endif !CAN_RUN_TESTS
-check-system: $(GOBJECTS) $(BOOTSTRAP_GUILE_TARBALLS)
+check-system: $(GOBJECTS)
$(AM_V_at)$(top_builddir)/pre-inst-env \
$(GUILE) --no-auto-compile \
-e '(@@ (run-system-tests) run-system-tests)' \
build-aux/hydra/guix-modular.scm \
build-aux/check-available-binaries.scm \
build-aux/check-final-inputs-self-contained.scm \
- build-aux/download.scm \
build-aux/generate-authors.scm \
build-aux/test-driver.scm \
build-aux/update-guix-package.scm \
+++ /dev/null
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2017 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
-
-;;;
-;;; Download a binary file from an external source.
-;;;
-
-(use-modules (ice-9 match)
- (web uri)
- (web client)
- (rnrs io ports)
- (srfi srfi-11)
- (guix base16)
- (guix hash))
-
-(define %url-base
- "http://alpha.gnu.org/gnu/guix/bootstrap"
-
- ;; Alternately:
- ;;"http://www.fdn.fr/~lcourtes/software/guix/packages"
- )
-
-(define (file-name->uri file)
- "Return the URI for FILE."
- (match (string-tokenize file (char-set-complement (char-set #\/)))
- ((_ ... system basename)
- (string->uri
- (string-append %url-base "/" system
- (match system
- ("aarch64-linux"
- "/20170217/")
- ("armhf-linux"
- "/20150101/")
- (_
- "/20131110/"))
- basename)))))
-
-(match (command-line)
- ((_ file expected-hash)
- (let ((uri (file-name->uri file)))
- (format #t "downloading file `~a'~%from `~a'...~%"
- file (uri->string uri))
- (let*-values (((resp data) (http-get uri #:decode-body? #f))
- ((hash) (bytevector->base16-string (sha256 data)))
- ((part) (string-append file ".part")))
- (if (string=? expected-hash hash)
- (begin
- (call-with-output-file part
- (lambda (port)
- (put-bytevector port data)))
- (rename-file part file))
- (begin
- (format (current-error-port)
- "file at `~a' has SHA256 ~a; expected ~a~%"
- (uri->string uri) hash expected-hash)
- (exit 1)))))))
(define (pointless? target)
;; Return #t if it makes no sense to cross-build to TARGET from SYSTEM.
- (and (string-contains target "mingw")
- (not (string=? "x86_64-linux" system))))
+ (match system
+ ((or "x86_64-linux" "i686-linux")
+ (if (string-contains target "mingw")
+ (not (string=? "x86_64-linux" system))
+ #f))
+ (_
+ ;; Don't try to cross-compile from non-Intel platforms: this isn't
+ ;; very useful and these are often brittle configurations.
+ #t)))
(define (either proc1 proc2 proc3)
(lambda (x)
#!/bin/sh
# GNU Guix --- Functional package management for GNU
-# Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
#
# This file is part of GNU Guix.
#
daemon_pid=$!
trap "kill $daemon_pid ; rm -rf $NIX_STATE_DIR" EXIT
+
+ # The test suite expects the 'guile-bootstrap' package to be available.
+ # Normally the Guile bootstrap tarball is downloaded by a fixed-output
+ # derivation but when network access is missing we allow users to drop
+ # the tarball in 'gnu/packages/bootstrap/SYSTEM' and "intern" it here.
+ bootstrap_directory="@abs_top_builddir@/gnu/packages/bootstrap/@guix_system@"
+ if [ -d "$bootstrap_directory" ]
+ then
+ for file in "$bootstrap_directory"/guile-*
+ do
+ "@abs_top_builddir@/pre-inst-env" \
+ guix download "file://$file" > /dev/null
+ done
+ fi
fi
# Avoid issues that could stem from l10n, such as language/encoding
%D%/packages/vim.scm \
%D%/packages/virtualization.scm \
%D%/packages/vpn.scm \
+ %D%/packages/vulkan.scm \
%D%/packages/w3m.scm \
%D%/packages/wdiff.scm \
%D%/packages/web.scm \
%D%/packages/patches/a2ps-CVE-2014-0466.patch \
%D%/packages/patches/abiword-explictly-cast-bools.patch \
%D%/packages/patches/abiword-black-drawing-with-gtk322.patch \
+ %D%/packages/patches/acl-fix-perl-regex.patch \
%D%/packages/patches/acl-hurd-path-max.patch \
%D%/packages/patches/aegis-constness-error.patch \
%D%/packages/patches/aegis-perl-tempdir1.patch \
%D%/packages/patches/ath9k-htc-firmware-objcopy.patch \
%D%/packages/patches/audacity-build-with-system-portaudio.patch \
%D%/packages/patches/automake-skip-amhello-tests.patch \
- %D%/packages/patches/automake-regexp-syntax.patch \
- %D%/packages/patches/automake-test-gzip-warning.patch \
%D%/packages/patches/avahi-localstatedir.patch \
%D%/packages/patches/avidemux-install-to-lib.patch \
%D%/packages/patches/awesome-reproducible-png.patch \
%D%/packages/patches/cool-retro-term-fix-array-size.patch \
%D%/packages/patches/cool-retro-term-memory-leak-1.patch \
%D%/packages/patches/cool-retro-term-remove-non-free-fonts.patch \
- %D%/packages/patches/coreutils-cut-huge-range-test.patch \
%D%/packages/patches/cpio-CVE-2016-2037.patch \
%D%/packages/patches/cpufrequtils-fix-aclocal.patch \
%D%/packages/patches/cracklib-CVE-2016-6318.patch \
%D%/packages/patches/deja-dup-use-ref-keyword-for-iter.patch \
%D%/packages/patches/dfu-programmer-fix-libusb.patch \
%D%/packages/patches/diffutils-gets-undeclared.patch \
+ %D%/packages/patches/diffutils-getopt.patch \
%D%/packages/patches/doc++-include-directives.patch \
%D%/packages/patches/doc++-segfault-fix.patch \
%D%/packages/patches/doxygen-test.patch \
%D%/packages/patches/fcgi-2.4.0-poll.patch \
%D%/packages/patches/file-CVE-2017-1000249.patch \
%D%/packages/patches/findutils-localstatedir.patch \
- %D%/packages/patches/findutils-gnulib-multi-core.patch \
%D%/packages/patches/findutils-test-xargs.patch \
%D%/packages/patches/flint-ldconfig.patch \
%D%/packages/patches/fltk-shared-lib-defines.patch \
%D%/packages/patches/fltk-xfont-on-demand.patch \
%D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \
%D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \
+ %D%/packages/patches/fontconfig-remove-debug-printf.patch \
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
%D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \
%D%/packages/patches/gawk-shell.patch \
%D%/packages/patches/gcc-arm-bug-71399.patch \
%D%/packages/patches/gcc-arm-link-spec-fix.patch \
- %D%/packages/patches/gcc-asan-powerpc-missing-include.patch \
%D%/packages/patches/gcc-cross-environment-variables.patch \
+ %D%/packages/patches/gcc-fix-texi2pod.patch \
%D%/packages/patches/gcc-libvtv-runpath.patch \
%D%/packages/patches/gcc-strmov-store-file-names.patch \
%D%/packages/patches/gcc-4-compile-with-gcc-5.patch \
%D%/packages/patches/gegl-CVE-2012-4433.patch \
%D%/packages/patches/gemma-intel-compat.patch \
%D%/packages/patches/geoclue-config.patch \
- %D%/packages/patches/gettext-multi-core.patch \
- %D%/packages/patches/gettext-gnulib-multi-core.patch \
%D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \
- %D%/packages/patches/ghostscript-CVE-2017-8291.patch \
%D%/packages/patches/ghostscript-no-header-id.patch \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
%D%/packages/patches/ghostscript-no-header-creationdate.patch \
%D%/packages/patches/ghostscript-runpath.patch \
%D%/packages/patches/glib-networking-ssl-cert-file.patch \
+ %D%/packages/patches/glib-respect-datadir.patch \
%D%/packages/patches/glib-tests-timer.patch \
%D%/packages/patches/glibc-CVE-2015-5180.patch \
%D%/packages/patches/glibc-CVE-2015-7547.patch \
%D%/packages/patches/gobject-introspection-cc.patch \
%D%/packages/patches/gobject-introspection-girepository.patch \
%D%/packages/patches/graphite2-ffloat-store.patch \
- %D%/packages/patches/grep-gnulib-lock.patch \
%D%/packages/patches/grep-timing-sensitive-test.patch \
%D%/packages/patches/groff-source-date-epoch.patch \
%D%/packages/patches/gsl-test-i686.patch \
%D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch \
%D%/packages/patches/gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch \
%D%/packages/patches/gtk2-theme-paths.patch \
+ %D%/packages/patches/gtk2-fix-failing-test.patch \
%D%/packages/patches/gtk3-respect-GUIX_GTK3_PATH.patch \
%D%/packages/patches/gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch \
%D%/packages/patches/gtkglext-disable-disable-deprecated.patch \
%D%/packages/patches/icecat-bug-1415133.patch \
%D%/packages/patches/icecat-bug-1414945.patch \
%D%/packages/patches/icecat-bug-1424373-pt2.patch \
- %D%/packages/patches/icu4c-CVE-2017-7867-CVE-2017-7868.patch \
- %D%/packages/patches/icu4c-CVE-2017-14952.patch \
- %D%/packages/patches/icu4c-reset-keyword-list-iterator.patch \
%D%/packages/patches/id3lib-CVE-2007-4460.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
%D%/packages/patches/intltool-perl-compatibility.patch \
%D%/packages/patches/java-powermock-fix-java-files.patch \
%D%/packages/patches/jemalloc-arm-address-bits.patch \
%D%/packages/patches/jbig2dec-ignore-testtest.patch \
- %D%/packages/patches/jbig2dec-CVE-2016-9601.patch \
- %D%/packages/patches/jbig2dec-CVE-2017-7885.patch \
- %D%/packages/patches/jbig2dec-CVE-2017-7975.patch \
- %D%/packages/patches/jbig2dec-CVE-2017-7976.patch \
%D%/packages/patches/jq-CVE-2015-8863.patch \
%D%/packages/patches/kdbusaddons-kinit-file-name.patch \
%D%/packages/patches/khmer-use-libraries.patch \
%D%/packages/patches/libtar-CVE-2013-4420.patch \
%D%/packages/patches/libtasn1-CVE-2017-10790.patch \
%D%/packages/patches/libtheora-config-guess.patch \
- %D%/packages/patches/libtiff-CVE-2016-10688.patch \
- %D%/packages/patches/libtiff-CVE-2017-9936.patch \
- %D%/packages/patches/libtiff-tiffgetfield-bugs.patch \
- %D%/packages/patches/libtiff-tiffycbcrtorgb-integer-overflow.patch \
- %D%/packages/patches/libtiff-tiffycbcrtorgbinit-integer-overflow.patch \
%D%/packages/patches/libtirpc-CVE-2017-8779.patch \
%D%/packages/patches/libtool-skip-tests2.patch \
- %D%/packages/patches/libunistring-gnulib-multi-core.patch \
%D%/packages/patches/libusb-0.1-disable-tests.patch \
%D%/packages/patches/libusb-for-axoloti.patch \
%D%/packages/patches/libvdpau-va-gl-unbundle.patch \
%D%/packages/patches/libvpx-CVE-2016-2818.patch \
%D%/packages/patches/libxcb-python-3.5-compat.patch \
- %D%/packages/patches/libxml2-CVE-2016-4658.patch \
- %D%/packages/patches/libxml2-CVE-2016-5131.patch \
- %D%/packages/patches/libxml2-CVE-2017-0663.patch \
- %D%/packages/patches/libxml2-CVE-2017-7375.patch \
- %D%/packages/patches/libxml2-CVE-2017-7376.patch \
- %D%/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch \
- %D%/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch \
%D%/packages/patches/libxslt-generated-ids.patch \
- %D%/packages/patches/libxslt-CVE-2016-4738.patch \
- %D%/packages/patches/libxslt-CVE-2017-5029.patch \
%D%/packages/patches/libxt-guix-search-paths.patch \
%D%/packages/patches/lierolibre-check-unaligned-access.patch \
%D%/packages/patches/lierolibre-is-free-software.patch \
%D%/packages/patches/mupdf-build-with-latest-openjpeg.patch \
%D%/packages/patches/mupen64plus-ui-console-notice.patch \
%D%/packages/patches/mutt-store-references.patch \
- %D%/packages/patches/ncurses-CVE-2017-10684-10685.patch \
%D%/packages/patches/net-tools-bitrot.patch \
%D%/packages/patches/netcdf-date-time.patch \
%D%/packages/patches/netcdf-tst_h_par.patch \
%D%/packages/patches/newsbeuter-CVE-2017-14500.patch \
%D%/packages/patches/ngircd-handle-zombies.patch \
%D%/packages/patches/ninja-zero-mtime.patch \
- %D%/packages/patches/node-test-http2-server-rst-stream.patch \
%D%/packages/patches/nss-increase-test-timeout.patch \
%D%/packages/patches/nss-pkgconfig.patch \
%D%/packages/patches/nvi-assume-preserve-path.patch \
%D%/packages/patches/patchutils-xfail-gendiff-tests.patch \
%D%/packages/patches/patch-hurd-path-max.patch \
%D%/packages/patches/pcmanfm-CVE-2017-8934.patch \
- %D%/packages/patches/pcre-CVE-2017-7186.patch \
%D%/packages/patches/pcre2-CVE-2017-7186.patch \
%D%/packages/patches/pcre2-CVE-2017-8786.patch \
%D%/packages/patches/perl-file-path-CVE-2017-6512.patch \
%D%/packages/patches/pygpgme-disable-problematic-tests.patch \
%D%/packages/patches/pyqt-configure.patch \
%D%/packages/patches/python-2-deterministic-build-info.patch \
- %D%/packages/patches/python-2.7-getentropy-on-old-kernels.patch \
+ %D%/packages/patches/python-2.7-adjust-tests.patch \
%D%/packages/patches/python-2.7-search-paths.patch \
%D%/packages/patches/python-2.7-site-prefixes.patch \
%D%/packages/patches/python-2.7-source-date-epoch.patch \
%D%/packages/patches/python-3-deterministic-build-info.patch \
%D%/packages/patches/python-3-search-paths.patch \
- %D%/packages/patches/python-3.5-fix-tests.patch \
- %D%/packages/patches/python-3.5-getentropy-on-old-kernels.patch \
+ %D%/packages/patches/python-3-fix-tests.patch \
%D%/packages/patches/python-dendropy-fix-tests.patch \
%D%/packages/patches/python-fix-tests.patch \
%D%/packages/patches/python-genshi-add-support-for-python-3.4-AST.patch \
%D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
%D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch \
%D%/packages/patches/python2-subprocess32-disable-input-test.patch \
- %D%/packages/patches/python2-unittest2-remove-argparse.patch \
+ %D%/packages/patches/python-unittest2-python3-compat.patch \
+ %D%/packages/patches/python-unittest2-remove-argparse.patch \
%D%/packages/patches/qemu-CVE-2017-15038.patch \
%D%/packages/patches/qemu-CVE-2017-15289.patch \
%D%/packages/patches/qt4-ldflags.patch \
%D%/packages/patches/t1lib-CVE-2011-1552+.patch \
%D%/packages/patches/tar-CVE-2016-6321.patch \
%D%/packages/patches/tar-skip-unreliable-tests.patch \
- %D%/packages/patches/tcl-mkindex-deterministic.patch \
%D%/packages/patches/tclxml-3.2-install.patch \
%D%/packages/patches/tcsh-fix-autotest.patch \
%D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \
%D%/packages/patches/util-linux-tests.patch \
%D%/packages/patches/upower-builddir.patch \
%D%/packages/patches/valgrind-enable-arm.patch \
+ %D%/packages/patches/valgrind-glibc-compat.patch \
%D%/packages/patches/vinagre-revert-1.patch \
%D%/packages/patches/vinagre-revert-2.patch \
%D%/packages/patches/virglrenderer-CVE-2017-6386.patch \
%D%/packages/bootstrap/mips64el-linux/tar \
%D%/packages/bootstrap/mips64el-linux/xz
-# Big bootstrap binaries are not included in the tarball. Instead, they
-# are downloaded.
-nodist_bootstrap_x86_64_linux_DATA = \
- %D%/packages/bootstrap/x86_64-linux/guile-2.0.9.tar.xz
-nodist_bootstrap_i686_linux_DATA = \
- %D%/packages/bootstrap/i686-linux/guile-2.0.9.tar.xz
-nodist_bootstrap_armhf_linux_DATA = \
- %D%/packages/bootstrap/armhf-linux/guile-2.0.11.tar.xz
-nodist_bootstrap_aarch64_linux_DATA = \
- %D%/packages/bootstrap/aarch64-linux/guile-2.0.14.tar.xz
-nodist_bootstrap_mips64el_linux_DATA = \
- %D%/packages/bootstrap/mips64el-linux/guile-2.0.9.tar.xz
-
# Those files must remain executable, so they remain executable once
# imported into the store.
set-bootstrap-executable-permissions:
chmod +x $(DESTDIR)$(bootstrapdir)/*/{bash,mkdir,tar,xz}
-
-BOOTSTRAP_GUILE_TARBALLS = \
- $(nodist_bootstrap_x86_64_linux_DATA) \
- $(nodist_bootstrap_i686_linux_DATA) \
- $(nodist_bootstrap_armhf_linux_DATA) \
- $(nodist_bootstrap_aarch64_linux_DATA) \
- $(nodist_bootstrap_mips64el_linux_DATA)
-
-DISTCLEANFILES = $(BOOTSTRAP_GUILE_TARBALLS)
-
-# Method to download a file from an external source.
-DOWNLOAD_FILE = \
- GUILE_LOAD_COMPILED_PATH="$(top_builddir):$$GUILE_LOAD_COMPILED_PATH" \
- $(GUILE) --no-auto-compile -L "$(top_builddir)" -L "$(top_srcdir)" \
- "$(top_srcdir)/build-aux/download.scm"
-
-%D%/packages/bootstrap/x86_64-linux/guile-2.0.9.tar.xz:
- $(AM_V_DL)$(MKDIR_P) `dirname "$@"`; \
- $(DOWNLOAD_FILE) "$@" \
- "037b103522a2d0d7d69c7ffd8de683dfe5bb4b59c1fafd70b4ffd397fd2f57f0"
-%D%/packages/bootstrap/i686-linux/guile-2.0.9.tar.xz:
- $(AM_V_DL)$(MKDIR_P) `dirname "$@"`; \
- $(DOWNLOAD_FILE) "$@" \
- "b757cd46bf13ecac83fb8e955fb50096ac2d17bb610ca8eb816f29302a00a846"
-%D%/packages/bootstrap/armhf-linux/guile-2.0.11.tar.xz:
- $(AM_V_DL)$(MKDIR_P) `dirname "$@"`; \
- $(DOWNLOAD_FILE) "$@" \
- "e551d05d4d385d6706ab8d574856a087758294dc90ab4c06e70a157a685e23d6"
-%D%/packages/bootstrap/aarch64-linux/guile-2.0.14.tar.xz:
- $(AM_V_DL)$(MKDIR_P) `dirname "$@"`; \
- $(DOWNLOAD_FILE) "$@" \
- "3939909f24dcb955621aa7f81ecde6844bea8a083969c2d275c55699af123ebe"
-%D%/packages/bootstrap/mips64el-linux/guile-2.0.9.tar.xz:
- $(AM_V_DL)$(MKDIR_P) `dirname "$@"`; \
- $(DOWNLOAD_FILE) "$@" \
- "994680f0001346864aa2c2cc5110f380ee7518dcd701c614291682b8e948f73b"
;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
(sha256
(base32
"08qd9s3wfhv0ajswsylnfwr5h0d7j9d4rgip855nrh400nxp940p"))
- (patches (search-patches "acl-hurd-path-max.patch"))))
+ (patches (search-patches "acl-fix-perl-regex.patch"
+ "acl-hurd-path-max.patch"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ; FIXME: Investigate test suite failures
- #:test-target "tests"
+ `(#:test-target "tests"
#:phases
- (alist-cons-after
- 'build 'patch-exec-bin-sh
- (lambda _
- (substitute* "test/run"
- (("/bin/sh") (which "sh"))))
- (alist-replace
- 'install
- (lambda _
- (zero? (system* "make" "install" "install-lib" "install-dev")))
- %standard-phases))))
+ (modify-phases %standard-phases
+ (add-after 'build 'patch-exec-bin-sh
+ (lambda _
+ (substitute* "test/run"
+ (("/bin/sh") (which "sh")))
+ #t))
+ (add-before 'check 'patch-tests
+ (lambda _
+ ;; The coreutils do not have an ACL bit to remove from their
+ ;; output, so the sed expression that removes the bit is disabled.
+ (substitute* "test/sbits-restore.test"
+ (("\\| sed.*'") ""))
+ ;; These tests require the existence of a user named "bin", but
+ ;; this user does not exist within Guix's build environment.
+ (for-each (lambda (file)
+ (delete-file (string-append "test/" file)))
+ '("setfacl-X.test" "cp.test" "misc.test"))))
+ (replace 'install
+ (lambda _
+ (zero? (system* "make" "install" "install-lib" "install-dev")))))))
(inputs `(("attr" ,attr)))
(native-inputs
`(("gettext" ,gettext-minimal)
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
;;;
;;; This file is part of GNU Guix.
;;;
version ".tar.gz"))
(sha256
(base32
- "1yf93fqwav1zsl8dpyfkf0g11w05mmfckqy6qsjy5zkklnspbkv5"))))
+ "1yf93fqwav1zsl8dpyfkf0g11w05mmfckqy6qsjy5zkklnspbkv5"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; The gnulib test-lock test is prone to writer starvation
+ ;; with our glibc@2.25, which prefers readers, so disable it.
+ ;; The gnulib commit b20e8afb0b2 should fix this once
+ ;; incorporated here.
+ (substitute* "gnulib/tests/Makefile.in"
+ (("test-lock\\$\\(EXEEXT\\) ") ""))
+ #t))))
(build-system gnu-build-system)
;; Marked as "required" in augeas.pc
(propagated-inputs
(license gpl3+)))
(define-public automake
- ;; Replace with 'automake/latest' on the next rebuild cycle.
(package
(name "automake")
- (version "1.15")
+ (version "1.15.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/automake/automake-"
version ".tar.xz"))
(sha256
(base32
- "0dl6vfi2lzz8alnklwxzfz624b95hb1ipjvd3mk177flmddcf24r"))
+ "1bzd9g32dfm4rsbw93ld9x7b5nc1y6i4m6zp032qf1i28a8s6sxg"))
(patches
- (search-patches "automake-regexp-syntax.patch"
- "automake-skip-amhello-tests.patch"
- "automake-test-gzip-warning.patch"))))
+ (search-patches "automake-skip-amhello-tests.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,(autoconf-wrapper))
(srfi srfi-1)
(srfi srfi-26)
(rnrs io ports))
- #:phases (alist-cons-before
- 'patch-source-shebangs 'patch-tests-shebangs
- (lambda _
- (let ((sh (which "sh")))
- (substitute* (find-files "t" "\\.(sh|tap)$")
- (("#![[:blank:]]?/bin/sh")
- (string-append "#!" sh)))
+ #:phases
+ (modify-phases %standard-phases
+ (add-before 'patch-source-shebangs 'patch-tests-shebangs
+ (lambda _
+ (let ((sh (which "sh")))
+ (substitute* (find-files "t" "\\.(sh|tap)$")
+ (("#![[:blank:]]?/bin/sh")
+ (string-append "#!" sh)))
- ;; Set these variables for all the `configure' runs
- ;; that occur during the test suite.
- (setenv "SHELL" sh)
- (setenv "CONFIG_SHELL" sh)))
+ ;; Set these variables for all the `configure' runs
+ ;; that occur during the test suite.
+ (setenv "SHELL" sh)
+ (setenv "CONFIG_SHELL" sh)
+ #t)))
- ;; Files like `install-sh', `mdate.sh', etc. must use
- ;; #!/bin/sh, otherwise users could leak erroneous shebangs
- ;; in the wild. See <http://bugs.gnu.org/14201> for an
- ;; example.
- (alist-cons-after
- 'install 'unpatch-shebangs
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (dir (string-append out "/share")))
- (define (starts-with-shebang? file)
- (equal? (call-with-input-file file
- (lambda (p)
- (list (get-u8 p) (get-u8 p))))
- (map char->integer '(#\# #\!))))
+ ;; Files like `install-sh', `mdate.sh', etc. must use
+ ;; #!/bin/sh, otherwise users could leak erroneous shebangs
+ ;; in the wild. See <http://bugs.gnu.org/14201> for an
+ ;; example.
+ (add-after 'install 'unpatch-shebangs
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (dir (string-append out "/share")))
+ (define (starts-with-shebang? file)
+ (equal? (call-with-input-file file
+ (lambda (p)
+ (list (get-u8 p) (get-u8 p))))
+ (map char->integer '(#\# #\!))))
- (for-each (lambda (file)
- (when (and (starts-with-shebang? file)
- (executable-file? file))
- (format #t "restoring shebang on `~a'~%"
- file)
- (substitute* file
- (("^#!.*/bin/sh")
- "#!/bin/sh")
- (("^#!.*/bin/env(.*)$" _ args)
- (string-append "#!/usr/bin/env"
- args)))))
- (find-files dir ".*"))))
- %standard-phases))))
+ (for-each (lambda (file)
+ (when (and (starts-with-shebang? file)
+ (executable-file? file))
+ (format #t "restoring shebang on `~a'~%"
+ file)
+ (substitute* file
+ (("^#!.*/bin/sh")
+ "#!/bin/sh")
+ (("^#!.*/bin/env(.*)$" _ args)
+ (string-append "#!/usr/bin/env"
+ args)))))
+ (find-files dir ".*"))))))))
(home-page "https://www.gnu.org/software/automake/")
(synopsis "Making GNU standards-compliant Makefiles")
(description
Makefile, simplifying the entire process for the developer.")
(license gpl2+))) ; some files are under GPLv3+
-
-(define-public automake/latest
- ;; Merge with 'automake' on the next rebuild cycle.
- (package
- (inherit automake)
- (version "1.15.1")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/automake/automake-"
- version ".tar.xz"))
- (sha256
- (base32
- "1bzd9g32dfm4rsbw93ld9x7b5nc1y6i4m6zp032qf1i28a8s6sxg"))
- (patches
- (search-patches "automake-skip-amhello-tests.patch"))))))
-
(define-public libtool
(package
(name "libtool")
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-ltdl-install") ;really install it
- #:phases (alist-cons-before
- 'configure 'change-directory
- (lambda _
- (chdir "libltdl"))
- %standard-phases)))
+ #:phases (modify-phases %standard-phases
+ (add-before 'configure 'change-directory
+ (lambda _ (chdir "libltdl") #t)))))
(synopsis "System-independent dlopen wrapper of GNU libtool")
(description (package-description libtool))
(define-public avahi
(package
(name "avahi")
- (version "0.6.31")
+ (version "0.7")
(home-page "http://avahi.org")
(source (origin
(method url-fetch)
version ".tar.gz"))
(sha256
(base32
- "0j5b5ld6bjyh3qhd2nw0jb84znq0wqai7fsrdzg7bpg24jdp2wl3"))
+ "0128n7jlshw4bpx0vg8lwj8qwdisjxi7mvniwfafgnkzzrfrpaap"))
(patches (search-patches "avahi-localstatedir.patch"))))
(build-system gnu-build-system)
(arguments
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Christopher Allan Webber <cwebber@dustycloud.org>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
;;;
(define-public libarchive
(package
(name "libarchive")
- (replacement libarchive-3.3.2)
- (version "3.3.1")
+ (version "3.3.2")
(source
(origin
(method url-fetch)
(uri (string-append "http://libarchive.org/downloads/libarchive-"
version ".tar.gz"))
+ (patches (search-patches "libarchive-CVE-2017-14166.patch"
+ "libarchive-CVE-2017-14502.patch"))
(sha256
(base32
- "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))
+ "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd"))))
(build-system gnu-build-system)
;; TODO: Add -L/path/to/nettle in libarchive.pc.
(inputs
("xz" ,xz)))
(arguments
`(#:phases
- (alist-cons-before
- 'build 'patch-pwd
- (lambda _
- (substitute* "Makefile"
- (("/bin/pwd") (which "pwd"))))
- (alist-replace
- 'check
- (lambda _
- ;; XXX: The test_owner_parse, test_read_disk, and
- ;; test_write_disk_lookup tests expect user 'root' to exist, but
- ;; the chroot's /etc/passwd doesn't have it. Turn off those tests.
- ;;
- ;; The tests allow one to disable tests matching a globbing pattern.
- (and (zero? (system* "make"
- "libarchive_test" "bsdcpio_test" "bsdtar_test"))
- ;; XXX: This glob disables too much.
- (zero? (system* "./libarchive_test" "^test_*_disk*"))
- (zero? (system* "./bsdcpio_test" "^test_owner_parse"))
- (zero? (system* "./bsdtar_test"))))
- %standard-phases))
+ (modify-phases %standard-phases
+ (add-before 'build 'patch-pwd
+ (lambda _
+ (substitute* "Makefile"
+ (("/bin/pwd") (which "pwd")))
+ #t))
+ (replace 'check
+ (lambda _
+ ;; XXX: The test_owner_parse, test_read_disk, and
+ ;; test_write_disk_lookup tests expect user 'root' to exist, but
+ ;; the chroot's /etc/passwd doesn't have it. Turn off those tests.
+ ;;
+ ;; The tests allow one to disable tests matching a globbing pattern.
+ (and (zero? (system* "make"
+ "libarchive_test" "bsdcpio_test" "bsdtar_test"))
+ ;; XXX: This glob disables too much.
+ (zero? (system* "./libarchive_test" "^test_*_disk*"))
+ (zero? (system* "./bsdcpio_test" "^test_owner_parse"))
+ (zero? (system* "./bsdtar_test"))))))
;; libarchive/test/test_write_format_gnutar_filenames.c needs to be
;; compiled with C99 or C11 or a gnu variant.
#:configure-flags '("CFLAGS=-O2 -g -std=c99")))
random access nor for in-place modification.")
(license license:bsd-2)))
-(define libarchive-3.3.2
- (package
- (inherit libarchive)
- (version "3.3.2")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "http://libarchive.org/downloads/libarchive-"
- version ".tar.gz"))
- (patches (search-patches "libarchive-CVE-2017-14166.patch"
- "libarchive-CVE-2017-14502.patch"))
- (sha256
- (base32
- "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd"))))))
-
(define-public rdup
(package
(name "rdup")
(native-inputs
`(("python-cython" ,python-cython)
("python-setuptools-scm" ,python-setuptools-scm)
- ;; Borg >=1.0.8's test suite uses 'tmpdir_factory', which was introduced
- ;; in pytest 2.8.
- ("python-pytest" ,python-pytest-3.0)
+ ("python-pytest" ,python-pytest)
;; For generating the documentation.
("python-sphinx" ,python-sphinx)
("python-guzzle-sphinx-theme" ,python-guzzle-sphinx-theme)))
;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
;;;
;;; This file is part of GNU Guix.
;;;
(define-public grep
(package
(name "grep")
- (version "3.0")
+ (version "3.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/grep/grep-"
version ".tar.xz"))
(sha256
(base32
- "1dcasjp3a578nrvzrcn38mpizb8w1q6mvfzhjmcqqgkf0nsivj72"))
- (patches (search-patches "grep-timing-sensitive-test.patch"
- "grep-gnulib-lock.patch"))))
+ "0zm0ywmyz9g8vn1plw14mn8kj74yipx5qsljndbyfgmvndx5qqnv"))
+ (patches (search-patches "grep-timing-sensitive-test.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl))) ;some of the tests require it
(arguments
version ".tar.xz"))
(sha256
(base32
- "1mivg0fy3a6fcn535ln8nkgfj6vxh5hsxxs5h6692wxmsjyyh8fn"))))
+ "1mivg0fy3a6fcn535ln8nkgfj6vxh5hsxxs5h6692wxmsjyyh8fn"))
+ (patches (search-patches "diffutils-getopt.patch"))))
(build-system gnu-build-system)
(synopsis "Comparing and merging files")
(description
"178nn4dl7wbcw499czikirnkniwnx36argdnqgz4ik9i6zvwkm6y"))
(patches (search-patches
"findutils-localstatedir.patch"
- "findutils-test-xargs.patch"
- ;; test-lock has performance issues on multi-core
- ;; machines, it hangs or takes a long time to complete.
- ;; This is a commit from gnulib to fix this issue.
- "findutils-gnulib-multi-core.patch"))))
+ "findutils-test-xargs.patch"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; The gnulib test-lock test is prone to writer starvation
+ ;; with our glibc@2.25, which prefers readers, so disable it.
+ ;; The gnulib commit b20e8afb0b2 should fix this once
+ ;; incorporated here.
+ (substitute* "tests/Makefile.in"
+ (("test-lock\\$\\(EXEEXT\\) ") ""))
+ #t))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags (list
(define-public coreutils
(package
(name "coreutils")
- (version "8.27")
+ (version "8.28")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/coreutils/coreutils-"
version ".tar.xz"))
(sha256
(base32
- "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8"))
- (patches (search-patches "coreutils-cut-huge-range-test.patch"))))
+ "0r8c1bgm68kl70j1lgd0rv12iykw6143k4m9a56xip9rc2hv25qi"))))
(build-system gnu-build-system)
(inputs `(("acl" ,acl) ; TODO: add SELinux
("gmp" ,gmp) ;bignums in 'expr', yay!
(outputs '("out" "debug"))
(arguments
`(#:parallel-build? #f ; help2man may be called too early
- #:phases (alist-cons-before
- 'build 'patch-shell-references
- (lambda* (#:key inputs #:allow-other-keys)
- (let ((bash (assoc-ref inputs "bash")))
- ;; 'split' uses either $SHELL or /bin/sh. Set $SHELL so
- ;; that tests pass, since /bin/sh isn't in the chroot.
- (setenv "SHELL" (which "sh"))
-
- (substitute* (find-files "gnulib-tests" "\\.c$")
- (("/bin/sh")
- (format #f "~a/bin/sh" bash)))
- (substitute* (find-files "tests" "\\.sh$")
- (("#!/bin/sh")
- (format #f "#!~a/bin/sh" bash)))))
- %standard-phases)))
+ #:phases (modify-phases %standard-phases
+ (add-before 'build 'patch-shell-references
+ (lambda _
+ ;; 'split' uses either $SHELL or /bin/sh. Set $SHELL so
+ ;; that tests pass, since /bin/sh isn't in the chroot.
+ (setenv "SHELL" (which "sh"))
+
+ (substitute* (find-files "gnulib-tests" "\\.c$")
+ (("/bin/sh") (which "sh")))
+ (substitute* (find-files "tests" "\\.sh$")
+ (("#!/bin/sh") (which "sh")))
+ #t)))
+
+ ;; Work around a cross-compilation bug whereby libcoreutils.a would
+ ;; provide '__mktime_internal', which conflicts with the one in libc.a.
+ ,@(if (%current-target-system)
+ `(#:configure-flags '("gl_cv_func_working_mktime=yes"))
+ '())))
(synopsis "Core GNU utilities (file, text, shell)")
(description
"GNU Coreutils includes all of the basic command-line tools that are
(define-public binutils
(package
- (replacement binutils/fixed)
(name "binutils")
- (version "2.28")
+ (version "2.28.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/binutils/binutils-"
version ".tar.bz2"))
(sha256
(base32
- "0wiasgns7i8km8nrxas265sh2dfpsw93b3qw195ipc90w4z475v2"))
+ "1sj234nd05cdgga1r36zalvvdkvpfbr12g5mir2n8i1dwsdrj939"))
(patches (search-patches "binutils-ld-new-dtags.patch"
"binutils-loongson-workaround.patch"))))
(build-system gnu-build-system)
(license gpl3+)
(home-page "https://www.gnu.org/software/binutils/")))
-(define binutils/fixed
- (package
- (inherit binutils)
- ;; 2.28.1 is two characters longer than 2.28, so grafting fails due to
- ;; mismatched lengths of filenames, so we have to force it to the same length.
- (version "2281")
- (source
- (origin (inherit (package-source binutils))
- (uri "mirror://gnu/binutils/binutils-2.28.1.tar.bz2")
- (sha256
- (base32
- "1sj234nd05cdgga1r36zalvvdkvpfbr12g5mir2n8i1dwsdrj939"))))))
-
(define* (make-ld-wrapper name #:key
(target (const #f))
binutils
(define-public glibc/linux
(package
(name "glibc")
- (version "2.25")
- (replacement glibc/fixed)
+ ;; Glibc has stable branches that continuously pick fixes for each supported
+ ;; release. Unfortunately they do not do point-releases, so we are stuck
+ ;; with copying almost all patches, or use a snapshot of the release branch.
+ ;;
+ ;; This version number corresponds to the output of `git describe` and the
+ ;; archive can be generated by checking out the commit ID and running:
+ ;; git archive --prefix=$(git describe)/ HEAD | xz > $(git describe).tar.xz
+ ;; See <https://bugs.gnu.org/29406> for details.
+ ;;
+ ;; Note: Always use a dot after the minor version since various places rely
+ ;; on "version-major+minor" to determine where locales are found.
+ (version "2.26.105-g0890d5379c")
(source (origin
(method url-fetch)
- (uri (string-append "mirror://gnu/glibc/glibc-"
- version ".tar.xz"))
+ (uri (string-append "https://alpha.gnu.org/gnu/guix/mirror/"
+ "glibc-" (version-major+minor version) "-"
+ (caddr (string-split version #\.)) ".tar.xz"))
(sha256
(base32
- "1813dzkgw6v8q8q1m4v96yfis7vjqc9pslqib6j9mrwh6fxxjyq6"))
+ "1jck0c1i248sn02rvsfjykk77qncma34bjq89dyy2irwm50d7s3g"))
(snippet
;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is
;; required on LFS distros to avoid loading the distro's libc.so
(modules '((guix build utils)))
(patches (search-patches "glibc-ldd-x86_64.patch"
"glibc-versioned-locpath.patch"
- "glibc-o-largefile.patch"
- "glibc-memchr-overflow-i686.patch"
- "glibc-vectorized-strcspn-guards.patch"
- "glibc-CVE-2017-1000366-pt1.patch"
- "glibc-CVE-2017-1000366-pt2.patch"
- "glibc-CVE-2017-1000366-pt3.patch"))))
+ "glibc-o-largefile.patch"))))
(build-system gnu-build-system)
;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
;; users should automatically pull Linux headers as well.
(propagated-inputs `(("kernel-headers" ,linux-libre-headers)))
- (outputs '("out" "debug"))
+ (outputs '("out" "debug"
+ "static")) ;9 MiB of .a files
(arguments
`(#:out-of-source? #t
;; RUNPATH checks.
#:validate-runpath? #f
+ #:modules ((ice-9 ftw)
+ (srfi srfi-26)
+ (guix build utils)
+ (guix build gnu-build-system))
+
#:configure-flags
(list "--enable-add-ons"
"--sysconfdir=/etc"
;; `--localedir' is not honored, so work around it.
;; See <http://sourceware.org/ml/libc-alpha/2013-03/msg00093.html>.
(string-append "libc_cv_complocaledir=/run/current-system/locale/"
- ,version)
+ ,(version-major+minor version))
(string-append "--with-headers="
(assoc-ref ,(if (%current-target-system)
"kernel-headers")
"/include")
- ;; This is the default for most architectures as of GNU libc 2.21,
+ ;; This is the default for most architectures as of GNU libc 2.26,
;; but we specify it explicitly for clarity and consistency. See
;; "kernel-features.h" in the GNU libc for details.
- "--enable-kernel=2.6.32"
+ "--enable-kernel=3.2.0"
;; Use our Bash instead of /bin/sh.
(string-append "BASH_SHELL="
;; "bilingual" eval/exec magic at the top of the file.
"")
(("exec @PERL@")
- "exec perl"))))))))
+ "exec perl")))))
+
+ (add-after 'install 'move-static-libs
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move static libraries to the "static" output.
+ (define (static-library? file)
+ ;; Return true if FILE is a static library. The
+ ;; "_nonshared.a" files are referred to by libc.so,
+ ;; libpthread.so, etc., which are in fact linker
+ ;; scripts.
+ (and (string-suffix? ".a" file)
+ (not (string-contains file "_nonshared"))))
+
+ (define (linker-script? file)
+ ;; Guess whether FILE, a ".a" file, is actually a
+ ;; linker script.
+ (and (not (ar-file? file))
+ (not (elf-file? file))))
+
+ (let* ((out (assoc-ref outputs "out"))
+ (lib (string-append out "/lib"))
+ (files (scandir lib static-library?))
+ (static (assoc-ref outputs "static"))
+ (slib (string-append static "/lib")))
+ (mkdir-p slib)
+ (for-each (lambda (base)
+ (rename-file (string-append lib "/" base)
+ (string-append slib "/" base)))
+ files)
+
+ ;; Usually libm.a is a linker script so we need to
+ ;; change the file names in there to refer to STATIC
+ ;; instead of OUT.
+ (for-each (lambda (ld-script)
+ (substitute* ld-script
+ ((out) static)))
+ (filter linker-script?
+ (map (cut string-append slib "/" <>)
+ files)))
+ #t))))))
(inputs `(("static-bash" ,static-bash)))
(define-syntax glibc
(identifier-syntax (glibc-for-target)))
-(define glibc/fixed
+;; Below are old libc versions, which we use mostly to build locale data in
+;; the old format (which the new libc cannot cope with.)
+
+(define-public glibc-2.25
(package
(inherit glibc)
+ (version "2.25")
(source (origin
(inherit (package-source glibc))
- (patches (append
- (origin-patches (package-source glibc))
- (search-patches "glibc-CVE-2017-15670-15671.patch")))))))
-
-;; Below are old libc versions, which we use mostly to build locale data in
-;; the old format (which the new libc cannot cope with.)
+ (uri (string-append "mirror://gnu/glibc/glibc-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "1813dzkgw6v8q8q1m4v96yfis7vjqc9pslqib6j9mrwh6fxxjyq6"))
+ (patches (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-o-largefile.patch"
+ "glibc-vectorized-strcspn-guards.patch"
+ "glibc-CVE-2015-5180.patch"
+ "glibc-CVE-2017-15670-15671.patch"
+ "glibc-CVE-2017-1000366-pt1.patch"
+ "glibc-CVE-2017-1000366-pt2.patch"
+ "glibc-CVE-2017-1000366-pt3.patch"))))))
(define-public glibc-2.24
(package
(lambda _
(zero? (system* "make" "localedata/install-locales"
"-j" (number->string (parallel-job-count))))))
- (delete 'install)))
+ (delete 'install)
+ (delete 'move-static-libs)))
((#:configure-flags flags)
`(append ,flags
;; Use $(libdir)/locale/X.Y as is the case by default.
(list (string-append "libc_cv_complocaledir="
(assoc-ref %outputs "out")
"/lib/locale/"
- ,(package-version glibc))))))))))
+ ,(version-major+minor
+ (package-version glibc)))))))))))
(define-public glibc-utf8-locales
(package
(gzip (assoc-ref %build-inputs "gzip"))
(out (assoc-ref %outputs "out"))
(localedir (string-append out "/lib/locale/"
- ,version)))
+ ,(version-major+minor version))))
;; 'localedef' needs 'gzip'.
(setenv "PATH" (string-append libc "/bin:" gzip "/bin"))
(define-public tzdata
(package
(name "tzdata")
- (version "2017b")
+ (version "2017c")
(source (origin
(method url-fetch)
(uri (string-append
version ".tar.gz"))
(sha256
(base32
- "11l0s43vx33dcs78p80122i8s5s9l1sjwkzzwh66njd35r92l97q"))))
+ "02yrrfj0p7ar885ja41ylijzbr8wc6kz6kzlw8c670i9m693ym6n"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f
version ".tar.gz"))
(sha256
(base32
- "0h1d567gn8l3iqgyadcswwdy2yh07nhz3lfl8ds8saz2ajxka5sd"))))))
+ "1dvrq0b2hz7cjqdyd7x21wpy4qcng3rvysr61ij0c2g64fyb9s41"))))))
(home-page "https://www.iana.org/time-zones")
(synopsis "Database of current and historical time zones")
(description "The Time Zone Database (often called tz or zoneinfo)
and daylight-saving rules.")
(license public-domain)))
-;;; A "fixed" version of tzdata, which is used in the test suites of
-;;; glib and R. We can update this whenever we are able to rebuild
-;;; thousands of packages (for example, in a core-updates rebuild).
-(define-public tzdata-2017a
- (package
- (inherit tzdata)
- (version "2017a")
+;;; A "fixed" version of tzdata, which is used in the test suites of glib and R
+;;; and a few other places. We can update this whenever we are able to rebuild
+;;; thousands of packages (for example, in a core-updates rebuild). This package
+;;; will typically be obsolete and should never be referred to by a built
+;;; package.
+(define-public tzdata-for-tests
+ (hidden-package (package (inherit tzdata)
+ (version "2017c")
(source
(origin
(method url-fetch)
"/releases/tzdata" version ".tar.gz"))
(sha256
(base32
- "1mmv4rvcs12lrvgghw4fidczvb69yv69cmzknghcvw1c196mqfnz"))))
+ "02yrrfj0p7ar885ja41ylijzbr8wc6kz6kzlw8c670i9m693ym6n"))))
(inputs `(("tzcode" ,(origin
(method url-fetch)
(uri (string-append
version ".tar.gz"))
(sha256
(base32
- "1b1q7gnlsh5hjgs5065pvajd37rmbc3k9b8cgzad1vcrifswdwh2"))))))))
+ "1dvrq0b2hz7cjqdyd7x21wpy4qcng3rvysr61ij0c2g64fyb9s41")))))))))
(define-public libiconv
(define-public libatomic-ops
(package
(name "libatomic-ops")
- (version "7.4.4")
+ (version "7.4.8")
(source (origin
(method url-fetch)
(uri (string-append
- "http://www.ivmaisoft.com/_bin/atomic_ops/libatomic_ops-"
- version ".tar.gz"))
+ "https://github.com/ivmai/libatomic_ops/releases/download/v"
+ version "/libatomic_ops-" version ".tar.gz"))
(sha256
(base32
- "13vg5fqwil17zpf4hj4h8rh3blzmym693lkdjgvwpgni1mh0l8dz"))))
+ "0sj3plzpbqgxrqpjq3w2zi3zxxqqps71ncdwk5s1k30i9d9da1f4"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(synopsis "Accessing hardware atomic memory update operations")
(arguments
`(;; FIXME: Some tests fail because they produce warnings, others fail
;; because the PYTHONPATH does not include the modeller's directory.
- #:tests? #f
- ;; Do not place libraries in an architecture-specific directory.
- #:configure-flags
- (list "-DCMAKE_INSTALL_LIBDIR=lib")))
+ #:tests? #f))
(inputs
`(("boost" ,boost)
("gsl" ,gsl)
#:use-module (guix build-system)
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
- #:use-module ((guix store) #:select (add-to-store add-text-to-store))
- #:use-module ((guix derivations) #:select (derivation))
+ #:use-module ((guix store)
+ #:select (run-with-store add-to-store add-text-to-store))
+ #:use-module ((guix derivations)
+ #:select (derivation derivation->output-path))
#:use-module ((guix utils) #:select (gnu-triplet->nix-system))
#:use-module ((guix build utils) #:select (elf-file?))
#:use-module (guix memoization)
package-with-bootstrap-guile
glibc-dynamic-linker
+ bootstrap-guile-origin
+
%bootstrap-guile
%bootstrap-coreutils&co
%bootstrap-binutils
;;; Bootstrap packages.
;;;
+(define %bootstrap-base-urls
+ ;; This is where the initial binaries come from.
+ '("https://alpha.gnu.org/gnu/guix/bootstrap"
+ "http://alpha.gnu.org/gnu/guix/bootstrap"
+ "ftp://alpha.gnu.org/gnu/guix/bootstrap"
+ "http://www.fdn.fr/~lcourtes/software/guix/packages"
+ "http://flashner.co.il/guix/bootstrap"))
+
+(define (bootstrap-guile-url-path system)
+ "Return the URI for FILE."
+ (string-append "/" system
+ (match system
+ ("aarch64-linux"
+ "/20170217/guile-2.0.14.tar.xz")
+ ("armhf-linux"
+ "/20150101/guile-2.0.11.tar.xz")
+ (_
+ "/20131110/guile-2.0.9.tar.xz"))))
+
+(define (bootstrap-guile-hash system)
+ "Return the SHA256 hash of the Guile bootstrap tarball for SYSTEM."
+ (match system
+ ("x86_64-linux"
+ (base32 "1w2p5zyrglzzniqgvyn1b55vprfzhgk8vzbzkkbdgl5248si0yq3"))
+ ("i686-linux"
+ (base32 "0im800m30abgh7msh331pcbjvb4n02smz5cfzf1srv0kpx3csmxp"))
+ ("mips64el-linux"
+ (base32 "0fzp93lvi0hn54acc0fpvhc7bvl0yc853k62l958cihk03q80ilr"))
+ ("armhf-linux"
+ (base32 "1mi3brl7l58aww34rawhvja84xc7l1b4hmwdmc36fp9q9mfx0lg5"))
+ ("aarch64-linux"
+ (base32 "1giy2aprjmn5fp9c4s9r125fljw4wv6ixy5739i5bffw4jgr0f9r"))))
+
+(define (bootstrap-guile-origin system)
+ "Return an <origin> object for the Guile tarball of SYSTEM."
+ (origin
+ (method url-fetch)
+ (uri (map (cute string-append <> (bootstrap-guile-url-path system))
+ %bootstrap-base-urls))
+ (sha256 (bootstrap-guile-hash system))))
+
+(define (download-bootstrap-guile store system)
+ "Return a derivation that downloads the bootstrap Guile tarball for SYSTEM."
+ (let* ((path (bootstrap-guile-url-path system))
+ (base (basename path))
+ (urls (map (cut string-append <> path) %bootstrap-base-urls)))
+ (run-with-store store
+ (url-fetch urls 'sha256 (bootstrap-guile-hash system)
+ #:system system))))
+
(define* (raw-build store name inputs
#:key outputs system search-paths
#:allow-other-keys)
(xz (->store "xz"))
(mkdir (->store "mkdir"))
(bash (->store "bash"))
- (guile (->store (match system
- ("armhf-linux"
- "guile-2.0.11.tar.xz")
- ("aarch64-linux"
- "guile-2.0.14.tar.xz")
- (_
- "guile-2.0.9.tar.xz"))))
+ (guile (download-bootstrap-guile store system))
;; The following code, run by the bootstrap guile after it is
;; unpacked, creates a wrapper for itself to set its load path.
;; This replaces the previous non-portable method based on
echo \"unpacking bootstrap Guile to '$out'...\"
~a $out
cd $out
-~a -dc < ~a | ~a xv
+~a -dc < $GUILE_TARBALL | ~a xv
# Use the bootstrap guile to create its own wrapper to set the load path.
GUILE_SYSTEM_PATH=$out/share/guile/2.0 \
# Sanity check.
$out/bin/guile --version~%"
- mkdir xz guile tar
+ mkdir xz tar
(format #f "~s" make-guile-wrapper)
bash)
- (list mkdir xz guile tar bash))))
+ (list mkdir xz tar bash))))
(derivation store name
bash `(,builder)
#:system system
- #:inputs `((,bash) (,builder)))))
+ #:inputs `((,bash) (,builder) (,guile))
+ #:env-vars `(("GUILE_TARBALL"
+ . ,(derivation->output-path guile))))))
(define* (make-raw-bag name
#:key source inputs native-inputs outputs
(home-page #f)
(license lgpl3+))))
-(define %bootstrap-base-urls
- ;; This is where the initial binaries come from.
- '("ftp://alpha.gnu.org/gnu/guix/bootstrap"
- "http://alpha.gnu.org/gnu/guix/bootstrap"
- "http://www.fdn.fr/~lcourtes/software/guix/packages"
- "http://flashner.co.il/guix/bootstrap"))
-
(define %bootstrap-coreutils&co
(package-from-tarball "bootstrap-binaries"
(lambda (system)
"0il0y06akdqgy0f9p40m4x6arn66nh7sr1w1i41bszycs7div266"))))
(build-system gnu-build-system)
(inputs `(("ncurses" ,ncurses)))
- (native-inputs `(("tzdata" ,tzdata-2017a)))
+ (native-inputs `(("tzdata" ,tzdata-for-tests)))
(arguments
;; The ical tests all want to create a ".calcurse" directory, and may
;; fail with "cannot create directory '.calcurse': File exists" if run
;; Since this tzdata is only used for tests and not referenced by the
;; built package, used the "fixed" obsolete version of tzdata and ensure
;; it does not sneak in to the closure.
- #:disallowed-references (,tzdata-2017a)
+ #:disallowed-references (,tzdata-for-tests)
#:phases (modify-phases %standard-phases
(add-before 'check 'check-setup
(lambda* (#:key inputs #:allow-other-keys)
(build-system cmake-build-system)
(arguments
'(#:tests? #f ; test suite appears broken
- #:configure-flags
- (list (string-append "-DCMAKE_INSTALL_LIBDIR="
- (assoc-ref %outputs "out") "/lib"))
#:phases
(modify-phases %standard-phases
(add-before 'configure 'patch-paths
"not test_printics_read_from_stdin "
"and not test_import_from_stdin"))))))))
(native-inputs
- ;; XXX Uses tmpdir_factory, introduced in pytest 2.8.
- `(("python-pytest" ,python-pytest-3.0)
+ `(("python-pytest" ,python-pytest)
("python-pytest-cov" ,python-pytest-cov)
("python-setuptools-scm" ,python-setuptools-scm)
;; Required for tests
(define-public check
(package
(name "check")
- (version "0.10.0")
+ (version "0.12.0")
(source
(origin
(method url-fetch)
- (uri (string-append "https://github.com/libcheck/check/files/71408/"
- "/check-" version ".tar.gz"))
+ (uri (string-append "https://github.com/libcheck/check/releases/download/"
+ version "/check-" version ".tar.gz"))
(sha256
(base32
- "0lhhywf5nxl3dd0hdakra3aasl590756c9kmvyifb3vgm9k0gxgm"))))
+ "0d22h8xshmbpl9hba9ch3xj8vb9ybm5akpsbbh7yj07fic4h2hj6"))))
(build-system gnu-build-system)
(home-page "https://libcheck.github.io/check/")
(synopsis "Unit test framework for C")
source code editors and IDEs.")
(license license:lgpl2.1+)))
-;; XXX: Some packages require this newer version. Incorporate this
-;; into the main 'check' package during the next rebuild cycle.
-(define-public check-0.11.0
- (package
- (inherit check)
- (version "0.11.0")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://github.com/libcheck/check/releases"
- "/download/" version "/check-" version ".tar.gz"))
- (sha256
- (base32
- "05jn1pgb7hqb937xky2147nnq3r4qy5wwr79rddpax3bms5a9xr4"))))))
-
(define-public cunit
(package
(name "cunit")
(define-public python-mock
(package
(name "python-mock")
- (version "1.0.1")
+ (version "2.0.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "mock" version))
(sha256
(base32
- "0kzlsbki6q0awf89rc287f3aj8x431lrajf160a70z0ikhnxsfdq"))))
+ "1flbpksir5sqrvq2z0dp8sl4bzbadg21sj4d42w3klpdfvgvcn5i"))))
+ (propagated-inputs
+ `(("python-pbr" ,python-pbr-minimal)
+ ("python-six" ,python-six)))
(build-system python-build-system)
- (arguments '(#:test-target "check"))
+ (native-inputs
+ `(("python-unittest2" ,python-unittest2)))
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (replace 'check
+ (lambda _
+ (zero? (system* "unit2")))))))
(home-page "https://github.com/testing-cabal/mock")
(synopsis "Python mocking and patching library for testing")
(description
"Mock is a library for testing in Python. It allows you to replace parts
of your system under test with mock objects and make assertions about how they
have been used.")
+ (properties `((python2-variant . ,(delay python2-mock))))
(license license:expat)))
(define-public python2-mock
- (package-with-python2 python-mock))
-
-;;; Some packages (notably, certbot and python-acme) rely on this newer version
-;;; of python-mock. However, a large number of packages fail to build with
-;;; mock@2, so we add a new variable for now. Also, there may be a dependency
-;;; cycle between mock and six, so we avoid creating python2-mock@2 for now.
-(define-public python-mock-2
- (package
- (inherit python-mock)
- (version "2.0.0")
- (source
- (origin
- (method url-fetch)
- (uri (pypi-uri "mock" version))
- (sha256
- (base32
- "1flbpksir5sqrvq2z0dp8sl4bzbadg21sj4d42w3klpdfvgvcn5i"))))
- (propagated-inputs
- `(("python-pbr" ,python-pbr-minimal)
- ,@(package-propagated-inputs python-mock)))))
+ (let ((base (package-with-python2
+ (strip-python2-variant python-mock))))
+ (package (inherit base)
+ (propagated-inputs
+ `(("python2-functools32" ,python2-functools32)
+ ("python2-funcsigs" ,python2-funcsigs)
+ ,@(package-propagated-inputs base))))))
(define-public python-nose
(package
(define-public python-unittest2
(package
(name "python-unittest2")
- (version "0.5.1")
+ (version "1.1.0")
(source
(origin
(method url-fetch)
- (uri (string-append
- "https://pypi.python.org/packages/source/u/unittest2py3k/unittest2py3k-"
- version ".tar.gz"))
+ (uri (pypi-uri "unittest2" version))
+ (patches
+ (search-patches "python-unittest2-python3-compat.patch"
+ "python-unittest2-remove-argparse.patch"))
(sha256
(base32
- "00yl6lskygcrddx5zspkhr0ibgvpknl4678kkm6s626539grq93q"))))
+ "0y855kmx7a8rnf81d3lh5lyxai1908xjp0laf4glwa4c8472m212"))))
(build-system python-build-system)
+ (arguments
+ '(#:phases
+ (modify-phases %standard-phases
+ (replace 'check
+ (lambda _
+ (zero? (system* "python" "-m" "unittest2" "discover" "--verbose")))))))
+ (propagated-inputs
+ `(("python-six" ,python-six)
+ ("python-traceback2" ,python-traceback2)))
(home-page "http://pypi.python.org/pypi/unittest2")
(synopsis "Python unit testing library")
(description
(license license:psfl)))
(define-public python2-unittest2
- (package (inherit python-unittest2)
- (name "python2-unittest2")
- (version "1.1.0")
- (source
- (origin
- (method url-fetch)
- (uri (string-append
- "https://pypi.python.org/packages/source/u/unittest2/unittest2-"
- version ".tar.gz"))
- (sha256
- (base32
- "0y855kmx7a8rnf81d3lh5lyxai1908xjp0laf4glwa4c8472m212"))
- (patches
- (search-patches "python2-unittest2-remove-argparse.patch"))))
- (propagated-inputs
- `(("python2-six" ,python2-six)
- ("python2-traceback2" ,python2-traceback2)))
- (arguments
- `(#:python ,python-2
- #:tests? #f)))) ; no setup.py test command
+ (package-with-python2 python-unittest2))
(define-public python-pytest
(package
(name "python-pytest")
- (version "2.7.3")
+ (version "3.2.3")
(source
(origin
(method url-fetch)
- (uri (string-append
- "https://pypi.python.org/packages/source/p/pytest/pytest-"
- version ".tar.gz"))
+ (uri (pypi-uri "pytest" version))
(sha256
(base32
- "1z4yi986f9n0p8qmzmn21m21m8j1x78hk3505f89baqm6pdw7afm"))
- (modules '((guix build utils)))
- (snippet
- ;; One of the tests involves the /usr directory, so it fails.
- '(substitute* "testing/test_argcomplete.py"
- (("def test_remove_dir_prefix\\(self\\):")
- "@pytest.mark.xfail\n def test_remove_dir_prefix(self):")))))
+ "0g6w86ks73fnrnsyib9ii2rbyx830vn7aglsjqz9v1n2xwbndyi7"))))
(build-system python-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (add-before 'check 'disable-invalid-tests
+ (lambda _
+ ;; Some tests involves the /usr directory, and fails.
+ (substitute* "testing/test_argcomplete.py"
+ (("def test_remove_dir_prefix\\(self\\):")
+ "@pytest.mark.xfail\n def test_remove_dir_prefix(self):"))
+ (substitute* "testing/test_argcomplete.py"
+ (("def test_remove_dir_prefix" line)
+ (string-append "@pytest.mark.skip"
+ "(reason=\"Assumes that /usr exists.\")\n "
+ line)))
+ #t)))))
(propagated-inputs
`(("python-py" ,python-py)))
(native-inputs
`(;; Tests need the "regular" bash since 'bash-final' lacks `compgen`.
("bash" ,bash)
+ ("python-hypothesis" ,python-hypothesis)
("python-nose" ,python-nose)
- ("python-mock" ,python-mock)))
+ ("python-mock" ,python-mock)
+ ("python-setuptools-scm" ,python-setuptools-scm)))
(home-page "http://pytest.org")
(synopsis "Python testing library")
(description
(define-public python2-pytest
(package-with-python2 python-pytest))
-;; Some packages require a newer pytest.
-(define-public python-pytest-3.0
+(define-public python-pytest-bootstrap
(package
(inherit python-pytest)
- (name "python-pytest")
- (version "3.0.7")
- (source (origin
- (method url-fetch)
- (uri (pypi-uri "pytest" version))
- (sha256
- (base32
- "1asc4b2nd2a4f0g3r12y97rslq5wliji7b73wwkvdrm5s7mrc1mp"))))
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- (add-before 'check 'disable-invalid-test
- (lambda _
- (substitute* "testing/test_argcomplete.py"
- (("def test_remove_dir_prefix" line)
- (string-append "@pytest.mark.skip"
- "(reason=\"Assumes that /usr exists.\")\n "
- line)))
- #t)))))
- (native-inputs
- `(("python-hypothesis" ,python-hypothesis)
- ,@(package-native-inputs python-pytest)))
- (properties `((python2-variant . ,(delay python2-pytest-3.0))))))
+ (name "python-pytest-bootstrap")
+ (native-inputs `(("python-setuptools-scm" ,python-setuptools-scm)))
+ (arguments `(#:tests? #f))))
-(define-public python2-pytest-3.0
- (let ((base (package-with-python2
- (strip-python2-variant python-pytest-3.0))))
- (package (inherit base)
- (native-inputs
- `(("python2-enum34" ,python2-enum34)
- ,@(package-native-inputs base))))))
+(define-public python2-pytest-bootstrap
+ (package-with-python2 python-pytest-bootstrap))
(define-public python-pytest-cov
(package
(string-append "version = \"" ,version "\"")))
#t)))))
(native-inputs
- `(("python-pytest" ,python-pytest)
+ `(("python-pytest" ,python-pytest-bootstrap)
("python-setuptools-scm" ,python-setuptools-scm)))
(home-page "https://github.com/pytest-dev/pytest-runner")
(synopsis "Invoke py.test as a distutils command")
(define-public python-coverage
(package
(name "python-coverage")
- (version "4.1")
+ (version "4.4.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "coverage" version))
(sha256
(base32
- "01rbr4br4lsk0lwn8fb96zwd2xr4f0mg1w7iq3j11i8f5ig2nqs1"))))
+ "097l4s3ssxm1vncsn0nw3a1pbzah28773q36c1ab9wz01r04973s"))))
(build-system python-build-system)
(arguments
;; FIXME: 95 tests failed, 539 passed, 6 skipped, 2 errors.
(build-system python-build-system)
(native-inputs
`(("python-flake8" ,python-flake8)
- ("python-pytest" ,python-pytest)))
+ ("python-pytest" ,python-pytest-bootstrap)))
(synopsis "Library for property based testing")
(description "Hypothesis is a library for testing your Python code against a
much larger range of examples than you would ever want to write by hand. It’s
"0gf2dpahpl5igb7jh1sr9acj3z3gp7zahqdqb69nk6wx01c8kc1g"))))
(build-system python-build-system)
(propagated-inputs
- `(("pytest" ,python-pytest-3.0)))
+ `(("pytest" ,python-pytest)))
(home-page "https://github.com/fschulze/pytest-warnings")
(synopsis "Pytest plugin to list Python warnings in pytest report")
(description
"038049nyjl7di59ycnxvc9nydivc5m8np3hqq84j2iirkccdbs5n"))))
(build-system python-build-system)
(propagated-inputs
- `(("pytest" ,python-pytest-3.0)))
+ `(("pytest" ,python-pytest)))
(home-page "https://bitbucket.org/memedough/pytest-capturelog/overview")
(synopsis "Pytest plugin to catch log messages")
(description
(native-inputs
`(("unzip" ,unzip)))
(propagated-inputs
- `(("pytest" ,python-pytest-3.0)))
+ `(("pytest" ,python-pytest)))
(home-page "https://github.com/eisensheng/pytest-catchlog")
(synopsis "Pytest plugin to catch log messages")
(description
#:modules ((guix build gnu-build-system)
(guix build utils)
(ice-9 ftw)) ; for 'scandir'
- #:phases (alist-cons-after
- 'install 'add-symlinks
- (lambda* (#:key outputs #:allow-other-keys)
- ;; The cross-gcc invokes 'as', 'ld', etc, without the
- ;; triplet prefix, so add symlinks.
- (let ((out (assoc-ref outputs "out"))
- (triplet-prefix (string-append ,(boot-triplet) "-")))
- (define (has-triplet-prefix? name)
- (string-prefix? triplet-prefix name))
- (define (remove-triplet-prefix name)
- (substring name (string-length triplet-prefix)))
- (with-directory-excursion (string-append out "/bin")
- (for-each (lambda (name)
- (symlink name (remove-triplet-prefix name)))
- (scandir "." has-triplet-prefix?)))
- #t))
- %standard-phases)
+ #:phases (modify-phases %standard-phases
+ (add-after 'install 'add-symlinks
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; The cross-gcc invokes 'as', 'ld', etc, without the
+ ;; triplet prefix, so add symlinks.
+ (let ((out (assoc-ref outputs "out"))
+ (triplet-prefix (string-append ,(boot-triplet) "-")))
+ (define (has-triplet-prefix? name)
+ (string-prefix? triplet-prefix name))
+ (define (remove-triplet-prefix name)
+ (substring name (string-length triplet-prefix)))
+ (with-directory-excursion (string-append out "/bin")
+ (for-each (lambda (name)
+ (symlink name (remove-triplet-prefix name)))
+ (scandir "." has-triplet-prefix?)))
+ #t))))
,@(substitute-keyword-arguments (package-arguments binutils)
((#:configure-flags cf)
("libc-native" ,@(assoc-ref %boot0-inputs "libc"))
,@(alist-delete "libc" %boot0-inputs)))
- ;; No need for Texinfo at this stage.
- (native-inputs (alist-delete "texinfo"
- (package-native-inputs gcc))))))
+ ;; No need for the native-inputs to build the documentation at this stage.
+ (native-inputs `()))))
(define perl-boot0
(let ((perl (package
;; built just below; the only difference is that this one uses the
;; bootstrap Bash.
(package-with-bootstrap-guile
- (package/inherit glibc
+ (package (inherit glibc)
(name "glibc-intermediate")
(arguments
`(#:guile ,%bootstrap-guile
(let* ((gcc (cross-gcc-wrapper gcc-boot0 binutils-boot0
glibc-final-with-bootstrap-bash
(car (assoc-ref %boot1-inputs "bash"))))
- (bash (package (inherit static-bash)
+ (bash (package
+ (inherit static-bash)
(arguments
- `(#:guile ,%bootstrap-guile
- ,@(package-arguments static-bash)))))
+ (substitute-keyword-arguments
+ (package-arguments static-bash)
+ ((#:guile _ #f)
+ '%bootstrap-guile)
+ ((#:configure-flags flags '())
+ ;; Add a '-L' flag so that the pseudo-cross-ld of
+ ;; BINUTILS-BOOT0 can find libc.a.
+ `(append ,flags
+ (list (string-append "LDFLAGS=-static -L"
+ (assoc-ref %build-inputs
+ "libc:static")
+ "/lib"))))))))
(inputs `(("gcc" ,gcc)
("libc" ,glibc-final-with-bootstrap-bash)
+ ("libc:static" ,glibc-final-with-bootstrap-bash "static")
,@(fold alist-delete %boot1-inputs
'("gcc" "libc")))))
(package-with-bootstrap-guile
(define glibc-final
;; The final glibc, which embeds the statically-linked Bash built above.
- (package/inherit glibc-final-with-bootstrap-bash
+ (package (inherit glibc-final-with-bootstrap-bash)
(name "glibc")
(inputs `(("static-bash" ,static-bash-for-glibc)
,@(alist-delete
(define %boot2-inputs
;; 3rd stage inputs.
`(("libc" ,glibc-final)
+ ("libc:static" ,glibc-final "static")
("gcc" ,gcc-boot0-wrapped)
,@(fold alist-delete %boot1-inputs '("libc" "gcc"))))
(define binutils-final
(package-with-bootstrap-guile
- (package/inherit binutils
+ (package (inherit binutils)
(arguments
`(#:guile ,%bootstrap-guile
#:implicit-inputs? #f
(define libstdc++
;; Intermediate libstdc++ that will allow us to build the final GCC
;; (remember that GCC-BOOT0 cannot build libstdc++.)
- ;; TODO: Write in terms of 'make-libstdc++'.
- (package-with-bootstrap-guile
- (package (inherit gcc)
- (name "libstdc++")
- (arguments
- `(#:guile ,%bootstrap-guile
- #:implicit-inputs? #f
- #:allowed-references ("out")
- #:out-of-source? #t
- #:phases (alist-cons-before
- 'configure 'chdir
- (lambda _
- (chdir "libstdc++-v3"))
- %standard-phases)
- #:configure-flags `("--disable-shared"
- "--disable-libstdcxx-threads"
- "--disable-libstdcxx-pch"
- ,(string-append "--with-gxx-include-dir="
- (assoc-ref %outputs "out")
- "/include"
- ;; "/include/c++/"
- ;; ,(package-version gcc)
- ))))
- (outputs '("out"))
- (inputs %boot2-inputs)
- (native-inputs '())
- (propagated-inputs '())
- (synopsis "GNU C++ standard library (intermediate)"))))
+ (let ((lib (package-with-bootstrap-guile (make-libstdc++ gcc))))
+ (package
+ (inherit lib)
+ (arguments
+ `(#:guile ,%bootstrap-guile
+ #:implicit-inputs? #f
+ #:allowed-references ("out")
+
+ ;; XXX: libstdc++.so NEEDs ld.so for some reason.
+ #:validate-runpath? #f
+
+ ;; All of the package arguments from 'make-libstdc++
+ ;; except for the configure-flags.
+ ,@(package-arguments lib)
+ #:configure-flags `("--disable-shared"
+ "--disable-libstdcxx-threads"
+ "--disable-libstdcxx-pch"
+ ,(string-append "--with-gxx-include-dir="
+ (assoc-ref %outputs "out")
+ "/include"))))
+ (outputs '("out"))
+ (inputs %boot2-inputs)
+ (synopsis "GNU C++ standard library (intermediate)"))))
(define zlib-final
;; Zlib used by GCC-FINAL.
;; scripts such as 'mkheaders' and 'fixinc.sh' (XXX: who cares about these
;; scripts?).
(native-inputs `(("texinfo" ,texinfo-boot0)
+ ("perl" ,perl-boot0) ;for manpages
("static-bash" ,static-bash-for-glibc)
,@(package-native-inputs gcc-boot0)))
("binutils" ,binutils-final)
("gcc" ,gcc-final)
("libc" ,glibc-final)
+ ("libc:static" ,glibc-final "static")
("locales" ,glibc-utf8-locales-final))))
(define-public canonical-package
(let ((name->package (fold (lambda (input result)
(match input
- ((_ package)
+ ((_ package . outputs)
(vhash-cons (package-full-name package)
package result))))
vlist-null
(synopsis "General file (de)compression (using lzw)")
(arguments
;; FIXME: The test suite wants `less', and optionally Perl.
- '(#:tests? #f))
+ '(#:tests? #f
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'use-absolute-name-of-gzip
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "gunzip.in"
+ (("exec gzip")
+ (string-append "exec " (assoc-ref outputs "out")
+ "/bin/gzip")))
+ #t)))))
(description
"GNU Gzip provides data compression and decompression utilities; the
typical extension is \".gz\". Unlike the \"zip\" format, it compresses a single
(define-public xz
(package
(name "xz")
- (version "5.2.2")
+ (version "5.2.3")
(source (origin
(method url-fetch)
(uri (list (string-append "http://tukaani.org/xz/xz-" version
version ".tar.gz")))
(sha256
(base32
- "18h2k4jndhzjs8ln3a54qdnfv59y6spxiwh9gpaqniph6iflvpvk"))))
+ "1jr8pxnz55ifc8cvp3ivgl79ph9iik5aypsc9cma228aglsqp4ki"))))
(build-system gnu-build-system)
(synopsis "General-purpose data compression")
(description
(define-public lzo
(package
(name "lzo")
- (version "2.09")
+ (version "2.10")
(source
(origin
(method url-fetch)
version ".tar.gz"))
(sha256
(base32
- "0k5kpj3jnsjfxqqkblpfpx0mqcy86zs5fhjhgh2kq1hksg7ag57j"))))
+ "0wm04519pd3g8hqpjqhfr72q8qmbiwqaxcs3cndny9h86aa95y60"))))
(build-system gnu-build-system)
(arguments '(#:configure-flags '("--enable-shared")))
(home-page "http://www.oberhumer.com/opensource/lzo")
(define-public lzip
(package
(name "lzip")
- (version "1.18")
+ (version "1.19")
(source (origin
(method url-fetch)
(uri (string-append "mirror://savannah/lzip/lzip-"
version ".tar.gz"))
(sha256
(base32
- "1p8lvc22sv3damld9ng8y6i8z2dvvpsbi9v7yhr5bc2a20m8iya7"))))
+ "1abbch762gv8rjr579q3qyyk6c80plklbv2mw4x0vg71dgsw9bgz"))))
(build-system gnu-build-system)
(home-page "http://www.nongnu.org/lzip/lzip.html")
(synopsis "Lossless data compressor based on the LZMA algorithm")
,@inputs)))
(libc
`(("libc" ,libc)
+ ("libc:static" ,libc "static")
("xkernel-headers" ;the target headers
,@(assoc-ref (package-propagated-inputs libc)
"kernel-headers"))
;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
(define-public cups-filters
(package
(name "cups-filters")
- (version "1.17.7")
+ (version "1.17.9")
(source(origin
(method url-fetch)
(uri
"cups-filters-" version ".tar.xz"))
(sha256
(base32
- "1mg397kgfx0rs9j852f8ppmvaz2al5l75ildbgiqg6j3gwq5jssw"))
+ "0i7mvvnq7ayhxn1ajci8h7l3cijzwr9d50p58h0rbsh9hf63zblq"))
(modules '((guix build utils)))
(snippet
;; install backends, banners and filters to cups-filters output
(define-public cups-minimal
(package
(name "cups-minimal")
- (version "2.2.4")
+ (version "2.2.6")
(source
(origin
(method url-fetch)
version "/cups-" version "-source.tar.gz"))
(sha256
(base32
- "1k4qxafmapq6hzbkh273fdyzkj9alw6ppwz5k933bhsi4svlsvar"))))
+ "16qn41b84xz6khrr2pa2wdwlqxr29rrrkjfi618gbgdkq9w5ff20"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
(define-public curl
(package
(name "curl")
- (version "7.55.1")
- (replacement curl-7.57.0)
+ (version "7.57.0")
(source (origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.xz"))
(sha256
(base32
- "1dvbcwcar3dv488h9378hy145ma3ws2fwpbr6mgszd7chipcmbry"))))
+ "0y3qbjjcxhcvm1yawp3spfssjbskv0g6gyzld6ckif5pf8ygvxpm"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.2 MiB of man3 pages
("groff" ,groff)
("pkg-config" ,pkg-config)
("python" ,python-2)))
+ (native-search-paths
+ ;; Note: This search path is respected by the `curl` command-line tool only.
+ ;; Ideally we would bake this into libcurl itself so other users can benefit,
+ ;; but it's not supported upstream due to thread safety concerns.
+ (list (search-path-specification
+ (variable "CURL_CA_BUNDLE")
+ (file-type 'regular)
+ (separator #f) ;single entry
+ (files '("etc/ssl/certs/ca-certificates.crt")))))
(arguments
`(#:configure-flags '("--with-gnutls" "--with-gssapi")
;; Add a phase to patch '/bin/sh' occurances in tests/runtests.pl
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
-
-(define-public curl-7.57.0
- (package
- (inherit curl)
- (version "7.57.0")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://curl.haxx.se/download/curl-"
- version ".tar.xz"))
- (sha256
- (base32
- "0y3qbjjcxhcvm1yawp3spfssjbskv0g6gyzld6ckif5pf8ygvxpm"))))))
(define-public sqlite
(package
(name "sqlite")
- (version "3.19.3")
+ (version "3.21.0")
(source (origin
(method url-fetch)
(uri (let ((numeric-version
numeric-version ".tar.gz")))
(sha256
(base32
- "00b3l2qglpl1inx21fckiwxnfq5xf6441flc79rqg7zdvh1rq4h6"))))
+ "1qxvzdjwzw6k0kqjfabj86rnq87xdbwbca7laxxdhnh0fmkm3pfp"))))
(build-system gnu-build-system)
(inputs `(("readline" ,readline)))
(arguments
#t)))))
(native-inputs
`(("python-pytest-mock" ,python-pytest-mock)
- ("python-pytest" ,python-pytest-3.0)
+ ("python-pytest" ,python-pytest)
("python-flexmock" ,python-flexmock)))
(propagated-inputs
`(("python-backpack" ,python-backpack)
(define-public python-apsw
(package
(name "python-apsw")
- (version "3.9.2-r1")
+ (version "3.20.1-r1")
(source
(origin
(method url-fetch)
- (uri (pypi-uri "apsw" version))
+ (uri (string-append "https://github.com/rogerbinns/apsw/archive/"
+ version ".tar.gz"))
(sha256
(base32
- "0w4jb0wpx785qw42r3h4fh7gl5w2968q48i7gygybsfxck8nzffs"))))
+ "00ai7m2pqi26qaflhz314d8k5i3syw7xzr145fhfl0crhyh6adz2"))))
(build-system python-build-system)
(inputs
`(("sqlite" ,sqlite)))
`(("python-django" ,python-django)
("python-setuptools-scm" ,python-setuptools-scm)))
(propagated-inputs
- `(("python-pytest" ,python-pytest-3.0)))
+ `(("python-pytest" ,python-pytest)))
(home-page "http://pytest-django.readthedocs.org/")
(synopsis "Django plugin for py.test")
(description "Pytest-django is a plugin for py.test that provides a set of
;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
(build-system cmake-build-system)
(native-inputs
`(("bison" ,bison)
- ("flex" ,flex)
+ ("flex" ,flex-2.6.1) ; sefaults with 2.6.4
("libxml2" ,libxml2) ; provides xmllint for the tests
("python" ,python-2))) ; for creating the documentation
(inputs
(string-take commit 7))
"-DCMAKE_BUILD_TYPE=Release"
"-DKICAD_SKIP_BOOST=ON"; Use our system's boost library.
- (string-append "-DCMAKE_INSTALL_LIBDIR="
- (assoc-ref %outputs "out") "/lib")
"-DKICAD_SCRIPTING=ON"
"-DKICAD_SCRIPTING_MODULES=ON"
"-DKICAD_SCRIPTING_WXPYTHON=ON"
(define-public file
(package
- (replacement file/fixed)
(name "file")
- (version "5.30")
+ (version "5.32")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.astron.com/pub/file/file-"
version ".tar.gz"))
(sha256
(base32
- "057jpcyy8ws7q4s4sm8r1rxb8xycdbng2z4y9i98f094wlr28k39"))))
+ "0l1bfa0icng9vdwya00ff48fhvjazi5610ylbhl35qi13d6xqfc6"))))
(build-system gnu-build-system)
;; When cross-compiling, this package depends upon a native install of
extensions to tell you the type of a file, but looks at the actual contents
of the file.")
(license bsd-2)
- (home-page "http://www.darwinsys.com/file/")))
-
-(define file/fixed
- (package
- (inherit file)
- (source (origin
- (inherit (package-source file))
- (patches (search-patches "file-CVE-2017-1000249.patch"))))))
+ (home-page "https://www.darwinsys.com/file/")))
(define-public freetype
(package
(name "freetype")
- (version "2.8")
+ (version "2.8.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://savannah/freetype/freetype-"
version ".tar.bz2"))
(sha256 (base32
- "02xlj611alpvl3h33hvfw1jyxc1vp9mzwcckkiglkhn3hknh7im3"))))
+ "0y3xrimgp0k39gwq1vdi7b7wjy0z9fhwmzafisxqfardw015yhz5"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
(define-public fontconfig
(package
(name "fontconfig")
- (version "2.12.3")
+ (version "2.12.6")
(source (origin
(method url-fetch)
(uri (string-append
"https://www.freedesktop.org/software/fontconfig/release/fontconfig-"
version ".tar.bz2"))
+ (patches (search-patches "fontconfig-remove-debug-printf.patch"))
(sha256 (base32
- "1ggq6jmz3mlzk4xjs615aqw9h3hq33chjn82bhli26kk09kby95x"))))
+ "05zh65zni11kgnhg726gjbrd55swspdvhqbcnj5a5xh8gn03036g"))))
(build-system gnu-build-system)
(propagated-inputs `(("expat" ,expat)
("freetype" ,freetype)))
(inputs `(("gs-fonts" ,gs-fonts)))
(native-inputs
- `(("gperf" ,gperf) ; Try dropping this for > 2.12.3.
+ `(("gperf" ,gperf)
("pkg-config" ,pkg-config)))
(arguments
`(#:configure-flags
"PYTHON=false")
#:phases
(modify-phases %standard-phases
- (add-before 'configure 'regenerate-fcobjshash
- ;; XXX The pre-generated gperf files are broken.
- ;; See <https://bugs.freedesktop.org/show_bug.cgi?id=101280>.
- (lambda _
- (delete-file "src/fcobjshash.h")
- (delete-file "src/fcobjshash.gperf")
- #t))
(replace 'install
(lambda _
;; Don't try to create /var/cache/fontconfig.
`(("python2-fonttools" ,python2-fonttools)))
(native-inputs
`(("unzip" ,unzip)
- ("python2-pytest-3.0" ,python2-pytest-3.0)
+ ("python2-pytest" ,python2-pytest)
("python2-pytest-runner" ,python2-pytest-runner)))
(home-page "https://github.com/unified-font-object/ufoLib")
(synopsis "Low-level UFO reader and writer")
`(#:python ,python-2))
(native-inputs
`(("unzip" ,unzip)
- ("python2-pytest-3.0" ,python2-pytest-3.0)
+ ("python2-pytest" ,python2-pytest)
("python2-pytest-runner" ,python2-pytest-runner)))
(propagated-inputs
`(("python2-fonttools" ,python2-fonttools)
(define-public wayland
(package
(name "wayland")
- (version "1.13.0")
+ (version "1.14.0")
(source (origin
(method url-fetch)
(uri (string-append "https://wayland.freedesktop.org/releases/"
name "-" version ".tar.xz"))
(sha256
(base32
- "0lgywr1m0d79vr4s8aimj8a307nss29hhy68gjpqj7m667055c39"))))
+ "1f3sla6h0bw15fz8pjc67jhwj7pwmfdc7qlj42j5k9v116ycm07d"))))
(build-system gnu-build-system)
(arguments
- `(#:parallel-tests? #f
- #:phases
- (modify-phases %standard-phases
- ;; Remove record shapes to workaround graphviz 2.40.1 problems.
- ;; http://www.graphviz.org/content/i-havent-been-able-render-these-files-graphviz-226
- ;; This will likely be fixed upstream in the next release.
- ;; https://lists.freedesktop.org/archives/wayland-devel/2017-June/034218.html
- (add-before 'build 'fix-graphviz
- (lambda _
- (substitute* "doc/doxygen/dot/x-architecture.gv"
- (("Mrecord") "none"))
- #t)))))
+ `(#:parallel-tests? #f))
(native-inputs
`(("doxygen" ,doxygen)
("graphviz" ,graphviz)
(define-public wayland-protocols
(package
(name "wayland-protocols")
- (version "1.9")
+ (version "1.12")
(source (origin
(method url-fetch)
(uri (string-append
"wayland-protocols-" version ".tar.xz"))
(sha256
(base32
- "0xag2yci0l13brmq2k12vdv0wlnb2j0rxk2cnp170fya63g74sv6"))))
+ "1cn8ny4zr9xlcdh8qi1qnkmvia8cp4ixnsbhd9sp9571w6lyh69v"))))
(build-system gnu-build-system)
(inputs
`(("wayland" ,wayland)))
#:use-module (gnu packages gnuzilla)
#:use-module (gnu packages icu4c)
#:use-module (gnu packages networking)
+ #:use-module (gnu packages vulkan)
#:use-module (gnu packages web)
#:use-module (guix build-system gnu)
#:use-module (guix build-system haskell)
#:phases
(modify-phases %standard-phases
(replace 'configure
- (lambda* (#:key outputs #:allow-other-keys)
+ (lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
- (etc (string-append out "/etc")))
+ (etc (string-append out "/etc"))
+ (vulkan (assoc-ref inputs "vulkan-icd-loader")))
+ ;; Hard-code the path to libvulkan.so.
+ (substitute* "gfx/common/vulkan_common.c"
+ (("libvulkan.so") (string-append vulkan "/lib/libvulkan.so")))
(substitute* "qb/qb.libs.sh"
(("/bin/true") (which "true")))
;; The configure script does not yet accept the extra arguments
("python" ,python)
("sdl" ,sdl2)
("udev" ,eudev)
+ ("vulkan-icd-loader" ,vulkan-icd-loader)
("wayland", wayland)
("zlib" ,zlib)))
(native-inputs
(build-system cmake-build-system)
(arguments
`(#:tests? #f ;; no tests available
- #:configure-flags
- (list (string-append "-DCMAKE_INSTALL_LIBDIR="
- (assoc-ref %outputs "out") "/lib"))
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'fix-usr-share-paths
`(#:tests? #f ;no "test" target
#:configure-flags
(list "-DUSE_LZMA=OFF" ;do not use bundled LZMA
- "-DUSE_LIBZIP=OFF" ;use "zlib" instead
- ;; Validate RUNPATH phase fails ("error: depends on
- ;; 'libmgba.so.0.6', which cannot be found in RUNPATH") without
- ;; the following S-exp.
- (string-append "-DCMAKE_INSTALL_LIBDIR="
- (assoc-ref %outputs "out")
- "/lib"))))
+ "-DUSE_LIBZIP=OFF"))) ;use "zlib" instead
(native-inputs `(("pkg-config" ,pkg-config)))
(inputs `(("ffmpeg" ,ffmpeg)
("imagemagick" ,imagemagick)
"--with-mode=thumb"
"--with-fpu=neon"))
+ ((and (string-suffix? "-gnu" target)
+ (not (string-contains target "-linux")))
+ ;; Cross-compilation of libcilkrts in GCC 5.5.0 to GNU/Hurd fails
+ ;; with:
+ ;; libcilkrts/runtime/os-unix.c:388:2: error: #error "Unknown architecture"
+ ;; Cilk has been removed from GCC 8 anyway.
+ '("--disable-libcilkrts"))
+
(else
;; TODO: Add `arm.*-gnueabi', etc.
'())))
(map (lambda (var tool)
(string-append (string-append var "_FOR_TARGET")
"=" target "-" tool))
- '("CC" "CXX" "LD" "AR" "NM" "RANLIB" "STRIP")
- '("gcc" "g++" "ld" "ar" "nm" "ranlib" "strip"))
+ '("CC" "CXX" "LD" "AR" "NM" "OBJDUMP" "RANLIB" "STRIP")
+ '("gcc" "g++" "ld" "ar" "nm" "objdump" "ranlib" "strip"))
'()))))
(libdir
(let ((base '(or (assoc-ref outputs "lib")
(patches (search-patches "gcc-4-compile-with-gcc-5.patch"))
(sha256
(base32
- "10k2k71kxgay283ylbbhhs51cl55zn2q38vj5pk4k950qdnirrlj"))))
+ "10k2k71kxgay283ylbbhhs51cl55zn2q38vj5pk4k950qdnirrlj"))
+ (patches (search-patches "gcc-fix-texi2pod.patch"))))
(build-system gnu-build-system)
;; Separate out the run-time support libraries because all the
;; GCC < 5 is one of the few packages that doesn't ship .info files.
;; Newer texinfos fail to build the manual, so we use an older one.
- (native-inputs `(("texinfo" ,texinfo-5)))
+ (native-inputs `(("perl" ,perl) ;for manpages
+ ("texinfo" ,texinfo-5)))
(arguments
`(#:out-of-source? #t
(sha256
(base32
"08yggr18v373a1ihj0rg2vd6psnic42b518xcgp3r9k81xz1xyr2"))
- (patches (search-patches "gcc-arm-link-spec-fix.patch"))))
+ (patches (search-patches "gcc-arm-link-spec-fix.patch"
+ "gcc-fix-texi2pod.patch"))))
(supported-systems %supported-systems)
(inputs
`(("isl" ,isl-0.11)
(base32
"14l06m7nvcvb0igkbip58x59w3nq6315k6jcz3wr9ch1rn9d44bc"))
(patches (search-patches "gcc-arm-bug-71399.patch"
- "gcc-libvtv-runpath.patch"))))
- (native-inputs `(("texinfo" ,texinfo)))))
+ "gcc-libvtv-runpath.patch"
+ "gcc-fix-texi2pod.patch"))))
+ ;; Override inherited texinfo-5 with latest version.
+ (native-inputs `(("perl" ,perl) ;for manpages
+ ("texinfo" ,texinfo)))))
(define-public gcc-5
;; Note: GCC >= 5 ships with .info files but 'make install' fails to install
;; them in a VPATH build.
(package (inherit gcc-4.9)
- (version "5.4.0")
+ (version "5.5.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gcc/gcc-"
- version "/gcc-" version ".tar.bz2"))
+ version "/gcc-" version ".tar.xz"))
(sha256
(base32
- "0fihlcy5hnksdxk0sn6bvgnyq8gfrgs8m794b1jxwd1dxinzg3b0"))
+ "11zd1hgzkli3b2v70qsm2hyqppngd4616qc96lmm9zl2kl9yl32k"))
(patches (search-patches "gcc-arm-bug-71399.patch"
"gcc-strmov-store-file-names.patch"
- "gcc-asan-powerpc-missing-include.patch"
"gcc-5.0-libvtv-runpath.patch"
"gcc-5-source-date-epoch-1.patch"
- "gcc-5-source-date-epoch-2.patch"))))))
- ;; TODO: gcc-5 doesn't need cloog.
- ;;(inputs
- ;; `(("isl" ,isl)
- ;; ,@(package-inputs gcc-4.7)))))
+ "gcc-5-source-date-epoch-2.patch"
+ "gcc-fix-texi2pod.patch"))
+ (modules '((guix build utils)))
+ (snippet
+ ;; Fix 'libcc1/configure' error when cross-compiling GCC.
+ ;; Without that, 'libcc1/configure' wrongfully determines that
+ ;; '-rdynamic' support is missing because $gcc_cv_objdump is
+ ;; empty:
+ ;;
+ ;; https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67590
+ ;; http://cgit.openembedded.org/openembedded-core/commit/?id=f6e47aa9b12f9ab61530c40e0343f451699d9077
+ '(substitute* "libcc1/configure"
+ (("\\$gcc_cv_objdump -T")
+ "$OBJDUMP_FOR_TARGET -T")))))
+ (inputs
+ `(("isl" ,isl)
+ ,@(package-inputs gcc-4.7)))))
(define-public gcc-6
(package
;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
;;;
;;; This file is part of GNU Guix.
;;;
(sha256
(base32
"0hsw28f9q9xaggjlsdp2qmbp2rbd1mp0njzan2ld9kiqwkq2m57z"))
- ;; test-lock has performance issues on multi-core machines,
- ;; it hangs or takes a long time to complete.
- ;; There is one commit in gettext and one commit
- ;; in gettext's embedded gnulib to fix this issue.
- (patches (search-patches "gettext-multi-core.patch"
- "gettext-gnulib-multi-core.patch"))))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; The gnulib test-lock test is prone to writer starvation
+ ;; with our glibc@2.25, which prefers readers, so disable it.
+ ;; The gnulib commit b20e8afb0b2 should fix this once
+ ;; incorporated here.
+ (substitute* "gettext-runtime/tests/Makefile.in"
+ (("TESTS = test-lock\\$\\(EXEEXT\\)") "TESTS ="))
+ (substitute* "gettext-tools/gnulib-tests/Makefile.in"
+ (("test-lock\\$\\(EXEEXT\\) ") ""))
+ #t))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;8 MiB of HTML
(arguments
`(#:tests? #f ; none provided
#:phases
- (alist-replace
- 'configure
- (lambda* (#:key inputs outputs #:allow-other-keys #:rest args)
- (let ((perl (assoc-ref inputs "perl"))
- (out (assoc-ref outputs "out")))
- (copy-file "Makefile.unix" "Makefile")
- (substitute* "Makefile"
- (("/usr/local/bin/perl") (string-append perl "/bin/perl")))
- (substitute* "Makefile"
- (("/usr/local") out))
- ;; for the install phase
- (substitute* "Makefile"
- (("-mkdir") "mkdir -p"))
- ;; drop installation of non-free files
- (substitute* "Makefile"
- ((" install.include") ""))))
- %standard-phases)))
+ (modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key inputs outputs #:allow-other-keys #:rest args)
+ (let ((perl (assoc-ref inputs "perl"))
+ (out (assoc-ref outputs "out")))
+ (copy-file "Makefile.unix" "Makefile")
+ (substitute* "Makefile"
+ (("/usr/local/bin/perl") (string-append perl "/bin/perl")))
+ (substitute* "Makefile"
+ (("/usr/local") out))
+ ;; for the install phase
+ (substitute* "Makefile"
+ (("-mkdir") "mkdir -p"))
+ ;; drop installation of non-free files
+ (substitute* "Makefile"
+ ((" install.include") "")))
+ #t)))))
(synopsis "Collection of utilities for manipulating PostScript documents")
(description
"PSUtils is a collection of utilities for manipulating PostScript
(define-public ghostscript
(package
(name "ghostscript")
- (replacement ghostscript-9.22)
- (version "9.21")
+ (version "9.22")
(source
(origin
(method url-fetch)
"/ghostscript-" version ".tar.xz"))
(sha256
(base32
- "0lyhjcrkmd5fcmh8h56bs4xr9k4jasmikv5vsix1hd4ai0ad1q9b"))
+ "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61"))
(patches (search-patches "ghostscript-runpath.patch"
- "ghostscript-CVE-2017-8291.patch"
"ghostscript-no-header-creationdate.patch"
"ghostscript-no-header-id.patch"
"ghostscript-no-header-uuid.patch"))
(home-page "https://www.ghostscript.com/")
(license license:agpl3+)))
-(define ghostscript-9.22
- (package
- (inherit ghostscript)
- (version "9.22")
- (source
- (origin
- (inherit (package-source ghostscript))
- (uri (string-append "https://github.com/ArtifexSoftware/"
- "ghostpdl-downloads/releases/download/gs"
- (string-delete #\. version)
- "/ghostscript-" version ".tar.xz"))
- (sha256
- (base32
- "1fyi4yvdj39bjgs10klr31cda1fbx1ar7a7b7yz7v68gykk65y61"))
- (patches (search-patches "ghostscript-runpath.patch"
- "ghostscript-no-header-creationdate.patch"
- "ghostscript-no-header-id.patch"
- "ghostscript-no-header-uuid.patch"))))))
-
(define-public ghostscript/x
(package/inherit ghostscript
(name (string-append (package-name ghostscript) "-with-x"))
(inputs `(("libx11" ,libx11)
("mesa" ,mesa)
("glu" ,glu)))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
(home-page "http://ftgl.sourceforge.net")
(synopsis "Font rendering library for OpenGL applications")
(description
(define-public mesa
(package
(name "mesa")
- (version "17.2.1")
+ (version "17.3.1")
(source
(origin
(method url-fetch)
version "/mesa-" version ".tar.xz")))
(sha256
(base32
- "07msr6xismw2jq87irwhz7vygvzj6hi38d71paij9zvwh8bmsf3p"))
+ "1h94m2nkxa1y4n415d5idk2x2lkgbvjcikv6r2r6yn4ak7h0grls"))
(patches
(search-patches "mesa-wayland-egl-symbols-check-mips.patch"
"mesa-skip-disk-cache-test.patch"))))
`()))
("makedepend" ,makedepend)
("presentproto" ,presentproto)
- ("s2tc" ,s2tc)
("wayland" ,wayland)
("wayland-protocols" ,wayland-protocols)))
(native-inputs
`(("pkg-config" ,pkg-config)
("python" ,python-2)
+ ("python2-mako" ,python2-mako)
("which" ,(@ (gnu packages base) which))))
(arguments
`(#:configure-flags
'("--with-gallium-drivers=freedreno,nouveau,r300,r600,swrast,vc4,virgl"))
("aarch64-linux"
;; TODO: Fix svga driver for aarch64 and armhf.
- '("--with-gallium-drivers=freedreno,nouveau,r300,r600,swrast,vc4,virgl"))
+ '("--with-gallium-drivers=freedreno,nouveau,pl111,r300,r600,swrast,vc4,virgl"))
(_
- '("--with-gallium-drivers=i915,nouveau,r300,r600,svga,swrast,virgl")))
+ '("--with-gallium-drivers=i915,nouveau,r300,r600,radeonsi,svga,swrast,virgl")))
;; Enable various optional features. TODO: opencl requires libclc,
;; omx requires libomxil-bellagio
"--with-platforms=x11,drm,wayland,surfaceless"
;; are stuck at OpenGL 2.1 instead of OpenGL 3.0+.
"--enable-texture-float"
+ ;; Enable Vulkan on i686-linux and x86-64-linux.
+ ,@(match (%current-system)
+ ("x86_64-linux"
+ '("--with-vulkan-drivers=intel,radeon"))
+ ;; TODO: Fix intel driver on i686-linux.
+ ("i686-linux"
+ '("--with-vulkan-drivers=radeon"))
+ (_
+ '("")))
+
;; Also enable the tests.
"--enable-gallium-tests"
"--enable-llvm")) ; default is x86/x86_64 only
(_
'("--with-dri-drivers=nouveau,r200,radeon,swrast"))))
+ #:modules ((ice-9 match)
+ (srfi srfi-1)
+ (guix build utils)
+ (guix build gnu-build-system))
#:phases
(modify-phases %standard-phases
(add-after
;; egl_gallium support.
(("\"gbm_dri\\.so")
(string-append "\"" out "/lib/dri/gbm_dri.so")))
+ #t)))
+ (add-after 'install 'symlinks-instead-of-hard-links
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; All the drivers and gallium targets create hard links upon
+ ;; installation (search for "hardlink each megadriver instance"
+ ;; in the makefiles). This is no good for us since we'd produce
+ ;; nars that contain several copies of these files. Thus, turn
+ ;; them into symlinks, which saves ~124 MiB.
+ (let* ((out (assoc-ref outputs "out"))
+ (lib (string-append out "/lib"))
+ (files (find-files lib
+ (lambda (file stat)
+ (and (string-contains file ".so")
+ (eq? 'regular
+ (stat:type stat))))))
+ (inodes (map (compose stat:ino stat) files)))
+ (for-each (lambda (inode)
+ (match (filter-map (match-lambda
+ ((file ino)
+ (and (= ino inode) file)))
+ (zip files inodes))
+ ((_)
+ #f)
+ ((reference others ..1)
+ (format #t "creating ~a symlinks to '~a'~%"
+ (length others) reference)
+ (for-each delete-file others)
+ (for-each (lambda (file)
+ (if (string=? (dirname file)
+ (dirname reference))
+ (symlink (basename reference)
+ file)
+ (symlink reference file)))
+ others))))
+ (delete-duplicates inodes))
#t))))))
(home-page "https://mesa3d.org/")
- (synopsis "OpenGL implementation")
- (description "Mesa is a free implementation of the OpenGL specification -
-a system for rendering interactive 3D graphics. A variety of device drivers
-allows Mesa to be used in many different environments ranging from software
-emulation to complete hardware acceleration for modern GPUs.")
+ (synopsis "OpenGL and Vulkan implementations")
+ (description "Mesa is a free implementation of the OpenGL and Vulkan
+specifications - systems for rendering interactive 3D graphics. A variety of
+device drivers allows Mesa to be used in many different environments ranging
+from software emulation to complete hardware acceleration for modern GPUs.")
(license license:x11)))
(define-public mesa-headers
"0rnid3hwrry9d5d4m7sygq00xxx976rgk00a3557m9r5kxbmy476"))))
(arguments
`(#:tests? #f ;; no tests are available
- #:configure-flags (list "-DVGL_USESSL=1" ;; use OpenSSL
- (string-append "-DCMAKE_INSTALL_LIBDIR="
- (assoc-ref %outputs "out") "/lib"))))
+ #:configure-flags (list "-DVGL_USESSL=1"))) ;; use OpenSSL
(build-system cmake-build-system)
(inputs `(("glu" ,glu)
("libjpeg-turbo" ,libjpeg-turbo)
(define dbus
(package
(name "dbus")
- (version "1.10.22")
+ (version "1.12.2")
(source (origin
(method url-fetch)
(uri (string-append
version ".tar.gz"))
(sha256
(base32
- "15vv9gz5i4f5l7h0d045qz5iyvl89hjk2k83lb4vbizd7qg41cg2"))
+ "121xm3cy48vbv6nv522lfkk4zyiqc1g6v4lb3344gc3h2w4vaar7"))
(patches (search-patches "dbus-helper-search-path.patch"))))
(build-system gnu-build-system)
(arguments
(define glib
(package
(name "glib")
- (version "2.52.3")
+ (version "2.54.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/"
name "-" version ".tar.xz"))
(sha256
(base32
- "0a71wkkhkvad84gm30w13micxxgqqw3sxhybj7nd9z60lwspdvi5"))
- (patches (search-patches "glib-tests-timer.patch"))))
+ "0v4ffl172kbqgxrhgxyafhpw36bq3iklb2zjqyl6jcfkmb2yb2dv"))
+ (patches (search-patches "glib-respect-datadir.patch"
+ "glib-tests-timer.patch"))))
(build-system gnu-build-system)
(outputs '("out" ; everything
"bin" ; glib-mkenums, gtester, etc.; depends on Python
("python" ,python-wrapper)
("perl" ,perl) ; needed by GIO tests
("bash" ,bash)
- ("tzdata" ,tzdata-2017a))) ; for tests/gdatetime.c
+ ("tzdata" ,tzdata-for-tests))) ; for tests/gdatetime.c
(arguments
- `(#:disallowed-references (,tzdata-2017a)
+ `(#:disallowed-references (,tzdata-for-tests)
#:phases
(modify-phases %standard-phases
(add-before 'build 'pre-build
("gio/tests/gdbus-unix-addresses.c"
(;; Requires /etc/machine-id.
- "/gdbus/x11-autolaunch"))
-
- ("glib/tests/gdatetime.c"
- (;; Assumes that the Brasilian time zone is named 'BRT',
- ;; which is no longer true as of tzdata-2017a.
- "/GDateTime/new_full")))))
+ "/gdbus/x11-autolaunch")))))
(and-map (lambda (x) (apply disable x)) failing-tests)))))
;; Note: `--docdir' and `--htmldir' are not honored, so work around it.
and interfaces for such runtime functionality as an event loop, threads,
dynamic loading, and an object system.")
(home-page "https://developer.gnome.org/glib/")
- (license license:lgpl2.0+))) ; some files are under lgpl2.1+
+ (license license:lgpl2.1+)))
(define gobject-introspection
(package
(name "gobject-introspection")
- (version "1.52.1")
+ (version "1.54.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/"
"gobject-introspection/" (version-major+minor version)
"/gobject-introspection-" version ".tar.xz"))
(sha256
- (base32 "1x5gkyrglv3dn9b4fsgw6asqgjw1wj7qc37g9pyac6pyaa6w7l1f"))
+ (base32 "0zl7pfkzkm07733391b4f3cwjbnvb1nwvpmajf5bajh6bxgfv3dq"))
(modules '((guix build utils)))
(snippet
'(substitute* "tools/g-ir-tool-template.in"
(define-public librsvg
(package
(name "librsvg")
- (version "2.40.18")
+ (version "2.40.20")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
name "-" version ".tar.xz"))
(sha256
(base32
- "0k2nbd4g31qinkdfd8r5c5ih2ixl85fbkgkqqh9747lwr24c9j5z"))))
+ "0ay9himvw1l1swcf3h1312d2iqzfl65kpbfgiyfykgvq7cydvx6g"))))
(build-system gnu-build-system)
(arguments
`(#:phases
- (alist-cons-before
- 'configure 'pre-configure
- (lambda* (#:key inputs #:allow-other-keys)
- (substitute* "gdk-pixbuf-loader/Makefile.in"
- ;; By default the gdk-pixbuf loader is installed under
- ;; gdk-pixbuf's prefix. Work around that.
- (("gdk_pixbuf_moduledir = .*$")
- (string-append "gdk_pixbuf_moduledir = "
- "$(prefix)/lib/gdk-pixbuf-2.0/2.10.0/"
- "loaders\n"))
- ;; Drop the 'loaders.cache' file, it's in gdk-pixbuf+svg.
- (("gdk_pixbuf_cache_file = .*$")
- "gdk_pixbuf_cache_file = $(TMPDIR)/loaders.cache\n")))
- %standard-phases)))
+ (modify-phases %standard-phases
+ (add-before 'configure 'pre-configure
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "gdk-pixbuf-loader/Makefile.in"
+ ;; By default the gdk-pixbuf loader is installed under
+ ;; gdk-pixbuf's prefix. Work around that.
+ (("gdk_pixbuf_moduledir = .*$")
+ (string-append "gdk_pixbuf_moduledir = "
+ "$(prefix)/lib/gdk-pixbuf-2.0/2.10.0/"
+ "loaders\n"))
+ ;; Drop the 'loaders.cache' file, it's in gdk-pixbuf+svg.
+ (("gdk_pixbuf_cache_file = .*$")
+ "gdk_pixbuf_cache_file = $(TMPDIR)/loaders.cache\n"))
+ #t))
+ (add-after 'unpack 'remove-failing-test
+ ;; This test fails on aarch64.
+ (lambda _
+ (delete-file "tests/fixtures/reftests/bugs/777834-empty-text-children.svg")
+ (delete-file "tests/fixtures/reftests/bugs/777834-empty-text-children-ref.png")
+ #t)))))
(native-inputs
`(("pkg-config" ,pkg-config)
("glib" ,glib "bin") ; glib-mkenums, etc.
(define-public libgcrypt
(package
- (replacement libgcrypt/fixed)
(name "libgcrypt")
- (version "1.7.8")
+ (version "1.8.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
version ".tar.bz2"))
(sha256
(base32
- "16f1rsv4y4w2pk1il2jbcqggsb6mrlfva5vayd205fp68zm7d0ll"))))
+ "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libgpg-error-host" ,libgpg-error)))
(properties '((ftp-server . "ftp.gnupg.org")
(ftp-directory . "/gcrypt/libgcrypt")))))
-(define libgcrypt/fixed
- (package
- (inherit libgcrypt)
- (version "1.8.1")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
- version ".tar.bz2"))
- (sha256
- (base32
- "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s"))))))
-
(define-public libassuan
(package
(name "libassuan")
(define-public nss
(package
(name "nss")
- (version "3.34")
+ (version "3.34.1")
(source (origin
(method url-fetch)
(uri (let ((version-with-underscores
"nss-" version ".tar.gz")))
(sha256
(base32
- "1x9acn47iva9j42kxfamgvn99lrnqv47fgn3rz3j6c1ph50rai8d"))
+ "186x33wsk4mzjz7dzbn8p0py9a0nzkgzpfkdv4rlyy5gghv5vhd3"))
;; Create nss.pc and nss-config.
(patches (search-patches "nss-pkgconfig.patch"
"nss-increase-test-timeout.patch"))))
(define-module (gnu packages groff)
#:use-module (guix licenses)
#:use-module (guix packages)
+ #:use-module (guix utils)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
("perl" ,perl)
("psutils" ,psutils)
("texinfo" ,texinfo)))
- (arguments '(#:parallel-build? #f)) ; parallel build fails
+ (arguments
+ `(#:parallel-build? #f ; parallel build fails
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'setenv
+ (lambda _
+ (setenv "GS_GENERATE_UUIDS" "0")
+ #t)))))
(synopsis "Typesetting from plain text mixed with formatting commands")
(description
"Groff is a typesetting package that reads plain text and produces
#:configure-flags '("--docdir=/tmp/trash/doc")
- #:phases (modify-phases %standard-phases
- (add-after 'install 'remove-non-essential-programs
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Keep only the programs that man-db needs at run time,
- ;; and make sure we don't pull in Perl.
- (let ((out (assoc-ref outputs "out"))
- (kept '("eqn" "neqn" "pic" "tbl" "refer"
- "nroff" "groff" "troff" "grotty")))
- (for-each (lambda (file)
- (unless (member (basename file) kept)
- (delete-file file)))
- (find-files (string-append out "/bin")))
+ ,@(substitute-keyword-arguments (package-arguments groff)
+ ((#:phases phases)
+ `(modify-phases ,phases
+ (add-after 'install 'remove-non-essential-programs
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Keep only the programs that man-db needs at run time,
+ ;; and make sure we don't pull in Perl.
+ (let ((out (assoc-ref outputs "out"))
+ (kept '("eqn" "neqn" "pic" "tbl" "refer"
+ "nroff" "groff" "troff" "grotty")))
+ (for-each (lambda (file)
+ (unless (member (basename file) kept)
+ (delete-file file)))
+ (find-files (string-append out "/bin")))
- ;; Remove a bunch of unneeded Perl scripts.
- (for-each delete-file (find-files out "\\.pl$"))
- (for-each delete-file
- (find-files out "BuildFoundries"))
+ ;; Remove a bunch of unneeded Perl scripts.
+ (for-each delete-file (find-files out "\\.pl$"))
+ (for-each delete-file
+ (find-files out "BuildFoundries"))
- ;; Remove ~3 MiB from share/groff/X.Y/font/devBACKEND
- ;; corresponding to the unused backends.
- (for-each delete-file-recursively
- (find-files out "^dev(dvi|ps|pdf|html|lj4)$"
- #:directories? #t))
- #t))))
-
- ,@(package-arguments groff)))))
+ ;; Remove ~3 MiB from share/groff/X.Y/font/devBACKEND
+ ;; corresponding to the unused backends.
+ (for-each delete-file-recursively
+ (find-files out "^dev(dvi|ps|pdf|html|lj4)$"
+ #:directories? #t))
+ #t))))))))))
;; There are no releases, so we take the latest commit.
(define-public roffit
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
;;;
;;; This file is part of GNU Guix.
;;;
(uri (string-append "mirror://gnu/gsasl/gsasl-" version
".tar.gz"))
(sha256 (base32
- "1rci64cxvcfr8xcjpqc4inpfq7aw4snnsbf5xz7d30nhvv8n40ii"))))
+ "1rci64cxvcfr8xcjpqc4inpfq7aw4snnsbf5xz7d30nhvv8n40ii"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; The gnulib test-lock test is prone to writer starvation
+ ;; with our glibc@2.25, which prefers readers, so disable it.
+ ;; The gnulib commit b20e8afb0b2 should fix this once
+ ;; incorporated here.
+ (substitute* "tests/Makefile.in"
+ (("test-lock\\$\\(EXEEXT\\) ") ""))
+ #t))))
(build-system gnu-build-system)
(inputs `(("libidn" ,libidn)
("libntlm" ,libntlm)
;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
;;; Coypright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Fabian Harfert <fhmgufs@web.de>
;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
;;; Copyright © 2016 Patrick Hetu <patrick.hetu@auf.org>
(define-public atk
(package
(name "atk")
- (version "2.24.0")
+ (version "2.26.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
name "-" version ".tar.xz"))
(sha256
(base32
- "0jbs90vacl95mwgvmqsizi1bwx5sw0rz70r9knksfwwch2dalbdv"))))
+ "1jwpx8az0iifw176dc2hl4mmg6gvxzxdkd1qvg4ds7c5hdmzy07g"))))
(build-system gnu-build-system)
(outputs '("out" "doc"))
(arguments
(define-public harfbuzz
(package
(name "harfbuzz")
- (version "1.5.1")
+ (version "1.7.3")
(source (origin
(method url-fetch)
(uri (string-append "https://www.freedesktop.org/software/"
version ".tar.bz2"))
(sha256
(base32
- "0lbwzif7ndvx1iqzp7wxv6j3ilal6di2vj33cy3bha97mpyqv0sn"))))
+ "1zh5n3q3mb6y6kr5m7zz1ags9z1vjwai57d6warx8qhzfrwn8lyd"))))
(build-system gnu-build-system)
(outputs '("out"
"bin")) ; 160K, only hb-view depend on cairo
(define-public pango
(package
(name "pango")
- (version "1.40.12")
+ (version "1.40.14")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/pango/"
name "-" version ".tar.xz"))
(sha256
(base32
- "1z0w2vrx3qh3aryfkbfijkcxxr3yjbxc2l4b0yy8rcp2wjlakwbm"))))
+ "1qqpd8x1pl483ynj3mc5q4n8y2pxqhg2bv19vd94r7mzlzm1pbwh"))))
(build-system gnu-build-system)
(propagated-inputs
`(("cairo" ,cairo)
(define-public gdk-pixbuf
(package
(name "gdk-pixbuf")
- (version "2.36.10")
+ (version "2.36.11")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
name "-" version ".tar.xz"))
(sha256
(base32
- "1klsjkdbashd8yb8xjsc9ff3bz32n2id5s79nrrmqiw9df4zmxpq"))))
+ "1wz2vpciwdpdv612s8kbww08q80hgcs5dxrfsxp1a4q44n3snqmf"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--with-x11")
(define-public at-spi2-core
(package
(name "at-spi2-core")
- (version "2.24.1")
+ (version "2.26.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
name "-" version ".tar.xz"))
(sha256
(base32
- "0nwvjmd30rgq6d1zznavx0bdfa1xwv3jl8wnkbkwzaipp5jd140y"))))
+ "0596ghkamkxgv08r4a1pdhm06qd5zzgcfqsv64038w9xbvghq3n8"))))
(build-system gnu-build-system)
(outputs '("out" "doc"))
(arguments
(define-public at-spi2-atk
(package
(name "at-spi2-atk")
- (version "2.24.1")
+ (version "2.26.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
name "-" version ".tar.xz"))
(sha256
(base32
- "0zcmsq7g4jg5dpmfzkyfpa0v6hx4119c4qwkdblzzf3l9yn91p30"))))
+ "0x9vc99ni46fg5dzlx67vbw0zqffr24gz8jvbdxbmzyvc5xw5w5l"))))
(build-system gnu-build-system)
(arguments
'(#:phases
"0n26jm09n03nqbd00d2ij63xrby3vik56sk5yj6w1vy768kr5hb8"))
(patches (search-patches "gtk2-respect-GUIX_GTK2_PATH.patch"
"gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch"
- "gtk2-theme-paths.patch"))))
+ "gtk2-theme-paths.patch"
+ "gtk2-fix-failing-test.patch"))))
(build-system gnu-build-system)
(outputs '("out" "doc"))
(propagated-inputs
(name "gtk+")
;; NOTE: When updating the version of 'gtk+', the hash of 'mate-themes' in
;; mate.scm will also need to be updated.
- (version "3.22.21")
+ (version "3.22.26")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
name "-" version ".tar.xz"))
(sha256
(base32
- "11vb1shgr4rlayfk0b858gz986jsn2mpjlxvr89b2kgvbjlc3lqv"))
+ "0rxrsh6bcp13hihxxs8f0m9xwniby4lmfi7y5mp9fhg5439z1vk1"))
(patches (search-patches "gtk3-respect-GUIX_GTK3_PATH.patch"
"gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch"))))
(outputs '("out" "bin" "doc"))
;; by gnome-control-center
"--enable-wayland-backend"
;; This is necessary to build both backends.
- "--enable-x11-backend")
+ "--enable-x11-backend"
+ ;; This enables the HTML5 websocket backend.
+ "--enable-broadway-backend")
#:phases (modify-phases %standard-phases
(add-before 'configure 'pre-configure
(lambda _
(build-system gnu-build-system)
(native-inputs `(("pkgconfig" ,pkg-config)))
(inputs `(("libffi" ,libffi)
- ("readline" ,readline)
,@(libiconv-if-needed)
;; We need Bash when cross-compiling because some of the scripts
(define-public guile-2.2
(package (inherit guile-2.0)
(name "guile")
- (version "2.2.2") ;TODO: Update to 2.2.3 (see below).
+ (version "2.2.3")
(source (origin
(method url-fetch)
".tar.xz"))
(sha256
(base32
- "1azm25zcmxif0skxfrp11d2wc89nrzpjaann9yxdw6pvjxhs948w"))
+ "11j01agvnci2cx32wwpqs9078856yxmvs15gcsz7ganpkj2ahlw3"))
(modules '((guix build utils)))
;; Remove the pre-built object files. Instead, build everything
(search-path-specification
(variable "GUILE_LOAD_COMPILED_PATH")
(files '("lib/guile/2.2/site-ccache"
- "share/guile/site/2.2")))))))
+ "share/guile/site/2.2")))))
-(define-public guile-2.2.3
- ;; TODO: Make it the new 'guile-2.2' on the next rebuild cycle.
- (package
- (inherit guile-2.2)
- (version "2.2.3")
- (source (origin (inherit (package-source guile-2.2))
- (uri (list (string-append "mirror://gnu/guile/guile-"
- version ".tar.xz")
- (string-append
- "https://wingolog.org/priv/guile-"
- version ".tar.xz")))
- (sha256
- (base32
- "11j01agvnci2cx32wwpqs9078856yxmvs15gcsz7ganpkj2ahlw3"))))))
+ (arguments
+ (if (%current-target-system)
+ (substitute-keyword-arguments (package-arguments guile-2.0)
+ ((#:phases phases '%standard-phases)
+ `(modify-phases ,phases
+ (add-after 'unpack 'sacrifice-elisp-support
+ (lambda _
+ ;; Cross-compiling language/elisp/boot.el fails, so
+ ;; sacrifice it. See
+ ;; <https://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.2&id=988aa29238fca862c7e2cb55f15762a69b4c16ce>
+ ;; for the upstream fix.
+ (substitute* "module/Makefile.in"
+ (("language/elisp/boot\\.el")
+ "\n"))
+ #t)))))
+ (package-arguments guile-2.0)))))
(define-public guile-2.2/fixed
;; A package of Guile 2.2 that's rarely changed. It is the one used
(define-public guile-next
(deprecated-package "guile-next" guile-2.2))
+(define (make-guile-readline guile)
+ (package
+ (name "guile-readline")
+ (version (package-version guile))
+ (source (package-source guile))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:configure-flags '("--disable-silent-rules")
+ #:phases (modify-phases %standard-phases
+ (add-before 'build 'chdir
+ (lambda* (#:key outputs #:allow-other-keys)
+ (invoke "make" "-C" "libguile" "scmconfig.h")
+ (invoke "make" "-C" "lib")
+ (chdir "guile-readline")
+
+ (substitute* "Makefile"
+ (("../libguile/libguile-[[:graph:]]+\\.la")
+ ;; Remove dependency on libguile-X.Y.la.
+ "")
+ (("^READLINE_LIBS = (.*)$" _ libs)
+ ;; Link against the provided libguile.
+ (string-append "READLINE_LIBS = "
+ "-lguile-$(GUILE_EFFECTIVE_VERSION) "
+ libs "\n"))
+ (("\\$\\(top_builddir\\)/meta/build-env")
+ ;; Use the provided Guile, not the one from
+ ;; $(builddir).
+ "")
+
+ ;; Install modules to the 'site' directories.
+ (("^moddir = .*$")
+ "moddir = $(pkgdatadir)/site/$(GUILE_EFFECTIVE_VERSION)\n")
+ (("^ccachedir = .*$")
+ "ccachedir = $(pkglibdir)/$(GUILE_EFFECTIVE_VERSION)/site-ccache\n"))
+
+ ;; Load 'guile-readline.so' from the right place.
+ (substitute* "ice-9/readline.scm"
+ (("load-extension \"guile-readline\"")
+ (format #f "load-extension \
+ (string-append ~s \"/lib/guile/\" (effective-version) \"/extensions/guile-readline\")"
+ (assoc-ref outputs "out"))))
+ #t)))))
+ (home-page (package-home-page guile))
+ (native-inputs (package-native-inputs guile))
+ (inputs
+ `(,@(package-inputs guile) ;to placate 'configure'
+ ,@(package-propagated-inputs guile)
+ ("guile" ,guile)
+ ("readline" ,readline)))
+ (synopsis "Line editing support for GNU Guile")
+ (description
+ "This module provides line editing support via the Readline library for
+GNU@tie{}Guile. Use the @code{(ice-9 readline)} module and call its
+@code{activate-readline} procedure to enable it.")
+ (license license:gpl3+)))
+
+(define-public guile-readline
+ (make-guile-readline guile-2.2))
+
(define (guile-variant-package-name prefix)
(lambda (name)
"Return NAME with PREFIX instead of \"guile-\", when applicable."
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;;
(define-public icu4c
(package
(name "icu4c")
- (replacement icu4c-fixed)
- (version "58.2")
+ (version "60.2")
(source (origin
(method url-fetch)
(uri (string-append
"/icu4c-"
(string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
"-src.tgz"))
- (patches
- (search-patches "icu4c-CVE-2017-7867-CVE-2017-7868.patch"
- "icu4c-reset-keyword-list-iterator.patch"))
(sha256
- (base32 "036shcb3f8bm1lynhlsb4kpjm9s9c2vdiir01vg216rs2l8482ib"))))
+ (base32 "065l3n0q9wqaw8dz20x82srshhm6i987fr9ync5xf9mr6n7ylwzh"))))
(build-system gnu-build-system)
(inputs
`(("perl" ,perl)))
(license x11)
(home-page "http://site.icu-project.org/")))
-(define icu4c-fixed
- (package
- (inherit icu4c)
- (source (origin
- (inherit (package-source icu4c))
- (patches (append
- (origin-patches (package-source icu4c))
- (search-patches "icu4c-CVE-2017-14952.patch")))))))
-
(define-public java-icu4j
(package
(name "java-icu4j")
(arguments
`(#:configure-flags
(list "-DMIA_CREATE_NIPYPE_INTERFACES=0"
- (string-append "-DCMAKE_INSTALL_LIBDIR="
- (assoc-ref %outputs "out") "/lib")
"-DCMAKE_CXX_FLAGS=-fpermissive")))
(inputs
`(("boost" ,boost)
(native-search-paths
;; Feh allows overriding the libcurl builtin CA path (unset in Guix)
;; with the same variable as the `curl` command line HTTP tool.
- (list (search-path-specification
- (variable "CURL_CA_BUNDLE")
- (file-type 'regular)
- (separator #f) ;single entry
- (files '("etc/ssl/certs/ca-certificates.crt")))))
+ (package-native-search-paths curl))
(synopsis "Fast and light imlib2-based image viewer")
(description
"feh is an X11 image viewer aimed mostly at console users.
(define-public libpng
(package
(name "libpng")
- (version "1.6.29")
+ (version "1.6.34")
(source (origin
(method url-fetch)
(uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
"/libpng16/libpng-" version ".tar.xz")))
(sha256
(base32
- "0fgjqp7x6jynacmqh6dj72cn6nnf6yxjfqqqfsxrx0pyx22bcia2"))))
+ "1xjr0v34fyjgnhvaa1zixcpx5yvxcg4zwvfh0fyklfyfj86rc7ig"))))
(build-system gnu-build-system)
;; libpng.la says "-lz", so propagate it.
(define-public libtiff
(package
(name "libtiff")
- (version "4.0.8")
+ (version "4.0.9")
(source
(origin
(method url-fetch)
(uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
version ".tar.gz"))
- (patches
- (search-patches "libtiff-tiffgetfield-bugs.patch"
- "libtiff-CVE-2016-10688.patch"
- "libtiff-CVE-2017-9936.patch"
- "libtiff-tiffycbcrtorgb-integer-overflow.patch"
- "libtiff-tiffycbcrtorgbinit-integer-overflow.patch"))
(sha256
(base32
- "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))
+ "1kfg4q01r4mqn7dj63ifhi6pmqzbf4xax6ni6kkk81ri5kndwyvf"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.3 MiB of HTML documentation
(define-public jbig2dec
(package
(name "jbig2dec")
- (version "0.13")
+ (version "0.14")
(source
(origin
(method url-fetch)
(uri (string-append "http://downloads.ghostscript.com/public/" name "/"
name "-" version ".tar.gz"))
(sha256
- (base32 "04akiwab8iy5iy34razcvh9mcja9wy737civ3sbjxk4j143s1b2s"))
- (patches (search-patches "jbig2dec-ignore-testtest.patch"
- "jbig2dec-CVE-2016-9601.patch"
- "jbig2dec-CVE-2017-7885.patch"
- "jbig2dec-CVE-2017-7975.patch"
- "jbig2dec-CVE-2017-7976.patch"))))
-
+ (base32 "0k01hp0q4275fj4rbr1gy64svfraw5w7wvwl08yjhvsnpb1rid11"))
+ (patches (search-patches "jbig2dec-ignore-testtest.patch"))))
(build-system gnu-build-system)
(synopsis "Decoder of the JBIG2 image compression format")
(description
(define-public mit-krb5
(package
(name "mit-krb5")
- (replacement mit-krb5-1.15.2)
- (version "1.15.1")
+ (version "1.16")
(source (origin
(method url-fetch)
- (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
- (version-major+minor version)
- "/krb5-" version ".tar.gz"))
+ (uri (list
+ (string-append "https://web.mit.edu/kerberos/dist/krb5/"
+ (version-major+minor version)
+ "/krb5-" version ".tar.gz")
+ (string-append "https://kerberos.org/dist/krb5/"
+ (version-major+minor version)
+ "/krb5-" version ".tar.gz")))
(sha256
(base32
- "0igbi5d095c2hgpn2cixpc4q2ij8vgg2bx7yjfly5zfmvlqqhz23"))))
+ "024yjr15ij0qdnay0bcqfpclgfri0qa8iw4r5zdlryxhhdgi5szs"))))
(build-system gnu-build-system)
(native-inputs
`(("bison" ,bison)
(home-page "http://web.mit.edu/kerberos/")
(properties '((cpe-name . "kerberos")))))
-(define mit-krb5-1.15.2 ; CVE-2017-{11368,11462}
- (package
- (inherit mit-krb5)
- (version "1.15.2")
- (source (origin
- (method url-fetch)
- (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
- (version-major+minor version)
- "/krb5-" version ".tar.gz"))
- (sha256
- (base32
- "0zn8s7anb10hw3nzwjz7vg10fgmmgvwnibn2zrn3nppjxn9f6f8n"))))))
-
(define-public shishi
(package
(name "shishi")
(define-public libuv
(package
(name "libuv")
- (version "1.14.1")
+ (version "1.18.0")
(source (origin
(method url-fetch)
(uri (string-append "https://dist.libuv.org/dist/v" version
"/libuv-v" version ".tar.gz"))
(sha256
(base32
- "08kx4mzjsdv90n9pivqxqjxlxk5vaf9p33zzvx661dwfmp9468pk"))))
+ "125bzmzc32m52hd9iv8jvjlc7r3gadxgvp31a2fz2wlil16p7r2l"))))
(build-system gnu-build-system)
(arguments
- '(#:phases (alist-cons-after
- 'unpack 'autogen
- (lambda _
- ;; Fashionable people don't run 'make dist' these days, so
- ;; we need to do that ourselves.
- (zero? (system* "sh" "autogen.sh")))
- %standard-phases)
+ '(#:phases (modify-phases %standard-phases
+ (add-after 'unpack 'autogen
+ (lambda _
+ ;; Fashionable people don't run 'make dist' these days, so
+ ;; we need to do that ourselves.
+ (zero? (system* "sh" "autogen.sh")))))
;; XXX: Some tests want /dev/tty, attempt to make connections, etc.
#:tests? #f))
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
;;;
;;; This file is part of GNU Guix.
;;;
".tar.gz"))
(sha256
(base32
- "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4"))))
+ "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; The gnulib test-lock test is prone to writer starvation
+ ;; with our glibc@2.25, which prefers readers, so disable it.
+ ;; The gnulib commit b20e8afb0b2 should fix this once
+ ;; incorporated here.
+ (substitute* "lib/gltests/Makefile.in"
+ (("test-lock\\$\\(EXEEXT\\) ") ""))
+ #t))))
(build-system gnu-build-system)
;; FIXME: No Java and C# libraries are currently built.
(synopsis "Internationalized string processing library")
(define-public libidn2
(package
(name "libidn2")
- (version "2.0.2")
- (replacement libidn2-2.0.4)
+ (version "2.0.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/libidn/" name "-" version
".tar.lz"))
(sha256
(base32
- "0pqaj8d01aj4i110669fincqs10kgynyqcrmq2q7pss8v9dcd1jq"))))
+ "00f2fyw5kwr9is3cdn5h9arzxp0lnvg0z9bb9zyfs0dq81gaqim4"))))
(native-inputs
`(("lzip" ,lzip)))
(inputs
implementation, but has yet to be as extensively used as the original Libidn
library.")
(home-page "https://www.gnu.org/software/libidn/#libidn2")
+ (properties '((ftp-directory . "/gnu/libidn")))
;; The command-line tool 'idn2' is GPL3+, while the library is dual-licensed
;; GPL2+ or LGPL3+.
(license (list gpl2+ gpl3+ lgpl3+))))
-
-(define-public libidn2-2.0.4
- (package
- (inherit libidn2)
- (name "libidn2")
- (version "2.0.4")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/libidn/" name "-" version
- ".tar.lz"))
- (sha256
- (base32
- "00f2fyw5kwr9is3cdn5h9arzxp0lnvg0z9bb9zyfs0dq81gaqim4"))))))
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Eric Bavier <bavier@member.fsf.org>
;;;
;;; This file is part of GNU Guix.
;;;
(define-public libunistring
(package
(name "libunistring")
- (version "0.9.7")
+ (version "0.9.8")
(source (origin
(method url-fetch)
(uri (string-append
version ".tar.xz"))
(sha256
(base32
- "15z76qrmrvkc3c6hfq2lzzqysgd21s682f2smycfab5g598n8drf"))
- ;; test-lock has performance issues on multi-core machines,
- ;; it hangs or takes a long time to complete.
- ;; This is a commit from gnulib to fix this issue.
- (patches (search-patches "libunistring-gnulib-multi-core.patch"))))
+ "101gjj9q39pjlcaixylya6is5i7vlbnxr1w5w6raqvvhab7ki4vv"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; The gnulib test-lock test is prone to writer starvation
+ ;; with our glibc@2.25, which prefers readers, so disable it.
+ ;; The gnulib commit b20e8afb0b2 should fix this once
+ ;; incorporated here.
+ (substitute* "tests/Makefile.in"
+ (("test-lock\\$\\(EXEEXT\\) ") ""))
+ #t))))
(propagated-inputs (libiconv-if-needed))
(build-system gnu-build-system)
(arguments
(define-public linux-libre-headers
(package
(name "linux-libre-headers")
- (version "4.4.47")
+ (version "4.9.59")
(source (origin
(method url-fetch)
(uri (linux-libre-urls version))
(sha256
(base32
- "00zdq7swhvzbbnnhzizq6m34q5k4fycpcp215bmkbxh1ic76v7bs"))))
+ "0z8hq8a6ic38xh33idzl0k0yi4isgd7ncl2g1d6mzf9ixw5krhvc"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(arguments
(define-public util-linux
(package
(name "util-linux")
- (version "2.30.1")
+ (version "2.31")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/linux/utils/"
name "-" version ".tar.xz"))
(sha256
(base32
- "0hdq2fz405a89fyha4bgwg0rx8b65inxq17w8fg8qhmcj4x3dr0v"))
+ "12nw108xjhm63sh2n5a0qs33vpvbvb6rln96l9j50p7wykf7rgpr"))
(patches (search-patches "util-linux-tests.patch"))
(modules '((guix build utils)))
(snippet
(arguments
`(#:configure-flags (list "--disable-use-tty-group"
"--enable-fs-paths-default=/run/current-system/profile/sbin"
+ ;; Don't try to chown root:root mount and umount
+ "--disable-makeinstall-chown"
;; Install completions where our
;; bash-completion package expects them.
(string-append "--with-bashcompletiondir="
inadequately in modern network environments, and both should be deprecated.")
(license license:gpl2+)))
-;; There are two packages for net-tools. The first, net-tools, is more recent
-;; and probably safer to use with untrusted inputs (i.e. the internet). The
-;; second, net-tools-for-tests, is relatively old and buggy. It can be used in
-;; package test suites and should never be referred to by a built package. Use
-;; #:disallowed-references to enforce this.
-;;
-;; When we are able to rebuild many packages (i.e. core-updates), we can update
-;; net-tools-for-tests if appropriate.
-;;
-;; See <https://bugs.gnu.org/27811> for more information.
(define-public net-tools
;; XXX: This package is basically unmaintained, but it provides a few
;; commands not yet provided by Inetutils, such as 'route', so we have to
configuration (iptunnel, ipmaddr).")
(license license:gpl2+))))
-(define-public net-tools-for-tests
- (hidden-package (package (inherit net-tools)
- (version "1.60")
- ;; Git depends on net-tools-for-tests via GnuTLS, so we can't use git-fetch
- ;; here. We should find a better workaround for this problem so that we can
- ;; use the latest upstream source.
- (source (origin
- (method url-fetch)
- (uri (list (string-append
- "mirror://sourceforge/net-tools/net-tools-"
- version ".tar.bz2")
- (string-append
- "http://distro.ibiblio.org/rootlinux/rootlinux-ports"
- "/base/net-tools/net-tools-1.60.tar.bz2")))
- (sha256
- (base32
- "0yvxrzk0mzmspr7sa34hm1anw6sif39gyn85w4c5ywfn8inxvr3s"))
- (patches (search-patches "net-tools-bitrot.patch"))))
- (build-system gnu-build-system)
- (arguments
- '(#:modules ((guix build gnu-build-system)
- (guix build utils)
- (srfi srfi-1)
- (srfi srfi-26))
- #:phases (alist-cons-after
- 'unpack 'patch
- (lambda* (#:key inputs #:allow-other-keys)
- (define (apply-patch file)
- (zero? (system* "patch" "-p1" "--force"
- "--input" file)))
-
- (let ((patch.gz (assoc-ref inputs "patch")))
- (format #t "applying Debian patch set '~a'...~%"
- patch.gz)
- (system (string-append "gunzip < " patch.gz " > the-patch"))
- (and (apply-patch "the-patch")
- (for-each apply-patch
- (find-files "debian/patches"
- "\\.patch")))))
- (alist-replace
- 'configure
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (mkdir-p (string-append out "/bin"))
- (mkdir-p (string-append out "/sbin"))
-
- ;; Pretend we have everything...
- (system "yes | make config")
-
- ;; ... except for the things we don't have.
- ;; HAVE_AFDECnet requires libdnet, which we don't have.
- ;; HAVE_HWSTRIP and HAVE_HWTR require kernel headers
- ;; that have been removed.
- (substitute* '("config.make" "config.h")
- (("^.*HAVE_(AFDECnet|HWSTRIP|HWTR)[ =]1.*$") ""))))
- (alist-cons-after
- 'install 'remove-redundant-commands
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Remove commands and man pages redundant with
- ;; Inetutils.
- (let* ((out (assoc-ref outputs "out"))
- (dup (append-map (cut find-files out <>)
- '("^hostname"
- "^(yp|nis|dns)?domainname"))))
- (for-each delete-file dup)
- #t))
- %standard-phases)))
-
- ;; Binaries that depend on libnet-tools.a don't declare that
- ;; dependency, making it parallel-unsafe.
- #:parallel-build? #f
-
- #:tests? #f ; no test suite
- #:make-flags (let ((out (assoc-ref %outputs "out")))
- (list "CC=gcc"
- (string-append "BASEDIR=" out)
- (string-append "INSTALLNLSDIR=" out "/share/locale")
- (string-append "mandir=/share/man")))))
-
- ;; We added unzip to the net-tools package's native-inputs when
- ;; switching its source from a Git checkout to a zip archive. We
- ;; need to specify the native-inputs here to keep unzip out of the
- ;; build of net-tools-for-tests, so that we don't have to rebuild
- ;; many packages on the master branch. We can make
- ;; net-tools-for-tests inherit directly from net-tools in the next
- ;; core-updates cycle.
- (native-inputs `(("gettext" ,gettext-minimal)))
-
- ;; Use the big Debian patch set (the thing does not even compile out of
- ;; the box.)
- ;; XXX The patch is not actually applied, due to a bug in the 'patch' phase
- ;; above. However, this package variant is only used in GnuTLS's tests. It
- ;; will be adjusted when convenient for the build farm.
- ;; See <https://bugs.gnu.org/27811> for more information.
- (inputs `(("patch" ,(origin
- (method url-fetch)
- (uri
- "http://ftp.de.debian.org/debian/pool/main/n/net-tools/net-tools_1.60-24.2.diff.gz")
- (sha256
- (base32
- "0p93lsqx23v5fv4hpbrydmfvw1ha2rgqpn2zqbs2jhxkzhjc030p")))))))))
-
(define-public libcap
(package
(name "libcap")
;; The post-systemd fork, maintained by Gentoo.
(package
(name "eudev")
- (version "3.2.2")
+ (version "3.2.4")
(source (origin
(method url-fetch)
- (uri (string-append
- "http://dev.gentoo.org/~blueness/eudev/eudev-"
- version ".tar.gz"))
+ (uri (string-append "https://github.com/gentoo/eudev/archive/v"
+ version ".zip"))
+ (file-name (string-append name "-" version ".zip"))
(sha256
(base32
- "0qqgbgpm5wdllk0s04pf80nwc8pr93xazwri1bylm1f15zn5ck1y"))
+ "1r1ag0snarygrj5qqxi2xdq9w6g3sfjd5jx1b0fl7zmqlsz3vvxx"))
(patches (search-patches "eudev-rules-directory.patch"))))
(build-system gnu-build-system)
(arguments
- '(#:phases (modify-phases %standard-phases
- (add-after 'install 'build-hwdb
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Build OUT/etc/udev/hwdb.bin. This allows 'lsusb' and
- ;; similar tools to display product names.
- (let ((out (assoc-ref outputs "out")))
- (zero? (system* (string-append out "/bin/udevadm")
- "hwdb" "--update"))))))))
+ '(#:phases
+ (modify-phases %standard-phases
+ (add-before 'configure 'bootstrap
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "man/make.sh"
+ (("/usr/bin/xsltproc")
+ (string-append (assoc-ref inputs "xsltproc")
+ "/bin/xsltproc")))
+ ;; Manual pages are regenerated here.
+ (zero? (system* "./autogen.sh"))))
+ (add-after 'install 'build-hwdb
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Build OUT/etc/udev/hwdb.bin. This allows 'lsusb' and
+ ;; similar tools to display product names.
+ (let ((out (assoc-ref outputs "out")))
+ (zero? (system* (string-append out "/bin/udevadm")
+ "hwdb" "--update"))))))
+ #:configure-flags (list "--enable-manpages")))
(native-inputs
- `(("pkg-config" ,pkg-config)
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("gperf" ,gperf)
+ ("libtool" ,libtool)
+ ("pkg-config" ,pkg-config)
+ ;; For tests.
("perl" ,perl)
- ("gperf" ,gperf)))
+ ("python" ,python-wrapper)
+ ;; For documentation.
+ ("docbook-xml" ,docbook-xml-4.2)
+ ("docbook-xsl" ,docbook-xsl)
+ ("libxml2" ,libxml2) ;for $XML_CATALOG_FILES
+ ("xsltproc", libxslt)))
(inputs
;; When linked against libblkid, eudev can populate /dev/disk/by-label
;; and similar; it also installs the '60-persistent-storage.rules' file,
which is used to enable and disable wireless networking devices, typically
WLAN, Bluetooth and mobile broadband.")
(license (license:non-copyleft "file://COPYING"
- "See COPYING in the distribution."))))
+ "See COPYING in the distribution."))
+ ;; rfkill is part of util-linux as of 2.31.
+ (properties `((superseded . ,util-linux)))))
(define-public acpi
(package
(string-append "--with-udevdir=" out "/lib/udev")))
#:phases
(modify-phases %standard-phases
- ,@(if (string=? (%current-system) "armhf-linux")
- ;; This test fails unpredictably.
- ;; TODO: skip it for all architectures.
- `((add-before 'check 'skip-wonky-test
- (lambda _
- (substitute* "unit/test-gatt.c"
- (("tester_init\\(&argc, &argv\\);") "return 77;"))
- #t)))
- `())
-
+ ;; Test unit/test-gatt fails unpredictably. Seems to be a timing
+ ;; issue (discussion on upstream mailing list:
+ ;; https://marc.info/?t=149578476300002&r=1&w=2)
+ (add-before 'check 'skip-wonky-test
+ (lambda _
+ (substitute* "unit/test-gatt.c"
+ (("tester_init\\(&argc, &argv\\);") "return 77;"))
+ #t))
(add-after 'install 'post-install
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
;; to do the same for consistency. They also recommend using the
;; "Release" build type.
#:configure-flags (list "-GNinja"
- ;; Defaults to "lib64" on 64-bit archs.
- (string-append "-DCMAKE_INSTALL_LIBDIR="
- (assoc-ref %outputs "out") "/lib")
"-DCMAKE_BUILD_TYPE=Release")
#:phases
(modify-phases %standard-phases
#t))))
(build-system cmake-build-system)
(arguments
- ;; Recent releases defaults to "lib64" on 64bit.
- `(#:configure-flags (list (string-append "-DCMAKE_INSTALL_LIBDIR="
- (assoc-ref %outputs "out")
- "/lib"))
- #:phases
+ `(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'disable-asserts
(lambda _
,@(alist-delete "bdw-gc"
(package-propagated-inputs guile-2.2))))
(arguments
- `(;; When `configure' checks for ltdl availability, it
- ;; doesn't try to link using libtool, and thus fails
- ;; because of a missing -ldl. Work around that.
- #:configure-flags '("LDFLAGS=-ldl")
-
- #:phases (alist-cons-before
- 'configure 'static-guile
- (lambda _
- (substitute* "libguile/Makefile.in"
- ;; Create a statically-linked `guile'
- ;; executable.
- (("^guile_LDFLAGS =")
- "guile_LDFLAGS = -all-static")
-
- ;; Add `-ldl' *after* libguile-2.2.la.
- (("^guile_LDADD =(.*)$" _ ldadd)
- (string-append "guile_LDADD = "
- (string-trim-right ldadd)
- " -ldl\n"))))
- %standard-phases)
-
- ;; There are uses of `dynamic-link' in
- ;; {foreign,coverage}.test that don't fly here.
- #:tests? #f)))))
+ (substitute-keyword-arguments (package-arguments guile-2.2)
+ ((#:configure-flags flags '())
+ ;; When `configure' checks for ltdl availability, it
+ ;; doesn't try to link using libtool, and thus fails
+ ;; because of a missing -ldl. Work around that.
+ ''("LDFLAGS=-ldl"))
+ ((#:phases phases '%standard-phases)
+ `(modify-phases ,phases
+ (add-before 'configure 'static-guile
+ (lambda _
+ (substitute* "libguile/Makefile.in"
+ ;; Create a statically-linked `guile'
+ ;; executable.
+ (("^guile_LDFLAGS =")
+ "guile_LDFLAGS = -all-static")
+
+ ;; Add `-ldl' *after* libguile-2.2.la.
+ (("^guile_LDADD =(.*)$" _ ldadd)
+ (string-append "guile_LDADD = "
+ (string-trim-right ldadd)
+ " -ldl\n")))))))
+ ((#:tests? _ #f)
+ ;; There are uses of `dynamic-link' in
+ ;; {foreign,coverage}.test that don't fly here.
+ #f))))))
(package-with-relocatable-glibc (static-package guile))))
(define %guile-static-stripped
(define-public help2man
(package
(name "help2man")
- (version "1.47.4")
+ (version "1.47.5")
(source
(origin
(method url-fetch)
version ".tar.xz"))
(sha256
(base32
- "0lvp4306f5nq08f3snffs5pp1zwv8l35z6f5g0dds51zs6bzdv6l"))))
+ "1cb14kp380jzk1yi4i7x9d8qplc8c5mgcbgycgs9ggpx34jhp9kw"))))
(build-system gnu-build-system)
(arguments `(;; There's no `check' target.
#:tests? #f))
("python" ,python-2)))
(arguments
`(#:configure-flags (list
- ;; Install to PREFIX/lib (the default is
- ;; PREFIX/lib64).
- (string-append "-DCMAKE_INSTALL_LIBDIR="
- (assoc-ref %outputs "out")
- "/lib")
-
"-DBUILD_SHARED_LIBS:BOOL=YES"
"-DLAPACKE=ON"
(arguments
`(#:configure-flags '("-Denable_blaslib:BOOL=NO" ;do not use internal cblas
"-DTPL_BLAS_LIBRARIES=openblas"
- "-DBUILD_SHARED_LIBS:BOOL=YES"
- "-DCMAKE_INSTALL_LIBDIR=lib")))
+ "-DBUILD_SHARED_LIBS:BOOL=YES")))
(home-page "http://crd-legacy.lbl.gov/~xiaoye/SuperLU/")
(synopsis "Supernodal direct solver for sparse linear systems")
(description
(define-public openblas
(package
(name "openblas")
- (version "0.2.19")
+ (version "0.2.20")
(source
(origin
(method url-fetch)
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "071zqnmnxhh0c9phzyn3f198yxa0hjxda7016azdbq2056sm70w7"))))
+ "1bd03c5xni0bla0wg1wba841b36b0sg13sjja955kn5xzvy4i61a"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ;no "check" target
+ `(#:test-target "test"
;; DYNAMIC_ARCH is only supported on x86. When it is disabled and no
;; TARGET is specified, OpenBLAS will tune itself to the build host, so
;; we need to disable substitutions.
"-DINSTALL_PYTHON_BINDINGS=true"
(string-append "-DCMAKE_INSTALL_PYTHON_PKG_DIR="
%output
- "/lib/python2.7/site-packages")
- (string-append "-DCMAKE_INSTALL_LIBDIR="
- %output
- "/lib"))
-
+ "/lib/python2.7/site-packages"))
#:phases
(modify-phases %standard-phases
(add-before 'configure 'bootstrap
(define-public mpfr
(package
(name "mpfr")
- (version "3.1.5")
+ (version "3.1.6")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/mpfr/mpfr-" version
".tar.xz"))
(sha256 (base32
- "1g32l2fg8f62lcyzzh88y3fsh6rk539qc6ahhdgvx7wpnf1dwpq1"))))
+ "0l598h9klpgkz2bp0rxiqb90mkqh9f2f81n5rpy191j00hdaqqks"))))
(build-system gnu-build-system)
(outputs '("out" "debug"))
(propagated-inputs `(("gmp" ,gmp))) ; <mpfr.h> refers to <gmp.h>
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
(define-public ncurses
(package
(name "ncurses")
- (version "6.0")
+ (version "6.0-20170930")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/ncurses/ncurses-"
- version ".tar.gz"))
- (patches (search-patches "ncurses-CVE-2017-10684-10685.patch"))
+ (car (string-split version #\-))
+ ".tar.gz"))
(sha256
(base32
"0q3jck7lna77z5r42f13c4xglc7azd19pxfrjrpgp2yf615w4lgm"))))
(cons (string-append "--host=" target)
configure-flags)
configure-flags))))))
+ (apply-rollup-patch-phase
+ '(lambda* (#:key inputs native-inputs #:allow-other-keys)
+ (copy-file (assoc-ref (or native-inputs inputs) "rollup-patch")
+ (string-append (getcwd) "/rollup-patch.sh.bz2"))
+ (and (zero? (system* "bzip2" "-d" "rollup-patch.sh.bz2"))
+ (zero? (system* "sh" "rollup-patch.sh")))))
(remove-shebang-phase
'(lambda _
;; To avoid retaining a reference to the bootstrap Bash via the
,@(if (target-mingw?) '("--enable-term-driver") '()))))
#:tests? #f ; no "check" target
#:phases (modify-phases %standard-phases
+ (add-after 'unpack 'apply-rollup-patch
+ ,apply-rollup-patch-phase)
(replace 'configure ,configure-phase)
(add-after 'install 'post-install
,post-install-phase)
(add-after 'unpack 'remove-unneeded-shebang
,remove-shebang-phase)))))
(self-native-input? #t) ; for `tic'
- (native-inputs
- `(("pkg-config" ,pkg-config)))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+
+ ;; Ncurses distributes "stable" patchsets to be applied on top
+ ;; of the release tarball. These are only available as shell
+ ;; scripts(!) so we decompress and apply them in a phase.
+ ;; See <https://invisible-mirror.net/archives/ncurses/6.0/README>.
+ ("rollup-patch"
+ ,(origin
+ (method url-fetch)
+ (uri (string-append
+ "https://invisible-mirror.net/archives/ncurses/"
+ (car (string-split version #\-))
+ "/ncurses-" version "-patch.sh.bz2"))
+ (sha256
+ (base32
+ "08a1pp8wnj1fwpa1pz3fgrmd6xwp21idniswqz8lx3w3z2nb4ydi"))))))
(native-search-paths
(list (search-path-specification
(variable "TERMINFO_DIRS")
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
;; This version is not API-compatible with version 2. In particular, lsh
;; cannot use it yet. So keep it separate.
(package (inherit nettle-2)
- (version "3.3")
+ (version "3.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/nettle/nettle-"
version ".tar.gz"))
(sha256
(base32
- "07mif3af077763vc35s1x8vzhzlgqcgxh67c1xr13jnhslkjd526"))))
+ "150y8655h629wn946dvzasq16qxsc1m9nf58mifvhl350bgl4ymf"))))
(arguments
(substitute-keyword-arguments (package-arguments nettle-2)
((#:configure-flags flags)
(define-public node
(package
(name "node")
- (version "8.9.1")
+ (version "9.3.0")
(source (origin
(method url-fetch)
(uri (string-append "http://nodejs.org/dist/v" version
"/node-v" version ".tar.gz"))
(sha256
(base32
- "1qbiz7hgwlirhwpd71c8yzcbwsyi5bjlfp6lxb6v55j6rizinj9j"))
- ;; See https://github.com/nodejs/node/issues/16688
- ;; Remove this next update (>8.9.1).
- (patches
- (search-patches "node-test-http2-server-rst-stream.patch"))))
+ "19g2pc196rxlj9k5bwhqxdjddvicsx385w7yj6alq9l82lmqycxp"))))
(build-system gnu-build-system)
(arguments
;; TODO: Purge the bundled copies from the source.
;; test-make-doc needs doc-only target, which is inhibited below
(for-each delete-file
'("test/doctool/test-make-doc.js"))
- ;; FIXME: This test seems to depends on files that are not
- ;; available in the bundled v8. See
- ;; https://github.com/nodejs/node/issues/13344
+ ;; FIXME: These tests depend on being able to install eslint.
+ ;; See https://github.com/nodejs/node/issues/17098.
(for-each delete-file
- '("test/addons-napi/test_general/testInstanceOf.js"))
+ '("test/parallel/test-eslint-crypto-check.js"
+ "test/parallel/test-eslint-alphabetize-errors.js"
+ "test/parallel/test-eslint-buffer-constructor.js"
+ "test/parallel/test-eslint-documented-errors.js"
+ "test/parallel/test-eslint-inspector-check.js"
+ "test/parallel/test-eslint-no-unescaped-regexp-dot.js"
+ "test/parallel/test-eslint-no-let-in-for-declaration.js"
+ "test/parallel/test-eslint-prefer-assert-iferror.js"
+ "test/parallel/test-eslint-prefer-assert-methods.js"
+ "test/parallel/test-eslint-prefer-common-expectserror.js"
+ "test/parallel/test-eslint-prefer-common-mustnotcall.js"
+ "test/parallel/test-eslint-prefer-util-format-errors.js"
+ "test/parallel/test-eslint-require-buffer.js"
+ "test/parallel/test-eslint-required-modules.js"))
+
;; FIXME: These tests fail in the build container, but they don't
;; seem to be indicative of real problems in practice.
(for-each delete-file
#:use-module (gnu packages guile)
#:use-module (gnu packages file)
#:use-module (gnu packages backup)
+ #:use-module (gnu packages bootstrap) ;for 'bootstrap-guile-origin'
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
#:use-module (gnu packages gnupg)
("graphviz" ,graphviz)
("help2man" ,help2man)))
(inputs
- (let ((boot-guile (lambda (arch hash)
- (origin
- (method url-fetch)
- (uri (boot-guile-uri arch))
- (sha256 hash)))))
- `(("bzip2" ,bzip2)
- ("gzip" ,gzip)
- ("zlib" ,zlib) ;for 'guix publish'
-
- ("sqlite" ,sqlite)
- ("libgcrypt" ,libgcrypt)
- ("guile" ,guile-2.2)
-
- ("boot-guile/i686"
- ,(boot-guile "i686"
- (base32
- "0im800m30abgh7msh331pcbjvb4n02smz5cfzf1srv0kpx3csmxp")))
- ("boot-guile/x86_64"
- ,(boot-guile "x86_64"
- (base32
- "1w2p5zyrglzzniqgvyn1b55vprfzhgk8vzbzkkbdgl5248si0yq3")))
- ("boot-guile/mips64el"
- ,(boot-guile "mips64el"
- (base32
- "0fzp93lvi0hn54acc0fpvhc7bvl0yc853k62l958cihk03q80ilr")))
- ("boot-guile/armhf"
- ,(boot-guile "armhf"
- (base32
- "1mi3brl7l58aww34rawhvja84xc7l1b4hmwdmc36fp9q9mfx0lg5")))
- ("boot-guile/aarch64"
- ,(boot-guile "aarch64"
- (base32
- "1giy2aprjmn5fp9c4s9r125fljw4wv6ixy5739i5bffw4jgr0f9r"))))))
+ `(("bzip2" ,bzip2)
+ ("gzip" ,gzip)
+ ("zlib" ,zlib) ;for 'guix publish'
+
+ ("sqlite" ,sqlite)
+ ("libgcrypt" ,libgcrypt)
+ ("guile" ,guile-2.2)
+
+ ("boot-guile/i686" ,(bootstrap-guile-origin "i686-linux"))
+ ("boot-guile/x86_64" ,(bootstrap-guile-origin "x86_64-linux"))
+ ("boot-guile/mips64el" ,(bootstrap-guile-origin "mips64el-linux"))
+ ("boot-guile/armhf" ,(bootstrap-guile-origin "armhf-linux"))
+ ("boot-guile/aarch64" ,(bootstrap-guile-origin "aarch64-linux"))))
(propagated-inputs
`(("gnutls" ,gnutls)
("guile-json" ,guile-json)
(base32
"1pfkq1m5vb90kx67vyw70s1hc4ivjsvq2535vm6wdwwsncna6bz5"))))
(build-system cmake-build-system)
- (arguments
- `(#:configure-flags
- (list (string-append "-DCMAKE_INSTALL_LIBDIR="
- (assoc-ref %outputs "out") "/lib"))))
(inputs
`(("libgcrypt" ,libgcrypt)
("libxi" ,libxi)
--- /dev/null
+This can be removed with the next acl release
+
+---
+ test/run | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/run b/test/run
+index 2cf52e8..4627cd2 100755
+--- a/test/run
++++ b/test/run
+@@ -70,7 +70,7 @@ for (;;) {
+ if (defined $line) {
+ # Substitute %VAR and %{VAR} with environment variables.
+ $line =~ s[%(\w+)][$ENV{$1}]eg;
+- $line =~ s[%{(\w+)}][$ENV{$1}]eg;
++ $line =~ s[%\{(\w+)\}][$ENV{$1}]eg;
+ }
+ if (defined $line) {
+ if ($line =~ s/^\s*< ?//) {
+--
+2.15.0
+
+++ /dev/null
-From <https://lists.gnu.org/archive/html/automake-patches/2015-07/msg00000.html>.
-See also <http://bugs.gnu.org/22372>.
-
-From 34163794a58b5bd91c5d6bd9adf5437571c7a479 Mon Sep 17 00:00:00 2001
-From: Pavel Raiskup <praiskup@redhat.com>
-Date: Tue, 7 Jul 2015 10:54:24 +0200
-Subject: [PATCH] bin/automake: escape '{' in regexp pattern
-
-Based on perlre(1) documentation:
-.. in Perl v5.26, literal uses of a curly bracket will be required
-to be escaped, say by preceding them with a backslash ("\{" ) or
-enclosing them within square brackets ("[{]") ..
-
-References:
-https://bugzilla.redhat.com/1239379
-
-* bin/automake.in (substitute_ac_subst_variables): Escape the
-occurrence of '{' character.
----
- bin/automake.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/bin/automake.in b/bin/automake.in
-index 0c29184..c294ced 100644
---- a/bin/automake.in
-+++ b/bin/automake.in
-@@ -3898,7 +3898,7 @@ sub substitute_ac_subst_variables_worker
- sub substitute_ac_subst_variables
- {
- my ($text) = @_;
-- $text =~ s/\${([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge;
-+ $text =~ s/\$\{([^ \t=:+{}]+)}/substitute_ac_subst_variables_worker ($1)/ge;
- return $text;
- }
+++ /dev/null
-Adjust test to ignore gzip 1.8+ warnings.
-
---- automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:36:26.554218552 +0200
-+++ automake-1.15/t/distcheck-no-prefix-or-srcdir-override.sh 2016-06-14 00:37:52.903157770 +0200
-@@ -49,7 +49,11 @@ grep "cannot find sources.* in foobar" s
-
- ./configure
- run_make -E -O distcheck
--test ! -s stderr
-+
-+# Gzip 1.8+ emits warnings like "gzip: warning: GZIP environment
-+# variable is deprecated"; filter them out.
-+test `grep -v '^gzip: warning' stderr | wc -l` -eq 0
-+
- # Sanity check: the flags have been actually seen.
- $PERL -e 'undef $/; $_ = <>; s/ \\\n/ /g; print;' <stdout >t
- grep '/configure .* --srcdir am-src' t || exit 99
--- avahi-0.6.27/avahi-daemon/Makefile.in 2010-07-13 05:06:35.000000000 +0200
+++ avahi-0.6.27/avahi-daemon/Makefile.in 2010-07-13 18:03:45.000000000 +0200
-@@ -1554,7 +1554,6 @@ xmllint:
+@@ -1625,7 +1625,6 @@
done
install-data-local:
-- test -z "$(localstatedir)/run" || $(mkdir_p) "$(DESTDIR)$(localstatedir)/run"
+- test -z "$(avahi_runtime_dir)" || $(MKDIR_P) "$(DESTDIR)$(avahi_runtime_dir)"
update-systemd:
curl http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c > sd-daemon.c
+++ /dev/null
-This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our
-the build environment chroot, as reported at <https://bugs.gnu.org/26253>,
-and now on x86_64-linux-gnu as well. It is a variant of this upstream patch:
-
- commit f5422009389678680dba9ff4ecb7d33632ee3383
- Author: Ludovic Courtès <ludo@gnu.org>
- Date: Mon Mar 27 20:34:39 2017 -0700
-
- tests: avoid false ulimit failure on some systems
-
- * tests/misc/cut-huge-range.sh: On some systems returns_ may
- use more memory, so incorporate that in the determination
- of the ulimit value to use. Noticed on ARMv7 with bash-4.4.12,
- and x86_64 with bash-4.2.37.
- Fixes http://bugs.gnu.org/26253
-
-... which appeared to be insufficient.
-
-diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh
-index 6b3c5b6ed..55b7b640e 100755
---- a/tests/misc/cut-huge-range.sh
-+++ b/tests/misc/cut-huge-range.sh
-@@ -20,9 +20,9 @@
- print_ver_ cut
- getlimits_
-
--vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \
-+vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \
- || skip_ "this shell lacks ulimit support"
- vm=$(($vm + 1000)) # avoid spurious failures
-
- # sed script to subtract one from the input.
- # Each input line should consist of a positive decimal number.
--- /dev/null
+commit e3461d1c21a99bcef1b8826f710434e0ffb5adea
+Author: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sun Jun 11 15:53:09 2017 -0700
+
+ getopt-posix: port to glibc 2.25.90
+
+ Problem reported by Daniel P. Berrange in:
+ http://lists.gnu.org/archive/html/bug-gnulib/2017-06/msg00003.html
+ * lib/getopt-pfx-core.h (_GETOPT_CORE_H):
+ * lib/getopt-pfx-ext.h (_GETOPT_EXT_H):
+ #undef if __GETOPT_PREFIX is defined.
+
+diff --git a/lib/getopt-pfx-core.h b/lib/getopt-pfx-core.h
+index 155c11612..6ad0da683 100644
+--- a/lib/getopt-pfx-core.h
++++ b/lib/getopt-pfx-core.h
+@@ -47,6 +47,11 @@
+ # define opterr __GETOPT_ID (opterr)
+ # define optind __GETOPT_ID (optind)
+ # define optopt __GETOPT_ID (optopt)
++
++/* The system's getopt.h may have already included getopt-core.h to
++ declare the unprefixed identifiers. Undef _GETOPT_CORE_H so that
++ getopt-core.h declares them with prefixes. */
++# undef _GETOPT_CORE_H
+ #endif
+
+ #include <getopt-core.h>
+diff --git a/lib/getopt-pfx-ext.h b/lib/getopt-pfx-ext.h
+index d960bb34e..c5ac52202 100644
+--- a/lib/getopt-pfx-ext.h
++++ b/lib/getopt-pfx-ext.h
+@@ -45,6 +45,11 @@
+ # define getopt_long_only __GETOPT_ID (getopt_long_only)
+ # define option __GETOPT_ID (option)
+ # define _getopt_internal __GETOPT_ID (getopt_internal)
++
++/* The system's getopt.h may have already included getopt-ext.h to
++ declare the unprefixed identifiers. Undef _GETOPT_EXT_H so that
++ getopt-ext.h declares them with prefixes. */
++# undef _GETOPT_EXT_H
+ #endif
+
+ /* Standalone applications get correct prototypes for getopt_long and
+++ /dev/null
-This patch fixes performance problems on multi-core machines
-as reported at <https://bugs.gnu.org/26441>.
-
-See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
-by Bruno Haible <bruno@clisp.org>.
-
-diff --git a/tests/test-lock.c b/tests/test-lock.c
-index a992f64..fb18dee 100644
---- a/tests/test-lock.c
-+++ b/tests/test-lock.c
-@@ -1,5 +1,5 @@
- /* Test of locking in multithreaded situations.
-- Copyright (C) 2005, 2008-2015 Free Software Foundation, Inc.
-+ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc.
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
-@@ -50,6 +50,28 @@
- Uncomment this to see if the operating system has a fair scheduler. */
- #define EXPLICIT_YIELD 1
-
-+/* Whether to use 'volatile' on some variables that communicate information
-+ between threads. If set to 0, a semaphore or a lock is used to protect
-+ these variables. If set to 1, 'volatile' is used; this is theoretically
-+ equivalent but can lead to much slower execution (e.g. 30x slower total
-+ run time on a 40-core machine), because 'volatile' does not imply any
-+ synchronization/communication between different CPUs. */
-+#define USE_VOLATILE 0
-+
-+#if USE_POSIX_THREADS && HAVE_SEMAPHORE_H
-+/* Whether to use a semaphore to communicate information between threads.
-+ If set to 0, a lock is used. If set to 1, a semaphore is used.
-+ Uncomment this to reduce the dependencies of this test. */
-+# define USE_SEMAPHORE 1
-+/* Mac OS X provides only named semaphores (sem_open); its facility for
-+ unnamed semaphores (sem_init) does not work. */
-+# if defined __APPLE__ && defined __MACH__
-+# define USE_NAMED_SEMAPHORE 1
-+# else
-+# define USE_UNNAMED_SEMAPHORE 1
-+# endif
-+#endif
-+
- /* Whether to print debugging messages. */
- #define ENABLE_DEBUGGING 0
-
-@@ -90,6 +112,12 @@
-
- #include "glthread/thread.h"
- #include "glthread/yield.h"
-+#if USE_SEMAPHORE
-+# include <errno.h>
-+# include <fcntl.h>
-+# include <semaphore.h>
-+# include <unistd.h>
-+#endif
-
- #if ENABLE_DEBUGGING
- # define dbgprintf printf
-@@ -103,6 +131,132 @@
- # define yield()
- #endif
-
-+#if USE_VOLATILE
-+struct atomic_int {
-+ volatile int value;
-+};
-+static void
-+init_atomic_int (struct atomic_int *ai)
-+{
-+}
-+static int
-+get_atomic_int_value (struct atomic_int *ai)
-+{
-+ return ai->value;
-+}
-+static void
-+set_atomic_int_value (struct atomic_int *ai, int new_value)
-+{
-+ ai->value = new_value;
-+}
-+#elif USE_SEMAPHORE
-+/* This atomic_int implementation can only support the values 0 and 1.
-+ It is initially 0 and can be set to 1 only once. */
-+# if USE_UNNAMED_SEMAPHORE
-+struct atomic_int {
-+ sem_t semaphore;
-+};
-+#define atomic_int_semaphore(ai) (&(ai)->semaphore)
-+static void
-+init_atomic_int (struct atomic_int *ai)
-+{
-+ sem_init (&ai->semaphore, 0, 0);
-+}
-+# endif
-+# if USE_NAMED_SEMAPHORE
-+struct atomic_int {
-+ sem_t *semaphore;
-+};
-+#define atomic_int_semaphore(ai) ((ai)->semaphore)
-+static void
-+init_atomic_int (struct atomic_int *ai)
-+{
-+ sem_t *s;
-+ unsigned int count;
-+ for (count = 0; ; count++)
-+ {
-+ char name[80];
-+ /* Use getpid() in the name, so that different processes running at the
-+ same time will not interfere. Use ai in the name, so that different
-+ atomic_int in the same process will not interfere. Use a count in
-+ the name, so that even in the (unlikely) case that a semaphore with
-+ the specified name already exists, we can try a different name. */
-+ sprintf (name, "test-lock-%lu-%p-%u",
-+ (unsigned long) getpid (), ai, count);
-+ s = sem_open (name, O_CREAT | O_EXCL, 0600, 0);
-+ if (s == SEM_FAILED)
-+ {
-+ if (errno == EEXIST)
-+ /* Retry with a different name. */
-+ continue;
-+ else
-+ {
-+ perror ("sem_open failed");
-+ abort ();
-+ }
-+ }
-+ else
-+ {
-+ /* Try not to leave a semaphore hanging around on the file system
-+ eternally, if we can avoid it. */
-+ sem_unlink (name);
-+ break;
-+ }
-+ }
-+ ai->semaphore = s;
-+}
-+# endif
-+static int
-+get_atomic_int_value (struct atomic_int *ai)
-+{
-+ if (sem_trywait (atomic_int_semaphore (ai)) == 0)
-+ {
-+ if (sem_post (atomic_int_semaphore (ai)))
-+ abort ();
-+ return 1;
-+ }
-+ else if (errno == EAGAIN)
-+ return 0;
-+ else
-+ abort ();
-+}
-+static void
-+set_atomic_int_value (struct atomic_int *ai, int new_value)
-+{
-+ if (new_value == 0)
-+ /* It's already initialized with 0. */
-+ return;
-+ /* To set the value 1: */
-+ if (sem_post (atomic_int_semaphore (ai)))
-+ abort ();
-+}
-+#else
-+struct atomic_int {
-+ gl_lock_define (, lock)
-+ int value;
-+};
-+static void
-+init_atomic_int (struct atomic_int *ai)
-+{
-+ gl_lock_init (ai->lock);
-+}
-+static int
-+get_atomic_int_value (struct atomic_int *ai)
-+{
-+ gl_lock_lock (ai->lock);
-+ int ret = ai->value;
-+ gl_lock_unlock (ai->lock);
-+ return ret;
-+}
-+static void
-+set_atomic_int_value (struct atomic_int *ai, int new_value)
-+{
-+ gl_lock_lock (ai->lock);
-+ ai->value = new_value;
-+ gl_lock_unlock (ai->lock);
-+}
-+#endif
-+
- #define ACCOUNT_COUNT 4
-
- static int account[ACCOUNT_COUNT];
-@@ -170,12 +324,12 @@ lock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int lock_checker_done;
-+static struct atomic_int lock_checker_done;
-
- static void *
- lock_checker_thread (void *arg)
- {
-- while (!lock_checker_done)
-+ while (get_atomic_int_value (&lock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
- gl_lock_lock (my_lock);
-@@ -200,7 +354,8 @@ test_lock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- lock_checker_done = 0;
-+ init_atomic_int (&lock_checker_done);
-+ set_atomic_int_value (&lock_checker_done, 0);
-
- /* Spawn the threads. */
- checkerthread = gl_thread_create (lock_checker_thread, NULL);
-@@ -210,7 +365,7 @@ test_lock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- lock_checker_done = 1;
-+ set_atomic_int_value (&lock_checker_done, 1);
- gl_thread_join (checkerthread, NULL);
- check_accounts ();
- }
-@@ -254,12 +409,12 @@ rwlock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int rwlock_checker_done;
-+static struct atomic_int rwlock_checker_done;
-
- static void *
- rwlock_checker_thread (void *arg)
- {
-- while (!rwlock_checker_done)
-+ while (get_atomic_int_value (&rwlock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
- gl_rwlock_rdlock (my_rwlock);
-@@ -284,7 +439,8 @@ test_rwlock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- rwlock_checker_done = 0;
-+ init_atomic_int (&rwlock_checker_done);
-+ set_atomic_int_value (&rwlock_checker_done, 0);
-
- /* Spawn the threads. */
- for (i = 0; i < THREAD_COUNT; i++)
-@@ -295,7 +451,7 @@ test_rwlock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- rwlock_checker_done = 1;
-+ set_atomic_int_value (&rwlock_checker_done, 1);
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (checkerthreads[i], NULL);
- check_accounts ();
-@@ -356,12 +512,12 @@ reclock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int reclock_checker_done;
-+static struct atomic_int reclock_checker_done;
-
- static void *
- reclock_checker_thread (void *arg)
- {
-- while (!reclock_checker_done)
-+ while (get_atomic_int_value (&reclock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
- gl_recursive_lock_lock (my_reclock);
-@@ -386,7 +542,8 @@ test_recursive_lock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- reclock_checker_done = 0;
-+ init_atomic_int (&reclock_checker_done);
-+ set_atomic_int_value (&reclock_checker_done, 0);
-
- /* Spawn the threads. */
- checkerthread = gl_thread_create (reclock_checker_thread, NULL);
-@@ -396,7 +553,7 @@ test_recursive_lock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- reclock_checker_done = 1;
-+ set_atomic_int_value (&reclock_checker_done, 1);
- gl_thread_join (checkerthread, NULL);
- check_accounts ();
- }
--- /dev/null
+Fontconfig 2.12.5 and 2.12.6 was released with a stray debugging statement.
+See <https://lists.freedesktop.org/archives/fontconfig/2017-October/006079.html>.
+
+Patch copied from upstream source repository:
+https://cgit.freedesktop.org/fontconfig/commit/?id=b56207a069be2574df455ede0a6ab61f44d5ca2b
+
+diff --git a/fc-query/fc-query.c b/fc-query/fc-query.c
+index 842a8b6..6cd5abd 100644
+--- a/fc-query/fc-query.c
++++ b/fc-query/fc-query.c
+@@ -170,7 +170,6 @@ main (int argc, char **argv)
+ FcPattern *pat;
+
+ id = ((instance_num << 16) + face_num);
+- printf("id %d\n", id);
+ if (FT_New_Face (ftLibrary, argv[i], id, &face))
+ break;
+ num_faces = face->num_faces;
+++ /dev/null
-Add missing include that triggers a build failure on PowerPC:
-
- ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc: In function ‘bool __asan::AsanInterceptsSignal(int)’:
- ../../../../gcc-5.4.0/libsanitizer/asan/asan_linux.cc:222:20: error: ‘SIGSEGV’ was not declared in this scope
- return signum == SIGSEGV && common_flags()->handle_segv;
- ^
-From <https://patchwork.ozlabs.org/patch/725596/>.
-
-diff --git a/libsanitizer/asan/asan_linux.cc b/libsanitizer/asan/asan_linux.cc
-index c504168..59087b9 100644
---- a/libsanitizer/asan/asan_linux.cc
-+++ b/libsanitizer/asan/asan_linux.cc
-@@ -29,6 +29,7 @@
- #include <dlfcn.h>
- #include <fcntl.h>
- #include <pthread.h>
-+#include <signal.h>
- #include <stdio.h>
- #include <unistd.h>
- #include <unwind.h>
--- /dev/null
+This patch was taken from the official GCC git repository.
+X-Git-Url: https://gcc.gnu.org/git/?p=gcc.git;a=blobdiff_plain;f=contrib%2Ftexi2pod.pl;h=91bdbb5cea933d0381f2924ab94490fca31d5800;hp=eba1bcaa3cffa78b46030b219d04fe7d68367658;hb=67b56c905078d49d3e4028085e5cb1e1fb87a8aa;hpb=2f508a78310caab123e9794d3dcfe41f2769449b
+
+It fixes a defect in the contrib/texi2pod.pl script that prevented generating
+manual pages. It was corrected in the GCC 6.X series.
+
+diff --git a/contrib/texi2pod.pl b/contrib/texi2pod.pl
+index eba1bca..91bdbb5 100755
+--- a/contrib/texi2pod.pl
++++ b/contrib/texi2pod.pl
+@@ -316,7 +316,7 @@ while(<$inf>) {
+ @columns = ();
+ for $column (split (/\s*\@tab\s*/, $1)) {
+ # @strong{...} is used a @headitem work-alike
+- $column =~ s/^\@strong{(.*)}$/$1/;
++ $column =~ s/^\@strong\{(.*)\}$/$1/;
+ push @columns, $column;
+ }
+ $_ = "\n=item ".join (" : ", @columns)."\n";
+++ /dev/null
-This patch fixes performance problems on multi-core machines
-as reported at <https://bugs.gnu.org/26441>.
-
-See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
-by Bruno Haible <bruno@clisp.org>.
-
-diff --git a/gettext-tools/gnulib-tests/test-lock.c b/gettext-tools/gnulib-tests/test-lock.c
-index cb734b4e6..aa6de2739 100644
---- a/gettext-tools/gnulib-tests/test-lock.c
-+++ b/gettext-tools/gnulib-tests/test-lock.c
-@@ -50,6 +50,13 @@
- Uncomment this to see if the operating system has a fair scheduler. */
- #define EXPLICIT_YIELD 1
-
-+/* Whether to use 'volatile' on some variables that communicate information
-+ between threads. If set to 0, a lock is used to protect these variables.
-+ If set to 1, 'volatile' is used; this is theoretically equivalent but can
-+ lead to much slower execution (e.g. 30x slower total run time on a 40-core
-+ machine. */
-+#define USE_VOLATILE 0
-+
- /* Whether to print debugging messages. */
- #define ENABLE_DEBUGGING 0
-
-@@ -103,6 +110,51 @@
- # define yield()
- #endif
-
-+#if USE_VOLATILE
-+struct atomic_int {
-+ volatile int value;
-+};
-+static void
-+init_atomic_int (struct atomic_int *ai)
-+{
-+}
-+static int
-+get_atomic_int_value (struct atomic_int *ai)
-+{
-+ return ai->value;
-+}
-+static void
-+set_atomic_int_value (struct atomic_int *ai, int new_value)
-+{
-+ ai->value = new_value;
-+}
-+#else
-+struct atomic_int {
-+ gl_lock_define (, lock)
-+ int value;
-+};
-+static void
-+init_atomic_int (struct atomic_int *ai)
-+{
-+ gl_lock_init (ai->lock);
-+}
-+static int
-+get_atomic_int_value (struct atomic_int *ai)
-+{
-+ gl_lock_lock (ai->lock);
-+ int ret = ai->value;
-+ gl_lock_unlock (ai->lock);
-+ return ret;
-+}
-+static void
-+set_atomic_int_value (struct atomic_int *ai, int new_value)
-+{
-+ gl_lock_lock (ai->lock);
-+ ai->value = new_value;
-+ gl_lock_unlock (ai->lock);
-+}
-+#endif
-+
- #define ACCOUNT_COUNT 4
-
- static int account[ACCOUNT_COUNT];
-@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int lock_checker_done;
-+static struct atomic_int lock_checker_done;
-
- static void *
- lock_checker_thread (void *arg)
- {
-- while (!lock_checker_done)
-+ while (get_atomic_int_value (&lock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
- gl_lock_lock (my_lock);
-@@ -200,7 +252,8 @@ test_lock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- lock_checker_done = 0;
-+ init_atomic_int (&lock_checker_done);
-+ set_atomic_int_value (&lock_checker_done, 0);
-
- /* Spawn the threads. */
- checkerthread = gl_thread_create (lock_checker_thread, NULL);
-@@ -210,7 +263,7 @@ test_lock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- lock_checker_done = 1;
-+ set_atomic_int_value (&lock_checker_done, 1);
- gl_thread_join (checkerthread, NULL);
- check_accounts ();
- }
-@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int rwlock_checker_done;
-+static struct atomic_int rwlock_checker_done;
-
- static void *
- rwlock_checker_thread (void *arg)
- {
-- while (!rwlock_checker_done)
-+ while (get_atomic_int_value (&rwlock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
- gl_rwlock_rdlock (my_rwlock);
-@@ -284,7 +337,8 @@ test_rwlock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- rwlock_checker_done = 0;
-+ init_atomic_int (&rwlock_checker_done);
-+ set_atomic_int_value (&rwlock_checker_done, 0);
-
- /* Spawn the threads. */
- for (i = 0; i < THREAD_COUNT; i++)
-@@ -295,7 +349,7 @@ test_rwlock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- rwlock_checker_done = 1;
-+ set_atomic_int_value (&rwlock_checker_done, 1);
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (checkerthreads[i], NULL);
- check_accounts ();
-@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int reclock_checker_done;
-+static struct atomic_int reclock_checker_done;
-
- static void *
- reclock_checker_thread (void *arg)
- {
-- while (!reclock_checker_done)
-+ while (get_atomic_int_value (&reclock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
- gl_recursive_lock_lock (my_reclock);
-@@ -386,7 +440,8 @@ test_recursive_lock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- reclock_checker_done = 0;
-+ init_atomic_int (&reclock_checker_done);
-+ set_atomic_int_value (&reclock_checker_done, 0);
-
- /* Spawn the threads. */
- checkerthread = gl_thread_create (reclock_checker_thread, NULL);
-@@ -396,7 +451,7 @@ test_recursive_lock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- reclock_checker_done = 1;
-+ set_atomic_int_value (&reclock_checker_done, 1);
- gl_thread_join (checkerthread, NULL);
- check_accounts ();
- }
+++ /dev/null
-This patch fixes performance problems on multi-core machines
-as reported at <https://bugs.gnu.org/26441>.
-
-See commit 1afbcb06fded2a427b761dd1615b1e48e1e853cc in Gettext
-by Bruno Haible <bruno@clisp.org>.
-
-diff --git a/gettext-runtime/tests/test-lock.c b/gettext-runtime/tests/test-lock.c
-index d279d1d60..51cec3d6b 100644
---- a/gettext-runtime/tests/test-lock.c
-+++ b/gettext-runtime/tests/test-lock.c
-@@ -1,5 +1,5 @@
- /* Test of locking in multithreaded situations.
-- Copyright (C) 2005, 2008-2016 Free Software Foundation, Inc.
-+ Copyright (C) 2005, 2008-2017 Free Software Foundation, Inc.
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
-@@ -50,6 +50,13 @@
- Uncomment this to see if the operating system has a fair scheduler. */
- #define EXPLICIT_YIELD 1
-
-+/* Whether to use 'volatile' on some variables that communicate information
-+ between threads. If set to 0, a lock is used to protect these variables.
-+ If set to 1, 'volatile' is used; this is theoretically equivalent but can
-+ lead to much slower execution (e.g. 30x slower total run time on a 40-core
-+ machine. */
-+#define USE_VOLATILE 0
-+
- /* Whether to print debugging messages. */
- #define ENABLE_DEBUGGING 0
-
-@@ -214,6 +221,51 @@ static inline void * gl_thread_self_pointer (void)
- # define yield()
- #endif
-
-+#if USE_VOLATILE
-+struct atomic_int {
-+ volatile int value;
-+};
-+static void
-+init_atomic_int (struct atomic_int *ai)
-+{
-+}
-+static int
-+get_atomic_int_value (struct atomic_int *ai)
-+{
-+ return ai->value;
-+}
-+static void
-+set_atomic_int_value (struct atomic_int *ai, int new_value)
-+{
-+ ai->value = new_value;
-+}
-+#else
-+struct atomic_int {
-+ gl_lock_define (, lock)
-+ int value;
-+};
-+static void
-+init_atomic_int (struct atomic_int *ai)
-+{
-+ gl_lock_init (ai->lock);
-+}
-+static int
-+get_atomic_int_value (struct atomic_int *ai)
-+{
-+ gl_lock_lock (ai->lock);
-+ int ret = ai->value;
-+ gl_lock_unlock (ai->lock);
-+ return ret;
-+}
-+static void
-+set_atomic_int_value (struct atomic_int *ai, int new_value)
-+{
-+ gl_lock_lock (ai->lock);
-+ ai->value = new_value;
-+ gl_lock_unlock (ai->lock);
-+}
-+#endif
-+
- #define ACCOUNT_COUNT 4
-
- static int account[ACCOUNT_COUNT];
-@@ -281,12 +333,12 @@ lock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int lock_checker_done;
-+static struct atomic_int lock_checker_done;
-
- static void *
- lock_checker_thread (void *arg)
- {
-- while (!lock_checker_done)
-+ while (get_atomic_int_value (&lock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
- gl_lock_lock (my_lock);
-@@ -311,7 +363,8 @@ test_lock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- lock_checker_done = 0;
-+ init_atomic_int (&lock_checker_done);
-+ set_atomic_int_value (&lock_checker_done, 0);
-
- /* Spawn the threads. */
- checkerthread = gl_thread_create (lock_checker_thread, NULL);
-@@ -321,7 +374,7 @@ test_lock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- lock_checker_done = 1;
-+ set_atomic_int_value (&lock_checker_done, 1);
- gl_thread_join (checkerthread, NULL);
- check_accounts ();
- }
-@@ -365,12 +418,12 @@ rwlock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int rwlock_checker_done;
-+static struct atomic_int rwlock_checker_done;
-
- static void *
- rwlock_checker_thread (void *arg)
- {
-- while (!rwlock_checker_done)
-+ while (get_atomic_int_value (&rwlock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
- gl_rwlock_rdlock (my_rwlock);
-@@ -395,7 +448,8 @@ test_rwlock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- rwlock_checker_done = 0;
-+ init_atomic_int (&rwlock_checker_done);
-+ set_atomic_int_value (&rwlock_checker_done, 0);
-
- /* Spawn the threads. */
- for (i = 0; i < THREAD_COUNT; i++)
-@@ -406,7 +460,7 @@ test_rwlock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- rwlock_checker_done = 1;
-+ set_atomic_int_value (&rwlock_checker_done, 1);
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (checkerthreads[i], NULL);
- check_accounts ();
-@@ -467,12 +521,12 @@ reclock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int reclock_checker_done;
-+static struct atomic_int reclock_checker_done;
-
- static void *
- reclock_checker_thread (void *arg)
- {
-- while (!reclock_checker_done)
-+ while (get_atomic_int_value (&reclock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
- gl_recursive_lock_lock (my_reclock);
-@@ -497,7 +551,8 @@ test_recursive_lock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- reclock_checker_done = 0;
-+ init_atomic_int (&reclock_checker_done);
-+ set_atomic_int_value (&reclock_checker_done, 0);
-
- /* Spawn the threads. */
- checkerthread = gl_thread_create (reclock_checker_thread, NULL);
-@@ -507,7 +562,7 @@ test_recursive_lock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- reclock_checker_done = 1;
-+ set_atomic_int_value (&reclock_checker_done, 1);
- gl_thread_join (checkerthread, NULL);
- check_accounts ();
- }
+++ /dev/null
-Fix CVE-2017-8291:
-
-https://bugs.ghostscript.com/show_bug.cgi?id=697799
-https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate)
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8291
-
-Patches copied from upstream source repository:
-
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad
-
-From 4f83478c88c2e05d6e8d79ca4557eb039354d2f3 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Thu, 27 Apr 2017 13:03:33 +0100
-Subject: [PATCH] Bug 697799: have .eqproc check its parameters
-
-The Ghostscript custom operator .eqproc was not check the number or type of
-the parameters it was given.
----
- psi/zmisc3.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/psi/zmisc3.c b/psi/zmisc3.c
-index 54b304246..37293ff4b 100644
---- a/psi/zmisc3.c
-+++ b/psi/zmisc3.c
-@@ -56,6 +56,12 @@ zeqproc(i_ctx_t *i_ctx_p)
- ref2_t stack[MAX_DEPTH + 1];
- ref2_t *top = stack;
-
-+ if (ref_stack_count(&o_stack) < 2)
-+ return_error(gs_error_stackunderflow);
-+ if (!r_is_array(op - 1) || !r_is_array(op)) {
-+ return_error(gs_error_typecheck);
-+ }
-+
- make_array(&stack[0].proc1, 0, 1, op - 1);
- make_array(&stack[0].proc2, 0, 1, op);
- for (;;) {
---
-2.13.0
-
-From 04b37bbce174eed24edec7ad5b920eb93db4d47d Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Thu, 27 Apr 2017 13:21:31 +0100
-Subject: [PATCH] Bug 697799: have .rsdparams check its parameters
-
-The Ghostscript internal operator .rsdparams wasn't checking the number or
-type of the operands it was being passed. Do so.
----
- psi/zfrsd.c | 22 +++++++++++++++-------
- 1 file changed, 15 insertions(+), 7 deletions(-)
-
-diff --git a/psi/zfrsd.c b/psi/zfrsd.c
-index 191107d8a..950588d69 100644
---- a/psi/zfrsd.c
-+++ b/psi/zfrsd.c
-@@ -49,13 +49,20 @@ zrsdparams(i_ctx_t *i_ctx_p)
- ref *pFilter;
- ref *pDecodeParms;
- int Intent = 0;
-- bool AsyncRead;
-+ bool AsyncRead = false;
- ref empty_array, filter1_array, parms1_array;
- uint i;
-- int code;
-+ int code = 0;
-+
-+ if (ref_stack_count(&o_stack) < 1)
-+ return_error(gs_error_stackunderflow);
-+ if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
-+ return_error(gs_error_typecheck);
-+ }
-
- make_empty_array(&empty_array, a_readonly);
-- if (dict_find_string(op, "Filter", &pFilter) > 0) {
-+ if (r_has_type(op, t_dictionary)
-+ && dict_find_string(op, "Filter", &pFilter) > 0) {
- if (!r_is_array(pFilter)) {
- if (!r_has_type(pFilter, t_name))
- return_error(gs_error_typecheck);
-@@ -94,12 +101,13 @@ zrsdparams(i_ctx_t *i_ctx_p)
- return_error(gs_error_typecheck);
- }
- }
-- code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
-+ if (r_has_type(op, t_dictionary))
-+ code = dict_int_param(op, "Intent", 0, 3, 0, &Intent);
- if (code < 0 && code != gs_error_rangecheck) /* out-of-range int is ok, use 0 */
- return code;
-- if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0
-- )
-- return code;
-+ if (r_has_type(op, t_dictionary))
-+ if ((code = dict_bool_param(op, "AsyncRead", false, &AsyncRead)) < 0)
-+ return code;
- push(1);
- op[-1] = *pFilter;
- if (pDecodeParms)
---
-2.13.0
-
-From 57f20719e1cfaea77b67cb26e26de7fe4d7f9b2e Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Wed, 3 May 2017 12:05:45 +0100
-Subject: [PATCH] Bug 697846: revision to commit 4f83478c88 (.eqproc)
-
-When using the "DELAYBIND" feature, it turns out that .eqproc can be called with
-parameters that are not both procedures. In this case, it turns out, the
-expectation is for the operator to return 'false', rather than throw an error.
----
- psi/zmisc3.c | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/psi/zmisc3.c b/psi/zmisc3.c
-index 37293ff4b..3f01d39a3 100644
---- a/psi/zmisc3.c
-+++ b/psi/zmisc3.c
-@@ -38,6 +38,15 @@ zcliprestore(i_ctx_t *i_ctx_p)
- return gs_cliprestore(igs);
- }
-
-+static inline bool
-+eqproc_check_type(ref *r)
-+{
-+ return r_has_type(r, t_array)
-+ || r_has_type(r, t_mixedarray)
-+ || r_has_type(r, t_shortarray)
-+ || r_has_type(r, t_oparray);
-+}
-+
- /* <proc1> <proc2> .eqproc <bool> */
- /*
- * Test whether two procedures are equal to depth 10.
-@@ -58,8 +67,10 @@ zeqproc(i_ctx_t *i_ctx_p)
-
- if (ref_stack_count(&o_stack) < 2)
- return_error(gs_error_stackunderflow);
-- if (!r_is_array(op - 1) || !r_is_array(op)) {
-- return_error(gs_error_typecheck);
-+ if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
-+ make_false(op - 1);
-+ pop(1);
-+ return 0;
- }
-
- make_array(&stack[0].proc1, 0, 1, op - 1);
---
-2.13.0
-
-From ccfd2c75ac9be4cbd369e4cbdd40ba11a0c7bdad Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Thu, 11 May 2017 14:07:48 +0100
-Subject: [PATCH] Bug 697892: fix check for op stack underflow.
-
-In the original fix, I used the wrong method to check for stack underflow, this
-is using the correct method.
----
- psi/zfrsd.c | 3 +--
- psi/zmisc3.c | 3 +--
- 2 files changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/psi/zfrsd.c b/psi/zfrsd.c
-index 950588d69..9c035b96d 100644
---- a/psi/zfrsd.c
-+++ b/psi/zfrsd.c
-@@ -54,8 +54,7 @@ zrsdparams(i_ctx_t *i_ctx_p)
- uint i;
- int code = 0;
-
-- if (ref_stack_count(&o_stack) < 1)
-- return_error(gs_error_stackunderflow);
-+ check_op(1);
- if (!r_has_type(op, t_dictionary) && !r_has_type(op, t_null)) {
- return_error(gs_error_typecheck);
- }
-diff --git a/psi/zmisc3.c b/psi/zmisc3.c
-index 3f01d39a3..43803b55b 100644
---- a/psi/zmisc3.c
-+++ b/psi/zmisc3.c
-@@ -65,8 +65,7 @@ zeqproc(i_ctx_t *i_ctx_p)
- ref2_t stack[MAX_DEPTH + 1];
- ref2_t *top = stack;
-
-- if (ref_stack_count(&o_stack) < 2)
-- return_error(gs_error_stackunderflow);
-+ check_op(2);
- if (!eqproc_check_type(op -1) || !eqproc_check_type(op)) {
- make_false(op - 1);
- pop(1);
---
-2.13.0
-
--- /dev/null
+On Guix, Python modules are in a different output from the executables,
+so searching "../share/glib-2.0" will not work.
+
+This patch restores behaviour prior to this commit:
+<https://git.gnome.org/browse/glib/commit/?id=fe2a9887a8ccb14f2386e01b14834e97a33bc2d7>
+
+--- a/gio/gdbus-2.0/codegen/gdbus-codegen.in
++++ b/gio/gdbus-2.0/codegen/gdbus-codegen.in
+@@ -25,9 +25,12 @@
+
+ srcdir = os.getenv('UNINSTALLED_GLIB_SRCDIR', None)
+ filedir = os.path.dirname(__file__)
++datadir = os.path.join('@datadir@', 'glib-2.0')
+
+ if srcdir is not None:
+ path = os.path.join(srcdir, 'gio', 'gdbus-2.0')
++elif os.path.exists(os.path.join(datadir, 'codegen')):
++ path = datadir
+ elif os.path.basename(filedir) == 'bin':
+ # Make the prefix containing gdbus-codegen 'relocatable' at runtime by
+ # adding /some/prefix/bin/../share/glib-2.0 to the python path
+++ /dev/null
-This patch fix error on 'gnulib' library required to build
-'grep' package on GNU/Hurd.
-The patch was adapted from upstream source repository:
-'<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=4084b3a1094372b960ce4a97634e08f4538c8bdd>'
-
-Commit: 4084b3a1094372b960ce4a97634e08f4538c8bdd
-
-diff --git a/lib/glthread/lock.c b/lib/glthread/lock.c
-index 061562b..afc86f4 100644
---- a/lib/glthread/lock.c
-+++ b/lib/glthread/lock.c
-@@ -30,7 +30,7 @@
-
- /* ------------------------- gl_rwlock_t datatype ------------------------- */
-
--# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1))
-+# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1)))
-
- # ifdef PTHREAD_RWLOCK_INITIALIZER
-
-diff --git a/lib/glthread/lock.h b/lib/glthread/lock.h
-index ec16d39..67932aa 100644
---- a/lib/glthread/lock.h
-+++ b/lib/glthread/lock.h
-@@ -179,7 +179,7 @@ typedef pthread_mutex_t gl_lock_t;
-
- /* ------------------------- gl_rwlock_t datatype ------------------------- */
-
--# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1))
-+# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1)))
-
- # ifdef PTHREAD_RWLOCK_INITIALIZER
--- /dev/null
+From 12d8b4e8f2f9c9a7707d1d3fccba382732212e3c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=A1bor=20Boskovits?= <boskovits@gmail.com>
+Date: Tue, 5 Dec 2017 20:06:36 +0100
+Subject: [PATCH] Fix test failing on new GLib versions.
+
+This test fails on newer GLib version, because GLib exports a new public marshaller.
+The additional symbol making the test fail is:
+g_cclosure_marshal_BOOLEAN__BOXED_BOXED
+
+The fix makes the test ignore non-gtk related abi.
+This ensures if future marshallers are added to glib those will not pose a problem.
+
+The fix also ensures that the test still checks the gtk abi for identity, and
+that the library provides a superset of the required abi.
+
+Upstream reponse to this problem was:
+
+GLib added a new marshaller in its public API
+And the `abicheck.sh`in GTK+ 2.24 hasn't been updated because GTK+ 2.24 is in deep
+maintenance mode and very few people test it against newer versions of GLib
+
+---
+ gtk/abicheck.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gtk/abicheck.sh b/gtk/abicheck.sh
+index 0d033fb..53b7bfe 100755
+--- a/gtk/abicheck.sh
++++ b/gtk/abicheck.sh
+@@ -1,5 +1,5 @@
+ #! /bin/sh
+
+ cpp -DINCLUDE_VARIABLES -P -DG_OS_UNIX -DGTK_WINDOWING_X11 -DALL_FILES ${srcdir:-.}/gtk.symbols | sed -e '/^$/d' -e 's/ G_GNUC.*$//' -e 's/ PRIVATE//' | sort > expected-abi
+-nm -D -g --defined-only .libs/libgtk-x11-2.0.so | cut -d ' ' -f 3 | egrep -v '^(__bss_start|_edata|_end)' | sort > actual-abi
++nm -D -g --defined-only .libs/libgtk-x11-2.0.so | cut -d ' ' -f 3 | egrep -v '^(__bss_start|_edata|_end)' | egrep '^gtk_' | sort > actual-abi
+ diff -u expected-abi actual-abi && rm -f expected-abi actual-abi
+--
+2.15.0
+
+++ /dev/null
-Fix CVE-2017-14952:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952
-
-Patch copied from upstream source repository:
-
-http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp#file0
-
-Index: trunk/icu4c/source/i18n/zonemeta.cpp
-===================================================================
---- icu/source/i18n/zonemeta.cpp (revision 40283)
-+++ icu/source/i18n/zonemeta.cpp (revision 40324)
-@@ -691,5 +691,4 @@
- if (U_FAILURE(status)) {
- delete mzMappings;
-- deleteOlsonToMetaMappingEntry(entry);
- uprv_free(entry);
- break;
+++ /dev/null
-Fix CVE-2017-7867 and CVE-2017-7868:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868
-
-Patch copied from upstream source repository:
-
-http://bugs.icu-project.org/trac/changeset/39671
-
-Index: icu/source/common/utext.cpp
-===================================================================
---- icu/source/common/utext.cpp (revision 39670)
-+++ icu/source/common/utext.cpp (revision 39671)
-@@ -848,7 +848,13 @@
-
- // Chunk size.
--// Must be less than 85, because of byte mapping from UChar indexes to native indexes.
--// Worst case is three native bytes to one UChar. (Supplemenaries are 4 native bytes
--// to two UChars.)
-+// Must be less than 42 (256/6), because of byte mapping from UChar indexes to native indexes.
-+// Worst case there are six UTF-8 bytes per UChar.
-+// obsolete 6 byte form fd + 5 trails maps to fffd
-+// obsolete 5 byte form fc + 4 trails maps to fffd
-+// non-shortest 4 byte forms maps to fffd
-+// normal supplementaries map to a pair of utf-16, two utf8 bytes per utf-16 unit
-+// mapToUChars array size must allow for the worst case, 6.
-+// This could be brought down to 4, by treating fd and fc as pure illegal,
-+// rather than obsolete lead bytes. But that is not compatible with the utf-8 access macros.
- //
- enum { UTF8_TEXT_CHUNK_SIZE=32 };
-@@ -890,5 +896,5 @@
- // one for a supplementary starting in the last normal position,
- // and one for an entry for the buffer limit position.
-- uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*3+6]; // Map native offset from bufNativeStart to
-+ uint8_t mapToUChars[UTF8_TEXT_CHUNK_SIZE*6+6]; // Map native offset from bufNativeStart to
- // correspoding offset in filled part of buf.
- int32_t align;
-@@ -1033,4 +1039,5 @@
- u8b = (UTF8Buf *)ut->p; // the current buffer
- mapIndex = ix - u8b->toUCharsMapStart;
-+ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
- ut->chunkOffset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
- return TRUE;
-@@ -1299,4 +1306,8 @@
- // If index is at the end, there is no character there to look at.
- if (ix != ut->b) {
-+ // Note: this function will only move the index back if it is on a trail byte
-+ // and there is a preceding lead byte and the sequence from the lead
-+ // through this trail could be part of a valid UTF-8 sequence
-+ // Otherwise the index remains unchanged.
- U8_SET_CP_START(s8, 0, ix);
- }
-@@ -1312,5 +1323,8 @@
- uint8_t *mapToNative = u8b->mapToNative;
- uint8_t *mapToUChars = u8b->mapToUChars;
-- int32_t toUCharsMapStart = ix - (UTF8_TEXT_CHUNK_SIZE*3 + 1);
-+ int32_t toUCharsMapStart = ix - sizeof(UTF8Buf::mapToUChars) + 1;
-+ // Note that toUCharsMapStart can be negative. Happens when the remaining
-+ // text from current position to the beginning is less than the buffer size.
-+ // + 1 because mapToUChars must have a slot at the end for the bufNativeLimit entry.
- int32_t destIx = UTF8_TEXT_CHUNK_SIZE+2; // Start in the overflow region
- // at end of buffer to leave room
-@@ -1339,4 +1353,5 @@
- // Special case ASCII range for speed.
- buf[destIx] = (UChar)c;
-+ U_ASSERT(toUCharsMapStart <= srcIx);
- mapToUChars[srcIx - toUCharsMapStart] = (uint8_t)destIx;
- mapToNative[destIx] = (uint8_t)(srcIx - toUCharsMapStart);
-@@ -1368,4 +1383,5 @@
- mapToUChars[sIx-- - toUCharsMapStart] = (uint8_t)destIx;
- } while (sIx >= srcIx);
-+ U_ASSERT(toUCharsMapStart <= (srcIx+1));
-
- // Set native indexing limit to be the current position.
-@@ -1542,4 +1558,5 @@
- U_ASSERT(index<=ut->chunkNativeLimit);
- int32_t mapIndex = index - u8b->toUCharsMapStart;
-+ U_ASSERT(mapIndex < (int32_t)sizeof(UTF8Buf::mapToUChars));
- int32_t offset = u8b->mapToUChars[mapIndex] - u8b->bufStartIdx;
- U_ASSERT(offset>=0 && offset<=ut->chunkLength);
-Index: icu/source/test/intltest/utxttest.cpp
-===================================================================
---- icu/source/test/intltest/utxttest.cpp (revision 39670)
-+++ icu/source/test/intltest/utxttest.cpp (revision 39671)
-@@ -68,4 +68,6 @@
- case 7: name = "Ticket12130";
- if (exec) Ticket12130(); break;
-+ case 8: name = "Ticket12888";
-+ if (exec) Ticket12888(); break;
- default: name = ""; break;
- }
-@@ -1584,2 +1586,62 @@
- utext_close(&ut);
- }
-+
-+// Ticket 12888: bad handling of illegal utf-8 containing many instances of the archaic, now illegal,
-+// six byte utf-8 forms. Original implementation had an assumption that
-+// there would be at most three utf-8 bytes per UTF-16 code unit.
-+// The five and six byte sequences map to a single replacement character.
-+
-+void UTextTest::Ticket12888() {
-+ const char *badString =
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80"
-+ "\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80\xfd\x80\x80\x80\x80\x80";
-+
-+ UErrorCode status = U_ZERO_ERROR;
-+ LocalUTextPointer ut(utext_openUTF8(NULL, badString, -1, &status));
-+ TEST_SUCCESS(status);
-+ for (;;) {
-+ UChar32 c = utext_next32(ut.getAlias());
-+ if (c == U_SENTINEL) {
-+ break;
-+ }
-+ }
-+ int32_t endIdx = utext_getNativeIndex(ut.getAlias());
-+ if (endIdx != (int32_t)strlen(badString)) {
-+ errln("%s:%d expected=%d, actual=%d", __FILE__, __LINE__, strlen(badString), endIdx);
-+ return;
-+ }
-+
-+ for (int32_t prevIndex = endIdx; prevIndex>0;) {
-+ UChar32 c = utext_previous32(ut.getAlias());
-+ int32_t currentIndex = utext_getNativeIndex(ut.getAlias());
-+ if (c != 0xfffd) {
-+ errln("%s:%d (expected, actual, index) = (%d, %d, %d)\n",
-+ __FILE__, __LINE__, 0xfffd, c, currentIndex);
-+ break;
-+ }
-+ if (currentIndex != prevIndex - 6) {
-+ errln("%s:%d: wrong index. Expected, actual = %d, %d",
-+ __FILE__, __LINE__, prevIndex - 6, currentIndex);
-+ break;
-+ }
-+ prevIndex = currentIndex;
-+ }
-+}
-Index: icu/source/test/intltest/utxttest.h
-===================================================================
---- icu/source/test/intltest/utxttest.h (revision 39670)
-+++ icu/source/test/intltest/utxttest.h (revision 39671)
-@@ -39,4 +39,5 @@
- void Ticket10983();
- void Ticket12130();
-+ void Ticket12888();
-
- private:
+++ /dev/null
-Copied from upstream: http://bugs.icu-project.org/trac/changeset/39484/.
-
-Fixes <http://bugs.gnu.org/26462> (crashes).
-
-Paths and line endings have been adapted.
-
-Index: icu/source/common/ulist.c
-===================================================================
---- icu/source/common/ulist.c (revision 39483)
-+++ icu/source/common/ulist.c (revision 39484)
-@@ -30,5 +30,4 @@
-
- int32_t size;
-- int32_t currentIndex;
- };
-
-@@ -52,5 +51,4 @@
- newList->tail = NULL;
- newList->size = 0;
-- newList->currentIndex = -1;
-
- return newList;
-@@ -81,6 +79,7 @@
- p->next->previous = p->previous;
- }
-- list->curr = NULL;
-- list->currentIndex = 0;
-+ if (p == list->curr) {
-+ list->curr = p->next;
-+ }
- --list->size;
- if (p->forceDelete) {
-@@ -151,5 +150,4 @@
- list->head->previous = newItem;
- list->head = newItem;
-- list->currentIndex++;
- }
-
-@@ -194,5 +192,4 @@
- curr = list->curr;
- list->curr = curr->next;
-- list->currentIndex++;
-
- return curr->data;
-@@ -210,5 +207,4 @@
- if (list != NULL) {
- list->curr = list->head;
-- list->currentIndex = 0;
- }
- }
-@@ -273,3 +269,2 @@
- return (UList *)(en->context);
- }
--
-Index: icu/source/i18n/ucol_res.cpp
-===================================================================
---- icu/source/i18n/ucol_res.cpp (revision 39483)
-+++ icu/source/i18n/ucol_res.cpp (revision 39484)
-@@ -681,4 +681,5 @@
- }
- memcpy(en, &defaultKeywordValues, sizeof(UEnumeration));
-+ ulist_resetList(sink.values); // Initialize the iterator.
- en->context = sink.values;
- sink.values = NULL; // Avoid deletion in the sink destructor.
-Index: icu/source/test/intltest/apicoll.cpp
-===================================================================
---- icu/source/test/intltest/apicoll.cpp (revision 39483)
-+++ icu/source/test/intltest/apicoll.cpp (revision 39484)
-@@ -82,14 +82,7 @@
- col = Collator::createInstance(Locale::getEnglish(), success);
- if (U_FAILURE(success)){
-- errcheckln(success, "Default Collator creation failed. - %s", u_errorName(success));
-- return;
-- }
--
-- StringEnumeration* kwEnum = col->getKeywordValuesForLocale("", Locale::getEnglish(),true,success);
-- if (U_FAILURE(success)){
-- errcheckln(success, "Get Keyword Values for Locale failed. - %s", u_errorName(success));
-- return;
-- }
-- delete kwEnum;
-+ errcheckln(success, "English Collator creation failed. - %s", u_errorName(success));
-+ return;
-+ }
-
- col->getVersion(versionArray);
-@@ -230,4 +223,27 @@
- delete aFrCol;
- delete junk;
-+}
-+
-+void CollationAPITest::TestKeywordValues() {
-+ IcuTestErrorCode errorCode(*this, "TestKeywordValues");
-+ LocalPointer<Collator> col(Collator::createInstance(Locale::getEnglish(), errorCode));
-+ if (errorCode.logIfFailureAndReset("English Collator creation failed")) {
-+ return;
-+ }
-+
-+ LocalPointer<StringEnumeration> kwEnum(
-+ col->getKeywordValuesForLocale("collation", Locale::getEnglish(), TRUE, errorCode));
-+ if (errorCode.logIfFailureAndReset("Get Keyword Values for English Collator failed")) {
-+ return;
-+ }
-+ assertTrue("expect at least one collation tailoring for English", kwEnum->count(errorCode) > 0);
-+ const char *kw;
-+ UBool hasStandard = FALSE;
-+ while ((kw = kwEnum->next(NULL, errorCode)) != NULL) {
-+ if (strcmp(kw, "standard") == 0) {
-+ hasStandard = TRUE;
-+ }
-+ }
-+ assertTrue("expect at least the 'standard' collation tailoring for English", hasStandard);
- }
-
-@@ -2467,4 +2483,5 @@
- TESTCASE_AUTO_BEGIN;
- TESTCASE_AUTO(TestProperty);
-+ TESTCASE_AUTO(TestKeywordValues);
- TESTCASE_AUTO(TestOperators);
- TESTCASE_AUTO(TestDuplicate);
-Index: icu/source/test/intltest/apicoll.h
-===================================================================
---- icu/source/test/intltest/apicoll.h (revision 39483)
-+++ icu/source/test/intltest/apicoll.h (revision 39484)
-@@ -36,4 +36,5 @@
- */
- void TestProperty(/* char* par */);
-+ void TestKeywordValues();
-
- /**
+++ /dev/null
-Fix CVE-2016-9601:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9601
-https://bugs.ghostscript.com/show_bug.cgi?id=697457
-
-Patch copied from upstream source repository:
-
-http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
-
-From e698d5c11d27212aa1098bc5b1673a3378563092 Mon Sep 17 00:00:00 2001
-From: Robin Watts <robin.watts@artifex.com>
-Date: Mon, 12 Dec 2016 17:47:17 +0000
-Subject: [PATCH] Squash signed/unsigned warnings in MSVC jbig2 build.
-
-Also rename "new" to "new_dict", because "new" is a bad
-variable name.
----
- jbig2.c | 4 +--
- jbig2.h | 8 +++---
- jbig2_generic.c | 2 +-
- jbig2_halftone.c | 24 ++++++++----------
- jbig2_huffman.c | 10 ++++----
- jbig2_huffman.h | 2 +-
- jbig2_image.c | 32 +++++++++++------------
- jbig2_mmr.c | 66 +++++++++++++++++++++++++-----------------------
- jbig2_page.c | 6 ++---
- jbig2_priv.h | 4 +--
- jbig2_segment.c | 10 ++++----
- jbig2_symbol_dict.c | 73 +++++++++++++++++++++++++++--------------------------
- jbig2_symbol_dict.h | 6 ++---
- jbig2_text.c | 16 ++++++------
- jbig2_text.h | 2 +-
- 15 files changed, 134 insertions(+), 131 deletions(-)
-
-diff --git a/jbig2.c b/jbig2.c
-index f729e29..e51380f 100644
---- a/jbig2.c
-+++ b/jbig2.c
-@@ -379,7 +379,7 @@ typedef struct {
- } Jbig2WordStreamBuf;
-
- static int
--jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t *word)
-+jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, size_t offset, uint32_t *word)
- {
- Jbig2WordStreamBuf *z = (Jbig2WordStreamBuf *) self;
- const byte *data = z->data;
-@@ -390,7 +390,7 @@ jbig2_word_stream_buf_get_next_word(Jbig2WordStream *self, int offset, uint32_t
- else if (offset > z->size)
- return -1;
- else {
-- int i;
-+ size_t i;
-
- result = 0;
- for (i = 0; i < z->size - offset; i++)
-diff --git a/jbig2.h b/jbig2.h
-index d5aa52f..624e0ed 100644
---- a/jbig2.h
-+++ b/jbig2.h
-@@ -56,17 +56,19 @@ typedef struct _Jbig2SymbolDictionary Jbig2SymbolDictionary;
- */
-
- struct _Jbig2Image {
-- int width, height, stride;
-+ uint32_t width;
-+ uint32_t height;
-+ uint32_t stride;
- uint8_t *data;
- int refcount;
- };
-
--Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, int width, int height);
-+Jbig2Image *jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height);
- Jbig2Image *jbig2_image_clone(Jbig2Ctx *ctx, Jbig2Image *image);
- void jbig2_image_release(Jbig2Ctx *ctx, Jbig2Image *image);
- void jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image);
- void jbig2_image_clear(Jbig2Ctx *ctx, Jbig2Image *image, int value);
--Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height);
-+Jbig2Image *jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height);
-
- /* errors are returned from the library via a callback. If no callback
- is provided (a NULL argument is passed ot jbig2_ctx_new) a default
-diff --git a/jbig2_generic.c b/jbig2_generic.c
-index 02fdbfb..9656198 100644
---- a/jbig2_generic.c
-+++ b/jbig2_generic.c
-@@ -718,7 +718,7 @@ jbig2_immediate_generic_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte
- byte seg_flags;
- int8_t gbat[8];
- int offset;
-- int gbat_bytes = 0;
-+ uint32_t gbat_bytes = 0;
- Jbig2GenericRegionParams params;
- int code = 0;
- Jbig2Image *image = NULL;
-diff --git a/jbig2_halftone.c b/jbig2_halftone.c
-index aeab576..acfbc56 100644
---- a/jbig2_halftone.c
-+++ b/jbig2_halftone.c
-@@ -257,8 +257,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
- {
- uint8_t **GSVALS = NULL;
- size_t consumed_bytes = 0;
-- int i, j, code, stride;
-- int x, y;
-+ uint32_t i, j, stride, x, y;
-+ int code;
- Jbig2Image **GSPLANES;
- Jbig2GenericRegionParams rparams;
- Jbig2WordStream *ws = NULL;
-@@ -276,9 +276,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
- if (GSPLANES[i] == NULL) {
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate %dx%d image for GSPLANES", GSW, GSH);
- /* free already allocated */
-- for (j = i - 1; j >= 0; --j) {
-- jbig2_image_release(ctx, GSPLANES[j]);
-- }
-+ for (j = i; j > 0;)
-+ jbig2_image_release(ctx, GSPLANES[--j]);
- jbig2_free(ctx->allocator, GSPLANES);
- return NULL;
- }
-@@ -323,9 +322,10 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
- }
-
- /* C.5 step 2. Set j = GSBPP-2 */
-- j = GSBPP - 2;
-+ j = GSBPP - 1;
- /* C.5 step 3. decode loop */
-- while (j >= 0) {
-+ while (j > 0) {
-+ j--;
- /* C.5 step 3. (a) */
- if (GSMMR) {
- code = jbig2_decode_halftone_mmr(ctx, &rparams, data + consumed_bytes, size - consumed_bytes, GSPLANES[j], &consumed_bytes);
-@@ -345,7 +345,6 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
- GSPLANES[j]->data[i] ^= GSPLANES[j + 1]->data[i];
-
- /* C.5 step 3. (c) */
-- --j;
- }
-
- /* allocate GSVALS */
-@@ -359,9 +358,8 @@ jbig2_decode_gray_scale_image(Jbig2Ctx *ctx, Jbig2Segment *segment,
- if (GSVALS[i] == NULL) {
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate GSVALS: %d bytes", GSH * GSW);
- /* free already allocated */
-- for (j = i - 1; j >= 0; --j) {
-- jbig2_free(ctx->allocator, GSVALS[j]);
-- }
-+ for (j = i; j > 0;)
-+ jbig2_free(ctx->allocator, GSVALS[--j]);
- jbig2_free(ctx->allocator, GSVALS);
- GSVALS = NULL;
- goto cleanup;
-@@ -450,7 +448,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
- uint8_t **GI;
- Jbig2Image *HSKIP = NULL;
- Jbig2PatternDict *HPATS;
-- int i;
-+ uint32_t i;
- uint32_t mg, ng;
- int32_t x, y;
- uint8_t gray_val;
-@@ -476,7 +474,7 @@ jbig2_decode_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
-
- /* calculate ceil(log2(HNUMPATS)) */
- HBPP = 0;
-- while (HNUMPATS > (1 << ++HBPP));
-+ while (HNUMPATS > (1U << ++HBPP));
-
- /* 6.6.5 point 4. decode gray-scale image as mentioned in annex C */
- GI = jbig2_decode_gray_scale_image(ctx, segment, data, size,
-diff --git a/jbig2_huffman.c b/jbig2_huffman.c
-index 4521b48..f77981b 100644
---- a/jbig2_huffman.c
-+++ b/jbig2_huffman.c
-@@ -47,16 +47,16 @@ struct _Jbig2HuffmanState {
- is (offset + 4) * 8. */
- uint32_t this_word;
- uint32_t next_word;
-- int offset_bits;
-- int offset;
-- int offset_limit;
-+ uint32_t offset_bits;
-+ uint32_t offset;
-+ uint32_t offset_limit;
-
- Jbig2WordStream *ws;
- Jbig2Ctx *ctx;
- };
-
- static uint32_t
--huff_get_next_word(Jbig2HuffmanState *hs, int offset)
-+huff_get_next_word(Jbig2HuffmanState *hs, uint32_t offset)
- {
- uint32_t word = 0;
- Jbig2WordStream *ws = hs->ws;
-@@ -213,7 +213,7 @@ jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset)
- /* return the offset of the huffman decode pointer (in bytes)
- * from the beginning of the WordStream
- */
--int
-+uint32_t
- jbig2_huffman_offset(Jbig2HuffmanState *hs)
- {
- return hs->offset + (hs->offset_bits >> 3);
-diff --git a/jbig2_huffman.h b/jbig2_huffman.h
-index 5d1e6e0..cfda9e0 100644
---- a/jbig2_huffman.h
-+++ b/jbig2_huffman.h
-@@ -64,7 +64,7 @@ void jbig2_huffman_skip(Jbig2HuffmanState *hs);
-
- void jbig2_huffman_advance(Jbig2HuffmanState *hs, int offset);
-
--int jbig2_huffman_offset(Jbig2HuffmanState *hs);
-+uint32_t jbig2_huffman_offset(Jbig2HuffmanState *hs);
-
- int32_t jbig2_huffman_get(Jbig2HuffmanState *hs, const Jbig2HuffmanTable *table, bool *oob);
-
-diff --git a/jbig2_image.c b/jbig2_image.c
-index 1ae614e..94e5a4c 100644
---- a/jbig2_image.c
-+++ b/jbig2_image.c
-@@ -32,10 +32,10 @@
-
- /* allocate a Jbig2Image structure and its associated bitmap */
- Jbig2Image *
--jbig2_image_new(Jbig2Ctx *ctx, int width, int height)
-+jbig2_image_new(Jbig2Ctx *ctx, uint32_t width, uint32_t height)
- {
- Jbig2Image *image;
-- int stride;
-+ uint32_t stride;
- int64_t check;
-
- image = jbig2_new(ctx, Jbig2Image, 1);
-@@ -99,7 +99,7 @@ jbig2_image_free(Jbig2Ctx *ctx, Jbig2Image *image)
-
- /* resize a Jbig2Image */
- Jbig2Image *
--jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height)
-+jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height)
- {
- if (width == image->width) {
- /* check for integer multiplication overflow */
-@@ -133,11 +133,11 @@ jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, int width, int height)
- static int
- jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
- {
-- int i, j;
-- int sw = src->width;
-- int sh = src->height;
-- int sx = 0;
-- int sy = 0;
-+ uint32_t i, j;
-+ uint32_t sw = src->width;
-+ uint32_t sh = src->height;
-+ uint32_t sx = 0;
-+ uint32_t sy = 0;
-
- /* clip to the dst image boundaries */
- if (x < 0) {
-@@ -200,10 +200,10 @@ jbig2_image_compose_unopt(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x
- int
- jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int y, Jbig2ComposeOp op)
- {
-- int i, j;
-- int w, h;
-- int leftbyte, rightbyte;
-- int shift;
-+ uint32_t i, j;
-+ uint32_t w, h;
-+ uint32_t leftbyte, rightbyte;
-+ uint32_t shift;
- uint8_t *s, *ss;
- uint8_t *d, *dd;
- uint8_t mask, rightmask;
-@@ -226,8 +226,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
- h += y;
- y = 0;
- }
-- w = (x + w < dst->width) ? w : dst->width - x;
-- h = (y + h < dst->height) ? h : dst->height - y;
-+ w = ((uint32_t)x + w < dst->width) ? w : ((dst->width >= (uint32_t)x) ? dst->width - (uint32_t)x : 0);
-+ h = ((uint32_t)y + h < dst->height) ? h : ((dst->height >= (uint32_t)y) ? dst->height - (uint32_t)y : 0);
- #ifdef JBIG2_DEBUG
- jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "compositing %dx%d at (%d, %d) after clipping\n", w, h, x, y);
- #endif
-@@ -249,8 +249,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
- }
- #endif
-
-- leftbyte = x >> 3;
-- rightbyte = (x + w - 1) >> 3;
-+ leftbyte = (uint32_t)x >> 3;
-+ rightbyte = ((uint32_t)x + w - 1) >> 3;
- shift = x & 7;
-
- /* general OR case */
-diff --git a/jbig2_mmr.c b/jbig2_mmr.c
-index d4cd3a2..390e27c 100644
---- a/jbig2_mmr.c
-+++ b/jbig2_mmr.c
-@@ -38,19 +38,21 @@
- #include "jbig2_mmr.h"
-
- typedef struct {
-- int width;
-- int height;
-+ uint32_t width;
-+ uint32_t height;
- const byte *data;
- size_t size;
-- int data_index;
-- int bit_index;
-+ uint32_t data_index;
-+ uint32_t bit_index;
- uint32_t word;
- } Jbig2MmrCtx;
-
-+#define MINUS1 ((uint32_t)-1)
-+
- static void
- jbig2_decode_mmr_init(Jbig2MmrCtx *mmr, int width, int height, const byte *data, size_t size)
- {
-- int i;
-+ size_t i;
- uint32_t word = 0;
-
- mmr->width = width;
-@@ -732,14 +734,14 @@ const mmr_table_node jbig2_mmr_black_decode[] = {
- #define getbit(buf, x) ( ( buf[x >> 3] >> ( 7 - (x & 7) ) ) & 1 )
-
- static int
--jbig2_find_changing_element(const byte *line, int x, int w)
-+jbig2_find_changing_element(const byte *line, uint32_t x, uint32_t w)
- {
- int a, b;
-
- if (line == 0)
-- return w;
-+ return (int)w;
-
-- if (x == -1) {
-+ if (x == MINUS1) {
- a = 0;
- x = 0;
- } else {
-@@ -758,7 +760,7 @@ jbig2_find_changing_element(const byte *line, int x, int w)
- }
-
- static int
--jbig2_find_changing_element_of_color(const byte *line, int x, int w, int color)
-+jbig2_find_changing_element_of_color(const byte *line, uint32_t x, uint32_t w, int color)
- {
- if (line == 0)
- return w;
-@@ -772,9 +774,9 @@ static const byte lm[8] = { 0xFF, 0x7F, 0x3F, 0x1F, 0x0F, 0x07, 0x03, 0x01 };
- static const byte rm[8] = { 0x00, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
-
- static void
--jbig2_set_bits(byte *line, int x0, int x1)
-+jbig2_set_bits(byte *line, uint32_t x0, uint32_t x1)
- {
-- int a0, a1, b0, b1, a;
-+ uint32_t a0, a1, b0, b1, a;
-
- a0 = x0 >> 3;
- a1 = x1 >> 3;
-@@ -831,8 +833,8 @@ jbig2_decode_get_run(Jbig2MmrCtx *mmr, const mmr_table_node *table, int initial_
- static int
- jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- {
-- int a0 = -1;
-- int a1, a2, b1, b2;
-+ uint32_t a0 = MINUS1;
-+ uint32_t a1, a2, b1, b2;
- int c = 0; /* 0 is white, black is 1 */
-
- while (1) {
-@@ -840,7 +842,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-
- /* printf ("%08x\n", word); */
-
-- if (a0 >= mmr->width)
-+ if (a0 != MINUS1 && a0 >= mmr->width)
- break;
-
- if ((word >> (32 - 3)) == 1) {
-@@ -848,7 +850,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
-
- jbig2_decode_mmr_consume(mmr, 3);
-
-- if (a0 == -1)
-+ if (a0 == MINUS1)
- a0 = 0;
-
- if (c == 0) {
-@@ -860,7 +862,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- a1 = mmr->width;
- if (a2 > mmr->width)
- a2 = mmr->width;
-- if (a2 < a1 || a1 < 0)
-+ if (a1 == MINUS1 || a2 < a1)
- return -1;
- jbig2_set_bits(dst, a1, a2);
- a0 = a2;
-@@ -874,7 +876,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- a1 = mmr->width;
- if (a2 > mmr->width)
- a2 = mmr->width;
-- if (a1 < a0 || a0 < 0)
-+ if (a0 == MINUS1 || a1 < a0)
- return -1;
- jbig2_set_bits(dst, a0, a1);
- a0 = a2;
-@@ -888,7 +890,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
- b2 = jbig2_find_changing_element(ref, b1, mmr->width);
- if (c) {
-- if (b2 < a0 || a0 < 0)
-+ if (a0 == MINUS1 || b2 < a0)
- return -1;
- jbig2_set_bits(dst, a0, b2);
- }
-@@ -900,7 +902,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- jbig2_decode_mmr_consume(mmr, 1);
- b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
- if (c) {
-- if (b1 < a0 || a0 < 0)
-+ if (a0 == MINUS1 || b1 < a0)
- return -1;
- jbig2_set_bits(dst, a0, b1);
- }
-@@ -915,7 +917,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- if (b1 + 1 > mmr->width)
- break;
- if (c) {
-- if (b1 + 1 < a0 || a0 < 0)
-+ if (a0 == MINUS1 || b1 + 1 < a0)
- return -1;
- jbig2_set_bits(dst, a0, b1 + 1);
- }
-@@ -930,7 +932,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- if (b1 + 2 > mmr->width)
- break;
- if (c) {
-- if (b1 + 2 < a0 || a0 < 0)
-+ if (a0 == MINUS1 || b1 + 2 < a0)
- return -1;
- jbig2_set_bits(dst, a0, b1 + 2);
- }
-@@ -942,10 +944,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- /* printf ("VR(3)\n"); */
- jbig2_decode_mmr_consume(mmr, 7);
- b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
-- if (b1 + 3 > mmr->width)
-+ if (b1 + 3 > (int)mmr->width)
- break;
- if (c) {
-- if (b1 + 3 < a0 || a0 < 0)
-+ if (a0 == MINUS1 || b1 + 3 < a0)
- return -1;
- jbig2_set_bits(dst, a0, b1 + 3);
- }
-@@ -957,10 +959,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- /* printf ("VL(1)\n"); */
- jbig2_decode_mmr_consume(mmr, 3);
- b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
-- if (b1 - 1 < 0)
-+ if (b1 < 1)
- break;
- if (c) {
-- if (b1 - 1 < a0 || a0 < 0)
-+ if (a0 == MINUS1 || b1 - 1 < a0)
- return -1;
- jbig2_set_bits(dst, a0, b1 - 1);
- }
-@@ -972,7 +974,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- /* printf ("VL(2)\n"); */
- jbig2_decode_mmr_consume(mmr, 6);
- b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
-- if (b1 - 2 < 0)
-+ if (b1 < 2)
- break;
- if (c) {
- if (b1 - 2 < a0 || a0 < 0)
-@@ -987,10 +989,10 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- /* printf ("VL(3)\n"); */
- jbig2_decode_mmr_consume(mmr, 7);
- b1 = jbig2_find_changing_element_of_color(ref, a0, mmr->width, !c);
-- if (b1 - 3 < 0)
-+ if (b1 < 3)
- break;
- if (c) {
-- if (b1 - 3 < a0 || a0 < 0)
-+ if (a0 == MINUS1 || b1 - 3 < a0)
- return -1;
- jbig2_set_bits(dst, a0, b1 - 3);
- }
-@@ -1009,10 +1011,10 @@ int
- jbig2_decode_generic_mmr(Jbig2Ctx *ctx, Jbig2Segment *segment, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image)
- {
- Jbig2MmrCtx mmr;
-- const int rowstride = image->stride;
-+ const uint32_t rowstride = image->stride;
- byte *dst = image->data;
- byte *ref = NULL;
-- int y;
-+ uint32_t y;
- int code = 0;
-
- jbig2_decode_mmr_init(&mmr, image->width, image->height, data, size);
-@@ -1047,10 +1049,10 @@ int
- jbig2_decode_halftone_mmr(Jbig2Ctx *ctx, const Jbig2GenericRegionParams *params, const byte *data, size_t size, Jbig2Image *image, size_t *consumed_bytes)
- {
- Jbig2MmrCtx mmr;
-- const int rowstride = image->stride;
-+ const uint32_t rowstride = image->stride;
- byte *dst = image->data;
- byte *ref = NULL;
-- int y;
-+ uint32_t y;
- int code = 0;
- const uint32_t EOFB = 0x001001;
-
-diff --git a/jbig2_page.c b/jbig2_page.c
-index 110ff7c..1ed1c8a 100644
---- a/jbig2_page.c
-+++ b/jbig2_page.c
-@@ -155,9 +155,9 @@ int
- jbig2_end_of_stripe(Jbig2Ctx *ctx, Jbig2Segment *segment, const uint8_t *segment_data)
- {
- Jbig2Page page = ctx->pages[ctx->current_page];
-- int end_row;
-+ uint32_t end_row;
-
-- end_row = jbig2_get_int32(segment_data);
-+ end_row = jbig2_get_uint32(segment_data);
- if (end_row < page.end_row) {
- jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number,
- "end of stripe segment with non-positive end row advance" " (new end row %d vs current end row %d)", end_row, page.end_row);
-@@ -248,7 +248,7 @@ jbig2_page_add_result(Jbig2Ctx *ctx, Jbig2Page *page, Jbig2Image *image, int x,
-
- /* grow the page to accomodate a new stripe if necessary */
- if (page->striped) {
-- int new_height = y + image->height + page->end_row;
-+ uint32_t new_height = y + image->height + page->end_row;
-
- if (page->image->height < new_height) {
- jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "growing page buffer to %d rows " "to accomodate new stripe", new_height);
-diff --git a/jbig2_priv.h b/jbig2_priv.h
-index 42ba496..3d44b42 100644
---- a/jbig2_priv.h
-+++ b/jbig2_priv.h
-@@ -132,7 +132,7 @@ struct _Jbig2Page {
- uint32_t x_resolution, y_resolution; /* in pixels per meter */
- uint16_t stripe_size;
- bool striped;
-- int end_row;
-+ uint32_t end_row;
- uint8_t flags;
- Jbig2Image *image;
- };
-@@ -182,7 +182,7 @@ int jbig2_halftone_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segm
- typedef struct _Jbig2WordStream Jbig2WordStream;
-
- struct _Jbig2WordStream {
-- int (*get_next_word)(Jbig2WordStream *self, int offset, uint32_t *word);
-+ int (*get_next_word)(Jbig2WordStream *self, size_t offset, uint32_t *word);
- };
-
- Jbig2WordStream *jbig2_word_stream_buf_new(Jbig2Ctx *ctx, const byte *data, size_t size);
-diff --git a/jbig2_segment.c b/jbig2_segment.c
-index 2e0db67..5b63706 100644
---- a/jbig2_segment.c
-+++ b/jbig2_segment.c
-@@ -39,10 +39,10 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t
- uint8_t rtscarf;
- uint32_t rtscarf_long;
- uint32_t *referred_to_segments;
-- int referred_to_segment_count;
-- int referred_to_segment_size;
-- int pa_size;
-- int offset;
-+ uint32_t referred_to_segment_count;
-+ uint32_t referred_to_segment_size;
-+ uint32_t pa_size;
-+ uint32_t offset;
-
- /* minimum possible size of a jbig2 segment header */
- if (buf_size < 11)
-@@ -83,7 +83,7 @@ jbig2_parse_segment_header(Jbig2Ctx *ctx, uint8_t *buf, size_t buf_size, size_t
-
- /* 7.2.5 */
- if (referred_to_segment_count) {
-- int i;
-+ uint32_t i;
-
- referred_to_segments = jbig2_new(ctx, uint32_t, referred_to_segment_count * referred_to_segment_size);
- if (referred_to_segments == NULL) {
-diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
-index 2c71a4c..11a2252 100644
---- a/jbig2_symbol_dict.c
-+++ b/jbig2_symbol_dict.c
-@@ -88,40 +88,40 @@ jbig2_dump_symbol_dict(Jbig2Ctx *ctx, Jbig2Segment *segment)
-
- /* return a new empty symbol dict */
- Jbig2SymbolDict *
--jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols)
-+jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols)
- {
-- Jbig2SymbolDict *new = NULL;
-+ Jbig2SymbolDict *new_dict = NULL;
-
- if (n_symbols < 0) {
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols);
- return NULL;
- }
-
-- new = jbig2_new(ctx, Jbig2SymbolDict, 1);
-- if (new != NULL) {
-- new->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
-- new->n_symbols = n_symbols;
-+ new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1);
-+ if (new_dict != NULL) {
-+ new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
-+ new_dict->n_symbols = n_symbols;
- } else {
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate new empty symbol dict");
- return NULL;
- }
-
-- if (new->glyphs != NULL) {
-- memset(new->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
-+ if (new_dict->glyphs != NULL) {
-+ memset(new_dict->glyphs, 0, n_symbols * sizeof(Jbig2Image *));
- } else {
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "unable to allocate glyphs for new empty symbol dict");
-- jbig2_free(ctx->allocator, new);
-+ jbig2_free(ctx->allocator, new_dict);
- return NULL;
- }
-
-- return new;
-+ return new_dict;
- }
-
- /* release the memory associated with a symbol dict */
- void
- jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict)
- {
-- int i;
-+ uint32_t i;
-
- if (dict == NULL)
- return;
-@@ -142,12 +142,12 @@ jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id)
- }
-
- /* count the number of dictionary segments referred to by the given segment */
--int
-+uint32_t
- jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
- {
- int index;
- Jbig2Segment *rsegment;
-- int n_dicts = 0;
-+ uint32_t n_dicts = 0;
-
- for (index = 0; index < segment->referred_to_segment_count; index++) {
- rsegment = jbig2_find_segment(ctx, segment->referred_to_segments[index]);
-@@ -166,8 +166,8 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
- int index;
- Jbig2Segment *rsegment;
- Jbig2SymbolDict **dicts;
-- int n_dicts = jbig2_sd_count_referred(ctx, segment);
-- int dindex = 0;
-+ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
-+ uint32_t dindex = 0;
-
- dicts = jbig2_new(ctx, Jbig2SymbolDict *, n_dicts);
- if (dicts == NULL) {
-@@ -195,10 +195,10 @@ jbig2_sd_list_referred(Jbig2Ctx *ctx, Jbig2Segment *segment)
- /* generate a new symbol dictionary by concatenating a list of
- existing dictionaries */
- Jbig2SymbolDict *
--jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts)
-+jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts)
- {
-- int i, j, k, symbols;
-- Jbig2SymbolDict *new = NULL;
-+ uint32_t i, j, k, symbols;
-+ Jbig2SymbolDict *new_dict = NULL;
-
- /* count the imported symbols and allocate a new array */
- symbols = 0;
-@@ -206,17 +206,17 @@ jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts)
- symbols += dicts[i]->n_symbols;
-
- /* fill a new array with cloned glyph pointers */
-- new = jbig2_sd_new(ctx, symbols);
-- if (new != NULL) {
-+ new_dict = jbig2_sd_new(ctx, symbols);
-+ if (new_dict != NULL) {
- k = 0;
- for (i = 0; i < n_dicts; i++)
- for (j = 0; j < dicts[i]->n_symbols; j++)
-- new->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
-+ new_dict->glyphs[k++] = jbig2_image_clone(ctx, dicts[i]->glyphs[j]);
- } else {
- jbig2_error(ctx, JBIG2_SEVERITY_WARNING, -1, "failed to allocate new symbol dictionary");
- }
-
-- return new;
-+ return new_dict;
- }
-
- /* Decoding routines */
-@@ -431,7 +431,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
-
- if (REFAGGNINST > 1) {
- Jbig2Image *image;
-- int i;
-+ uint32_t i;
-
- if (tparams == NULL) {
- /* First time through, we need to initialise the */
-@@ -512,7 +512,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
- uint32_t ID;
- int32_t RDX, RDY;
- int BMSIZE = 0;
-- int ninsyms = params->SDNUMINSYMS;
-+ uint32_t ninsyms = params->SDNUMINSYMS;
- int code1 = 0;
- int code2 = 0;
- int code3 = 0;
-@@ -609,8 +609,9 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
- if (params->SDHUFF && !params->SDREFAGG) {
- /* 6.5.9 */
- Jbig2Image *image;
-- int BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
-- int j, x;
-+ uint32_t BMSIZE = jbig2_huffman_get(hs, params->SDHUFFBMSIZE, &code);
-+ uint32_t j;
-+ int x;
-
- if (code || (BMSIZE < 0)) {
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!");
-@@ -700,22 +701,22 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to allocate symbols exported from symbols dictionary");
- goto cleanup4;
- } else {
-- int i = 0;
-- int j = 0;
-- int k;
-+ uint32_t i = 0;
-+ uint32_t j = 0;
-+ uint32_t k;
- int exflag = 0;
-- int64_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
-- int32_t exrunlength;
-+ uint32_t limit = params->SDNUMINSYMS + params->SDNUMNEWSYMS;
-+ uint32_t exrunlength;
- int zerolength = 0;
-
- while (i < limit) {
- if (params->SDHUFF)
- exrunlength = jbig2_huffman_get(hs, SBHUFFRSIZE, &code);
- else
-- code = jbig2_arith_int_decode(IAEX, as, &exrunlength);
-+ code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength);
- /* prevent infinite loop */
- zerolength = exrunlength > 0 ? 0 : zerolength + 1;
-- if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength > params->SDNUMEXSYMS - j))) {
-+ if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
- if (code)
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols");
- else if (exrunlength <= 0)
-@@ -797,8 +798,8 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen
- {
- Jbig2SymbolDictParams params;
- uint16_t flags;
-- int sdat_bytes;
-- int offset;
-+ uint32_t sdat_bytes;
-+ uint32_t offset;
- Jbig2ArithCx *GB_stats = NULL;
- Jbig2ArithCx *GR_stats = NULL;
- int table_index = 0;
-@@ -951,7 +952,7 @@ jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segmen
-
- /* 7.4.2.2 (2) */
- {
-- int n_dicts = jbig2_sd_count_referred(ctx, segment);
-+ uint32_t n_dicts = jbig2_sd_count_referred(ctx, segment);
- Jbig2SymbolDict **dicts = NULL;
-
- if (n_dicts > 0) {
-diff --git a/jbig2_symbol_dict.h b/jbig2_symbol_dict.h
-index d56d62d..30211d4 100644
---- a/jbig2_symbol_dict.h
-+++ b/jbig2_symbol_dict.h
-@@ -32,18 +32,18 @@ int jbig2_symbol_dictionary(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *se
- Jbig2Image *jbig2_sd_glyph(Jbig2SymbolDict *dict, unsigned int id);
-
- /* return a new empty symbol dict */
--Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, int n_symbols);
-+Jbig2SymbolDict *jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols);
-
- /* release the memory associated with a symbol dict */
- void jbig2_sd_release(Jbig2Ctx *ctx, Jbig2SymbolDict *dict);
-
- /* generate a new symbol dictionary by concatenating a list of
- existing dictionaries */
--Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, int n_dicts, Jbig2SymbolDict **dicts);
-+Jbig2SymbolDict *jbig2_sd_cat(Jbig2Ctx *ctx, uint32_t n_dicts, Jbig2SymbolDict **dicts);
-
- /* count the number of dictionary segments referred
- to by the given segment */
--int jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
-+uint32_t jbig2_sd_count_referred(Jbig2Ctx *ctx, Jbig2Segment *segment);
-
- /* return an array of pointers to symbol dictionaries referred
- to by a segment */
-diff --git a/jbig2_text.c b/jbig2_text.c
-index 5c99640..e77460f 100644
---- a/jbig2_text.c
-+++ b/jbig2_text.c
-@@ -55,7 +55,7 @@
- int
- jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
- const Jbig2TextRegionParams *params,
-- const Jbig2SymbolDict *const *dicts, const int n_dicts,
-+ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
- Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws)
- {
- /* relevent bits of 6.4.4 */
-@@ -476,19 +476,19 @@ cleanup2:
- int
- jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data)
- {
-- int offset = 0;
-+ uint32_t offset = 0;
- Jbig2RegionSegmentInfo region_info;
- Jbig2TextRegionParams params;
- Jbig2Image *image = NULL;
- Jbig2SymbolDict **dicts = NULL;
-- int n_dicts = 0;
-+ uint32_t n_dicts = 0;
- uint16_t flags = 0;
- uint16_t huffman_flags = 0;
- Jbig2ArithCx *GR_stats = NULL;
- int code = 0;
- Jbig2WordStream *ws = NULL;
- Jbig2ArithState *as = NULL;
-- int table_index = 0;
-+ uint32_t table_index = 0;
- const Jbig2HuffmanParams *huffman_params = NULL;
-
- /* 7.4.1 */
-@@ -779,7 +779,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
- code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "unable to retrive symbol dictionaries! previous parsing error?");
- goto cleanup1;
- } else {
-- int index;
-+ uint32_t index;
-
- if (dicts[0] == NULL) {
- code = jbig2_error(ctx, JBIG2_SEVERITY_WARNING, segment->number, "unable to find first referenced symbol dictionary!");
-@@ -823,8 +823,8 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
- }
-
- if (!params.SBHUFF) {
-- int SBSYMCODELEN, index;
-- int SBNUMSYMS = 0;
-+ uint32_t SBSYMCODELEN, index;
-+ uint32_t SBNUMSYMS = 0;
-
- for (index = 0; index < n_dicts; index++) {
- SBNUMSYMS += dicts[index]->n_symbols;
-@@ -840,7 +840,7 @@ jbig2_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment, const byte *segment_data
- }
-
- /* Table 31 */
-- for (SBSYMCODELEN = 0; (1 << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
-+ for (SBSYMCODELEN = 0; (1U << SBSYMCODELEN) < SBNUMSYMS; SBSYMCODELEN++) {
- }
- params.IAID = jbig2_arith_iaid_ctx_new(ctx, SBSYMCODELEN);
- params.IARI = jbig2_arith_int_ctx_new(ctx);
-diff --git a/jbig2_text.h b/jbig2_text.h
-index aec2732..51d242e 100644
---- a/jbig2_text.h
-+++ b/jbig2_text.h
-@@ -70,5 +70,5 @@ typedef struct {
- int
- jbig2_decode_text_region(Jbig2Ctx *ctx, Jbig2Segment *segment,
- const Jbig2TextRegionParams *params,
-- const Jbig2SymbolDict *const *dicts, const int n_dicts,
-+ const Jbig2SymbolDict *const *dicts, const uint32_t n_dicts,
- Jbig2Image *image, const byte *data, const size_t size, Jbig2ArithCx *GR_stats, Jbig2ArithState *as, Jbig2WordStream *ws);
---
-2.9.1
-
+++ /dev/null
-Fix CVE-2017-7885:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7885
-https://bugs.ghostscript.com/show_bug.cgi?id=697703
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=258290340bb657c9efb44457f717b0d8b49f4aa3
-
-From 258290340bb657c9efb44457f717b0d8b49f4aa3 Mon Sep 17 00:00:00 2001
-From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
-Date: Wed, 3 May 2017 22:06:01 +0100
-Subject: [PATCH] Bug 697703: Prevent integer overflow vulnerability.
-
-Add extra check for the offset being greater than the size
-of the image and hence reading off the end of the buffer.
-
-Thank you to Dai Ge for finding this issue and suggesting a patch.
----
- jbig2_symbol_dict.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
-index 4acaba9..36225cb 100644
---- a/jbig2_symbol_dict.c
-+++ b/jbig2_symbol_dict.c
-@@ -629,7 +629,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
- byte *dst = image->data;
-
- /* SumatraPDF: prevent read access violation */
-- if (size - jbig2_huffman_offset(hs) < image->height * stride) {
-+ if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) {
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride,
- size - jbig2_huffman_offset(hs));
- jbig2_image_release(ctx, image);
---
-2.13.0
-
+++ /dev/null
-Fix CVE-2017-7975:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7975
-https://bugs.ghostscript.com/show_bug.cgi?id=697693
-
-Patch copied from upstream source repository:
-
-https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=f8992b8fe65c170c8624226f127c5c4bfed42c66
-
-From f8992b8fe65c170c8624226f127c5c4bfed42c66 Mon Sep 17 00:00:00 2001
-From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
-Date: Wed, 26 Apr 2017 22:12:14 +0100
-Subject: [PATCH] Bug 697693: Prevent SEGV due to integer overflow.
-
-While building a Huffman table, the start and end points were susceptible
-to integer overflow.
-
-Thank you to Jiaqi for finding this issue and suggesting a patch.
----
- jbig2_huffman.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/jbig2_huffman.c b/jbig2_huffman.c
-index 511e461..b4189a1 100644
---- a/jbig2_huffman.c
-+++ b/jbig2_huffman.c
-@@ -421,8 +421,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx, const Jbig2HuffmanParams *params)
-
- if (PREFLEN == CURLEN) {
- int RANGELEN = lines[CURTEMP].RANGELEN;
-- int start_j = CURCODE << shift;
-- int end_j = (CURCODE + 1) << shift;
-+ uint32_t start_j = CURCODE << shift;
-+ uint32_t end_j = (CURCODE + 1) << shift;
- byte eflags = 0;
-
- if (end_j > max_j) {
---
-2.13.0
-
+++ /dev/null
-Fix CVE-2017-7976:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7976
-https://bugs.ghostscript.com/show_bug.cgi?id=697683
-
-In order to make the bug-fix patch apply, we also include an earlier commit
-that it depends on.
-
-Patches copied from upstream source repository:
-
-Earlier commit, creating context for the CVE fix:
-https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=9d2c4f3bdb0bd003deae788e7187c0f86e624544
-
-CVE-2017-7976 bug fix:
-https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=cfa054925de49675ac5445515ebf036fa9379ac6
-
-From 9d2c4f3bdb0bd003deae788e7187c0f86e624544 Mon Sep 17 00:00:00 2001
-From: Tor Andersson <tor.andersson@artifex.com>
-Date: Wed, 14 Dec 2016 15:56:31 +0100
-Subject: [PATCH] Fix warnings: remove unsigned < 0 tests that are always
- false.
-
----
- jbig2_image.c | 2 +-
- jbig2_mmr.c | 2 +-
- jbig2_symbol_dict.c | 9 ++-------
- 3 files changed, 4 insertions(+), 9 deletions(-)
-
-diff --git a/jbig2_image.c b/jbig2_image.c
-index 94e5a4c..00f966b 100644
---- a/jbig2_image.c
-+++ b/jbig2_image.c
-@@ -256,7 +256,7 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
- /* general OR case */
- s = ss;
- d = dd = dst->data + y * dst->stride + leftbyte;
-- if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
-+ if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
- return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
- }
- if (leftbyte == rightbyte) {
-diff --git a/jbig2_mmr.c b/jbig2_mmr.c
-index 390e27c..da54934 100644
---- a/jbig2_mmr.c
-+++ b/jbig2_mmr.c
-@@ -977,7 +977,7 @@ jbig2_decode_mmr_line(Jbig2MmrCtx *mmr, const byte *ref, byte *dst)
- if (b1 < 2)
- break;
- if (c) {
-- if (b1 - 2 < a0 || a0 < 0)
-+ if (a0 == MINUS1 || b1 - 2 < a0)
- return -1;
- jbig2_set_bits(dst, a0, b1 - 2);
- }
-diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
-index 11a2252..4acaba9 100644
---- a/jbig2_symbol_dict.c
-+++ b/jbig2_symbol_dict.c
-@@ -92,11 +92,6 @@ jbig2_sd_new(Jbig2Ctx *ctx, uint32_t n_symbols)
- {
- Jbig2SymbolDict *new_dict = NULL;
-
-- if (n_symbols < 0) {
-- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "Negative number of symbols in symbol dict: %d", n_symbols);
-- return NULL;
-- }
--
- new_dict = jbig2_new(ctx, Jbig2SymbolDict, 1);
- if (new_dict != NULL) {
- new_dict->glyphs = jbig2_new(ctx, Jbig2Image *, n_symbols);
-@@ -613,7 +608,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
- uint32_t j;
- int x;
-
-- if (code || (BMSIZE < 0)) {
-+ if (code) {
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "error decoding size of collective bitmap!");
- goto cleanup4;
- }
-@@ -716,7 +711,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
- code = jbig2_arith_int_decode(IAEX, as, (int32_t *)&exrunlength);
- /* prevent infinite loop */
- zerolength = exrunlength > 0 ? 0 : zerolength + 1;
-- if (code || (exrunlength > limit - i) || (exrunlength < 0) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
-+ if (code || (exrunlength > limit - i) || (zerolength > 4) || (exflag && (exrunlength + j > params->SDNUMEXSYMS))) {
- if (code)
- jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to decode exrunlength for exported symbols");
- else if (exrunlength <= 0)
---
-2.13.0
-
-From cfa054925de49675ac5445515ebf036fa9379ac6 Mon Sep 17 00:00:00 2001
-From: Shailesh Mistry <shailesh.mistry@hotmail.co.uk>
-Date: Wed, 10 May 2017 17:50:39 +0100
-Subject: [PATCH] Bug 697683: Bounds check before reading from image source
- data.
-
-Add extra check to prevent reading off the end of the image source
-data buffer.
-
-Thank you to Dai Ge for finding this issue and suggesting a patch.
----
- jbig2_image.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/jbig2_image.c b/jbig2_image.c
-index 661d0a5..ae161b9 100644
---- a/jbig2_image.c
-+++ b/jbig2_image.c
-@@ -263,7 +263,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
- /* general OR case */
- s = ss;
- d = dd = dst->data + y * dst->stride + leftbyte;
-- if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
-+ if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride ||
-+ s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) {
- return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
- }
- if (leftbyte == rightbyte) {
---
-2.13.0
-
-Do not run the "testtest script", it doesn't seem to do anything and reports
-failiute. TODO: Actually fix the test instead of ignoring it.
+Do not run the test 'test_jbig2dec.py'. It doesn't seem to do anything
+and reports failure. TODO: Actually fix the test instead of ignoring it.
diff --git a/Makefile.in b/Makefile.in
-index 0573592..1a5de77 100644
+index 63982d4..8af1d61 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -93,7 +93,7 @@ host_triplet = @host@
+++ /dev/null
-Fix CVE-2017-10688:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2712
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688
-https://security-tracker.debian.org/tracker/CVE-2017-10688
-
-Patch lifted from upstream source repository (the changes to 'ChangeLog'
-don't apply to the libtiff 4.0.8 release tarball).
-
-3rd party Git reference:
-
-https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
-
-2017-06-30 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_dirwrite.c: in TIFFWriteDirectoryTagCheckedXXXX()
- functions associated with LONG8/SLONG8 data type, replace assertion
-that
- the file is BigTIFF, by a non-fatal error.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2712
- Reported by team OWL337
-
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1259; previous revision: 1.1258
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v <--
-libtiff/tif_dirwrite.c
-new revision: 1.86; previous revision: 1.85
-
-Index: libtiff/libtiff/tif_dirwrite.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirwrite.c,v
-retrieving revision 1.85
-retrieving revision 1.86
-diff -u -r1.85 -r1.86
---- libtiff/libtiff/tif_dirwrite.c 11 Jan 2017 16:09:02 -0000 1.85
-+++ libtiff/libtiff/tif_dirwrite.c 30 Jun 2017 17:29:44 -0000 1.86
-@@ -1,4 +1,4 @@
--/* $Id: tif_dirwrite.c,v 1.85 2017-01-11 16:09:02 erouault Exp $ */
-+/* $Id: tif_dirwrite.c,v 1.86 2017-06-30 17:29:44 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -2111,7 +2111,10 @@
- {
- uint64 m;
- assert(sizeof(uint64)==8);
-- assert(tif->tif_flags&TIFF_BIGTIFF);
-+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
-+ return(0);
-+ }
- m=value;
- if (tif->tif_flags&TIFF_SWAB)
- TIFFSwabLong8(&m);
-@@ -2124,7 +2127,10 @@
- {
- assert(count<0x20000000);
- assert(sizeof(uint64)==8);
-- assert(tif->tif_flags&TIFF_BIGTIFF);
-+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","LONG8 not allowed for ClassicTIFF");
-+ return(0);
-+ }
- if (tif->tif_flags&TIFF_SWAB)
- TIFFSwabArrayOfLong8(value,count);
- return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_LONG8,count,count*8,value));
-@@ -2136,7 +2142,10 @@
- {
- int64 m;
- assert(sizeof(int64)==8);
-- assert(tif->tif_flags&TIFF_BIGTIFF);
-+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
-+ return(0);
-+ }
- m=value;
- if (tif->tif_flags&TIFF_SWAB)
- TIFFSwabLong8((uint64*)(&m));
-@@ -2149,7 +2158,10 @@
- {
- assert(count<0x20000000);
- assert(sizeof(int64)==8);
-- assert(tif->tif_flags&TIFF_BIGTIFF);
-+ if( !(tif->tif_flags&TIFF_BIGTIFF) ) {
-+ TIFFErrorExt(tif->tif_clientdata,"TIFFWriteDirectoryTagCheckedLong8","SLONG8 not allowed for ClassicTIFF");
-+ return(0);
-+ }
- if (tif->tif_flags&TIFF_SWAB)
- TIFFSwabArrayOfLong8((uint64*)value,count);
- return(TIFFWriteDirectoryTagData(tif,ndir,dir,tag,TIFF_SLONG8,count,count*8,value));
+++ /dev/null
-Fix CVE-2017-9936:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2706
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936
-https://security-tracker.debian.org/tracker/CVE-2017-9936
-
-Patch lifted from upstream source repository (the changes to 'ChangeLog'
-don't apply to the libtiff 4.0.8 release tarball).
-
-3rd party Git reference:
-
-https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
-
-2017-06-26 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_jbig.c: fix memory leak in error code path of
-JBIGDecode()
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706
- Reported by team OWL337
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1254; previous revision: 1.1253
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v <-- libtiff/tif_jbig.c
-new revision: 1.16; previous revision: 1.15
-
-Index: libtiff/libtiff/tif_jbig.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v
-retrieving revision 1.15
-retrieving revision 1.16
-diff -u -r1.15 -r1.16
---- libtiff/libtiff/tif_jbig.c 10 Mar 2010 18:56:48 -0000 1.15
-+++ libtiff/libtiff/tif_jbig.c 26 Jun 2017 15:20:00 -0000 1.16
-@@ -1,4 +1,4 @@
--/* $Id: tif_jbig.c,v 1.15 2010-03-10 18:56:48 bfriesen Exp $ */
-+/* $Id: tif_jbig.c,v 1.16 2017-06-26 15:20:00 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -94,6 +94,7 @@
- jbg_strerror(decodeStatus)
- #endif
- );
-+ jbg_dec_free(&decoder);
- return 0;
- }
-
+++ /dev/null
-Fix several bugs in libtiff related to use of TIFFGetField():
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2580
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7554
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5318
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095
-
-Patch copied from upstream CVS. 3rd-party Git reference:
-https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06
-
-2017-06-01 Even Rouault <even.rouault at spatialys.com>
-
-* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(),
-and use it in TIFFReadDirectory() so as to ignore fields whose tag is a
-codec-specified tag but this codec is not enabled. This avoids TIFFGetField()
-to behave differently depending on whether the codec is enabled or not, and
-thus can avoid stack based buffer overflows in a number of TIFF utilities
-such as tiffsplit, tiffcmp, thumbnail, etc.
-Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch
-(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog.
-Fixes:
-http://bugzilla.maptools.org/show_bug.cgi?id=2580
-http://bugzilla.maptools.org/show_bug.cgi?id=2693
-http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095)
-http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554)
-http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318)
-http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128)
-http://bugzilla.maptools.org/show_bug.cgi?id=2441
-http://bugzilla.maptools.org/show_bug.cgi?id=2433
-Index: libtiff/libtiff/tif_dirread.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
-retrieving revision 1.208
-retrieving revision 1.209
-diff -u -r1.208 -r1.209
---- libtiff/libtiff/tif_dirread.c 27 Apr 2017 15:46:22 -0000 1.208
-+++ libtiff/libtiff/tif_dirread.c 1 Jun 2017 12:44:04 -0000 1.209
-@@ -1,4 +1,4 @@
--/* $Id: tif_dirread.c,v 1.208 2017-04-27 15:46:22 erouault Exp $ */
-+/* $Id: tif_dirread.c,v 1.209 2017-06-01 12:44:04 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -3580,6 +3580,10 @@
- goto bad;
- dp->tdir_tag=IGNORE;
- break;
-+ default:
-+ if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
-+ dp->tdir_tag=IGNORE;
-+ break;
- }
- }
- }
-Index: libtiff/libtiff/tif_dirinfo.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirinfo.c,v
-retrieving revision 1.126
-retrieving revision 1.127
-diff -u -r1.126 -r1.127
---- libtiff/libtiff/tif_dirinfo.c 18 Nov 2016 02:52:13 -0000 1.126
-+++ libtiff/libtiff/tif_dirinfo.c 1 Jun 2017 12:44:04 -0000 1.127
-@@ -1,4 +1,4 @@
--/* $Id: tif_dirinfo.c,v 1.126 2016-11-18 02:52:13 bfriesen Exp $ */
-+/* $Id: tif_dirinfo.c,v 1.127 2017-06-01 12:44:04 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -956,6 +956,109 @@
- return 0;
- }
-
-+int
-+_TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag)
-+{
-+ /* Filter out non-codec specific tags */
-+ switch (tag) {
-+ /* Shared tags */
-+ case TIFFTAG_PREDICTOR:
-+ /* JPEG tags */
-+ case TIFFTAG_JPEGTABLES:
-+ /* OJPEG tags */
-+ case TIFFTAG_JPEGIFOFFSET:
-+ case TIFFTAG_JPEGIFBYTECOUNT:
-+ case TIFFTAG_JPEGQTABLES:
-+ case TIFFTAG_JPEGDCTABLES:
-+ case TIFFTAG_JPEGACTABLES:
-+ case TIFFTAG_JPEGPROC:
-+ case TIFFTAG_JPEGRESTARTINTERVAL:
-+ /* CCITT* */
-+ case TIFFTAG_BADFAXLINES:
-+ case TIFFTAG_CLEANFAXDATA:
-+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+ case TIFFTAG_GROUP3OPTIONS:
-+ case TIFFTAG_GROUP4OPTIONS:
-+ break;
-+ default:
-+ return 1;
-+ }
-+ /* Check if codec specific tags are allowed for the current
-+ * compression scheme (codec) */
-+ switch (tif->tif_dir.td_compression) {
-+ case COMPRESSION_LZW:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+ case COMPRESSION_PACKBITS:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_THUNDERSCAN:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_NEXT:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_JPEG:
-+ if (tag == TIFFTAG_JPEGTABLES)
-+ return 1;
-+ break;
-+ case COMPRESSION_OJPEG:
-+ switch (tag) {
-+ case TIFFTAG_JPEGIFOFFSET:
-+ case TIFFTAG_JPEGIFBYTECOUNT:
-+ case TIFFTAG_JPEGQTABLES:
-+ case TIFFTAG_JPEGDCTABLES:
-+ case TIFFTAG_JPEGACTABLES:
-+ case TIFFTAG_JPEGPROC:
-+ case TIFFTAG_JPEGRESTARTINTERVAL:
-+ return 1;
-+ }
-+ break;
-+ case COMPRESSION_CCITTRLE:
-+ case COMPRESSION_CCITTRLEW:
-+ case COMPRESSION_CCITTFAX3:
-+ case COMPRESSION_CCITTFAX4:
-+ switch (tag) {
-+ case TIFFTAG_BADFAXLINES:
-+ case TIFFTAG_CLEANFAXDATA:
-+ case TIFFTAG_CONSECUTIVEBADFAXLINES:
-+ return 1;
-+ case TIFFTAG_GROUP3OPTIONS:
-+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX3)
-+ return 1;
-+ break;
-+ case TIFFTAG_GROUP4OPTIONS:
-+ if (tif->tif_dir.td_compression == COMPRESSION_CCITTFAX4)
-+ return 1;
-+ break;
-+ }
-+ break;
-+ case COMPRESSION_JBIG:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_DEFLATE:
-+ case COMPRESSION_ADOBE_DEFLATE:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+ case COMPRESSION_PIXARLOG:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+ case COMPRESSION_SGILOG:
-+ case COMPRESSION_SGILOG24:
-+ /* No codec-specific tags */
-+ break;
-+ case COMPRESSION_LZMA:
-+ if (tag == TIFFTAG_PREDICTOR)
-+ return 1;
-+ break;
-+
-+ }
-+ return 0;
-+}
-+
- /* vim: set ts=8 sts=8 sw=8 noet: */
-
- /*
-Index: libtiff/libtiff/tif_dir.h
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.h,v
-retrieving revision 1.54
-retrieving revision 1.55
-diff -u -r1.54 -r1.55
---- libtiff/libtiff/tif_dir.h 18 Feb 2011 20:53:05 -0000 1.54
-+++ libtiff/libtiff/tif_dir.h 1 Jun 2017 12:44:04 -0000 1.55
-@@ -1,4 +1,4 @@
--/* $Id: tif_dir.h,v 1.54 2011-02-18 20:53:05 fwarmerdam Exp $ */
-+/* $Id: tif_dir.h,v 1.55 2017-06-01 12:44:04 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -291,6 +291,7 @@
- extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32);
- extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32, TIFFDataType);
- extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32, TIFFDataType);
-+extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag);
-
- #if defined(__cplusplus)
- }
+++ /dev/null
-Fix an integer overflow TIFFYCbCrtoRGB():
-
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844
-
-3rd party Git reference:
-
-https://github.com/vadz/libtiff/commit/02669064e927074819ce1ed39aba0fccaa167717
-
-2017-05-29 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoid
- int32 overflow in TIFFYCbCrtoRGB().
- Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1844
- Credit to OSS Fuzz
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1241; previous revision: 1.1240
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v <-- libtiff/tif_color.c
-new revision: 1.24; previous revision: 1.23
-
-Index: libtiff/libtiff/tif_color.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_color.c,v
-retrieving revision 1.23
-retrieving revision 1.24
-diff -u -r1.23 -r1.24
---- libtiff/libtiff/tif_color.c 13 May 2017 18:17:34 -0000 1.23
-+++ libtiff/libtiff/tif_color.c 29 May 2017 10:12:54 -0000 1.24
-@@ -1,4 +1,4 @@
--/* $Id: tif_color.c,v 1.23 2017-05-13 18:17:34 erouault Exp $ */
-+/* $Id: tif_color.c,v 1.24 2017-05-29 10:12:54 erouault Exp $ */
-
- /*
- * Copyright (c) 1988-1997 Sam Leffler
-@@ -275,10 +275,10 @@
- for (i = 0, x = -128; i < 256; i++, x++) {
- int32 Cr = (int32)CLAMPw(Code2V(x, refBlackWhite[4] - 128.0F,
- refBlackWhite[5] - 128.0F, 127),
-- -128.0F * 64, 128.0F * 64);
-+ -128.0F * 32, 128.0F * 32);
- int32 Cb = (int32)CLAMPw(Code2V(x, refBlackWhite[2] - 128.0F,
- refBlackWhite[3] - 128.0F, 127),
-- -128.0F * 64, 128.0F * 64);
-+ -128.0F * 32, 128.0F * 32);
-
- ycbcr->Cr_r_tab[i] = (int32)((D1*Cr + ONE_HALF)>>SHIFT);
- ycbcr->Cb_b_tab[i] = (int32)((D3*Cb + ONE_HALF)>>SHIFT);
-@@ -286,7 +286,7 @@
- ycbcr->Cb_g_tab[i] = D4*Cb + ONE_HALF;
- ycbcr->Y_tab[i] =
- (int32)CLAMPw(Code2V(x + 128, refBlackWhite[0], refBlackWhite[1], 255),
-- -128.0F * 64, 128.0F * 64);
-+ -128.0F * 32, 128.0F * 32);
- }
- }
-
+++ /dev/null
-Fix an integer overflow in initYCbCrConversion():
-
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907
-
-3rd party Git reference
-
-https://github.com/vadz/libtiff/commit/468988860e0dae62ebbf991627c74bcbb4bd256f
-
- * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for
- refBlackWhite coefficients values. To avoid invalid float->int32 conversion
- (when refBlackWhite[0] == 2147483648.f)
- Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907
- Credit to OSS Fuzz
-
-
-/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
-new revision: 1.1243; previous revision: 1.1242
-/cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v <-- libtiff/tif_getimage.c
-new revision: 1.107; previous revision: 1.106
-
-Index: libtiff/libtiff/tif_getimage.c
-===================================================================
-RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_getimage.c,v
-retrieving revision 1.106
-retrieving revision 1.107
-diff -u -r1.106 -r1.107
---- libtiff/libtiff/tif_getimage.c 20 May 2017 11:29:02 -0000 1.106
-+++ libtiff/libtiff/tif_getimage.c 29 May 2017 11:29:06 -0000 1.107
-@@ -1,4 +1,4 @@
--/* $Id: tif_getimage.c,v 1.106 2017-05-20 11:29:02 erouault Exp $ */
-+/* $Id: tif_getimage.c,v 1.107 2017-05-29 11:29:06 erouault Exp $ */
-
- /*
- * Copyright (c) 1991-1997 Sam Leffler
-@@ -2241,7 +2241,7 @@
-
- static int isInRefBlackWhiteRange(float f)
- {
-- return f >= (float)(-0x7FFFFFFF + 128) && f <= (float)0x7FFFFFFF;
-+ return f > (float)(-0x7FFFFFFF + 128) && f < (float)0x7FFFFFFF;
- }
-
- static int
+++ /dev/null
-This patch fixes performance problems on multi-core machines
-as reported at <https://bugs.gnu.org/26441>.
-
-See commit 480d374e596a0ee3fed168ab42cd84c313ad3c89 in Gnulib
-by Bruno Haible <bruno@clisp.org>.
-
-diff --git a/tests/test-lock.c b/tests/test-lock.c
-index cb734b4e6..aa6de2739 100644
---- a/tests/test-lock.c
-+++ b/tests/test-lock.c
-@@ -50,6 +50,13 @@
- Uncomment this to see if the operating system has a fair scheduler. */
- #define EXPLICIT_YIELD 1
-
-+/* Whether to use 'volatile' on some variables that communicate information
-+ between threads. If set to 0, a lock is used to protect these variables.
-+ If set to 1, 'volatile' is used; this is theoretically equivalent but can
-+ lead to much slower execution (e.g. 30x slower total run time on a 40-core
-+ machine. */
-+#define USE_VOLATILE 0
-+
- /* Whether to print debugging messages. */
- #define ENABLE_DEBUGGING 0
-
-@@ -103,6 +110,51 @@
- # define yield()
- #endif
-
-+#if USE_VOLATILE
-+struct atomic_int {
-+ volatile int value;
-+};
-+static void
-+init_atomic_int (struct atomic_int *ai)
-+{
-+}
-+static int
-+get_atomic_int_value (struct atomic_int *ai)
-+{
-+ return ai->value;
-+}
-+static void
-+set_atomic_int_value (struct atomic_int *ai, int new_value)
-+{
-+ ai->value = new_value;
-+}
-+#else
-+struct atomic_int {
-+ gl_lock_define (, lock)
-+ int value;
-+};
-+static void
-+init_atomic_int (struct atomic_int *ai)
-+{
-+ gl_lock_init (ai->lock);
-+}
-+static int
-+get_atomic_int_value (struct atomic_int *ai)
-+{
-+ gl_lock_lock (ai->lock);
-+ int ret = ai->value;
-+ gl_lock_unlock (ai->lock);
-+ return ret;
-+}
-+static void
-+set_atomic_int_value (struct atomic_int *ai, int new_value)
-+{
-+ gl_lock_lock (ai->lock);
-+ ai->value = new_value;
-+ gl_lock_unlock (ai->lock);
-+}
-+#endif
-+
- #define ACCOUNT_COUNT 4
-
- static int account[ACCOUNT_COUNT];
-@@ -170,12 +222,12 @@ lock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int lock_checker_done;
-+static struct atomic_int lock_checker_done;
-
- static void *
- lock_checker_thread (void *arg)
- {
-- while (!lock_checker_done)
-+ while (get_atomic_int_value (&lock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
- gl_lock_lock (my_lock);
-@@ -200,7 +252,8 @@ test_lock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- lock_checker_done = 0;
-+ init_atomic_int (&lock_checker_done);
-+ set_atomic_int_value (&lock_checker_done, 0);
-
- /* Spawn the threads. */
- checkerthread = gl_thread_create (lock_checker_thread, NULL);
-@@ -210,7 +263,7 @@ test_lock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- lock_checker_done = 1;
-+ set_atomic_int_value (&lock_checker_done, 1);
- gl_thread_join (checkerthread, NULL);
- check_accounts ();
- }
-@@ -254,12 +307,12 @@ rwlock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int rwlock_checker_done;
-+static struct atomic_int rwlock_checker_done;
-
- static void *
- rwlock_checker_thread (void *arg)
- {
-- while (!rwlock_checker_done)
-+ while (get_atomic_int_value (&rwlock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check rdlock\n", gl_thread_self_pointer ());
- gl_rwlock_rdlock (my_rwlock);
-@@ -284,7 +337,8 @@ test_rwlock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- rwlock_checker_done = 0;
-+ init_atomic_int (&rwlock_checker_done);
-+ set_atomic_int_value (&rwlock_checker_done, 0);
-
- /* Spawn the threads. */
- for (i = 0; i < THREAD_COUNT; i++)
-@@ -295,7 +349,7 @@ test_rwlock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- rwlock_checker_done = 1;
-+ set_atomic_int_value (&rwlock_checker_done, 1);
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (checkerthreads[i], NULL);
- check_accounts ();
-@@ -356,12 +410,12 @@ reclock_mutator_thread (void *arg)
- return NULL;
- }
-
--static volatile int reclock_checker_done;
-+static struct atomic_int reclock_checker_done;
-
- static void *
- reclock_checker_thread (void *arg)
- {
-- while (!reclock_checker_done)
-+ while (get_atomic_int_value (&reclock_checker_done) == 0)
- {
- dbgprintf ("Checker %p before check lock\n", gl_thread_self_pointer ());
- gl_recursive_lock_lock (my_reclock);
-@@ -386,7 +440,8 @@ test_recursive_lock (void)
- /* Initialization. */
- for (i = 0; i < ACCOUNT_COUNT; i++)
- account[i] = 1000;
-- reclock_checker_done = 0;
-+ init_atomic_int (&reclock_checker_done);
-+ set_atomic_int_value (&reclock_checker_done, 0);
-
- /* Spawn the threads. */
- checkerthread = gl_thread_create (reclock_checker_thread, NULL);
-@@ -396,7 +451,7 @@ test_recursive_lock (void)
- /* Wait for the threads to terminate. */
- for (i = 0; i < THREAD_COUNT; i++)
- gl_thread_join (threads[i], NULL);
-- reclock_checker_done = 1;
-+ set_atomic_int_value (&reclock_checker_done, 1);
- gl_thread_join (checkerthread, NULL);
- check_accounts ();
- }
+++ /dev/null
-Fix CVE-2016-4658:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
-
-From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 18:34:52 +0200
-Subject: [PATCH] Disallow namespace nodes in XPointer ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-4658.
----
- xpointer.c | 149 +++++++++++++++++++++++--------------------------------------
- 1 file changed, 56 insertions(+), 93 deletions(-)
-
-diff --git a/xpointer.c b/xpointer.c
-index a7b03fbd..694d120e 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
-
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start: the starting node
-+ * @startindex: the start index
-+ * @end: the ending point
-+ * @endindex: the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+ xmlNodePtr end, int endindex) {
-+ xmlXPathObjectPtr ret;
-+
-+ /*
-+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+ * Disallow them for now.
-+ */
-+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+
-+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+ if (ret == NULL) {
-+ xmlXPtrErrMemory("allocating range");
-+ return(NULL);
-+ }
-+ memset(ret, 0, sizeof(xmlXPathObject));
-+ ret->type = XPATH_RANGE;
-+ ret->user = start;
-+ ret->index = startindex;
-+ ret->user2 = end;
-+ ret->index2 = endindex;
-+ return(ret);
-+}
-+
-+/**
- * xmlXPtrNewRange:
- * @start: the starting node
- * @startindex: the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
- if (endindex < 0)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = startindex;
-- ret->user2 = end;
-- ret->index2 = endindex;
-+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+ end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
- if (start->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
- if (end == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- if (start == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = NULL;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
- return(ret);
- }
-
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+ xmlNodePtr endNode;
-+ int endIndex;
- xmlXPathObjectPtr ret;
-
- if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- return(NULL);
- switch (end->type) {
- case XPATH_POINT:
-+ endNode = end->user;
-+ endIndex = end->index;
-+ break;
- case XPATH_RANGE:
-+ endNode = end->user2;
-+ endIndex = end->index2;
- break;
- case XPATH_NODESET:
- /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- */
- if (end->nodesetval->nodeNr <= 0)
- return(NULL);
-+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+ endIndex = -1;
- break;
- default:
- /* TODO */
- return(NULL);
- }
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- switch (end->type) {
-- case XPATH_POINT:
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-- break;
-- case XPATH_RANGE:
-- ret->user2 = end->user2;
-- ret->index2 = end->index2;
-- break;
-- case XPATH_NODESET: {
-- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-- ret->index2 = -1;
-- break;
-- }
-- default:
-- STRANGE
-- return(NULL);
-- }
-+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
---
-2.11.0
-
+++ /dev/null
-Fix CVE-2016-5131:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
-
-Patches copied from upstream source repository (the test suite fails
-without the 2nd patch):
-
-https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
-https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8
-
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase | 1 +
- xpath.c | 7 ++++-
- xpointer.c | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d6..f19193e7 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
- To node
- ELEMENT p
-
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 : Object is a range :
-+ From node
-+ /
-+ To node
-+ ELEMENT chapter
-+ ATTRIBUTE id
-+ TEXT
-+ content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b1463830..884b1065 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841e..5a01b1b3 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- lc = 1;
- break;
- } else if ((NXT(len) == '(')) {
-- /* Note Type or Function */
-+ /* Node Type or Function */
- if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
- "PathExpr: Type search\n");
- #endif
- lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+ } else if (ctxt->xptr &&
-+ xmlStrEqual(name, BAD_CAST "range-to")) {
-+ lc = 1;
-+#endif
- } else {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c5105..d74174a3 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
- ret->here = here;
- ret->origin = origin;
-
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
-- xmlXPtrRangeToFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- xmlXPtrRangeFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- * @nargs: the number of args
- *
- * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
- */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-- xmlXPathObjectPtr range;
-- const xmlChar *cur;
-- xmlXPathObjectPtr res, obj;
-- xmlXPathObjectPtr tmp;
-- xmlLocationSetPtr newset = NULL;
-- xmlNodeSetPtr oldset;
-- int i;
--
-- if (ctxt == NULL) return;
-- CHECK_ARITY(1);
-- /*
-- * Save the expression pointer since we will have to evaluate
-- * it multiple times. Initialize the new set.
-- */
-- CHECK_TYPE(XPATH_NODESET);
-- obj = valuePop(ctxt);
-- oldset = obj->nodesetval;
-- ctxt->context->node = NULL;
--
-- cur = ctxt->cur;
-- newset = xmlXPtrLocationSetCreate(NULL);
--
-- for (i = 0; i < oldset->nodeNr; i++) {
-- ctxt->cur = cur;
--
-- /*
-- * Run the evaluation with a node list made of a single item
-- * in the nodeset.
-- */
-- ctxt->context->node = oldset->nodeTab[i];
-- tmp = xmlXPathNewNodeSet(ctxt->context->node);
-- valuePush(ctxt, tmp);
--
-- xmlXPathEvalExpr(ctxt);
-- CHECK_ERROR;
--
-- /*
-- * The result of the evaluation need to be tested to
-- * decided whether the filter succeeded or not
-- */
-- res = valuePop(ctxt);
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
-- if (range != NULL) {
-- xmlXPtrLocationSetAdd(newset, range);
-- }
--
-- /*
-- * Cleanup
-- */
-- if (res != NULL)
-- xmlXPathFreeObject(res);
-- if (ctxt->value == tmp) {
-- res = valuePop(ctxt);
-- xmlXPathFreeObject(res);
-- }
--
-- ctxt->context->node = NULL;
-- }
--
-- /*
-- * The result is used as the new evaluation set.
-- */
-- xmlXPathFreeObject(obj);
-- ctxt->context->node = NULL;
-- ctxt->context->contextSize = -1;
-- ctxt->context->proximityPosition = -1;
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+ int nargs ATTRIBUTE_UNUSED) {
-+ XP_ERROR(XPATH_EXPR_ERROR);
- }
-
- /**
---
-2.11.0
-
-From a005199330b86dada19d162cae15ef9bdcb6baa8 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:19:58 +0200
-Subject: [PATCH] Fix comparison with root node in xmlXPathCmpNodes
-
-This change has already been made in xmlXPathCmpNodesExt but not in
-xmlXPathCmpNodes.
----
- xpath.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/xpath.c b/xpath.c
-index 751665b8..d992841e 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
- * compute depth to root
- */
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node1)
-+ if (cur->parent == node1)
- return(1);
- depth2++;
- }
- root = cur;
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node2)
-+ if (cur->parent == node2)
- return(-1);
- depth1++;
- }
---
-2.11.0
-
+++ /dev/null
-Fix CVE-2017-0663:
-
-https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public)
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
-https://security-tracker.debian.org/tracker/CVE-2017-0663
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
-
-From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 6 Jun 2017 12:56:28 +0200
-Subject: [PATCH] Fix type confusion in xmlValidateOneNamespace
-
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on
-namespace declarations make no practical sense anyway.
-
-Fixes bug 780228.
-
-Found with libFuzzer and ASan.
----
- valid.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/valid.c b/valid.c
-index 8075d3a0..c51ea290 100644
---- a/valid.c
-+++ b/valid.c
-@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- }
- }
-
-+ /*
-+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
-+ * xmlAddID and xmlAddRef for namespace declarations, but it makes
-+ * no practical sense to use ID types anyway.
-+ */
-+#if 0
- /* Validity Constraint: ID uniqueness */
- if (attrDecl->atype == XML_ATTRIBUTE_ID) {
- if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
-@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
- ret = 0;
- }
-+#endif
-
- /* Validity Constraint: Notation Attributes */
- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
---
-2.14.1
-
+++ /dev/null
-Fix CVE-2017-7375:
-
-https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
-https://security-tracker.debian.org/tracker/CVE-2017-7375
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
-
-From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001
-From: Neel Mehta <nmehta@google.com>
-Date: Fri, 7 Apr 2017 17:43:02 +0200
-Subject: [PATCH] Prevent unwanted external entity reference
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=780691
-
-* parser.c: add a specific check to avoid PE reference
----
- parser.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 609a2703..c2c812de 100644
---- a/parser.c
-+++ b/parser.c
-@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
- if (xmlPushInput(ctxt, input) < 0)
- return;
- } else {
-+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
-+ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
-+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
-+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
-+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
-+ (ctxt->replaceEntities == 0) &&
-+ (ctxt->validate == 0))
-+ return;
-+
- /*
- * TODO !!!
- * handle the extra spaces added before and after
---
-2.14.1
-
+++ /dev/null
-Fix CVE-2017-7376:
-
-https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public)
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
-https://security-tracker.debian.org/tracker/CVE-2017-7376
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
-
-From 5dca9eea1bd4263bfa4d037ab2443de1cd730f7e Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Fri, 7 Apr 2017 17:13:28 +0200
-Subject: [PATCH] Increase buffer space for port in HTTP redirect support
-
-For https://bugzilla.gnome.org/show_bug.cgi?id=780690
-
-nanohttp.c: the code wrongly assumed a short int port value.
----
- nanohttp.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/nanohttp.c b/nanohttp.c
-index e109ad75..373425de 100644
---- a/nanohttp.c
-+++ b/nanohttp.c
-@@ -1423,9 +1423,9 @@ retry:
- if (ctxt->port != 80) {
- /* reserve space for ':xxxxx', incl. potential proxy */
- if (proxy)
-- blen += 12;
-+ blen += 17;
- else
-- blen += 6;
-+ blen += 11;
- }
- bp = (char*)xmlMallocAtomic(blen);
- if ( bp == NULL ) {
---
-2.14.1
-
+++ /dev/null
-Fix CVE-2017-{9047,9048}:
-
-https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not yet public)
-https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not yet public)
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
-http://www.openwall.com/lists/oss-security/2017/05/15/1
-https://security-tracker.debian.org/tracker/CVE-2017-9047
-https://security-tracker.debian.org/tracker/CVE-2017-9048
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
-
-From 932cc9896ab41475d4aa429c27d9afd175959d74 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Sat, 3 Jun 2017 02:01:29 +0200
-Subject: [PATCH] Fix buffer size checks in xmlSnprintfElementContent
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-xmlSnprintfElementContent failed to correctly check the available
-buffer space in two locations.
-
-Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048).
-
-Thanks to Marcel Böhme and Thuan Pham for the report.
----
- result/valid/781333.xml | 5 +++++
- result/valid/781333.xml.err | 3 +++
- result/valid/781333.xml.err.rdr | 6 ++++++
- test/valid/781333.xml | 4 ++++
- valid.c | 20 +++++++++++---------
- 5 files changed, 29 insertions(+), 9 deletions(-)
- create mode 100644 result/valid/781333.xml
- create mode 100644 result/valid/781333.xml.err
- create mode 100644 result/valid/781333.xml.err.rdr
- create mode 100644 test/valid/781333.xml
-
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml
-new file mode 100644
-index 00000000..45dc451d
---- /dev/null
-+++ b/result/valid/781333.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE a [
-+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
-new file mode 100644
-index 00000000..b401b49a
---- /dev/null
-+++ b/result/valid/781333.xml.err
-@@ -0,0 +1,3 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
-new file mode 100644
-index 00000000..5ff56992
---- /dev/null
-+++ b/result/valid/781333.xml.err.rdr
-@@ -0,0 +1,6 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got
-+<a/>
-+ ^
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+
-+^
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml
-new file mode 100644
-index 00000000..b29e5a68
---- /dev/null
-+++ b/test/valid/781333.xml
-@@ -0,0 +1,4 @@
-+<!DOCTYPE a [
-+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/valid.c b/valid.c
-index 19f84b82..9b2df56a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- case XML_ELEMENT_CONTENT_PCDATA:
- strcat(buf, "#PCDATA");
- break;
-- case XML_ELEMENT_CONTENT_ELEMENT:
-+ case XML_ELEMENT_CONTENT_ELEMENT: {
-+ int qnameLen = xmlStrlen(content->name);
-+
-+ if (content->prefix != NULL)
-+ qnameLen += xmlStrlen(content->prefix) + 1;
-+ if (size - len < qnameLen + 10) {
-+ strcat(buf, " ...");
-+ return;
-+ }
- if (content->prefix != NULL) {
-- if (size - len < xmlStrlen(content->prefix) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- strcat(buf, (char *) content->prefix);
- strcat(buf, ":");
- }
-- if (size - len < xmlStrlen(content->name) + 10) {
-- strcat(buf, " ...");
-- return;
-- }
- if (content->name != NULL)
- strcat(buf, (char *) content->name);
- break;
-+ }
- case XML_ELEMENT_CONTENT_SEQ:
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- xmlSnprintfElementContent(buf, size, content->c2, 0);
- break;
- }
-+ if (size - strlen(buf) <= 2) return;
- if (englob)
- strcat(buf, ")");
- switch (content->ocur) {
---
-2.14.1
-
+++ /dev/null
-Fix CVE-2017-{9049,9050}:
-
-https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not yet public)
-https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not yet public)
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
-http://www.openwall.com/lists/oss-security/2017/05/15/1
-https://security-tracker.debian.org/tracker/CVE-2017-9049
-https://security-tracker.debian.org/tracker/CVE-2017-9050
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
-
-Changes to 'runtest.c' are removed since they introduce test failure
-when applying to libxml2 2.9.4 release tarball.
-
-From e26630548e7d138d2c560844c43820b6767251e3 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 5 Jun 2017 15:37:17 +0200
-Subject: [PATCH] Fix handling of parameter-entity references
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-Percent sign in DTD Names
-=========================
-
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing
-"complex" names inside the DTD, this could result in entity expansion
-which created a new input buffer. The fix is to simply remove the call
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because
-no users of the macro require expansion of parameter entities.
-
-- xmlParseNameComplex
-- xmlParseNCNameComplex
-- xmlParseNmtoken
-
-The percent sign is not allowed in names, which are grammatical tokens.
-
-- xmlParseEntityValue
-
-Parameter-entity references in entity values are expanded but this
-happens in a separate step in this function.
-
-- xmlParseSystemLiteral
-
-Parameter-entity references are ignored in the system literal.
-
-- xmlParseAttValueComplex
-- xmlParseCharDataComplex
-- xmlParseCommentComplex
-- xmlParsePI
-- xmlParseCDSect
-
-Parameter-entity references are ignored outside the DTD.
-
-- xmlLoadEntityContent
-
-This function is only called from xmlStringLenDecodeEntities and
-entities are replaced in a separate step immediately after the function
-call.
-
-This bug could also be triggered with an internal subset and double
-entity expansion.
-
-This fixes bug 766956 initially reported by Wei Lei and independently by
-Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
-involved.
-
-xmlParseNameComplex with XML_PARSE_OLD10
-========================================
-
-When parsing Names inside an expanded parameter entity with the
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
-GROW macro if the input buffer was exhausted. At the end of the
-parameter entity's replacement text, this function would then call
-xmlPopInput which invalidated the input buffer.
-
-There should be no need to invoke GROW in this situation because the
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
-at least for UTF-8, in xmlCurrentChar. This also matches the code path
-executed when XML_PARSE_OLD10 is not set.
-
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
-Thanks to Marcel Böhme and Thuan Pham for the report.
-
-Additional hardening
-====================
-
-A separate check was added in xmlParseNameComplex to validate the
-buffer size.
----
- Makefile.am | 18 ++++++++++++++++++
- parser.c | 18 ++++++++++--------
- result/errors10/781205.xml | 0
- result/errors10/781205.xml.err | 21 +++++++++++++++++++++
- result/errors10/781361.xml | 0
- result/errors10/781361.xml.err | 13 +++++++++++++
- result/valid/766956.xml | 0
- result/valid/766956.xml.err | 9 +++++++++
- result/valid/766956.xml.err.rdr | 10 ++++++++++
- runtest.c | 3 +++
- test/errors10/781205.xml | 3 +++
- test/errors10/781361.xml | 3 +++
- test/valid/766956.xml | 2 ++
- test/valid/dtds/766956.dtd | 2 ++
- 14 files changed, 94 insertions(+), 8 deletions(-)
- create mode 100644 result/errors10/781205.xml
- create mode 100644 result/errors10/781205.xml.err
- create mode 100644 result/errors10/781361.xml
- create mode 100644 result/errors10/781361.xml.err
- create mode 100644 result/valid/766956.xml
- create mode 100644 result/valid/766956.xml.err
- create mode 100644 result/valid/766956.xml.err.rdr
- create mode 100644 test/errors10/781205.xml
- create mode 100644 test/errors10/781361.xml
- create mode 100644 test/valid/766956.xml
- create mode 100644 test/valid/dtds/766956.dtd
-
-diff --git a/Makefile.am b/Makefile.am
-index 6fc8ffa9..10e716a5 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -427,6 +427,24 @@ Errtests : xmllint$(EXEEXT)
- if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
- rm result.$$name error.$$name ; \
- fi ; fi ; done)
-+ @echo "## Error cases regression tests (old 1.0)"
-+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \
-+ name=`basename $$i`; \
-+ if [ ! -d $$i ] ; then \
-+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
-+ echo New test file $$name ; \
-+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
-+ 2> $(srcdir)/result/errors10/$$name.err \
-+ > $(srcdir)/result/errors10/$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ else \
-+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \
-+ diff $(srcdir)/result/errors10/$$name result.$$name ; \
-+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
-+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
-+ rm result.$$name error.$$name ; \
-+ fi ; fi ; done)
- @echo "## Error cases stream regression tests"
- -@(for i in $(srcdir)/test/errors/*.xml ; do \
- name=`basename $$i`; \
-diff --git a/parser.c b/parser.c
-index df2efa55..a175ac4e 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
- ctxt->input->line++; ctxt->input->col = 1; \
- } else ctxt->input->col++; \
- ctxt->input->cur += l; \
-- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \
- } while (0)
-
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
-@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- len += l;
- NEXTL(l);
- c = CUR_CHAR(l);
-- if (c == 0) {
-- count = 0;
-- GROW;
-- if (ctxt->instate == XML_PARSER_EOF)
-- return(NULL);
-- c = CUR_CHAR(l);
-- }
- }
- }
- if ((len > XML_MAX_NAME_LENGTH) &&
-@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
- return(NULL);
- }
-+ if (ctxt->input->cur - ctxt->input->base < len) {
-+ /*
-+ * There were a couple of bugs where PERefs lead to to a change
-+ * of the buffer. Check the buffer size to avoid passing an invalid
-+ * pointer to xmlDictLookup.
-+ */
-+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
-+ "unexpected change of input buffer");
-+ return (NULL);
-+ }
- if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
-new file mode 100644
-index 00000000..e69de29b
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
-new file mode 100644
-index 00000000..da15c3f7
---- /dev/null
-+++ b/result/errors10/781205.xml.err
-@@ -0,0 +1,21 @@
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+Entity: line 1: parser error : DOCTYPE improperly terminated
-+ %a;
-+ ^
-+Entity: line 1:
-+<:0000
-+^
-+namespace error : Failed to parse QName ':0000'
-+ %a;
-+ ^
-+<:0000
-+ ^
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
-+
-+^
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
-new file mode 100644
-index 00000000..e69de29b
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
-new file mode 100644
-index 00000000..655f41a2
---- /dev/null
-+++ b/result/errors10/781361.xml.err
-@@ -0,0 +1,13 @@
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
-+
-+^
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+
-+^
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
-+
-+^
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
-+
-+^
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml
-new file mode 100644
-index 00000000..e69de29b
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
-new file mode 100644
-index 00000000..34b1dae6
---- /dev/null
-+++ b/result/valid/766956.xml.err
-@@ -0,0 +1,9 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
-new file mode 100644
-index 00000000..77603462
---- /dev/null
-+++ b/result/valid/766956.xml.err.rdr
-@@ -0,0 +1,10 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+ ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent;
-+ ^
-+Entity: line 1:
-+value
-+^
-+./test/valid/766956.xml : failed to parse
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
-new file mode 100644
-index 00000000..d9e9e839
---- /dev/null
-+++ b/test/errors10/781205.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE D [
-+ <!ENTITY % a "<:0000">
-+ %a;
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
-new file mode 100644
-index 00000000..67476bcb
---- /dev/null
-+++ b/test/errors10/781361.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE doc [
-+ <!ENTITY % elem "<!ELEMENT e0000000000">
-+ %elem;
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml
-new file mode 100644
-index 00000000..19a95a0e
---- /dev/null
-+++ b/test/valid/766956.xml
-@@ -0,0 +1,2 @@
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
-+<test/>
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
-new file mode 100644
-index 00000000..dddde68b
---- /dev/null
-+++ b/test/valid/dtds/766956.dtd
-@@ -0,0 +1,2 @@
-+<!ENTITY % ent "value">
-+%ä%ent;
---
-2.14.1
-
+++ /dev/null
-Fix CVE-2016-4738:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738
-https://bugs.chromium.org/p/chromium/issues/detail?id=619006
-
-Patch copied from upstream source repository:
-https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880
-
-From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Fri, 10 Jun 2016 14:23:58 +0200
-Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion
-
-An empty decimal-separator could cause a heap overread. This can be
-exploited to leak a couple of bytes after the buffer that holds the
-pattern string.
-
-Found with afl-fuzz and ASan.
----
- libxslt/numbers.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/libxslt/numbers.c b/libxslt/numbers.c
-index d1549b4..e78c46b 100644
---- a/libxslt/numbers.c
-+++ b/libxslt/numbers.c
-@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self,
- }
-
- /* We have finished the integer part, now work on fraction */
-- if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) {
-+ if ( (*the_format != 0) &&
-+ (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) {
- format_info.add_decimal = TRUE;
- the_format += xsltUTF8Size(the_format); /* Skip over the decimal */
- }
---
-2.10.2
-
+++ /dev/null
-Fix CVE-2017-5029:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
-
-From 08ab2774b870de1c7b5a48693df75e8154addae5 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Thu, 12 Jan 2017 15:39:52 +0100
-Subject: [PATCH] Check for integer overflow in xsltAddTextString
-
-Limit buffer size in xsltAddTextString to INT_MAX. The issue can be
-exploited to trigger an out of bounds write on 64-bit systems.
-
-Originally reported to Chromium:
-
-https://crbug.com/676623
----
- libxslt/transform.c | 25 ++++++++++++++++++++++---
- libxslt/xsltInternals.h | 4 ++--
- 2 files changed, 24 insertions(+), 5 deletions(-)
-
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index 519133fc..02bff34a 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -813,13 +813,32 @@ xsltAddTextString(xsltTransformContextPtr ctxt, xmlNodePtr target,
- return(target);
-
- if (ctxt->lasttext == target->content) {
-+ int minSize;
-
-- if (ctxt->lasttuse + len >= ctxt->lasttsize) {
-+ /* Check for integer overflow accounting for NUL terminator. */
-+ if (len >= INT_MAX - ctxt->lasttuse) {
-+ xsltTransformError(ctxt, NULL, target,
-+ "xsltCopyText: text allocation failed\n");
-+ return(NULL);
-+ }
-+ minSize = ctxt->lasttuse + len + 1;
-+
-+ if (ctxt->lasttsize < minSize) {
- xmlChar *newbuf;
- int size;
-+ int extra;
-+
-+ /* Double buffer size but increase by at least 100 bytes. */
-+ extra = minSize < 100 ? 100 : minSize;
-+
-+ /* Check for integer overflow. */
-+ if (extra > INT_MAX - ctxt->lasttsize) {
-+ size = INT_MAX;
-+ }
-+ else {
-+ size = ctxt->lasttsize + extra;
-+ }
-
-- size = ctxt->lasttsize + len + 100;
-- size *= 2;
- newbuf = (xmlChar *) xmlRealloc(target->content,size);
- if (newbuf == NULL) {
- xsltTransformError(ctxt, NULL, target,
-diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
-index 060b1783..5ad17719 100644
---- a/libxslt/xsltInternals.h
-+++ b/libxslt/xsltInternals.h
-@@ -1754,8 +1754,8 @@ struct _xsltTransformContext {
- * Speed optimization when coalescing text nodes
- */
- const xmlChar *lasttext; /* last text node content */
-- unsigned int lasttsize; /* last text node size */
-- unsigned int lasttuse; /* last text node use */
-+ int lasttsize; /* last text node size */
-+ int lasttuse; /* last text node use */
- /*
- * Per Context Debugging
- */
---
-2.15.1
-
+++ /dev/null
-Fix CVE-2017-10684 and CVE-2017-10685:
-
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685
-
-Bug reports included proof of concept reproducer inputs:
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1464684
-https://bugzilla.redhat.com/show_bug.cgi?id=1464685
-https://bugzilla.redhat.com/show_bug.cgi?id=1464686
-https://bugzilla.redhat.com/show_bug.cgi?id=1464687
-https://bugzilla.redhat.com/show_bug.cgi?id=1464688
-https://bugzilla.redhat.com/show_bug.cgi?id=1464691
-https://bugzilla.redhat.com/show_bug.cgi?id=1464692
-
-Patches copied from ncurses patch release 20170701:
-
-ftp://invisible-island.net/ncurses/6.0/ncurses-6.0-20170701.patch.gz
-
-Excerpt from patch release announcement:
-
- + add/improve checks in tic's parser to address invalid input
- (Redhat #1464684, #1464685, #1464686, #1464691).
- + alloc_entry.c, add a check for a null-pointer.
- + parse_entry.c, add several checks for valid pointers as well as
- one check to ensure that a single character on a line is not
- treated as the 2-character termcap short-name.
- + the fixes for Redhat #1464685 obscured a problem subsequently
- reported in Redhat #1464687; the given test-case was no longer
- reproducible. Testing without the fixes for the earlier reports
- showed a problem with buffer overflow in dump_entry.c, which is
- addressed by reducing the use of a fixed-size buffer.
-
-https://lists.gnu.org/archive/html/bug-ncurses/2017-07/msg00001.html
-
---- ncurses-6.0-20170624+/ncurses/tinfo/alloc_entry.c 2017-04-09 23:33:51.000000000 +0000
-+++ ncurses-6.0-20170701/ncurses/tinfo/alloc_entry.c 2017-06-27 23:48:55.000000000 +0000
-@@ -96,7 +96,11 @@
- {
- char *result = 0;
- size_t old_next_free = next_free;
-- size_t len = strlen(string) + 1;
-+ size_t len;
-+
-+ if (string == 0)
-+ return _nc_save_str("");
-+ len = strlen(string) + 1;
-
- if (len == 1 && next_free != 0) {
- /*
---- ncurses-6.0-20170624+/ncurses/tinfo/parse_entry.c 2017-06-24 22:59:46.000000000 +0000
-+++ ncurses-6.0-20170701/ncurses/tinfo/parse_entry.c 2017-06-28 00:53:12.000000000 +0000
-@@ -236,13 +236,14 @@
- * implemented it. Note that the resulting terminal type was never the
- * 2-character name, but was instead the first alias after that.
- */
-+#define ok_TC2(s) (isgraph(UChar(s)) && (s) != '|')
- ptr = _nc_curr_token.tk_name;
- if (_nc_syntax == SYN_TERMCAP
- #if NCURSES_XNAMES
- && !_nc_user_definable
- #endif
- ) {
-- if (ptr[2] == '|') {
-+ if (ok_TC2(ptr[0]) && ok_TC2(ptr[1]) && (ptr[2] == '|')) {
- ptr += 3;
- _nc_curr_token.tk_name[2] = '\0';
- }
-@@ -284,9 +285,11 @@
- if (is_use || is_tc) {
- entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
- entryp->uses[entryp->nuses].line = _nc_curr_line;
-- entryp->nuses++;
-- if (entryp->nuses > 1 && is_tc) {
-- BAD_TC_USAGE
-+ if (VALID_STRING(entryp->uses[entryp->nuses].name)) {
-+ entryp->nuses++;
-+ if (entryp->nuses > 1 && is_tc) {
-+ BAD_TC_USAGE
-+ }
- }
- } else {
- /* normal token lookup */
-@@ -588,7 +591,7 @@
- static void
- append_acs(string_desc * dst, int code, char *src)
- {
-- if (src != 0 && strlen(src) == 1) {
-+ if (VALID_STRING(src) && strlen(src) == 1) {
- append_acs0(dst, code, *src);
- }
- }
-@@ -849,15 +852,14 @@
- }
-
- if (tp->Strings[to_ptr->nte_index]) {
-+ const char *s = tp->Strings[from_ptr->nte_index];
-+ const char *t = tp->Strings[to_ptr->nte_index];
- /* There's no point in warning about it if it's the same
- * string; that's just an inefficiency.
- */
-- if (strcmp(
-- tp->Strings[from_ptr->nte_index],
-- tp->Strings[to_ptr->nte_index]) != 0)
-+ if (VALID_STRING(s) && VALID_STRING(t) && strcmp(s, t) != 0)
- _nc_warning("%s (%s) already has an explicit value %s, ignoring ko",
-- ap->to, ap->from,
-- _nc_visbuf(tp->Strings[to_ptr->nte_index]));
-+ ap->to, ap->from, t);
- continue;
- }
-
---- ncurses-6.0-20170624+/progs/dump_entry.c 2017-06-23 22:47:43.000000000 +0000
-+++ ncurses-6.0-20170701/progs/dump_entry.c 2017-07-01 11:27:29.000000000 +0000
-@@ -841,9 +841,10 @@
- PredIdx num_strings = 0;
- bool outcount = 0;
-
--#define WRAP_CONCAT \
-- wrap_concat(buffer); \
-- outcount = TRUE
-+#define WRAP_CONCAT1(s) wrap_concat(s); outcount = TRUE
-+#define WRAP_CONCAT2(a,b) wrap_concat(a); WRAP_CONCAT1(b)
-+#define WRAP_CONCAT3(a,b,c) wrap_concat(a); WRAP_CONCAT2(b,c)
-+#define WRAP_CONCAT WRAP_CONCAT1(buffer)
-
- len = 12; /* terminfo file-header */
-
-@@ -1007,9 +1008,9 @@
- set_attributes = save_sgr;
-
- trimmed_sgr0 = _nc_trim_sgr0(tterm);
-- if (strcmp(capability, trimmed_sgr0))
-+ if (strcmp(capability, trimmed_sgr0)) {
- capability = trimmed_sgr0;
-- else {
-+ } else {
- if (trimmed_sgr0 != exit_attribute_mode)
- free(trimmed_sgr0);
- }
-@@ -1046,13 +1047,21 @@
- _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer))
- "%s=!!! %s WILL NOT CONVERT !!!",
- name, srccap);
-+ WRAP_CONCAT;
- } else if (suppress_untranslatable) {
- continue;
- } else {
- char *s = srccap, *d = buffer;
-- _nc_SPRINTF(d, _nc_SLIMIT(sizeof(buffer)) "..%s=", name);
-- d += strlen(d);
-+ WRAP_CONCAT3("..", name, "=");
- while ((*d = *s++) != 0) {
-+ if ((d - buffer - 1) >= (int) sizeof(buffer)) {
-+ fprintf(stderr,
-+ "%s: value for %s is too long\n",
-+ _nc_progname,
-+ name);
-+ *d = '\0';
-+ break;
-+ }
- if (*d == ':') {
- *d++ = '\\';
- *d = ':';
-@@ -1061,13 +1070,12 @@
- }
- d++;
- }
-+ WRAP_CONCAT;
- }
- } else {
-- _nc_SPRINTF(buffer, _nc_SLIMIT(sizeof(buffer))
-- "%s=%s", name, cv);
-+ WRAP_CONCAT3(name, "=", cv);
- }
- len += (int) strlen(capability) + 1;
-- WRAP_CONCAT;
- } else {
- char *src = _nc_tic_expand(capability,
- outform == F_TERMINFO, numbers);
-@@ -1083,8 +1091,7 @@
- strcpy_DYN(&tmpbuf, src);
- }
- len += (int) strlen(capability) + 1;
-- wrap_concat(tmpbuf.text);
-- outcount = TRUE;
-+ WRAP_CONCAT1(tmpbuf.text);
- }
- }
- /* e.g., trimmed_sgr0 */
-@@ -1526,7 +1533,8 @@
- }
- if (len > critlen) {
- (void) fprintf(stderr,
-- "warning: %s entry is %d bytes long\n",
-+ "%s: %s entry is %d bytes long\n",
-+ _nc_progname,
- _nc_first_name(tterm->term_names),
- len);
- SHOW_WHY("# WARNING: this entry, %d bytes long, may core-dump %s libraries!\n",
+++ /dev/null
-From a41cc020fd6e40b358103425edfa50e6a10fc973 Mon Sep 17 00:00:00 2001
-From: Anatoli Papirovski <apapirovski@mac.com>
-Date: Thu, 2 Nov 2017 12:46:31 -0400
-Subject: [PATCH] test: fix flaky test-http2-server-rst-stream.js
-
-PR-URL: https://github.com/nodejs/node/pull/16690
-Fixes: https://github.com/nodejs/node/issues/16688
-Reviewed-By: James M Snell <jasnell@gmail.com>
-Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
----
- test/parallel/test-http2-server-rst-stream.js | 93 ++++++++++-----------------
- 1 file changed, 35 insertions(+), 58 deletions(-)
-
-diff --git a/test/parallel/test-http2-server-rst-stream.js b/test/parallel/test-http2-server-rst-stream.js
-index b92217dc99..dd38efb42f 100644
---- a/test/parallel/test-http2-server-rst-stream.js
-+++ b/test/parallel/test-http2-server-rst-stream.js
-@@ -5,11 +5,9 @@ if (!common.hasCrypto)
- common.skip('missing crypto');
- const assert = require('assert');
- const http2 = require('http2');
-+const Countdown = require('../common/countdown');
-
- const {
-- HTTP2_HEADER_METHOD,
-- HTTP2_HEADER_PATH,
-- HTTP2_METHOD_POST,
- NGHTTP2_CANCEL,
- NGHTTP2_NO_ERROR,
- NGHTTP2_PROTOCOL_ERROR,
-@@ -17,63 +15,42 @@ const {
- NGHTTP2_INTERNAL_ERROR
- } = http2.constants;
-
--const errCheck = common.expectsError({ code: 'ERR_HTTP2_STREAM_ERROR' }, 6);
-+const tests = [
-+ ['rstStream', NGHTTP2_NO_ERROR, false],
-+ ['rstWithNoError', NGHTTP2_NO_ERROR, false],
-+ ['rstWithProtocolError', NGHTTP2_PROTOCOL_ERROR, true],
-+ ['rstWithCancel', NGHTTP2_CANCEL, false],
-+ ['rstWithRefuse', NGHTTP2_REFUSED_STREAM, true],
-+ ['rstWithInternalError', NGHTTP2_INTERNAL_ERROR, true]
-+];
-+
-+const server = http2.createServer();
-+server.on('stream', (stream, headers) => {
-+ const method = headers['rstmethod'];
-+ stream[method]();
-+});
-+
-+server.listen(0, common.mustCall(() => {
-+ const client = http2.connect(`http://localhost:${server.address().port}`);
-+
-+ const countdown = new Countdown(tests.length, common.mustCall(() => {
-+ client.destroy();
-+ server.close();
-+ }));
-
--function checkRstCode(rstMethod, expectRstCode) {
-- const server = http2.createServer();
-- server.on('stream', (stream, headers, flags) => {
-- stream.respond({
-- 'content-type': 'text/html',
-- ':status': 200
-+ tests.forEach((test) => {
-+ const req = client.request({
-+ ':method': 'POST',
-+ rstmethod: test[0]
- });
-- stream.write('test');
-- if (rstMethod === 'rstStream')
-- stream[rstMethod](expectRstCode);
-- else
-- stream[rstMethod]();
--
-- if (expectRstCode !== NGHTTP2_NO_ERROR &&
-- expectRstCode !== NGHTTP2_CANCEL) {
-- stream.on('error', common.mustCall(errCheck));
-- } else {
-- stream.on('error', common.mustNotCall());
-- }
-- });
--
-- server.listen(0, common.mustCall(() => {
-- const port = server.address().port;
-- const client = http2.connect(`http://localhost:${port}`);
--
-- const headers = {
-- [HTTP2_HEADER_PATH]: '/',
-- [HTTP2_HEADER_METHOD]: HTTP2_METHOD_POST
-- };
-- const req = client.request(headers);
--
-- req.setEncoding('utf8');
-- req.on('streamClosed', common.mustCall((actualRstCode) => {
-- assert.strictEqual(
-- expectRstCode, actualRstCode, `${rstMethod} is not match rstCode`);
-- server.close();
-- client.destroy();
-+ req.on('streamClosed', common.mustCall((code) => {
-+ assert.strictEqual(code, test[1]);
-+ countdown.dec();
- }));
-- req.on('data', common.mustCall());
- req.on('aborted', common.mustCall());
-- req.on('end', common.mustCall());
--
-- if (expectRstCode !== NGHTTP2_NO_ERROR &&
-- expectRstCode !== NGHTTP2_CANCEL) {
-- req.on('error', common.mustCall(errCheck));
-- } else {
-+ if (test[2])
-+ req.on('error', common.mustCall());
-+ else
- req.on('error', common.mustNotCall());
-- }
--
-- }));
--}
--
--checkRstCode('rstStream', NGHTTP2_NO_ERROR);
--checkRstCode('rstWithNoError', NGHTTP2_NO_ERROR);
--checkRstCode('rstWithProtocolError', NGHTTP2_PROTOCOL_ERROR);
--checkRstCode('rstWithCancel', NGHTTP2_CANCEL);
--checkRstCode('rstWithRefuse', NGHTTP2_REFUSED_STREAM);
--checkRstCode('rstWithInternalError', NGHTTP2_INTERNAL_ERROR);
-+ });
-+}));
---
-2.15.0
-
+++ /dev/null
-Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
-from <https://vcs.pcre.org/pcre?view=revision&revision=1688>.
-
---- trunk/pcre_internal.h 2016/05/21 13:34:44 1649
-+++ trunk/pcre_internal.h 2017/02/24 17:30:30 1688
-@@ -2772,6 +2772,9 @@
- extern const pcre_uint16 PRIV(ucd_stage2)[];
- extern const pcre_uint32 PRIV(ucp_gentype)[];
- extern const pcre_uint32 PRIV(ucp_gbtable)[];
-+#ifdef COMPILE_PCRE32
-+extern const ucd_record PRIV(dummy_ucd_record)[];
-+#endif
- #ifdef SUPPORT_JIT
- extern const int PRIV(ucp_typerange)[];
- #endif
-@@ -2780,9 +2783,15 @@
- /* UCD access macros */
-
- #define UCD_BLOCK_SIZE 128
--#define GET_UCD(ch) (PRIV(ucd_records) + \
-+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
- PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
- UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
-+
-+#ifdef COMPILE_PCRE32
-+#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
-+#else
-+#define GET_UCD(ch) REAL_GET_UCD(ch)
-+#endif
-
- #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype
- #define UCD_SCRIPT(ch) GET_UCD(ch)->script
-
---- trunk/pcre_ucd.c 2014/06/19 07:51:39 1490
-+++ trunk/pcre_ucd.c 2017/02/24 17:30:30 1688
-@@ -38,6 +38,20 @@
- const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0};
- #else
-
-+/* If the 32-bit library is run in non-32-bit mode, character values
-+greater than 0x10ffff may be encountered. For these we set up a
-+special record. */
-+
-+#ifdef COMPILE_PCRE32
-+const ucd_record PRIV(dummy_ucd_record)[] = {{
-+ ucp_Common, /* script */
-+ ucp_Cn, /* type unassigned */
-+ ucp_gbOther, /* grapheme break property */
-+ 0, /* case set */
-+ 0, /* other case */
-+ }};
-+#endif
-+
- /* When recompiling tables with a new Unicode version, please check the
- types in this structure definition from pcre_internal.h (the actual
- field names will be different):
--- /dev/null
+SIGINT is ignored in the Guix build environment.
+
+--- a/Lib/test/test_regrtest.py
++++ b/Lib/test/test_regrtest.py
+@@ -399,6 +399,8 @@
+ output = self.run_tests('--fromfile', filename)
+ self.check_executed_tests(output, tests)
+
++ @unittest.skipIf(True,
++ "KeyboardInterrupts do not work in the build environment")
+ def test_interrupted(self):
+ code = TEST_INTERRUPTED
+ test = self.create_test('sigint', code=code)
+@@ -416,6 +418,8 @@
+ % (self.TESTNAME_REGEX, len(tests)))
+ self.check_line(output, regex)
+
++ @unittest.skipIf(True,
++ "KeyboardInterrupts do not work in the build environment")
+ def test_slow_interrupted(self):
+ # Issue #25373: test --slowest with an interrupted test
+ code = TEST_INTERRUPTED
+++ /dev/null
-This patch resolves a compatibility issue when compiled against glibc
-2.25
-and run runder kernels < 3.17:
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1410175
-
-Upstream bug URLs:
-
-https://bugs.python.org/issue29157
-https://bugs.python.org/issue29188
-
-Patch adapted from upstream source repository:
-
-https://github.com/python/cpython/commit/01bdbad3e951014c58581635b94b22868537901c
-
-From 01bdbad3e951014c58581635b94b22868537901c Mon Sep 17 00:00:00 2001
-From: Victor Stinner <victor.stinner@gmail.com>
-Date: Mon, 9 Jan 2017 11:10:41 +0100
-Subject: [PATCH] Don't use getentropy() on Linux
-
-Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but
-read from /dev/urandom to get random bytes, for example in os.urandom(). On
-Linux, getentropy() is implemented which getrandom() is blocking mode, whereas
-os.urandom() should not block.
----
- Misc/NEWS | 5 +++++
- Python/random.c | 11 +++++++++--
- 2 files changed, 14 insertions(+), 2 deletions(-)
-
-diff --git a/Python/random.c b/Python/random.c
-index 57c41ffcd6..000cb36938 100644
---- a/Python/random.c
-+++ b/Python/random.c
-@@ -97,8 +97,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
- }
-
- /* Issue #25003: Don't use getentropy() on Solaris (available since
-- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
--#elif defined(HAVE_GETENTROPY) && !defined(sun)
-+ Solaris 11.3), it is blocking whereas os.urandom() should not block.
-+
-+ Issue #29188: Don't use getentropy() on Linux since the glibc 2.24
-+ implements it with the getrandom() syscall which can fail with ENOSYS,
-+ and this error is not supported in py_getentropy() and getrandom() is called
-+ with flags=0 which blocks until system urandom is initialized, which is not
-+ the desired behaviour to seed the Python hash secret nor for os.urandom():
-+ see the PEP 524 which was only implemented in Python 3.6. */
-+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux)
- #define PY_GETENTROPY 1
-
- /* Fill buffer with size pseudo-random bytes generated by getentropy().
---
-2.12.0
-
--- /dev/null
+Additional test fixes which affect Python 3.5 (and presumably later) but not
+prior revisions of Python.
+
+--- Lib/test/test_pathlib.py 2014-03-01 03:02:36.088311000 +0100
++++ Lib/test/test_pathlib.py 2014-03-01 04:56:37.768311000 +0100
+@@ -2132,8 +2132,7 @@
+ self.assertEqual(given, expect)
+ self.assertEqual(set(p.rglob("FILEd*")), set())
+
+- @unittest.skipUnless(hasattr(pwd, 'getpwall'),
+- 'pwd module does not expose getpwall()')
++ @unittest.skipIf(True, "Guix builder home is '/' which causes trouble for these tests")
+ def test_expanduser(self):
+ P = self.cls
+ support.import_module('pwd')
+--- Lib/test/test_tarfile.py 2016-02-24 19:22:52.597208055 +0000
++++ Lib/test/test_tarfile.py 2016-02-24 20:50:48.941950135 +0000
+@@ -2305,11 +2305,14 @@
+ try:
+ import pwd, grp
+ except ImportError:
+ return False
+- if pwd.getpwuid(0)[0] != 'root':
+- return False
+- if grp.getgrgid(0)[0] != 'root':
++ try:
++ if pwd.getpwuid(0)[0] != 'root':
++ return False
++ if grp.getgrgid(0)[0] != 'root':
++ return False
++ except KeyError:
+ return False
+ return True
+
+
+--- Lib/test/test_asyncio/test_base_events.py
++++ Lib/test/test_asyncio/test_base_events.py
+@@ -1216,6 +1216,8 @@
+ self._test_create_connection_ip_addr(m_socket, False)
+
+ @patch_socket
++ @unittest.skipUnless(support.is_resource_enabled('network'),
++ 'network is not enabled')
+ def test_create_connection_service_name(self, m_socket):
+ m_socket.getaddrinfo = socket.getaddrinfo
+ sock = m_socket.socket.return_value
+
+--- Lib/test/test_pdb.py.org 2017-03-12 03:09:01.991856701 +0100
++++ Lib/test/test_pdb.py 2017-03-12 03:26:17.742572869 +0100
+
+For some reason, KeyboardInterrupts do not work in the build
+environment (lack of controlling TTY?). Just change the expected
+outcome. Unfortunately, this will make it fail for users running
+`python -m test test_pdb test_pdb` interactively.
+
+@@ -928,11 +928,11 @@
+ > <doctest test.test_pdb.test_pdb_issue_20766[0]>(6)test_function()
+ -> print('pdb %d: %s' % (i, sess._previous_sigint_handler))
+ (Pdb) continue
+- pdb 1: <built-in function default_int_handler>
++ pdb 1: Handlers.SIG_IGN
+ > <doctest test.test_pdb.test_pdb_issue_20766[0]>(5)test_function()
+ -> sess.set_trace(sys._getframe())
+ (Pdb) continue
+- pdb 2: <built-in function default_int_handler>
++ pdb 2: Handlers.SIG_IGN
+ """
+
+ class PdbTestCase(unittest.TestCase):
+--- Lib/test/test_socket.py
++++ Lib/test/test_socket.py
+@@ -802,6 +802,8 @@
+ if not fqhn in all_host_names:
+ self.fail("Error testing host resolution mechanisms. (fqdn: %s, all: %s)" % (fqhn, repr(all_host_names)))
+
++ @unittest.skipUnless(support.is_resource_enabled('network'),
++ 'network is not enabled')
+ def test_host_resolution(self):
+ for addr in [support.HOST, '10.0.0.1', '255.255.255.255']:
+ self.assertEqual(socket.gethostbyname(addr), addr)
+--- Lib/test/test_spwd.py
++++ Lib/test/test_spwd.py
+@@ -5,8 +5,7 @@
+ spwd = support.import_module('spwd')
+
+
+-@unittest.skipUnless(hasattr(os, 'geteuid') and os.geteuid() == 0,
+- 'root privileges required')
++@unittest.skipUnless(os.path.exists("/etc/shadow"), 'spwd tests require /etc/shadow')
+ class TestSpwdRoot(unittest.TestCase):
+
+ def test_getspall(self):
+@@ -56,8 +55,7 @@
+ self.assertRaises(TypeError, spwd.getspnam, bytes_name)
+
+
+-@unittest.skipUnless(hasattr(os, 'geteuid') and os.geteuid() != 0,
+- 'non-root user required')
++@unittest.skipUnless(os.path.exists("/etc/shadow"), 'spwd tests require /etc/shadow')
+ class TestSpwdNonRoot(unittest.TestCase):
+
+ def test_getspnam_exception(self):
+--- Lib/test/test_regrtest.py
++++ Lib/test/test_regrtest.py
+@@ -700,6 +700,7 @@
+ output = self.run_tests('--fromfile', filename)
+ self.check_executed_tests(output, tests)
+
++ @unittest.skipIf(True, 'Keyboard interrupts do not work in the Guix build environment.')
+ def test_interrupted(self):
+ code = TEST_INTERRUPTED
+ test = self.create_test('sigint', code=code)
+@@ -717,6 +718,7 @@
+ % (self.TESTNAME_REGEX, len(tests)))
+ self.check_line(output, regex)
+
++ @unittest.skipIf(True, 'Keyboard interrupts do not work in the Guix build environment.')
+ def test_slow_interrupted(self):
+ # Issue #25373: test --slowest with an interrupted test
+ code = TEST_INTERRUPTED
+--- Lib/test/test_generators.py
++++ Lib/test/test_generators.py
+@@ -29,6 +29,7 @@
+ else:
+ return "FAILED"
+
++ @unittest.skipIf(True, 'Keyboard interrupts do not work in the Guix build environment')
+ def test_raise_and_yield_from(self):
+ gen = self.generator1()
+ gen.send(None)
+--- Lib/test/test_normalization.py
++++ Lib/test/test_normalization.py
+@@ -2,6 +2,7 @@
+ import unittest
+
+ from http.client import HTTPException
++from urllib.error import URLError
+ import sys
+ from unicodedata import normalize, unidata_version
+
+@@ -43,6 +44,8 @@
+ except PermissionError:
+ self.skipTest(f"Permission error when downloading {TESTDATAURL} "
+ f"into the test data directory")
++ except URLError:
++ self.skipTest("DNS lookups are not enabled.")
+ except (OSError, HTTPException):
+ self.fail(f"Could not retrieve {TESTDATAURL}")
+
+++ /dev/null
-Additional test fixes which affect Python 3.5 (and presumably later) but not
-prior revisions of Python.
-
---- Lib/test/test_pathlib.py 2014-03-01 03:02:36.088311000 +0100
-+++ Lib/test/test_pathlib.py 2014-03-01 04:56:37.768311000 +0100
-@@ -1986,8 +1986,9 @@
- expect = set() if not support.fs_is_case_insensitive(BASE) else given
- self.assertEqual(given, expect)
- self.assertEqual(set(p.rglob("FILEd*")), set())
-
-+ @unittest.skipIf(True, "Guix builder home is '/' which causes trouble for these tests")
- def test_expanduser(self):
- P = self.cls
- support.import_module('pwd')
- import pwd
---- Lib/test/test_tarfile.py 2016-02-24 19:22:52.597208055 +0000
-+++ Lib/test/test_tarfile.py 2016-02-24 20:50:48.941950135 +0000
-@@ -2305,11 +2305,14 @@
- try:
- import pwd, grp
- except ImportError:
- return False
-- if pwd.getpwuid(0)[0] != 'root':
-- return False
-- if grp.getgrgid(0)[0] != 'root':
-+ try:
-+ if pwd.getpwuid(0)[0] != 'root':
-+ return False
-+ if grp.getgrgid(0)[0] != 'root':
-+ return False
-+ except KeyError:
- return False
- return True
-
-
---- Lib/test/test_asyncio/test_base_events.py
-+++ Lib/test/test_asyncio/test_base_events.py
-@@ -1216,6 +1216,8 @@
- self._test_create_connection_ip_addr(m_socket, False)
-
- @patch_socket
-+ @unittest.skipUnless(support.is_resource_enabled('network'),
-+ 'network is not enabled')
- def test_create_connection_service_name(self, m_socket):
- m_socket.getaddrinfo = socket.getaddrinfo
- sock = m_socket.socket.return_value
-
---- Lib/test/test_pdb.py.org 2017-03-12 03:09:01.991856701 +0100
-+++ Lib/test/test_pdb.py 2017-03-12 03:26:17.742572869 +0100
-
-For some reason, KeyboardInterrupts do not work in the build
-environment (lack of controlling TTY?). Just change the expected
-outcome. Unfortunately, this will make it fail for users running
-`python -m test test_pdb test_pdb` interactively.
-
-@@ -928,11 +928,11 @@
- > <doctest test.test_pdb.test_pdb_issue_20766[0]>(6)test_function()
- -> print('pdb %d: %s' % (i, sess._previous_sigint_handler))
- (Pdb) continue
-- pdb 1: <built-in function default_int_handler>
-+ pdb 1: Handlers.SIG_IGN
- > <doctest test.test_pdb.test_pdb_issue_20766[0]>(5)test_function()
- -> sess.set_trace(sys._getframe())
- (Pdb) continue
-- pdb 2: <built-in function default_int_handler>
-+ pdb 2: Handlers.SIG_IGN
- """
-
- class PdbTestCase(unittest.TestCase):
+++ /dev/null
-This patch resolves a compatibility issue when compiled against glibc 2.25
-and run runder kernels < 3.17:
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1410175
-
-Upstream bug URL: https://bugs.python.org/issue29157
-
-Patch copied from upstream source repository:
-
-https://hg.python.org/cpython/rev/8125d9a8152b
-
-# HG changeset patch
-# User Victor Stinner <victor.stinner@gmail.com>
-# Date 1483957133 -3600
-# Node ID 8125d9a8152b79e712cb09c7094b9129b9bcea86
-# Parent 337461574c90281630751b6095c4e1baf380cf7d
-Issue #29157: Prefer getrandom() over getentropy()
-
-Copy and then adapt Python/random.c from default branch. Difference between 3.5
-and default branches:
-
-* Python 3.5 only uses getrandom() in non-blocking mode: flags=GRND_NONBLOCK
-* If getrandom() fails with EAGAIN: py_getrandom() immediately fails and
- remembers that getrandom() doesn't work.
-* Python 3.5 has no _PyOS_URandomNonblock() function: _PyOS_URandom()
- works in non-blocking mode on Python 3.5
-
-diff --git a/Python/random.c b/Python/random.c
---- Python/random.c
-+++ Python/random.c
-@@ -1,6 +1,9 @@
- #include "Python.h"
- #ifdef MS_WINDOWS
- # include <windows.h>
-+/* All sample MSDN wincrypt programs include the header below. It is at least
-+ * required with Min GW. */
-+# include <wincrypt.h>
- #else
- # include <fcntl.h>
- # ifdef HAVE_SYS_STAT_H
-@@ -37,10 +40,9 @@ win32_urandom_init(int raise)
- return 0;
-
- error:
-- if (raise)
-+ if (raise) {
- PyErr_SetFromWindowsErr(0);
-- else
-- Py_FatalError("Failed to initialize Windows random API (CryptoGen)");
-+ }
- return -1;
- }
-
-@@ -53,8 +55,9 @@ win32_urandom(unsigned char *buffer, Py_
-
- if (hCryptProv == 0)
- {
-- if (win32_urandom_init(raise) == -1)
-+ if (win32_urandom_init(raise) == -1) {
- return -1;
-+ }
- }
-
- while (size > 0)
-@@ -63,11 +66,9 @@ win32_urandom(unsigned char *buffer, Py_
- if (!CryptGenRandom(hCryptProv, (DWORD)chunk, buffer))
- {
- /* CryptGenRandom() failed */
-- if (raise)
-+ if (raise) {
- PyErr_SetFromWindowsErr(0);
-- else
-- Py_FatalError("Failed to initialized the randomized hash "
-- "secret using CryptoGen)");
-+ }
- return -1;
- }
- buffer += chunk;
-@@ -76,58 +77,23 @@ win32_urandom(unsigned char *buffer, Py_
- return 0;
- }
-
--/* Issue #25003: Don't use getentropy() on Solaris (available since
-- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
--#elif defined(HAVE_GETENTROPY) && !defined(sun)
--#define PY_GETENTROPY 1
--
--/* Fill buffer with size pseudo-random bytes generated by getentropy().
-- Return 0 on success, or raise an exception and return -1 on error.
--
-- If fatal is nonzero, call Py_FatalError() instead of raising an exception
-- on error. */
--static int
--py_getentropy(unsigned char *buffer, Py_ssize_t size, int fatal)
--{
-- while (size > 0) {
-- Py_ssize_t len = Py_MIN(size, 256);
-- int res;
--
-- if (!fatal) {
-- Py_BEGIN_ALLOW_THREADS
-- res = getentropy(buffer, len);
-- Py_END_ALLOW_THREADS
--
-- if (res < 0) {
-- PyErr_SetFromErrno(PyExc_OSError);
-- return -1;
-- }
-- }
-- else {
-- res = getentropy(buffer, len);
-- if (res < 0)
-- Py_FatalError("getentropy() failed");
-- }
--
-- buffer += len;
-- size -= len;
-- }
-- return 0;
--}
--
--#else
-+#else /* !MS_WINDOWS */
-
- #if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL)
- #define PY_GETRANDOM 1
-
--/* Call getrandom()
-+/* Call getrandom() to get random bytes:
-+
- - Return 1 on success
-- - Return 0 if getrandom() syscall is not available (failed with ENOSYS or
-- EPERM) or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom
-- not initialized yet) and raise=0.
-+ - Return 0 if getrandom() is not available (failed with ENOSYS or EPERM),
-+ or if getrandom(GRND_NONBLOCK) failed with EAGAIN (system urandom not
-+ initialized yet).
- - Raise an exception (if raise is non-zero) and return -1 on error:
-- getrandom() failed with EINTR and the Python signal handler raised an
-- exception, or getrandom() failed with a different error. */
-+ if getrandom() failed with EINTR, raise is non-zero and the Python signal
-+ handler raised an exception, or if getrandom() failed with a different
-+ error.
-+
-+ getrandom() is retried if it failed with EINTR: interrupted by a signal. */
- static int
- py_getrandom(void *buffer, Py_ssize_t size, int raise)
- {
-@@ -142,16 +108,19 @@ py_getrandom(void *buffer, Py_ssize_t si
- * see https://bugs.python.org/issue26839. To avoid this, use the
- * GRND_NONBLOCK flag. */
- const int flags = GRND_NONBLOCK;
-+ char *dest;
- long n;
-
- if (!getrandom_works) {
- return 0;
- }
-
-+ dest = buffer;
- while (0 < size) {
- #ifdef sun
- /* Issue #26735: On Solaris, getrandom() is limited to returning up
-- to 1024 bytes */
-+ to 1024 bytes. Call it multiple times if more bytes are
-+ requested. */
- n = Py_MIN(size, 1024);
- #else
- n = Py_MIN(size, LONG_MAX);
-@@ -161,34 +130,35 @@ py_getrandom(void *buffer, Py_ssize_t si
- #ifdef HAVE_GETRANDOM
- if (raise) {
- Py_BEGIN_ALLOW_THREADS
-- n = getrandom(buffer, n, flags);
-+ n = getrandom(dest, n, flags);
- Py_END_ALLOW_THREADS
- }
- else {
-- n = getrandom(buffer, n, flags);
-+ n = getrandom(dest, n, flags);
- }
- #else
- /* On Linux, use the syscall() function because the GNU libc doesn't
-- * expose the Linux getrandom() syscall yet. See:
-- * https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */
-+ expose the Linux getrandom() syscall yet. See:
-+ https://sourceware.org/bugzilla/show_bug.cgi?id=17252 */
- if (raise) {
- Py_BEGIN_ALLOW_THREADS
-- n = syscall(SYS_getrandom, buffer, n, flags);
-+ n = syscall(SYS_getrandom, dest, n, flags);
- Py_END_ALLOW_THREADS
- }
- else {
-- n = syscall(SYS_getrandom, buffer, n, flags);
-+ n = syscall(SYS_getrandom, dest, n, flags);
- }
- #endif
-
- if (n < 0) {
-- /* ENOSYS: getrandom() syscall not supported by the kernel (but
-- * maybe supported by the host which built Python). EPERM:
-- * getrandom() syscall blocked by SECCOMP or something else. */
-+ /* ENOSYS: the syscall is not supported by the kernel.
-+ EPERM: the syscall is blocked by a security policy (ex: SECCOMP)
-+ or something else. */
- if (errno == ENOSYS || errno == EPERM) {
- getrandom_works = 0;
- return 0;
- }
-+
- if (errno == EAGAIN) {
- /* getrandom(GRND_NONBLOCK) fails with EAGAIN if the system
- urandom is not initialiazed yet. In this case, fall back on
-@@ -202,32 +172,101 @@ py_getrandom(void *buffer, Py_ssize_t si
- }
-
- if (errno == EINTR) {
-- if (PyErr_CheckSignals()) {
-- if (!raise) {
-- Py_FatalError("getrandom() interrupted by a signal");
-+ if (raise) {
-+ if (PyErr_CheckSignals()) {
-+ return -1;
- }
-- return -1;
- }
-
-- /* retry getrandom() */
-+ /* retry getrandom() if it was interrupted by a signal */
- continue;
- }
-
- if (raise) {
- PyErr_SetFromErrno(PyExc_OSError);
- }
-- else {
-- Py_FatalError("getrandom() failed");
-+ return -1;
-+ }
-+
-+ dest += n;
-+ size -= n;
-+ }
-+ return 1;
-+}
-+
-+#elif defined(HAVE_GETENTROPY)
-+#define PY_GETENTROPY 1
-+
-+/* Fill buffer with size pseudo-random bytes generated by getentropy():
-+
-+ - Return 1 on success
-+ - Return 0 if getentropy() syscall is not available (failed with ENOSYS or
-+ EPERM).
-+ - Raise an exception (if raise is non-zero) and return -1 on error:
-+ if getentropy() failed with EINTR, raise is non-zero and the Python signal
-+ handler raised an exception, or if getentropy() failed with a different
-+ error.
-+
-+ getentropy() is retried if it failed with EINTR: interrupted by a signal. */
-+static int
-+py_getentropy(char *buffer, Py_ssize_t size, int raise)
-+{
-+ /* Is getentropy() supported by the running kernel? Set to 0 if
-+ getentropy() failed with ENOSYS or EPERM. */
-+ static int getentropy_works = 1;
-+
-+ if (!getentropy_works) {
-+ return 0;
-+ }
-+
-+ while (size > 0) {
-+ /* getentropy() is limited to returning up to 256 bytes. Call it
-+ multiple times if more bytes are requested. */
-+ Py_ssize_t len = Py_MIN(size, 256);
-+ int res;
-+
-+ if (raise) {
-+ Py_BEGIN_ALLOW_THREADS
-+ res = getentropy(buffer, len);
-+ Py_END_ALLOW_THREADS
-+ }
-+ else {
-+ res = getentropy(buffer, len);
-+ }
-+
-+ if (res < 0) {
-+ /* ENOSYS: the syscall is not supported by the running kernel.
-+ EPERM: the syscall is blocked by a security policy (ex: SECCOMP)
-+ or something else. */
-+ if (errno == ENOSYS || errno == EPERM) {
-+ getentropy_works = 0;
-+ return 0;
-+ }
-+
-+ if (errno == EINTR) {
-+ if (raise) {
-+ if (PyErr_CheckSignals()) {
-+ return -1;
-+ }
-+ }
-+
-+ /* retry getentropy() if it was interrupted by a signal */
-+ continue;
-+ }
-+
-+ if (raise) {
-+ PyErr_SetFromErrno(PyExc_OSError);
- }
- return -1;
- }
-
-- buffer += n;
-- size -= n;
-+ buffer += len;
-+ size -= len;
- }
- return 1;
- }
--#endif
-+#endif /* defined(HAVE_GETENTROPY) && !defined(sun) */
-+
-
- static struct {
- int fd;
-@@ -235,136 +274,123 @@ static struct {
- ino_t st_ino;
- } urandom_cache = { -1 };
-
-+/* Read random bytes from the /dev/urandom device:
-
--/* Read 'size' random bytes from py_getrandom(). Fall back on reading from
-- /dev/urandom if getrandom() is not available.
-+ - Return 0 on success
-+ - Raise an exception (if raise is non-zero) and return -1 on error
-
-- Call Py_FatalError() on error. */
--static void
--dev_urandom_noraise(unsigned char *buffer, Py_ssize_t size)
-+ Possible causes of errors:
-+
-+ - open() failed with ENOENT, ENXIO, ENODEV, EACCES: the /dev/urandom device
-+ was not found. For example, it was removed manually or not exposed in a
-+ chroot or container.
-+ - open() failed with a different error
-+ - fstat() failed
-+ - read() failed or returned 0
-+
-+ read() is retried if it failed with EINTR: interrupted by a signal.
-+
-+ The file descriptor of the device is kept open between calls to avoid using
-+ many file descriptors when run in parallel from multiple threads:
-+ see the issue #18756.
-+
-+ st_dev and st_ino fields of the file descriptor (from fstat()) are cached to
-+ check if the file descriptor was replaced by a different file (which is
-+ likely a bug in the application): see the issue #21207.
-+
-+ If the file descriptor was closed or replaced, open a new file descriptor
-+ but don't close the old file descriptor: it probably points to something
-+ important for some third-party code. */
-+static int
-+dev_urandom(char *buffer, Py_ssize_t size, int raise)
- {
- int fd;
- Py_ssize_t n;
-
-- assert (0 < size);
-+ if (raise) {
-+ struct _Py_stat_struct st;
-
--#ifdef PY_GETRANDOM
-- if (py_getrandom(buffer, size, 0) == 1) {
-- return;
-+ if (urandom_cache.fd >= 0) {
-+ /* Does the fd point to the same thing as before? (issue #21207) */
-+ if (_Py_fstat_noraise(urandom_cache.fd, &st)
-+ || st.st_dev != urandom_cache.st_dev
-+ || st.st_ino != urandom_cache.st_ino) {
-+ /* Something changed: forget the cached fd (but don't close it,
-+ since it probably points to something important for some
-+ third-party code). */
-+ urandom_cache.fd = -1;
-+ }
-+ }
-+ if (urandom_cache.fd >= 0)
-+ fd = urandom_cache.fd;
-+ else {
-+ fd = _Py_open("/dev/urandom", O_RDONLY);
-+ if (fd < 0) {
-+ if (errno == ENOENT || errno == ENXIO ||
-+ errno == ENODEV || errno == EACCES) {
-+ PyErr_SetString(PyExc_NotImplementedError,
-+ "/dev/urandom (or equivalent) not found");
-+ }
-+ /* otherwise, keep the OSError exception raised by _Py_open() */
-+ return -1;
-+ }
-+ if (urandom_cache.fd >= 0) {
-+ /* urandom_fd was initialized by another thread while we were
-+ not holding the GIL, keep it. */
-+ close(fd);
-+ fd = urandom_cache.fd;
-+ }
-+ else {
-+ if (_Py_fstat(fd, &st)) {
-+ close(fd);
-+ return -1;
-+ }
-+ else {
-+ urandom_cache.fd = fd;
-+ urandom_cache.st_dev = st.st_dev;
-+ urandom_cache.st_ino = st.st_ino;
-+ }
-+ }
-+ }
-+
-+ do {
-+ n = _Py_read(fd, buffer, (size_t)size);
-+ if (n == -1)
-+ return -1;
-+ if (n == 0) {
-+ PyErr_Format(PyExc_RuntimeError,
-+ "Failed to read %zi bytes from /dev/urandom",
-+ size);
-+ return -1;
-+ }
-+
-+ buffer += n;
-+ size -= n;
-+ } while (0 < size);
- }
-- /* getrandom() failed with ENOSYS or EPERM,
-- fall back on reading /dev/urandom */
--#endif
--
-- fd = _Py_open_noraise("/dev/urandom", O_RDONLY);
-- if (fd < 0) {
-- Py_FatalError("Failed to open /dev/urandom");
-- }
--
-- while (0 < size)
-- {
-- do {
-- n = read(fd, buffer, (size_t)size);
-- } while (n < 0 && errno == EINTR);
--
-- if (n <= 0) {
-- /* read() failed or returned 0 bytes */
-- Py_FatalError("Failed to read bytes from /dev/urandom");
-- break;
-- }
-- buffer += n;
-- size -= n;
-- }
-- close(fd);
--}
--
--/* Read 'size' random bytes from py_getrandom(). Fall back on reading from
-- /dev/urandom if getrandom() is not available.
--
-- Return 0 on success. Raise an exception and return -1 on error. */
--static int
--dev_urandom_python(char *buffer, Py_ssize_t size)
--{
-- int fd;
-- Py_ssize_t n;
-- struct _Py_stat_struct st;
--#ifdef PY_GETRANDOM
-- int res;
--#endif
--
-- if (size <= 0)
-- return 0;
--
--#ifdef PY_GETRANDOM
-- res = py_getrandom(buffer, size, 1);
-- if (res < 0) {
-- return -1;
-- }
-- if (res == 1) {
-- return 0;
-- }
-- /* getrandom() failed with ENOSYS or EPERM,
-- fall back on reading /dev/urandom */
--#endif
--
-- if (urandom_cache.fd >= 0) {
-- /* Does the fd point to the same thing as before? (issue #21207) */
-- if (_Py_fstat_noraise(urandom_cache.fd, &st)
-- || st.st_dev != urandom_cache.st_dev
-- || st.st_ino != urandom_cache.st_ino) {
-- /* Something changed: forget the cached fd (but don't close it,
-- since it probably points to something important for some
-- third-party code). */
-- urandom_cache.fd = -1;
-- }
-- }
-- if (urandom_cache.fd >= 0)
-- fd = urandom_cache.fd;
- else {
-- fd = _Py_open("/dev/urandom", O_RDONLY);
-+ fd = _Py_open_noraise("/dev/urandom", O_RDONLY);
- if (fd < 0) {
-- if (errno == ENOENT || errno == ENXIO ||
-- errno == ENODEV || errno == EACCES)
-- PyErr_SetString(PyExc_NotImplementedError,
-- "/dev/urandom (or equivalent) not found");
-- /* otherwise, keep the OSError exception raised by _Py_open() */
- return -1;
- }
-- if (urandom_cache.fd >= 0) {
-- /* urandom_fd was initialized by another thread while we were
-- not holding the GIL, keep it. */
-- close(fd);
-- fd = urandom_cache.fd;
-- }
-- else {
-- if (_Py_fstat(fd, &st)) {
-+
-+ while (0 < size)
-+ {
-+ do {
-+ n = read(fd, buffer, (size_t)size);
-+ } while (n < 0 && errno == EINTR);
-+
-+ if (n <= 0) {
-+ /* stop on error or if read(size) returned 0 */
- close(fd);
- return -1;
- }
-- else {
-- urandom_cache.fd = fd;
-- urandom_cache.st_dev = st.st_dev;
-- urandom_cache.st_ino = st.st_ino;
-- }
-+
-+ buffer += n;
-+ size -= n;
- }
-+ close(fd);
- }
--
-- do {
-- n = _Py_read(fd, buffer, (size_t)size);
-- if (n == -1) {
-- return -1;
-- }
-- if (n == 0) {
-- PyErr_Format(PyExc_RuntimeError,
-- "Failed to read %zi bytes from /dev/urandom",
-- size);
-- return -1;
-- }
--
-- buffer += n;
-- size -= n;
-- } while (0 < size);
--
- return 0;
- }
-
-@@ -376,8 +402,8 @@ dev_urandom_close(void)
- urandom_cache.fd = -1;
- }
- }
-+#endif /* !MS_WINDOWS */
-
--#endif
-
- /* Fill buffer with pseudo-random bytes generated by a linear congruent
- generator (LCG):
-@@ -400,29 +426,98 @@ lcg_urandom(unsigned int x0, unsigned ch
- }
- }
-
-+/* Read random bytes:
-+
-+ - Return 0 on success
-+ - Raise an exception (if raise is non-zero) and return -1 on error
-+
-+ Used sources of entropy ordered by preference, preferred source first:
-+
-+ - CryptGenRandom() on Windows
-+ - getrandom() function (ex: Linux and Solaris): call py_getrandom()
-+ - getentropy() function (ex: OpenBSD): call py_getentropy()
-+ - /dev/urandom device
-+
-+ Read from the /dev/urandom device if getrandom() or getentropy() function
-+ is not available or does not work.
-+
-+ Prefer getrandom() over getentropy() because getrandom() supports blocking
-+ and non-blocking mode and Python requires non-blocking RNG at startup to
-+ initialize its hash secret: see the PEP 524.
-+
-+ Prefer getrandom() and getentropy() over reading directly /dev/urandom
-+ because these functions don't need file descriptors and so avoid ENFILE or
-+ EMFILE errors (too many open files): see the issue #18756.
-+
-+ Only use RNG running in the kernel. They are more secure because it is
-+ harder to get the internal state of a RNG running in the kernel land than a
-+ RNG running in the user land. The kernel has a direct access to the hardware
-+ and has access to hardware RNG, they are used as entropy sources.
-+
-+ Note: the OpenSSL RAND_pseudo_bytes() function does not automatically reseed
-+ its RNG on fork(), two child processes (with the same pid) generate the same
-+ random numbers: see issue #18747. Kernel RNGs don't have this issue,
-+ they have access to good quality entropy sources.
-+
-+ If raise is zero:
-+
-+ - Don't raise an exception on error
-+ - Don't call the Python signal handler (don't call PyErr_CheckSignals()) if
-+ a function fails with EINTR: retry directly the interrupted function
-+ - Don't release the GIL to call functions.
-+*/
-+static int
-+pyurandom(void *buffer, Py_ssize_t size, int raise)
-+{
-+#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY)
-+ int res;
-+#endif
-+
-+ if (size < 0) {
-+ if (raise) {
-+ PyErr_Format(PyExc_ValueError,
-+ "negative argument not allowed");
-+ }
-+ return -1;
-+ }
-+
-+ if (size == 0) {
-+ return 0;
-+ }
-+
-+#ifdef MS_WINDOWS
-+ return win32_urandom((unsigned char *)buffer, size, raise);
-+#else
-+
-+#if defined(PY_GETRANDOM) || defined(PY_GETENTROPY)
-+#ifdef PY_GETRANDOM
-+ res = py_getrandom(buffer, size, raise);
-+#else
-+ res = py_getentropy(buffer, size, raise);
-+#endif
-+ if (res < 0) {
-+ return -1;
-+ }
-+ if (res == 1) {
-+ return 0;
-+ }
-+ /* getrandom() or getentropy() function is not available: failed with
-+ ENOSYS, EPERM or EAGAIN. Fall back on reading from /dev/urandom. */
-+#endif
-+
-+ return dev_urandom(buffer, size, raise);
-+#endif
-+}
-+
- /* Fill buffer with size pseudo-random bytes from the operating system random
- number generator (RNG). It is suitable for most cryptographic purposes
- except long living private keys for asymmetric encryption.
-
-- Return 0 on success, raise an exception and return -1 on error. */
-+ Return 0 on success. Raise an exception and return -1 on error. */
- int
- _PyOS_URandom(void *buffer, Py_ssize_t size)
- {
-- if (size < 0) {
-- PyErr_Format(PyExc_ValueError,
-- "negative argument not allowed");
-- return -1;
-- }
-- if (size == 0)
-- return 0;
--
--#ifdef MS_WINDOWS
-- return win32_urandom((unsigned char *)buffer, size, 1);
--#elif defined(PY_GETENTROPY)
-- return py_getentropy(buffer, size, 0);
--#else
-- return dev_urandom_python((char*)buffer, size);
--#endif
-+ return pyurandom(buffer, size, 1);
- }
-
- void
-@@ -463,13 +558,14 @@ void
- }
- }
- else {
--#ifdef MS_WINDOWS
-- (void)win32_urandom(secret, secret_size, 0);
--#elif defined(PY_GETENTROPY)
-- (void)py_getentropy(secret, secret_size, 1);
--#else
-- dev_urandom_noraise(secret, secret_size);
--#endif
-+ int res;
-+
-+ /* _PyRandom_Init() is called very early in the Python initialization
-+ and so exceptions cannot be used (use raise=0). */
-+ res = pyurandom(secret, secret_size, 0);
-+ if (res < 0) {
-+ Py_FatalError("failed to get random numbers to initialize Python");
-+ }
- }
- }
-
-@@ -481,8 +577,6 @@ void
- CryptReleaseContext(hCryptProv, 0);
- hCryptProv = 0;
- }
--#elif defined(PY_GETENTROPY)
-- /* nothing to clean */
- #else
- dev_urandom_close();
- #endif
-
--- /dev/null
+Skip tests that fail with newer versions of Python.
+
+Patch copied from Gentoo:
+
+https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-python/unittest2/files/unittest2-1.1.0-python3.5-test.patch
+
+diff --git a/unittest2/test/test_loader.py b/unittest2/test/test_loader.py
+index 683f662..347eea5 100644
+--- a/unittest2/test/test_loader.py
++++ b/unittest2/test/test_loader.py
+@@ -509,6 +509,7 @@ class Test_TestLoader(unittest2.TestCase):
+ #
+ # What happens when an impossible name is given, relative to the provided
+ # `module`?
++ @unittest.skipIf(sys.version_info[:2] >= (3, 5), "python 3.5 has problems here")
+ def test_loadTestsFromName__relative_malformed_name(self):
+ loader = unittest.TestLoader()
+
+@@ -811,6 +812,7 @@ class Test_TestLoader(unittest2.TestCase):
+ # TestCase or TestSuite instance."
+ #
+ # What happens when presented with an impossible module name?
++ @unittest.skipIf(sys.version_info[:2] >= (3, 5), "python 3.5 has problems here")
+ def test_loadTestsFromNames__malformed_name(self):
+ loader = unittest2.TestLoader()
+
+@@ -918,6 +920,7 @@ class Test_TestLoader(unittest2.TestCase):
+ # "The method optionally resolves name relative to the given module"
+ #
+ # What happens when presented with an impossible attribute name?
++ @unittest.skipIf(sys.version_info[:2] >= (3, 5), "python 3.5 has problems here")
+ def test_loadTestsFromNames__relative_malformed_name(self):
+ loader = unittest.TestLoader()
+
+++ /dev/null
-This patch ensures that the 'tclIndex' files generated by 'auto_mkindex'
-are sorted in a deterministic fashion.
-
-Fixes a non-determinism issue reported
-at <https://lists.gnu.org/archive/html/guix-devel/2015-10/msg00696.html>.
-
---- tcl8.6.4/library/auto.tcl 2015-02-26 17:57:28.000000000 +0100
-+++ tcl8.6.4/library/auto.tcl 2015-11-13 23:18:34.964831717 +0100
-@@ -207,6 +207,9 @@ proc auto_mkindex {dir args} {
- set args *.tcl
- }
-
-+ # Keep file names sorted in a determistic order.
-+ set args [lsort -ascii $args]
-+
- auto_mkindex_parser::init
- foreach file [glob -- {*}$args] {
- try {
-@@ -241,6 +244,10 @@ proc auto_mkindex_old {dir args} {
- if {![llength $args]} {
- set args *.tcl
- }
-+
-+ # Keep file names sorted in a determistic order.
-+ set args [lsort -ascii $args]
-+
- foreach file [glob -- {*}$args] {
- set f ""
- set error [catch {
--- /dev/null
+Fix build failure with glibc 2.26.
+
+Patch copied from upstream source repository:
+https://sourceware.org/git/?p=valgrind.git;a=commit;h=2b5eab6a8db1b0487a3ad7fc4e7eeda6d3513626
+
+diff --git a/memcheck/tests/linux/stack_changes.c b/memcheck/tests/linux/stack_changes.c
+index a978fc2..7f97b90 100644
+--- a/memcheck/tests/linux/stack_changes.c
++++ b/memcheck/tests/linux/stack_changes.c
+@@ -10,7 +10,7 @@
+ // This test is checking the libc context calls (setcontext, etc.) and
+ // checks that Valgrind notices their stack changes properly.
+
+-typedef struct ucontext mycontext;
++typedef ucontext_t mycontext;
+
+ mycontext ctx1, ctx2, oldc;
+ int count;
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
(define-public pcre
(package
(name "pcre")
- (version "8.40")
- (replacement pcre-8.41)
+ (version "8.41")
(source (origin
(method url-fetch)
(uri (list
"pcre-" version ".tar.bz2")
(string-append "mirror://sourceforge/pcre/pcre/"
version "/pcre-" version ".tar.bz2")))
- (patches (search-patches "pcre-CVE-2017-7186.patch"))
(sha256
(base32
- "1x7lpjn7jhk0n3sdvggxrlrhab8kkfjwl7qix0ypw9nlx8lpmqh0"))))
+ "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76"))))
(build-system gnu-build-system)
(outputs '("out" ;library & headers
"bin" ;depends on Readline (adds 20MiB to the closure)
(license license:bsd-3)
(home-page "http://www.pcre.org/")))
-(define pcre-8.41
- (package
- (inherit pcre)
- (version "8.41")
- (source (origin
- (method url-fetch)
- (uri (list (string-append "mirror://sourceforge/pcre/pcre/"
- version "/pcre-" version ".tar.bz2")
- (string-append "ftp://ftp.csx.cam.ac.uk"
- "/pub/software/programming/pcre/"
- "pcre-" version ".tar.bz2")))
- (sha256
- (base32
- "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76"))))))
-
(define-public pcre2
(package
(name "pcre2")
(define-public poppler
(package
(name "poppler")
- (version "0.59.0")
+ (version "0.62.0")
(source (origin
(method url-fetch)
(uri (string-append "https://poppler.freedesktop.org/poppler-"
version ".tar.xz"))
(sha256
(base32
- "0hcnghliyr8pr887qza18qfgaclw5jr889g1cjcglkni9jr2dmm3"))))
- (build-system gnu-build-system)
+ "1ii9ly1pngyvs0aiq2wxpya08hidpl54y7nsb8b1vxnnskgp76jv"))))
+ (build-system cmake-build-system)
;; FIXME:
;; use libcurl: no
(inputs `(("fontconfig" ,fontconfig)
("libpng" ,libpng)
("libtiff" ,libtiff)
("lcms" ,lcms)
- ("openjpeg-1" ,openjpeg-1) ; prefers openjpeg-1
+ ("openjpeg" ,openjpeg)
("zlib" ,zlib)
;; To build poppler-glib (as needed by Evince), we need Cairo and
(arguments
`(#:tests? #f ; no test data provided with the tarball
#:configure-flags
- '("--enable-xpdf-headers" ; to install header files
- "--enable-zlib"
-
- ;; Saves 8 MiB of .a files.
- "--disable-static")
- #:phases
- (modify-phases %standard-phases
- (add-before 'configure 'setenv
- (lambda _
- (setenv "CPATH"
- (string-append (assoc-ref %build-inputs "openjpeg-1")
- "/include/openjpeg-1.5"
- ":" (or (getenv "CPATH") "")))
- #t)))))
+ (let* ((out (assoc-ref %outputs "out"))
+ (lib (string-append out "/lib")))
+ (list "-DENABLE_XPDF_HEADERS=ON" ; to install header files
+ "-DENABLE_ZLIB=ON"
+ (string-append "-DCMAKE_INSTALL_LIBDIR=" lib)
+ (string-append "-DCMAKE_INSTALL_RPATH=" lib)))))
(synopsis "PDF rendering library")
(description
"Poppler is a PDF rendering library based on the xpdf-3.0 code base.")
(name "poppler-qt5")
(inputs `(("qtbase" ,qtbase)
,@(package-inputs poppler)))
- (arguments
- (substitute-keyword-arguments (package-arguments poppler)
- ((#:configure-flags flags)
- `(cons "CXXFLAGS=-std=gnu++11" ,flags))))
(synopsis "Qt5 frontend for the Poppler PDF rendering library")))
(define-public python-poppler-qt4
;; Yeah, Perl... It is required early in the bootstrap process by Linux.
(package
(name "perl")
- (version "5.26.0")
+ (version "5.26.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://cpan/src/5.0/perl-"
version ".tar.gz"))
(sha256
(base32
- "0zxn9hd7mqgq06ikyi6k70ngbvjf01z1paw0jd25byyl0rlwdrzb"))
+ "1p81wwvr5jb81m41d07kfywk5gvbk0axdrnvhc2aghcdbr4alqz7"))
(patches (search-patches
"perl-file-path-CVE-2017-6512.patch"
"perl-no-sys-dirs.patch"
(base32 "1lgfr87j4qwqnln0hyyzgik5ixqslzdaksn9m8y824gqbcihc6ic"))))
(build-system perl-build-system)
(arguments
- `(#:phases
+ `(;; XXX: We'd like to use #:disallowed-references 'perl-build-system'
+ ;; doesn't support it yet.
+ ;;
+ ;; #:disallowed-references (,tzdata-for-tests)
+
+ #:phases
(modify-phases %standard-phases
;; This is needed for tests
(add-after 'unpack 'set-TZDIR
#t)))))
(native-inputs
`(("perl-module-build" ,perl-module-build)
- ("tzdata" ,tzdata-2017a)))
+ ("tzdata" ,tzdata-for-tests)))
(home-page "https://metacpan.org/release/Time-ParseDate")
(synopsis "Collection of Perl modules for time/date manipulation")
(description "Provides several perl modules for date/time manipulation:
(build-system cmake-build-system)
(arguments
`(#:tests? #f ; There are no tests.
- #:configure-flags '("-DCMAKE_INSTALL_LIBDIR=lib" "-DBINARY_PACKAGE_BUILD=On")
+ #:configure-flags '("-DBINARY_PACKAGE_BUILD=On")
#:make-flags
(list
(string-append "CPATH=" (assoc-ref %build-inputs "ilmbase")
(define-public pulseaudio
(package
(name "pulseaudio")
- (version "11.0")
+ (version "11.1")
(source (origin
(method url-fetch)
(uri (string-append
name "-" version ".tar.xz"))
(sha256
(base32
- "0sf92knqkvqmfhrbz4vlsagzqlps72wycpmln5dygicg07a0a8q7"))
+ "17ndr6kc7hpv4ih4gygwlcpviqifbkvnk4fbwf4n25kpb991qlpj"))
(modules '((guix build utils)))
(snippet
;; Disable console-kit support by default since it's deprecated
(string-append "--with-udev-rules-dir="
(assoc-ref %outputs "out")
"/lib/udev/rules.d"))
- #:phases (alist-cons-before
- 'check 'pre-check
- (lambda _
- ;; 'tests/lock-autospawn-test.c' wants to create a file
- ;; under ~/.config/pulse.
- (setenv "HOME" (getcwd))
- ;; 'thread-test' needs more time on hydra and on slower
- ;; machines, so we set the default timeout to 120 seconds.
- (setenv "CK_DEFAULT_TIMEOUT" "120"))
- %standard-phases)))
+ #:phases (modify-phases %standard-phases
+ (add-before 'check 'pre-check
+ (lambda _
+ ;; 'tests/lock-autospawn-test.c' wants to create a file
+ ;; under ~/.config/pulse.
+ (setenv "HOME" (getcwd))
+ ;; 'thread-test' needs more time on hydra and on slower
+ ;; machines, so we set the default timeout to 120 seconds.
+ (setenv "CK_DEFAULT_TIMEOUT" "120")
+ #t)))))
(inputs
;; TODO: Add optional inputs (GTK+?).
`(("alsa-lib" ,alsa-lib)
("python-hypothesis" ,python-hypothesis)
("python-pretend" ,python-pretend)
("python-pytz" ,python-pytz)
- ("python-pytest" ,python-pytest-3.0)))
+ ("python-pytest" ,python-pytest)))
(home-page "https://github.com/pyca/cryptography")
(synopsis "Cryptographic recipes and primitives for Python")
(description
(native-inputs
`(("python-flaky" ,python-flaky)
("python-pretend" ,python-pretend)
- ("python-pytest" ,python-pytest-3.0)))
+ ("python-pytest" ,python-pytest)))
(home-page "https://github.com/pyca/pyopenssl")
(synopsis "Python wrapper module around the OpenSSL library")
(description
(define-public python-2.7
(package
(name "python")
- (version "2.7.13")
+ (version "2.7.14")
(source
(origin
(method url-fetch)
version "/Python-" version ".tar.xz"))
(sha256
(base32
- "0cgpk3zk0fgpji59pb4zy9nzljr70qzgv1vpz5hq5xw2d2c47m9m"))
+ "0rka541ys16jwzcnnvjp2v12m4cwgd2jp6wj4kj511p715pb5zvi"))
(patches (search-patches "python-2.7-search-paths.patch"
"python-2-deterministic-build-info.patch"
"python-2.7-site-prefixes.patch"
"python-2.7-source-date-epoch.patch"
- "python-2.7-getentropy-on-old-kernels.patch"))
+ "python-2.7-adjust-tests.patch"))
(modules '((guix build utils)))
;; suboptimal to delete failing tests here, but if we delete them in the
;; arguments then we need to make sure to strip out that phase when it
'("Lib/subprocess.py"
"Lib/popen2.py"
"Lib/distutils/tests/test_spawn.py"
+ "Lib/test/support/__init__.py"
"Lib/test/test_subprocess.py"))
(("/bin/sh") (which "sh")))
;; Current 2.x version.
(define-public python-2 python-2.7)
-(define-public python-3.5
+(define-public python-3.6
(package (inherit python-2)
- (version "3.5.3")
+ (version "3.6.3")
(source (origin
(method url-fetch)
(uri (string-append "https://www.python.org/ftp/python/"
version "/Python-" version ".tar.xz"))
(patches (search-patches
"python-fix-tests.patch"
- "python-3.5-fix-tests.patch"
- "python-3.5-getentropy-on-old-kernels.patch"
+ "python-3-fix-tests.patch"
"python-3-deterministic-build-info.patch"
"python-3-search-paths.patch"))
(patch-flags '("-p0"))
(sha256
(base32
- "1c6v1n9nz4mlx9mw1125fxpmbrgniqdbbx9hnqx44maqazb2mzpf"))
+ "1nl1raaagr4car787a2hmjv2dw6gqny53xfd6wisbgx4r5kxk9yd"))
(snippet
'(begin
(for-each delete-file
- '("Lib/ctypes/test/test_win32.py" ; fails on aarch64
- "Lib/test/test_fcntl.py"))
+ '("Lib/ctypes/test/test_structures.py" ; fails on aarch64
+ "Lib/ctypes/test/test_win32.py" ; fails on aarch64
+ "Lib/test/test_fcntl.py")) ; fails on aarch64
#t))))
(arguments (substitute-keyword-arguments (package-arguments python-2)
((#:tests? _) #t)))
"/site-packages"))))))))
;; Current 3.x version.
-(define-public python-3 python-3.5)
+(define-public python-3 python-3.6)
;; Current major version.
(define-public python python-3)
(define-public python-six
(package
(name "python-six")
- (version "1.10.0")
+ (version "1.11.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "six" version))
(sha256
(base32
- "0snmb8xffb3vsma0z67i0h0w2g2dy0p3gsgh9gi4i0kgc5l8spqh"))))
+ "1scqzwc51c875z23phj48gircqjgnn3af8zy2izjwmnlxrxsgs3h"))))
(build-system python-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (replace 'check
+ (lambda _
+ (zero? (system* "py.test" "-v")))))))
(native-inputs
`(("python-py" ,python-py)
- ("python-pytest" ,python-pytest)))
+ ("python-pytest" ,python-pytest-bootstrap)))
(home-page "https://pypi.python.org/pypi/six/")
(synopsis "Python 2 and 3 compatibility utilities")
(description
(home-page "http://www.liquidx.net/pybugz/")
(license license:gpl2)))
+(define-public python2-enum
+ (package
+ (name "python2-enum")
+ (version "0.4.6")
+ (source (origin
+ (method url-fetch)
+ (uri (pypi-uri "enum" version))
+ (sha256
+ (base32
+ "13lk3yrwj42vl30kw3c194f739nrfrdg64s6i0v2p636n4k8brsl"))))
+ (build-system python-build-system)
+ (arguments
+ `(#:python ,python-2))
+ (home-page "http://pypi.python.org/pypi/enum/")
+ (synopsis "Robust enumerated type support in Python")
+ (description
+ "This provides a module for robust enumerations in Python. It has
+been superseded by the Python standard library and is provided only for
+compatibility.")
+ ;; Choice of either license.
+ (license (list license:gpl3+ license:psfl))))
+
(define-public python-enum34
(package
(name "python-enum34")
"@code{pafy} is a python library to retrieve YouTube content and metadata.")
(license license:lgpl3+)))
+(define-public python2-funcsigs
+ (package
+ (name "python2-funcsigs")
+ (version "1.0.2")
+ (source (origin
+ (method url-fetch)
+ (uri (pypi-uri "funcsigs" version))
+ (sha256
+ (base32
+ "0l4g5818ffyfmfs1a924811azhjj8ax9xd1cffr1mzd3ycn0zfx7"))))
+ (build-system python-build-system)
+ (arguments
+ `(#:python ,python-2))
+ (native-inputs
+ `(("python2-unittest2" ,python2-unittest2)))
+ (home-page "http://funcsigs.readthedocs.org")
+ (synopsis "Python function signatures from PEP362")
+ (description
+ "Backport of @code{funcsigs} which was introduced in Python 3.3.")
+ (license license:asl2.0)))
+
+(define-public python-pafy
+ (package
+ (name "python-pafy")
+ (version "0.5.3.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (pypi-uri "pafy" version))
+ (sha256
+ (base32
+ "1a7dxi95m1043rxx1r5x3ngb66nwlq6aqcasyqqjzmmmjps4zrim"))))
+ (build-system python-build-system)
+ (arguments
+ `(#:tests? #f)) ; Currently pafy can not find itself in the tests
+ (propagated-inputs
+ ;; Youtube-dl is a python package which is imported in the file
+ ;; "backend_youtube_dl.py", therefore it needs to be propagated.
+ `(("youtube-dl" ,youtube-dl)))
+ (home-page "https://np1.github.io/pafy/")
+ (synopsis "Retrieve YouTube content and metadata")
+ (description
+ "@code{pafy} is a python library to retrieve YouTube content and metadata.")
+ (license license:lgpl3+)))
+
(define-public python-py
(package
(name "python-py")
- (version "1.4.32")
+ (version "1.4.34")
(source
(origin
(method url-fetch)
(uri (pypi-uri "py" version))
(sha256
(base32
- "19s1pql9pq85h1qzsdwgyb8a3k1qgkvh33b02m8kfqhizz8rzf64"))))
+ "1qyd5z0hv8ymxy84v5vig3vps2fvhcf4bdlksb3r03h549fmhb8g"))))
(build-system python-build-system)
(arguments
;; FIXME: "ImportError: 'test' module incorrectly imported from
#t))))
(build-system python-build-system)
(native-inputs
- `(("python-pytest" ,python-pytest-3.0)
+ `(("python-pytest" ,python-pytest)
("python-pytest-cov" ,python-pytest-cov)
("python-pytest-runner" ,python-pytest-runner)))
(home-page "https://github.com/progrium/pyjwt")
(base32
"1zzrkywhziqffrzks14kzixz7nd4yh2vc0fb04a68vfd2ai03anx"))))
(build-system python-build-system)
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- ;; These files cannot be built with Python < 3.6. See
- ;; https://github.com/pallets/jinja/issues/655
- ;; FIXME: Remove this when the "python" package is upgraded.
- (add-after 'unpack 'delete-incompatible-files
- (lambda _
- (for-each delete-file
- '("jinja2/asyncsupport.py"
- "jinja2/asyncfilters.py"))
- #t)))))
(propagated-inputs
`(("python-markupsafe" ,python-markupsafe)))
(home-page "http://jinja.pocoo.org/")
`(("python-sphinxcontrib-websupport" ,python-sphinxcontrib-websupport)
,@(package-propagated-inputs python-sphinx)))
(native-inputs
- `(("python-pytest" ,python-pytest-3.0)
+ `(("python-pytest" ,python-pytest)
("imagemagick" ,imagemagick) ; for "convert"
,@(package-native-inputs python-sphinx)))
(properties '())))
(base32
"0kw1axswbvaavr8ggyf4qr6hnisnrzlbkkcdada69vk1x9xjassg"))))
(native-inputs
- `(("python-pytest" ,python-pytest-3.0)
+ `(("python-pytest" ,python-pytest)
,@(package-native-inputs python-sphinx)))))
(define-public python2-sphinx
(arguments '(#:tests? #f)) ; Test file 'grako.ebnf' is missing from archive.
(native-inputs
`(("unzip" ,unzip)
- ("python-pytest" ,python-pytest-3.0)
+ ("python-pytest" ,python-pytest)
("python-pytest-runner" ,python-pytest-runner)))
(home-page "https://bitbucket.org/neogeny/grako")
(synopsis "EBNF parser generator")
(base32 "0zizn61n5z5hq421hkypk9pw8s6fpxw30f4hsg7k4ivwzy3gjw9j"))))
(build-system python-build-system)
(native-inputs
- `(("python-pytest" ,python-pytest-3.0)
+ `(("python-pytest" ,python-pytest)
("python-mock" ,python-mock)
("python-tox" ,python-tox)
("which" ,which))) ;for tests
(replace 'check (lambda _ (zero? (system* "nosetests" "-v")))))))
(native-inputs
`(("python-nose" ,python-nose)
- ("python-pytest" ,python-pytest-3.0)
+ ("python-pytest" ,python-pytest)
("man-db" ,man-db)
("which" ,which)
("bash-full" ,bash))) ;full Bash for 'test_replwrap.py'
(define-public python-setuptools-scm
(package
(name "python-setuptools-scm")
- (version "1.15.0")
+ (version "1.15.6")
(source (origin
(method url-fetch)
(uri (pypi-uri "setuptools_scm" version))
(sha256
(base32
- "0bwyc5markib0i7i2qlyhdzxhiywzxbkfiapldma8m91m82jvwfs"))))
+ "0pzvfmx8s20yrgkgwfbxaspz2x1g38qv61jpm0ns91lrb22ldas9"))))
(build-system python-build-system)
(home-page "https://github.com/pypa/setuptools_scm/")
(synopsis "Manage Python package versions in SCM metadata")
(define-public python-pyflakes
(package
(name "python-pyflakes")
- (version "1.0.0")
+ (version "1.5.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "pyflakes" version))
(sha256
(base32
- "0qs2sgqszq7wcplis8509wk2ygqcrwzbs1ghfj3svvivq2j377pk"))))
+ "1x1pcca4a24k4pw8x1c77sgi58cg1wl2k38mp8a25k608pzls3da"))))
(build-system python-build-system)
(home-page
"https://github.com/pyflakes/pyflakes")
(define-public python-mccabe
(package
(name "python-mccabe")
- (version "0.4.0")
+ (version "0.6.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "mccabe" version))
(sha256
(base32
- "0yr08a36h8lqlif10l4xcikbbig7q8f41gqywir7rrvnv3mi4aws"))))
+ "07w3p1qm44hgxf3vvwz84kswpsx6s7kvaibzrsx5dzm0hli1i3fx"))))
(build-system python-build-system)
(native-inputs
- `(("python-pytest" ,python-pytest)
+ `(("python-pytest" ,python-pytest-bootstrap)
("python-pytest-runner" ,python-pytest-runner)))
(home-page "https://github.com/flintwork/mccabe")
(synopsis "McCabe checker, plugin for flake8")
(define-public python-flake8
(package
(name "python-flake8")
- (version "2.5.4")
+ (version "3.4.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "flake8" version))
(sha256
(base32
- "0bs9cz4fr99r2rwig1b8jwaadl1nan7kgpdzqwj0bwbckwbmh7nc"))
- (modules '((guix build utils)))
- (snippet
- '(begin
- ;; Remove pre-compiled .pyc files from source.
- (for-each delete-file-recursively
- (find-files "." "__pycache__" #:directories? #t))
- (for-each delete-file (find-files "." "\\.pyc$"))
- #t))))
- (build-system python-build-system)
- (propagated-inputs
- `(("python-pep8" ,python-pep8)
+ "1n0i38592vy3q0x2a9bf8z6rhhn04i30wsn5i5zzcj7qkxvl8062"))))
+ (build-system python-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (delete 'check)
+ (add-after 'install 'check
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (add-installed-pythonpath inputs outputs)
+ (zero? (system* "pytest" "-v")))))))
+ (propagated-inputs
+ `(("python-pycodestyle" ,python-pycodestyle)
("python-pyflakes" ,python-pyflakes)
+ ;; flake8 depends on a newer setuptools than provided by python.
+ ("python-setuptools" ,python-setuptools)
("python-mccabe" ,python-mccabe)))
(native-inputs
`(("python-mock" ,python-mock) ; TODO: only required for < 3.3
- ("python-nose" ,python-nose)))
+ ("python-pytest" ,python-pytest-bootstrap)
+ ("python-pytest-runner" ,python-pytest-runner)))
(home-page "https://gitlab.com/pycqa/flake8")
(synopsis
"The modular source code checker: pep8, pyflakes and co")
(description
"Flake8 is a wrapper around PyFlakes, pep8 and python-mccabe.")
+ (properties `((python2-variant . ,(delay python2-flake8))))
(license license:expat)))
(define-public python2-flake8
- (package-with-python2 python-flake8))
+ (let ((base (package-with-python2 (strip-python2-variant python-flake8))))
+ (package (inherit base)
+ (propagated-inputs
+ `(("python2-configparser" ,python2-configparser)
+ ("python2-enum" ,python2-enum)
+ ,@(package-propagated-inputs base))))))
(define-public python-flake8-polyfill
(package
`(("python-dateutil" ,python-dateutil)
("python-simplejson" ,python-simplejson)))
(native-inputs
- `(("python-pytest-3.0" ,python-pytest-3.0)
+ `(("python-pytest" ,python-pytest)
("python-pytz" ,python-pytz)))
(home-page "https://github.com/marshmallow-code/marshmallow")
(synopsis "Convert complex datatypes to and from native
(propagated-inputs
`(("python-pyyaml" ,python-pyyaml)))
(native-inputs
- `(("python-pytest-3.0" ,python-pytest-3.0)
+ `(("python-pytest" ,python-pytest)
("python-flask" ,python-flask)
("python-marshmallow" ,python-marshmallow)
("python-tornado" ,python-tornado)
("python-flake8" ,python-flake8)
("python-flask-restful" ,python-flask-restful)
("python-flex" ,python-flex)
- ("python-pytest-3.0" ,python-pytest-3.0)
+ ("python-pytest" ,python-pytest)
("python-pytest-cov" ,python-pytest-cov)
("python-marshmallow" ,python-marshmallow)
("python-apispec" ,python-apispec)))
`(;; The tests depend on unittest2, and our version is a bit too old.
#:tests? #f))
(native-inputs
- `(("python-pbr" ,python-pbr)))
+ `(("python-pbr" ,python-pbr-minimal)))
(home-page
"https://github.com/testing-cabal/linecache2")
(synopsis "Backports of the linecache module")
`(;; python-traceback2 and python-unittest2 depend on one another.
#:tests? #f))
(native-inputs
- `(("python-pbr" ,python-pbr)))
+ `(("python-pbr" ,python-pbr-minimal)))
(propagated-inputs
`(("python-linecache2" ,python-linecache2)))
(home-page
"1nii1sz5jq75ilf18bjnr11l9rz1lvdmyk66bxl7q90qan85yhjj"))))
(build-system python-build-system)
(native-inputs
- `(("python-pytest-3.0" ,python-pytest-3.0)))
+ `(("python-pytest" ,python-pytest)))
(propagated-inputs
`(("python-setuptools-scm" ,python-setuptools-scm)))
(home-page "https://github.com/Changaco/setuptools_scm_git_archive/")
`(#:python ,python-2))
(native-inputs
`(("unzip" ,unzip)
- ("python2-pytest-3.0" ,python2-pytest-3.0)
+ ("python2-pytest" ,python2-pytest)
("python2-pytest-runner" ,python2-pytest-runner)))
(propagated-inputs
`(("python-fonttools" ,python2-fonttools)
("openssl" ,openssl)))
(arguments
`(#:configure-flags
- (list "-DCMAKE_INSTALL_LIBDIR=lib"
- "-DCMAKE_BUILD_TYPE=RELEASE"
+ (list "-DCMAKE_BUILD_TYPE=RELEASE"
"-DWITH_JPEG=ON"
,@(if (string-prefix? "x86_64"
(or (%current-target-system)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu)
- #:use-module (guix utils))
+ #:use-module (guix utils)
+ #:use-module (ice-9 format))
+
+(define (patch-url seqno)
+ (format #f "mirror://gnu/readline/readline-7.0-patches/readline70-~3,'0d" seqno))
+
+(define (readline-patch seqno sha256)
+ "Return the origin of Readline patch SEQNO, with expected hash SHA256"
+ (origin
+ (method url-fetch)
+ (uri (patch-url seqno))
+ (sha256 sha256)))
+
+(define-syntax-rule (patch-series (seqno hash) ...)
+ (list (readline-patch seqno (base32 hash))
+ ...))
+
+(define %patch-series-7.0
+ (patch-series
+ (1 "0xm3sxvwmss7ddyfb11n6pgcqd1aglnpy15g143vzcf75snb7hcs")
+ (2 "0n1dxmqsbjgrfxb1hgk5c6lsraw4ncbnzxlsx7m35nym6lncjiw7")
+ (3 "1027kmymniizcy0zbdlrczxfx3clxcdln5yq05q9yzlc6y9slhwy")))
(define-public readline
- (let ((post-install-phase
- '(lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (lib (string-append out "/lib")))
- ;; Make libraries writable so that `strip' can work.
- ;; Failing to do that, it bails out with "Permission
- ;; denied".
- (for-each (lambda (f) (chmod f #o755))
- (find-files lib "\\.so"))
- (for-each (lambda (f) (chmod f #o644))
- (find-files lib "\\.a"))))))
- (package
- (name "readline")
- (version "7.0")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/readline/readline-"
- version ".tar.gz"))
- (sha256
- (base32
- "0d13sg9ksf982rrrmv5mb6a2p4ys9rvg9r71d6il0vr8hmql63bm"))
- (patches (search-patches "readline-link-ncurses.patch"))
- (patch-flags '("-p0"))))
- (build-system gnu-build-system)
- (propagated-inputs `(("ncurses" ,ncurses)))
- (arguments `(#:configure-flags
- (list (string-append "LDFLAGS=-Wl,-rpath -Wl,"
- (assoc-ref %build-inputs "ncurses")
- "/lib")
+ (package
+ (name "readline")
+ (version (string-append "7.0."
+ (number->string (length %patch-series-7.0))))
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnu/readline/readline-"
+ (version-major+minor version) ".tar.gz"))
+ (sha256
+ (base32
+ "0d13sg9ksf982rrrmv5mb6a2p4ys9rvg9r71d6il0vr8hmql63bm"))
+ (patches (append
+ %patch-series-7.0
+ (search-patches "readline-link-ncurses.patch")))
+ (patch-flags '("-p0"))))
+ (build-system gnu-build-system)
+ (propagated-inputs `(("ncurses" ,ncurses)))
+ (arguments `(#:configure-flags
+ (list (string-append "LDFLAGS=-Wl,-rpath -Wl,"
+ (assoc-ref %build-inputs "ncurses")
+ "/lib")
- ;; This test does an 'AC_TRY_RUN', which aborts when
- ;; cross-compiling, so provide the correct answer.
- ,@(if (%current-target-system)
- '("bash_cv_wcwidth_broken=no")
- '())
- ;; MinGW: ncurses provides the termcap api.
- ,@(if (target-mingw?)
- '("bash_cv_termcap_lib=ncurses")
- '()))
+ ;; This test does an 'AC_TRY_RUN', which aborts when
+ ;; cross-compiling, so provide the correct answer.
+ ,@(if (%current-target-system)
+ '("bash_cv_wcwidth_broken=no")
+ '())
+ ;; MinGW: ncurses provides the termcap api.
+ ,@(if (target-mingw?)
+ '("bash_cv_termcap_lib=ncurses")
+ '()))
- ,@(if (target-mingw?)
- ;; MinGW: termcap in ncurses
- ;; some SIG_* #defined in _POSIX
- '(#:make-flags '("TERMCAP_LIB=-lncurses"
- "CPPFLAGS=-D_POSIX -D'chown(f,o,g)=0'"))
- '())
- #:phases (alist-cons-after
- 'install 'post-install
- ,post-install-phase
- %standard-phases)))
- (synopsis "Edit command lines while typing, with history support")
- (description
- "The GNU readline library allows users to edit command lines as they
+ ,@(if (target-mingw?)
+ ;; MinGW: termcap in ncurses
+ ;; some SIG_* #defined in _POSIX
+ '(#:make-flags '("TERMCAP_LIB=-lncurses"
+ "CPPFLAGS=-D_POSIX -D'chown(f,o,g)=0'"))
+ '())))
+ (synopsis "Edit command lines while typing, with history support")
+ (description
+ "The GNU readline library allows users to edit command lines as they
are typed in. It can maintain a searchable history of previously entered
commands, letting you easily recall, edit and re-enter past commands. It
features both Emacs-like and vi-like keybindings, making its usage
comfortable for anyone.")
- (license gpl3+)
- (home-page "https://savannah.gnu.org/projects/readline/"))))
+ (license gpl3+)
+ (home-page "https://savannah.gnu.org/projects/readline/")))
(define-public readline-6.2
(package (inherit readline)
;;; Copyright © 2015, 2016, 2017 Ben Woodcroft <donttrustben@gmail.com>
;;; Copyright © 2017 ng0 <ng0@n0.is>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
;;;
(define-public ruby
(package
(name "ruby")
- (replacement ruby-2.4.3)
- (version "2.4.2")
+ (version "2.4.3")
(source
(origin
(method url-fetch)
"/ruby-" version ".tar.xz"))
(sha256
(base32
- "0dgp4ypk3smrsbh2c249n5pl6nqhpd2igq9484dbsh81sf08k2kl"))
+ "0l9bv67dgsphk42lmiskhrnh47hbyj6rfg2rcjx22xivpx07srr3"))
(modules '((guix build utils)))
(snippet `(begin
;; Remove bundled libffi
(home-page "https://www.ruby-lang.org")
(license license:ruby)))
-(define-public ruby-2.4.3
- (package
- (inherit ruby)
- (name "ruby")
- (version "2.4.3")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "http://cache.ruby-lang.org/pub/ruby/"
- (version-major+minor version)
- "/ruby-" version ".tar.xz"))
- (sha256
- (base32
- "0l9bv67dgsphk42lmiskhrnh47hbyj6rfg2rcjx22xivpx07srr3"))
- (modules '((guix build utils)))
- (snippet `(begin
- ;; Remove bundled libffi
- (delete-file-recursively "ext/fiddle/libffi-3.2.1")
- #t))))))
-
(define-public ruby-2.3
(package
(inherit ruby)
"09pl0w01fr09bsrwd7nz2r5psysj0z93w4chz3hm2havvqqvhg3s"))))
(build-system gnu-build-system)
(arguments
- `(#:disallowed-references (,tzdata-2017a)
+ `(#:disallowed-references (,tzdata-for-tests)
#:make-flags
(list (string-append "LDFLAGS=-Wl,-rpath="
(assoc-ref %outputs "out")
("perl" ,perl)
("pkg-config" ,pkg-config)
("texinfo" ,texinfo) ; for building HTML manuals
- ("tzdata" ,tzdata-2017a)
+ ("tzdata" ,tzdata-for-tests)
("xz" ,xz)))
(inputs
`(;; We need not only cairo here, but pango to ensure that tests for the
(define-public tcl
(package
(name "tcl")
- (version "8.6.6")
+ (version "8.6.7")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/tcl/Tcl/"
version "/tcl" version "-src.tar.gz"))
(sha256
(base32
- "01zypqhy57wvh1ikk28bg733sk5kf4q568pq9v6fvcz4h6bl0rd2"))
- (patches (search-patches "tcl-mkindex-deterministic.patch"))))
+ "19bb09l55alz4jb38961ikd5116q80s51bjvzqy44ckkwf28ysvw"))))
(build-system gnu-build-system)
(arguments
- '(#:phases (alist-cons-before
- 'configure 'pre-configure
- (lambda _
- (chdir "unix"))
- (alist-cons-after
- 'install 'install-private-headers
- (lambda* (#:key outputs #:allow-other-keys)
- ;; Private headers are needed by Expect.
- (and (zero? (system* "make"
- "install-private-headers"))
- (let ((bin (string-append (assoc-ref outputs "out")
- "/bin")))
- ;; Create a tclsh -> tclsh8.6 symlink.
- ;; Programs such as Ghostscript rely on it.
- (with-directory-excursion bin
- (symlink (car (find-files "." "tclsh"))
- "tclsh")))))
- %standard-phases))
+ '(#:phases (modify-phases %standard-phases
+ (add-before 'configure 'pre-configure
+ (lambda _ (chdir "unix") #t))
+ (add-after 'install 'install-private-headers
+ (lambda* (#:key outputs #:allow-other-keys)
+ ;; Private headers are needed by Expect.
+ (and (zero? (system* "make"
+ "install-private-headers"))
+ (let ((bin (string-append (assoc-ref outputs "out")
+ "/bin")))
+ ;; Create a tclsh -> tclsh8.6 symlink.
+ ;; Programs such as Ghostscript rely on it.
+ (with-directory-excursion bin
+ (symlink (car (find-files "." "tclsh"))
+ "tclsh"))
+ #t)))))
;; By default, man pages are put in PREFIX/man, but we want them in
;; PREFIX/share/man. The 'validate-documentation-location' phase is
(define-public tk
(package
(name "tk")
- (version "8.6.6")
+ (version "8.6.7")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/tcl/Tcl/"
version "/tk" version "-src.tar.gz"))
(sha256
(base32
- "17diivcfcwdhp4v5zi6j9nkxncccjqkivhp363c4wx5lf4d3fb6n"))
+ "1aipcf6qmbgi15av8yrpp2hx6vdwr684r6739p8cgdzrajiy4786"))
(patches (search-patches "tk-find-library.patch"))))
(build-system gnu-build-system)
(arguments
;;; Copyright © 2012, 2013, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (gnu packages ncurses))
(define-public texinfo
- ;; TODO: Merge with 'texinfo-latest' on the next core-updates.
(package
(name "texinfo")
- (version "6.3")
+ (version "6.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/texinfo/texinfo-"
version ".tar.xz"))
(sha256
(base32
- "0fpr9kdjjl6nj2pc50k2zr7134hvqz8bi8pfqa7131a9lpzz6v14"))))
+ "0qjzvbvnv9003xdrcpi3jp7y68j4hq2ciw9frh2hghh698zlnxvp"))))
(build-system gnu-build-system)
- (native-inputs `(("procps" ,procps))) ;one of the tests needs pgrep
(inputs `(("ncurses" ,ncurses)
("perl" ,perl)))
is on expressing the content semantically, avoiding physical markup commands.")
(license gpl3+)))
-(define-public texinfo-latest
- ;; TODO: Turn this into 'texinfo' on the next core-updates cycle.
- (package (inherit texinfo)
- (version "6.5")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/texinfo/texinfo-"
- version ".tar.xz"))
- (sha256
- (base32
- "0qjzvbvnv9003xdrcpi3jp7y68j4hq2ciw9frh2hghh698zlnxvp"))))
- (native-inputs '())))
-
(define-public texinfo-5
(package (inherit texinfo)
(version "5.2")
(package
(name "libtasn1")
(version "4.12")
- (replacement libtasn1/fixed)
(source
(origin
(method url-fetch)
version ".tar.gz"))
(sha256
(base32
- "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))))
+ "0ls7jdq3y5fnrwg0pzhq11m21r8pshac2705bczz6mqjc8pdllv7"))
+ (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(home-page "https://www.gnu.org/software/libtasn1/")
specifications.")
(license license:lgpl2.0+)))
-(define libtasn1/fixed
- (package
- (inherit libtasn1)
- (source (origin
- (inherit (package-source libtasn1))
- (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))))
-
(define-public asn1c
(package
(name "asn1c")
living in the same process.")
(license license:bsd-3)))
-
-;; TODO Add net-tools-for-tests to #:disallowed-references when we can afford
-;; rebuild GnuTLS (i.e. core-updates).
(define-public gnutls
(package
(name "gnutls")
"15ihq6p0hnnhs8cnjrkj40dmlcaa1jjg8xg0g2ydbnlqs454ixbr"))))
(build-system gnu-build-system)
(arguments
- '(#:configure-flags
+ `(; Ensure we don't keep a reference to this buggy software.
+ #:disallowed-references (,net-tools)
+ #:configure-flags
(list
;; GnuTLS doesn't consult any environment variables to specify
;; the location of the system-wide trust store. Instead it has a
"debug"
"doc")) ;4.1 MiB of man pages
(native-inputs
- `(("net-tools" ,net-tools-for-tests)
+ `(("net-tools" ,net-tools)
("pkg-config" ,pkg-config)
("which" ,which)))
(inputs
(define-public openssl
(package
(name "openssl")
- (version "1.0.2l")
- (replacement openssl-1.0.2n)
+ (version "1.0.2n")
(source (origin
(method url-fetch)
- (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ (uri (list (string-append "https://www.openssl.org/source/openssl-"
+ version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/"
name "-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/" name "-" version ".tar.gz")))
(sha256
(base32
- "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf"))
+ "1zm82pyq5a9jm10q6iv7d3dih3xwjds4x30fqph3k317byvsn2rp"))
(snippet
'(begin
;; Remove ELF files. 'substitute*' can't read them.
,version "/misc"))
#t))))))
(native-search-paths
- ;; FIXME: These two variables must designate a single file or directory
- ;; and are not actually "search paths." In practice it works OK in user
- ;; profiles because there's always just one item that matches the
- ;; specification.
(list (search-path-specification
(variable "SSL_CERT_DIR")
+ (separator #f) ;single entry
(files '("etc/ssl/certs")))
(search-path-specification
(variable "SSL_CERT_FILE")
+ (file-type 'regular)
+ (separator #f) ;single entry
(files '("etc/ssl/certs/ca-certificates.crt")))))
(synopsis "SSL/TLS implementation")
(description
(license license:openssl)
(home-page "http://www.openssl.org/")))
-;; Fixes CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, and CVE-2017-3738.
-;; See <https://www.openssl.org/news/cl102.txt>.
-(define-public openssl-1.0.2n
- (package
- (inherit openssl)
- (version "1.0.2n")
- (source (origin
- (inherit (package-source openssl))
- (uri (list (string-append "https://www.openssl.org/source/openssl-"
- version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/openssl-"
- version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/old/"
- (string-trim-right version char-set:letter)
- "/openssl-" version ".tar.gz")))
- (sha256
- (base32
- "1zm82pyq5a9jm10q6iv7d3dih3xwjds4x30fqph3k317byvsn2rp"))))))
-
(define-public openssl-next
(package
(inherit openssl)
#t))))))
;; TODO: Add optional inputs for testing.
(native-inputs
- `(("python-mock" ,python-mock-2)
+ `(("python-mock" ,python-mock)
;; For documentation
("python-sphinx" ,python-sphinx)
("python-sphinxcontrib-programoutput" ,python-sphinxcontrib-programoutput)
;; TODO: Add optional inputs for testing.
(native-inputs
`(("python-nose" ,python-nose)
- ("python-mock" ,python-mock-2)
+ ("python-mock" ,python-mock)
;; For documentation
("python-sphinx" ,python-sphinx)
("python-sphinx-rtd-theme" ,python-sphinx-rtd-theme)
(define-public perl-net-ssleay
(package
(name "perl-net-ssleay")
- (version "1.81")
+ (version "1.82")
(source (origin
(method url-fetch)
(uri (string-append "mirror://cpan/authors/id/M/MI/MIKEM/"
"Net-SSLeay-" version ".tar.gz"))
(sha256
(base32
- "0z8vya34g88bc41kx955sv7y4niwbbywji8liqbl52v29qbvdjq0"))))
+ "1rf78z1macgmp6mwd7c2xq4yfw6wpf28hfwfz1d5wslqr4cwb5aq"))))
(build-system perl-build-system)
(inputs `(("openssl" ,openssl)))
(arguments
(sha256
(base32
"18bnrw9b1d55wi1wnl68n25achsp9w48n51n1xw4fwjjnaal7jk7"))
- (patches (search-patches "valgrind-enable-arm.patch"))))
+ (patches (search-patches "valgrind-enable-arm.patch"
+ "valgrind-glibc-compat.patch"))))
(build-system gnu-build-system)
(outputs '("doc" ;16 MB
"out"))
(define-public libva
(package
(name "libva")
- (version "1.8.3")
+ (version "2.0.0")
(source
(origin
(method url-fetch)
(string-append "https://www.freedesktop.org/software/vaapi/releases/"
"libva/libva-" version "/libva-" version ".tar.bz2")))
(sha256
- (base32 "16xbk0awl7wp0vy0nyjvxk11spbw25mp8kwd9bmhd6x9xffi5vjn"))))
+ (base32 "0cz5i62jnibmnx0i80i9yipq39v16qr6fw461f6hvrh9lbwh21mv"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
--- /dev/null
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages vulkan)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix git-download)
+ #:use-module (guix build-system cmake)
+ #:use-module (gnu packages)
+ #:use-module (gnu packages bison)
+ #:use-module (gnu packages freedesktop)
+ #:use-module (gnu packages gl)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages python)
+ #:use-module (gnu packages xorg))
+
+(define-public spirv-headers
+ (let ((commit "98b01515724c428d0f0a5d01deffcce0f5f5e61c")
+ (revision "1"))
+ (package
+ (name "spirv-headers")
+ (version (string-append "0.0-" revision "." (string-take commit 9)))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/KhronosGroup/SPIRV-Headers")
+ (commit commit)))
+ (sha256
+ (base32
+ "15bknwkv3xwmjs3lmkp282a1wrp0da1b4lp45i4yiav04zmqygj2"))
+ (file-name (string-append name "-" version "-checkout"))))
+ (build-system cmake-build-system)
+ (arguments
+ `(#:tests? #f ;; No tests
+ #:phases (modify-phases %standard-phases
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (zero? (system* "cmake" "-E" "copy_directory"
+ "../source/include/spirv"
+ (string-append (assoc-ref outputs "out")
+ "/include/spirv"))))))))
+ (home-page "https://github.com/KhronosGroup/SPIRV-Headers")
+ (synopsis "Machine-readable files from the SPIR-V Registry")
+ (description
+ "SPIRV-Headers is a repository containing machine-readable files from
+the SPIR-V Registry. This includes:
+@itemize
+@item Header files for various languages.
+@item JSON files describing the grammar for the SPIR-V core instruction set,
+and for the GLSL.std.450 extended instruction set.
+@item The XML registry file.
+@end itemize\n")
+ (license (license:x11-style
+ (string-append "https://github.com/KhronosGroup/SPIRV-Headers/blob/"
+ commit "/LICENSE"))))))
+
+(define-public spirv-tools
+ (package
+ (name "spirv-tools")
+ (version "2017.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/KhronosGroup/SPIRV-Tools/archive/v"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "009vflaa71a7xhvmm23f4sdbcgdkl1k4facqkwsg6djha2sdpsqq"))
+ (file-name (string-append name "-" version ".tar.gz"))))
+ (build-system cmake-build-system)
+ (arguments
+ `(#:configure-flags (list (string-append "-DCMAKE_INSTALL_LIBDIR="
+ (assoc-ref %outputs "out")
+ "/lib")
+ (string-append "-DSPIRV-Headers_SOURCE_DIR="
+ (assoc-ref %build-inputs
+ "spirv-headers")))))
+ (inputs `(("spirv-headers" ,spirv-headers)))
+ (native-inputs `(("pkg-config", pkg-config)
+ ("python" ,python)))
+ (home-page "https://github.com/KhronosGroup/SPIRV-Tools")
+ (synopsis "API and commands for processing SPIR-V modules")
+ (description
+ "The SPIR-V Tools project provides an API and commands for processing
+SPIR-V modules. The project includes an assembler, binary module parser,
+disassembler, validator, and optimizer for SPIR-V.")
+ (license license:asl2.0)))
+
+(define-public glslang
+ ;; Version 3.0 is too old for vulkan-icd-loader. Use a recent git commit
+ ;; until the next stable version.
+ (let ((commit "471bfed0621162a7513fc24a51e8a1ccc2e640ff")
+ (revision "1"))
+ (package
+ (name "glslang")
+ (version (string-append "3.0-" revision "." (string-take commit 9)))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/KhronosGroup/glslang")
+ (commit commit)))
+ (sha256
+ (base32
+ "0m2vljmrqppp80ghbbwfnayqw2canxlcjhgy6jw9xjdssln0d3pd"))
+ (file-name (string-append name "-" version "-checkout"))))
+ (build-system cmake-build-system)
+ (arguments
+ `(#:tests? #f ;; No tests
+ ;; glslang tries to set CMAKE_INSTALL_PREFIX manually. Remove the
+ ;; offending line.
+ #:phases (modify-phases %standard-phases
+ (add-after 'patch-source-shebangs 'fix-cmakelists
+ (lambda _
+ (substitute* "CMakeLists.txt"
+ (("set.*CMAKE_INSTALL_PREFIX.*") ""))
+ #t)))))
+ (native-inputs `(("bison" ,bison)
+ ("pkg-config" ,pkg-config)))
+ (home-page "https://github.com/KhronosGroup/glslang")
+ (synopsis "OpenGL and OpenGL ES shader front end and validator")
+ (description
+ "Glslang is the official reference compiler front end for the
+OpenGL@tie{}ES and OpenGL shading languages. It implements a strict
+interpretation of the specifications for these languages.")
+ ;; Modified BSD license. See "copyright" section of
+ ;; https://www.khronos.org/opengles/sdk/tools/Reference-Compiler/
+ (license (list license:bsd-3
+ ;; include/SPIRV/{bitutils,hex_float}.h are Apache 2.0.
+ license:asl2.0)))))
+
+(define-public vulkan-icd-loader
+ (package
+ (name "vulkan-icd-loader")
+ (version "1.0.61.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/KhronosGroup/Vulkan-LoaderAndValidationLayers/"
+ "archive/sdk-" version ".tar.gz"))
+ (sha256
+ (base32
+ "05g60hk30sbc4rwkh7nrgqdk6hfsi4hwxs54yrysrzr18xpfb8j7"))))
+ (build-system cmake-build-system)
+ (arguments
+ `(#:tests? #f ;FIXME: 23/39 tests fail. Try "tests/run_all_tests.sh".
+ #:configure-flags (list (string-append "-DCMAKE_INSTALL_LIBDIR="
+ (assoc-ref %outputs "out") "/lib"))))
+ (inputs `(("glslang" ,glslang)
+ ("libxcb" ,libxcb)
+ ("libx11" ,libx11)
+ ("libxrandr" ,libxrandr)
+ ("mesa" ,mesa)
+ ("spirv-tools" ,spirv-tools)
+ ("wayland" ,wayland)))
+ (native-inputs `(("pkg-config", pkg-config)
+ ("python" ,python)))
+ (home-page
+ "https://github.com/KhronosGroup/Vulkan-LoaderAndValidationLayers")
+ (synopsis "Khronos official ICD loader and validation layers for Vulkan")
+ (description
+ "Vulkan allows multiple @dfn{Installable Client Drivers} (ICDs) each
+supporting one or more devices to be used collectively. The loader is
+responsible for discovering available Vulkan ICDs on the system and inserting
+Vulkan layer libraries, including validation layers between the application
+and the ICD.")
+ ;; This software is mainly Apache 2.0 licensed, but contains some components
+ ;; covered by other licenses. See COPYRIGHT.txt for details.
+ (license (list license:asl2.0 ;LICENSE.txt
+ (license:x11-style "file://COPYRIGHT.txt")
+ license:bsd-3))))
("python-schema" ,python-schema-0.5)
("python-backports-csv" ,python-backports-csv)))
(native-inputs
- `(("python-pytest-3.0" ,python-pytest-3.0)
+ `(("python-pytest" ,python-pytest)
("python-pytest-capturelog" ,python-pytest-capturelog)
("python-responses" ,python-responses)))
(home-page "https://github.com/jjjake/internetarchive")
(define-public libdrm
(package
(name "libdrm")
- (version "2.4.83")
+ (version "2.4.89")
(source
(origin
(method url-fetch)
".tar.bz2"))
(sha256
(base32
- "1minzvsyz5hgm6ixpj8ysa6jsv7vm8qc8nx390jxdsk0v9ljd983"))
+ "0bm06vqqjbb06mlz2f2h4man0xp0dz928pyycs8q1d5vma19g7v2"))
(patches (search-patches "libdrm-symbol-check.patch"))))
(build-system gnu-build-system)
(arguments
("xcb-util-wm" ,xcb-util-wm)))
(native-inputs
`(("bison" ,bison)
- ("check" ,check-0.11.0)
+ ("check" ,check)
("flex" ,flex)
("pkg-config" ,pkg-config)))
(arguments
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015 Raimon Grau <raimonster@gmail.com>
;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
(define-public expat
(package
(name "expat")
- (version "2.2.1")
- (replacement expat-2.2.4)
+ (version "2.2.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/expat/expat/"
version "/expat-" version ".tar.bz2"))
(sha256
(base32
- "11c8jy1wvllvlk7xdc5cm8hdhg0hvs8j0aqy6s702an8wkdcls0q"))))
+ "1xpd78sp7m34jqrw5x13bz7kgz0n6aj15wn4zj4gfx3ypbpk5p6r"))))
(build-system gnu-build-system)
- (home-page "http://www.libexpat.org/")
+ (home-page "https://libexpat.github.io/")
(synopsis "Stream-oriented XML parser library written in C")
(description
"Expat is an XML parser library written in C. It is a
things the parser might find in the XML document (like start tags).")
(license license:expat)))
-(define expat-2.2.4 ; Fix CVE-{2016-9063,2017-9233,2017-11742} & other issues.
- (package
- (inherit expat)
- (version "2.2.4")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://sourceforge/expat/expat/"
- version "/expat-" version ".tar.bz2"))
- (sha256
- (base32
- "17h1fb9zvqvf0sr78j211bngc6jpql5wzar8fg9b52jzjvdqbb83"))))))
-
(define-public libebml
(package
(name "libebml")
(define-public libxml2
(package
(name "libxml2")
- (version "2.9.4")
- (replacement libxml2/fixed)
+ (version "2.9.7")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxml2/libxml2-"
version ".tar.gz"))
- (patches (search-patches "libxml2-CVE-2016-4658.patch"
- "libxml2-CVE-2016-5131.patch"))
(sha256
(base32
- "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz"))))
+ "034hylzspvkm0p4bczqbf8q05a7r2disr8dz725x4bin61ymwg7n"))))
(build-system gnu-build-system)
(home-page "http://www.xmlsoft.org/")
(synopsis "C parser for XML")
project (but it is usable outside of the Gnome platform).")
(license license:x11)))
-(define libxml2/fixed
- (package
- (inherit libxml2)
- (source
- (origin
- (inherit (package-source libxml2))
- (patches
- (append (origin-patches (package-source libxml2))
- (search-patches "libxml2-CVE-2017-0663.patch"
- "libxml2-CVE-2017-7375.patch"
- "libxml2-CVE-2017-7376.patch"
- "libxml2-CVE-2017-9047+CVE-2017-9048.patch"
- "libxml2-CVE-2017-9049+CVE-2017-9050.patch")))))))
-
(define-public python-libxml2
(package (inherit libxml2)
(name "python-libxml2")
(define-public libxslt
(package
(name "libxslt")
- (replacement libxslt/fixed)
- (version "1.1.29")
+ (version "1.1.32")
(source (origin
(method url-fetch)
(uri (string-append "ftp://xmlsoft.org/libxslt/libxslt-"
version ".tar.gz"))
- ;; XXX Oops, the patches field is redefined below, which means the
- ;; patch for CVE-2016-4738 was not used. Fixed in the definition of
- ;; libxslt/fixed below.
- ;(patches (search-patches "libxslt-CVE-2016-4738.patch"))
(sha256
(base32
- "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm"))
+ "0q2l6m56iv3ysxgm2walhg4c9wp7q183jb328687i9zlp85csvjj"))
(patches (search-patches "libxslt-generated-ids.patch"))))
(build-system gnu-build-system)
(home-page "http://xmlsoft.org/XSLT/index.html")
(define-public libpciaccess
(package
(name "libpciaccess")
- (version "0.13.5")
+ (version "0.14")
(source
(origin
(method url-fetch)
".tar.bz2"))
(sha256
(base32
- "16dr80rdw5bzdyhahvilfjrflj7scs2yl2mmghsb84f3nglm8b3m"))))
+ "197jbcpvp4z4x6j705mq2y4fsnnypy6f85y8xalgwhgx5bhl7x9x"))))
(build-system gnu-build-system)
(arguments
'(;; Make sure libpciaccess can read compressed 'pci.ids' files as
(define-public xkeyboard-config
(package
(name "xkeyboard-config")
- (version "2.21")
+ (version "2.22")
(source
(origin
(method url-fetch)
".tar.bz2"))
(sha256
(base32
- "1iffxpchy6dfgbby23nfsqqk17h9lfddlmjnhwagqag1z94p1h9h"))))
+ "1garmbyfjp0han04l2l90zzwlfbdgdxl6r1qnic36i5wkycckbny"))))
(build-system gnu-build-system)
(inputs
`(("gettext" ,gettext-minimal)
(define-public libxfont2
(package
(inherit libxfont)
- (version "2.0.1")
- (replacement libxfont2-2.0.3)
+ (version "2.0.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://xorg/individual/lib/libXfont2-"
version ".tar.bz2"))
(sha256
(base32
- "0znvwk36nhmyqpmhbm9mzisgixp1mp5qkfald8x1n5yxbm3vpyz9"))))))
-
-;; Fixes the following security vulnerabilities:
-;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13720
-;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13722
-;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
-(define-public libxfont2-2.0.3
- (package
- (inherit libxfont2)
- (version "2.0.3")
- (source
- (origin
- (inherit (package-source libxfont2))
- (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
- version ".tar.bz2"))
- (sha256
- (base32
- "0klwmimmhm3axpj8pwn5l41lbggh47r5aazhw63zxkbwfgyvg2hf"))))))
+ "0klwmimmhm3axpj8pwn5l41lbggh47r5aazhw63zxkbwfgyvg2hf"))))))
(define-public libxi
(package
(define-public libxcursor
(package
(name "libxcursor")
- (version "1.1.14")
- (replacement libxcursor-1.1.15)
+ (version "1.1.15")
(source
(origin
(method url-fetch)
".tar.bz2"))
(sha256
(base32
- "1prkdicl5y5yx32h1azh6gjfbijvjp415javv8dsakd13jrarilv"))))
+ "0syzlfvh29037p0vnlc8f3jxz8nl55k65blswsakklkwsc6nfki9"))))
(build-system gnu-build-system)
(propagated-inputs
`(("libx11" ,libx11)
(description "Xorg Cursor management library.")
(license license:x11)))
-;; For CVE-2017-16612.
-(define-public libxcursor-1.1.15
- (package
- (inherit libxcursor)
- (version "1.1.15")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://xorg/individual/lib/libXcursor-"
- version ".tar.bz2"))
- (sha256
- (base32
- "0syzlfvh29037p0vnlc8f3jxz8nl55k65blswsakklkwsc6nfki9"))))))
-
(define-public libxt
(package
(name "libxt")
;; wireless-tools is deprecated in favor of iw, but it's still what
;; many people are familiar with, so keep it around.
- iw wireless-tools rfkill
+ iw wireless-tools
iproute
net-tools ; XXX: remove when Inetutils suffices
(".zlogin" ,zlogin)
(".Xdefaults" ,xdefaults)
(".guile" ,(plain-file "dot-guile"
- (string-append
- "(use-modules (ice-9 readline))\n\n"
- ";; Enable completion at the REPL.\n"
- "(activate-readline)\n")))
+ "(cond ((false-if-exception (resolve-interface '(ice-9 readline)))
+ =>
+ (lambda (module)
+ ;; Enable completion and input history at the REPL.
+ ((module-ref module 'activate-readline))))
+ (else
+ (display \"Consider installing the 'guile-readline' package for
+convenient interactive line editing and input history.\\n\\n\")))\n"))
(".guile-wm" ,guile-wm)
(".gdbinit" ,gdbinit))))
(build (if target gnu-cross-build gnu-build))
(arguments (strip-keyword-arguments private-keywords arguments))))
+(define %license-file-regexp
+ ;; Regexp matching license files.
+ "^(COPYING.*|LICEN[CS]E.*|[Ll]icen[cs]e.*|Copy[Rr]ight(\\.(txt|md))?)$")
+
(define* (gnu-build store name input-drvs
#:key (guile #f)
(outputs '("out"))
(strip-directories ''("lib" "lib64" "libexec"
"bin" "sbin"))
(validate-runpath? #t)
+ (license-file-regexp %license-file-regexp)
(phases '%standard-phases)
(locale "en_US.utf8")
(system (%current-system))
#:patch-shebangs? ,patch-shebangs?
#:strip-binaries? ,strip-binaries?
#:validate-runpath? ,validate-runpath?
+ #:license-file-regexp ,license-file-regexp
#:strip-flags ,strip-flags
#:strip-directories ,strip-directories)))
#:libc (libc target)))
("cross-binutils" ,(binutils target))))
((target)
- `(("cross-libc" ,(libc target))))))))
+ (let ((libc (libc target)))
+ `(("cross-libc" ,libc)
+
+ ;; MinGW's libc doesn't have a "static" output.
+ ,@(if (member "static" (package-outputs libc))
+ `(("cross-libc:static" ,libc "static"))
+ '()))))))))
(define* (gnu-cross-build store name
#:key
(strip-directories ''("lib" "lib64" "libexec"
"bin" "sbin"))
(validate-runpath? #t)
+ (license-file-regexp %license-file-regexp)
(phases '%standard-phases)
(locale "en_US.utf8")
(system (%current-system))
#:patch-shebangs? ,patch-shebangs?
#:strip-binaries? ,strip-binaries?
#:validate-runpath? ,validate-runpath?
+ #:license-file-regexp ,license-file-regexp
#:strip-flags ,strip-flags
#:strip-directories ,strip-directories))))
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
;;; Copyright © 2014, 2015 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
build-type))
'())
,(string-append "-DCMAKE_INSTALL_PREFIX=" out)
+ ;; ensure that the libraries are installed into /lib
+ "-DCMAKE_INSTALL_LIBDIR=lib"
;; add input libraries to rpath
"-DCMAKE_INSTALL_RPATH_USE_LINK_PATH=TRUE"
;; add (other) libraries of the project itself to rpath
#:use-module (srfi srfi-26)
#:use-module (rnrs io ports)
#:export (%standard-phases
+ %license-file-regexp
gnu-build))
;; Commentary:
outputs)
#t)
+(define %license-file-regexp
+ ;; Regexp matching license files.
+ "^(COPYING.*|LICEN[CS]E.*|[Ll]icen[cs]e.*|Copy[Rr]ight(\\.(txt|md))?)$")
+
+(define* (install-license-files #:key outputs
+ (license-file-regexp %license-file-regexp)
+ #:allow-other-keys)
+ "Install license files matching LICENSE-FILE-REGEXP to 'share/doc'."
+ (let* ((regexp (make-regexp license-file-regexp))
+ (out (or (assoc-ref outputs "out")
+ (match outputs
+ (((_ . output) _ ...)
+ output))))
+ (package (strip-store-file-name out))
+ (directory (string-append out "/share/doc/" package))
+ (files (scandir "." (lambda (file)
+ (regexp-exec regexp file)))))
+ (format #t "installing ~a license files~%" (length files))
+ (for-each (lambda (file)
+ (if (file-is-directory? file)
+ (copy-recursively file directory)
+ (install-file file directory)))
+ files)
+ #t))
+
(define %standard-phases
;; Standard build phases, as a list of symbol/procedure pairs.
(let-syntax ((phases (syntax-rules ()
validate-documentation-location
delete-info-dir-file
patch-dot-desktop-files
+ install-license-files
reset-gzip-timestamps
compress-documentation)))
#:use-module (ice-9 regex)
#:use-module (ice-9 rdelim)
#:use-module (ice-9 format)
+ #:use-module (ice-9 threads)
#:use-module (rnrs bytevectors)
#:use-module (rnrs io ports)
#:re-export (alist-cons
;; for that built-in is widespread.
#:local-build? #t)))
-(define* (in-band-download file-name url
- #:key system hash-algo hash
- mirrors content-addressed-mirrors
- guile)
- "Download FILE-NAME from URL using a normal, \"in-band\" fixed-output
-derivation.
-
-This is now deprecated since it has the drawback of causing bootstrapping
-issues: we may need to build GnuTLS just to be able to download the source of
-GnuTLS itself and its dependencies. See <http://bugs.gnu.org/22774>."
- (define need-gnutls?
- ;; True if any of the URLs need TLS support.
- (let ((https? (cut string-prefix? "https://" <>)))
- (match url
- ((? string?)
- (https? url))
- ((url ...)
- (any https? url)))))
-
- (define builder
- (with-imported-modules '((guix build download)
- (guix build utils)
- (guix ftp-client)
- (guix base32)
- (guix base64))
- #~(begin
- #+(if need-gnutls?
-
- ;; Add GnuTLS to the inputs and to the load path.
- #~(eval-when (load expand eval)
- (set! %load-path
- (cons (string-append #+(gnutls-package)
- "/share/guile/site/"
- (effective-version))
- %load-path)))
- #~#t)
-
- (use-modules (guix build download)
- (guix base32))
-
- (let ((value-from-environment (lambda (variable)
- (call-with-input-string
- (getenv variable)
- read))))
- (url-fetch (value-from-environment "guix download url")
- #$output
- #:mirrors (call-with-input-file #$mirrors read)
-
- ;; Content-addressed mirrors.
- #:hashes
- (value-from-environment "guix download hashes")
- #:content-addressed-mirrors
- (primitive-load #$content-addressed-mirrors)
-
- ;; No need to validate certificates since we know the
- ;; hash of the expected result.
- #:verify-certificate? #f)))))
-
- (mlet %store-monad ((guile (package->derivation guile system)))
- (gexp->derivation file-name builder
- #:guile-for-build guile
- #:system system
- #:hash-algo hash-algo
- #:hash hash
-
- ;; Use environment variables and a fixed script
- ;; name so there's only one script in store for
- ;; all the downloads.
- #:script-name "download"
- #:env-vars
- `(("guix download url" . ,(object->string url))
- ("guix download hashes"
- . ,(object->string `((,hash-algo . ,hash)))))
-
- ;; Honor the user's proxy settings.
- #:leaked-env-vars '("http_proxy" "https_proxy")
-
- ;; In general, offloading downloads is not a good
- ;; idea. Daemons before 0.8.3 would also
- ;; interpret this as "do not substitute" (see
- ;; <https://bugs.gnu.org/18747>.)
- #:local-build? #t)))
-
(define* (url-fetch url hash-algo hash
#:optional name
#:key (system (%current-system))
(and uri (memq (uri-scheme uri) '(#f file))))
(interned-file (if uri (uri-path uri) url)
(or name file-name))
- (mlet* %store-monad ((builtins (built-in-builders*))
- (download -> (if (member "download" builtins)
- built-in-download
- in-band-download)))
- (download (or name file-name) url
- #:guile guile
- #:system system
- #:hash-algo hash-algo
- #:hash hash
- #:mirrors %mirror-file
- #:content-addressed-mirrors
- %content-addressed-mirror-file)))))
+ (mlet %store-monad ((builtins (built-in-builders*)))
+ ;; The "download" built-in builder was added in guix-daemon in
+ ;; Nov. 2016 and made it in the 0.12.0 release of Dec. 2016. We now
+ ;; require it.
+ (unless (member "download" builtins)
+ (error "'guix-daemon' is too old, please upgrade" builtins))
+
+ (built-in-download (or name file-name) url
+ #:guile guile
+ #:system system
+ #:hash-algo hash-algo
+ #:hash hash
+ #:mirrors %mirror-file
+ #:content-addressed-mirrors
+ %content-addressed-mirror-file)))))
(define* (url-fetch/tarbomb url hash-algo hash
#:optional name
(setenv "LOCPATH"
(string-append #+locales "/lib/locale/"
#+(and locales
- (package-version locales))))
+ (version-major+minor
+ (package-version locales)))))
(setlocale LC_ALL "en_US.utf8"))
(setenv "PATH" (string-append #+xz "/bin" ":"
;; install a UTF-8 locale.
(setenv "LOCPATH"
(string-append #+glibc-utf8-locales "/lib/locale/"
- #+(package-version glibc-utf8-locales)))
+ #+(version-major+minor
+ (package-version glibc-utf8-locales))))
(setlocale LC_ALL "en_US.utf8")
(match (append-map ca-files '#$(manifest-inputs manifest))
#~(begin
(setenv "LOCPATH"
#$(file-append glibc-utf8-locales "/lib/locale/"
- (package-version glibc-utf8-locales)))
+ (version-major+minor
+ (package-version glibc-utf8-locales))))
(setlocale LC_ALL "en_US.utf8")))
(define builder
(text-file "foo" "bar")))))
(p (dummy-package "p" (source o)))
(implicit (map (match-lambda
- ((label package) package))
+ ((label package) package)
+ ((label package output) package))
(standard-packages))))
(run-with-store %store
(export-graph (list p) 'port
#:node-type %bag-emerged-node-type
#:backend backend))
;; We should see exactly P and IMPLICIT, with one edge from P to each
- ;; element of IMPLICIT. O must not appear among NODES.
+ ;; element of IMPLICIT. O must not appear among NODES. Note: IMPLICIT
+ ;; contains "glibc" twice, once for "out" and a second time for
+ ;; "static", hence the 'delete-duplicates' call below.
(let-values (((nodes edges) (nodes+edges)))
(and (equal? (match nodes
(((labels names) ...)
names))
- (map package-full-name (cons p implicit)))
+ (map package-full-name
+ (cons p (delete-duplicates implicit))))
(equal? (match edges
(((sources destinations) ...)
(zip (map store-path-package-name sources)
HCoop / jackhill / guix / guix.git / commitdiff