From eafe96ea9e0e30e4083c001b3908fafd97394554 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Sun, 4 Mar 2018 11:50:16 +0200
Subject: gnu: sfarkxtc: Declare a source file-name.

* gnu/packages/compression.scm (sfarkxtc)[source]: Declare a source
file-name.
---
 gnu/packages/compression.scm | 1 +
 1 file changed, 1 insertion(+)

(limited to 'gnu/packages/compression.scm')

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index f25c4bba3a..88b7af82d8 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -600,6 +600,7 @@ with the sfArk algorithm.")
               (uri (git-reference
                     (url "https://github.com/raboof/sfarkxtc.git")
                     (commit commit)))
+              (file-name (git-file-name name version))
               (sha256
                (base32
                 "0f5x6i46qfl6ry21s7g2p4sd4b2r1g4fb03yqi2vv4kq3saryhvj"))))
-- 
cgit v1.2.3


From 277be74fa713654c51a4cc39b7318a2a3e15f529 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Sun, 4 Mar 2018 11:51:08 +0200
Subject: gnu: unshield: Declare a source file-name.

* gnu/packages/compression.scm (unshield)[source]: Declare a source
file-name.
---
 gnu/packages/compression.scm | 1 +
 1 file changed, 1 insertion(+)

(limited to 'gnu/packages/compression.scm')

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 88b7af82d8..54c5928cb7 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1534,6 +1534,7 @@ or junctions, and always follows hard links.")
      (origin (method url-fetch)
              (uri (string-append "http://github.com/twogood/unshield/archive/"
                                  version ".tar.gz"))
+             (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
                "0x7ps644yp5dka2zhb8w0ifqmw3d255jafpzfwv8xbcpgq6fmm2x"))))
-- 
cgit v1.2.3


From 5a4373572232a017a3579c164d37b981a370fc6f Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 21 Feb 2018 03:14:52 +0100
Subject: gnu: snappy: Update to 1.1.7.

* gnu/packages/compression.scm (snappy): Update to 1.1.7.
[source]: Change to git archive.  Set file-name.
[build-system]: Change to CMAKE-BUILD-SYSTEM.
[arguments]: Add #:configure-flags.
[description]: Fix infractions.
---
 gnu/packages/compression.scm | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

(limited to 'gnu/packages/compression.scm')

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 54c5928cb7..f55f0c2067 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1071,21 +1071,23 @@ algorithm within the Numpy framework.")
 (define-public snappy
   (package
     (name "snappy")
-    (version "1.1.3")
+    (version "1.1.7")
     (source (origin
               (method url-fetch)
-              (uri (string-append
-                    "https://github.com/google/snappy/releases/download/"
-                    version "/" name "-" version ".tar.gz"))
+              (uri (string-append "https://github.com/google/snappy/archive/"
+                                  version ".tar.gz"))
+              (file-name (string-append "snappy-" version ".tar.gz"))
               (sha256
                (base32
-                "1wzf8yif5ym2gj52db6v5m1pxnmn258i38x7llk9x346y2nq47ig"))))
-    (build-system gnu-build-system)
+                "1m7rcdqzkys5lspj8jcsaah8w33zh28s771bw0ga2lgzfgl05yix"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags '("-DBUILD_SHARED_LIBS=ON")))
     (home-page "https://github.com/google/snappy")
     (synopsis "Fast compressor/decompressor")
-    (description "Snappy is a compression/decompression library. It does not
+    (description "Snappy is a compression/decompression library.  It does not
 aim for maximum compression, or compatibility with any other compression library;
-instead, it aims for very high speeds and reasonable compression. For instance,
+instead, it aims for very high speeds and reasonable compression.  For instance,
 compared to the fastest mode of zlib, Snappy is an order of magnitude faster
 for most inputs, but the resulting compressed files are anywhere from 20% to
 100% bigger.")
-- 
cgit v1.2.3


From 8293d21c660a8c210a0fb3fd431e3dc7053f2326 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 21 Feb 2018 04:26:29 +0100
Subject: gnu: java-snappy: Update to 1.1.7.

* gnu/packages/compression.scm (java-snappy): Update to 1.1.7.
[arguments]: Use INVOKE instead of SYSTEM*.  Avoid CMAKE dependency.  Delete
Hadoop test.  Enable fixed test.
[native-inputs]: Add JAVA-COMMONS-LANG and JAVA-COMMONS-IO.
---
 gnu/packages/compression.scm | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

(limited to 'gnu/packages/compression.scm')

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index f55f0c2067..423d3989aa 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1133,7 +1133,7 @@ install: libbitshuffle.so
 (define-public java-snappy
   (package
     (name "java-snappy")
-    (version "1.1.4")
+    (version "1.1.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/xerial/snappy-java/archive/"
@@ -1141,7 +1141,7 @@ install: libbitshuffle.so
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1w58diryma7qz7aa24yv8shf3flxcbbw8jgcn2lih14wgmww58ww"))))
+                "0q4kxz2n97czf6g5gzq0d8yz22cgiaj7wp51rzsswh3bi99bpgg5"))))
     (build-system ant-build-system)
     (arguments
      `(#:jar-name "snappy.jar"
@@ -1181,7 +1181,9 @@ install: libbitshuffle.so
                (("NAME\\): \\$\\(SNAPPY_OBJ\\)")
                 "NAME): $(SNAPPY_OBJ)\n\t@mkdir -p $(@D)"))
              ;; Finally we can run the Makefile to build the dynamic library.
-             (zero? (system* "make" "native"))))
+             ;; Use the -nocmake target to avoid a dependency on cmake,
+             ;; which in turn requires the "git_unpacked" directory.
+             (invoke "make" "native-nocmake")))
          ;; Once we have built the shared library, we need to place it in the
          ;; "build" directory so it can be added to the jar file.
          (add-after 'build-jni 'copy-jni
@@ -1190,13 +1192,14 @@ install: libbitshuffle.so
                                "build/classes/org/xerial/snappy/native")))
          (add-before 'check 'fix-failing
            (lambda _
-             ;; This package assumes maven build, which puts results in "target".
-             ;; We put them in "build" instead, so fix that.
-             (substitute* "src/test/java/org/xerial/snappy/SnappyLoaderTest.java"
-               (("target/classes") "build/classes"))
-             ;; FIXME: probably an error
-             (substitute* "src/test/java/org/xerial/snappy/SnappyOutputStreamTest.java"
-               (("91080") "91013")))))))
+             (with-directory-excursion "src/test/java/org/xerial/snappy"
+               ;; This package assumes maven build, which puts results in "target".
+               ;; We put them in "build" instead, so fix that.
+               (substitute* "SnappyLoaderTest.java"
+                 (("target/classes") "build/classes"))
+               ;; This requires Hadoop, which is not in Guix yet.
+               (delete-file "SnappyHadoopCompatibleOutputStreamTest.java"))
+             #t)))))
     (inputs
      `(("osgi-framework" ,java-osgi-framework)))
     (propagated-inputs
@@ -1207,6 +1210,8 @@ install: libbitshuffle.so
        ("hamcrest" ,java-hamcrest-core)
        ("xerial-core" ,java-xerial-core)
        ("classworlds" ,java-plexus-classworlds)
+       ("commons-lang" ,java-commons-lang)
+       ("commons-io" ,java-commons-io)
        ("perl" ,perl)))
     (home-page "https://github.com/xerial/snappy-java")
     (synopsis "Compression/decompression algorithm in Java")
-- 
cgit v1.2.3


From 9dae73c31cf18779dec656fe2fb7e5eed24a35c6 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Wed, 7 Mar 2018 02:28:28 +0100
Subject: gnu: pigz: Update to 2.4.

* gnu/packages/compression.scm (pigz): Update to 2.4.
---
 gnu/packages/compression.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu/packages/compression.scm')

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 423d3989aa..d77d06a642 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -844,14 +844,14 @@ extract such file systems.")
 (define-public pigz
   (package
     (name "pigz")
-    (version "2.3.3")
+    (version "2.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://zlib.net/pigz/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "172hdf26k4zmm7z8md7nl0dph2a7mhf3x7slb9bhfyff6as6g2sf"))))
+                "0wsgw5vwl23jrnpsvd8v3xcp5k4waw5mk0164fynjhkv58i1dy54"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
-- 
cgit v1.2.3


From 7f1773eaee2f10990c9c4002d383e96deb2b95c3 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Wed, 7 Mar 2018 02:31:05 +0100
Subject: gnu: Use HTTPS for zlib.net home pages.

* gnu/packages/compression.scm (zlib, pigz)[home-page]: Use HTTPS.
---
 gnu/packages/compression.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gnu/packages/compression.scm')

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index d77d06a642..d44ae2d259 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -99,7 +99,7 @@
                (zero?
                 (system* "./configure"
                          (string-append "--prefix=" out)))))))))
-    (home-page "http://zlib.net/")
+    (home-page "https://zlib.net/")
     (synopsis "Compression library")
     (description
      "zlib is designed to be a free, general-purpose, legally unencumbered --
@@ -869,7 +869,7 @@ extract such file systems.")
        #:make-flags (list "CC=gcc")
        #:test-target "tests"))
     (inputs `(("zlib" ,zlib)))
-    (home-page "http://zlib.net/pigz/")
+    (home-page "https://zlib.net/pigz/")
     (synopsis "Parallel implementation of gzip")
     (description
      "This package provides a parallel implementation of gzip that exploits
-- 
cgit v1.2.3


From 5400fdfd5d3c2201ee3ea8ec0d55690c221a91d8 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Mon, 12 Mar 2018 18:08:04 +0100
Subject: gnu: lrzip: Fix CVE-2017-8842.

* gnu/packages/compression.scm (lrzip)[source]: Add patch.
* gnu/packages/patches/lrzip-CVE-2017-8842.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                   |  1 +
 gnu/packages/compression.scm                   |  3 ++-
 gnu/packages/patches/lrzip-CVE-2017-8842.patch | 23 +++++++++++++++++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/lrzip-CVE-2017-8842.patch

(limited to 'gnu/packages/compression.scm')

diff --git a/gnu/local.mk b/gnu/local.mk
index 5c95cdae21..97d5e00c2b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -885,6 +885,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch	\
   %D%/packages/patches/llvm-for-extempore.patch			\
   %D%/packages/patches/lm-sensors-hwmon-attrs.patch		\
+  %D%/packages/patches/lrzip-CVE-2017-8842.patch		\
   %D%/packages/patches/lua-CVE-2014-5461.patch                      \
   %D%/packages/patches/lua-pkgconfig.patch                      \
   %D%/packages/patches/lua51-liblua-so.patch                    \
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index d44ae2d259..86efe2a40e 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1017,7 +1017,8 @@ human-readable output.")
              "http://ck.kolivas.org/apps/lrzip/lrzip-" version ".tar.bz2"))
        (sha256
         (base32
-         "0mb449vmmwpkalq732jdyginvql57nxyd31sszb108yps1lf448d"))))
+         "0mb449vmmwpkalq732jdyginvql57nxyd31sszb108yps1lf448d"))
+       (patches (search-patches "lrzip-CVE-2017-8842.patch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(;; nasm is only required when building for 32-bit x86 platforms
diff --git a/gnu/packages/patches/lrzip-CVE-2017-8842.patch b/gnu/packages/patches/lrzip-CVE-2017-8842.patch
new file mode 100644
index 0000000000..89b4f2f5d9
--- /dev/null
+++ b/gnu/packages/patches/lrzip-CVE-2017-8842.patch
@@ -0,0 +1,23 @@
+From 38386bd482c0a8102a79958cb3eddcb97a167ca3 Mon Sep 17 00:00:00 2001
+From: Con Kolivas <kernel@kolivas.org>
+Date: Fri, 9 Mar 2018 17:39:40 +1100
+Subject: [PATCH] CVE-2017-8842 Fix divide-by-zero in bufRead::get
+
+---
+ libzpaq/libzpaq.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libzpaq/libzpaq.h b/libzpaq/libzpaq.h
+index 93387da..cbe211d 100644
+--- a/libzpaq/libzpaq.h
++++ b/libzpaq/libzpaq.h
+@@ -465,7 +465,8 @@ struct bufRead: public libzpaq::Reader {
+ 
+ 	int get() {
+ 		if (progress && !(*s_len % 128)) {
+-			int pct = (total_len - *s_len) * 100 / total_len;
++			int pct = (total_len > 0) ?
++				(total_len - *s_len) * 100 / total_len : 100;
+ 
+ 			if (pct / 10 != *last_pct / 10) {
+ 				int i;
-- 
cgit v1.2.3