+" ,gtk+-2) ; required by libvte.pc + ("ncurses" ,ncurses))))) ; required by libvte.la diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 2781447685..3ebc20dffa 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> -;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; ;;; This file is part of GNU Guix. @@ -53,7 +53,17 @@ version "/" name "-" version ".tar.xz")) (sha256 (base32 - "02r9klfc0z26w270inq652249hq0wfzvwhzvwmk0n8v8nzkk5idh")))) + "02r9klfc0z26w270inq652249hq0wfzvwhzvwmk0n8v8nzkk5idh")) + (patches (map search-patch + '("icecat-CVE-2014-1587-bug-1042567.patch" + "icecat-CVE-2014-1587-bug-1072847.patch" + "icecat-CVE-2014-1587-bug-1079729.patch" + "icecat-CVE-2014-1587-bug-1080312.patch" + "icecat-CVE-2014-1587-bug-1089207.patch" + "icecat-CVE-2014-1590.patch" + "icecat-CVE-2014-1592.patch" + "icecat-CVE-2014-1593.patch" + "icecat-CVE-2014-1594.patch"))))) (build-system gnu-build-system) (inputs `(("alsa-lib" ,alsa-lib) @@ -90,6 +100,7 @@ "--disable-debug" "--disable-debug-symbols" + "--enable-pulseaudio" "--disable-webrtc" ; webrtc fails to build "--with-system-zlib" diff --git a/gnu/packages/groff.scm b/gnu/packages/groff.scm index ad7cff32e1..e7a0026d9e 100644 --- a/gnu/packages/groff.scm +++ b/gnu/packages/groff.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> +;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -31,20 +32,21 @@ (define-public groff (package (name "groff") - (version "1.22.2") + (version "1.22.3") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/groff/groff-" version ".tar.gz")) (sha256 (base32 - "0xi07nhj5vdgax37rj25mwxzdmsz1ifx50hjgc6hqbkpqkd6821q")))) + "1998v2kcs288d3y7kfxpvl369nqi06zbbvjzafyvyl3pr7bajj1s")))) (build-system gnu-build-system) (inputs `(("ghostscript" ,ghostscript) ("netpbm" ,netpbm))) (native-inputs `(("bison" ,bison) - ("perl" ,perl) - ("psutils" ,psutils) - ("texinfo" ,texinfo))) + ("perl" ,perl) + ("psutils" ,psutils) + ("texinfo" ,texinfo))) + (arguments '(#:parallel-build? #f)) ; parallel build fails (synopsis "Typesetting from plain text mixed with formatting commands") (description "Groff is a typesetting package that reads plain text and produces diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 3f83711f32..a2708a290f 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -192,7 +192,7 @@ for SYSTEM, or #f if there is no configuration for SYSTEM." #f))) (define-public linux-libre - (let* ((version "3.18") + (let* ((version "3.18.1") (build-phase '(lambda* (#:key system inputs #:allow-other-keys #:rest args) ;; Apply the neat patch. @@ -265,7 +265,7 @@ for SYSTEM, or #f if there is no configuration for SYSTEM." (uri (linux-libre-urls version)) (sha256 (base32 - "1kv03bhls9rya4sg3qixyjirc79pn2g5bcwldcj7hs4apa77sd0g")))) + "0yj6sz9cvsbhrc9jksr4wgg63crzmqh65903l7bq9k0gz1f3x1s8")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl) ("bc" ,bc) diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm index 8e6ed4fd3c..b2c520605a 100644 --- a/gnu/packages/ntp.scm +++ b/gnu/packages/ntp.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright 2014 John Darrington <jmd@gnu.org> +;;; Copyright © 2014 John Darrington <jmd@gnu.org> +;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -20,8 +21,11 @@ #:use-module (gnu packages) #:use-module (gnu packages which) #:use-module (gnu packages linux) - #:use-module (guix licenses) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages openssl) + #:use-module ((guix licenses) #:prefix l:) #:use-module (guix packages) + #:use-module (guix utils) #:use-module (guix download) #:use-module (guix build-system gnu) #:use-module (srfi srfi-1)) @@ -29,29 +33,31 @@ (define-public ntp (package (name "ntp") - (version "4.2.6p5") + (version "4.2.8") (source (origin (method url-fetch) (uri (string-append - "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-" - (string-join (take (string-split version #\.) 2) ".") + "http://archive.ntp.org/ntp4/ntp-" + (version-major+minor version) "/ntp-" version ".tar.gz")) (sha256 (base32 - "077r69a41hasl8zf5c44km7cqgfhrkaj6a4jnr75j7nkz5qq7ayn")))) - (native-inputs `(("which" ,which))) + "1vnqa1542d01xmlkw8f3rq57y360b2j7yxkkg9b11955nvw0v4if")))) + (native-inputs `(("which" ,which) + ("pkg-config" ,pkg-config))) (inputs - ;; Build with POSIX capabilities support on GNU/Linux. This allows 'ntpd' - ;; to run as non-root (when invoked with '-u'.) - (if (string-suffix? "-linux" - (or (%current-target-system) (%current-system))) - `(("libcap" ,libcap)) - '())) + `(("openssl" ,openssl) + ;; Build with POSIX capabilities support on GNU/Linux. This allows 'ntpd' + ;; to run as non-root (when invoked with '-u'.) + ,@(if (string-suffix? "-linux" + (or (%current-target-system) (%current-system))) + `(("libcap" ,libcap)) + '()))) (build-system gnu-build-system) (synopsis "Real time clock synchonization system") (description "NTP is a system designed to synchronize the clocks of computers over a network.") - (license (x11-style + (license (l:x11-style "http://www.eecis.udel.edu/~mills/ntp/html/copyright.html" "A non-copyleft free licence from the University of Delaware")) (home-page "http://www.ntp.org"))) diff --git a/gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch new file mode 100644 index 0000000000..4e45e3062f --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1042567.patch @@ -0,0 +1,30 @@ +commit 60529fc02cf10482d8fecd699eea271ddc22bcb9 +Author: Jason Orendorff <jorendorff@mozilla.com> +Date: Thu Aug 28 15:43:57 2014 -0500 + + Bug 1042567 - Reflect JSPropertyOp properties more consistently as data properties. r=efaust, a=lmandel + + Modified js/src/jsobj.cpp +diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp +index 2745509..ad336f3 100644 +--- a/js/src/jsobj.cpp ++++ b/js/src/jsobj.cpp +@@ -235,11 +235,18 @@ js::GetOwnPropertyDescriptor(JSContext *cx, HandleObject obj, HandleId id, + if (pobj->isNative()) { + desc.setAttributes(GetShapeAttributes(pobj, shape)); + if (desc.hasGetterOrSetterObject()) { ++ MOZ_ASSERT(desc.isShared()); + doGet = false; + if (desc.hasGetterObject()) + desc.setGetterObject(shape->getterObject()); + if (desc.hasSetterObject()) + desc.setSetterObject(shape->setterObject()); ++ } else { ++ // This is either a straight-up data property or (rarely) a ++ // property with a JSPropertyOp getter/setter. The latter must be ++ // reported to the caller as a plain data property, so don't ++ // populate desc.getter/setter, and mask away the SHARED bit. ++ desc.attributesRef() &= ~JSPROP_SHARED; + } + } else { + if (!JSObject::getGenericAttributes(cx, pobj, id, &desc.attributesRef())) diff --git a/gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch new file mode 100644 index 0000000000..448b096b81 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1072847.patch @@ -0,0 +1,19 @@ +commit 5d91f3b10f999e852e0392470198bd6aefc87e1e +Author: Jeff Muizelaar <jmuizelaar@mozilla.com> +Date: Tue Oct 28 10:08:25 2014 -0400 + + Bug 1072847 - Initialize mSurface. r=BenWa, a=bkerensa + + Modified gfx/2d/DrawTargetCairo.cpp +diff --git a/gfx/2d/DrawTargetCairo.cpp b/gfx/2d/DrawTargetCairo.cpp +index 48c2c73..78d9e4f 100644 +--- a/gfx/2d/DrawTargetCairo.cpp ++++ b/gfx/2d/DrawTargetCairo.cpp +@@ -353,6 +353,7 @@ NeedIntermediateSurface(const Pattern& aPattern, const DrawOptions& aOptions) + + DrawTargetCairo::DrawTargetCairo() + : mContext(nullptr) ++ , mSurface(nullptr) + , mLockedBits(nullptr) + { + } diff --git a/gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch new file mode 100644 index 0000000000..3ef60baaad --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1079729.patch @@ -0,0 +1,191 @@ +commit 5de6730cc26744b9efcf4d4adb4a4c45023ef8a0 +Author: Randell Jesup <rjesup@jesup.org> +Date: Tue Oct 28 11:06:00 2014 -0400 + + Bug 1079729: Fix handling of increasing number of SCTP channels used by DataChannels r=tuexen a=lsblakk + + Modified media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h +diff --git a/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h b/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h +index ba8e1ff..8d964f1 100755 +--- a/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h ++++ b/media/webrtc/signaling/src/sipcc/core/gsm/h/fsm.h +@@ -225,7 +225,7 @@ typedef struct fsmdef_media_t_ { + /* + * Data Channel properties + */ +-#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 16 ++#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 256 + uint32 datachannel_streams; + char datachannel_protocol[SDP_MAX_STRING_LEN + 1]; + + Modified netwerk/sctp/datachannel/DataChannel.cpp +diff --git a/netwerk/sctp/datachannel/DataChannel.cpp b/netwerk/sctp/datachannel/DataChannel.cpp +index 414e3db..a00d938 100644 +--- a/netwerk/sctp/datachannel/DataChannel.cpp ++++ b/netwerk/sctp/datachannel/DataChannel.cpp +@@ -910,10 +910,12 @@ DataChannelConnection::RequestMoreStreams(int32_t aNeeded) + uint32_t outStreamsNeeded; + socklen_t len; + +- if (aNeeded + mStreams.Length() > MAX_NUM_STREAMS) ++ if (aNeeded + mStreams.Length() > MAX_NUM_STREAMS) { + aNeeded = MAX_NUM_STREAMS - mStreams.Length(); +- if (aNeeded <= 0) ++ } ++ if (aNeeded <= 0) { + return false; ++ } + + len = (socklen_t)sizeof(struct sctp_status); + if (usrsctp_getsockopt(mMasterSocket, IPPROTO_SCTP, SCTP_STATUS, &status, &len) < 0) { +@@ -922,19 +924,25 @@ DataChannelConnection::RequestMoreStreams(int32_t aNeeded) + } + outStreamsNeeded = aNeeded; // number to add + +- memset(&sas, 0, sizeof(struct sctp_add_streams)); ++ // Note: if multiple channel opens happen when we don't have enough space, ++ // we'll call RequestMoreStreams() multiple times ++ memset(&sas, 0, sizeof(sas)); + sas.sas_instrms = 0; + sas.sas_outstrms = (uint16_t)outStreamsNeeded; /* XXX error handling */ + // Doesn't block, we get an event when it succeeds or fails + if (usrsctp_setsockopt(mMasterSocket, IPPROTO_SCTP, SCTP_ADD_STREAMS, &sas, + (socklen_t) sizeof(struct sctp_add_streams)) < 0) { +- if (errno == EALREADY) ++ if (errno == EALREADY) { ++ LOG(("Already have %u output streams", outStreamsNeeded)); + return true; ++ } + + LOG(("***failed: setsockopt ADD errno=%d", errno)); + return false; + } + LOG(("Requested %u more streams", outStreamsNeeded)); ++ // We add to mStreams when we get a SCTP_STREAM_CHANGE_EVENT and the ++ // values are larger than mStreams.Length() + return true; + } + +@@ -1050,6 +1058,13 @@ DataChannelConnection::SendDeferredMessages() + channel->mFlags & DATA_CHANNEL_FLAGS_OUT_OF_ORDER_ALLOWED, + channel->mPrPolicy, channel->mPrValue)) { + channel->mFlags &= ~DATA_CHANNEL_FLAGS_SEND_REQ; ++ ++ channel->mState = OPEN; ++ channel->mReady = true; ++ LOG(("%s: sending ON_CHANNEL_OPEN for %p", __FUNCTION__, channel.get())); ++ NS_DispatchToMainThread(new DataChannelOnMessageAvailable( ++ DataChannelOnMessageAvailable::ON_CHANNEL_OPEN, this, ++ channel)); + sent = true; + } else { + if (errno == EAGAIN || errno == EWOULDBLOCK) { +@@ -1177,6 +1192,7 @@ DataChannelConnection::HandleOpenRequestMessage(const struct rtcweb_datachannel_ + prPolicy = SCTP_PR_SCTP_TTL; + break; + default: ++ LOG(("Unknown channel type", req->channel_type)); + /* XXX error handling */ + return; + } +@@ -1203,6 +1219,10 @@ DataChannelConnection::HandleOpenRequestMessage(const struct rtcweb_datachannel_ + } + return; + } ++ if (stream >= mStreams.Length()) { ++ LOG(("%s: stream %u out of bounds (%u)", __FUNCTION__, stream, mStreams.Length())); ++ return; ++ } + + nsCString label(nsDependentCSubstring(&req->label[0], ntohs(req->label_length))); + nsCString protocol(nsDependentCSubstring(&req->label[ntohs(req->label_length)], +@@ -1220,8 +1240,8 @@ DataChannelConnection::HandleOpenRequestMessage(const struct rtcweb_datachannel_ + + channel->mState = DataChannel::WAITING_TO_OPEN; + +- LOG(("%s: sending ON_CHANNEL_CREATED for %s/%s: %u", __FUNCTION__, +- channel->mLabel.get(), channel->mProtocol.get(), stream)); ++ LOG(("%s: sending ON_CHANNEL_CREATED for %s/%s: %u (state %u)", __FUNCTION__, ++ channel->mLabel.get(), channel->mProtocol.get(), stream, channel->mState)); + NS_DispatchToMainThread(new DataChannelOnMessageAvailable( + DataChannelOnMessageAvailable::ON_CHANNEL_CREATED, + this, channel)); +@@ -1739,13 +1759,14 @@ DataChannelConnection::HandleStreamResetEvent(const struct sctp_stream_reset_eve + // 2. We sent our own reset (CLOSING); either they crossed on the + // wire, or this is a response to our Reset. + // Go to CLOSED +- // 3. We've sent a open but haven't gotten a response yet (OPENING) ++ // 3. We've sent a open but haven't gotten a response yet (CONNECTING) + // I believe this is impossible, as we don't have an input stream yet. + + LOG(("Incoming: Channel %u closed, state %d", + channel->mStream, channel->mState)); + ASSERT_WEBRTC(channel->mState == DataChannel::OPEN || + channel->mState == DataChannel::CLOSING || ++ channel->mState == DataChannel::CONNECTING || + channel->mState == DataChannel::WAITING_TO_OPEN); + if (channel->mState == DataChannel::OPEN || + channel->mState == DataChannel::WAITING_TO_OPEN) { +@@ -1791,20 +1812,21 @@ DataChannelConnection::HandleStreamChangeEvent(const struct sctp_stream_change_e + return; + } else { + if (strchg->strchange_instrms > mStreams.Length()) { +- LOG(("Other side increased streamds from %u to %u", ++ LOG(("Other side increased streams from %u to %u", + mStreams.Length(), strchg->strchange_instrms)); + } +- if (strchg->strchange_outstrms > mStreams.Length()) { ++ if (strchg->strchange_outstrms > mStreams.Length() || ++ strchg->strchange_instrms > mStreams.Length()) { + uint16_t old_len = mStreams.Length(); ++ uint16_t new_len = std::max(strchg->strchange_outstrms, ++ strchg->strchange_instrms); + LOG(("Increasing number of streams from %u to %u - adding %u (in: %u)", +- old_len, +- strchg->strchange_outstrms, +- strchg->strchange_outstrms - old_len, ++ old_len, new_len, new_len - old_len, + strchg->strchange_instrms)); + // make sure both are the same length +- mStreams.AppendElements(strchg->strchange_outstrms - old_len); ++ mStreams.AppendElements(new_len - old_len); + LOG(("New length = %d (was %d)", mStreams.Length(), old_len)); +- for (uint32_t i = old_len; i < mStreams.Length(); ++i) { ++ for (size_t i = old_len; i < mStreams.Length(); ++i) { + mStreams[i] = nullptr; + } + // Re-process any channels waiting for streams. +@@ -1815,13 +1837,17 @@ DataChannelConnection::HandleStreamChangeEvent(const struct sctp_stream_change_e + // Could make a more complex API for OpenXxxFinish() and avoid this loop + int32_t num_needed = mPending.GetSize(); + LOG(("%d of %d new streams already needed", num_needed, +- strchg->strchange_outstrms - old_len)); +- num_needed -= (strchg->strchange_outstrms - old_len); // number we added ++ new_len - old_len)); ++ num_needed -= (new_len - old_len); // number we added + if (num_needed > 0) { + if (num_needed < 16) + num_needed = 16; + LOG(("Not enough new streams, asking for %d more", num_needed)); + RequestMoreStreams(num_needed); ++ } else if (strchg->strchange_outstrms < strchg->strchange_instrms) { ++ LOG(("Requesting %d output streams to match partner", ++ strchg->strchange_instrms - strchg->strchange_outstrms)); ++ RequestMoreStreams(strchg->strchange_instrms - strchg->strchange_outstrms); + } + + ProcessQueuedOpens(); + Modified netwerk/sctp/datachannel/DataChannelProtocol.h +diff --git a/netwerk/sctp/datachannel/DataChannelProtocol.h b/netwerk/sctp/datachannel/DataChannelProtocol.h +index 549f74b..74fbe58 100644 +--- a/netwerk/sctp/datachannel/DataChannelProtocol.h ++++ b/netwerk/sctp/datachannel/DataChannelProtocol.h +@@ -17,7 +17,7 @@ + #endif + + // Duplicated in fsm.def +-#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 16 ++#define WEBRTC_DATACHANNEL_STREAMS_DEFAULT 256 + + #define DATA_CHANNEL_PPID_CONTROL 50 + #define DATA_CHANNEL_PPID_BINARY 52 diff --git a/gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch new file mode 100644 index 0000000000..5efac49e12 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1080312.patch @@ -0,0 +1,308 @@ +commit d74bdb4589ad714e2a45e282974db075de2be673 +Author: Randell Jesup <rjesup@jesup.org> +Date: Wed Nov 12 22:59:53 2014 -0500 + + Bug 1080312 - Update iteration code from upstream. r=jesup, a=abillings + + Modified netwerk/sctp/src/moz.build +diff --git a/netwerk/sctp/src/moz.build b/netwerk/sctp/src/moz.build +index 1901a41..82103b9 100644 +--- a/netwerk/sctp/src/moz.build ++++ b/netwerk/sctp/src/moz.build +@@ -31,7 +31,6 @@ SOURCES += [ + 'user_environment.c', + 'user_mbuf.c', + 'user_recv_thread.c', +- 'user_sctp_timer_iterate.c', + 'user_socket.c', + ] + + Modified netwerk/sctp/src/netinet/sctp_callout.c +diff --git a/netwerk/sctp/src/netinet/sctp_callout.c b/netwerk/sctp/src/netinet/sctp_callout.c +index 67b7566..e8ac77f 100755 +--- a/netwerk/sctp/src/netinet/sctp_callout.c ++++ b/netwerk/sctp/src/netinet/sctp_callout.c +@@ -30,9 +30,27 @@ + * THE POSSIBILITY OF SUCH DAMAGE. + */ + ++#if defined(__Userspace__) ++#include <sys/types.h> ++#if !defined (__Userspace_os_Windows) ++#include <sys/wait.h> ++#include <unistd.h> ++#include <pthread.h> ++#endif ++#if defined(__Userspace_os_NaCl) ++#include <sys/select.h> ++#endif ++#include <stdlib.h> ++#include <string.h> ++#include <stdio.h> ++#include <errno.h> ++#include <netinet/sctp_sysctl.h> ++#include <netinet/sctp_pcb.h> ++#else + #include <netinet/sctp_os.h> + #include <netinet/sctp_callout.h> + #include <netinet/sctp_pcb.h> ++#endif + + /* + * Callout/Timer routines for OS that doesn't have them +@@ -117,24 +135,16 @@ sctp_os_timer_stop(sctp_os_timer_t *c) + return (1); + } + +-#if defined(__APPLE__) +-/* +- * For __APPLE__, use a single main timer at a faster resolution than +- * fastim. The timer just calls this existing callout infrastructure. +- */ +-#endif +-void +-sctp_timeout(void *arg SCTP_UNUSED) ++static void ++sctp_handle_tick(int delta) + { + sctp_os_timer_t *c; + void (*c_func)(void *); + void *c_arg; + + SCTP_TIMERQ_LOCK(); +-#if defined(__APPLE__) + /* update our tick count */ +- ticks += SCTP_BASE_VAR(sctp_main_timer_ticks); +-#endif ++ ticks += delta; + c = TAILQ_FIRST(&SCTP_BASE_INFO(callqueue)); + while (c) { + if (c->c_time <= ticks) { +@@ -155,9 +165,60 @@ sctp_timeout(void *arg SCTP_UNUSED) + } + sctp_os_timer_next = NULL; + SCTP_TIMERQ_UNLOCK(); ++} + + #if defined(__APPLE__) +- /* restart the main timer */ ++void ++sctp_timeout(void *arg SCTP_UNUSED) ++{ ++ sctp_handle_tick(SCTP_BASE_VAR(sctp_main_timer_ticks)); + sctp_start_main_timer(); ++} + #endif ++ ++#if defined(__Userspace__) ++#define TIMEOUT_INTERVAL 10 ++ ++void * ++user_sctp_timer_iterate(void *arg) ++{ ++ for (;;) { ++#if defined (__Userspace_os_Windows) ++ Sleep(TIMEOUT_INTERVAL); ++#else ++ struct timeval timeout; ++ ++ timeout.tv_sec = 0; ++ timeout.tv_usec = 1000 * TIMEOUT_INTERVAL; ++ select(0, NULL, NULL, NULL, &timeout); ++#endif ++ if (SCTP_BASE_VAR(timer_thread_should_exit)) { ++ break; ++ } ++ sctp_handle_tick(MSEC_TO_TICKS(TIMEOUT_INTERVAL)); ++ } ++ return (NULL); + } ++ ++void ++sctp_start_timer(void) ++{ ++ /* ++ * No need to do SCTP_TIMERQ_LOCK_INIT(); ++ * here, it is being done in sctp_pcb_init() ++ */ ++#if defined (__Userspace_os_Windows) ++ if ((SCTP_BASE_VAR(timer_thread) = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)user_sctp_timer_iterate, NULL, 0, NULL)) == NULL) { ++ SCTP_PRINTF("ERROR; Creating ithread failed\n"); ++ } ++#else ++ int rc; ++ ++ rc = pthread_create(&SCTP_BASE_VAR(timer_thread), NULL, user_sctp_timer_iterate, NULL); ++ if (rc) { ++ SCTP_PRINTF("ERROR; return code from pthread_create() is %d\n", rc); ++ } ++#endif ++} ++ ++#endif + Modified netwerk/sctp/src/netinet/sctp_callout.h +diff --git a/netwerk/sctp/src/netinet/sctp_callout.h b/netwerk/sctp/src/netinet/sctp_callout.h +index 2782945..c53c5a4 100755 +--- a/netwerk/sctp/src/netinet/sctp_callout.h ++++ b/netwerk/sctp/src/netinet/sctp_callout.h +@@ -64,7 +64,6 @@ __FBSDID("$FreeBSD$"); + #endif + + extern int ticks; +-extern void sctp_start_timer(); + #endif + + TAILQ_HEAD(calloutlist, sctp_callout); +@@ -94,6 +93,11 @@ int sctp_os_timer_stop(sctp_os_timer_t *); + #define SCTP_OS_TIMER_ACTIVE(tmr) ((tmr)->c_flags & SCTP_CALLOUT_ACTIVE) + #define SCTP_OS_TIMER_DEACTIVATE(tmr) ((tmr)->c_flags &= ~SCTP_CALLOUT_ACTIVE) + ++#if defined(__Userspace__) ++void sctp_start_timer(void); ++#endif ++#if defined(__APPLE__) + void sctp_timeout(void *); ++#endif + + #endif + Modified netwerk/sctp/src/netinet/sctp_usrreq.c +diff --git a/netwerk/sctp/src/netinet/sctp_usrreq.c b/netwerk/sctp/src/netinet/sctp_usrreq.c +index d4115ad..c17ea04 100755 +--- a/netwerk/sctp/src/netinet/sctp_usrreq.c ++++ b/netwerk/sctp/src/netinet/sctp_usrreq.c +@@ -56,6 +56,9 @@ __FBSDID("$FreeBSD: head/sys/netinet/sctp_usrreq.c 259943 2013-12-27 13:07:00Z t + #include <netinet/sctp_timer.h> + #include <netinet/sctp_auth.h> + #include <netinet/sctp_bsd_addr.h> ++#if defined(__Userspace__) ++#include <netinet/sctp_callout.h> ++#endif + #if !defined(__Userspace_os_Windows) + #include <netinet/udp.h> + #endif + Deleted netwerk/sctp/src/user_sctp_timer_iterate.c +diff --git a/netwerk/sctp/src/user_sctp_timer_iterate.c b/netwerk/sctp/src/user_sctp_timer_iterate.c +deleted file mode 100755 +index 0a9dbce..0000000 +--- a/netwerk/sctp/src/user_sctp_timer_iterate.c ++++ /dev/null +@@ -1,119 +0,0 @@ +-/*- +- * Copyright (c) 2012 Michael Tuexen +- * All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * +- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- */ +- +-#include <sys/types.h> +-#if !defined (__Userspace_os_Windows) +-#include <sys/wait.h> +-#include <unistd.h> +-#include <pthread.h> +-#endif +-#include <stdlib.h> +-#include <string.h> +-#include <stdio.h> +-#include <errno.h> +-#include <netinet/sctp_pcb.h> +-#include <netinet/sctp_sysctl.h> +-#include "netinet/sctp_callout.h" +- +-/* This is the polling time of callqueue in milliseconds +- * 10ms seems to work well. 1ms was giving erratic behavior +- */ +-#define TIMEOUT_INTERVAL 10 +- +-extern int ticks; +- +-void * +-user_sctp_timer_iterate(void *arg) +-{ +- sctp_os_timer_t *c; +- void (*c_func)(void *); +- void *c_arg; +- sctp_os_timer_t *sctp_os_timer_next; +- /* +- * The MSEC_TO_TICKS conversion depends on hz. The to_ticks in +- * sctp_os_timer_start also depends on hz. E.g. if hz=1000 then +- * for multiple INIT the to_ticks is 2000, 4000, 8000, 16000, 32000, 60000 +- * and further to_ticks level off at 60000 i.e. 60 seconds. +- * If hz=100 then for multiple INIT the to_ticks are 200, 400, 800 and so-on. +- */ +- for (;;) { +-#if defined (__Userspace_os_Windows) +- Sleep(TIMEOUT_INTERVAL); +-#else +- struct timeval timeout; +- +- timeout.tv_sec = 0; +- timeout.tv_usec = 1000 * TIMEOUT_INTERVAL; +- select(0, NULL, NULL, NULL, &timeout); +-#endif +- if (SCTP_BASE_VAR(timer_thread_should_exit)) { +- break; +- } +- SCTP_TIMERQ_LOCK(); +- /* update our tick count */ +- ticks += MSEC_TO_TICKS(TIMEOUT_INTERVAL); +- c = TAILQ_FIRST(&SCTP_BASE_INFO(callqueue)); +- while (c) { +- if (c->c_time <= ticks) { +- sctp_os_timer_next = TAILQ_NEXT(c, tqe); +- TAILQ_REMOVE(&SCTP_BASE_INFO(callqueue), c, tqe); +- c_func = c->c_func; +- c_arg = c->c_arg; +- c->c_flags &= ~SCTP_CALLOUT_PENDING; +- SCTP_TIMERQ_UNLOCK(); +- c_func(c_arg); +- SCTP_TIMERQ_LOCK(); +- c = sctp_os_timer_next; +- } else { +- c = TAILQ_NEXT(c, tqe); +- } +- } +- SCTP_TIMERQ_UNLOCK(); +- } +- return (NULL); +-} +- +-void +-sctp_start_timer(void) +-{ +- /* +- * No need to do SCTP_TIMERQ_LOCK_INIT(); +- * here, it is being done in sctp_pcb_init() +- */ +-#if defined (__Userspace_os_Windows) +- if ((SCTP_BASE_VAR(timer_thread) = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)user_sctp_timer_iterate, NULL, 0, NULL)) == NULL) { +- SCTP_PRINTF("ERROR; Creating ithread failed\n"); +- } +-#else +- int rc; +- +- rc = pthread_create(&SCTP_BASE_VAR(timer_thread), NULL, user_sctp_timer_iterate, NULL); +- if (rc) { +- SCTP_PRINTF("ERROR; return code from pthread_create() is %d\n", rc); +- } +-#endif +-} diff --git a/gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch new file mode 100644 index 0000000000..cd5602c86b --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2014-1587-bug-1089207.patch @@ -0,0 +1,119 @@ +commit 9df10fea93b483af6646ef2f7aab35598fbaab2f +Author: Nils Ohlmeier [:drno] <drno@ohlmeier.org> +Date: Thu Nov 6 12:21:57 2014 -0500 + + Bug 1089207: fix parsing of invalid fmtp att r=drno,jesup a=lmandel + + Modified media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c +diff --git a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c +index fa5ca2e..33d26c0 100644 +--- a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c ++++ b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_attr.c +@@ -458,7 +458,6 @@ sdp_result_e sdp_parse_attr_fmtp (sdp_t *sdp_p, sdp_attr_t *attr_p, + char tmp[SDP_MAX_STRING_LEN]; + char *src_ptr; + char *temp_ptr = NULL; +- tinybool flag=FALSE; + char *tok=NULL; + char *temp=NULL; + u16 custom_x=0; +@@ -495,29 +494,11 @@ sdp_result_e sdp_parse_attr_fmtp (sdp_t *sdp_p, sdp_attr_t *attr_p, + fmtp_p->packetization_mode = 0; + fmtp_p->level_asymmetry_allowed = SDP_DEFAULT_LEVEL_ASYMMETRY_ALLOWED_VALUE; + +- /* BEGIN - a typical macro fn to replace '/' with ';' from fmtp line*/ +- /* This ugly replacement of '/' with ';' is only done because +- * econf/MS client sends in this wierd /illegal format. +- * fmtp parameters MUST be separated by ';' +- */ + temp_ptr = cpr_strdup(ptr); + if (temp_ptr == NULL) { + return (SDP_FAILURE); + } + fmtp_ptr = src_ptr = temp_ptr; +- while (flag == FALSE) { +- if (*src_ptr == '\n') { +- flag = TRUE; +- break; +- } +- if (*src_ptr == '/') { +- *src_ptr =';' ; +- } +- src_ptr++; +- } +- /* END */ +- /* Once we move to RFC compliant video codec implementations, the above +- * patch should be removed */ + + src_ptr = temp_ptr; + while (!done) { + Modified media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c +diff --git a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c +index 0be02aa..9760d4e 100644 +--- a/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c ++++ b/media/webrtc/signaling/src/sipcc/core/sdp/sdp_main.c +@@ -1002,7 +1002,12 @@ sdp_result_e sdp_parse (sdp_t *sdp_p, char **bufp, u16 len) + */ + ptr = next_ptr; + line_end = sdp_findchar(ptr, "\n"); +- if (line_end >= (*bufp + len)) { ++ if ((line_end >= (*bufp + len)) || ++ (*line_end == '\0')) { ++ /* As this does not update the result value the SDP up to this point ++ * is still accept as valid. So encountering this is not treated as ++ * an error. ++ */ + sdp_parse_error(sdp_p->peerconnection, + "%s End of line beyond end of buffer.", + sdp_p->debug_str); + Modified media/webrtc/signaling/test/sdp_unittests.cpp +diff --git a/media/webrtc/signaling/test/sdp_unittests.cpp b/media/webrtc/signaling/test/sdp_unittests.cpp +index 51df09b..9f98eed 100644 +--- a/media/webrtc/signaling/test/sdp_unittests.cpp ++++ b/media/webrtc/signaling/test/sdp_unittests.cpp +@@ -755,13 +755,13 @@ TEST_F(SdpTest, parseFmtpMaxFs) { + u32 val = 0; + ParseSdp(kVideoSdp + "a=fmtp:120 max-fs=300;max-fr=30\r\n"); + ASSERT_EQ(sdp_attr_get_fmtp_max_fs(sdp_ptr_, 1, 0, 1, &val), SDP_SUCCESS); +- ASSERT_EQ(val, 300); ++ ASSERT_EQ(val, 300U); + } + TEST_F(SdpTest, parseFmtpMaxFr) { + u32 val = 0; + ParseSdp(kVideoSdp + "a=fmtp:120 max-fs=300;max-fr=30\r\n"); + ASSERT_EQ(sdp_attr_get_fmtp_max_fr(sdp_ptr_, 1, 0, 1, &val), SDP_SUCCESS); +- ASSERT_EQ(val, 30); ++ ASSERT_EQ(val, 30U); + } + + TEST_F(SdpTest, addFmtpMaxFs) { +@@ -789,6 +789,29 @@ TEST_F(SdpTest, addFmtpMaxFsFr) { + std::string::npos); + } + ++static const std::string kBrokenFmtp = ++ "v=0\r\n" ++ "o=- 137331303 2 IN IP4 127.0.0.1\r\n" ++ "s=SIP Call\r\n" ++ "t=0 0\r\n" ++ "m=video 56436 RTP/SAVPF 120\r\n" ++ "c=IN IP4 198.51.100.7\r\n" ++ "a=rtpmap:120 VP8/90000\r\n" ++ /* Note: the \0 in this string triggered bz://1089207 ++ */ ++ "a=fmtp:120 max-fs=300;max\0fr=30"; ++ ++TEST_F(SdpTest, parseBrokenFmtp) { ++ u32 val = 0; ++ char *buf = const_cast<char *>(kBrokenFmtp.data()); ++ ResetSdp(); ++ /* We need to manually invoke the parser here to be able to specify the length ++ * of the string beyond the \0 in last line of the string. ++ */ ++ ASSERT_EQ(sdp_parse(sdp_ptr_, &buf, 165), SDP_SUCCESS); ++ ASSERT_EQ(sdp_attr_get_fmtp_max_fs(sdp_ptr_, 1, 0, 1, &val), SDP_INVALID_PARAMETER); ++} ++ + } // End namespace test. + + int main(int argc, char **argv) { diff --git a/gnu/packages/patches/icecat-CVE-2014-1590.patch b/gnu/packages/patches/icecat-CVE-2014-1590.patch new file mode 100644 index 0000000000..f8513980ad --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2014-1590.patch @@ -0,0 +1,33 @@ +commit 50c5ca4bacf7cda77c3a7ab1b8d82ded18fb3355 +Author: Olli Pettay <Olli.Pettay@helsinki.fi> +Date: Sun Nov 2 22:01:55 2014 +0200 + + Bug 1087633 - Filter out XPConnect wrapped input streams. r=bz, a=lmandel + + Modified content/base/src/nsXMLHttpRequest.h +diff --git a/content/base/src/nsXMLHttpRequest.h b/content/base/src/nsXMLHttpRequest.h +index b1fc4e3..4ab4f29 100644 +--- a/content/base/src/nsXMLHttpRequest.h ++++ b/content/base/src/nsXMLHttpRequest.h +@@ -28,7 +28,8 @@ + #include "nsIPrincipal.h" + #include "nsIScriptObjectPrincipal.h" + #include "nsISizeOfEventTarget.h" +- ++#include "nsIXPConnect.h" ++#include "nsIInputStream.h" + #include "mozilla/Assertions.h" + #include "mozilla/DOMEventTargetHelper.h" + #include "mozilla/MemoryReporting.h" +@@ -446,6 +447,11 @@ public: + void Send(nsIInputStream* aStream, ErrorResult& aRv) + { + NS_ASSERTION(aStream, "Null should go to string version"); ++ nsCOMPtr<nsIXPConnectWrappedJS> wjs = do_QueryInterface(aStream); ++ if (wjs) { ++ aRv.Throw(NS_ERROR_DOM_TYPE_ERR); ++ return; ++ } + aRv = Send(RequestBody(aStream)); + } + void SendAsBinary(const nsAString& aBody, ErrorResult& aRv); diff --git a/gnu/packages/patches/icecat-CVE-2014-1592.patch b/gnu/packages/patches/icecat-CVE-2014-1592.patch new file mode 100644 index 0000000000..6de1b6fe4a --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2014-1592.patch @@ -0,0 +1,400 @@ +commit 7efadbb03cdffa11ebfc2da3113377d2f33b893b +Author: Henri Sivonen <hsivonen@hsivonen.fi> +Date: Mon Nov 3 15:23:26 2014 +0200 + + Bug 1088635. r=smaug, a=bkerensa + + Modified content/base/src/nsDocument.cpp +diff --git a/content/base/src/nsDocument.cpp b/content/base/src/nsDocument.cpp +index cbed38d..3493bce 100644 +--- a/content/base/src/nsDocument.cpp ++++ b/content/base/src/nsDocument.cpp +@@ -3916,7 +3916,7 @@ nsDocument::InsertChildAt(nsIContent* aKid, uint32_t aIndex, + bool aNotify) + { + if (aKid->IsElement() && GetRootElement()) { +- NS_ERROR("Inserting element child when we already have one"); ++ NS_WARNING("Inserting root element when we already have one"); + return NS_ERROR_DOM_HIERARCHY_REQUEST_ERR; + } + + Modified parser/html/nsHtml5Parser.cpp +diff --git a/parser/html/nsHtml5Parser.cpp b/parser/html/nsHtml5Parser.cpp +index a485be4..f28adb4 100644 +--- a/parser/html/nsHtml5Parser.cpp ++++ b/parser/html/nsHtml5Parser.cpp +@@ -237,7 +237,8 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer, + * WillBuildModel to be called before the document has had its + * script global object set. + */ +- mExecutor->WillBuildModel(eDTDMode_unknown); ++ rv = mExecutor->WillBuildModel(eDTDMode_unknown); ++ NS_ENSURE_SUCCESS(rv, rv); + } + + // Return early if the parser has processed EOF +@@ -255,7 +256,7 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer, + } + mDocumentClosed = true; + if (!mBlocked && !mInDocumentWrite) { +- ParseUntilBlocked(); ++ return ParseUntilBlocked(); + } + return NS_OK; + } +@@ -378,7 +379,8 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer, + + if (mTreeBuilder->HasScript()) { + mTreeBuilder->Flush(); // Move ops to the executor +- mExecutor->FlushDocumentWrite(); // run the ops ++ rv = mExecutor->FlushDocumentWrite(); // run the ops ++ NS_ENSURE_SUCCESS(rv, rv); + // Flushing tree ops can cause all sorts of things. + // Return early if the parser got terminated. + if (mExecutor->IsComplete()) { +@@ -437,7 +439,8 @@ nsHtml5Parser::Parse(const nsAString& aSourceBuffer, + "Buffer wasn't tokenized to completion?"); + // Scripting semantics require a forced tree builder flush here + mTreeBuilder->Flush(); // Move ops to the executor +- mExecutor->FlushDocumentWrite(); // run the ops ++ rv = mExecutor->FlushDocumentWrite(); // run the ops ++ NS_ENSURE_SUCCESS(rv, rv); + } else if (stackBuffer.hasMore()) { + // The buffer wasn't tokenized to completion. Tokenize the untokenized + // content in order to preload stuff. This content will be retokenized +@@ -594,11 +597,13 @@ nsHtml5Parser::IsScriptCreated() + /* End nsIParser */ + + // not from interface +-void ++nsresult + nsHtml5Parser::ParseUntilBlocked() + { +- if (mBlocked || mExecutor->IsComplete() || NS_FAILED(mExecutor->IsBroken())) { +- return; ++ nsresult rv = mExecutor->IsBroken(); ++ NS_ENSURE_SUCCESS(rv, rv); ++ if (mBlocked || mExecutor->IsComplete()) { ++ return NS_OK; + } + NS_ASSERTION(mExecutor->HasStarted(), "Bad life cycle."); + NS_ASSERTION(!mInDocumentWrite, +@@ -611,7 +616,7 @@ nsHtml5Parser::ParseUntilBlocked() + if (mFirstBuffer == mLastBuffer) { + if (mExecutor->IsComplete()) { + // something like cache manisfests stopped the parse in mid-flight +- return; ++ return NS_OK; + } + if (mDocumentClosed) { + NS_ASSERTION(!GetStreamParser(), +@@ -620,8 +625,10 @@ nsHtml5Parser::ParseUntilBlocked() + mTreeBuilder->StreamEnded(); + mTreeBuilder->Flush(); + mExecutor->FlushDocumentWrite(); ++ // The below call does memory cleanup, so call it even if the ++ // parser has been marked as broken. + mTokenizer->end(); +- return; ++ return NS_OK; + } + // never release the last buffer. + NS_ASSERTION(!mLastBuffer->getStart() && !mLastBuffer->getEnd(), +@@ -643,14 +650,14 @@ nsHtml5Parser::ParseUntilBlocked() + NS_ASSERTION(mExecutor->IsInFlushLoop(), + "How did we come here without being in the flush loop?"); + } +- return; // no more data for now but expecting more ++ return NS_OK; // no more data for now but expecting more + } + mFirstBuffer = mFirstBuffer->next; + continue; + } + + if (mBlocked || mExecutor->IsComplete()) { +- return; ++ return NS_OK; + } + + // now we have a non-empty buffer +@@ -667,10 +674,11 @@ nsHtml5Parser::ParseUntilBlocked() + } + if (mTreeBuilder->HasScript()) { + mTreeBuilder->Flush(); +- mExecutor->FlushDocumentWrite(); ++ nsresult rv = mExecutor->FlushDocumentWrite(); ++ NS_ENSURE_SUCCESS(rv, rv); + } + if (mBlocked) { +- return; ++ return NS_OK; + } + } + continue; + Modified parser/html/nsHtml5Parser.h +diff --git a/parser/html/nsHtml5Parser.h b/parser/html/nsHtml5Parser.h +index aff79c7..e2ef2f8 100644 +--- a/parser/html/nsHtml5Parser.h ++++ b/parser/html/nsHtml5Parser.h +@@ -262,7 +262,7 @@ class nsHtml5Parser : public nsIParser, + /** + * Parse until pending data is exhausted or a script blocks the parser + */ +- void ParseUntilBlocked(); ++ nsresult ParseUntilBlocked(); + + private: + + Modified parser/html/nsHtml5StreamParser.cpp +diff --git a/parser/html/nsHtml5StreamParser.cpp b/parser/html/nsHtml5StreamParser.cpp +index 4790568..7e3917b 100644 +--- a/parser/html/nsHtml5StreamParser.cpp ++++ b/parser/html/nsHtml5StreamParser.cpp +@@ -796,7 +796,7 @@ nsHtml5StreamParser::WriteStreamBytes(const uint8_t* aFromSegment, + // NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE. + if (!mLastBuffer) { + NS_WARNING("mLastBuffer should not be null!"); +- MarkAsBroken(); ++ MarkAsBroken(NS_ERROR_NULL_POINTER); + return NS_ERROR_NULL_POINTER; + } + if (mLastBuffer->getEnd() == NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE) { +@@ -902,7 +902,8 @@ nsHtml5StreamParser::OnStartRequest(nsIRequest* aRequest, nsISupports* aContext) + * WillBuildModel to be called before the document has had its + * script global object set. + */ +- mExecutor->WillBuildModel(eDTDMode_unknown); ++ rv = mExecutor->WillBuildModel(eDTDMode_unknown); ++ NS_ENSURE_SUCCESS(rv, rv); + + nsRefPtr<nsHtml5OwningUTF16Buffer> newBuf = + nsHtml5OwningUTF16Buffer::FalliblyCreate( +@@ -1003,8 +1004,9 @@ nsHtml5StreamParser::DoStopRequest() + + if (!mUnicodeDecoder) { + uint32_t writeCount; +- if (NS_FAILED(FinalizeSniffing(nullptr, 0, &writeCount, 0))) { +- MarkAsBroken(); ++ nsresult rv; ++ if (NS_FAILED(rv = FinalizeSniffing(nullptr, 0, &writeCount, 0))) { ++ MarkAsBroken(rv); + return; + } + } else if (mFeedChardet) { +@@ -1076,7 +1078,7 @@ nsHtml5StreamParser::DoDataAvailable(const uint8_t* aBuffer, uint32_t aLength) + rv = SniffStreamBytes(aBuffer, aLength, &writeCount); + } + if (NS_FAILED(rv)) { +- MarkAsBroken(); ++ MarkAsBroken(rv); + return; + } + NS_ASSERTION(writeCount == aLength, "Wrong number of stream bytes written/sniffed."); +@@ -1662,13 +1664,13 @@ nsHtml5StreamParser::TimerFlush() + } + + void +-nsHtml5StreamParser::MarkAsBroken() ++nsHtml5StreamParser::MarkAsBroken(nsresult aRv) + { + NS_ASSERTION(IsParserThread(), "Wrong thread!"); + mTokenizerMutex.AssertCurrentThreadOwns(); + + Terminate(); +- mTreeBuilder->MarkAsBroken(); ++ mTreeBuilder->MarkAsBroken(aRv); + mozilla::DebugOnly<bool> hadOps = mTreeBuilder->Flush(false); + NS_ASSERTION(hadOps, "Should have had the markAsBroken op!"); + if (NS_FAILED(NS_DispatchToMainThread(mExecutorFlusher))) { + Modified parser/html/nsHtml5StreamParser.h +diff --git a/parser/html/nsHtml5StreamParser.h b/parser/html/nsHtml5StreamParser.h +index c7dcbbe..476ef16 100644 +--- a/parser/html/nsHtml5StreamParser.h ++++ b/parser/html/nsHtml5StreamParser.h +@@ -218,7 +218,7 @@ class nsHtml5StreamParser : public nsICharsetDetectionObserver { + } + #endif + +- void MarkAsBroken(); ++ void MarkAsBroken(nsresult aRv); + + /** + * Marks the stream parser as interrupted. If you ever add calls to this + Modified parser/html/nsHtml5TreeBuilderCppSupplement.h +diff --git a/parser/html/nsHtml5TreeBuilderCppSupplement.h b/parser/html/nsHtml5TreeBuilderCppSupplement.h +index 4cd5c7c..1e65394 100644 +--- a/parser/html/nsHtml5TreeBuilderCppSupplement.h ++++ b/parser/html/nsHtml5TreeBuilderCppSupplement.h +@@ -949,14 +949,14 @@ nsHtml5TreeBuilder::DropHandles() + } + + void +-nsHtml5TreeBuilder::MarkAsBroken() ++nsHtml5TreeBuilder::MarkAsBroken(nsresult aRv) + { + if (MOZ_UNLIKELY(mBuilder)) { + MOZ_ASSUME_UNREACHABLE("Must not call this with builder."); + return; + } + mOpQueue.Clear(); // Previous ops don't matter anymore +- mOpQueue.AppendElement()->Init(eTreeOpMarkAsBroken); ++ mOpQueue.AppendElement()->Init(aRv); + } + + void + Modified parser/html/nsHtml5TreeBuilderHSupplement.h +diff --git a/parser/html/nsHtml5TreeBuilderHSupplement.h b/parser/html/nsHtml5TreeBuilderHSupplement.h +index a321e80..8d380eb 100644 +--- a/parser/html/nsHtml5TreeBuilderHSupplement.h ++++ b/parser/html/nsHtml5TreeBuilderHSupplement.h +@@ -223,4 +223,4 @@ + + void errEndWithUnclosedElements(nsIAtom* aName); + +- void MarkAsBroken(); ++ void MarkAsBroken(nsresult aRv); + Modified parser/html/nsHtml5TreeOpExecutor.cpp +diff --git a/parser/html/nsHtml5TreeOpExecutor.cpp b/parser/html/nsHtml5TreeOpExecutor.cpp +index ebcafca..6c52e5f 100644 +--- a/parser/html/nsHtml5TreeOpExecutor.cpp ++++ b/parser/html/nsHtml5TreeOpExecutor.cpp +@@ -411,7 +411,11 @@ nsHtml5TreeOpExecutor::RunFlushLoop() + GetParser()->GetStreamParser(); + // Now parse content left in the document.write() buffer queue if any. + // This may generate tree ops on its own or dequeue a speculation. +- GetParser()->ParseUntilBlocked(); ++ nsresult rv = GetParser()->ParseUntilBlocked(); ++ if (NS_FAILED(rv)) { ++ MarkAsBroken(rv); ++ return; ++ } + } + + if (mOpQueue.IsEmpty()) { +@@ -496,21 +500,24 @@ nsHtml5TreeOpExecutor::RunFlushLoop() + } + } + +-void ++nsresult + nsHtml5TreeOpExecutor::FlushDocumentWrite() + { ++ nsresult rv = IsBroken(); ++ NS_ENSURE_SUCCESS(rv, rv); ++ + FlushSpeculativeLoads(); // Make sure speculative loads never start after the + // corresponding normal loads for the same URLs. + + if (MOZ_UNLIKELY(!mParser)) { + // The parse has ended. + mOpQueue.Clear(); // clear in order to be able to assert in destructor +- return; ++ return rv; + } + + if (mFlushState != eNotFlushing) { + // XXX Can this happen? In case it can, let's avoid crashing. +- return; ++ return rv; + } + + mFlushState = eInFlush; +@@ -545,7 +552,7 @@ nsHtml5TreeOpExecutor::FlushDocumentWrite() + } + NS_ASSERTION(mFlushState == eInDocUpdate, + "Tried to perform tree op outside update batch."); +- nsresult rv = iter->Perform(this, &scriptElement); ++ rv = iter->Perform(this, &scriptElement); + if (NS_FAILED(rv)) { + MarkAsBroken(rv); + break; +@@ -560,13 +567,14 @@ nsHtml5TreeOpExecutor::FlushDocumentWrite() + + if (MOZ_UNLIKELY(!mParser)) { + // Ending the doc update caused a call to nsIParser::Terminate(). +- return; ++ return rv; + } + + if (scriptElement) { + // must be tail call when mFlushState is eNotFlushing + RunScript(scriptElement); + } ++ return rv; + } + + // copied from HTML content sink + Modified parser/html/nsHtml5TreeOpExecutor.h +diff --git a/parser/html/nsHtml5TreeOpExecutor.h b/parser/html/nsHtml5TreeOpExecutor.h +index 9617dcb..1f81448 100644 +--- a/parser/html/nsHtml5TreeOpExecutor.h ++++ b/parser/html/nsHtml5TreeOpExecutor.h +@@ -173,7 +173,7 @@ class nsHtml5TreeOpExecutor : public nsHtml5DocumentBuilder, + + void RunFlushLoop(); + +- void FlushDocumentWrite(); ++ nsresult FlushDocumentWrite(); + + void MaybeSuspend(); + + Modified parser/html/nsHtml5TreeOperation.cpp +diff --git a/parser/html/nsHtml5TreeOperation.cpp b/parser/html/nsHtml5TreeOperation.cpp +index 48b71dc..7ad65247 100644 +--- a/parser/html/nsHtml5TreeOperation.cpp ++++ b/parser/html/nsHtml5TreeOperation.cpp +@@ -214,6 +214,9 @@ nsHtml5TreeOperation::AppendToDocument(nsIContent* aNode, + nsIDocument* doc = aBuilder->GetDocument(); + uint32_t childCount = doc->GetChildCount(); + rv = doc->AppendChildTo(aNode, false); ++ if (rv == NS_ERROR_DOM_HIERARCHY_REQUEST_ERR) { ++ return NS_OK; ++ } + NS_ENSURE_SUCCESS(rv, rv); + nsNodeUtils::ContentInserted(doc, aNode, childCount); + +@@ -739,8 +742,7 @@ nsHtml5TreeOperation::Perform(nsHtml5TreeOpExecutor* aBuilder, + return NS_OK; + } + case eTreeOpMarkAsBroken: { +- aBuilder->MarkAsBroken(NS_ERROR_OUT_OF_MEMORY); +- return NS_OK; ++ return mOne.result; + } + case eTreeOpRunScript: { + nsIContent* node = *(mOne.node); + Modified parser/html/nsHtml5TreeOperation.h +diff --git a/parser/html/nsHtml5TreeOperation.h b/parser/html/nsHtml5TreeOperation.h +index 2727733..06d0274 100644 +--- a/parser/html/nsHtml5TreeOperation.h ++++ b/parser/html/nsHtml5TreeOperation.h +@@ -435,6 +435,15 @@ class nsHtml5TreeOperation { + mFour.integer = aInt; + } + ++ inline void Init(nsresult aRv) ++ { ++ NS_PRECONDITION(mOpCode == eTreeOpUninitialized, ++ "Op code must be uninitialized when initializing."); ++ NS_PRECONDITION(NS_FAILED(aRv), "Initialized tree op with non-failure."); ++ mOpCode = eTreeOpMarkAsBroken; ++ mOne.result = aRv; ++ } ++ + inline void InitAddClass(nsIContentHandle* aNode, const char16_t* aClass) + { + NS_PRECONDITION(mOpCode == eTreeOpUninitialized, +@@ -487,11 +496,12 @@ class nsHtml5TreeOperation { + nsIAtom* atom; + nsHtml5HtmlAttributes* attributes; + nsHtml5DocumentMode mode; +- char16_t* unicharPtr; ++ char16_t* unicharPtr; + char* charPtr; + nsHtml5TreeOperationStringPair* stringPair; + nsAHtml5TreeBuilderState* state; + int32_t integer; ++ nsresult result; + } mOne, mTwo, mThree, mFour; + }; + diff --git a/gnu/packages/patches/icecat-CVE-2014-1593.patch b/gnu/packages/patches/icecat-CVE-2014-1593.patch new file mode 100644 index 0000000000..446920a95f --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2014-1593.patch @@ -0,0 +1,154 @@ +commit a58cea744ac5b93b99a66554e1029b2c7aa3255d +Author: Matthew Gregan <kinetik@flim.org> +Date: Tue Nov 11 08:58:52 2014 +1300 + + Bug 1085175. r=roc, a=dveditz + + Modified content/media/MediaCache.cpp +diff --git a/content/media/MediaCache.cpp b/content/media/MediaCache.cpp +index 598d905..c99f724 100644 +--- a/content/media/MediaCache.cpp ++++ b/content/media/MediaCache.cpp +@@ -1174,6 +1174,7 @@ MediaCache::Update() + // Figure out where we should be reading from. It's the first + // uncached byte after the current mStreamOffset. + int64_t dataOffset = stream->GetCachedDataEndInternal(stream->mStreamOffset); ++ MOZ_ASSERT(dataOffset >= 0); + + // Compute where we'd actually seek to to read at readOffset + int64_t desiredOffset = dataOffset; +@@ -1702,6 +1703,7 @@ MediaCacheStream::NotifyDataStarted(int64_t aOffset) + ReentrantMonitorAutoEnter mon(gMediaCache->GetReentrantMonitor()); + NS_WARN_IF_FALSE(aOffset == mChannelOffset, + "Server is giving us unexpected offset"); ++ MOZ_ASSERT(aOffset >= 0); + mChannelOffset = aOffset; + if (mStreamLength >= 0) { + // If we started reading at a certain offset, then for sure +@@ -2118,23 +2120,28 @@ MediaCacheStream::Seek(int32_t aWhence, int64_t aOffset) + return NS_ERROR_FAILURE; + + int64_t oldOffset = mStreamOffset; ++ int64_t newOffset = mStreamOffset; + switch (aWhence) { + case PR_SEEK_END: + if (mStreamLength < 0) + return NS_ERROR_FAILURE; +- mStreamOffset = mStreamLength + aOffset; ++ newOffset = mStreamLength + aOffset; + break; + case PR_SEEK_CUR: +- mStreamOffset += aOffset; ++ newOffset += aOffset; + break; + case PR_SEEK_SET: +- mStreamOffset = aOffset; ++ newOffset = aOffset; + break; + default: + NS_ERROR("Unknown whence"); + return NS_ERROR_FAILURE; + } + ++ if (newOffset < 0) ++ return NS_ERROR_FAILURE; ++ mStreamOffset = newOffset; ++ + CACHE_LOG(PR_LOG_DEBUG, ("Stream %p Seek to %lld", this, (long long)mStreamOffset)); + gMediaCache->NoteSeek(this, oldOffset); + +@@ -2176,11 +2183,10 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes) + break; + } + size = std::min(size, bytesRemaining); +- // Clamp size until 64-bit file size issues (bug 500784) are fixed. ++ // Clamp size until 64-bit file size issues are fixed. + size = std::min(size, int64_t(INT32_MAX)); + } + +- int32_t bytes; + int32_t cacheBlock = streamBlock < mBlocks.Length() ? mBlocks[streamBlock] : -1; + if (cacheBlock < 0) { + // We don't have a complete cached block here. +@@ -2208,7 +2214,10 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes) + // We can just use the data in mPartialBlockBuffer. In fact we should + // use it rather than waiting for the block to fill and land in + // the cache. +- bytes = std::min<int64_t>(size, streamWithPartialBlock->mChannelOffset - mStreamOffset); ++ int64_t bytes = std::min<int64_t>(size, streamWithPartialBlock->mChannelOffset - mStreamOffset); ++ // Clamp bytes until 64-bit file size issues are fixed. ++ bytes = std::min(bytes, int64_t(INT32_MAX)); ++ NS_ABORT_IF_FALSE(bytes >= 0 && bytes <= aCount, "Bytes out of range."); + memcpy(aBuffer, + reinterpret_cast<char*>(streamWithPartialBlock->mPartialBlockBuffer.get()) + offsetInStreamBlock, bytes); + if (mCurrentMode == MODE_METADATA) { +@@ -2232,6 +2241,7 @@ MediaCacheStream::Read(char* aBuffer, uint32_t aCount, uint32_t* aBytes) + gMediaCache->NoteBlockUsage(this, cacheBlock, mCurrentMode, TimeStamp::Now()); + + int64_t offset = cacheBlock*BLOCK_SIZE + offsetInStreamBlock; ++ int32_t bytes; + NS_ABORT_IF_FALSE(size >= 0 && size <= INT32_MAX, "Size out of range."); + nsresult rv = gMediaCache->ReadCacheFile(offset, aBuffer + count, int32_t(size), &bytes); + if (NS_FAILED(rv)) { +@@ -2268,9 +2278,7 @@ MediaCacheStream::ReadAt(int64_t aOffset, char* aBuffer, + } + + nsresult +-MediaCacheStream::ReadFromCache(char* aBuffer, +- int64_t aOffset, +- int64_t aCount) ++MediaCacheStream::ReadFromCache(char* aBuffer, int64_t aOffset, int64_t aCount) + { + ReentrantMonitorAutoEnter mon(gMediaCache->GetReentrantMonitor()); + if (mClosed) +@@ -2292,7 +2300,7 @@ MediaCacheStream::ReadFromCache(char* aBuffer, + return NS_ERROR_FAILURE; + } + size = std::min(size, bytesRemaining); +- // Clamp size until 64-bit file size issues (bug 500784) are fixed. ++ // Clamp size until 64-bit file size issues are fixed. + size = std::min(size, int64_t(INT32_MAX)); + } + +@@ -2303,7 +2311,10 @@ MediaCacheStream::ReadFromCache(char* aBuffer, + // We can just use the data in mPartialBlockBuffer. In fact we should + // use it rather than waiting for the block to fill and land in + // the cache. +- bytes = std::min<int64_t>(size, mChannelOffset - streamOffset); ++ // Clamp bytes until 64-bit file size issues are fixed. ++ int64_t toCopy = std::min<int64_t>(size, mChannelOffset - streamOffset); ++ bytes = std::min(toCopy, int64_t(INT32_MAX)); ++ NS_ABORT_IF_FALSE(bytes >= 0 && bytes <= toCopy, "Bytes out of range."); + memcpy(aBuffer + count, + reinterpret_cast<char*>(mPartialBlockBuffer.get()) + offsetInStreamBlock, bytes); + } else { + Modified media/libnestegg/include/nestegg-stdint.h +diff --git a/media/libnestegg/include/nestegg-stdint.h b/media/libnestegg/include/nestegg-stdint.h +index 599a7a5..c315991 100644 +--- a/media/libnestegg/include/nestegg-stdint.h ++++ b/media/libnestegg/include/nestegg-stdint.h +@@ -1,6 +1,9 @@ + #ifdef _WIN32 + typedef __int64 int64_t; + typedef unsigned __int64 uint64_t; ++#if !defined(INT64_MAX) ++#define INT64_MAX 9223372036854775807LL ++#endif + #else + #include <stdint.h> + #endif + Modified media/libnestegg/src/nestegg.c +diff --git a/media/libnestegg/src/nestegg.c b/media/libnestegg/src/nestegg.c +index 8813cf2..56884d7 100644 +--- a/media/libnestegg/src/nestegg.c ++++ b/media/libnestegg/src/nestegg.c +@@ -1950,6 +1950,9 @@ nestegg_offset_seek(nestegg * ctx, uint64_t offset) + { + int r; + ++ if (offset > INT64_MAX) ++ return -1; ++ + /* Seek and set up parser state for segment-level element (Cluster). */ + r = ne_io_seek(ctx->io, offset, NESTEGG_SEEK_SET); + if (r != 0) diff --git a/gnu/packages/patches/icecat-CVE-2014-1594.patch b/gnu/packages/patches/icecat-CVE-2014-1594.patch new file mode 100644 index 0000000000..e5ce7b069b --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2014-1594.patch @@ -0,0 +1,34 @@ +commit 7a8497c0df722b1ed145b99a82c71ed1f7b1d6ce +Author: Markus Stange <mstange@themasta.com> +Date: Thu Oct 9 21:26:27 2014 -0400 + + Bug 1074280 - Use AsContainerLayer() in order to avoid a bad cast. r=roc, a=bkerensa + + Modified gfx/layers/basic/BasicLayerManager.cpp +diff --git a/gfx/layers/basic/BasicLayerManager.cpp b/gfx/layers/basic/BasicLayerManager.cpp +index 5a3a1f6..ff42bc0 100644 +--- a/gfx/layers/basic/BasicLayerManager.cpp ++++ b/gfx/layers/basic/BasicLayerManager.cpp +@@ -901,18 +901,17 @@ BasicLayerManager::PaintLayer(gfxContext* aTarget, + RenderTraceScope trace("BasicLayerManager::PaintLayer", "707070"); + + const nsIntRect* clipRect = aLayer->GetEffectiveClipRect(); +- // aLayer might not be a container layer, but if so we take care not to use +- // the container variable +- BasicContainerLayer* container = static_cast<BasicContainerLayer*>(aLayer); +- bool needsGroup = aLayer->GetFirstChild() && ++ BasicContainerLayer* container = ++ static_cast<BasicContainerLayer*>(aLayer->AsContainerLayer()); ++ bool needsGroup = container && + container->UseIntermediateSurface(); + BasicImplData* data = ToData(aLayer); + bool needsClipToVisibleRegion = + data->GetClipToVisibleRegion() && !aLayer->AsThebesLayer(); +- NS_ASSERTION(needsGroup || !aLayer->GetFirstChild() || ++ NS_ASSERTION(needsGroup || !container || + container->GetOperator() == CompositionOp::OP_OVER, + "non-OVER operator should have forced UseIntermediateSurface"); +- NS_ASSERTION(!aLayer->GetFirstChild() || !aLayer->GetMaskLayer() || ++ NS_ASSERTION(!container || !aLayer->GetMaskLayer() || + container->UseIntermediateSurface(), + "ContainerLayer with mask layer should force UseIntermediateSurface"); diff --git a/gnu/packages/patches/xfce4-panel-plugins.patch b/gnu/packages/patches/xfce4-panel-plugins.patch new file mode 100644 index 0000000000..df5a0a914d --- /dev/null +++ b/gnu/packages/patches/xfce4-panel-plugins.patch @@ -0,0 +1,115 @@ +Search for xfce4 panel plugins in the directories specified +in XDG_DATA_DIRS and X_XFCE4_LIB_DIRS. For discussion of the +relevant issues, see: + + https://bugzilla.xfce.org/show_bug.cgi?id=5455 + +Patch by Mark H Weaver <mhw@netris.org> + +--- xfce4-panel-4.10.0/panel/panel-module.c.orig 2012-04-28 16:31:35.000000000 -0400 ++++ xfce4-panel-4.10.0/panel/panel-module.c 2014-12-14 01:31:55.728107386 -0500 +@@ -35,8 +35,14 @@ + #include <panel/panel-plugin-external-wrapper.h> + #include <panel/panel-plugin-external-46.h> + +-#define PANEL_PLUGINS_LIB_DIR (LIBDIR G_DIR_SEPARATOR_S "panel" G_DIR_SEPARATOR_S "plugins") +-#define PANEL_PLUGINS_LIB_DIR_OLD (LIBDIR G_DIR_SEPARATOR_S "panel-plugins") ++#define PANEL_PLUGINS_LIB_DIR_TAIL (G_DIR_SEPARATOR_S "panel" G_DIR_SEPARATOR_S "plugins") ++#define PANEL_PLUGINS_LIB_DIR_TAIL_OLD (G_DIR_SEPARATOR_S "panel-plugins") ++ ++static const gchar *plugins_lib_dir_tails[] = ++{ ++ PANEL_PLUGINS_LIB_DIR_TAIL, ++ PANEL_PLUGINS_LIB_DIR_TAIL_OLD ++}; + + + typedef enum _PanelModuleRunMode PanelModuleRunMode; +@@ -335,21 +341,39 @@ + /* show a messsage if the old module path key still exists */ + g_message ("Plugin %s: The \"X-XFCE-Module-Path\" key is " + "ignored in \"%s\", the panel will look for the " +- "module in %s. See bug #5455 why this decision was made", +- name, filename, PANEL_PLUGINS_LIB_DIR); ++ "module in DIR%s for each DIR in $X_XFCE4_LIB_DIRS " ++ "(%s by default). See bug #5455 for discussion.", ++ name, filename, PANEL_PLUGINS_LIB_DIR_TAIL, LIBDIR); + } + #endif + +- path = g_module_build_path (PANEL_PLUGINS_LIB_DIR, module_name); +- found = g_file_test (path, G_FILE_TEST_EXISTS); ++ /* search for module */ ++ { ++ gchar *dirs_string; ++ gchar **dirs; ++ int i, j; ++ ++ dirs_string = (gchar *) g_getenv ("X_XFCE4_LIB_DIRS"); ++ if (!dirs_string) ++ dirs_string = LIBDIR; ++ dirs = g_strsplit (dirs_string, G_SEARCHPATH_SEPARATOR_S, 0); ++ ++ found = FALSE; ++ path = NULL; ++ ++ for (i = 0; !found && dirs[i] != NULL; i++) ++ for (j = 0; !found && j < G_N_ELEMENTS (plugins_lib_dir_tails); j++) ++ { ++ gchar *dir = g_strconcat (dirs[i], plugins_lib_dir_tails[j], NULL); ++ ++ g_free (path); ++ path = g_module_build_path (dir, module_name); ++ found = g_file_test (path, G_FILE_TEST_EXISTS); ++ g_free (dir); ++ } + +- if (!found) +- { +- /* deprecated location for module plugin directories */ +- g_free (path); +- path = g_module_build_path (PANEL_PLUGINS_LIB_DIR_OLD, module_name); +- found = g_file_test (path, G_FILE_TEST_EXISTS); +- } ++ g_strfreev (dirs); ++ } + + if (G_LIKELY (found)) + { +--- xfce4-panel-4.10.0/panel/panel-module-factory.c.orig 2012-04-28 16:31:35.000000000 -0400 ++++ xfce4-panel-4.10.0/panel/panel-module-factory.c 2014-12-13 23:55:27.439404812 -0500 +@@ -42,6 +42,11 @@ + #define PANEL_PLUGINS_DATA_DIR (DATADIR G_DIR_SEPARATOR_S "panel" G_DIR_SEPARATOR_S "plugins") + #define PANEL_PLUGINS_DATA_DIR_OLD (DATADIR G_DIR_SEPARATOR_S "panel-plugins") + ++static const gchar *plugins_data_dir_tails[] = ++{ ++ (G_DIR_SEPARATOR_S "xfce4" G_DIR_SEPARATOR_S "panel" G_DIR_SEPARATOR_S "plugins"), ++ (G_DIR_SEPARATOR_S "xfce4" G_DIR_SEPARATOR_S "panel-plugins") ++}; + + + static void panel_module_factory_finalize (GObject *object); +@@ -223,8 +228,22 @@ + panel_module_factory_load_modules (PanelModuleFactory *factory, + gboolean warn_if_known) + { ++ const gchar * const * system_data_dirs; ++ int i, j; ++ + panel_return_if_fail (PANEL_IS_MODULE_FACTORY (factory)); + ++ system_data_dirs = g_get_system_data_dirs (); ++ for (i = 0; system_data_dirs[i] != NULL; i++) ++ for (j = 0; j < G_N_ELEMENTS (plugins_data_dir_tails); j++) ++ { ++ gchar *dir; ++ ++ dir = g_strconcat (system_data_dirs[i], plugins_data_dir_tails[j], NULL); ++ panel_module_factory_load_modules_dir (factory, dir, warn_if_known); ++ g_free (dir); ++ } ++ + /* load from the new and old location */ + panel_module_factory_load_modules_dir (factory, PANEL_PLUGINS_DATA_DIR, warn_if_known); + panel_module_factory_load_modules_dir (factory, PANEL_PLUGINS_DATA_DIR_OLD, warn_if_known); diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index a724a1b21f..03cad3e25f 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -74,6 +74,27 @@ (home-page "http://www.perl.org/") (license gpl1+))) ; or "Artistic" +(define-public perl-clone + (package + (name "perl-clone") + (version "0.37") + (source (origin + (method url-fetch) + (uri (string-append "mirror://cpan/authors/id/G/GA/GARU/" + "Clone-" version ".tar.gz")) + (sha256 + (base32 + "17fdhxpzrq2nwim3zkcrz4m9gjixp0i886yz54ysrshxy3k53wnr")))) + (build-system perl-build-system) + (synopsis "Recursively copy Perl datatypes") + (description + "This module provides a clone() method which makes recursive copies of +nested hash, array, scalar and reference types, including tied variables and +objects.") + (home-page (string-append "http://search.cpan.org/~garu/" + "Clone-" version)) + (license (package-license perl)))) + (define-public perl-file-list (package (name "perl-file-list") @@ -253,6 +274,54 @@ Perlish API and none of the bloat and rarely used features of IPC::Run.") ;; licenses, any version." (license (list bsd-3 gpl3+)))) +(define-public perl-test-deep + (package + (name "perl-test-deep") + (version "0.114") + (source (origin + (method url-fetch) + (uri (string-append "mirror://cpan/authors/id/R/RJ/RJBS/" + "Test-Deep-" version ".tar.gz")) + (sha256 + (base32 + "09yr47vw7vj27sdik312x08938higcij8ybyq8k67mlccx8cpqf0")))) + (build-system perl-build-system) + (inputs `(("perl-test-tester" ,perl-test-tester) + ("perl-test-nowarnings" ,perl-test-nowarnings))) + (synopsis "Flexible deep comparison for the Test::Builder framework") + (description + "Test::Deep compares two structures by going through each level, ensuring +that the values match, that arrays and hashes have the same elements and that +references are blessed into the correct class. It also handles circular data +structures without getting caught in an infinite loop.") + (home-page (string-append "http://search.cpan.org/~rjbs/" + "Test-Deep-" version)) + (license gpl1+))) ; or "Artistic License" + +(define-public perl-test-nowarnings + (package + (name "perl-test-nowarnings") + (version "1.04") + (source (origin + (method url-fetch) + (uri (string-append "mirror://cpan/authors/id/A/AD/ADAMK/" + "Test-NoWarnings-" version ".tar.gz")) + (sha256 + (base32 + "0v385ch0hzz9naqwdw2az3zdqi15gka76pmiwlgsy6diiijmg2k3")))) + (build-system perl-build-system) + (inputs `(("perl-test-tester" ,perl-test-tester))) + (synopsis "Ensure no warnings are produced while testing") + (description + "This modules causes any warnings during testing to be captured and +stored. It automatically adds an extra test that will run when your script +ends to check that there were no warnings. If there were any warings, the +test will fail and output diagnostics of where, when and what the warning was, +including a stack trace of what was going on when it occurred.") + (home-page (string-append "http://search.cpan.org/~adamk/" + "Test-NoWarnings-" version)) + (license lgpl2.1))) + (define-public perl-test-script (package (name "perl-test-script") @@ -277,6 +346,46 @@ bin as is also commonly used) paths of your Perl distribution.") "Test-Script-" version)) (license (package-license perl)))) +(define-public perl-test-simple + (package + (name "perl-test-simple") + (version "1.001009") + (source (origin + (method url-fetch) + (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/" + "Test-Simple-" version ".tar.gz")) + (sha256 + (base32 + "1klxpy658aj1pmrw63j1hc16gilwh5rzhp9rb2d1iydi3hcm8xb5")))) + (build-system perl-build-system) + (synopsis "Basic utilities for writing tests") + (description + "Test::Simple contains basic utilities for writing tests.") + (home-page (string-append "http://search.cpan.org/~exodist/" + "Test-Simple-" version)) + (license (package-license perl)))) + +(define-public perl-test-tester + (package + (name "perl-test-tester") + (version "0.109") + (source (origin + (method url-fetch) + (uri (string-append "mirror://cpan/authors/id/F/FD/FDALY/" + "Test-Tester-" version ".tar.gz")) + (sha256 + (base32 + "0m9n28z09kq455r5nydj1bnr85lvmbfpcbjdkjfbpmfb5xgciiyk")))) + (build-system perl-build-system) + (synopsis "Simplify running Test::Builder tests") + (description + "Test::Tester allows testing of test modules based on Test::Builder with +a minimum of effort.") + (home-page (string-append "http://search.cpan.org/~fdaly/" + "Test-Tester-" version)) + ;; "Under the same license as Perl itself" + (license (package-license perl)))) + (define-public perl-file-which (package (name "perl-file-which") diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index dc7def5507..adb84fc5b7 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -37,6 +37,7 @@ #:use-module (gnu packages openssl) #:use-module (gnu packages elf) #:use-module (gnu packages maths) + #:use-module (gnu packages ncurses) #:use-module (gnu packages gcc) #:use-module (gnu packages pkg-config) #:use-module (gnu packages databases) @@ -50,6 +51,9 @@ #:use-module (gnu packages fontutils) #:use-module (gnu packages which) #:use-module (gnu packages perl) + #:use-module (gnu packages xorg) + #:use-module (gnu packages glib) + #:use-module (gnu packages gtk) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix git-download) @@ -614,6 +618,43 @@ get the local timezone information, unless you know the zoneinfo name, and under several distributions that's hard or impossible to figure out.") (license cc0))) +(define-public python-pysam + (package + (name "python-pysam") + (version "0.8.1") + (source + (origin + (method url-fetch) + (uri (string-append "https://pypi.python.org/packages/source/p/pysam/pysam-" + version ".tar.gz")) + (sha256 + (base32 + "1fb6i6hbpzxaxb62kyyp5alaidwhj40f7c6gwbhr6njzlqd5l459")))) + (build-system python-build-system) + (arguments + `(#:tests? #f ; tests are excluded in the manifest + #:phases + (alist-cons-before + 'build 'set-flags + (lambda _ + (setenv "LDFLAGS" "-lncurses") + (setenv "CFLAGS" "-D_CURSES_LIB=1")) + %standard-phases))) + (inputs + `(("python-cython" ,python-cython) + ("python-setuptools" ,python-setuptools) + ("ncurses" ,ncurses) + ("zlib" ,zlib))) + (home-page "https://github.com/pysam-developers/pysam") + (synopsis "Python bindings to the SAMtools C API") + (description + "Pysam is a Python module for reading and manipulating files in the +SAM/BAM format. Pysam is a lightweight wrapper of the SAMtools C API. It +also includes an interface for tabix.") + (license expat))) + +(define-public python2-pysam + (package-with-python2 python-pysam)) (define-public python2-pysqlite (package @@ -2117,10 +2158,35 @@ that client code uses to construct the grammar directly in Python code.") "0m6v9nwdldlwk22gcd339zg6mny5m301fxgks7z8sb8m9wawg8qp")))) (build-system python-build-system) (outputs '("out" "doc")) + (propagated-inputs ; the following packages are all needed at run time + `(("python-pyparsing" ,python-pyparsing) + ("python-pygobject" ,python-pygobject) + ("gobject-introspection" ,gobject-introspection) + ;; The 'gtk+' package (and 'gdk-pixbuf', 'atk' and 'pango' propagated + ;; from 'gtk+') provides the required 'typelib' files used by + ;; 'gobject-introspection'. The location of these files is set with the + ;; help of the environment variable GI_TYPELIB_PATH. At build time this + ;; is done automatically by a 'native-search-path' procedure. However, + ;; at run-time the user must set this variable as follows: + ;; + ;; export GI_TYPELIB_PATH=~/.guix-profile/lib/girepository-1.0 + ;; + ;; 'typelib' files include references to dynamic libraries. Currently + ;; the references do not include the full path to the libraries. For + ;; this reason the user must set the LD_LIBRARY_PATH to the location of + ;; 'libgtk-3.so.0', 'libgdk-3.so.0' and 'libatk-1.0.so.0': + ;; + ;; export LD_LIBRARY_PATH=~/.guix-profile/lib + ("gtk+" ,gtk+) + ;; From version 1.4.0 'matplotlib' makes use of 'cairocffi' instead of + ;; 'pycairo'. However, 'pygobject' makes use of a 'pycairo' 'context' + ;; object. For this reason we need to import both libraries. + ;; https://pythonhosted.org/cairocffi/cffi_api.html#converting-pycairo + ("python-pycairo" ,python-pycairo) + ("python-cairocffi" ,python-cairocffi))) (inputs `(("python-setuptools" ,python-setuptools) ("python-dateutil" ,python-dateutil-2) - ("python-pyparsing" ,python-pyparsing) ("python-six" ,python-six) ("python-pytz" ,python-pytz) ("python-numpy" ,python-numpy-bootstrap) @@ -2131,10 +2197,10 @@ that client code uses to construct the grammar directly in Python code.") ("libpng" ,libpng) ("imagemagick" ,imagemagick) ("freetype" ,freetype) + ("cairo" ,cairo) + ("glib" ,glib) + ("python-pillow" ,python-pillow) ;; FIXME: Add backends when available. - ;("python-pygtk" ,python-pygtk) - ;("python-pycairo" ,python-pycairo) - ;("python-pygobject" ,python-pygobject) ;("python-wxpython" ,python-wxpython) ;("python-pyqt" ,python-pyqt) )) @@ -2144,40 +2210,51 @@ that client code uses to construct the grammar directly in Python code.") ("texinfo" ,texinfo))) (arguments `(#:phases - (alist-cons-after - 'install 'install-doc - (lambda* (#:key outputs #:allow-other-keys) - (let* ((data (string-append (assoc-ref outputs "doc") "/share")) - (doc (string-append data "/doc/" ,name "-" ,version)) - (info (string-append data "/info")) - (html (string-append doc "/html"))) - (with-directory-excursion "doc" - ;; Without setting this variable we get an encoding error. - (setenv "LANG" "en_US.UTF-8") - ;; Produce pdf in 'A4' format. - (substitute* (find-files "." "conf\\.py") - (("latex_paper_size = 'letter'") - "latex_paper_size = 'a4'")) - (mkdir-p html) - (mkdir-p info) - ;; The doc recommends to run the 'html' target twice. - (system* "python" "make.py" "html") - (system* "python" "make.py" "html") - (system* "python" "make.py" "latex") - (system* "python" "make.py" "texinfo") - (copy-file "build/texinfo/matplotlib.info" - (string-append info "/matplotlib.info")) - (copy-file "build/latex/Matplotlib.pdf" - (string-append doc "/Matplotlib.pdf")) - (with-directory-excursion "build/html" - (map (lambda (file) - (let* ((dir (dirname file)) - (tgt-dir (string-append html "/" dir))) - (unless (equal? "." dir) - (mkdir-p tgt-dir)) - (copy-file file (string-append html "/" file)))) - (find-files "." ".*")))))) - %standard-phases))) + (alist-cons-before + 'build 'configure-environment + (lambda* (#:key outputs inputs #:allow-other-keys) + (let ((cairo (assoc-ref inputs "cairo")) + (gtk+ (assoc-ref inputs "gtk+"))) + ;; Setting these directories in the 'basedirlist' of 'setup.cfg' + ;; has not effect. + ;; + ;; FIXME: setting LD_LIBRARY_PATH should be removed once we patch + ;; gobject-introspection to include the full path of shared + ;; libraries in 'typelib' files. + (setenv "LD_LIBRARY_PATH" + (string-append cairo "/lib:" gtk+ "/lib")) + (setenv "HOME" (getcwd)) + (call-with-output-file "setup.cfg" + (lambda (port) + (format port "[rc_options]~% +backend = GTK3Agg~%"))))) + (alist-cons-after + 'install 'install-doc + (lambda* (#:key outputs #:allow-other-keys) + (let* ((data (string-append (assoc-ref outputs "doc") "/share")) + (doc (string-append data "/doc/" ,name "-" ,version)) + (info (string-append data "/info")) + (html (string-append doc "/html"))) + (with-directory-excursion "doc" + ;; Without setting this variable we get an encoding error. + (setenv "LANG" "en_US.UTF-8") + ;; Produce pdf in 'A4' format. + (substitute* (find-files "." "conf\\.py") + (("latex_paper_size = 'letter'") + "latex_paper_size = 'a4'")) + (mkdir-p html) + (mkdir-p info) + ;; The doc recommends to run the 'html' target twice. + (system* "python" "make.py" "html") + (system* "python" "make.py" "html") + (system* "python" "make.py" "latex") + (system* "python" "make.py" "texinfo") + (copy-file "build/texinfo/matplotlib.info" + (string-append info "/matplotlib.info")) + (copy-file "build/latex/Matplotlib.pdf" + (string-append doc "/Matplotlib.pdf")) + (copy-recursively "build/html" html)))) + %standard-phases)))) (home-page "http://matplotlib.org") (synopsis "2D plotting library for Python") (description @@ -2193,9 +2270,17 @@ toolkits.") (package (inherit matplotlib) ;; Make sure we use exactly PYTHON2-NUMPYDOC, which is ;; customized for Python 2. - (inputs `(("python2-numpydoc" ,python2-numpydoc) - ,@(alist-delete "python-numpydoc" - (package-inputs matplotlib))))))) + (propagated-inputs + `(("python2-py2cairo" ,python2-py2cairo) + ("python2-pygobject-2" ,python2-pygobject-2) + ,@(alist-delete "python-pycairo" + (alist-delete "python-pygobject" + (package-propagated-inputs + matplotlib))))) + (inputs + `(("python2-numpydoc" ,python2-numpydoc) + ,@(alist-delete "python-numpydoc" + (package-inputs matplotlib))))))) ;; Scipy 0.14.0 with Numpy 0.19.X fails several tests. This is known and ;; planned to be fixed in 0.14.1. It is claimed that the failures can safely @@ -2542,3 +2627,102 @@ a front-end for C compilers or analysis tools.") (define-public python2-cffi (package-with-python2 python-cffi)) + +(define-public python-xcffib + (package + (name "python-xcffib") + (version "0.1.9") + (source + (origin + (method url-fetch) + (uri (string-append "https://pypi.python.org/packages/source/x/" + "xcffib/xcffib-" version ".tar.gz")) + (sha256 + (base32 + "0655hzxv57h1a9ja9kwp0ichbkhf3djw32k33d66xp0q37dq2y81")))) + (build-system python-build-system) + (inputs + `(("libxcb" ,libxcb) + ("python-six" ,python-six))) + (native-inputs + `(("python-setuptools" ,python-setuptools))) + (propagated-inputs + `(("python-cffi" ,python-cffi))) ; used at run time + (arguments + `(#:phases + (alist-cons-after + 'install 'install-doc + (lambda* (#:key outputs #:allow-other-keys) + (let ((doc (string-append (assoc-ref outputs "out") "/share" + "/doc/" ,name "-" ,version))) + (mkdir-p doc) + (copy-file "README.md" + (string-append doc "/README.md")))) + %standard-phases))) + (home-page "https://github.com/tych0/xcffib") + (synopsis "XCB Python bindings") + (description + "Xcffib is a replacement for xpyb, an XCB Python bindings. It adds +support for Python 3 and PyPy. It is based on cffi.") + (license expat))) + +(define-public python2-xcffib + (package-with-python2 python-xcffib)) + +(define-public python-cairocffi + (package + (name "python-cairocffi") + (version "0.6") + (source + (origin + (method url-fetch) + ;; The archive on pypi is missing the 'utils' directory! + (uri (string-append "https://github.com/SimonSapin/cairocffi/archive/v" + version ".tar.gz")) + (sha256 + (base32 + "03w5p62sp3nqiccx864sbq0jvh7946277jqx3rcc3dch5xwfvv51")))) + (build-system python-build-system) + (outputs '("out" "doc")) + (inputs + `(("gdk-pixbuf" ,gdk-pixbuf) + ("cairo" ,cairo))) + (native-inputs + `(("pkg-config" ,pkg-config) + ("python-sphinx" ,python-sphinx) + ("python-docutils" ,python-docutils) + ("python-setuptools" ,python-setuptools))) + (propagated-inputs + `(("python-xcffib" ,python-xcffib))) ; used at run time + (arguments + `(#:phases + (alist-cons-after + 'install 'install-doc + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((data (string-append (assoc-ref outputs "doc") "/share")) + (doc (string-append data "/doc/" ,name "-" ,version)) + (html (string-append doc "/html"))) + (setenv "LD_LIBRARY_PATH" + (string-append (assoc-ref inputs "cairo") "/lib" ":" + (assoc-ref inputs "gdk-pixbuf") "/lib")) + (setenv "LANG" "en_US.UTF-8") + (mkdir-p html) + (for-each (lambda (file) + (copy-file (string-append "." file) + (string-append doc file))) + '("/README.rst" "/CHANGES" "/LICENSE")) + (system* "python" "setup.py" "build_sphinx") + (copy-recursively "docs/_build/html" html))) + %standard-phases))) + (home-page "https://github.com/SimonSapin/cairocffi") + (synopsis "Python bindings and object-oriented API for Cairo") + (description + "Cairocffi is a CFFI-based drop-in replacement for Pycairo, a set of +Python bindings and object-oriented API for cairo. Cairo is a 2D vector +graphics library with support for multiple backends including image buffers, +PNG, PostScript, PDF, and SVG file output.") + (license bsd-3))) + +(define-public python2-cairocffi + (package-with-python2 python-cairocffi)) + diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm index 0a37a246bd..77aeecf40c 100644 --- a/gnu/packages/qemu.scm +++ b/gnu/packages/qemu.scm @@ -42,14 +42,14 @@ ;; This is QEMU without GUI support. (package (name "qemu-headless") - (version "2.0.0") + (version "2.2.0") (source (origin (method url-fetch) (uri (string-append "http://wiki.qemu-project.org/download/qemu-" version ".tar.bz2")) (sha256 (base32 - "0frsahiw56jr4cqr9m6s383lyj4ar9hfs2wp3y4yr76krah1mk30")))) + "1703c3scl5n07gmpilg7g2xzyxnr7jczxgx6nn4m8kv9gin9p35n")))) (build-system gnu-build-system) (arguments '(#:phases (alist-replace diff --git a/gnu/packages/tmux.scm b/gnu/packages/tmux.scm index 636b56e0db..9cb35bb4b2 100644 --- a/gnu/packages/tmux.scm +++ b/gnu/packages/tmux.scm @@ -28,7 +28,7 @@ (define-public tmux (package (name "tmux") - (version "1.7") + (version "1.9a") (source (origin (method url-fetch) (uri (string-append @@ -36,7 +36,7 @@ version "/tmux-" version ".tar.gz")) (sha256 (base32 - "0ywy1x2g905hmhkdz418ik42lcvnhnwr8fv63rcqczfg27d6nd38")))) + "1x9k4wfd4l5jg6fh7xkr3yyilizha6ka8m5b1nr0kw8wj0mv5qy5")))) (build-system gnu-build-system) (inputs `(("libevent" ,libevent) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 063f1dae43..984ba7e1f4 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -395,7 +395,7 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.") (define-public youtube-dl (package (name "youtube-dl") - (version "2014.11.21.1") + (version "2014.12.15") (source (origin (method url-fetch) (uri (string-append "http://youtube-dl.org/downloads/" @@ -403,7 +403,7 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.") version ".tar.gz")) (sha256 (base32 - "0rxpx8j4qhhsws6czlfji1x9igsinkbbwvld10qdylll7g9q1v7j")))) + "09z7v6jxs4a36kyy681mcypcqsxipplnbdy9s3rva1rpp5f74h2z")))) (build-system python-build-system) (inputs `(("setuptools" ,python-setuptools))) (home-page "http://youtube-dl.org") diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 6820d018e3..6a84a45376 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -29,6 +29,7 @@ #:use-module (gnu packages image) #:use-module (gnu packages pkg-config) #:use-module (gnu packages glib) + #:use-module (gnu packages perl) #:use-module (gnu packages xorg)) ;; packages outside the x.org system proper @@ -57,6 +58,47 @@ can also be used for copying files, as an alternative to sftp/scp, thus avoiding password prompts when X11 forwarding has already been setup.") (license license:gpl2+))) +(define-public xdotool + (package + (name "xdotool") + (version "2.20110530.1") + (source + (origin + (method url-fetch) + (uri (string-append + "http://semicomplete.googlecode.com/files/" name "-" + version ".tar.gz")) + (sha256 + (base32 + "0rxggg1cy7nnkwidx8x2w3c5f3pk6dh2b6q0q7hp069r3n5jrd77")))) + (build-system gnu-build-system) + (arguments + '(#:tests? #f ; Test suite requires a lot of black magic + #:phases + (alist-replace 'configure + (lambda* (#:key outputs #:allow-other-keys #:rest args) + (setenv "PREFIX" (assoc-ref outputs "out")) + (setenv "LDFLAGS" (string-append "-Wl,-rpath=" + (assoc-ref + %outputs "out") "/lib")) + (setenv "CC" "gcc")) + %standard-phases))) + (native-inputs `(("perl" ,perl))) ; for pod2man + (inputs `(("libx11" ,libx11) + ("libxext" ,libxext) + ("libxi" ,libxi) + ("libxinerama" ,libxinerama) + ("libxtst" ,libxtst))) + (home-page "http://www.semicomplete.com/projects/xdotool") + (synopsis "Fake keyboard/mouse input, window management, and more") + (description "Xdotool lets you simulate keyboard input and mouse activity, +move and resize windows, etc. It does this using X11's XTEST extension and +other Xlib functions. Additionally, you can search for windows and move, +resize, hide, and modify window properties like the title. If your window +manager supports it, you can use xdotool to switch desktops, move windows +between desktops, and change the number of desktops.") + (license license:bsd-3))) + (define-public xeyes (package (name "xeyes") diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm index 69776fc582..2b15c3e35c 100644 --- a/gnu/packages/xfce.scm +++ b/gnu/packages/xfce.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Sou Bunnbu <iyzsong@gmail.com> +;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -22,6 +23,7 @@ #:use-module (guix download) #:use-module (guix utils) #:use-module (guix build-system gnu) + #:use-module (gnu packages) #:use-module (gnu packages pkg-config) #:use-module (gnu packages glib) #:use-module (gnu packages gtk) @@ -249,7 +251,8 @@ management D-Bus specification.") "/src/" name "-" version ".tar.bz2")) (sha256 (base32 - "1f8903nx6ivzircl8d8s9zna4vjgfy0qhjk5d2x19g9bmycgj89k")))) + "1f8903nx6ivzircl8d8s9zna4vjgfy0qhjk5d2x19g9bmycgj89k")) + (patches (list (search-patch "xfce4-panel-plugins.patch"))))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config) @@ -261,6 +264,10 @@ management D-Bus specification.") ("garcon", garcon) ("libwnck" ,libwnck-1) ("libxfce4ui" ,libxfce4ui))) + (native-search-paths + (list (search-path-specification + (variable "X_XFCE4_LIB_DIRS") + (directories '("lib/xfce4"))))) (home-page "http://www.xfce.org/") (synopsis "Xfce desktop panel") (description @@ -269,6 +276,35 @@ applications menu, workspace switcher and more.") ;; Libraries are under LGPLv2.1+, and programs under GPLv2+. (license (list gpl2+ lgpl2.1+)))) +(define-public xfce4-battery-plugin + (package + (name "xfce4-battery-plugin") + (version "1.0.5") + (source (origin + (method url-fetch) + (uri (string-append "http://archive.xfce.org/src/panel-plugins/" + name "/" (version-major+minor version) "/" + name "-" version ".tar.bz2")) + (sha256 + (base32 + "04gbplcj8z4vg5xbks8cc2jjf62mmf9sdymg90scjwmb82pv2ngn")))) + (build-system gnu-build-system) + (native-inputs `(("pkg-config" ,pkg-config) + ("intltool" ,intltool))) + (inputs `(("glib" ,glib) + ("gtk+" ,gtk+-2) + ("libxfce4util" ,libxfce4util) + ("libxfce4ui" ,libxfce4ui) + ("xfce4-panel" ,xfce4-panel))) + (home-page + "http://goodies.xfce.org/projects/panel-plugins/xfce4-battery-plugin") + (synopsis "Battery monitor panel plugin for Xfce4") + (description + "A battery monitor panel plugin for Xfce4, compatible with APM and ACPI.") + ;; The main plugin code is covered by gpl2+, but the files containing code + ;; to read the battery state via ACPI or APM are covered by lgpl2.0+. + (license (list gpl2+ lgpl2.0+)))) + (define-public xfce4-appfinder (package (name "xfce4-appfinder") @@ -476,3 +512,33 @@ on the screen.") optional application menu or icons for minimized applications or launchers, devices and folders.") (license gpl2+))) + +(define-public xfce4-terminal + (package + (name "xfce4-terminal") + (version "0.6.3") + (source (origin + (method url-fetch) + (uri (string-append "http://archive.xfce.org/src/apps/" name "/" + (version-major+minor version) "/" + name "-" version ".tar.bz2")) + (sha256 + (base32 + "023y0lkfijifh05yz8grimxadqpi98mrivr00sl18nirq8b4fbwi")))) + (build-system gnu-build-system) + (native-inputs + `(("pkg-config" ,pkg-config) + ("intltool" ,intltool))) + (inputs + `(("libxfce4ui" ,libxfce4ui) + ("vte" ,vte/gtk+-2))) + (home-page "http://www.xfce.org/") + (synopsis "Xfce terminal emulator") + (description + "A lightweight and easy to use terminal emulator for Xfce. Features +include a simple configuration interface, the ability to use multiple tabs +with terminals within a single window, the possibility to have a +pseudo-transparent terminal background, and a compact mode (where both the +menubar and the window decorations are hidden) that helps you to save space +on your desktop.") + (license gpl2+))) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 712222bdde..95edba6e7c 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -33,8 +33,10 @@ #:select (mount-flags->bit-mask)) #:use-module (guix gexp) #:use-module (guix monads) + #:use-module (guix records) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) + #:use-module (ice-9 match) #:use-module (ice-9 format) #:export (root-file-system-service file-system-service @@ -46,6 +48,16 @@ console-font-service udev-service mingetty-service + + %nscd-default-caches + %nscd-default-configuration + + nscd-configuration + nscd-configuration? + + nscd-cache + nscd-cache? + nscd-service syslog-service guix-service @@ -374,9 +386,110 @@ the ``message of the day''." #:allow-empty-passwords? allow-empty-passwords? #:motd motd))))))) -(define* (nscd-service #:key (glibc (canonical-package glibc))) - "Return a service that runs libc's name service cache daemon (nscd)." - (with-monad %store-monad +(define-record-type* <nscd-configuration> nscd-configuration + make-nscd-configuration + nscd-configuration? + (log-file nscd-configuration-log-file ;string + (default "/var/log/nscd.log")) + (debug-level nscd-debug-level ;integer + (default 0)) + ;; TODO: See nscd.conf in glibc for other options to add. + (caches nscd-configuration-caches ;list of <nscd-cache> + (default %nscd-default-caches))) + +(define-record-type* <nscd-cache> nscd-cache make-nscd-cache + nscd-cache? + (database nscd-cache-database) ;symbol + (positive-time-to-live nscd-cache-positive-time-to-live) ;integer + (negative-time-to-live nscd-cache-negative-time-to-live + (default 20)) ;integer + (suggested-size nscd-cache-suggested-size ;integer ("default module + ;of hash table") + (default 211)) + (check-files? nscd-cache-check-files? ;Boolean + (default #t)) + (persistent? nscd-cache-persistent? ;Boolean + (default #t)) + (shared? nscd-cache-shared? ;Boolean + (default #t)) + (max-database-size nscd-cache-max-database-size ;integer + (default (* 32 (expt 2 20)))) + (auto-propagate? nscd-cache-auto-propagate? ;Boolean + (default #t))) + +(define %nscd-default-caches + ;; Caches that we want to enable by default. Note that when providing an + ;; empty nscd.conf, all caches are disabled. + (list (nscd-cache (database 'hosts) + + ;; Aggressively cache the host name cache to improve + ;; privacy and resilience. + (positive-time-to-live (* 3600 12)) + (negative-time-to-live 20) + (persistent? #t)) + + (nscd-cache (database 'services) + + ;; Services are unlikely to change, so we can be even more + ;; aggressive. + (positive-time-to-live (* 3600 24)) + (negative-time-to-live 3600) + (check-files? #t) ;check /etc/services changes + (persistent? #t)))) + +(define %nscd-default-configuration + ;; Default nscd configuration. + (nscd-configuration)) + +(define (nscd.conf-file config) + "Return the @file{nscd.conf} configuration file for @var{config}, an +@code{<nscd-configuration>} object." + (define cache->config + (match-lambda + (($ <nscd-cache> (= symbol->string database) + positive-ttl negative-ttl size check-files? + persistent? shared? max-size propagate?) + (string-append "\nenable-cache\t" database "\tyes\n" + + "positive-time-to-live\t" database "\t" + (number->string positive-ttl) "\n" + "negative-time-to-live\t" database "\t" + (number->string negative-ttl) "\n" + "suggested-size\t" database "\t" + (number->string size) "\n" + "check-files\t" database "\t" + (if check-files? "yes\n" "no\n") + "persistent\t" database "\t" + (if persistent? "yes\n" "no\n") + "shared\t" database "\t" + (if shared? "yes\n" "no\n") + "max-db-size\t" database "\t" + (number->string max-size) "\n" + "auto-propagate\t" database "\t" + (if propagate? "yes\n" "no\n"))))) + + (match config + (($ <nscd-configuration> log-file debug-level caches) + (text-file "nscd.conf" + (string-append "\ +# Configuration of libc's name service cache daemon (nscd).\n\n" + (if log-file + (string-append "logfile\t" log-file) + "") + "\n" + (if debug-level + (string-append "debug-level\t" + (number->string debug-level)) + "") + "\n" + (string-concatenate + (map cache->config caches))))))) + +(define* (nscd-service #:optional (config %nscd-default-configuration) + #:key (glibc (canonical-package glibc))) + "Return a service that runs libc's name service cache daemon (nscd) with the +given @var{config}---an @code{<nscd-configuration>} object." + (mlet %store-monad ((nscd.conf (nscd.conf-file config))) (return (service (documentation "Run libc's name service cache daemon (nscd).") (provision '(nscd)) @@ -388,7 +501,7 @@ the ``message of the day''." (start #~(make-forkexec-constructor (list (string-append #$glibc "/sbin/nscd") - "-f" "/dev/null" "--foreground"))) + "-f" #$nscd.conf "--foreground"))) (stop #~(make-kill-destructor)) (respawn? #f))))) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 1cb501bb7a..db9be8cfbd 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -80,60 +80,62 @@ fe80::1%lo0 apps.facebook.com\n") gateway (provision '(networking)) (name-servers '()) - (inetutils inetutils) (net-tools net-tools)) "Return a service that starts @var{interface} with address @var{ip}. If @var{gateway} is true, it must be a string specifying the default network gateway." + (define loopback? + (memq 'loopback provision)) - ;; TODO: Eventually we should do this using Guile's networking procedures, - ;; like 'configure-qemu-networking' does, but the patch that does this is - ;; not yet in stock Guile. + ;; TODO: Eventually replace 'route' with bindings for the appropriate + ;; ioctls. (with-monad %store-monad (return (service ;; Unless we're providing the loopback interface, wait for udev to be up ;; and running so that INTERFACE is actually usable. - (requirement (if (memq 'loopback provision) - '() - '(udev))) + (requirement (if loopback? '() '(udev))) (documentation "Bring up the networking interface using a static IP address.") (provision provision) (start #~(lambda _ ;; Return #t if successfully started. - (and (zero? (system* (string-append #$inetutils - "/bin/ifconfig") - "-i" #$interface "-A" #$ip - "-i" #$interface "--up")) - #$(if gateway - #~(zero? (system* (string-append #$net-tools - "/sbin/route") - "add" "-net" "default" - "gw" #$gateway)) - #t) - #$(if (pair? name-servers) - #~(call-with-output-file "/etc/resolv.conf" - (lambda (port) - (display - "# Generated by 'static-networking-service'.\n" - port) - (for-each (lambda (server) - (format port "nameserver ~a~%" - server)) - '#$name-servers))) - #t)))) + (let* ((addr (inet-pton AF_INET #$ip)) + (sockaddr (make-socket-address AF_INET addr 0))) + (configure-network-interface #$interface sockaddr + (logior IFF_UP + #$(if loopback? + #~IFF_LOOPBACK + 0)))) + #$(if gateway + #~(zero? (system* (string-append #$net-tools + "/sbin/route") + "add" "-net" "default" + "gw" #$gateway)) + #t) + #$(if (pair? name-servers) + #~(call-with-output-file "/etc/resolv.conf" + (lambda (port) + (display + "# Generated by 'static-networking-service'.\n" + port) + (for-each (lambda (server) + (format port "nameserver ~a~%" + server)) + '#$name-servers))) + #t))) (stop #~(lambda _ ;; Return #f is successfully stopped. - (not (and (system* (string-append #$inetutils "/bin/ifconfig") - #$interface "down") - #$(if gateway - #~(system* (string-append #$net-tools - "/sbin/route") - "del" "-net" "default") - #t))))) + (let ((sock (socket AF_INET SOCK_STREAM 0))) + (set-network-interface-flags sock #$interface 0) + (close-port sock)) + (not #$(if gateway + #~(system* (string-append #$net-tools + "/sbin/route") + "del" "-net" "default") + #t)))) (respawn? #f))))) (define* (dhcp-client-service #:key (dhcp isc-dhcp)) diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm index fbf96c799b..27a72e8019 100644 --- a/gnu/services/xorg.scm +++ b/gnu/services/xorg.scm @@ -36,7 +36,7 @@ #:use-module (srfi srfi-26) #:use-module (ice-9 match) #:export (xorg-start-command - + %default-xsessions %default-slim-theme %default-slim-theme-name slim-service)) @@ -136,9 +136,10 @@ EndSection (define* (xinitrc #:key (guile (canonical-package guile-2.0)) - (ratpoison ratpoison) - (windowmaker windowmaker)) - "Return a system-wide xinitrc script that starts the specified X session." + fallback-session) + "Return a system-wide xinitrc script that starts the specified X session, +which should be passed to this script as the first argument. If not, the +@var{fallback-session} will be used." (define builder #~(begin (use-modules (ice-9 match)) @@ -155,20 +156,14 @@ EndSection (execl shell shell "--login" "-c" (string-join (cons command args)))))) - ;; First, try to run ~/.xsession. - (let* ((home (getenv "HOME")) - (xsession (string-append home "/.xsession"))) - (exec-from-login-shell xsession)) - - ;; Then try a pre-configured session type. - (let ((ratpoison (string-append #$ratpoison "/bin/ratpoison")) - (wmaker (string-append #$windowmaker "/bin/wmaker"))) - (match (command-line) - ((_ "ratpoison") - (exec-from-login-shell ratpoison)) - (_ - (exec-from-login-shell wmaker)))))) - + (let ((home (getenv "HOME")) + (session (match (command-line) + ((_ x) x) + (_ #$fallback-session)))) + ;; First, try to run ~/.xsession. + (exec-from-login-shell (string-append home "/.xsession")) + ;; Then try to start the specified session. + (exec-from-login-shell session)))) (gexp->script "xinitrc" builder)) @@ -176,6 +171,35 @@ EndSection ;;; SLiM log-in manager. ;;; +(define %default-xsessions + ;; Default xsessions available for log-in manager, representing as a list of + ;; monadic desktop entries. + (list (text-file* "wmaker.desktop" " +[Desktop Entry] +Name=Window Maker +Exec=" windowmaker "/bin/wmaker +Type=Application +") + (text-file* "ratpoison.desktop" " +[Desktop Entry] +Name=Ratpoison +Exec=" ratpoison "/bin/ratpoison +Type=Application +"))) + +(define (xsessions-directory sessions) + "Return a directory containing SESSIONS, which should be a list of monadic +desktop entries." + (mlet %store-monad ((sessions (sequence %store-monad sessions))) + (define builder + #~(begin + (mkdir #$output) + (for-each (lambda (session) + (symlink session (string-append #$output "/" + (basename session)))) + '#$sessions))) + (gexp->derivation "xsessions-dir" builder))) + (define %default-slim-theme ;; Theme based on work by Felipe López. #~(string-append #$%artwork-repository "/slim")) @@ -191,6 +215,9 @@ EndSection (theme %default-slim-theme) (theme-name %default-slim-theme-name) (xauth xauth) (dmd dmd) (bash bash) + (sessions %default-xsessions) + (auto-login-session #~(string-append #$windowmaker + "/bin/wmaker")) startx) "Return a service that spawns the SLiM graphical login manager, which in turn starts the X display server with @var{startx}, a command as returned by @@ -198,7 +225,7 @@ turn starts the X display server with @var{startx}, a command as returned by When @var{allow-empty-passwords?} is true, allow logins with an empty password. When @var{auto-login?} is true, log in automatically as -@var{default-user}. +@var{default-user} with @var{auto-login-session}. If @var{theme} is @code{#f}, the use the default log-in theme; otherwise @var{theme} must be a gexp denoting the name of a directory containing the @@ -207,7 +234,9 @@ theme." (define (slim.cfg) (mlet %store-monad ((startx (or startx (xorg-start-command))) - (xinitrc (xinitrc))) + (xinitrc (xinitrc #:fallback-session + auto-login-session)) + (sessiondir (xsessions-directory sessions))) (text-file* "slim.cfg" " default_path /run/current-system/profile/bin default_xserver " startx " @@ -218,7 +247,7 @@ authfile /var/run/slim.auth # The login command. '%session' is replaced by the chosen session name, one # of the names specified in the 'sessions' setting: 'wmaker', 'xfce', etc. login_cmd exec " xinitrc " %session -sessions wmaker,ratpoison +sessiondir " sessiondir " halt_cmd " dmd "/sbin/halt reboot_cmd " dmd "/sbin/reboot diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 01e79480b1..ab3fe42ae1 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -145,6 +145,14 @@ configuration template file in the installation system." #~(unless (file-exists? #$local-template) (copy-file #$template #$local-template))))))) +(define %nscd-minimal-caches + ;; Minimal in-memory caching policy for nscd. + (list (nscd-cache (database 'hosts) + (positive-time-to-live (* 3600 12)) + (negative-time-to-live 20) + (persistent? #f) + (max-database-size (* 5 (expt 2 20)))))) ;5 MiB + (define (installation-services) "Return the list services for the installation image." (let ((motd (text-file "motd" " @@ -206,7 +214,10 @@ You have been warned. Thanks for being so brave. (console-font-service "tty5") (console-font-service "tty6") - (nscd-service)))) + ;; Since this is running on a USB stick with a unionfs as the root + ;; file system, use an appropriate cache configuration. + (nscd-service (nscd-configuration + (caches %nscd-minimal-caches)))))) (define %issue ;; Greeting. |