From 12f37d60152e8ac818dea0f15f500eddb48e9cff Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 26 May 2017 23:48:01 -0400 Subject: gnu: graphite2/fixed: Update to 1.3.10. * gnu/packages/fontutils.scm (graphite2/fixed): Update to 1.3.10. Remove patches that have been incorporated upstream. * gnu/packages/patches/graphite2-CVE-2017-5436.patch, gnu/packages/patches/graphite2-check-code-point-limit.patch, gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch, gnu/packages/patches/graphite2-non-linear-classes-even-number.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 4 - gnu/packages/fontutils.scm | 15 ++-- gnu/packages/patches/graphite2-CVE-2017-5436.patch | 25 ------ .../patches/graphite2-check-code-point-limit.patch | 50 ------------ .../graphite2-fix-32-bit-wrap-arounds.patch | 93 ---------------------- .../graphite2-non-linear-classes-even-number.patch | 26 ------ 6 files changed, 5 insertions(+), 208 deletions(-) delete mode 100644 gnu/packages/patches/graphite2-CVE-2017-5436.patch delete mode 100644 gnu/packages/patches/graphite2-check-code-point-limit.patch delete mode 100644 gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch delete mode 100644 gnu/packages/patches/graphite2-non-linear-classes-even-number.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 178ad35482..a97be8b533 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -640,11 +640,7 @@ dist_patch_DATA = \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ - %D%/packages/patches/graphite2-CVE-2017-5436.patch \ - %D%/packages/patches/graphite2-check-code-point-limit.patch \ %D%/packages/patches/graphite2-ffloat-store.patch \ - %D%/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch \ - %D%/packages/patches/graphite2-non-linear-classes-even-number.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ %D%/packages/patches/gsl-test-i686.patch \ %D%/packages/patches/gspell-dash-test.patch \ diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 1c4d7d07ff..efea81dc11 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -415,22 +415,17 @@ and returns a sequence of positioned glyphids from the font.") (package (inherit graphite2) (name "graphite2") - (version "1.3.9") (replacement #f) (source (origin (method url-fetch) - (uri (string-append "https://github.com/silnrsi/graphite/releases/" - "download/" version "/" name "-" version ".tgz")) - (patches (search-patches - "graphite2-ffloat-store.patch" - "graphite2-check-code-point-limit.patch" - "graphite2-CVE-2017-5436.patch" - "graphite2-fix-32-bit-wrap-arounds.patch" - "graphite2-non-linear-classes-even-number.patch")) + (uri (let ((version "1.3.10")) + (string-append "https://github.com/silnrsi/graphite/releases/" + "download/" version "/" name "-" version ".tgz"))) + (patches (search-patches "graphite2-ffloat-store.patch")) (sha256 (base32 - "0rs5h7m340z75kygx8d72cps0q6yvvqa9i788vym7585cfv8a0gc")))))) + "1bm1rl2ww0m8rvmknh8fpajyz9xqv43qs9qrzf7xd5gaz6rf7zch")))))) (define-public potrace (package diff --git a/gnu/packages/patches/graphite2-CVE-2017-5436.patch b/gnu/packages/patches/graphite2-CVE-2017-5436.patch deleted file mode 100644 index d7383ec8de..0000000000 --- a/gnu/packages/patches/graphite2-CVE-2017-5436.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 1ce331d5548b98ed8b818532b2556d6f2c7a3b83 Mon Sep 17 00:00:00 2001 -From: Martin Hosken -Date: Thu, 9 Mar 2017 22:04:04 +0000 -Subject: [PATCH] Ensure features have enough space. Fix from Mozilla - ---- - src/FeatureMap.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/FeatureMap.cpp b/src/FeatureMap.cpp -index b8c8405..83bd5f6 100644 ---- a/src/FeatureMap.cpp -+++ b/src/FeatureMap.cpp -@@ -275,7 +275,7 @@ bool FeatureRef::applyValToFeature(uint32 val, Features & pDest) const - else - if (pDest.m_pMap!=&m_pFace->theSill().theFeatureMap()) - return false; //incompatible -- pDest.reserve(m_index); -+ pDest.reserve(m_index+1); - pDest[m_index] &= ~m_mask; - pDest[m_index] |= (uint32(val) << m_bits); - return true; --- -2.12.2 - diff --git a/gnu/packages/patches/graphite2-check-code-point-limit.patch b/gnu/packages/patches/graphite2-check-code-point-limit.patch deleted file mode 100644 index a9b6caf53f..0000000000 --- a/gnu/packages/patches/graphite2-check-code-point-limit.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 348c11e4571b534efdbd58a575bbea979c880b2f Mon Sep 17 00:00:00 2001 -From: Tim Eves -Date: Wed, 1 Mar 2017 14:23:46 +0700 -Subject: [PATCH] Fix decoding of USV greater than U+110000 - -Add test cases too ---- - src/inc/UtfCodec.h | 4 ++-- - tests/utftest/utftest.cpp | 3 +++ - 2 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/inc/UtfCodec.h b/src/inc/UtfCodec.h -index 3417bac..9dc760f 100644 ---- a/src/inc/UtfCodec.h -+++ b/src/inc/UtfCodec.h -@@ -124,7 +124,7 @@ struct _utf_codec<8> - private: - static const int8 sz_lut[16]; - static const byte mask_lut[5]; -- -+ static const uchar_t limit = 0x110000; - - public: - typedef uint8 codeunit_t; -@@ -157,7 +157,7 @@ public: - case 0: l = -1; return 0xFFFD; - } - -- if (l != seq_sz || toolong) -+ if (l != seq_sz || toolong || u >= limit) - { - l = -l; - return 0xFFFD; -diff --git a/tests/utftest/utftest.cpp b/tests/utftest/utftest.cpp -index 21cb188..a23553a 100644 ---- a/tests/utftest/utftest.cpp -+++ b/tests/utftest/utftest.cpp -@@ -8,6 +8,9 @@ struct test8 - unsigned char str[12]; - }; - struct test8 tests8[] = { -+ { 0, 0, {0xF4, 0x90, 0x80, 0x80, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] -+ { 0, 0, {0xC0, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] -+ { 0, 0, {0xA0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} }, // bad(4) [U+110000] - { 4, -1, {0x7F, 0xDF, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0, 0} }, // U+7F, U+7FF, U+FFFF, U+10FFF - { 2, 3, {0x7F, 0xDF, 0xBF, 0xF0, 0x8F, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, U+7FF, long(U+FFFF), U+10FFF - { 1, 1, {0x7F, 0xE0, 0x9F, 0xBF, 0xEF, 0xBF, 0xBF, 0xF4, 0x8F, 0xBF, 0xBF, 0} }, // U+7F, long(U+7FF), U+FFFF, U+10FFF --- -2.12.2 - diff --git a/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch b/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch deleted file mode 100644 index 57d4ce2c6e..0000000000 --- a/gnu/packages/patches/graphite2-fix-32-bit-wrap-arounds.patch +++ /dev/null @@ -1,93 +0,0 @@ -This patch incorporates the following 6 consecutive commits from the upstream -graphite2 repository: - -75b83cd..: Martin Hosken 2017-03-28 Fix 32-bit wrap arounds -1f97e36..: Martin Hosken 2017-03-28 balance comparisons in decompressor -9493785..: Martin Hosken 2017-03-29 Speculative rounding fix -09af043..: Tim Eves 2017-03-31 Move a MINMATCH to rhs of a comparisio -28cc60d..: Tim Eves 2017-03-31 Deal with similar wrap around in literal_len -8afc7d0..: Martin Hosken 2017-04-03 Fix 32-bit rollover in decompressor, again - -This diff was generated by the following command: - - git diff 1ce331d5548b98ed..8afc7d0081959866 - - -diff --git a/src/Decompressor.cpp b/src/Decompressor.cpp -index 084570f..56d531f 100644 ---- a/src/Decompressor.cpp -+++ b/src/Decompressor.cpp -@@ -51,7 +51,7 @@ bool read_sequence(u8 const * &src, u8 const * const end, u8 const * &literal, u - literal = src; - src += literal_len; - -- if (src > end - 2) -+ if (src > end - 2 || src < literal) - return false; - - match_dist = *src++; -@@ -85,7 +85,7 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size) - { - // Copy in literal. At this point the last full sequence must be at - // least MINMATCH + 5 from the end of the output buffer. -- if (dst + align(literal_len) > dst_end - (MINMATCH+5)) -+ if (align(literal_len) > unsigned(dst_end - dst - (MINMATCH+5)) || dst_end - dst < MINMATCH + 5) - return -1; - dst = overrun_copy(dst, literal, literal_len); - } -@@ -94,7 +94,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size) - // decoded output. - u8 const * const pcpy = dst - match_dist; - if (pcpy < static_cast(out) -- || dst + match_len + MINMATCH > dst_end - 5) -+ || match_len > unsigned(dst_end - dst - (MINMATCH+5)) -+ || dst_end - dst < MINMATCH + 5) - return -1; - if (dst > pcpy+sizeof(unsigned long) - && dst + align(match_len + MINMATCH) <= dst_end) -@@ -103,8 +104,8 @@ int lz4::decompress(void const *in, size_t in_size, void *out, size_t out_size) - dst = safe_copy(dst, pcpy, match_len + MINMATCH); - } - -- if (literal + literal_len > src_end -- || dst + literal_len > dst_end) -+ if (literal_len > src_end - literal -+ || literal_len > dst_end - dst) - return -1; - dst = fast_copy(dst, literal, literal_len); - -diff --git a/src/Pass.cpp b/src/Pass.cpp -index a4bac2e..683143c 100644 ---- a/src/Pass.cpp -+++ b/src/Pass.cpp -@@ -171,7 +171,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su - const uint16 * const o_actions = reinterpret_cast(p); - be::skip(p, m_numRules + 1); - const byte * const states = p; -- if (e.test(p + 2u*m_numTransition*m_numColumns >= pass_end, E_BADPASSLENGTH)) return face.error(e); -+ if (e.test(2u*m_numTransition*m_numColumns >= (unsigned)(pass_end - p), E_BADPASSLENGTH)) return face.error(e); - be::skip(p, m_numTransition*m_numColumns); - be::skip(p); - if (e.test(p != pcCode, E_BADPASSCCODEPTR)) return face.error(e); -@@ -192,7 +192,7 @@ bool Pass::readPass(const byte * const pass_start, size_t pass_length, size_t su - m_cPConstraint = vm::Machine::Code(true, pcCode, pcCode + pass_constraint_len, - precontext[0], be::peek(sort_keys), *m_silf, face, PASS_TYPE_UNKNOWN); - if (e.test(!m_cPConstraint, E_OUTOFMEM) -- || e.test(!m_cPConstraint, m_cPConstraint.status() + E_CODEFAILURE)) -+ || e.test(m_cPConstraint.status() != Code::loaded, m_cPConstraint.status() + E_CODEFAILURE)) - return face.error(e); - face.error_context(face.error_context() - 1); - } -diff --git a/src/Silf.cpp b/src/Silf.cpp -index 72a22cd..d661992 100644 ---- a/src/Silf.cpp -+++ b/src/Silf.cpp -@@ -191,7 +191,7 @@ bool Silf::readGraphite(const byte * const silf_start, size_t lSilf, Face& face, - - const size_t clen = readClassMap(p, passes_start - p, version, e); - m_passes = new Pass[m_numPasses]; -- if (e || e.test(p + clen > passes_start, E_BADPASSESSTART) -+ if (e || e.test(clen > unsigned(passes_start - p), E_BADPASSESSTART) - || e.test(!m_passes, E_OUTOFMEM)) - { releaseBuffers(); return face.error(e); } - diff --git a/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch b/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch deleted file mode 100644 index 2bb1c9f94e..0000000000 --- a/gnu/packages/patches/graphite2-non-linear-classes-even-number.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 0646e4ee471183994f78a759269f0505617711f3 Mon Sep 17 00:00:00 2001 -From: Martin Hosken -Date: Tue, 18 Apr 2017 13:17:14 +0100 -Subject: [PATCH] Ensure non linear classes have even number of elements - ---- - src/Silf.cpp | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/Silf.cpp b/src/Silf.cpp -index d661992..9f2f954 100644 ---- a/src/Silf.cpp -+++ b/src/Silf.cpp -@@ -293,7 +293,8 @@ size_t Silf::readClassMap(const byte *p, size_t data_len, uint32 version, Error - if (e.test(*o + 4 > max_off, E_HIGHCLASSOFFSET) // LookupClass doesn't stretch over max_off - || e.test(lookup[0] == 0 // A LookupClass with no looks is a suspicious thing ... - || lookup[0] * 2 + *o + 4 > max_off // numIDs lookup pairs fits within (start of LookupClass' lookups array, max_off] -- || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO)) // rangeShift: numIDs - searchRange -+ || lookup[3] + lookup[1] != lookup[0], E_BADCLASSLOOKUPINFO) // rangeShift: numIDs - searchRange -+ || e.test(((o[1] - *o) & 1) != 0, ERROROFFSET)) // glyphs are in pairs so difference must be even. - return ERROROFFSET; - } - --- -2.12.2 - -- cgit v1.2.3 From d771ba62f8b23cf71ad82b3423da36416e8a1e8d Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 26 May 2017 23:50:02 -0400 Subject: gnu: icecat: Add more fixes from upstream mozilla-esr52. * gnu/packages/gnuzilla.scm (icecat)[source]: Add selected fixes from the upstream mozilla-esr52 repository. --- gnu/packages/gnuzilla.scm | 56 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) (limited to 'gnu') diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index d9901fd0fb..8d03f0e00d 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -451,7 +451,61 @@ standards.") (mozilla-patch "icecat-bug-1346012.patch" "1ce6d0652921" "163ji64a86h682frh1jq016w1mjf8g24r8cni0irsdmiihis7zxc") (mozilla-patch "icecat-bug-1324140.patch" "8886f9cd5dd3" "0byabs9md8r3pc4r67sv2759427n1za0gfayln40nx47n2p52kmg") (mozilla-patch "icecat-bug-1342552.patch" "ad995e90916b" "02nq9sg675p26z99nr2pykbz51hi2phf0gmrb1bjpq9pjbll7gsa") - (mozilla-patch "icecat-bug-1355039.patch" "4ae71415fecf" "0yfkkdkkimad9a3w734xx85lb7hrl870c8k8an7w78fq3vl3fjnd"))) + (mozilla-patch "icecat-bug-1355039.patch" "4ae71415fecf" "0yfkkdkkimad9a3w734xx85lb7hrl870c8k8an7w78fq3vl3fjnd") + (mozilla-patch "icecat-bug-1363396.patch" "24cbb7f2e0ff" "006f0zhz5nxs72q9plwzhq4l79b47svzizvv510m5g2krsfrccza") + (mozilla-patch "icecat-bug-1356558.patch" "89c7fb6c5be3" "19650nmc4vn1prbpn5h06kz9d1al279xkc23v39577h4zhdrknkj") + (mozilla-patch "icecat-bug-1337810.patch" "0f6dd3564c76" "1sxajqh6r7fjs45xhvjwg94smpvyvplh3rdvq11d3q5m9v4kg7mz") + (mozilla-patch "icecat-bug-1347748.patch" "145905da25d3" "0c2q9f000snpm9x0qda2y0awrsm313iwxbv0kh33ca0kpza49a76") + (mozilla-patch "icecat-bug-1345355.patch" "c5012009a0b2" "0m772bgrwb8iwv2bdgx694ybg5wgbf58xg5v245x0p7gwhgwiwmr") + (mozilla-patch "icecat-bug-1351340.patch" "047f19a1b9a0" "0qjnhybibs3cpcba3ga4g7d4c0w716xa9jf87y2ir8yz7dw1f9vl") + (mozilla-patch "icecat-bug-1056322.patch" "f076a30f6c29" "0xgskjl6zmxi3v4l0f3wlas0qb2403fin5lv1hi3jf2142ihpaml") + (mozilla-patch "icecat-bug-1355414.patch" "28e09d4ac3e9" "06clr2kwz28nyjlj13y036x6rxwh6frdh11aq6kbm1nj6s01i9zl") + (mozilla-patch "icecat-bug-1313977.patch" "4c0b09f70aea" "04jq1xrlhj04n5bgh93xkbqwnh01pswfjhv81zk7i87c7xz6h92q") + (mozilla-patch "icecat-bug-1357366.patch" "0b855945ce34" "0va8kqlgx6qhq2qrawkcm66kqrwwpmxblyjp3c7ifplxd0j0ijaf") + (mozilla-patch "icecat-bug-1338574-pt0.patch" "243d7bffa4f1" "1d1v68amhnygc0g4w1afs374pjs7z5fx5inyq8idawbh4kxfncq7") + (mozilla-patch "icecat-bug-1338574-pt1.patch" "337398a83aa5" "1141n7dhy9rh70sww8v58cbkba74xm5i75j1sgm5qwvkhh69qr5h") + (mozilla-patch "icecat-bug-1338574-pt2.patch" "50e120d7ac64" "0dbcaq27vsjlh7vm30c88rlhkx8c1195rnr01six40mymh09rhym") + (mozilla-patch "icecat-bug-1338574-pt3.patch" "2d4da5a366e8" "1761npkpw5zsm4q8rzfrg8m1ayrf8c857iq3vdd8rbqcswzv6xq0") + (mozilla-patch "icecat-bug-1338574-pt4.patch" "b10d9b0c187f" "044zq9gzw4v5r3ki8dwfjg9dznai0jch29y0xrxzb2rfr6yvx0sb") + (mozilla-patch "icecat-bug-1338574-pt5.patch" "697713a6841c" "1m9q4rh4ny945xsx3p3f5bg1izs9q58d71la5drj31z6kvbhnsi2") + (mozilla-patch "icecat-bug-1338574-pt6.patch" "1d14abf37cf8" "1xyja9hjb7qfqi7kh85bw5nxkhyzw1rijjhnh5pgr5z0v718kjyc") + (mozilla-patch "icecat-bug-1338574-pt7.patch" "5e85bc599d0c" "1pmhs3hmhkgj6q19padcbpi5qvgnhx6ib09zpcwxr8ll6lllxhig") + (mozilla-patch "icecat-bug-1152353.patch" "d893dea8e7b4" "1pbayv7np6z7hlkk1dhvx3ppkni7f8n3cz8hs67l3nssw214c1ih") + (mozilla-patch "icecat-bug-1345893.patch" "3a747480ead1" "0sxd23y9g77mx5indjs9isxnnrkin835qrh6dn62dlvbll8lgqi2") + (mozilla-patch "icecat-bug-1343172.patch" "c7b064f6b93a" "1sh10j3h8cnqi3rpr70lv2yz14zhy1v9ms4f64fmrbjlz7q09j6q") + (mozilla-patch "icecat-bug-1352348.patch" "1d86e96610a1" "02ybn2608v57pjh8kjgnhkg157asawjk5xia59qb63m5vfvrinwv") + (mozilla-patch "icecat-bug-1354308.patch" "c8ba3f911eb1" "0w70b8dmvqjn1d8sphfkwnbwii8nh2q5k48clkvbhn7kpc2890mi") + (mozilla-patch "icecat-bug-1335904.patch" "366cdd623cfb" "0gcmld4bplaakx6d50gw223lg1jjcni7866q1f2hxm0h1r9wwd3k") + (mozilla-patch "icecat-bug-1355340.patch" "6b174b41fa44" "0zdgfy0zsrs3cvfkmrhxw0mrfibpnb58xp3z8fapx5ja59wmcabs") + (mozilla-patch "icecat-bug-1360574-pt1.patch" "237eee780619" "1iw6z762zdc42kwjvv58a2cjc0s4kzwwy7838apl7y7cq85g0jg2") + (mozilla-patch "icecat-bug-1360574-pt2.patch" "46a5a4aac189" "1i553f9qvav0fn5avbp8912995pqbhzbzamxxfz8gn2ik17y3xly") + (mozilla-patch "icecat-bug-1358776.patch" "bd35fa23f79a" "12nicgwhcn63knmlcl0c2askn9sj35bfclaab3826pkd9yq5g4p5") + (mozilla-patch "icecat-bug-1362590.patch" "c1314a709b41" "0klgrcyc20fig6rbm9znjpcnfsz6xnlp1v03fbvaww0riy2qm42k") + (mozilla-patch "icecat-bug-1359859.patch" "e38948fb79d6" "1sfyc5s9ndv6q72k8n9x0rvj4sz40k51iljrs42gwykzkjm2fx5m") + (mozilla-patch "icecat-bug-1342057.patch" "278bef1d7a64" "0zk18s9pnbwz9ankmc9mj4197s55j1jvax04ansqymmmc3a5ciif") + (mozilla-patch "icecat-bug-1325513.patch" "218e0963406f" "0wqms5nany4sx2g4p01lbam7la2dyazz87dhv5hcsf8ifxrfww11") + (mozilla-patch "icecat-bug-1304566.patch" "188e39630fcd" "1bfxfgj5ywx4bcf91kwyrjh5ppiv59gadx4445achyabdi639l8d") + (mozilla-patch "icecat-bug-1356601.patch" "8191e403fedf" "1k4zmq0923f5dc3dwbz1q0bkcbm90ldwkczym366hgwadb2305nd") + (mozilla-patch "icecat-bug-1334097.patch" "fe2a2c7e88cb" "1rppaivaddigwk65krn8m9f9mcdkiiv28ws9n9zj62n0rc1shyvc") + (mozilla-patch "icecat-bug-1359051.patch" "8d7dbe5c6587" "14zh74bbld4s0jy0a48fi9acxkc236mh9wjid3vrf72yj6bi5xnp") + (mozilla-patch "icecat-bug-1359697.patch" "ca2b5274549f" "1ns7v70i1hfkxqnjhf9fp0lk9095hdcllg94j3dl1nfaif4w6vbf") + (mozilla-patch "icecat-bug-1343256.patch" "a30dd7dd6617" "1k078176fp8vz871wirjz9d3yx9l2lfl8p75c4905n3j3zv2297q") + (mozilla-patch "icecat-bug-1349310.patch" "81b3ce7d37b3" "0ad0wqczy4kpggj6m3b8bzxi6ax340mik1mfawhkq89a1h2sfpxv") + (mozilla-patch "icecat-bug-1356179.patch" "66d8893f37f0" "0izl31lagvdv4qpb9gkjxvgpmxzw50x5bviap4l7bbnb56cv7d8p") + (mozilla-patch "icecat-bug-1365602.patch" "aad883966edd" "058axnrwrbvy2h9r9pb766lyky45hb92rap142sbp17yz0sxfmww") + (mozilla-patch "icecat-bug-1355520.patch" "7ca2d8839f7a" "1xbmpvr2x720x9ghd5wgbg6lknbnhcyqmkkfamdf97mqcyizyr21") + (mozilla-patch "icecat-bug-1358469.patch" "4d432638c0f9" "0qpjmwik3dryjwmgfwmkqk0rs9rb2lafb2k9fc3pkjnrq5y0l9xg") + (mozilla-patch "icecat-bug-1356025.patch" "f5967db0a0f3" "045wbvkm21kbm314dd6lbq2disiaf26kmsxi6brf442fd0028gwq") + (mozilla-patch "icecat-bug-1345910.patch" "ec6b6720e54e" "0lm15jl46mdlsds6947jsiyvhf9agb8hcdrqj2svc3kn9kzvyr2n") + (mozilla-patch "icecat-bug-1359639.patch" "a4f8d8a12afa" "0d7sjc21af074rvgvijj42gmpjvcb1v1zlpgb3s7ky7w6wjr35vx") + (mozilla-patch "icecat-bug-1357090.patch" "d07f24a72ce4" "1qbwska76b2zslb95wnx9v04znb6k9fqylr4ajyfqpwk1sr363hg") + (mozilla-patch "icecat-bug-1364283.patch" "a6caa7628e36" "1yv5f4h8js9bry9krcx130w6ic8rdmmq4fap6va24kfx8qflg70h") + (mozilla-patch "icecat-bug-1237868.patch" "41138235d4ea" "0mcj4x2kmagwf5hp8xhczf04sxm995pk1zarc9yffk84z7fcrxkj") + (mozilla-patch "icecat-bug-1331335.patch" "b724283e3b31" "1xbb1vcdzfpcmrmxm8ihwzslh2vz15k0k601nvyhh6vgx270h1wn") + (mozilla-patch "icecat-bug-1367267.patch" "4c2f4d8b693e" "1hrndhfnz0vnjnspwh5mbvgl2j8d1cs62awp04wx2w6z4l4wrmbv") + (mozilla-patch "icecat-bug-1366595.patch" "cce3fd607206" "1z97jw8jpfyx61jxf0j8nsplnna2c5bwihwnl9cvlc2cspp3kgp5") + (mozilla-patch "icecat-bug-1349266.patch" "dc4e3c64d781" "1zd666k4qpdamly3av09k602pmirjcs9l6la6ba0qq9w9vfan3g5") + (mozilla-patch "icecat-bug-1366140.patch" "379c348250e8" "0kvsyhi9j3bjx14ffr13dslqp8ghcgrz6ds2fikdkrrrk4syskd5"))) (modules '((guix build utils))) (snippet '(begin -- cgit v1.2.3 From ba69e8f7ce21a81bdd5b99fdb1cc64492443e15c Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Mon, 1 May 2017 21:41:45 +0200 Subject: gnu: Add knot-service-type. * gnu/services/dns.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (DNS Services): New subsubsection. --- doc/guix.texi | 410 +++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/dns.scm | 593 +++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 1004 insertions(+) create mode 100644 gnu/services/dns.scm (limited to 'gnu') diff --git a/doc/guix.texi b/doc/guix.texi index aa8b705be6..0d389261a2 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -218,6 +218,7 @@ Services * Messaging Services:: Messaging services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. +* DNS Services:: DNS daemons. * VPN Services:: VPN daemons. * Network File System:: NFS related services. * Continuous Integration:: The Cuirass service. @@ -8737,6 +8738,7 @@ declaration. * Messaging Services:: Messaging services. * Kerberos Services:: Kerberos services. * Web Services:: Web servers. +* DNS Services:: DNS daemons. * VPN Services:: VPN daemons. * Network File System:: NFS related services. * Continuous Integration:: The Cuirass service. @@ -13520,6 +13522,414 @@ Whether the server should add its configuration to response. @end table @end deftp +@node DNS Services +@subsubsection DNS Services +@cindex DNS (domain name system) +@cindex domain name system (DNS) + +The @code{(gnu services dns)} module provides services related to the +@dfn{domain name system} (DNS). It provides a server service for hosting +an @emph{authoritative} DNS server for multiple zones, slave or master. +This service uses @uref{https://www.knot-dns.cz/, Knot DNS}. + +An example configuration of an authoritative server for two zones, one master +and one slave, is: + +@lisp +(define-zone-entries example.org.zone +;; Name TTL Class Type Data + ("@@" "" "IN" "A" "127.0.0.1") + ("@@" "" "IN" "NS" "ns") + ("ns" "" "IN" "A" "127.0.0.1")) + +(define master-zone + (knot-zone-configuration + (domain "example.org") + (zone (zone-file + (origin "example.org") + (entries example.org.zone))))) + +(define slave-zone + (knot-zone-configuration + (domain "plop.org") + (dnssec-policy "default") + (master (list "plop-master")))) + +(define plop-master + (knot-remote-configuration + (id "plop-master") + (address (list "208.76.58.171")))) + +(operating-system + ;; ... + (services (cons* (service knot-service-type + (knot-confifguration + (remotes (list plop-master)) + (zones (list master-zone slave-zone)))) + ;; ... + %base-services))) +@end lisp + +@deffn {Scheme Variable} knot-service-type +This is the type for the Knot DNS server. + +Knot DNS is an authoritative DNS server, meaning that it can serve multiple +zones, that is to say domain names you would buy from a registrar. This server +is not a resolver, meaning that it can only resolve names for which it is +authoritative. This server can be configured to serve zones as a master server +or a slave server as a per-zone basis. Slave zones will get their data from +masters, and will serve it as an authoritative server. From the point of view +of a resolver, there is no difference between master and slave. + +The following data types are used to configure the Knot DNS server: +@end deffn + +@deftp {Data Type} knot-key-configuration +Data type representing a key. +This type has the following parameters: + +@table @asis +@item @code{id} (default: @code{""}) +An identifier for other configuration fields to refer to this key. IDs must +be unique and must not be empty. + +@item @code{algorithm} (default: @code{#f}) +The algorithm to use. Choose between @code{#f}, @code{'hmac-md5}, +@code{'hmac-sha1}, @code{'hmac-sha224}, @code{'hmac-sha256}, @code{'hmac-sha384} +and @code{'hmac-sha512}. + +@item @code{secret} (default: @code{""}) +The secret key itself. + +@end table +@end deftp + +@deftp {Data Type} knot-acl-configuration +Data type representing an Access Control List (ACL) configuration. +This type has the following parameters: + +@table @asis +@item @code{id} (default: @code{""}) +An identifier for ether configuration fields to refer to this key. IDs must be +unique and must not be empty. + +@item @code{address} (default: @code{'()}) +An ordered list of IP addresses, network subnets, or network ranges represented +with strings. The query must match one of them. Empty value means that +address match is not required. + +@item @code{key} (default: @code{'()}) +An ordered list of references to keys represented with strings. The string +must match a key ID defined in a @code{knot-key-configuration}. No key means +that a key is not require to match that ACL. + +@item @code{action} (default: @code{'()}) +An ordered list of actions that are permitted or forbidden by this ACL. Possible +values are lists of zero or more elements from @code{'transfer}, @code{'notify} +and @code{'update}. + +@item @code{deny?} (default: @code{#f}) +When true, the ACL defines restrictions. Listed actions are forbidden. When +false, listed actions are allowed. + +@end table +@end deftp + +@deftp {Data Type} zone-entry +Data type represnting a record entry in a zone file. +This type has the following parameters: + +@table @asis +@item @code{name} (default: @code{"@@"}) +The name of the record. @code{"@@"} refers to the origin of the zone. Names +are relative to the origin of the zone. For example, in the @code{example.org} +zone, @code{"ns.example.org"} actually refers to @code{ns.example.org.example.org}. +Names ending with a dot are absolute, which means that @code{"ns.example.org."} +refers to @code{ns.example.org}. + +@item @code{ttl} (default: @code{""}) +The Time-To-Live (TTL) of this record. If not set, the default TTL is used. + +@item @code{class} (default: @code{"IN"}) +The class of the record. Knot currently supports only @code{"IN"} and +partially @code{"CH"}. + +@item @code{type} (default: @code{"A"}) +The type of the record. Common types include A (IPv4 address), AAAA (IPv6 +address), NS (Name Server) and MX (Mail eXchange). Many other types are +defined. + +@item @code{data} (default: @code{""}) +The data contained in the record. For instance an IP address associated with +an A record, or a domain name associated with an NS record. Remember that +domain names are relative to the origin unless they end with a dot. + +@end table +@end deftp + +@deftp {Data Type} zone-file +Data type representing the content of a zone file. +This type has the following parameters: + +@table @asis +@item @code{entries} (default: @code{'()}) +The list of entries. The SOA record is taken care of, so you don't need to +put it in the list of entries. This list should probably contain an entry +for your primary authoritative DNS server. Other than using a list of entries +directly, you can use @code{define-zone-entries} to define a object containing +the list of entries more easily, that you can later pass to the @code{entries} +field of the @code{zone-file}. + +@item @code{origin} (default: @code{""}) +The name of your zone. This parameter cannot be empty. + +@item @code{ns} (default: @code{"ns"}) +The domain of your primary authoritative DNS server. The name is relative to +the origin, unless it ends with a dot. It is mandatory that this primary +DNS server corresponds to an NS record in the zone and that it is associated +to an IP address in the list of entries. + +@item @code{mail} (default: @code{"hostmaster"}) +An email address people can contact you at, as the owner of the zone. This +is translated as @code{@@}. + +@item @code{serial} (default: @code{1}) +The serial number of the zone. As this is used to keep track of changes by +both slaves and resolvers, it is mandatory that it @emph{never} decreases. +Always increment it when you make a change in your zone. + +@item @code{refresh} (default: @code{"2d"}) +The frequency at which slaves will do a zone transfer. This value can be +a number of seconds or a number of some unit between: +@itemize +@item m: minute +@item h: hour +@item d: day +@item w: week +@end itemize + +@item @code{retry} (default: @code{"15m"}) +The period after which a slave will retry to contact its master when it fails +to do so a first time. + +@item @code{expiry} (default: @code{"2w"}) +Default TTL of records. Existing records are considered correct for at most +this amount of time. After this period, resolvers will invalidate their cache +and check again that it still exists. + +@item @code{nx} (default: @code{"1h"}) +Default TTL of inexistant records. This delay is usually short because you want +your new domains to reach everyone quickly. + +@end table +@end deftp + +@deftp {Data Type} knot-remote-configuration +Data type representing a remote configuration. +This type has the following parameters: + +@table @asis +@item @code{id} (default: @code{""}) +An identifier for other configuration fields to refer to this remote. IDs must +be unique and must not be empty. + +@item @code{address} (default: @code{'()}) +An ordered list of destination IP addresses. Addresses are tried in sequence. +An optional port can be given with the @@ separator. For instance: +@code{(list "1.2.3.4" "2.3.4.5@@53")}. Default port is 53. + +@item @code{via} (default: @code{'()}) +An ordered list of source IP addresses. An empty list will have Knot choose +an appropriate source IP. An optional port can be given with the @@ separator. +The default is to choose at random. + +@item @code{key} (default: @code{#f}) +A reference to a key, that is a string containing the identifier of a key +defined in a @code{knot-key-configuration} field. + +@end table +@end deftp + +@deftp {Data Type} knot-keystore-configuration +Data type representing a keystore to hold dnssec keys. +This type has the following parameters: + +@table @asis +@item @code{id} (default: @code{""}) +The id of the keystore. It must not be empty. + +@item @code{backend} (default: @code{'pem}) +The backend to store the keys in. Can be @code{'pem} or @code{'pkcs11}. + +@item @code{config} (default: @code{"/var/lib/knot/keys/keys"}) +The configuration string of the backend. An example for the PKCS#11 is: +@code{"pkcs11:token=knot;pin-value=1234 /gnu/store/.../lib/pkcs11/libsofthsm2.so"}. +For the pem backend, the string reprensents a path in the filesystem. + +@end table +@end deftp + +@deftp {Data Type} knot-policy-configuration +Data type representing a dnssec policy. Knot DNS is able to automatically +sign your zones. It can either generate and manage your keys automatically or +use keys that you generate. + +Dnssec is usually implemented using two keys: a Key Signing Key (KSK) that is +used to sign the second, and a Zone Signing Key (ZSK) that is used to sign the +zone. In order to be trusted, the KSK needs to be present in the parent zone +(usually a top-level domain). If your registrar supports dnssec, you will +have to send them your KSK's hash so they can add a DS record in their zone. +This is not automated and need to be done each time you change your KSK. + +The policy also defines the lifetime of keys. Usually, ZSK can be changed +easily and use weaker cryptographic functions (they use lower parameters) in +order to sign records quickly, so they are changed often. The KSK however +requires manual interaction with the registrar, so they are changed less often +and use stronger parameters because they sign only one record. + +This type has the following parameters: + +@table @asis +@item @code{id} (default: @code{""}) +The id of the policy. It must not be empty. + +@item @code{keystore} (default: @code{"default"}) +A reference to a keystore, that is a string containing the identifier of a +keystore defined in a @code{knot-keystore-configuration} field. The +@code{"default"} identifier means the default keystore (a kasp database that +was setup by this service). + +@item @code{manual?} (default: @code{#f}) +Whether the key management is manual or automatic. + +@item @code{single-type-signing?} (default: @code{#f}) +When @code{#t}, use the Single-Type Signing Scheme. + +@item @code{algorithm} (default: @code{"ecdsap256sha256"}) +An algorithm of signing keys and issued signatures. + +@item @code{ksk-size} (default: @code{256}) +The length of the KSK. Note that this value is correct for the default +algorithm, but would be unsecure for other algorithms. + +@item @code{zsk-size} (default: @code{256}) +The length of the ZSK. Note that this value is correct for the default +algorithm, but would be unsecure for other algorithms. + +@item @code{dnskey-ttl} (default: @code{'default}) +The TTL value for DNSKEY records added into zone apex. The special +@code{'default} value means same as the zone SOA TTL. + +@item @code{zsk-lifetime} (default: @code{"30d"}) +The period between ZSK publication and the next rollover initiation. + +@item @code{propagation-delay} (default: @code{"1d"}) +An extra delay added for each key rollover step. This value should be high +enough to cover propagation of data from the master server to all slaves. + +@item @code{rrsig-lifetime} (default: @code{"14d"}) +A validity period of newly issued signatures. + +@item @code{rrsig-refresh} (default: @code{"7d"}) +A period how long before a signature expiration the signature will be refreshed. + +@item @code{nsec3?} (default: @code{#f}) +When @code{#t}, NSEC3 will be used instead of NSEC. + +@item @code{nsec3-iterations} (default: @code{5}) +The number of additional times the hashing is performed. + +@item @code{nsec3-salt-length} (default: @code{8}) +The length of a salt field in octets, which is appended to the original owner +name before hashing. + +@item @code{nsec3-salt-lifetime} (default: @code{"30d"}) +The validity period of newly issued salt field. + +@end table +@end deftp + +@deftp {Data Type} knot-zone-configuration +Data type representing a zone served by Knot. +This type has the following parameters: + +@table @asis +@item @code{domain} (default: @code{""}) +The domain served by this configuration. It must not be empty. + +@item @code{file} (default: @code{""}) +The file where this zone is saved. This parameter is ignored by master zones. +Empty means default location that depends on the domain name. + +@item @code{zone} (default: @code{(zone-file)}) +The content of the zone file. This parameter is ignored by slave zones. It +must contain a zone-file record. + +@item @code{master} (default: @code{'()}) +A list of master remotes. When empty, this zone is a master. When set, this +zone is a slave. This is a list of remotes identifiers. + +@item @code{ddns-master} (default: @code{#f}) +The main master. When empty, it defaults to the first master in the list of +masters. + +@item @code{notify} (default: @code{'()}) +A list of slave remote identifiers. + +@item @code{acl} (default: @code{'()}) +A list of acl identifiers. + +@item @code{semantic-checks?} (default: @code{#f}) +When set, this adds more semantic checks to the zone. + +@item @code{disable-any?} (default: @code{#f}) +When set, this forbids queries of the ANY type. + +@item @code{zonefile-sync} (default: @code{0}) +The delay between a modification in memory and on disk. 0 means immediate +synchronization. + +@item @code{serial-policy} (default: @code{'increment}) +A policy between @code{'increment} and @code{'unixtime}. + +@end table +@end deftp + +@deftp {Data Type} knot-configuration +Data type representing the Knot configuration. +This type has the following parameters: + +@table @asis +@item @code{knot} (default: @code{knot}) +The Knot package. + +@item @code{run-directory} (default: @code{"/var/run/knot"}) +The run directory. This directory will be used for pid file and sockets. + +@item @code{listen-v4} (default: @code{"0.0.0.0"}) +An ip address on which to listen. + +@item @code{listen-v6} (default: @code{"::"}) +An ip address on which to listen. + +@item @code{listen-port} (default: @code{53}) +A port on which to listen. + +@item @code{keys} (default: @code{'()}) +The list of knot-key-configuration used by this configuration. + +@item @code{acls} (default: @code{'()}) +The list of knot-acl-configuration used by this configuration. + +@item @code{remotes} (default: @code{'()}) +The list of knot-remote-configuration used by this configuration. + +@item @code{zones} (default: @code{'()}) +The list of knot-zone-configuration used by this configuration. + +@end table +@end deftp + @node VPN Services @subsubsection VPN Services @cindex VPN (virtual private network) diff --git a/gnu/local.mk b/gnu/local.mk index a97be8b533..0ef6e2af98 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -426,6 +426,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/dbus.scm \ %D%/services/desktop.scm \ %D%/services/dict.scm \ + %D%/services/dns.scm \ %D%/services/kerberos.scm \ %D%/services/lirc.scm \ %D%/services/mail.scm \ diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm new file mode 100644 index 0000000000..2ed7b9e22f --- /dev/null +++ b/gnu/services/dns.scm @@ -0,0 +1,593 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Julien Lepiller +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services dns) + #:use-module (gnu services) + #:use-module (gnu services configuration) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (gnu packages dns) + #:use-module (guix packages) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) + #:use-module (ice-9 match) + #:use-module (ice-9 regex) + #:export (knot-service-type + knot-acl-configuration + knot-key-configuration + knot-keystore-configuration + knot-zone-configuration + knot-remote-configuration + knot-policy-configuration + knot-configuration + define-zone-entries + zone-file + zone-entry)) + +;;; +;;; Knot DNS. +;;; + +(define-record-type* + knot-key-configuration make-knot-key-configuration + knot-key-configuration? + (id knot-key-configuration-id + (default "")) + (algorithm knot-key-configuration-algorithm + (default #f)); one of #f, or an algorithm name + (secret knot-key-configuration-secret + (default ""))) + +(define-record-type* + knot-acl-configuration make-knot-acl-configuration + knot-acl-configuration? + (id knot-acl-configuration-id + (default "")) + (address knot-acl-configuration-address + (default '())) + (key knot-acl-configuration-key + (default '())) + (action knot-acl-configuration-action + (default '())) + (deny? knot-acl-configuration-deny? + (default #f))) + +(define-record-type* + zone-entry make-zone-entry + zone-entry? + (name zone-entry-name + (default "@")) + (ttl zone-entry-ttl + (default "")) + (class zone-entry-class + (default "IN")) + (type zone-entry-type + (default "A")) + (data zone-entry-data + (default ""))) + +(define-record-type* + zone-file make-zone-file + zone-file? + (entries zone-file-entries + (default '())) + (origin zone-file-origin + (default "")) + (ns zone-file-ns + (default "ns")) + (mail zone-file-mail + (default "hostmaster")) + (serial zone-file-serial + (default 1)) + (refresh zone-file-refresh + (default "2d")) + (retry zone-file-retry + (default "15m")) + (expiry zone-file-expiry + (default "2w")) + (nx zone-file-nx + (default "1h"))) +(define-record-type* + knot-keystore-configuration make-knot-keystore-configuration + knot-keystore-configuration? + (id knot-keystore-configuration-id + (default "")) + (backend knot-keystore-configuration-backend + (default 'pem)) + (config knot-keystore-configuration-config + (default "/var/lib/knot/keys/keys"))) + +(define-record-type* + knot-policy-configuration make-knot-policy-configuration + knot-policy-configuration? + (id knot-policy-configuration-id + (default "")) + (keystore knot-policy-configuration-keystore + (default "default")) + (manual? knot-policy-configuration-manual? + (default #f)) + (single-type-signing? knot-policy-configuration-single-type-signing? + (default #f)) + (algorithm knot-policy-configuration-algorithm + (default "ecdsap256sha256")) + (ksk-size knot-policy-configuration-ksk-size + (default 256)) + (zsk-size knot-policy-configuration-zsk-size + (default 256)) + (dnskey-ttl knot-policy-configuration-dnskey-ttl + (default 'default)) + (zsk-lifetime knot-policy-configuration-zsk-lifetime + (default "30d")) + (propagation-delay knot-policy-configuration-propagation-delay + (default "1d")) + (rrsig-lifetime knot-policy-configuration-rrsig-lifetime + (default "14d")) + (rrsig-refresh knot-policy-configuration-rrsig-refresh + (default "7d")) + (nsec3? knot-policy-configuration-nsec3? + (default #f)) + (nsec3-iterations knot-policy-configuration-nsec3-iterations + (default 5)) + (nsec3-salt-length knot-policy-configuration-nsec3-salt-length + (default 8)) + (nsec3-salt-lifetime knot-policy-configuration-nsec3-salt-lifetime + (default "30d"))) + +(define-record-type* + knot-zone-configuration make-knot-zone-configuration + knot-zone-configuration? + (domain knot-zone-configuration-domain + (default "")) + (file knot-zone-configuration-file + (default "")) ; the file where this zone is saved. + (zone knot-zone-configuration-zone + (default (zone-file))) ; initial content of the zone file + (master knot-zone-configuration-master + (default '())) + (ddns-master knot-zone-configuration-ddns-master + (default #f)) + (notify knot-zone-configuration-notify + (default '())) + (acl knot-zone-configuration-acl + (default '())) + (semantic-checks? knot-zone-configuration-semantic-checks? + (default #f)) + (disable-any? knot-zone-configuration-disable-any? + (default #f)) + (zonefile-sync knot-zone-configuration-zonefile-sync + (default 0)) + (dnssec-policy knot-zone-configuration-dnssec-policy + (default #f)) + (serial-policy knot-zone-configuration-serial-policy + (default 'increment))) + +(define-record-type* + knot-remote-configuration make-knot-remote-configuration + knot-remote-configuration? + (id knot-remote-configuration-id + (default "")) + (address knot-remote-configuration-address + (default '())) + (via knot-remote-configuration-via + (default '())) + (key knot-remote-configuration-key + (default #f))) + +(define-record-type* + knot-configuration make-knot-configuration + knot-configuration? + (knot knot-configuration-knot + (default knot)) + (run-directory knot-configuration-run-directory + (default "/var/run/knot")) + (listen-v4 knot-configuration-listen-v4 + (default "0.0.0.0")) + (listen-v6 knot-configuration-listen-v6 + (default "::")) + (listen-port knot-configuration-listen-port + (default 53)) + (keys knot-configuration-keys + (default '())) + (keystores knot-configuration-keystores + (default '())) + (acls knot-configuration-acls + (default '())) + (remotes knot-configuration-remotes + (default '())) + (policies knot-configuration-policies + (default '())) + (zones knot-configuration-zones + (default '()))) + +(define-syntax define-zone-entries + (syntax-rules () + ((_ id (name ttl class type data) ...) + (define id (list (make-zone-entry name ttl class type data) ...))))) + +(define (error-out msg) + (raise (condition (&message (message msg))))) + +(define (verify-knot-key-configuration key) + (unless (knot-key-configuration? key) + (error-out "keys must be a list of only knot-key-configuration.")) + (let ((id (knot-key-configuration-id key))) + (unless (and (string? id) (not (equal? id ""))) + (error-out "key id must be a non empty string."))) + (unless (memq '(#f hmac-md5 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512) + (knot-key-configuration-algorithm key)) + (error-out "algorithm must be one of: #f, 'hmac-md5, 'hmac-sha1, +'hmac-sha224, 'hmac-sha256, 'hmac-sha384 or 'hmac-sha512"))) + +(define (verify-knot-keystore-configuration keystore) + (unless (knot-keystore-configuration? keystore) + (error-out "keystores must be a list of only knot-keystore-configuration.")) + (let ((id (knot-keystore-configuration-id keystore))) + (unless (and (string? id) (not (equal? id ""))) + (error-out "keystore id must be a non empty string."))) + (unless (memq '(pem pkcs11) + (knot-keystore-configuration-backend keystore)) + (error-out "backend must be one of: 'pem or 'pkcs11"))) + +(define (verify-knot-policy-configuration policy) + (unless (knot-keystore-configuration? policy) + (error-out "policies must be a list of only knot-policy-configuration.")) + (let ((id (knot-policy-configuration-id policy))) + (unless (and (string? id) (not (equal? id ""))) + (error-out "policy id must be a non empty string.")))) + +(define (verify-knot-acl-configuration acl) + (unless (knot-acl-configuration? acl) + (error-out "acls must be a list of only knot-acl-configuration.")) + (let ((id (knot-acl-configuration-id acl)) + (address (knot-acl-configuration-address acl)) + (key (knot-acl-configuration-key acl)) + (action (knot-acl-configuration-action acl))) + (unless (and (string? id) (not (equal? id ""))) + (error-out "acl id must be a non empty string.")) + (unless (and (list? address) + (fold (lambda (x1 x2) (and (string? x1) (string? x2))) "" address)) + (error-out "acl address must be a list of strings."))) + (unless (boolean? (knot-acl-configuration-deny? acl)) + (error-out "deny? must be #t or #f."))) + +(define (verify-knot-zone-configuration zone) + (unless (knot-zone-configuration? zone) + (error-out "zones must be a list of only knot-zone-configuration.")) + (let ((domain (knot-zone-configuration-domain zone))) + (unless (and (string? domain) (not (equal? domain ""))) + (error-out "zone domain must be a non empty string.")))) + +(define (verify-knot-remote-configuration remote) + (unless (knot-remote-configuration? remote) + (error-out "remotes must be a list of only knot-remote-configuration.")) + (let ((id (knot-remote-configuration-id remote))) + (unless (and (string? id) (not (equal? id ""))) + (error-out "remote id must be a non empty string.")))) + +(define (verify-knot-configuration config) + (unless (package? (knot-configuration-knot config)) + (error-out "knot configuration field must be a package.")) + (unless (string? (knot-configuration-run-directory config)) + (error-out "run-directory must be a string.")) + (unless (list? (knot-configuration-keys config)) + (error-out "keys must be a list of knot-key-configuration.")) + (for-each (lambda (key) (verify-knot-key-configuration key)) + (knot-configuration-keys config)) + (unless (list? (knot-configuration-keystores config)) + (error-out "keystores must be a list of knot-keystore-configuration.")) + (for-each (lambda (keystore) (verify-knot-keystore-configuration keystore)) + (knot-configuration-keystores config)) + (unless (list? (knot-configuration-acls config)) + (error-out "acls must be a list of knot-acl-configuration.")) + (for-each (lambda (acl) (verify-knot-acl-configuration acl)) + (knot-configuration-acls config)) + (unless (list? (knot-configuration-zones config)) + (error-out "zones must be a list of knot-zone-configuration.")) + (for-each (lambda (zone) (verify-knot-zone-configuration zone)) + (knot-configuration-zones config)) + (unless (list? (knot-configuration-policies config)) + (error-out "policies must be a list of knot-policy-configuration.")) + (for-each (lambda (policy) (verify-knot-policy-configuration policy)) + (knot-configuration-policies config)) + (unless (list? (knot-configuration-remotes config)) + (error-out "remotes must be a list of knot-remote-configuration.")) + (for-each (lambda (remote) (verify-knot-remote-configuration remote)) + (knot-configuration-remotes config)) + #t) + +(define (format-string-list l) + "Formats a list of string in YAML" + (if (eq? l '()) + "" + (let ((l (reverse l))) + (string-append + "[" + (fold (lambda (x1 x2) + (string-append (if (symbol? x1) (symbol->string x1) x1) ", " + (if (symbol? x2) (symbol->string x2) x2))) + (car l) (cdr l)) + "]")))) + +(define (knot-acl-config acls) + (with-output-to-string + (lambda () + (for-each + (lambda (acl-config) + (let ((id (knot-acl-configuration-id acl-config)) + (address (knot-acl-configuration-address acl-config)) + (key (knot-acl-configuration-key acl-config)) + (action (knot-acl-configuration-action acl-config)) + (deny? (knot-acl-configuration-deny? acl-config))) + (format #t " - id: ~a\n" id) + (unless (eq? address '()) + (format #t " address: ~a\n" (format-string-list address))) + (unless (eq? key '()) + (format #t " key: ~a\n" (format-string-list key))) + (unless (eq? action '()) + (format #t " action: ~a\n" (format-string-list action))) + (format #t " deny: ~a\n" (if deny? "on" "off")))) + acls)))) + +(define (knot-key-config keys) + (with-output-to-string + (lambda () + (for-each + (lambda (key-config) + (let ((id (knot-key-configuration-id key-config)) + (algorithm (knot-key-configuration-algorithm key-config)) + (secret (knot-key-configuration-secret key-config))) + (format #t " - id: ~a\n" id) + (if algorithm + (format #t " algorithm: ~a\n" (symbol->string algorithm))) + (format #t " secret: ~a\n" secret))) + keys)))) + +(define (knot-keystore-config keystores) + (with-output-to-string + (lambda () + (for-each + (lambda (keystore-config) + (let ((id (knot-keystore-configuration-id keystore-config)) + (backend (knot-keystore-configuration-backend keystore-config)) + (config (knot-keystore-configuration-config keystore-config))) + (format #t " - id: ~a\n" id) + (format #t " backend: ~a\n" (symbol->string backend)) + (format #t " config: \"~a\"\n" config))) + keystores)))) + +(define (knot-policy-config policies) + (with-output-to-string + (lambda () + (for-each + (lambda (policy-config) + (let ((id (knot-policy-configuration-id policy-config)) + (keystore (knot-policy-configuration-keystore policy-config)) + (manual? (knot-policy-configuration-manual? policy-config)) + (single-type-signing? (knot-policy-configuration-single-type-signing? + policy-config)) + (algorithm (knot-policy-configuration-algorithm policy-config)) + (ksk-size (knot-policy-configuration-ksk-size policy-config)) + (zsk-size (knot-policy-configuration-zsk-size policy-config)) + (dnskey-ttl (knot-policy-configuration-dnskey-ttl policy-config)) + (zsk-lifetime (knot-policy-configuration-zsk-lifetime policy-config)) + (propagation-delay (knot-policy-configuration-propagation-delay + policy-config)) + (rrsig-lifetime (knot-policy-configuration-rrsig-lifetime + policy-config)) + (nsec3? (knot-policy-configuration-nsec3? policy-config)) + (nsec3-iterations (knot-policy-configuration-nsec3-iterations + policy-config)) + (nsec3-salt-length (knot-policy-configuration-nsec3-salt-length + policy-config)) + (nsec3-salt-lifetime (knot-policy-configuration-nsec3-salt-lifetime + policy-config))) + (format #t " - id: ~a\n" id) + (format #t " keystore: ~a\n" keystore) + (format #t " manual: ~a\n" (if manual? "on" "off")) + (format #t " single-type-signing: ~a\n" (if single-type-signing? + "on" "off")) + (format #t " algorithm: ~a\n" algorithm) + (format #t " ksk-size: ~a\n" (number->string ksk-size)) + (format #t " zsk-size: ~a\n" (number->string zsk-size)) + (unless (eq? dnskey-ttl 'default) + (format #t " dnskey-ttl: ~a\n" dnskey-ttl)) + (format #t " zsk-lifetime: ~a\n" zsk-lifetime) + (format #t " propagation-delay: ~a\n" propagation-delay) + (format #t " rrsig-lifetime: ~a\n" rrsig-lifetime) + (format #t " nsec3: ~a\n" (if nsec3? "on" "off")) + (format #t " nsec3-iterations: ~a\n" + (number->string nsec3-iterations)) + (format #t " nsec3-salt-length: ~a\n" + (number->string nsec3-salt-length)) + (format #t " nsec3-salt-lifetime: ~a\n" nsec3-salt-lifetime))) + policies)))) + +(define (knot-remote-config remotes) + (with-output-to-string + (lambda () + (for-each + (lambda (remote-config) + (let ((id (knot-remote-configuration-id remote-config)) + (address (knot-remote-configuration-address remote-config)) + (via (knot-remote-configuration-via remote-config)) + (key (knot-remote-configuration-key remote-config))) + (format #t " - id: ~a\n" id) + (unless (eq? address '()) + (format #t " address: ~a\n" (format-string-list address))) + (unless (eq? via '()) + (format #t " via: ~a\n" (format-string-list via))) + (if key + (format #t " key: ~a\n" key)))) + remotes)))) + +(define (serialize-zone-entries entries) + (with-output-to-string + (lambda () + (for-each + (lambda (entry) + (let ((name (zone-entry-name entry)) + (ttl (zone-entry-ttl entry)) + (class (zone-entry-class entry)) + (type (zone-entry-type entry)) + (data (zone-entry-data entry))) + (format #t "~a ~a ~a ~a ~a\n" name ttl class type data))) + entries)))) + +(define (serialize-zone-file zone domain) + (computed-file (string-append domain ".zone") + #~(begin + (call-with-output-file #$output + (lambda (port) + (format port "$ORIGIN ~a.\n" + #$(zone-file-origin zone)) + (format port "@ IN SOA ~a ~a (~a ~a ~a ~a ~a)\n" + #$(zone-file-ns zone) + #$(zone-file-mail zone) + #$(zone-file-serial zone) + #$(zone-file-refresh zone) + #$(zone-file-retry zone) + #$(zone-file-expiry zone) + #$(zone-file-nx zone)) + (format port "~a\n" + #$(serialize-zone-entries (zone-file-entries zone)))))))) + +(define (knot-zone-config zone) + (let ((content (knot-zone-configuration-zone zone))) + #~(with-output-to-string + (lambda () + (let ((domain #$(knot-zone-configuration-domain zone)) + (file #$(knot-zone-configuration-file zone)) + (master (list #$@(knot-zone-configuration-master zone))) + (ddns-master #$(knot-zone-configuration-ddns-master zone)) + (notify (list #$@(knot-zone-configuration-notify zone))) + (acl (list #$@(knot-zone-configuration-acl zone))) + (semantic-checks? #$(knot-zone-configuration-semantic-checks? zone)) + (disable-any? #$(knot-zone-configuration-disable-any? zone)) + (dnssec-policy #$(knot-zone-configuration-dnssec-policy zone)) + (serial-policy '#$(knot-zone-configuration-serial-policy zone))) + (format #t " - domain: ~a\n" domain) + (if (eq? master '()) + ;; This server is a master + (if (equal? file "") + (format #t " file: ~a\n" + #$(serialize-zone-file content + (knot-zone-configuration-domain zone))) + (format #t " file: ~a\n" file)) + ;; This server is a slave (has masters) + (begin + (format #t " master: ~a\n" + #$(format-string-list + (knot-zone-configuration-master zone))) + (if ddns-master (format #t " ddns-master ~a\n" ddns-master)))) + (unless (eq? notify '()) + (format #t " notify: ~a\n" + #$(format-string-list + (knot-zone-configuration-notify zone)))) + (unless (eq? acl '()) + (format #t " acl: ~a\n" + #$(format-string-list + (knot-zone-configuration-acl zone)))) + (format #t " semantic-checks: ~a\n" (if semantic-checks? "on" "off")) + (format #t " disable-any: ~a\n" (if disable-any? "on" "off")) + (if dnssec-policy + (begin + (format #t " dnssec-signing: on\n") + (format #t " dnssec-policy: ~a\n" dnssec-policy))) + (format #t " serial-policy: ~a\n" + (symbol->string serial-policy))))))) + +(define (knot-config-file config) + (verify-knot-configuration config) + (computed-file "knot.conf" + #~(begin + (call-with-output-file #$output + (lambda (port) + (format port "server:\n") + (format port " rundir: ~a\n" #$(knot-configuration-run-directory config)) + (format port " user: knot\n") + (format port " listen: ~a@~a\n" + #$(knot-configuration-listen-v4 config) + #$(knot-configuration-listen-port config)) + (format port " listen: ~a@~a\n" + #$(knot-configuration-listen-v6 config) + #$(knot-configuration-listen-port config)) + (format port "\nkey:\n") + (format port #$(knot-key-config (knot-configuration-keys config))) + (format port "\nkeystore:\n") + (format port #$(knot-keystore-config (knot-configuration-keystores config))) + (format port "\nacl:\n") + (format port #$(knot-acl-config (knot-configuration-acls config))) + (format port "\nremote:\n") + (format port #$(knot-remote-config (knot-configuration-remotes config))) + (format port "\npolicy:\n") + (format port #$(knot-policy-config (knot-configuration-policies config))) + (unless #$(eq? (knot-configuration-zones config) '()) + (format port "\nzone:\n") + (format port "~a\n" + (string-concatenate + (list #$@(map knot-zone-config + (knot-configuration-zones config))))))))))) + +(define %knot-accounts + (list (user-group (name "knot") (system? #t)) + (user-account + (name "knot") + (group "knot") + (system? #t) + (comment "knot dns server user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))) + +(define (knot-activation config) + #~(begin + (use-modules (guix build utils)) + (define (mkdir-p/perms directory owner perms) + (mkdir-p directory) + (chown directory (passwd:uid owner) (passwd:gid owner)) + (chmod directory perms)) + (mkdir-p/perms #$(knot-configuration-run-directory config) + (getpwnam "knot") #o755) + (mkdir-p/perms "/var/lib/knot" (getpwnam "knot") #o755) + (mkdir-p/perms "/var/lib/knot/keys" (getpwnam "knot") #o755) + (mkdir-p/perms "/var/lib/knot/keys/keys" (getpwnam "knot") #o755))) + +(define (knot-shepherd-service config) + (let* ((config-file (knot-config-file config)) + (knot (knot-configuration-knot config))) + (list (shepherd-service + (documentation "Run the Knot DNS daemon.") + (provision '(knot dns)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + (list (string-append #$knot "/sbin/knotd") + "-c" #$config-file))) + (stop #~(make-kill-destructor)))))) + +(define knot-service-type + (service-type (name 'knot) + (extensions + (list (service-extension shepherd-root-service-type + knot-shepherd-service) + (service-extension activation-service-type + knot-activation) + (service-extension account-service-type + (const %knot-accounts)))))) -- cgit v1.2.3 From dc443f5149595257780d197fcfdf07585f2e9ed2 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Sat, 27 May 2017 15:20:12 +0530 Subject: gnu: emacs-exwm: Fix DISPLAY environment variable issue. * gnu/packages/emacs.scm (emacs-exwm): Set DISPLAY environment variable in shell wrapper. --- gnu/packages/emacs.scm | 3 +++ 1 file changed, 3 insertions(+) (limited to 'gnu') diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index a85177d814..13eba9646e 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -4587,9 +4587,12 @@ It should enable you to implement low-level X11 applications.") TryExec=~@*~a~@ Type=Application~%" ,name ,synopsis exwm-executable))) ;; Add a shell wrapper to bin + ;; Set DISPLAY variable to work around + ;; https://github.com/ch11ng/exwm/issues/213 (with-output-to-file exwm-executable (lambda _ (format #t "#!~a ~@ + export DISPLAY=:0 ~@ ~a +SI:localuser:$USER ~@ exec ~a --exit-with-session ~a \"$@\" --eval '~s' ~%" (string-append (assoc-ref inputs "bash") "/bin/sh") -- cgit v1.2.3 From 3dba9b378223d1addac90e5846a9f191f38806af Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Sat, 27 May 2017 12:33:08 +0200 Subject: gnu: build: Improve docstrings. * gnu/build/file-systems.scm (iso9660-superblock?, read-iso9660-superblock, iso9660-superblock-uuid): Improve docstrings. --- gnu/build/file-systems.scm | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'gnu') diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm index 47aa77dd3e..17c1182ce6 100644 --- a/gnu/build/file-systems.scm +++ b/gnu/build/file-systems.scm @@ -236,7 +236,7 @@ Trailing spaces are trimmed." ;; . (define (iso9660-superblock? sblock) - "Return #t when SBLOCK is a iso9660 superblock." + "Return #t when SBLOCK is an iso9660 volume descriptor." (bytevector=? (sub-bytevector sblock 1 6) ;; Note: "\x01" is the volume descriptor format version (string->utf8 "CD001\x01"))) @@ -252,13 +252,14 @@ Trailing spaces are trimmed." (_ (read-iso9660-primary-volume-descriptor device (+ offset 2048)))))) (define (read-iso9660-superblock device) - "Return the raw contents of DEVICE's iso9660 superblock as a bytevector, or -#f if DEVICE does not contain a iso9660 file system." + "Return the raw contents of DEVICE's iso9660 primary volume descriptor +as a bytevector, or #f if DEVICE does not contain an iso9660 file system." ;; Start reading at sector 16. (read-iso9660-primary-volume-descriptor device (* 2048 16))) (define (iso9660-superblock-uuid sblock) - "Return the modification time of a iso9660 superblock SBLOCK as a bytevector." + "Return the modification time of an iso9660 primary volume descriptor +SBLOCK as a bytevector." ;; Drops GMT offset for compatibility with Grub, blkid and /dev/disk/by-uuid. ;; Compare Grub: "2014-12-02-19-30-23-00". ;; Compare blkid result: "2014-12-02-19-30-23-00". -- cgit v1.2.3 From ad2ef260738982aa3493f1c54aa06aad8a827eea Mon Sep 17 00:00:00 2001 From: Adriano Peluso Date: Tue, 28 Mar 2017 12:25:06 +0200 Subject: gnu: Add python-sql. * gnu/packages/python.scm (python-sql, python2-sql): New variables. Signed-off-by: Arun Isaac --- gnu/packages/python.scm | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'gnu') diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index b958199bdb..174ebfcb03 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -14804,3 +14804,24 @@ information.") (define-public python2-packaging (package-with-python2 python-packaging)) + +(define-public python-sql + (package + (name "python-sql") + (version "0.9") + (source + (origin + (method url-fetch) + (uri (pypi-uri "python-sql" version)) + (sha256 + (base32 + "0p6kaqj02vz0habmdx37zjk6hjxdfm8aw737zs059vvpr70ird87")))) + (build-system python-build-system) + (home-page "https://python-sql.tryton.org/") + (synopsis "Library to write SQL queries in a pythonic way") + (description "@code{python-sql} is a library to write SQL queries, that +transforms idiomatic python function calls to well-formed SQL queries.") + (license license:bsd-3))) + +(define-public python2-sql + (package-with-python2 python-sql)) -- cgit v1.2.3 From b208f71b9b3540be9ae2b17b17b506a3526597b8 Mon Sep 17 00:00:00 2001 From: Adriano Peluso Date: Wed, 5 Apr 2017 15:29:56 +0200 Subject: gnu: Add python-genshi. * gnu/packages/python.scm (python-genshi, python2-genshi): New variables. * gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch: New file. * gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch: New file. * gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch: New file. * gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch: New file. * gnu/packages/patches/python-genshi-isstring-helper.patch: New file. * gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch: New file. * gnu/local.mk (dist_patch_DATA): Add them. Signed-off-by: Arun Isaac --- gnu/local.mk | 6 + ...hon-genshi-add-support-for-python-3.4-AST.patch | 151 +++++++++++++++++++++ .../python-genshi-buildable-on-python-2.7.patch | 25 ++++ ...hon-genshi-disable-speedups-on-python-3.3.patch | 32 +++++ .../python-genshi-fix-tests-on-python-3.5.patch | 112 +++++++++++++++ .../patches/python-genshi-isstring-helper.patch | 37 +++++ ...on-genshi-stripping-of-unsafe-script-tags.patch | 51 +++++++ gnu/packages/python.scm | 40 ++++++ 8 files changed, 454 insertions(+) create mode 100644 gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch create mode 100644 gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch create mode 100644 gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch create mode 100644 gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch create mode 100644 gnu/packages/patches/python-genshi-isstring-helper.patch create mode 100644 gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 0ef6e2af98..50e8713bf1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -929,6 +929,12 @@ dist_patch_DATA = \ %D%/packages/patches/python-dendropy-fix-tests.patch \ %D%/packages/patches/python-file-double-encoding-bug.patch \ %D%/packages/patches/python-fix-tests.patch \ + %D%/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch \ + %D%/packages/patches/python-genshi-buildable-on-python-2.7.patch \ + %D%/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch \ + %D%/packages/patches/python-genshi-fix-tests-on-python-3.5.patch \ + %D%/packages/patches/python-genshi-isstring-helper.patch \ + %D%/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch \ %D%/packages/patches/python-parse-too-many-fields.patch \ %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch \ %D%/packages/patches/python-statsmodels-fix-tests.patch \ diff --git a/gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch b/gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch new file mode 100644 index 0000000000..4e40c1daa1 --- /dev/null +++ b/gnu/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch @@ -0,0 +1,151 @@ +From 86b98a11559da7d1b21dc9b4c6b10511b9095bc4 Mon Sep 17 00:00:00 2001 +From: Simon Cross +Date: Sun, 16 Feb 2014 18:46:15 +0000 +Subject: [PATCH 05/16] Add support for Python 3.4 AST (support for + NameConstants and changes to existing to arguments node attributes). + +--- + genshi/template/astutil.py | 31 ++++++++++++++++++++++++++++--- + genshi/template/eval.py | 34 +++++++++++++++++++--------------- + 2 files changed, 47 insertions(+), 18 deletions(-) + +diff --git a/genshi/template/astutil.py b/genshi/template/astutil.py +index a4c21c8..a3946b4 100644 +--- a/genshi/template/astutil.py ++++ b/genshi/template/astutil.py +@@ -21,7 +21,7 @@ else: + def parse(source, mode): + return compile(source, '', mode, _ast.PyCF_ONLY_AST) + +-from genshi.compat import IS_PYTHON2 ++from genshi.compat import IS_PYTHON2, isstring + + __docformat__ = 'restructuredtext en' + +@@ -103,8 +103,13 @@ class ASTCodeGenerator(object): + self._new_line() + return self.visit(node.body) + ++ # Python < 3.4 + # arguments = (expr* args, identifier? vararg, + # identifier? kwarg, expr* defaults) ++ # ++ # Python >= 3.4 ++ # arguments = (arg* args, arg? vararg, arg* kwonlyargs, expr* kw_defaults, ++ # arg? kwarg, expr* defaults) + def visit_arguments(self, node): + first = True + no_default_count = len(node.args) - len(node.defaults) +@@ -122,13 +127,21 @@ class ASTCodeGenerator(object): + self._write(', ') + else: + first = False +- self._write('*' + node.vararg) ++ self._write('*') ++ if isstring(node.vararg): ++ self._write(node.vararg) ++ else: ++ self.visit(node.vararg) + if getattr(node, 'kwarg', None): + if not first: + self._write(', ') + else: + first = False +- self._write('**' + node.kwarg) ++ self._write('**') ++ if isstring(node.kwarg): ++ self._write(node.kwarg) ++ else: ++ self.visit(node.kwarg) + + if not IS_PYTHON2: + # In Python 3 arguments get a special node +@@ -724,6 +737,17 @@ class ASTCodeGenerator(object): + def visit_Name(self, node): + self._write(node.id) + ++ # NameConstant(singleton value) ++ def visit_NameConstant(self, node): ++ if node.value is None: ++ self._write('None') ++ elif node.value is True: ++ self._write('True') ++ elif node.value is False: ++ self._write('False') ++ else: ++ raise Exception("Unknown NameConstant %r" % (node.value,)) ++ + # List(expr* elts, expr_context ctx) + def visit_List(self, node): + self._write('[') +@@ -829,6 +853,7 @@ class ASTTransformer(object): + visit_Attribute = _clone + visit_Subscript = _clone + visit_Name = _clone ++ visit_NameConstant = _clone + visit_List = _clone + visit_Tuple = _clone + +diff --git a/genshi/template/eval.py b/genshi/template/eval.py +index 89aec49..de4bc86 100644 +--- a/genshi/template/eval.py ++++ b/genshi/template/eval.py +@@ -24,7 +24,8 @@ from genshi.template.astutil import ASTTransformer, ASTCodeGenerator, \ + from genshi.template.base import TemplateRuntimeError + from genshi.util import flatten + +-from genshi.compat import get_code_params, build_code_chunk, IS_PYTHON2 ++from genshi.compat import get_code_params, build_code_chunk, isstring, \ ++ IS_PYTHON2 + + __all__ = ['Code', 'Expression', 'Suite', 'LenientLookup', 'StrictLookup', + 'Undefined', 'UndefinedError'] +@@ -495,28 +496,31 @@ class TemplateASTTransformer(ASTTransformer): + def __init__(self): + self.locals = [CONSTANTS] + ++ def _process(self, names, node): ++ if not IS_PYTHON2 and isinstance(node, _ast.arg): ++ names.add(node.arg) ++ elif isstring(node): ++ names.add(node) ++ elif isinstance(node, _ast.Name): ++ names.add(node.id) ++ elif isinstance(node, _ast.alias): ++ names.add(node.asname or node.name) ++ elif isinstance(node, _ast.Tuple): ++ for elt in node.elts: ++ self._process(names, elt) ++ + def _extract_names(self, node): + names = set() +- def _process(node): +- if not IS_PYTHON2 and isinstance(node, _ast.arg): +- names.add(node.arg) +- if isinstance(node, _ast.Name): +- names.add(node.id) +- elif isinstance(node, _ast.alias): +- names.add(node.asname or node.name) +- elif isinstance(node, _ast.Tuple): +- for elt in node.elts: +- _process(elt) + if hasattr(node, 'args'): + for arg in node.args: +- _process(arg) ++ self._process(names, arg) + if hasattr(node, 'vararg'): +- names.add(node.vararg) ++ self._process(names, node.vararg) + if hasattr(node, 'kwarg'): +- names.add(node.kwarg) ++ self._process(names, node.kwarg) + elif hasattr(node, 'names'): + for elt in node.names: +- _process(elt) ++ self._process(names, elt) + return names + + def visit_Str(self, node): +-- +2.12.0 + diff --git a/gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch b/gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch new file mode 100644 index 0000000000..2bc516c697 --- /dev/null +++ b/gnu/packages/patches/python-genshi-buildable-on-python-2.7.patch @@ -0,0 +1,25 @@ +From 32bfaa7cc1c736fd62fcbb6414de9498dc20ed07 Mon Sep 17 00:00:00 2001 +From: Adriano Peluso +Date: Wed, 5 Apr 2017 15:13:06 +0200 +Subject: [PATCH 2/2] buildable on python27 too + +--- + genshi/template/directives.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/genshi/template/directives.py b/genshi/template/directives.py +index 6fd0f28..1f70ef6 100644 +--- a/genshi/template/directives.py ++++ b/genshi/template/directives.py +@@ -266,7 +266,7 @@ class DefDirective(Directive): + if isinstance(ast, _ast.Call): + self.name = ast.func.id + for arg in ast.args: +- if isinstance(arg, _ast.Starred): ++ if hasattr(_ast, 'Starred') and isinstance(arg, _ast.Starred): + # Python 3.5+ + self.star_args = arg.value.id + else: +-- +2.12.0 + diff --git a/gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch b/gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch new file mode 100644 index 0000000000..c25c3bd7a9 --- /dev/null +++ b/gnu/packages/patches/python-genshi-disable-speedups-on-python-3.3.patch @@ -0,0 +1,32 @@ +From cef2c8df44166195e1705638f9f17033a4943bb7 Mon Sep 17 00:00:00 2001 +From: Simon Cross +Date: Sun, 16 Feb 2014 18:32:21 +0000 +Subject: [PATCH 02/15] Disable the speedups C extension on CPython >= 3.3 + since Genshi doesn't support the new Unicode C API yet. + +--- + setup.py | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index 123a2cb..a3d748c 100755 +--- a/setup.py ++++ b/setup.py +@@ -65,9 +65,13 @@ available.""") + + + if Feature: ++ # Optional C extension module for speeding up Genshi: ++ # Not activated by default on: ++ # - PyPy (where it harms performance) ++ # - CPython >= 3.3 (the new Unicode C API is not supported yet) + speedups = Feature( + "optional C speed-enhancements", +- standard = not is_pypy, ++ standard = not is_pypy and sys.version_info < (3, 3), + ext_modules = [ + Extension('genshi._speedups', ['genshi/_speedups.c']), + ], +-- +2.12.0 + diff --git a/gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch b/gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch new file mode 100644 index 0000000000..05be080cdf --- /dev/null +++ b/gnu/packages/patches/python-genshi-fix-tests-on-python-3.5.patch @@ -0,0 +1,112 @@ +From ce796ad4bae5c47011876778674ad036357febdf Mon Sep 17 00:00:00 2001 +From: Adriano Peluso +Date: Wed, 5 Apr 2017 15:10:06 +0200 +Subject: [PATCH 1/2] fixing the tests on python35 + +--- + genshi/filters/i18n.py | 6 ++++-- + genshi/template/astutil.py | 14 +++++++++++--- + genshi/template/directives.py | 20 ++++++++++++++------ + genshi/template/eval.py | 5 +++++ + 4 files changed, 34 insertions(+), 11 deletions(-) + +diff --git a/genshi/filters/i18n.py b/genshi/filters/i18n.py +index 526fda4..5387fcf 100644 +--- a/genshi/filters/i18n.py ++++ b/genshi/filters/i18n.py +@@ -1194,8 +1194,10 @@ def extract_from_code(code, gettext_functions): + elif arg: + strings.append(None) + [_add(arg) for arg in node.args] +- _add(node.starargs) +- _add(node.kwargs) ++ if hasattr(node, 'starargs'): ++ _add(node.starargs) ++ if hasattr(node, 'kwargs'): ++ _add(node.kwargs) + if len(strings) == 1: + strings = strings[0] + else: +diff --git a/genshi/template/astutil.py b/genshi/template/astutil.py +index f4e1edd..e561846 100644 +--- a/genshi/template/astutil.py ++++ b/genshi/template/astutil.py +@@ -151,6 +151,10 @@ class ASTCodeGenerator(object): + def visit_arg(self, node): + self._write(node.arg) + ++ def visit_Starred(self, node): ++ self._write('*') ++ self.visit(node.value) ++ + # FunctionDef(identifier name, arguments args, + # stmt* body, expr* decorator_list) + def visit_FunctionDef(self, node): +@@ -664,9 +668,13 @@ class ASTCodeGenerator(object): + if not first: + self._write(', ') + first = False +- # keyword = (identifier arg, expr value) +- self._write(keyword.arg) +- self._write('=') ++ if not keyword.arg: ++ # Python 3.5+ star-star args ++ self._write('**') ++ else: ++ # keyword = (identifier arg, expr value) ++ self._write(keyword.arg) ++ self._write('=') + self.visit(keyword.value) + if getattr(node, 'starargs', None): + if not first: +diff --git a/genshi/template/directives.py b/genshi/template/directives.py +index 7301c2d..6fd0f28 100644 +--- a/genshi/template/directives.py ++++ b/genshi/template/directives.py +@@ -266,13 +266,21 @@ class DefDirective(Directive): + if isinstance(ast, _ast.Call): + self.name = ast.func.id + for arg in ast.args: +- # only names +- self.args.append(arg.id) ++ if isinstance(arg, _ast.Starred): ++ # Python 3.5+ ++ self.star_args = arg.value.id ++ else: ++ # only names ++ self.args.append(arg.id) + for kwd in ast.keywords: +- self.args.append(kwd.arg) +- exp = Expression(kwd.value, template.filepath, +- lineno, lookup=template.lookup) +- self.defaults[kwd.arg] = exp ++ if kwd.arg is None: ++ # Python 3.5+ ++ self.dstar_args = kwd.value.id ++ else: ++ self.args.append(kwd.arg) ++ exp = Expression(kwd.value, template.filepath, ++ lineno, lookup=template.lookup) ++ self.defaults[kwd.arg] = exp + if getattr(ast, 'starargs', None): + self.star_args = ast.starargs.id + if getattr(ast, 'kwargs', None): +diff --git a/genshi/template/eval.py b/genshi/template/eval.py +index d378419..81644a7 100644 +--- a/genshi/template/eval.py ++++ b/genshi/template/eval.py +@@ -600,6 +600,11 @@ class TemplateASTTransformer(ASTTransformer): + finally: + self.locals.pop() + ++ # Only used in Python 3.5+ ++ def visit_Starred(self, node): ++ node.value = self.visit(node.value) ++ return node ++ + def visit_Name(self, node): + # If the name refers to a local inside a lambda, list comprehension, or + # generator expression, leave it alone +-- +2.12.0 + diff --git a/gnu/packages/patches/python-genshi-isstring-helper.patch b/gnu/packages/patches/python-genshi-isstring-helper.patch new file mode 100644 index 0000000000..4f6c19bba9 --- /dev/null +++ b/gnu/packages/patches/python-genshi-isstring-helper.patch @@ -0,0 +1,37 @@ +From cc5e07284f44cdd9beec178c69070a53f55d1323 Mon Sep 17 00:00:00 2001 +From: Simon Cross +Date: Sun, 16 Feb 2014 18:43:20 +0000 +Subject: [PATCH 03/15] Add isstring helper. + +--- + genshi/compat.py | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/genshi/compat.py b/genshi/compat.py +index 9787325..6574e39 100644 +--- a/genshi/compat.py ++++ b/genshi/compat.py +@@ -35,6 +35,15 @@ else: + 'Python 2 compatibility function. Not usable in Python 3.') + + ++# We need to test if an object is an instance of a string type in places ++ ++if IS_PYTHON2: ++ def isstring(obj): ++ return isinstance(obj, basestring) ++else: ++ def isstring(obj): ++ return isinstance(obj, str) ++ + # We need to differentiate between StringIO and BytesIO in places + + if IS_PYTHON2: +@@ -112,4 +121,3 @@ except NameError: + if not x: + return False + return True +- +-- +2.12.0 + diff --git a/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch b/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch new file mode 100644 index 0000000000..29951a6149 --- /dev/null +++ b/gnu/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch @@ -0,0 +1,51 @@ +From 0769be04c3891ae5c724c6779ba13d1d0f53b4ae Mon Sep 17 00:00:00 2001 +From: Simon Cross +Date: Sun, 16 Feb 2014 18:25:17 +0000 +Subject: [PATCH 01/15] Also allow stripping of unsafe script tags (Python 3.4 + parses the second example as a tag whose name is script&xyz). + +--- + genshi/filters/tests/test_html.py | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/genshi/filters/tests/test_html.py b/genshi/filters/tests/test_html.py +index 0c6cfe1..45ec0da 100644 +--- a/genshi/filters/tests/test_html.py ++++ b/genshi/filters/tests/test_html.py +@@ -368,12 +368,16 @@ def StyleSanitizer(): + + class HTMLSanitizerTestCase(unittest.TestCase): + +- def assert_parse_error_or_equal(self, expected, exploit): ++ def assert_parse_error_or_equal(self, expected, exploit, ++ allow_strip=False): + try: + html = HTML(exploit) + except ParseError: + return +- self.assertEquals(expected, (html | HTMLSanitizer()).render()) ++ sanitized_html = (html | HTMLSanitizer()).render() ++ if not sanitized_html and allow_strip: ++ return ++ self.assertEquals(expected, sanitized_html) + + def test_sanitize_unchanged(self): + html = HTML(u'fo
o') +@@ -416,10 +420,12 @@ class HTMLSanitizerTestCase(unittest.TestCase): + html = HTML(u'') + self.assertEquals('', (html | HTMLSanitizer()).render()) + src = u'alert("foo")' +- self.assert_parse_error_or_equal('<SCR\x00IPT>alert("foo")', src) ++ self.assert_parse_error_or_equal('<SCR\x00IPT>alert("foo")', src, ++ allow_strip=True) + src = u'' + self.assert_parse_error_or_equal('<SCRIPT&XYZ; ' +- 'SRC="http://example.com/">', src) ++ 'SRC="http://example.com/">', src, ++ allow_strip=True) + + def test_sanitize_remove_onclick_attr(self): + html = HTML(u'
') +-- +2.12.0 + diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 174ebfcb03..23a96a25e5 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -14825,3 +14825,43 @@ transforms idiomatic python function calls to well-formed SQL queries.") (define-public python2-sql (package-with-python2 python-sql)) + +(define-public python-genshi + (package + (name "python-genshi") + (version "0.7") + (source + (origin + (method url-fetch) + (uri (string-append + "https://ftp.edgewall.org/pub/genshi/Genshi-" + version ".tar.gz")) + (patches + (search-patches + ;; The first 4 patches are in the master branch upstream. + ;; See this as a reference https://genshi.edgewall.org/ticket/582 + ;; The last 2 are NOT in any branch. + ;; They were sent as attachments to a ticket opened at + ;; https://genshi.edgewall.org/ticket/602#no1 + "python-genshi-stripping-of-unsafe-script-tags.patch" + "python-genshi-disable-speedups-on-python-3.3.patch" + "python-genshi-isstring-helper.patch" + "python-genshi-add-support-for-python-3.4-AST.patch" + "python-genshi-fix-tests-on-python-3.5.patch" + "python-genshi-buildable-on-python-2.7.patch")) + (sha256 + (base32 + "0lkkbp6fbwzv0zda5iqc21rr7rdldkwh3hfabfjl9i4bwq14858x")))) + (build-system python-build-system) + (home-page "https://genshi.edgewall.org/") + (synopsis "Toolkit for generation of output for the web") + (description "Genshi is a Python library that provides an integrated set +of components for parsing, generating, and processing HTML, XML or other +textual content for output generation on the web.") + (license license:bsd-3))) + +;; The linter here claims that patch file names should start with the package +;; name. But, in this case the patches are inherited from python-genshi with +;; the "python-genshi-" prefix instead of "python2-genshi-". +(define-public python2-genshi + (package-with-python2 python-genshi)) -- cgit v1.2.3 From ecca63b654da9ca283dc2d04fa03ce3dd61c811d Mon Sep 17 00:00:00 2001 From: Adriano Peluso Date: Sat, 20 May 2017 09:19:00 +0200 Subject: gnu: Add python-relatorio. * gnu/packages/python.scm (python-relatorio, python2-relatorio): New variables. Signed-off-by: Arun Isaac --- gnu/packages/python.scm | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'gnu') diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 23a96a25e5..ad042e34e1 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -14865,3 +14865,28 @@ textual content for output generation on the web.") ;; the "python-genshi-" prefix instead of "python2-genshi-". (define-public python2-genshi (package-with-python2 python-genshi)) + +(define-public python-relatorio + (package + (name "python-relatorio") + (version "0.6.4") + (source + (origin + (method url-fetch) + (uri (pypi-uri "relatorio" version)) + (sha256 + (base32 + "0lincq79mzgazwd9gh41dybjh9c3n87r83pl8nk3j79aihyfk84z")))) + (build-system python-build-system) + (propagated-inputs + `(("python-lxml" ,python-lxml) + ("python-genshi" ,python-genshi))) + (home-page "https://relatorio.tryton.org/") + (synopsis "Templating library able to output ODT and PDF files") + (description "Relatorio is a templating library which provides a way to +easily output ODT, ODS, PNG, SVG and several other kinds of files. Support +for more filetypes can be easily added by creating plugins for them.") + (license license:gpl3+))) + +(define-public python2-relatorio + (package-with-python2 python-relatorio)) -- cgit v1.2.3 From 48174fb9aacd2a9c52edf769094481bc9ba03003 Mon Sep 17 00:00:00 2001 From: Adriano Peluso Date: Sat, 20 May 2017 08:21:31 +0200 Subject: gnu: Add trytond. * gnu/packages/tryton.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * gnu/packages/tryton.scm (trytond): New variable. Signed-off-by: Arun Isaac --- gnu/local.mk | 1 + gnu/packages/tryton.scm | 67 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 gnu/packages/tryton.scm (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 50e8713bf1..d0117be853 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -321,6 +321,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/protobuf.scm \ %D%/packages/pv.scm \ %D%/packages/python.scm \ + %D%/packages/tryton.scm \ %D%/packages/qemu.scm \ %D%/packages/qt.scm \ %D%/packages/ragel.scm \ diff --git a/gnu/packages/tryton.scm b/gnu/packages/tryton.scm new file mode 100644 index 0000000000..590bd54382 --- /dev/null +++ b/gnu/packages/tryton.scm @@ -0,0 +1,67 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Adriano Peluso +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages tryton) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (gnu packages) + #:use-module (gnu packages python) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system python)) + +(define-public trytond + (package + (name "trytond") + (version "4.4.1") + (source + (origin + (method url-fetch) + (uri (string-append + "https://downloads.tryton.org/4.4/trytond-" + version ".tar.gz")) + (sha256 + (base32 + "15gm34qwj5fpnkqvrxzndl8653zbczhsa76dm1gi4cqj1r29bbpr")))) + (build-system python-build-system) + (inputs + `(("python-dateutil" ,python-dateutil) + ("python-genshi" ,python-genshi) + ("python-polib" ,python-polib) + ;; there's no python-mysql in Guix right now + ;; so python-psycopg2 (postgresql) only for now + ("python-psycopg2" ,python-psycopg2) + ("python-relatorio" ,python-relatorio) + ("python-lxml" ,python-lxml) + ("python-sql" ,python-sql) + ("python-werkzeug" ,python-werkzeug) + ("python-wrapt" ,python-wrapt))) + (native-inputs + `(("python-mock" ,python-mock))) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'check 'preparations + (lambda _ + (setenv "DB_NAME" ":memory:")))))) + (home-page "https://www.tryton.org/") + (synopsis "Server component of Tryton") + (description "Tryton is a three-tier high-level general purpose +application platform using PostgreSQL as its main database engine. It is the +core base of a complete business solution providing modularity, scalability +and security.") + (license license:gpl3+))) -- cgit v1.2.3 From 16855482fd0bcc2460028c701498d35d248a6269 Mon Sep 17 00:00:00 2001 From: Adriano Peluso Date: Sat, 20 May 2017 08:32:08 +0200 Subject: gnu: Add tryton. * gnu/packages/tryton.scm (tryton): New variable. Signed-off-by: Arun Isaac --- gnu/packages/tryton.scm | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'gnu') diff --git a/gnu/packages/tryton.scm b/gnu/packages/tryton.scm index 590bd54382..c9e9e50f84 100644 --- a/gnu/packages/tryton.scm +++ b/gnu/packages/tryton.scm @@ -19,6 +19,7 @@ (define-module (gnu packages tryton) #:use-module ((guix licenses) #:prefix license:) #:use-module (gnu packages) + #:use-module (gnu packages gtk) #:use-module (gnu packages python) #:use-module (guix packages) #:use-module (guix download) @@ -65,3 +66,28 @@ application platform using PostgreSQL as its main database engine. It is the core base of a complete business solution providing modularity, scalability and security.") (license license:gpl3+))) + +(define-public tryton + (package + (name "tryton") + (version "4.4.0") + (source + (origin + (method url-fetch) + (uri (string-append + "https://downloads.tryton.org/4.4/tryton-" + version ".tar.gz")) + (sha256 + (base32 + "1lklcz5fs6rkrd7z2m2f5gz4fdwzkgnhg2hyvzp20kdsvi33bq2j")))) + (build-system python-build-system) + (inputs + `(("python2-chardet" ,python2-chardet) + ("python2-dateutil" ,python2-dateutil) + ("python2-pygtk" ,python2-pygtk))) + (arguments + `(#:python ,python-2)) + (home-page "https://www.tryton.org/") + (synopsis "Client component of Tryton") + (description "This package is the client component of Tryton.") + (license license:gpl3+))) -- cgit v1.2.3 From 574e4e16d82bdc76b7c2ba726518047cdf1edf0b Mon Sep 17 00:00:00 2001 From: ng0 Date: Thu, 25 May 2017 16:04:14 +0000 Subject: gnu: Add florence. * gnu/packages/accessibility.scm: New file. * gnu/local.mk: (GNU_SYSTEM_MODULES): Add it. Signed-off-by: Leo Famulari --- gnu/local.mk | 1 + gnu/packages/accessibility.scm | 78 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 gnu/packages/accessibility.scm (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index d0117be853..a7da058d8c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -42,6 +42,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages.scm \ %D%/packages/abduco.scm \ %D%/packages/abiword.scm \ + %D%/packages/accessibility.scm \ %D%/packages/acct.scm \ %D%/packages/acl.scm \ %D%/packages/admin.scm \ diff --git a/gnu/packages/accessibility.scm b/gnu/packages/accessibility.scm new file mode 100644 index 0000000000..0795808768 --- /dev/null +++ b/gnu/packages/accessibility.scm @@ -0,0 +1,78 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 ng0 +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages accessibility) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system glib-or-gtk) + #:use-module (gnu packages) + #:use-module (gnu packages xml) + #:use-module (gnu packages gnome) + #:use-module (gnu packages gstreamer) + #:use-module (gnu packages gtk) + #:use-module (gnu packages xorg) + #:use-module (gnu packages gettext) + #:use-module (gnu packages glib) + #:use-module (gnu packages pkg-config)) + +(define-public florence + (package + (name "florence") + (version "0.6.3") + (source + (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/florence/florence/" version + "/" name "-" version ".tar.bz2")) + (sha256 + (base32 + "07h9qm22krlwayhzvc391lr23vicw81s48g7rirvx1fj0zyr4aa2")))) + (build-system glib-or-gtk-build-system) + (arguments + `(#:configure-flags (list "--with-xtst" + "--without-docs" + "--with-notification"))) + (inputs + `(("libxml2" ,libxml2) + ("libglade" ,libglade) + ("librsvg" ,librsvg) + ("gstreamer" ,gstreamer) + ("cairo" ,cairo) + ("gtk+" ,gtk+) + ("libxtst" ,libxtst) + ("libxcomposite" ,libxcomposite) + ("libnotify" ,libnotify))) + (native-inputs + `(("gettext-minimal" ,gettext-minimal) + ("intltool" ,intltool) + ("pkg-config" ,pkg-config))) + (home-page "http://florence.sourceforge.net/") + (synopsis "Extensible, scalable virtual keyboard for X11") + (description + "Florence is an extensible scalable virtual keyboard for X11. +It is useful for people who can't use a real hardware keyboard (for +example for people with disabilities), but you must be able to use +a pointing device (as a mouse, a trackball, a touchscreen or opengazer). + +Florence stays out of your way when you don't need it: it appears on the +screen only when you need it. A timer-based auto-click input method is +available to help to click.") + ;; The documentation is under FDL1.2, but we do not install the + ;; documentation. + (license license:gpl2+))) -- cgit v1.2.3 From 65e7d52a0c0643faf511e9ff7963e0053e41cf42 Mon Sep 17 00:00:00 2001 From: Muriithi Frederick Muriuki Date: Sat, 27 May 2017 13:40:28 -0400 Subject: gnu: Add python-radon * gnu/packages/python.scm (python-radon, python2-radon): New variables. --- gnu/packages/python.scm | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'gnu') diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index ad042e34e1..3e2141e7f4 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -14890,3 +14890,39 @@ for more filetypes can be easily added by creating plugins for them.") (define-public python2-relatorio (package-with-python2 python-relatorio)) + +(define-public python-radon + (package + (name "python-radon") + (version "1.5.0") + (source + (origin + (method url-fetch) + (uri (pypi-uri "radon" version)) + (sha256 + (base32 + "1h6jv36am0i827182a04ki6291lyx4kp957xfr5njgprj4nd0qsl")))) + (build-system python-build-system) + (propagated-inputs + `(("python-colorama" ,python-colorama) + ("python-flake8-polyfill" ,python-flake8-polyfill) + ("python-mando" ,python-mando-0.3.1))) + (native-inputs + `(("python-flake8" ,python-flake8) + ("python-tox" ,python-tox) + ("python-pytest" ,python-pytest) + ("python-paramunittest" ,python-paramunittest))) + (home-page "https://radon.readthedocs.org/") + (synopsis "Code Metrics in Python") + (description "Radon is a Python tool which computes various code metrics. +Supported metrics are: +@itemize @bullet +@item raw metrics: SLOC, comment lines, blank lines, &c. +@item Cyclomatic Complexity (i.e. McCabe’s Complexity) +@item Halstead metrics (all of them) +@item the Maintainability Index (a Visual Studio metric) +@end itemize") + (license license:expat))) + +(define-public python2-radon + (package-with-python2 python-radon)) -- cgit v1.2.3 From 21fea1d1a9316a0eaf7e8e600cc8e6554fc5fb9a Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Sat, 27 May 2017 17:54:20 +0200 Subject: gnu: synfigstudio: Update to 1.2.0. * gnu/packages/patches/synfig-build-fix.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove patch. * gnu/packages/animation.scm (etl): Update to 0.04.22. (synfig): Update to 1.2.0. [source]: Remove patch. [arguments]: Remove obsolete build phases. [propagated-inputs]: Add fftw. (synfigstudio): Update to 1.2.0. [source]: Remove unnecessary snippet. [arguments]: Remove. --- gnu/local.mk | 1 - gnu/packages/animation.scm | 43 ++++++-------------- gnu/packages/patches/synfig-build-fix.patch | 61 ----------------------------- 3 files changed, 11 insertions(+), 94 deletions(-) delete mode 100644 gnu/packages/patches/synfig-build-fix.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index a7da058d8c..80b0d495aa 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -992,7 +992,6 @@ dist_patch_DATA = \ %D%/packages/patches/superlu-dist-scotchmetis.patch \ %D%/packages/patches/swish-e-search.patch \ %D%/packages/patches/swish-e-format-security.patch \ - %D%/packages/patches/synfig-build-fix.patch \ %D%/packages/patches/t1lib-CVE-2010-2642.patch \ %D%/packages/patches/t1lib-CVE-2011-0764.patch \ %D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \ diff --git a/gnu/packages/animation.scm b/gnu/packages/animation.scm index 8de1fbfaa8..0f37ea55d5 100644 --- a/gnu/packages/animation.scm +++ b/gnu/packages/animation.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015 Ricardo Wurmus +;;; Copyright © 2015, 2017 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. ;;; @@ -23,6 +23,7 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix build-system gnu) #:use-module (gnu packages) + #:use-module (gnu packages algebra) #:use-module (gnu packages boost) #:use-module (gnu packages compression) #:use-module (gnu packages fontutils) @@ -38,15 +39,15 @@ (define-public etl (package (name "etl") - (version "0.04.19") + (version "0.04.22") (source (origin (method url-fetch) ;; Keep this synchronized with the synfig release version. (uri (string-append "mirror://sourceforge/synfig/releases/" - "1.0.2/source/ETL-" version ".tar.gz")) + "1.2.0/source/ETL-" version ".tar.gz")) (sha256 (base32 - "070c70slizrklq1gbgja8m49xfmq65wlcd6hz6418cpx0wd4r55s")))) + "0ii73nsd3xzkhz6w1rnxwphl637j9w82xiy6apa9vin2isdynnmc")))) (build-system gnu-build-system) (home-page "http://www.synfig.org") (synopsis "Extended C++ template library") @@ -59,7 +60,7 @@ C++ @dfn{Standard Template Library} (STL).") (define-public synfig (package (name "synfig") - (version "1.0.2") + (version "1.2.0") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/synfig/releases/" @@ -67,8 +68,7 @@ C++ @dfn{Standard Template Library} (STL).") ".tar.gz")) (sha256 (base32 - "1d3z2r78j3rkff47q3wl0ami69y3l4nyi5r9zclymb8ar7mgkk9l")) - (patches (search-patches "synfig-build-fix.patch")))) + "1gqx4gn4c73rqwhsgzx0a460gr9hadmi28csp75rx30qavqsj7k1")))) (build-system gnu-build-system) (arguments `(#:configure-flags @@ -90,16 +90,6 @@ C++ @dfn{Standard Template Library} (STL).") (("remove_child\\(") "remove_node(")) (substitute* "src/modules/mod_svg/svg_parser.cpp" (("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList")) - #t)) - (add-after 'unpack 'fix-isnan-error - (lambda _ - (substitute* "src/synfig/time.cpp" - (("return !::isnan") "return !std::isnan")) - #t)) - (add-before 'configure 'set-flags - (lambda _ - ;; Compile with C++11, required by libsigc++. - (setenv "CXXFLAGS" "-D__STDC_CONSTANT_MACROS -std=gnu++11") #t))))) (inputs `(("boost" ,boost) @@ -110,11 +100,12 @@ C++ @dfn{Standard Template Library} (STL).") ("libmng" ,libmng) ("zlib" ,zlib))) ;; synfig.pc lists the following as required: Magick++ freetype2 - ;; fontconfig OpenEXR ETL glibmm-2.4 giomm-2.4 libxml++-3.0 sigc++-2.0 + ;; fontconfig fftw OpenEXR ETL glibmm-2.4 giomm-2.4 libxml++-3.0 sigc++-2.0 ;; cairo pango pangocairo mlt++ (propagated-inputs `(("cairo" ,cairo) ("etl" ,etl) + ("fftw" ,fftw) ("fontconfig" ,fontconfig) ("freetype" ,freetype) ("glibmm" ,glibmm) @@ -137,7 +128,7 @@ for tweening, preventing the need to hand-draw each frame.") (define-public synfigstudio (package (name "synfigstudio") - (version "1.0.2") + (version "1.2.0") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/synfig/releases/" @@ -145,27 +136,15 @@ for tweening, preventing the need to hand-draw each frame.") ".tar.gz")) (sha256 (base32 - "1xa74dlgkpjn0gzdcs0x25z7wg0806v2wygvvi73f7sn1fm88ig4")) + "0fbckfbw8dzf0m2wv7vlmw492k1dqa3zf510z019d0as3zpnp6qm")) (modules '((guix build utils))) (snippet '(begin (substitute* "src/synfigapp/pluginmanager.cpp" (("xmlpp::Node\\* n =") "const xmlpp::Node* n =") (("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList")) - ;; Some files are ISO-8859-1 encoded. - (with-fluids ((%default-port-encoding #f)) - (substitute* (find-files "src/" "\\.(cpp|h)$") - (("#include ") - "#include ") - (("#include ") - "#include ") - (("#include ") - "#include "))) #t)))) (build-system gnu-build-system) - (arguments - `(#:configure-flags - (list "CXXFLAGS=-std=gnu++11"))) (inputs `(("gtkmm" ,gtkmm) ("libsigc++" ,libsigc++) diff --git a/gnu/packages/patches/synfig-build-fix.patch b/gnu/packages/patches/synfig-build-fix.patch deleted file mode 100644 index 3f6168e0fb..0000000000 --- a/gnu/packages/patches/synfig-build-fix.patch +++ /dev/null @@ -1,61 +0,0 @@ -Allow Synfig to build in C++11 mode. - -Taken from here: -https://projects.archlinux.org/svntogit/community.git/plain/trunk/build-fix.patch?h=packages/synfig - -diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.cpp synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.cpp ---- synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.cpp 2015-03-28 13:15:00.000000000 +0300 -+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.cpp 2015-04-28 16:56:11.568749053 +0300 -@@ -56,8 +56,8 @@ - /* === M E T H O D S ======================================================= */ - - --Importer_LibAVCodec::Importer_LibAVCodec(const char *file): -- filename(file) -+Importer_LibAVCodec::Importer_LibAVCodec(const synfig::FileSystem::Identifier &identifier): -+ Importer(identifier) - { - } - -diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.h synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.h ---- synfig-1.0-RC5/src/modules/mod_libavcodec/mptr.h 2015-03-28 13:15:00.000000000 +0300 -+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/mptr.h 2015-04-28 16:55:18.699192946 +0300 -@@ -46,7 +46,7 @@ - synfig::String filename; - - public: -- Importer_LibAVCodec(const char *filename); -+ Importer_LibAVCodec(const synfig::FileSystem::Identifier &identifier); - ~Importer_LibAVCodec(); - - virtual bool get_frame(synfig::Surface &surface, const synfig::RendDesc &renddesc, synfig::Time time, synfig::ProgressCallback *callback); -diff -wbBur synfig-1.0-RC5/src/modules/mod_libavcodec/trgt_av.cpp synfig-1.0-RC5.my/src/modules/mod_libavcodec/trgt_av.cpp ---- synfig-1.0-RC5/src/modules/mod_libavcodec/trgt_av.cpp 2015-03-28 13:15:00.000000000 +0300 -+++ synfig-1.0-RC5.my/src/modules/mod_libavcodec/trgt_av.cpp 2015-04-28 16:46:54.720091106 +0300 -@@ -121,14 +121,14 @@ - picture = avcodec_alloc_frame(); - if (!picture) - return NULL; -- size = avpicture_get_size(pix_fmt, width, height); -+ size = avpicture_get_size((::PixelFormat)pix_fmt, width, height); - picture_buf = (uint8_t *)malloc(size); - if (!picture_buf) { - av_free(picture); - return NULL; - } - avpicture_fill((AVPicture *)picture, picture_buf, -- pix_fmt, width, height); -+ (::PixelFormat)pix_fmt, width, height); - return picture; - } - -diff -wbBur synfig-1.0.2/src/synfig/time.cpp synfig-1.0.2.my/src/synfig/time.cpp ---- synfig-1.0.2/src/synfig/time.cpp 2015-07-09 10:33:03.000000000 +0300 -+++ synfig-1.0.2.my/src/synfig/time.cpp 2015-10-12 13:54:58.382313903 +0300 -@@ -319,5 +319,5 @@ - bool - Time::is_valid()const - { -- return !isnan(value_); -+ return !::isnan(value_); - } -- cgit v1.2.3 From ca40d4e7c5dd61d4451cebd0eb910bc705bcc06e Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sat, 27 May 2017 22:02:47 -0400 Subject: gnu: diamond: Update to 0.9.2. * gnu/packages/bioinformatics.scm (diamond): Update to 0.9.2. --- gnu/packages/bioinformatics.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu') diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index e4cc520868..c42e65c2c9 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -2093,7 +2093,7 @@ identify enrichments with functional annotations of the genome.") (define-public diamond (package (name "diamond") - (version "0.9.1") + (version "0.9.2") (source (origin (method url-fetch) (uri (string-append @@ -2102,7 +2102,7 @@ identify enrichments with functional annotations of the genome.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "062943yk3mp23jpcawamkh1zawx9br95l7w178v0kyr863v4p5a1")))) + "03dam11dmrg6f2zsmdbqwzwkmnq5krlckh1acgarw91gcz2nhbpj")))) (build-system cmake-build-system) (arguments '(#:tests? #f ; no "check" target -- cgit v1.2.3 From 3803b069f6425d2ef586e62cdffe339ef55178ec Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 28 May 2017 13:07:05 +0200 Subject: gnu: gajim: Fix CVE-2016-10376. * gnu/packages/patches/gajim-CVE-2016-10376.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/messaging.scm (gajim)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/messaging.scm | 2 + gnu/packages/patches/gajim-CVE-2016-10376.patch | 57 +++++++++++++++++++++++++ 3 files changed, 60 insertions(+) create mode 100644 gnu/packages/patches/gajim-CVE-2016-10376.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 80b0d495aa..eb12b62f83 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -598,6 +598,7 @@ dist_patch_DATA = \ %D%/packages/patches/freetype-CVE-2017-8105.patch \ %D%/packages/patches/freetype-CVE-2017-8287.patch \ %D%/packages/patches/fuse-overlapping-headers.patch \ + %D%/packages/patches/gajim-CVE-2016-10376.patch \ %D%/packages/patches/gawk-shell.patch \ %D%/packages/patches/gcc-arm-bug-71399.patch \ %D%/packages/patches/gcc-arm-link-spec-fix.patch \ diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm index c22d3d4dc8..425a7c4c23 100644 --- a/gnu/packages/messaging.scm +++ b/gnu/packages/messaging.scm @@ -490,6 +490,8 @@ was initially a fork of xmpppy, but uses non-blocking sockets.") (uri (string-append "https://gajim.org/downloads/" (version-major+minor version) "/gajim-" version ".tar.bz2")) + (patches + (search-patches "gajim-CVE-2016-10376.patch")) (sha256 (base32 "13sxz0hpvyj2yvcbsfqq9yn0hp1d1zsxsj40r0v16jlibha5da9n")))) diff --git a/gnu/packages/patches/gajim-CVE-2016-10376.patch b/gnu/packages/patches/gajim-CVE-2016-10376.patch new file mode 100644 index 0000000000..591dd1af21 --- /dev/null +++ b/gnu/packages/patches/gajim-CVE-2016-10376.patch @@ -0,0 +1,57 @@ +Fix CVE-2016-10376. + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10376 +http://seclists.org/oss-sec/2017/q2/341 +https://dev.gajim.org/gajim/gajim/issues/8378 + +Patch copied from upstream source repository: + +https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc + +(adapted for context in config.py) + +From cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc Mon Sep 17 00:00:00 2001 +From: Philipp Hörist +Date: Fri, 26 May 2017 23:10:05 +0200 +Subject: [PATCH] Add config option to activate XEP-0146 commands + +Some of the Commands have security implications, thats why we disable them per default +Fixes #8378 +--- + src/common/commands.py | 7 ++++--- + src/common/config.py | 1 + + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/common/commands.py b/src/common/commands.py +index 19d8c13..0eeb57c 100644 +--- a/src/common/commands.py ++++ b/src/common/commands.py +@@ -345,9 +345,10 @@ class ConnectionCommands: + def __init__(self): + # a list of all commands exposed: node -> command class + self.__commands = {} +- for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand, +- LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand): +- self.__commands[cmdobj.commandnode] = cmdobj ++ if gajim.config.get('remote_commands'): ++ for cmdobj in (ChangeStatusCommand, ForwardMessagesCommand, ++ LeaveGroupchatsCommand, FwdMsgThenDisconnectCommand): ++ self.__commands[cmdobj.commandnode] = cmdobj + + # a list of sessions; keys are tuples (jid, sessionid, node) + self.__sessions = {} +diff --git a/src/common/config.py b/src/common/config.py +index cde1f81..fe25455 100644 +--- a/src/common/config.py ++++ b/src/common/config.py +@@ -314,6 +314,7 @@ class Config: + 'ignore_incoming_attention': [opt_bool, False, _('If True, Gajim will ignore incoming attention requestd ("wizz").')], + 'remember_opened_chat_controls': [ opt_bool, True, _('If enabled, Gajim will reopen chat windows that were opened last time Gajim was closed.')], + 'positive_184_ack': [ opt_bool, False, _('If enabled, Gajim will show an icon to show that sent message has been received by your contact')], ++ 'remote_commands': [opt_bool, False, _('If True, Gajim will execute XEP-0146 Commands.')], + }, {}) + + __options_per_key = { +-- +libgit2 0.24.0 + -- cgit v1.2.3 From 802907e423121702d726636961065c7791a3b4d5 Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Sun, 28 May 2017 15:57:17 +0200 Subject: gnu: pari-gp: Update to 2.9.2. * gnu/packages/algebra.scm (pari-gp): Update to 2.9.2. --- gnu/packages/algebra.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu') diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm index db1344f34b..a3016fe7b3 100644 --- a/gnu/packages/algebra.scm +++ b/gnu/packages/algebra.scm @@ -132,7 +132,7 @@ solve the shortest vector problem.") (define-public pari-gp (package (name "pari-gp") - (version "2.9.1") + (version "2.9.2") (source (origin (method url-fetch) (uri (string-append @@ -140,7 +140,7 @@ solve the shortest vector problem.") version ".tar.gz")) (sha256 (base32 - "0rq7wz9df1xs4acdzzb5dapx8vs6m5py39n2wynw2qv4d2b0ylfw")))) + "0zi08qz9nk17wwdna4xb2vp3i3mh5sgv1y8wqbf0j2sfryxlr8ls")))) (build-system gnu-build-system) (native-inputs `(("texlive" ,texlive-minimal))) (inputs `(("gmp" ,gmp) -- cgit v1.2.3 From 2ac2b17251be51778963e6ced0b83e461d175d01 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Sun, 28 May 2017 15:56:31 +0200 Subject: gnu: synfigstudio: Fix UI bug. * gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch: New file. * gnu/local.mk (dist_patch_DATA): Add patch. * gnu/packages/animation.scm (synfigstudio)[source]: Apply patch. --- gnu/local.mk | 1 + gnu/packages/animation.scm | 4 +- .../patches/synfigstudio-fix-ui-with-gtk3.patch | 55 ++++++++++++++++++++++ 3 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index eb12b62f83..9ef9f95533 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -993,6 +993,7 @@ dist_patch_DATA = \ %D%/packages/patches/superlu-dist-scotchmetis.patch \ %D%/packages/patches/swish-e-search.patch \ %D%/packages/patches/swish-e-format-security.patch \ + %D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch.patch \ %D%/packages/patches/t1lib-CVE-2010-2642.patch \ %D%/packages/patches/t1lib-CVE-2011-0764.patch \ %D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \ diff --git a/gnu/packages/animation.scm b/gnu/packages/animation.scm index 0f37ea55d5..cbbfa6ed4a 100644 --- a/gnu/packages/animation.scm +++ b/gnu/packages/animation.scm @@ -143,7 +143,9 @@ for tweening, preventing the need to hand-draw each frame.") (substitute* "src/synfigapp/pluginmanager.cpp" (("xmlpp::Node\\* n =") "const xmlpp::Node* n =") (("xmlpp::Node::NodeList") "xmlpp::Node::const_NodeList")) - #t)))) + #t)) + (patches + (search-patches "synfigstudio-fix-ui-with-gtk3.patch")))) (build-system gnu-build-system) (inputs `(("gtkmm" ,gtkmm) diff --git a/gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch b/gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch new file mode 100644 index 0000000000..d7b3e92507 --- /dev/null +++ b/gnu/packages/patches/synfigstudio-fix-ui-with-gtk3.patch @@ -0,0 +1,55 @@ +Downloaded from +https://github.com/synfig/synfig/commit/b9c3b73ee35b83c4d9183c800809040cef98b2f2.patch + +Without this patch the UI of Synfig Studio (when built with the latest version +of GTK) displays very large buttons in the header of every frame. + +This patch can be removed with the next release. + + +From b9c3b73ee35b83c4d9183c800809040cef98b2f2 Mon Sep 17 00:00:00 2001 +From: caryoscelus +Date: Wed, 25 Jan 2017 18:34:39 +0300 +Subject: [PATCH] Fix dock drop area size + +Fixes #227 + +By using Frame instead of Button we avoid intrusive Gtk themes +from forcing huge drop area size. +--- + synfig-studio/src/gui/docks/dockdroparea.cpp | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/gui/docks/dockdroparea.cpp b/synfig-studio/src/gui/docks/dockdroparea.cpp +index 0f8936fdb..e012282f0 100644 +--- a/src/gui/docks/dockdroparea.cpp ++++ b/src/gui/docks/dockdroparea.cpp +@@ -35,7 +35,7 @@ + #include "app.h" + #include "docks/dockdroparea.h" + #include "docks/dockmanager.h" +-#include ++#include + + #endif + +@@ -61,10 +61,15 @@ DockDropArea::DockDropArea(Gtk::Widget *target): + std::vector listTargets; + listTargets.push_back( Gtk::TargetEntry("SYNFIG_DOCK") ); + +- Gtk::Button *button_left = manage(new Gtk::Button()); +- Gtk::Button *button_right = manage(new Gtk::Button()); +- Gtk::Button *button_top = manage(new Gtk::Button()); +- Gtk::Button *button_bottom = manage(new Gtk::Button()); ++ Gtk::Frame *button_left = manage(new Gtk::Frame()); ++ Gtk::Frame *button_right = manage(new Gtk::Frame()); ++ Gtk::Frame *button_top = manage(new Gtk::Frame()); ++ Gtk::Frame *button_bottom = manage(new Gtk::Frame()); ++ ++ button_left->set_size_request(20, 10); ++ button_right->set_size_request(20, 10); ++ button_top->set_size_request(20, 10); ++ button_bottom->set_size_request(20, 10); + + button_left->drag_dest_set(listTargets); + button_right->drag_dest_set(listTargets); -- cgit v1.2.3 From b2f89c19fc709bc104da6b74e94248ea31decfd6 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Mon, 15 May 2017 20:16:04 +0530 Subject: gnu: font-inconsolata: Use 'font-build-system'. * gnu/packages/fonts.scm (font-inconsolata): Switch to 'font-build-system'. --- gnu/packages/fonts.scm | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) (limited to 'gnu') diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm index 03a1f6f796..8e938819e8 100644 --- a/gnu/packages/fonts.scm +++ b/gnu/packages/fonts.scm @@ -42,6 +42,7 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix git-download) + #:use-module (guix build-system font) #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) #:use-module (gnu packages base) @@ -64,18 +65,7 @@ (sha256 (base32 "06js6znbcf7swn8y3b8ki416bz96ay7d3yvddqnvi88lqhbfcq8m")))) - (build-system trivial-build-system) - (arguments - `(#:modules ((guix build utils)) - #:builder (begin - (use-modules (guix build utils)) - (let ((font-dir (string-append %output - "/share/fonts/opentype")) - (source (assoc-ref %build-inputs "source"))) - (mkdir-p font-dir) - (copy-file source - (string-append font-dir "/" "inconsolata.otf")))))) - (native-inputs `(("source" ,source))) + (build-system font-build-system) (home-page "http://levien.com/type/myfonts/inconsolata.html") (synopsis "Monospace font") (description "A monospace font, designed for code listings and the like, -- cgit v1.2.3 From 5978658841c51b1573f81754b94da3f4a43b386c Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Mon, 15 May 2017 20:18:08 +0530 Subject: gnu: font-ubuntu: Use 'font-build-system'. * gnu/packages/fonts.scm (font-ubuntu): Switch to 'font-build-system'. --- gnu/packages/fonts.scm | 29 +---------------------------- 1 file changed, 1 insertion(+), 28 deletions(-) (limited to 'gnu') diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm index 8e938819e8..cf9855496c 100644 --- a/gnu/packages/fonts.scm +++ b/gnu/packages/fonts.scm @@ -84,34 +84,7 @@ in print. With attention to detail for high resolution rendering.") (sha256 (base32 "0hjvq2x758dx0sfwqhzflns0ns035qm7h6ygskbx1svzg517sva5")))) - (build-system trivial-build-system) - (arguments - `(#:modules ((guix build utils)) - #:builder (begin - (use-modules (guix build utils) - (srfi srfi-26)) - - (let ((PATH (string-append (assoc-ref %build-inputs - "unzip") - "/bin")) - (font-dir (string-append %output - "/share/fonts/truetype")) - (doc-dir (string-append %output "/share/doc/" - ,name "-" ,version))) - (setenv "PATH" PATH) - (system* "unzip" (assoc-ref %build-inputs "source")) - - (mkdir-p font-dir) - (mkdir-p doc-dir) - (chdir (string-append "ubuntu-font-family-" ,version)) - (for-each (lambda (ttf) - (install-file ttf font-dir)) - (find-files "." "\\.ttf$")) - (for-each (lambda (doc) - (install-file doc doc-dir)) - (find-files "." "\\.txt$")))))) - (native-inputs `(("source" ,source) - ("unzip" ,unzip))) + (build-system font-build-system) (home-page "http://font.ubuntu.com/") (synopsis "The Ubuntu Font Family") (description "The Ubuntu Font Family is a unique, custom designed font -- cgit v1.2.3 From 2e8840194121be6042502f363f143a4faeceb00e Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Mon, 15 May 2017 20:19:33 +0530 Subject: gnu: font-dejavu: Use 'font-build-system'. * gnu/packages/fonts.scm (font-dejavu): Switch to 'font-build-system'. --- gnu/packages/fonts.scm | 43 ++++++++----------------------------------- 1 file changed, 8 insertions(+), 35 deletions(-) (limited to 'gnu') diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm index cf9855496c..fcc31deebb 100644 --- a/gnu/packages/fonts.scm +++ b/gnu/packages/fonts.scm @@ -108,42 +108,15 @@ TrueType (TTF) files.") (base32 "1mqpds24wfs5cmfhj57fsfs07mji2z8812i5c4pi5pbi738s977s")))) (build-system trivial-build-system) + (build-system font-build-system) (arguments - `(#:modules ((guix build utils)) - #:builder (begin - (use-modules (guix build utils)) - - (let ((tar (string-append (assoc-ref %build-inputs - "tar") - "/bin/tar")) - (PATH (string-append (assoc-ref %build-inputs - "bzip2") - "/bin")) - (font-dir (string-append - %output "/share/fonts/truetype")) - (conf-dir (string-append - %output "/share/fontconfig/conf.avail")) - (doc-dir (string-append - %output "/share/doc/" ,name "-" ,version))) - (setenv "PATH" PATH) - (system* tar "xvf" (assoc-ref %build-inputs "source")) - - (mkdir-p font-dir) - (mkdir-p conf-dir) - (mkdir-p doc-dir) - (chdir (string-append "dejavu-fonts-ttf-" ,version)) - (for-each (lambda (ttf) - (install-file ttf font-dir)) - (find-files "ttf" "\\.ttf$")) - (for-each (lambda (conf) - (install-file conf conf-dir)) - (find-files "fontconfig" "\\.conf$")) - (for-each (lambda (doc) - (install-file doc doc-dir)) - (find-files "." "\\.txt$|^[A-Z][A-Z]*$")))))) - (native-inputs `(("source" ,source) - ("tar" ,tar) - ("bzip2" ,bzip2))) + `(#:phases + (modify-phases %standard-phases + (add-after 'install 'install-conf + (lambda* (#:key outputs #:allow-other-keys) + (let ((conf-dir (string-append (assoc-ref outputs "out") + "/share/fontconfig/conf.avail"))) + (copy-recursively "fontconfig" conf-dir))))))) (home-page "http://dejavu-fonts.org/") (synopsis "Vera font family derivate with additional characters") (description "DejaVu provides an expanded version of the Vera font family -- cgit v1.2.3 From e46e0de1b5b8d3cadcbdb833735670d5698c5873 Mon Sep 17 00:00:00 2001 From: Arun Isaac Date: Mon, 15 May 2017 20:20:26 +0530 Subject: gnu: font-bitstream-vera: Use 'font-build-system'. * gnu/packages/fonts.scm (font-bitstream-vera): Switch to 'font-build-system'. --- gnu/packages/fonts.scm | 33 +-------------------------------- 1 file changed, 1 insertion(+), 32 deletions(-) (limited to 'gnu') diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm index fcc31deebb..954c588189 100644 --- a/gnu/packages/fonts.scm +++ b/gnu/packages/fonts.scm @@ -140,38 +140,7 @@ provide serif, sans and monospaced variants.") (sha256 (base32 "1p3qs51x5327gnk71yq8cvmxc6wgx79sqxfvxcv80cdvgggjfnyv")))) - (build-system trivial-build-system) - (arguments - `(#:modules ((guix build utils)) - #:builder (begin - (use-modules (guix build utils) - (srfi srfi-26)) - - (let ((tar (string-append (assoc-ref %build-inputs - "tar") - "/bin/tar")) - (PATH (string-append (assoc-ref %build-inputs - "bzip2") - "/bin")) - (font-dir (string-append %output - "/share/fonts/truetype")) - (doc-dir (string-append %output "/share/doc/" - ,name "-" ,version))) - (setenv "PATH" PATH) - (system* tar "xvf" (assoc-ref %build-inputs "source")) - - (mkdir-p font-dir) - (mkdir-p doc-dir) - (chdir (string-append "ttf-bitstream-vera-" ,version)) - (for-each (lambda (ttf) - (install-file ttf font-dir)) - (find-files "." "\\.ttf$")) - (for-each (lambda (doc) - (install-file doc doc-dir)) - (find-files "." "\\.TXT$")))))) - (native-inputs `(("source" ,source) - ("tar" ,tar) - ("bzip2" ,bzip2))) + (build-system font-build-system) (home-page "http://www.gnome.org/fonts/") (synopsis "Bitstream Vera sans-serif typeface") (description "Vera is a sans-serif typeface from Bitstream, Inc. This -- cgit v1.2.3 From 3cae15023f4b97554dcc6e914a5ddbc3a3c564d6 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 28 May 2017 18:29:34 +0200 Subject: gnu: offlineimap: Update to 7.1.1. * gnu/packages/mail.scm (offlineimap): Update to 7.1.1. --- gnu/packages/mail.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu') diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index b4dfef6ec0..a35221cff9 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -421,7 +421,7 @@ and corrections. It is based on a Bayesian filter.") (define-public offlineimap (package (name "offlineimap") - (version "7.1.0") + (version "7.1.1") (source (origin (method url-fetch) (uri (string-append "https://github.com/OfflineIMAP/offlineimap/" @@ -429,7 +429,7 @@ and corrections. It is based on a Bayesian filter.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1r0sbgwyirpbks82ri9g88raf3mp8shq9rg0r92gkr7h6888v6fw")))) + "00xpxh0pxcvv3mjgb3vq3x51v498dhqcaixyb3a4srmfgskzh956")))) (build-system python-build-system) (native-inputs `(("asciidoc" ,asciidoc))) -- cgit v1.2.3 From 22e6656d259838ae9014c1ed876caa9d819be6df Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 27 May 2017 11:31:52 -0400 Subject: gnu: libtiff: Update replacement to 4.0.8 [security fixes]. See 'ChangeLog' in the source distribution for more information about the bugs and security issues fixed in this release. * gnu/packages/image.scm (libtiff)[replacement]: Replace with libtiff-4.0.8. (libtiff/fixed): Replace with ... (libtiff-4.0.8): New variable. * gnu/packages/patches/libtiff-CVE-2017-7593.patch, gnu/packages/patches/libtiff-CVE-2017-7594.patch, gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 3 - gnu/packages/image.scm | 18 +- gnu/packages/patches/libtiff-CVE-2017-7593.patch | 113 ------ gnu/packages/patches/libtiff-CVE-2017-7594.patch | 54 --- .../patches/libtiff-multiple-UBSAN-crashes.patch | 449 --------------------- 5 files changed, 9 insertions(+), 628 deletions(-) delete mode 100644 gnu/packages/patches/libtiff-CVE-2017-7593.patch delete mode 100644 gnu/packages/patches/libtiff-CVE-2017-7594.patch delete mode 100644 gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 9ef9f95533..2e60585432 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -751,9 +751,6 @@ dist_patch_DATA = \ %D%/packages/patches/libtiff-CVE-2016-10093.patch \ %D%/packages/patches/libtiff-CVE-2016-10094.patch \ %D%/packages/patches/libtiff-CVE-2017-5225.patch \ - %D%/packages/patches/libtiff-CVE-2017-7593.patch \ - %D%/packages/patches/libtiff-CVE-2017-7594.patch \ - %D%/packages/patches/libtiff-multiple-UBSAN-crashes.patch \ %D%/packages/patches/libtiff-assertion-failure.patch \ %D%/packages/patches/libtiff-divide-by-zero-ojpeg.patch \ %D%/packages/patches/libtiff-divide-by-zero-tiffcp.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 86902d5680..fe9e457f34 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -335,7 +335,7 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") - (replacement libtiff/fixed) + (replacement libtiff-4.0.8) (version "4.0.7") (source (origin (method url-fetch) @@ -384,18 +384,18 @@ collection of tools for doing simple manipulations of TIFF images.") "See COPYRIGHT in the distribution.")) (home-page "http://www.simplesystems.org/libtiff/"))) -(define libtiff/fixed +(define libtiff-4.0.8 (package (inherit libtiff) + (version "4.0.8") (source (origin - (inherit (package-source libtiff)) - (patches - (append - (origin-patches (package-source libtiff)) - (search-patches "libtiff-CVE-2017-7593.patch" - "libtiff-CVE-2017-7594.patch" - "libtiff-multiple-UBSAN-crashes.patch"))))))) + (method url-fetch) + (uri (string-append "http://download.osgeo.org/libtiff/tiff-" + version ".tar.gz")) + (sha256 + (base32 + "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr")))))) (define-public libwmf (package diff --git a/gnu/packages/patches/libtiff-CVE-2017-7593.patch b/gnu/packages/patches/libtiff-CVE-2017-7593.patch deleted file mode 100644 index 496efb73b9..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2017-7593.patch +++ /dev/null @@ -1,113 +0,0 @@ -Fixes CVE-2017-7593 (Potential uninitialized-memory access from tif_rawdata): - -http://bugzilla.maptools.org/show_bug.cgi?id=2651 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7593 -https://security-tracker.debian.org/tracker/CVE-2017-7593 - -2017-01-11 Even Rouault - - * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add - _TIFFcalloc() - - * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero - initialize tif_rawdata. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1208; previous revision: 1.1207 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c -new revision: 1.53; previous revision: 1.52 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_unix.c,v <-- libtiff/tif_unix.c -new revision: 1.28; previous revision: 1.27 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_vms.c,v <-- libtiff/tif_vms.c -new revision: 1.14; previous revision: 1.13 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_win32.c,v <-- libtiff/tif_win32.c -new revision: 1.42; previous revision: 1.41 -/cvs/maptools/cvsroot/libtiff/libtiff/tiffio.h,v <-- libtiff/tiffio.h -new revision: 1.94; previous revision: 1.93 - -diff -ru tiff-4.0.7/libtiff/tiffio.h tiff-4.0.7.new/libtiff/tiffio.h ---- tiff-4.0.7/libtiff/tiffio.h 1969-12-31 19:00:00.000000000 -0500 -+++ tiff-4.0.7.new/libtiff/tiffio.h 2017-05-05 19:08:03.772999790 -0400 -@@ -1,4 +1,4 @@ --/* $Id: tiffio.h,v 1.92 2016-01-23 21:20:34 erouault Exp $ */ -+/* $Id: tiffio.h,v 1.94 2017-01-11 19:02:49 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -293,6 +293,7 @@ - */ - - extern void* _TIFFmalloc(tmsize_t s); -+extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz); - extern void* _TIFFrealloc(void* p, tmsize_t s); - extern void _TIFFmemset(void* p, int v, tmsize_t c); - extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c); -diff -ru tiff-4.0.7/libtiff/tif_read.c tiff-4.0.7.new/libtiff/tif_read.c ---- tiff-4.0.7/libtiff/tif_read.c 2017-05-05 19:04:09.740966642 -0400 -+++ tiff-4.0.7.new/libtiff/tif_read.c 2017-05-05 18:59:11.070709441 -0400 -@@ -1,4 +1,4 @@ --/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */ -+/* $Id: tif_read.c,v 1.53 2017-01-11 19:02:49 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -976,7 +976,9 @@ - "Invalid buffer size"); - return (0); - } -- tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize); -+ /* Initialize to zero to avoid uninitialized buffers in case of */ -+ /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */ -+ tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize); - tif->tif_flags |= TIFF_MYBUFFER; - } - if (tif->tif_rawdata == NULL) { -diff -ru tiff-4.0.7/libtiff/tif_unix.c tiff-4.0.7.new/libtiff/tif_unix.c ---- tiff-4.0.7/libtiff/tif_unix.c 1969-12-31 19:00:00.000000000 -0500 -+++ tiff-4.0.7.new/libtiff/tif_unix.c 2017-05-05 19:10:48.302645187 -0400 -@@ -1,4 +1,4 @@ --/* $Id: tif_unix.c,v 1.27 2015-08-19 02:31:04 bfriesen Exp $ */ -+/* $Id: tif_unix.c,v 1.28 2017-01-11 19:02:49 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -316,6 +316,14 @@ - return (malloc((size_t) s)); - } - -+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz) -+{ -+ if( nmemb == 0 || siz == 0 ) -+ return ((void *) NULL); -+ -+ return calloc((size_t) nmemb, (size_t)siz); -+} -+ - void - _TIFFfree(void* p) - { -diff -ru tiff-4.0.7/libtiff/tif_win32.c tiff-4.0.7.new/libtiff/tif_win32.c ---- tiff-4.0.7/libtiff/tif_win32.c 1969-12-31 19:00:00.000000000 -0500 -+++ tiff-4.0.7.new/libtiff/tif_win32.c 2017-05-05 19:13:06.903399627 -0400 -@@ -1,4 +1,4 @@ --/* $Id: tif_win32.c,v 1.41 2015-08-23 20:12:44 bfriesen Exp $ */ -+/* $Id: tif_win32.c,v 1.42 2017-01-11 19:02:49 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -360,6 +360,14 @@ - return (malloc((size_t) s)); - } - -+void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz) -+{ -+ if( nmemb == 0 || siz == 0 ) -+ return ((void *) NULL); -+ -+ return calloc((size_t) nmemb, (size_t)siz); -+} -+ - void - _TIFFfree(void* p) - { diff --git a/gnu/packages/patches/libtiff-CVE-2017-7594.patch b/gnu/packages/patches/libtiff-CVE-2017-7594.patch deleted file mode 100644 index d17997d447..0000000000 --- a/gnu/packages/patches/libtiff-CVE-2017-7594.patch +++ /dev/null @@ -1,54 +0,0 @@ -Fixes CVE-2017-7594 (Direct leak in tif_ojpeg.c): - -http://bugzilla.maptools.org/show_bug.cgi?id=2659 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7594 -https://security-tracker.debian.org/tracker/CVE-2017-7594 - -2017-01-12 Even Rouault - - * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable - when read fails. - Patch by Nicolás Peña. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1212; previous revision: 1.1211 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v <-- libtiff/tif_ojpeg.c -new revision: 1.67; previous revision: 1.66 - -Index: libtiff/libtiff/tif_ojpeg.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v -retrieving revision 1.67 -retrieving revision 1.68 -diff -u -r1.67 -r1.68 ---- libtiff/libtiff/tif_ojpeg.c 12 Jan 2017 17:43:26 -0000 1.67 -+++ libtiff/libtiff/tif_ojpeg.c 12 Jan 2017 19:23:20 -0000 1.68 -@@ -1,4 +1,4 @@ --/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */ -+/* $Id: tif_ojpeg.c,v 1.68 2017-01-12 19:23:20 erouault Exp $ */ - - /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0 - specification is now totally obsolete and deprecated for new applications and -@@ -1790,7 +1790,10 @@ - TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); - p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64); - if (p!=64) -+ { -+ _TIFFfree(ob); - return(0); -+ } - sp->qtable[m]=ob; - sp->sof_tq[m]=m; - } -@@ -1854,7 +1857,10 @@ - rb[sizeof(uint32)+5+n]=o[n]; - p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q); - if (p!=q) -+ { -+ _TIFFfree(rb); - return(0); -+ } - sp->dctable[m]=rb; - sp->sos_tda[m]=(m<<4); - } diff --git a/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch b/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch deleted file mode 100644 index 2f4509f386..0000000000 --- a/gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch +++ /dev/null @@ -1,449 +0,0 @@ -Fixes CVE-2017-{7595,7596,7597,7598,7599,7600,7601,7602}: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7595 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7596 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7597 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7598 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7599 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7600 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7601 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7602 - -2017-01-11 Even Rouault - - * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various - clampings - of double to other data types to avoid undefined behaviour if the - output range - isn't big enough to hold the input value. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643 - http://bugzilla.maptools.org/show_bug.cgi?id=2642 - http://bugzilla.maptools.org/show_bug.cgi?id=2646 - http://bugzilla.maptools.org/show_bug.cgi?id=2647 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1204; previous revision: 1.1203 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v <-- libtiff/tif_dir.c -new revision: 1.129; previous revision: 1.128 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c -new revision: 1.207; previous revision: 1.206 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v <-- libtiff/tif_dirwrite.c -new revision: 1.85; previous revision: 1.84 - -2017-01-11 Even Rouault - - * libtiff/tif_dirread.c: avoid division by floating point 0 in - TIFFReadDirEntryCheckedRational() and - TIFFReadDirEntryCheckedSrational(), - and return 0 in that case (instead of infinity as before presumably) - Apparently some sanitizers do not like those divisions by zero. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1203; previous revision: 1.1202 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c -new revision: 1.206; previous revision: 1.205 - -2017-01-11 Even Rouault - - * libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to - avoid undefined behaviour caused by invalid shift exponent. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648 - - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1205; previous revision: 1.1204 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v <-- libtiff/tif_jpeg.c -new revision: 1.126; previous revision: 1.125 - -2017-01-11 Even Rouault - - * libtiff/tif_read.c: avoid potential undefined behaviour on signed - integer addition in TIFFReadRawStrip1() in isMapped() case. - Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650 - -/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog -new revision: 1.1206; previous revision: 1.1205 -/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v <-- libtiff/tif_read.c -new revision: 1.51; previous revision: 1.50 - -Index: libtiff/libtiff/tif_dir.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v -retrieving revision 1.128 -retrieving revision 1.129 -diff -u -r1.128 -r1.129 ---- libtiff/libtiff/tif_dir.c 3 Dec 2016 15:30:31 -0000 1.128 -+++ libtiff/libtiff/tif_dir.c 11 Jan 2017 16:09:02 -0000 1.129 -@@ -1,4 +1,4 @@ --/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */ -+/* $Id: tif_dir.c,v 1.129 2017-01-11 16:09:02 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -31,6 +31,7 @@ - * (and also some miscellaneous stuff) - */ - #include "tiffiop.h" -+#include - - /* - * These are used in the backwards compatibility code... -@@ -154,6 +155,15 @@ - return (0); - } - -+static float TIFFClampDoubleToFloat( double val ) -+{ -+ if( val > FLT_MAX ) -+ return FLT_MAX; -+ if( val < -FLT_MAX ) -+ return -FLT_MAX; -+ return (float)val; -+} -+ - static int - _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) - { -@@ -312,13 +322,13 @@ - dblval = va_arg(ap, double); - if( dblval < 0 ) - goto badvaluedouble; -- td->td_xresolution = (float) dblval; -+ td->td_xresolution = TIFFClampDoubleToFloat( dblval ); - break; - case TIFFTAG_YRESOLUTION: - dblval = va_arg(ap, double); - if( dblval < 0 ) - goto badvaluedouble; -- td->td_yresolution = (float) dblval; -+ td->td_yresolution = TIFFClampDoubleToFloat( dblval ); - break; - case TIFFTAG_PLANARCONFIG: - v = (uint16) va_arg(ap, uint16_vap); -@@ -327,10 +337,10 @@ - td->td_planarconfig = (uint16) v; - break; - case TIFFTAG_XPOSITION: -- td->td_xposition = (float) va_arg(ap, double); -+ td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) ); - break; - case TIFFTAG_YPOSITION: -- td->td_yposition = (float) va_arg(ap, double); -+ td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) ); - break; - case TIFFTAG_RESOLUTIONUNIT: - v = (uint16) va_arg(ap, uint16_vap); -Index: libtiff/libtiff/tif_dirread.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v -retrieving revision 1.206 -retrieving revision 1.207 -diff -u -r1.206 -r1.207 ---- libtiff/libtiff/tif_dirread.c 11 Jan 2017 13:28:01 -0000 1.206 -+++ libtiff/libtiff/tif_dirread.c 11 Jan 2017 16:09:02 -0000 1.207 -@@ -1,4 +1,4 @@ --/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */ -+/* $Id: tif_dirread.c,v 1.207 2017-01-11 16:09:02 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -40,6 +40,7 @@ - */ - - #include "tiffiop.h" -+#include - - #define IGNORE 0 /* tag placeholder used below */ - #define FAILED_FII ((uint32) -1) -@@ -2406,7 +2407,14 @@ - ma=(double*)origdata; - mb=data; - for (n=0; n FLT_MAX ) -+ val = FLT_MAX; -+ else if( val < -FLT_MAX ) -+ val = -FLT_MAX; -+ *mb++=(float)val; -+ } - } - break; - } -Index: libtiff/libtiff/tif_dirwrite.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v -retrieving revision 1.84 -retrieving revision 1.85 -diff -u -r1.84 -r1.85 ---- libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 12:51:59 -0000 1.84 -+++ libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 16:09:02 -0000 1.85 -@@ -1,4 +1,4 @@ --/* $Id: tif_dirwrite.c,v 1.83 2016-10-25 21:35:15 erouault Exp $ */ -+/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */ - - /* - * Copyright (c) 1988-1997 Sam Leffler -@@ -30,6 +30,7 @@ - * Directory Write Support Routines. - */ - #include "tiffiop.h" -+#include - - #ifdef HAVE_IEEEFP - #define TIFFCvtNativeToIEEEFloat(tif, n, fp) -@@ -939,6 +940,69 @@ - return(0); - } - -+static float TIFFClampDoubleToFloat( double val ) -+{ -+ if( val > FLT_MAX ) -+ return FLT_MAX; -+ if( val < -FLT_MAX ) -+ return -FLT_MAX; -+ return (float)val; -+} -+ -+static int8 TIFFClampDoubleToInt8( double val ) -+{ -+ if( val > 127 ) -+ return 127; -+ if( val < -128 || val != val ) -+ return -128; -+ return (int8)val; -+} -+ -+static int16 TIFFClampDoubleToInt16( double val ) -+{ -+ if( val > 32767 ) -+ return 32767; -+ if( val < -32768 || val != val ) -+ return -32768; -+ return (int16)val; -+} -+ -+static int32 TIFFClampDoubleToInt32( double val ) -+{ -+ if( val > 0x7FFFFFFF ) -+ return 0x7FFFFFFF; -+ if( val < -0x7FFFFFFF-1 || val != val ) -+ return -0x7FFFFFFF-1; -+ return (int32)val; -+} -+ -+static uint8 TIFFClampDoubleToUInt8( double val ) -+{ -+ if( val < 0 ) -+ return 0; -+ if( val > 255 || val != val ) -+ return 255; -+ return (uint8)val; -+} -+ -+static uint16 TIFFClampDoubleToUInt16( double val ) -+{ -+ if( val < 0 ) -+ return 0; -+ if( val > 65535 || val != val ) -+ return 65535; -+ return (uint16)val; -+} -+ -+static uint32 TIFFClampDoubleToUInt32( double val ) -+{ -+ if( val < 0 ) -+ return 0; -+ if( val > 0xFFFFFFFFU || val != val ) -+ return 0xFFFFFFFFU; -+ return (uint32)val; -+} -+ - static int - TIFFWriteDirectoryTagSampleformatArray(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, double* value) - { -@@ -959,7 +1023,7 @@ - if (tif->tif_dir.td_bitspersample<=32) - { - for (i = 0; i < count; ++i) -- ((float*)conv)[i] = (float)value[i]; -+ ((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]); - ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv); - } - else -@@ -971,19 +1035,19 @@ - if (tif->tif_dir.td_bitspersample<=8) - { - for (i = 0; i < count; ++i) -- ((int8*)conv)[i] = (int8)value[i]; -+ ((int8*)conv)[i] = TIFFClampDoubleToInt8(value[i]); - ok = TIFFWriteDirectoryTagSbyteArray(tif,ndir,dir,tag,count,(int8*)conv); - } - else if (tif->tif_dir.td_bitspersample<=16) - { - for (i = 0; i < count; ++i) -- ((int16*)conv)[i] = (int16)value[i]; -+ ((int16*)conv)[i] = TIFFClampDoubleToInt16(value[i]); - ok = TIFFWriteDirectoryTagSshortArray(tif,ndir,dir,tag,count,(int16*)conv); - } - else - { - for (i = 0; i < count; ++i) -- ((int32*)conv)[i] = (int32)value[i]; -+ ((int32*)conv)[i] = TIFFClampDoubleToInt32(value[i]); - ok = TIFFWriteDirectoryTagSlongArray(tif,ndir,dir,tag,count,(int32*)conv); - } - break; -@@ -991,19 +1055,19 @@ - if (tif->tif_dir.td_bitspersample<=8) - { - for (i = 0; i < count; ++i) -- ((uint8*)conv)[i] = (uint8)value[i]; -+ ((uint8*)conv)[i] = TIFFClampDoubleToUInt8(value[i]); - ok = TIFFWriteDirectoryTagByteArray(tif,ndir,dir,tag,count,(uint8*)conv); - } - else if (tif->tif_dir.td_bitspersample<=16) - { - for (i = 0; i < count; ++i) -- ((uint16*)conv)[i] = (uint16)value[i]; -+ ((uint16*)conv)[i] = TIFFClampDoubleToUInt16(value[i]); - ok = TIFFWriteDirectoryTagShortArray(tif,ndir,dir,tag,count,(uint16*)conv); - } - else - { - for (i = 0; i < count; ++i) -- ((uint32*)conv)[i] = (uint32)value[i]; -+ ((uint32*)conv)[i] = TIFFClampDoubleToUInt32(value[i]); - ok = TIFFWriteDirectoryTagLongArray(tif,ndir,dir,tag,count,(uint32*)conv); - } - break; -@@ -2102,7 +2102,7 @@ - m[0]=0; - m[1]=1; - } -- else if (value==(double)(uint32)value) -+ else if (value <= 0xFFFFFFFFU && value==(double)(uint32)value) - { - m[0]=(uint32)value; - m[1]=1; -@@ -2148,12 +2217,13 @@ - } - for (na=value, nb=m, nc=0; nc= 0 && *na <= (float)0xFFFFFFFFU && -+ *na==(float)(uint32)(*na)) - { - nb[0]=(uint32)(*na); - nb[1]=1; -Index: libtiff/libtiff/tif_dirread.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v -retrieving revision 1.205 -retrieving revision 1.206 -diff -u -r1.205 -r1.206 ---- libtiff/libtiff/tif_dirread.c 3 Dec 2016 11:02:15 -0000 1.205 -+++ libtiff/libtiff/tif_dirread.c 11 Jan 2017 13:28:01 -0000 1.206 -@@ -2872,7 +2872,10 @@ - m.l = direntry->tdir_offset.toff_long8; - if (tif->tif_flags&TIFF_SWAB) - TIFFSwabArrayOfLong(m.i,2); -- if (m.i[0]==0) -+ /* Not completely sure what we should do when m.i[1]==0, but some */ -+ /* sanitizers do not like division by 0.0: */ -+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ -+ if (m.i[0]==0 || m.i[1]==0) - *value=0.0; - else - *value=(double)m.i[0]/(double)m.i[1]; -@@ -2900,7 +2903,10 @@ - m.l=direntry->tdir_offset.toff_long8; - if (tif->tif_flags&TIFF_SWAB) - TIFFSwabArrayOfLong(m.i,2); -- if ((int32)m.i[0]==0) -+ /* Not completely sure what we should do when m.i[1]==0, but some */ -+ /* sanitizers do not like division by 0.0: */ -+ /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ -+ if ((int32)m.i[0]==0 || m.i[1]==0) - *value=0.0; - else - *value=(double)((int32)m.i[0])/(double)m.i[1]; -Index: libtiff/libtiff/tif_jpeg.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jpeg.c,v -retrieving revision 1.125 -retrieving revision 1.126 -diff -u -r1.125 -r1.126 ---- libtiff/libtiff/tif_jpeg.c 11 Jan 2017 12:15:01 -0000 1.125 -+++ libtiff/libtiff/tif_jpeg.c 11 Jan 2017 16:13:50 -0000 1.126 -@@ -1,4 +1,4 @@ --/* $Id: tif_jpeg.c,v 1.123 2016-01-23 21:20:34 erouault Exp $ */ -+/* $Id: tif_jpeg.c,v 1.126 2017-01-11 16:13:50 erouault Exp $ */ - - /* - * Copyright (c) 1994-1997 Sam Leffler -@@ -1632,6 +1632,13 @@ - "Invalig horizontal/vertical sampling value"); - return (0); - } -+ if( td->td_bitspersample > 16 ) -+ { -+ TIFFErrorExt(tif->tif_clientdata, module, -+ "BitsPerSample %d not allowed for JPEG", -+ td->td_bitspersample); -+ return (0); -+ } - - /* - * A ReferenceBlackWhite field *must* be present since the -Index: libtiff/libtiff/tif_read.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v -retrieving revision 1.50 -retrieving revision 1.51 -diff -u -r1.50 -r1.51 ---- libtiff/libtiff/tif_read.c 2 Dec 2016 21:56:56 -0000 1.50 -+++ libtiff/libtiff/tif_read.c 11 Jan 2017 16:33:34 -0000 1.51 -@@ -420,16 +420,25 @@ - return ((tmsize_t)(-1)); - } - } else { -- tmsize_t ma,mb; -+ tmsize_t ma; - tmsize_t n; -- ma=(tmsize_t)td->td_stripoffset[strip]; -- mb=ma+size; -- if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size)) -- n=0; -- else if ((mbtif->tif_size)) -- n=tif->tif_size-ma; -- else -- n=size; -+ if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)|| -+ ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size)) -+ { -+ n=0; -+ } -+ else if( ma > TIFF_TMSIZE_T_MAX - size ) -+ { -+ n=0; -+ } -+ else -+ { -+ tmsize_t mb=ma+size; -+ if (mb>tif->tif_size) -+ n=tif->tif_size-ma; -+ else -+ n=size; -+ } - if (n!=size) { - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) - TIFFErrorExt(tif->tif_clientdata, module, -- cgit v1.2.3 From 5cd0122e60edc9ed0ee365aebef960cf89f0fd19 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 28 May 2017 14:33:21 -0400 Subject: gnu: synfigstudio: Fix patch name in 'gnu/local.mk'. This is a followup to commit 2ac2b17251be51778963e6ced0b83e461d175d01. * gnu/local.mk (dist_patch_DATA): Fix typo. --- gnu/local.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 2e60585432..1937da8968 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -990,7 +990,7 @@ dist_patch_DATA = \ %D%/packages/patches/superlu-dist-scotchmetis.patch \ %D%/packages/patches/swish-e-search.patch \ %D%/packages/patches/swish-e-format-security.patch \ - %D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch.patch \ + %D%/packages/patches/synfigstudio-fix-ui-with-gtk3.patch \ %D%/packages/patches/t1lib-CVE-2010-2642.patch \ %D%/packages/patches/t1lib-CVE-2011-0764.patch \ %D%/packages/patches/t1lib-CVE-2011-1552+CVE-2011-1553+CVE-2011-1554.patch \ -- cgit v1.2.3 From 0fd0bb56a806d3da4158e1744249de0296161fa6 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 27 May 2017 11:01:25 -0400 Subject: gnu: rxvt-unicode: Disable an unwanted code execution vector. * gnu/packages/patches/rxvt-unicode-escape-sequences.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xdisorg.scm (rxvt-unicode)[source]: Use it. --- gnu/local.mk | 1 + .../patches/rxvt-unicode-escape-sequences.patch | 35 ++++++++++++++++++++++ gnu/packages/xdisorg.scm | 1 + 3 files changed, 37 insertions(+) create mode 100644 gnu/packages/patches/rxvt-unicode-escape-sequences.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 1937da8968..e811e9a0be 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -972,6 +972,7 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-puma-ignore-broken-test.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ + %D%/packages/patches/rxvt-unicode-escape-sequences.patch \ %D%/packages/patches/scheme48-tests.patch \ %D%/packages/patches/scotch-test-threading.patch \ %D%/packages/patches/screen-fix-info-syntax-error.patch \ diff --git a/gnu/packages/patches/rxvt-unicode-escape-sequences.patch b/gnu/packages/patches/rxvt-unicode-escape-sequences.patch new file mode 100644 index 0000000000..064dd51e2d --- /dev/null +++ b/gnu/packages/patches/rxvt-unicode-escape-sequences.patch @@ -0,0 +1,35 @@ +This patch prevents a code execution vector involving terminal escape +sequences when rxvt-unicode is in "secure mode". + +This change was spurred by the following conversation on the +oss-security mailing list: + +Problem description and proof of concept: +http://seclists.org/oss-sec/2017/q2/190 + +Upstream response: +http://seclists.org/oss-sec/2017/q2/291 + +Patch copied from upstream source repository: +http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583 + +--- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582 ++++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583 +@@ -2695,7 +2695,7 @@ + /* kidnapped escape sequence: Should be 8.3.48 */ + case C1_ESA: /* ESC G */ + // used by original rxvt for rob nations own graphics mode +- if (cmd_getc () == 'Q') ++ if (cmd_getc () == 'Q' && option (Opt_insecure)) + tt_printf ("\033G0\012"); /* query graphics - no graphics */ + break; + +@@ -2914,7 +2914,7 @@ + break; + + case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */ +- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ ++ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */ + #ifdef ISO6429 + arg[0] = -arg[0]; + #else /* emulate common DEC VTs */ diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index ad919a6b28..a2230c4e93 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -682,6 +682,7 @@ compact configuration syntax.") (method url-fetch) (uri (string-append "http://dist.schmorp.de/rxvt-unicode/Attic/" name "-" version ".tar.bz2")) + (patches (search-patches "rxvt-unicode-escape-sequences.patch")) (sha256 (base32 "1pddjn5ynblwfrdmskylrsxb9vfnk3w4jdnq2l8xn2pspkljhip9")))) -- cgit v1.2.3 From 2b95f247215345c9130b5d6623d739f810224313 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sun, 28 May 2017 15:28:43 -0400 Subject: gnu: certbot, python-acme: Update to 0.14.2. * gnu/packages/tls.scm (certbot, python-acme, python2-acme): Update to 0.14.2. --- gnu/packages/tls.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'gnu') diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 2025a778ac..7f62b37690 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -484,13 +484,13 @@ security, and applying best practice development processes.") (package (name "python-acme") ;; Remember to update the hash of certbot when updating python-acme. - (version "0.14.1") + (version "0.14.2") (source (origin (method url-fetch) (uri (pypi-uri "acme" version)) (sha256 (base32 - "0asmkfkzbswnkrvbj5m01xgy4f6g1fjbj2nir1hhrn3ipcdrsv8f")))) + "1kbgpjabbly7r757vyr1050ixnm9hyvrbf9n6aq49cgmb147ysqn")))) (build-system python-build-system) (arguments `(#:phases @@ -549,7 +549,7 @@ security, and applying best practice development processes.") (uri (pypi-uri name version)) (sha256 (base32 - "0rdby57hw35qdrbl7kigscphnz4kqb608bqzrcb73nb99092i6si")))) + "1b39hybswzm8mkarg1mwpx47wffqg57jcgi52mz5iz60rxym9j2v")))) (build-system python-build-system) (arguments `(#:python ,python-2 -- cgit v1.2.3 From ce676015645949091ceb54f7eb9daede7bc619fc Mon Sep 17 00:00:00 2001 From: James Richardson Date: Wed, 24 May 2017 01:26:44 -0400 Subject: gnu: Add emacs-restclient. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/emacs.scm (emacs-restclient): New variable. Signed-off-by: Ludovic Courtès --- gnu/packages/emacs.scm | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'gnu') diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index 13eba9646e..db4695f236 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -4880,3 +4880,31 @@ running tests easier.") pair of minor modes which suppress all mouse events by intercepting them and running a customisable handler command (@code{ignore} by default). ") (license license:gpl3+))) + +(define-public emacs-restclient + (let ((commit "07a3888bb36d0e29608142ebe743b4362b800f40") + (revision "1")) ;Guix package revision, + ;upstream doesn't have official releases + (package + (name "emacs-restclient") + (version (string-append revision "." + (string-take commit 7))) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/pashky/restclient.el.git") + (commit commit))) + (sha256 + (base32 + "00lmjhb5im1kgrp54yipf1h9pshxzgjlg71yf2rq5n973gvb0w0q")) + (file-name (git-file-name name version)))) + (build-system emacs-build-system) + (propagated-inputs + `(("emacs-helm" ,emacs-helm))) + (home-page "https://github.com/pashky/restclient.el") + (synopsis "Explore and test HTTP REST webservices") + (description + "This tool allows for testing and exploration of HTTP REST Web services +from within Emacs. Restclient runs queries from a plan-text query sheet, +displays results pretty-printed in XML or JSON with @code{restclient-mode}") + (license license:public-domain)))) -- cgit v1.2.3 From 78dfc9e2dd3fd10ac3f6a01617b41bb08a80f173 Mon Sep 17 00:00:00 2001 From: ng0 Date: Thu, 4 May 2017 19:45:54 +0000 Subject: gnu: Add spectrwm. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/wm.scm (spectrwm): New variable. Signed-off-by: Ludovic Courtès --- gnu/packages/wm.scm | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 78 insertions(+), 1 deletion(-) (limited to 'gnu') diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm index 607ef2b0e7..cd53091ced 100644 --- a/gnu/packages/wm.scm +++ b/gnu/packages/wm.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2016 Al McElrath ;;; Copyright © 2016 Carlo Zancanaro ;;; Copyright © 2016 Ludovic Courtès -;;; Copyright © 2016, 2017 ng0 +;;; Copyright © 2016, 2017 ng0 ;;; Copyright © 2016 doncatnip ;;; Copyright © 2016 Ivan Vilata i Balaguer ;;; Copyright © 2017 Mekeor Melire @@ -675,3 +675,80 @@ all of them. Currently supported window managers include: Keybinder works with GTK-based applications using the X Window System.") (home-page "https://github.com/engla/keybinder") (license license:gpl2+))) + +(define-public spectrwm + (package + (name "spectrwm") + (version "3.0.2") + (source + (origin + (method url-fetch) + (uri (let ((version-with-underscores + (string-join (string-split version #\.) "_"))) + (string-append "https://github.com/conformal/spectrwm/archive/" + "SPECTRWM_" version-with-underscores ".tar.gz"))) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "065b7j8s0lxw3p58fyf3c1mr5203pdm0kww42v245rlx0f005kl2")))) + (build-system gnu-build-system) + (arguments + `(#:make-flags (let ((pkg-config (lambda (flag) + (string-append + "$(shell pkg-config " flag " " + "xft fontconfig x11 libpng)")))) + (list + "CC=gcc" + (string-append "PREFIX=" %output) + (string-append "INCS=-I. " (pkg-config "--cflags")) + (string-append "LIBS=" (pkg-config "--libs") " -lm"))) + #:tests? #f ;No test suite + #:phases + (modify-phases %standard-phases + (add-before 'build 'change-dir + (lambda _ + (chdir "linux") #t)) + (add-after 'change-dir 'patch-makefile + (lambda _ + (substitute* "Makefile" + (("-g") "")))) + (add-after 'change-dir 'fix-freetype-include + (lambda _ + (substitute* "Makefile" + (("/usr/include/freetype2") + (string-append (assoc-ref %build-inputs "freetype") + "/include/freetype2"))))) + (delete 'configure)))) ;no 'configure' exists + (inputs + `(("freetype" ,freetype) + ("fontconfig" ,fontconfig) + ("libx11" ,libx11) + ("libxcursor" ,libxcursor) + ("libxrandr" ,libxrandr) + ("libxtst" ,libxtst) + ("libxft" ,libxft) + ("xcb-util" ,xcb-util) + ("xcb-util-wm" ,xcb-util-wm) + ("xcb-util-keysyms" ,xcb-util-keysyms))) + (native-inputs + `(("libxt" ,libxt) + ("pkg-config" ,pkg-config))) + (synopsis "Minimalistic automatic tiling window manager") + (description + "Spectrwm is a small dynamic tiling and reparenting window manager for X11. +It is inspired by Xmonad and dwm. Its major features include: + +@itemize +@item Navigation anywhere on all screens with either the keyboard or mouse +@item Customizable status bar +@item Restartable without losing state +@item Quick launch menu +@item Many screen layouts possible with a few simple key strokes +@item Move/resize floating windows +@item Extended Window Manager Hints (EWMH) support +@item Configureable tiling +@item Adjustable tile gap allows for a true one pixel border +@item Customizable colors and border width +@end itemize\n") + (home-page "https://github.com/conformal/spectrwm") + (license license:isc))) -- cgit v1.2.3 From a8d0c9cbcc5b16503bd3ad5d3b75f0bbecb32d3d Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sat, 27 May 2017 11:56:41 +0100 Subject: gnu: Add emacs-direnv. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/emacs.scm (emacs-direnv): New variable. Signed-off-by: Ludovic Courtès --- gnu/packages/emacs.scm | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'gnu') diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index db4695f236..e840d51255 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -1228,6 +1228,37 @@ or XEmacs.") the Emacs buffer.") (license license:gpl3+))) +(define-public emacs-direnv + (package + (name "emacs-direnv") + (version "1.2.0") + (source + (origin + (method url-fetch) + (uri (string-append + "https://github.com/wbolster/emacs-direnv/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0m9nxawklhiiysyibzzhh2zkxgq1fskqvaqb06f7r8dnhabfy9fr")))) + (build-system emacs-build-system) + (propagated-inputs + `(("dash" ,emacs-dash) + ("with-editor" ,emacs-with-editor))) + (home-page "https://github.com/wbolster/emacs-direnv") + (synopsis "Direnv integration for Emacs") + (description + "This package provides support for invoking direnv to get the environment +for the current file and updating the environment within Emacs to match. + +Direnv can be invoked manually, and a global minor mode is included that will +update the environment when the active buffer changes. + +Using emacs-direnv means that programs started from Emacs will use the +environment set through Direnv.") + (license license:gpl3+))) + (define-public emacs-google-maps (package (name "emacs-google-maps") -- cgit v1.2.3 From 6c1db130a8a0cad4ff0c27f8f2e7274682a50ca4 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 28 May 2017 20:01:37 +0200 Subject: gnu: parallel: Update to 20170522. * gnu/packages/parallel.scm (parallel): Update to 20170522. --- gnu/packages/parallel.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu') diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm index 66b67eac6d..c1f962a4b6 100644 --- a/gnu/packages/parallel.scm +++ b/gnu/packages/parallel.scm @@ -45,7 +45,7 @@ (define-public parallel (package (name "parallel") - (version "20170422") + (version "20170522") (source (origin (method url-fetch) @@ -53,7 +53,7 @@ version ".tar.bz2")) (sha256 (base32 - "0afk1q8mqzz02h6imyykgi9gwk5gj08hzs6lwgd65ilj4slkh93s")))) + "1k5wlcc0dr2fxna0vi48s0l6pvbyl4pbclbih4103f1155im23ca")))) (build-system gnu-build-system) (arguments `(#:phases -- cgit v1.2.3