From 52c8d07a4f7033534a71ac7efeec21a65d35c125 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Thu, 25 Mar 2021 11:55:10 +0100 Subject: gnu: mariadb: Fix CVE-2021-27928. * gnu/packages/patches/mariadb-CVE-2021-27928.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/databases.scm (mariadb/fixed): New variable. Apply patch. (mariadb)[replacement]: Graft. --- gnu/packages/patches/mariadb-CVE-2021-27928.patch | 642 ++++++++++++++++++++++ 1 file changed, 642 insertions(+) create mode 100644 gnu/packages/patches/mariadb-CVE-2021-27928.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/mariadb-CVE-2021-27928.patch b/gnu/packages/patches/mariadb-CVE-2021-27928.patch new file mode 100644 index 0000000000..39a023c159 --- /dev/null +++ b/gnu/packages/patches/mariadb-CVE-2021-27928.patch @@ -0,0 +1,642 @@ +From 7580701e6279900fec40822952a3b874732289cf Mon Sep 17 00:00:00 2001 +From: Sergei Golubchik +Date: Thu, 18 Feb 2021 14:20:48 +0100 +Subject: [PATCH] make @@wsrep_provider and @@wsrep_notify_cmd read-only + +this should simplify run-time cluster management +--- + mysql-test/suite/galera/disabled.def | 2 + + .../galera/include/galera_load_provider.inc | 19 -------- + .../galera/include/galera_unload_provider.inc | 3 +- + .../suite/galera/r/galera_ist_rsync.result | 2 +- + .../galera/r/galera_sst_mysqldump.result | 2 +- + .../suite/galera/r/mysql-wsrep#33.result | 2 +- + .../suite/sys_vars/r/sysvars_wsrep.result | 4 +- + .../sys_vars/r/wsrep_notify_cmd_basic.result | 47 ------------------- + .../sys_vars/r/wsrep_provider_basic.result | 40 ---------------- + .../r/wsrep_provider_options_basic.result | 46 ------------------ + .../sys_vars/t/wsrep_notify_cmd_basic.test | 43 ----------------- + .../sys_vars/t/wsrep_provider_basic.test | 39 --------------- + .../t/wsrep_provider_options_basic.test | 41 ---------------- + mysql-test/suite/wsrep/disabled.def | 2 + + mysql-test/suite/wsrep/r/variables.result | 12 ++--- + mysql-test/suite/wsrep/t/variables.test | 32 +++---------- + sql/sys_vars.cc | 8 ++-- + 17 files changed, 25 insertions(+), 319 deletions(-) + delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result + delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_basic.result + delete mode 100644 mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result + delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test + delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_basic.test + delete mode 100644 mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test + +diff --git a/mysql-test/suite/galera/disabled.def b/mysql-test/suite/galera/disabled.def +index d940c702d54..83f26e81636 100644 +--- a/mysql-test/suite/galera/disabled.def ++++ b/mysql-test/suite/galera/disabled.def +@@ -49,3 +49,5 @@ partition : MDEV-19958 Galera test failure on galera.partition + query_cache: MDEV-15805 Test failure on galera.query_cache + sql_log_bin : MDEV-21491 galera.sql_log_bin + versioning_trx_id : MDEV-18590 galera.versioning_trx_id ++galera_wsrep_provider_unset_set: wsrep_provider is read-only for security reasons ++pxc-421: wsrep_provider is read-only for security reasons +diff --git a/mysql-test/suite/galera/include/galera_load_provider.inc b/mysql-test/suite/galera/include/galera_load_provider.inc +index 0f843597d9c..28010cc5b71 100644 +--- a/mysql-test/suite/galera/include/galera_load_provider.inc ++++ b/mysql-test/suite/galera/include/galera_load_provider.inc +@@ -1,25 +1,6 @@ + --echo Loading wsrep provider ... + + --disable_query_log +---eval SET GLOBAL wsrep_provider = '$wsrep_provider_orig'; +- +-# +-# count occurences of successful node starts in error log +-# +-perl; +- use strict; +- my $test_log=$ENV{'LOG_FILE'} or die "LOG_FILE not set"; +- my $test_log_copy=$test_log . '.copy'; +- if (-e $test_log_copy) { +- unlink $test_log_copy; +- } +- +-EOF +---copy_file $LOG_FILE $LOG_FILE.copy +- +-# +-# now join to the cluster +-# + --eval SET GLOBAL wsrep_cluster_address = '$wsrep_cluster_address_orig'; + + --enable_query_log +diff --git a/mysql-test/suite/galera/include/galera_unload_provider.inc b/mysql-test/suite/galera/include/galera_unload_provider.inc +index cd841f51fbc..ed7e9bc41f0 100644 +--- a/mysql-test/suite/galera/include/galera_unload_provider.inc ++++ b/mysql-test/suite/galera/include/galera_unload_provider.inc +@@ -1,7 +1,6 @@ + --echo Unloading wsrep provider ... + + --let $wsrep_cluster_address_orig = `SELECT @@wsrep_cluster_address` +---let $wsrep_provider_orig = `SELECT @@wsrep_provider` + --let $wsrep_provider_options_orig = `SELECT @@wsrep_provider_options` + --let $wsrep_error_log_orig = `SELECT @@log_error` + if(!$wsrep_log_error_orig) +@@ -12,4 +11,4 @@ if(!$wsrep_log_error_orig) + } + --let LOG_FILE= $wsrep_log_error_orig + +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; +diff --git a/mysql-test/suite/galera/r/galera_ist_rsync.result b/mysql-test/suite/galera/r/galera_ist_rsync.result +index 13f7d898a59..70a87c73df7 100644 +--- a/mysql-test/suite/galera/r/galera_ist_rsync.result ++++ b/mysql-test/suite/galera/r/galera_ist_rsync.result +@@ -23,7 +23,7 @@ INSERT INTO t1 VALUES ('node2_committed_before'); + INSERT INTO t1 VALUES ('node2_committed_before'); + COMMIT; + Unloading wsrep provider ... +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; + connection node_1; + SET AUTOCOMMIT=OFF; + START TRANSACTION; +diff --git a/mysql-test/suite/galera/r/galera_sst_mysqldump.result b/mysql-test/suite/galera/r/galera_sst_mysqldump.result +index 4ed679ba477..145b3a94775 100644 +--- a/mysql-test/suite/galera/r/galera_sst_mysqldump.result ++++ b/mysql-test/suite/galera/r/galera_sst_mysqldump.result +@@ -30,7 +30,7 @@ INSERT INTO t1 VALUES ('node2_committed_before'); + INSERT INTO t1 VALUES ('node2_committed_before'); + COMMIT; + Unloading wsrep provider ... +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; + connection node_1; + SET AUTOCOMMIT=OFF; + START TRANSACTION; +diff --git a/mysql-test/suite/galera/r/mysql-wsrep#33.result b/mysql-test/suite/galera/r/mysql-wsrep#33.result +index fb0b593cc96..45c6a3f660a 100644 +--- a/mysql-test/suite/galera/r/mysql-wsrep#33.result ++++ b/mysql-test/suite/galera/r/mysql-wsrep#33.result +@@ -32,7 +32,7 @@ INSERT INTO t1 VALUES ('node2_committed_before'); + INSERT INTO t1 VALUES ('node2_committed_before'); + COMMIT; + Unloading wsrep provider ... +-SET GLOBAL wsrep_provider = 'none'; ++SET GLOBAL wsrep_cluster_address = ''; + connection node_1; + SET AUTOCOMMIT=OFF; + START TRANSACTION; +diff --git a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result +index 4b6abf85434..f73bfbd13e7 100644 +--- a/mysql-test/suite/sys_vars/r/sysvars_wsrep.result ++++ b/mysql-test/suite/sys_vars/r/sysvars_wsrep.result +@@ -403,7 +403,7 @@ NUMERIC_MIN_VALUE NULL + NUMERIC_MAX_VALUE NULL + NUMERIC_BLOCK_SIZE NULL + ENUM_VALUE_LIST NULL +-READ_ONLY NO ++READ_ONLY YES + COMMAND_LINE_ARGUMENT REQUIRED + GLOBAL_VALUE_PATH NULL + VARIABLE_NAME WSREP_ON +@@ -463,7 +463,7 @@ NUMERIC_MIN_VALUE NULL + NUMERIC_MAX_VALUE NULL + NUMERIC_BLOCK_SIZE NULL + ENUM_VALUE_LIST NULL +-READ_ONLY NO ++READ_ONLY YES + COMMAND_LINE_ARGUMENT REQUIRED + GLOBAL_VALUE_PATH NULL + VARIABLE_NAME WSREP_PROVIDER_OPTIONS +diff --git a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result b/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result +deleted file mode 100644 +index 056ff8c817b..00000000000 +--- a/mysql-test/suite/sys_vars/r/wsrep_notify_cmd_basic.result ++++ /dev/null +@@ -1,47 +0,0 @@ +-# +-# wsrep_notify_cmd +-# +-call mtr.add_suppression("WSREP: Failed to get provider options"); +-# save the initial value +-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd; +-# default +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +- +- +-# scope +-SELECT @@session.wsrep_notify_cmd; +-ERROR HY000: Variable 'wsrep_notify_cmd' is a GLOBAL variable +-SET @@global.wsrep_notify_cmd='notify_cmd'; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-notify_cmd +- +-# valid values +-SET @@global.wsrep_notify_cmd='command'; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-command +-SET @@global.wsrep_notify_cmd='hyphenated-command'; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-hyphenated-command +-SET @@global.wsrep_notify_cmd=default; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +- +-SET @@global.wsrep_notify_cmd=NULL; +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-NULL +- +-# invalid values +-SET @@global.wsrep_notify_cmd=1; +-ERROR 42000: Incorrect argument type to variable 'wsrep_notify_cmd' +-SELECT @@global.wsrep_notify_cmd; +-@@global.wsrep_notify_cmd +-NULL +- +-# restore the initial value +-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved; +-# End of test +diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result +deleted file mode 100644 +index 3e4ac8ca883..00000000000 +--- a/mysql-test/suite/sys_vars/r/wsrep_provider_basic.result ++++ /dev/null +@@ -1,40 +0,0 @@ +-# +-# wsrep_provider +-# +-# save the initial value +-SET @wsrep_provider_global_saved = @@global.wsrep_provider; +-# default +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# scope +-SELECT @@session.wsrep_provider; +-ERROR HY000: Variable 'wsrep_provider' is a GLOBAL variable +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# valid values +-SET @@global.wsrep_provider=default; +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# invalid values +-SET @@global.wsrep_provider='/invalid/libgalera_smm.so'; +-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of '/invalid/libgalera_smm.so' +-SET @@global.wsrep_provider=NULL; +-ERROR 42000: Variable 'wsrep_provider' can't be set to the value of 'NULL' +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +-SET @@global.wsrep_provider=1; +-ERROR 42000: Incorrect argument type to variable 'wsrep_provider' +-SELECT @@global.wsrep_provider; +-@@global.wsrep_provider +-none +- +-# restore the initial value +-SET @@global.wsrep_provider = @wsrep_provider_global_saved; +-# End of test +diff --git a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result b/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result +deleted file mode 100644 +index 15949a14e39..00000000000 +--- a/mysql-test/suite/sys_vars/r/wsrep_provider_options_basic.result ++++ /dev/null +@@ -1,46 +0,0 @@ +-# +-# wsrep_provider_options +-# +-call mtr.add_suppression("WSREP: Failed to get provider options"); +-# default +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +- +-# scope +-SELECT @@session.wsrep_provider_options; +-ERROR HY000: Variable 'wsrep_provider_options' is a GLOBAL variable +-SET @@global.wsrep_provider_options='option1'; +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +- +-# valid values +-SET @@global.wsrep_provider_options='name1=value1;name2=value2'; +-ERROR HY000: WSREP (galera) not started +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +-SET @@global.wsrep_provider_options='hyphenated-name:value'; +-ERROR HY000: WSREP (galera) not started +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +-SET @@global.wsrep_provider_options=default; +-ERROR HY000: WSREP (galera) not started +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +- +-# invalid values +-SET @@global.wsrep_provider_options=1; +-ERROR 42000: Incorrect argument type to variable 'wsrep_provider_options' +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +-SET @@global.wsrep_provider_options=NULL; +-Got one of the listed errors +-SELECT @@global.wsrep_provider_options; +-@@global.wsrep_provider_options +- +-# End of test +diff --git a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test b/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test +deleted file mode 100644 +index 6d1535ba148..00000000000 +--- a/mysql-test/suite/sys_vars/t/wsrep_notify_cmd_basic.test ++++ /dev/null +@@ -1,43 +0,0 @@ +---source include/have_wsrep.inc +- +---echo # +---echo # wsrep_notify_cmd +---echo # +- +-call mtr.add_suppression("WSREP: Failed to get provider options"); +- +---echo # save the initial value +-SET @wsrep_notify_cmd_global_saved = @@global.wsrep_notify_cmd; +- +---echo # default +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # scope +---error ER_INCORRECT_GLOBAL_LOCAL_VAR +-SELECT @@session.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd='notify_cmd'; +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # valid values +-SET @@global.wsrep_notify_cmd='command'; +-SELECT @@global.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd='hyphenated-command'; +-SELECT @@global.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd=default; +-SELECT @@global.wsrep_notify_cmd; +-SET @@global.wsrep_notify_cmd=NULL; +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # invalid values +---error ER_WRONG_TYPE_FOR_VAR +-SET @@global.wsrep_notify_cmd=1; +-SELECT @@global.wsrep_notify_cmd; +- +---echo +---echo # restore the initial value +-SET @@global.wsrep_notify_cmd = @wsrep_notify_cmd_global_saved; +- +---echo # End of test +diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test +deleted file mode 100644 +index 1190ab41bb0..00000000000 +--- a/mysql-test/suite/sys_vars/t/wsrep_provider_basic.test ++++ /dev/null +@@ -1,39 +0,0 @@ +---source include/have_wsrep.inc +- +---echo # +---echo # wsrep_provider +---echo # +- +---echo # save the initial value +-SET @wsrep_provider_global_saved = @@global.wsrep_provider; +- +---echo # default +-SELECT @@global.wsrep_provider; +- +---echo +---echo # scope +---error ER_INCORRECT_GLOBAL_LOCAL_VAR +-SELECT @@session.wsrep_provider; +-SELECT @@global.wsrep_provider; +- +---echo +---echo # valid values +-SET @@global.wsrep_provider=default; +-SELECT @@global.wsrep_provider; +- +---echo +---echo # invalid values +---error ER_WRONG_VALUE_FOR_VAR +-SET @@global.wsrep_provider='/invalid/libgalera_smm.so'; +---error ER_WRONG_VALUE_FOR_VAR +-SET @@global.wsrep_provider=NULL; +-SELECT @@global.wsrep_provider; +---error ER_WRONG_TYPE_FOR_VAR +-SET @@global.wsrep_provider=1; +-SELECT @@global.wsrep_provider; +- +---echo +---echo # restore the initial value +-SET @@global.wsrep_provider = @wsrep_provider_global_saved; +- +---echo # End of test +diff --git a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test b/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test +deleted file mode 100644 +index 6eb3a94b6a4..00000000000 +--- a/mysql-test/suite/sys_vars/t/wsrep_provider_options_basic.test ++++ /dev/null +@@ -1,41 +0,0 @@ +---source include/have_wsrep.inc +- +---echo # +---echo # wsrep_provider_options +---echo # +- +-call mtr.add_suppression("WSREP: Failed to get provider options"); +- +---echo # default +-SELECT @@global.wsrep_provider_options; +- +---echo +---echo # scope +---error ER_INCORRECT_GLOBAL_LOCAL_VAR +-SELECT @@session.wsrep_provider_options; +---error 0,ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options='option1'; +-SELECT @@global.wsrep_provider_options; +- +---echo +---echo # valid values +---error ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options='name1=value1;name2=value2'; +-SELECT @@global.wsrep_provider_options; +---error ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options='hyphenated-name:value'; +-SELECT @@global.wsrep_provider_options; +---error ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options=default; +-SELECT @@global.wsrep_provider_options; +- +---echo +---echo # invalid values +---error ER_WRONG_TYPE_FOR_VAR +-SET @@global.wsrep_provider_options=1; +-SELECT @@global.wsrep_provider_options; +---error ER_WRONG_ARGUMENTS,ER_WRONG_ARGUMENTS +-SET @@global.wsrep_provider_options=NULL; +-SELECT @@global.wsrep_provider_options; +- +---echo # End of test +diff --git a/mysql-test/suite/wsrep/disabled.def b/mysql-test/suite/wsrep/disabled.def +index 11577bfe8b0..3d204db6945 100644 +--- a/mysql-test/suite/wsrep/disabled.def ++++ b/mysql-test/suite/wsrep/disabled.def +@@ -10,3 +10,5 @@ + # + ############################################################################## + ++ ++mdev_6832: wsrep_provider is read-only for security reasons +diff --git a/mysql-test/suite/wsrep/r/variables.result b/mysql-test/suite/wsrep/r/variables.result +index a9988fd1628..e57440125ee 100644 +--- a/mysql-test/suite/wsrep/r/variables.result ++++ b/mysql-test/suite/wsrep/r/variables.result +@@ -14,7 +14,6 @@ SET SESSION wsrep_replicate_myisam= ON; + ERROR HY000: Variable 'wsrep_replicate_myisam' is a GLOBAL variable and should be set with SET GLOBAL + SET GLOBAL wsrep_replicate_myisam= ON; + SET GLOBAL wsrep_replicate_myisam= OFF; +-SET GLOBAL wsrep_provider=none; + # + # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of + # variables when using "_" +@@ -151,7 +150,6 @@ wsrep_local_state_comment # + # Should show nothing. + SHOW STATUS LIKE 'x'; + Variable_name Value +-SET GLOBAL wsrep_provider=none; + + SHOW STATUS LIKE 'wsrep_local_state_uuid'; + Variable_name Value +@@ -160,7 +158,6 @@ wsrep_local_state_uuid # + SHOW STATUS LIKE 'wsrep_last_committed'; + Variable_name Value + wsrep_last_committed # +-SET GLOBAL wsrep_provider=none; + + # + # MDEV#6206: wsrep_slave_threads subtracts from max_connections +@@ -174,7 +171,7 @@ SELECT @@global.wsrep_slave_threads; + 1 + SELECT @@global.wsrep_cluster_address; + @@global.wsrep_cluster_address +- ++gcomm:// + SELECT @@global.wsrep_on; + @@global.wsrep_on + 1 +@@ -183,14 +180,14 @@ Variable_name Value + Threads_connected 1 + SHOW STATUS LIKE 'wsrep_thread_count'; + Variable_name Value +-wsrep_thread_count 0 ++wsrep_thread_count 2 + + SELECT @@global.wsrep_provider; + @@global.wsrep_provider + libgalera_smm.so + SELECT @@global.wsrep_cluster_address; + @@global.wsrep_cluster_address +- ++gcomm:// + SELECT @@global.wsrep_on; + @@global.wsrep_on + 1 +@@ -199,11 +196,10 @@ Variable_name Value + Threads_connected 1 + SHOW STATUS LIKE 'wsrep_thread_count'; + Variable_name Value +-wsrep_thread_count 0 ++wsrep_thread_count 2 + + # Setting wsrep_cluster_address triggers the creation of + # applier/rollbacker threads. +-SET GLOBAL wsrep_cluster_address= 'gcomm://'; + # Wait for applier thread to get created 1. + # Wait for applier thread to get created 2. + SELECT VARIABLE_VALUE AS EXPECT_1 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_applier_thread_count'; +diff --git a/mysql-test/suite/wsrep/t/variables.test b/mysql-test/suite/wsrep/t/variables.test +index f2c3a0a3b78..fd352b61a3a 100644 +--- a/mysql-test/suite/wsrep/t/variables.test ++++ b/mysql-test/suite/wsrep/t/variables.test +@@ -23,7 +23,7 @@ SET GLOBAL wsrep_replicate_myisam= ON; + + # Reset it back. + SET GLOBAL wsrep_replicate_myisam= OFF; +-SET GLOBAL wsrep_provider=none; ++#SET GLOBAL wsrep_provider=none; + + --echo # + --echo # MDEV#5790: SHOW GLOBAL STATUS LIKE does not show the correct list of +@@ -32,9 +32,6 @@ SET GLOBAL wsrep_provider=none; + + CALL mtr.add_suppression("WSREP: Could not open saved state file for reading.*"); + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---enable_query_log + + --replace_column 2 # + SHOW GLOBAL STATUS LIKE 'wsrep%'; +@@ -50,11 +47,9 @@ SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment'; + SHOW STATUS LIKE 'x'; + + # Reset it back. +-SET GLOBAL wsrep_provider=none; ++#SET GLOBAL wsrep_provider=none; + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---enable_query_log ++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; + + # The following 2 variables are used by mariabackup + # SST. +@@ -66,7 +61,7 @@ SHOW STATUS LIKE 'wsrep_local_state_uuid'; + SHOW STATUS LIKE 'wsrep_last_committed'; + + # Reset it back. +-SET GLOBAL wsrep_provider=none; ++#SET GLOBAL wsrep_provider=none; + + --echo + --echo # +@@ -74,9 +69,7 @@ SET GLOBAL wsrep_provider=none; + --echo # + call mtr.add_suppression("WSREP: Failed to get provider options"); + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---enable_query_log ++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; + + --replace_regex /.*libgalera_smm.*/libgalera_smm.so/ + SELECT @@global.wsrep_provider; +@@ -87,9 +80,7 @@ SHOW STATUS LIKE 'threads_connected'; + SHOW STATUS LIKE 'wsrep_thread_count'; + --echo + +---disable_query_log +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +---enable_query_log ++#evalp SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; + + --replace_regex /.*libgalera_smm.*/libgalera_smm.so/ + SELECT @@global.wsrep_provider; +@@ -101,7 +92,7 @@ SHOW STATUS LIKE 'wsrep_thread_count'; + + --echo # Setting wsrep_cluster_address triggers the creation of + --echo # applier/rollbacker threads. +-SET GLOBAL wsrep_cluster_address= 'gcomm://'; ++#SET GLOBAL wsrep_cluster_address= 'gcomm://'; + + --echo # Wait for applier thread to get created 1. + --let $wait_condition = SELECT VARIABLE_VALUE = 1 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_applier_thread_count'; +@@ -162,15 +153,6 @@ SET @@global.wsrep_sst_auth= NULL; + SELECT @@global.wsrep_sst_auth; + SET @@global.wsrep_sst_auth= @wsrep_sst_auth_saved; + +-# Reset (for mtr internal checks) +- +---disable_query_log +-SET GLOBAL wsrep_slave_threads= @wsrep_slave_threads_saved; +-eval SET GLOBAL wsrep_provider= '$WSREP_PROVIDER'; +-SET GLOBAL wsrep_cluster_address= @wsrep_cluster_address_saved; +-SET GLOBAL wsrep_provider_options= @wsrep_provider_options_saved; +---enable_query_log +- + --source include/galera_wait_ready.inc + + --echo # End of test. +diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc +index 64040243df0..8c67a4d432a 100644 +--- a/sql/sys_vars.cc ++++ b/sql/sys_vars.cc +@@ -5669,8 +5669,8 @@ static Sys_var_tz Sys_time_zone( + + static Sys_var_charptr_fscs Sys_wsrep_provider( + "wsrep_provider", "Path to replication provider library", +- PREALLOCATED GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG), +- DEFAULT(WSREP_NONE), ++ PREALLOCATED READ_ONLY GLOBAL_VAR(wsrep_provider), CMD_LINE(REQUIRED_ARG), ++ DEFAULT(WSREP_NONE), + NO_MUTEX_GUARD, NOT_IN_BINLOG, + ON_CHECK(wsrep_provider_check), ON_UPDATE(wsrep_provider_update)); + +@@ -5886,8 +5886,8 @@ static Sys_var_ulong Sys_wsrep_max_ws_rows ( + + static Sys_var_charptr Sys_wsrep_notify_cmd( + "wsrep_notify_cmd", "", +- GLOBAL_VAR(wsrep_notify_cmd),CMD_LINE(REQUIRED_ARG), +- DEFAULT("")); ++ READ_ONLY GLOBAL_VAR(wsrep_notify_cmd), CMD_LINE(REQUIRED_ARG), ++ DEFAULT("")); + + static Sys_var_mybool Sys_wsrep_certify_nonPK( + "wsrep_certify_nonPK", "Certify tables with no primary key", +-- +2.31.0 + -- cgit v1.2.3 From 53dd99bc0b2e23c5463b4cb95546fd438a72d229 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Fri, 26 Mar 2021 22:51:14 +0100 Subject: gnu: upx: Fix CVE-2021-20285. * gnu/packages/patches/upx-CVE-2021-20285.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/compression.scm (upx): Apply patch. --- gnu/local.mk | 1 + gnu/packages/compression.scm | 3 +- gnu/packages/patches/upx-CVE-2021-20285.patch | 76 +++++++++++++++++++++++++++ 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/upx-CVE-2021-20285.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 40956598db..f8c4e73402 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1765,6 +1765,7 @@ dist_patch_DATA = \ %D%/packages/patches/unzip-zipbomb-part2.patch \ %D%/packages/patches/unzip-zipbomb-part3.patch \ %D%/packages/patches/unzip-32bit-zipbomb-fix.patch \ + %D%/packages/patches/upx-CVE-2021-20285.patch \ %D%/packages/patches/ustr-fix-build-with-gcc-5.patch \ %D%/packages/patches/util-linux-tests.patch \ %D%/packages/patches/upower-builddir.patch \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 2d065046ee..ef73e6038b 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -2100,7 +2100,8 @@ decompression is a little bit slower.") version "/upx-" version "-src.tar.xz")) (sha256 (base32 - "051pk5jk8fcfg5mpgzj43z5p4cn7jy5jbyshyn78dwjqr7slsxs7")))) + "051pk5jk8fcfg5mpgzj43z5p4cn7jy5jbyshyn78dwjqr7slsxs7")) + (patches (search-patches "upx-CVE-2021-20285.patch")))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) diff --git a/gnu/packages/patches/upx-CVE-2021-20285.patch b/gnu/packages/patches/upx-CVE-2021-20285.patch new file mode 100644 index 0000000000..1d47b2a8bb --- /dev/null +++ b/gnu/packages/patches/upx-CVE-2021-20285.patch @@ -0,0 +1,76 @@ +From 3781df9da23840e596d5e9e8493f22666802fe6c Mon Sep 17 00:00:00 2001 +From: John Reiser +Date: Fri, 11 Dec 2020 13:38:18 -0800 +Subject: [PATCH] Check DT_REL/DT_RELA, DT_RELSZ/DT_RELASZ + +https://github.com/upx/upx/issues/421 + modified: p_lx_elf.cpp +--- + src/p_lx_elf.cpp | 34 +++++++++++++++++++++++++++++----- + 1 file changed, 29 insertions(+), 5 deletions(-) + +diff --git a/src/p_lx_elf.cpp b/src/p_lx_elf.cpp +index 182db192..3a4101cf 100644 +--- a/src/p_lx_elf.cpp ++++ b/src/p_lx_elf.cpp +@@ -2222,8 +2222,20 @@ bool PackLinuxElf32::canPack() + int z_rsz = dt_table[Elf32_Dyn::DT_RELSZ]; + if (z_rel && z_rsz) { + unsigned rel_off = get_te32(&dynseg[-1+ z_rel].d_val); ++ if ((unsigned)file_size <= rel_off) { ++ char msg[70]; snprintf(msg, sizeof(msg), ++ "bad Elf32_Dynamic[DT_REL] %#x\n", ++ rel_off); ++ throwCantPack(msg); ++ } + Elf32_Rel *rp = (Elf32_Rel *)&file_image[rel_off]; + unsigned relsz = get_te32(&dynseg[-1+ z_rsz].d_val); ++ if ((unsigned)file_size <= relsz) { ++ char msg[70]; snprintf(msg, sizeof(msg), ++ "bad Elf32_Dynamic[DT_RELSZ] %#x\n", ++ relsz); ++ throwCantPack(msg); ++ } + Elf32_Rel *last = (Elf32_Rel *)(relsz + (char *)rp); + for (; rp < last; ++rp) { + unsigned r_va = get_te32(&rp->r_offset); +@@ -2562,14 +2574,26 @@ PackLinuxElf64::canPack() + int z_rel = dt_table[Elf64_Dyn::DT_RELA]; + int z_rsz = dt_table[Elf64_Dyn::DT_RELASZ]; + if (z_rel && z_rsz) { +- unsigned rel_off = get_te64(&dynseg[-1+ z_rel].d_val); ++ upx_uint64_t rel_off = get_te64(&dynseg[-1+ z_rel].d_val); ++ if ((u64_t)file_size <= rel_off) { ++ char msg[70]; snprintf(msg, sizeof(msg), ++ "bad Elf64_Dynamic[DT_RELA] %#llx\n", ++ rel_off); ++ throwCantPack(msg); ++ } + Elf64_Rela *rp = (Elf64_Rela *)&file_image[rel_off]; +- unsigned relsz = get_te64(&dynseg[-1+ z_rsz].d_val); ++ upx_uint64_t relsz = get_te64(&dynseg[-1+ z_rsz].d_val); ++ if ((u64_t)file_size <= relsz) { ++ char msg[70]; snprintf(msg, sizeof(msg), ++ "bad Elf64_Dynamic[DT_RELASZ] %#llx\n", ++ relsz); ++ throwCantPack(msg); ++ } + Elf64_Rela *last = (Elf64_Rela *)(relsz + (char *)rp); + for (; rp < last; ++rp) { +- unsigned r_va = get_te64(&rp->r_offset); ++ upx_uint64_t r_va = get_te64(&rp->r_offset); + if (r_va == user_init_ava) { // found the Elf64_Rela +- unsigned r_info = get_te64(&rp->r_info); ++ upx_uint64_t r_info = get_te64(&rp->r_info); + unsigned r_type = ELF64_R_TYPE(r_info); + if (Elf64_Ehdr::EM_AARCH64 == e_machine + && R_AARCH64_RELATIVE == r_type) { +@@ -2581,7 +2605,7 @@ PackLinuxElf64::canPack() + } + else { + char msg[50]; snprintf(msg, sizeof(msg), +- "bad relocation %#x DT_INIT_ARRAY[0]", ++ "bad relocation %#llx DT_INIT_ARRAY[0]", + r_info); + throwCantPack(msg); + } -- cgit v1.2.3 From bfc69d5e7c45eac865e231643b58396580afb231 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 27 Mar 2021 08:08:37 -0400 Subject: gnu: imagemagick: Fix CVE-2020-27829. * gnu/packages/patches/imagemagick-CVE-2020-27829.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/imagemagick.scm (source): Add patch. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 4 +++- .../patches/imagemagick-CVE-2020-27829.patch | 27 ++++++++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/imagemagick-CVE-2020-27829.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f8c4e73402..435aade2b8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1220,6 +1220,7 @@ dist_patch_DATA = \ %D%/packages/patches/id3lib-UTF16-writing-bug.patch \ %D%/packages/patches/idris-disable-test.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ + %D%/packages/patches/imagemagick-CVE-2020-27829.patch \ %D%/packages/patches/inetutils-hurd.patch \ %D%/packages/patches/inkscape-poppler-0.76.patch \ %D%/packages/patches/intel-xed-fix-nondeterminism.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index bbf038534f..c48ba534c2 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -155,7 +155,9 @@ text, lines, polygons, ellipses and Bézier curves.") version ".tar.xz")) (sha256 (base32 - "1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b")))))) + "1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b")) + (patches + (search-patches "imagemagick-CVE-2020-27829.patch")))))) (define-public perl-image-magick (package diff --git a/gnu/packages/patches/imagemagick-CVE-2020-27829.patch b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch new file mode 100644 index 0000000000..b15c1d0879 --- /dev/null +++ b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch @@ -0,0 +1,27 @@ +We omit the ChangeLog changes below, since they do not apply cleanly. + + +From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Mon, 30 Nov 2020 16:26:59 +0000 +Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by + Hardik Shah) + +--- + ChangeLog | 6 ++++++ + coders/tiff.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/coders/tiff.c b/coders/tiff.c +index e98f927ab..1eecf17ae 100644 +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, + extent+=image->columns*sizeof(uint32); + #endif + strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, +- sizeof(*strip_pixels)); ++ 2*sizeof(*strip_pixels)); + if (strip_pixels == (unsigned char *) NULL) + ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed"); + (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); -- cgit v1.2.3 From 2d3d7faf0a087c7836d71c92c8a67283c3d4dec5 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 27 Mar 2021 07:01:37 -0400 Subject: gnu: imagemagick: Add more upstream fixes. * gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch, gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch, gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/imagemagick.scm (source): Add patches. --- gnu/local.mk | 3 ++ gnu/packages/imagemagick.scm | 5 +++- .../patches/imagemagick-ReadDCMImage-fix.patch | 26 ++++++++++++++++ .../patches/imagemagick-ReadDCMPixels-fix.patch | 35 ++++++++++++++++++++++ .../imagemagick-WriteTHUMBNAILImage-fix.patch | 25 ++++++++++++++++ 5 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch create mode 100644 gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch create mode 100644 gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 435aade2b8..52a021c2a3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1221,6 +1221,9 @@ dist_patch_DATA = \ %D%/packages/patches/idris-disable-test.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ %D%/packages/patches/imagemagick-CVE-2020-27829.patch \ + %D%/packages/patches/imagemagick-ReadDCMImage-fix.patch \ + %D%/packages/patches/imagemagick-ReadDCMPixels-fix.patch \ + %D%/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch \ %D%/packages/patches/inetutils-hurd.patch \ %D%/packages/patches/inkscape-poppler-0.76.patch \ %D%/packages/patches/intel-xed-fix-nondeterminism.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index c48ba534c2..4f0ffcbcc6 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -157,7 +157,10 @@ text, lines, polygons, ellipses and Bézier curves.") (base32 "1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b")) (patches - (search-patches "imagemagick-CVE-2020-27829.patch")))))) + (search-patches "imagemagick-ReadDCMImage-fix.patch" + "imagemagick-ReadDCMPixels-fix.patch" + "imagemagick-WriteTHUMBNAILImage-fix.patch" + "imagemagick-CVE-2020-27829.patch")))))) (define-public perl-image-magick (package diff --git a/gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch b/gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch new file mode 100644 index 0000000000..42ece43682 --- /dev/null +++ b/gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch @@ -0,0 +1,26 @@ +From 512668dfd92b20d0d08b91d62b422d8262573281 Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Wed, 24 Mar 2021 20:37:15 +0100 +Subject: [PATCH] Throw exception when no exception was raised but status was + false (#3432). + +--- + coders/dcm.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/coders/dcm.c b/coders/dcm.c +index 7a68ed6e8..ed17c9567 100644 +--- a/coders/dcm.c ++++ b/coders/dcm.c +@@ -3989,6 +3989,8 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception) + if (redmap != (int *) NULL) + redmap=(int *) RelinquishMagickMemory(redmap); + image=DestroyImageList(image); ++ if ((status == MagickFalse) && (exception->severity < ErrorException)) ++ ThrowReaderException(CorruptImageError,"CorruptImage"); + return(GetFirstImageInList(images)); + } + if (info.depth != (1UL*MAGICKCORE_QUANTUM_DEPTH)) +-- +2.31.0 + diff --git a/gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch b/gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch new file mode 100644 index 0000000000..a91999186b --- /dev/null +++ b/gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch @@ -0,0 +1,35 @@ +From c8f25953ad1dd38a8b2d92738f0f742ad7e0bce7 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sun, 21 Mar 2021 21:21:15 -0400 +Subject: [PATCH] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32322 + +--- + coders/dcm.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/coders/dcm.c b/coders/dcm.c +index 29eed9618..7a68ed6e8 100644 +--- a/coders/dcm.c ++++ b/coders/dcm.c +@@ -2984,12 +2984,12 @@ static MagickBooleanType ReadDCMPixels(Image *image,DCMInfo *info, + } + else + { +- SetPixelRed(q,(Quantum) (((ssize_t) pixel.red) | +- (((ssize_t) GetPixelRed(q)) << 8))); +- SetPixelGreen(q,(Quantum) (((ssize_t) pixel.green) | +- (((ssize_t) GetPixelGreen(q)) << 8))); +- SetPixelBlue(q,(Quantum) (((ssize_t) pixel.blue) | +- (((ssize_t) GetPixelBlue(q)) << 8))); ++ SetPixelRed(q,(Quantum) (((size_t) pixel.red) | ++ (((size_t) GetPixelRed(q)) << 8))); ++ SetPixelGreen(q,(Quantum) (((size_t) pixel.green) | ++ (((size_t) GetPixelGreen(q)) << 8))); ++ SetPixelBlue(q,(Quantum) (((size_t) pixel.blue) | ++ (((size_t) GetPixelBlue(q)) << 8))); + } + q++; + } +-- +2.31.0 + diff --git a/gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch b/gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch new file mode 100644 index 0000000000..f38a45b800 --- /dev/null +++ b/gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch @@ -0,0 +1,25 @@ +From 6a5d3575487487f2703383338bd17c8c25068f19 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Thu, 25 Mar 2021 08:58:18 -0400 +Subject: [PATCH] eliminate compiler warning + +--- + coders/thumbnail.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/coders/thumbnail.c b/coders/thumbnail.c +index 3833341b0..1e2bfe8c2 100644 +--- a/coders/thumbnail.c ++++ b/coders/thumbnail.c +@@ -199,7 +199,7 @@ static MagickBooleanType WriteTHUMBNAILImage(const ImageInfo *image_info, + q++; + } + if ((q > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) || +- (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q))) ++ ((ssize_t) length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q))) + ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail"); + thumbnail_image=BlobToImage(image_info,q,length,&image->exception); + if (thumbnail_image == (Image *) NULL) +-- +2.31.0 + -- cgit v1.2.3 From 146a9403b3f9bda114e4e3a63ad1ad1aaac82d12 Mon Sep 17 00:00:00 2001 From: Raghav Gururajan Date: Tue, 16 Mar 2021 15:51:11 -0400 Subject: gnu: mediastreamer2: Update to 4.4.34. * gnu/packages/linphone.scm (mediastreamer2)[source]: Switch to git repository. [version]: Update to 4.4.34. [patches]: Remove field. [configure-flags]: Remove the ENABLE_STRICT, ENABLE_BV16, CMAKE_C_FLAGS and CMAKE_CXX_FLAGS flags. [phases]{fix-version}: New phase. {separate-outputs}: Modify. [native-inputs]: Replace python with python-wrapper. [home-page]: Update. [license]: Upgrade to GPLv3+. * gnu/packages/patches/mediastreamer2-srtp2.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it. Signed-off-by: Maxim Cournoyer --- gnu/local.mk | 1 - gnu/packages/linphone.scm | 61 +++++----- gnu/packages/patches/mediastreamer2-srtp2.patch | 155 ------------------------ 3 files changed, 29 insertions(+), 188 deletions(-) delete mode 100644 gnu/packages/patches/mediastreamer2-srtp2.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index d131dc0388..2194e46f5d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1397,7 +1397,6 @@ dist_patch_DATA = \ %D%/packages/patches/mcrypt-CVE-2012-4527.patch \ %D%/packages/patches/libmemcached-build-with-gcc7.patch \ %D%/packages/patches/libmhash-hmac-fix-uaf.patch \ - %D%/packages/patches/mediastreamer2-srtp2.patch \ %D%/packages/patches/mesa-skip-tests.patch \ %D%/packages/patches/mescc-tools-boot.patch \ %D%/packages/patches/meson-for-build-rpath.patch \ diff --git a/gnu/packages/linphone.scm b/gnu/packages/linphone.scm index 370748220a..129b6764e5 100644 --- a/gnu/packages/linphone.scm +++ b/gnu/packages/linphone.scm @@ -417,9 +417,10 @@ such as conferencing.") #:phases (modify-phases %standard-phases (add-after 'unpack 'fix-version-strings + ;; See: https://gitlab.linphone.org/BC/public/ortp/-/issues/5. (lambda _ (substitute* "CMakeLists.txt" - (("VERSION 4.4.0") + (("VERSION [0-9]+\\.[0-9]+\\.[0-9]+") (string-append "VERSION " ,version)) (("\\$\\{ORTP_DOC_VERSION\\}") ,version)))) @@ -518,56 +519,52 @@ API. It also comprises a simple HTTP/HTTPS client implementation.") (define-public mediastreamer2 (package (name "mediastreamer2") - (version "2.16.1") + (version "4.4.34") (source (origin - (method url-fetch) - (uri - (string-append "https://www.linphone.org/releases/sources/" - "mediastreamer/mediastreamer-" version ".tar.gz")) + (method git-fetch) + (uri (git-reference + (url "https://gitlab.linphone.org/BC/public/mediastreamer2.git") + (commit version))) + (file-name (git-file-name name version)) (sha256 - (base32 "0whpqr69wz0pnzvragkpfblxhd0rds8k06c3mw5a0ag216a1yd9k")) - (patches (search-patches "mediastreamer2-srtp2.patch")))) + (base32 "0989h3d0h7qrx4kjx8gg09j8c5hvvi3h8qi1iq1dqbppwbaxbz8c")))) (outputs '("out" "doc" "tester")) (build-system cmake-build-system) (arguments `(#:tests? #f ; No test target - #:configure-flags - (list "-DENABLE_STATIC=NO" ; Not required - "-DENABLE_STRICT=NO" ; Would otherwise treat warnings as err - "-DENABLE_BV16=NO" ; Not available - "-DCMAKE_C_FLAGS=-DMS2_GIT_VERSION=\\\"unknown\\\"" - "-DCMAKE_CXX_FLAGS=-DMS2_GIT_VERSION=\\\"unknown\\\"") + #:configure-flags (list "-DENABLE_STATIC=NO") #:phases (modify-phases %standard-phases + (add-after 'unpack 'fix-version + (lambda _ + (substitute* "CMakeLists.txt" + (("VERSION [0-9]+\\.[0-9]+\\.[0-9]+") + (string-append "VERSION " ,version))))) (add-after 'install 'separate-outputs (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) - (doc (assoc-ref outputs "doc")) (tester (assoc-ref outputs "tester")) - (tester-name (string-append ,name "_tester"))) + (tester-name (string-append ,name "_tester")) + (doc (assoc-ref outputs "doc")) + (doc-name (string-append ,name "-" ,version))) + (for-each mkdir-p + (list (string-append tester "/bin") + (string-append tester "/share") + (string-append doc "/share/doc"))) ;; Copy the tester executable. - (mkdir-p (string-append tester "/bin")) (rename-file (string-append out "/bin/" tester-name) (string-append tester "/bin/" tester-name)) ;; Copy the tester data files. - (copy-recursively (string-append out "/share/" tester-name) - (string-append tester "/share/" tester-name)) - (delete-file-recursively (string-append out "/share/" - tester-name)) + (rename-file (string-append out "/share/" tester-name) + (string-append tester "/share/" tester-name)) ;; Copy the HTML documentation. - (copy-recursively (string-append out "/share/doc/" - ,name "-" ,version "/html") - (string-append doc "/share/doc/" - ,name "-" ,version "/html")) - (delete-file-recursively (string-append out "/share/doc/" - ,name "-" ,version - "/html")) - #t)))))) + (rename-file (string-append out "/share/doc/" doc-name) + (string-append doc "/share/doc/" doc-name)))))))) (native-inputs `(("dot" ,graphviz) ("doxygen" ,doxygen) - ("python" ,python))) + ("python" ,python-wrapper))) (inputs `(("alsa" ,alsa-lib) ("bcg729" ,bcg729) @@ -600,8 +597,8 @@ API. It also comprises a simple HTTP/HTTPS client implementation.") for telephony applications. This media processing and streaming toolkit is responsible for receiving and sending all multimedia streams in Linphone, including media capture, encoding and decoding, and rendering.") - (home-page "https://gitlab.linphone.org/BC/public/mediastreamer2") - (license license:gpl2+))) + (home-page "https://linphone.org/technical-corner/mediastreamer2") + (license license:gpl3+))) (define-public liblinphone (package diff --git a/gnu/packages/patches/mediastreamer2-srtp2.patch b/gnu/packages/patches/mediastreamer2-srtp2.patch deleted file mode 100644 index f6d494facb..0000000000 --- a/gnu/packages/patches/mediastreamer2-srtp2.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 97903498364ae2596e790cb2c2ce9ac76c04d64a Mon Sep 17 00:00:00 2001 -From: Danmei Chen -Date: Fri, 19 Jan 2018 10:04:07 +0100 -Subject: [PATCH] add compability with srtp2 - ---- - cmake/FindSRTP.cmake | 24 ++++++++++++++++++++---- - src/CMakeLists.txt | 1 + - src/crypto/ms_srtp.c | 10 ++-------- - src/utils/srtp_prefix.h | 41 +++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 64 insertions(+), 12 deletions(-) - create mode 100644 src/utils/srtp_prefix.h - -diff --git a/cmake/FindSRTP.cmake b/cmake/FindSRTP.cmake -index 988b846a..f720ce7e 100644 ---- a/cmake/FindSRTP.cmake -+++ b/cmake/FindSRTP.cmake -@@ -31,20 +31,36 @@ set(_SRTP_ROOT_PATHS - ) - - find_path(SRTP_INCLUDE_DIRS -- NAMES srtp/srtp.h -+ NAMES srtp2/srtp.h - HINTS _SRTP_ROOT_PATHS - PATH_SUFFIXES include - ) - - if(SRTP_INCLUDE_DIRS) - set(HAVE_SRTP_SRTP_H 1) --endif() -- --find_library(SRTP_LIBRARIES -+ set(SRTP_VERSION 2) -+ find_library(SRTP_LIBRARIES -+ NAMES srtp2 -+ HINTS ${_SRTP_ROOT_PATHS} -+ PATH_SUFFIXES bin lib -+ ) -+else() -+ find_path(SRTP_INCLUDE_DIRS -+ NAMES srtp/srtp.h -+ HINTS _SRTP_ROOT_PATHS -+ PATH_SUFFIXES include -+ ) -+ if(SRTP_INCLUDE_DIRS) -+ set(HAVE_SRTP_SRTP_H 1) -+ set(SRTP_VERSION 1) -+ endif() -+ find_library(SRTP_LIBRARIES - NAMES srtp - HINTS ${_SRTP_ROOT_PATHS} - PATH_SUFFIXES bin lib - ) -+endif() -+ - - include(FindPackageHandleStandardArgs) - find_package_handle_standard_args(SRTP -diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt -index da429764..c46faa62 100644 ---- a/src/CMakeLists.txt -+++ b/src/CMakeLists.txt -@@ -183,6 +183,7 @@ set(VOIP_SOURCE_FILES_C - utils/pcap_sender.c - utils/pcap_sender.h - utils/stream_regulator.c -+ utils/srtp_prefix.h - voip/audioconference.c - voip/audiostream.c - voip/bandwidthcontroller.c -diff --git a/src/crypto/ms_srtp.c b/src/crypto/ms_srtp.c -index 5a510c99..67810316 100644 ---- a/src/crypto/ms_srtp.c -+++ b/src/crypto/ms_srtp.c -@@ -25,6 +25,7 @@ - #include "mediastreamer2/ms_srtp.h" - #include "mediastreamer2/mediastream.h" - -+ - #ifdef HAVE_SRTP - - /*srtp defines all this stuff*/ -@@ -34,13 +35,7 @@ - #undef PACKAGE_TARNAME - #undef PACKAGE_VERSION - --#if defined(MS2_WINDOWS_PHONE) --// Windows phone doesn't use make install --#include --#else --#include --#endif -- -+#include "srtp_prefix.h" - - #include "ortp/b64.h" - -@@ -352,7 +347,6 @@ int ms_srtp_init(void) - srtp_init_done++; - }else{ - ms_fatal("Couldn't initialize SRTP library: %d.", st); -- err_reporting_init("mediastreamer2"); - } - }else srtp_init_done++; - return (int)st; -diff --git a/src/utils/srtp_prefix.h b/src/utils/srtp_prefix.h -new file mode 100644 -index 00000000..68bde496 ---- /dev/null -+++ b/src/utils/srtp_prefix.h -@@ -0,0 +1,41 @@ -+/* -+ mediastreamer2 library - modular sound and video processing and streaming -+ Copyright (C) 2006-2014 Belledonne Communications, Grenoble -+ -+ This library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ This library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with this library; if not, write to the Free Software -+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -+*/ -+#ifndef __SRTP2_H__ -+#define __SRTP2_H__ -+ -+#if defined(MS2_WINDOWS_PHONE) -+// Windows phone doesn't use make install -+#include -+#elif SRTP_VERSION==1 -+#include -+#else -+#include -+#define err_status_t srtp_err_status_t -+#define err_status_ok srtp_err_status_ok -+#define crypto_policy_t srtp_crypto_policy_t -+#define crypto_policy_set_aes_cm_256_hmac_sha1_80 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80 -+#define crypto_policy_set_aes_cm_128_hmac_sha1_32 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32 -+#define crypto_policy_set_aes_cm_128_null_auth srtp_crypto_policy_set_aes_cm_128_null_auth -+#define crypto_policy_set_null_cipher_hmac_sha1_80 srtp_crypto_policy_set_null_cipher_hmac_sha1_80 -+#define crypto_policy_set_aes_cm_128_hmac_sha1_80 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80 -+#define crypto_policy_set_aes_cm_256_hmac_sha1_32 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32 -+#define ssrc_t srtp_ssrc_t -+#endif -+ -+#endif --- -2.21.0 - -- cgit v1.2.3 From 48b2202789c85b6ab2d10916e2b6b118efc18ea9 Mon Sep 17 00:00:00 2001 From: Raghav Gururajan Date: Fri, 19 Mar 2021 20:58:20 -0400 Subject: gnu: linphoneqt: Update to 4.2.5 and rename to linphone-desktop. Also enable the daemon and console interfaces. * gnu/packages/linphone.scm (linphoneqt) [name]: Rename to linphone-desktop. [source]: Switch to git repository. [patches]: Remove linphoneqt-tabbutton.patch and add linphone-desktop-without-sdk.patch. [outputs]: New output. [configure-flags]: Disable update checking and enable the daemon and console interfaces. [phases]: New phase. : Remove phases. : Rename to... : ... this; adjust. [native-inputs]: Add pkg-config. [inputs]: Add belr and ortp. Remove belle-sip. [home-page]: Update home page. [license]: Update to GPLv3+. * gnu/packages/patches/linphoneqt-tabbutton.patch: Remove file. linphone-desktop-without-sdk.patch: New file. * gnu/local.mk (dist_patch_DATA): Update. Co-authored-by: Maxim Cournoyer Signed-off-by: Maxim Cournoyer --- gnu/local.mk | 2 +- gnu/packages/linphone.scm | 74 ++++--- .../patches/linphone-desktop-without-sdk.patch | 235 +++++++++++++++++++++ gnu/packages/patches/linphoneqt-tabbutton.patch | 96 --------- 4 files changed, 277 insertions(+), 130 deletions(-) create mode 100644 gnu/packages/patches/linphone-desktop-without-sdk.patch delete mode 100644 gnu/packages/patches/linphoneqt-tabbutton.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 2194e46f5d..40732ca696 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1362,7 +1362,7 @@ dist_patch_DATA = \ %D%/packages/patches/lierolibre-try-building-other-arch.patch \ %D%/packages/patches/linbox-fix-pkgconfig.patch \ %D%/packages/patches/linkchecker-tests-require-network.patch \ - %D%/packages/patches/linphoneqt-tabbutton.patch \ + %D%/packages/patches/linphone-desktop-without-sdk.patch \ %D%/packages/patches/linux-libre-support-for-Pinebook-Pro.patch \ %D%/packages/patches/linux-pam-no-setfsuid.patch \ %D%/packages/patches/lirc-localstatedir.patch \ diff --git a/gnu/packages/linphone.scm b/gnu/packages/linphone.scm index 053e9e9e6f..7337e0ef1e 100644 --- a/gnu/packages/linphone.scm +++ b/gnu/packages/linphone.scm @@ -42,6 +42,7 @@ #:use-module (gnu packages ncurses) #:use-module (gnu packages openldap) #:use-module (gnu packages perl) + #:use-module (gnu packages pkg-config) #:use-module (gnu packages pulseaudio) #:use-module (gnu packages python) #:use-module (gnu packages python-xyz) @@ -802,55 +803,59 @@ and video calls or instant messaging capabilities to an application.") (home-page "https://linphone.org/technical-corner/liblinphone") (license license:gpl3+))) -(define-public linphoneqt +(define-public linphone-desktop (package - (name "linphoneqt") - (version "4.1.1") + (name "linphone-desktop") + (version "4.2.5") (source (origin - (method url-fetch) - (uri - (string-append "https://www.linphone.org/releases/sources/" name - "/" name "-" version ".tar.gz")) + (method git-fetch) + (uri (git-reference + (url "https://gitlab.linphone.org/BC/public/linphone-desktop") + (commit version))) + (file-name (git-file-name name version)) (sha256 - (base32 "1g2zrr9li0g1hgs6vys06vr98h5dx36z22hx7a6ry231536c002a")) - (patches (search-patches "linphoneqt-tabbutton.patch")))) + (base32 "1gq4l9p21rbrcksa7fbkzn9fzbbynqmn6ni6lhnvzk359sb1xvbz")) + (patches (search-patches "linphone-desktop-without-sdk.patch")))) (build-system qt-build-system) + (outputs '("out" "debug")) (arguments `(#:tests? #f ; No test target + #:configure-flags (list "-DENABLE_UPDATE_CHECK=NO" + "-DENABLE_DAEMON=YES" + "-DENABLE_CONSOLE_UI=YES") #:phases (modify-phases %standard-phases - (add-after 'unpack 'fix-cmake-error - (lambda _ - ;; This is fixed in commit efed2fd8 of the master branch. - (substitute* "CMakeLists.txt" - (("js)\\$\"") - "js$\"")) - #t)) - (add-after 'unpack 'set-version-string + (add-after 'unpack 'pre-configure (lambda _ - (substitute* "src/app/AppController.cpp" - (("LINPHONE_QT_GIT_VERSION") - (format #f "~s" ,version))) - #t)) - (add-after 'install 'extend-shared-resources - ;; Not using the FHS exposes an issue where the client refers to - ;; its own "share" directory, which lacks sound files installed by - ;; liblinphone. + (make-file-writable "linphone-app/linphoneqt_version.cmake") + (substitute* "linphone-app/linphoneqt_version.cmake" + (("\\$\\{GUIX-SET-VERSION\\}") ,version)))) + (add-after 'install 'post-install (lambda* (#:key inputs outputs #:allow-other-keys) - (let ((liblinphone (assoc-ref inputs "linphone")) - (out (assoc-ref outputs "out"))) + (let* ((out (assoc-ref outputs "out")) + (liblinphone (assoc-ref inputs "liblinphone")) + (grammar-dest (string-append out "/share/belr/grammars"))) + ;; Remove unnecessary Qt configuration file. + (delete-file (string-append out "/bin/qt.conf")) + ;; Not using the FHS exposes an issue where the client + ;; refers to its own "share" directory, which lacks files + ;; installed by the dependencies. (symlink (string-append liblinphone "/share/sounds") (string-append out "/share/sounds")) - #t)))))) + (mkdir-p (dirname grammar-dest)) + (symlink (string-append liblinphone "/share/belr/grammars") + grammar-dest))))))) (native-inputs - `(("qttools" ,qttools))) + `(("pkg-config" ,pkg-config) + ("qttools" ,qttools))) (inputs `(("bctoolbox" ,bctoolbox) ("belcard" ,belcard) - ("bellesip" ,belle-sip) - ("linphone" ,liblinphone) + ("belr" ,belr) + ("liblinphone" ,liblinphone) ("mediastreamer2" ,mediastreamer2) + ("ortp" ,ortp) ("qtbase" ,qtbase) ("qtdeclarative" ,qtdeclarative) ("qtgraphicaleffects" ,qtgraphicaleffects) @@ -875,8 +880,11 @@ and video calls or instant messaging capabilities to an application.") @item Audio codecs: opus, speex, g711, g729, gsm, iLBC, g722, SILK, etc. @item Video codecs: VP8, H.264 and H.265 with resolutions up to 1080P, MPEG4 @end itemize") - (home-page "https://gitlab.linphone.org/BC/public/linphone-desktop") - (license license:gpl2+))) + (home-page "https://linphone.org/technical-corner/linphone") + (license license:gpl3+))) + +(define-public linphoneqt + (deprecated-package "linphoneqt" linphone-desktop)) (define-public msopenh264 (package diff --git a/gnu/packages/patches/linphone-desktop-without-sdk.patch b/gnu/packages/patches/linphone-desktop-without-sdk.patch new file mode 100644 index 0000000000..63e9808bf4 --- /dev/null +++ b/gnu/packages/patches/linphone-desktop-without-sdk.patch @@ -0,0 +1,235 @@ +From cfdf6d1c2051d6a20d0cbb94d81fe398f70dea4d Mon Sep 17 00:00:00 2001 +From: Raghav Gururajan +Date: Sun, 21 Mar 2021 21:13:53 -0400 +Subject: [PATCH] [PATCH]: Fix building from git. + +--- + CMakeLists.txt | 73 +------------------ + linphone-app/CMakeLists.txt | 12 +-- + .../cmake_builder/additional_steps.cmake | 2 +- + .../linphone_package/CMakeLists.txt | 38 ---------- + linphone-app/linphoneqt_version.cmake | 1 + + linphone-app/src/config.h.cmake | 1 + + 6 files changed, 6 insertions(+), 121 deletions(-) + create mode 100644 linphone-app/linphoneqt_version.cmake + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index f7eb05f2..3e853bdd 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -48,16 +48,6 @@ project(linphoneqt) + include(GNUInstallDirs) + include(CheckCXXCompilerFlag) + +-# Prepare gobal CMAKE configuration specific to the current project +-set(SDK_BUILD_DIR "${CMAKE_BINARY_DIR}/WORK") # SDK build in WORK. Keep all in it. +-set(LINPHONE_OUTPUT_DIR "${CMAKE_BINARY_DIR}/linphone-sdk/desktop") +- +-set(APPLICATION_OUTPUT_DIR "${CMAKE_BINARY_DIR}/OUTPUT") +- +-set(CMAKE_PREFIX_PATH "${LINPHONE_OUTPUT_DIR};${APPLICATION_OUTPUT_DIR}${PREFIX_PATH}") +-string(REPLACE ";" "|" PREFIX_PATH "${CMAKE_PREFIX_PATH}") +-#set(PREFIX_PATH "${LINPHONE_OUTPUT_DIR}|${APPLICATION_OUTPUT_DIR}${PREFIX_PATH}") +- + # Avoid cmake warning if CMP0071 is not set. + if (POLICY CMP0071) + cmake_policy(SET CMP0071 NEW) +@@ -116,9 +106,6 @@ if(ENABLE_V4L) + endif() + list(APPEND APP_OPTIONS "-DENABLE_RELATIVE_PREFIX=${ENABLE_RELATIVE_PREFIX}") + +-list(APPEND APP_OPTIONS "-DLINPHONE_OUTPUT_DIR=${LINPHONE_OUTPUT_DIR}") +- +-include(ExternalProject) + set(PROJECT_BUILD_COMMAND "") + if(CMAKE_BUILD_PARALLEL_LEVEL) + list(APPEND APP_OPTIONS "-DCMAKE_BUILD_PARALLEL_LEVEL=${CMAKE_BUILD_PARALLEL_LEVEL}") +@@ -133,32 +120,10 @@ if(CMAKE_VERBOSE_MAKEFILE) + endif() + endif() + if(UNIX AND NOT APPLE) +- set(CMAKE_INSTALL_RPATH "$ORIGIN:$ORIGIN/lib64:$ORIGIN/../lib64:$ORIGIN/lib:$ORIGIN/../lib:${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_LIBDIR}") + list(APPEND APP_OPTIONS "-DCMAKE_INSTALL_RPATH=${CMAKE_INSTALL_RPATH}") + endif() +-ExternalProject_Add(sdk PREFIX "${CMAKE_BINARY_DIR}/sdk" +- SOURCE_DIR "${CMAKE_SOURCE_DIR}/linphone-sdk" +- INSTALL_DIR "${LINPHONE_OUTPUT_DIR}" +- STAMP_DIR "${SDK_BUILD_DIR}/stamp" +- BINARY_DIR "${SDK_BUILD_DIR}" +- STEP_TARGETS build +- BUILD_COMMAND ${CMAKE_COMMAND} --build --config $ ${PROJECT_BUILD_COMMAND} +- INSTALL_COMMAND ${CMAKE_COMMAND} -E echo "Install step is already done at build time." +- LIST_SEPARATOR | # Use the alternate list separator +- CMAKE_ARGS ${APP_OPTIONS} ${USER_ARGS} -DCMAKE_INSTALL_PREFIX:PATH= -DCMAKE_PREFIX_PATH=${PREFIX_PATH} +- #BUILD_ALWAYS NO #${DO_BUILD} +-) +-ExternalProject_Add_Step(sdk force_build +- COMMENT "Forcing build for 'desktop'" +- DEPENDEES configure +- DEPENDERS build +- ALWAYS 1 +-) + include(FindPkgConfig) + +-set(APP_DEPENDS sdk) +- +- + find_package(Qt5 5.12 COMPONENTS Core REQUIRED) + + if ( NOT Qt5_FOUND ) +@@ -173,39 +138,5 @@ find_package(Mediastreamer2 CONFIG QUIET) + find_package(ortp CONFIG QUIET) + + +-if(NOT (LinphoneCxx_FOUND) OR NOT (Linphone_FOUND) OR NOT (bctoolbox_FOUND) OR NOT (belcard_FOUND) OR NOT (Mediastreamer2_FOUND) OR NOT (ortp_FOUND) OR FORCE_APP_EXTERNAL_PROJECTS) +- message("Projects are set as External projects. You can start building them by using for example : cmake --build . --target install") +- ExternalProject_Add(linphone-qt PREFIX "${CMAKE_BINARY_DIR}/linphone-app" +- SOURCE_DIR "${CMAKE_SOURCE_DIR}/linphone-app" +- INSTALL_DIR "${APPLICATION_OUTPUT_DIR}" +- BINARY_DIR "${CMAKE_BINARY_DIR}/linphone-app" +- DEPENDS ${APP_DEPENDS} +- BUILD_COMMAND ${CMAKE_COMMAND} --build --config $ ${PROJECT_BUILD_COMMAND} +- INSTALL_COMMAND ${CMAKE_COMMAND} -E echo "Install step will not be done by external project" +- LIST_SEPARATOR | # Use the alternate list separator +- CMAKE_ARGS ${APP_OPTIONS} ${USER_ARGS} -DCMAKE_INSTALL_PREFIX:PATH= -DCMAKE_PREFIX_PATH=${PREFIX_PATH} +- # ${APP_OPTIONS} +- BUILD_ALWAYS ON +- ) +- install(CODE "message(STATUS Running install)") +- set(AUTO_REGENERATION auto_regeneration) +- add_custom_target(${AUTO_REGENERATION} ALL +- COMMAND ${CMAKE_COMMAND} ${CMAKE_CURRENT_SOURCE_DIR} +- DEPENDS linphone-qt) +-else() +- message("Adding Linphone Desktop in an IDE-friendly state") +- set(CMAKE_INSTALL_PREFIX "${APPLICATION_OUTPUT_DIR}") +- add_subdirectory(${CMAKE_SOURCE_DIR}/linphone-app) +- add_dependencies(app-library ${APP_DEPENDS}) +-endif() +-ExternalProject_Add(linphone-qt-only PREFIX "${CMAKE_BINARY_DIR}/linphone-app" +- SOURCE_DIR "${CMAKE_SOURCE_DIR}/linphone-app" +- INSTALL_DIR "${APPLICATION_OUTPUT_DIR}" +- BINARY_DIR "${CMAKE_BINARY_DIR}/linphone-app" +- BUILD_COMMAND ${CMAKE_COMMAND} --build --config $ ${PROJECT_BUILD_COMMAND} +-# INSTALL_COMMAND ${CMAKE_COMMAND} -E echo "Install step is already done at build time." +- LIST_SEPARATOR | # Use the alternate list separator +- CMAKE_ARGS ${APP_OPTIONS} ${USER_ARGS} -DCMAKE_INSTALL_PREFIX:PATH= -DCMAKE_PREFIX_PATH=${PREFIX_PATH} +- EXCLUDE_FROM_ALL ON +- BUILD_ALWAYS ON +-) ++message("Adding Linphone Desktop in an IDE-friendly state") ++add_subdirectory(${CMAKE_SOURCE_DIR}/linphone-app) +diff --git a/linphone-app/CMakeLists.txt b/linphone-app/CMakeLists.txt +index 3bc9420a..5267cd4a 100644 +--- a/linphone-app/CMakeLists.txt ++++ b/linphone-app/CMakeLists.txt +@@ -21,17 +21,8 @@ + ################################################################################ + cmake_minimum_required(VERSION 3.1) + ++include(linphoneqt_version.cmake) + find_package(bctoolbox CONFIG) +-set(FULL_VERSION ) +-bc_compute_full_version(FULL_VERSION) +-set(version_major ) +-set(version_minor ) +-set(version_patch ) +-set(identifiers ) +-set(metadata ) +-bc_parse_full_version("${FULL_VERSION}" version_major version_minor version_patch identifiers metadata) +- +-project(linphoneqt VERSION "${version_major}.${version_minor}.${version_patch}") + + if(ENABLE_BUILD_VERBOSE) + #message("CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH}") +@@ -49,7 +40,6 @@ if(UNIX AND NOT APPLE) + set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) + endif() + list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/../cmake") +-list(APPEND CMAKE_MODULE_PATH "${LINPHONE_OUTPUT_DIR}/cmake") + + set(APP_LIBRARY app-library) + include(application_info.cmake) +diff --git a/linphone-app/cmake_builder/additional_steps.cmake b/linphone-app/cmake_builder/additional_steps.cmake +index 7f7fd573..48e3c716 100644 +--- a/linphone-app/cmake_builder/additional_steps.cmake ++++ b/linphone-app/cmake_builder/additional_steps.cmake +@@ -61,7 +61,7 @@ if (ENABLE_PACKAGING) + SOURCE_DIR "${CMAKE_CURRENT_LIST_DIR}/linphone_package" + DOWNLOAD_COMMAND "" + CMAKE_GENERATOR ${CMAKE_GENERATOR} +- CMAKE_ARGS ${LINPHONE_BUILDER_EP_ARGS} -DCMAKE_INSTALL_PREFIX=${LINPHONE_BUILDER_WORK_DIR}/PACKAGE -DTOOLS_DIR=${CMAKE_BINARY_DIR}/programs -DLINPHONE_OUTPUT_DIR=${CMAKE_INSTALL_PREFIX} -DLINPHONE_DESKTOP_DIR=${CMAKE_CURRENT_LIST_DIR}/.. -DLINPHONE_SOURCE_DIR=${EP_linphone_SOURCE_DIR} ${ENABLE_VARIABLES} -DLINPHONE_BUILDER_SIGNING_IDENTITY=${LINPHONE_BUILDER_SIGNING_IDENTITY} ++ CMAKE_ARGS ${LINPHONE_BUILDER_EP_ARGS} -DCMAKE_INSTALL_PREFIX=${LINPHONE_BUILDER_WORK_DIR}/PACKAGE -DTOOLS_DIR=${CMAKE_BINARY_DIR}/programs -DLINPHONE_DESKTOP_DIR=${CMAKE_CURRENT_LIST_DIR}/.. -DLINPHONE_SOURCE_DIR=${EP_linphone_SOURCE_DIR} ${ENABLE_VARIABLES} -DLINPHONE_BUILDER_SIGNING_IDENTITY=${LINPHONE_BUILDER_SIGNING_IDENTITY} + ) + endif () + endif () +diff --git a/linphone-app/cmake_builder/linphone_package/CMakeLists.txt b/linphone-app/cmake_builder/linphone_package/CMakeLists.txt +index baea03cf..d06dcb74 100644 +--- a/linphone-app/cmake_builder/linphone_package/CMakeLists.txt ++++ b/linphone-app/cmake_builder/linphone_package/CMakeLists.txt +@@ -200,44 +200,6 @@ elseif (APPLE) + endif () + # install(DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}/${APPLICATION_NAME}.app" DESTINATION "." USE_SOURCE_PERMISSIONS) + else()# Not Windows and Apple +- foreach (LIBRARY ${SHARED_LIBRARIES}) +- get_filename_component(LIBRARY_FILENAME ${LIBRARY} NAME) +- message("Changing RPATH of ${LIBRARY_FILENAME} from '${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_LIBDIR}' to '$ORIGIN/../${CMAKE_INSTALL_LIBDIR}'") +- execute_process(COMMAND install_name_tool -rpath "${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_LIBDIR}" "$ORIGIN/../lib" "${LIBRARY}") +- execute_process(COMMAND install_name_tool -addrpath "$ORIGIN/../lib64" "${LIBRARY}") +- endforeach () +- install(DIRECTORY "${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_BINDIR}/" DESTINATION "${CMAKE_INSTALL_BINDIR}" USE_SOURCE_PERMISSIONS) +-#Just in case. This is useless because we have to use CMAKE_INSTALL_LIBDIR +- if( EXISTS "${LINPHONE_OUTPUT_DIR}/lib/") +- file(GLOB SHARED_LIBRARIES "${LINPHONE_OUTPUT_DIR}/lib/*.so*") +- if( ENABLE_OPENH264 )# Remove openH264 lib from the installation. this codec will be download by user +- foreach(item ${SHARED_LIBRARIES}) +- get_filename_component(LIBRARY_FILENAME ${item} NAME) +- if("${LIBRARY_FILENAME}" MATCHES "^libopenh264.*$") +- list(REMOVE_ITEM SHARED_LIBRARIES ${item}) +- endif() +- endforeach(item) +- endif() +- install(FILES ${SHARED_LIBRARIES} DESTINATION "lib") +- endif() +- if( EXISTS "${LINPHONE_OUTPUT_DIR}/lib64/") +- file(GLOB SHARED_LIBRARIES "${LINPHONE_OUTPUT_DIR}/lib64/*.so*") +- if( ENABLE_OPENH264 )# Remove openH264 lib from the installation. this codec will be download by user +- foreach(item ${SHARED_LIBRARIES}) +- get_filename_component(LIBRARY_FILENAME ${item} NAME) +- if("${LIBRARY_FILENAME}" MATCHES "^libopenh264.*$") +- list(REMOVE_ITEM SHARED_LIBRARIES ${item}) +- endif() +- endforeach(item) +- endif() +- install(FILES ${SHARED_LIBRARIES} DESTINATION "lib64") +- endif() +- install(DIRECTORY "${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_DATAROOTDIR}/" DESTINATION "${CMAKE_INSTALL_DATAROOTDIR}" USE_SOURCE_PERMISSIONS) +- if(ENABLE_BUILD_VERBOSE) +- message("INSTALLATION : ${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_DATAROOTDIR}/" ) +- endif() +- file(GLOB PLUGINS_FILES "${LINPHONE_OUTPUT_DIR}/${CMAKE_INSTALL_LIBDIR}/mediastreamer/plugins/*") +- install(FILES ${PLUGINS_FILES} DESTINATION "plugins/mediastreamer/" ) + # Install desktop/icon files. + configure_file("${CMAKE_CURRENT_SOURCE_DIR}/../../assets/linphone.desktop.cmake" "${CMAKE_CURRENT_BINARY_DIR}/../../${EXECUTABLE_NAME}.desktop" @ONLY) + install(FILES "${CMAKE_CURRENT_BINARY_DIR}/../../${EXECUTABLE_NAME}.desktop" DESTINATION "${CMAKE_INSTALL_DATADIR}/applications") +diff --git a/linphone-app/linphoneqt_version.cmake b/linphone-app/linphoneqt_version.cmake +new file mode 100644 +index 00000000..a85d3455 +--- /dev/null ++++ b/linphone-app/linphoneqt_version.cmake +@@ -0,0 +1 @@ ++project(linphoneqt VERSION ${GUIX-SET-VERSION}) +\ No newline at end of file +diff --git a/linphone-app/src/config.h.cmake b/linphone-app/src/config.h.cmake +index 093539e0..5a238c70 100644 +--- a/linphone-app/src/config.h.cmake ++++ b/linphone-app/src/config.h.cmake +@@ -28,3 +28,4 @@ + #cmakedefine ENABLE_UPDATE_CHECK 1 + #cmakedefine EXECUTABLE_NAME "${EXECUTABLE_NAME}" + #cmakedefine MSPLUGINS_DIR "${MSPLUGINS_DIR}" ++#define LINPHONE_QT_GIT_VERSION "${PROJECT_VERSION}" +\ No newline at end of file +-- +2.31.0 + diff --git a/gnu/packages/patches/linphoneqt-tabbutton.patch b/gnu/packages/patches/linphoneqt-tabbutton.patch deleted file mode 100644 index 6b3214026e..0000000000 --- a/gnu/packages/patches/linphoneqt-tabbutton.patch +++ /dev/null @@ -1,96 +0,0 @@ -From ecaab0f73d0b74bbfbf150286305fa6e12970037 Mon Sep 17 00:00:00 2001 -From: Ronan Abhamon -Date: Fri, 19 Jan 2018 14:42:01 +0100 -Subject: [PATCH] fix(SettingsWindow): rename icon property of TabButton to - iconName (issue with Qt 5.10 and new icon property) - ---- - ui/modules/Common/Form/Tab/TabButton.qml | 8 ++++---- - ui/views/App/Settings/SettingsWindow.qml | 14 +++++++------- - 2 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/ui/modules/Common/Form/Tab/TabButton.qml b/ui/modules/Common/Form/Tab/TabButton.qml -index ad220ab2..a47bb20b 100644 ---- a/ui/modules/Common/Form/Tab/TabButton.qml -+++ b/ui/modules/Common/Form/Tab/TabButton.qml -@@ -12,8 +12,8 @@ Controls.TabButton { - - // --------------------------------------------------------------------------- - -- property string icon - property int iconSize: TabButtonStyle.icon.size -+ property string iconName - - readonly property bool _isSelected: parent.parent.currentItem === button - -@@ -66,9 +66,9 @@ Controls.TabButton { - Layout.leftMargin: TabButtonStyle.text.leftPadding - - icon: { -- var icon = button.icon -- return icon.length -- ? (icon + '_' + (button._isSelected ? 'selected' : 'normal')) -+ var iconName = button.iconName -+ return iconName.length -+ ? (iconName + '_' + (button._isSelected ? 'selected' : 'normal')) - : '' - } - iconSize: button.iconSize -diff --git a/ui/views/App/Settings/SettingsWindow.qml b/ui/views/App/Settings/SettingsWindow.qml -index b8f5a80f..58909544 100644 ---- a/ui/views/App/Settings/SettingsWindow.qml -+++ b/ui/views/App/Settings/SettingsWindow.qml -@@ -48,43 +48,43 @@ ApplicationWindow { - id: tabBar - - TabButton { -- icon: 'settings_sip_accounts' -+ iconName: 'settings_sip_accounts' - text: qsTr('sipAccountsTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_audio' -+ iconName: 'settings_audio' - text: qsTr('audioTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_video' -+ iconName: 'settings_video' - text: qsTr('videoTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_call' -+ iconName: 'settings_call' - text: qsTr('callsAndChatTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_network' -+ iconName: 'settings_network' - text: qsTr('networkTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_advanced' -+ iconName: 'settings_advanced' - text: qsTr('uiTab') - width: implicitWidth - } - - TabButton { -- icon: 'settings_advanced' -+ iconName: 'settings_advanced' - text: qsTr('uiAdvanced') - width: implicitWidth - } --- -2.21.0 - -- cgit v1.2.3 From 9feef62b73e284e106717a386624d6da90750a3d Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Tue, 30 Mar 2021 02:10:19 +0200 Subject: gnu: zstd: Downgrade to 1.4.4 and make security graft saner. * gnu/packages/patches/zstd-CVE-2021-24031_CVE-2021-24032.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/compression.scm (zstd-1.4.9): Remove. (zstd/fixed): New variable. Apply patch. (zstd)[replacement]: Graft with zstd/fixed. --- gnu/local.mk | 1 + gnu/packages/compression.scm | 19 +++--- .../zstd-CVE-2021-24031_CVE-2021-24032.patch | 68 ++++++++++++++++++++++ 3 files changed, 76 insertions(+), 12 deletions(-) create mode 100644 gnu/packages/patches/zstd-CVE-2021-24031_CVE-2021-24032.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 40732ca696..deb4ddcede 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1824,6 +1824,7 @@ dist_patch_DATA = \ %D%/packages/patches/yggdrasil-extra-config.patch \ %D%/packages/patches/ytnef-CVE-2021-3403.patch \ %D%/packages/patches/ytnef-CVE-2021-3404.patch \ + %D%/packages/patches/zstd-CVE-2021-24031_CVE-2021-24032.patch \ %D%/packages/patches/zziplib-CVE-2018-16548.patch MISC_DISTRO_FILES = \ diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index ef73e6038b..5ed4b4ce98 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -1409,7 +1409,7 @@ or junctions, and always follows hard links.") "v" version "/zstd-" version ".tar.gz")) (sha256 (base32 "05ckxap00qvc0j51d3ci38150cxsw82w7s9zgd5fgzspnzmp1vsr")))) - (replacement zstd-1.4.9) + (replacement zstd/fixed) (build-system gnu-build-system) (outputs '("out" ;1.2MiB executables and documentation "lib" ;1.2MiB shared library and headers @@ -1469,21 +1469,16 @@ speed.") license:public-domain ; zlibWrapper/examples/fitblk* license:zlib)))) ; zlibWrapper/{gz*.c,gzguts.h} -(define-public zstd-1.4.9 +(define zstd/fixed (package (inherit zstd) - (name "zstd") - (version "1.4.9") (source (origin - (method url-fetch) - (uri (string-append "https://github.com/facebook/zstd/releases/download/" - "v" version "/zstd-" version ".tar.gz")) - (sha256 - (base32 "14yj7309gsvg39rki4xqnd6w5idmqi0655v1fc0mk1m2kvhp9b19")))) - (arguments - (substitute-keyword-arguments (package-arguments zstd) - ((#:tests? _ #t) #f))))) + (inherit (package-source zstd)) + (patches + (search-patches + ;; From Ubuntu focal-security + "zstd-CVE-2021-24031_CVE-2021-24032.patch")))))) (define-public pzstd (package/inherit zstd diff --git a/gnu/packages/patches/zstd-CVE-2021-24031_CVE-2021-24032.patch b/gnu/packages/patches/zstd-CVE-2021-24031_CVE-2021-24032.patch new file mode 100644 index 0000000000..48b5eb18eb --- /dev/null +++ b/gnu/packages/patches/zstd-CVE-2021-24031_CVE-2021-24032.patch @@ -0,0 +1,68 @@ +Description: fix race condition allowing attackers to access destination file + This commit addresses https://github.com/facebook/zstd/issues/2491. + . + Note that a downside of this solution is that it is global: `umask()` affects + all file creation calls in the process. I believe this is safe since + `fileio.c` functions should only ever be used in the zstd binary, and these + are (almost) the only files ever created by zstd, and AIUI they're only + created in a single thread. So we can get away with messing with global state. + . + Note that this doesn't change the permissions of files created by `dibio.c`. + I'm not sure what those should be... +Author: W. Felix Handte +Origin: upstream +Bug: https://github.com/facebook/zstd/issues/2491 +Bug-Debian: https://github.com/facebook/zstd/issues/2491 +Applied-Upstream: commit:a774c5797399040af62db21d8a9b9769e005430e +Reviewed-by: Étienne Mollier +Last-Update: 2021-03-03 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/programs/fileio.c ++++ b/programs/fileio.c +@@ -606,11 +606,11 @@ FIO_openDstFile(FIO_prefs_t* const prefs + FIO_remove(dstFileName); + } } + +- { FILE* const f = fopen( dstFileName, "wb" ); ++ { const int old_umask = UTIL_umask(0177); /* u-x,go-rwx */ ++ FILE* const f = fopen( dstFileName, "wb" ); ++ UTIL_umask(old_umask); + if (f == NULL) { + DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno)); +- } else if(srcFileName != NULL && strcmp (srcFileName, stdinmark)) { +- chmod(dstFileName, 00600); + } + return f; + } +--- a/programs/util.c ++++ b/programs/util.c +@@ -54,6 +54,15 @@ int UTIL_getFileStat(const char* infilen + return 1; + } + ++int UTIL_umask(int mode) { ++#if PLATFORM_POSIX_VERSION > 0 ++ return umask(mode); ++#else ++ /* do nothing, fake return value */ ++ return mode; ++#endif ++} ++ + int UTIL_setFileStat(const char *filename, stat_t *statbuf) + { + int res = 0; +--- a/programs/util.h ++++ b/programs/util.h +@@ -136,6 +136,10 @@ int UTIL_isSameFile(const char* file1, c + int UTIL_compareStr(const void *p1, const void *p2); + int UTIL_isCompressedFile(const char* infilename, const char *extensionList[]); + const char* UTIL_getFileExtension(const char* infilename); ++/** ++ * Wraps umask(). Does nothing when the platform doesn't have that concept. ++ */ ++int UTIL_umask(int mode); + + #ifndef _MSC_VER + U32 UTIL_isFIFO(const char* infilename); -- cgit v1.2.3 From 383b02a370252c08eb1d43ac94d659c1d3993a35 Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Sat, 20 Mar 2021 21:31:22 +0000 Subject: gnu: libvirt: Update to 7.1.0. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/virtualization.scm (libvirt): Update to 7.1.0. [source]: Remove libvirt-create-machine-cgroup.patch, add libvirt-do-not-create-var-dirs.patch. [build-system]: Switch to meson-build-system. [arguments]: Use meson-0.55. Adapt #:configure-flags for meson, there is no need for --docdir anymore. Remove fix-BOURNE_SHELL-definition phase. Add fix-sysconfdir-and-localstatedir phase. Adapt disable-broken-tests to meson. [native-inputs]: Add python-docutils and rpcsvc-proto. * gnu/packages/patches/libvirt-create-machine-cgroup.patch: Delete. * gnu/packages/patches/libvirt-do-not-create-var-dirs.patch: New patch. * gnu/local.mk (dist_patch_DATA): Add new patch, remove the other. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 2 +- .../patches/libvirt-create-machine-cgroup.patch | 48 ------------- .../patches/libvirt-do-not-create-var-dirs.patch | 30 +++++++++ gnu/packages/virtualization.scm | 78 +++++++++------------- 4 files changed, 64 insertions(+), 94 deletions(-) delete mode 100644 gnu/packages/patches/libvirt-create-machine-cgroup.patch create mode 100644 gnu/packages/patches/libvirt-do-not-create-var-dirs.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index deb4ddcede..d8c548b0eb 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1262,7 +1262,7 @@ dist_patch_DATA = \ %D%/packages/patches/kdbusaddons-kinit-file-name.patch \ %D%/packages/patches/libffi-3.3-powerpc-fixes.patch \ %D%/packages/patches/libffi-float128-powerpc64le.patch \ - %D%/packages/patches/libvirt-create-machine-cgroup.patch \ + %D%/packages/patches/libvirt-do-not-create-var-dirs.patch \ %D%/packages/patches/libziparchive-add-includes.patch \ %D%/packages/patches/localed-xorg-keyboard.patch \ %D%/packages/patches/kdiagram-Fix-missing-link-libraries.patch \ diff --git a/gnu/packages/patches/libvirt-create-machine-cgroup.patch b/gnu/packages/patches/libvirt-create-machine-cgroup.patch deleted file mode 100644 index 585ac237e1..0000000000 --- a/gnu/packages/patches/libvirt-create-machine-cgroup.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 9ca0b2955edea162b255b428e493cd8ffac52167 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?= - -Date: Fri, 1 Nov 2019 17:29:00 +0100 -Subject: [PATCH] vircgroup: Ensure /machine group is associated with its - parent. - -Call first virCgroupNew on the parent group virCgroupNewPartition if -it is available on before the creation of the child group. This -ensures that the creation of a first level group on the unified -architecture, as the check at virCgroupV2ParseControllersFile as the -parent file is there. - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1760233 ---- - src/util/vircgroup.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c -index b46f20abfd..33c61f2d45 100644 ---- a/src/util/vircgroup.c -+++ b/src/util/vircgroup.c -@@ -855,9 +855,6 @@ virCgroupNewPartition(const char *path, - if (virCgroupSetPartitionSuffix(path, &newPath) < 0) - goto cleanup; - -- if (virCgroupNew(-1, newPath, NULL, controllers, group) < 0) -- goto cleanup; -- - if (STRNEQ(newPath, "/")) { - char *tmp; - parentPath = g_strdup(newPath); -@@ -868,7 +865,12 @@ virCgroupNewPartition(const char *path, - - if (virCgroupNew(-1, parentPath, NULL, controllers, &parent) < 0) - goto cleanup; -+ } - -+ if (virCgroupNew(-1, newPath, parent, controllers, group) < 0) -+ goto cleanup; -+ -+ if (parent) { - if (virCgroupMakeGroup(parent, *group, create, VIR_CGROUP_NONE) < 0) - goto cleanup; - } --- -2.23.0 - diff --git a/gnu/packages/patches/libvirt-do-not-create-var-dirs.patch b/gnu/packages/patches/libvirt-do-not-create-var-dirs.patch new file mode 100644 index 0000000000..6b89d49fd4 --- /dev/null +++ b/gnu/packages/patches/libvirt-do-not-create-var-dirs.patch @@ -0,0 +1,30 @@ +We define localstatedir as /var, and so we shouldn't be installing empty +directories there. + +diff --git a/src/meson.build b/src/meson.build +index f13b85b74e..58040f2c5d 100644 +--- a/src/meson.build ++++ b/src/meson.build +@@ -893,22 +893,6 @@ if conf.has('WITH_DTRACE_PROBES') + ) + endif + +- +-# Install empty directories +- +-virt_install_dirs += [ +- localstatedir / 'cache' / 'libvirt', +- localstatedir / 'lib' / 'libvirt' / 'images', +- localstatedir / 'lib' / 'libvirt' / 'filesystems', +- localstatedir / 'lib' / 'libvirt' / 'boot', +-] +- +-meson.add_install_script( +- meson_python_prog.path(), python3_prog.path(), meson_install_dirs_prog.path(), +- virt_install_dirs, +-) +- +- + # Check driver files + + if host_machine.system() == 'linux' diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index c6929b9f1a..7a34f8db1f 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -18,6 +18,7 @@ ;;; Copyright © 2020, 2021 Maxim Cournoyer ;;; Copyright © 2020 Brett Gilio ;;; Copyright © 2021 Leo Famulari +;;; Copyright © 2021 Pierre Langlois ;;; ;;; This file is part of GNU Guix. ;;; @@ -1065,64 +1066,49 @@ manage system or application containers.") (define-public libvirt (package (name "libvirt") - (version "5.8.0") + (version "7.1.0") (source (origin (method url-fetch) (uri (string-append "https://libvirt.org/sources/libvirt-" version ".tar.xz")) (sha256 - (base32 "0m8cqaqflvys5kaqpvb0qr4k365j09jc5xk6x70yvg8qkcl2hcz2")) + (base32 "0v50ckf56h6jd9bmqwp0lh2cmb7qqjmcb6y3mz2i2r15h06ih3w7")) (patches - (search-patches "libvirt-create-machine-cgroup.patch")))) - (build-system gnu-build-system) + (search-patches "libvirt-do-not-create-var-dirs.patch")))) + (build-system meson-build-system) (arguments - `(#:configure-flags - (list "--with-qemu" - "--with-qemu-user=nobody" - "--with-qemu-group=kvm" - "--with-polkit" - (string-append "--docdir=" (assoc-ref %outputs "out") "/share/doc/" - ,name "-" ,version) - "--sysconfdir=/etc" - "--localstatedir=/var") + `(#:meson ,meson-0.55 ;; libvirt requires meson 0.54 or higher. + #:configure-flags + (list "-Ddriver_qemu=enabled" + "-Dqemu_user=nobody" + "-Dqemu_group=kvm" + "-Dpolkit=enabled") #:phases (modify-phases %standard-phases - (add-before 'configure 'fix-BOURNE_SHELL-definition - ;; BOURNE_SHELL is hard-#defined to ‘/bin/sh’, causing test failures. + (add-after 'unpack 'fix-sysconfdir-and-localstatedir (lambda _ - (substitute* "config.h.in" - (("/bin/sh") (which "sh"))) - #t)) - (add-before 'configure 'patch-libtirpc-file-names - (lambda* (#:key inputs #:allow-other-keys) - ;; libvirt uses an m4 macro instead of pkg-config to determine where - ;; the RPC headers are located. Tell it to look in the right place. - (substitute* "configure" - (("/usr/include/tirpc") ;defined in m4/virt-xdr.m4 - (string-append (assoc-ref inputs "libtirpc") - "/include/tirpc"))) + (substitute* "meson.build" + ;; We set the prefix to be the package output, but we need + ;; localstatedir to be /var. Sadly the build system doesn't + ;; seem to allow that easily. + (("localstatedir = prefix / get_option\\('localstatedir'\\)") + "localstatedir = get_option('localstatedir')") + ;; On the other hand, we keep sysconfdir using the prefix so + ;; that we install configuration files in the package output. + ;; However, we need to make sure the C code refers to /etc via + ;; SYSCONFDIR, and not the read-only configuration in the + ;; package output. + (("set_quoted\\('SYSCONFDIR', sysconfdir\\)") + "set_quoted('SYSCONFDIR', '/etc')")) #t)) (add-before 'configure 'disable-broken-tests (lambda _ - (let ((tests (list "commandtest" ; hangs idly - "qemuxml2argvtest" ; fails - "qemuhotplugtest" ; fails - "virnetsockettest" ; tries to network - "virshtest"))) ; fails - (substitute* "tests/Makefile.in" - (((format #f "(~a)\\$\\(EXEEXT\\)" (string-join tests "|"))) - "")) - #t))) - (replace 'install - ;; Since the sysconfdir and localstatedir should be /etc and /var - ;; at runtime, we must prevent writing to them at installation - ;; time. - (lambda* (#:key make-flags #:allow-other-keys) - (apply invoke "make" "install" - "sysconfdir=/tmp/etc" - "localstatedir=/tmp/var" - make-flags)))))) + (substitute* "tests/meson.build" + (("\\{ 'name': 'commandtest'.*") "") ; hangs idly + (("\\{ 'name': 'qemuxml2argvtest'.*") "") ; fails + (("\\{ 'name': 'virnetsockettest'.*") "")) ; tries to network + #t))))) (inputs `(("libxml2" ,libxml2) ("eudev" ,eudev) @@ -1149,7 +1135,9 @@ manage system or application containers.") ("perl" ,perl) ("pkg-config" ,pkg-config) ("polkit" ,polkit) - ("python" ,python-wrapper))) + ("python" ,python-wrapper) + ("python-docutils" ,python-docutils) ;for rst2html + ("rpcsvc-proto" ,rpcsvc-proto))) ;for 'rpcgen' (home-page "https://libvirt.org") (synopsis "Simple API for virtualization") (description "Libvirt is a C toolkit to interact with the virtualization -- cgit v1.2.3 From 94c77c9a0f7a1a4d7665d8fe566547016d2588d9 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Wed, 31 Mar 2021 22:01:21 +0200 Subject: gnu: gimp: Ship a copy of the gegl patch. As Ludo' rightly points out, GitHub's patches are probably as stable as their tarballs. * gnu/packages/gimp.scm (gimp)[source]: Use SEARCH-PATCHES instead of an origin. * gnu/packages/patches/gimp-make-gegl-introspect-optional.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/gimp.scm | 12 +----- .../gimp-make-gegl-introspect-optional.patch | 43 ++++++++++++++++++++++ 3 files changed, 45 insertions(+), 11 deletions(-) create mode 100644 gnu/packages/patches/gimp-make-gegl-introspect-optional.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index d8c548b0eb..3eeae5e96a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1082,6 +1082,7 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-no-header-uuid.patch \ %D%/packages/patches/ghostscript-no-header-creationdate.patch \ + %D%/packages/patches/gimp-make-gegl-introspect-optional.patch \ %D%/packages/patches/glib-appinfo-watch.patch \ %D%/packages/patches/glib-tests-timer.patch \ %D%/packages/patches/glib-CVE-2021-27218.patch \ diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm index a0f6b7ca11..eee958171c 100644 --- a/gnu/packages/gimp.scm +++ b/gnu/packages/gimp.scm @@ -278,17 +278,7 @@ buffers.") "/gimp-" version ".tar.bz2")) (sha256 (base32 "1fqqyshakvdarf1jipk2n33ibqr23ni22z3d8srq13bpydblpf1d")) - (patches - (list (origin - ;; This upstream patch fixes a mandatory dependency on ‘dot’: - ;; . - (method url-fetch) - (uri (string-append "https://github.com/GNOME/gimp/commit/" - "2cae9b9acf9da98c4c9990819ffbd5aabe23017e" - ".patch")) - (sha256 - (base32 - "1xd5lmy1j9p6p1ka7dyj1b9jmfcra1r62rma07vzw2v4vig0khc0"))))))) + (patches (search-patches "gimp-make-gegl-introspect-optional.patch")))) (build-system gnu-build-system) (outputs '("out" "doc")) ; 9 MiB of gtk-doc HTML diff --git a/gnu/packages/patches/gimp-make-gegl-introspect-optional.patch b/gnu/packages/patches/gimp-make-gegl-introspect-optional.patch new file mode 100644 index 0000000000..4dd1ab74a8 --- /dev/null +++ b/gnu/packages/patches/gimp-make-gegl-introspect-optional.patch @@ -0,0 +1,43 @@ +From 2cae9b9acf9da98c4c9990819ffbd5aabe23017e Mon Sep 17 00:00:00 2001 +From: Jehan +Date: Mon, 14 Dec 2020 19:53:38 +0100 +Subject: [PATCH] app: make "gegl:introspect" an optional operation dependency. + +Check at runtime for the operation availability and set the "Show Image +Graph" action active depending on this check. + +This goes with discussions to make this operation optional with a +runtime check for the tool `dot`. +See: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/84 +--- + app/actions/debug-actions.c | 6 ++++++ + app/sanity.c | 1 - + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/app/actions/debug-actions.c b/app/actions/debug-actions.c +index 6be4422b228..22ca38b15ea 100644 +--- a/app/actions/debug-actions.c ++++ b/app/actions/debug-actions.c +@@ -103,4 +103,10 @@ void + debug_actions_update (GimpActionGroup *group, + gpointer data) + { ++#define SET_SENSITIVE(action,condition) \ ++ gimp_action_group_set_action_sensitive (group, action, (condition) != 0) ++ ++ SET_SENSITIVE ("debug-show-image-graph", gegl_has_operation ("gegl:introspect")); ++ ++#undef SET_SENSITIVE + } +diff --git a/app/sanity.c b/app/sanity.c +index 015801a396e..6374ac1ad20 100644 +--- a/app/sanity.c ++++ b/app/sanity.c +@@ -650,7 +650,6 @@ sanity_check_gegl_ops (void) + "gegl:hue-chroma", + "gegl:illusion", + "gegl:image-gradient", +- "gegl:introspect", + "gegl:invert-gamma", + "gegl:invert-linear", + "gegl:lens-blur", -- cgit v1.2.3 From b82cc0b90e271ef1cd1bd91f3f1ae729918eccd0 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 1 Apr 2021 13:00:52 +0300 Subject: gnu: qemu-for-american-fuzzy-lop: Fix build. * gnu/packages/debug.scm (qemu-for-american-fuzzy-lop)[source]: Add patch. * gnu/packages/patches/qemu-glibc-2.30.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + gnu/packages/debug.scm | 5 +-- gnu/packages/patches/qemu-glibc-2.30.patch | 57 ++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/qemu-glibc-2.30.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 3eeae5e96a..b037b397c3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1610,6 +1610,7 @@ dist_patch_DATA = \ %D%/packages/patches/qemu-build-info-manual.patch \ %D%/packages/patches/qemu-CVE-2021-20203.patch \ %D%/packages/patches/qemu-glibc-2.27.patch \ + %D%/packages/patches/qemu-glibc-2.30.patch \ %D%/packages/patches/qpdfview-qt515-compat.patch \ %D%/packages/patches/qrcodegen-cpp-make-install.patch \ %D%/packages/patches/qt4-ldflags.patch \ diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm index b3a000e6e3..f67f32a7f8 100644 --- a/gnu/packages/debug.scm +++ b/gnu/packages/debug.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014, 2015, 2016, 2017, 2019, 2020 Eric Bavier -;;; Copyright © 2016, 2017, 2018, 2020 Efraim Flashner +;;; Copyright © 2016, 2017, 2018, 2020, 2021 Efraim Flashner ;;; Copyright © 2018, 2020 Tobias Geerinckx-Rice ;;; Copyright © 2018, 2019 Rutger Helling ;;; Copyright © 2019 Pkill -9 @@ -269,7 +269,8 @@ down the road.") (base32 "17w21spvaxaidi2am5lpsln8yjpyp2zi3s3gc6nsxj5arlgamzgw")) (patches - (search-patches "qemu-glibc-2.27.patch")))) + (search-patches "qemu-glibc-2.27.patch" + "qemu-glibc-2.30.patch")))) (build-system gnu-build-system) (arguments `(;; Running tests in parallel can occasionally lead to failures, like: diff --git a/gnu/packages/patches/qemu-glibc-2.30.patch b/gnu/packages/patches/qemu-glibc-2.30.patch new file mode 100644 index 0000000000..1b74dee4ac --- /dev/null +++ b/gnu/packages/patches/qemu-glibc-2.30.patch @@ -0,0 +1,57 @@ +This patch was taken from NixOS +https://raw.githubusercontent.com/Mindavi/nixpkgs/1a737743a829746e48f4869ac517ff29c23c9d09/pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff +It is based on an unmerged patch against american-fuzzy-lop and was +never merged upstream because the author was unable to sign Google's CLA. +Based on https://github.com/google/AFL/commit/6c917e3d63a2a0685d58c3518524f9615b001893.patch + +--- qemu-2.10.0-clean/linux-user/syscall.c 2020-03-12 18:47:47.898592169 +0100 ++++ qemu-2.10.0/linux-user/syscall.c 2020-03-13 09:13:42.461809699 +0100 +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include // https://lkml.org/lkml/2019/6/3/988 + #include + #include + #ifdef __ia64__ +@@ -256,7 +257,9 @@ static type name (type1 arg1,type2 arg2, + #endif + + #ifdef __NR_gettid +-_syscall0(int, gettid) ++// taken from https://patchwork.kernel.org/patch/10862231/ ++#define __NR_sys_gettid __NR_gettid ++_syscall0(int, sys_gettid) + #else + /* This is a replacement for the host gettid() and must return a host + errno. */ +@@ -6219,7 +6222,7 @@ static void *clone_func(void *arg) + cpu = ENV_GET_CPU(env); + thread_cpu = cpu; + ts = (TaskState *)cpu->opaque; +- info->tid = gettid(); ++ info->tid = sys_gettid(); + task_settid(ts); + if (info->child_tidptr) + put_user_u32(info->tid, info->child_tidptr); +@@ -6363,9 +6366,9 @@ static int do_fork(CPUArchState *env, un + mapping. We can't repeat the spinlock hack used above because + the child process gets its own copy of the lock. */ + if (flags & CLONE_CHILD_SETTID) +- put_user_u32(gettid(), child_tidptr); ++ put_user_u32(sys_gettid(), child_tidptr); + if (flags & CLONE_PARENT_SETTID) +- put_user_u32(gettid(), parent_tidptr); ++ put_user_u32(sys_gettid(), parent_tidptr); + ts = (TaskState *)cpu->opaque; + if (flags & CLONE_SETTLS) + cpu_set_tls (env, newtls); +@@ -11402,7 +11405,7 @@ abi_long do_syscall(void *cpu_env, int n + break; + #endif + case TARGET_NR_gettid: +- ret = get_errno(gettid()); ++ ret = get_errno(sys_gettid()); + break; + #ifdef TARGET_NR_readahead + case TARGET_NR_readahead: -- cgit v1.2.3 From bd9e14085668217b5657e57ca5b13a4a55360d9c Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Thu, 1 Apr 2021 22:50:56 +0100 Subject: Revert "gnu: libvirt: Update to 7.1.0." The update causes virsh to fail . This reverts commit 383b02a370252c08eb1d43ac94d659c1d3993a35. --- gnu/local.mk | 2 +- .../patches/libvirt-create-machine-cgroup.patch | 48 +++++++++++++ .../patches/libvirt-do-not-create-var-dirs.patch | 30 --------- gnu/packages/virtualization.scm | 78 +++++++++++++--------- 4 files changed, 94 insertions(+), 64 deletions(-) create mode 100644 gnu/packages/patches/libvirt-create-machine-cgroup.patch delete mode 100644 gnu/packages/patches/libvirt-do-not-create-var-dirs.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index b037b397c3..f2d595f2cc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1263,7 +1263,7 @@ dist_patch_DATA = \ %D%/packages/patches/kdbusaddons-kinit-file-name.patch \ %D%/packages/patches/libffi-3.3-powerpc-fixes.patch \ %D%/packages/patches/libffi-float128-powerpc64le.patch \ - %D%/packages/patches/libvirt-do-not-create-var-dirs.patch \ + %D%/packages/patches/libvirt-create-machine-cgroup.patch \ %D%/packages/patches/libziparchive-add-includes.patch \ %D%/packages/patches/localed-xorg-keyboard.patch \ %D%/packages/patches/kdiagram-Fix-missing-link-libraries.patch \ diff --git a/gnu/packages/patches/libvirt-create-machine-cgroup.patch b/gnu/packages/patches/libvirt-create-machine-cgroup.patch new file mode 100644 index 0000000000..585ac237e1 --- /dev/null +++ b/gnu/packages/patches/libvirt-create-machine-cgroup.patch @@ -0,0 +1,48 @@ +From 9ca0b2955edea162b255b428e493cd8ffac52167 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?= + +Date: Fri, 1 Nov 2019 17:29:00 +0100 +Subject: [PATCH] vircgroup: Ensure /machine group is associated with its + parent. + +Call first virCgroupNew on the parent group virCgroupNewPartition if +it is available on before the creation of the child group. This +ensures that the creation of a first level group on the unified +architecture, as the check at virCgroupV2ParseControllersFile as the +parent file is there. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1760233 +--- + src/util/vircgroup.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c +index b46f20abfd..33c61f2d45 100644 +--- a/src/util/vircgroup.c ++++ b/src/util/vircgroup.c +@@ -855,9 +855,6 @@ virCgroupNewPartition(const char *path, + if (virCgroupSetPartitionSuffix(path, &newPath) < 0) + goto cleanup; + +- if (virCgroupNew(-1, newPath, NULL, controllers, group) < 0) +- goto cleanup; +- + if (STRNEQ(newPath, "/")) { + char *tmp; + parentPath = g_strdup(newPath); +@@ -868,7 +865,12 @@ virCgroupNewPartition(const char *path, + + if (virCgroupNew(-1, parentPath, NULL, controllers, &parent) < 0) + goto cleanup; ++ } + ++ if (virCgroupNew(-1, newPath, parent, controllers, group) < 0) ++ goto cleanup; ++ ++ if (parent) { + if (virCgroupMakeGroup(parent, *group, create, VIR_CGROUP_NONE) < 0) + goto cleanup; + } +-- +2.23.0 + diff --git a/gnu/packages/patches/libvirt-do-not-create-var-dirs.patch b/gnu/packages/patches/libvirt-do-not-create-var-dirs.patch deleted file mode 100644 index 6b89d49fd4..0000000000 --- a/gnu/packages/patches/libvirt-do-not-create-var-dirs.patch +++ /dev/null @@ -1,30 +0,0 @@ -We define localstatedir as /var, and so we shouldn't be installing empty -directories there. - -diff --git a/src/meson.build b/src/meson.build -index f13b85b74e..58040f2c5d 100644 ---- a/src/meson.build -+++ b/src/meson.build -@@ -893,22 +893,6 @@ if conf.has('WITH_DTRACE_PROBES') - ) - endif - -- --# Install empty directories -- --virt_install_dirs += [ -- localstatedir / 'cache' / 'libvirt', -- localstatedir / 'lib' / 'libvirt' / 'images', -- localstatedir / 'lib' / 'libvirt' / 'filesystems', -- localstatedir / 'lib' / 'libvirt' / 'boot', --] -- --meson.add_install_script( -- meson_python_prog.path(), python3_prog.path(), meson_install_dirs_prog.path(), -- virt_install_dirs, --) -- -- - # Check driver files - - if host_machine.system() == 'linux' diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 7a34f8db1f..c6929b9f1a 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -18,7 +18,6 @@ ;;; Copyright © 2020, 2021 Maxim Cournoyer ;;; Copyright © 2020 Brett Gilio ;;; Copyright © 2021 Leo Famulari -;;; Copyright © 2021 Pierre Langlois ;;; ;;; This file is part of GNU Guix. ;;; @@ -1066,49 +1065,64 @@ manage system or application containers.") (define-public libvirt (package (name "libvirt") - (version "7.1.0") + (version "5.8.0") (source (origin (method url-fetch) (uri (string-append "https://libvirt.org/sources/libvirt-" version ".tar.xz")) (sha256 - (base32 "0v50ckf56h6jd9bmqwp0lh2cmb7qqjmcb6y3mz2i2r15h06ih3w7")) + (base32 "0m8cqaqflvys5kaqpvb0qr4k365j09jc5xk6x70yvg8qkcl2hcz2")) (patches - (search-patches "libvirt-do-not-create-var-dirs.patch")))) - (build-system meson-build-system) + (search-patches "libvirt-create-machine-cgroup.patch")))) + (build-system gnu-build-system) (arguments - `(#:meson ,meson-0.55 ;; libvirt requires meson 0.54 or higher. - #:configure-flags - (list "-Ddriver_qemu=enabled" - "-Dqemu_user=nobody" - "-Dqemu_group=kvm" - "-Dpolkit=enabled") + `(#:configure-flags + (list "--with-qemu" + "--with-qemu-user=nobody" + "--with-qemu-group=kvm" + "--with-polkit" + (string-append "--docdir=" (assoc-ref %outputs "out") "/share/doc/" + ,name "-" ,version) + "--sysconfdir=/etc" + "--localstatedir=/var") #:phases (modify-phases %standard-phases - (add-after 'unpack 'fix-sysconfdir-and-localstatedir + (add-before 'configure 'fix-BOURNE_SHELL-definition + ;; BOURNE_SHELL is hard-#defined to ‘/bin/sh’, causing test failures. (lambda _ - (substitute* "meson.build" - ;; We set the prefix to be the package output, but we need - ;; localstatedir to be /var. Sadly the build system doesn't - ;; seem to allow that easily. - (("localstatedir = prefix / get_option\\('localstatedir'\\)") - "localstatedir = get_option('localstatedir')") - ;; On the other hand, we keep sysconfdir using the prefix so - ;; that we install configuration files in the package output. - ;; However, we need to make sure the C code refers to /etc via - ;; SYSCONFDIR, and not the read-only configuration in the - ;; package output. - (("set_quoted\\('SYSCONFDIR', sysconfdir\\)") - "set_quoted('SYSCONFDIR', '/etc')")) + (substitute* "config.h.in" + (("/bin/sh") (which "sh"))) + #t)) + (add-before 'configure 'patch-libtirpc-file-names + (lambda* (#:key inputs #:allow-other-keys) + ;; libvirt uses an m4 macro instead of pkg-config to determine where + ;; the RPC headers are located. Tell it to look in the right place. + (substitute* "configure" + (("/usr/include/tirpc") ;defined in m4/virt-xdr.m4 + (string-append (assoc-ref inputs "libtirpc") + "/include/tirpc"))) #t)) (add-before 'configure 'disable-broken-tests (lambda _ - (substitute* "tests/meson.build" - (("\\{ 'name': 'commandtest'.*") "") ; hangs idly - (("\\{ 'name': 'qemuxml2argvtest'.*") "") ; fails - (("\\{ 'name': 'virnetsockettest'.*") "")) ; tries to network - #t))))) + (let ((tests (list "commandtest" ; hangs idly + "qemuxml2argvtest" ; fails + "qemuhotplugtest" ; fails + "virnetsockettest" ; tries to network + "virshtest"))) ; fails + (substitute* "tests/Makefile.in" + (((format #f "(~a)\\$\\(EXEEXT\\)" (string-join tests "|"))) + "")) + #t))) + (replace 'install + ;; Since the sysconfdir and localstatedir should be /etc and /var + ;; at runtime, we must prevent writing to them at installation + ;; time. + (lambda* (#:key make-flags #:allow-other-keys) + (apply invoke "make" "install" + "sysconfdir=/tmp/etc" + "localstatedir=/tmp/var" + make-flags)))))) (inputs `(("libxml2" ,libxml2) ("eudev" ,eudev) @@ -1135,9 +1149,7 @@ manage system or application containers.") ("perl" ,perl) ("pkg-config" ,pkg-config) ("polkit" ,polkit) - ("python" ,python-wrapper) - ("python-docutils" ,python-docutils) ;for rst2html - ("rpcsvc-proto" ,rpcsvc-proto))) ;for 'rpcgen' + ("python" ,python-wrapper))) (home-page "https://libvirt.org") (synopsis "Simple API for virtualization") (description "Libvirt is a C toolkit to interact with the virtualization -- cgit v1.2.3 From 67a5e112b1f3527538b7dcbccbb26a5594861d0e Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 30 Mar 2021 08:16:32 -0400 Subject: gnu: opendht: Update to 2.2.0rc4. * gnu/packages/patches/opendht-fix-jami.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Un-register it. * gnu/packages/networking.scm (opendht): Update to 2.2.0rc4. [patches]: Remove field. [inputs]: Use nettle-3.7. [native-inputs]: Move restinio to... [propagated-inputs]: ... here. --- gnu/local.mk | 1 - gnu/packages/networking.scm | 13 ++++++------ gnu/packages/patches/opendht-fix-jami.patch | 33 ----------------------------- 3 files changed, 6 insertions(+), 41 deletions(-) delete mode 100644 gnu/packages/patches/opendht-fix-jami.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index f2d595f2cc..1a72e896a8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1470,7 +1470,6 @@ dist_patch_DATA = \ %D%/packages/patches/opencascade-oce-glibc-2.26.patch \ %D%/packages/patches/opencv-fix-build-of-grfmt_jpeg2000.cpp.patch \ %D%/packages/patches/opencv-rgbd-aarch64-test-fix.patch \ - %D%/packages/patches/opendht-fix-jami.patch \ %D%/packages/patches/openfoam-4.1-cleanup.patch \ %D%/packages/patches/openjdk-10-idlj-reproducibility.patch \ %D%/packages/patches/openmpi-mtl-priorities.patch \ diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 8cdb674ff3..f0e95c6ed0 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -3428,40 +3428,39 @@ and targeted primarily for asynchronous processing of HTTP-requests.") (define-public opendht (package (name "opendht") - (version "2.1.4") + (version "2.2.0rc4") ;jami requires >= 2.2.0 (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/savoirfairelinux/opendht") (commit version))) (file-name (git-file-name name version)) - (patches (search-patches "opendht-fix-jami.patch")) (sha256 (base32 - "1ax26ri1ifb6s8ppd28jmanka9yf8mw3np65q2h4djhhik0phhal")))) + "1wc0f6cnvnlmhxnx64nxqgsx93k4g7ljdaqjl40ml74jg3nqrzcl")))) ;; Since 2.0, the gnu-build-system does not seem to work anymore, upstream bug? (build-system cmake-build-system) (inputs `(("argon2" ,argon2) - ("nettle" ,nettle) + ("nettle" ,nettle-3.7) ("readline" ,readline) ("jsoncpp" ,jsoncpp) ("openssl" ,openssl) ;required for the DHT proxy ("fmt" ,fmt))) (propagated-inputs `(("gnutls" ,gnutls) ;included in opendht/crypto.h - ("msgpack" ,msgpack))) ;included in several installed headers + ("msgpack" ,msgpack) ;included in several installed headers + ("restinio" ,restinio))) ;included in opendht/http.h (native-inputs `(("autoconf" ,autoconf) ("automake" ,automake) ("pkg-config" ,pkg-config) - ("restinio" ,restinio) ;headers only library ("libtool" ,libtool) ("cppunit" ,cppunit))) (arguments `(#:tests? #f ; Tests require network connection. #:configure-flags - '(;; "-DOPENDHT_TESTS=on" + '(;;"-DOPENDHT_TESTS=on" "-DOPENDHT_TOOLS=off" "-DOPENDHT_PYTHON=off" "-DOPENDHT_PROXY_SERVER=on" diff --git a/gnu/packages/patches/opendht-fix-jami.patch b/gnu/packages/patches/opendht-fix-jami.patch deleted file mode 100644 index 9718a84a41..0000000000 --- a/gnu/packages/patches/opendht-fix-jami.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e2b39dd3a0742853e00f9c3e8c46c911da20bed7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Adrien=20B=C3=A9raud?= -Date: Tue, 30 Jun 2020 10:42:49 -0400 -Subject: [PATCH 1/4] http/request: make terminate public - ---- - include/opendht/http.h | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/include/opendht/http.h b/include/opendht/http.h -index cc8d5f9..46b722c 100644 ---- a/include/opendht/http.h -+++ b/include/opendht/http.h -@@ -294,6 +294,7 @@ public: - * User action to cancel the Request and call the completion callbacks. - */ - void cancel(); -+ void terminate(const asio::error_code& ec); - - private: - using OnCompleteCb = std::function; -@@ -320,8 +321,6 @@ private: - - void connect(std::vector&& endpoints, HandlerCb cb = {}); - -- void terminate(const asio::error_code& ec); -- - void post(); - - void handle_request(const asio::error_code& ec); --- -2.27.0 - -- cgit v1.2.3 From 31c4d89073bdbe2b807ccf7b172df6db200f8d32 Mon Sep 17 00:00:00 2001 From: Jelle Licht Date: Tue, 30 Mar 2021 01:27:42 -0400 Subject: gnu: Add llhttp-bootstrap. * gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/node.scm (llhttp-bootstrap): New variable. --- gnu/local.mk | 1 + gnu/packages/node.scm | 70 +++++++++++++++ .../patches/llhttp-bootstrap-CVE-2020-8287.patch | 100 +++++++++++++++++++++ 3 files changed, 171 insertions(+) create mode 100644 gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 1a72e896a8..1269bf0e47 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1368,6 +1368,7 @@ dist_patch_DATA = \ %D%/packages/patches/linux-pam-no-setfsuid.patch \ %D%/packages/patches/lirc-localstatedir.patch \ %D%/packages/patches/lirc-reproducible-build.patch \ + %D%/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch \ %D%/packages/patches/llvm-3.5-fix-clang-build-with-gcc5.patch \ %D%/packages/patches/llvm-9-fix-bitcast-miscompilation.patch \ %D%/packages/patches/llvm-9-fix-lpad-miscompilation.patch \ diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm index 5336012e43..26025c5d7c 100644 --- a/gnu/packages/node.scm +++ b/gnu/packages/node.scm @@ -510,6 +510,76 @@ Node.js and web browsers.") parser definition into a C output.") (license license:expat))) +(define-public llhttp-bootstrap + (package + (name "llhttp") + (version "2.1.3") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/nodejs/llhttp.git") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0pqj7kyyzr1zs4h9yzn5rdxnxspm3wqgsv00765dd42fszlmrmk8")) + (patches (search-patches "llhttp-bootstrap-CVE-2020-8287.patch")) + (modules '((guix build utils))) + (snippet + '(begin + ;; Fix imports for esbuild. + ;; https://github.com/evanw/esbuild/issues/477 + (substitute* "src/llhttp/http.ts" + (("\\* as assert") "assert")) + (substitute* "Makefile" + (("npx ts-node bin/generate.ts") + "node bin/generate.js")) + #t)))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; no tests + #:make-flags (list (string-append "CLANG=" ,(cc-for-target)) + (string-append "DESTDIR=" (assoc-ref %outputs "out")) + "PREFIX=") + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key inputs #:allow-other-keys) + (let ((esbuild (string-append (assoc-ref inputs "esbuild") + "/bin/esbuild"))) + (invoke esbuild + "--platform=node" + "--outfile=bin/generate.js" + "--bundle" "bin/generate.ts")))) + (add-before 'install 'create-install-directories + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (for-each (lambda (dir) + (mkdir-p (string-append out dir))) + (list "/lib" "/include" "/src")) + #t))) + (add-after 'install 'install-src + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (src-dir (string-append out "/src"))) + (install-file "build/c/llhttp.c" src-dir) + (install-file "src/native/api.c" src-dir) + (install-file "src/native/http.c" src-dir) + #t)))))) + (native-inputs + `(("esbuild" ,esbuild) + ("node" ,node-bootstrap) + ("node-semver" ,node-semver-bootstrap) + ("node-llparse-bootstrap" ,node-llparse-bootstrap))) + (home-page "https://github.com/nodejs/llhttp") + (properties '((hidden? . #t))) + (synopsis "Parser for HTTP messages") + (description "This is a rewrite of +@url{https://github.com/nodejs/http-parser, http-parser} using +@url{https://github.com/nodejs/llparse, llparse} to generate the C +source files.") + (license license:expat))) + (define-public libnode (package/inherit node (name "libnode") diff --git a/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch new file mode 100644 index 0000000000..215c920e53 --- /dev/null +++ b/gnu/packages/patches/llhttp-bootstrap-CVE-2020-8287.patch @@ -0,0 +1,100 @@ +This patch comes from upstream. It corresponds to a patch applied to +the generated C source code for llhttp included in Node.js 14.16.0 +(see commit 641f786bb1a1f6eb1ff8750782ed939780f2b31a). That commit +fixes CVE-2020-8287. With this patch, the output of our +llhttp-bootstrap package matches the files included in Node.js 14.16.0 +exactly. + +commit e9b36ea64709c35ca66094d5cf3787f444029601 +Author: Fedor Indutny +Date: Sat Oct 10 19:56:01 2020 -0700 + + http: unset `F_CHUNKED` on new `Transfer-Encoding` + + Duplicate `Transfer-Encoding` header should be a treated as a single, + but with original header values concatenated with a comma separator. In + the light of this, even if the past `Transfer-Encoding` ended with + `chunked`, we should be not let the `F_CHUNKED` to leak into the next + header, because mere presence of another header indicates that `chunked` + is not the last transfer-encoding token. + +diff --git a/src/llhttp/http.ts b/src/llhttp/http.ts +index f4f1a6e..0a0c365 100644 +--- a/src/llhttp/http.ts ++++ b/src/llhttp/http.ts +@@ -460,11 +460,19 @@ export class HTTP { + .match([ ' ', '\t' ], n('header_value_discard_ws')) + .otherwise(checkContentLengthEmptiness); + ++ // Multiple `Transfer-Encoding` headers should be treated as one, but with ++ // values separate by a comma. ++ // ++ // See: https://tools.ietf.org/html/rfc7230#section-3.2.2 ++ const toTransferEncoding = this.unsetFlag( ++ FLAGS.CHUNKED, ++ 'header_value_te_chunked'); ++ + n('header_value_start') + .otherwise(this.load('header_state', { + [HEADER_STATE.UPGRADE]: this.setFlag(FLAGS.UPGRADE, fallback), + [HEADER_STATE.TRANSFER_ENCODING]: this.setFlag( +- FLAGS.TRANSFER_ENCODING, 'header_value_te_chunked'), ++ FLAGS.TRANSFER_ENCODING, toTransferEncoding), + [HEADER_STATE.CONTENT_LENGTH]: n('header_value_content_length_once'), + [HEADER_STATE.CONNECTION]: n('header_value_connection'), + }, 'header_value')); +@@ -847,6 +855,11 @@ export class HTTP { + return span.start(span.end(this.node(next))); + } + ++ private unsetFlag(flag: FLAGS, next: string | Node): Node { ++ const p = this.llparse; ++ return p.invoke(p.code.and('flags', ~flag), this.node(next)); ++ } ++ + private setFlag(flag: FLAGS, next: string | Node): Node { + const p = this.llparse; + return p.invoke(p.code.or('flags', flag), this.node(next)); +diff --git a/test/request/transfer-encoding.md b/test/request/transfer-encoding.md +index a7d1681..b0891d6 100644 +--- a/test/request/transfer-encoding.md ++++ b/test/request/transfer-encoding.md +@@ -353,6 +353,38 @@ off=106 headers complete method=3 v=1/1 flags=200 content_length=0 + off=106 error code=15 reason="Request has invalid `Transfer-Encoding`" + ``` + ++## POST with `chunked` and duplicate transfer-encoding ++ ++ ++```http ++POST /post_identity_body_world?q=search#hey HTTP/1.1 ++Accept: */* ++Transfer-Encoding: chunked ++Transfer-Encoding: deflate ++ ++World ++``` ++ ++```log ++off=0 message begin ++off=5 len=38 span[url]="/post_identity_body_world?q=search#hey" ++off=44 url complete ++off=54 len=6 span[header_field]="Accept" ++off=61 header_field complete ++off=62 len=3 span[header_value]="*/*" ++off=67 header_value complete ++off=67 len=17 span[header_field]="Transfer-Encoding" ++off=85 header_field complete ++off=86 len=7 span[header_value]="chunked" ++off=95 header_value complete ++off=95 len=17 span[header_field]="Transfer-Encoding" ++off=113 header_field complete ++off=114 len=7 span[header_value]="deflate" ++off=123 header_value complete ++off=125 headers complete method=3 v=1/1 flags=200 content_length=0 ++off=125 error code=15 reason="Request has invalid `Transfer-Encoding`" ++``` ++ + ## POST with `chunked` before other transfer-coding (lenient) + + TODO(indutny): should we allow it even in lenient mode? (Consider disabling -- cgit v1.2.3 From c18c8d3e9c2d3377f6109096dbf04b8668f324de Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Fri, 2 Apr 2021 19:22:33 +0200 Subject: gnu: wpa-supplicant-minimal: Fix CVE-2021-30004. * gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/admin.scm (wpa-supplicant-minimal): Apply patch. --- gnu/local.mk | 1 + gnu/packages/admin.scm | 3 +- .../patches/wpa-supplicant-CVE-2021-30004.patch | 115 +++++++++++++++++++++ 3 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 1269bf0e47..1a767a6c89 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1803,6 +1803,7 @@ dist_patch_DATA = \ %D%/packages/patches/wordnet-CVE-2008-3908-pt1.patch \ %D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch \ %D%/packages/patches/wpa-supplicant-CVE-2021-27803.patch \ + %D%/packages/patches/wpa-supplicant-CVE-2021-30004.patch \ %D%/packages/patches/x265-arm-flags.patch \ %D%/packages/patches/xf86-video-ark-remove-mibstore.patch \ %D%/packages/patches/xf86-video-mach64-glibc-2.20.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index d5b4d34323..2b12b5d5e4 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1658,7 +1658,8 @@ features of sudo with a fraction of the codebase.") (string-append "#" line))) #t)) (patches - (search-patches "wpa-supplicant-CVE-2021-27803.patch")))) + (search-patches "wpa-supplicant-CVE-2021-27803.patch" + "wpa-supplicant-CVE-2021-30004.patch")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch b/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch new file mode 100644 index 0000000000..8c8ba93355 --- /dev/null +++ b/gnu/packages/patches/wpa-supplicant-CVE-2021-30004.patch @@ -0,0 +1,115 @@ +From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sat, 13 Mar 2021 18:19:31 +0200 +Subject: ASN.1: Validate DigestAlgorithmIdentifier parameters + +The supported hash algorithms do not use AlgorithmIdentifier parameters. +However, there are implementations that include NULL parameters in +addition to ones that omit the parameters. Previous implementation did +not check the parameters value at all which supported both these cases, +but did not reject any other unexpected information. + +Use strict validation of digest algorithm parameters and reject any +unexpected value when validating a signature. This is needed to prevent +potential forging attacks. + +Signed-off-by: Jouni Malinen +--- + src/tls/pkcs1.c | 21 +++++++++++++++++++++ + src/tls/x509v3.c | 20 ++++++++++++++++++++ + 2 files changed, 41 insertions(+) + +diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c +index bbdb0d7..5761dfe 100644 +--- a/src/tls/pkcs1.c ++++ b/src/tls/pkcs1.c +@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo", ++ hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk, + os_free(decrypted); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "PKCS #1: Unexpected digest algorithm parameters"); ++ os_free(decrypted); ++ return -1; ++ } + + if (!asn1_oid_equal(&oid, hash_alg)) { + char txt[100], txt2[100]; +diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c +index a8944dd..df337ec 100644 +--- a/src/tls/x509v3.c ++++ b/src/tls/x509v3.c +@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length); + + pos = hdr.payload; + end = pos + hdr.length; +@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier", ++ hdr.payload, hdr.length); + da_end = hdr.payload + hdr.length; + + if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) { +@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer, + os_free(data); + return -1; + } ++ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters", ++ next, da_end - next); ++ ++ /* ++ * RFC 5754: The correct encoding for the SHA2 algorithms would be to ++ * omit the parameters, but there are implementation that encode these ++ * as a NULL element. Allow these two cases and reject anything else. ++ */ ++ if (da_end > next && ++ (asn1_get_next(next, da_end - next, &hdr) < 0 || ++ !asn1_is_null(&hdr) || ++ hdr.payload + hdr.length != da_end)) { ++ wpa_printf(MSG_DEBUG, ++ "X509: Unexpected digest algorithm parameters"); ++ os_free(data); ++ return -1; ++ } + + if (x509_sha1_oid(&oid)) { + if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) { +-- +cgit v0.12 + -- cgit v1.2.3 From f4dc8ac6dfa036d98aa0990ae22268a9650899d0 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Fri, 2 Apr 2021 21:33:02 +0200 Subject: gnu: curl: Update to 7.76.0 [security fixes]. Fixes CVE-2021-22876 and CVE-2021-22890. * gnu/packages/curl.scm (curl/fixed): New variable. (curl)[replacement]: New field. * gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/curl.scm | 15 +++++ .../patches/curl-7.76-use-ssl-cert-env.patch | 64 ++++++++++++++++++++++ 3 files changed, 80 insertions(+) create mode 100644 gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 1a767a6c89..0d472072ae 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -920,6 +920,7 @@ dist_patch_DATA = \ %D%/packages/patches/clucene-contribs-lib.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/curl-use-ssl-cert-env.patch \ + %D%/packages/patches/curl-7.76-use-ssl-cert-env.patch \ %D%/packages/patches/cursynth-wave-rand.patch \ %D%/packages/patches/cvs-CVE-2017-12836.patch \ %D%/packages/patches/cyrus-sasl-ac-try-run-fix.patch \ diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 730676875c..94dc51cfc5 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -62,6 +62,7 @@ (base32 "12w7gskrglg6qrmp822j37fmbr0icrcxv7rib1fy5xiw80n5z7cr")) (patches (search-patches "curl-use-ssl-cert-env.patch")))) + (replacement curl/fixed) (build-system gnu-build-system) (outputs '("out" "doc")) ;1.2 MiB of man3 pages @@ -151,6 +152,20 @@ tunneling, and so on.") (name "curl-minimal") (inputs (alist-delete "openldap" (package-inputs curl)))))) +(define-public curl/fixed + (package + (inherit curl) + (version "7.76.0") + (source + (origin + (inherit (package-source curl)) + (uri (string-append "https://curl.haxx.se/download/curl-" + version ".tar.xz")) + (patches (search-patches "curl-7.76-use-ssl-cert-env.patch")) + (sha256 + (base32 + "1j2g04m6als6hmqzvddv84c31m0x90bfgyz3bjrwdkarbkby40k3")))))) + (define-public kurly (package (name "kurly") diff --git a/gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch b/gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch new file mode 100644 index 0000000000..24be6e31d9 --- /dev/null +++ b/gnu/packages/patches/curl-7.76-use-ssl-cert-env.patch @@ -0,0 +1,64 @@ +Make libcurl respect the SSL_CERT_{DIR,FILE} variables by default. The variables +are fetched during initialization to preserve thread-safety (curl_global_init(3) +must be called when no other threads exist). + +This fixes network functionality in rust:cargo, and probably removes the need +for other future workarounds. +=================================================================== +--- curl-7.66.0.orig/lib/easy.c 2020-01-02 15:43:11.883921171 +0100 ++++ curl-7.66.0/lib/easy.c 2020-01-02 16:18:54.691882797 +0100 +@@ -134,6 +134,9 @@ + # pragma warning(default:4232) /* MSVC extension, dllimport identity */ + #endif + ++char * Curl_ssl_cert_dir = NULL; ++char * Curl_ssl_cert_file = NULL; ++ + /** + * curl_global_init() globally initializes curl given a bitwise set of the + * different features of what to initialize. +@@ -155,6 +158,9 @@ + #endif + } + ++ Curl_ssl_cert_dir = curl_getenv("SSL_CERT_DIR"); ++ Curl_ssl_cert_file = curl_getenv("SSL_CERT_FILE"); ++ + if(!Curl_ssl_init()) { + DEBUGF(fprintf(stderr, "Error: Curl_ssl_init failed\n")); + return CURLE_FAILED_INIT; +@@ -260,6 +266,9 @@ + Curl_ssl_cleanup(); + Curl_resolver_global_cleanup(); + ++ free(Curl_ssl_cert_dir); ++ free(Curl_ssl_cert_file); ++ + #ifdef WIN32 + Curl_win32_cleanup(init_flags); + #endif +diff -ur curl-7.66.0.orig/lib/url.c curl-7.66.0/lib/url.c +--- curl-7.66.0.orig/lib/url.c 2020-01-02 15:43:11.883921171 +0100 ++++ curl-7.66.0/lib/url.c 2020-01-02 16:21:11.563880346 +0100 +@@ -524,6 +524,21 @@ + if(result) + return result; + #endif ++ extern char * Curl_ssl_cert_dir; ++ extern char * Curl_ssl_cert_file; ++ if(Curl_ssl_cert_dir) { ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], Curl_ssl_cert_dir)) ++ return result; ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], Curl_ssl_cert_dir)) ++ return result; ++ } ++ ++ if(Curl_ssl_cert_file) { ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], Curl_ssl_cert_file)) ++ return result; ++ if(result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY], Curl_ssl_cert_file)) ++ return result; ++ } + } + + set->wildcard_enabled = FALSE; -- cgit v1.2.3 From 48f7aa1cd104096daccc8a4859021f1e1177f525 Mon Sep 17 00:00:00 2001 From: Andy Tai Date: Thu, 18 Mar 2021 00:46:45 -0700 Subject: gnu: vtk: Update to 9.0.1. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/image-processing.scm (vtk): Update to 9.0.1. [source](snippet): Remove bundled "ogg" directory as well. [arguments]: Adjust #:configure-flags. Add #:phases. [inputs]: Add LIBOGG. * gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch: Update. Co-authored-by: Ludovic Courtès --- gnu/packages/image-processing.scm | 65 +++++++++++++--------- .../vtk-fix-freetypetools-build-failure.patch | 14 ++--- 2 files changed, 45 insertions(+), 34 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm index 7205336d53..f944a61186 100644 --- a/gnu/packages/image-processing.scm +++ b/gnu/packages/image-processing.scm @@ -14,6 +14,7 @@ ;;; Copyright © 2020 Brendan Tildesley ;;; Copyright © 2021 Oleh Malyi ;;; Copyright © 2021 Felix Gruber +;;; Copyright © 2021 Andy Tai ;;; ;;; This file is part of GNU Guix. ;;; @@ -246,7 +247,7 @@ many popular formats.") (define-public vtk (package (name "vtk") - (version "8.2.0") + (version "9.0.1") (source (origin (method url-fetch) (uri (string-append "https://vtk.org/files/release/" @@ -254,7 +255,7 @@ many popular formats.") "/VTK-" version ".tar.gz")) (sha256 (base32 - "1fspgp8k0myr6p2a6wkc21ldcswb4bvmb484m12mxgk1a9vxrhrl")) + "1ir2lq9i45ls374lcmjzw0nrm5l5hnm1w47lg8g8d0n2j7hsaf8v")) (patches (search-patches "vtk-fix-freetypetools-build-failure.patch")) (modules '((guix build utils))) @@ -264,35 +265,46 @@ many popular formats.") (lambda (dir) (delete-file-recursively (string-append "ThirdParty/" dir "/vtk" dir))) - ;; ogg, pugixml depended upon unconditionally + ;; pugixml depended upon unconditionally '("doubleconversion" "eigen" "expat" "freetype" "gl2ps" "glew" "hdf5" "jpeg" "jsoncpp" "libproj" "libxml2" "lz4" - "netcdf" "png" "sqlite" "theora" "tiff" "zlib")) + "netcdf" "ogg" "png" "sqlite" "theora" "tiff" "zlib")) #t)))) (build-system cmake-build-system) (arguments '(#:build-type "Release" ;Build without '-g' to save space. #:configure-flags '(;"-DBUILD_TESTING:BOOL=TRUE" - ;"-DVTK_MODULE_USE_EXTERNAL_vtkogg:BOOL=TRUE" ; not honored - "-DVTK_USE_SYSTEM_DOUBLECONVERSION:BOOL=TRUE" - "-DVTK_USE_SYSTEM_EIGEN:BOOL=TRUE" - "-DVTK_USE_SYSTEM_EXPAT:BOOL=TRUE" - "-DVTK_USE_SYSTEM_FREETYPE:BOOL=TRUE" - "-DVTK_USE_SYSTEM_GL2PS:BOOL=TRUE" - "-DVTK_USE_SYSTEM_GLEW:BOOL=TRUE" - "-DVTK_USE_SYSTEM_HDF5:BOOL=TRUE" - "-DVTK_USE_SYSTEM_JPEG:BOOL=TRUE" - "-DVTK_USE_SYSTEM_JSONCPP:BOOL=TRUE" - "-DVTK_USE_SYSTEM_LIBPROJ:BOOL=TRUE" - "-DVTK_USE_SYSTEM_LIBXML2:BOOL=TRUE" - "-DVTK_USE_SYSTEM_LZ4:BOOL=TRUE" - "-DVTK_USE_SYSTEM_NETCDF:BOOL=TRUE" - "-DVTK_USE_SYSTEM_PNG:BOOL=TRUE" - ;"-DVTK_USE_SYSTEM_PUGIXML:BOOL=TRUE" ; breaks IO/CityGML - "-DVTK_USE_SYSTEM_SQLITE:BOOL=TRUE" - "-DVTK_USE_SYSTEM_THEORA:BOOL=TRUE" - "-DVTK_USE_SYSTEM_TIFF:BOOL=TRUE" - "-DVTK_USE_SYSTEM_ZLIB:BOOL=TRUE") + ; ; not honored + "-DVTK_USE_EXTERNAL=OFF" ;; default + "-DVTK_MODULE_USE_EXTERNAL_VTK_doubleconversion=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_eigen=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_expat=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_freetype=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_gl2ps=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_glew=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_hdf5=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_jpeg=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_jsoncpp=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_libproj=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_libxml2=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_lz4=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_netcdf=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_ogg=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_png=ON" + ;"-DVTK_MODULE_USE_EXTERNAL_VTK_pugixml=ON" ; breaks IO/CityGML + "-DVTK_MODULE_USE_EXTERNAL_VTK_sqlite=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_theora=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_tiff=ON" + "-DVTK_MODULE_USE_EXTERNAL_VTK_zlib=ON" + ) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-sources + (lambda _ + (substitute* "Common/Core/vtkFloatingPointExceptions.cxx" + (("") "")) + (substitute* "Common/Core/CMakeLists.txt" + (("fenv.h") "cfenv"))))) #:tests? #f)) ;XXX: test data not included (inputs `(("double-conversion" ,double-conversion) @@ -305,7 +317,6 @@ many popular formats.") ("hdf5" ,hdf5) ("jpeg" ,libjpeg-turbo) ("jsoncpp" ,jsoncpp) - ;("libogg" ,libogg) ("libtheora" ,libtheora) ("libX11" ,libx11) ("libxml2" ,libxml2) @@ -320,6 +331,10 @@ many popular formats.") ("tiff" ,libtiff) ("xorgproto" ,xorgproto) ("zlib" ,zlib))) + (propagated-inputs + ;; VTK's 'VTK-vtk-module-find-packages.cmake' calls + ;; 'find_package(THEORA)', which in turns looks for libogg. + `(("libogg" ,libogg))) (home-page "https://vtk.org/") (synopsis "Libraries for 3D computer graphics") (description diff --git a/gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch b/gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch index 6988e65872..23f651b5eb 100644 --- a/gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch +++ b/gnu/packages/patches/vtk-fix-freetypetools-build-failure.patch @@ -17,20 +17,16 @@ diff --git a/Rendering/FreeType/vtkFreeTypeTools.cxx b/Rendering/FreeType/vtkFre index c54289dc60..03b899c4da 100644 --- a/Rendering/FreeType/vtkFreeTypeTools.cxx +++ b/Rendering/FreeType/vtkFreeTypeTools.cxx -@@ -387,11 +387,8 @@ FTC_CMapCache* vtkFreeTypeTools::GetCMapCache() +@@ -378,8 +378,7 @@ FTC_CMapCache* vtkFreeTypeTools::GetCMapCache() } - + //---------------------------------------------------------------------------- -FT_CALLBACK_DEF(FT_Error) --vtkFreeTypeToolsFaceRequester(FTC_FaceID face_id, -- FT_Library lib, -- FT_Pointer request_data, -- FT_Face* face) +-vtkFreeTypeToolsFaceRequester( +static FT_Error vtkFreeTypeToolsFaceRequester( -+ FTC_FaceID face_id, FT_Library lib, FT_Pointer request_data, FT_Face* face) + FTC_FaceID face_id, FT_Library lib, FT_Pointer request_data, FT_Face* face) { #if VTK_FTFC_DEBUG_CD - printf("vtkFreeTypeToolsFaceRequester()\n"); --- +-- 2.30.1 -- cgit v1.2.3 From 8d89d3c9bf7cacd9c79b4aacf348044d4fe7800b Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 2 Apr 2021 23:14:13 +0200 Subject: gnu: pidgin: Update to 2.14.2. * gnu/packages/messaging.scm (pidgin): Update to 2.14.2. [source]: Remove pidgin-vv-gst.patch. * gnu/packages/patches/pidgin-vv-gst.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/messaging.scm | 8 ++---- gnu/packages/patches/pidgin-vv-gst.patch | 48 -------------------------------- 3 files changed, 3 insertions(+), 54 deletions(-) delete mode 100644 gnu/packages/patches/pidgin-vv-gst.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 0d472072ae..26976f73cd 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1525,7 +1525,6 @@ dist_patch_DATA = \ %D%/packages/patches/picard-fix-id3-rename-test.patch \ %D%/packages/patches/picprog-non-intel-support.patch \ %D%/packages/patches/pidgin-add-search-path.patch \ - %D%/packages/patches/pidgin-vv-gst.patch \ %D%/packages/patches/pinball-const-fix.patch \ %D%/packages/patches/pinball-cstddef.patch \ %D%/packages/patches/pinball-missing-separators.patch \ diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm index 388e7f2ead..e8b67c03bc 100644 --- a/gnu/packages/messaging.scm +++ b/gnu/packages/messaging.scm @@ -788,7 +788,7 @@ authentication.") (define-public pidgin (package (name "pidgin") - (version "2.14.1") + (version "2.14.2") (source (origin (method url-fetch) @@ -796,11 +796,9 @@ authentication.") (string-append "mirror://sourceforge/pidgin/Pidgin/" version "/pidgin-" version ".tar.gz")) (sha256 - (base32 "1c4dzxg9c3d9zfqqa7jwijj9rv9fm6w95igmpljwy88lxq7v5w11")) + (base32 "19r297ynxizdj357ihmy0sgpgfikdzblkszlwlqnsr3lvbjhhsg1")) (patches - (search-patches - "pidgin-add-search-path.patch" - "pidgin-vv-gst.patch")) + (search-patches "pidgin-add-search-path.patch")) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/patches/pidgin-vv-gst.patch b/gnu/packages/patches/pidgin-vv-gst.patch deleted file mode 100644 index e0553dd119..0000000000 --- a/gnu/packages/patches/pidgin-vv-gst.patch +++ /dev/null @@ -1,48 +0,0 @@ -Name: Gary Kramlich -Date: 2020-07-12 -Source: https://keep.imfreedom.org/pidgin/pidgin/rev/39ac50435cfb - -diff --git a/libpurple/mediamanager.c b/libpurple/mediamanager.c ---- a/libpurple/mediamanager.c -+++ b/libpurple/mediamanager.c -@@ -2231,6 +2231,7 @@ - purple_media_manager_unregister_gst_device(PurpleMediaManager *manager, - GstDevice *device) - { -+#ifdef USE_VV - GList *i; - gchar *name; - gchar *device_class; -@@ -2277,6 +2278,7 @@ - - g_free(name); - g_free(device_class); -+#endif /* USE_VV */ - } - - static gboolean -@@ -2304,7 +2306,7 @@ - static void - purple_media_manager_init_device_monitor(PurpleMediaManager *manager) - { --#if GST_CHECK_VERSION(1, 4, 0) -+#if GST_CHECK_VERSION(1, 4, 0) && defined(USE_VV) - GstBus *bus; - GList *i; - -@@ -2334,6 +2336,7 @@ - PurpleMediaElementType type) - { - GList *result = NULL; -+#ifdef USE_VV - GList *i; - - for (i = manager->priv->elements; i; i = i->next) { -@@ -2347,6 +2350,7 @@ - result = g_list_prepend(result, info); - } - } -+#endif /* USE_VV */ - - return result; - } -- cgit v1.2.3 From 7bf82f5ede57c9c5344ddb1d4dcfe694eb306bef Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Mon, 22 Feb 2021 22:58:31 -0500 Subject: gnu: containerd: Update to 1.4.4. * gnu/packages/docker.scm (containerd): Update to 1.4.4. Delete trailing #t. [arguments]: Set a MAKE-FLAGS binding. [phases]{patch-paths}: Patch the reference to 'unpigz'. {build, install}: Use the MAKE-FLAGS variable. [inputs]: Add pigz. * gnu/packages/patches/containerd-test-with-go1.13.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Un-register it. --- gnu/local.mk | 1 - gnu/packages/docker.scm | 86 ++++++++++++---------- .../patches/containerd-test-with-go1.13.patch | 21 ------ 3 files changed, 46 insertions(+), 62 deletions(-) delete mode 100644 gnu/packages/patches/containerd-test-with-go1.13.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 26976f73cd..d5fd714669 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -912,7 +912,6 @@ dist_patch_DATA = \ %D%/packages/patches/collectd-5.11.0-noinstallvar.patch \ %D%/packages/patches/combinatorial-blas-awpm.patch \ %D%/packages/patches/combinatorial-blas-io-fix.patch \ - %D%/packages/patches/containerd-test-with-go1.13.patch \ %D%/packages/patches/coreutils-ls.patch \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/crawl-upgrade-saves.patch \ diff --git a/gnu/packages/docker.scm b/gnu/packages/docker.scm index 5c6292c122..6083ed780b 100644 --- a/gnu/packages/docker.scm +++ b/gnu/packages/docker.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2016 David Thompson ;;; Copyright © 2018 Efraim Flashner ;;; Copyright © 2019, 2020 Tobias Geerinckx-Rice -;;; Copyright © 2019, 2020 Maxim Cournoyer +;;; Copyright © 2019, 2020, 2021 Maxim Cournoyer ;;; Copyright © 2020 Michael Rohleder ;;; Copyright © 2020 Katherine Cox-Buday ;;; Copyright © 2020 Jesse Dowell @@ -177,7 +177,7 @@ Python without keeping their credentials in a Docker configuration file.") (define-public containerd (package (name "containerd") - (version "1.3.10") + (version "1.4.4") (source (origin (method git-fetch) @@ -186,49 +186,55 @@ Python without keeping their credentials in a Docker configuration file.") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "10fz7359aydbz0yb01qkrsq2diypayfal618lvvb1x0gvgkp526i")))) + (base32 "0qjbfj1dw6pykxhh8zahcxlgpyjzgnrngk5vjaf34akwyan8nrxb")))) (build-system go-build-system) (arguments - `(#:import-path "github.com/containerd/containerd" - #:phases - (modify-phases %standard-phases - (add-after 'chdir 'patch-paths - (lambda* (#:key inputs import-path outputs #:allow-other-keys) - ;; TODO: Patch "socat", "unpigz". - (with-directory-excursion (string-append "src/" import-path) - (substitute* "./runtime/v1/linux/runtime.go" - (("defaultRuntime[ \t]*=.*") - (string-append "defaultRuntime = \"" - (assoc-ref inputs "runc") - "/sbin/runc\"\n")) - (("defaultShim[ \t]*=.*") - (string-append "defaultShim = \"" - (assoc-ref outputs "out") - "/bin/containerd-shim\"\n"))) - (substitute* "./vendor/github.com/containerd/go-runc/runc.go" - (("DefaultCommand[ \t]*=.*") - (string-append "DefaultCommand = \"" - (assoc-ref inputs "runc") - "/sbin/runc\"\n"))) - (substitute* "vendor/github.com/containerd/continuity/testutil/loopback/loopback_linux.go" - (("exec\\.Command\\(\"losetup\"") ; ) - (string-append "exec.Command(\"" - (assoc-ref inputs "util-linux") - "/sbin/losetup\""))) ;) - #t))) - (replace 'build - (lambda* (#:key import-path (make-flags '()) #:allow-other-keys) - (with-directory-excursion (string-append "src/" import-path) - (apply invoke "make" make-flags)))) - (replace 'install - (lambda* (#:key import-path outputs (make-flags '()) #:allow-other-keys) - (with-directory-excursion (string-append "src/" import-path) - (let* ((out (assoc-ref outputs "out"))) - (apply invoke "make" (string-append "DESTDIR=" out) "install" - make-flags)))))))) + (let ((make-flags (list (string-append "VERSION=" version) + "REVISION=0"))) + `(#:import-path "github.com/containerd/containerd" + #:phases + (modify-phases %standard-phases + (add-after 'chdir 'patch-paths + (lambda* (#:key inputs import-path outputs #:allow-other-keys) + (with-directory-excursion (string-append "src/" import-path) + (substitute* "runtime/v1/linux/runtime.go" + (("defaultRuntime[ \t]*=.*") + (string-append "defaultRuntime = \"" + (assoc-ref inputs "runc") + "/sbin/runc\"\n")) + (("defaultShim[ \t]*=.*") + (string-append "defaultShim = \"" + (assoc-ref outputs "out") + "/bin/containerd-shim\"\n"))) + (substitute* "vendor/github.com/containerd/go-runc/runc.go" + (("DefaultCommand[ \t]*=.*") + (string-append "DefaultCommand = \"" + (assoc-ref inputs "runc") + "/sbin/runc\"\n"))) + (substitute* "vendor/github.com/containerd/continuity/testutil\ +/loopback/loopback_linux.go" + (("exec\\.Command\\(\"losetup\"") + (string-append "exec.Command(\"" + (assoc-ref inputs "util-linux") + "/sbin/losetup\""))) + (substitute* "archive/compression/compression.go" + (("exec\\.LookPath\\(\"unpigz\"\\)") + (string-append "\"" (assoc-ref inputs "pigz") + "/bin/unpigz\", error(nil)")))))) + (replace 'build + (lambda* (#:key import-path #:allow-other-keys) + (with-directory-excursion (string-append "src/" import-path) + (apply invoke "make" ',make-flags)))) + (replace 'install + (lambda* (#:key import-path outputs #:allow-other-keys) + (with-directory-excursion (string-append "src/" import-path) + (let* ((out (assoc-ref outputs "out"))) + (apply invoke "make" (string-append "DESTDIR=" out) "install" + ',make-flags))))))))) (inputs `(("btrfs-progs" ,btrfs-progs) ("libseccomp" ,libseccomp) + ("pigz" ,pigz) ("runc" ,runc) ("util-linux" ,util-linux))) (native-inputs diff --git a/gnu/packages/patches/containerd-test-with-go1.13.patch b/gnu/packages/patches/containerd-test-with-go1.13.patch deleted file mode 100644 index 964adee9e6..0000000000 --- a/gnu/packages/patches/containerd-test-with-go1.13.patch +++ /dev/null @@ -1,21 +0,0 @@ -Compatibility fix for go 1.13, flag.Parse() shouldn't be called during -package initialization. -https://golang.org/doc/go1.13#testing ---- a/client_test.go 2020-02-12 14:50:28.991245371 -0500 -+++ b/client_test.go 2020-02-12 15:12:37.383523980 -0500 -@@ -49,7 +49,6 @@ - flag.StringVar(&address, "address", defaultAddress, "The address to the containerd socket for use in the tests") - flag.BoolVar(&noDaemon, "no-daemon", false, "Do not start a dedicated daemon for the tests") - flag.BoolVar(&noCriu, "no-criu", false, "Do not run the checkpoint tests") -- flag.Parse() - } - - func testContext() (context.Context, context.CancelFunc) { -@@ -59,6 +58,7 @@ - } - - func TestMain(m *testing.M) { -+ flag.Parse() - if testing.Short() { - os.Exit(m.Run()) - } -- cgit v1.2.3 From 86c39376cc00ed19758a2861c11f85fa5b94cda4 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 23 Feb 2021 00:03:01 -0500 Subject: gnu: runc: Update to 1.0.0-rc93. * gnu/packages/virtualization.scm (runc): Update to 1.0.0-rc93. [source]: Remove the patches field. [phases]{unpack}: Remove override. {build}: Add the man target. {check}: Make conditional based on TESTS?. {install}: Add the install-man target. [native-inputs]: Add go-github-com-go-md2man. [home-page]: Update. * gnu/packages/patches/runc-CVE-2019-5736.patch: Delete file. * gnu/local.mk: Un-register it. --- gnu/local.mk | 1 - gnu/packages/patches/runc-CVE-2019-5736.patch | 343 -------------------------- gnu/packages/virtualization.scm | 31 +-- 3 files changed, 11 insertions(+), 364 deletions(-) delete mode 100644 gnu/packages/patches/runc-CVE-2019-5736.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index d5fd714669..a1a08fa911 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1645,7 +1645,6 @@ dist_patch_DATA = \ %D%/packages/patches/rnp-disable-ruby-rnp-tests.patch \ %D%/packages/patches/rnp-unbundle-googletest.patch \ %D%/packages/patches/ruby-sanitize-system-libxml.patch \ - %D%/packages/patches/runc-CVE-2019-5736.patch \ %D%/packages/patches/rust-1.19-mrustc.patch \ %D%/packages/patches/rust-1.25-accept-more-detailed-gdb-lines.patch \ %D%/packages/patches/rust-1.45-linker-locale.patch \ diff --git a/gnu/packages/patches/runc-CVE-2019-5736.patch b/gnu/packages/patches/runc-CVE-2019-5736.patch deleted file mode 100644 index f629fcbfb4..0000000000 --- a/gnu/packages/patches/runc-CVE-2019-5736.patch +++ /dev/null @@ -1,343 +0,0 @@ -Fix CVE-2019-5736: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 -https://seclists.org/oss-sec/2019/q1/119 - -Patch copied from upstream source repository: - -https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b - -From 0a8e4117e7f715d5fbeef398405813ce8e88558b Mon Sep 17 00:00:00 2001 -From: Aleksa Sarai -Date: Wed, 9 Jan 2019 13:40:01 +1100 -Subject: [PATCH] nsenter: clone /proc/self/exe to avoid exposing host binary - to container - -There are quite a few circumstances where /proc/self/exe pointing to a -pretty important container binary is a _bad_ thing, so to avoid this we -have to make a copy (preferably doing self-clean-up and not being -writeable). - -We require memfd_create(2) -- though there is an O_TMPFILE fallback -- -but we can always extend this to use a scratch MNT_DETACH overlayfs or -tmpfs. The main downside to this approach is no page-cache sharing for -the runc binary (which overlayfs would give us) but this is far less -complicated. - -This is only done during nsenter so that it happens transparently to the -Go code, and any libcontainer users benefit from it. This also makes -ExtraFiles and --preserve-fds handling trivial (because we don't need to -worry about it). - -Fixes: CVE-2019-5736 -Co-developed-by: Christian Brauner -Signed-off-by: Aleksa Sarai ---- - libcontainer/nsenter/cloned_binary.c | 268 +++++++++++++++++++++++++++ - libcontainer/nsenter/nsexec.c | 11 ++ - 2 files changed, 279 insertions(+) - create mode 100644 libcontainer/nsenter/cloned_binary.c - -diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c -new file mode 100644 -index 000000000..c8a42c23f ---- /dev/null -+++ b/libcontainer/nsenter/cloned_binary.c -@@ -0,0 +1,268 @@ -+/* -+ * Copyright (C) 2019 Aleksa Sarai -+ * Copyright (C) 2019 SUSE LLC -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+ -+#define _GNU_SOURCE -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+/* Use our own wrapper for memfd_create. */ -+#if !defined(SYS_memfd_create) && defined(__NR_memfd_create) -+# define SYS_memfd_create __NR_memfd_create -+#endif -+#ifdef SYS_memfd_create -+# define HAVE_MEMFD_CREATE -+/* memfd_create(2) flags -- copied from . */ -+# ifndef MFD_CLOEXEC -+# define MFD_CLOEXEC 0x0001U -+# define MFD_ALLOW_SEALING 0x0002U -+# endif -+int memfd_create(const char *name, unsigned int flags) -+{ -+ return syscall(SYS_memfd_create, name, flags); -+} -+#endif -+ -+/* This comes directly from . */ -+#ifndef F_LINUX_SPECIFIC_BASE -+# define F_LINUX_SPECIFIC_BASE 1024 -+#endif -+#ifndef F_ADD_SEALS -+# define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9) -+# define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10) -+#endif -+#ifndef F_SEAL_SEAL -+# define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */ -+# define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */ -+# define F_SEAL_GROW 0x0004 /* prevent file from growing */ -+# define F_SEAL_WRITE 0x0008 /* prevent writes */ -+#endif -+ -+#define RUNC_SENDFILE_MAX 0x7FFFF000 /* sendfile(2) is limited to 2GB. */ -+#ifdef HAVE_MEMFD_CREATE -+# define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe" -+# define RUNC_MEMFD_SEALS \ -+ (F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE) -+#endif -+ -+static void *must_realloc(void *ptr, size_t size) -+{ -+ void *old = ptr; -+ do { -+ ptr = realloc(old, size); -+ } while(!ptr); -+ return ptr; -+} -+ -+/* -+ * Verify whether we are currently in a self-cloned program (namely, is -+ * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather -+ * for shmem files), and we want to be sure it's actually sealed. -+ */ -+static int is_self_cloned(void) -+{ -+ int fd, ret, is_cloned = 0; -+ -+ fd = open("/proc/self/exe", O_RDONLY|O_CLOEXEC); -+ if (fd < 0) -+ return -ENOTRECOVERABLE; -+ -+#ifdef HAVE_MEMFD_CREATE -+ ret = fcntl(fd, F_GET_SEALS); -+ is_cloned = (ret == RUNC_MEMFD_SEALS); -+#else -+ struct stat statbuf = {0}; -+ ret = fstat(fd, &statbuf); -+ if (ret >= 0) -+ is_cloned = (statbuf.st_nlink == 0); -+#endif -+ close(fd); -+ return is_cloned; -+} -+ -+/* -+ * Basic wrapper around mmap(2) that gives you the file length so you can -+ * safely treat it as an ordinary buffer. Only gives you read access. -+ */ -+static char *read_file(char *path, size_t *length) -+{ -+ int fd; -+ char buf[4096], *copy = NULL; -+ -+ if (!length) -+ return NULL; -+ -+ fd = open(path, O_RDONLY | O_CLOEXEC); -+ if (fd < 0) -+ return NULL; -+ -+ *length = 0; -+ for (;;) { -+ int n; -+ -+ n = read(fd, buf, sizeof(buf)); -+ if (n < 0) -+ goto error; -+ if (!n) -+ break; -+ -+ copy = must_realloc(copy, (*length + n) * sizeof(*copy)); -+ memcpy(copy + *length, buf, n); -+ *length += n; -+ } -+ close(fd); -+ return copy; -+ -+error: -+ close(fd); -+ free(copy); -+ return NULL; -+} -+ -+/* -+ * A poor-man's version of "xargs -0". Basically parses a given block of -+ * NUL-delimited data, within the given length and adds a pointer to each entry -+ * to the array of pointers. -+ */ -+static int parse_xargs(char *data, int data_length, char ***output) -+{ -+ int num = 0; -+ char *cur = data; -+ -+ if (!data || *output != NULL) -+ return -1; -+ -+ while (cur < data + data_length) { -+ num++; -+ *output = must_realloc(*output, (num + 1) * sizeof(**output)); -+ (*output)[num - 1] = cur; -+ cur += strlen(cur) + 1; -+ } -+ (*output)[num] = NULL; -+ return num; -+} -+ -+/* -+ * "Parse" out argv and envp from /proc/self/cmdline and /proc/self/environ. -+ * This is necessary because we are running in a context where we don't have a -+ * main() that we can just get the arguments from. -+ */ -+static int fetchve(char ***argv, char ***envp) -+{ -+ char *cmdline = NULL, *environ = NULL; -+ size_t cmdline_size, environ_size; -+ -+ cmdline = read_file("/proc/self/cmdline", &cmdline_size); -+ if (!cmdline) -+ goto error; -+ environ = read_file("/proc/self/environ", &environ_size); -+ if (!environ) -+ goto error; -+ -+ if (parse_xargs(cmdline, cmdline_size, argv) <= 0) -+ goto error; -+ if (parse_xargs(environ, environ_size, envp) <= 0) -+ goto error; -+ -+ return 0; -+ -+error: -+ free(environ); -+ free(cmdline); -+ return -EINVAL; -+} -+ -+static int clone_binary(void) -+{ -+ int binfd, memfd; -+ ssize_t sent = 0; -+ -+#ifdef HAVE_MEMFD_CREATE -+ memfd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING); -+#else -+ memfd = open("/tmp", O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0711); -+#endif -+ if (memfd < 0) -+ return -ENOTRECOVERABLE; -+ -+ binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); -+ if (binfd < 0) -+ goto error; -+ -+ sent = sendfile(memfd, binfd, NULL, RUNC_SENDFILE_MAX); -+ close(binfd); -+ if (sent < 0) -+ goto error; -+ -+#ifdef HAVE_MEMFD_CREATE -+ int err = fcntl(memfd, F_ADD_SEALS, RUNC_MEMFD_SEALS); -+ if (err < 0) -+ goto error; -+#else -+ /* Need to re-open "memfd" as read-only to avoid execve(2) giving -EXTBUSY. */ -+ int newfd; -+ char *fdpath = NULL; -+ -+ if (asprintf(&fdpath, "/proc/self/fd/%d", memfd) < 0) -+ goto error; -+ newfd = open(fdpath, O_RDONLY | O_CLOEXEC); -+ free(fdpath); -+ if (newfd < 0) -+ goto error; -+ -+ close(memfd); -+ memfd = newfd; -+#endif -+ return memfd; -+ -+error: -+ close(memfd); -+ return -EIO; -+} -+ -+int ensure_cloned_binary(void) -+{ -+ int execfd; -+ char **argv = NULL, **envp = NULL; -+ -+ /* Check that we're not self-cloned, and if we are then bail. */ -+ int cloned = is_self_cloned(); -+ if (cloned > 0 || cloned == -ENOTRECOVERABLE) -+ return cloned; -+ -+ if (fetchve(&argv, &envp) < 0) -+ return -EINVAL; -+ -+ execfd = clone_binary(); -+ if (execfd < 0) -+ return -EIO; -+ -+ fexecve(execfd, argv, envp); -+ return -ENOEXEC; -+} -diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c -index 28269dfc0..7750af35e 100644 ---- a/libcontainer/nsenter/nsexec.c -+++ b/libcontainer/nsenter/nsexec.c -@@ -534,6 +534,9 @@ void join_namespaces(char *nslist) - free(namespaces); - } - -+/* Defined in cloned_binary.c. */ -+extern int ensure_cloned_binary(void); -+ - void nsexec(void) - { - int pipenum; -@@ -549,6 +552,14 @@ void nsexec(void) - if (pipenum == -1) - return; - -+ /* -+ * We need to re-exec if we are not in a cloned binary. This is necessary -+ * to ensure that containers won't be able to access the host binary -+ * through /proc/self/exe. See CVE-2019-5736. -+ */ -+ if (ensure_cloned_binary() < 0) -+ bail("could not ensure we are a cloned binary"); -+ - /* Parse all of the netlink configuration. */ - nl_parse(pipenum, &config); - diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index c6929b9f1a..b365d722f9 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -1564,17 +1564,16 @@ monitor/GPU.") (define-public runc (package (name "runc") - (version "1.0.0-rc6") + (version "1.0.0-rc93") (source (origin (method url-fetch) (uri (string-append "https://github.com/opencontainers/runc/releases/" "download/v" version "/runc.tar.xz")) (file-name (string-append name "-" version ".tar.xz")) - (patches (search-patches "runc-CVE-2019-5736.patch")) (sha256 (base32 - "1c7832dq70slkjh8qp2civ1wxhhdd2hrx84pq7db1mmqc9fdr3cc")))) + "0b90r1bkvlqli53ca1yc1l488dba0isd3i6l7nlhszxi8p7hzvkh")))) (build-system go-build-system) (arguments '(#:import-path "github.com/opencontainers/runc" @@ -1584,35 +1583,27 @@ monitor/GPU.") #:tests? #f #:phases (modify-phases %standard-phases - (replace 'unpack - (lambda* (#:key source import-path #:allow-other-keys) - ;; Unpack the tarball into 'runc' instead of 'runc-1.0.0-rc5'. - (let ((dest (string-append "src/" import-path))) - (mkdir-p dest) - (invoke "tar" "-C" (string-append "src/" import-path) - "--strip-components=1" - "-xvf" source)))) (replace 'build (lambda* (#:key import-path #:allow-other-keys) (with-directory-excursion (string-append "src/" import-path) - ;; XXX: requires 'go-md2man'. - ;; (invoke "make" "man") - (invoke "make")))) - ;; (replace 'check - ;; (lambda _ - ;; (invoke "make" "localunittest"))) + (invoke "make" "all" "man")))) + (replace 'check + (lambda* (#:key tests? #:allow-other-keys) + (when tests? + (invoke "make" "localunittest")))) (replace 'install (lambda* (#:key import-path outputs #:allow-other-keys) (with-directory-excursion (string-append "src/" import-path) (let ((out (assoc-ref outputs "out"))) - (invoke "make" "install" "install-bash" + (invoke "make" "install" "install-bash" "install-man" (string-append "PREFIX=" out))))))))) (native-inputs - `(("pkg-config" ,pkg-config))) + `(("go-md2man" ,go-github-com-go-md2man) + ("pkg-config" ,pkg-config))) (inputs `(("libseccomp" ,libseccomp))) (synopsis "Open container initiative runtime") - (home-page "https://www.opencontainers.org/") + (home-page "https://opencontainers.org/") (description "@command{runc} is a command line client for running applications packaged according to the -- cgit v1.2.3 From e29b1fff1d8147623ab149fca7b0cc42a376bf62 Mon Sep 17 00:00:00 2001 From: Philip McGrath Date: Fri, 19 Mar 2021 14:24:51 -0400 Subject: gnu: chez-scheme: simplify packaging Take advantage of patches that have been accepted upstream. These changes lay a foundation for reusing more of Chez's build process for Racket. * gnu/packages/patches/chez-scheme-build-util-paths-backport.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/chez.scm (chez-scheme)[source](patches): Use it. [source](snippet): Remove bundled libraries here, not in configure phase. [inputs]: Organize. Move "nanopass", "stex", and "xorg-rgb" to ... [native-inputs]: ... this field. [arguments]: Add (ice-9 ftw) to #:modules. Remove unneeded 'patch-processor-detection' phase. Add 'unpack-nanopass+stex' phase (refactored from 'configure'). Simplify 'configure' phase by removing patches that have been upstreamed. Add "--nogzip-man-pages" flag so we can remove 'make-manpages-writable' phase. Stop ignoring #:configure-flags, move "--threads" there, and remove unneeded workaround. Add 'prepare-stex' phase (refactored from 'install-doc'). Use it to streamline 'install-doc' phase, installing all of the right files into the right places. Signed-off-by: Leo Prikler --- gnu/local.mk | 1 + gnu/packages/chez.scm | 246 ++++--- .../chez-scheme-build-util-paths-backport.patch | 780 +++++++++++++++++++++ 3 files changed, 923 insertions(+), 104 deletions(-) create mode 100644 gnu/packages/patches/chez-scheme-build-util-paths-backport.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a1a08fa911..1d7133667d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -887,6 +887,7 @@ dist_patch_DATA = \ %D%/packages/patches/cdparanoia-fpic.patch \ %D%/packages/patches/cdrtools-3.01-mkisofs-isoinfo.patch \ %D%/packages/patches/ceph-disable-cpu-optimizations.patch \ + %D%/packages/patches/chez-scheme-build-util-paths-backport.patch \ %D%/packages/patches/chmlib-inttypes.patch \ %D%/packages/patches/cl-asdf-config-directories.patch \ %D%/packages/patches/clamav-config-llvm-libs.patch \ diff --git a/gnu/packages/chez.scm b/gnu/packages/chez.scm index b0b9abfd05..1cd2cde71b 100644 --- a/gnu/packages/chez.scm +++ b/gnu/packages/chez.scm @@ -30,6 +30,7 @@ #:use-module (guix download) #:use-module (guix git-download) #:use-module (guix utils) + #:use-module (guix gexp) #:use-module (guix build-system gnu) #:use-module (gnu packages compression) #:use-module (gnu packages ncurses) @@ -79,21 +80,41 @@ (commit (string-append "v" version)))) (sha256 (base32 "0prgn2z9l888j93ydxaf04ph424g0fi3a8w7f8m0b2r7fr1v7388")) - (file-name (git-file-name name version)))) + (file-name (git-file-name name version)) + (patches + (search-patches + ;; backported from upstream: remove on next release + "chez-scheme-build-util-paths-backport.patch")) + (snippet + ;; remove bundled libraries + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (for-each (lambda (dir) + (when (directory-exists? dir) + (delete-file-recursively dir))) + '("stex" + "nanopass" + "lz4" + "zlib"))))))) (build-system gnu-build-system) (inputs - `(("ncurses" ,ncurses) - ("libuuid" ,util-linux "lib") - ("libx11" ,libx11) - ("lz4" ,lz4) - ("lz4:static" ,lz4 "static") - ("xorg-rgb" ,xorg-rgb) - ("nanopass" ,nanopass) + `(("libuuid" ,util-linux "lib") ("zlib" ,zlib) ("zlib:static" ,zlib "static") - ("stex" ,stex))) + ("lz4" ,lz4) + ("lz4:static" ,lz4 "static") + ;; for expeditor: + ("ncurses" ,ncurses) + ;; for X11 clipboard support in expeditor: + ;; https://github.com/cisco/ChezScheme/issues/9#issuecomment-222057232 + ("libx11" ,libx11))) (native-inputs - `(("texlive" ,(texlive-union (list texlive-latex-oberdiek + `(("nanopass" ,nanopass) ; source only + ;; for docs + ("stex" ,stex) + ("xorg-rgb" ,xorg-rgb) + ("texlive" ,(texlive-union (list texlive-latex-oberdiek texlive-generic-epsf))) ("ghostscript" ,ghostscript) ("netpbm" ,netpbm))) @@ -103,96 +124,54 @@ (files (list (string-append "lib/csv" version "-site")))))) (outputs '("out" "doc")) (arguments - `(#:modules ((guix build gnu-build-system) - (guix build utils) - (ice-9 match)) + `(#:modules + ((guix build gnu-build-system) + (guix build utils) + (ice-9 ftw) + (ice-9 match)) #:test-target "test" #:configure-flags - (list ,(match (or (%current-target-system) (%current-system)) - ("x86_64-linux" '(list "--machine=ta6le")) - ("i686-linux" '(list "--machine=ti3le")) - ;; Let autodetection have its attempt on other architectures. - (_ - '()))) + '("--threads") ;; TODO when we fix armhf, it doesn't support --threads #:phases (modify-phases %standard-phases - (add-after 'unpack 'patch-processor-detection - (lambda _ (substitute* "configure" - (("uname -a") "uname -m")) - #t)) - ;; Adapt the custom 'configure' script. + ;; put these where configure expects them to be + (add-after 'unpack 'unpack-nanopass+stex + (lambda* (#:key native-inputs inputs #:allow-other-keys) + (for-each (lambda (dep) + (define src + (assoc-ref (or native-inputs inputs) dep)) + (copy-recursively src dep + #:keep-mtime? #t)) + '("nanopass" "stex")) + #t)) + ;; NOTE: the custom Chez 'configure' script doesn't allow + ;; unrecognized flags, such as those automatically added + ;; by `gnu-build-system`. (replace 'configure - (lambda* (#:key inputs outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out")) - (nanopass (assoc-ref inputs "nanopass")) - (stex (assoc-ref inputs "stex")) - (lz4-static (assoc-ref inputs "lz4:static")) - (zlib-static (assoc-ref inputs "zlib:static")) - (unpack (assoc-ref %standard-phases 'unpack)) - (patch-source-shebangs - (assoc-ref %standard-phases 'patch-source-shebangs))) - (map (match-lambda - ((src orig-name new-name) - (with-directory-excursion "." - (apply unpack (list #:source src)) - (apply patch-source-shebangs (list #:source src))) - (delete-file-recursively new-name) - (invoke "mv" orig-name new-name))) - `((,nanopass "source" "nanopass") - (,stex "source" "stex"))) - ;; The configure step wants to CURL all submodules as it - ;; detects a checkout without submodules. Disable curling, - ;; and manually patch the needed modules for compilation. - (substitute* "configure" - (("! -f '") "-d '")) ; working around CURL. - (substitute* (find-files "mats" "Mf-.*") - (("^[[:space:]]+(cc ) *") "\tgcc ")) - (substitute* - (find-files "." (string-append - "(" - "Mf-[a-zA-Z0-9.]+" - "|Makefile[a-zA-Z0-9.]*" - "|checkin" - "|stex\\.stex" - "|newrelease" - "|workarea" - "|unix\\.ms" - "|^6\\.ms" - ;;"|[a-zA-Z0-9.]+\\.ms" ; guile can't read - ")")) - (("/bin/rm") (which "rm")) - (("/bin/ln") (which "ln")) - (("/bin/cp") (which "cp")) - (("/bin/echo") (which "echo"))) - (substitute* "makefiles/installsh" - (("/bin/true") (which "true"))) - (substitute* "stex/Makefile" - (("PREFIX=/usr") (string-append "PREFIX=" out))) - (invoke "./configure" "--threads" - (string-append "ZLIB=" zlib-static "/lib/libz.a") - (string-append "LZ4=" lz4-static "/lib/liblz4.a") - (string-append "--installprefix=" out))))) - ;; Installation of the documentation requires a running "chez". - (add-after 'install 'install-doc - (lambda* (#:key inputs outputs #:allow-other-keys) - (let ((doc (string-append (assoc-ref outputs "doc") - "/share/doc/" ,name "-" ,version))) - (invoke "make" "docs") - (with-directory-excursion "csug" - (substitute* "Makefile" - ;; The ‘installdir=’ can't be overruled on the command line. - (("/tmp/csug9") doc) - ;; $m is the ‘machine type’, e.g. ‘ta6le’ on x86_64, but is - ;; set incorrectly for some reason, e.g. to ‘a6le’ on x86_64. - ;; Avoid the whole mess by running the (machine-independent) - ;; ‘installsh’ script at its original location. - (("\\$m/installsh") "makefiles/installsh")) - (invoke "make" "install") - (install-file "csug.pdf" doc)) - (with-directory-excursion "release_notes" - (install-file "release_notes.pdf" doc)) + (lambda* (#:key inputs outputs + (configure-flags '()) + #:allow-other-keys) + (let* ((zlib-static (assoc-ref inputs "zlib:static")) + (lz4-static (assoc-ref inputs "lz4:static")) + (out (assoc-ref outputs "out")) + ;; add flags which are always required: + (flags (cons* + (string-append "--installprefix=" out) + (string-append "ZLIB=" zlib-static "/lib/libz.a") + (string-append "LZ4=" lz4-static "/lib/liblz4.a") + ;; Guix will do compress man pages, + ;; and letting Chez try causes an error + "--nogzip-man-pages" + configure-flags))) + (format #t "configure flags: ~s~%" flags) + ;; Some makefiles (for tests) don't seem to propagate CC + ;; properly, so we take it out of their hands: + (setenv "CC" ,(cc-for-target)) + (apply invoke + "./configure" + flags) #t))) - ;; The binary file name is called "scheme" as the one from MIT/GNU + ;; The binary file name is called "scheme" as is the one from MIT/GNU ;; Scheme. We add a symlink to use in case both are installed. (add-after 'install 'install-symlink (lambda* (#:key outputs #:allow-other-keys) @@ -207,16 +186,75 @@ "/" name ".boot"))) (find-files lib "scheme.boot")) #t))) - (add-before 'reset-gzip-timestamps 'make-manpages-writable - (lambda* (#:key outputs #:allow-other-keys) - (map (lambda (file) - (make-file-writable file)) - (find-files (string-append (assoc-ref outputs "out") - "/share/man") - ".*\\.gz$")) - #t))))) - ;; According to the documentation MIPS is not supported. - ;; Cross-compiling for the Raspberry Pi is supported, but not native ARM. + ;; Building explicitly lets us avoid using substitute* + ;; to re-write makefiles. + (add-after 'install-symlink 'prepare-stex + (lambda* (#:key native-inputs inputs outputs #:allow-other-keys) + (let* ((stex+version + (strip-store-file-name + (assoc-ref (or native-inputs inputs) "stex"))) + ;; Eventually we want to install stex as a real + ;; package so it's reusable. For now: + (stex-output "/tmp") + (doc-dir (string-append stex-output + "/share/doc/" + stex+version))) + (with-directory-excursion "stex" + (invoke "make" + "install" + (string-append "LIB=" + stex-output + "/lib/" + stex+version) + (string-append "Scheme=" + (assoc-ref outputs "out") + "/bin/scheme")) + (for-each (lambda (pth) + (install-file pth doc-dir)) + '("ReadMe" ; includes the license + "doc/stex.html" + "doc/stex.css" + "doc/stex.pdf")) + #t)))) + ;; Building the documentation requires stex and a running scheme. + ;; FIXME: this is probably wrong for cross-compilation + (add-after 'prepare-stex 'install-doc + (lambda* (#:key native-inputs inputs outputs #:allow-other-keys) + (let* ((chez+version (strip-store-file-name + (assoc-ref outputs "out"))) + (stex+version + (strip-store-file-name + (assoc-ref (or native-inputs inputs) "stex"))) + (scheme (string-append (assoc-ref outputs "out") + "/bin/scheme")) + ;; see note on stex-output in phase build-stex, above: + (stexlib (string-append "/tmp" + "/lib/" + stex+version)) + (doc-dir (string-append (assoc-ref outputs "doc") + "/share/doc/" + chez+version))) + (define* (stex-make #:optional (suffix "")) + (invoke "make" + "install" + (string-append "Scheme=" scheme) + (string-append "STEXLIB=" stexlib) + (string-append "installdir=" doc-dir suffix))) + (with-directory-excursion "csug" + (stex-make "/csug")) + (with-directory-excursion "release_notes" + (stex-make "/release_notes")) + (with-directory-excursion doc-dir + (symlink "release_notes/release_notes.pdf" + "release_notes.pdf") + (symlink "csug/csug9_5.pdf" + "csug.pdf")) + #t)))))) + ;; Chez Scheme does not have a MIPS backend. + ;; FIXME: Debian backports patches to get armhf working. + ;; We should too. It is the Chez machine type arm32le + ;; (no threaded version upstream yet, though there is in + ;; Racket's fork), more specifically (per the release notes) ARMv6. (supported-systems (fold delete %supported-systems '("mips64el-linux" "armhf-linux"))) (home-page "https://cisco.github.io/ChezScheme/") diff --git a/gnu/packages/patches/chez-scheme-build-util-paths-backport.patch b/gnu/packages/patches/chez-scheme-build-util-paths-backport.patch new file mode 100644 index 0000000000..aad2d99996 --- /dev/null +++ b/gnu/packages/patches/chez-scheme-build-util-paths-backport.patch @@ -0,0 +1,780 @@ +From 2447e047b750c3371778beb487f881641a582e66 Mon Sep 17 00:00:00 2001 +From: Philip McGrath +Date: Thu, 11 Mar 2021 18:17:47 -0500 +Subject: [PATCH] avoid hard-coded paths for utilities in build scripts + +Backported from +https://github.com/cisco/ChezScheme/commit/8f4633ce24ac6425b2ab13cc78026b1c9bb5361e + +Specific changes: + - `cc` -> `$(CC)` + - `/bin/rm` -> `rm` + - `/bin/ln` -> `ln` + - `/bin/cp` -> `cp` + - `/bin/echo` -> `echo` + - in `makefiles/installsh`, add a case to find `true` + at an unusual path or as a shell builtin + +Co-authored-by: Andy Keep +--- + LOG | 12 ++++++++++++ + csug/gifs/Makefile | 8 ++++---- + csug/math/Makefile | 4 ++-- + examples/Makefile | 2 +- + makefiles/Makefile-csug.in | 6 +++--- + makefiles/Makefile-release_notes.in | 2 +- + makefiles/Mf-install.in | 4 ++-- + makefiles/installsh | 3 ++- + mats/6.ms | 2 +- + mats/Mf-a6fb | 4 ++-- + mats/Mf-a6le | 4 ++-- + mats/Mf-a6nb | 4 ++-- + mats/Mf-a6ob | 4 ++-- + mats/Mf-a6osx | 4 ++-- + mats/Mf-arm32le | 4 ++-- + mats/Mf-i3fb | 4 ++-- + mats/Mf-i3le | 4 ++-- + mats/Mf-i3nb | 4 ++-- + mats/Mf-i3ob | 4 ++-- + mats/Mf-i3osx | 4 ++-- + mats/Mf-i3qnx | 4 ++-- + mats/Mf-ppc32le | 4 ++-- + mats/Mf-ta6fb | 4 ++-- + mats/Mf-ta6le | 4 ++-- + mats/Mf-ta6nb | 4 ++-- + mats/Mf-ta6ob | 4 ++-- + mats/Mf-ta6osx | 4 ++-- + mats/Mf-ti3fb | 4 ++-- + mats/Mf-ti3le | 4 ++-- + mats/Mf-ti3nb | 4 ++-- + mats/Mf-ti3ob | 4 ++-- + mats/Mf-ti3osx | 4 ++-- + mats/Mf-tppc32le | 4 ++-- + mats/unix.ms | 4 ++-- + newrelease | 22 +++++++++++----------- + pkg/Makefile | 2 +- + release_notes/gifs/Makefile | 6 +++--- + release_notes/math/Makefile | 4 ++-- + s/Mf-base | 2 +- + workarea | 10 +++++----- + 40 files changed, 101 insertions(+), 88 deletions(-) + +diff --git a/LOG b/LOG +index e1631df..399104d 100644 +--- a/LOG ++++ b/LOG +@@ -2119,3 +2119,15 @@ + bintar/Makefile rpm/Makefile pkg/Makefile wininstall/Makefile + wininstall/a6nt.wxs wininstall/i3nt.wxs wininstall/ta6nt.wxs + wininstall/ti3nt.wxs ++9.5.5 changes: ++- avoid hard-coded paths for utilities in build scripts ++ checkin csug/gifs/Makefile csug/math/Makefile examples/Makefile ++ makefiles/Makefile-csug.in makefiles/Makefile-release_notes.in ++ makefiles/Mf-install.in makefiles/installsh mats/6.ms mats/Mf-a6fb ++ mats/Mf-a6le mats/Mf-a6nb mats/Mf-a6ob mats/Mf-a6osx mats/Mf-arm32le ++ mats/Mf-i3fb mats/Mf-i3le mats/Mf-i3nb mats/Mf-i3ob mats/Mf-i3osx ++ mats/Mf-i3qnx mats/Mf-ppc32le mats/Mf-ta6fb mats/Mf-ta6le mats/Mf-ta6nb ++ mats/Mf-ta6ob mats/Mf-ta6osx mats/Mf-ti3fb mats/Mf-ti3le mats/Mf-ti3nb ++ mats/Mf-ti3ob mats/Mf-ti3osx mats/Mf-tppc32le mats/unix.ms newrelease ++ pkg/Makefile release_notes/gifs/Makefile release_notes/math/Makefile ++ s/Mf-base workarea +diff --git a/csug/gifs/Makefile b/csug/gifs/Makefile +index 8676e4c..4253ffd 100644 +--- a/csug/gifs/Makefile ++++ b/csug/gifs/Makefile +@@ -18,7 +18,7 @@ density=-r90x90 + ${density} - |\ + pnmcrop |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f $*.dvi $*.log *.aux ++ rm -f $*.dvi $*.log *.aux + test -f $*.gif && chmod 644 $*.gif + + # translate ps file to gif w/o transparent white background +@@ -28,7 +28,7 @@ density=-r90x90 + ${density} - |\ + pnmcrop |\ + ppmtogif > $*.gif +- /bin/rm -f $*.dvi $*.log *.aux ++ rm -f $*.dvi $*.log *.aux + test -f $*.gif && chmod 644 $*.gif + + all: ${gifs} +@@ -57,7 +57,7 @@ ghostRightarrow.gif: Rightarrow.tex + giftrans -g '#000000=#ffffff' |\ + giftopnm |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f Rightarrow.dvi Rightarrow.log Rightarrow.aux ++ rm -f Rightarrow.dvi Rightarrow.log Rightarrow.aux + test -f $*.gif && chmod 644 $*.gif + +-clean: ; /bin/rm -f *.gif Make.out ++clean: ; rm -f *.gif Make.out +diff --git a/csug/math/Makefile b/csug/math/Makefile +index 3385fdb..3392ea8 100644 +--- a/csug/math/Makefile ++++ b/csug/math/Makefile +@@ -15,11 +15,11 @@ density=-r90x90 + ${density} - |\ + pnmcrop |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f $*.dvi $*.log $*.aux ++ rm -f $*.dvi $*.log $*.aux + test -f $*.gif && chmod 644 $*.gif + + all: ${gifs} + + ${gifs}: mathmacros + +-clean: ; /bin/rm -f *.gif Make.out ++clean: ; rm -f *.gif Make.out +diff --git a/examples/Makefile b/examples/Makefile +index b1b4e1d..3edfdd0 100644 +--- a/examples/Makefile ++++ b/examples/Makefile +@@ -25,4 +25,4 @@ needed: ${obj} + + all: ; echo "(time (for-each compile-file (map symbol->string '(${src}))))" | ${Scheme} + +-clean: ; /bin/rm -f $(obj) expr.md ++clean: ; rm -f $(obj) expr.md +diff --git a/makefiles/Makefile-csug.in b/makefiles/Makefile-csug.in +index df24092..6f8a8d9 100644 +--- a/makefiles/Makefile-csug.in ++++ b/makefiles/Makefile-csug.in +@@ -29,7 +29,7 @@ install: target + # thrice is not enough when starting from scratch + logcheck1: $(x).thirdrun + @if [ -n "`grep 'Warning: Label(s) may have changed' $(x).log`" ] ; then\ +- /bin/rm -f $(x).thirdrun ;\ ++ rm -f $(x).thirdrun ;\ + $(MAKE) $(x).thirdrun;\ + fi + +@@ -55,7 +55,7 @@ stexsrc = csug.stex title.stex copyright.stex contents.stex\ + texsrc = ${stexsrc:%.stex=%.tex} + + title.tex contents.tex bibliography.tex: +- /bin/rm -f $*.tex ++ rm -f $*.tex + echo "%%% DO NOT EDIT THIS FILE" > $*.tex + echo "%%% Edit the .stex version instead" >> $*.tex + echo "" >> $*.tex +@@ -147,7 +147,7 @@ code: $(stexsrc) + echo '(load "code" pretty-print)' | $(Scheme) -q + + $(x).clean: +- -/bin/rm -f $(x).rfm $(x).sfm $(x).prefirstrun $(x).presecondrun\ ++ -rm -f $(x).rfm $(x).sfm $(x).prefirstrun $(x).presecondrun\ + $(x).prethirdrun $(x).ans\ + $(x).hprefirstrun $(x).hpresecondrun $(x).hprethirdrun\ + tspl.aux tspl.haux tspl.rfm tspl.idx in.hidx\ +diff --git a/makefiles/Makefile-release_notes.in b/makefiles/Makefile-release_notes.in +index 4435b6f..64348a4 100644 +--- a/makefiles/Makefile-release_notes.in ++++ b/makefiles/Makefile-release_notes.in +@@ -38,7 +38,7 @@ install: $x.pdf $x.html + $(INSTALL) -m 2755 -d $(installdir)/gifs + $(INSTALL) -m 0644 --ifdiff gifs/*.gif $(installdir)/gifs + $(INSTALL) -m 2755 -d $(installdir)/math +- -/bin/rm -rf $(installdir)/$(mathdir) ++ -rm -rf $(installdir)/$(mathdir) + $(INSTALL) -m 2755 -d $(installdir)/$(mathdir) + if [ -e $(mathdir)/0.gif ] ; then $(INSTALL) -m 0644 $(mathdir)/*.gif $(installdir)/$(mathdir) ; fi + +diff --git a/makefiles/Mf-install.in b/makefiles/Mf-install.in +index a702c34..c09043d 100644 +--- a/makefiles/Mf-install.in ++++ b/makefiles/Mf-install.in +@@ -114,12 +114,12 @@ bininstall: ${Bin} + libbininstall: ${LibBin} + $I -m 444 ${PetiteBoot} ${LibBin}/petite.boot + if [ "${InstallPetiteName}" != "petite" ]; then\ +- /bin/rm -f ${LibBin}/${InstallPetiteName}.boot;\ ++ rm -f ${LibBin}/${InstallPetiteName}.boot;\ + ln -f ${LibBin}/petite.boot ${LibBin}/${InstallPetiteName}.boot;\ + fi + $I -m 444 ${SchemeBoot} ${LibBin}/scheme.boot;\ + if [ "${InstallSchemeName}" != "scheme" ]; then\ +- /bin/rm -f ${LibBin}/${InstallSchemeName}.boot;\ ++ rm -f ${LibBin}/${InstallSchemeName}.boot;\ + ln -f ${LibBin}/scheme.boot ${LibBin}/${InstallSchemeName}.boot;\ + fi + ln -f ${LibBin}/scheme.boot ${LibBin}/${InstallScriptName}.boot; +diff --git a/makefiles/installsh b/makefiles/installsh +index 48f1e46..95d85fb 100755 +--- a/makefiles/installsh ++++ b/makefiles/installsh +@@ -1,7 +1,8 @@ + #! /bin/sh + if [ -x /bin/true ]; then TRUE=/bin/true; + elif [ -x /usr/bin/true ]; then TRUE=/usr/bin/true; +-else echo "Can't find /bin/true or /usr/bin/true" ; exit 1; ++elif command -v true &> /dev/null; then TRUE=true; ++else echo "Can't find /bin/true or /usr/bin/true and no true command" ; exit 1; + fi + + while ${TRUE} ; do +diff --git a/mats/6.ms b/mats/6.ms +index 102f84b..e504230 100644 +--- a/mats/6.ms ++++ b/mats/6.ms +@@ -2685,7 +2685,7 @@ + (begin + (system "ln -s ../examples .") + (load "examples/fatfib.ss" compile) +- (system "/bin/rm examples") ++ (system "rm -f examples") + #t)) + (or (windows?) (embedded?) + (equal? +diff --git a/mats/Mf-a6fb b/mats/Mf-a6fb +index b16d1b6..ff9e687 100644 +--- a/mats/Mf-a6fb ++++ b/mats/Mf-a6fb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-a6le b/mats/Mf-a6le +index d6fee09..a3bda76 100644 +--- a/mats/Mf-a6le ++++ b/mats/Mf-a6le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m64 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m64 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-a6nb b/mats/Mf-a6nb +index 48187ef..0f7ac17 100644 +--- a/mats/Mf-a6nb ++++ b/mats/Mf-a6nb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-a6ob b/mats/Mf-a6ob +index 12758f3..0ffcccc 100644 +--- a/mats/Mf-a6ob ++++ b/mats/Mf-a6ob +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-a6osx b/mats/Mf-a6osx +index f1dbf85..57bac22 100644 +--- a/mats/Mf-a6osx ++++ b/mats/Mf-a6osx +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m64 -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m64 -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-arm32le b/mats/Mf-arm32le +index f33a665..83896eb 100644 +--- a/mats/Mf-arm32le ++++ b/mats/Mf-arm32le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -fomit-frame-pointer -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -fomit-frame-pointer -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3fb b/mats/Mf-i3fb +index 150cedb..1e4e8fc 100644 +--- a/mats/Mf-i3fb ++++ b/mats/Mf-i3fb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3le b/mats/Mf-i3le +index 8f521c8..b248620 100644 +--- a/mats/Mf-i3le ++++ b/mats/Mf-i3le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3nb b/mats/Mf-i3nb +index e81f6ff..8afeb5c 100644 +--- a/mats/Mf-i3nb ++++ b/mats/Mf-i3nb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3ob b/mats/Mf-i3ob +index 4e3ee1b..fcd4dee 100644 +--- a/mats/Mf-i3ob ++++ b/mats/Mf-i3ob +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3osx b/mats/Mf-i3osx +index 53c7d4a..a55f6ee 100644 +--- a/mats/Mf-i3osx ++++ b/mats/Mf-i3osx +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-i3qnx b/mats/Mf-i3qnx +index 724f2db..3e1437a 100644 +--- a/mats/Mf-i3qnx ++++ b/mats/Mf-i3qnx +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ppc32le b/mats/Mf-ppc32le +index 28151a8..547ca00 100644 +--- a/mats/Mf-ppc32le ++++ b/mats/Mf-ppc32le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ta6fb b/mats/Mf-ta6fb +index 921d609..5ed233e 100644 +--- a/mats/Mf-ta6fb ++++ b/mats/Mf-ta6fb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ta6le b/mats/Mf-ta6le +index cd014ec..21c686a 100644 +--- a/mats/Mf-ta6le ++++ b/mats/Mf-ta6le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m64 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m64 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ta6nb b/mats/Mf-ta6nb +index 6b1929d..9b9b898 100644 +--- a/mats/Mf-ta6nb ++++ b/mats/Mf-ta6nb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ta6ob b/mats/Mf-ta6ob +index a7aee91..8f25aed 100644 +--- a/mats/Mf-ta6ob ++++ b/mats/Mf-ta6ob +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ta6osx b/mats/Mf-ta6osx +index 42da5d7..0dd386f 100644 +--- a/mats/Mf-ta6osx ++++ b/mats/Mf-ta6osx +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m64 -pthread -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m64 -pthread -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ti3fb b/mats/Mf-ti3fb +index c891145..56bf7d3 100644 +--- a/mats/Mf-ti3fb ++++ b/mats/Mf-ti3fb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ti3le b/mats/Mf-ti3le +index 12e77b8..22b4148 100644 +--- a/mats/Mf-ti3le ++++ b/mats/Mf-ti3le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ti3nb b/mats/Mf-ti3nb +index 028c652..573946e 100644 +--- a/mats/Mf-ti3nb ++++ b/mats/Mf-ti3nb +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ti3ob b/mats/Mf-ti3ob +index 8a4741c..4472b60 100644 +--- a/mats/Mf-ti3ob ++++ b/mats/Mf-ti3ob +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-ti3osx b/mats/Mf-ti3osx +index 6913c34..9273b44 100644 +--- a/mats/Mf-ti3osx ++++ b/mats/Mf-ti3osx +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -pthread -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -pthread -dynamiclib -undefined dynamic_lookup -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/Mf-tppc32le b/mats/Mf-tppc32le +index a12b515..8b9d9f0 100644 +--- a/mats/Mf-tppc32le ++++ b/mats/Mf-tppc32le +@@ -21,7 +21,7 @@ fobj = foreign1.so + include Mf-base + + foreign1.so: ${fsrc} ../boot/$m/scheme.h +- cc -m32 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} ++ $(CC) -m32 -pthread -fPIC -shared -I${Include} -o foreign1.so ${fsrc} + + cat_flush: cat_flush.c +- cc -o cat_flush cat_flush.c ++ $(CC) -o cat_flush cat_flush.c +diff --git a/mats/unix.ms b/mats/unix.ms +index cfba3e7..db7f6f9 100644 +--- a/mats/unix.ms ++++ b/mats/unix.ms +@@ -72,8 +72,8 @@ + (mat system + (eqv? (with-output-to-file "testfile.ss" void '(replace)) (void)) + (begin +- (system (format "~:[~;/pkg~]/bin/rm testfile.ss" (embedded?))) +- (system (format "~:[~;/pkg~]/bin/echo hello > testfile.ss" (embedded?))) ++ (system "rm -f testfile.ss") ++ (system "echo hello > testfile.ss") + (let ([p (open-input-file "testfile.ss")]) + (and (eq? (read p) 'hello) + (begin (close-input-port p) #t)))) +diff --git a/newrelease b/newrelease +index e903956..2d06740 100755 +--- a/newrelease ++++ b/newrelease +@@ -75,13 +75,13 @@ if ($status != 0) exit 1 + + cd $W + +-/bin/rm -f BUILDING ++rm -f BUILDING + sed -e "s/Chez Scheme Version [^ ]*/Chez Scheme Version $R/" \ + -e "s/Copyright 1984-.... /Copyright 1984-`date +%Y` /" \ + ../BUILDING > BUILDING + set updatedfiles = ($updatedfiles BUILDING) + +-/bin/rm -f NOTICE ++rm -f NOTICE + sed -e "s/Chez Scheme Version [^ ]*/Chez Scheme Version $R/" \ + -e "s/Copyright 1984-.... /Copyright 1984-`date +%Y` /" \ + ../NOTICE > NOTICE +@@ -92,19 +92,19 @@ sed -e "s/csv[0-9]\.[0-9]\(\.[0-9]\)*/csv$R/" ../makefiles/Mf-install.in > makef + sed -e "s/csug[0-9]\.[0-9]/csug$MR.$mR/" -e "s/csug[0-9]_[0-9]/csug$MR""_$mR/" ../makefiles/Makefile-csug.in > makefiles/Makefile-csug.in + set updatedfiles = ($updatedfiles makefiles/Mf-install.in makefiles/Makefile-csug.in) + +-/bin/rm scheme.1.in ++rm -f scheme.1.in + sed -e "s/Chez Scheme Version [0-9]\.[0-9]\(\.[0-9]\)* .* [0-9][0-9]*/Chez Scheme Version $R `date +'%B %Y'`/" \ + -e "s/Copyright .* Cisco Systems, Inc./Copyright `date +%Y` Cisco Systems, Inc./" \ + ../scheme.1.in > scheme.1.in + set updatedfiles = ($updatedfiles scheme.1.in) + +-/bin/rm -f c/Makefile.{,t}{i3,a6}nt ++rm -f c/Makefile.{,t}{i3,a6}nt + foreach fn (c/Makefile.{,t}{a6,i3}nt) + set updatedfiles = ($updatedfiles $fn) + sed -e "s/csv[0-9][0-9][0-9]*/csv$ZR/g" ../$fn > $fn + end + +-/bin/rm -f mats/Mf-{,t}{i3,a6}nt ++rm -f mats/Mf-{,t}{i3,a6}nt + foreach fn (mats/Mf-{,t}{a6,i3}nt) + set updatedfiles = ($updatedfiles $fn) + sed -e "s/csv[0-9][0-9][0-9]*/csv$ZR/g" ../$fn > $fn +@@ -123,11 +123,11 @@ sed -e "s/FILEVERSION .*/FILEVERSION $RCVERSION/"\ + -e "s/Copyright 1984-..../Copyright 1984-`date +%Y`/g" ../c/scheme.rc > c/scheme.rc + set updatedfiles = ($updatedfiles c/scheme.rc) + +-/bin/rm -f s/7.ss ++rm -f s/7.ss + sed -e "s/nCopyright 1984-..../nCopyright 1984-`date +%Y`/g" ../s/7.ss > s/7.ss + set updatedfiles = ($updatedfiles s/7.ss) + +-/bin/rm -f s/cmacros.ss ++rm -f s/cmacros.ss + set VNUM = `printf "%04x%02x%02x" $MR $mR $bR` + sed -e "s/scheme-version #x......../scheme-version #x$VNUM/" ../s/cmacros.ss > s/cmacros.ss + set updatedfiles = ($updatedfiles s/cmacros.ss) +@@ -146,17 +146,17 @@ sed -e "s/Revised\(.*\)for Chez Scheme Version [^ ]*
/Revised\1for Chez Schem + ../csug/csug.stex > csug/csug.stex + set updatedfiles = ($updatedfiles csug/copyright.stex csug/csug.stex) + +-/bin/rm bintar/Makefile ++rm -f bintar/Makefile + sed -e "s/^version = .*/version = $R/" \ + -e "s/csv[0-9][0-9][0-9]*/csv$ZR/g" \ + ../bintar/Makefile > bintar/Makefile + set updatedfiles = ($updatedfiles bintar/Makefile) + +-/bin/rm rpm/Makefile ++rm -f rpm/Makefile + sed -e "s/^version = .*/version = $R/" ../rpm/Makefile > rpm/Makefile + set updatedfiles = ($updatedfiles rpm/Makefile) + +-/bin/rm pkg/Makefile ++rm -f pkg/Makefile + sed -e "s/^version = .*/version = $R/" \ + -e "s/© .* Cisco Systems/\© `date +%Y` Cisco Systems/" \ + ../pkg/Makefile > pkg/Makefile +@@ -170,7 +170,7 @@ foreach fn (wininstall/{,t}{a6,i3}nt.wxs) + sed -e "s/csv[0-9][0-9][0-9]*/csv$ZR/" ../$fn > $fn + end + +-/bin/rm LOG ++rm -f LOG + cat ../LOG > LOG + echo "" >> LOG + echo "$R changes:" >> LOG +diff --git a/pkg/Makefile b/pkg/Makefile +index e0eef67..a3fe83f 100644 +--- a/pkg/Makefile ++++ b/pkg/Makefile +@@ -39,7 +39,7 @@ $(PKG): $(BUILDROOT)/$(PKG) + --package-path $(BUILDROOT)\ + $(PKG) + sudo chown $(DOTUSER):$(DOTGROUP) $(PKG) +- sudo /bin/rm -rf $(RELEASE) $(BUILDROOT) ++ sudo rm -rf $(RELEASE) $(BUILDROOT) + + $(BUILDROOT)/$(PKG): $(PKGCONTENT) + sudo /usr/bin/pkgbuild\ +diff --git a/release_notes/gifs/Makefile b/release_notes/gifs/Makefile +index 9572965..701d53a 100644 +--- a/release_notes/gifs/Makefile ++++ b/release_notes/gifs/Makefile +@@ -15,7 +15,7 @@ density=-r90x90 + ${density} - |\ + pnmcrop |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f $*.dvi $*.log *.aux ++ rm -f $*.dvi $*.log *.aux + test -f $*.gif && chmod 644 $*.gif + + all: ${gifs} +@@ -44,7 +44,7 @@ ghostRightarrow.gif: Rightarrow.tex + giftrans -g '#000000=#ffffff' |\ + giftopnm |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f Rightarrow.dvi Rightarrow.log Rightarrow.aux ++ rm -f Rightarrow.dvi Rightarrow.log Rightarrow.aux + test -f $*.gif && chmod 644 $*.gif + +-clean: ; /bin/rm -f *.gif Make.out ++clean: ; rm -f *.gif Make.out +diff --git a/release_notes/math/Makefile b/release_notes/math/Makefile +index b3ffae3..9eca430 100644 +--- a/release_notes/math/Makefile ++++ b/release_notes/math/Makefile +@@ -16,11 +16,11 @@ density=-r90x90 + ${density} - |\ + pnmcrop |\ + ppmtogif -transparent white > $*.gif +- /bin/rm -f $*.dvi $*.log $*.aux ++ rm -f $*.dvi $*.log $*.aux + test -f $*.gif && chmod 644 $*.gif + + all: ${gifs} + + ${gifs}: mathmacros + +-clean: ; /bin/rm -f *.gif Make.out ++clean: ; rm -f *.gif Make.out +diff --git a/s/Mf-base b/s/Mf-base +index c709608..40d816c 100644 +--- a/s/Mf-base ++++ b/s/Mf-base +@@ -206,7 +206,7 @@ profiled: + $(MAKE) all loadspd=t bp=t PetiteBoot=../boot/$m/xpetite.boot SchemeBoot=../boot/$m/xscheme.boot + $(MAKE) prettyclean + $(MAKE) io.$m loadspd=t dumpbpd=t Scheme="../bin/$m/scheme -b ../boot/$m/xpetite.boot -b ../boot/$m/xscheme.boot" +- /bin/rm -f ../boot/$m/xpetite.boot ../boot/$m/xscheme.boot ++ rm -f ../boot/$m/xpetite.boot ../boot/$m/xscheme.boot + $(MAKE) prettyclean + $(MAKE) all loadspd=t loadbpd=t + +diff --git a/workarea b/workarea +index bacc712..0461919 100755 +--- a/workarea ++++ b/workarea +@@ -70,9 +70,9 @@ esac + + if [ "$OS" = "Windows_NT" ] + then +- ln="/bin/cp -R" ++ ln="cp -R" + else +- ln="/bin/ln -s" ++ ln="ln -s" + fi + + # This shell script creates a workarea for local modifications to the +@@ -102,7 +102,7 @@ workln() + forceworkln() + { + if [ ! -e $2 ] ; then +- /bin/ln -s $1 $2 2> /dev/null ++ ln -s $1 $2 2> /dev/null + fi + } + +@@ -168,13 +168,13 @@ done + # deep copy submodules where builds occur so changes don't propagate through symlinks + for dir in `echo zlib` ; do + if [ ! -e $W/$dir ] ; then +- /bin/cp -R $dir $W/$dir ++ cp -R $dir $W/$dir + fi + done + + for dir in `echo lz4` ; do + if [ ! -e $W/$dir ] ; then +- /bin/cp -R $dir $W/$dir ++ cp -R $dir $W/$dir + fi + done + +-- +2.21.1 (Apple Git-122.3) + -- cgit v1.2.3 From 0d4ae86bc2e5c5a87e3d343d2b144ed9afd75314 Mon Sep 17 00:00:00 2001 From: Brice Waegeneire Date: Fri, 2 Apr 2021 11:49:34 +0100 Subject: gnu: libvirt: Update to 7.2.0. * gnu/packages/virtualization.scm (libvirt): Update to 7.2.0. [arguemnts]: Switch to meson, only build system supported by upstream. [inputs]: Add libssh2 and readline. [native-inputs]: Add bash-completion, gettext, python-docutils and rpcsvc-proto. * gnu/packages/patches/libvirt-add-install-prefix.patch: New file... * gnu/local.mk: ...add it. * gnu/packages/patches/libvirt-create-machine-cgroup.patch: Delete file, merged by upstream. Tested-by: Pierre Langlois --- gnu/local.mk | 4 +- .../patches/libvirt-add-install-prefix.patch | 329 +++++++++++++++++++++ gnu/packages/virtualization.scm | 82 +++-- 3 files changed, 367 insertions(+), 48 deletions(-) create mode 100644 gnu/packages/patches/libvirt-add-install-prefix.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 1d7133667d..075504e302 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -34,7 +34,7 @@ # Copyright © 2020, 2021 Felix Gruber # Copyright © 2020 Ryan Prior # Copyright © 2020 Jan Wielkiewicz -# Copyright © 2020 Brice Waegeneire +# Copyright © 2020, 2021 Brice Waegeneire # Copyright © 2020 Tanguy Le Carrour # Copyright © 2020 Martin Becze # Copyright © 2020 Malte Frank Gerdes @@ -1264,7 +1264,7 @@ dist_patch_DATA = \ %D%/packages/patches/kdbusaddons-kinit-file-name.patch \ %D%/packages/patches/libffi-3.3-powerpc-fixes.patch \ %D%/packages/patches/libffi-float128-powerpc64le.patch \ - %D%/packages/patches/libvirt-create-machine-cgroup.patch \ + %D%/packages/patches/libvirt-add-install-prefix.patch \ %D%/packages/patches/libziparchive-add-includes.patch \ %D%/packages/patches/localed-xorg-keyboard.patch \ %D%/packages/patches/kdiagram-Fix-missing-link-libraries.patch \ diff --git a/gnu/packages/patches/libvirt-add-install-prefix.patch b/gnu/packages/patches/libvirt-add-install-prefix.patch new file mode 100644 index 0000000000..1331fa9b6f --- /dev/null +++ b/gnu/packages/patches/libvirt-add-install-prefix.patch @@ -0,0 +1,329 @@ +Patch from NixOS: +https://raw.githubusercontent.com/NixOS/nixpkgs/b98031a49c66095dd1eb9185ecdaeeb5e3cd752d/pkgs/development/libraries/libvirt/0001-meson-patch-in-an-install-prefix-for-building-on-nix.patch + +From a896b0be849455edb83a9305dfec9b41447ef3e4 Mon Sep 17 00:00:00 2001 +From: Euan Kemp +Date: Thu, 14 Jan 2021 00:32:00 -0800 +Subject: [PATCH] meson: patch in an install prefix for building on nix + +Used in the nixpkgs version of libvirt so that we can install things in +the nix store, but read them from the root filesystem. +--- + meson.build | 9 +++++++++ + meson_options.txt | 2 ++ + src/libxl/meson.build | 6 +++--- + src/locking/meson.build | 8 ++++---- + src/lxc/meson.build | 6 +++--- + src/meson.build | 18 +++++++++--------- + src/network/meson.build | 12 ++++++------ + src/nwfilter/xml/meson.build | 2 +- + src/qemu/meson.build | 14 +++++++------- + src/remote/meson.build | 6 +++--- + src/security/apparmor/meson.build | 8 ++++---- + tools/meson.build | 4 ++-- + 12 files changed, 53 insertions(+), 42 deletions(-) + +diff --git a/meson.build b/meson.build +index b5164f6..33719f1 100644 +--- a/meson.build ++++ b/meson.build +@@ -39,6 +39,8 @@ if host_machine.system() == 'windows' + conf.set('WINVER', '0x0600') # Win Vista / Server 2008 + endif + ++# patched in for nix ++install_prefix = get_option('install_prefix') + + # set various paths + +@@ -57,6 +59,13 @@ else + sysconfdir = prefix / get_option('sysconfdir') + endif + ++# nix: don't prefix the localstatedir; some things need to write to it, so it ++# can't be in the nix store, and that's what the prefix is. ++# We'll prefix things ourselves where needed ++localstatedir = get_option('localstatedir') ++# Same for sysconfidr ++sysconfdir = get_option('sysconfdir') ++ + # if --prefix is /usr, don't use /usr/var for localstatedir or /usr/etc for + # sysconfdir as this makes a lot of things break in testing situations + if prefix == '/usr' +diff --git a/meson_options.txt b/meson_options.txt +index e5d79c2..081cd32 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -1,3 +1,5 @@ ++option('install_prefix', type: 'string', value: '', description: 'prefix for nix store installation') ++ + option('no_git', type: 'boolean', value: false, description: 'Disable git submodule update') + option('packager', type: 'string', value: '', description: 'Extra packager name') + option('packager_version', type: 'string', value: '', description: 'Extra packager version') +diff --git a/src/libxl/meson.build b/src/libxl/meson.build +index 3bb6cc5..78d7be0 100644 +--- a/src/libxl/meson.build ++++ b/src/libxl/meson.build +@@ -84,8 +84,8 @@ if conf.has('WITH_LIBXL') + } + + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'libxl', +- runstatedir / 'libvirt' / 'libxl', +- localstatedir / 'log' / 'libvirt' / 'libxl', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'libxl', ++ install_prefix + runstatedir / 'libvirt' / 'libxl', ++ install_prefix + localstatedir / 'log' / 'libvirt' / 'libxl', + ] + endif +diff --git a/src/locking/meson.build b/src/locking/meson.build +index 8a28310..9da81cc 100644 +--- a/src/locking/meson.build ++++ b/src/locking/meson.build +@@ -243,14 +243,14 @@ if conf.has('WITH_LIBVIRTD') + } + + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'lockd', +- localstatedir / 'lib' / 'libvirt' / 'lockd' / 'files', +- runstatedir / 'libvirt' / 'lockd', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'lockd', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'lockd' / 'files', ++ install_prefix + runstatedir / 'libvirt' / 'lockd', + ] + + if conf.has('WITH_SANLOCK') + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'sanlock', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'sanlock', + ] + endif + endif +diff --git a/src/lxc/meson.build b/src/lxc/meson.build +index f8e2a88..96d6687 100644 +--- a/src/lxc/meson.build ++++ b/src/lxc/meson.build +@@ -182,8 +182,8 @@ if conf.has('WITH_LXC') + } + + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'lxc', +- runstatedir / 'libvirt' / 'lxc', +- localstatedir / 'log' / 'libvirt' / 'lxc', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'lxc', ++ install_prefix + runstatedir / 'libvirt' / 'lxc', ++ install_prefix + localstatedir / 'log' / 'libvirt' / 'lxc', + ] + endif +diff --git a/src/meson.build b/src/meson.build +index 7c47821..d33d16a 100644 +--- a/src/meson.build ++++ b/src/meson.build +@@ -669,7 +669,7 @@ endforeach + + virt_conf_files += 'libvirt.conf' + +-install_data(virt_conf_files, install_dir: confdir) ++install_data(virt_conf_files, install_dir: install_prefix + confdir) + install_data(virt_aug_files, install_dir: virt_aug_dir) + + # augeas_test_data: +@@ -729,7 +729,7 @@ foreach data : virt_daemon_confs + output: '@0@.conf'.format(data['name']), + configuration: daemon_conf, + install: true, +- install_dir: confdir, ++ install_dir: install_prefix + confdir, + ) + + if data.get('with_ip', false) +@@ -853,14 +853,14 @@ if conf.has('WITH_LIBVIRTD') + + install_data( + init_file, +- install_dir: sysconfdir / 'init.d', ++ install_dir: install_prefix + sysconfdir / 'init.d', + rename: [ init['name'] ], + ) + + if init.has_key('confd') + install_data( + init['confd'], +- install_dir: sysconfdir / 'conf.d', ++ install_dir: install_prefix + sysconfdir / 'conf.d', + rename: [ init['name'] ], + ) + endif +@@ -872,7 +872,7 @@ if init_script != 'none' + foreach sysconf : sysconf_files + install_data( + sysconf['file'], +- install_dir: sysconfdir / 'sysconfig', ++ install_dir: install_prefix + sysconfdir / 'sysconfig', + rename: [ sysconf['name'] ], + ) + endforeach +@@ -897,10 +897,10 @@ endif + # Install empty directories + + virt_install_dirs += [ +- localstatedir / 'cache' / 'libvirt', +- localstatedir / 'lib' / 'libvirt' / 'images', +- localstatedir / 'lib' / 'libvirt' / 'filesystems', +- localstatedir / 'lib' / 'libvirt' / 'boot', ++ install_prefix + localstatedir / 'cache' / 'libvirt', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'images', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'filesystems', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'boot', + ] + + meson.add_install_script( +diff --git a/src/network/meson.build b/src/network/meson.build +index 3ec598c..b02040b 100644 +--- a/src/network/meson.build ++++ b/src/network/meson.build +@@ -79,9 +79,9 @@ if conf.has('WITH_NETWORK') + } + + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'network', +- localstatedir / 'lib' / 'libvirt' / 'dnsmasq', +- runstatedir / 'libvirt' / 'network', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'network', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'dnsmasq', ++ install_prefix + runstatedir / 'libvirt' / 'network', + ] + + configure_file( +@@ -89,12 +89,12 @@ if conf.has('WITH_NETWORK') + output: '@BASENAME@', + copy: true, + install: true, +- install_dir: confdir / 'qemu' / 'networks', ++ install_dir: install_prefix + confdir / 'qemu' / 'networks', + ) + + meson.add_install_script( + meson_python_prog.path(), python3_prog.path(), meson_install_symlink_prog.path(), +- confdir / 'qemu' / 'networks' / 'autostart', ++ install_prefix + confdir / 'qemu' / 'networks' / 'autostart', + '../default.xml', 'default.xml', + ) + +diff --git a/src/nwfilter/xml/meson.build b/src/nwfilter/xml/meson.build +index 0d96c54..66c92a1 100644 +--- a/src/nwfilter/xml/meson.build ++++ b/src/nwfilter/xml/meson.build +@@ -25,4 +25,4 @@ nwfilter_xml_files = [ + 'qemu-announce-self.xml', + ] + +-install_data(nwfilter_xml_files, install_dir: sysconfdir / 'libvirt' / 'nwfilter') ++install_data(nwfilter_xml_files, install_dir: install_prefix + sysconfdir / 'libvirt' / 'nwfilter') +diff --git a/src/qemu/meson.build b/src/qemu/meson.build +index 90640b0..8802cec 100644 +--- a/src/qemu/meson.build ++++ b/src/qemu/meson.build +@@ -171,12 +171,12 @@ if conf.has('WITH_QEMU') + } + + virt_install_dirs += [ +- localstatedir / 'lib' / 'libvirt' / 'qemu', +- runstatedir / 'libvirt' / 'qemu', +- localstatedir / 'cache' / 'libvirt' / 'qemu', +- localstatedir / 'log' / 'libvirt' / 'qemu', +- localstatedir / 'lib' / 'libvirt' / 'swtpm', +- runstatedir / 'libvirt' / 'qemu' / 'swtpm', +- localstatedir / 'log' / 'swtpm' / 'libvirt' / 'qemu', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'qemu', ++ install_prefix + runstatedir / 'libvirt' / 'qemu', ++ install_prefix + localstatedir / 'cache' / 'libvirt' / 'qemu', ++ install_prefix + localstatedir / 'log' / 'libvirt' / 'qemu', ++ install_prefix + localstatedir / 'lib' / 'libvirt' / 'swtpm', ++ install_prefix + runstatedir / 'libvirt' / 'qemu' / 'swtpm', ++ install_prefix + localstatedir / 'log' / 'swtpm' / 'libvirt' / 'qemu', + ] + endif +diff --git a/src/remote/meson.build b/src/remote/meson.build +index 9ad2f6a..429a15b 100644 +--- a/src/remote/meson.build ++++ b/src/remote/meson.build +@@ -245,7 +245,7 @@ if conf.has('WITH_REMOTE') + } + + virt_install_dirs += [ +- localstatedir / 'log' / 'libvirt', ++ install_prefix + localstatedir / 'log' / 'libvirt', + ] + + logrotate_conf = configuration_data() +@@ -259,7 +259,7 @@ if conf.has('WITH_REMOTE') + ) + install_data( + log_file, +- install_dir: sysconfdir / 'logrotate.d', ++ install_dir: install_prefix + sysconfdir / 'logrotate.d', + rename: [ name ], + ) + endforeach +@@ -309,7 +309,7 @@ endif + if conf.has('WITH_SASL') + install_data( + 'libvirtd.sasl', +- install_dir: sysconfdir / 'sasl2', ++ install_dir: install_prefix + sysconfdir / 'sasl2', + rename: [ 'libvirt.conf' ], + ) + endif +diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meson.build +index af43780..e2d6c81 100644 +--- a/src/security/apparmor/meson.build ++++ b/src/security/apparmor/meson.build +@@ -17,22 +17,22 @@ foreach name : apparmor_gen_profiles + output: name, + configuration: apparmor_gen_profiles_conf, + install: true, +- install_dir: apparmor_dir, ++ install_dir: install_prefix + apparmor_dir, + ) + endforeach + + install_data( + [ 'libvirt-qemu', 'libvirt-lxc' ], +- install_dir: apparmor_dir / 'abstractions', ++ install_dir: install_prefix + apparmor_dir / 'abstractions', + ) + + install_data( + [ 'TEMPLATE.qemu', 'TEMPLATE.lxc' ], +- install_dir: apparmor_dir / 'libvirt', ++ install_dir: install_prefix + apparmor_dir / 'libvirt', + ) + + install_data( + 'usr.lib.libvirt.virt-aa-helper.local', +- install_dir: apparmor_dir / 'local', ++ install_dir: install_prefix + apparmor_dir / 'local', + rename: 'usr.lib.libvirt.virt-aa-helper', + ) +diff --git a/tools/meson.build b/tools/meson.build +index b8c6802..dacd0ff 100644 +--- a/tools/meson.build ++++ b/tools/meson.build +@@ -115,7 +115,7 @@ if conf.has('WITH_LOGIN_SHELL') + install_rpath: libvirt_rpath, + ) + +- install_data('virt-login-shell.conf', install_dir: sysconfdir / 'libvirt') ++ install_data('virt-login-shell.conf', install_dir: install_prefix + sysconfdir / 'libvirt') + endif + + if host_machine.system() == 'windows' +@@ -274,7 +274,7 @@ configure_file( + if init_script == 'systemd' + install_data( + 'libvirt-guests.sysconf', +- install_dir: sysconfdir / 'sysconfig', ++ install_dir: install_prefix + sysconfdir / 'sysconfig', + rename: 'libvirt-guests', + ) diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 88313d54a2..3c6b61499a 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -12,7 +12,7 @@ ;;; Copyright © 2018 Julien Lepiller ;;; Copyright © 2019 Guy Fleury Iteriteka ;;; Copyright © 2020 Jakub Kądziołka -;;; Copyright © 2020 Brice Waegeneire +;;; Copyright © 2020, 2021 Brice Waegeneire ;;; Copyright © 2020 Mathieu Othacehe ;;; Copyright © 2020 Marius Bakke ;;; Copyright © 2020, 2021 Maxim Cournoyer @@ -42,6 +42,7 @@ #:use-module (gnu packages autotools) #:use-module (gnu packages backup) #:use-module (gnu packages base) + #:use-module (gnu packages bash) #:use-module (gnu packages bison) #:use-module (gnu packages build-tools) #:use-module (gnu packages check) @@ -97,6 +98,7 @@ #:use-module (gnu packages python-web) #:use-module (gnu packages python-xyz) #:use-module (gnu packages pulseaudio) + #:use-module (gnu packages readline) #:use-module (gnu packages selinux) #:use-module (gnu packages sdl) #:use-module (gnu packages sphinx) @@ -1065,66 +1067,48 @@ manage system or application containers.") (define-public libvirt (package (name "libvirt") - (version "5.8.0") + (version "7.2.0") (source (origin (method url-fetch) (uri (string-append "https://libvirt.org/sources/libvirt-" version ".tar.xz")) (sha256 - (base32 "0m8cqaqflvys5kaqpvb0qr4k365j09jc5xk6x70yvg8qkcl2hcz2")) - (patches - (search-patches "libvirt-create-machine-cgroup.patch")))) - (build-system gnu-build-system) + (base32 "1l6i1rz1v9rnp61sgzlrlbsfh03208dbm3b259i0jl5sqz85kx01")) + (patches (search-patches "libvirt-add-install-prefix.patch")))) + (build-system meson-build-system) (arguments `(#:configure-flags - (list "--with-qemu" - "--with-qemu-user=nobody" - "--with-qemu-group=kvm" - "--with-storage-disk" - "--with-storage-dir" - "--with-polkit" - (string-append "--docdir=" (assoc-ref %outputs "out") "/share/doc/" + (list "-Ddriver_qemu=enabled" + "-Dqemu_user=nobody" + "-Dqemu_group=kvm" + "-Dstorage_disk=enabled" + "-Dstorage_dir=enabled" + "-Dpolkit=enabled" + "-Dnls=enabled" ;translations + (string-append "-Ddocdir=" (assoc-ref %outputs "out") "/share/doc/" ,name "-" ,version) + "-Dbash_completion=enabled" + (string-append "-Dinstall_prefix=" (assoc-ref %outputs "out")) "--sysconfdir=/etc" "--localstatedir=/var") + #:meson ,meson-0.55 #:phases (modify-phases %standard-phases - (add-before 'configure 'fix-BOURNE_SHELL-definition - ;; BOURNE_SHELL is hard-#defined to ‘/bin/sh’, causing test failures. - (lambda _ - (substitute* "config.h.in" - (("/bin/sh") (which "sh"))) - #t)) - (add-before 'configure 'patch-libtirpc-file-names - (lambda* (#:key inputs #:allow-other-keys) - ;; libvirt uses an m4 macro instead of pkg-config to determine where - ;; the RPC headers are located. Tell it to look in the right place. - (substitute* "configure" - (("/usr/include/tirpc") ;defined in m4/virt-xdr.m4 - (string-append (assoc-ref inputs "libtirpc") - "/include/tirpc"))) - #t)) (add-before 'configure 'disable-broken-tests (lambda _ - (let ((tests (list "commandtest" ; hangs idly - "qemuxml2argvtest" ; fails - "qemuhotplugtest" ; fails - "virnetsockettest" ; tries to network - "virshtest"))) ; fails - (substitute* "tests/Makefile.in" - (((format #f "(~a)\\$\\(EXEEXT\\)" (string-join tests "|"))) + (let ((tests (list "commandtest" ; hangs idly + "qemuxml2argvtest" ; fails + "virnetsockettest"))) ; tries to network + (substitute* "tests/meson.build" + (((format #f ".*'name': '(~a)'.*" (string-join tests "|"))) "")) #t))) - (replace 'install - ;; Since the sysconfdir and localstatedir should be /etc and /var - ;; at runtime, we must prevent writing to them at installation - ;; time. - (lambda* (#:key make-flags #:allow-other-keys) - (apply invoke "make" "install" - "sysconfdir=/tmp/etc" - "localstatedir=/tmp/var" - make-flags)))))) + (add-before 'install 'no-polkit-magic + ;; Meson ‘magically’ invokes pkexec, which fails (not setuid). + (lambda _ + (setenv "PKEXEC_UID" "something") + #t))))) (inputs `(("libxml2" ,libxml2) ("eudev" ,eudev) @@ -1133,11 +1117,13 @@ manage system or application containers.") ("dbus" ,dbus) ("libpcap" ,libpcap) ("libnl" ,libnl) + ("libssh2" ,libssh2) ;optional ("libtirpc" ,libtirpc) ;for ("libuuid" ,util-linux "lib") ("lvm2" ,lvm2) ;for libdevmapper ("curl" ,curl) ("openssl" ,openssl) + ("readline" ,readline) ("cyrus-sasl" ,cyrus-sasl) ("libyajl" ,libyajl) ("audit" ,audit) @@ -1148,11 +1134,15 @@ manage system or application containers.") ("iproute" ,iproute) ("iptables" ,iptables))) (native-inputs - `(("xsltproc" ,libxslt) + `(("bash-completion" ,bash-completion) + ("gettext" ,gettext-minimal) + ("xsltproc" ,libxslt) ("perl" ,perl) ("pkg-config" ,pkg-config) ("polkit" ,polkit) - ("python" ,python-wrapper))) + ("python" ,python-wrapper) + ("python-docutils" ,python-docutils) ;for rst2html + ("rpcsvc-proto" ,rpcsvc-proto))) ;for rpcgen (home-page "https://libvirt.org") (synopsis "Simple API for virtualization") (description "Libvirt is a C toolkit to interact with the virtualization -- cgit v1.2.3 From 8515a506ca71ae5e3709930754d6df77614ffb71 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 6 Apr 2021 16:31:16 -0400 Subject: gnu: qemu: Fix the Texinfo manual. The makeinfo command splits the generated info output in multiple files (in 300 KiB chunks) by default; this meant the build system would have had to install the multiple QEMU.info-1, QEMU.info-2, etc. files for the info manual to work as intended. Instead, keep the info manual as one single file by specifying the --no-split option to makeinfo. * gnu/packages/patches/qemu-build-info-manual.patch (sphinxinfo) : Invoke with the --no-split argument. --- gnu/packages/patches/qemu-build-info-manual.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/qemu-build-info-manual.patch b/gnu/packages/patches/qemu-build-info-manual.patch index c837040d45..f2bee30ab0 100644 --- a/gnu/packages/patches/qemu-build-info-manual.patch +++ b/gnu/packages/patches/qemu-build-info-manual.patch @@ -90,7 +90,7 @@ index ebd85d59f9..1243839461 100644 + output: 'QEMU.info', + install: true, + install_dir: get_option('infodir'), -+ command: [makeinfo, '@INPUT0@', '--output=@OUTPUT@']) ++ command: [makeinfo, '--no-split', '@INPUT0@', '--output=@OUTPUT@']) + alias_target('texi', sphinxtexi) + alias_target('info', sphinxinfo) + endif -- cgit v1.2.3 From 586f017d9800a23c71b347c74aee5017a168b35b Mon Sep 17 00:00:00 2001 From: Brendan Tildesley Date: Mon, 22 Feb 2021 22:20:40 +1100 Subject: gnu: python-pyqt: Fix build for new python-sip. * gnu/packages/qt.scm (python-pyqt) [source]: Remove pyqt-public-sip.patch. [propagated-inputs]: Add python-pyqt5-sip. * gnu/packages/patches/pyqt-public-sip.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/pyqt-public-sip.patch | 55 ------------------------------ gnu/packages/qt.scm | 8 ++--- 3 files changed, 4 insertions(+), 60 deletions(-) delete mode 100644 gnu/packages/patches/pyqt-public-sip.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 075504e302..8365e19b02 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1559,7 +1559,6 @@ dist_patch_DATA = \ %D%/packages/patches/pybugz-stty.patch \ %D%/packages/patches/pygpgme-disable-problematic-tests.patch \ %D%/packages/patches/pyqt-configure.patch \ - %D%/packages/patches/pyqt-public-sip.patch \ %D%/packages/patches/python-2-deterministic-build-info.patch \ %D%/packages/patches/python-2.7-adjust-tests.patch \ %D%/packages/patches/python-2.7-search-paths.patch \ diff --git a/gnu/packages/patches/pyqt-public-sip.patch b/gnu/packages/patches/pyqt-public-sip.patch deleted file mode 100644 index 44cdcb6371..0000000000 --- a/gnu/packages/patches/pyqt-public-sip.patch +++ /dev/null @@ -1,55 +0,0 @@ -https://sources.debian.org/data/main/p/pyqt5/5.11.3+dfsg-1/debian/patches/public_sip.diff - -From: Dmitry Shachnev -Date: Tue, 3 Jul 2018 09:46:42 +0300 -Subject: Use the public version of sip module - -Per https://www.debian.org/doc/debian-policy/#convenience-copies-of-code. ---- - configure.py | 2 +- - designer/pluginloader.cpp | 2 +- - qmlscene/pluginloader.cpp | 4 ++-- - 3 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/configure.py b/configure.py -index 32d03a0..3c43a14 100644 ---- a/configure.py -+++ b/configure.py -@@ -2440,7 +2440,7 @@ def get_sip_flags(target_config): - the target configuration. - """ - -- sip_flags = ['-n', 'PyQt5.sip'] -+ sip_flags = ['-n', 'sip'] - - # If we don't check for signed interpreters, we exclude the 'VendorID' - # feature -diff --git a/designer/pluginloader.cpp b/designer/pluginloader.cpp -index f41d391..3ca8b11 100644 ---- a/designer/pluginloader.cpp -+++ b/designer/pluginloader.cpp -@@ -167,7 +167,7 @@ bool PyCustomWidgets::importPlugins(const QString &dir, const QStringList &plugi - // Make sure we have sip.unwrapinstance. - if (!sip_unwrapinstance) - { -- sip_unwrapinstance = getModuleAttr("PyQt5.sip", "unwrapinstance"); -+ sip_unwrapinstance = getModuleAttr("sip", "unwrapinstance"); - - if (!sip_unwrapinstance) - return true; -diff --git a/qmlscene/pluginloader.cpp b/qmlscene/pluginloader.cpp -index e14b946..140e80c 100644 ---- a/qmlscene/pluginloader.cpp -+++ b/qmlscene/pluginloader.cpp -@@ -412,9 +412,9 @@ PyObject *PyQt5QmlPlugin::getModuleAttr(const char *module, const char *attr) - void PyQt5QmlPlugin::getSipAPI() - { - #if defined(SIP_USE_PYCAPSULE) -- sip = (const sipAPIDef *)PyCapsule_Import("PyQt5.sip._C_API", 0); -+ sip = (const sipAPIDef *)PyCapsule_Import("sip._C_API", 0); - #else -- PyObject *c_api = getModuleAttr("PyQt5.sip", "_C_API"); -+ PyObject *c_api = getModuleAttr("sip", "_C_API"); - - if (c_api) - { diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm index d604a9ccb3..530fcf1039 100644 --- a/gnu/packages/qt.scm +++ b/gnu/packages/qt.scm @@ -1903,17 +1903,17 @@ module provides support functions to the automatically generated code.") (string-append "https://www.riverbankcomputing.com/static/" "Downloads/PyQt5/" version "/PyQt5-" version ".tar.gz"))) - (file-name (string-append "PyQt5-"version ".tar.gz")) + (file-name (string-append "PyQt5-" version ".tar.gz")) (sha256 (base32 "1z74295i69cha52llsqffzhb5zz7qnbjc64h8qg21l91jgf0harp")) - (patches (search-patches "pyqt-configure.patch" - "pyqt-public-sip.patch")))) + (patches (search-patches "pyqt-configure.patch")))) (build-system gnu-build-system) (native-inputs `(("qtbase" ,qtbase))) ; for qmake (propagated-inputs - `(("python-sip" ,python-sip))) + `(("python-sip" ,python-sip) + ("python-pyqt5-sip" ,python-pyqt5-sip))) (inputs `(("python" ,python-wrapper) ("qtbase" ,qtbase) -- cgit v1.2.3 From 5d53eec337fb410d1d1c0b89ce3dd29a8edf9e49 Mon Sep 17 00:00:00 2001 From: Brendan Tildesley Date: Sat, 27 Feb 2021 23:04:01 +1100 Subject: gnu: calibre: Update to 5.14.0. * gnu/packages/ebook.scm (calibre): Update to 5.14.0. [source]: Adjust the snippet to preserve some files used by the HTML reader. [native-inputs]: Add python-pyqt-builder. Replace python2-flake8 with python-flake8. [inputs]: Remove chmlib, js-mathjax, python-chardet, and python-sip. Add python-cchardet, python-speechd, python-zeroconf, python-py7zr, python-pychm, python-pycryptodome, libjpeg, and libjxr. Replace all Python 2 dependencies with their Python 3 equivalents. [arguments]: Build with the default Python and adjust custom phases accordingly. Adjust the 'configure' phase to changes in how Calibre uses SIP, and patch lookup paths for libjpeg and libjxr. Rename the 'build-extra' phase to 'install-rapydscript', and run it after the 'install' phase. Adjust it for Calibre 5.14.0. * gnu/packages/patches/calibre-no-updates-dialog.patch, gnu/packages/patches/calibre-remove-test-sqlite.patch, gnu/packages/patches/calibre-remove-test-unrar.patch: Adjust patches for Calibre 5.14.0. --- gnu/packages/ebook.scm | 117 +++++++++++---------- .../patches/calibre-no-updates-dialog.patch | 22 ++-- .../patches/calibre-remove-test-sqlite.patch | 21 ++-- .../patches/calibre-remove-test-unrar.patch | 24 ++--- 4 files changed, 100 insertions(+), 84 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm index 5853ad0652..504171ca8b 100644 --- a/gnu/packages/ebook.scm +++ b/gnu/packages/ebook.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2015, 2016 Andreas Enge ;;; Copyright © 2016, 2018 Efraim Flashner ;;; Copyright © 2016, 2017 Alex Griffin -;;; Copyright © 2017, 2019, 2020 Brendan Tildesley +;;; Copyright © 2017, 2019, 2020, 2021 Brendan Tildesley ;;; Copyright © 2017 Roel Janssen ;;; Copyright © 2018–2021 Tobias Geerinckx-Rice ;;; Copyright © 2020 Marius Bakke @@ -58,10 +58,14 @@ #:use-module (gnu packages pdf) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) + #:use-module (gnu packages python-build) + #:use-module (gnu packages python-compression) + #:use-module (gnu packages python-crypto) #:use-module (gnu packages python-web) #:use-module (gnu packages python-xyz) #:use-module (gnu packages qt) #:use-module (gnu packages serialization) + #:use-module (gnu packages speech) #:use-module (gnu packages sqlite) #:use-module (gnu packages time) #:use-module (gnu packages tls) @@ -111,7 +115,7 @@ with Microsoft Compiled HTML (CHM) files") (define-public calibre (package (name "calibre") - (version "4.18.0") + (version "5.14.0") (source (origin (method url-fetch) @@ -120,7 +124,7 @@ with Microsoft Compiled HTML (CHM) files") version ".tar.xz")) (sha256 (base32 - "0w9pcfvskjh4v00vjw3i6hzrafy863pgsmmqdx4lffip3p856brw")) + "0w8j9r9qa56r8gm9b10dwh8zrzqlv79s2br82jqg02lrnrbwwv0q")) (modules '((guix build utils))) (snippet '(begin @@ -132,8 +136,6 @@ with Microsoft Compiled HTML (CHM) files") "")) ;; Remove unneeded resources. - (delete-file "resources/viewer.js") - (delete-file "resources/viewer.html") (delete-file "resources/mozilla-ca-certs.pem") (delete-file "resources/calibre-portable.bat") (delete-file "resources/calibre-portable.sh") @@ -145,57 +147,60 @@ with Microsoft Compiled HTML (CHM) files") (native-inputs `(("pkg-config" ,pkg-config) ("qtbase" ,qtbase) ; for qmake - ("python2-flake8" ,python2-flake8) + ("python-flake8" ,python-flake8) + ("python-pyqt-builder" ,python-pyqt-builder) ("xdg-utils" ,xdg-utils))) (inputs - `(("chmlib" ,chmlib) - ("fontconfig" ,fontconfig) + `(("fontconfig" ,fontconfig) ("font-liberation" ,font-liberation) ("glib" ,glib) ("hunspell" ,hunspell) ("hyphen" ,hyphen) ("icu4c" ,icu4c) - ("js-mathjax" ,js-mathjax) ("libmtp" ,libmtp) ("libpng" ,libpng) + ("libjpeg" ,libjpeg-turbo) + ("libjxr" ,libjxr) ("libusb" ,libusb) ("openssl" ,openssl) ("optipng" ,optipng) ("podofo" ,podofo) ("poppler" ,poppler) - ("python" ,python-2) - ("python2-apsw" ,python2-apsw) - ("python2-beautifulsoup4" ,python2-beautifulsoup4) - ("python2-chardet" ,python2-chardet) - ("python2-cssselect" ,python2-cssselect) - ("python2-css-parser" ,python2-css-parser) - ("python2-dateutil" ,python2-dateutil) - ("python2-dbus" ,python2-dbus) - ("python2-dnspython" ,python2-dnspython-1.16) - ("python2-dukpy" ,python2-dukpy) - ("python2-feedparser" ,python2-feedparser) - ("python2-html2text" ,python2-html2text) - ("python2-html5-parser" ,python2-html5-parser) - ("python2-html5lib" ,python2-html5lib) - ("python2-lxml" ,python2-lxml) - ("python2-markdown" ,python2-markdown) - ("python2-mechanize" ,python2-mechanize) - ;; python2-msgpack is needed for the network content server to work. - ("python2-msgpack" ,python2-msgpack) - ("python2-netifaces" ,python2-netifaces) - ("python2-odfpy" ,python2-odfpy) - ("python2-pillow" ,python2-pillow) - ("python2-psutil" ,python2-psutil) - ("python2-pygments" ,python2-pygments) - ("python2-pyqtwebengine" ,python2-pyqtwebengine) - ("python2-pyqt" ,python2-pyqt) - ("python2-sip" ,python2-sip) - ("python2-regex" ,python2-regex) + ("python-apsw" ,python-apsw) + ("python-beautifulsoup4" ,python-beautifulsoup4) + ("python-cchardet" ,python-cchardet) + ("python-css-parser" ,python-css-parser) + ("python-cssselect" ,python-cssselect) + ("python-dateutil" ,python-dateutil) + ("python-dbus" ,python-dbus) + ("python-dnspython" ,python-dnspython-1.16) + ("python-dukpy" ,python-dukpy) + ("python-feedparser" ,python-feedparser) + ("python-html2text" ,python-html2text) + ("python-html5-parser" ,python-html5-parser) + ("python-html5lib" ,python-html5lib) + ("python-lxml" ,python-lxml) + ("python-markdown" ,python-markdown) + ("python-mechanize" ,python-mechanize) + ;; python-msgpack is needed for the network content server to work. + ("python-msgpack" ,python-msgpack) + ("python-netifaces" ,python-netifaces) + ("python-odfpy" ,python-odfpy) + ("python-pillow" ,python-pillow) + ("python-psutil" ,python-psutil) + ("python-py7zr" ,python-py7zr) + ("python-pychm" ,python-pychm) + ("python-pycryptodome" ,python-pycryptodome) + ("python-pygments" ,python-pygments) + ("python-pyqt" ,python-pyqt) + ("python-pyqtwebengine" ,python-pyqtwebengine) + ("python-regex" ,python-regex) + ("python-speechd" ,speech-dispatcher) + ("python-zeroconf" ,python-zeroconf) ("qtwebengine" ,qtwebengine) ("sqlite" ,sqlite))) (arguments - `(#:python ,python-2 - ;; Calibre is using setuptools by itself, but the setup.py is not + `(;; Calibre is using setuptools by itself, but the setup.py is not ;; compatible with the shim wrapper (taken from pip) we are using. #:use-setuptools? #f #:phases @@ -227,18 +232,27 @@ with Microsoft Compiled HTML (CHM) files") (add-before 'build 'configure (lambda* (#:key inputs outputs #:allow-other-keys) (let ((podofo (assoc-ref inputs "podofo")) - (pyqt (assoc-ref inputs "python2-pyqt")) - (python-sip (assoc-ref inputs "python2-sip")) + (pyqt (assoc-ref inputs "python-pyqt")) + (python-sip (assoc-ref inputs "python-sip")) (out (assoc-ref outputs "out"))) - (substitute* "setup/build_environment.py" - (("= get_sip_dir\\(\\)") - (string-append "= '" pyqt "/share/sip'"))) - + (substitute* "setup/build.py" + (("\\[tool.sip.bindings.pictureflow\\]") + "[tool.sip.bindings.pictureflow] +tags = [\"WS_X11\"]") + (("\\[tool.sip.project\\]") + (string-append "[tool.sip.project] +sip-include-dirs = [\"" pyqt "/share/sip" "\"]"))) (substitute* "src/calibre/ebooks/pdf/pdftohtml.py" (("PDFTOHTML = 'pdftohtml'") (string-append "PDFTOHTML = \"" (assoc-ref inputs "poppler") "/bin/pdftohtml\""))) - + ;; get_exe_path looks in poppler's output for these binaries. Make + ;; it not do that. + (substitute* "src/calibre/utils/img.py" + (("get_exe_path..jpegtran..") (string-append "'" (which "jpegtran") "'")) + (("get_exe_path..cjpeg..") (string-append "'" (which "cjpeg") "'")) + (("get_exe_path..optipng..") (string-append "'" (which "optipng") "'")) + (("get_exe_path..JxrDecApp..") (string-append "'" (which "JxrDecApp") "'"))) ;; Calibre thinks we are installing desktop files into a home ;; directory, but here we butcher the script in to installing ;; to calibres /share directory. @@ -257,7 +271,6 @@ with Microsoft Compiled HTML (CHM) files") "/share/fonts") "/tmp/.fonts") - (setenv "SIP_BIN" (string-append python-sip "/bin/sip")) (setenv "PODOFO_INC_DIR" (string-append podofo "/include/podofo")) (setenv "PODOFO_LIB_DIR" (string-append podofo "/lib")) ;; This informs the tests we are a continuous integration @@ -268,13 +281,11 @@ with Microsoft Compiled HTML (CHM) files") ;; fix it, so I'm not sure how to fix it. TODO: Fix test and remove this. (setenv "SKIP_QT_BUILD_TEST" "true") #t))) - (add-after 'build 'build-extra + (add-after 'install 'install-rapydscript (lambda* (#:key inputs #:allow-other-keys) - (invoke "python2" "setup.py" "mathjax""--system-mathjax" - "--path-to-mathjax" (string-append - (assoc-ref inputs "js-mathjax") - "/share/javascript/mathjax")) - (invoke "python2" "setup.py" "rapydscript") + ;; Unset so QtWebengine doesn't dump temporary files here. + (unsetenv "XDG_DATA_HOME") + (invoke "python" "setup.py" "rapydscript") #t)) (add-after 'install 'install-man-pages (lambda* (#:key outputs #:allow-other-keys) diff --git a/gnu/packages/patches/calibre-no-updates-dialog.patch b/gnu/packages/patches/calibre-no-updates-dialog.patch index 1d8d79660e..66ac913cb5 100644 --- a/gnu/packages/patches/calibre-no-updates-dialog.patch +++ b/gnu/packages/patches/calibre-no-updates-dialog.patch @@ -1,11 +1,17 @@ -Taken from debian. +From 19e8d7701c302b0eca4c638705a6db625352caa3 Mon Sep 17 00:00:00 2001 +From: Brendan Tildesley +Date: Thu, 25 Feb 2021 12:17:30 +1100 +Subject: [PATCH] Don't check for updates. -# Description: Disable update check by default. -Index: calibre/src/calibre/gui2/main.py -=================================================================== ---- calibre.orig/src/calibre/gui2/main.py 2014-02-02 10:41:28.470954623 +0100 -+++ calibre/src/calibre/gui2/main.py 2014-02-02 10:41:56.546954247 +0100 -@@ -37,8 +37,8 @@ +--- + src/calibre/gui2/main.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/calibre/gui2/main.py b/src/calibre/gui2/main.py +index 776f8bebfb..4302716d7e 100644 +--- a/src/calibre/gui2/main.py ++++ b/src/calibre/gui2/main.py +@@ -59,8 +59,8 @@ def option_parser(): help=_('Start minimized to system tray.')) parser.add_option('-v', '--verbose', default=0, action='count', help=_('Ignored, do not use. Present only for legacy reasons')) @@ -16,3 +22,5 @@ Index: calibre/src/calibre/gui2/main.py parser.add_option('--ignore-plugins', default=False, action='store_true', help=_('Ignore custom plugins, useful if you installed a plugin' ' that is preventing calibre from starting')) +-- +2.30.1 diff --git a/gnu/packages/patches/calibre-remove-test-sqlite.patch b/gnu/packages/patches/calibre-remove-test-sqlite.patch index 7bdd90874d..fc2b237ef2 100644 --- a/gnu/packages/patches/calibre-remove-test-sqlite.patch +++ b/gnu/packages/patches/calibre-remove-test-sqlite.patch @@ -1,20 +1,20 @@ -From a92e26359bd07743ab105819ed0b619e27e14017 Mon Sep 17 00:00:00 2001 +From d8225e83c3b73f0e0da73874910f50ca652f48cf Mon Sep 17 00:00:00 2001 From: Brendan Tildesley -Date: Sat, 27 Apr 2019 03:30:53 +1000 -Subject: [PATCH] Disable test_sqlite. +Date: Thu, 25 Feb 2021 00:48:00 +1100 +Subject: [PATCH] Remove test_sqlite --- src/calibre/test_build.py | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/calibre/test_build.py b/src/calibre/test_build.py -index 07bdffd3e5..740588c95b 100644 +index 0ab7aa0646..87fdfabd9a 100644 --- a/src/calibre/test_build.py +++ b/src/calibre/test_build.py -@@ -162,12 +162,6 @@ class BuildTest(unittest.TestCase): - au(x, 'strftime') - self.assertEqual(unicode_type(time.strftime(fmt.replace('%e', '%#d'), t)), x) - +@@ -273,12 +273,6 @@ def read_changes(): + m.close() + self.assertEqual(winutil.parse_cmdline('"c:\\test exe.exe" "some arg" 2'), ('c:\\test exe.exe', 'some arg', '2')) + - def test_sqlite(self): - import sqlite3 - conn = sqlite3.connect(':memory:') @@ -24,6 +24,5 @@ index 07bdffd3e5..740588c95b 100644 def test_apsw(self): import apsw conn = apsw.Connection(':memory:') --- -2.21.0 - +-- +2.30.1 diff --git a/gnu/packages/patches/calibre-remove-test-unrar.patch b/gnu/packages/patches/calibre-remove-test-unrar.patch index 4e5572d1a6..961cc3eba7 100644 --- a/gnu/packages/patches/calibre-remove-test-unrar.patch +++ b/gnu/packages/patches/calibre-remove-test-unrar.patch @@ -1,28 +1,26 @@ -Unrar contains security vulnerabilities and has thus been removed from Guix. -From a16f97b02bd8afd0ec05c471e156f631f2cc6eec Mon Sep 17 00:00:00 2001 +From 9edf67191cc3655480b6fd418247709ade930b1a Mon Sep 17 00:00:00 2001 From: Brendan Tildesley -Date: Tue, 26 Mar 2019 22:17:03 +1100 -Subject: [PATCH] Remove test_unrar. +Date: Thu, 25 Feb 2021 00:33:10 +1100 +Subject: [PATCH] Remove test_unrar --- src/calibre/test_build.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/calibre/test_build.py b/src/calibre/test_build.py -index d67afd20a6..709132ef17 100644 +index b37fb1bcfb..0ab7aa0646 100644 --- a/src/calibre/test_build.py +++ b/src/calibre/test_build.py -@@ -220,10 +220,6 @@ class BuildTest(unittest.TestCase): +@@ -369,10 +369,6 @@ def test_file_dialog_helper(self): from calibre.gui2.win_file_dialogs import test test() - + - def test_unrar(self): - from calibre.utils.unrar import test_basic - test_basic() - - @unittest.skipUnless(iswindows, 'WPD is windows only') - def test_wpd(self): - wpd = plugins['wpd'][0] --- -2.21.0 - + def test_7z(self): + from calibre.utils.seven_zip import test_basic + test_basic() +-- +2.30.1 -- cgit v1.2.3 From 3281ba6eae1ead32b5146cfe6af4479dbb72593a Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Sat, 3 Apr 2021 17:08:10 +0200 Subject: gnu: lksctp-tools: Fix build of include file. * gnu/packages/patches/lksctp-tools-1.0.18-fix-header-file-name.patch: New file. * gnu/local.mk[patches]: Add it. * gnu/packages/networking.scm(/lksctp-tools)[source]: Use this patch. --- gnu/local.mk | 1 + gnu/packages/networking.scm | 2 ++ .../lksctp-tools-1.0.18-fix-header-file-name.patch | 32 ++++++++++++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 gnu/packages/patches/lksctp-tools-1.0.18-fix-header-file-name.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 8365e19b02..5c1ce07013 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1266,6 +1266,7 @@ dist_patch_DATA = \ %D%/packages/patches/libffi-float128-powerpc64le.patch \ %D%/packages/patches/libvirt-add-install-prefix.patch \ %D%/packages/patches/libziparchive-add-includes.patch \ + %D%/packages/patches/lksctp-tools-1.0.18-fix-header-file-name.patch \ %D%/packages/patches/localed-xorg-keyboard.patch \ %D%/packages/patches/kdiagram-Fix-missing-link-libraries.patch \ %D%/packages/patches/kiki-level-selection-crash.patch \ diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 7f8c68e7dc..5fe9ec26db 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -448,6 +448,8 @@ performance across unpredictable networks, such as the Internet.") (url "https://github.com/sctp/lksctp-tools") (commit (string-append "v" version)))) (file-name (git-file-name name version)) + (patches + (search-patches "lksctp-tools-1.0.18-fix-header-file-name.patch")) (sha256 (base32 "1x4fwzrlzvfa3vcpja97m8w5g9ir2zrh4zs7zksminrnmdrs0dsr")))) (build-system gnu-build-system) diff --git a/gnu/packages/patches/lksctp-tools-1.0.18-fix-header-file-name.patch b/gnu/packages/patches/lksctp-tools-1.0.18-fix-header-file-name.patch new file mode 100644 index 0000000000..1ebe6c803d --- /dev/null +++ b/gnu/packages/patches/lksctp-tools-1.0.18-fix-header-file-name.patch @@ -0,0 +1,32 @@ +From 378560050a8f93786c590cc99a55461666205b61 Mon Sep 17 00:00:00 2001 +From: Xin Long +Date: Fri, 24 Aug 2018 01:13:32 +0800 +Subject: [PATCH] build: fix netinet/sctp.h not to be installed + +After libcnetinet_HEADERS was set to sctp.h.in, netinet/sctp.h can +no longer be installed into ${includedir}. + +Since "AC_CONFIG_HEADERS([src/include/netinet/sctp.h])" is already +added into configure.ac, there's no need to generate sctp.h by +automake. + +So we simply set libcnetinet_HEADERS back to sctp.h. + +Fixes: 9607dd85e70a ("netinet/sctp.h: dynamically build based on system setup") +Signed-off-by: Xin Long +Signed-off-by: Marcelo Ricardo Leitner +--- + src/include/netinet/Makefile.am | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/include/netinet/Makefile.am b/src/include/netinet/Makefile.am +index ca0aac2..965db8c 100644 +--- a/src/include/netinet/Makefile.am ++++ b/src/include/netinet/Makefile.am +@@ -11,5 +11,4 @@ libcnetinetdir = $(includedir)/netinet + # API. + include_HEADERS = + +-libcnetinet_HEADERS = sctp.h.in +-BUILT_SOURCES = sctp.h ++libcnetinet_HEADERS = sctp.h -- cgit v1.2.3 From 834aa48504a24f0c79e858fc295edbf63815a408 Mon Sep 17 00:00:00 2001 From: Philip McGrath Date: Thu, 18 Mar 2021 22:34:51 -0400 Subject: gnu: racket: Don't inject store paths into Racket files. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apparently, during grafting, Guix can somehow mangle compiled Racket CS files (.zo) such that Racket will refuse to load them. (Maybe it has something to do with compression?) So, we stop patching Racket sources with absolute paths to store files (i.e. for foreign libraries to dlopen). Instead, we put them in a data file that doesn't get compiled or, in one case, embed it in C. Fixes https://issues.guix.gnu.org/47064 * gnu/packages/patches/racket-sh-via-rktio.patch: New file. Adds a special case at the C level, controlled by a preprocessor macro, to handle attempts to execute "/bin/sh". * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/scheme.scm (racket)[source](patches): Apply it. (racket)[arguments](#:configure-flags): Add the CPP flag to enable it. (racket)[arguments](#:modules): Use srfi-1. (racket)[arguments](#:phases): Remove 'patch-/bin/sh and 'pre-configure. Change 'pre-configure-minimal to just change directory. Add 'patch-config.rktd-lib-search-dirs after 'build and before 'install to configure Racket's "lib-search-dirs". (racket, racket-minimal)[inputs]: Add bash-minimal as an explicit input. (racket-minimal)[source]: Adjust to inherit patches from racket. (racket-minimal)[arguments]: Inherit from racket: changes no longer needed. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 2 + gnu/packages/patches/racket-sh-via-rktio.patch | 87 +++++++++++ gnu/packages/scheme.scm | 191 +++++++++++-------------- 3 files changed, 176 insertions(+), 104 deletions(-) create mode 100644 gnu/packages/patches/racket-sh-via-rktio.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 5c1ce07013..50b11a8ca2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -40,6 +40,7 @@ # Copyright © 2020 Malte Frank Gerdes # Copyright © 2020 Vinicius Monego # Copyright © 2021 Björn Höfling +# Copyright © 2021 Philip McGrath # # This file is part of GNU Guix. # @@ -1639,6 +1640,7 @@ dist_patch_DATA = \ %D%/packages/patches/ripperx-missing-file.patch \ %D%/packages/patches/rpcbind-CVE-2017-8779.patch \ %D%/packages/patches/rtags-separate-rct.patch \ + %D%/packages/patches/racket-sh-via-rktio.patch \ %D%/packages/patches/racket-store-checksum-override.patch \ %D%/packages/patches/remake-impure-dirs.patch \ %D%/packages/patches/retroarch-LIBRETRO_DIRECTORY.patch \ diff --git a/gnu/packages/patches/racket-sh-via-rktio.patch b/gnu/packages/patches/racket-sh-via-rktio.patch new file mode 100644 index 0000000000..b4fefd1514 --- /dev/null +++ b/gnu/packages/patches/racket-sh-via-rktio.patch @@ -0,0 +1,87 @@ +From 3574b567c486d264d680a37586436c3b5a8cb978 Mon Sep 17 00:00:00 2001 +From: Philip McGrath +Date: Thu, 4 Mar 2021 04:11:50 -0500 +Subject: [PATCH] patch rktio_process for "/bin/sh" on Guix + +Racket provides the functions `system` and `process`, +which execute shell commands using `sh` (or `cmd` on Windows). +Racket assumes that `sh` can be found at "/bin/sh", +which is not necessarily true on Guix. + +This patch adds a special case for "/bin/sh" to `rktio_process`, +the C function that implements the core of `system`, `process`, +and related Racket functions. + +Guix should enable the special case by defining the C preprocessor +macro `GUIX_RKTIO_PATCH_BIN_SH` with the path to `sh` in the store. +If: + + 1. The `GUIX_RKTIO_PATCH_BIN_SH` macro is defined; and + + 2. `rktio_process` is called with the exact path "/bin/sh"; and + + 3. The path specified by `GUIX_RKTIO_PATCH_BIN_SH` does exists; + +then `rktio_process` will execute the file specified +by `GUIX_RKTIO_PATCH_BIN_SH` instead of "/bin/sh". + +Compared to previous attempts to patch the Racket sources, +making this change at the C level is both: + + - More comprehensive: it catches all attempts to execute "/bin/sh", + without having to track down the source of every occurance; and + + - Less intrusive: by guarding the special case with a C preprocessor + conditional and a runtime check that the file in the store exists, + we make it much less likely that it will "leak" out of Guix. +--- + src/rktio/rktio_process.c | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/src/rktio/rktio_process.c b/src/rktio/rktio_process.c +index 89202436c0..465ebdd5c5 100644 +--- a/src/rktio/rktio_process.c ++++ b/src/rktio/rktio_process.c +@@ -1224,12 +1224,14 @@ int rktio_process_allowed_flags(rktio_t *rktio) + /*========================================================================*/ + + rktio_process_result_t *rktio_process(rktio_t *rktio, +- const char *command, int argc, rktio_const_string_t *argv, ++ /* PATCHED for Guix (next line) */ ++ const char *_guix_orig_command, int argc, rktio_const_string_t *argv, + rktio_fd_t *stdout_fd, rktio_fd_t *stdin_fd, rktio_fd_t *stderr_fd, + rktio_process_t *group_proc, + const char *current_directory, rktio_envvars_t *envvars, + int flags) + { ++ const char *command; /* PATCHED for Guix */ + rktio_process_result_t *result; + intptr_t to_subprocess[2], from_subprocess[2], err_subprocess[2]; + int pid; +@@ -1255,6 +1257,23 @@ rktio_process_result_t *rktio_process(rktio_t *rktio, + int i; + #endif + ++/* BEGIN PATCH for Guix */ ++#if defined(GUIX_RKTIO_PATCH_BIN_SH) ++# define GUIX_AS_a_STR_HELPER(x) #x ++# define GUIX_AS_a_STR(x) GUIX_AS_a_STR_HELPER(x) ++ /* A level of indirection makes `#` work as needed: */ ++ command = ++ ((0 == strcmp(_guix_orig_command, "/bin/sh")) ++ && rktio_file_exists(rktio, GUIX_AS_a_STR(GUIX_RKTIO_PATCH_BIN_SH))) ++ ? GUIX_AS_a_STR(GUIX_RKTIO_PATCH_BIN_SH) ++ : _guix_orig_command; ++# undef GUIX_AS_a_STR ++# undef GUIX_AS_a_STR_HELPER ++#else ++ command = _guix_orig_command; ++#endif ++/* END PATCH for Guix */ ++ + /* avoid compiler warnings: */ + to_subprocess[0] = -1; + to_subprocess[1] = -1; +-- +2.21.1 (Apple Git-122.3) + diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 10be0aa28a..b5d526bfc3 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -14,6 +14,7 @@ ;;; Copyright © 2020 Pierre Neidhardt ;;; Copyright © 2020 Brett Gilio ;;; Copyright © 2020 Edouard Klein +;;; Copyright © 2021 Philip McGrath ;;; ;;; This file is part of GNU Guix. ;;; @@ -43,6 +44,7 @@ #:use-module (guix build-system trivial) #:use-module (gnu packages autotools) #:use-module (gnu packages bdw-gc) + #:use-module (gnu packages bash) #:use-module (gnu packages compression) #:use-module (gnu packages databases) #:use-module (gnu packages libevent) @@ -411,94 +413,26 @@ implementation techniques and as an expository tool.") (base32 "047wpjblfzmf1msz7snrp2c2h0zxyzlmbsqr9bwsyvz3frcg0888")) (patches (search-patches + "racket-sh-via-rktio.patch" + ;; TODO: If we're no longer patching Racket source + ;; files with store paths, we may also fix the + ;; issue that necessitated the following patch: "racket-store-checksum-override.patch")))) (build-system gnu-build-system) (arguments - '(#:configure-flags - '("--enable-libz" + `(#:configure-flags + `(,(string-append "CPPFLAGS=-DGUIX_RKTIO_PATCH_BIN_SH=" + (assoc-ref %build-inputs "sh") + "/bin/sh") + "--enable-libz" "--enable-liblz4") + #:modules + ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-1)) #:phases (modify-phases %standard-phases - (add-before 'configure 'pre-configure-minimal - (lambda* (#:key inputs #:allow-other-keys) - ;; Patch dynamically loaded libraries with their absolute paths. - (let* ((library-path (search-path-as-string->list - (getenv "LIBRARY_PATH"))) - (find-so (lambda (soname) - (search-path - library-path - (format #f "~a.so" soname))))) - (substitute* "collects/db/private/sqlite3/ffi.rkt" - (("ffi-lib sqlite-so") - (format #f "ffi-lib \"~a\"" (find-so "libsqlite3")))) - (substitute* "collects/openssl/libssl.rkt" - (("ffi-lib libssl-so") - (format #f "ffi-lib \"~a\"" (find-so "libssl")))) - (substitute* "collects/openssl/libcrypto.rkt" - (("ffi-lib libcrypto-so") - (format #f "ffi-lib \"~a\"" (find-so "libcrypto"))))) - (chdir "src") - #t)) - (add-before 'pre-configure-minimal 'pre-configure - (lambda* (#:key inputs #:allow-other-keys) - ;; Patch dynamically loaded libraries with their absolute paths. - (let* ((library-path (search-path-as-string->list - (getenv "LIBRARY_PATH"))) - (find-so (lambda (soname) - (search-path - library-path - (format #f "~a.so" soname)))) - (patch-ffi-libs (lambda (file libs) - (for-each - (lambda (lib) - (substitute* file - (((format #f "\"~a\"" lib)) - (format #f "\"~a\"" (find-so lib))))) - libs)))) - (substitute* "share/pkgs/math-lib/math/private/bigfloat/gmp.rkt" - (("ffi-lib libgmp-so") - (format #f "ffi-lib \"~a\"" (find-so "libgmp")))) - (substitute* "share/pkgs/math-lib/math/private/bigfloat/mpfr.rkt" - (("ffi-lib libmpfr-so") - (format #f "ffi-lib \"~a\"" (find-so "libmpfr")))) - (substitute* "share/pkgs/readline-lib/readline/rktrl.rkt" - (("\\(getenv \"PLT_READLINE_LIB\"\\)") - (format #f "\"~a\"" (find-so "libedit")))) - (for-each - (lambda (x) (apply patch-ffi-libs x)) - '(("share/pkgs/draw-lib/racket/draw/unsafe/cairo-lib.rkt" - ("libfontconfig" "libcairo")) - ("share/pkgs/draw-lib/racket/draw/unsafe/glib.rkt" - ("libglib-2.0" "libgmodule-2.0" "libgobject-2.0")) - ("share/pkgs/draw-lib/racket/draw/unsafe/jpeg.rkt" - ("libjpeg")) - ("share/pkgs/draw-lib/racket/draw/unsafe/pango.rkt" - ("libpango-1.0" "libpangocairo-1.0")) - ("share/pkgs/draw-lib/racket/draw/unsafe/png.rkt" - ("libpng")) - ("share/pkgs/db-lib/db/private/odbc/ffi.rkt" - ("libodbc")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/x11.rkt" - ("libX11")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/gsettings.rkt" - ("libgio-2.0")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/gtk3.rkt" - ("libgdk-3" "libgtk-3")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/unique.rkt" - ("libunique-1.0")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/utils.rkt" - ("libgdk-x11-2.0" "libgdk_pixbuf-2.0" "libgtk-x11-2.0")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/gl-context.rkt" - ("libGL")) - ("share/pkgs/sgl/gl.rkt" - ("libGL" "libGLU"))))) - #t)) - (add-after 'unpack 'patch-/bin/sh - (lambda _ - (substitute* "collects/racket/system.rkt" - (("/bin/sh") (which "sh"))) - #t)) - (add-after 'patch-/bin/sh 'patch-chez-configure + (add-after 'unpack 'patch-chez-configure (lambda* (#:key inputs outputs #:allow-other-keys) (substitute* "src/cs/c/Makefile.in" (("/bin/sh") (which "sh"))) @@ -526,12 +460,69 @@ implementation techniques and as an expository tool.") (("/bin/cp") (which "cp")) (("/bin/echo") (which "echo"))) (substitute* "makefiles/installsh" - (("/bin/true") (which "true"))))))) + (("/bin/true") (which "true")))) + #t)) + (add-before 'configure 'pre-configure-minimal + (lambda* (#:key inputs #:allow-other-keys) + (chdir "src") + #t)) + (add-after 'build 'patch-config.rktd-lib-search-dirs + (lambda* (#:key inputs outputs #:allow-other-keys) + ;; We do this between the `build` and `install` phases + ;; so that we have racket to read and write the hash table, + ;; but it comes before `raco setup`, when foreign libraries + ;; are needed to build the documentation. + (define out (assoc-ref outputs "out")) + (apply invoke + "./cs/c/racketcs" + "-e" + ,(format #f + "~s" + '(let* ((args + (vector->list + (current-command-line-arguments))) + (file (car args)) + (extra-lib-search-dirs (cdr args))) + (write-to-file + (hash-update + (file->value file) + 'lib-search-dirs + (lambda (dirs) + (append dirs extra-lib-search-dirs)) + null) + #:exists 'truncate/replace + file))) + "--" + "../etc/config.rktd" + (filter-map (lambda (lib) + (cond + ((assoc-ref inputs lib) + => (lambda (pth) + (string-append pth "/lib"))) + (else + #f))) + '("cairo" + "fontconfig" + "glib" + "glu" + "gmp" + "gtk+" + "libjpeg" + "libpng" + "libx11" + "mesa" + "mpfr" + "openssl" + "pango" + "sqlite" + "unixodbc" + "libedit"))) + #t))) ;; XXX: how to run them? #:tests? #f)) (inputs - `(;; Hardcode dynamically loaded libraries for better functionality. - ;; sqlite and libraries for `racket/draw' are needed to build the doc. + `(;; sqlite and libraries for `racket/draw' are needed to build the doc. + ("sh" ,bash-minimal) ("zlib" ,zlib) ("zlib:static" ,zlib "static") ("lz4" ,lz4) @@ -571,29 +562,21 @@ of languages such as Typed Racket, R5RS and R6RS Scheme, and Datalog.") (inherit racket) (name "racket-minimal") (version (package-version racket)) - (source (origin - (method url-fetch) - (uri (list (string-append "https://mirror.racket-lang.org/installers/" - version "/racket-minimal-src.tgz") - ;; this mirror seems to have broken HTTPS: - (string-append - "http://mirror.informatik.uni-tuebingen.de/mirror/racket/" - version "/racket-minimal-src.tgz"))) - (sha256 - (base32 - "0mwyffw4gcci8wmzxa3j28h03h0gsz55aard8qrk3lri8r2xyg21")) - (patches (search-patches - "racket-store-checksum-override.patch")))) + (source + (origin + (inherit (package-source racket)) + (uri (list (string-append "https://mirror.racket-lang.org/installers/" + version "/racket-minimal-src.tgz") + ;; this mirror seems to have broken HTTPS: + (string-append + "http://mirror.informatik.uni-tuebingen.de/mirror/racket/" + version "/racket-minimal-src.tgz"))) + (sha256 "0mwyffw4gcci8wmzxa3j28h03h0gsz55aard8qrk3lri8r2xyg21"))) (synopsis "Racket without bundled packages such as Dr. Racket") - (arguments - (substitute-keyword-arguments (package-arguments racket) - ((#:phases phases) - `(modify-phases ,phases - ;; Delete fix that applies to files not included in the minimal package. - (delete 'pre-configure))))) (inputs `(("openssl" ,openssl) ("sqlite" ,sqlite) + ("sh" ,bash-minimal) ("zlib" ,zlib) ("zlib:static" ,zlib "static") ("lz4" ,lz4) -- cgit v1.2.3