From 96c90474c0cbfe88d1dccb9cb52a0f1b3a1505e7 Mon Sep 17 00:00:00 2001 From: Timothy Sample Date: Mon, 4 Mar 2019 09:52:49 -0500 Subject: gnu: Add configuration for depthcharge bootloader. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/bootloader/depthcharge: New file. * gnu/local.mk [GNU_SYSTEM_MODULES]: Adjust accordingly. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 45598d4e14..6c925f2328 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -46,6 +46,7 @@ GNU_SYSTEM_MODULES = \ %D%/bootloader/grub.scm \ %D%/bootloader/extlinux.scm \ %D%/bootloader/u-boot.scm \ + %D%/bootloader/depthcharge.scm \ %D%/ci.scm \ %D%/packages.scm \ %D%/packages/abduco.scm \ -- cgit v1.2.3 From 6d01a7f4c45716e72bab1231c4cb8c07e4e3fbd7 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 2 Apr 2019 14:49:47 -0400 Subject: gnu: ntfs-3g: Fix CVE-2019-9755. * gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (ntfs-3g)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 1 + gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch | 72 ++++++++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 6c925f2328..586be80eb7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1086,6 +1086,7 @@ dist_patch_DATA = \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-pkgconfig.patch \ + %D%/packages/patches/ntfs-3g-CVE-2019-9755.patch \ %D%/packages/patches/nvi-assume-preserve-path.patch \ %D%/packages/patches/nvi-dbpagesize-binpower.patch \ %D%/packages/patches/nvi-db4.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index d547fb37b6..06bf8095be 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3641,6 +3641,7 @@ from userspace.") (method url-fetch) (uri (string-append "https://tuxera.com/opensource/" "ntfs-3g_ntfsprogs-" version ".tgz")) + (patches (search-patches "ntfs-3g-CVE-2019-9755.patch")) (sha256 (base32 "1mb228p80hv97pgk3myyvgp975r9mxq56c6bdn1n24kngcfh4niy")) diff --git a/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch new file mode 100644 index 0000000000..a7794aed47 --- /dev/null +++ b/gnu/packages/patches/ntfs-3g-CVE-2019-9755.patch @@ -0,0 +1,72 @@ +Fix CVE-2019-9755: + +https://security-tracker.debian.org/tracker/CVE-2019-9755 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9755 + +Patch copied from upstream source repository: + +https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/ + +From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Wed, 19 Dec 2018 15:57:50 +0100 +Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint + +The size check was inefficient because getcwd() uses an unsigned int +argument. +--- + src/lowntfs-3g.c | 6 +++++- + src/ntfs-3g.c | 6 +++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c +index 993867fa..0660439b 100644 +--- a/src/lowntfs-3g.c ++++ b/src/lowntfs-3g.c +@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c +index 6ce89fef..4e0912ae 100644 +--- a/src/ntfs-3g.c ++++ b/src/ntfs-3g.c +@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +-- +2.21.0 + -- cgit v1.2.3 From a7ad4505b7a09f32e2727a333e11716739efb713 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 4 Apr 2019 13:23:08 +0200 Subject: build: Always ship the (gnu installer …) modules. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes . Reported by Jonathan Brielmaier . * gnu/local.mk (INSTALLER_MODULES): New variable. (GNU_SYSTEM_MODULES, MODULES_NOT_COMPILED): Append $(INSTALLER_MODULES) conditionally. --- gnu/local.mk | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 586be80eb7..ecb7f9c8d0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -584,9 +584,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/virtualization.scm \ %D%/tests/web.scm -if ENABLE_INSTALLER - -GNU_SYSTEM_MODULES += \ +INSTALLER_MODULES = \ %D%/installer.scm \ %D%/installer/connman.scm \ %D%/installer/final.scm \ @@ -618,13 +616,19 @@ GNU_SYSTEM_MODULES += \ %D%/installer/newt/welcome.scm \ %D%/installer/newt/wifi.scm +# Always ship the installer modules but compile them only when +# ENABLE_INSTALLER is true. +if ENABLE_INSTALLER +GNU_SYSTEM_MODULES += $(INSTALLER_MODULES) +elif !ENABLE_INSTALLER +MODULES_NOT_COMPILED += $(INSTALLER_MODULES) +endif + installerdir = $(guilemoduledir)/%D%/installer dist_installer_DATA = \ %D%/installer/aux-files/logo.txt \ %D%/installer/aux-files/SUPPORTED -endif ENABLE_INSTALLER - # Modules that do not need to be compiled. MODULES_NOT_COMPILED += \ %D%/build/shepherd.scm \ -- cgit v1.2.3 From 804744b338455b0ab8775351f757427047314139 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 4 Apr 2019 14:27:28 +0200 Subject: gnu: Add (gnu packages haskell-apps). * gnu/packages/version-control.scm (darcs, git-annex): Move to... * gnu/packages/haskell-apps.scm: ... here. New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/packages/haskell-apps.scm | 265 +++++++++++++++++++++++++++++++++++++++ gnu/packages/version-control.scm | 231 ---------------------------------- 3 files changed, 266 insertions(+), 231 deletions(-) create mode 100644 gnu/packages/haskell-apps.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index ecb7f9c8d0..4f23c7f9ee 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -231,6 +231,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/gxmessage.scm \ %D%/packages/hardware.scm \ %D%/packages/haskell.scm \ + %D%/packages/haskell-apps.scm \ %D%/packages/haskell-check.scm \ %D%/packages/haskell-crypto.scm \ %D%/packages/haskell-web.scm \ diff --git a/gnu/packages/haskell-apps.scm b/gnu/packages/haskell-apps.scm new file mode 100644 index 0000000000..7085c83161 --- /dev/null +++ b/gnu/packages/haskell-apps.scm @@ -0,0 +1,265 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2015, 2017, 2018 Ricardo Wurmus +;;; Copyright © 2016, 2017, 2018 ng0 +;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice +;;; Copyright © 2018 Timothy Sample +;;; Copyright © 2018 Arun Isaac +;;; Copyright © 2016, 2017 Leo Famulari +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages haskell-apps) + #:use-module (guix download) + #:use-module (guix packages) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix build-system haskell) + #:use-module (gnu packages base) + #:use-module (gnu packages curl) + #:use-module (gnu packages haskell) + #:use-module (gnu packages haskell-check) + #:use-module (gnu packages haskell-crypto) + #:use-module (gnu packages haskell-web) + #:use-module (gnu packages ncurses) + #:use-module (gnu packages perl) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages rsync) + #:use-module (gnu packages version-control)) + +;; Darcs has no https support: http://irclog.perlgeek.de/darcs/2016-09-17 +;; http://darcs.net/manual/Configuring_darcs.html#SECTION00440070000000000000 +;; and results of search engines will show that if the protocol is http, https +;; is never mentioned. +(define-public darcs + (package + (name "darcs") + (version "2.14.2") + (source + (origin + (method url-fetch) + (uri (string-append "https://hackage.haskell.org/package/darcs/" + "darcs-" version ".tar.gz")) + (sha256 + (base32 + "0zm2486gyhiga1amclbg92cd09bvki6vgh0ll75hv5kl72j61lb5")) + (modules '((guix build utils))) + ;; Remove time-dependent code for reproducibility. + (snippet + '(begin + (substitute* "darcs/darcs.hs" + (("__DATE__") "\"1970-01-01\"") + (("__TIME__") "\"00:00:00\"")) + #t)))) + (build-system haskell-build-system) + (arguments + `(#:configure-flags '("-fpkgconfig" "-fcurl" "-flibiconv" "-fthreaded" + "-fnetwork-uri" "-fhttp" "--flag=executable" + "--flag=library") + #:phases + (modify-phases %standard-phases + (add-after 'patch-source-shebangs 'patch-sh + (lambda _ + (substitute* "tests/issue538.sh" + (("/bin/sh") (which "sh"))) + #t))))) + (inputs + `(("ghc-cmdargs" ,ghc-cmdargs) + ("ghc-split" ,ghc-split) + ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2) + ("ghc-test-framework-hunit" ,ghc-test-framework-hunit) + ("ghc-test-framework" ,ghc-test-framework) + ("ghc-quickcheck" ,ghc-quickcheck) + ("ghc-findbin" ,ghc-findbin) + ("ghc-hunit" ,ghc-hunit) + ("ghc-async" ,ghc-async) + ("ghc-attoparsec" ,ghc-attoparsec) + ("ghc-base16-bytestring" ,ghc-base16-bytestring) + ("ghc-bytestring-builder" ,ghc-bytestring-builder) + ("ghc-cryptohash" ,ghc-cryptohash) + ("ghc-data-ordlist" ,ghc-data-ordlist) + ("ghc-fgl" ,ghc-fgl) + ("ghc-system-filepath" ,ghc-system-filepath) + ("ghc-graphviz" ,ghc-graphviz) + ("ghc-hashable" ,ghc-hashable) + ("ghc-html" ,ghc-html) + ("ghc-mmap" ,ghc-mmap) + ("ghc-old-time" ,ghc-old-time) + ("ghc-parsec" ,ghc-parsec) + ("ghc-random" ,ghc-random) + ("ghc-regex-applicative" ,ghc-regex-applicative) + ("ghc-regex-compat-tdfa" ,ghc-regex-compat-tdfa) + ("ghc-sandi" ,ghc-sandi) + ("ghc-shelly" ,ghc-shelly) + ("ghc-tar" ,ghc-tar) + ("ghc-transformers-compat" ,ghc-transformers-compat) + ("ghc-unix-compat" ,ghc-unix-compat) + ("ghc-utf8-string" ,ghc-utf8-string) + ("ghc-vector" ,ghc-vector) + ("ghc-zip-archive" ,ghc-zip-archive) + ("ghc-zlib" ,ghc-zlib) + ("ghc-http" ,ghc-http) + ("curl" ,curl) + ("ghc" ,ghc) + ("ncurses" ,ncurses) + ("perl" ,perl) + ("libiconv" ,libiconv) + ("ghc-network" ,ghc-network) + ("ghc-network-uri" ,ghc-network-uri))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "http://darcs.net") + (synopsis "Distributed Revision Control System") + (description + "Darcs is a revision control system. It is: + +@enumerate +@item Distributed: Every user has access to the full command set, removing boundaries +between server and client or committer and non-committers. +@item Interactive: Darcs is easy to learn and efficient to use because it asks you +questions in response to simple commands, giving you choices in your work flow. +You can choose to record one change in a file, while ignoring another. As you update +from upstream, you can review each patch name, even the full diff for interesting +patches. +@item Smart: Originally developed by physicist David Roundy, darcs is based on a +unique algebra of patches called @url{http://darcs.net/Theory,Patchtheory}. +@end enumerate") + (license license:gpl2))) + +(define-public git-annex + (package + (name "git-annex") + (version "6.20180926") + (source + (origin + (method url-fetch) + (uri (string-append "https://hackage.haskell.org/package/" + "git-annex/git-annex-" version ".tar.gz")) + (sha256 + (base32 + "1251rj8h63y30sfqk0zh670yhz14p256y59n3590pg015pf3575d")))) + (build-system haskell-build-system) + (arguments + `(#:configure-flags + '("--flags=-Android -Assistant -Pairing -S3 -Webapp -WebDAV") + #:phases + (modify-phases %standard-phases + (add-before 'configure 'patch-shell + (lambda _ + (substitute* "Utility/Shell.hs" + (("/bin/sh") (which "sh"))) + #t)) + (add-before 'configure 'factor-setup + (lambda _ + ;; Factor out necessary build logic from the provided + ;; `Setup.hs' script. The script as-is does not work because + ;; it cannot find its dependencies, and there is no obvious way + ;; to tell it where to look. Note that we do not preserve the + ;; code that installs man pages here. + (call-with-output-file "PreConf.hs" + (lambda (out) + (format out "import qualified Build.Configure as Configure~%") + (format out "main = Configure.run Configure.tests~%"))) + (call-with-output-file "Setup.hs" + (lambda (out) + (format out "import Distribution.Simple~%") + (format out "main = defaultMain~%"))) + #t)) + (add-before 'configure 'pre-configure + (lambda _ + (invoke "runhaskell" "PreConf.hs") + #t)) + (replace 'check + (lambda _ + ;; We need to set the path so that Git recognizes + ;; `git annex' as a custom command. + (setenv "PATH" (string-append (getenv "PATH") ":" + (getcwd) "/dist/build/git-annex")) + (with-directory-excursion "dist/build/git-annex" + (symlink "git-annex" "git-annex-shell")) + (invoke "git-annex" "test") + #t)) + (add-after 'install 'install-symlinks + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin"))) + (symlink (string-append bin "/git-annex") + (string-append bin "/git-annex-shell")) + (symlink (string-append bin "/git-annex") + (string-append bin "/git-remote-tor-annex")) + #t)))))) + (inputs + `(("curl" ,curl) + ("ghc-aeson" ,ghc-aeson) + ("ghc-async" ,ghc-async) + ("ghc-bloomfilter" ,ghc-bloomfilter) + ("ghc-byteable" ,ghc-byteable) + ("ghc-case-insensitive" ,ghc-case-insensitive) + ("ghc-crypto-api" ,ghc-crypto-api) + ("ghc-cryptonite" ,ghc-cryptonite) + ("ghc-data-default" ,ghc-data-default) + ("ghc-disk-free-space" ,ghc-disk-free-space) + ("ghc-dlist" ,ghc-dlist) + ("ghc-edit-distance" ,ghc-edit-distance) + ("ghc-esqueleto" ,ghc-esqueleto) + ("ghc-exceptions" ,ghc-exceptions) + ("ghc-feed" ,ghc-feed) + ("ghc-free" ,ghc-free) + ("ghc-hslogger" ,ghc-hslogger) + ("ghc-http-client" ,ghc-http-client) + ("ghc-http-conduit" ,ghc-http-conduit) + ("ghc-http-types" ,ghc-http-types) + ("ghc-ifelse" ,ghc-ifelse) + ("ghc-memory" ,ghc-memory) + ("ghc-monad-control" ,ghc-monad-control) + ("ghc-monad-logger" ,ghc-monad-logger) + ("ghc-network" ,ghc-network) + ("ghc-old-locale" ,ghc-old-locale) + ("ghc-optparse-applicative" ,ghc-optparse-applicative) + ("ghc-persistent" ,ghc-persistent) + ("ghc-persistent-sqlite" ,ghc-persistent-sqlite) + ("ghc-persistent-template" ,ghc-persistent-template) + ("ghc-quickcheck" ,ghc-quickcheck) + ("ghc-random" ,ghc-random) + ("ghc-regex-tdfa" ,ghc-regex-tdfa) + ("ghc-resourcet" ,ghc-resourcet) + ("ghc-safesemaphore" ,ghc-safesemaphore) + ("ghc-sandi" ,ghc-sandi) + ("ghc-securemem" ,ghc-securemem) + ("ghc-socks" ,ghc-socks) + ("ghc-split" ,ghc-split) + ("ghc-stm" ,ghc-stm) + ("ghc-stm-chans" ,ghc-stm-chans) + ("ghc-tagsoup" ,ghc-tagsoup) + ("ghc-text" ,ghc-text) + ("ghc-unix-compat" ,ghc-unix-compat) + ("ghc-unordered-containers" ,ghc-unordered-containers) + ("ghc-utf8-string" ,ghc-utf8-string) + ("ghc-uuid" ,ghc-uuid) + ("git" ,git) + ("rsync" ,rsync))) + (native-inputs + `(("ghc-tasty" ,ghc-tasty) + ("ghc-tasty-hunit" ,ghc-tasty-hunit) + ("ghc-tasty-quickcheck" ,ghc-tasty-quickcheck) + ("ghc-tasty-rerun" ,ghc-tasty-rerun))) + (home-page "https://git-annex.branchable.com/") + (synopsis "Manage files with Git, without checking in their contents") + (description "This package allows managing files with Git, without +checking the file contents into Git. It can store files in many places, +such as local hard drives and cloud storage services. It can also be +used to keep a folder in sync between computers.") + ;; The web app is released under the AGPLv3+. + (license (list license:gpl3+ + license:agpl3+)))) diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index db096d8587..56d631fb2d 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -48,7 +48,6 @@ #:use-module (guix build-system ant) #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) - #:use-module (guix build-system haskell) #:use-module (guix build-system python) #:use-module (guix build-system trivial) #:use-module (gnu packages apr) @@ -69,10 +68,6 @@ #:use-module (gnu packages gl) #:use-module (gnu packages groff) #:use-module (gnu packages guile) - #:use-module (gnu packages haskell) - #:use-module (gnu packages haskell-check) - #:use-module (gnu packages haskell-crypto) - #:use-module (gnu packages haskell-web) #:use-module (gnu packages image) #:use-module (gnu packages java) #:use-module (gnu packages linux) @@ -1959,105 +1954,6 @@ a built-in wiki, built-in file browsing, built-in tickets system, etc.") be served with a HTTP file server of your choice.") (license license:expat))) -;; Darcs has no https support: http://irclog.perlgeek.de/darcs/2016-09-17 -;; http://darcs.net/manual/Configuring_darcs.html#SECTION00440070000000000000 -;; and results of search engines will show that if the protocol is http, https -;; is never mentioned. -(define-public darcs - (package - (name "darcs") - (version "2.14.2") - (source - (origin - (method url-fetch) - (uri (string-append "https://hackage.haskell.org/package/darcs/" - "darcs-" version ".tar.gz")) - (sha256 - (base32 - "0zm2486gyhiga1amclbg92cd09bvki6vgh0ll75hv5kl72j61lb5")) - (modules '((guix build utils))) - ;; Remove time-dependent code for reproducibility. - (snippet - '(begin - (substitute* "darcs/darcs.hs" - (("__DATE__") "\"1970-01-01\"") - (("__TIME__") "\"00:00:00\"")) - #t)))) - (build-system haskell-build-system) - (arguments - `(#:configure-flags '("-fpkgconfig" "-fcurl" "-flibiconv" "-fthreaded" - "-fnetwork-uri" "-fhttp" "--flag=executable" - "--flag=library") - #:phases - (modify-phases %standard-phases - (add-after 'patch-source-shebangs 'patch-sh - (lambda _ - (substitute* "tests/issue538.sh" - (("/bin/sh") (which "sh"))) - #t))))) - (inputs - `(("ghc-cmdargs" ,ghc-cmdargs) - ("ghc-split" ,ghc-split) - ("ghc-test-framework-quickcheck2" ,ghc-test-framework-quickcheck2) - ("ghc-test-framework-hunit" ,ghc-test-framework-hunit) - ("ghc-test-framework" ,ghc-test-framework) - ("ghc-quickcheck" ,ghc-quickcheck) - ("ghc-findbin" ,ghc-findbin) - ("ghc-hunit" ,ghc-hunit) - ("ghc-async" ,ghc-async) - ("ghc-attoparsec" ,ghc-attoparsec) - ("ghc-base16-bytestring" ,ghc-base16-bytestring) - ("ghc-bytestring-builder" ,ghc-bytestring-builder) - ("ghc-cryptohash" ,ghc-cryptohash) - ("ghc-data-ordlist" ,ghc-data-ordlist) - ("ghc-fgl" ,ghc-fgl) - ("ghc-system-filepath" ,ghc-system-filepath) - ("ghc-graphviz" ,ghc-graphviz) - ("ghc-hashable" ,ghc-hashable) - ("ghc-html" ,ghc-html) - ("ghc-mmap" ,ghc-mmap) - ("ghc-old-time" ,ghc-old-time) - ("ghc-parsec" ,ghc-parsec) - ("ghc-random" ,ghc-random) - ("ghc-regex-applicative" ,ghc-regex-applicative) - ("ghc-regex-compat-tdfa" ,ghc-regex-compat-tdfa) - ("ghc-sandi" ,ghc-sandi) - ("ghc-shelly" ,ghc-shelly) - ("ghc-tar" ,ghc-tar) - ("ghc-transformers-compat" ,ghc-transformers-compat) - ("ghc-unix-compat" ,ghc-unix-compat) - ("ghc-utf8-string" ,ghc-utf8-string) - ("ghc-vector" ,ghc-vector) - ("ghc-zip-archive" ,ghc-zip-archive) - ("ghc-zlib" ,ghc-zlib) - ("ghc-http" ,ghc-http) - ("curl" ,curl) - ("ghc" ,ghc) - ("ncurses" ,ncurses) - ("perl" ,perl) - ("libiconv" ,libiconv) - ("ghc-network" ,ghc-network) - ("ghc-network-uri" ,ghc-network-uri))) - (native-inputs - `(("pkg-config" ,pkg-config))) - (home-page "http://darcs.net") - (synopsis "Distributed Revision Control System") - (description - "Darcs is a revision control system. It is: - -@enumerate -@item Distributed: Every user has access to the full command set, removing boundaries -between server and client or committer and non-committers. -@item Interactive: Darcs is easy to learn and efficient to use because it asks you -questions in response to simple commands, giving you choices in your work flow. -You can choose to record one change in a file, while ignoring another. As you update -from upstream, you can review each patch name, even the full diff for interesting -patches. -@item Smart: Originally developed by physicist David Roundy, darcs is based on a -unique algebra of patches called @url{http://darcs.net/Theory,Patchtheory}. -@end enumerate") - (license license:gpl2))) - (define-public java-jgit (package (name "java-jgit") @@ -2221,133 +2117,6 @@ cases like all those little scripts in your @file{~/bin} directory, or a directory full of HOWTOs.") (license license:bsd-2))) -(define-public git-annex - (package - (name "git-annex") - (version "6.20180926") - (source - (origin - (method url-fetch) - (uri (string-append "https://hackage.haskell.org/package/" - "git-annex/git-annex-" version ".tar.gz")) - (sha256 - (base32 - "1251rj8h63y30sfqk0zh670yhz14p256y59n3590pg015pf3575d")))) - (build-system haskell-build-system) - (arguments - `(#:configure-flags - '("--flags=-Android -Assistant -Pairing -S3 -Webapp -WebDAV") - #:phases - (modify-phases %standard-phases - (add-before 'configure 'patch-shell - (lambda _ - (substitute* "Utility/Shell.hs" - (("/bin/sh") (which "sh"))) - #t)) - (add-before 'configure 'factor-setup - (lambda _ - ;; Factor out necessary build logic from the provided - ;; `Setup.hs' script. The script as-is does not work because - ;; it cannot find its dependencies, and there is no obvious way - ;; to tell it where to look. Note that we do not preserve the - ;; code that installs man pages here. - (call-with-output-file "PreConf.hs" - (lambda (out) - (format out "import qualified Build.Configure as Configure~%") - (format out "main = Configure.run Configure.tests~%"))) - (call-with-output-file "Setup.hs" - (lambda (out) - (format out "import Distribution.Simple~%") - (format out "main = defaultMain~%"))) - #t)) - (add-before 'configure 'pre-configure - (lambda _ - (invoke "runhaskell" "PreConf.hs") - #t)) - (replace 'check - (lambda _ - ;; We need to set the path so that Git recognizes - ;; `git annex' as a custom command. - (setenv "PATH" (string-append (getenv "PATH") ":" - (getcwd) "/dist/build/git-annex")) - (with-directory-excursion "dist/build/git-annex" - (symlink "git-annex" "git-annex-shell")) - (invoke "git-annex" "test") - #t)) - (add-after 'install 'install-symlinks - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (bin (string-append out "/bin"))) - (symlink (string-append bin "/git-annex") - (string-append bin "/git-annex-shell")) - (symlink (string-append bin "/git-annex") - (string-append bin "/git-remote-tor-annex")) - #t)))))) - (inputs - `(("curl" ,curl) - ("ghc-aeson" ,ghc-aeson) - ("ghc-async" ,ghc-async) - ("ghc-bloomfilter" ,ghc-bloomfilter) - ("ghc-byteable" ,ghc-byteable) - ("ghc-case-insensitive" ,ghc-case-insensitive) - ("ghc-crypto-api" ,ghc-crypto-api) - ("ghc-cryptonite" ,ghc-cryptonite) - ("ghc-data-default" ,ghc-data-default) - ("ghc-disk-free-space" ,ghc-disk-free-space) - ("ghc-dlist" ,ghc-dlist) - ("ghc-edit-distance" ,ghc-edit-distance) - ("ghc-esqueleto" ,ghc-esqueleto) - ("ghc-exceptions" ,ghc-exceptions) - ("ghc-feed" ,ghc-feed) - ("ghc-free" ,ghc-free) - ("ghc-hslogger" ,ghc-hslogger) - ("ghc-http-client" ,ghc-http-client) - ("ghc-http-conduit" ,ghc-http-conduit) - ("ghc-http-types" ,ghc-http-types) - ("ghc-ifelse" ,ghc-ifelse) - ("ghc-memory" ,ghc-memory) - ("ghc-monad-control" ,ghc-monad-control) - ("ghc-monad-logger" ,ghc-monad-logger) - ("ghc-network" ,ghc-network) - ("ghc-old-locale" ,ghc-old-locale) - ("ghc-optparse-applicative" ,ghc-optparse-applicative) - ("ghc-persistent" ,ghc-persistent) - ("ghc-persistent-sqlite" ,ghc-persistent-sqlite) - ("ghc-persistent-template" ,ghc-persistent-template) - ("ghc-quickcheck" ,ghc-quickcheck) - ("ghc-random" ,ghc-random) - ("ghc-regex-tdfa" ,ghc-regex-tdfa) - ("ghc-resourcet" ,ghc-resourcet) - ("ghc-safesemaphore" ,ghc-safesemaphore) - ("ghc-sandi" ,ghc-sandi) - ("ghc-securemem" ,ghc-securemem) - ("ghc-socks" ,ghc-socks) - ("ghc-split" ,ghc-split) - ("ghc-stm" ,ghc-stm) - ("ghc-stm-chans" ,ghc-stm-chans) - ("ghc-tagsoup" ,ghc-tagsoup) - ("ghc-text" ,ghc-text) - ("ghc-unix-compat" ,ghc-unix-compat) - ("ghc-unordered-containers" ,ghc-unordered-containers) - ("ghc-utf8-string" ,ghc-utf8-string) - ("ghc-uuid" ,ghc-uuid) - ("git" ,git) - ("rsync" ,rsync))) - (native-inputs - `(("ghc-tasty" ,ghc-tasty) - ("ghc-tasty-hunit" ,ghc-tasty-hunit) - ("ghc-tasty-quickcheck" ,ghc-tasty-quickcheck) - ("ghc-tasty-rerun" ,ghc-tasty-rerun))) - (home-page "https://git-annex.branchable.com/") - (synopsis "Manage files with Git, without checking in their contents") - (description "This package allows managing files with Git, without -checking the file contents into Git. It can store files in many places, -such as local hard drives and cloud storage services. It can also be -used to keep a folder in sync between computers.") - ;; The web app is released under the AGPLv3+. - (license (list license:gpl3+ - license:agpl3+)))) - (define-public git-when-merged ;; Use an unreleased version to get a PY3 compatibility fix. (let ((commit "ab6af7865a0ba55ba364a6c507e0be6f84f31c6d")) -- cgit v1.2.3 From aff0cce9175aaf836dd78941eb17549e3bfa7188 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 4 Apr 2019 15:14:57 +0200 Subject: gnu: Move nss & co. to nss.scm. * gnu/packages/gnuzilla.scm (nspr, nss): Move to... * gnu/packages/nss.scm: ... here. New file. * gnu/packages/chromium.scm, gnu/packages/disk.scm, gnu/packages/freedesktop.scm, gnu/packages/gnome.scm, gnu/packages/gnunet.scm, gnu/packages/java.scm, gnu/packages/libreoffice.scm, gnu/packages/linux.scm, gnu/packages/mate.scm, gnu/packages/openldap.scm, gnu/packages/package-management.scm, gnu/packages/password-utils.scm, gnu/packages/polkit.scm, gnu/packages/qt.scm, gnu/packages/sssd.scm, gnu/packages/storage.scm, gnu/packages/vpn.scm, gnu/packages/web.scm, gnu/packages/xml.scm: Adjust accordingly. * gnu/local.mk (GNU_SYSTEM_MODULES): Add nss.scm. --- gnu/local.mk | 1 + gnu/packages/chromium.scm | 2 +- gnu/packages/disk.scm | 2 +- gnu/packages/freedesktop.scm | 4 +- gnu/packages/gnome.scm | 1 + gnu/packages/gnunet.scm | 4 +- gnu/packages/gnuzilla.scm | 156 +----------------------------- gnu/packages/java.scm | 2 +- gnu/packages/libreoffice.scm | 4 +- gnu/packages/linux.scm | 2 +- gnu/packages/mate.scm | 2 +- gnu/packages/nss.scm | 184 ++++++++++++++++++++++++++++++++++++ gnu/packages/openldap.scm | 4 +- gnu/packages/package-management.scm | 2 +- gnu/packages/password-utils.scm | 2 +- gnu/packages/polkit.scm | 1 + gnu/packages/qt.scm | 2 +- gnu/packages/sssd.scm | 4 +- gnu/packages/storage.scm | 2 +- gnu/packages/vpn.scm | 4 +- gnu/packages/web.scm | 4 +- gnu/packages/xml.scm | 2 +- 22 files changed, 213 insertions(+), 178 deletions(-) create mode 100644 gnu/packages/nss.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 4f23c7f9ee..f9fd5d8fbc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -343,6 +343,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/ninja.scm \ %D%/packages/node.scm \ %D%/packages/noweb.scm \ + %D%/packages/nss.scm \ %D%/packages/ntp.scm \ %D%/packages/nutrition.scm \ %D%/packages/nvi.scm \ diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm index 2678e49ca7..033d0ded5b 100644 --- a/gnu/packages/chromium.scm +++ b/gnu/packages/chromium.scm @@ -40,7 +40,6 @@ #:use-module (gnu packages gl) #:use-module (gnu packages glib) #:use-module (gnu packages gnome) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gperf) #:use-module (gnu packages gtk) #:use-module (gnu packages icu4c) @@ -51,6 +50,7 @@ #:use-module (gnu packages kerberos) #:use-module (gnu packages ninja) #:use-module (gnu packages node) + #:use-module (gnu packages nss) #:use-module (gnu packages pciutils) #:use-module (gnu packages pkg-config) #:use-module (gnu packages pulseaudio) diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm index 006a381e26..e52c4614c1 100644 --- a/gnu/packages/disk.scm +++ b/gnu/packages/disk.scm @@ -46,11 +46,11 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gtk) #:use-module (gnu packages guile) #:use-module (gnu packages linux) #:use-module (gnu packages ncurses) + #:use-module (gnu packages nss) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) #:use-module (gnu packages popt) diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm index 56aeca0478..46971e03cb 100644 --- a/gnu/packages/freedesktop.scm +++ b/gnu/packages/freedesktop.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2015 Andreas Enge ;;; Copyright © 2015 Sou Bunnbu ;;; Copyright © 2015, 2017 Andy Wingo -;;; Copyright © 2015, 2016, 2017 Ludovic Courtès +;;; Copyright © 2015, 2016, 2017, 2019 Ludovic Courtès ;;; Copyright © 2015, 2017, 2018, 2019 Ricardo Wurmus ;;; Copyright © 2015 David Hashe ;;; Copyright © 2016, 2017 Efraim Flashner @@ -57,7 +57,6 @@ #:use-module (gnu packages gl) #:use-module (gnu packages glib) ;intltool #:use-module (gnu packages gnome) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gperf) #:use-module (gnu packages graphviz) #:use-module (gnu packages gtk) @@ -66,6 +65,7 @@ #:use-module (gnu packages libusb) #:use-module (gnu packages linux) #:use-module (gnu packages m4) + #:use-module (gnu packages nss) #:use-module (gnu packages perl) #:use-module (gnu packages perl-check) #:use-module (gnu packages pkg-config) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 60d64c18b2..63062183ac 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -110,6 +110,7 @@ #:use-module (gnu packages nettle) #:use-module (gnu packages networking) #:use-module (gnu packages ninja) + #:use-module (gnu packages nss) #:use-module (gnu packages openldap) #:use-module (gnu packages password-utils) #:use-module (gnu packages pcre) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 19e99644dd..09fad6a268 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015 Andreas Enge ;;; Copyright © 2014 Sree Harsha Totakura -;;; Copyright © 2015, 2017, 2018 Ludovic Courtès +;;; Copyright © 2015, 2017, 2018, 2019 Ludovic Courtès ;;; Copyright © 2015, 2017, 2019 Efraim Flashner ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2016 Mark H Weaver @@ -35,7 +35,6 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages groff) #:use-module (gnu packages gtk) #:use-module (gnu packages guile) @@ -48,6 +47,7 @@ #:use-module (gnu packages multiprecision) #:use-module (gnu packages music) #:use-module (gnu packages ncurses) + #:use-module (gnu packages nss) #:use-module (gnu packages package-management) #:use-module (gnu packages pkg-config) #:use-module (gnu packages perl) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 9b6e713d41..56b9310343 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2015 Andreas Enge -;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès ;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Mark H Weaver ;;; Copyright © 2015 Sou Bunnbu ;;; Copyright © 2016, 2017, 2018 Efraim Flashner @@ -45,7 +45,6 @@ #:use-module (gnu packages autotools) #:use-module (gnu packages base) #:use-module (gnu packages bash) - #:use-module (gnu packages check) #:use-module (gnu packages databases) #:use-module (gnu packages glib) #:use-module (gnu packages gtk) @@ -70,6 +69,7 @@ #:use-module (gnu packages assembly) #:use-module (gnu packages rust) #:use-module (gnu packages llvm) + #:use-module (gnu packages nss) #:use-module (gnu packages icu4c) #:use-module (gnu packages video) #:use-module (gnu packages xiph) @@ -404,158 +404,6 @@ in C/C++.") ("pkg-config" ,pkg-config) ("python" ,python-2))))) -(define-public nspr - (package - (name "nspr") - (version "4.20") - (source (origin - (method url-fetch) - (uri (string-append - "https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v" - version "/src/nspr-" version ".tar.gz")) - (sha256 - (base32 - "0vjms4j75zvv5b2siyafg7hh924ysx2cwjad8spzp7x87n8n929c")))) - (build-system gnu-build-system) - (native-inputs - `(("perl" ,perl))) - (arguments - `(#:tests? #f ; no check target - #:configure-flags (list "--enable-64bit" - (string-append "LDFLAGS=-Wl,-rpath=" - (assoc-ref %outputs "out") - "/lib")) - ;; Use fixed timestamps for reproducibility. - #:make-flags '("SH_DATE='1970-01-01 00:00:01'" - ;; This is epoch 1 in microseconds. - "SH_NOW=100000") - #:phases (modify-phases %standard-phases - (add-before 'configure 'chdir - (lambda _ (chdir "nspr") #t))))) - (home-page - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR") - (synopsis "Netscape API for system level and libc-like functions") - (description "Netscape Portable Runtime (@dfn{NSPR}) provides a -platform-neutral API for system level and libc-like functions. It is used -in the Mozilla clients.") - (license license:mpl2.0))) - -(define-public nss - (package - (name "nss") - (version "3.41") - (source (origin - (method url-fetch) - (uri (let ((version-with-underscores - (string-join (string-split version #\.) "_"))) - (string-append - "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" - "releases/NSS_" version-with-underscores "_RTM/src/" - "nss-" version ".tar.gz"))) - (sha256 - (base32 - "0bbif42fzz5gk451sv3yphdrl7m4p6zgk5jk0307j06xs3sihbmb")) - ;; Create nss.pc and nss-config. - (patches (search-patches "nss-pkgconfig.patch" - "nss-increase-test-timeout.patch")))) - (build-system gnu-build-system) - (outputs '("out" "bin")) - (arguments - `(#:parallel-build? #f ; not supported - #:make-flags - (let* ((out (assoc-ref %outputs "out")) - (nspr (string-append (assoc-ref %build-inputs "nspr"))) - (rpath (string-append "-Wl,-rpath=" out "/lib/nss"))) - (list "-C" "nss" (string-append "PREFIX=" out) - "NSDISTMODE=copy" - "NSS_USE_SYSTEM_SQLITE=1" - (string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr") - ;; Add $out/lib/nss to RPATH. - (string-append "RPATH=" rpath) - (string-append "LDFLAGS=" rpath))) - #:modules ((guix build gnu-build-system) - (guix build utils) - (ice-9 ftw) - (ice-9 match) - (srfi srfi-26)) - #:phases - (modify-phases %standard-phases - (replace 'configure - (lambda _ - (setenv "CC" "gcc") - ;; Tells NSS to build for the 64-bit ABI if we are 64-bit system. - ,@(match (%current-system) - ((or "x86_64-linux" "aarch64-linux") - `((setenv "USE_64" "1"))) - (_ - '())) - #t)) - (replace 'check - (lambda _ - ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for testing. - ;; The later requires a working DNS or /etc/hosts. - (setenv "DOMSUF" "localdomain") - (setenv "USE_IP" "TRUE") - (setenv "IP_ADDRESS" "127.0.0.1") - - ;; The "PayPalEE.cert" certificate expires every six months, - ;; leading to test failures: - ;; . To - ;; work around that, set the time to roughly the release date. - (invoke "faketime" "2018-12-01" "./nss/tests/all.sh"))) - (replace 'install - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (bin (string-append (assoc-ref outputs "bin") "/bin")) - (inc (string-append out "/include/nss")) - (lib (string-append out "/lib/nss")) - (obj (match (scandir "dist" (cut string-suffix? "OBJ" <>)) - ((obj) (string-append "dist/" obj))))) - ;; Install nss-config to $out/bin. - (install-file (string-append obj "/bin/nss-config") - (string-append out "/bin")) - (delete-file (string-append obj "/bin/nss-config")) - ;; Install nss.pc to $out/lib/pkgconfig. - (install-file (string-append obj "/lib/pkgconfig/nss.pc") - (string-append out "/lib/pkgconfig")) - (delete-file (string-append obj "/lib/pkgconfig/nss.pc")) - (rmdir (string-append obj "/lib/pkgconfig")) - ;; Install other files. - (copy-recursively "dist/public/nss" inc) - (copy-recursively (string-append obj "/bin") bin) - (copy-recursively (string-append obj "/lib") lib) - - ;; FIXME: libgtest1.so is installed in the above step, and it's - ;; (unnecessarily) linked with several NSS libraries, but - ;; without the needed rpaths, causing the 'validate-runpath' - ;; phase to fail. Here we simply delete libgtest1.so, since it - ;; seems to be used only during the tests. - (delete-file (string-append lib "/libgtest1.so")) - (delete-file (string-append lib "/libgtestutil.so")) - - #t)))))) - (inputs - `(("sqlite" ,sqlite) - ("zlib" ,zlib))) - (propagated-inputs `(("nspr" ,nspr))) ; required by nss.pc. - (native-inputs `(("perl" ,perl) - ("libfaketime" ,libfaketime))) ;for tests - - ;; The NSS test suite takes around 48 hours on Loongson 3A (MIPS) when - ;; another build is happening concurrently on the same machine. - (properties '((timeout . 216000))) ; 60 hours - - (home-page - "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS") - (synopsis "Network Security Services") - (description - "Network Security Services (@dfn{NSS}) is a set of libraries designed to -support cross-platform development of security-enabled client and server -applications. Applications built with NSS can support SSL v2 and v3, TLS, -PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other -security standards.") - (license license:mpl2.0))) - (define (mozilla-patch file-name changeset hash) "Return an origin for CHANGESET from the mozilla-esr60 repository." (origin diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 69b4c9b684..51c21b68cc 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -52,7 +52,6 @@ #:use-module (gnu packages gettext) #:use-module (gnu packages gcc) #:use-module (gnu packages gl) - #:use-module (gnu packages gnuzilla) ;nss #:use-module (gnu packages ghostscript) ;lcms #:use-module (gnu packages gnome) #:use-module (gnu packages groovy) @@ -64,6 +63,7 @@ #:use-module (gnu packages libffi) #:use-module (gnu packages linux) ;alsa #:use-module (gnu packages maths) + #:use-module (gnu packages nss) #:use-module (gnu packages onc-rpc) #:use-module (gnu packages web) #:use-module (gnu packages wget) diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm index 588b2f15c7..3b8fa514d1 100644 --- a/gnu/packages/libreoffice.scm +++ b/gnu/packages/libreoffice.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2017 Thomas Danckaert ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2017 Andy Wingo -;;; Copyright © 2017, 2018 Ludovic Courtès +;;; Copyright © 2017, 2018, 2019 Ludovic Courtès ;;; Copyright © 2017, 2018, 2019 Marius Bakke ;;; Copyright © 2017 Rutger Helling ;;; Copyright © 2018, 2019 Ricardo Wurmus @@ -59,7 +59,6 @@ #:use-module (gnu packages gnome) #:use-module (gnu packages gperf) #:use-module (gnu packages gnupg) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gstreamer) #:use-module (gnu packages gtk) #:use-module (gnu packages icu4c) @@ -67,6 +66,7 @@ #:use-module (gnu packages java) #:use-module (gnu packages linux) #:use-module (gnu packages maths) + #:use-module (gnu packages nss) #:use-module (gnu packages openldap) #:use-module (gnu packages pdf) #:use-module (gnu packages perl) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 06bf8095be..e8ee4df4f3 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -77,7 +77,6 @@ #:use-module (gnu packages gcc) #:use-module (gnu packages gettext) #:use-module (gnu packages glib) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gperf) #:use-module (gnu packages gtk) #:use-module (gnu packages libunwind) @@ -90,6 +89,7 @@ #:use-module (gnu packages nettle) #:use-module (gnu packages networking) #:use-module (gnu packages ninja) + #:use-module (gnu packages nss) #:use-module (gnu packages perl) #:use-module (gnu packages pciutils) #:use-module (gnu packages pkg-config) diff --git a/gnu/packages/mate.scm b/gnu/packages/mate.scm index cf8392a78b..6d157e6ec3 100644 --- a/gnu/packages/mate.scm +++ b/gnu/packages/mate.scm @@ -47,7 +47,6 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gtk) #:use-module (gnu packages image) #:use-module (gnu packages imagemagick) @@ -57,6 +56,7 @@ #:use-module (gnu packages linux) #:use-module (gnu packages messaging) #:use-module (gnu packages nettle) + #:use-module (gnu packages nss) #:use-module (gnu packages pkg-config) #:use-module (gnu packages pdf) #:use-module (gnu packages photo) diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm new file mode 100644 index 0000000000..5c75d3d163 --- /dev/null +++ b/gnu/packages/nss.scm @@ -0,0 +1,184 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès +;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Mark H Weaver +;;; Copyright © 2016, 2017, 2018 Efraim Flashner +;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages nss) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system gnu) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (gnu packages) + #:use-module (gnu packages check) + #:use-module (gnu packages compression) + #:use-module (gnu packages perl) + #:use-module (gnu packages sqlite) + #:use-module (ice-9 match)) + +(define-public nspr + (package + (name "nspr") + (version "4.20") + (source (origin + (method url-fetch) + (uri (string-append + "https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v" + version "/src/nspr-" version ".tar.gz")) + (sha256 + (base32 + "0vjms4j75zvv5b2siyafg7hh924ysx2cwjad8spzp7x87n8n929c")))) + (build-system gnu-build-system) + (native-inputs + `(("perl" ,perl))) + (arguments + `(#:tests? #f ; no check target + #:configure-flags (list "--enable-64bit" + (string-append "LDFLAGS=-Wl,-rpath=" + (assoc-ref %outputs "out") + "/lib")) + ;; Use fixed timestamps for reproducibility. + #:make-flags '("SH_DATE='1970-01-01 00:00:01'" + ;; This is epoch 1 in microseconds. + "SH_NOW=100000") + #:phases (modify-phases %standard-phases + (add-before 'configure 'chdir + (lambda _ (chdir "nspr") #t))))) + (home-page + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR") + (synopsis "Netscape API for system level and libc-like functions") + (description "Netscape Portable Runtime (@dfn{NSPR}) provides a +platform-neutral API for system level and libc-like functions. It is used +in the Mozilla clients.") + (license license:mpl2.0))) + +(define-public nss + (package + (name "nss") + (version "3.41") + (source (origin + (method url-fetch) + (uri (let ((version-with-underscores + (string-join (string-split version #\.) "_"))) + (string-append + "https://ftp.mozilla.org/pub/mozilla.org/security/nss/" + "releases/NSS_" version-with-underscores "_RTM/src/" + "nss-" version ".tar.gz"))) + (sha256 + (base32 + "0bbif42fzz5gk451sv3yphdrl7m4p6zgk5jk0307j06xs3sihbmb")) + ;; Create nss.pc and nss-config. + (patches (search-patches "nss-pkgconfig.patch" + "nss-increase-test-timeout.patch")))) + (build-system gnu-build-system) + (outputs '("out" "bin")) + (arguments + `(#:parallel-build? #f ; not supported + #:make-flags + (let* ((out (assoc-ref %outputs "out")) + (nspr (string-append (assoc-ref %build-inputs "nspr"))) + (rpath (string-append "-Wl,-rpath=" out "/lib/nss"))) + (list "-C" "nss" (string-append "PREFIX=" out) + "NSDISTMODE=copy" + "NSS_USE_SYSTEM_SQLITE=1" + (string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr") + ;; Add $out/lib/nss to RPATH. + (string-append "RPATH=" rpath) + (string-append "LDFLAGS=" rpath))) + #:modules ((guix build gnu-build-system) + (guix build utils) + (ice-9 ftw) + (ice-9 match) + (srfi srfi-26)) + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda _ + (setenv "CC" "gcc") + ;; Tells NSS to build for the 64-bit ABI if we are 64-bit system. + ,@(match (%current-system) + ((or "x86_64-linux" "aarch64-linux") + `((setenv "USE_64" "1"))) + (_ + '())) + #t)) + (replace 'check + (lambda _ + ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for testing. + ;; The later requires a working DNS or /etc/hosts. + (setenv "DOMSUF" "localdomain") + (setenv "USE_IP" "TRUE") + (setenv "IP_ADDRESS" "127.0.0.1") + + ;; The "PayPalEE.cert" certificate expires every six months, + ;; leading to test failures: + ;; . To + ;; work around that, set the time to roughly the release date. + (invoke "faketime" "2018-12-01" "./nss/tests/all.sh"))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append (assoc-ref outputs "bin") "/bin")) + (inc (string-append out "/include/nss")) + (lib (string-append out "/lib/nss")) + (obj (match (scandir "dist" (cut string-suffix? "OBJ" <>)) + ((obj) (string-append "dist/" obj))))) + ;; Install nss-config to $out/bin. + (install-file (string-append obj "/bin/nss-config") + (string-append out "/bin")) + (delete-file (string-append obj "/bin/nss-config")) + ;; Install nss.pc to $out/lib/pkgconfig. + (install-file (string-append obj "/lib/pkgconfig/nss.pc") + (string-append out "/lib/pkgconfig")) + (delete-file (string-append obj "/lib/pkgconfig/nss.pc")) + (rmdir (string-append obj "/lib/pkgconfig")) + ;; Install other files. + (copy-recursively "dist/public/nss" inc) + (copy-recursively (string-append obj "/bin") bin) + (copy-recursively (string-append obj "/lib") lib) + + ;; FIXME: libgtest1.so is installed in the above step, and it's + ;; (unnecessarily) linked with several NSS libraries, but + ;; without the needed rpaths, causing the 'validate-runpath' + ;; phase to fail. Here we simply delete libgtest1.so, since it + ;; seems to be used only during the tests. + (delete-file (string-append lib "/libgtest1.so")) + (delete-file (string-append lib "/libgtestutil.so")) + + #t)))))) + (inputs + `(("sqlite" ,sqlite) + ("zlib" ,zlib))) + (propagated-inputs `(("nspr" ,nspr))) ; required by nss.pc. + (native-inputs `(("perl" ,perl) + ("libfaketime" ,libfaketime))) ;for tests + + ;; The NSS test suite takes around 48 hours on Loongson 3A (MIPS) when + ;; another build is happening concurrently on the same machine. + (properties '((timeout . 216000))) ; 60 hours + + (home-page + "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS") + (synopsis "Network Security Services") + (description + "Network Security Services (@dfn{NSS}) is a set of libraries designed to +support cross-platform development of security-enabled client and server +applications. Applications built with NSS can support SSL v2 and v3, TLS, +PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other +security standards.") + (license license:mpl2.0))) diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm index e0190d2c0e..b84a417ff5 100644 --- a/gnu/packages/openldap.scm +++ b/gnu/packages/openldap.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2019 Ludovic Courtès ;;; Copyright © 2013 Andreas Enge ;;; Copyright © 2016 Leo Famulari ;;; Copyright © 2017, 2018, 2019 Ricardo Wurmus @@ -29,13 +29,13 @@ #:use-module (gnu packages documentation) #:use-module (gnu packages gettext) #:use-module (gnu packages gnupg) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages groff) #:use-module (gnu packages icu4c) #:use-module (gnu packages kerberos) #:use-module (gnu packages libevent) #:use-module (gnu packages linux) #:use-module (gnu packages networking) + #:use-module (gnu packages nss) #:use-module (gnu packages password-utils) #:use-module (gnu packages pcre) #:use-module (gnu packages perl) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 274a4785fb..ad0b8f06f8 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -50,7 +50,6 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gnupg) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages graphviz) #:use-module (gnu packages gtk) #:use-module (gnu packages guile) @@ -59,6 +58,7 @@ #:use-module (gnu packages lisp) #:use-module (gnu packages man) #:use-module (gnu packages nettle) + #:use-module (gnu packages nss) #:use-module (gnu packages patchutils) #:use-module (gnu packages perl) #:use-module (gnu packages perl-check) diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index ad89cee5a8..5c11d8c437 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -58,7 +58,6 @@ #:use-module (gnu packages gettext) #:use-module (gnu packages glib) #:use-module (gnu packages gnupg) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gtk) #:use-module (gnu packages guile) #:use-module (gnu packages kerberos) @@ -67,6 +66,7 @@ #:use-module (gnu packages man) #:use-module (gnu packages multiprecision) #:use-module (gnu packages ncurses) + #:use-module (gnu packages nss) #:use-module (gnu packages opencl) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) diff --git a/gnu/packages/polkit.scm b/gnu/packages/polkit.scm index ba74a5c905..ccb8ebf8f8 100644 --- a/gnu/packages/polkit.scm +++ b/gnu/packages/polkit.scm @@ -34,6 +34,7 @@ #:use-module (gnu packages gtk) #:use-module (gnu packages gnuzilla) #:use-module (gnu packages linux) + #:use-module (gnu packages nss) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) #:use-module (gnu packages qt) diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm index 5b463f510f..afc4d8dc06 100644 --- a/gnu/packages/qt.scm +++ b/gnu/packages/qt.scm @@ -48,7 +48,6 @@ #:use-module (gnu packages freedesktop) #:use-module (gnu packages gl) #:use-module (gnu packages glib) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gperf) #:use-module (gnu packages gstreamer) #:use-module (gnu packages gtk) @@ -56,6 +55,7 @@ #:use-module (gnu packages image) #:use-module (gnu packages linux) #:use-module (gnu packages maths) + #:use-module (gnu packages nss) #:use-module (gnu packages pciutils) #:use-module (gnu packages pcre) #:use-module (gnu packages perl) diff --git a/gnu/packages/sssd.scm b/gnu/packages/sssd.scm index 75ce7c854b..6d6caab0ad 100644 --- a/gnu/packages/sssd.scm +++ b/gnu/packages/sssd.scm @@ -35,10 +35,10 @@ #:use-module (gnu packages docbook) #:use-module (gnu packages documentation) #:use-module (gnu packages glib) - #:use-module (gnu packages gnuzilla) + #:use-module (gnu packages kerberos) #:use-module (gnu packages libunistring) #:use-module (gnu packages linux) - #:use-module (gnu packages kerberos) + #:use-module (gnu packages nss) #:use-module (gnu packages openldap) #:use-module (gnu packages tls) #:use-module (gnu packages pcre) diff --git a/gnu/packages/storage.scm b/gnu/packages/storage.scm index bd15fcc26c..9e7cd10918 100644 --- a/gnu/packages/storage.scm +++ b/gnu/packages/storage.scm @@ -37,11 +37,11 @@ #:use-module (gnu packages databases) #:use-module (gnu packages disk) #:use-module (gnu packages gcc) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gperf) #:use-module (gnu packages jemalloc) #:use-module (gnu packages linux) #:use-module (gnu packages lua) + #:use-module (gnu packages nss) #:use-module (gnu packages openldap) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm index 6155c008fa..99edf3df01 100644 --- a/gnu/packages/vpn.scm +++ b/gnu/packages/vpn.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Andreas Enge -;;; Copyright © 2013, 2016, 2018 Ludovic Courtès +;;; Copyright © 2013, 2016, 2018, 2019 Ludovic Courtès ;;; Copyright © 2014 Eric Bavier ;;; Copyright © 2015 Jeff Mickey ;;; Copyright © 2016, 2017 Efraim Flashner @@ -42,9 +42,9 @@ #:use-module (gnu packages compression) #:use-module (gnu packages gettext) #:use-module (gnu packages gnupg) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages libevent) #:use-module (gnu packages linux) + #:use-module (gnu packages nss) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index e23537847f..e84b42358c 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2015 Andreas Enge ;;; Copyright © 2013 Aljosha Papsch -;;; Copyright © 2014, 2015, 2016, 2017, 2018 Ludovic Courtès +;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès ;;; Copyright © 2014, 2015, 2016 Mark H Weaver ;;; Copyright © 2015, 2016, 2017, 2018, 2019 Ricardo Wurmus ;;; Copyright © 2018 Raoul Jean Pierre Bonnal @@ -85,7 +85,6 @@ #:use-module (gnu packages gnome) #:use-module (gnu packages gnu-doc) #:use-module (gnu packages gnupg) - #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gperf) #:use-module (gnu packages gtk) #:use-module (gnu packages guile) @@ -102,6 +101,7 @@ #:use-module (gnu packages lua) #:use-module (gnu packages markup) #:use-module (gnu packages ncurses) + #:use-module (gnu packages nss) #:use-module (gnu packages openstack) #:use-module (gnu packages base) #:use-module (gnu packages package-management) diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 874be97bd1..f739f207e7 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -44,7 +44,7 @@ #:use-module (gnu packages curl) #:use-module (gnu packages gnupg) #:use-module (gnu packages java) - #:use-module (gnu packages gnuzilla) + #:use-module (gnu packages nss) #:use-module (gnu packages perl) #:use-module (gnu packages perl-check) #:use-module (gnu packages python) -- cgit v1.2.3 From 9859800f5df8827ad7dba6acf32888fa5dc41442 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 5 Apr 2019 05:48:19 +0200 Subject: gnu: ledger: Update to 3.1.3. The patch applies but has been unnecessary since 3.1.2. * gnu/packages/finance.scm (ledger): Update to 3.1.3. [source]: Remove obsolete patch. * gnu/packages/patches/ledger-fix-uninitialized.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/finance.scm | 7 +++--- .../patches/ledger-fix-uninitialized.patch | 27 ---------------------- 3 files changed, 3 insertions(+), 32 deletions(-) delete mode 100644 gnu/packages/patches/ledger-fix-uninitialized.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index f9fd5d8fbc..31e07deef4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -957,7 +957,6 @@ dist_patch_DATA = \ %D%/packages/patches/laby-make-install.patch \ %D%/packages/patches/ldc-bootstrap-disable-tests.patch \ %D%/packages/patches/ldc-disable-phobos-tests.patch \ - %D%/packages/patches/ledger-fix-uninitialized.patch \ %D%/packages/patches/liba52-enable-pic.patch \ %D%/packages/patches/liba52-link-with-libm.patch \ %D%/packages/patches/liba52-set-soname.patch \ diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm index 3fe0f92849..575569d3aa 100644 --- a/gnu/packages/finance.scm +++ b/gnu/packages/finance.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2017 Carlo Zancanaro ;;; Copyright © 2017 Theodoros Foradis ;;; Copyright © 2017 Vasile Dumitrascu -;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice +;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2018 Eric Bavier ;;; Copyright © 2018 Adriano Peluso ;;; Copyright © 2018, 2019 Nicolas Goaziou @@ -139,7 +139,7 @@ line client and a client based on Qt.") (define-public ledger (package (name "ledger") - (version "3.1.2") + (version "3.1.3") (source (origin (method git-fetch) @@ -148,8 +148,7 @@ line client and a client based on Qt.") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "0hwnipj2m9p95hhyv6kyq54m27g14r58gnsy2my883kxhpcyb2vc")) - (patches (search-patches "ledger-fix-uninitialized.patch")))) + (base32 "0bfnrqrd6wqgsngfpqi30xh6yy86pwl25iwzrqy44q31r0zl4mm3")))) (build-system cmake-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/ledger-fix-uninitialized.patch b/gnu/packages/patches/ledger-fix-uninitialized.patch deleted file mode 100644 index 128c90ec13..0000000000 --- a/gnu/packages/patches/ledger-fix-uninitialized.patch +++ /dev/null @@ -1,27 +0,0 @@ -This fixes failures of tests "BaseLine_opt-datetime-format" and -"BaseLine_opt-time-report", which were printing an unexpected trailing '*' on -the last line of output, e.g.: - - @@ -5,4 +5,4 @@ - 04/05/13 12:00 PM 04/05/13 01:30 PM 1.50h Lunch - 04/05/13 11:30 AM 04/05/13 12:00 PM 30.0m Walk - -------------------------------------------------- - - - + * - -Reported upstream at -https://groups.google.com/d/msg/ledger-cli/EeJUrUk8YDc/pIR-LOTVEAAJ - -diff --git a/src/account.h b/src/account.h -index 1b97463d..f2555593 100644 ---- a/src/account.h -+++ b/src/account.h -@@ -187,7 +187,7 @@ public: - - datetime_t earliest_checkin; - datetime_t latest_checkout; -- bool latest_checkout_cleared; -+ bool latest_checkout_cleared = false; - - std::set filenames; - std::set accounts_referenced; -- cgit v1.2.3 From 2beca2a55c76ed56bcc6b718bd807126e904dee1 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 4 Apr 2019 22:15:04 +0300 Subject: gnu: flac: Fix CVE-2017-6888. * gnu/packages/xiph.scm (flac)[replacement]: New field. (flac/fixed): New variable. * gnu/packages/patches/flac-CVE-2017-6888.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/patches/flac-CVE-2017-6888.patch | 29 +++++++++++++++++++++++++++ gnu/packages/xiph.scm | 11 +++++++++- 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/flac-CVE-2017-6888.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 31e07deef4..cafea31e2f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -777,6 +777,7 @@ dist_patch_DATA = \ %D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-makedev.patch \ %D%/packages/patches/findutils-test-xargs.patch \ + %D%/packages/patches/flac-CVE-2017-6888.patch \ %D%/packages/patches/flann-cmake-3.11.patch \ %D%/packages/patches/flint-ldconfig.patch \ %D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \ diff --git a/gnu/packages/patches/flac-CVE-2017-6888.patch b/gnu/packages/patches/flac-CVE-2017-6888.patch new file mode 100644 index 0000000000..d2583201b4 --- /dev/null +++ b/gnu/packages/patches/flac-CVE-2017-6888.patch @@ -0,0 +1,29 @@ +https://git.xiph.org/?p=flac.git;a=patch;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67 + +From 4f47b63e9c971e6391590caf00a0f2a5ed612e67 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Sat, 8 Apr 2017 18:34:49 +1000 +Subject: [PATCH] stream_decoder.c: Fix a memory leak + +Leak reported by Secunia Research. +--- + src/libFLAC/stream_decoder.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c +index 14d5fe7f..a5527511 100644 +--- a/src/libFLAC/stream_decoder.c ++++ b/src/libFLAC/stream_decoder.c +@@ -1753,6 +1753,9 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre + } + memset (obj->comments[i].entry, 0, obj->comments[i].length) ; + if (!FLAC__bitreader_read_byte_block_aligned_no_crc(decoder->private_->input, obj->comments[i].entry, obj->comments[i].length)) { ++ /* Current i-th entry is bad, so we delete it. */ ++ free (obj->comments[i].entry) ; ++ obj->comments[i].entry = NULL ; + obj->num_comments = i; + goto skip; + } +-- +2.11.0 + diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm index 43b0d2723a..49d23bf6d5 100644 --- a/gnu/packages/xiph.scm +++ b/gnu/packages/xiph.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2014 Sree Harsha Totakura ;;; Copyright © 2014 Mark H Weaver ;;; Copyright © 2015 Paul van der Walt -;;; Copyright © 2015, 2016, 2017 Efraim Flashner +;;; Copyright © 2015, 2016, 2017, 2019 Efraim Flashner ;;; Copyright © 2017, 2018 Marius Bakke ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018 Leo Famulari @@ -235,6 +235,7 @@ It currently supports: (define flac (package (name "flac") + (replacement flac/fixed) (version "1.3.2") (source (origin (method url-fetch) @@ -256,6 +257,14 @@ meaning that audio is compressed in FLAC without any loss in quality.") "See COPYING in the distribution.")) ; and LGPL and GPL (home-page "https://xiph.org/flac/"))) +(define flac/fixed + (package + (inherit flac) + (source + (origin + (inherit (package-source flac)) + (patches (search-patches "flac-CVE-2017-6888.patch")))))) + (define libkate (package (name "libkate") -- cgit v1.2.3 From f63861b5a61b2a9d2c17dbf88b24b5e8f0c5c111 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 2 Apr 2019 22:33:22 +0200 Subject: gnu: Add localed, extracted from systemd. * gnu/packages/freedesktop.scm (localed): New variable. * gnu/packages/patches/localed-xorg-keyboard.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/freedesktop.scm | 146 ++++++++++ gnu/packages/patches/localed-xorg-keyboard.patch | 322 +++++++++++++++++++++++ 3 files changed, 469 insertions(+) create mode 100644 gnu/packages/patches/localed-xorg-keyboard.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index cafea31e2f..54882b3571 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -937,6 +937,7 @@ dist_patch_DATA = \ %D%/packages/patches/kdbusaddons-kinit-file-name.patch \ %D%/packages/patches/khmer-use-libraries.patch \ %D%/packages/patches/libziparchive-add-includes.patch \ + %D%/packages/patches/localed-xorg-keyboard.patch \ %D%/packages/patches/kiki-level-selection-crash.patch \ %D%/packages/patches/kiki-makefile.patch \ %D%/packages/patches/kiki-missing-includes.patch \ diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm index 46971e03cb..e3cf88b2f8 100644 --- a/gnu/packages/freedesktop.scm +++ b/gnu/packages/freedesktop.scm @@ -307,6 +307,152 @@ the org.freedesktop.login1 interface over the system bus, allowing other parts of a the system to know what users are logged in, and where.") (license license:lgpl2.1+))) +(define-public localed + ;; XXX: This package is extracted from systemd but we retain so little of it + ;; that it would make more sense to maintain a fork of the bits we need. + (package + (name "localed") + (version "241") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/systemd/systemd") + (commit (string-append "v" version)))) + (sha256 + (base32 + "0sy91flzbhpq58k7v0294pa2gxpr0bk27rcnxlbhk2fi6nc51d28")) + (file-name (git-file-name name version)) + (modules '((guix build utils))) + (snippet + '(begin + ;; Connect to the right location for our D-Bus daemon. + (substitute* '("src/basic/def.h" + "src/libsystemd/sd-bus/sd-bus.c" + "src/stdio-bridge/stdio-bridge.c") + (("/run/dbus/system_bus_socket") + "/var/run/dbus/system_bus_socket")) + + ;; Don't insist on having systemd as PID 1 (otherwise + ;; 'localectl' would exit without doing anything.) + (substitute* "src/shared/bus-util.c" + (("sd_booted\\(\\)") + "(1)")) + #t)) + (patches (search-patches "localed-xorg-keyboard.patch")))) + (build-system meson-build-system) + (arguments + ;; Try to build as little as possible (list of components taken from the + ;; top-level 'meson.build' file.) + (let ((components '("utmp" + "hibernate" + "environment-d" + "binfmt" + "coredump" + "resolve" + "logind" + "hostnamed" + "localed" + "machined" + "portabled" + "networkd" + "timedated" + "timesyncd" + "firstboot" + "randomseed" + "backlight" + "vconsole" + "quotacheck" + "sysusers" + "tmpfiles" + "hwdb" + "rfkill" + "ldconfig" + "efi" + "tpm" + "ima" + "smack" + "gshadow" + "idn" + "nss-myhostname" + "nss-systemd"))) + `(#:configure-flags ',(map (lambda (component) + (string-append "-D" component "=false")) + (delete "localed" components)) + + ;; It doesn't make sense to test all of systemd. + #:tests? #f + + #:phases (modify-phases %standard-phases + (add-after 'unpack 'set-xkeyboard-config-file-name + (lambda* (#:key inputs #:allow-other-keys) + ;; Set the file name to xkeyboard-config and kbd. + ;; This is used by 'localectl list-x11-keymap-layouts' + ;; and similar functions. + (let ((xkb (assoc-ref inputs "xkeyboard-config")) + (kbd (assoc-ref inputs "kbd"))) + (substitute* "src/locale/localectl.c" + (("/usr/share/X11/xkb/rules") + (string-append xkb "/share/X11/xkb/rules"))) + (substitute* "src/basic/def.h" + (("/usr/share/keymaps") + (string-append kbd "/share/keymaps"))) + #t))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + ;; Install 'localed', the D-Bus and polkit files, and + ;; 'localectl'. + (let* ((out (assoc-ref outputs "out")) + (libexec (string-append out "/libexec/localed")) + (bin (string-append out "/bin")) + (lib (string-append out "/lib")) + (dbus (string-append out + "/share/dbus-1/system-services")) + (conf (string-append out + "/etc/dbus-1/system.d/")) + (polkit (string-append out + "/share/polkit-1/actions")) + (data (string-append out "/share/systemd"))) + (define (source-file regexp) + (car (find-files ".." regexp))) + + (mkdir-p libexec) + (copy-file "systemd-localed" + (string-append libexec "/localed")) + (install-file "localectl" bin) + + (let ((service-file (source-file + "\\.locale1\\.service$"))) + (substitute* service-file + (("^Exec=.*$") + (string-append "Exec=" libexec "/localed\n"))) + (install-file service-file dbus)) + (install-file (source-file "\\.locale1\\.policy$") + polkit) + (install-file (source-file "\\.locale1\\.conf$") + conf) + (for-each (lambda (file) + (install-file file lib)) + (find-files "src/shared" + "libsystemd-shared.*\\.so")) + + (for-each (lambda (map) + (install-file map data)) + (find-files ".." "^(kbd-model-map|language-fallback-map)$")) + #t))))))) + (native-inputs (package-native-inputs elogind)) + (inputs `(("libmount" ,util-linux) + ("xkeyboard-config" ,xkeyboard-config) + ("kbd" ,kbd) + ,@(package-inputs elogind))) + (home-page "https://www.freedesktop.org/wiki/Software/systemd/localed/") + (synopsis "Control the system locale and keyboard layout") + (description + "Localed is a tiny daemon that can be used to control the system locale +and keyboard mapping from user programs. It is used among other things by the +GNOME Shell. The @command{localectl} command-line tool allows you to interact +with localed. This package is extracted from the broader systemd package.") + (license license:lgpl2.1+))) + (define-public packagekit (package (name "packagekit") diff --git a/gnu/packages/patches/localed-xorg-keyboard.patch b/gnu/packages/patches/localed-xorg-keyboard.patch new file mode 100644 index 0000000000..9a9071ba0a --- /dev/null +++ b/gnu/packages/patches/localed-xorg-keyboard.patch @@ -0,0 +1,322 @@ +Normally localed would do an approximate parsing of the Xorg config file +to determine the XKB keyboard layout. This doesn't make sense on Guix +where there's no such file in /etc, and where the keyboard layout is +known statically at configuration time. + +This patch removes the XOrg configuration parsing and expects to read the +configuration from environment variables instead. It also removes the +stateful bits that would write configuration to /etc/vconsole.conf +and /etc/X11, which are unused in Guix anyway. + +Patch by Ludovic Courtès . + +diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c +index 6b6b32a591..46aab472b0 100644 +--- a/src/locale/keymap-util.c ++++ b/src/locale/keymap-util.c +@@ -174,32 +174,16 @@ int vconsole_read_data(Context *c, sd_bus_message *m) { + c->vc_cache = sd_bus_message_ref(m); + } + +- if (stat("/etc/vconsole.conf", &st) < 0) { +- if (errno != ENOENT) +- return -errno; +- +- c->vc_mtime = USEC_INFINITY; +- context_free_vconsole(c); +- return 0; +- } +- +- /* If mtime is not changed, then we do not need to re-read */ +- t = timespec_load(&st.st_mtim); +- if (c->vc_mtime != USEC_INFINITY && t == c->vc_mtime) +- return 0; +- +- c->vc_mtime = t; ++ c->vc_mtime = USEC_INFINITY; + context_free_vconsole(c); +- +- r = parse_env_file(NULL, "/etc/vconsole.conf", +- "KEYMAP", &c->vc_keymap, +- "KEYMAP_TOGGLE", &c->vc_keymap_toggle); +- if (r < 0) +- return r; +- + return 0; + } + ++static char *getenv_strdup(const char *variable) { ++ const char *value = getenv(variable); ++ return value == NULL ? NULL : strdup(value); ++} ++ + int x11_read_data(Context *c, sd_bus_message *m) { + _cleanup_fclose_ FILE *f = NULL; + bool in_section = false; +@@ -216,258 +200,27 @@ int x11_read_data(Context *c, sd_bus_message *m) { + c->x11_cache = sd_bus_message_ref(m); + } + +- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) < 0) { +- if (errno != ENOENT) +- return -errno; +- +- c->x11_mtime = USEC_INFINITY; +- context_free_x11(c); +- return 0; +- } +- +- /* If mtime is not changed, then we do not need to re-read */ +- t = timespec_load(&st.st_mtim); +- if (c->x11_mtime != USEC_INFINITY && t == c->x11_mtime) +- return 0; +- +- c->x11_mtime = t; ++ c->x11_mtime = 0; + context_free_x11(c); + +- f = fopen("/etc/X11/xorg.conf.d/00-keyboard.conf", "re"); +- if (!f) +- return -errno; +- +- for (;;) { +- _cleanup_free_ char *line = NULL; +- char *l; +- +- r = read_line(f, LONG_LINE_MAX, &line); +- if (r < 0) +- return r; +- if (r == 0) +- break; +- +- l = strstrip(line); +- if (IN_SET(l[0], 0, '#')) +- continue; +- +- if (in_section && first_word(l, "Option")) { +- _cleanup_strv_free_ char **a = NULL; +- +- r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES); +- if (r < 0) +- return r; +- +- if (strv_length(a) == 3) { +- char **p = NULL; +- +- if (streq(a[1], "XkbLayout")) +- p = &c->x11_layout; +- else if (streq(a[1], "XkbModel")) +- p = &c->x11_model; +- else if (streq(a[1], "XkbVariant")) +- p = &c->x11_variant; +- else if (streq(a[1], "XkbOptions")) +- p = &c->x11_options; +- +- if (p) { +- free_and_replace(*p, a[2]); +- } +- } +- +- } else if (!in_section && first_word(l, "Section")) { +- _cleanup_strv_free_ char **a = NULL; +- +- r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES); +- if (r < 0) +- return -ENOMEM; +- +- if (strv_length(a) == 2 && streq(a[1], "InputClass")) +- in_section = true; +- +- } else if (in_section && first_word(l, "EndSection")) +- in_section = false; +- } ++ c->x11_layout = getenv_strdup("GUIX_XKB_LAYOUT"); ++ c->x11_model = getenv_strdup("GUIX_XKB_MODEL"); ++ c->x11_variant = getenv_strdup("GUIX_XKB_VARIANT"); ++ c->x11_options = getenv_strdup("GUIX_XKB_OPTIONS"); + + return 0; + } + + int locale_write_data(Context *c, char ***settings) { +- _cleanup_strv_free_ char **l = NULL; +- struct stat st; +- int r, p; +- +- /* Set values will be returned as strv in *settings on success. */ +- +- for (p = 0; p < _VARIABLE_LC_MAX; p++) { +- _cleanup_free_ char *t = NULL; +- char **u; +- const char *name; +- +- name = locale_variable_to_string(p); +- assert(name); +- +- if (isempty(c->locale[p])) +- continue; +- +- if (asprintf(&t, "%s=%s", name, c->locale[p]) < 0) +- return -ENOMEM; +- +- u = strv_env_set(l, t); +- if (!u) +- return -ENOMEM; +- +- strv_free_and_replace(l, u); +- } +- +- if (strv_isempty(l)) { +- if (unlink("/etc/locale.conf") < 0) +- return errno == ENOENT ? 0 : -errno; +- +- c->locale_mtime = USEC_INFINITY; +- return 0; +- } +- +- r = write_env_file_label("/etc/locale.conf", l); +- if (r < 0) +- return r; +- +- *settings = TAKE_PTR(l); +- +- if (stat("/etc/locale.conf", &st) >= 0) +- c->locale_mtime = timespec_load(&st.st_mtim); +- +- return 0; ++ return -ENOSYS; + } + + int vconsole_write_data(Context *c) { +- _cleanup_strv_free_ char **l = NULL; +- struct stat st; +- int r; +- +- r = load_env_file(NULL, "/etc/vconsole.conf", &l); +- if (r < 0 && r != -ENOENT) +- return r; +- +- if (isempty(c->vc_keymap)) +- l = strv_env_unset(l, "KEYMAP"); +- else { +- _cleanup_free_ char *s = NULL; +- char **u; +- +- s = strappend("KEYMAP=", c->vc_keymap); +- if (!s) +- return -ENOMEM; +- +- u = strv_env_set(l, s); +- if (!u) +- return -ENOMEM; +- +- strv_free_and_replace(l, u); +- } +- +- if (isempty(c->vc_keymap_toggle)) +- l = strv_env_unset(l, "KEYMAP_TOGGLE"); +- else { +- _cleanup_free_ char *s = NULL; +- char **u; +- +- s = strappend("KEYMAP_TOGGLE=", c->vc_keymap_toggle); +- if (!s) +- return -ENOMEM; +- +- u = strv_env_set(l, s); +- if (!u) +- return -ENOMEM; +- +- strv_free_and_replace(l, u); +- } +- +- if (strv_isempty(l)) { +- if (unlink("/etc/vconsole.conf") < 0) +- return errno == ENOENT ? 0 : -errno; +- +- c->vc_mtime = USEC_INFINITY; +- return 0; +- } +- +- r = write_env_file_label("/etc/vconsole.conf", l); +- if (r < 0) +- return r; +- +- if (stat("/etc/vconsole.conf", &st) >= 0) +- c->vc_mtime = timespec_load(&st.st_mtim); +- +- return 0; ++ return -ENOSYS; + } + + int x11_write_data(Context *c) { +- _cleanup_fclose_ FILE *f = NULL; +- _cleanup_free_ char *temp_path = NULL; +- struct stat st; +- int r; +- +- if (isempty(c->x11_layout) && +- isempty(c->x11_model) && +- isempty(c->x11_variant) && +- isempty(c->x11_options)) { +- +- if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) +- return errno == ENOENT ? 0 : -errno; +- +- c->vc_mtime = USEC_INFINITY; +- return 0; +- } +- +- mkdir_p_label("/etc/X11/xorg.conf.d", 0755); +- +- r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path); +- if (r < 0) +- return r; +- +- (void) __fsetlocking(f, FSETLOCKING_BYCALLER); +- (void) fchmod(fileno(f), 0644); +- +- fputs("# Written by systemd-localed(8), read by systemd-localed and Xorg. It's\n" +- "# probably wise not to edit this file manually. Use localectl(1) to\n" +- "# instruct systemd-localed to update it.\n" +- "Section \"InputClass\"\n" +- " Identifier \"system-keyboard\"\n" +- " MatchIsKeyboard \"on\"\n", f); +- +- if (!isempty(c->x11_layout)) +- fprintf(f, " Option \"XkbLayout\" \"%s\"\n", c->x11_layout); +- +- if (!isempty(c->x11_model)) +- fprintf(f, " Option \"XkbModel\" \"%s\"\n", c->x11_model); +- +- if (!isempty(c->x11_variant)) +- fprintf(f, " Option \"XkbVariant\" \"%s\"\n", c->x11_variant); +- +- if (!isempty(c->x11_options)) +- fprintf(f, " Option \"XkbOptions\" \"%s\"\n", c->x11_options); +- +- fputs("EndSection\n", f); +- +- r = fflush_sync_and_check(f); +- if (r < 0) +- goto fail; +- +- if (rename(temp_path, "/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) { +- r = -errno; +- goto fail; +- } +- +- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) >= 0) +- c->x11_mtime = timespec_load(&st.st_mtim); +- +- return 0; +- +-fail: +- if (temp_path) +- (void) unlink(temp_path); +- +- return r; ++ return -ENOSYS; + } + + static int read_next_mapping(const char* filename, -- cgit v1.2.3 From 3dbd240937a7fb4322db21bc1bf6189a1a512223 Mon Sep 17 00:00:00 2001 From: Brian Leung Date: Thu, 28 Mar 2019 05:30:06 +0100 Subject: gnu: Add emacs-undohist-el. * gnu/packages/patches/emacs-undohist-ignored.patch: New file. * gnu/local.mk (dist_patch_DATA): Add this. * gnu/packages/emacs-xyz.scm (emacs-undohist-el): New variable. Signed-off-by: Oleg Pykhalov --- gnu/local.mk | 1 + gnu/packages/emacs-xyz.scm | 23 +++++++++++++++++++ gnu/packages/patches/emacs-undohist-ignored.patch | 27 +++++++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 gnu/packages/patches/emacs-undohist-ignored.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 54882b3571..cec746bcb1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -751,6 +751,7 @@ dist_patch_DATA = \ %D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch \ %D%/packages/patches/emacs-source-date-epoch.patch \ %D%/packages/patches/emacs-realgud-fix-configure-ac.patch \ + %D%/packages/patches/emacs-undohist-ignored.patch \ %D%/packages/patches/emacs-wordnut-require-adaptive-wrap.patch \ %D%/packages/patches/emacs-zones-called-interactively.patch \ %D%/packages/patches/enlightenment-fix-setuid-path.patch \ diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm index 17cbbf4166..6de4fc4d20 100644 --- a/gnu/packages/emacs-xyz.scm +++ b/gnu/packages/emacs-xyz.scm @@ -4535,6 +4535,29 @@ Emacs default configuration in uncontroversial ways that nearly everyone can agree upon.") (license license:gpl3+))) +(define-public emacs-undohist-el + (let ((commit "d2239a5f736724ceb9e3b6bcaa86f4064805cda0") + (revision "1")) + (package + (name "emacs-undohist-el") + (version (git-version "0" revision commit)) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/m2ym/undohist-el") + (commit commit))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1c0daw246ky7b1x5b8h55x79pl1pjqk1k348l487bdd8zdj4w9wx")))) + (build-system emacs-build-system) + (home-page "https://github.com/m2ym/undohist-el") + (synopsis "Save undo history between sessions") + (description "This package allows persistent use of undo history for +individual file buffers.") + (license license:gpl3+)))) + (define-public emacs-eprime (let ((commit "17a481af26496be91c07139a9bfc05cfe722506f")) (package diff --git a/gnu/packages/patches/emacs-undohist-ignored.patch b/gnu/packages/patches/emacs-undohist-ignored.patch new file mode 100644 index 0000000000..c1ad827a26 --- /dev/null +++ b/gnu/packages/patches/emacs-undohist-ignored.patch @@ -0,0 +1,27 @@ +From 52bfd419bf9022726048f818d955b8ea10a16d5c Mon Sep 17 00:00:00 2001 +From: Patrick Mosby +Date: Mon, 7 Sep 2015 09:05:56 +0200 +Subject: [PATCH] Don't save undo file for ignored files. + +This fixes #4. +--- + undohist.el | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/undohist.el b/undohist.el +index b184a26..de60356 100644 +--- a/undohist.el ++++ b/undohist.el +@@ -164,7 +164,8 @@ To use undohist, you just call this function." + undohist-ignored-files))) + + (defun undohist-save-1 () +- (when (consp buffer-undo-list) ++ (when (and (consp buffer-undo-list) ++ (undohist-recover-file-p (buffer-file-name (current-buffer)))) + (let ((file (make-undohist-file-name (buffer-file-name))) + (contents `((digest . ,(md5 (current-buffer))) + (undo-list . ,(undohist-encode buffer-undo-list))))) +-- +2.21.0 + -- cgit v1.2.3 From 8a3bb34c5e9aa4bc2042da8541e6cb74de7066f7 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 7 Apr 2019 21:10:26 +0300 Subject: gnu: lcms: Fix CVE-2018-16435. * gnu/packages/ghostscript.scm (lcms)[replacement]: New field. (lcms/fixed): New variable. * gnu/packages/patches/lcms-CVE-2018-16435.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/ghostscript.scm | 11 +- gnu/packages/patches/lcms-CVE-2018-16435.patch | 171 +++++++++++++++++++++++++ 3 files changed, 182 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/lcms-CVE-2018-16435.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index cec746bcb1..bab2a9bbc2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -958,6 +958,7 @@ dist_patch_DATA = \ %D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch \ %D%/packages/patches/kodi-skip-test-449.patch \ %D%/packages/patches/laby-make-install.patch \ + %D%/packages/patches/lcms-CVE-2018-16435.patch \ %D%/packages/patches/ldc-bootstrap-disable-tests.patch \ %D%/packages/patches/ldc-disable-phobos-tests.patch \ %D%/packages/patches/liba52-enable-pic.patch \ diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index d8c0050513..53a9b60fdb 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2015 Ricardo Wurmus ;;; Copyright © 2013, 2015, 2016, 2017 Ludovic Courtès ;;; Copyright © 2017 Alex Vong -;;; Copyright © 2017, 2018 Efraim Flashner +;;; Copyright © 2017, 2018, 2019 Efraim Flashner ;;; Copyright © 2017 Leo Famulari ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018 Marius Bakke @@ -47,6 +47,7 @@ (define-public lcms (package (name "lcms") + (replacement lcms/fixed) (version "2.9") (source (origin (method url-fetch) @@ -67,6 +68,14 @@ Consortium standard (ICC), approved as ISO 15076-1.") (home-page "http://www.littlecms.com/") (properties '((cpe-name . "little_cms_color_engine"))))) +(define lcms/fixed + (package + (inherit lcms) + (source + (origin + (inherit (package-source lcms)) + (patches (search-patches "lcms-CVE-2018-16435.patch")))))) + (define-public libpaper (package (name "libpaper") diff --git a/gnu/packages/patches/lcms-CVE-2018-16435.patch b/gnu/packages/patches/lcms-CVE-2018-16435.patch new file mode 100644 index 0000000000..60228e73af --- /dev/null +++ b/gnu/packages/patches/lcms-CVE-2018-16435.patch @@ -0,0 +1,171 @@ +https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8.patch + +From 768f70ca405cd3159d990e962d54456773bb8cf8 Mon Sep 17 00:00:00 2001 +From: Marti Maria +Date: Wed, 15 Aug 2018 20:07:56 +0200 +Subject: [PATCH] Upgrade Visual studio 2017 15.8 + +- Upgrade to 15.8 +- Add check on CGATS memory allocation (thanks to Quang Nguyen for +pointing out this) +--- + Projects/VC2017/jpegicc/jpegicc.vcxproj | 1 + + Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj | 2 +- + Projects/VC2017/lcms2_static/lcms2_static.vcxproj | 2 +- + Projects/VC2017/linkicc/linkicc.vcxproj | 2 +- + Projects/VC2017/psicc/psicc.vcxproj | 2 +- + Projects/VC2017/testbed/testbed.vcxproj | 2 +- + Projects/VC2017/tiffdiff/tiffdiff.vcxproj | 2 +- + Projects/VC2017/tifficc/tifficc.vcxproj | 2 +- + Projects/VC2017/transicc/transicc.vcxproj | 1 + + src/cmscgats.c | 14 ++++++++++---- + 10 files changed, 19 insertions(+), 11 deletions(-) + +diff --git a/Projects/VC2017/jpegicc/jpegicc.vcxproj b/Projects/VC2017/jpegicc/jpegicc.vcxproj +index ab26a53..39cfd00 100644 +--- a/Projects/VC2017/jpegicc/jpegicc.vcxproj ++++ b/Projects/VC2017/jpegicc/jpegicc.vcxproj +@@ -22,6 +22,7 @@ + {62812507-F926-4968-96A9-17678460AD90} + jpegicc + Win32Proj ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj b/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj +index 4c8aa3f..d1bf3eb 100644 +--- a/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj ++++ b/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj +@@ -22,7 +22,7 @@ + {8C51BE48-ADB8-4089-A9EC-F6BF993A0548} + lcms2_DLL + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/lcms2_static/lcms2_static.vcxproj b/Projects/VC2017/lcms2_static/lcms2_static.vcxproj +index 2a9988a..9fc05ce 100644 +--- a/Projects/VC2017/lcms2_static/lcms2_static.vcxproj ++++ b/Projects/VC2017/lcms2_static/lcms2_static.vcxproj +@@ -22,7 +22,7 @@ + {71DEDE59-3F1E-486B-A899-4283000F76B5} + lcms2_static + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/linkicc/linkicc.vcxproj b/Projects/VC2017/linkicc/linkicc.vcxproj +index 30c2b4e..51586dd 100644 +--- a/Projects/VC2017/linkicc/linkicc.vcxproj ++++ b/Projects/VC2017/linkicc/linkicc.vcxproj +@@ -22,7 +22,7 @@ + {FBFBE1DC-DB84-4BA1-9552-B4780F457849} + linkicc + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/psicc/psicc.vcxproj b/Projects/VC2017/psicc/psicc.vcxproj +index 9dcf89a..8f26e12 100644 +--- a/Projects/VC2017/psicc/psicc.vcxproj ++++ b/Projects/VC2017/psicc/psicc.vcxproj +@@ -22,7 +22,7 @@ + {EF6A8851-65FE-46F5-B9EF-14F0B671F693} + psicc + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/testbed/testbed.vcxproj b/Projects/VC2017/testbed/testbed.vcxproj +index 0af3762..3f6aea3 100644 +--- a/Projects/VC2017/testbed/testbed.vcxproj ++++ b/Projects/VC2017/testbed/testbed.vcxproj +@@ -22,7 +22,7 @@ + {928A3A2B-46EF-4279-959C-513B3652FF0E} + testbed + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/tiffdiff/tiffdiff.vcxproj b/Projects/VC2017/tiffdiff/tiffdiff.vcxproj +index 7edfe28..3a6d837 100644 +--- a/Projects/VC2017/tiffdiff/tiffdiff.vcxproj ++++ b/Projects/VC2017/tiffdiff/tiffdiff.vcxproj +@@ -22,7 +22,7 @@ + {75B91835-CCD7-48BE-A606-A9C997D5DBEE} + tiffdiff + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/tifficc/tifficc.vcxproj b/Projects/VC2017/tifficc/tifficc.vcxproj +index cd9f04c..5ef954f 100644 +--- a/Projects/VC2017/tifficc/tifficc.vcxproj ++++ b/Projects/VC2017/tifficc/tifficc.vcxproj +@@ -22,7 +22,7 @@ + {2256DE16-ED92-4A6F-9C54-F65BB61E64A2} + tifficc + Win32Proj +- 8.1 ++ 10.0.17134.0 + + + +diff --git a/Projects/VC2017/transicc/transicc.vcxproj b/Projects/VC2017/transicc/transicc.vcxproj +index d9b77c6..b3173d8 100644 +--- a/Projects/VC2017/transicc/transicc.vcxproj ++++ b/Projects/VC2017/transicc/transicc.vcxproj +@@ -22,6 +22,7 @@ + {9EE22D66-C849-474C-9ED5-C3E141DAB160} + transicc + Win32Proj ++ 10.0.17134.0 + + + +diff --git a/src/cmscgats.c b/src/cmscgats.c +index 1a87613..8c3e96d 100644 +--- a/src/cmscgats.c ++++ b/src/cmscgats.c +@@ -1,7 +1,7 @@ + //--------------------------------------------------------------------------------- + // + // Little Color Management System +-// Copyright (c) 1998-2017 Marti Maria Saguer ++// Copyright (c) 1998-2018 Marti Maria Saguer + // + // Permission is hereby granted, free of charge, to any person obtaining + // a copy of this software and associated documentation files (the "Software"), +@@ -1506,10 +1506,16 @@ void AllocateDataSet(cmsIT8* it8) + t-> nSamples = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_FIELDS")); + t-> nPatches = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_SETS")); + +- t-> Data = (char**)AllocChunk (it8, ((cmsUInt32Number) t->nSamples + 1) * ((cmsUInt32Number) t->nPatches + 1) *sizeof (char*)); +- if (t->Data == NULL) { ++ if (t -> nSamples < 0 || t->nSamples > 0x7ffe || t->nPatches < 0 || t->nPatches > 0x7ffe) ++ { ++ SynError(it8, "AllocateDataSet: too much data"); ++ } ++ else { ++ t->Data = (char**)AllocChunk(it8, ((cmsUInt32Number)t->nSamples + 1) * ((cmsUInt32Number)t->nPatches + 1) * sizeof(char*)); ++ if (t->Data == NULL) { + +- SynError(it8, "AllocateDataSet: Unable to allocate data array"); ++ SynError(it8, "AllocateDataSet: Unable to allocate data array"); ++ } + } + + } -- cgit v1.2.3