From ffc8f345111566e8336cbb5a77a96973826165d8 Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Wed, 20 Jan 2016 16:32:32 +0100 Subject: gnu: arb: Update to 2.8.1. * gnu/packages/algebra.scm (arb)[source]: Update to 2.8.1. Add patch. * gnu/packages/patches/arb-ldconfig.patch: New file. * gnu-system.am (dist_patch_DATA): Register patch. --- gnu-system.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 543a825923..74e65c7b5e 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -1,6 +1,6 @@ # GNU Guix --- Functional package management for GNU # Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès -# Copyright © 2013, 2014, 2015 Andreas Enge +# Copyright © 2013, 2014, 2015, 2016 Andreas Enge # Copyright © 2013, 2014, 2015 Mark H Weaver # # This file is part of GNU Guix. @@ -408,6 +408,7 @@ dist_patch_DATA = \ gnu/packages/patches/agg-am_c_prototype.patch \ gnu/packages/patches/alsa-lib-mips-atomic-fix.patch \ gnu/packages/patches/apr-skip-getservbyname-test.patch \ + gnu/packages/patches/arb-ldconfig.patch \ gnu/packages/patches/asymptote-gsl2.patch \ gnu/packages/patches/ath9k-htc-firmware-binutils.patch \ gnu/packages/patches/ath9k-htc-firmware-gcc.patch \ -- cgit v1.2.3 From beed3af565fd6eb2eab45a1b970be8d8cd8437d5 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 20 Jan 2016 13:04:35 -0500 Subject: gnu: linux-libre: Add fix for CVE-2016-0728. * gnu/packages/patches/linux-libre-CVE-2016-0728.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/linux.scm (linux-libre)[source]: Add patch. --- gnu-system.am | 3 +- gnu/packages/linux.scm | 6 +- .../patches/linux-libre-CVE-2016-0728.patch | 84 ++++++++++++++++++++++ 3 files changed, 90 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/linux-libre-CVE-2016-0728.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 74e65c7b5e..c5e8940054 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -1,7 +1,7 @@ # GNU Guix --- Functional package management for GNU # Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès # Copyright © 2013, 2014, 2015, 2016 Andreas Enge -# Copyright © 2013, 2014, 2015 Mark H Weaver +# Copyright © 2013, 2014, 2015, 2016 Mark H Weaver # # This file is part of GNU Guix. # @@ -565,6 +565,7 @@ dist_patch_DATA = \ gnu/packages/patches/libwmf-CVE-2015-4695.patch \ gnu/packages/patches/libwmf-CVE-2015-4696.patch \ gnu/packages/patches/libxslt-CVE-2015-7995.patch \ + gnu/packages/patches/linux-libre-CVE-2016-0728.patch \ gnu/packages/patches/lirc-localstatedir.patch \ gnu/packages/patches/libpthread-glibc-preparation.patch \ gnu/packages/patches/lm-sensors-hwmon-attrs.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 09014d6076..579df02c37 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès ;;; Copyright © 2013, 2014, 2015 Andreas Enge ;;; Copyright © 2012 Nikita Karetnikov -;;; Copyright © 2014, 2015 Mark H Weaver +;;; Copyright © 2014, 2015, 2016 Mark H Weaver ;;; Copyright © 2015 Federico Beffa ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer ;;; Copyright © 2015 Efraim Flashner @@ -286,7 +286,9 @@ for SYSTEM, or #f if there is no configuration for SYSTEM." (uri (linux-libre-urls version)) (sha256 (base32 - "1839xsaifs7vvyblzin8jps0gqi10xmz1l9p4x0j27vmdj39jgpm")))) + "1839xsaifs7vvyblzin8jps0gqi10xmz1l9p4x0j27vmdj39jgpm")) + (patches + (list (search-patch "linux-libre-CVE-2016-0728.patch"))))) (build-system gnu-build-system) (supported-systems '("x86_64-linux" "i686-linux")) (native-inputs `(("perl" ,perl) diff --git a/gnu/packages/patches/linux-libre-CVE-2016-0728.patch b/gnu/packages/patches/linux-libre-CVE-2016-0728.patch new file mode 100644 index 0000000000..254d6c1aea --- /dev/null +++ b/gnu/packages/patches/linux-libre-CVE-2016-0728.patch @@ -0,0 +1,84 @@ +Copied from +https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 + +From 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 Mon Sep 17 00:00:00 2001 +From: Yevgeny Pats +Date: Tue, 19 Jan 2016 22:09:04 +0000 +Subject: KEYS: Fix keyring ref leak in join_session_keyring() + +This fixes CVE-2016-0728. + +If a thread is asked to join as a session keyring the keyring that's already +set as its session, we leak a keyring reference. + +This can be tested with the following program: + + #include + #include + #include + #include + + int main(int argc, const char *argv[]) + { + int i = 0; + key_serial_t serial; + + serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, + "leaked-keyring"); + if (serial < 0) { + perror("keyctl"); + return -1; + } + + if (keyctl(KEYCTL_SETPERM, serial, + KEY_POS_ALL | KEY_USR_ALL) < 0) { + perror("keyctl"); + return -1; + } + + for (i = 0; i < 100; i++) { + serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, + "leaked-keyring"); + if (serial < 0) { + perror("keyctl"); + return -1; + } + } + + return 0; + } + +If, after the program has run, there something like the following line in +/proc/keys: + +3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty + +with a usage count of 100 * the number of times the program has been run, +then the kernel is malfunctioning. If leaked-keyring has zero usages or +has been garbage collected, then the problem is fixed. + +Reported-by: Yevgeny Pats +Signed-off-by: David Howells +Acked-by: Don Zickus +Acked-by: Prarit Bhargava +Acked-by: Jarod Wilson +Signed-off-by: James Morris +--- + security/keys/process_keys.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c +index a3f85d2..e6d50172 100644 +--- a/security/keys/process_keys.c ++++ b/security/keys/process_keys.c +@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) + ret = PTR_ERR(keyring); + goto error2; + } else if (keyring == new->session_keyring) { ++ key_put(keyring); + ret = 0; + goto error2; + } +-- +cgit v0.12 + -- cgit v1.2.3 From 7ed0145712327955c14d2b3112c496a18405ee64 Mon Sep 17 00:00:00 2001 From: Eric Bavier Date: Sun, 17 Jan 2016 02:03:53 -0600 Subject: gnu: Add NQC. * gnu/packages/lego.scm: New file. * gnu-system.am (GNU_SYSTEM_MODULES): Add it. --- gnu-system.am | 1 + gnu/packages/lego.scm | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 gnu/packages/lego.scm (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index c5e8940054..aeb0d0f4dc 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -177,6 +177,7 @@ GNU_SYSTEM_MODULES = \ gnu/packages/kodi.scm \ gnu/packages/language.scm \ gnu/packages/ldc.scm \ + gnu/packages/lego.scm \ gnu/packages/less.scm \ gnu/packages/lesstif.scm \ gnu/packages/libcanberra.scm \ diff --git a/gnu/packages/lego.scm b/gnu/packages/lego.scm new file mode 100644 index 0000000000..d47be5dfb4 --- /dev/null +++ b/gnu/packages/lego.scm @@ -0,0 +1,67 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016 Eric Bavier +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages lego) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix download) + #:use-module (guix packages) + #:use-module (guix build-system gnu) + #:use-module (gnu packages) + #:use-module (gnu packages bison) + #:use-module (gnu packages flex)) + +(define-public nqc + (package + (name "nqc") + (version "3.1.r6") + (source (origin + (method url-fetch) + (uri (string-append "http://bricxcc.sourceforge.net/nqc/release/" + "nqc-" version ".tgz")) + (sha256 + (base32 + "0rp7pzr8xrdxpv75c2mi8zszzz2ypli4vvzxiic7mbrryrafdmdz")))) + (build-system gnu-build-system) + (native-inputs + `(("bison" ,bison) + ("flex" ,flex))) + (arguments + '(#:tests? #f ;no tests + #:make-flags (list (string-append "PREFIX=" %output)) + #:phases (modify-phases %standard-phases + (delete 'configure) + (add-before 'build 'rm-generated + ;; Regenerating compiler/lexer.cpp avoids an 'undefined + ;; reference to `isatty(int)'' error. + (lambda _ + (for-each delete-file + '("compiler/lexer.cpp" + "compiler/parse.cpp")) + #t)) + (add-after 'unpack 'deal-with-tarbomb + (lambda _ + (chdir "..") ;tarbomb + #t))))) + (home-page "http://bricxcc.sourceforge.net/nqc/") + (synopsis "C-like language for Lego's MINDSTORMS") + (description + "Not Quite C (NQC) is a simple language for programming several Lego +MINDSTORMS products. The preprocessor and control structures of NQC are very +similar to C. NQC is not a general purpose language -- there are many +restrictions that stem from limitations of the standard RCX firmware.") + (license license:mpl1.0))) -- cgit v1.2.3 From 94ce537eacaa443df57bef14ceaa0d7fdad86071 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Tue, 19 Jan 2016 14:29:19 +0100 Subject: gnu: Add TopHat. * gnu/packages/bioinformatics.scm (tophat): New variable. * gnu/packages/patches/tophat-build-with-later-seqan.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. --- gnu-system.am | 1 + gnu/packages/bioinformatics.scm | 67 ++++++++++++++++++++++ .../patches/tophat-build-with-later-seqan.patch | 24 ++++++++ 3 files changed, 92 insertions(+) create mode 100644 gnu/packages/patches/tophat-build-with-later-seqan.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index aeb0d0f4dc..3426056925 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -681,6 +681,7 @@ dist_patch_DATA = \ gnu/packages/patches/tidy-CVE-2015-5522+5523.patch \ gnu/packages/patches/tinyxml-use-stl.patch \ gnu/packages/patches/tk-find-library.patch \ + gnu/packages/patches/tophat-build-with-later-seqan.patch \ gnu/packages/patches/torsocks-dns-test.patch \ gnu/packages/patches/tvtime-gcc41.patch \ gnu/packages/patches/tvtime-pngoutput.patch \ diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index fa2bea732c..f9b0d75613 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -654,6 +654,73 @@ gapped, local, and paired-end alignment modes.") (supported-systems '("x86_64-linux")) (license license:gpl3+))) +(define-public tophat + (package + (name "tophat") + (version "2.1.0") + (source (origin + (method url-fetch) + (uri (string-append + "http://ccb.jhu.edu/software/tophat/downloads/tophat-" + version ".tar.gz")) + (sha256 + (base32 + "168zlzykq622zbgkh90a90f1bdgsxkscq2zxzbj8brq80hbjpyp7")) + (patches (list (search-patch "tophat-build-with-later-seqan.patch"))) + (modules '((guix build utils))) + (snippet + '(begin + ;; Remove bundled SeqAn and samtools + (delete-file-recursively "src/SeqAn-1.3") + (delete-file-recursively "src/samtools-0.1.18") + #t)))) + (build-system gnu-build-system) + (arguments + '(#:parallel-build? #f ; not supported + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'use-system-samtools + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "src/Makefile.in" + (("(noinst_LIBRARIES = )\\$\\(SAMLIB\\)" _ prefix) prefix) + (("\\$\\(SAMPROG\\): \\$\\(SAMLIB\\)") "") + (("SAMPROG = samtools_0\\.1\\.18") "") + (("\\$\\(samtools_0_1_18_SOURCES\\)") "") + (("am__EXEEXT_1 = samtools_0\\.1\\.18\\$\\(EXEEXT\\)") "")) + (substitute* '("src/common.cpp" + "src/tophat.py") + (("samtools_0.1.18") (which "samtools"))) + (substitute* '("src/common.h" + "src/bam2fastx.cpp") + (("#include \"bam.h\"") "#include ") + (("#include \"sam.h\"") "#include ")) + (substitute* '("src/bwt_map.h" + "src/map2gtf.h" + "src/align_status.h") + (("#include ") "#include ") + (("#include ") "#include ")) + #t))))) + (inputs + `(("boost" ,boost) + ("bowtie" ,bowtie) + ("samtools" ,samtools-0.1) + ("ncurses" ,ncurses) + ("python" ,python-2) + ("perl" ,perl) + ("zlib" ,zlib) + ("seqan" ,seqan))) + (home-page "http://ccb.jhu.edu/software/tophat/index.shtml") + (synopsis "Spliced read mapper for RNA-Seq data") + (description + "TopHat is a fast splice junction mapper for nucleotide sequence +reads produced by the RNA-Seq method. It aligns RNA-Seq reads to +mammalian-sized genomes using the ultra high-throughput short read +aligner Bowtie, and then analyzes the mapping results to identify +splice junctions between exons.") + ;; TopHat is released under the Boost Software License, Version 1.0 + ;; See https://github.com/infphilo/tophat/issues/11#issuecomment-121589893 + (license license:boost1.0))) + (define-public bwa (package (name "bwa") diff --git a/gnu/packages/patches/tophat-build-with-later-seqan.patch b/gnu/packages/patches/tophat-build-with-later-seqan.patch new file mode 100644 index 0000000000..fc742e2a7d --- /dev/null +++ b/gnu/packages/patches/tophat-build-with-later-seqan.patch @@ -0,0 +1,24 @@ +This patch resolves a build failure when building TopHat 2.1.0 with SeqAn 1.4. +This is the relevant part of a patch originally posted here: +https://lists.fu-berlin.de/pipermail/seqan-dev/2014-July/msg00001.html + +--- a/src/segment_juncs.cpp ++++ b/src/segment_juncs.cpp +@@ -2050,10 +2050,13 @@ void juncs_from_ref_segs(RefSequenceTabl + typedef map MotifMap; + + MotifMap ims; +- +- seqan::DnaStringReverseComplement rev_donor_dinuc(donor_dinuc); +- seqan::DnaStringReverseComplement rev_acceptor_dinuc(acceptor_dinuc); +- ++ ++ typedef seqan::ModifiedString< ++ seqan::ModifiedString > >, ++ seqan::ModReverse> ConstDnaStringReverseComplement; ++ ConstDnaStringReverseComplement rev_donor_dinuc(donor_dinuc); ++ ConstDnaStringReverseComplement rev_acceptor_dinuc(acceptor_dinuc); ++ + if (talkative) + fprintf(stderr, "Collecting potential splice sites in islands\n"); + -- cgit v1.2.3